Summary
Russian Government Interfered in the Election in a Sweeping and Systematic Fashion
| Interference | indicted entities | filing from Justice Dept | Reference to Steele's Dossier |
|---|---|---|---|
| "ACTIVE MEASURES" SOCIAL MEDIA CAMPAIGN Disinformation And Social Media Operations by Troll Farm to: sow discord eventually to interfere the election | 13 individuals and 3 companies: Internet Research Agency (IRA, the troll farm) and other companies to finance it; 12 of agency employee, 1 financier Yevgeny Prigozhin | court filing | [report 80 (6/20/16) allegation 1] [report 80 (6/20/16) allegation x] [report 80 (6/20/16) allegation 5 and 6] [Report 97 (7/30/16) Allegation 4] For more detail, go the section of this post |
| HACKING AND DUMPING OPERATIONS Starting at least 3/10/16, GRU hacked into DNC, DCCC computers to steal Democratic Party and Clinton Campaign emails and information and timed their release and dissemination through GRU's fictitious online personas DCLeaks and Guccifer 2.0. and later via WikiLeaks for maximum political impact | 12 intelligence officers from GRU - Russia's military intelligence service | court filing | [Report 101 (8/10/16) Allegation 1-3] [Report 111 (9/13/16) Allegation 3] [report 130 (10/12/16) Allegation 1-4] For more detail, go the section of this post |
| Additional GRU Cyber Operations: Summer and Fall Operations Targeting Democrat-Linked Victims: | |||
| Additional GRU Cyber Operations: Intrusions Targeting the Administration of U.S. Elections | |||
| Paul Manafort had sent internal Campaign polling data to Kilimnik | Konstantin Kilimnik [Tampering with witnesses in Manafort’s pending case last year, allegedly trying to persuade witnesses to lie to the jury] | court filing |
RUSSIAN "ACTIVE MEASURES" SOCIAL MEDIA CAMPAIGN
[author's note: this section was heavily redacted; most of the Black Out are due to HOM (harmful to onging matter); "active measures" is a term that typically refers to operations conducted by Russian security services aimed at influencing the course of international affairs.]
Structure, Funding And Oversight of Internet Research Agency (IRA)
[heavy Black Out]. the growth of the organization [IRA] also led to a more detailed organization structure.
Internet Research Agency, LLC (IRA) is a Russian organization funded by Yevgeniy Viktorovich Prigozhin and companies he controlled, including Concord Management and Consulting LLC and Concord Catering (collectively "Concord"). [heavy Black Out]. Mikhail Bystrov [general director] and Mikhail Burchik [executive director] leads the management of IRA. [heavy Black Out]. IRA started to hide its funding and activities as early as about 5 years ago. [the rest of the paragraph Blacked Out]. IRA's US operation are part of a larger set of interlocking operation known as "Project Lakhta". [the rest of the paragraph Blacked Out].
Until at least 2/x/18, Yevgeniy Viktorovich Prigozhin [who had tie to Putin]and "Concord" funded the IRA. Prigozhin was sanctioned in 12/x/16. [heavy Black Out]. IRA employees were aware that Prigozhin was involved in the IRA's US operation. [heavy Black Out].
The IRA Targets U.S. Elections
The IRA Ramps Up U.S. Operations As Early As About 5 years ago
IRA US operation sought to influence public opinion through online media and forums. [heavy Black Out]. It consolidated its US operation in a general department internally known as "Translator" and subdivided it into different responsibilities. IRA employees also traveled to the United States on intelligence-gathering missions, lying about the purpose of their trip. Anna Bogacheva and Aleksandra Krylova who received visas entered USA. [heavy Black Out]
U.S. Operations Through IRA-Controlled Social Media Accounts
Dozens of IRA employees - "specialists" - were responsible for operating accounts and personas on different U.S. social media platforms [Facebook, YouTube, Twitter initially; and Tumblr and Instagram later on]. Initially, the IRA created social media accounts that pretended to be the personal accounts of U.S. persons. By early 2015, the IRA began to create larger social media groups or public social media pages that claimed (falsely) to be affiliated with U.S. political and grassroots organizations or fictitious U.S. organizations and grassroots groups In certain cases, the IRA created accounts that mimicked real U.S. organizations. For example, @TEN_ GOP was purported to be connected to the Tennessee Republican Party. [heavy Black Out]
By 2/x/16, Internal IRA documents referred to support for the Trump Campaign and opposition to Clinton: For example [Black Out] "Main Idea: use any opportunity to criticize Clinton and the rest (except Sanders and Trump - we support them" [Black Out]. The focus on the U.S. presidential campaign continued throughout election year. IRA internally reviewed an IRA-controlled Facebook group "Secured Border and criticized it had the "lower number of posts dedicated to criticizing Hillary Clinton" and reminded the Facebook specialist "it is imperative to intensify criticizing Hillary Clinton." IRA employees also acknowledged that their work focused on influencing the US presidential election. [heavy Black Out]
U.S. Operations Through Facebook
IRA Facebook groups covered a range of political issues and included purported conservative groups (with names such as "Being Patriotic," "Stop All Immigrants," "Secured Borders," and "Tea Party News"), purported Black social justice groups ("Black Matters," "Blacktivist," and "Don't Shoot Us"), LGBTQ groups ("LGBT United"), and religious groups ("United Muslims of America").
