By continuing to use the site, you agree to our use of cookies and to abide by our Terms and Conditions. We in turn value your personal details in accordance with our Privacy Policy.
Please log in or register. Registered visitors get fewer ads.
Phew! Finally finished typing this out: +++++++++++++++++++++++++++++++++++++++++++ THE RUSSIA CONNECTION Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment By Autumn Brewington, Mikhaila Fogel, Susan Hennessey, Matthew Kahn, Katherine Kelley, Shannon Togawa Mercer, Matt Tait, Benjamin Wittes
Lawfare Blog Friday, July 13, 2018, 10:01 PM
The indictment Friday morning of 12 Russian military intelligence officials in connection with the 2016 election hacks and the resulting distribution of purloined emails was not a total surprise. Observers of the Mueller investigation have been expecting it for a long time, particularly since the Feb. 16 indictment of 13 Russian individuals and three companies over the social media campaign conducted by the so-called Internet Research Agency.
But if the hacking indictment was generally expected, nobody seemed to see it coming this week before today’s announcement of an 11:45 am press conference. Special Counsel Robert Mueller moved with his usual combination of patience and strict operational security, and even though Acting Attorney General Rod Rosenstein briefed President Trump on the coming action before the Leaker in Chief left town, the matter held until Rosenstein disclosed it at a Justice Department press conference.
Before turning to what the indictment alleges, and what we can learn from it, it’s worth zooming out to an important macro point about the investigation that led to this action: This was the investigation over which the president of the United States fired James Comey as FBI director.
This is the investigation Comey confirmed on March 20, 2017, when he told Congress, “I have been authorized by the Department of Justice to confirm that the FBI, as part of our counterintelligence mission, is investigating the Russian government's efforts to interfere in the 2016 presidential election.”
This was also the investigation that multiple congressional committees have spent more than a year seeking to discredit–most recently Thursday, when two House panels hauled the former deputy assistant director of the FBI’s Counterintelligence Department, Peter Strzok, a career FBI agent who worked on the Russia probe, up to Capitol Hill for 10 hours of public, televised, abusive conspiracy theorizing. When the president of the United States derides the Mueller investigation as a “witch hunt,” and when congressional Republicans scream at FBI agents, this is the investigation they are trying to harass out of existence.
It is, therefore, fitting that this indictment comes less than one day after the astonishing display House Republicans put on in the Strzok hearing. If Mueller had been trying to remind the public of what the investigation is really about and what the stakes are in it, if he had been trying to make a public statement in response to the Strzok hearing, he could not have timed this action better.
But, to be clear, Mueller was not trying to make a press statement. We know that not merely because that’s not the way Mueller operates but also because Rosenstein said specifically at his press conference that he had briefed the president on the matter before Trump left town–days before the Strzok hearing yet also mere days before Trump has a scheduled meeting with Russian President Vladimir Putin.
The timing of the indictment given the upcoming Helsinki summit is a powerful show of strength by federal law enforcement. Let’s presume that Mueller did not time this indictment to precede the summit by way of embarrassing Trump on the international stage. It is enough to note that he also did not hold off on the indictment for a few days by way of sparing Trump embarrassment–and that Rosenstein did not force him to. Indeed, Rosenstein said at his press conference that it is “important for the president to know what information was uncovered because he has to make very important decisions for the country” and therefore “he needs to know what evidence there is of foreign election interference.” But of course Rosenstein and Mueller did not just let Trump know. They also let the world know, which has the effect–intended or not–of boxing in the president as he meets with an adversary national leader.
Put less delicately: Rosenstein has informed the president, and the world, before Trump talks to Putin one-on-one that his own Justice Department is prepared to prove beyond a reasonable doubt, in public, using admissible evidence, that the president of the Russian Federation has been lying to Trump about Russian non-involvement in the 2016 election hacking.
What the Indictment Alleges
The indictment alleges a detailed and wide-ranging conspiracy to hack into the computers of the Democratic Congressional Campaign Committee (DCCC), the Democratic National Committee (DNC), Hillary Clinton’s presidential campaign and others and to reveal information in order to interfere with the 2016 U.S. presidential election. The special counsel charges 12 officials of the Russian military intelligence agency (“GRU”) with targeting more than 300 individuals affiliated with the Democratic Party or the campaign and leaking tens of thousands of stolen documents.
Starting in March 2016, the indictment alleges, a unit of Russia’s GRU military intelligence organization began sending emails to dozens of employees and volunteers in the Clinton campaign. The conspirators engaged in “spearphishing,” or sending fraudulent emails with embedded links to GRU-created websites disguised to look like trusted entities, such as Google security notifications, ostensibly asking recipients to change their password but, in reality, tricking the targeted users into revealing their login credentials.
Using these stolen credentials, the hackers logged into the targeted users’ personal and campaign email accounts. Later that month, the hackers began researching the computer networks of the DCCC and DNC to identify technical vulnerabilities and connected devices. In April 2016, the conspirators hacked into the DCCC computer network and installed malware to spy on users and steal information.
According to the indictment, the Russians designed their hacking operation to use an overseas computer to relay communications from their malware via a GRU-leased server in Arizona. By June of 2016, the hackers monitored DCCC employees’ computer activity–logging keystrokes and taking screenshots–on at least 10 different computers and transmitted this information to the Arizona server. The conspirators used their access to the DCCC network to hack into Democratic National Committee in mid-April 2016. Overall, the hackers accessed about 33 DNC computers by the end of June using stolen credentials. As they had with the DCCC, they used malware to explore the DNC network and steal documents, the indictment claims. As they explored the networks and removed data, the indictment alleges, the Russians deleted computer logs and files to obscure evidence of their activities.
