The indictment makes a compelling case that the hack of the Democratic Party was a highly structured, officially sanctioned Russian intelligence operation.
With his latest indictments on Friday, Special Counsel Robert Mueller drove a particularly sharp nail into the coffin of the conspiracy theories surrounding the cyberattack on the Democratic Party and Hillary Clinton’s presidential campaign during the 2016 election.
Spoiler alert: The Russians really did do it.
It wasn’t Seth Rich, the murdered young Democratic staffer whose name has been dragged through the mud by countless fringe theorists, and whose parents are now suing Fox News for propagating such lies.
It wasn’t an inside job by the Democrats themselves, as a group of out-of-touch former intelligence officials tried to convince themselves and the world. The Mueller investigation isn’t a “witch hunt,” as President Donald Trump and his loyalists have repeatedly claimed.
Instead, Mueller’s prosecutors charged 12 Russian intelligence officials, listed by name, rank, and job title, with engineering the hack of the Democrats during the election. In damning detail, the indictment makes the case that the hack of the Democratic Party was a highly structured, officially sanctioned covert action operation conducted by Russian intelligence, namely the GRU, Russia’s military intelligence arm. If the allegations hold up, then there can no longer be any question as to whether the cyberattack was ordered and approved by the Putin government.
The indictment also adds heft to the longstanding intelligence community consensus that the target of the covert action was Clinton and her presidential campaign, and that Moscow’s objective was to damage her campaign and help Trump win. After stealing thousands of emails and other documents, the Russian intelligence officers then set up cyber fronts – DCLeaks and Guccifer 2.0 – to disseminate the material through WikiLeaks and the American press to try to influence the presidential election. The American media eagerly lapped it up without asking many questions about where the leaks were coming from.
“The object of the conspiracy was to hack into the computers of U.S. persons and entities involved in the 2016 U.S. presidential election, steal documents from those computers, and stage releases of the stolen documents to interfere with the 2016 U.S. presidential election,” the indictment states.
Perhaps the strongest evidence of possible collusion between Trump and Russia included in the indictment relates to an odd and inflammatory statement that Trump made in the midst of the campaign. On July 27, 2016, Trump publicly implored Russia to find and release Clinton’s emails that had supposedly been deleted from her personal account while she was secretary of state. Those deleted emails had, by then, become part of the public controversy over the investigation into Clinton’s use of a private email system while she was at the State Department in the Obama administration. Trump said: “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing.”
Friday’s indictment raises new questions about whether the Russians were, indeed, listening. It says that “on or about July 27, 2016, the [Russians] attempted after hours to spearphish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton’s personal office. At or around the same time, they also targeted seventy-six email addresses at the domain for the Clinton Campaign.”
The indictment also delves into the role of WikiLeaks, identified only as “Organization 1,” which acted as an intermediary between Guccifer 2.0 and the American press. While it doesn’t answer the critical question of whether WikiLeaks knew that the hacked materials were coming from the Russians, the indictment makes clear that WikiLeaks wanted materials damaging to Clinton’s campaign.
“In order to expand their interference in the 2016 U.S. presidential election,” the indictment says, the Russians “transferred many of the documents they stole from the [Democratic National Committee] and the chairman of the Clinton campaign to Organization 1.” The Russians, “posing as Guccifer 2.0, discussed the release of the stolen documents and the timing of those releases with Organization 1 to heighten their impact on the 2016 U.S. president election.”
In June 2016, WikiLeaks sent a private message to Guccifer 2.0 asking the persona to send “any new material [stolen from the DNC] here for us to review and it will have a much higher impact than what you are doing.” In July, WikiLeaks sent another message saying, “if you have anything hillary related we want it in the next tweo [sic] days prefable [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after. … we think trump has only a 25% chance of winning against hillary … so conflict between bernie and hillary is interesting.”
WikiLeaks released more than 20,000 emails and other documents stolen from the Democratic National Committee network three days before the start of the Democratic convention.
The indictment leaves plenty of questions unanswered. For example, it says that in August 2016, a congressional candidate contacted Guccifer 2.0 asking for stolen documents. Guccifer 2.0 complied, sending documents about the candidate’s opponent. But the indictment doesn’t identify the congressional candidate who sought the information.
At the same time, it purports to provide minute-by-minute details about how the Russians engineered their hack, how they distributed the information to WikiLeaks, reporters, and others, and even how they paid for it. Indeed, one of the most interesting sections of the indictment alleges that the Russians used bitcoin to anonymously finance different aspects of their cyberattack.
The Russians “principally used bitcoin when purchasing servers, registering domains, and otherwise making payments in furtherance of hacking activity,” the indictment states. “Many of these payments were processed by companies located in the United States that provided payment processing services to hosting companies, domain registrars, and other vendors.”
But the indictment strongly suggests that even as the Russians hacked the American political system, the U.S. intelligence community was hacking the Russians in return. It includes accounts that appear to have been drawn from real-time U.S. intelligence surveillance of Russian computers watching, searching, and infecting with malware computers belonging to Democratic operatives and staffers.
For example, the indictment explains how the Russians intentionally deleted logs and computer files to hide their electronic footprints in the DNC system and states that “on occasion, the [Russians] facilitated bitcoin payments using the same computers that they used to conduct their hacking activity, including to create and send test spearphishing emails. Additionally, one of these dedicated accounts was used by the [Russians] in or around 2015 to renew the registration of a domain (linuxkrnl.net) encoded in certain X-Agent malware installed on the DNC network.”