More on this book
Community
Kindle Notes & Highlights
Started reading
April 25, 2019
For example, at the time they were deactivated by Facebook in mid-2017, the IRA’s “United Muslims of America” Facebook group had over 300,000 followers, the “Don’t Shoot Us” Facebook group had over 250,000 followers, the “Being Patriotic” Facebook group had over 200,000 followers, and the “Secured Borders” Facebook group had over 130,000 followers.
The IRA operated individualized Twitter accounts similar to the operation of its Facebook accounts, by continuously posting original content to the accounts while also communicating with U.S. Twitter users directly (through public tweeting or Twitter’s private messaging).
Individualized accounts used to influence the U.S. presidential election included @TEN_GOP (described above); @jenn_abrams (claiming to be a Virginian Trump supporter with 70,000 followers); @Pamela_Moore 13 (claiming to be a Texan Trump supporter with 70,000 followers); and @America_lst_ (an anti-immigration persona with 24,000 followers). 67 In May 2016, the IRA created the Twitter account @march_for_trump, which promoted IRA-organized rallies in support of the Trump Campaign (described below).
U.S. media outlets also quoted tweets from IRA-controlled accounts and attributed them to the reactions of real U.S. persons.
the IRA then sought a U.S. person to serve as the event’s coordinator.
The IRA then further promoted the event by contacting U.S. media about the event and directing them to speak with the coordinator.
The Office identified dozens of U.S. rallies organized by the IRA. The earliest evidence of a rally was a “confederate rally” in November 2015.
The investigation identified two different forms of connections between the IRA and members of the Trump Campaign. (The investigation identified no similar connections between the IRA and the Clinton Campaign.) First, on multiple occasions, members and surrogates of the Trump Campaign promoted—typically by linking, retweeting, or similar methods of reposting—pro-Trump or anti-Clinton content published by the IRA through IRA-controlled social media accounts. Additionally, in a few instances, IRA employees represented themselves as U.S. persons to communicate with members of the Trump Campaign
...more
Trump Campaign affiliates promoted dozens of tweets, posts, and other political content created by the IRA.
These posts included allegations of voter fraud,101 as well as allegations that Secretary Clinton had mishandled classified information.
In all cases, the IRA contacted the Campaign while claiming to be U.S. political activists working on behalf of a conservative grassroots organization.
the investigation has not identified evidence that any Trump Campaign official understood the requests were coming from foreign nationals.
49. The IRA posted content about the Clinton candidacy before Clinton officially announced her presidential campaign. IRA-controlled social media accounts criticized Clinton’s record as Secretary of State and promoted various critiques of her candidacy.
Twitter also reported identifying 50,258 automated accounts connected to the Russian government, which tweeted more than a million times in the ten weeks before the election.
96. See, e.g., @DonaldJTrumpJr 10/26/16 Tweet (“RT @TEN_GOP: BREAKING Thousands of names changed on voter rolls in Indiana. Police investigating #VoterFraud. #DrainTheSwamp.”); @DonaldJTrumpJr 11/2/16 Tweet (“RT @TEN_GOP: BREAKING: #VoterFraud by counting tens of thousands of ineligible mail in Hillary votes being reported in Broward County, Florida.”); @DonaldJTrumpJr 11/8/16 Tweet (“RT @TEN_GOP: This vet passed away last month before he could vote for Trump. Here he is in his #MAGA hat. #voted #ElectionDay.”). Trump Jr. retweeted additional @TEN_GOP content subsequent to the election.
97. @EricTrump 10/20/16 Tweet (“RT @TEN_GOP: BREAKING Hillary shuts down press conference when asked about DNC Operatives corruption & #VoterFraud #debatenight #TrumpB”).
98. @KellyannePolls 11/6/16 Tweet (“RT @TEN_GOP: Mother of jailed sailor: ‘Hold Hillary to same standards as my son on Classified info’ #hillarysemail #WeinerGate.”).
101. @TEN_GOP 10/11/16 Tweet (“North Carolina finds 2,214 voters over the age of 110!!”).
Beginning in March 2016, units of the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU) hacked the computers and email accounts of organizations, employees, and volunteers supporting the Clinton Campaign, including the email account of campaign chairman John Podesta. Starting in April 2016, the GRU hacked into the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC). The GRU targeted hundreds of email accounts used by Clinton Campaign employees, advisors, and volunteers. In total, the GRU stole
...more
The GRU later released stolen Clinton Campaign and DNC documents through online personas, “DCLeaks” and “Guccifer 2.0,” and later through the organization WikiLeaks. The release of the documents was designed and timed to interfere with the 2016 U.S. presidential election and undermine the Clinton Campaign.
Two military units of the GRU carried out the computer intrusions into the Clinton Campaign, DNC, and DCCC: Military Units 26165 and 74455.
Officers from Unit 74455 separately hacked computers belonging to state boards of elections, secretaries of state, and U.S. companies that supplied software and other technology related to the administration of U.S. elections.114
indicating that the later DCCC and DNC intrusions were not crimes of opportunity but rather the result of targeting.116
The GRU spearphishing operation enabled it to gain access to numerous email accounts of Clinton Campaign employees and volunteers, including campaign chairman John Podesta, junior volunteers assigned to the Clinton Campaign’s advance team, informal Clinton Campaign advisors, and a DNC employee.118 GRU officers stole tens of thousands of emails from spearphishing victims, including various Clinton Campaign-related communications.
By no later than April 12, 2016, the GRU had gained access to the DCCC computer network using the credentials stolen from a DCCC employee who had been successfully spearphished the week before.
Approximately six days after first hacking into the DCCC network, on April 18, 2016, GRU officers gained access to the DNC network via a virtual private network (VPN) connection120 between the DCCC and DNC networks.121 Between April 18, 2016 and June 8, 2016, Unit 26165 compromised more than 30 computers on the DNC network, including the DNC mail server and shared file server.