Still, the intrusions did not go unnoticed. In May 2016, both the DCCC and the DNC hired cybersecurity firm CrowdStrike to discern the extent of the invasions, and the following month, the indictment alleges, the company worked to remove the intruders. Even so, according to the indictment, malware remained on the DNC network until October. The Russians also accessed DNC data through a third-party cloud service in September, the indictment says.
On June 8, 2016–one day before the Trump Tower meeting at which Russian actors met with senior Trump campaign officials promising “dirt” on Hillary Clinton–the indictment alleges that the conspirators launched the website DCLeaks.com, which they labeled as being started by “American hacktivists.” That month, according to the indictment, the group began releasing materials it had stolen from individuals tied to the Clinton campaign as well as documents stolen from other operations dating to 2015, including emails from individuals affiliated with the Republican Party. The conspirators used cryptocurrency to pay for the site, the government asserts, and emails connected to the domain name were also used in spearphishing efforts against the Clinton campaign chairman, John Podesta. The group also created Facebook and Twitter accounts to promote the DCLeaks site, according to the indictment.
In mid-June 2016, when the Democrats publicly acknowledged that they had been hacked, the indictment alleges that the conspirators created the online persona Guccifer 2.0, which they described as a “lone Romanian hacker” to undermine claims of Russian responsibility for the hacks. Interestingly, the Guccifer 2.0 Twitter account followed one of this article’s authors on Twitter that summer:
While that particular fact does not appear in the indictment, the indictment does allege that beginning in August 2016, certain other U.S. persons began interacting with the GRU through the Guccifer 2.0 persona. In mid-August, Guccifer 2.0 allegedly received and responded to a request from a candidate for U.S. Congress for documents stolen from the DCCC related to the candidate’s opponent. Guccifer 2.0 also allegedly sent documents to a reporter regarding the Black Lives Matter movement. The indictment then, in more detail, describes contact between Guccifer 2.0 and “a person who was in regular contact with senior members” of the Trump presidential campaign. These people are not named in the indictment.
To release their stolen data, the conspirators did not stop with DCLeaks and Guccifer 2.0, according to the indictment. It describes extensive interaction between the conspirators and an entity, called “Organization 1,” which the Washington Post and other news outlets have identified as Wikileaks. In late June 2016, Wikileaks allegedly solicited additional stolen information from Guccifer 2.0, saying that its release of the data “will have a much higher impact than what you are doing.” In early July, citing the upcoming Democratic convention, it allegedly messaged Guccifer 2.0 that “if you have anything hillary related we want it in the next tweo [sic] days” and that “we think trump has only a 25% chance of winning against hillary” so stoking conflict between Clinton and her rival Bernie Sanders “is interesting.”
On July 22, 2016, the government asserts, Wikileaks released more than 20,000 emails and documents stolen from the DNC network by the conspirators and “did not disclose Guccifer 2.0’s role in providing them.” The Democratic convention opened days later and was racked by protests from Sanders supports that led to the resignation of Debbie Wasserman Schultz as DNC chairman. The activities continued through the fall: Between Oct. 7 and Nov. 7, 2016, the indictment contends, Wikileaks released approximately 33 tranches of the more than 50,000 documents stolen from John Podesta.
Based on these factual allegations, the indictment includes 11 counts. The first count, citing all of the facts summarized above, charges nine defendants with conspiracy to violate the Computer Fraud and Abuse Act (18 U.S.C. §§ 1030(a)(2)(C), 1030(a)(5)(A), 1030(c)(2)(B), 1030(c)(4)(B), 371 and 3559(g)(1)). The defendants are specifically charged with:
“knowingly access[ing] a computer without authorization and exceed[ing] authorized access to a computer, and to obtain thereby information from a protected computer, where the value of the information obtained exceeded $5,000”;
“knowingly caus[ing] the transmission of a program, information, code, and command, and as a result of such conduct … intentionally caus[ing] damage without authorization to a protected computer, and … caus[ing] … loss aggregating $5,000 in value to at least one person during a one-year period from a related course of conduct affecting a protected computer, and damage affecting at least ten protected computers during a one-year period”; and
“knowingly falsely register[ing] a domain name and knowingly us[ing] that domain name in the course of committing an offense.”
The second count charges 11 defendants with aggravated identity theft in violation of 18 U.S.C. §§ 1028A(a)(1) and(2). The indictment describes the offense as “knowingly transfer[ing], possess[ing], and us[ing], without lawful authority, a means of identification of another person during and in relation to” the commission of computer fraud. The count cites eight victims whose personal, DCCC or DNC email username and passwords the defendants allegedly stole between March 21 and July 6, 2016.
The 10th count charges the defendants with conspiracy to launder more than $95,000 in cryptocurrency with the intention of promoting unlawful activity in the United States in violation of 18 U.S.C. § 1956(h). The document outlines efforts the defendants made from roughly 2015 through 2016 to acquire and mine bitcoin for the purpose of funding their hacking activities, including the purchase of computer infrastructure, domain names and key accounts.
The last count charges two of the GRU officers, Aleksandr Vladimirovich Osadchuk and Anatoliy Sergeyevich Kovalev, with conspiracy to violate the Computer Fraud and Abuse Act, in violation of 18 U.S.C. § 371. The object of the conspiracy was to hack into and steal voter information stored on computers used by people and entities administering the 2016 election. The indictment alleges that in July 2016 Kovalev, along with others not named, hacked a state board of elections website and “stole information related to approximately 500,000 voters.” In August 2016, Kovalev and his co-conspirators allegedly used some of the same infrastructure to hack into a vendor that provided voter verification software. After the FBI issued an alert in August 2016 about the hacking of the state election board, Kovalev erased his search history, and he and his co-conspirators erased records from the accounts they used in hacking election boards and related entities, according to the indictment. In October, Kovalev and others targeted state and local election offices in Georgia, Iowa and Florida, seeking to identify their websites’ vulnerabilities. And in November 2016, the conspirators sent more than 100 spearphishing emails to state and local election officials in Florida.
