A mountain of evidence points in one direction: Russia sought to sway the 2016 US election
A mountain of evidence points in one direction: Russia sought to sway the 2016 US election
WASHINGTON â" For two years, cybersecurity researchers, spies and federal prosecutors have laid out a stunningly thorough chain of evidence to support one simple conclusion: The Russian government sought to sway the 2016 presidential election.
Federal agents have traced data and currency trails across continents, revealed inside knowledge of Russian spiesâ computer network, and quoted the private emails of employees at a Russian internet firm working to influence voters. Cybersecurity researchers analyzed malware and followed clues buried in the details of stolen emails.
Those disclosures have left an unusually detailed public view of Russians' wide-ranging campaign to persuade and divide voters in the months before the presidential election. While the gover nment sometimes shares its conclusions about national security threats, rarely does it take the risk of revealing so much of its evidence to the world.
âItâs unprecedented, both the activity thatâs outlined and the fact that weâre privy to so much information,â said John Carlin, a former chief of the Justice Departmentâs National Security Division.
And it remains widely disbelieved.
As recently as July, about a quarter of voters said they thought there was âno Russian interference in the 2016 election,â according to an NPR/Marist poll.
President Donald Trump has long equivocated on the question. Last month, standing beside Vladimir Putin, he said the Russian president had been "extremely strong and powerful" in his denial of election interference and cast doubt on the work of U.S. intelligence agencies. Days later, Trump clarified his remarks and said he believed the government's conclusions, but then suggested after that on Tw itter that the notion of Russian interference "is all a big hoax."
Meanwhile, warning signs are pouring in that Russians might similarly target this year's midterm elections. Facebook said in July it had detected a sophisticated and secretive political influence operation. And Sen. Claire McCaskill, D-Missouri, said Russian hackers had unsuccessfully targeted her campaign's computers. Director of National Intelligence Dan Coats warned Thursday that spy agencies "continue to see a pervasive messaging campaign by Russia to try to weaken and divide the United States."
The most detailed disclosures about Russia's intervention in 2016 were a product of Muellerâs investigation. His office has so far brought criminal charges against 12 Russian intelligence officers and 13 other Russian nationals (plus three private businesses) over what he alleged were illegal attempts to involve themselves in the presidential election.
The Justice De partment has used similar indictments in the past to respond to cyber attacks from foreign military forces; it also has brought cases against Chinese and Iranian officers. The charges offer a way for the government to say publicly that it knows what happened and who did it, and to alert the world that it is watching. Each indictment comes at a cost â" any information the government reveals in court also risks compromising the tools officials used to gather it. But officials said the trade-off is sometimes worth it because it can help lessen new threats.
âOne of the things we ought to be doing, ought to be trying as a country, is to develop some real antibodies to the virus that the Russians have tried to introduce into the body politic,â said David Kris, a former National Security Division chief and a founder of Culper Partners. âThatâs especially well met with public disclosure.â
For all that is known, officials say there is more that remains secret. Official s won't say what that evidence is, because it remains classified, but they've given hints about the surveillance tools that informed their conclusions.
Adm. Mike Rogers, then the director of the National Security Agency, told lawmakers last year the laws authorizing the government to eavesdrop on foreign targets had been âinstrumentalâ to its ability to gather intelligence on Russian actors targeting the election.
âIn the intelligence world, itâs as incontrovertible as it can get,â said Rep. Adam Schiff, D-Calif., the top Democrat on the House intelligence committee.
That central conclusion â" that Russia sought to interfere in the 2016 election â" has become a rare point of agreement among political factions in Washington who seem to agree on little else. The FBI, CIA and National Security Agency concluded in a rare public assessment in early 2017 that Putin âordered an influence campaign in 2016 aimed at the US presidential election,â a nd that he did so in part to help elect Trump.
Republicans and Democrats on the Senate intelligence committee unanimously backed that conclusion this year. Their Republican House counterparts also backed the conclusion that Russia conducted a âmalign influence campaignâ before the election, though it disputed Moscowâs motives.
Here are the threads that led to that conclusion:
THE FIRST DATA TRAILS
The Democratic National Committee revealed in June 2016 that hackers had compromised their computers and gained access to internal emails and the opposition research they had amassed on Trump. CrowdStrike, the company the DNC hired to investigate the intrusion, quickly said it had traced the intrusion to Russian government hackers.
Hackers similarly breached the Democratic Congressional Campaign Committee and Hillary Clintonâs presidential campaign.
Cybersecurity researchers quickly saw clues pointing to Moscow, particularly when the stolen fil es began appearing online.
For one thing, data embedded in the files showed that they had been edited by someone whose computer had Russian language settings. The malicious software that had been implanted on the DNCâs servers bore striking similarity to programs used in previous attacks that other governments had said were carried out by the Russians. Malware often forces infected computers to communicate with machines elsewhere on the internet, to receive commands and steal information. Researchers found the malware on the DNC network was communicating with the same computers as malware that had been used against the German parliament.
