2. Intrusions into the DCCC and DNC Networks
a. Initial Access
By no later than April 12, 2016, the GRU had gained access to the DCCC computer
network using the credentials stolen from a DCCC employee who had been successfully
spearphished the week before. Over the ensuing weeks, the GRU traversed the network,
identifying different computers connected to the DCCC network. By stealing network access
credentials along the way (including those of IT administrators with unrestricted access to the
system), the GRU compromised approximately 29 different computers on the DCCC network. 119
Approximately six days after first hacking into the DCCC network, on April 18, 2016,
GRU officers gained access to the DNC network via a virtual private network (VPN) connection120
between the DCCC and DNC networks. 121 Between April 18, 2016 and June 8, 2016, Unit 26165
compromised more than 30 computers on the DNC network, including the DNC mail server and shared file server. 122
b. Implantation of Malware on DCCC and DNC Networks
Unit 26165 implanted on the DCCC and DNC networks two types of customized
malware, 123 known as "X-Agent" and "X-Tunnel"; Mimikatz, a credential-harvesting tool; and
rar.exe, a tool used in these intrusions to compile and compress materials for exfiltration. X-Agent
was a multi-function hacking tool that allowed Unit 26165 to log keystrokes, take screenshots, and
gather other data about the infected computers (e.g., file directories, operating systems). 124 XTunnel was a hacking tool that created an encrypted connection between the victim DCCC/DNC
computers and GRU-controlled computers outside the DCCC and DNC networks that was capable
of large-scale data transfers. 125 GRU officers then used X-Tunnel to exfiltrate stolen data from the
victim computers.
Basically, X-Agent was used for spying and gathering information and X-Tunnel was used for encryption and theft.
119 Investigative Technique
120 A VPN extends a private network, allowing users to send and receive data across public
networks (such as the internet) as if the connecting computer was directly connected to the private network.
The VPN in this case had been created to give a small number of DCCC employees access to certain
databases housed on the DNC network. Therefore, while the DCCC employees were outside the DNC's
private network, they could access parts of the DNC network from their DCCC computers.
121 Investigative Technique SM-2589105-HACK, serial 5.
More of the same internal SM numbers that are in evidence files.
122 Investigative Technique SM-2589105-HACK, serial 5.
middle servers
123 "Malware" is short for malicious software, and here refers to software designed to allow a third
party to infiltrate a computer without the consent or knowledge of the computer's user or operator.
124 Investigative Technique
125 Investigative Technique
The Russians went through a lot of trouble and they planned on continuing their harvest of information.
To operate X-Agent and X-Tunnel on the DCCC and DNC networks, Unit 26165 officers
set up a group of computers outside those networks to communicate with the implanted
malware. 126 The first set of GRU-controlled computers, known by the GRU as "middle servers,"
sent and received messages to and from malware on the DNC/DCCC networks. The middle
servers, in turn, relayed messages to a second set of GRU-controlled computers, labeled internally
by the GRU as an "AMS Panel." The AMS Panel Investigative Technique served as a
nerve center through which GRU officers monitored and directed the malware's operations on the
DNC/DCCC networks. 127
The AMS Panel used to control X-Agent during the DCCC and DNC intrusions was housed on a leased computer near IT Arizona. 128 Investigative Technique
129
Investigative Technique
Footnote 126 In connection with these intrusions, the GRU used computers (virtual private networks,
dedicated servers operated by hosting companies, etc.) that it leased from third-party providers located all
over the world. The investigation identified rental agreements and payments for computers located in, inter
alia, -Investigative Technique all of which were used in the operations
targeting the U.S. election.
Footnote 127 Netyksho Indictment ,r 25.
Footnote 128 Netyksho Indictment ,r 24( c ).
Footnote 129 Netyksho Indictment ,r 24(b ).
The footnotes in this section indicate definitions which the Special Counsel Report does not contain in a dedicated area. So, it is easier to read this way. If there is any lack of understanding Former FBI Director Mueller spells it out at the bottom of the page.
The Arizona-based AMS Panel also stored thousands of files containing keylogging
sessions captured through X-Agent. These sessions were captured as GRU officers monitored
DCCC and DNC employees' work on infected computers regularly between April 2016 and June
2016. Data captured in these key logging sessions included passwords, internal communications
between employees, banking information, and sensitive personal information.
The DNC, DCCC and the Clinton Campaign didn't have a chance. The Russians had set up a spy network that would follow the users of over 30 computers in their daily activities. That is very scary. Every American should be grateful the FBI is this sophisticated and knows exactly what they are looking at. It is over for the people that Putin's intelligence agency was using to gather information. Just imagine if it wasn't. The FBI performed vital tasks to end the danger to American lives.
I don't want to hear another word about a Deep State, it doesn't exist. What does exist are highly qualified professionals that work very hard with every skill they have to protect this country.
I am going to take a break.
