Malware, spearphishing, and phony identities — indictment provides details of Russian hacking conspiracy
It was a well-planned, high-tech, and ultimately successful cyber-operation, carried out by the military intelligence agency of a major country.
Not a spy novel or movie, but the real thing.
That’s the picture that the Justice Department painted in an indictment of 12 Russian intelligence officers for allegedly hacking into Democratic computers — and stealing information from a state election board — during the 2016 US presidential election.
Here are some of the highlights of the allegations, which add more details to the emerging picture of how Russia attempted to sway the election in favor of Republican President Trump:
■ All those indicted were members of the GRU, the Russian military intelligence agency. They were members of either Units 26165 or 74455 of the agency, which conducted “large-scale cyber operations” to meddle with the election. The indictment alleges they conspired “with persons known and unknown to the Grand Jury.”
■ The GRU officers hacked into the e-mail accounts of volunteers and employees of the Hillary Clinton campaign, including the chairman.
■The GRU officers made their first attempt to hack e-mail accounts at “a domain hosted by a third-party provider and used by Clinton’s personal office” on the same day Trump made the stunning statment at a campaign rally, “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” in reference to e-mails Clinton had deleted.
■ The GRU officers also hacked into the computer networks of the Democratic Congressional Campaign Committee and the Democratic National Committee, monitoring the computers of dozens of committee employees, implanting hundreds of files containing malware, and stealing e-mails and other documents.
■ They staged and released tens of thousands of stolen e-mails and documents.
■ They released the materials by creating fictitious online personas, including “DCLeaks” and “Guccifer 2.0.” They also released material through a website maintained by “Organization 1,” which was not named.
■ They used a network of computers in the United States and other countries and paid for the infrastructure using the cryptocurrency bitcoin. Some of the bitcoin was produced by bitcoin mining.
■ They used false identities as part of their operations, such as “Kate S. Milton,” “James McMorgans,” and “Karen W. Millen.”
■ They employed a technique called “spearphishing,” in which a bogus e-mail is sent to someone to trick them into revealing confidential information. They targeted more than 300 people affiliated with the Clinton campaign, the DCCC, and the DNC.
■ They stole gigabytes of data from DNC and DCCC computers.
■ After the DCCC and DNC became aware of their activities around May 2016, they took countermeasures to retain their access.
■ Guccifer 2.0 received and fulfilled a request for stolen documents from a US congressional candidate, who was not named. It contacted reporters. It also corresponded with a person who was in regular contact with senior members of the campaign of Donald Trump.
■ The intelligence officers hacked the website of a state election board and stole information on about 500,000 voters, including names, address, partial Social Security numbers, birth dates, and driver’s license numbers.
■ They visited the websites of counties in Georgia, Iowa, and Florida to identify election vulnerabilities.
■ They also hacked into a vendor that supplied software used to verify voter registration information. Using an e-mail account designed to look like it came from the vendor, they sent more than 100 spearphishing e-mails to organizations and people involved in administering elections in Florida counties.