Saturday, July 14, 2018

A TRUE BILL: USA v. 12 Russian officers

That’s the big news from yesterday. In the Special Counsel Mueller’s investigation of Russian interference in the 2016 election, the DC Grant Jury indicted 12 Russian military intelligence officers.

Before continuing, it is worth noting that these indictments did not address any complicity by U. S. citizens. But in discussions last night, MSNBC legal, political, and security commentators predicted the next set of indictments to target Americans who knowingly or unwittingly aided and abetted the Russian attack on our election.

Here are excerpts from the indictment. (All are direct quotes except for Scriber’s comments which are italicized.)

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA
INDICTMENT
The Grand Jury for the District of Columbia charges:
COUNT ONE
(Conspiracyto Commit an Offense Against the United States)
In or around 2016, the Russian Federation (“Russia”) operated a military intelligence agency called the Main Intelligence Directorate of the General Staff (“GRU”). The GRU had multiple units, including Units 26165 and 74455, engaged in cyber operations that involved the staged releases of documents stolen through computer intrusions. These units conducted large-scale cyber operations to interfere with the 2016 US presidential election.

Defendants … were GRU officers who knowingly and intentionally conspired with each other, and with persons known and unknown to the Grand Jury (collectively the “Conspirators”), to gain unauthorized access (to “hack”) into the computers of U.S. persons and entities involved in the 2016 U.S. presidential election, steal documents from those computers, and stage releases of the stolen documents to interfere with the 2016 U.S. presidential election.

Starting in at least March 2016,the Conspirators used a variety of means to hack the email accounts of volunteers and employees of the U.S. presidential campaign of Hillary Clinton (the “Clinton Campaign”), including the email account of the Clinton Campaign’s chairman.

By in or around April 2016, the Conspirators also hacked into the computer networks of the Democratic Congressional Campaign Committee (“DCCC”) and the Democratic National Committee (“DNC”). The Conspirators covertly monitored the computers of dozens of DCCC and DNC employees, implanted hundreds of files containing malicious computer code (“malware”), and stole emails and other documents from the DCCC and DNC.

By in or around April 2016,the Conspirators began to plan the release of materials stolen from the Clinton Campaign, DCCC, and DNC.

Beginning in or around June 2016, the Conspirators staged and released tens of thousands of the stolen emails and documents. They did so using fictitious online personas, including "DCLeaks” and “Guccifer 2.0.”

The Conspirators also used the Guccifer 2.0 persona to release additional stolen documents through a website maintained by an organization (“Organization1”),that had previously posted documents stolen from U.S. persons, entities, and the U.S. government. The Conspirators continued their U.S. election-interference operations through in or around November 2016.

To hide their connections to Russia and the Russian government, the Conspirators used false identities and made false statements about their identities. To further avoid detection, the Conspirators used a network of computers located across the world, including in the United States, and paid for this infrastructure using cryptocurrency.

[The indictment then lists the coconspirators, one by one, and their offenses in rather amazing detail. Here is an example.]

Defendant IVAN SERGEYEVICH YERMAKOV (EpMaKOB I/IBaH Cepreeana) was a Russian military officer assigned to ANTONOV’s department within Unit 26165. Since in or around 2010, YERMAKOV used various online personas, including “Kate S. Milton,” “James McMorgans,”and“KarenW.Millen,”to conduct hacking operations on behalf of Unit 26165. In or around March 2016, YERMAKOV participated in hacking at least two email accounts from which campaign-related documents were released through DCLeaks.In or around May 2016, YERMAKOV also participated in hacking the DNC email server and stealing DNC emails that were later released through Organization 1.

[The indictment makes clear the objective of the conspiracy.]

The object of the conspiracy was to hack into the computers of US persons and entities involved in the 2016 US. presidential election, steal documents from those computers, and stage releases of the stolen documents to interfere with the 2016 US. presidential election.

[It also describes in detail the “manner and means.”]

For example, on or about March 19, 2016, LUKASHEV and his co-conspirators created and sent a spearphishing email to the chairman of the Clinton Campaign. LUKASHEV used the account “john356g ” at an online service that abbreviated lengthy website addresses (referred to as a “URL-shortening service”). LUKASHEV used the account to mask a link contained in the spearphishing email, which directed the recipient to a GRU-created website. LUKASHEV altered the appearance ofthe sender email address in order to make it look like the email was a security notification from Google (a technique known as “spoofing”), instructing the user to change his password by clicking the embedded link. Those instructions were followed. On or about March 21, 2016, LUKASHEV, YERMAKOV, and their co-conspirators stole the contents of the chairman’s email account, which consisted ofover 50,000 emails.

[Here is a stunner.]

The Conspirators spearphished individuals affiliated with the Clinton Campaign throughout the summer of 2016. For example, on or about July 27, 2016, the Conspirators attempted after hours to spearphish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton’s personal office. At or around the same time, they also targeted seventy-six email addresses at the domain for the Clinton Campaign.

[That is potentially damning for President Trump. He gave his now infamous invitation to the Russians to release Clinton’s emails on the morning of July 27. See these Times reports here and here for more.]

[The indictment then lists the conspirators’ actions to plant false information using social media.]

On or about June 8, 2016, and at approximately the same time that the dcleaks.com website was launched, the Conspirators created a DCLeaks Facebook page using a preexisting social media account under the fictitious name “AliceDonovan.” In addition to the DCLeaks Facebook page, the Conspirators used other social media accounts in the names of fictitious U.S. persons such as “Jason Scott” and “Richard Gingrey” to promote the DCLeaks website. The Conspirators accessed these accounts from computers managed by POTEMKJN and his co—conspirators.

On or about June 8, 2016, the Conspirators created the Twitter account @dcleaks. The Conspirators operated the @dcleaks Twitter account from the same computer used for other efforts to interfere with the 2016 US. presidential election. For example, the Conspirators used the same computer to operate the Twitter account @BaltimoreIsWhr, through which they encouraged U.S.audiences to“[i]oin our flashmob”opposing Clinton and to post images with the hashtag #BlacksAgainstHillary.

[After describing how all this was paid for, by money laundering using cryptocurrency, the indictment lists direct attacks on the integrity of our voting system. For example:]

In or around October 2016, KOVALEV and his co-conspirators further targeted state and county offices responsible for administering the 2016 US. elections. For example, on or about October 28, 2016, KOVALEV and his co-conspirators visited the websites of certain counties in Georgia, Iowa, and Florida to identify vulnerabilities.

[I have not been able to do justice to the indictment with these select examples. It really is worth your time to read the whole thing.]

No comments:

Post a Comment