The Russian Hack

As I laid out last week, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Mueller’s team just announced (and announced the transfer, as I predicted) of the Russian hack indictment, naming 12 GRU officers for the hack of the Hillary campaign, the DNC, and the DCCC. This will be a working thread.

Rod Rosenstein, as he did with the Internet Research Agency, made clear there are no Americans named in this indictment (and that those who interacted with Guccifer 2.0 and DC Leaks did not know they were interacting with Russians). That said, here are some of the interesting nods in it.

Other known conspirators

The indictment names 12 officers — and (as conspiracy cases often do) — persons known and unknown to the Grand Jury.

Hillary’s campaign targeted more aggressively than previously reported

This is a detail I’ve known for quite some time: Hillary’s campaign actually faced far more persistent hacking threats than previously known. Of absolutely critical importance, the indictment makes it clear that GRU hackers spear-phished Hillary’s personal office on July 27, after Donald Trump asked Russia to find her emails.

For example, on or about July 27, 2016, the Conspirators attempted after hours to spearphish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton’s personal office. At or around the same time, they also targeted seventy-six email addresses at the domain for the Clinton Campaign.

I know a key witness in that part of the hack has been waiting to share his story (he’s quite happy this is finally out), so expect far more details on the targeting of the Hillary campaign itself, rather than just the DNC and DCCC, in coming days.


The indictment doesn’t name Wikileaks, but alleges that Guccifer 2.0 released additional stolen documents through a website maintained by “Organization 1.” There’s an entire section on communications between Guccifer 2.0 and Wikileaks (starting on page 17). Among other things it quotes Wikileaks as saying on July 6,

if you have anything hillary related we want it in the next tweo [sic] days prefabl [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after.

This makes it clear that WikiLeaks was not only working directly with Guccifer 2.0, but doing so in ways that would antagonize Bernie-supporting progressives.


The computer infrastructure (including computers in the US) here was paid for by cryptocurrency, not via payments laundered through the embassy (one of several claims about funding made in the Steele dossier).

May through June 2016

The indictment names Ivan Sergeyovich Yermakov as the person who hacked into the DNC email server and stole the emails released via WikiLeaks. This hack date is critical to the timing of the narrative. The emails exfiltrated and provided to Wikileaks were stolen from May 25 through June 1.

Note, too, the indictment says hackers remained in the DNC computers through June.


The hackers used a server in AZ but then ran that through a server “overseas.” The hackers leased a DCCC computer in Illinois. The use of infrastructure within the US suggests much of the hot air around transfer times — one of the key attempts to debunk the hack — is just that, hot air.

Targeted information

The indictment gives the search terms for some of the targeted information. For example, on April 15, 2016, the conspirators searched for Hillary, Cruz, and Trump, as well as “Benghazi investigations.”

It describes a search on a server in Moscow for some of the terms used in the original Guccifer 2.0 post, including “some hundred sheets,” “illuminati,” “think twice about” “company’s competence” (referring to CrowdStrike).


The indictment describes Crowdstrike’s efforts to oust the hackers, but notes that a Linux based version of X-Agent remained on DNC’s network until October 2016.


I have been saying forever that the easiest way to steal the election would be to steal Hillary’s analytics. The indictment revals that,

In or around September 2016, the Conspirators also successfully gained access to DNC computers hosted on a third-party cloud-computing service. These computers contained test applications related to the DNC’s analytics. After conducting reconnaissance, the Conspirators gathered data by creating backups, or “snapshots,” of the DNC’s cloud-based systems using the cloud provider’s own technology.

The indictment is silent about what happened to this stolen analytics data.


The indictment notes that DCLeaks also released emails of Republicans that were hacked in 2015 (though I think it actually included some that were more recent than that).

Alice Donovan

Alice Donovan pitched news articles to various outlets. It was also the name used for DC Leaks’ Facebook account. This name (and a few others in the indictment) connects the hack and leak with the wider disinformation campaign.

Requested Stolen Information

The indictment describes how a candidate for Congress asked for information. I think I know who this is, but need to check.

It describes Guccifer 2.0 providing documents to Aaron Nevins, which I have covered repeatedly.

And it describes a journalist who obtained Black Lives Matters documents. As his DMs make clear, this was then Breitbart and current Sputnik journalist Lee Stranahan.

Stranahan is the journalist who helped Roger Stone write the column claiming that Guccifer 2.0 was an American.

It describes Guccifer 2.0’s interactions with Roger Stone (see paragraph 44).

State and vendor servers

The language describing the efforts to hack state sites, starting on page 25, is very specific, down to the named GRU officer. It describes Kovalev stealing the information of 500,000 voters (this is probably from Illinois).

Note, the indictment describes Kovalev deleting information in response to an FBI alert on the hacks of the state server. It doesn’t say whether he did so in response to public reporting on it.


February 1, 2016: gfade147 0.026043 bitcoin transaction

March 2016: Conspirators hack email accounts of volunteers and employees of Hillary campaign, including John Podesta

March 2016: Yermakov spearphishes two accounts that would be leaked to DC Leaks

March 14, 2016 through April 28, 2016: Conspirators use same pool of bitcoin to purchase VPN and lease server in Malaysia

March 15, 2016: Yermakov runs technical query for DNC IP configurations and searches for open source info on DNC network, Dem Party, and Hillary

March 19, 2016: Lukashev spearphish Podesta personal email using john356gh

March 21, 2016: Lukashev steals contents of Podesta’s email account, over 50,000 emails (he is named Victim 3 later in indictment)

March 25, 2016: Lukashev spearphishes Victims 1 (personal email) and 2 using john356gh; their emails later released on DCLeaks

March 28, 2016: Yermakov researched Victims 1 and 2 on social media

April 2016: Kozachek customizes X-Agent

April 2016: Conspirators hack into DCCC and DNC networks, plant X-Agent malware

April 2016: Conspirators plan release of materials stolen from Clinton Campaign, DCCC, and DNC

April 6, 2016: Conspirators create email for fake Clinton Campaign team member to spearphish Clinton campaign; DCCC Employee 1 clicks spearphish link

April 7, 2016: Yermakov runs technical query for DCCC’s internet protocol configurations

April 12, 2016: Conspirators use stolen credentials of DCCC employee to access network; Victim 4 DCCC email victimized

