A and B. GRU Hacking and Dissemination of the Hacked Materials
pp 36 – 49
Thanks to all for the feedback on whether we should continue.
It looks like Jerrold Nadler plans to make the Mueller report a central part of the leadup to impeachment proceedings, so we should continue to pay attention to it. I was concerned that it would go on the ever-mounting pile of Donald Trump’s misdeeds and fade from sight. With Nadler subpoenaing the materials behind the report, we will be hearing more about it. Lawfare continues to produce their podcasts. Here are Part II and Part III.
Section III is long. I am going to take it a bit at a time. We are now getting into the part of the report that describes how the Russians interfered in the 2016 election and how the Trump campaign interacted with them.
GRU is the acronym for the Russian-language name of Russia’s military intelligence organization, the Main Intelligence Directorate of the General Staff. The GRU competes in such things with the FSB, Russia’s Federal Security Service, roughly the equivalent of the FBI.
The hacking of computers belonging to various organizations and individuals in the Democratic Party was massive. The purpose was to release the documents in ways that would be damaging to the Democratic Party and the Clinton campaign.
The hacking began in March 2016 and continued into April, targeting
the computers and email accounts of organizations, employees, and volunteers supporting the Clinton Campaign, including the email account of campaign chairman John Podesta. (p. 36)
The computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC) were compromised.
The hacking was carried out by spearphishing. It was hard to find a good definition of spearphishing. Many definitions come from the viewpoint of computer developers, rather than the users that are targeted. For example, the “spear” part indicates a relatively narrow targeting to a particular group of people, in this case the DCCC and DNC.
The FBI has a definition that can be helpful to users. The perpetrators get enough information to design emails that look like they come from a trusted source.
…the victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.
Only one person needed to fall for this to let the Russians into the Democratic Party networks. Twenty-nine computers on the DCCC network and more than 30 on the DNC network, including the mail server and shared file server, were compromised. Malware was implanted to record keystrokes and to download data.
Dissemination of the Hacked Materials (pp 41-48)
The simplicity of the statements in the report indicates a deep set of sources.
The GRU carried out the anonymous release through two fictitious online personas that it created – DCLeaks and Guccifer 2.0 – and later through the organization WikiLeaks. (p. 41)
DCLeaks had Facebook and Twitter accounts. The DCLeaks.com website remained operational and public until March 2017.
Posting of documents began in June 2016. The documents seem to have come from email accounts, including those of an advisor to the Clinton Campaign, a former DNC employee and Clinton Campaign employee, and four other campaign volunteers.
The GRU released through dcleaks.com thousands of documents, including personal identifying and financial information, internal correspondence related to the Clinton Campaign and prior political jobs, and fundraising files and information. (p. 41)
Guccifer 2.0
On June 15, the day after the DNC announced the breach of its network, GRU officers using the persona Guccifer 2.0 created a WordPress blog, posing as a lone Romanian hacker. That same day, the website began to release DNC and DNCC documents, ultimately releasing thousands of them.
Released documents included opposition research performed by the DNC (including a memorandum analyzing potential criticisms of candidate Trump), internal policy documents (such as recommendations on how to address politically sensitive issues), analyses of specific congressional races, and fundraising documents. Releases were organized around thematic issues, such as specific states (e.g., Florida and Pennsylvania) that were perceived as competitive in the 2016 U.S. presidential election. (p. 43)
Later in June, the Guccifer 2.0 persona released documents to reporters and other interested individuals. This continued into August.
Through the Guccifer 2.0 persona, the GRU was in contact with a former Trump campaign member. The member’s identity is redacted because of Harm to Ongoing Matter.
Use of WikiLeaks
In November 2015, Julian Assange emailed WikiLeaks staff to set an anti-Clinton tone for the organization. In March 2016, WikiLeaks released a searchable archive of approximately 30,000 Clinton emails that had been obtained through FOIA litigation. Both actions were before the GRU hacked the DNC and DCCC.
Shortly after the GRU began releasing stolen documents through dcleaks.com in June 2016, DCLeaks contacted WikiLeaks, and WikiLeaks contacted Guccifer 2.0. WikiLeaks wanted their material. The communications were partly hidden, but it is clear that the GRU transferred stolen DNC and Podesta documents to WikiLeaks.
