[ad_1]
Rod J. Rosenstein, Deputy Attorney General, on Friday announced new charges against 12 Russian military intelligence officers accused of hacking the Democratic National Committee, Clinton's presidential campaign and Democratic Congressional Campaign Committee .
Read our main story on the latest indictments in the investigation of Russia . ]
Here are some of the highlights of the indictment of Russian agents and what Mr. Rosenstein said at the announcement Friday.
The key parts of the indictment, annotated.
Analysis by David E. Sanger and Matthew Rosenberg
-
"4. In or about April 2016, the conspirators also hacked the computer networks of the Democratic Congressional Campaign Committee (" DCC ") and the Committee. National Democratic ("CDN") conspirators have secretly monitored the computers of dozens of DCCC and DNC employees, implanted hundreds of files containing malicious code ("malware"), and stolen emails and other documents from the DCCC and DNC 5 Around April 2016, the conspirators began planning the release of stolen documents to the Clinton, DCCC and DNC campaign "
The indictment makes no reference to the previous hack of the DNC by another Russian intelligence agency. This agency just seemed to be spying – it did not publish committee documents or did not participate in the Clinton campaign itself. Mr. Mueller's focus is solely on efforts to influence the election, not to spy on.
-
"7. The conspirators also used the character of Guccifer 2.0 to release additional stolen documents via an Organization-run website (" Organization 1 "), which had previously posted stolen documents to individuals, entities and the United States of America.The conspirators continued their operations of electoral interference in the United States until or about November 2016. "
" Organization 1 "appears to be WikiLeaks. It is not clear why the indictment does not name the organization. And that does not answer the mystery of whether WikiLeaks got the documents directly or through a cut-out – a critical question for those who examine whether there was any connection whatsoever with the Trump campaign.
-
"8 To hide their ties with Russia and the Russian government, the conspirators used false identities and misrepresented their identities.To avoid detection, the conspirators used a network of computers located throughout the world, including the United States, and paid for this infrastructure by using cryptocurrency. "
We know that Russian hackers pretended to be American citizens. know until now that they used cryptocurrency to hide their identities. This is a relatively new addition to traditional ways of falsifying identities.
-
"22. The conspirators harbaded individuals affiliated with the Clinton campaign throughout the summer of 2016. For example, on or about July 27, 2016, the conspirators attempted, for the first time , to open for the first time e-mail accounts used by Clinton's personal office.At the same time, they also targeted 76 e-mail addresses to the estate for the Clinton campaign. "
Hacking of Russia was announced by CrowdStrike, a cybersecurity company, in mid-June 2016. This suggests that the revelation did not slow down the officers of the GRU, the Russian military intelligence agency; they continued their hacking even though they had been exposed. This is consistent with the group's activities when he was caught inside the White House computer systems, where he fought a National Security Agency operation to oust them.
-
"25. On or about April 19, 2016, KOZACHEK, YERSHOV and their co-conspirators remotely configured a foreign computer to relay communications between the X-Agent malware and the AMS panel, and then tested the ability to X-Agent to connect to this computer The conspirators were referring to this computer as an "intermediary server." The intermediary server served as a proxy to hide the connection between the malware at the distribution center and the AMS panel of the conspirators "
This level of detail clearly indicates that the intelligence agencies were inside Russian computers. This could be the N.S.A. – but it could also be Dutch or British action, which was monitoring Russian activity and secretly providing information to the United States. This raises questions about why the United States did not act faster.
-
"33. In response to the efforts of Company 1, the conspirators took countermeasures to maintain access to DC and DNC
on or about May 31, 2016, YERMAKOV searched for open source information about Company 1 and its reports on X-Agent and X-Tunnel On or about June 1, 2016, the conspirators attempted to erase traces of their presence on the site of the DC network using CCleaner computer program. "
Company 1 is CrowdStrike. Countermeasures are similar to the action of G.R.U. when they are caught in the White House system. It also shows an effort to cover the tracks of the group.
-
"35. More than a month before the publication of any document, the conspirators built the online character DCLeaks to publish and publish stolen election documents on or about April 19, 2016, after having attempted To register the domain electionleaks.com, the conspirators registered the domain dcleaks.com via a service that anonymized the reporter. "
This indicates what has long been suspected: that the GRU the agents directly created DCLeaks.
-
"41. On or about June 15, 2016, the conspirators connected to a Moscow-based server used and managed by the 74455 unit and, between 16:19 and 16:56 Moscow time, searched for certain words and phrases. "
It was a day after the public revelation of the hack. It shows that the United States or one of their allies have finally entered Russian servers to gather evidence or have monitored traffic from these servers. [5859012] Although the conspirators caused transactions in various currencies, including US dollars, they mainly used Bitcoin when buying servers, registering domains and other payments in the course of piracy activities. Many of these payments were processed by US-based companies that provided payment processing services to lodging companies, domain registrars, and other providers. both national and international. The use of Bitcoin has allowed the conspirators to avoid direct relationships with traditional financial institutions, allowing them to evade more scrutiny of their identities and sources of funds.
The details of the indictment on the use of Bitcoin by Russians anonymity they provide – have become both a tool and a challenge for intelligence agencies in battles between nation-states. The Bitcoin network allows anyone to move millions of dollars around the world without any meetings in person, and without the financial institutions' approval. For spies, this means days spent secretly trading suitcases full of money.
-
"The conspirators have funded the purchase of computer infrastructure for their hacking activity in part by" mining "Bitcoin.Private individuals and entities can exploit Bitcoin by allowing their computing power to grow. be used to check and register payments on the Bitcoin Public Registry, a service for which they are rewarded with freshly hit Bitcoin.The Bitcoin pool generated from the mining activity of the GRU was used, for example, to pay a Romanian company to register the domain dcleaks.com via a payment processing company located in the United States. "
Spies must get them somewhere, and the Russian intelligence services are not as well funded as their American counterparts. So, in 2016, the Russians have found a new way to secure money – they created it by exploiting their own Bitcoins.
Source link