What the Indictment Reveals About the Hacking Operation
This indictment provides a great deal of information about the extent and internal structure of the Russian government side of the 2016 hacking operation. It also confirms private-sector reporting about the DNC hack, the clean-up operation, the phishing of Podesta, and the operation to distribute stolen emails through Wikileaks and on social media.
Additionally, the indictment shows a massive, and successful, counterintelligence operation by the U.S. government against the Russian government. U.S. authorities do not rely merely on technical forensics for the conclusion that the hack and release of emails was a Russian operation; the indictment also lays out the departments within the Russian government that were behind it, specific individuals who were involved, which officers did what and when, the slang terms used internally, and the breakdown of responsibilities within the teams–down to identifying the specific officers with hands on keyboards.
The indictment describes a number of separate events associated with the 2016 operation, but let’s start with the hack of Hillary Clinton’s campaign manager, Podesta, in March 2016 by GRU officer Aleksey Lukashev. This event had been traced back to the GRU in the fall of 2016. The indictment strongly supports those earlier attributions and adds additional detail–such as the name of the person allegedly at the keyboard.
Based on the public record and the new information in the indictment, here is what we now know happened leading up to the hack and release of John Podesta’s emails.
On March 19, 2016, Podesta received a spearphishing email, ostensibly from Google but actually from the GRU. We knew this even before Friday’s indictment, ironically, because Wikileaks published all of John Podesta’s stolen emails, including the spearphishing email itself. The indictment names GRU officer Aleksey Lukashev as the sender, but the email itself and its public attribution to the GRU are not new. From the phishing email in the Wikileaks archive, we are able to reconstruct what the spearphishing email looked like and the actions taken by Podesta that resulted in his emails dominating headlines in the final few weeks of the 2016 election campaign.
John Podesta spearphishing email (reconstruction)
Although this email was carefully crafted by Russian intelligence officers to look authentic, this email did not come from Google; there had been no genuine attempt to log in to Podesta’s email from Ukraine, and the link on “Change Password” led to a website operated by the GRU. Steps taken with this email include tricks like constructing the text “Someone has your password” using non-English variants of the letter “o” so as to evade automatic detection by Google’s spam filters.
It was also known before Friday what happened next: Podesta forwarded the email to members of his staff. They wrongly concluded that the email was genuine, and Podesta clicked on the link. We know this because this email chain is among the messages leaked by Wikileaks.
This much we already knew: the “Change Password” button on the phishing email took Podesta to a website controlled by the GRU, but first it bounced through the URL shortening service Bit.ly. Unfortunately for the GRU, here the hackers screwed up. The Bitly link reveals a lot of information about the GRU operation, and using this information we can reconstruct what Podesta saw when he clicked the link:
Reconstruction of the John Podesta phishing page
The indictment confirms that although this website was designed to look like a login page for Google, it was, in fact, operated by the Russian government. But the GRU made a mistake that allowed private-sector researchers to tie the phishing of Podesta to the GRU even before Friday’s indictment. When shortening the spearphishing link to send to Podesta using URL-shortening service Bitly, the GRU officer running the operation was logged in. This error allowed private investigators to connect the Podesta phishing email to huge numbers of other phishing emails sent by the GRU. Mueller now adds that, the specific officer who was logged in was, in fact, Lukashev, and his account name was “john356gh.”
Although this attribution was previously known, the indictment makes public some previously unknown details. For example, it’s now clear that this phishing campaign wasn’t done merely on behalf of the GRU but was done internally by GRU officers directly. We now know which officers at the GRU were at the keyboard conducting the operation: Lukashev managed the spearphishing infrastructure, and another officer, Ivan Sergeyevich Yermakov, spent time researching the specific targets at the DNC who were sent the emails. All of this gives the lie to Russia’s claim Friday, in response to the indictment, that the charges are “mud-slinging” intended to “spoil the atmosphere” ahead of the Trump-Putin summit.
The indictment also sheds new light on the hack of the DNC and the DCCC. This is the intrusion that cybersecurity firm CrowdStrike was called in to clean up. In June 2016, Guccifer 2.0 claimed that this breach happened by means of a “zero-day vulnerabilty,” but we now know this is not true. The initial intrusion into the DCCC network took place on April 12, 2016, using the credentials of a DNC employee obtained by spearphishing. Using these stolen credentials, GRU officers Kozachek and Yershov implanted “X-Agent” malware on at least 10 DCCC computers, and using this access, the hackers stole passwords, monitored computer activity, and took documents from the DCCC network to distribute later.
This X-Agent malware was also known to the private sector before Friday’s indictment. X-Agent is a malware toolkit of APT28, one of the well-known Russian state hacker groups, and had been previously strongly attributed to the GRU by dozens of cybersecurity firms. Although not specifically mentioned in the indictment, the specific malware recovered from the DCCC network communicated with the same command-and-control infrastructure used by the GRU when APT28 hacked the German Bundestag in 2015.
But the indictment tells us something that wasn’t previously known about the extent of knowledge within the U.S. government of this specific operation. The U.S. was able to determine not merely that X-Agent was a GRU operative, and that GRU officer Yermakov was the man at the keyboard, but was able to see the actions Yermakov took as he performed target research against the DCCC and as he researched commands used to operate the malware and steal emails from the DCCC’s internal server.
The indictment also gives some additional details on how the emails got from the GRU to Wikileaks. Although no serious observers previously doubted the connection–Guccifer 2.0’s very first post openly announced that Wikileaks had been given documents–the indictment shows that the mechanism for this was an email from Guccifer 2.0 to Wikileaks containing an encrypted repository via email, entitled “wk dnc link1.txt.gpg.”