The Arizona-based AMS Panel also stored thousands of files containing keylogging sessions captured through X-Agent. These sessions were captured as GRU officers monitored DCCC and DNC employees’ work on infected computers regularly between April 2016 and June 2016. Data captured in these keylogging sessions included passwords, internal communications between employees, banking information, and sensitive personal information.
Stolen documents included internal strategy documents, fundraising data, opposition research, and emails from the work inboxes of DNC employees.130
The GRU began stealing DCCC data shortly after it gained access to the network. On April 14, 2016 (approximately three days after the initial intrusion) GRU officers downloaded rar.exe onto the DCCC’s document server. The following day, the GRU searched one compromised DCCC computer for files containing search terms that included “Hillary,” “DNC,” “Cruz,” and “Trump.”
over 70 gigabytes of data
The GRU also stole documents from the DNC network shortly after gaining access. On April 22, 2016, the GRU copied files from the DNC network to GRU-controlled computers. Stolen documents included the DNC’s opposition research into candidate Trump.134 Between approximately May 25, 2016 and June 1, 2016, GRU officers accessed the DNC’s mail server from a GRU-controlled computer leased inside the United States.135 During these connections, Unit 26165 officers appear to have stolen thousands of emails and attachments, which were later released by WikiLeaks in July 2016.
The GRU’s operations extended beyond stealing materials, and included releasing documents stolen from the Clinton Campaign and its supporters. The GRU carried out the anonymous release through two fictitious online personas that it created—DCLeaks and Guccifer 2.0—and later through the organization WikiLeaks.
The DCLeaks.com website remained operational and public until March 2017.
On June 14, 2016, the DNC and its cyber-response team announced the breach of the DNC network and suspected theft of DNC documents.
Apparently in response to that announcement, on June 15, 2016, GRU officers using the persona Guccifer 2.0 created a WordPress blog. In the hours leading up to the launch of that WordPress blog, GRU officers logged into a Moscow-based server used and managed by Unit 74455 and searched for a number of specific words and phrases in English, including “some hundred sheets,” “illuminati,” and “worldwide known.” Approximately two hours after the last of those searches, Guccifer 2.0 published its first post, attributing the DNC server hack to a lone Romanian hacker and using several of the unique
...more
That same day, June 15, 2016, the GRU also used the Guccifer 2.0 WordPress blog to begin releasing to the public documents stolen from the DNC and DCCC computer networks. The Guccifer 2.0 persona ultimately released thousands of documents stolen from the DNC and DCCC in a series of blog posts between June 15, 2016 and October 18, 2016.
Released documents included opposition research performed by the DNC (including a memorandum analyzing potential criticisms of candidate Trump), internal policy documents (such as recommendations on how to address politically sensitive issues), analyses of specific congressional races, and fundraising documents. Releases were organized around thematic issues, such as specific states (.e.g....
This highlight has been truncated due to consecutive passage length restrictions.
WikiLeaks, and particularly its founder Julian Assange, privately expressed opposition to candidate Clinton well before the first release of stolen documents. In November 2015, Assange wrote to other members and associates of WikiLeaks that “[w]e believe it would be much better for GOP to win . . . Dems+Media+liberals woudl [sic] then form a block to reign in their worst qualities. . . . With Hillary in charge, GOP will be pushing for her worst qualities., dems+media+neoliberals will be mute. . . . She’s a bright, well connected, sadisitic sociopath.”
As reports attributing the DNC and DCCC hacks to the Russian government emerged, WikiLeaks and Assange made several public statements apparently designed to obscure the source of the materials that WikiLeaks was releasing. The file-transfer evidence described above and other information uncovered during the investigation discredit WikiLeaks’s claims about the source of material that it posted.
On July 27, 2016, Unit 26165 targeted email accounts connected to candidate Clinton’s personal office [# # # # #]. Earlier that day, candidate Trump made public statements that included the following: “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press.”183 The “30,000 emails” were apparently a reference to emails described in media accounts as having been stored on a personal server that candidate Clinton had used while serving as Secretary of State. Within approximately five hours of Trump’s
...more
Unit 26165 officers also hacked into a DNC account hosted on a cloud-computing service [# # # # # # # # # # # # # #]
In addition to targeting individuals involved in the Clinton Campaign, GRU officers also targeted individuals and entities involved in the administration of the elections. Victims included U.S. state and local entities, such as state boards of elections (SBOEs), secretaries of state, and county governments, as well as individuals who worked for those entities.
The GRU also targeted private technology firms responsible for manufacturing and administering election-related software and hardware, such as voter registration software and electronic polling stations.187
By at least the summer of 2016, GRU officers sought access to state and local computer networks by exploiting known software vulnerabilities on websites of state and local governmental entities. GRU officers, for example, targeted state and local databases of registered voters
In one instance in approximately June 2016, the GRU compromised the computer network of the Illinois State Board of Elections by exploiting a vulnerability in the SBOE’s website. The GRU then gained access to a database containing information on millions of registered Illinois voters,189 and extracted data related to thousands of U.S. voters before the malicious activity was identified.
Unit 74455 also sent spearphishing emails to public officials involved in election administration and personnel at companies involved in voting technology.
The Trump Campaign showed interest in WikiLeaks’s releases of hacked materials throughout the summer and fall of 2016.
Gates recalled candidate Trump being generally frustrated that the Clinton emails had not been found.
Paul Manafort, who would later become campaign chairman, [+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +].197 [+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +]198 Michael Cohen, former executive vice president of the Trump Organization and special counsel to Donald J. Trump,199 told the Office that he recalled an incident in which he was in candidate Trump’s office in Trump Tower [+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
...more
