WASHINGTON — Starting in March 2016, Russian military intelligence hackers covertly targeted over 300 people affiliated with Hillary Clinton’s campaign and two other Democratic political organizations as part of a wide-ranging conspiracy to steal documents and emails and then release the material through cutouts in order to disrupt the American presidential election, according to a major new indictment brought by special counsel Robert Mueller that was released Friday.
The long-awaited, 29-page indictment revealed startling new details about Russia’s 2016 election efforts — including the leasing of U.S. based servers paid for with bitcoin — and fills out key gaps in the story of how top officials of one of Russian President Vladimir Putin’s premier intelligence services, known as the GRU, plotted to meddle in both U.S. congressional races and the presidential race.
The charges, unveiled at a press conference by Deputy Attorney General Rod Rosenstein, comes at a diplomatically awkward time: on the eve of President Trump’s Monday summit with Putin in Helsinki. The indictment charges 12 GRU officers in the cyberattacks, including the chief of a hacking unit known as “Unit 26165” as well as “others known and unknown to the grand jury.”
But it conspicuously makes no mention of Putin, who U.S. intelligence officials in a January 2017 report concluded had “ordered” the Russian influence campaign that included the hacks on the Clinton campaign and the Democratic National Committee.
“There is no doubt that Vladimir Putin is the intellectual author of this,” said Steve Hall, a CIA former station chief in Moscow who later oversaw the agency’s Russian operations during President Barack Obama’s second term. “So remind me again who President Trump is sitting down with on Monday?”
Rosenstein said at the press conference that he had briefed Trump on the indictment before the president left for Europe earlier this week. But Hall said the detailed new criminal charges will increase the pressure on Trump to confront Putin over the issue in Helsinki. “What any good American president would do is go in there and say to Putin, ‘OK, you are harboring 12 criminals. You can give them to me now — so I can fly them back on Air Force One — or do you want me to send a plane for them tomorrow.’” (The United States has no extradition treaty with Russia.)
Trump and his allies, however, can take solace in the fact that no members of the president’s campaign are accused of knowingly participating in the Russian hacking campaign. “There is no allegation in this indictment that any American citizen committed a crime,” Rosenstein said at the press conference, although he quickly added that Mueller’s investigation “is ongoing.”
But the indictment documents show how a phony Russian online persona, Guccifer 2.0 — set up by the GRU to publicly dump stolen Democratic Party documents — communicated with a “person who was in regular contact with senior members of the presidential campaign of Donald Trump.” This is an apparent reference to longtime Trump adviser Roger Stone.
Stone is not identified by name in the indictment but has acknowledged “innocuous” communications with Guccifer 2.0 that match the exact wording of the messages in the indictment: “thank u for writing back…did u find anyt[h] interesting in the docs I posted,” Guccifer 2.0 wrote the Trump adviser on Aug. 15, 2016. Three weeks later, on Sept. 9, 2016, Guccifer referred to a stolen Democratic Party document posted online and asked Stone, “‘what do u think of the info on the turnout model for the democrats entire presidential campaign.” He responded, “pretty standard.”
Perhaps the most significant new information in the indictment reveals how WikiLeaks, the so-called transparency website founded by Julian Assange, actively solicited the emails stolen from the DNC that were published on the eve of the Democratic Party convention in July 2016, causing major disruptions that led to the resignation of the party’s chair, Rep. Debbie Wasserman Schultz. Despite Assange’s repeated denials, the emails came directly from the GRU through Guccifer 2.0, the indictment alleges, although it was unclear from the charges whether Assange was aware of Guccifer’s Russian military ties.
According to the indictment, Guccifer 2.0 was one of two online personas set up by the GRU in the spring of 2016 (the other was called DCLeaks) for the express purpose of dumping hacked Democratic Party documents. Initially, Guccifer 2.0, who claimed to be a Romanian hacker, began releasing some of the material on WordPress. But on June 22, 2016, according to the indictment, a group identified as “Organization 1” — a clear reference to WikiLeaks — sent a private message to Guccifer 2.0 asking that it “send any new material [stolen from the DNC] here for us to review and it will have a much higher impact than what you are doing.”
Then, on July 6, 2016, WikiLeaks sent a follow-up message saying, “if you have anything Hillary related we want it in the next tweo [sic] days prefable [sic] because the DNC [the Democratic convention] is approaching and she will solidify Bernie supporters behind her after.” Guccifer 2.0 responded: “ok…I see.” WikiLeaks then explained, “we think trump has only a 25 % chance of winning against Hillary…so conflict between Bernie and Hillary is interesting.”
According to the indictment, the Russian military hackers posing as Guccifer 2.0 on July 14, 2016, sent WikiLeaks an encrypted attachment with instructions on how to access an online archive of stolen DNC documents. Four days later, WikiLeaks confirmed it had received “1Gb [gigabyte] or so of the archive” and would release the material “this week.” On July 22, WikiLeaks released 20,000 DNC emails, three days before the Democratic convention, but “did not disclose Guccifer 2.0’s role in providing them,” the indictment charges.
Barry Pollack, Assange’s U.S. lawyer, told Yahoo News: “As I read the indictment, WikiLeaks published truthful information, which is something news organizations do every day. The idea that a news organization would reach out to sources to get information does not strike me as surprising. Taken at face value, what WikiLeaks did doesn’t distinguish it from any other news organization.” He added that there is nothing in the indictment that suggests WikiLeaks was aware of Guccifer 2.0’s real identity. He also said he was unaware of any attempt by Mueller or his team to interview Assange.
The indictment also reveals how Guccifer 2.0 actively worked with journalists and in one case even an unnamed congressional candidate to distribute other emails that were stolen by the GRU hackers from the Democratic Congressional Campaign Committee.
In one case, the indictment charges, in mid-August, 2016, Guccifer 2.0 received a request for stolen documents “from a candidate for the U.S. Congress” and then responded by sending the unnamed candidate opposition research material on the candidate’s opponent from DCCC files. A week later, Guccifer 2.0 sent 2.5 gigabytes of data stolen from the DCCC to a state lobbyist in Florida who ran a website for political news. The stolen data included donor records and personal identifying information for more than 2,000 Democratic donors.
Most of the charges are related to the GRU’s role in hacking and stealing documents from the DNC, the DCCC and the Clinton campaign. But the indictment also charges that in July 2016, one GRU official, identified as Anatoliy Sergeyevich Kovalev — an officer assigned to another cyberhacking unit known as “United 74455” — oversaw a plot to penetrate U.S. state boards of election sites and, in one instance, hacked one of those websites and stole information about 500,000 voters, including names, partial Social Security numbers and driver’s license numbers. (The indictment doesn’t name the state, but the details match the cyberattack on the Illinois Board of Elections.) As late as Oct. 28, Kovalev and other GRU officials targeted the websites of counties in Georgia, Iowa and Florida “to identify vulnerabilities.”
The indictment charges that the Russian military officers obtained the stolen emails through so-called “spearphishing” emails to hundreds of Democratic Party officials and consultants that closely resembled the addresses and messages of fellow Democrats or Google security alerts. And the indictment discloses for the first time that, in order to carry off their heists, GRU officials leased U.S. based computer servers in Arizona and Illinois and then paid for the leases as well as phony web registrations and other computer “infrastructure” through bitcoin to avoid detection by U.S. regulators — a form of money laundering, according to the indictment.
Read more from Yahoo News: