By Joseph Menn
SAN FRANCISCO (Reuters) – U.S. indictments against a dozen Russian intelligence officers on Friday provided detailed technical evidence to back up allegations of Russian hacking and leaking of information to influence the 2016 U.S. presidential election.
By tracing control of email and social media accounts and a tool for remote internet connections, the 29-page indictment document for the first time showed that the same group of Russians leased servers, targeted Democratic officials with phishing tricks aimed at capturing their online credentials and communicated with Republicans and other distributors of hacked information.
A federal grand jury on Friday charged 12 Russian intelligence officers with hacking Democratic computer networks in 2016 as part of Moscow’s meddling in the presidential election to help Republican Donald Trump.
Although a February indictment accused other Russians of spying and spreading propaganda on social media, it did not link those efforts with hacking, phishing attempts or distribution of hacked information to Republican operatives, a Republican congressional candidate and websites such as DCLeaks, which published the purloined material.
“The last indictment of Russians involved the so-called troll factories and online bot farms that were causing issues on Twitter,” said John Bambenek, vice president at security firm ThreatStop Inc.
“The interesting aspects of this indictment cover how connections were made between services due to reused email addresses, bitcoin wallets, and infrastructure. The Russians didn’t hide themselves that well.”
The conspirators used the same bitcoin funds to buy a virtual public network account for communications and to lease a server in Malaysia that hosted DCLeaks.com. They used the Malaysian server to log into the Twitter account of the online hacker persona Guccifer 2.0, and the same server was used to register websites used for hacking the Democratic committees, according to the indictment.
One of the Russians probed election websites in Iowa, Florida and Georgia, looking for vulnerabilities just days before the November election, the indictment charged.
Some researchers said the indictment might have depended on U.S. signals intelligence, the fruits of which are rarely revealed, because it quotes electronic messages sent to an unidentified organization presumed to be London-based WikiLeaks.
Communications between Guccifer 2 and WikiLeaks also undercut the contention of WikiLeaks founder Julian Assange that he did not obtain Democratic Party emails he published from Russia.
“The amount of intelligence gathering capability realized by this is astonishing,” said researcher Nicholas Weaver of the International Computer Science Institute, affiliated with the University of California at Berkeley.
In particular, emails between Guccifer 2 and the organization believed to be WikiLeaks “suggest that the NSA (U.S. National Security Agency) obtained access to either Guccifer 2’s email account, Wikileaks’ or both.”
The investigation also recovered specific internet searches by the Russians and what they looked for on hacked machines.
Revealing so much “says just how serious this is, and how important it is to acknowledge that Russia hacked the U.S. to aid Trump and hurt Clinton,” Weaver said.
(Reporting by Joseph Menn; Editing by John Walcott and Cynthia Osterman)