These IRA accounts published an increasing number of materials supporting the Trump Campaign and opposing the Clinton Campaign. To reach larger U.S. audiences, the IRA purchased over 3,500 advertisements advertisement from Facebook as early as 3/x/16 to explicitly support or oppose a presidential candidate or promoted U.S. rallies organized by the IRA. The first known IRA advertisement explicitly endorsing the Trump Campaign was purchased on 4/19/16. In subsequent months, the IRA purchased dozens of advertisements supporting the Trump Campaign, predominantly through the Facebook groups "Being Patriotic," "Stop All Invaders," and "Secured Borders." Collectively, the IRA's social media accounts reached tens of millions of U.S. persons.
U.S. Operations Through Twitter
IRA twitter accounts were either Individualized accounts or Automated accounts (i.e. bot network)which enabled the IRA to amplify existing content.
Individualized Accounts
This strategy was similar to the operation of its Facebook accounts, by continuously posting original content to the accounts while also communicating with U.S. Twitter users directly (through public tweeting or Twitter's private messaging).
Individualized Accounts used to influence the U.S. presidential election included @TEN_ GOP; @jenn _ abrams ( claiming to be a Virginian Trump supporter with 70,000 followers); @Pamela_Moore13 (claiming to be a Texan Trump supporter with 70,000 followers); and @America:__Ist_ (an anti-immigration persona with 24,000 followers).67 In May 2016, the IRA created the Twitter account @march_for_trump, which promoted IRA-organized rallies in support of the Trump Campaign (described below). Multiple IRA-posted tweets gained popularity and provoked reactions from users and the media. Numerous high-profile U.S. persons, retweetcd or responded to tweets posted to these IRA controlled accounts including Trump Campaign (see this post).
IRA Botnet Activities
[heavy Black Out]
IRA Botnet posted approximately 175,993 tweets, "approximately 8.4% of which were election-related in the ten weeks before the Election.
U.S. Operations Involving Political Rallies
The IRA organized and promoted political rallies inside the United States while posing as U.S. grassroots activists.
IRA used one of its preexisting social media personas to announce and promote the event and then sent direct messages to followers asking them to attend the event. From those who responded, the IRA then sought a U.S. person to serve as the event's coordinator. The IRA then further promoted the event by contacting U.S. media about the event and directing them to speak with the coordinator. The Office identified dozens of U.S. rallies organized by the IRA. The earliest one was on 11/x/15 - a "confederate rally". The IRA continued to organize rallies even after the Election. [heavy Black Out]. From 6/x/16 until the end of the Campaign, almost all of the U.S. rallies organized by the IRA focused on the U.S. election, often promoting the Trump Campaign and opposing the Clinton Campaign. Pro-Trump rallies included three in New York; a series in Florida in 8/x/16; and a series in 10/x/16 in Pennsylvania.
Targeting and Recruitment of U.S. Persons
As early as about 5 years ago, IRA started to recruit US persons across the political spectrum [frequently from those who followed their social media accounts/groups] who could be used to advance its operational goals. Initially recruitment focused on US persons who could amplify there Social Media Campaigns. [next paragraph Blacked Out]. The IRA also recruited moderators of conservative social media groups to promote IRA-generated content, as well as recruited individuals to perform political acts. [the rest of paragraphs Blacked Out]
Interactions and Contacts with the Trump Campaign
go to this post: Trump Campaign's Involvement in Russia's Social Media Campaign
Reference to Steele Dossier (external to Mueller Report)
[report 80 (6/20/16) allegation 1]{general, not specific to Social Media Campaign}
[report 80 (6/20/16) allegation x] Kremlin had been feeding TRUMP and his team valuable intelligence on his opponents, including Democratic presidential candidate Hillary CLINTON, for several years.