Finally, the indictment contains new information about the way the GRU paid for infrastructure to support the operation to hack and release documents. According to the indictment, the GRU made payments using the pseudonymous cryptocurrency Bitcoin. It should not be especially surprising that the GRU used Bitcoin–it allows payments to be made without a direct trail leading back to the Russian government–but the GRU officers were careful. Rather than just paying for Bitcoin with currency from an exchange and then trying to obfuscate through multiple Bitcoin wallets before spending it, the GRU also mined their own, allowing it to be anonymous from the start, as well as purchasing Bitcoin using prepaid cards in order to avoid direct connections between the GRU’s hacking infrastructure and the GRU itself. Still, the U.S. government was able to trace all these transactions back to the GRU.
In sum, the indictment confirms a great deal of reporting that was already public on technically attributing the 2016 hack and release of documents to the GRU. But it also shows a significant and successful U.S. counterintelligence operation that gives insights into the breadth and scope of U.S. attribution capabilities–technical, financial and intelligence-led attribution down to which individuals within the Russian government were behind aspects of the hack, their responsibilities within the organization, their communications and even the specific terms they searched for as they worked.
Identifying the Unknown
The indictment describes a number of interactions between the alleged conspirators, in the persona of Guccifer 2.0, and several unnamed U.S. persons and other entities whose identities the document obscures. Most of these individuals have already been publicly identified. The indictment, for example, mentions a “person in regular contact with senior members” of the Trump campaign, to whom the conspirators wrote on Aug. 15, 2016. As the indictment describes the interaction, Guccifer 2.0 wrote: “thank u for writing back ... do u find anyt[h]ing interesting in the docs i posted?” The indictment continues:
On or about August 17, 2016, the Conspirators added, “please tell me if i can help u anyhow ... it would be a great pleasure to me.” On or about September 9, 2016, the Conspirators, again posing as Guccifer 2.0, referred to a stolen DCCC document posted online and asked the person, “what do u think of the info on the turnout model for the democrats entire presidential campaign.” The person responded, “[p]retty standard.”
This person has been identified as Roger Stone–by Stone himself. Stone published the very exchange described in the indictment on his website, StoneColdTruth, in March 2017.
The indictment also briefly mentions an interaction between the conspirators and a reporter to whom they sent documents regarding the Black Lives Matter movement. Lee Stranahan of Breitbart News and Sputnik has publicly disclosed his interaction with Guccifer 2.0 and said Friday on Twitter that he is the journalist mentioned in the document. The special counsel also describes an exchange in which Guccifer 2.0 directly offers stolen emails from “Hillary Clinton’s staff” to a U.S. reporter. The Smoking Gun website has claimed to be this reporter.
The indictment describes a “state lobbyist and online source of political news” as having received 2.5 gigabytes of stolen data from Guccifer 2.0, including donor records and personal identifying information of more than 2,000 Democratic donors. The Wall Street Journal reported in March 2017 that this individual is Florida GOP operative Aaron Nevins. Nevins, who posted under the pen name Mark Miewurd on the website HelloFLA!, later described his interaction with Guccifer 2.0 in an interview with the Sun Sentinel.
There is one major U.S. interlocutor mentioned who remains something of a mystery. According to the indictment, on Aug. 15, 2016, Guccifer 2.0 received a request for stolen documents from a congressional candidate and sent documents to the candidate. While it is not immediately clear who the congressional candidate may have been, the New York Times in December 2016 reported on several Democratic congressional candidates who were victims of leaks of hacked DNC and DCCC information.
No Collusion?
In response to the indictment, the White House released a statement saying,
As Deputy Attorney General Rod Rosenstein said today:
There is no allegation in this indictment that Americans knew that they were corresponding with Russians. There is no allegation in this indictment that any American citizen committed a crime. There is no allegation that the conspiracy changed the vote count or affected any election result. Today’s charges include no allegations of knowing involvement by anyone on the campaign and no allegations that the alleged hacking affected the election result. This is consistent with what we have been saying all along.
Leave aside the obvious falsity of the White House’s assertion that the indictment is “consistent” with the president’s prior statements, which have repeatedly questioned Russia’s involvement in election interference. Leave aside also the question of why the White House’s response to an indictment on this subject made no mention, at all, of the unprecedented attack by a foreign adversary on foundational elements of U.S. democracy and instead merely defended the president’s campaign as not having knowingly participated in it.
The statement is largely accurate, as is the Rosenstein statement on which it draws. This indictment does not charge or allege specific criminal misconduct by any American. And it is careful–as was the indictment in February–not to sweep broadly in its claims about people on this side of the Atlantic. That said, the indictment does not in any sense foreclose the possibility of substantial, knowing and even criminal involvement by Americans. And it actually moves the ball forward on possible collusion, which would likely take the legal form of criminal conspiracy, in important respects.
First, while the indictment does not charge any American with specific criminal conduct, it does describe conduct by Americans that, depending on further factual development, raises potentially serious questions. The most striking example of this occurs in paragraph 43(a): “On or about August 15, 2016, the Conspirators, posing as Guccifer 2.0, received a request for stolen documents from a candidate for the U.S. Congress. The Conspirators responded using the Guccifer 2.0 persona and sent the candidate stolen documents related to the candidate’s opponent.”
Soliciting stolen, hacked emails should be politically fatal to an aspiring–or possibly serving–member of Congress, particularly when the thief one petitions turns out to be an adversary foreign intelligence agency. It also raises questions about possible criminal liability for soliciting and receiving stolen information, at least to the extent that the government can prove that one knows the material is stolen. There is no indication that this American was involved with the Trump campaign. So to the extent that “collusion” is shorthand for collusion by individuals related to the Trump campaign, this incident many not meaningfully change the picture. The special counsel indictment announcement in February also named Americans unrelated to the Trump campaign as being dupes of the conspiracy, though those people were more clearly unwitting dupes.