April 14, 2016: Conspirators use X-Agent keylog and screenshot functions to surveil DCCC Employee 1

April 15, 2016: Conspirators search hacked DCCC computer for “hillary,” “cruz,” “trump” and copied “Benghazi investigations” folder

April 15, 2016: Victim 5 DCCC email victimized

April 18, 2016: Conspirators hack into DNC through DCCC using credentials of DCCC employee with access to DNC server; Victim 6 DCCC email victimized

April 19, 2016: Kozachek, Yershov, and co-conspirators remotely configure middle server

April 19, 2016: Conspirators register dcleaks using operational email [email protected]

April 20, 2016: Conspirators direct X-Agent malware on DCCC computers to connect to middle server

April 22, 2016: Conspirators use X-Agent keylog and screenshot function to surveil DCCC Employee 2

April 22, 2016: Conspirators compress oppo research for exfil to server in Illinois

April 26, 2016: George Papadopolous learns Russians are offering election assistance in the form of leaked emails

April 28, 2016: Conspirators use bitcoin associated with Guccifer 2.0 VPN to lease Malaysian server hosting

April 28, 2016: Conspirators test IL server

May 2016: Yermakov hacks DNC server

May 10, 2016: Victim 7 DNC email victimized

May 13, 2016: Conspirators delete logs from DNC computer

May 25 through June 1, 2016: Conspirators hack DNC Microsoft Exchange Server; Yermakov researches PowerShell commands related to accessing it

May 30, 2016: Malyshev upgrades the AMS (AZ) server, which receives updates from 13 DCCC and DNC computers

May 31, 2016: Yermakov researches Crowdstrike and X-Agent and X-Tunnel malware

June 2016: Conspirators staged and released tens of thousands of stolen emails and documents

June 1, 2016: Conspirators attempt to delete presence on DCCC using CCleaner

June 2, 2016: Victim 2 personal victimized

June 8, 2016: Conspirators launch, dcleaks Facebook account using Alive Donovan, Jason Scott, and Richard Gingrey IDs, and @dcleaks_ Twitter account, using same computer used for other

June 9, 2016: Don Jr, Paul Manafort, Jared Kushner have meeting expecting dirt from Russians, including Aras Agalarov employee Ike Kaveladze

June 10, 2016: Ike Kaveladze has calls with Russia and NY while still in NYC

June 14, 2016: Conspirators register actblues and redirect DCCC website to actblues

June 14, 2016: WaPo (before noon ET) and Crowdstrike announces DNC hack

June 15, 2016, between 4:19PM and 4:56 PM Moscow Standard Time (9:19 and 9:56 AM ET): Conspirators log into Moscow-based sever and search for words that would end up in first Guccifer 2.0 post, including “some hundred sheets,” “illuminati,” “think twice about company’s competence,” “worldwide known”

June 15, 2016, 7:02PM MST (12:02PM ET): Guccifer 2.0 posts first post

June 15 adn 16, 2016: Ike Kaveladze places roaming calls from Russia, the only ones he places during the extended trip

June 20, 2016: Conspirators delete logs from AMS panel, including login history, attempt to reaccess DCCC using stolen credentials

June 22, 2016: Wikileaks sends a private message to Guccifer 2.0 to “send any new material here for us to review and it will have a much higher impact than what you are doing.”

June 27, 2016: Conspirators contact US reporter, send report password to access nonpublic portion of dcleaks

Late June, 2016: Failed attempts to transfer data to Wikileaks

July, 2016: Kovalev hacks into IL State Board of Elections and steals information on 500,000 voters

July 6, 2016: Conspirators use VPN to log into Guccifer 2.0 account

July 6, 2016: Wikileaks writes Guccifer 2.0 adding, “if you have anything hillary related we want it in the next tweo [sic] days prefabl [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after”

July 6, 2016: Victim 8 personal email victimized

July 14, 2016: Conspirators send WikiLeaks an email with attachment titled wk dnc link1.txt.gpg providing instructions on how to access online archive of stolen DNC documents

July 18, 2016: WikiLeaks confirms it has “the 1Gb or so archive” and would make a release of stolen documents “this week”

July 22, 2016: WikiLeaks releases first dump of 20,000 emails

July 27, 2016: Trump asks Russia for Hillary emails

July 27, 2016: After hours, conspirators attempt to spearphish email accounts at a domain hosted by third party provider and used by Hillary’s personal office, as well as 76 email addresses at Clinton Campaign

August 2016: Kovalev hacks into VR systems

August 15, 2016: Conspirators receive request for stolen documents from candidate for US congress

August 15, 2016: First Guccifer 2.0 exchange with Roger Stone noted

August 22, 2016: Conspirators transfer 2.5 GB of stolen DCCC data to registered FL state lobbyist Aaron Nevins

August 22, 2016: Conspirators send Lee Stranahan Black Lives Matter document

September 2016: Conspirators access DNC computers hosted on cloud service, creating backups of analytics applications

October 2016: Linux version of X-Agent remains on DNC network

October 7, 2016: WikiLeaks releases first set of Podesta emails

October 28, 2016: Kovalev visits counties in GA, IA, and FL to identify vulnerabilities

November 2016: Kovalev uses VR Systems email address to phish FL officials

January 12, 2017: Conspirators falsely claim the intrusions and release of stolen documents have “totally no relation to the Russian government”

158 replies
  1. Teddy says:

    People on Twitter are saying that “the first time” Hillary’s emails were targeted was the same day, and shortly after, Trump’s memorable “Russian, if you’re listening….” request.  Is this so?  Because that’s a big deal, even if it’s right out in the open.  One could speculate that previous private discussions allowed for direct requests by the candidate himself in public venues.

      • Alan Cole says:

        Today’s NYTs article reads: “But according to the indictment, the same day Mr. Trump made those statements, on July 27, 2016, Russian hackers tried for the first time to break into the servers used by Mrs. Clinton’s personal offices.”
        That looks like a command and control situation to me.

        • readerOfTeaLeaves says:

          Agree.  As if things had been set up and tested, and they were waiting for a ‘go’ signal.

        • csno says:

          Come on. He asked for the 30,000 missing emails. They were long gone. Certainly not on her active server.

    • harpie says:

      Teddy, here is Christopher Ingraham, WaPo data reporter:

      July 27, 2016, Trump: “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing.” 