Researchers at SecureWorks studied emails stolen from Clintonâs campaign manager John Podesta and found another clue. Among the emails eventually published by the anti-secrecy group WikiLeaks was the original message that was thought to have tricked Podesta into revealing his password, a technique called "spear phishing" that's widely used by criminals to trick people into revealing bank or email passwords. Researchers followed the link in that email to the link-shortening service Bitly and found that whoever had created the link in Podestaâs email had created thousands of links to target other email accounts, including those of many people working for the Clinton campaign.
By itself, none of that is conclusive, said Matt Tait, a cybersecurity fellow at the University of Texas at Austin and former information specialist for the United Kingdomâs signals intelligence agency. But taken together, âyou end up with a huge body of evidence,â he said.
RUSSIAN HACKERS INDICTED
Prosecutors working for Mueller offered more details on the hacking in July, when a grand jury indicted 12 Russian intelligence officers for breaking into Democratic political organizations to steal troves of internal records that they then made public.
The 29-page indictment hinted at the depth of the information the government assembled about the hacking campaign.
Prosecutors named 12 officers in Russiaâs military intelligence service, known as the GRU. They detailed where the officers worked, who was in charge, and which ones sat at the keyboard as particular parts of the hacking operation were carried out. They alleged that one officer, Ivan Yermakov, assigned to one of the service's hacking units, started probing the DNCâs networks in March 2016. They said a different officer in the same unit, Aleksey Lukashev, composed the âspearphishingâ emails that obtained Podestaâs password.
Prosecutors also hinted at still broader knowledge. They described the computer network through which hackers moved documents stolen from the DNC and DCCC. They detailed the dates on which hackers activated specific parts of their malware, which recorded usersâ keystrokes and took digital pictures of what was on their screens. And they logged the sear ch terms on a Russian computer server used by a separate Russian intelligence group in charge of leaking the stolen emails.
âThat is incredibly detailed. Theyâve given a lot away,â said Mary Carney, a former Justice Department lawyer. Prosecutors arenât required to share that level of detail to bring a criminal case, âbut the point is telling the story,â she said.
Muellerâs office did not say how the government gathered that information. Tait said some of it â" particularly details about some of the searches the officers carried out â" was so specific that it likely required real-time surveillance of the Russians' computer networks.
A spokesman for Muellerâs office declined to comment.
âThe level of specificity was pretty remarkable,â said Sen. Mark Warner, D-Va., the top Democrat on the Senate intelligence committee. âThere is an important education function, honestly. Not to relitigate 2016 but just to point out the fact that we âre still vulnerable.â
THE SOCIAL CAMPAIGN
Prosecutors offered a similarly detailed assessment in February of Russian nationals and businesses, some with ties to the Kremlin, that orchestrated a social media operation that appeared in millions of Americansâ Facebook and Twitter feeds as the 2016 campaign entered its final months.
A grand jury charged that 13 Russian nationals and three businesses sought to âinterfere with the U.S. political and electoral processes.â The indictment included the names of low-level employees who worked for one of the companies, the St. Petersburg-based Internet Research Agency, who churned out social media posts preying on Americans' political divisions.Officials saw little need to guess at their motives; they quoted internal communications in which the company said its goal was to âspread distrust toward the candidates and the political system.â
Prosecutors tracked the PayPal accounts the company used to pu rchase social media ads, sometimes using the stolen identities of real Americans. (A California man separately pleaded guilty to trafficking in the stolen names.) They detailed visits by Internet Research Agency workers to the United States, and contacts with âunwitting members, volunteers and supporters of the Trump campaign.â
They identified the specific Facebook ads the company had placed. (Democrats on the House intelligence committee released an archive of all 3,500 this year, revealing an effort largely focused on dividing Americans along racial lines.) And they knew how the company tracked its posts to see which messages were hitting their mark.
More: We read every one of the 3,517 Facebook ads bought by Russians. Here's what we found
Prosecutors also revealed the government had been reading more than a year's worth of the Russiansâ internal messages and private emails. In one, sent in February 2016, managers at the Internet Research Agencyadmonished their workers to âuse any opportunity to criticize Hillary and the rest (except Sanders and Trump â" we support them).â
A year and a half later â" long after U.S. intelligence agencies and cybersecurity researchers mapped the trail back to Russia â" the company seemed aware that the Americans knew what it was doing. âWe had a slight crisis here at work,â one of the workers, Irina Kaverzina, said in an email to a relative in September 2017, âthe FBI busted our activity (not a joke)."
Federal agents obtained a copy of the email.Read or Share this story: https://usat.ly/2Kp6jIASource: Google News Russia | Netizen 24 Russia