[report 80 (6/20/16) allegation 5 and 6],
[Report 97 (7/30/16) Allegation 4]
For more detail, go the section of this post
RUSSIAN HACKING AND DUMPING OPERATIONS
Beginning in 3/10/16, Russian Federation's Main Intelligence Directorate of the General Staff (GRU) hacked the computers and email accounts of organizations, employees, and volunteers supporting the Clinton Campaign. Starting 4/x/16, the GRU hacked into the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC). In total, the GRU stole hundreds of thousands of documents and was released - with timing to maximize the effect - initially through its fictitious online personas, and later through the WikiLeaks.
GRU Hacking Operation Directed at the Clinton Campaign
GRU Units Target the Clinton Campaign
GRU units hacked into DCCC and DNC, as well as email accounts of individuals affiliated with the Clinton Campaign. The websites being targeted include: democrats.org, hillaryclinton.com, dnc.org, and dccc.org. Between 3/10/16 - 3/15/16: GRU appears to have sent approximately 90 spearphishing emails to email accounts at hillaryclinton.com. Starting 3/15/16 GRU began targeting Google email accounts used by Clinton Campaign employees, along with a smaller number of dnc.org email accounts.
Intrusions into the DCCC and DNC Networks
- Initial Access
- By 4/12/16: GRU had gained access to the DCCC computer network [using the credentials stolen from a DCCC employee who had been successfully spearphished the week before.] Over the ensuing weeks, the GRU traversed the network, stealing network access credentials along the way (including those of IT administrators with unrestricted access to the system.
- On 4/18/16: GRU gained access to the DNC network [via a virtual private network (VPN) connection between the DCCC and DNC networks] Between 4/18/16 - 6/8/16 More than 30 computers on the DNC network was compromised, including the DNC mail server and shared file server.
- Implantation of Ma/ware on DCCC and DNC Networks
- types of Malware implanted: X-Agent and X-Tunnel
- To operate X-Agent and X-Tunnel on the DCCC and DNC networks, GRU set up a group of computers outside those networks to communicate with the implanted malware X-Tunnel, allowing GRU to monitor the DCCC and DNC employees' work
- Theft of Documents from DNC and DCCC Networks, including internal strategy documents, fundraising data, opposition research, and emails from the work inboxes of DNC employees
- GRU began stealing DCCC data shortly after it gained access to the network
- 4/15/16 GRU searched one compromised DCCC computer for files containing search terms that included "Hillary," "DNC," "Cruz," and "Trump.
- 4/25/16 GRU collected and compressed PDF and Microsoft documents from folders on the DCCC's shared file server that pertained to the Election
- GRU also stole documents from the DNC network shortly after gaining access
- 4/22/16 GRU copied files from the DNC network to GRU-controlled computers. Stolen documents included the DNC' s opposition research into candidate Trump
- 5/25/16 - 6/1/16 GRU accessed the DNC's mail server, stealing thousands of emails and attachments, which were later released by WikiLeaks 7/22/16
Dissemination of the Hacked Materials
The GRU carried out the anonymous release through fictitious online personas(DCLeaks and Guccifer 2.0) that it created and later through the organization WikiLeaks.
DCLeaks
The GRU began planning the releases at least as early as 4/19/16. 4/19/16 GRU registered the domain dcleaks.com through a service that anonymized the registrant and paid with bitcoin. The dcleaks.com landing page pointed to different tranches of stolen documents. Other dcleaks.com pages contained indexes of the stolen emails. To control access and the timing of releases, pages were sometimes password-protected for a period of time and later made unrestricted to the public
Starting 6/x/16 GRU posted stolen documents onto dcleaks.com. These documents appeared to have originated from personal email accounts (in particular, Google and Microsoft accounts), rather than the DNC and DCCC computer networks. DCLeaks victims included an advisor to the Clinton Campaign, a former DNC employee and Clinton Campaign employee, and four other campaign volunteers.
GRU operated a Facebook page under the DCLeaks to promote releases of materials. GRU also used DCLeaks Facebook account, the Twitter account @dcleaks_, and the email account dcleaksproject@gmail.com to communicate privately with reporters and other U.S. persons, giving certain reporters early access to archives of leaked files by sending them links and passwords to nonpublic pages.
DCleaks.com remain operational until 3/x/17.
Guccifer 2.0
6/x/16, DNC's cyber-response team discovered and announced the Hacking and attributed Russian state-sponsored actors (which they referred to as "Fancy Bear") to be the hacker. On 6/15/16 GRU using the persona Guccifer 2.0 to create a WordPress blog and published its first post, attributing the Hack to a lone Romanian hacker.