      Indictment: [screenshot, Count 22] That evening, Russian operatives targeted Clinton campaign emails “for the first time.” [harpie transcription: […] on or about July 27, 2016, the conspirators attempted to spearfish for the first time email accounts at a domain hosted by a third party provider and used by Clinton’s personal office. […]]

    • Will Monox says:

      More than reasonable surmise. After MSNBC’S Katy Turr repeatedly pressed Trump about asking a hostile foreign state to hack a US candidate, Trump said that Russia probably already had them. Now why do you think he figured that?

  2. pseudonymous in nc says:

    The hackers targeted a DCCC computer in Illinois.

    I don’t think the indictment says that, though it does say the stolen DNC/DCCC docs were exfiltrated with X-Tunnel to an Illinois box. It would make hackerish sense to seek out hosting providers that were physically/digitally close to their targeted networks for file transfers since it’s bandwidth-intensive than the X-Agent monitoring done from Arizona.

    The June 27 access to a password-protected section of DCLeaks is documented here: Victim 1 is Sarah Hamilton.

    • Michael says:

      “Very unfair. Fake news. A lot of people are saying[TM] that it’s fake news; unfair and fake news. It’s very unfair.” (Sorry; I cannot write as badly as Donnie speaks.)

      Recite the lie loud and often. Eventually, people will believe you.

  3. Cary Wilson says:

    Pretty clear the Trump Presidency is illegitimate and impeachment a Constitutional imperative.

  4. Cary Wilson says:

    What do you think of this?:


    Um, yes.

    There’s also the fact that the Republican nominee president was ON A DAILY BASIS encouraging people to read the WikiLeaks emails.

    He’d already been told that the Russians had stolen those.

  5. Peterr says:

    From Count Ten (Conspiracy to Launder Money):

    57. To facilitate the purchase of infrastructure used in their hacking activity . . . the Defendants conspired to launder the equivalent of $95,000 through a web of transactions structured to capitalize on the perceived anonymity of cryptocurrencies such as bitcoin.

    The phrase “perceived anonymity” caught my eye. Reading further in the indictment, they don’t say that the US has cracked the anonymity of bitcoin, but rather they tracked the Russians as they made purchases and checked on their accounts:

    60. The Conspirators used several dedicated email accounts to track basic bitcoin transaction information and to facilitate bitcoin payments to vendors. . . .

    61. On occasion, the Conspirators facilitated bitcoin payments using the same computers that they used to conduct their hacking activity, including to create and send test spearphishing emails.

    There’s more like this in the paragraphs that follow. Taken as a whole, the “perceived anonymity” does not seem to be bitcoin related, but rather how the GRU purchased and moved their bitcoin around. Once the US finds an email that says “send exactly 0.026043 bitcoin,” they could then dig around and find that specific transaction in the bitcoin Blockchain. (See paragraph 60)

    Sounds like the GRU forgot that the first rule of anonymizing bitcoin is “Don’t talk about bitcoin.”

    This indictment reads like a wonderful example of the US engaging in taking back-bearings — once you know you’ve been penetrated, you follow the trail backwards to see what it leads you to. (See The Honorable Schoolboy, John LeCarre’s followup to Tinker, Tailor, Soldier, Spy for a wonderful, novel-length exploration of how back-bearings work.)

    • SpaceLifeForm says:

      “…but rather they tracked the Russians as they made purchases and checked on their accounts:”

      [I call that Metadata]

    • Eutectic says:

      “cracked the anonymity of bitcoin”

      Bitcoin is not anonymous and was never meant to be anonymous there is no ‘cracking’ to be done. All transactions are clearly tracked in the ledger with the associated IP address.

      Now combine something like IP address obfuscation via Tor, VPN, proxy, etc… with bitcoin and you have ways to stay anonymous given proper op-sec. But that has more to do with IP addresses than bitcoin.

      But bitcoin itself was never meant to be obscure anything.

  6. CaliLawyer says:

    Been wondering for a while how deeply involved the Russians are in the right wing media eco-system. Rumor has it that Hannity has been under national security surveillance for a while now.

    • Charles says:

      I think the historical links between right-wing movements across the world are long and deep. I am currently reading a book on Catherine the Great. The history of how Russian interests and alliances evolved has relevance even today. Putin has shown an interest in the “Old Believers,” a reactionary Orthodox sect, and in any case has been involved in a revival of religion. This means that the interests of right-wing Christians in this country intersect with those in Russia. Putin’s persecution of gays is just one example. To me the most astounding thing is Putin’s willingness to use neo-Nazi groups to attain his ends. It wasn’t that long ago that Stalin was learning that fascists don’t keep their word when it comes to territory.

      I view the attack on the election as a confluence of interest groups rather than as a nation-state attack per se. It brought together actors from many nations, some for financial motives, some for ideological motives, but in general with an eye toward weakening US influence in the Middle East and Europe. And who knows but that we may find the Chinese saw the rise of Trump as a chance to deal with their sphere of interest.

      So, to your question, I think the answer is “birds of a feather.” For our nation’s sake, I hope they have been under surveillance.  The world needs to address its serious problems. We can’t afford a prolonged period of chaos as the Great Powers dispute over pieces of a rapidly warming earth.

      • cat herder says:

        You can’t dismiss the possibility that it was a nation-state laundering their activities through outside interest groups, as a shield. Happens all the time and I would guess it’s more likely than a bunch of groups with similar interests all happening on the same solution at the same time.

        • Charles says:

          As for the specific activities charged by Mueller, they are very definitely one nation-state attacking another.


          But I’m thinking of the election interference more generally. For example, did Russia use corporations or criminal enterprises to do some of its work? If so, the line between nation-state, business, and crime has become blurred. Were the businesses or criminal enterprises not purely Russian but involving other countries, like the UK, Israel, UAE, Cyprus, etc. involved? Did governments in those countries turn a blind eye or even encourage the interference? If so, then it’s not just a Russian enterprise. And how about an organization like Wikileaks, which is multinational and ostensibly an NGO, but seems to have been central to the plot?


          Russia clearly seems to be the principal non-American actor. But there is so much we don’t know. What we can see is that there were lots of people with motives to want to see Hillary defeated and/or Trump elected, and that some of those activities do not seem to have simply been for profit.