The Office cannot rule out that stolen documents were transferred to WikiLeaks through intermediaries who visited during the summer of 2016. For example, public reporting identified Andrew Müeller-Maguhn as a WikiLeaks associate who may have assisted with the transfer of these stolen documents to Wikileaks. (p. 47)
On October 7, 2016, WikiLeaks released the first emails stolen from the Podesta email account. WikiLeaks released 33 tranches of stolen emails between October 7, 2016 and November 7, 2016, immediately before the election. The releases included private speeches given by Clinton; internal communications; and correspondence related to the Clinton Foundation. WikiLeaks released over 50,000 documents stolen from Podesta’s personal email account.
WikiLeaks and Assange made several public statements about the source of the materials designed to obscure that source. They implied that Seth Rich, a former DNC staff member who was killed in July 2016 and the subject of rightwing conspiracy theorizing, was the source. After the U.S. intelligence community publicly announced its assessment that Russia was behind the hacking operation, Assange continued to deny that the Clinton materials released by WikiLeaks had come from Russian hacking.
The report gives much more detail about how the communications took place.
The second paragraph of the section overview (p. 36) has significant redactions, the reason for which is given as “Harm to Ongoing Matter.” This probably refers to the counterintelligence investigation. Mueller referred to that investigation in his testimony on July 24. Obviously this is justifiable in terms of legal procedure, but we need to know more about that investigation. I’ll write a post about this later in this sequence.
Investigative methods are redacted. This is not important for understanding. Clearly the FBI hacked into the GRU’s communications and materials. That’s all we need to know. A couple of years ago, Dutch intelligence gained access to Russian government computers in 2014 and warned the US about potential hacking of Democratic Party organizations. The operation that provided information to Mueller must have been something like that.
Damned_at_Random
I honestly don’t know what to make of Assange. I’m sure he’s a narcissist, but there is something else going on there – anarchist? sociopath?
( I initially typed antichrist instead of anarchist -oopsie or subconscious truth?)
And thanks again, Cheryl, for doing this.
CCL
Thanks, Cheryl. I bogged down a bit in reading Vol. 2 (work got busy). Your posts help me synthesize the material effectively.
ThresherK
Cheryl, I wanted to thank you for reading the report, as I am not. As CCL mentioned, this is a good summation of the important stuff.
Elizabelle
Yea Cheryl. Thank you. Incidentally, Wednesday is Mr. Mueller’s birthday. I shall be celebrating.
Fair Economist
This was a huge operation. They created a fictitious online persona for Guccifer 2.0, down to looking up buzzphrases, I assume so he wouldn’t have an identifiable “voice”.
And note how they paid for this. Bitcoin. I wonder if the Russians have been involved in propping up Bitcoin?
The attacks on Republicans are suspiciously not discussed. I am convinced they scored on Lindsey Graham, and that’s why he suddenly became a Trumper.
Cheryl Rofer
@Fair Economist: Good point about the Republicans. The intelligence report said they were hacked. Not a single release, though. Not even a sqeak.
piratedan
@Damned_at_Random: I think paid lackey works to describe Assange, same goes for Greenwald…. they set themselves up to be taken in good faith by “the left” and then drop the hammer as if the USA is the penultimate evil (which isn’t true, but the IC has done some less than awesome things in the past, from assassination to government overthrow to sanctioning torture depending upon who was giving the go-ahead) when we find out that essentially nobody is clean, pragmatically speaking.
debbie
@Damned_at_Random:
Would “Media Whore” work for you?
jl
Thanks. From what I’ve read, the Dutch operation provided extraordinarily detailed information on who was involved and methods (every key stroke for some of the operations was tracked). So, would be interesting to know why this information didn’t give the US CI operation the keys to following it in detail and predicting the course of their operations, or stopping them.
jl
@debbie: Were reports of erratic, very opaque, and authoritarian nature of his Wikileaks operation from very early on. The project went bad almost as soon as he launched it.
MomSense
@Damned_at_Random:
It is well established that he is a white nationalist. When Assange ran for Senate in Australia in 2010, he allied his wikileaks party with the Australia First party which is, as you may have guessed, a white nationalist party. He also allied with a pro-gun party.
zhena gogolia
Thanks for this, Cheryl.
spudgun
Thanks so much for this, Cheryl – I like the clarity of your explanations. I appreciate your slogging through for our benefit!
Fair Economist
@MomSense: I didn’t remember that. How was Assange being a white nationalist not in the reporting about Wikileaks?
Yeah, rhetorical question.
MomSense
@Fair Economist:
I think it came out that the RNC and other Republicans, including Graham, were hacked. It wouldn’t make sense for the Russians not to hack the Republicans. That they haven’t released the information tells me it has been leveraged successfully.
