Trump–Russia relations |
---|
"Guccifer 2.0" is a persona which claimed to be the hacker(s) who gained unauthorized access to the Democratic National Committee (DNC) computer network and then leaked its documents to the media, [1] [2] the website WikiLeaks, [3] [4] [5] [6] [7] and a conference event. [8] Some of the documents "Guccifer 2.0" released to the media appear to be forgeries cobbled together from public information and previous hacks, which had been mixed with disinformation. [9] [10] [11] According to indictments in February 2018, the persona is operated by Russian military intelligence agency GRU. [12] On July 13, 2018, Special Counsel Robert Mueller indicted 12 GRU agents for allegedly perpetrating the cyberattacks. [12]
The U.S. Intelligence Community assessed with high confidence that some of the genuine leaks from "Guccifer 2.0" were part of a series of cyberattacks on the DNC committed by two Russian military intelligence groups, [13] [14] [15] [16] and that "Guccifer 2.0" is actually a persona created by Russian intelligence services to cover for their interference in the 2016 U.S. presidential election. [17] [18] This conclusion is based on intelligence analysis and analyses conducted by multiple private sector cybersecurity individuals and firms, including CrowdStrike, [19] [20] Fidelis Cybersecurity, [20] [21] FireEye's Mandiant, [20] SecureWorks, [22] ThreatConnect, [23] Trend Micro, [24] and the security editor for Ars Technica . [25] The Russian government denies involvement in the theft, [26] and "Guccifer 2.0" denied links to Russia. [27] [28]
In March 2018, Special Counsel Robert Mueller took over investigation of Guccifer 2.0 from the FBI while it was reported that forensic determination had found the Guccifer 2.0 persona to be a "particular military intelligence directorate (GRU) officer working out of the agency's headquarters on Grizodubovoy Street in Moscow". [29]
On June 21, 2016, in an interview with Vice, "Guccifer 2.0" said he is Romanian, [30] [27] which is the nationality of Marcel Lazar Lehel, the Romanian hacker who originally used the "Guccifer" pseudonym. On June 30, 2016, and January 12, 2017, "Guccifer 2.0" stated that he is not Russian. [31] [32] [33] However, despite stating that he was unable to read or understand Russian, metadata of emails sent from Guccifer 2.0 to The Hill showed that a predominantly-Russian-language VPN was used. [34] When pressed to use the Romanian language in an interview with Motherboard via online chat, "he used such clunky grammar and terminology that experts believed he was using an online translator." [34] Linguistic analysis by Shlomo Engelson Argamon showed that Guccifer 2.0 is most likely "a Russian pretending to be a Romanian". [35] [36] When asked about Guccifer 2.0's leaks, WikiLeaks founder Julian Assange said "These look very much like they’re from the Russians. But in some ways, they look very amateur, and almost look too much like the Russians." [37] [38]
Some cybersecurity experts have concluded that "Guccifer 2.0" is likely a creation of the Russian state-sponsored hacking groups thought to have executed the attack, [19] [20] [21] [22] [23] [25] [18] invented to cover up Russian responsibility. [17] [18] The cybersecurity firm CrowdStrike, which was hired by the DNC to analyze the data breach, [39] "posits that Guccifer 2.0 could be 'part of a Russian Intelligence disinformation campaign'", i.e. a creation to deflect blame for the theft. [17] Russia has made use of the invention of "a lone hacker or an hacktivist to deflect blame" in the past, deploying this strategy in previous cyberattacks on the German government and the French network TV5Monde. [18] Thomas Rid of King's College London, a cybersecurity expert, says it is "'more likely than not' that the whole operation, including the Guccifer 2.0 part, was orchestrated by Russian spies." [18] The hackers responsible for the DNC email leak (a group called Fancy Bear by CrowdStrike) seem to have not been working on the DNC's servers on April 15 which in Russia is a holiday in honor of the Russian military's electronic warfare services. [40]
On July 18, 2016, Russian government spokesman Dmitry Peskov denied Russian government involvement in the DNC theft. [41]
In an October 2016 joint statement, the United States Department of Homeland Security and the Office of the Director of National Intelligence stated:
The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the U.S. election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities. [42]
In March 2018, The Daily Beast , citing U.S. government sources, reported that Guccifer 2.0 is in fact a Russian GRU officer, explaining that Guccifer once forgot to use a VPN, leaving IP logs on "an American social media company" server. The IP address was used by U.S. investigators to identify Guccifer 2.0 as "a particular GRU officer working out of the agency's headquarters on Grizodubovoy Street in Moscow." [29]
