The special counsel's indictments name and accuse 12 Russian nationals of working on behalf of the Russia’s premier military intelligence agency to influence the 2016 election.
Deputy Attorney General Rod Rosenstein announced a bombshell set of indictments on July 13, pinning the blame on Russian intelligence operatives for a series of hacks directed against the Democratic National Committee, the Democratic Congressional Campaign Committee and the presidential campaign of Hillary Clinton.
The indictments obtained by Special Counsel Robert Mueller charge 12 Russian nationals of working on behalf of the Main Intelligence Directorate (known by its Russian-language acronym GRU), Russia’s premier military intelligence agency, to carry out a multi-faceted cyber attack with the intent of influencing the 2016 election. The individuals are charged with two separate violations of the Computer Fraud and Abuse Act, aggravated identity theft and money laundering, with the accused using bitcoin to pay for services in an attempt to mask their involvement.
"The internet allows foreign adversaries to attack America in new and unexpected ways," said Rosenstein in a press conference announcing the charges. "Free and fair elections are always hard fought and contentious. There will always be adversaries who seek to exacerbate our divisions and try to confuse, divide and conquer us."
The indicted individuals also are charged with targeting state and local election officials, voter registration databases as well as voting-machine software companies. According to the charging document, one such attempt yielded voter information on approximately 500,000 Americans, including names, addresses, partial social security numbers, dates of birth and driver’s license numbers. Another attempt resulted in the successful penetration of computers owned by an unnamed U.S. vendor that supplies software used to verify voter registration information the 2016 elections.
The objective of the conspiracy was "to hack into the computers of U.S. persons and entities involved in the 2016 U.S. presidential election, steal documents from those computers and stage release of the stolen documents to interfere with the 2016 U.S. presidential election," according to the indictments.
The document goes on to detail how the campaign consisted of two separate units: one to hack into the computer networks of targets and another to disseminate the stolen data to different individuals and organizations in order to amplify the findings in the media. The indictments name two such groups, Guccifer 2.0 and D.C. Leaks, as Russian cutouts designed to appear as independent sources.
A third, unnamed organization is also listed (under the label Organization 1) as being involved. The indictment describes Organization 1 as one that "had previously posted documents stolen from U.S. persons, entities and the U.S. government." Wikileaks, an organization with a history of releasing sensitive U.S. documents, released tens of thousands of emails from the DNC’s email database in 2016 but is not named in the indictment.
Rosenstein said efforts to protect the U.S. election system are "ongoing," and he cited work being done by DOJ, the Department of Homeland Security and state election boards that are designed to protect the 2018 mid-term elections from similar attacks.
"There is a concerted and organized effort by the federal government to make sure we do deter and prevent any sort of cyber attacks on our elections and that we harden our election systems to prevent against any kind of intrusions," Rosenstein said.
A day earlier, DHS' top cyber official testified to Congress that U.S. intelligence agencies have seen reduced activity around the election system in the lead-up to the 2018 elections.
"The 2018 mid-terms remain a potential target for Russian actors, but the intelligence community has yet to see any evidence of a robust campaign aimed at tampering with our election system infrastructure along the lines of 2016 or influencing the outcomes of the House and Senate races," said Christopher Krebs, head of the National Protection and Programs Directorate at DHS.
The indictment's revelations are likely to spur new calls for Congress and state governments to redouble efforts to improve election security. A bipartisan bill, the Secure Elections Act, would implement a number of election security measures recommended by cybersecurity experts. The bill picked up crucial co-sponsorships earlier this year from Senate Intelligence Committee leaders Richard Burr (R-N.C.) and Mark Warner (D-Va.) but has yet to be scheduled for a floor vote.
Sen. James Lankford (R-Okla.), one of the bill’s original co-sponsors, said he was pleased that the special counsel was aggressively pursuing Russia and called on his colleagues in Congress to pass election security legislation.
"Other nations or hacktivist groups could follow Russia’s example in the future; each state and the entire nation must be ready," Lankford said.
Sen. Ron Wyden (D-Ore.) is one of six Democratic senators to sponsor legislation that would require paper backups for electronic voting machines as well as post-election risk-limiting audits to verify the integrity of vote counts. Shortly after the indictments were announced, Wyden took to Twitter and re-emphasized the need for new legislation.
“This news makes clear Congress MUST pass my bill to require paper ballots and audits,“ he said. “Anything less is an invitation to Russia to do this again.”