          Thinking in terms of interest groups might help to explain certain things like why there was a multiplicity of approaches to Trump.  Instead of a top-down conspiracy, one can think of a confederacy of dunces.

          • Trip says:

            There is plenty of info on this in the public domain. It’s too bad Mueller will never reach the absolute bottom of it.

        • SpaceLifeForm says:

          Sorta like laundering money from Koch and Mercer via Panama to Russia to NRA back into US?

    • Teddy says:

      Papa Koch sold to the Russian Commies before almost anyone else did; set up their entire energy sector.

    • Hugo says:

      I co-managed a Facebook interest group about Ukraine 2013-14. We very quickly had to deal with bots and trolls, so vetting people before admitting them became a important. It soon became clear that “likes/following” of right-wing stuff was one of the give-always of trolls and bots. It seems pretty clear that the Russian Social Media  operation during the Ukraine crisis was something of a trial run for what happened in 2016.

  7. Charles says:

    Peterr says, “The phrase ‘perceived anonymity’ caught my eye. Reading further in the indictment, they don’t say that the US has cracked the anonymity of bitcoin, but rather they tracked the Russians as they made purchases and checked on their accounts:”

    There are many tantalizing tidbits in the indictment about the degree to which US electronic surveillance can monitor communications, tidbits that doubtless has Russian intelligence scrambling. Considering what a genius Assange thinks he is, I was especially interested in how thoroughly they seemed to have penetrated Wikileaks’ communications. Given the lapse of time between the events described in the indictment and now, they could have brute-forced almost anything, assuming they knew where to look. But more likely they were looking at the time.

  8. Pete says:

    And to state what I think is obvious…it would appear there is nothing in this set of indictments that intersects with Marcy’s “Putting a Face On” post. And so must wait impatiently if not fidgeting for that.

    But it seems there is at least two more areas of attention for Mueller if Mark Meadows and Benczkowski don’t muck things up first.

    Two minute warning – or perhaps to be more international – are we in extra time of the second half?

  9. DMM says:

    Any lawyers, help me out here. Page 2, paragraph 2 of the indictment describes the conspiracy as:

    [1] to hack into computers,

    [2] to steal documents from those computers, and

    [3] “stage releases of the stolen documents to interfere with the 2016 US presidential election.”

    Could [3] stand alone as a charge? That is, while the indictment only names Russian agents, could anyone else involved only in this last part, the “stag[ing] releases” part, be charged here? If so, what actions would rise to “conspiring to…”? Would Assange’s releasing them in this manner put him in jeopardy? What about someone who discussed it with the GRU hackers, or urged them to release them (thinking DTTjr and/or Stone)?

  10. person1597 says:

    What happens when you google “#trumpotemkin”?


    And what’s next?



  11. pseudonymous in nc says:

    The indictments are signed by Mueller, so we won’t know who the lead prosecutors are until there’s some court action with Amy Berman Jackson. Probably Ryan Dickey / Jeannie Rhee again, as with the Internet Research Agency? So there are still a few working on Other Things in a non-appellant capacity.

  12. Rapier says:

    With no possible trial this story will have a shelf life of maybe a week.  Muller is 1 million times more likely to be jailed than those Russians.

  13. jf-fl says:

    Am I correct in suspecting they’re separating Russian indictments and american indictments intentionally (to preserve sources and methods of evidence gathering)?

    Even so I’m also trying to figure out if this in any way implies that all of the rodger-stone related grand jury testimony leaked over recent months means that the grand jury couldn’t agree on that evidence.   Obviously if there’s no stone indictment they’d never tell us, so it seems every day that goes by now it’s fair to discount stone’s complicity accordingly.

    • bmaz says:

      “….so it seems every day that goes by now it’s fair to discount stone’s complicity accordingly.”

      Yeah, I would not suggest making that assumption. Not at all.

        • Peterr says:

          He flipped his lid years ago, when he got that big Nixon tattoo on his back.

          But if you mean he flipped to help Mueller, “someone” who suggested it has been smoking something. Anyone with a big Nixon tattoo on his back is not going to flip, no matter what. We’re in G. Gordon Liddy territory (“Just tell me which corner to stand on”) with Stone.

              • Trip says:

                Ha!  No, what I figured was that if he was still blabbing chances are that he hadn’t flipped. Whether the indictment makes reference to him or someone else, I would not take (a ratfucker’s) Roger Stone’s word.

          • Bob Conyers says:

            I think he could be a hard nut to crack, but I wouldn’t rule it out. First, while the Watergate prosecutors were lokking at a fairly narrow set of crimes involving Liddy, I wouldn’t assume that’s the case with Stone. Liddy was also fairly young, while Stone is potentially looking at life in prison – he can’t assume Trump will pardon him if he takes a fall.

            Also, like Trump, Stone is a flunky of Roy Cohn. Ultimately, Cohn’s only loyalty was to himself. Trump learned that lesson, and I would bet Stone did too. I am sure Stone won’t sell out easily, but I could absolutely see him being another Sater or Nader.

            • Trip says:

              Trump never learned that lesson. That’s why he wanted a redux of Roy Cohen (in Sessions, in M Cohen, etc etc).

  14. SpaceLifeForm says:

    April 7, 2016: Yermakov runs technical query for DCCC’s internet protocol configurations

    [Someone ran nmap]

    [And probably did not run in stealth mode, so it was obvious]

  15. jf-fl says:

    bmaz says:
    July 13, 2018 at 5:40 pm
    so it seems every day that goes by now it’s fair to discount stone’s complicity accordingly.”

    Yeah, I would not suggest making that assumption. Not at all.

    No reason given on your part so I’ll assume you’re just saying you don’t like hearing my comment.

    Ultimately complicity to a legal standard starts with an indictment. With months of testimony regarding stone and nothing to show for it- the probability he’ll never be indicted is non-zero. If that happened we’d never be informed, so every day (or friday) that we’re never informed of an indictment decreases the odds he’ll be indicted (for these actions anyways).

    People have a hard time with low probability events, but this one’s pretty basic math and logic-wise. If the evidence is there as we suspect, I personally hope they indict him and would still favor that as an outcome, but I’m preparing myself that it was too much of a grey area for grand jury. Every no-rodger-friday I’ll be adjusting my bayesian priors accordingly.

