By continuing to use the site, you agree to our use of cookies and to abide by our Terms and Conditions. We in turn value your personal details in accordance with our Privacy Policy.
Please log in or register. Registered visitors get fewer ads.
Phew! Finally finished typing this out: +++++++++++++++++++++++++++++++++++++++++++ THE RUSSIA CONNECTION Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment By Autumn Brewington, Mikhaila Fogel, Susan Hennessey, Matthew Kahn, Katherine Kelley, Shannon Togawa Mercer, Matt Tait, Benjamin Wittes
Lawfare Blog Friday, July 13, 2018, 10:01 PM
The indictment Friday morning of 12 Russian military intelligence officials in connection with the 2016 election hacks and the resulting distribution of purloined emails was not a total surprise. Observers of the Mueller investigation have been expecting it for a long time, particularly since the Feb. 16 indictment of 13 Russian individuals and three companies over the social media campaign conducted by the so-called Internet Research Agency.
But if the hacking indictment was generally expected, nobody seemed to see it coming this week before today’s announcement of an 11:45 am press conference. Special Counsel Robert Mueller moved with his usual combination of patience and strict operational security, and even though Acting Attorney General Rod Rosenstein briefed President Trump on the coming action before the Leaker in Chief left town, the matter held until Rosenstein disclosed it at a Justice Department press conference.
Before turning to what the indictment alleges, and what we can learn from it, it’s worth zooming out to an important macro point about the investigation that led to this action: This was the investigation over which the president of the United States fired James Comey as FBI director.
This is the investigation Comey confirmed on March 20, 2017, when he told Congress, “I have been authorized by the Department of Justice to confirm that the FBI, as part of our counterintelligence mission, is investigating the Russian government's efforts to interfere in the 2016 presidential election.”
This was also the investigation that multiple congressional committees have spent more than a year seeking to discredit–most recently Thursday, when two House panels hauled the former deputy assistant director of the FBI’s Counterintelligence Department, Peter Strzok, a career FBI agent who worked on the Russia probe, up to Capitol Hill for 10 hours of public, televised, abusive conspiracy theorizing. When the president of the United States derides the Mueller investigation as a “witch hunt,” and when congressional Republicans scream at FBI agents, this is the investigation they are trying to harass out of existence.
It is, therefore, fitting that this indictment comes less than one day after the astonishing display House Republicans put on in the Strzok hearing. If Mueller had been trying to remind the public of what the investigation is really about and what the stakes are in it, if he had been trying to make a public statement in response to the Strzok hearing, he could not have timed this action better.
But, to be clear, Mueller was not trying to make a press statement. We know that not merely because that’s not the way Mueller operates but also because Rosenstein said specifically at his press conference that he had briefed the president on the matter before Trump left town–days before the Strzok hearing yet also mere days before Trump has a scheduled meeting with Russian President Vladimir Putin.
The timing of the indictment given the upcoming Helsinki summit is a powerful show of strength by federal law enforcement. Let’s presume that Mueller did not time this indictment to precede the summit by way of embarrassing Trump on the international stage. It is enough to note that he also did not hold off on the indictment for a few days by way of sparing Trump embarrassment–and that Rosenstein did not force him to. Indeed, Rosenstein said at his press conference that it is “important for the president to know what information was uncovered because he has to make very important decisions for the country” and therefore “he needs to know what evidence there is of foreign election interference.” But of course Rosenstein and Mueller did not just let Trump know. They also let the world know, which has the effect–intended or not–of boxing in the president as he meets with an adversary national leader.
Put less delicately: Rosenstein has informed the president, and the world, before Trump talks to Putin one-on-one that his own Justice Department is prepared to prove beyond a reasonable doubt, in public, using admissible evidence, that the president of the Russian Federation has been lying to Trump about Russian non-involvement in the 2016 election hacking.
What the Indictment Alleges
The indictment alleges a detailed and wide-ranging conspiracy to hack into the computers of the Democratic Congressional Campaign Committee (DCCC), the Democratic National Committee (DNC), Hillary Clinton’s presidential campaign and others and to reveal information in order to interfere with the 2016 U.S. presidential election. The special counsel charges 12 officials of the Russian military intelligence agency (“GRU”) with targeting more than 300 individuals affiliated with the Democratic Party or the campaign and leaking tens of thousands of stolen documents.
Starting in March 2016, the indictment alleges, a unit of Russia’s GRU military intelligence organization began sending emails to dozens of employees and volunteers in the Clinton campaign. The conspirators engaged in “spearphishing,” or sending fraudulent emails with embedded links to GRU-created websites disguised to look like trusted entities, such as Google security notifications, ostensibly asking recipients to change their password but, in reality, tricking the targeted users into revealing their login credentials.
Using these stolen credentials, the hackers logged into the targeted users’ personal and campaign email accounts. Later that month, the hackers began researching the computer networks of the DCCC and DNC to identify technical vulnerabilities and connected devices. In April 2016, the conspirators hacked into the DCCC computer network and installed malware to spy on users and steal information.
According to the indictment, the Russians designed their hacking operation to use an overseas computer to relay communications from their malware via a GRU-leased server in Arizona. By June of 2016, the hackers monitored DCCC employees’ computer activity–logging keystrokes and taking screenshots–on at least 10 different computers and transmitted this information to the Arizona server. The conspirators used their access to the DCCC network to hack into Democratic National Committee in mid-April 2016. Overall, the hackers accessed about 33 DNC computers by the end of June using stolen credentials. As they had with the DCCC, they used malware to explore the DNC network and steal documents, the indictment claims. As they explored the networks and removed data, the indictment alleges, the Russians deleted computer logs and files to obscure evidence of their activities.
Still, the intrusions did not go unnoticed. In May 2016, both the DCCC and the DNC hired cybersecurity firm CrowdStrike to discern the extent of the invasions, and the following month, the indictment alleges, the company worked to remove the intruders. Even so, according to the indictment, malware remained on the DNC network until October. The Russians also accessed DNC data through a third-party cloud service in September, the indictment says.
On June 8, 2016–one day before the Trump Tower meeting at which Russian actors met with senior Trump campaign officials promising “dirt” on Hillary Clinton–the indictment alleges that the conspirators launched the website DCLeaks.com, which they labeled as being started by “American hacktivists.” That month, according to the indictment, the group began releasing materials it had stolen from individuals tied to the Clinton campaign as well as documents stolen from other operations dating to 2015, including emails from individuals affiliated with the Republican Party. The conspirators used cryptocurrency to pay for the site, the government asserts, and emails connected to the domain name were also used in spearphishing efforts against the Clinton campaign chairman, John Podesta. The group also created Facebook and Twitter accounts to promote the DCLeaks site, according to the indictment.
In mid-June 2016, when the Democrats publicly acknowledged that they had been hacked, the indictment alleges that the conspirators created the online persona Guccifer 2.0, which they described as a “lone Romanian hacker” to undermine claims of Russian responsibility for the hacks. Interestingly, the Guccifer 2.0 Twitter account followed one of this article’s authors on Twitter that summer:
While that particular fact does not appear in the indictment, the indictment does allege that beginning in August 2016, certain other U.S. persons began interacting with the GRU through the Guccifer 2.0 persona. In mid-August, Guccifer 2.0 allegedly received and responded to a request from a candidate for U.S. Congress for documents stolen from the DCCC related to the candidate’s opponent. Guccifer 2.0 also allegedly sent documents to a reporter regarding the Black Lives Matter movement. The indictment then, in more detail, describes contact between Guccifer 2.0 and “a person who was in regular contact with senior members” of the Trump presidential campaign. These people are not named in the indictment.
