grandeduc - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Russian intelligence officers indicted for DNC hack

A grand jury for special counsel Robert Mueller's election-interference investigation indicted 12 Russian intelligence officers for crimes related to the DNC and DCCC hacks.

The Department of Justice announced Friday the indictment of 12 members of Russia's GRU intelligence agency in relation to the 2016 breaches of the Democratic National Committee and Hillary Clinton's presidential campaign.

The grand jury indictment, which is part of special counsel Robert Mueller's investigation into Russian interference with the 2016 presidential election, claimed the 12 intelligence officers were engaged in a "sustained effort" to hack into the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC) and the Clinton campaign. The DNC hack led to confidential email messages becoming public via WikiLeaks, which negatively affected the Clinton campaign and Democratic Party.

The grand jury indictment alleged the Russian intelligence officers -- operating under the online personas DCLeaks and Guccifer 2.0 -- leaked information through another entity known as Organization 1. The indictment does not mention WikiLeaks by name.

The Justice Department claimed, in 2016, members of Unit 26165 in the Russian government's Main Intelligence Directorate (GRU) began spear phishing campaign officials and volunteers for Clinton's presidential campaign; intelligence officers were able to steal usernames and passwords and use those credentials to obtain confidential email messages and compromise other systems. The threat actors used similar techniques in the DNC hack and the breach of the DCCC's network.

In addition, the Justice Department claimed Unit 26165, with members of the GRU's Unit 74455, conspired to release the stolen email messages and data in order to influence the election. According to the Department of Justice, Unit 74455 also "conspired to hack into the computers of state boards of elections, secretaries of state, and U.S. companies that supplied software and other technology related to the administration of elections to steal voter data stored on those computers."

The indictment accused the following individuals of being part of Units 26165 and 74455, as well as engaging in the DNC hack and other malicious activity: Viktor Borisovich Netyksho, Boris Alekseyevich Antonov, Dmitriy Sergeyevich Badin, Ivan Sergeyevich Yermakov, Aleksey Viktorovich Lukashev,  Sergey Aleksandrovich Morgachev, Nikolay Yuryevich Kozachek, Pavel Vyacheslavovich Yershov, Artem Andreyevich Malyshev, Aleksandr Vladimirovich Osadchuk, Aleksey Aleksandrovich Potemkin and Anatoliy Sergeyevich Kovalev.

The 12 GRU officers are accused of 11 criminal counts, including criminal conspiracy against the United States "through cyber operations by the GRU that involved the staged release of stolen documents for the purpose of interfering with the 2016 president election"; aggravated identity theft; conspiracy to launder money; and criminal conspiracy for attempting to hack into certain state boards of elections, secretaries of state, and vendors of U.S. election equipment and software.

The Justice Department emphasized there is "no allegation in the indictment that the charged conduct altered the vote count or changed the outcome of the 2016 election," and there's no allegation that any American was a knowing participant in the alleged criminal activity.

Dig Deeper on Cyberespionage and nation-state cyberattacks

Join the conversation

10 comments

Send me notifications when other members comment.

Please create a username to comment.

How should the U.S. respond to the latest development in the investigation of Russian election interference?
Cancel
How do you believe the justice department was able to get the names of the perps? Do you believe solid proof exists?
Cancel
As stated below...I believe, as others far more knowledgeable do, that the investigation/indictments relied pretty heavily on human intelligence, whether that was surveillance, spying, other indicted parties that cooperated with investigators or a combo of all three or more (probably the most likely). Also, remember that this isn't the first time GRU agents have been implicated and indicted for a cyberattack (Yahoo, for example). It wouldn't surprise me if investigators got inside information from folks involved in those attacks who were apprehended/convicted.

And yes, I believe solid proof exists. Solid, not irrefutable.
Cancel
Lets look at the crime, so far they bought advertising and submitted comments to forums.
I don't see interference, I see meddling.

What happened to the Russian company Concord Management and Consulting LLC that was indicted? Oh yeah they showed up and embarrassed mueller because he has NO EVIDENCE of a crime, and tried to delay the proceedings because of that.

He never expected them to appear, and we never expect these individuals to appear, its just smoke and mirrors.

These are only indictments to further incite division between Americans.
Cancel
If you're arguing that the crime only involves advertising and social media posting, then you haven't read the indictment or the above article on which your commenting. 
Cancel
I'm sorry you are right, this is about the server that disappeared at the hands of the felonious candidate for president.

If you don't have the server how can you have any evidence?
Cancel
Comment from Rob Wright: “Ah yes....the big question! How can you have evidence if you don’t have the physical servers? Well, let me count the ways....

First, forensic investigators like CrowdStrike take an image of the affected systems to create copies so that the original, physical servers can be rebuilt/reformatted and wiped clean of any malware. This is routine, standard operating procedure in infosec for various reasons, not the least of which is you can't expect clients to have their infected systems sitting on the network for months and months while investigators analyze them. No infosec firm would stay in business if it operated that way.

Second, companies like CrowdStrike routinely hand over the images of infected systems to law enforcement so they can be studied while the vendors clean up the ACTUAL systems. And again, the images are exact copies of the systems.

And third, this is also SOP for law enforcement.”

Cancel
Thanks for the assist, Michael. To add to my above comment, for more information, check out the DOJ guidelines for computer investigations and seizures. It'll explain why this is SOP for law enforcement agencies.
Cancel
I started reading through the indictment, but it is fairly lengthy. Does it indicate how they were able to tie in each of the defendants as conspirators? Typically, identifying individuals who are actually behind hacking is not only a difficult task, but a near impossible one because of how easy it is to establish false identities. Regardless of that, I humbly remind everyone how the U.S. was found with their hand in the proverbial cookie jar when Snowden leaked the extent to which the U.S. was conducting "illegal" surveillance against U.S. allies. How quickly we forget our own transgressions. The U.S. government is wasting tons of money when it could be dedicating its time and energy to shoring up deficiencies in our global networks. Additionally, propaganda or "fake news" is something that has been a tool of governments since even before the Internet. We can see how our own educators succumb to revisionist history. Sadly, aside from that, I think that the U.S. government needs to realize that while some voters may not be fully educated about actual events, the U.S. government needs to realize that a large part of its citizenry are disenfranchised with how our nation is being ran, and they were willing to take any change as long as it wasn't the same type of bureaucratic nonsense that they've lived under for numerous years. I think it's time to mend fences and get on with the business at hand. There is too much at stake to waste time pointing fingers. There was a lot of shady things that were going on in our own government, and before we start blaming someone else for shining a spotlight on it, let's clean our own house first and establish policies and procedures that protect our resources and eliminate fraud and abuse that is already ongoing.
Cancel
I'd keep reading it. In addition to the technical evidence outlined in the indictment, the detailed accounts of the individuals involved, the specific GRU units, and the inner workings of those operations strongly suggests that investigators have a large amount of human intelligence. That intel could come from a number of sources (other indicted parties who cooperated with investigators, for example). And yes, attribution for cyber attacks is extremely hard, but if you recall, several people within the government are on record saying that in the months leading up to the election, the threat actors targeting the DNC, Clinton and state election boards stopped trying to cover their tracks and just threw the kitchen sink at them, so to speak, in an effort to swing the election.

And finally, I find your last point about "cleaning our own house" to be somewhat ironic given that the Mueller investigation is in part devoted to exactly that -- uncovering evidence that the Trump campaign and the GOP was involved with the Russian election interference efforts. So I'm not sure what your point is about blaming others when the spotlight is shining pretty darn bright on us right now. 
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close