Details of the investigation of Muller: how the GRU tried to hack the American elections

On Friday, July 13, the office of Special Prosecutor Robert Muller made new accusations of investigating Russian interference in the American election against 12 of employees of the two parts of the Main Intelligence Directorate. Russians are accused of multi-level hacking of computer systems, theft of documents and personal data.

Фото: Depositphotos

BBC Russian Service collected all available information about 12 employees of the Central Intelligence Agency, who are accused of interfering in the American elections. The Russian Foreign Ministry claims that all evidence is indirect, and the prosecution is not based on anything substantial.

12 GRU staff

Victor Netyksho - Russian intelligence officer assigned to unit 26165. It is located in Moscow at the address: Komsomolsky Prospekt, 20. It is also known from open sources that Netyksho defended his thesis in 2003 on the topic “Recovery of parameters of discrete devices based on reestimation of probabilities using real threshold ratios." The title page indicates military unit 26165.

In 2010, he was an official opponent in defending his dissertation at the Faculty of Applied Mathematics of the Institute of Cryptography, Communications and Informatics of the Academy of the FSB of Russia. Topic: “Models and tools for identifying threats of information security violations of standard mechanisms for detecting hidden information impacts in the kernel of OC WINDOWS.” This scientific work can be purchased on the Internet for 450 rubles.

In the 2016 year, according to the American investigation, a part of the GRU, in which Netyksho was listed, was engaged in hacking into computers of the National Democratic Committee, the Congress Committee of the US Democratic Party, and the electronic mailing addresses of people associated with Hillary Clinton.

Boris Antonov - Major of the Main Intelligence Directorate, also assigned to unit 26165. The unit had a unit led by Major Antonov. His clients specialized in military, political, governmental and non-governmental organizations, whose employees became victims of so-called spear phishing or online fraud aimed at obtaining confidential data of specific clients.

Antonov led the operation to hack the National Democratic Committee, the Committee on the Election of the Congress of the US Democratic Party, as well as the e-mail addresses of people associated with Hillary Clinton, the investigation confirms.

Ivan Ermakov - GRU officer with the rank of senior lieutenant, subordinate to Boris Antonov. Since 2010, he has created many fictional characters - Kate S. Milton, James McMorgans, Karen W. Millen. Subsequently used during many GRU hacking operations.

In March, 2016, Yermakov took part in the hacking of at least two electronic mailboxes. Documents stolen from them were then published on DCLeaks.com. In May 2016, Yermakov also took part in hacking the servers of the National Democratic Committee and stealing NDK documents.

Alexey Lukashev - senior lieutenant, subordinate to Boris Antonov. He “led” two fictitious persons - Dan Katenberg and Yuliana Martynova. In 2016, he sent fraudulent messages to members of the Hillary Clinton campaign and her campaign manager, John Podesta. Using this type of phishing, he obtained their personal information.

Sergey Morgachev - Lieutenant Colonel of Military Intelligence, also assigned to unit 26165. He led a department whose main specialization was writing code for hacking computers, including the X-agent hacking tool used by the GRU. During the hacking of the computers of the Democratic National Committee and the Democratic Congressional Committee, he was responsible for introducing and “grafting” a malicious virus into them.

Nikolay Kozachek - Lieutenant of the Russian army, subordinate to Morgachev. He used several nicknames, including kozachek and blablabla1234565. The lieutenant developed, improved and configured the X-agent spy program, with the help of which the Democrats' computers were hacked.

Pavel Ershov - Morgachev’s subordinate, Russian army officer. He and Kozachek set up and tested the X-agent code before using it.

Artem Malyshev - he's djangomagicdev, realblatr. Junior Lieutenant, subordinate Morgachev. In 2016, he followed the work of a malicious virus when it was already embedded in the computers of the Democratic leadership.

Alexander Osadchuk - Colonel of the Russian army, leading officer in unit 74455. It was located at 22 Kirova Street in Khimki, near Moscow, in a building that GRU officers called the “tower”.

Part of 74455 specialized on publishing stolen documents on DCLeaks.com and with the participation of the fictional character Guccifier 2.0, on promoting these publications and on creating defaming Clinton content for social networks on the GRU-controlled pages of fictional characters.