To release their stolen data, the conspirators did not stop with DCLeaks and Guccifer 2.0, according to the indictment. It describes extensive interaction between the conspirators and an entity, called “Organization 1,” which the Washington Post and other news outlets have identified as Wikileaks. In late June 2016, Wikileaks allegedly solicited additional stolen information from Guccifer 2.0, saying that its release of the data “will have a much higher impact than what you are doing.” In early July, citing the upcoming Democratic convention, it allegedly messaged Guccifer 2.0 that “if you have anything hillary related we want it in the next tweo [sic] days” and that “we think trump has only a 25% chance of winning against hillary” so stoking conflict between Clinton and her rival Bernie Sanders “is interesting.”
On July 22, 2016, the government asserts, Wikileaks released more than 20,000 emails and documents stolen from the DNC network by the conspirators and “did not disclose Guccifer 2.0’s role in providing them.” The Democratic convention opened days later and was racked by protests from Sanders supports that led to the resignation of Debbie Wasserman Schultz as DNC chairman. The activities continued through the fall: Between Oct. 7 and Nov. 7, 2016, the indictment contends, Wikileaks released approximately 33 tranches of the more than 50,000 documents stolen from John Podesta.
Based on these factual allegations, the indictment includes 11 counts. The first count, citing all of the facts summarized above, charges nine defendants with conspiracy to violate the Computer Fraud and Abuse Act (18 U.S.C. §§ 1030(a)(2)(C), 1030(a)(5)(A), 1030(c)(2)(B), 1030(c)(4)(B), 371 and 3559(g)(1)). The defendants are specifically charged with:
“knowingly access[ing] a computer without authorization and exceed[ing] authorized access to a computer, and to obtain thereby information from a protected computer, where the value of the information obtained exceeded $5,000”;
“knowingly caus[ing] the transmission of a program, information, code, and command, and as a result of such conduct … intentionally caus[ing] damage without authorization to a protected computer, and … caus[ing] … loss aggregating $5,000 in value to at least one person during a one-year period from a related course of conduct affecting a protected computer, and damage affecting at least ten protected computers during a one-year period”; and
“knowingly falsely register[ing] a domain name and knowingly us[ing] that domain name in the course of committing an offense.”
The second count charges 11 defendants with aggravated identity theft in violation of 18 U.S.C. §§ 1028A(a)(1) and(2). The indictment describes the offense as “knowingly transfer[ing], possess[ing], and us[ing], without lawful authority, a means of identification of another person during and in relation to” the commission of computer fraud. The count cites eight victims whose personal, DCCC or DNC email username and passwords the defendants allegedly stole between March 21 and July 6, 2016.
The 10th count charges the defendants with conspiracy to launder more than $95,000 in cryptocurrency with the intention of promoting unlawful activity in the United States in violation of 18 U.S.C. § 1956(h). The document outlines efforts the defendants made from roughly 2015 through 2016 to acquire and mine bitcoin for the purpose of funding their hacking activities, including the purchase of computer infrastructure, domain names and key accounts.
The last count charges two of the GRU officers, Aleksandr Vladimirovich Osadchuk and Anatoliy Sergeyevich Kovalev, with conspiracy to violate the Computer Fraud and Abuse Act, in violation of 18 U.S.C. § 371. The object of the conspiracy was to hack into and steal voter information stored on computers used by people and entities administering the 2016 election. The indictment alleges that in July 2016 Kovalev, along with others not named, hacked a state board of elections website and “stole information related to approximately 500,000 voters.” In August 2016, Kovalev and his co-conspirators allegedly used some of the same infrastructure to hack into a vendor that provided voter verification software. After the FBI issued an alert in August 2016 about the hacking of the state election board, Kovalev erased his search history, and he and his co-conspirators erased records from the accounts they used in hacking election boards and related entities, according to the indictment. In October, Kovalev and others targeted state and local election offices in Georgia, Iowa and Florida, seeking to identify their websites’ vulnerabilities. And in November 2016, the conspirators sent more than 100 spearphishing emails to state and local election officials in Florida.
What the Indictment Reveals About the Hacking Operation
This indictment provides a great deal of information about the extent and internal structure of the Russian government side of the 2016 hacking operation. It also confirms private-sector reporting about the DNC hack, the clean-up operation, the phishing of Podesta, and the operation to distribute stolen emails through Wikileaks and on social media.
Additionally, the indictment shows a massive, and successful, counterintelligence operation by the U.S. government against the Russian government. U.S. authorities do not rely merely on technical forensics for the conclusion that the hack and release of emails was a Russian operation; the indictment also lays out the departments within the Russian government that were behind it, specific individuals who were involved, which officers did what and when, the slang terms used internally, and the breakdown of responsibilities within the teams–down to identifying the specific officers with hands on keyboards.
The indictment describes a number of separate events associated with the 2016 operation, but let’s start with the hack of Hillary Clinton’s campaign manager, Podesta, in March 2016 by GRU officer Aleksey Lukashev. This event had been traced back to the GRU in the fall of 2016. The indictment strongly supports those earlier attributions and adds additional detail–such as the name of the person allegedly at the keyboard.
Based on the public record and the new information in the indictment, here is what we now know happened leading up to the hack and release of John Podesta’s emails.
On March 19, 2016, Podesta received a spearphishing email, ostensibly from Google but actually from the GRU. We knew this even before Friday’s indictment, ironically, because Wikileaks published all of John Podesta’s stolen emails, including the spearphishing email itself. The indictment names GRU officer Aleksey Lukashev as the sender, but the email itself and its public attribution to the GRU are not new. From the phishing email in the Wikileaks archive, we are able to reconstruct what the spearphishing email looked like and the actions taken by Podesta that resulted in his emails dominating headlines in the final few weeks of the 2016 election campaign.
John Podesta spearphishing email (reconstruction)
Although this email was carefully crafted by Russian intelligence officers to look authentic, this email did not come from Google; there had been no genuine attempt to log in to Podesta’s email from Ukraine, and the link on “Change Password” led to a website operated by the GRU. Steps taken with this email include tricks like constructing the text “Someone has your password” using non-English variants of the letter “o” so as to evade automatic detection by Google’s spam filters.
It was also known before Friday what happened next: Podesta forwarded the email to members of his staff. They wrongly concluded that the email was genuine, and Podesta clicked on the link. We know this because this email chain is among the messages leaked by Wikileaks.
This much we already knew: the “Change Password” button on the phishing email took Podesta to a website controlled by the GRU, but first it bounced through the URL shortening service Bit.ly. Unfortunately for the GRU, here the hackers screwed up. The Bitly link reveals a lot of information about the GRU operation, and using this information we can reconstruct what Podesta saw when he clicked the link:
Reconstruction of the John Podesta phishing page
The indictment confirms that although this website was designed to look like a login page for Google, it was, in fact, operated by the Russian government. But the GRU made a mistake that allowed private-sector researchers to tie the phishing of Podesta to the GRU even before Friday’s indictment. When shortening the spearphishing link to send to Podesta using URL-shortening service Bitly, the GRU officer running the operation was logged in. This error allowed private investigators to connect the Podesta phishing email to huge numbers of other phishing emails sent by the GRU. Mueller now adds that, the specific officer who was logged in was, in fact, Lukashev, and his account name was “john356gh.”
Although this attribution was previously known, the indictment makes public some previously unknown details. For example, it’s now clear that this phishing campaign wasn’t done merely on behalf of the GRU but was done internally by GRU officers directly. We now know which officers at the GRU were at the keyboard conducting the operation: Lukashev managed the spearphishing infrastructure, and another officer, Ivan Sergeyevich Yermakov, spent time researching the specific targets at the DNC who were sent the emails. All of this gives the lie to Russia’s claim Friday, in response to the indictment, that the charges are “mud-slinging” intended to “spoil the atmosphere” ahead of the Trump-Putin summit.