    • bmaz says:

      No, I am calling bullshit on every ounce of what you allege. And without any better support, I am still fine with that. You want to talk about “legal standard”, ante up pal. Be aware there are people that frequent this blog that do, and/or have done, criminal law for a living. So, bring your best shot. To date, you have demonstrated nothing other than that you are an idiot.

    • Teddy says:

      “Nothing to show for it” is an odd presumption about a non-leaking special counsel investigation, to be sure.  None of us will see anything but “nothing” until we see everything.  The idea that something would peek out is silly.

      And time passing without an indictment is just that: the passage of time.  Not hourglass sand slipping away, not by a long shot.  Time is actually on Mueller’s side, since the closer we get to a Congress that might actually protect him, value his work and act on it, the better off he is.


  16. getouttahere says:

    The SC team is demonstrating great legal craftmanship. This is all of a piece. Sure, no    U. S. citizens were named in this indictment. I guess it depends on what the meaning of “this” is. For certain U. S. citizens not named in this indictment, this has to be one helluva Friday the 13th. Gives a whole new meaning to TGIF.  I think the SC will be taking calls.  The train is in the station, but it will be leaving.

  17. cfost says:

    Here’s a thought. We could send Rep. Gosar to Helsinki to accompany DT during his meeting with Putin. That way, when Trump asks Putin if Russia interfered with the 2016 elections, we’ll know whether or not Putin is lying!
    Actually, I’m surprised that neither the stable genius nor Jay Sekulow thought of this earlier……

  18. Dc says:

    Nice job on MSNBC just now. Just sayin’, the stakes of saying “blowjob” are really high right now. We need your sanity and insights on the TeeVee!!!

  19. Jose Medina says:

    Quoting directly from the Deputy Attorney General Rod Rosenstein at today’s annoucement: “There is no allegation in this indictment that any American citizen committed a crime” and “There is no allegation that the conspiracy altered the vote count or changed any election result.”

    • earlofhuntingdon says:

      You could believe the first lines of this adventure:

      NOTICE: Persons attempting to find a motive in this narrative will be prosecuted; persons attempting to find a moral in it will be banished; persons attempting to find a plot in it will be shot.

      Or, you could believe your lying eyes.  Mueller is a master craftsman.  The indictment was drawn with precision.  That there is no allegation in this indictment says nothing about whether any American citizen was involved, and whether vote totals or electoral decisions were changed.  The silence is deafening.

      Mueller is performing a symphony about lawyering and good citizenship.  This indictment is a prelude.  There will be more, grander indictments to come.

  20. klynn says:

    The timezone stamps are critical.  Big time critical. Smoking gun critical.

    Twitter is our friend too.

  21. Rusharuse says:

    . . so now President Trump acknowledges Russian interference, admits that he and his government are illegitimate, hands over the reigns to Hillary. No impeachment just peacefull handover of power and sincere apology.

    Good result, long time coming, happy with that!

    • SpaceLifeForm says:

      Even if that totally implausible scenario could happen (it can not), it does not solve the underlying problem.

  22. frs says:

    At what point do we find out that actual votes were altered in the five states that Trump won by very slim margin? I raise this since most ballots are kept for two years and then destroyed. The two-year mark is this November.

  23. Rusharuse says:

    Kiss of death –
    I guess Matty baby (who gave Srozza such a hard time) is up shit creek . .

    “Congressman Matt Gaetz of Florida is one of the finest and most talented people in Congress,” Trump wrote. “Strong on Crime, the Border, Illegal Immigration, the 2nd Amendment, our great Military & Vets, Matt worked tirelessly on helping to get our Massive Tax Cuts. He has my Full Endorsement!”

    To Russia I flew but there and then
    I suddenly knew you’d care again
    My running around is through
    I’d fly to you
    From Russia with love
    Matt Monro
    ( . . who can forget “The Italian Job”, Alps, Lamborghini Miura, Rossano Brazzi, Matt crooning – “On Days like these”. Ahh, the balmy, carefree world before Trump.)

  24. Curious says:

    Not sure exactly what to write here being an European and all having basically zero investment into the political system of USA, though one thought struck me as being interesting pertaining to espionage, which I am sure USA is all too busy doing all the time against other countries (not mentioning the other obvious terrible things):

    From reading bits of the story so far after the announced indictment against the russians, it isn’t clear to me if the russians is to have acquired unauthorized information pertaining to the very election system itself (what things would that have been beside info on officials?), and I can’t help but wonder if Gowdy’s quote in the news about this being an attack on the nation of USA is disingenuous, if the merit of the evidence suggests foremost espionage, and with the notion of there being an “attack” on the US election (or an attack on Hillary being a presidential candidate) being more like in gest on behalf of nationalism, or being the means to try angle espionage into an attack on the election itself, in times of well, tension and what seems to be an ever lasting period of terrible computer security, and as I understand it also insecure election systems (particularly poorly designed voting machines, which iirc there has been lots of stories about).

    As much as I would like to think that Russia as a state would not want to get caught directly interfering with state processes, because of how provocative that would be, given the wars and as I understand it, multiple interferences into other countries’ elections through history by USA, I honestly don’t know quite know what to think about all of this.

    • Rusharuse says:

      Interesting! Just think of a political party selling out to a foreign power, then think of ways to divert attention from that treasonous act. Start there!

    • Trip says:

      @(un)Curious, That was a long drawn out 3 paragraph (3) run-on sentence, attempting a subversive way of saying the US deserved it, had it coming, and you don’t care.

      @Rusharuse,  Bingo, that was exactly this person’s aim, but alas, close… but no cigar.

      • Curious says:

        I won’t start arguing with you, but I just want to state the following that I hope you all find enlightning re. what I wrote previously:

        I already said that I don’t care about US politics, in that I have no investment in it. Though I do find anything USA occasionally interesting as spectator. Me not caring doesn’t really come into this at all, and so it wouldn’t be fair to call on me to really care in the first place, as if I am supposed to promote US interests or whatever that would be deemed politically correct by anyone. I did not come here to this blog to spout diabolic opinions (wrong audience I am sure), but I really do not want to sugar coat my opinions just to make myself popular. Which leads me to the next point.

