by Nomad
Amid the hubbub of Trump's catastrophic NATO meeting and humiliating summit with Vladimir Putin, the indictment of 12 Russian intel officers for the state-sponsored cyber-attack on the US was mostly overlooked. The details found in that indictment reveal the scope and precision of the Mueller investigation.
"Don't Think About This Anymore Again"
Last week, In Helsinki, President Trump was standing shoulder-to-shoulder with Russian President Putin, the man over a dozen intel agencies have fingered as the person behind cyber attacks on the US election.
When Trump was asked directly whether he thought Russia hacked the U.S. election, and he replied that he found Putin’s denial pretty convincing. Unfortunately for Trump, the rest of the world did not.
Putin dismissed the idea that Russia would ever do such a thing with:
Experts in cyber security also point out that there is every reason to believe that the stolen material was doctored for maximum effect. As one CEO of a cyber-security firm noted:
According to the FBI documents, the operation took its next logical step- the release of the stolen materials- in or around April 2016.
Putin dismissed the idea that Russia would ever do such a thing with:
“Please disregard these issues and don’t think about this anymore again."It was a particularly stunning moment, setting off an earthquake in the intelligence community.
Less than a week before Trump was praising Putin, on Friday the 13th, the FBI had, as part of the Mueller investigation, released indictments against 12 Russian Intelligence officers. The officers belonged to the Main Intelligence Directorate of the General Staff (GRU) and it was these units that conducted large-scale cyber operations to interfere with the presidential election.
Deputy Attorney General Rod Rosenstein received minimal media attention but this incredibly detailed indictment is worth a closer look. If it is any indication of the kind of investigative work that Mueller and his team are conducting in the search for Trump collusion, the president -if he is hiding anything- should be extremely frightened.
Follow the Crypto-Money
The most incriminating charges against the Russian operation came from the age-old adage of "following the money trail."
By tracking the Bitcoin- which was used in the online transactions-, investigators were able to link the GRU officers to the first websites where the documents stolen from the Democratic party were dumped.
The same funds were used to set up malicious domains that were used to send spear-phishing emails to the Democratic party. Spear-phishing is "the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information."
In this operation, it was the email accounts of volunteers and employees of the U.S. presidential campaign of Hillary Clinton that were the targets.
It was just before noon in Moscow on March 10, 2016, when the first volley of malicious messages hit the Hillary Clinton campaign. The first 29 phishing emails were almost all misfires. Addressed to people who worked for Clinton during her first presidential run, the messages bounced back untouched.
Except one.
Within nine days, some of the campaign’s most consequential secrets would be in the hackers’ hands, part of a massive operation aimed at vacuuming up millions of messages from thousands of inboxes across the world.
We now know that the hackers were, in fact, Russian intel officers. Yet, there was more to the operation than just stealing documents, according to the indictments. The GRU agents "covertly monitored the computers of dozens of Democratic Congressional Campaign Committee (“DCCC”) and the Democratic National Committee (“DNC”) employees.
Experts in cyber security also point out that there is every reason to believe that the stolen material was doctored for maximum effect. As one CEO of a cyber-security firm noted:
"I've looked at a lot of document dumps provided by hacker groups over the years, and in almost every case you can find a few altered or entirely falsified documents."
In addition, the GRU agents implanted hundreds of files containing malicious computer code (“malware”), and stole emails and other documents from the DCCC and DNC. This malware allowed Russian operatives to monitor DNC employees' activities in real time, capture screenshots and even covertly take photos of their victims.
Timeline
According to the FBI documents, the operation took its next logical step- the release of the stolen materials- in or around April 2016.
That's a very important date, too.
At this time, George Papadopoulos — a foreign policy adviser to the campaign- was reportedly informed that the Russians had “dirt” on Hillary Clinton, in the form of “thousands of emails.”
Although it might be a reference to another site, I think we may safely assume that "Organization 1" is Wikileaks.
Julian Assange, the founder of Wikileaks has insisted that the hacked Democratic emails WikiLeaks published didn't come from Russian intelligence services. At this point, Assange doesn't have much credibility when it comes to Russia. How Wikileaks might or might not relate to the Mueller investigation is anybody's guess.
However, there was one thing they did not hide, The investigators were able to track their every step through the use of crypto-currency like bitcoin.
Apart from the goal of swaying the election results, the aims of this particular operation are, as yet, murky.
Again, what makes the information found in the indictment particularly pertinent is the timeline.
Papadopoulos now admits to various contacts with Russians during his tenure as a Trump adviser in 2016, but the most eyebrow-raising revelation relates to a conversation he had with someone, identified as “the Professor” in the charging document, who he knew had connections to the Russian government. This professor (identified as Joseph Mifsud by the Washington Post) told Papadopoulos that the Russians had “dirt” on Clinton, that “the Russians had emails of Clinton,” and that “they have thousands of emails.”The GRU officers were divulging these documents through fictitious online personas, One of those entities, “DCLeaks,” was a website that was established in June 2016. It was dedicated to publishing leaks of emails belonging to multiple prominent figures in the United States government and military.
Cybersecurity research firms say the site was a front for the Russian cyber-espionage group Fancy Bear, which, most experts believed, had links to the Russian military intelligence agency GRU.
Due to a slip up in March of this year, U.S. investigators discovered fairly conclusive proof that Fancy Bear and the hacker group, “Guccifer 2.0.” were one and the same.
Due to a slip up in March of this year, U.S. investigators discovered fairly conclusive proof that Fancy Bear and the hacker group, “Guccifer 2.0.” were one and the same.
