Mueller indicts 12 Russian military intel officers for DNC hacks

Special Counsel Robert Mueller today indicted 12 Russian military officers, part of Russia's GRU military intelligence unit, for hacking into the Democratic National Committee (DNC) systems in an effort to influence the 2016 presidential election. 

The fruits of those break-ins - a trove of documents - were spread under the auspices of Guccifer 2.0 and DCLeaks, according to Deputy Attorney General Rod Rosenstein, who revealed the indictments Friday, which included 11 counts, after a grand jury handed them down. 

Rosenstein said Russian operatives also hacked a state election board and nicked data on 500,000 voters.

The indictments come as President Trump prepares to meet with Russian President Vladimir Putin in Helsinki July 16. Trump who has rebuffed U.S. intelligence showing Russian interference in the election and has decried the Mueller probe as a witch hunt, has said he will again broach the issue of Russia's interference at the Helsinki summit. He has previously said he believes the Russian president's denials that he was behind the country's nefarious cyberactivities. 

“President Trump should cancel his meeting with Vladimir Putin until Russia takes demonstrable and transparent steps to prove that they won't interfere in future elections,” Sen. Chuck Schumer, D-N.Y.,said in a statement, noting that “glad-handing” with Putin in the wake of the indictments “would be an insult to our democracy.”

“It has been clear – even before today – that President Trump was never going to take Putin's attack on our democracy seriously,” said Rep. Bennie G. Thompson, D-Miss., who called Trump “too quick to take Putin's word over the conclusions of our intelligence community, he will never be able or willing to properly confront Putin.” Thompson called for the president “to accept the truth about Putin's actions in the 2016 elections, cancel his meeting with him, and get to work on keeping Russia out of our democracy.”

Rosenstein stressed that there was “no allegation in this indictment that any American citizen committed a crime. There is no allegation that the conspiracy altered the vote count or changed any election result.”

But the indictment did say that on the same day that candidate Trump at a rally called for Russia to hand over Hillary Clinton's emails, Russian operatives “attempted after hours to spearphish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton's personal office.” What's more, “at or about the same time, they also targeted seventy-six email addresses at the domain for the Clinton campaign,” the document said.

The Justice Department explained that the DCLeaks website was established the day before the new infamous Trump Tower meeting between Donald Trump, Jr., and Russian lawyer who promised to provide dirt on Clinton. The indictment said Russian operatives used bitcoin to pay for an influence campaign on DCLeaks.

Noting the indictment is in accordance with the findings of two U.S. Directors of National Intelligence, the Special Counsel's indictment of the Russian Internet Research Agency for an influence campaign and recent Treasury Department sanctions against Russia for “election meddling and breaking into critical infrastructure in cyberspace,” Illumio Head of Cybersecurity Strategy Jonathan Reiber, former chief strategy officer, cyber policy, in the Office of the Secretary of Defense, said it offers a 

“detailed breakdown of the GRU's hacking tactics and capabilities” that shows “how dangerous the Russians are and how important it is for everyone to stay vigilant, verify information sources, and invest in cybersecurity capabilities to prevent breaches from occurring and spreading.”  

The indictment revealed “several interesting insights into the organizations that lie behind the intrusion operators we track,” said FireEye Director of Intelligence Analysis John Hultquist. “In particular, the document indicates that more than one GRU unit was involved in efforts to undermine the elections.” 

One group, Unit 26165, looks a lot like APT28, “the operator who we originally suspected of carrying out the DNC incident,” Hultquist said, while another, Unit 74455, “is implicated in incidents affecting election systems.”

FireEye has “been actively tracking an actor we believe was tied to those incidents, and have found some connection between those incidents and others, such as efforts to target the 2017 French elections, and disruptive attacks on the 2018 Olympics, as well as other incidents,” he said. 

But while much of the group's activity “remains opaque,” Hultquist said, FireEye thinks “GRU organizations have been behind many of the most aggressive incidents in recent memory, including the economically devastating NotPetya attacks and attacks on Ukraine's grid.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.