        I would say that the interesting thing in what I wrote isn’t so much if US deserved “it” (whatever you like to put into that), but it’s just that in a world where the use of the word “attack” is not so much being descriptive of an event, but instead seemingly being used as an “emotional” word to prescribe a point of view, or perhaps rather a sentiment in a political setting, that ultimately is called on to invoke a sense of nationalism, most likely in the form us-vs them, with whatever follows from that. This call for such type of nationalism or unity if you will, was even seen in of the most recent hearing in the ‘House Judiciary Committee’, in how it iirc was simply said by someone (I don’t know who it was, I ought to start writing stuff down), that undermining the FBI would be detrimental to the country (or something to that effect). I can understand there might arise potential problems with there being a poor public perception of the FBI, or perhaps more importantly, just with people already working for the government, however, to me it just seems obvious that in calling on a sense of unity inside a hearing, seems wrong somehow. Probably because of how it perhaps creates a collective expectation of limiting any critique of anyone working for the FBI. Even worse, I could easily imagine a potential scandal that really hurt the FBI (somehow) because of the hearings (presumably there are so to speak scandals lying around here and there), and then perhaps there would be an expectation of needing to cover that up, in lieu of non-partisanship, or unity if you will. And then I haven’t elaborated on how awkward I think it is, in thinking that maybe a government would rely on a mass media to hm create a bias in people, like what one expect to happen given how people still turn to the news for whatever reason. I will personally admit that for me news tend to be something more like entertainment than news for sake of being informed; however I also find news to be a little depressing so I am a little careful not exposing myself too much to it. I haven’t watched tv in 20 years or so, and I am now wondering if maybe news on the internet is less classy than when presented on tv, in the sense of perhaps being less crude and sentionalistic.

        • Trip says:

          I saw zero instances of Marcy using the phrase “attack”.

          You went from assessing the Russian actions, in your first comment, in relationship to the US and that they (the US does it) or did it too (so it’s a wash and not consequential), to now, a critique of media coverage, which, apparently, you don’t watch.

          The phrase “cyberattack” is used universally, even if not by a foreign gov’t or any agents thereof. A bunch of kids could perpetrate a cyberattack.

          Cyberattacks as defined by Technopedia:

          Cyberattacks may include the following consequences:

          Identity theft, fraud, extortion
          Malware, pharming, phishing, spamming, spoofing, spyware, Trojans and viruses
          Stolen hardware, such as laptops or mobile devices
          Denial-of-service and distributed denial-of-service attacks
          Breach of access
          Password sniffing
          System infiltration
          Website defacement
          Private and public Web browser exploits
          Instant messaging abuse
          Intellectual property (IP) theft or unauthorized access

          Within this context, the use is perfectly acceptable. People in the US often shorten phrases and words. Cyberattack may be reduced to “attack”. Another example is “photoshopped” (for an altered image via the program) which may be reduced to “shopped”.

          Marcy has been out in front in criticism of gov’t programs and agencies, so I don’t get this ‘unity’ BS. She separates analysis for individual cases.

          This website is critical of news coverage by both writers and commenters. And for someone who doesn’t watch, you’ve surely picked up a lot that annoys you, but only in so far as criticism of people who were appalled by the McCarthy type circus surrounding accusations toward the FBI agent. No one here is all about protecting the agency at all costs, we know faults and fuckery. At the same time, we can all see a crystal clear crusade to destroy a person and their reputation (even if he is an FBI agent , with warts and all) simply to maintain power and crush dissent.

    • SpaceLifeForm says:

      I catch your drift completely. Thank you for paying attention.

      “Gowdy’s quote in the news about this being an attack on the nation of USA is disingenuous, ”

      [Damn straight. It’s always Russia to the corrupt blackmailed GOP folk. But it is not all Russia. They want to make Russia the scapegoat even though most of the problem is in US]

      [Guessing you are in UK. Have you been following @chrisinsilco ? Brexit? Facebook? Do you realize that the problem is on both sides of the pond?]

    • Rayne says:

      How odd for a European citizen not to see let alone feel the connection between the illegal foreign influence campaign on a U.S. presidential election and the status of NATO, let alone the parallel with UK’s Brexit and its membership in the EU.

      How very odd.

  25. Desider says:

    My sense is that Mueller publicly focusing on/indicting Russians only avoids the Dem/GOP foodfight while getting Russia’s culpability established – far far past the Steele Dossier at this point. If this data point gets firmly established, it can pre-empt the continual fog of irrelevant facts and FUD.

    • Bob Conyers says:

      I think this is a reasonable take.My only caution is that there is a lot we don’t know.

      I have no doubt GOP craziness is driving the timing of a lot of decisions, but I would not be surprised if a lot of the reasoning is something that stays locked up for years, if not forevever.

  26. JP says:

    I am a new reader of this site – which is a very fine site.

    But I have a question.

    It seems to me to be clear that Trump and Putin are engaged in an active conspiracy – to destroy the American democracy and replace it with a flat despotism. It just seems entirely obvious to me that this is true.

    They will be meeting in Helsinki entirely alone – no one else – no translators – just them.

    Why? Obviously to carry the plot forward.

    What will they talk about? About the measures Russia will take to elect Republicans in the November elections.

    They will likely be successful – and will have even stronger Republican majorities in both the House and the Senate.

    What happens from that? Among other horrors what will happen is that it will not make the slightest difference what Muller may say in his report. The Trump/Congress will bury it – it will never ever see the light of day – and Trump will never ever be impeached – and we are well on our way to a flat despotism here and that will be that.

    In what way am I wrong?

    • Thomas says:

      Here is something I have thought about, which may lead to the majority of the Republican Party ditching Trump:

      Michael Cohen recorded LOTS of phone conversations, and it is known that some of the material collected by the raid on him, is material about Sean Hannity. We don’t know if any of it is protected by attorney client priviledge. Cohen’s lawyers asserted in court that Hannity was a client, and Hannity denied that Cohen was his lawyer (eventually).

      Hannity and Cohen staged a little theater act, on national television, in which the two pretended to have no other relationship than journalist/interviewee. In that performance, they mocked the assertion in the Steele Dossier that Cohen traveled to Prague to meet with Russian agents in August 2016. Before the raid, there were reports that Mueller had evidence that Cohen had, in fact, traveled to Prague.

