The U.S. Justice Department on Friday announced new charges against 12 Russian military officers accused of interfering in the 2016 U.S. presidential election by hacking into computers and stealing confidential documents, which they later allegedly disseminated to the public.
The charges were announced at a press conference by U.S. Deputy Attorney General Rod Rosenstein and arrive just three days before President Donald Trump’s upcoming summit with Russian President Vladimir Putin in Helsinki, Finland.
According to the indictment, the defendants, using spear phishing attacks, targeted over 300 individuals associated with the Hillary Clinton campaign, the Democratic National Committee (DNC), and the Democratic Congressional Campaign Committee (DCCC). The defendants further sought to identify technical vulnerabilities in the networks of Democratic operatives and eventually hacked into the DNC through access obtained in the DCCC network, according to the DOJ.
“The defendants hacked into computer networks and installed malicious software that allowed them to spy on users and capture keystrokes, take screenshots, and exfiltrate or remove data from those computers,” Rosenstein said.
“The defendants covertly monitored the computers, implanted hundreds of files containing malicious computer code, and stole emails and other documents,” he added.
According to the indictment, the conspirators constructed the online persona of DCLeaks for the purpose of publicizing stolen election-related documents and also created the persona Guccifer 2.0, who falsely claimed to be a lone Romanian hacker. Both personas were, the DOJ says, created and controlled by the GRU, Russia’s military intelligence directorate.
The indictment notes that Guccifer 2.0 was in “regular contact” with “senior members of the presidential campaign of Donald J. Trump.” The release of the stolen documents was timed, the indictment says, to “heighten their impact on the 2016 U.S. presidential election.”
Trump has repeatedly questioned the U.S. intelligence community’s assertions that Russian operatives meddled in the 2016 election.
The new joke in town is that Russia leaked the disastrous DNC e-mails, which should never have been written (stupid), because Putin likes me
— Donald J. Trump (@realDonaldTrump) July 25, 2016
Among the attacks on the Clinton campaign, the indictment alleges that on July 27, 2016, the Russians attempted “for the first time” to spear phish email accounts “used by Clinton’s personal office,” which were hosted by an unnamed third-party provider. July 27 is also the date that President Trump famously called on Russia to hack Clinton, saying at a televised press conference: “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing.”
At the same time, the indictment says, the Russians “also targeted seventy-six email addresses at the domain for the Clinton campaign.”
While the indictment does not charge any Americans with crimes, it does allege that a candidate for U.S. Congress contacted the Russians posing as Guccifer 2.0 and requested access to stolen documents. “The Conspirators responded using the Guccifer 2.0 persona and sent the candidate stolen documents related to the candidate’s opponent,” the indictment says.
The conspirators are said to have funded the hacks in part by mining bitcoin. The indictment alleges, for instance, that the Russian GRU used bitcoin it mined to pay a Romanian company to register the domain dc.leaks, which was used to leak confidential Democratic Party documents. The conspirators also purchased bitcoin through peer-to-peer exchanges, by moving funds through other digital currencies, and using pre-paid cards, the indictment says.
The pool of funds amassed by the conspirators were used, the indictment says, “to purchase key accounts, servers, and domains used in their election-related hacking activity.”
“In addition to releasing documents directly to the public, the defendants transferred stolen documents to another organisation that is not identified by name in the indictment,” Rosenstein said, in an apparent reference to WikiLeaks, “and they used that organisation as a pass-through to release the documents.” WikiLeaks published stolen DNC documents in the summer leading up to the 2016 presidential election.
The named defendants are Viktor Borisovich Netyksho, Boris Alekseyevich Antonov, Dmitriy Sergeyevich Badin, Ivan Sergeyevich Yermakov, Aleksey Viktorovich Lukashev, Sergey Aleksandrovich Morgachev, Nikolay Yuryevich Kozachek, Pavel Vyacheslavovich Yershov, Artem Andreyevich Malyshev, Aleksandr Vladimirovich Osadchuk, and Aleksey Aleksandrovich Potemkin.
In response to the indictment, Sen. Mark Warner, vice chairman of the Senate Intelligence Committee, called on the president and his allies to “cease and desist from calling the Mueller investigation a ‘witch hunt.’”
Warner continued: “Going forward, there should be no one-on-one meeting between this president and Mr. Putin. There needs to be other Americans in the room,” adding that if the president and his team were not willing to make the indictment a “top priority” at the Helsinki meeting, “then this summit should be cancelled.”
Earlier this year, Mueller indicted 13 Russian individuals and three Russian companies accused of involvement in a criminal scheme to interfere with the 2016 election, including the Internet Research Agency, a notorious St. Petersburg-based troll farm.
To date, the special counsel’s office has revealed 23 indictments and obtained five guilty pleas from individuals associated with, or linked to, the Donald Trump campaign.