Second, the indictment leaves open the possibility of conduct by Americans not described in this document. While the document does not allege any American who corresponded with these entities knew that they were part of the Russian conspiracy, it also does not say that they did not know or suspect these entities were part of a Russian operation. It leaves that question, about these actors and others, for another day. This document alleges that Americans–including at least one individual who was closely connected to the Trump campaign–had contact with the charged conspirators. Whether they did so with sufficient knowledge or criminal intent, and whether they took the necessary affirmative steps to create legal liability, is simply not addressed in this indictment. It clears no one, and it actually places publicly reported conduct in a more sinister light by clarifying that the individuals in question were, in fact, in contact with Russian conspirators, knowingly or otherwise.
Finally, the factual allegations in this document significantly improve the possibility of criminal conspiracy charges involving Americans. Until this action, there was little indication in the public record that the hacking operation persisted beyond the date the documents were released. While there were questions about whether the Trump campaign participated in some way in coordinating the release of these documents, the presumption based on public evidence was that the hacking scheme–that is, the violation of the Computer Fraud and Abuse Act, which constituted the most obvious criminal offense–was complete. This left a bit of a puzzle for “collusion” purposes. If the crime was completed at the time the hacking and theft were done, what crime could constitute conspiracy? One year ago to the day, Helen Murillo and Susan Hennessey analyzed the possibility of conspiracy to violate the CFAA. At the time, they noted a stumbling block to the analysis even if individuals in the Trump campaign encouraged the release of documents or coordinated timing:
While the precedent isn’t entirely clear on the matter, it is possible prosecutors here would need to prove not just that a member of the Trump team was aware of the CFAA scheme when he or she took steps to support the tortious act or violation of another state or federal law, but also that the Russians had the intention of publishing the emails at the time they obtained the information in the first instance. It isn’t at all clear from the public record that the Russians initially obtained the emails for the purpose of publishing them. Indeed, there is some suspicion the original intrusion was just in furtherance or ordinary espionage and the plan to release the emails came later.
The Internet Research Agency indictment, in February, offered a potential legal solution to that puzzle.
This indictment, by contrast, offers a potential factual breakthrough. It tells us that the prior factual premise was wrong: the alleged conduct violating the CFAA continued to occur throughout the summer of 2016. That affects the earlier analysis in two ways. First, it makes clear that the Russians did intend to release the information at the time the hacking occured. Second, and perhaps more important, the indictment alleges that the criminal hacking conspiracy was ongoing at the time individuals in the Trump campaign were in contact with charged and uncharged Russian conspirators, raising the possibility of more straightforward aiding and abetting liability.
In other words, stay tuned. This indictment represents a tightening of the ring in the story of criminal prosecution for the 2016 election hacking. The government has now alleged that the social media manipulations by Russian actors constituted a criminal conspiracy. It has alleged as well that the hacking of Democratic Party and Clinton campaign emails were crimes conducted by officers of the Russian state. The question remains: Who, if anyone, helped?
Topics: Cybersecurity and Deterrence, Federal Law Enforcement, The Russia Connection, Cybersecurity: Crime and Espionage Tags: Robert Mueller
Autumn Brewington is an editor at Lawfare and a freelance writer in Washington. She was an editor at The Washington Post from 2001 to 2014 and ran The Wall Street Journal’s Think Tank blog from 2014 through 2016. A graduate of the Missouri School of Journalism, she also edits for the Texas National Security Review.
It is a wondeful story, they just have to hope and pray none of the Russians actually contest it in court as they did with the previous Fiasco of a case. They have become a laughing stock in court, indicting people who don't exist, indicting companies that did not exist when the "crime" was supposedly committed, so called evidence of persuasion in Russian with no English translation. You couldn't make up, oh but they did didn't they. LOL
-1
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 15:49 - Jul 15 with 7949 views
‘Warning Lights Are Blinking Red,’ Top Intelligence Officer Says of Russian Attacks‘Warning Lights Are Blinking Red,’ Top Intelligence Officer Says of Russian Attacks By Julian E. Barnes
NYT, July 13, 2018
WASHINGTON – The nation’s top intelligence officer said on Friday that the persistent danger of Russian cyberattacks today was akin to the warnings the United States had of stepped-up terror threats ahead of the Sept. 11, 2001, attacks.
That note of alarm sounded by Dan Coats, the director of national intelligence, came on the same day that 12 Russian agents were indicted on charges of hacking the Democratic National Committee and Hillary Clinton’s presidential campaign. Mr. Coats said those indictments illustrated Moscow’s continuing strategy to undermine the United States’ democracy and erode its institutions.
“The warning lights are blinking red again,” Mr. Coats said as he cautioned of cyberthreats. “Today, the digital infrastructure that serves this country is literally under attack.”
Coming just days ahead of President Trump’s meeting with President Vladimir V. Putin of Russia, Mr. Coats’s comments demonstrate the persistent divisions within the administration on Russia – and on how hard a line senior administration officials should take with Moscow on its cyberspace activities.
Mr. Trump has said he would raise the issue of Russian election interference with Mr. Putin during their meeting in Helsinki, Finland. And Mr. Trump regularly cites some strong actions his administration has taken to punish Moscow, such as expelling 60 Russians accused of intelligence activities. But Mr. Trump and the White House also routinely minimize information about the impact of Moscow’s cyberattacks and intrusion efforts on the 2016 election.
The government’s national security agencies, particularly the intelligence agencies, have been far more concerned about Russia’s 2016 interference campaign – and efforts still underway.