The indictment also sheds new light on the hack of the DNC and the DCCC. This is the intrusion that cybersecurity firm CrowdStrike was called in to clean up. In June 2016, Guccifer 2.0 claimed that this breach happened by means of a “zero-day vulnerabilty,” but we now know this is not true. The initial intrusion into the DCCC network took place on April 12, 2016, using the credentials of a DNC employee obtained by spearphishing. Using these stolen credentials, GRU officers Kozachek and Yershov implanted “X-Agent” malware on at least 10 DCCC computers, and using this access, the hackers stole passwords, monitored computer activity, and took documents from the DCCC network to distribute later.
This X-Agent malware was also known to the private sector before Friday’s indictment. X-Agent is a malware toolkit of APT28, one of the well-known Russian state hacker groups, and had been previously strongly attributed to the GRU by dozens of cybersecurity firms. Although not specifically mentioned in the indictment, the specific malware recovered from the DCCC network communicated with the same command-and-control infrastructure used by the GRU when APT28 hacked the German Bundestag in 2015.
But the indictment tells us something that wasn’t previously known about the extent of knowledge within the U.S. government of this specific operation. The U.S. was able to determine not merely that X-Agent was a GRU operative, and that GRU officer Yermakov was the man at the keyboard, but was able to see the actions Yermakov took as he performed target research against the DCCC and as he researched commands used to operate the malware and steal emails from the DCCC’s internal server.
The indictment also gives some additional details on how the emails got from the GRU to Wikileaks. Although no serious observers previously doubted the connection–Guccifer 2.0’s very first post openly announced that Wikileaks had been given documents–the indictment shows that the mechanism for this was an email from Guccifer 2.0 to Wikileaks containing an encrypted repository via email, entitled “wk dnc link1.txt.gpg.”
Finally, the indictment contains new information about the way the GRU paid for infrastructure to support the operation to hack and release documents. According to the indictment, the GRU made payments using the pseudonymous cryptocurrency Bitcoin. It should not be especially surprising that the GRU used Bitcoin–it allows payments to be made without a direct trail leading back to the Russian government–but the GRU officers were careful. Rather than just paying for Bitcoin with currency from an exchange and then trying to obfuscate through multiple Bitcoin wallets before spending it, the GRU also mined their own, allowing it to be anonymous from the start, as well as purchasing Bitcoin using prepaid cards in order to avoid direct connections between the GRU’s hacking infrastructure and the GRU itself. Still, the U.S. government was able to trace all these transactions back to the GRU.
In sum, the indictment confirms a great deal of reporting that was already public on technically attributing the 2016 hack and release of documents to the GRU. But it also shows a significant and successful U.S. counterintelligence operation that gives insights into the breadth and scope of U.S. attribution capabilities–technical, financial and intelligence-led attribution down to which individuals within the Russian government were behind aspects of the hack, their responsibilities within the organization, their communications and even the specific terms they searched for as they worked.
Identifying the Unknown
The indictment describes a number of interactions between the alleged conspirators, in the persona of Guccifer 2.0, and several unnamed U.S. persons and other entities whose identities the document obscures. Most of these individuals have already been publicly identified. The indictment, for example, mentions a “person in regular contact with senior members” of the Trump campaign, to whom the conspirators wrote on Aug. 15, 2016. As the indictment describes the interaction, Guccifer 2.0 wrote: “thank u for writing back ... do u find anyt[h]ing interesting in the docs i posted?” The indictment continues:
On or about August 17, 2016, the Conspirators added, “please tell me if i can help u anyhow ... it would be a great pleasure to me.” On or about September 9, 2016, the Conspirators, again posing as Guccifer 2.0, referred to a stolen DCCC document posted online and asked the person, “what do u think of the info on the turnout model for the democrats entire presidential campaign.” The person responded, “[p]retty standard.”
This person has been identified as Roger Stone–by Stone himself. Stone published the very exchange described in the indictment on his website, StoneColdTruth, in March 2017.
The indictment also briefly mentions an interaction between the conspirators and a reporter to whom they sent documents regarding the Black Lives Matter movement. Lee Stranahan of Breitbart News and Sputnik has publicly disclosed his interaction with Guccifer 2.0 and said Friday on Twitter that he is the journalist mentioned in the document. The special counsel also describes an exchange in which Guccifer 2.0 directly offers stolen emails from “Hillary Clinton’s staff” to a U.S. reporter. The Smoking Gun website has claimed to be this reporter.
The indictment describes a “state lobbyist and online source of political news” as having received 2.5 gigabytes of stolen data from Guccifer 2.0, including donor records and personal identifying information of more than 2,000 Democratic donors. The Wall Street Journal reported in March 2017 that this individual is Florida GOP operative Aaron Nevins. Nevins, who posted under the pen name Mark Miewurd on the website HelloFLA!, later described his interaction with Guccifer 2.0 in an interview with the Sun Sentinel.
There is one major U.S. interlocutor mentioned who remains something of a mystery. According to the indictment, on Aug. 15, 2016, Guccifer 2.0 received a request for stolen documents from a congressional candidate and sent documents to the candidate. While it is not immediately clear who the congressional candidate may have been, the New York Times in December 2016 reported on several Democratic congressional candidates who were victims of leaks of hacked DNC and DCCC information.
No Collusion?
In response to the indictment, the White House released a statement saying,
As Deputy Attorney General Rod Rosenstein said today:
There is no allegation in this indictment that Americans knew that they were corresponding with Russians. There is no allegation in this indictment that any American citizen committed a crime. There is no allegation that the conspiracy changed the vote count or affected any election result. Today’s charges include no allegations of knowing involvement by anyone on the campaign and no allegations that the alleged hacking affected the election result. This is consistent with what we have been saying all along.
Leave aside the obvious falsity of the White House’s assertion that the indictment is “consistent” with the president’s prior statements, which have repeatedly questioned Russia’s involvement in election interference. Leave aside also the question of why the White House’s response to an indictment on this subject made no mention, at all, of the unprecedented attack by a foreign adversary on foundational elements of U.S. democracy and instead merely defended the president’s campaign as not having knowingly participated in it.
The statement is largely accurate, as is the Rosenstein statement on which it draws. This indictment does not charge or allege specific criminal misconduct by any American. And it is careful–as was the indictment in February–not to sweep broadly in its claims about people on this side of the Atlantic. That said, the indictment does not in any sense foreclose the possibility of substantial, knowing and even criminal involvement by Americans. And it actually moves the ball forward on possible collusion, which would likely take the legal form of criminal conspiracy, in important respects.
First, while the indictment does not charge any American with specific criminal conduct, it does describe conduct by Americans that, depending on further factual development, raises potentially serious questions. The most striking example of this occurs in paragraph 43(a): “On or about August 15, 2016, the Conspirators, posing as Guccifer 2.0, received a request for stolen documents from a candidate for the U.S. Congress. The Conspirators responded using the Guccifer 2.0 persona and sent the candidate stolen documents related to the candidate’s opponent.”
Soliciting stolen, hacked emails should be politically fatal to an aspiring–or possibly serving–member of Congress, particularly when the thief one petitions turns out to be an adversary foreign intelligence agency. It also raises questions about possible criminal liability for soliciting and receiving stolen information, at least to the extent that the government can prove that one knows the material is stolen. There is no indication that this American was involved with the Trump campaign. So to the extent that “collusion” is shorthand for collusion by individuals related to the Trump campaign, this incident many not meaningfully change the picture. The special counsel indictment announcement in February also named Americans unrelated to the Trump campaign as being dupes of the conspiracy, though those people were more clearly unwitting dupes.
