The special counsel team’s timing is impeccable. Just days before President Trump is scheduled to meet with Vladimir Putin, Robert Mueller’s D.C. grand jury indicted a dozen Russian military intelligence agents on charges they released Clinton campaign “documents stolen through computer intrusions.” The Russians are accused of conducting “large-scale cyber operations to interfere with the 2016 U.S. presidential election.” It puts the president on notice that he can’t ignore the question of election-meddling when he meets Putin in Finalnd.
The indictment at first follows the general contours of what was known as far back as June 2016, when the Washington Post reported that “Russian government hackers penetrated the computer network of the Democratic National Committee…” But it includes copious details—including names and ranks—of the GRU officers who stand accused of organizing and executing the hacks. There is also extensive explanation of the hacks’ nuts and bolts. To spearfish Clinton campaign chairman John Podesta, for example, they sent a phony “security notification” spoofed to look as though it came from Google. Using a “URL-shortening” service, the phishers had condensed a link, hiding the parts of the address revealing it to be that of a “GRU-created website.”
Podesta wasn’t the only Clinton campaign worker tricked by this standard sort of hacking, and by other old-school new-tech tricks too: The “Conspirators created an email account in the name (with a one-letter deviation from the actual spelling) of a known member of the Clinton Campaign),” the indictments says. “The Conspirators then used that account to send spearphishing emails to the work accounts of more than thirty different Clinton Campaign employees.” If the GRU had super-sophisticated online tools and skills, they didn’t need them: The Clinton campaign staffers were easy targets.
Some other basic hacking tricks and tools were used against the Democratic Congressional Campaign Committee and the Democratic National Committee, according to the indictment. Having stolen passwords, the Russian agents put malware on DCCC and DNC machines allowing them to capture keystrokes and screen-shots.
They did all of this using phony online names—the Russians, needless to say, did not identify themselves as military intelligence. But don’t let it be said that the Russkies lacked a sense of humor. Among the fake monikers employed by Lieutenant Captain Nikolay Yuryevich Kozachek, the indictment tells us, was “blablabla1234565.” Also in the can’t-make-this-up file: A number of phony front-emails were maintained by an officer named “Potemkin.”
The hacking went on even after June 2016, when it had been exposed. According to the indictment, late in July 2016 “the Conspirators attempted after hours to spearphish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton’s personal office.” Was Hillary’s email compromised? The indictment doesn’t say.
The Russians leaked stolen materials, the indictment states, through DCLeaks and Guccifer2.0, sites controlled by the conspirators. Guccifer 2.0 was a persona created by the Russian agents “and falsely claimed to be a lone Romanian hacker to undermine the allegations of Russian responsibility for the intrusion.”
The indictment notes that not only did the conspirators release emails stolen from Democrats in 2016, they also “released documents they had stolen in other spearphishing operations, including those they had conducted in 2015 that collected emails from individuals affiliated with the Republican Party.”
One curious thing that jumps out in reading the indictment: Go back to June 14, 2016, when the Post originally reported on the hack (and did so with extensive cooperation from CrowdStrike, “the cyber firm called in to handle the DNC breach”). The headline was “Russian government hackers penetrated DNC, stole opposition research on Trump.” But the fact that oppo research on Trump was sought out by the Russians merits no headline treatment in the indictment; rather, it just gets mention in half of one sentence: “The Conspirators targeted computers containing information such as opposition research and field operation plans for the 2016 elections.”
It is a strangely sotto-voce treatment of a detail that could prove to be significant. The question will at some point have to be answered: What was the Russian pursuit of dirt on Trump evidence of? The act could support the narrative that Russia was out to hurt both campaigns; it could be seen as evidence that Russia was trying to help Trump by doing recon on what the Democrats had; or perhaps it was an effort to get embarrassing or incriminating information on Trump that could be used as kompromat.
The most tantalizing part of the indictment sets out the various communications Guccifer 2.0 had with Americans. For example: “On or about August 15, 2016, the Conspirators, posing as Guccifer 2.0, received a request for stolen documents from a candidate for the U.S. Congress.” The candidate is not identified, nor his or her party.
But what of Team Trump? The indictment presents no evidence or accusation that the GOP candidate reached out for stolen documents. Instead, the Russian agents, pretending to be Guccifer 2.0, did their best, and failed, to draw the campaign into their web. “On or about August 15, 2016, the Conspirators, posing as Guccifer 2.0, wrote to a person who was in regular contact with senior members of the presidential campaign of Donald J. Trump,” the indictment states: “’thank u for writing back…do u find anyt[h]ing interesting in the docs I posted?’” The indictment presents no accusation that this person—identified by the Washington Post as Roger Stone—showed any interest in the Guccifer 2.0 outreach. This, even though the Russian agents kept trying to get this person hooked: “On or about August 17, 2016, the Conspirators added, ‘please tell me if I can help u anyhow…it would be a great pleasure to me.’”
If there had been any significant response to this offer, the special counsel would likely have it, as the investigators have clearly hacked the hackers, gaining extensive access to their communications. Indeed, when the person did respond to Guccifer 2.0, the prosecutors have the email. “On or about September 9, 2016, the Conspirators, again posing as Guccifer 2.0, referred to a stolen DCCC document posted online and asked the person, ‘what do u think of the info on the turnout model for the democrats entire presidential campaign,’” the indictment claims. All the indictment records the targeted person saying in response is “[p]retty standard.”
It’s unlikely that the Russian military intelligence agents will ever stand trial. So why the indictment? At the very least it shows that the special counsel’s team has done a thorough job of getting its hands on hidden details of Russian election-meddling. That bolsters the special counsel’s endeavor. It also sends a warning to anyone who may have communicated with the Russians that lying about it is a bad idea. That assumes Robert Mueller’s team has further emails they are holding in reserve.
If not—if the campaign person’s brush-off of Guccifer 2.0 is the worst the special counsel will be able to show, collusion-wise—then Friday’s indictment would suggest there’s a long way to go to make a case for a Trump/Putin conspiracy.