Mr. Coats, a former Republican senator from Indiana, has helped position the intelligence agencies in the more hard-line camp, pushing for more aggressive actions to halt cyberattacks by Russia and other nations. In a speech last month in France, he outlined the recent history of Russian cyberattacks on elections and on candidates critical of Moscow.
In his remarks on Friday, Mr. Coats did not directly address Mr. Trump’s coming meeting with Mr. Putin. But Mr. Coats did say that if he was meeting the Russian president, he would deliver a sharp message that the United States knows what the Russians are doing and that Mr. Putin’s government is responsible for the cyberattacks.
Mr. Coats also expressed frustration with cyberspace strategies that emphasize only defense, and not offense as well. Evoking President Ronald Reagan’s Cold War approach to the Soviet Union, Mr. Coats suggested that if Russia continued to try to take on the United States in the cyberarena, then the administration should “throw everything we have got into it.”
Seth G. Jones, a senior adviser with the Center for Strategic and International Studies, said Reagan pushed the United States to begin offensive information operations against the Soviet Union. Invoking Reagan, Mr. Jones said, was hardly accidental and was symbolically important because he remains revered by Republicans.
The comments by Mr. Coats reflect the view by the intelligence community that Russia’s campaign remains a grave threat.
“Russia continues to be aggressive across the board,” Mr. Jones said. “Much as the Soviets did in the Cold War, the Russian active measures are much bigger than just elections.”
Mr. Coats has previously warned about continuing Russian attempts to influence future elections, including the midterm elections in the fall. At a Senate hearing this year, Mr. Coats said that Russia viewed the midterm elections as a potential target, and he said Moscow’s activities were designed “to exacerbate social and political fissures in the United States.”
Mr. Coats said on Friday that the intelligence community was working with the F.B.I. and the Department of Homeland Security to support states’ efforts to secure their elections.
The federal effort has been hampered by the fact that elections are controlled at the state and local levels. States have had different levels of cooperation with the federal authorities.
While Mr. Coats did not directly address that issue, he mentioned that a problem in one state could throw the midterms or the next presidential election into doubt.
Friday’s comments by Mr. Coats at the Hudson Institute, a Washington think tank, appeared aimed at increasing the intensity of his warnings over Russia.
Mr. Coats said Russian and other actors were exploring vulnerabilities in critical infrastructure and trying to infiltrate energy, water, nuclear and manufacturing sectors.
“These actions are persistent, they are pervasive and they are meant to undermine America’s democracy,” Mr. Coats said.
He did not outline any details of what exactly the United States or its intelligence agencies will do to curtail the intrusions. But he did say intelligence and other government agencies will speak more publicly about the threat of cyberattacks and cyberinterference to increase public knowledge.
Mr. Coats said cyberattacks from Russia, China, North Korea and Iran were mounting on American business and government agencies every day. China has the most adept hackers working for a government, Mr. Coats said. But Beijing’s agenda was more focused on stealing information and technical advances, while Moscow remained more interested in dividing the United States from its allies and undermining democracy, he said.
Both the Russian and Chinese governments have repeatedly insisted they are the victims, not the perpetrators, of cyberattacks.
Gun-Rights Activist Charged With Acting as Russian Agent Maria Butina worked at direction of a ‘high level official in the Russian government,’ Justice Department says; attorney denies charges By Del Quentin Wilber
WSJ, Updated July 16, 2018 4:07 p.m. ET
A Russian gun-rights advocate was arrested over the weekend on charges of being an agent of a foreign power and ordered held without bail pending a hearing on Wednesday, according to the Justice Department.
Maria Butina, 29 years old, was charged in a criminal complaint with working at the direction of a “high level official in the Russian government” starting as early as 2015 and continuing through at least early 2017, the Justice Department said in a press release announcing the charges.
The Russian official, who was sanctioned by the Treasury Department in April, was described by federal prosecutors as a former “member of the legislature of the Russian Federation and later became a top official at the Russian Central Bank.”
Court papers allege that Ms. Butina acted as an agent of Russia by developing relationships with unnamed U.S. persons and infiltrating organizations having influence in American politics. Ms. Butina’s attorney issued a statement denying the charges.
In an appearance before a federal magistrate judge in Washington, Ms. Butina was ordered held pending a bail hearing scheduled for Wednesday, the Justice Department said.
The charges were announced as President Donald Trump is in Finland for a meeting with Russian President Vladimir Putin.
Ms. Butina was the subject of multiple news reports in the past year about her contacts with the National Rifle Association and conservative activists, and her work for a Russian official who was sanctioned by the U.S. in April, Alexander Torshin.
According to the charging papers, Mr. Butina allegedly continued to work for Mr. Torshin while she was in Washington, and they together took steps to “infiltrate” political groups including the National Rifle Association to “advance the interests of the Russian Federation.”
An NRA representative had no immediate comment. The NRA and Mr. Torshin are not named in court papers, but the facts provided about them allow them to be easily identified.
In an odd confluence of circumstances there are persistent rumours surrounding the NRA's role in potentially funnelling significant sums of dark money to Trump's campaign.
They are easily identifiable in the indictment, but of much greater interest is the identity of the mysterious individuals referred to only as US Persons 1&2. . .
From the Start, Trump Has Muddied a Clear Message: Putin InterferedFrom the Start, Trump Has Muddied a Clear Message: Putin Interfered By David E. Sanger and Matthew Rosenberg
NYT, July 18, 2018
WASHINGTON – Two weeks before his inauguration, Donald J. Trump was shown highly classified intelligence indicating that President Vladimir V. Putin of Russia had personally ordered complex cyberattacks to sway the 2016 American election.
The evidence included texts and emails from Russian military officers and information gleaned from a top-secret source close to Mr. Putin, who had described to the C.I.A. how the Kremlin decided to execute its campaign of hacking and disinformation.