On the same day 6/15/16: Guccifer 2.0 Blog was used to begin releasing stolen DNC and DCCC documents.
- Between 6/15/16 and 10/18/16, thousands of stolen documents were released in a series of blog posts. Released documents included opposition research, internal policy documents, analyses of specific congressional races, fundraising, specific states (e.g., Florida and Pennsylvania).
- 6/x/16, documents were released directly to reporters and other interested individuals as well. The fact that - Password and link to a locked portion of the dcleaks.com website were sent to a reporter (in email) from Guccifer persona - indicate that both personas were operated by the same or a closely-related group of people.
- The GRU continued its release efforts into 8/x/16
- 8/15/16 sent a candidate for the U.S. Congress documents related to the candidate's opponent.
- 8/22/16 transferred approximately 2.5G of Florida-related data stolen from the DCCC to a U.S. blogger covering Florida politics
- 8/22/16 sent a U.S. reporter documents stolen from the DCCC pertaining to the Black Lives Matter movement.
Contacts with Trump Campaign was identified: GRU used the persona to contact with [name was Blacked Out], a former Trump Campaign member. [Black Out: HOM].
- In 8/x/16: Guccifer twitter account was suspended but was reinstated. Guccifer twitter account was used to send DM (direct private message) - "thank u for writing back ... do u find anyt[h]ing interesting in the docs i posted?".
- 8/17/16: the GRU added, "please tell me if i can help u anyhow . .."
- 9/9/16 [referring to a stolen DCCC document posted online] "what do u think of the info on the turnout model for the democrats entire presidential campaign." Trump Campaign [name Blacked Out] responded, "pretty standard."
Use of WikiLeaks
This area of the Mueller Report sets the Context and Background for Loose Collusion between Trump Campaign and Russia. It was reviewed in this relevant post as the 'Introduction', precede section III.D - Trump Campaign and the Dissemination of Hacked Materials
Reference To Steele Dossier (external to Mueller Report)
[Report 101 (8/10/16) Allegation 1-3] Sergei IVANOV 's assessment on impact and results of Kremlin intervention in the Election to date [8/x/16]: It remained technically deniable that Kremlin was behind the hacking operation and the leaked DNC/CLINTON e-mails, therefore No new leaks to be envisaged, but rather further exploitation of (WikiLeaks) material already disseminated to exacerbate divisions to spread rumors and misinformation about the content of what already had been leaked and make up new content.
[Report 111 (9/13/16) Allegation 3] Russians do have further 'kompromat' on CLINTON (e-mails) and considering disseminating it after Duma (legislative elections) in late September.
[report 130 (10/12/16) Allegation 1-4] a stream of further hacked CLINTON material already had been injected by the Kremlin into compliant western media outlets like WikiLeaks, which remained at least "plausibly deniable", so the stream of these would continue through October and up to the election.
For more detail, go to the section of this post
Additional GRU Cyber Operations
At the same time of the Release Operation, GRU officers continued to target and hack victims linked to the Democratic campaign and, eventually, to target entities responsible for election administration in several states.
Summer and Fall 2016 Operations Targeting Democrat-Linked Victims
- GRU targeted and hacked for the first time Clinton's personal office: on 7/x/16, GRU targeted email accounts connected to Clinton's [name Blacked Out]. [Within about 5 hr.s on the day after Trump made the public request to Russia to find the 30, 000 email on Clinton's private email server], they created and sent malicious links targeting 15 email accounts at the domain [domain name Blacked Out] including an email account belonging to Clinton aide [name: Blacked Out].
- GRU targeted and hacked DNC account hosted on a cloud-computing service [identity name Blacked Out]: on 9/20/16 GRU hacked into DNC cloud based account to steal the 'snapshots' (backups copies of about 300G of DNC data)
- U.S. state entity: state boards of elections (SBOEs), secretaries of state
- targeted databases of registered voters - on 6/x/16, GRU compromised the computer network of the Illinois State Board of Elections and gained access to registered Illinois voters
- 7/x/16: scanned state and local websites for vulnerabilities on websites of more than dozens of states
- Local entities - county governments
- 11/x/16: sent spear-phishing emails to over 120 email accounts used by Florida county officials who administer the election
- Private technology firms who manufacture and administer election-related software and hardware [voter registration software and electronic polling stations]
- 8/x/16: targeted employees of a voting technology company [name not disclosed]
No comments:
Post a Comment