And in using a Bitly account to automate the shortened links sent out to targets of their email-phishing scheme, the GRU left an investigative gold mine: a vast target list of more than 10,000 potential victims’ email addresses.Īmerican spies could even watch the Russian spies trying, in vain, to cover their tracks, likely in real time. The Russians weren’t even particularly careful: WikiLeaks and the Russians officers, in a major cock-up, encrypted the hacked emails, but did not encrypt the details of their collaboration. Mueller’s team did exactly that, reconstructing how, when and how frequently Russian intelligence officers communicated with WikiLeaks, which they used as an outlet for the stolen material. Third-party platforms including Google, Twitter and the link-shortening service Bitly were convenient and reliable for Russian hackers, but they could also be subpoenaed. Cryptocurrency payments-the kind the Russians used to pay for registering the site and their VPN-were neither as anonymous nor as secure as the GRU thought they would be. The Russian spies, for example, reused a specific account for a virtual private network (a purportedly secure communication link) to register deceptive internet domains for the DNC hack, as well as to post stolen material online under the Guccifer 2.0 front. The complexity of high-tempo, high-volume hacking campaigns means that attackers can make myriad mistakes Mueller’s latest indictments reveal just how successful American investigators have been at exploiting those repeated errors and uncovering more and more information about what Russia did.
With help from the broader intelligence community, the FBI was able to piece all these details together into the bigger picture of the GRU’s vast hacking effort. None of this information could have possibly come from any DNC server. They found that the GRU officers secretly surveiled an empoyee of the Democratic Congressional Campaign Committee all day in real time, including spying on “her individual banking information and other personal topics.” They showed that “Guccifer 2.0,” the supposed lone hacker behind the DNC hack, was in fact managed by a specific GRU unit, and even reconstructed the internet searches made within that unit while a GRU officer with shoddy English skills was drafting the first post as Guccifer 2.0. The FBI and Robert Mueller’s investigators discovered when and how specific Russian military officers logged into a control panel on a leased machine in Arizona. And the latest indictments are rich with details that likely come from intercepting command-and-control boxes (in effect, bugging those getaway cars) and have nothing to do with physical access to the DNC’s servers. Investigators want access to the attack infrastructure-the equivalent to a chain of getaway cars of a team of burglars. (Besides, there wasn’t just one server, but 140.)Īn advanced investigation of an advanced hacking operation requires significantly more than just access to servers. By physically handing over a server to the FBI as Trump suggested, the DNC would in fact have destroyed evidence. It’s the difference between watching a house over time, carefully noting down who comes and goes and when and how, versus handing over a key to a lonely boarded-up building. Live hard drive and memory snapshots of blinking, powered-on machines in a network reveal significantly more forensic data than some powered-off server removed from a network. For the purposes of an investigation of this type, images are much more useful than handing over metal and hardware, because they are bit-by-bit copies of a crime scene taken while the crime was going on. And a close read of it all shows why Trump’s “DNC didn’t give the server to the FBI” conspiracy theory makes no sense.įirst off, CrowdStrike, the company the DNC brought in to initially investigate and remediate the hack, actually shared images of the DNC servers with the FBI. The FBI named-and-shamed two specific GRU units, their commanding officers and 10 subordinate officers while revealing stunning details of Russia’s hacking tradecraft. The indictment is historically unprecedented in scope and detail. election, including by hacking into the DNC. Three days earlier, special counsel Robert Mueller published an indictment of 12 officers from the GRU, the Russian military intelligence service, for interfering in the 2016 U.S. Trump’s view is unmoored from reality in several ways.