Mr. Trump sounded grudgingly convinced, according to several people who attended the intelligence briefing. But ever since, Mr. Trump has tried to cloud the very clear findings that he received on Jan. 6, 2017, which his own intelligence leaders have unanimously endorsed.
The shifting narrative underscores the degree to which Mr. Trump regularly picks and chooses intelligence to suit his political purposes. That has never been more clear than this week.
On Monday, standing next to the Russian president in Helsinki, Finland, Mr. Trump said he accepted Mr. Putin’s denial of Russian election intrusions. By Tuesday, faced with a bipartisan political outcry, Mr. Trump sought to walk back his words and sided with his intelligence agencies.
On Wednesday, when a reporter asked, “Is Russia still targeting the U.S.?” Mr. Trump shot back, “No” – directly contradicting statements made only days earlier by his director of national intelligence, Dan Coats, who was sitting a few chairs away in the Cabinet Room. (The White House later said he was responding to a different question.)
Hours later, in a CBS News interview, Mr. Trump seemed to reverse course again. He blamed Mr. Putin personally, but only indirectly, for the election interference by Russia, “because he’s in charge of the country.”
In the run-up to this week’s ducking and weaving, Mr. Trump has done all he can to suggest other possible explanations for the hacks into the American political system. His fear, according to one of his closest aides who spoke on the condition of anonymity, is that any admission of even an unsuccessful Russian attempt to influence the 2016 vote raises questions about the legitimacy of his presidency.
The Jan. 6, 2017, meeting, held at Trump Tower, was a prime example. He was briefed that day by John O. Brennan, the C.I.A. director; James R. Clapper Jr., the director of national intelligence; and Adm. Michael S. Rogers, the director of the National Security Agency and the commander of United States Cyber Command.
The F.B.I. director, James B. Comey, was also there; after the formal briefing, he privately told Mr. Trump about the “Steele dossier.” That report, by a former British intelligence officer, included uncorroborated salacious stories of Mr. Trump’s activities during a visit to Moscow, which he denied.
According to nearly a dozen people who either attended the meeting with the president-elect or were later briefed on it, the four primary intelligence officials described the streams of intelligence that convinced them of Mr. Putin’s role in the election interference.
They included stolen emails from the Democratic National Committee that had been seen in Russian military intelligence networks by the British, Dutch and American intelligence services. Officers of the Russian intelligence agency formerly known as the G.R.U. had plotted with groups like WikiLeaks on how to release the email stash.
And ultimately, several human sources had confirmed Mr. Putin’s own role.
That included one particularly valuable source, who was considered so sensitive that Mr. Brennan had declined to refer to it in any way in the Presidential Daily Brief during the final months of the Obama administration, as the Russia investigation intensified.
Instead, to keep the information from being shared widely, Mr. Brennan sent reports from the source to Mr. Obama and a small group of top national security aides in a separate, white envelope to assure its security.
Mr. Trump and his aides were also given other reasons during the briefing to believe that Russia was behind the D.N.C. hacks.
The same Russian groups had been involved in cyberattacks on the State Department and White House unclassified email systems in 2014 and 2015, and in an attack on the Joint Chiefs of Staff. They had aggressively fought the N.S.A. against being ejected from the White House system, engaging in what the deputy director of the agency later called “hand-to-hand combat” to dig in.
The pattern of the D.N.C. hacks, and the theft of emails from John D. Podesta, Hillary Clinton’s campaign chairman, fit the same pattern.
After the briefings, Mr. Trump issued a statement later that day that sought to spread the blame for the meddling. He said “Russia, China and other countries, outside groups and countries” were launching cyberattacks against American government, businesses and political organizations – including the D.N.C. Still, Mr. Trump said in his statement, “there was absolutely no effect on the outcome of the election.”
Mr. Brennan later told Congress that he had no doubt where the attacks were coming from.
“I was convinced in the summer that the Russians were trying to interfere in the election,” he said in testimony in May 2017. “And they were very aggressive.” For Mr. Trump, the messengers were as much a part of the problem as the message they delivered.
Mr. Brennan and Mr. Clapper were both Obama administration appointees who left the government the day Mr. Trump was inaugurated. The new president soon took to portraying them as political hacks who had warped the intelligence to provide Democrats with an excuse for Mrs. Clinton’s loss in the election.
Mr. Comey fared little better. He was fired in May 2017 after refusing to pledge his loyalty to Mr. Trump and pushing forward on the federal investigation into whether the Trump campaign had cooperated with Russia’s election interference.
Only Admiral Rogers, who retired this past May, was extended in office by Mr. Trump. (He, too, told Congress that he thought the evidence of Russian interference was incontrovertible.)
And the evidence suggests Russia continues to be very aggressive in its meddling.
In March, the Department of Homeland Security declared that Russia wastargeting the American electric power grid, continuing to riddle it with malware that could be used to manipulate or shut down critical control systems. Intelligence officials have described it to Congress as a chief threat to American security. Just last week, Mr. Coats said that current cyberthreats were “blinking red” and called Russia the “most aggressive foreign actor, no question.”
“And they continue their efforts to undermine our democracy,” he said. Christopher A. Wray, the F.B.I. director, also stood firm.
“The intelligence community’s assessment has not changed,” Mr. Wray said on Wednesday at the Aspen Security Forum. “My view has not changed, which is that Russia attempted to interfere with the last election and continues to engage in malign influence operations to this day.”
The Russian efforts are “aimed at sowing discord and divisiveness in this country,” he continued. “We haven’t yet seen an effort to target specific election infrastructure this time. We could be just a moment away from the next level.”
“It’s a threat we need to take extremely seriously and respond to with fierce determination and focus.”