In April 2018, BuzzFeed reported that messages showed WikiLeaks' interest in Guccifer 2.0's emails and files. [43]
On July 13, 2018, the United States Department of Justice (DOJ) indicted 12 Russian Intelligence Officers and revealed that Guccifer 2.0 was a persona used by GRU. [44]
Twitter suspended the persona's account on July 14, 2018, for "being connected to a network of accounts previously suspended for operating in violation of our rules." The account had been dormant for at least a year and a half. [45]
On June 14, 2016, according to The Washington Post , the DNC acknowledged a hack [46] which was claimed by Guccifer 2.0. [4] [5] [6] [7] [31] [47]
On July 18, 2016, Guccifer 2.0 provided exclusively to The Hill numerous documents and files covering political strategies, [2] including correlating the banks that received bailout funds with Republican Party and Democratic Party donations. [2]
On July 22, 2016, Guccifer 2.0 stated he hacked, then leaked, the DNC emails to WikiLeaks. [4] [5] [6] [7] [31] [47] "Wikileaks published #DNCHack docs I'd given them!!!", tweeted Guccifer 2.0. [7]
On September 13, 2016, during a conference, an unknown and remote representative of Guccifer 2.0 released almost 700 megabytes (MB) worth of documents from the DNC. [48] Forbes also obtained a copy of those. [8] On September 12, 2016, ahead of that conference, Guccifer posted a public Twitter message in which he confirmed that his representative was legitimate. [8] The Russian government denied any involvement. [48] The DNC, the DCCC, U.S. intelligence officials, and other experts speculated about Russia involvement. [48] NGP VAN, who state they are the "leading technology provider" for the Democratic campaigns, declined to comment on Guccifer 2.0's recent statements. [8]
On October 4, 2016, Guccifer 2.0 released documents and claimed that they were taken from the Clinton Foundation and showed "corruption and malfeasance" there. [49] Security experts quickly determined that the release was a hoax; the release did not contain Clinton Foundation documents, but rather consisted of documents previously released from the DNC and DCCC thefts, data aggregated from public records, and documents that were fabricated altogether as propaganda. [49] [11] Singled out as particularly unrealistic was the idea that Clinton's team would have actually named a file "Pay for Play" on their own server, as Guccifer 2.0's screenshots of the alleged "hack" show. [49] [50] [10]
Former Trump confidant Roger Stone was in contact with Guccifer 2.0 during the campaign. [51]
A week after Guccifer 2.0 appeared online, WikiLeaks sent the persona a message saying to "send any new material here for us to review and it will have a much higher impact than what you are doing." [52] After not receiving a reply, on July 6, 2016 WikiLeaks sent another message that said "if you have anything hillary related we want it in the next tweo [sic] days prefable [sic] because the DNC is approaching and she will solidify bernie supporters behind her after." Guccifer 2.0 responded "ok ... i see," and WikiLeaks added "we think trump has only a 25% chance of winning against hillary ... so conflict between bernie and hillary is interesting." [53] [54] On July 14, 2016 Guccifer 2.0 sent WikiLeaks an email with an encrypted attachment labeled "wk dnc link1.txt.gpg." [55] According to the indictment, the email explained that "the encrypted file contained instructions on how to access an online archive of stolen DNC documents." [52]
Four days later, WikiLeaks responded that it had received "the 1Gb or so archive" and would release the files that week. [52] The DNC emails were released several days later.
The Guccifer 2.0 persona went dark just before the U.S. presidential election, and resurfaced on January 12, 2017, following the public release of the Steele dossier that asserted the Trump campaign was cooperating with the Russians in their interference in the 2016 presidential election. The dossier also asserted that "Romanian hackers" had performed the hacks.
The Guccifer 2.0 persona made a blog post denying that they had any relation to the Russian government, and calling the technical evidence suggesting links to the Russian government "a crude fake." [28] In the blog post, Guccifer 2.0 indicated they had gained access to the DNC servers through a vulnerability in their NGP VAN software. [56]
Andy Müller-Maguhn is a member of the German hacker association Chaos Computer Club (CCC). Having been a member since 1986, he was appointed as a spokesman for the club in 1990, and later served on its board until 2012. He runs a company that develops cryptophones.