Alexey Potemkin - Leading officer of unit 74455, his area of ​​activity included control of the computer infrastructure involved in cyber operations. The infrastructure, as well as social network profiles maintained by employees of Potemkin’s unit, were used to publish stolen documents.

Anatoly Kovalev - officer of the Russian army, employee of unit 74455, located in the “tower”.

Фото: Depositphotos

History in brief

Since March, 2016, Lukashev, Badin, Antonov and Yermakov have sent letters containing malicious code to 300 people associated with the Clinton campaign and structures of the Democratic Party. So, 19 March 2016 Alexey Lukashev sent an email to John Podeste, head of the election headquarters Clinton.

He registered under the name john356gh on the service, which turned the long names of web resources into short links. He used his profile on this resource as a disguise for the link contained in the phishing letter. Clicking on it, Podesta automatically got on the website controlled by the GRU.

Lukashev composed the letter so that it looked like a notice from the security department of the postal service (IT specialists call this technique “spoofing”). Simply put, Podesta received a message that he needed to change the password to his mailbox and the link that he had to follow.

The head of the election headquarters, Clinton, did just that and, as a result, Lukashev and Yermakov received access to his e-mail, which contained more than 50 thousands of letters.

Then they began to send similar phishing letters to other staff members, including Jake Sullivan, Clinton’s senior adviser on international politics for the campaign. All such emails have been sent from the Yahoo mail service by a hi.mymail user located in Russia. His box was disguised as Google.

By the end of March, the crates of the Clinton headquarters employees, whose names the attackers found on social networks, were cracked. The correspondence found there was subsequently published on DCLeaks.com.

Lukashev and Ermakov also created an email account on behalf of a campaign employee - the username differed from the real one by one letter. From it they sent letters to 30 Clinton campaign employees, including the file Hillary-clinton-favorable-rating.xlsx - it also led to a GRU-controlled website.

27 July 2016 of the year they first tried to attack the email box used in Clinton’s personal office, as well as more 50 email boxes of other employees of its headquarters.

Theft of documents

At the same time with hacking mail, Senior Lieutenant Yermakov launched a special Internet protocol that identified computers, tablets and smartphones connected to the network of the National Democratic Committee, then using open sources found out the names of the employees. A few days later, the internal network was hacked and the intelligence officers, acting in the same way, hacked the network of the Democratic Party’s congressional committee.

Then the GRU officers installed the X-agent virus on 10 computers, with which they subsequently stole documents, and also monitored the actions of the committee members, gaining access to their profiles. These actions also allowed for greater GRU access to the Democratic networks.

X-agent forwarded all the data to a leased GRU server located in Arizona. Kozachek and Malyshev answered for receiving information from him. By this time, they already had the personal data of the members of the Democratic Party’s Committee on Elections and their bank details, as well as information about the financial status of the Committee itself. Yershov and Yermakov also had access to a computer located in an unnamed country, which they used as a proxy server to communicate with the server in Arizona and the computer system of the Democratic Party’s congressional election committee.

In order to compress the vast array of data obtained in both committees, the Russian military used a publicly available service, and then used a specially written GRU program X-tunnel, which allowed them to transfer information to an intelligence-rented computer in the US state of Illinois.

In May 2016, the presence of the intruders was discovered by a company responsible for computer security committees, and the scouts began to cover up their tracks. Despite all the efforts of the security services, the GRU was able to maintain its presence on the computer network of Democrats until October 2016.

Document publishing

Senior Lieutenant Alexei Lukashov and his intelligence colleagues registered the domain DCLeaks.com in April 2016 of the year, paying for it with cryptocurrency. In June, the site began work. Subsequently, it was published stolen documents and Democrats, and Republicans (their intelligence officers received as a result of hacking back in 2015 year).

The site operated until March 2017; more than a million people managed to familiarize themselves with its content. The GRU officers who ran the site called themselves a group of American hacker activists. They also managed to open an official Facebook page - it was registered to a fictional character named Alice Donovan. Jason Scott and Richard Gingerly (also fake accounts) became administrators of the resource.

The operation was led by Alexey Potemkin. He and his accomplices, according to investigators, also registered the user @dcleaks_ on Twitter. It is noteworthy that, according to investigative documents, he wrote posts and comments from a computer that was also used for other GRU hacker attacks.