Second, the indictment leaves open the possibility of conduct by Americans not described in this document. While the document does not allege any American who corresponded with these entities knew that they were part of the Russian conspiracy, it also does not say that they did not know or suspect these entities were part of a Russian operation. It leaves that question, about these actors and others, for another day. This document alleges that Americans–including at least one individual who was closely connected to the Trump campaign–had contact with the charged conspirators. Whether they did so with sufficient knowledge or criminal intent, and whether they took the necessary affirmative steps to create legal liability, is simply not addressed in this indictment. It clears no one, and it actually places publicly reported conduct in a more sinister light by clarifying that the individuals in question were, in fact, in contact with Russian conspirators, knowingly or otherwise.
Finally, the factual allegations in this document significantly improve the possibility of criminal conspiracy charges involving Americans. Until this action, there was little indication in the public record that the hacking operation persisted beyond the date the documents were released. While there were questions about whether the Trump campaign participated in some way in coordinating the release of these documents, the presumption based on public evidence was that the hacking scheme–that is, the violation of the Computer Fraud and Abuse Act, which constituted the most obvious criminal offense–was complete. This left a bit of a puzzle for “collusion” purposes. If the crime was completed at the time the hacking and theft were done, what crime could constitute conspiracy? One year ago to the day, Helen Murillo and Susan Hennessey analyzed the possibility of conspiracy to violate the CFAA. At the time, they noted a stumbling block to the analysis even if individuals in the Trump campaign encouraged the release of documents or coordinated timing:
While the precedent isn’t entirely clear on the matter, it is possible prosecutors here would need to prove not just that a member of the Trump team was aware of the CFAA scheme when he or she took steps to support the tortious act or violation of another state or federal law, but also that the Russians had the intention of publishing the emails at the time they obtained the information in the first instance. It isn’t at all clear from the public record that the Russians initially obtained the emails for the purpose of publishing them. Indeed, there is some suspicion the original intrusion was just in furtherance or ordinary espionage and the plan to release the emails came later.
The Internet Research Agency indictment, in February, offered a potential legal solution to that puzzle.
This indictment, by contrast, offers a potential factual breakthrough. It tells us that the prior factual premise was wrong: the alleged conduct violating the CFAA continued to occur throughout the summer of 2016. That affects the earlier analysis in two ways. First, it makes clear that the Russians did intend to release the information at the time the hacking occured. Second, and perhaps more important, the indictment alleges that the criminal hacking conspiracy was ongoing at the time individuals in the Trump campaign were in contact with charged and uncharged Russian conspirators, raising the possibility of more straightforward aiding and abetting liability.
In other words, stay tuned. This indictment represents a tightening of the ring in the story of criminal prosecution for the 2016 election hacking. The government has now alleged that the social media manipulations by Russian actors constituted a criminal conspiracy. It has alleged as well that the hacking of Democratic Party and Clinton campaign emails were crimes conducted by officers of the Russian state. The question remains: Who, if anyone, helped?
Topics: Cybersecurity and Deterrence, Federal Law Enforcement, The Russia Connection, Cybersecurity: Crime and Espionage Tags: Robert Mueller
Autumn Brewington is an editor at Lawfare and a freelance writer in Washington. She was an editor at The Washington Post from 2001 to 2014 and ran The Wall Street Journal’s Think Tank blog from 2014 through 2016. A graduate of the Missouri School of Journalism, she also edits for the Texas National Security Review.
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 04:56 - Jul 20 by peenemunde
Treason 🤣 You obviously don’t understand what the word means. Bush, Clinton (both of them) Obama, heath, brown, blair, may that’s what = treason. If anyone thinks that President Trump will face changes of treason they must be barking. It would probably start the 2nd America revolution.
enough of the whataboutery. We are talking about the current President.
Is this second revolution similar to the race war people on the alt right and far right keep talking about?
1
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 10:22 - Jul 20 with 2636 views
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 23:37 - Jul 19 by Ace_Jack
Those missing emails were found by the way.
And the way you've regurgitated talking points like Strozk emails is cute. He's been removed from the Mueler investigation and he slapped GOP congressmen around for fun in a 12 hour hearing last week. It was embarrassing watching morons like Trey Gowdy try and land a punch but couldn't.
Mueller has several guilty pleas and cooperating witnesses. No Fox News bluster is going to talk Trump out of treason.
Your idea of "slapping Gop congressmen around" and mine are 2 different things. If you have read the emails, as I have and you still think that what he, Page and the rest were doing was not illegal, then you have a very strange view on life. But then those with TDS have. I notice that you did not answer the question on Mueller's case histories, just reiterated that he is doing so well now. If you believe that you are in for a grewat deal of disappointment.
-1
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 12:31 - Jul 20 with 2591 views
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 12:22 - Jul 20 by A_Fans_Dad
Your idea of "slapping Gop congressmen around" and mine are 2 different things. If you have read the emails, as I have and you still think that what he, Page and the rest were doing was not illegal, then you have a very strange view on life. But then those with TDS have. I notice that you did not answer the question on Mueller's case histories, just reiterated that he is doing so well now. If you believe that you are in for a grewat deal of disappointment.
Emails? Related to Hillary? Or Texts related to Strzok and Page?
When you are spinning your wild-eyed conspiracy theories it would be helpful if you could try to clearly distinguish between the various strands. In your own mind too, perhaps.
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 12:31 - Jul 20 by Shaky
Emails? Related to Hillary? Or Texts related to Strzok and Page?
When you are spinning your wild-eyed conspiracy theories it would be helpful if you could try to clearly distinguish between the various strands. In your own mind too, perhaps.
Thanks.
Yes it was "texts" not emails between those 2. Wild eyed conspiracy theories?
But what those texts show was exactly what you called it "a Conspiracy", but you obviously consider what they were doing as OK.
Many do not.
Emails related to Hilary are the ones that are currently "lost", at least to the public, but not to the NYPD.
-1
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 16:26 - Jul 20 with 2527 views
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 16:26 - Jul 20 by Ace_Jack
If there was criminal intent in the texts then they should be charged. Have charges been brought for any crimes?
Not Yet, the IG and Congress cannot bring criminal charges, I thought you would know that. As far as I know Congress can only bring "Contempt of Congress" charges.
-1
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 17:52 - Jul 20 with 2507 views
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 16:08 - Jul 20 by A_Fans_Dad
Yes it was "texts" not emails between those 2. Wild eyed conspiracy theories?
But what those texts show was exactly what you called it "a Conspiracy", but you obviously consider what they were doing as OK.
Many do not.
Emails related to Hilary are the ones that are currently "lost", at least to the public, but not to the NYPD.
The inspector General report found no evidence of any wrongdoing or impropriety in Strzok's investigation. None.
After reviewing over 50,000 of his texts they determined that a few taken out of context could give the appearance of impropriety. With the emphasis on appearance.
Speaking of the NYPD and the NY FBI Field Office, here is something you might with advantage read: ++++++++++++++++++++++++++++++++++++++++++++++++++ The Real F.B.I. Election Culprit The Real F.B.I. Election Culprit Hint: It’s not Peter Strzok. By Garrett M. Graff
NYT, July 13, 2018
In his testimony before two Housecommittees on Thursday, the F.B.I. agent Peter Strzok testified that he could have altered the 2016 election – but didn’t. The information about Russian election interference, he said, “had the potential to derail, and quite possibly, defeat Mr. Trump. But the thought of exposing that information never crossed my mind.”
In hours of always hostile and sometimes even rude questioning, the Republican members of the committees never proved otherwise. The hearing was the latest effort by House Republicans to find any hint that there’s a “deep state” conspiracy against President Trump.
Once again, they came up with nothing. Despite the various investigations into the 2016 election and for all the scrutiny on the F.B.I. and agents like Mr. Strzok, one stone remains largely unturned –even in the most comprehensive look at the F.B.I., the 500-page report last month from Michael Horowitz, the Justice Department inspector general.