WikiLeaks is a media organisation and publisher that operates as a non-profit and is funded by donations and media partnerships. It has published classified documents and other media provided by anonymous sources. It was founded in 2006 by Julian Assange, an Australian editor, publisher, and activist, who is currently challenging extradition to the United States over his work with WikiLeaks. Since September 2018, Kristinn Hrafnsson has served as its editor-in-chief. Its website states that it has released more than ten million documents and associated analyses. WikiLeaks' most recent publication of original documents was in 2019 and its most recent publication was in 2021. Beginning in November 2022, many of the documents on the organisation's website could not be accessed. In 2023, Assange said that WikiLeaks was no longer able to publish due to his imprisonment and the effect that US government surveillance and WikiLeaks' funding restrictions were having on potential whistleblowers.
Julian Paul Assange is an Australian editor, publisher and activist who founded WikiLeaks in 2006. He came to wide international attention in 2010 when WikiLeaks published a series of leaks from US Army intelligence analyst Chelsea Manning: footage of a US airstrike in Baghdad, US military logs from the Afghanistan and Iraq wars, and US diplomatic cables. Assange has won multiple awards for publishing and journalism.
Bernd Fix is a German hacker and computer security expert.
WikiLeaks, a whistleblowing website founded by Julian Assange, has received praise as well as criticism from the public, hacktivists, journalist organisations and government officials. The organisation has revealed human rights abuses and was the target of an alleged "cyber war". Allegations have been made that Wikileaks worked with or was exploited by the Russian government and acted in a partisan manner during the 2016 U.S. presidential election.
The Democratic National Committee cyber attacks took place in 2015 and 2016, in which two groups of Russian computer hackers infiltrated the Democratic National Committee (DNC) computer network, leading to a data breach. Cybersecurity experts, as well as the U.S. government, determined that the cyberespionage was the work of Russian intelligence agencies.
The 2016 Democratic National Committee email leak is a collection of Democratic National Committee (DNC) emails stolen by one or more hackers operating under the pseudonym "Guccifer 2.0" who are alleged to be Russian intelligence agency hackers, according to indictments carried out by the Mueller investigation. These emails were subsequently leaked by DCLeaks in June and July 2016 and by WikiLeaks on July 22, 2016, just before the 2016 Democratic National Convention. This collection included 19,252 emails and 8,034 attachments from the DNC, the governing body of the United States Democratic Party. The leak includes emails from seven key DNC staff members dating from January 2015 to May 2016. On November 6, 2016, WikiLeaks released a second batch of DNC emails, adding 8,263 emails to its collection. The emails and documents showed that the Democratic Party's national committee favored Clinton over her rival Bernie Sanders in the primaries. These releases caused significant harm to the Clinton campaign, and have been cited as a potential contributing factor to her loss in the general election against Donald Trump.
The murder of Seth Rich occurred on July 10, 2016, at 4:20 a.m. in the Bloomingdale neighborhood of Washington, D.C. Rich died about an hour and a half after being shot twice in the back. The perpetrators were never apprehended; police suspected he had been the victim of an attempted robbery.
DCLeaks was a website that was established in June 2016. It was responsible for publishing leaks of emails belonging to multiple prominent figures in the United States government and military. Cybersecurity research firms determined the site is a front for the Russian cyber-espionage group Fancy Bear. On July 13, 2018, an indictment was made against 12 Russian GRU military officers; it alleged that DCLeaks is part of a Russian military operation to interfere in the 2016 U.S. presidential election.
In March 2016, the personal Gmail account of John Podesta, a former White House chief of staff and chair of Hillary Clinton's 2016 U.S. presidential campaign, was compromised in a data breach accomplished via a spear-phishing attack, and some of his emails, many of which were work-related, were hacked. Cybersecurity researchers as well as the United States government attributed responsibility for the breach to the Russian cyber spying group Fancy Bear, allegedly two units of a Russian military intelligence agency.
The Russian government interfered in the 2016 United States elections with the goals of sabotaging the presidential campaign of Hillary Clinton, boosting the presidential campaign of Donald Trump, and increasing political and social discord in the United States. According to the U.S. intelligence community, the operation—code named Project Lakhta—was ordered directly by Russian president Vladimir Putin. The 448-page Mueller report, made public in April 2019, examined over 200 contacts between the Trump campaign and Russian officials but concluded that there was insufficient evidence to bring any conspiracy or coordination charges against Trump or his associates.