Roger Moore
@piratedan:
Both Assange and Greenwald look to me like people who were recruited after they had already started. I think they both started with the kind of ideological distrust of Western governments you describe, and that view led them to accept Russian help in pursuing their goals. Of course once they were snared by Russian intelligence, they couldn’t turn back. This is both because of the threat of blackmail, which everyone tends to focus on, and because their own egos prevented them from accepting that they had been made tools. I’m sure that both Assange and Greenwald continue to tell themselves that they’re the ones using the Russians and not the other way around.
MomSense
@Roger Moore:
I think Snowden was recruited when he was in Switzerland.
karen marie
@piratedan: As long as the Intercept continues to give Greenwald a platform, they can fuck right the fuck off.
joel hanes
@debbie:
And Assange and Greenwald are online.
I so miss Media Whores Online, one of the first explicitly political blog-like things I read.
MomSense
@Fair Economist:
There wasn’t even an appetite here at B-J for that information about Assange. I got a lot of crap from commenters and FPers and called an authoritarian because I never bought the bullshit about wikileaks or Glennwald.
Roger Moore
@jl:
I decided they couldn’t be trusted when their first big leak turned out to have been edited in an attempt to make it more sensational and damaging. An organization can either be dedicated to the truth or to advancing a point of view, but it can’t be both. That editing made it clear that Wikileaks was an ideological organization rather than a truth-telling one, and it’s clear their ideology is off the rails.
stinger
Thank you for continuing this series, Cheryl!
Damned_at_Random
@Fair Economist: @MomSense: Wow, that sure ties some things together. I did not know Ass. was a white nationalist, but that sure explains his willingness to use Wikileaks for the benefit of the Trump campaign.
Mike in NC
We’re slowly cruising to the Orkney Islands, and just put on “Vice”, a movie about one of the worst shitheels in our history (Dick Cheney) before Trump climbed out from under his rock.
Damned_at_Random
@Roger Moore
WikiProjectVeritas
Jim, Foolish Literalist
@MomSense: I remember when Chris Hayes compared Obama, unfavorably, to Nixon over the dread question of metadata, and a couple of FPers here got their tie-dye down out of the attic…. good times
jl
@Roger Moore: There was a big mission statement, and a claim backed up by not much, that said the organization would be transparent and accountable, apart from needed secrecy for the informants. Not sure how much of that was real and how much of it was fraudulent PR. Whatever part of it ever was real, was ignored and destroyed by Assange soon after the launch, and he started running it like a personality cult. It operated on Assange’s mysterious authoritarian say so.
Lapassionara
@Mike in NC: Enjoy the Orkney Islands. Almost like Stonehenge. Very thought provoking.
And the reason the isles became Scottish, when they were originally Danish.
And thank you, Cheryl. I very much appreciate your work on this.
apocalipstick
Thank you for doing this. It is tremendously helpful.
Roger Moore
@Damned_at_Random:
Kind of. The thing is, though, that James O’Keefe has to deceptively edit his footage for it to work because he’s trying to concoct an incriminating video out of a bunch of unincriminating footage. Wikileaks didn’t need to do that. The raw footage was bad enough that it could have stood on its own; the deceptive editing was an effort to make it play better on the news.
Kathleen
@joel hanes: I fondly remember references to “Moron O’Donnell”. Other targets included Howard Fineman, Howard Kurtz, Karen Tumulty, and Joe Klein (?). I so miss that web site.
Damned_at_Random
I doubt that the notion of implying Seth Rich was a Wikileaks source originated with the Russians or Assange. That was a Trump campaign suggestion – Roger Moore would be my first guess
J R in WV
Thanks for this, Cheryl. Helps even those of us who speed read it back when it came out!
MagdaInBlack
Thank you, Cheryl
Damned_at_Random
@<a [email protected]Damned_at_Random: “#comment-7AAARGH364822”>Kathleen: AAARGH. Roger STONE.
I need a nap
Bill Arnold
Argh indeed. FWIW f-ing Roger Stone spread the theory but there is no indication he originated it.
(wikipedia) Murder of Seth Rich
‘Is This Even About Seth Rich at All?’ (May 28, 2017, Olivia Nuzzi)
I don’t have a copy of Roger Stone’s old twitter feed so can’t check, but Roger Stone has said many things (some on camera), almost always pretty carefully.
I am moderately sure (mostly but not entirely intuition) that he knows more about the DNC hacks (etc) than he’s been letting on, but that his comsec was (barely and perhaps by accident) good enough to not get caught, and that he thinks he might be killed if this knowledge were revealed.