As Mr. Horowitz told Capitol Hill last month, his investigation didn’t try to dive into who at the F.B.I. New York field office was driving the leaks that ultimately pushed some of the regrettable decisions that Mr. Horowitz excoriated in that very report.
But looking at available public evidence, the New York bureau’s actions actually did influence the campaign and helped hand the presidency to Donald Trump.
In the Horowitz report, Loretta Lynch, the former attorney general, recalled a conversation with James Comey in which he said, “it’s clear to me that there is a cadre of senior people in New York who have a deep and visceral hatred of Secretary Clinton.” F.B.I. agents in that office had a demonstrated propensity for leaks and arguably forced the bureau’s leadership’s hand in the final weeks of the election.
At that time, Rudy Giuliani gave voice on television to what he called the anti-Clinton “revolution going on inside the F.B.I.” Mr. Giuliani, whose former law firm Bracewell & Giuliani represented the F.B.I. Agents Association, seemed to boast in the final days of the campaign that he knew that a twist – like the revelations of emails on Anthony Weiner’s laptop – was coming about Mrs. Clinton’s campaign, referring on Fox to “a surprise or two that you’re going to hear about in the next few days.”
In his testimony on Thursday, Mr. Strzok said that “it caused me great concern” that Mr. Giuliani “had information about that – that he should not have had.”
Similarly, Mr. Giuliani’s longtime friend James Kallstrom, a former head of the New York F.B.I. office, was channeling on TV what he said was the F.B.I.’s anti-Clinton preference. Mr. Kallstrom, who founded a nonprofit that received more than $1.3 million in donations from Mr. Trump, told Megyn Kelly, “The agents are furious.” In one radio interview, Mr. Kallstrom even called the Clintons a “crime family” akin to the New York Mafia: “It’s like organized crime,” he said, and “the Clinton Foundation is a cesspool.”
In those final days, F.B.I. leaders appeared to be caught in a whirlwind of anti-Clinton rumors and speculation. In his report, Mr. Horowitz acknowledges the role that the threat of leaks played in the F.B.I. leadership’s decision to make the news about Mr. Weiner’s laptop public. Numerous agents and officials confirmed it: Mr. Strzok and Lisa Page, an F.B.I. lawyer at the time; James Rybicki, then the F.B.I. chief of staff; James Baker, then the F.B.I. general counsel; and Sally Yates, then deputy attorney general.
“The discussion was somebody in New York will leak this,” Mr. Baker said. “If we don’t put something out, somebody will leak it.”
“Numerous witnesses connected this concern about leaks specifically” to the New York office and “told us that F.B.I. leadership suspected that F.B.I. personnel” in that office were “responsible for leaks of information in other matters,” the inspector general’s report said. “Even accepting Comey’s assertion that leaks played no role in his decision, we found that, at a minimum, a fear of leaks influenced the thinking of those who were advising him.”
Ms. Yates told investigators that the F.B.I. explicitly cited the threat of leaks in explaining its decision to go public to the Justice Department. As she recalled, one reason the F.B.I. officials gave for why they felt Mr. Comey had to go to Congress “is that they felt confident that the New York field office would leak it and that it would come out regardless of whether he advised Congress or not.”
The F.B.I. agent corps today overwhelmingly fits the demographic profile of a Trump voter. During the 2016 campaign, in The Guardian,one agent said,“The F.B.I. is Trumpland.” In his testimony, Mr. Strzok all but laughed out loud when committee members pressed him Thursday on whether the whole F.B.I. was made up of Democrats.
The New York field office, one of only three headed not by a special-agent-in-charge but by a full assistant director, has always been a particular challenge for bureau leaders – it’s fiercely independent, combative and notoriously leaky. The office, which works closely with the local United States attorney for the Southern District of New York, a job held by both Mr. Comey and Mr. Giuliani, is sometimes referred to inside the Justice Department as the “Sovereign District of New York” for charting its own course.
The office has long been a source of meddlesome leaks, in part because of the intermixing of F.B.I. agents and New York Police Department officers who have close relationships with the city’s press corps. The lowest point in these relations came in 2009, when the investigation of the would-be subway bomber Najibullah Zazi – a critical emergency investigation that had remained secret when it was focused in Denver, Zazi’s hometown – leaked quickly once the would-be attacker and case arrived in New York, both to the media and to the suspect’s family itself.
Another key part of the fear of leaks in 2016 grew out of the cultural differences between the counterintelligence side of the F.B.I. – which handled the original Clinton email investigation and proved all-but-leak-free – and the more leaky criminal side, which was responsible for the Weiner laptop investigation and stumbled across the stray Clinton emails. “I knew that there were leaks coming – or appeared to be leaks about criminal investigation of the Clintons coming out of New York,” Mr. Comey told ABC’s George Stephanopoulos this spring.
We need to understand the truth of the 2016 election – not just for the record, but to take steps to prevent any interference in future elections. Mr. Strzok survived the worst the House Republicans could throw at him, including a threat to charge him with contempt for refusing to answer questions on the advice of the F.B.I.’s counsel about an ongoing investigation – ahallmark of the rule of law in ordinary times. Until congressional overseers make a serious attempt to get to the bottom of the New York field office’s role in the election, we’ll know they’re not serious about learning the truth.
Garrett M. Graff (@vermontgmg) is a journalist and historian.
Without the Russians, Trump wouldn’t have won by Max Boot Columnist
Washington Post, July 24 at 6:36 PM Email the author
President Trump is willing, under duress, to briefly and begrudgingly admit that Russian “meddling” took place in 2016 before reverting to calling it a “big hoax.” But he always maintains that the plot against America had no impact; he describes it as a “Democrat excuse for losing the ’16 Election.”
Faithfully echoing the president, other Republicans, such as House Speaker Paul D. Ryan (R-Wis.), say it’s “clear” that the Russian interference “didn’t have a material effect on our elections.” White House press secretary Sarah Huckabee Sanders even claims that the U.S. intelligence community reached that conclusion.
Not quite. Here is the intelligence community’s assessment, partially declassified in January 2017: “We did not make an assessment of the impact that Russian activities had on the outcome of the 2016 election. The US Intelligence Community is charged with monitoring and assessing the intentions, capabilities, and actions of foreign actors; it does not analyze US political processes or US public opinion.” When then-CIA Director Mike Pompeo claimed last fall that “the intelligence community's assessment is that the Russian meddling that took place did not affect the outcome of the election,” his own agency rebuked him.
While the intelligence agencies are silent on the impact of Russia’s attack, outside experts who have examined the Kremlin campaign – which included stealing and sharing Democratic Party emails, spreading propaganda online and hacking state voter rolls – have concluded that it did affect an extremely close election decided by fewer than 80,000 votes in three states. Clint Watts, a former FBI agent, writes in his recent book, “Messing with the Enemy,” that “Russia absolutely influenced the U.S. presidential election,” especially in Michigan and Wisconsin, where Trump’s winning margin was less than 1 percent in each state.
We still don’t know the full extent of the Russian interference, but we know its propaganda reached 126 million people via Facebook alone. A BuzzFeed analysis found that fake news stories on Facebook generated more social engagement in the last three months of the campaign than did legitimate articles: The “20 top-performing false election stories from hoax sites and hyperpartisan blogs generated 8,711,000 shares, reactions, and comments on Facebook.” Almost all of this “fake news” was either started or spread by Russian bots, including claims that the pope had endorsed Trump and that Hillary Clinton had sold weapons to the Islamic State.
Elsewhere on social media, tens of thousands of Russian bots spread pro-Trump messages on Twitter, which has already notified about 1.4 million users that they interacted with Russian accounts. The Russian disinformation, propagating hashtags such as #Hillary4Prison and #MAGA, reflected what the Trump campaign was saying. The Russian bots even claimed after every presidential debate that Trump had won, whereas objective viewers gave each one to Clinton.