This is a timeline of events related to Russian interference in the 2016 United States elections.
The Plot to Hack America: How Putin's Cyberspies and WikiLeaks Tried to Steal the 2016 Election is a non-fiction book by Malcolm Nance about the Russian interference in the 2016 United States elections. It was published in paperback, audiobook, and e-book formats in 2016 by Skyhorse Publishing. A second edition was also published the same year, and a third edition in 2017. Nance researched Russian intelligence, working as a Russian interpreter and studying KGB history.
Assessing Russian Activities and Intentions in Recent US Elections is a report issued by the United States Office of the Director of National Intelligence (ODNI) that assessed the extent and basis of Russia's interference in United States' elections in 2016. Published on January 6, 2017, the report includes an assessment by the National Security Agency, the Central Intelligence Agency, and the Federal Bureau of Investigation of the type and breadth of actions undertaken by Russia and affiliated elements during the elections. The report examines Russia's utilization of cyberspace such as hacking and the use of internet trolls and bots, and an intensive media campaign to influence public opinion in the United States. Additionally, it analyzes Russia's intentions and motivations in regards to their influence campaign. Issued in two forms, a classified version and a declassified version, the report drew its conclusions based on highly classified intelligence, an understanding of past Russian actions, and sensitive sources and methods.
Democratic National Committee v. Russian Federation, et al. was a civil lawsuit filed by the Democratic National Committee (DNC) in the United States District Court for the Southern District of New York against the Russian Federation, WikiLeaks and other entities and individuals. The case, relating to Russian interference in the 2016 United States elections, was filed on April 20, 2018. The DNC's complaint accused the Trump campaign of engaging in a racketeering enterprise in conjunction with Russia and WikiLeaks. The American Civil Liberties Union, Reporters Committee for Freedom of the Press and others filed friend-of-the-court briefs expressing concern over the lawsuit's implications for freedom of the press.
This is a timeline of events related to Russian interference in the 2016 United States elections, sorted by topics. It also includes events described in investigations into the many suspicious links between Trump associates and Russian officials and spies. Those investigations continued in 2017, the first and second halves of 2018, and 2019, largely as parts of the Crossfire Hurricane FBI investigation, the Special Counsel investigation, multiple ongoing criminal investigations by several State Attorneys General, and the investigation resulting in the Inspector General report on FBI and DOJ actions in the 2016 election.
This is a timeline of events related to Russian interference in the 2016 United States elections.
Emma Best is an American investigative reporter and whistleblower. They gained national attention for their work with WikiLeaks and activist Julian Assange. Best is known for prolific filing of Freedom of Information Act (FOIA) requests on behalf of MuckRock and co-founding the whistleblower site Distributed Denial of Secrets (DDoSecrets) which resulted in Best being investigated by the Department of Homeland Security and temporarily banned from filing FOIA requests.
The 2016 United States election leaks were a series of publications of more than 150,000 stolen emails and other files during the U.S. presidential election campaigns released by Guccifer 2.0, DCLeaks and WikiLeaks. Computer hackers allegedly affiliated with the Russian military intelligence service (GRU) infiltrated information systems of the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC), and Clinton campaign officials, notably chairman John Podesta, and leaked some of the stolen materials. Emails from Guccifer 2.0 to journalists suggest a link to DCLeaks, and messages WikiLeaks exchanged with Guccifer 2.0 and DCLeaks suggest both submitted emails to WikiLeaks.
This makes it very likely that Guccifer 2.0 is a creation of the Pawn Storm actor group.
But on one occasion (...) Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company. (...) Working off the IP address, U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency's headquarters on Grizodubovoy Street in Moscow.
{{cite web}}
: CS1 maint: numeric names: authors list (link){{cite web}}
: CS1 maint: numeric names: authors list (link)Less than an hour after WikiLeaks's last message ... Guccifer 2.0 tweeted that it had handed those documents over.
Julian Assange not only knew that a murdered Democratic National Committee staffer wasn't his source for thousands of hacked party emails, he was in active contact with his real sources in Russia's GRU months after Seth Rich's death. At the same time he was publicly working to shift blame onto the slain staffer "to obscure the source of the materials he was releasing," Special Counsel Robert Mueller asserts in his final report on Russia's role in the 2016 presidential election.
WikiLeaks actively sought, and played, a key role in the Russian intelligence campaign and very likely knew it was assisting a Russian intelligence influence effort.