1. Summer and Fall 2016 Operations Targeting Democrat-Linked Victims
There was a synergy between the Russians and the Trump campaign and this is blantant proof.
On July 27, 2016, Unit 26165 targeted email accounts connected to candidate Clinton's
personal office Personal Privacy Earlier that day, candidate Trump made public statements that
included the following: "Russia, if you're listening, I hope you're able to find the 30,000 emails
that are missing. I think you will probably be rewarded mightily by our press." 183 The "30,000
emails" were apparently a reference to emails described in media accounts as having been stored
on a personal server that candidate Clinton had used while serving as Secretary of State.
Within approximately five hours of Trump's statement, GRU officers targeted for the first
time Clinton's personal office. After candidate Trump's remarks, Unit 26165 created and sent
malicious links targeting 15 email accounts at the domain PP including an email
account belonging to Clinton aide PP The investigation did not find evidence of earlier
GRU attempts to compromise accounts hosted on this domain. It is unclear how the GRU was
able to identify these email accounts, which were not public. 184
Unit 26165 officers also hacked into a DNC account hosted on a cloud-computing service Personal Privacy copies of the DNC data using Personal Privacy databases (referred to
On September 20, 2016, the GRU began to generate
function designed to allow users to produce backups of databases (referred to Personal Privacy as "snapshots"). The GRU then stole those snapshots by moving them to Personal Privacy account that they controlled; from there, the copies were moved to GRU controlled computers. The GRU stole approximately 300 gigabytes of data from the DNC cloudbased account. 185
183 "Donald Trump on Russian & Missing Hillary Clinton Emails (click here)," YouTube Channel C-SPAN,
Posted 7/27/16, available at https://www.youtube.com/watch?v=3kxG8uJUsWU (starting at 0:41).
184 Investigative Technique
185 Netyksho Indictment ,i 34; see also SM-2589105-HACK, serial 29
Investigative Technique
2. Intrusions Targeting the Administration of U.S. Elections
They are very ambitious Russians.
In addition to targeting individuals involved in the Clinton Campaign, GRU officers also
targeted individuals and entities involved in the administration of the elections. Victims included
U.S. state and local entities, such as state boards of elections (SBOEs), secretaries of state, and
county governments, as well as individuals who worked for those entities. 186
The personal aspect of the Russians need for control is always there. It isn't just getting files, it is knowing who is involved. Innocent people in their everyday lives are targets of Russian power.
The GRU also
targeted private technology firms responsible for manufacturing and administering election-related
software and hardware, such as voter registration software and electronic polling stations.187 The
GRU continued to target these victims through the elections in November 2016. While the
investigation identified evidence that the GRU targeted these individuals and entities, the Office
did not investigate further. The Office did not, for instance, obtain or examine servers or other
relevant items belonging to these victims. The Office understands that the FBI, the U.S.
Department of Homeland Security, and the states have separately investigated that activity.
By at least the summer of 2016, GRU officers sought access to state and local computer
networks by exploiting known software vulnerabilities on websites of state and local governmental
entities. GRU officers, for example, targeted state and local databases of registered voters using a
technique known as "SQL injection," by which malicious code was sent to the state or local
website in order to run commands (such as exfiltrating the database contents). 188 In one instance
in approximately June 2016, the GRU compromised the computer network of the Illinois State
Board of Elections by exploiting a vulnerability in the SBOE's website. The GRU then gained
access to a database containing information on millions of registered Illinois voters, 189 and
extracted data related to thousands of U.S. voters before the malicious activity was identified. 190
The Russians were going to steal the election. They do all the time within their own country, but, it is very overt by stuffing ballot boxes. They definitely thought they would change votes and make it happen for their candidate.
183 "Donald Trump on Russian & Missing Hillary Clinton Emails," YouTube Channel C-SPAN,
Posted 7/27/16, available at https://www.youtube.com/watch?v=3kxG8uJUsWU (starting at 0:41).
184 Investigative Technique
185 Netyksho Indictment ,i 34; see also SM-2589105-HACK, serial 29 Investigative Technique
186 Netyksho Indictment , 69
187 Netyksho Indictment , 69 Investigative Technique
188 Investigative Technique
189 Investigative Technique
190 Investigative Technique
Investigative Technique
Similar Investigative Technique for vulnerabiliites continued through the election.
Unit 74455 also sent spearphishing emails to public officials involved in election
administration and personnel at companies involved in voting technology. In August 2016, GRU
officers targeted employees of Personal Privacy , a voting technology company that developed software
used by numerous U.S. counties to manage voter rolls, and installed malware on the company
network. Similarly, in November 2016, the GRU sent spearphishing emails to over 120 email
accounts used by Florida county officials responsible for administering the 2016 U.S. election. 191
The spearphishing emails contained an attached Word document coded with malicious software
(commonly referred to as a Trojan) that permitted the GRU to access the infected computer.192
The FBI was separately responsible for this investigation. We understand the FBI believes that this
operation enabled the GRU to gain access to the network of at least one Florida county
government. The Office did not independently verify that belief and, as explained above, did not
undertake the investigative steps that would have been necessary to do so.
Exactly. They didn't care where the information came from or who obtained it, they would use it anyway. The Trump Campaign had a symbiotic relationship with Russia.
D. Trump Campaign and the Dissemination of Hacked Materials
The Trump Campaign showed interest in WikiLeaks's releases of hacked materials throughout the summer and fall of 2016. Harm of Ongoing Matter
l. HOM
a. Background
Harm of Ongoing Matter
191 Netyksho Indictment, 76 Investigative Technique
192 Harm of Ongoing Matter
Breaktime