In June 2016, a fictitious hacker-activist named Guccifier 2.0 was created - the intelligence officers who created him, as a diversion, insisted on his Romanian origin. He began to receive individual orders for information about specific congressmen.

In August, 2016-th Guccifier 2.0 sent the registered lobbyist and the online political news agency information about the political opponent they were interested in (the name of the company and the name of the lobbyist are not indicated in the investigation documents). They also received information about more than 2000 donors from the Democratic Party.

At the same time, GRU officers Lukashev and Yermakov, using Guccifier 2.0, contacted an unnamed journalist, inviting him to look at the stolen documents. He got access to the non-public version of dcleaks.com.

On August 15 and September 9, 2016, Guccifier 2.0 contacted a person who was in regular contact with the Trump campaign and asked if he had found anything useful in the documents that had already been released. He replied that he found them “extremely standard.” What kind of person this is is not mentioned in the investigation, but back in March last year, Trump’s close adviser Roger Stone admitted that he was in contact with Guccifier 2.0 and did not find anything interesting in the materials to which the hacker gave him links.

"Organization-1"

Another resource for publishing stolen GRU data is the so-called “Organization 1”. Mueller's investigation does not say what kind of organization this is, but it can be assumed that we are talking about the WikiLeaks project, which has repeatedly published Democratic correspondence.

Representatives of "Organization 1" contacted Guccifier 2.0 on June 22, 2016, writing a message to the intelligence officers: "send us any new materials (stolen from the Democratic National Committee) for review, and then it will have a much greater effect than what you are doing now "

In early July, they also wrote Guccifier 2.0, interested in new documents from the Democrats ahead of their convention, at which the party traditionally nominates a single candidate. Representatives of the organization also noted that “Trump has only a 25% chance of defeating Hillary, so the conflict between her and Bernie (Bernie Sanders is a former US presidential candidate, whose candidacy did not find support among the Democrats - BBC Russian Service) becomes more and more interesting."

On July 14, after several failed attempts to hand over the stolen documents, intelligence officers sent Organization 1 detailed instructions on how to access DNC data. On July 18, 1 gigabyte of information was transferred and a representative of “Organization 1” said that the documents would be published within a week.

On July 22, Organization 1 released 20 emails. This happened just days before the Democratic Convention. In October, the organization also published documents stolen by Alexei Lukashev from the computer of Clinton campaign chief John Podesta.

Hacking government computers

In June 2016, Alexander Osadchuk and Anatoly Kovalev hacked into the computers of the people responsible for administering the American elections. They also gained access to the computers of state election committees, state secretaries, and American companies that produce electoral software. At the disposal of the scouts was also information about the voters.

At first, GRU officers, looking for weaknesses, checked the domain names of various organizations in open sources, including those listed on the websites of the Republican Party.

A month later, in July, intelligence officers hacked the website of one state election committee, gaining access to information about 500 thousand voters - they had personal information at their disposal (dates of birth, social security numbers, driver's license numbers). A month later, Kovalev and Osadchuk hacked into the computers of a software provider used to verify and verify voter registrations.

Both attacks were carried out according to the same scenario. In August, the FBI learned about the hacking of computers of the election committee and the intelligence officers began to destroy traces of their presence. At the same time, GRU officers visited the web pages of election committees in certain counties of the states of Georgia, Iowa, and Florida in search of security breaches. Kovalev and Osadchuk also created an e-mail box similar to the one used by the software vendor and, using its logo, began sending emails with malicious code from it.

All 12 intelligence officers, according to the indictments, must transfer to the US all the physical evidence and any other items and money obtained as a result of the crimes committed. Special Prosecutor Robert Muller also concluded in conclusion that the US government would seek punishment for each of the intelligence officers named in the indictment.

Read also on ForumDaily:

US Justice Department reveals Comey's 'miscalculations' in Hillary Clinton case

How much did it cost a year to investigate Russian intervention in US elections

Spying Passion in America: How It Will End

It became known that it was in ads bought by Russian trolls on Facebook

Do you want more important and interesting news about life in the USA and immigration to America? — support us donate! Also subscribe to our page Facebook. Select the “Priority in display” option and read us first. Also, don't forget to subscribe to our РєР ° РЅР ° Р »РІ Telegram  and Instagram- there is a lot of interesting things there. And join thousands of readers ForumDaily New York — there you will find a lot of interesting and positive information about life in the metropolis.