      From the Stormy Daniels case, we know that “theater acts” were a regular business Cohen practiced with Hannity.

      If Cohen’s stash of texts, emails, recordings and documents reveal that Hannity (and perhaps, Fox News) are engaged in a criminal conspiracy to defraud the United States, then Fox News may cease to exist. There is not a license to aid a foreign adversary in committing crimes and to engage in disinformation espionage.  Or to help criminals cover up their crimes by mass jury pool manipulation.

      The license to operate a mass media outlet is only a license, and the American people are the owners of the asset. There are a variety of methods by which Fox News can be dismantled, if the political will to do it exists.

      The evolution of Fox into a de facto state propaganda network promoting a cult of personality that routinely reports lies as facts is already well documented. Cohen’s stash may prove that they are not just mistaken or incompetent or opinionated, but that they are engaging in a massive criminal fraud.

      Ask any Trump crackpot where they got their crackpot ideas. Trump repeating Fox or Fox repeating Trump. Also well documented.

      My point is this: No Fox, no mass media dissemination of the criminal crackpot’s agenda.

      • Rayne says:

        Thanks for sharing; Fox played some role but it’s not yet clear what it was beyond force magnification/message amplification. I worry we’re not addressing the rise of Sinclair at local level while Fox continues damage at national level — a two-fer.

        Want to point out you have two accounts here; perhaps you created a second one because a post didn’t clear moderation in a timely fashion, not certain. Please stick to one account as using two or more constitutes sock puppeting.

    • SpaceLifeForm says:

      This is why every American Citizen that is elligible to vote on 2018-11-06 does not be lazy, and actually votes.

  27. klynn says:

    That org charted EW tweeted out would be even better with dates of critical actions. An overlay of DT quotes and tweets that align with the actions would make it even better. The DNC “numbers” tweet has been one curious tweet to me.

    • JP says:


      Anna Giaritelli of the Washington Examiner says no translators at all. Just Trump & Putin.

      That to me is the clear mark that this is a meeting  designed to conspire  – no witnesses.
       Anna Giaritelli

       | July 03, 2018 10:27 AM

    • Rayne says:

      We won’t actually know that for certain until the moment Trump and Putin meet. Can we really trust anything anyone attached to this White House says? Think back to Rex Tillerson’s February meeting in Turkey — there were no other officials, no note takers, no translators in the meeting with Erdogan and Turkey’s foreign minister. The American public didn’t know this until after the fact.

  28. Jacob says:

    “The hackers leased a DCCC computer in Illinois.” Leased a DCCC computer??? What is that supposed to mean? The DCCC isn’t in the business of renting out computers. Did you mean “breached”?

  29. JAAG says:

    Taking a time out here.

    A) They are giving out Pulitzers to the NYT for what amounts to interviewing a problem client at the oval. Sure, it takes patience.
    B) EW covers the shit out of this from her home office and renders the beginning of the conspiracy map a sort of unsurprising confirmation. This basically corroborates what she (and only she) has been writing for a while.

    To the wide array of salaried journalists who read this blog and harvest its ideas; give credit publicly, and in print.

  30. dimmsdale says:

    Sorry if this appeared in another thread or if I missed it, but does anyone have the URL for Marcy’s appearance on MSNBC?

    Also, my hat’s off to all you EW commenters;  I very much appreciate the elucidation.

  31. dimmsdale says:

    Never mind, found it. (for those wondering, I searched Youtube for “Chris Hayes Marcy Wheeler”)…obvious, shoulda done that first. Again my thanks to the community here. I put my twitter-metic on Marcy’s feed and suspect it’ll stay there for the immediate future. Interesting times……

  32. Curious says:

    Looking through the recent article at Lawfarer’s blog website, I get an idea of how the russian military is to have hacked US officials, and reading about fishing attacks (was also pointed out in the press conference yesterday) without being an expert on such subject matter, I think I’ve learned that this kind of efforts into hacking is a bit silly given how nobody ought to click on any hyperlinks in their email messages, though ofc the keylogging and such seems very advanced in comparison.

    I wonder, given how the press conference for this indictment was yesterday, what dictated the timing of this press conference? If it was Gowdey’s insistence of “finish the hell up” (or whatever he said), I wonder if the timing of the indictment was delayed, and also, would it matter if such an indictment was delayed (or hastened) anyway?

    • bmaz says:

      That’s swell. How much email do you get? Is it a LOT where you could easily stumble into a phishing attack (by the way, it is not “fishing”), or naw and it is easy for you monitor.

      Or, I guess, you can just shit on and blame the victim of the attack as you have here. So well played, old chap.

      • Curious says:

        Well, I would argue that morale is that you ought not, and never EVER click a link in an email. Presumably, the easiest trick is to rename a hyperlink looking like an url, while the real url is something else. Though, I honestly don’t know how bad things are with email re. security, I just think corporations should stop soliciting the user to click on links and on buttons.

        • Curious says:

          I should add: Better not click on anything at all in an email.

          I swear I have even read somewhat recently, about how hovering your mouse over a hyperlink in an email can be monitored (sadly I forgot the details of which I read).

          • SpaceLifeForm says:

            That would be javascript. Even if you do not click, the javascript can know that you did the mouseover event.

            The javascript knows the URL.

            Even if you never click, the Javascript can tell a C2 (command and control) that your computer had that URL.

            The URL can have a specific non-obvious ‘cookie’ that then can track you.

            In fact, you do not even have to do the mouse-over.

            Javascript can be evil.

    • Eutectic says:

      Spearphishing is a typical tactic as the -first- intrusion into an organizations network. It’s not trivial or silly to set up a convincing fake website, spoof email origins, and find email addresses to exploit.

      It was also just the one of the first steps in Russian operations.

      The indictment lists a number of servers hacked without mention of stolen credentials, further googling will tell you the Russians had a number of zero-day exploits they used to penetrate servers. Exploits that were unknown beforehand and would be unusable after only a short period of time after their first use.

      They also used encrypted remote access trojan/worms that were specifically written or optimized just for this DNC/Clinton operation, google the history of x-access and x-tunnel.

      This was an advanced operation on the nation-state scale of hacking. This wasn’t a couple amateurs futzing about.

      It’s hard to overstate just how much effort and resources went into these hacks. Dozens of Russian military trained intelligence and computer security experts.