Almost as soon as he took office, Mr. Trump began casting doubts on the intelligence on Russia’s election interference, though never taking issue with its specifics. He dismissed it broadly as a fabrication by Democrats and part of a “witch hunt” against him. He raised unrelated issues, including the state of investigations into Mrs. Clinton’s home computer server, to distract attention from the central question of Russia’s role – and who, if anyone, in Mr. Trump’s immediate orbit may have worked with them.
In July 2017, just after meeting Mr. Putin for the first time, Mr. Trump told a New York Times reporter that the Russian president had made a persuasive case that Moscow’s cyberskills were so good that the government’s hackers would never have been caught. Therefore, Mr. Trump recounted from his conversation with Mr. Putin, Russia must not have been responsible.
Since then, Mr. Trump has routinely disparaged the intelligence about the Russian election interference. Under public pressure – as he was after his statements in Helsinki on Monday – he has periodically retreated. But even then, he has expressed confidence in his intelligence briefers, not in the content of their findings. That is what happened again this week, twice.
Mr. Trump’s statement in Helsinki led Mr. Coats to reaffirm, in a statement he deliberately did not get cleared at the White House, that American intelligence agencies had no doubt that Russia was behind the 2016 hack.
That contributed to Mr. Trump’s decision on Tuesday to say that he had misspoken one word, and that he did believe Russia had interfered – although he also veered off script to declare: “Could be other people also. A lot of people out there.”
Follow David Sanger and Matthew Rosenberg on Twitter: @SangerNYT and @AllMattNYT.
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 13:11 - Jul 19 by Ace_Jack
source needed
The Source is the Inspector Generals Report to Congress, including many, many FBI/DOJ emails. But you won't find Shaky reporting on any of that information as it totally destroys the narrative he has just posted. The CIA/FBI/DOJ all lied to Mr Trump (during election) President Trump (after election) The people of the USA Congress. Why would anyone trust anything they say, both Brennan & Comey were caught lying to Congress (a Felony) multiple times. Have you read the Page/Strzok emails and Congress interviews? As for Mueller, try looking in to his previous Court Cases where he lied and used false evidence and got away with it.
-1
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 23:37 - Jul 19 with 7457 views
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 22:46 - Jul 19 by A_Fans_Dad
The Source is the Inspector Generals Report to Congress, including many, many FBI/DOJ emails. But you won't find Shaky reporting on any of that information as it totally destroys the narrative he has just posted. The CIA/FBI/DOJ all lied to Mr Trump (during election) President Trump (after election) The people of the USA Congress. Why would anyone trust anything they say, both Brennan & Comey were caught lying to Congress (a Felony) multiple times. Have you read the Page/Strzok emails and Congress interviews? As for Mueller, try looking in to his previous Court Cases where he lied and used false evidence and got away with it.
Those missing emails were found by the way.
And the way you've regurgitated talking points like Strozk emails is cute. He's been removed from the Mueler investigation and he slapped GOP congressmen around for fun in a 12 hour hearing last week. It was embarrassing watching morons like Trey Gowdy try and land a punch but couldn't.
Mueller has several guilty pleas and cooperating witnesses. No Fox News bluster is going to talk Trump out of treason.
1
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 00:11 - Jul 20 with 7445 views
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 23:37 - Jul 19 by Ace_Jack
Those missing emails were found by the way.
And the way you've regurgitated talking points like Strozk emails is cute. He's been removed from the Mueler investigation and he slapped GOP congressmen around for fun in a 12 hour hearing last week. It was embarrassing watching morons like Trey Gowdy try and land a punch but couldn't.
Mueller has several guilty pleas and cooperating witnesses. No Fox News bluster is going to talk Trump out of treason.
Define treason for me, son. What does it mean to you?
An idea isn't responsible for those who believe in it.
0
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 01:39 - Jul 20 with 7414 views
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 23:37 - Jul 19 by Ace_Jack
Those missing emails were found by the way.
And the way you've regurgitated talking points like Strozk emails is cute. He's been removed from the Mueler investigation and he slapped GOP congressmen around for fun in a 12 hour hearing last week. It was embarrassing watching morons like Trey Gowdy try and land a punch but couldn't.
Mueller has several guilty pleas and cooperating witnesses. No Fox News bluster is going to talk Trump out of treason.
>> It was embarrassing watching morons like Trey Gowdy try and land a punch but couldn't.
Here it is with sub-titles / explanations. TG seemed happy enough with how things went.
The Russia probe cannot be subject to Congressional scrutiny because it is ongoing...... so Congressional scrutiny does not exist - by design.
And yet, for some strange reason, Lisa Page answered all the questions Peter Strok didn't, in a closed session later.
We are the NORTH BANK POPULAR FRONT !
(in no way affiliated to those splitters the North Bank Alliance.)
WWG1WGA
0
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 04:56 - Jul 20 with 7392 views
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 23:37 - Jul 19 by Ace_Jack
Those missing emails were found by the way.
And the way you've regurgitated talking points like Strozk emails is cute. He's been removed from the Mueler investigation and he slapped GOP congressmen around for fun in a 12 hour hearing last week. It was embarrassing watching morons like Trey Gowdy try and land a punch but couldn't.
Mueller has several guilty pleas and cooperating witnesses. No Fox News bluster is going to talk Trump out of treason.
Treason 🤣 You obviously don’t understand what the word means. Bush, Clinton (both of them) Obama, heath, brown, blair, may that’s what = treason. If anyone thinks that President Trump will face changes of treason they must be barking. It would probably start the 2nd America revolution.
-1
Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment on 10:03 - Jul 20 with 7357 views
Trump appointment Deputy Attorney General Rod Rosenstein discusses Russian cyberwarfare efforts at Aspen security conference:
NB Lechgrin: Aiding and abetting foreign cyberwarfare efforts directed at your own country or attempting to cover them up on their behalf is one example of treason