Russia also hacked voting systems in at least 39 states, and while there is no evidence that vote tallies were changed, Russians may have used the stolen data to target their social media or shared the results with the Trump campaign. The Senate Intelligence Committee found that “in a small number of states” the Russians may have been able to “alter or delete voter registration data,” potentially disenfranchising Clinton voters.
And then there was the crucial impact of the Russian hacks of Democratic documents disseminated primarily by WikiLeaks. The first tranche of stolen documents – more than 19,000 emails and 8,000 attachments – was strategically released on July 22, 2016, three days before the Democratic convention. The resulting news coverage disrupted the Clinton campaign’s plans by creating the impression that the Democratic National Committee was biased against Bernie Sanders and forcing DNC Chairwoman Debbie Wasserman Schultz to resign.
The second tranche of stolen documents was released on Oct. 7, just 29 minutes after The Post reported on the “Access Hollywood” videotape in which Trump is heard boasting about grabbing women by the genitals. These emails, stolen from Clinton campaign chairman John Podesta, distracted voter attention by revealing the transcripts of lucrative speeches Clinton had given to Goldman Sachs, a populist boogeyman.
A third release of stolen emails, on Oct. 11, revealed that Democratic operative Donna Brazile, while working at CNN, had provided debate questions to Clinton during the primaries and that senior Democratic operatives, who were themselves Catholics, had exchanged emails disparaging Republicans who cherry-picked their faith for political gain. This fueled Trump’s narrative that the election was “rigged” and that the “Clinton team” was, as he said, “viciously attacking Catholics and Evangelicals.” The latter charge, unfair as it was, proved especially important in Michigan, Wisconsin and Pennsylvania – swing states with lots of Catholic voters.
Little wonder that Trump said “I love WikiLeaks” and mentioned its revelations 164 times in the last month of the campaign. “This WikiLeaks stuff is unbelievable,” Trump said on Oct. 12. Eight days later, he marveled, “Boy, that WikiLeaks has done a job on her, hasn’t it?”
Now, by contrast, Trump and his apologists pretend that the Russian intervention – including the WikiLeaks revelations – was no big deal. That beggars belief. Even if the Russians had failed, they still attacked our democracy. Yet they didn’t fail: Trump won. Russian disinformation wasn’t the only factor in the outcome and was probably less important in the end than FBI Director James B. Comey’s announcement 11 days before the election that he was reopening the Clinton email investigation. But Watts concludes: “Without the Russian influence effort, I believe Trump would not have even been within striking distance of Clinton on Election Day.” That is the inconvenient truth the Putin Republicans won’t admit.
Republicans have launched a bid to remove the Department of Justice official overseeing the Russia inquiry dogging Donald Trump's presidency.
House of Representatives conservatives have filed articles of impeachment in an effort to oust Deputy Attorney General Rod Rosenstein.
The measures were introduced on Wednesday evening by Representatives Mark Meadows and Jim Jordan.
They accuse him of stonewalling their inquiries, which his department denies.
Impeachment would have to be approved by a majority in the House and backed by two-thirds of the US Senate to convict Mr Rosenstein, which makes the plan a long shot.
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 01:46 - Jul 26 by DJack
Republicans have launched a bid to remove the Department of Justice official overseeing the Russia inquiry dogging Donald Trump's presidency.
House of Representatives conservatives have filed articles of impeachment in an effort to oust Deputy Attorney General Rod Rosenstein.
The measures were introduced on Wednesday evening by Representatives Mark Meadows and Jim Jordan.
They accuse him of stonewalling their inquiries, which his department denies.
Impeachment would have to be approved by a majority in the House and backed by two-thirds of the US Senate to convict Mr Rosenstein, which makes the plan a long shot.
Russian Cyberwarfare attacks gearing up for 2018 midterm elections: +++++++++++++++++++++++++++++++++++++++++++++++ Russian Hackers’ New Target: a Vulnerable Democratic Senator Sen. Claire McCaskill is a top target for Republicans looking to grow their slim Senate majority in 2018. Turns out, Russia’s “Fancy Bear” hackers are going after her staff, too. By Andrew Desiderio, Kevin Poulsen
Daily Beast, 07.26.18 5:22 PM ET
The Russian intelligence agency behind the 2016 election cyberattacks targeted Sen. Claire McCaskill as she began her 2018 re-election campaign in earnest, a Daily Beast forensic analysis reveals. That makes the Missouri Democrat the first identified target of the Kremlin’s 2018 election interference.
McCaskill, who has been highly critical of Russia over the years, is widely considered to be among the most vulnerable Senate Democrats facing re-election this year as Republicans hope to hold their slim majority in the Senate. In 2016, President Donald Trump defeated Hillary Clinton by almost 20 points in the senator’s home state of Missouri.
There’s no evidence to suggest that this attempt to lure McCaskill staffers was successful. The precise purpose of the approach was also unclear. Asked about the hack attempt by Russia’s GRU intelligence agency, McCaskill told The Daily Beast on Thursday that she wasn’t yet prepared to discuss it.
“I’m not going to speak of it right now,” she said. “I think we’ll have something on it next week. I’m not going to speak about it right now. I can’t confirm or do anything about it right now.”
The senator later released a statement asserting that the cyberattack was unsuccessful.
“Russia continues to engage in cyber warfare against our democracy. I will continue to speak out and press to hold them accountable,” McCaskill said. “While this attack was not successful, it is outrageous that they think they can get away with this. I will not be intimidated. I’ve said it before and I will say it again, Putin is a thug and a bully.”
In August 2017, around the time of the hack attempt, Trump traveled to Missouri and chided McCaskill, telling the crowd to “vote her out of office.” Just this last week, however, Trump said, on Twitter, that he feared Russians would intervene in the 2018 midterm elections on behalf of Democrats.
“In August 2017, around the time of the hack attempt, Trump traveled to Missouri and chided McCaskill, telling the crowd to ‘vote her out of office.’”
The revelations of the attempted hack of McCaskill staffers comes just weeks after Special Counsel Robert Mueller indicted 12 Russian intelligence officers, accusing them of orchestrating cyberattacks that targeted the Democratic National Committee, the Democratic Congressional Campaign Committee, and Clinton’s campaign in 2016.
On Friday, Trump is scheduled to chair a meeting of the National Security Council on election vulnerabilities facing the midterm elections–amid persistent criticism, particularly after his Helsinki meeting with Russian President Vladimir Putin, that he isn’t taking Russian interference seriously.
The attempt against McCaskill’s office was a variant of the password-stealing technique used by Russia’s so-called “Fancy Bear” hackers against Clinton’s campaign chairman, John Podesta, in 2016.
The hackers sent forged notification emails to Senate targets claiming the target’s Microsoft Exchange password had expired, and instructing them to change it. If the target clicked on the link, he or she was taken to a convincing replica of the U.S. Senate’s Active Directory Federation Services (ADFS) login page, a single sign-on point for e-mail and other services.
As with the Podesta phishing, each Senate phishing email had a different link coded with the recipient's email address. That allowed the fake password-change webpage to display the user’s email address when they arrived, making the site more convincing.
In October, Microsoft wrested control of one of the spoofed website addresses–adfs.senate.qov.info. Seizing the Russians’ malicious domain names has been easy for Microsoft since August 2017, when a federal judge in Virginia issued a permanent injunction against the GRU hackers, after Microsoft successfully sued them as unnamed “John Doe” defendants. The court established a process that lets Microsoft take over any web addresses the hackers use that includes a Microsoft trademark.
Microsoft redirected the traffic from the fake Senate site to its own sinkhole server, putting it in a prime position to view targets trying to click through to change their passwords.
