A new indictment handed down Friday by Deputy Attorney General Rod Rosenstein against a dozen Russian GRU military intelligence officers exposes new details of the hacking of high-level Clinton campaign officials as well as the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC).
A result of the special counsel investigation into Russian interference in the 2016 election, the indictment also offers jaw-dropping context. For starters, it suggests the Russian cyber attackers took cues from then-candidate Donald Trump himself in the Russian government’s effort to boost Trump’s bid for the White House. The court documents also highlight alleged collaboration between Russian hackers and “Organization 1” – which matches the behavior of WikiLeaks – to hamper the campaign of Hillary Clinton.
The indictment arrived just days before a scheduled July 16th meeting between Trump and Russian President Vladimir Putin in Helsinki, Finland.
Below are five key revelations from the indictment.
1) Trump asked for Russia’s help finding Hillary Clinton’s emails; Russia responded
On July 27th, 2016 Trump made an open call for Russian interference in the election, asking Putin’s state to find emails that had been unrecoverable from Clinton’s private email server. Appearing to encourage cyber-espionage, Trump said: “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing… I think you will probably be rewarded mightily by our press.”
From the indictment, it seems plain that the Russians allegedly attempted to do Trump’s bidding: “The Conspirators spearphished individuals affiliated with the Clinton Campaign throughout the summer of 2016,” the indictment reads. “For example, on or about July 27, 2016, the Conspirators attempted after hours to spearphish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton’s personal office.”
Barton Gellman, a leading intelligence reporter, responded to this revelation in a tweet: “This is OMFG material. Trump explicitly asks ‘Russia’ to hack Clinton, and Russian intelligence starts trying *the same day*. We look for secret evidence of ‘collusion’ but Trump’s end was always in plain sight. Now we know Russia took his request as guide to further crimes.”
2) The Russians were corresponding with an individual connected to the Trump campaign
According to the indictment, the Russian hackers, posing as “Guccifer 2.0,” allegedly corresponded with “ a person who was in regular contact with senior members of the presidential campaign of Donald J. Trump,” seeking to “help u.” This individual is believed to be longtime Trump ally Roger Stone. (Read Stone’s response here.)
“On or about August 15, 2016, the Conspirators, posing as Guccifer 2.0, wrote…’thank u for writing back . . . do u find anyt[h]ing interesting in the docs i posted?’ On or about August 17, 2016, the Conspirators added, ‘please tell me if i can help u anyhow . . . it would be a great pleasure to me.’ On or about September 9, 2016, the Conspirators, again posing as Guccifer 2.0, referred to a stolen DCCC document posted online and asked the person, ‘what do u think of the info on the turnout model for the democrats entire presidential campaign.’ The person responded, ‘[p]retty standard.’”
3) A congressional candidate corresponded with the cyber attackers and obtained hacked documents about his/her opponent
The indictment alleges: “On or about August 15, 2016, the Conspirators, posing as Guccifer 2.0, received a request for stolen documents from a candidate for the US. Congress. The Conspirators responded using the Guccifer 2.0 persona and sent the candidate stolen documents related to the candidate’s opponent.”
4) “Organization 1” – possibly Wikileaks – collaborated with the Russians, seeking to harm the Clinton campaign
The indictment describes an “Organization 1,” whose description and behavior matches WikiLeaks: “The Conspirators also used the Guccifer 2.0 persona to release additional stolen documents through a website maintained by an organization (‘Organization 1’), that had previously posted documents stolen from U.S. persons, entities, and the U.S. government.” (WikiLeaks posted a copy of the indictment to Twitter but has not commented further.)
The indictment details alleged collaboration between the Russians and “Organization 1” from late June through the weeks leading up to the election. It shows “Organization 1” seeking to aid the Russians in achieving “higher impact” by timing the release of damaging stolen documents with the Democratic convention, to hamper Hillary Clinton by exacerbating “conflict between bernie and hillary.”
The indictment reads: “On or about June 22, 2016, Organization 1 sent a private message to Guccifer 2.0 to ‘[s]end any new material [stolen from the DNC] here for us to review and it will have a much higher impact than what you are doing.’ On or about July 6, 2016, Organization 1 added, ‘if you have anything hillary related we want it in the next tvveo [sic] days prefable [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after.’ The Conspirators responded, ‘ck . . . i see.’ Organization 1 explained, ‘we think trump has only a 25% chance of winning against hillary . . . so conflict between bemie and hillary is interesting.’ On or about July 18, 2016, Organization 1 confirmed it had ‘the 1Gb or so archive’ and would make a release of the stolen documents ‘this week.’
5) The Russian spycraft is sophisticated – making use of fake American names and websites, managing exploits from computers based in Arizona and Illinois, and trafficking in bitcoin.
The full indictment offers intriguing details about the reported Russian methods. The hackers allegedly used a bevy of American pseudonyms including “Alice Donovan,” “Kate S. Milton,” “James McMorgans,” “Karen W. Millen,” “Carrie Feehan,” “Jason Scott” and “Richard Gingrey”
The code names for their hacking malware included “X-Agent” – “used to hack the DCCC and DNC networks” and “X-Tunnel” – “to move the stolen documents outside the DCCC and DNC networks through encrypted channels.”
The alleged Russian spearfishing exploits included trying to get Democratic staffers to click on documents with names like “hillaryclinton—favorable-rating.xlsx.”
The Russians allegedly spoofed the popular ActBlue donor portal, using a slight misspelling: “The Conspirators used stolen DCCC credentials to modify the DCCC website and redirect visitors to the actblues.com domain.” (An Act Blue vet responds: “This was one of the absolutely surreal moments of 2016. We knew someone was trying to spoof ActBlue to try and fool donors, but obviously didn’t know it was the Russians.”)
The same Russians allegedly engaged in other political interference, like using “the Twitter account @BaltimoreIsWhr” to ask “U.S. audiences to ‘[j]oin our flash mob’ opposing Clinton and to post images with the hashtag #BlacksAgainstHillary.”
The hackers allegedly paid in crypto: “To facilitate the purchase of infrastructure used in their hacking activity,” the indictment reads, “the Defendants conspired to launder the equivalent of more than $95,000 through a Web of transactions structured to capitalize on the perceived anonymity of cryptocurrencies such as bitcoin.”
The federal indictment offers new hints of collusion between Trump and the government of Vladimir Putin, just as the two are scheduled to meet face to face. It underscores for the world – and especially our NATO allies just antagonized by Trump – that the American president may not simply be Putin’s ally, but his asset.