The indictment reads:
The Conspirators also used the Guccifer 2.0 persona to release additional stolen documents through a website maintained by an organization (“Organization 1”), that had previously posted documents stolen from U.S. persons, entities, and the U.S. government.
Julian Assange, the founder of Wikileaks has insisted that the hacked Democratic emails WikiLeaks published didn't come from Russian intelligence services. At this point, Assange doesn't have much credibility when it comes to Russia. How Wikileaks might or might not relate to the Mueller investigation is anybody's guess.
The FBI charged that the Kremlin-sponsored team worked hard to cover their tracks. By using false identities and made false statements about their identities, they avoided detection. In addition, they used VPNs- proxy servers to hide their IP addresses- located across the world, including in the United States.
However, there was one thing they did not hide, The investigators were able to track their every step through the use of crypto-currency like bitcoin.
To facilitate the purchase of infrastructure used in their hacking activity—including hacking into the computers of U.S. persons and entities involved in the 2016 U.S. presidential election and releasing the stolen documents—the Defendants conspired to launder the equivalent of more than $95,000 through a web of transactions structured to capitalize on the perceived anonymity of
cryptocurrencies such as bitcoin.
There are other aspects of Putin's operation that remain a mystery. Perhaps not to the FBI investigators, of course. The cyber-attacks went well beyond stealing damaging information, doctoring it, publicizing it and then bouncing it ad infinitum on social media.
For example, in the section entitled Manner and Means of the Conspiracy, investigators allege that Russian agents searched for weaknesses of state-level election systems, specifically the web domains of state board of elections, secretaries of state, and other election-related entities. The group searched for domain vulnerabilities in key swing states apparently in order to collect valuable intel.
Around July 2016, the group targeted a state board of elections and stole information related to approximately 500,000 voters, including names, addresses, partial social security numbers, dates of birth, and driver’s license numbers.
Furthermore, they hacked into the computers of a U.S. vendor that supplied software used to verify voter registration information for the elections.
Using this information, they then sent over 100 spear-phishing emails- complete with company logo- to organizations and personnel involved in administering elections in numerous Florida counties.
Apart from the goal of swaying the election results, the aims of this particular operation are, as yet, murky.
The Offer is Made
Again, what makes the information found in the indictment particularly pertinent is the timeline.
Less than two months after the hacking, June 3, 2016, to be exact- Donald Trump Jr. was informed over email that the Russian government - delivered from the "Crown prosecutor of Russia"- had incriminating information on Clinton and that it wanted to share with the Trump campaign.
Trump's son was over the moon with the offer. With Jared Kushner and Paul Manafort by his side, Trump Jr. met with several Russians including Russian lawyer Natalia Veselnitskaya at Trump Tower. In the opinion of Bill Browder, Veselnitskaya was an agent of the Russian government.
"She's an agent of Vladimir Putin, and when she went to Trump Tower, she went there on behalf of Vladimir Putin."
That was something Natalia strenuously denied until she finally admitted earlier this year that she was both a lawyer and "an informant." Since 2013, she had been "actively communicating with the office of the Russian prosecutor general."
Even though Trump, Jr. claims he did not take advantage of information offered by Veselnitskaya, and that his father was not aware of the June 9 meeting, on July 27 Trump publicly said that he hoped Russia would “find the 30,000 emails that are missing ... I think you will probably be rewarded mightily by our press.”
According to the latest indictment, this remark set off a new round of attacks.
The conspirators spear-phished individuals affiliated with the Clinton campaign through the summer of 2016. For example, on or about July 27, 2016, the conspirators attempted after hours to spear-phish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton’s personal office. At or around the same time, they also targeted seventy-six email addresses at the domain for the Clinton campaign.
It may not be definitive proof of Trump's collusion but it creeping close to that "shadow of doubt" criteria.
Another aspect of the operation that US intel agencies picked up on. Investigators are sure that Russian hackers attacked both the DNC and the RNC and yet it was only information stolen from the Democratic organizations that was weaponized.
The director of national intelligence James Clapper believes the reason for that is easy to understand. Russian attackers - Russian GRU officers- penetrates some Republican servers but never leaked that information because the goal was expressly intended to help elect Donald Trump.
Anything But Normal
Trump, following the release of the FBI indictments, had his own way of explaining why hackers were focusing on the Clinton campaign. It was the fault of the victims. The Republicans had superior cybersecurity protection.
“The DNC should be ashamed of themselves for allowing themselves to be hacked. They had bad defenses, and they were able to be hacked. I heard they were trying to hack the Republicans, too. But, and this may be wrong, but they had much stronger defenses.”
He added that none of this had anything to do with him. These GRU attacks came before he was even president. In other words, "Blame Obama."
Remarkably, a few days after making those statements, President Trump journeyed to Helsinki where he tweeted that it was the Mueller probe that responsible for the decline in US Relations with Russia and not Kremlin-sponsored interference with US elections. When asked repeatedly to condemn Russian interference, Trump instead chose to deny there was collusion at any level.
As any FBI interrogator would tell you, always be wary when a suspect denies something that hasn't been asked. For his part, Putin couldn't hide his glee.
When a reporter asked him a two-fold question: Did he want President Trump to win the election and did he direct any of his officials to help him do that?
When a reporter asked him a two-fold question: Did he want President Trump to win the election and did he direct any of his officials to help him do that?
"Yes, I did. Yes, I did. Because he talked about bringing the US/Russia relationship back to normal."Last week, as Trump praised Putin while condemning his own intel agencies, the US - Russian relationship seemed anything but normal.
* * *
If you care to read the 29-page indictment, here's the pdf.