The Daily Beast identified McCaskill as a target while investigating statements made by Microsoft VP Tom Burt last week in an appearance at the Aspen Security Forum. Burton discussed the Virginia injunction, and told the audience that it allowed Microsoft to thwart a phishing campaign against three midterm election candidates, who he declined to name.
“We did discover that a fake Microsoft domain had been established as the landing page for phishing attacks, and we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for elections in the midterm elections,” said Burt, Microsoft’s corporate vice president for customer security and trust. “We took down that domain and working with the government actually were able to avoid anybody being infected by that particular attack.”
The most recent domain seizures recorded in the Virginia case took place between August and December of last year, when Microsoft grabbed seven malicious web addresses, including the “qov.info” address. A report from the security company Trend Micro released in January listed that address and the role it played in a Senate phishing campaign against unnamed targets.
A snapshot of a deep link on the phishing site taken September 26th by a website security scanner showed the fake password-change page with the Senate email address of a McCaskill policy aide on display.
“McCaskill has spoken out forcefully against Moscow, likening Russian election-meddling to ‘a form of warfare’ and calling Putin a ‘thug and a bully.’” There is a notable divide between Congress and the Trump administration over the vulnerability of the 2018 election to Russian election interference.
In March, the Senate Intelligence Committee warned state election officials to make cybersecurity a “high priority” for their election systems, particularly over voter databases, and urged the states to bolster their coordination with the Department of Homeland Security. But the secretary of Homeland Security, Kirstjen Nielsen, appeared earlier this month to downplay the threat. While “adversaries and nonstate actors” consider U.S. elections a persistent target, Nielsen said there are “no indications that Russia is targeting the 2018 U.S. midterms at a scale or scope to match their activities in 2016.”
By contrast, Dan Coats, the embattled director of national intelligence, testified in February that Russia considered its 2016 election hacking a success. Putin “views the 2018 U.S. midterm elections as a potential target for Russian influence operations,” Coats told the Senate intelligence panel. Last week, after being rebuked by Trump beside Putin in Helsinki, Coats reiterated his concern about Russia’s “ongoing, pervasive efforts to undermine our democracy.”
Earlier this year, Congress appropriated $380 million, as part of a broader spending package, to individual states for election security. The Senate is currently weighing whether to authorize an additional $250 million in similar grants.
A spokesperson for the Senate Intelligence Committee declined to comment, as did a spokesperson for Mark Warner, the top Democrat on the panel.
McCaskill is one of 10 Senate Democrats facing re-election this year in states that Trump won in 2016. Her likely Republican challenger is Josh Hawley, who currently serves as the state’s attorney general. Outside groups and campaign committees have spent more than $15.5 million against McCaskill so far.
McCaskill has spoken out forcefully against Moscow, likening Russian election-meddling to “a form of warfare” and calling Putin a “thug and a bully.” She was also caught up in the Podesta hack, which was revealed when WikiLeaks released the Clinton campaign chair’s private email communications. The document dump showed that McCaskill called Podesta to inform him that she had “info” about an individual working in the State Department’s inspector general’s office, which at the time was investigating Clinton’s private email server. The “info” was that a top aide at the inspector general’s office once worked for a Republican senator, Chuck Grassley of Iowa.
McCaskill’s criticisms of WikiLeaks stretch back nearly a decade. In 2010, she and Sen. Lindsey Graham (R-S.C.) called for prosecutions of individuals who send classified information to WikiLeaks. Earlier this month, Mueller’s GRU indictment included Russian intelligence officers who, through the Guccifer2.0 persona, are accused of funnelling the hacked 2016 data to WikiLeaks.
“I hope we can find out where this is coming from and go after them with the force of law,” she said at the time.
Trump's lawyer and good buddy Rudy Giuliani was doing the rounds on the US morning shows today, making s string of unusually bizarre statements and walk backs.
This includes a passage on CNN where he speculates at length on whether collusion is actually a crime, and if anything an even more extraordinary interview where he phones in to the Fox morning show Outnumbered.
This is by any standards friendly territory for Team Trump but have a look at the puzzled and deeply concerned look on the Trump loyalists faces.
The Russian Spy Agency in the Middle of Everything By Amy Knight
Daily Beast, 08.08.18 4:52 AM ET
Russia’s military intelligence agency, known as the GRU, is getting blamed for all sorts of things these days. Robert Mueller indicted 12 GRU officers for hacking into computers of the Clinton campaign and the Democratic National Committee. The GRU allegedly was behind the recent poisonings of four people in Britain, including former GRU officer Sergei Skripal, who survived, and a woman accidentally exposed to the powerful nerve agent used, who died.
The 2014 downing of Malaysia Airlines Flight 17 over Ukraine has been laid at the door of the GRU. And recently there were reports that GRU hackers are directing their efforts at the U.S. power grid. Russian mercenaries serving in Syria and in Africa are largely drawn from GRU ranks. Three Russian journalists investigating their activities were murdered last month.
Igor Korobov, the head of the GRU, was singled out personally for U.S. Treasury sanctions in March, along with his organization, even though he had already been sanctioned by the Obama administration in late 2016 for interference in our elections.
Maybe Trump’s people felt they had to make the point after Korobov was invited, along with chiefs of other Russian secret services, to Washington, D.C., in late January–just weeks before the new sanctions were announced. The visit was supposed to be a secret, but the Russians leaked it. The others in attendance were Sergei Naryshkin, the head of the Foreign Intelligence Service (SVR), and Aleksandr Bortnikov, director of the Federal Security Service (FSB).
Steven Hall, a former CIA station chief in Moscow, told Radio Free Europe it is always considered a “big political win” when a Russian spy chief meets one-on-one with his U.S. counterpart, because it puts them on equal footing.
The intelligence chiefs reportedly discussed with the Americans their mutual struggle against global terrorism, but it would be remarkable if the talks were limited to that subject. As a veteran of the FSB explained to a TV audience in Russia, “Many questions cannot be discussed by phone. It was necessary to look each other in the eye and talk about issues that threaten us and the Americans.”
Hall had a different take: “Given the political conditions in the United States now, it’s flabbergasting, to be honest. I can’t imagine who would have signed off on that.”
At home in Russia meanwhile, Korobov is riding high. In 2017, conceivably for his work helping to get Trump elected, Korobov was promoted to colonel-general, and Putin bestowed on him the highest state honor–Hero of the Russian Federation.
It is hard to believe that just a few years ago there was widespread talk in the Russian media about the GRU being on its last legs, perhaps even about to be disbanded. In November 2010, at a celebration of the anniversary of the founding of the GRU in 1918, GRU officers one after another toasted mournfully “to the bright memory” of their agency. The new 70,000-square-meter GRU headquarters, built in 2006 on Khoroshevskoye Shosse, was emptying out, they said.
By one estimate, of the 7,000 GRU officers working in the Soviet era, only 2,000 remained. This included a 40-percent reduction among GRU staff at foreign embassies. The GRU’s famed special combat brigades, the so-called Spetsnaz units, supposedly were going to be transferred to the regular army.
Lt. Gen. Dmitry Gerasimov, who had directed the GRU’s special-purpose brigades, told The New Times: “I am deeply convinced that the GRU special forces are completely devastated. Of the 14 brigades and two GRU training regiments, at best there are not more than four brigades left.” There was also talk of placing GRU signals intelligence systems under the command of the SVR, the foreign intelligence service.
There were several reasons for the GRU’s decline. In the 2008 conflict with the Republic of Georgia, it failed to alert the Russian military that Georgia had received anti-aircraft missiles from Ukraine. Moreover, in Moscow’s intramural spy-vs.-spy rivalries, the GRU had its own channel of information on corruption and money-laundering by the Russian elite that represented a threat to the interests of the FSB and SVR.