      • Trip says:

        If you read back a couple of comments from this person, there is a general theme of minimization, except for media coverage, but only as it pertains to response to the acts, not the acts or cyberattacks themselves, with this one blaming fools for falling for the scheme in the first place.  I sense an agenda, but I’m not a moderator, so I will leave it at that.

      • Curious says:

        I stand corrected that it isn’t ‘silly’ to be exposed to a fishing attack. I guess I perhaps meant to say that it is silly to not take security seriously when handling one’s email.

        • harpie says:

          hmmm… curious…this commenter doesn’t even know what it is he/she/it meant to say!


        • JAAG says:

          You are to hacking what high school guidance counsellors are to angst. I appreciate the tip captain obv-ski.

      • SpaceLifeForm says:

        “It’s not trivial or silly to set up a convincing fake website, spoof email origins, and find email addresses to exploit.”

        BULLSHIT. It is trivial.

        Especially if you have lots of black-budget money.

  33. Dr. R.Bannon says:

    Makes me wonder if the recent Nerve Agent Assassinations aren’t a not so subtle reminder to the folks involved in this Operation that, if you renege on the deals you make with us we will find you and neither you, nor your family are safe.

    A guy like Manafort may be too far in. He has likely committed Treason so he can’t get a free pass from the SC, and he knows if he flips the FSB will come for him.

    • Teddy says:

      I have often wondered if Paul might be happiest in prison; now that he’s stated a preference not to be moved to Alexandria, I wonder who’s there.

  34. cfost says:

    Just a thought, given some of the comments above:

    This would be the time that RU would be testing and tweaking their bots, before the big rollout during the height of this year’s election season. They’re likely asking themselves how they can be convincing and persuasive without being obvious. They may feel that if they can fool the bloggers and commentators on this site, they can fool anyone. Trump fans are already convinced, so the objective now is to coax the moderates into Trump’s corner. And yes, Alexander Nix, you and yours will be dumped into the same basket as Goebbels by future historians.

  35. Curious says:

    Btw, I came across this twitter post that I thought might be interesting to mention here:

    “During the last election the Democrats reached out to me.” (and more)

    So, unless I am butchering this piece of US history, as I understand it, some time ago when the internet was not what it is today, a collection of US hackers that got caught by the authorities I guess, they ended up later testifying to US congress and stating something to the effect of testifying to how terrible computer or internet security was. And Mudge is one of these guys.

    Reading his tweets, he apparently wanted to offer insight into improving well operational security and I guess other things related to security measures, and by reading the tweets it seems that the advices he had was mostly ignored by the democrats on wanting to improve security. And then he also points out something like being distrusted by the republicans for having had anything to do with the democrats, even though he had wanted to offer assistance to both parties.

  36. Thomas says:

    Something that has jumped out at me:

    Recounts were defeated in court (not just in Wisconsin) basically because there was no evidence, at the time, that state election software was hacked. The July 13th 2018 indictment does assert, that voter verification software (and state election boards) was hacked by Russian intelligence. So, now evidence exists.

    One of the tricks often used by the Republican Party at the state level (per Greg Palast’s work) is that voters are scrubbed from the rolls, and then must complete a provisional ballot on election day. These are votes that ARE NOT COUNTED unless there is a recount, and machine only recounts will not count them.

    If there was a systematic attack on voter eligibility (and Cambridge Analytica’s datasets and the info stolen by Russian intelligence could finely tune that effort), then such a fraud was not likely to be revealed in the short amount of time allowed for recounts, due to “safe harbor” election laws.

    Not long ago, Trump tweeted a complaint that Mueller was “meddling in the elections.” Is it not entirely possible that Trump was alerted that the SC had uncovered the hacking of voter verification software?

    If this new indictment is an indication of the START of yet another thread of this criminal conspiracy, then is it not entirely possible that inquiries about voter registration hacking in all of the recount states (Not just Illinois) is or has been underway for some time?

    Certainly, the clues are now public, which lead in the direction of examining, whether or not boutique-model voter roll scrubbing–aided by hacked voter roll information and carried out with embedded malware (also mentioned in the indictment!)–was used to systematically disenfranchise voters in key locations in small numbers in order to tip the election.

    The prosecutorial method of Mueller’s investigation appears to establish narrative facts without assuming the narrative that I just laid out, but how far down the path will we go before dots are connected by someone?

    If my scenario is likely (and past Republican Party efforts seem in line with it!), then whoever put all the moving parts together is a genius. Not Trump, I think! But certainly, someone who wanted the results we see today.

    All of the support for the operation (the spying, hacking, messaging) points to a highly skilled team with keen insights into American politics. I think the Russians are outsource contractors, albeit ones with an axe of their own to grind, and interests of their own to pursue, and highly capable skills.

    That said, Mueller and his team are worthy adversaries of this organized crime outfit. If the execution of this conspiracy was genius, Mueller’s investigation of it, is, no less ingenious.

    Any observations on this tantalizing clue that the election was stolen, even if the SC will not make that conclusion at this time?

  37. dimmsdale says:

    Thanks, Bmaz. oddly I found the TV segment much scarier than any of Marcy’s posts so far (partly because Nick Akerman looks pretty spooked by the details in the indictment). Not just the details IN the indictment, but also the “what we don’t yet know” part.

  38. laura says:

    Hi Marcy,

    I enjoy reading your blog. Your insights on this matter are so valuable.

    I have not yet read the text of the indictment, but I did listen to the press conference, and believe I did notice one small discrepancy here.

    You wrote that Rosenstein made clear that Americans communicating with the conspirators did not know they were Russians.

    According to the transcript, it seems he said something more nuanced, “There is no allegation in the indictment that the Americans knew they were communicating with Russian intelligence officers.”

    So maybe they knew or maybe they didn’t. The only thing we can say is that the indictment does not allege that they did.

    At least that’s the way I understand his remarks.

  39. Michael Keenan says:

    This was left out of the timeline.

    [Link to a document shared on Google Drive removed for security purposes. If you wish to share that document, find a place to host an image of it which is not in Drive. /~Rayne]

  40. Julie Sisco says:

    Anyone remember that computer glitch that happened (Ithink) in Dec 2015 that allowed Bernie’s staff to view Hillary’s data? Could that glitch have been the Russians?

Comments are closed.