According to this analysis, there was a shadow intelligence network, consisting of a clan close to Putin from the FSB, the SVR, and the regular police that was running the country. And this group did not like having a competitor agency capable of independent comparative analysis. Significantly, the chiefs of both the FSB and the SVR sit on Putin’s National Security Council, but not the GRU head, who reports only to the armed forces general staff. Miraculously, however, the GRU bounced back after Igor Sergun became chief of the agency in 2011. According to security expert Mark Galeotti, writing in War on the Rocks, Sergun was “an able, articulate, and effective champion of his agency’s interests… He was particularly good at managing relations with Putin and those to whom the president listens.”
Sergun managed to have several Spetsnaz units transferred back to the GRU. These troops are roughly comparable to U.S. special operations forces. They perform reconnaissance, diversion, and combat operations in various hot spots where there is ethnic strife, such as Chechnya, where they were widely deployed.
Then came the Crimean invasion and the Ukrainian conflict.
As Galeotti pointed out: “The chaos in Ukraine was a boon for the GRU, which was one of the lead agencies both in the seizure of the Crimea in 2014 and the subsequent destabilization of the Donbas [Eastern Ukraine]. If the future means more ‘hybrid war’ operations, more interactions with warlords, gangsters, and insurgents, then this is much more the forte of the GRU than the SVR.”
Some members of GRU units became mercenaries in private military companies like the Wagner Group, under the command of reserve GRU Lt. Col. Dmitry Utkin. In 2014-15 Wagner was one of the main forces in battles fought on the territories of Donetsk and Lugansk in eastern Ukraine.
Subsequently Wagner moved to Syria, where it has played a vital role as the Kremlin’s proxy force supporting Syrian government military offensives. When some of its operatives were involved in an attack on oil installations controlled by U.S. allies on the ground, the Americans counterattacked from the air, allegedly killing several Wagner personnel. In April, a Russian reporter writing about Wagner operations and casualties died under mysterious circumstances, supposedly falling accidentally from the balcony of his fifth floor apartment.
Wagner also runs significant operations as far afield as the Central African Republic, where it bolsters government forces, negotiates with rebels, and guards valuable diamond, gold, and other mineral deposits–activities being investigated by the Russian journalists murdered there.
These ad hoc GRU operations have had some negative repercussions for Moscow. A joint Australian and Dutch investigation determined that the missile used to down Malaysia Airlines Flight 17 in July 2014 originated from the 53rd Anti-Aircraft Missile brigade, a unit of the Russian army from Kursk in the Russian Federation. The respected Bellingcat group has now found that the order to fire the missile was approved by GRU Gen. Oleg Vladimirovich Ivannikov, who supervised several divisions of fighters in Donetsk, including those of Ukrainian separatists and the Wagner Group. Korobov got off to a rocky start when he assumed the post of GRU chief in early 2016. For starters, there were questions raised about the sudden death in January that year of his predecessor, Sergun.
Officially, Sergun died of natural causes in Moscow, but there were reports that he perished in Lebanon. The decision to appoint Korobov took an entire month, reportedly because of a conflict within the Kremlin elite over who should get the job from a choice of four candidates. A group that was allied with the FSB and the SVR, led by Sergei Ivanov (then head of the presidential administration and an old KGB colleague of Putin), wanted one of their own to head the GRU, while those representing Minister of Defense Sergei Shoigu were pushing for Korobov.
The army clan, proponents of an aggressive, confrontational approach toward the West in Ukraine and elsewhere, won out, and within several months Ivanov would lose his Kremlin job.
It is said that Korobov, who specialized in strategic military intelligence, is a pragmatist who is not interested in Kremlin politics and just wants to get the job done, whatever that might be. So it must be unsettling for Korobov to be the only high-level Russian official with staff members under indictment in the United States.
In fact, back in 2006, at the opening of the new GRU headquarters, a journalist asked a GRU general whether U.S. elections were a topic that was followed by their intelligence analysts. The general responded, “That is primarily a task for the SVR [the foreign intelligence service]. We follow [the elections] but to a much lesser extent than the SVR."”
So how to explain that 12 years later the GRU is in the forefront of election meddling in the U.S.?
According to Vadim Birstein, an authority on the Russian security services, “In the past, the ‘active measures’ deployed for decades by the KGB/SVR against the West referred mainly to HUMINT (human intelligence) and disinformation campaigns in the media, rather than cyber warfare operations which are a new level in intelligence wars.”
Although the SVR has cyber weapons–and in fact was reported to be behind the initial 2015 attack on the DNC under the guise of “Cozy Bear”–the GRU, Birstein says, “has more technical resources to conduct operations like those described in the Mueller indictment.”
A persistent question is how Mueller’s team got the information detailed in the indictment. As Alexei Venediktov, editor of Ekho Moskvy (Echo of Moscow) radio, noted: “When you read parts of the indictment you just freak out. Because they [Mueller’s team] know everything–time, place, login, password, career. And this supposedly just by remote methods.” As Venediktov and others say, the FBI must have had insider information. Where did the leak come from? Putin obviously wants to know. When he spoke at a news conference with Trump in Helsinki on July 16, he suggested that Russia and the U.S. cooperate in the investigation by having members of Mueller’s team come to Russia and take part in questioning the GRU officers. (As The Daily Beast reported, this is not nearly as generous as it sounds. When British investigators looking into the murder of former Russian agent Alexander Litvinenko went to Moscow, they found themselves thwarted and put under surveillance.)
Although it is the job of the FSB, as a counterintelligence agency, to find spies and potential traitors within the military, there is some speculation that FSB officers passed information about the GRU’s hacking operations to American intelligence.
Back in December 2016, by which time the GRU had been exposed, some high-level FSB officers in the FSB’s cybersecurity unit were arrested and charged with treason. (One, Sergei Mikhailov, was physically removed from a meeting with a black sack over his head.) The treason case has been kept a closely guarded secret, but Russian insiders suggest that Mikhailov and his colleagues were motivated by the long-standing rivalry between the FSB and the GRU to betray the GRU. According to some sources, money was also a motive.
Of course, the GRU is no stranger to defections and international scandal. The first major spy case to erupt after World War II, igniting the Cold War, occurred in 1945 when a GRU cipher clerk from the Soviet Embassy in Ottawa defected, taking with him reams of secret documents that showed the Soviets had an atomic spy ring in North America.
Then there was the infamous GRU Gen. Oleg Penkovsky, who tipped off Britain that the Soviets had missiles in Cuba–and was executed for treason in 1963. Much later, Sergei Skripal, who for several years cooperated with MI6, provided hundreds of names of his fellow GRU agents before he was caught in 2006 and charged with treason. In 2010 he was handed over to Britain as part of a spy swap, and earlier this year he was poisoned.
British authorities are now saying that the GRU carried out the U.K. murder attempt on Skripal, apparently because Skripal betrayed the agency. Investigators reportedly have evidence that the GRU hacked into the email of Skripal’s daughter, Yulia. But revenge against traitors is traditionally up to the FSB. Recall that the 2006 poisoning of Litvinenko in London, shown by the British High Court Inquiry to be the work of the FSB, was preceded by the July 2006 enactment of a new Russian law that specifically authorized the FSB to carry out assassinations abroad.
But maybe we in the West should stop trying to figure out which Russian security service has been doing what to us. After all, the buck stops in the Kremlin. Putin is a hands-on leader–a KGB veteran himself–who calls the shots on just about everything from assassinations of alleged traitors to revenge against Western politicians he resents, like Hillary Clinton. As the widow of Alexander Litvinenko told me once, “with Putin everything is personal.”
By continuing to use the site, you agree to our use of cookies and to abide by our Terms and Conditions.
