Page:Report On The Investigation Into Russian Interference In The 2016 Presidential Election, Volume I, reprocessed June 2020.pdf/50

There was a problem when proofreading this page.

U.S. Department of Justice

~~Attorney Work Product~~ // ~~May Contain Material Protected Under Fed. R. Crim. P. 6(e)~~

GRU officers operated a Facebook page under the DCLeaks moniker, which they primarily used to promote releases of materials.^[1] The Facebook page was administered through a small number of preexisting GRU-controlled Facebook accounts.^[2]

GRU officers also used the DCLeaks Facebook account, the Twitter account @dcleaks_, and the email account dcleaksprojectgmail.com to communicate privately with reporters and other U.S. persons. GRU officers using the DCLeaks persona gave certain reporters early access to archives of leaked files by sending them links and passwords to pages on the dcleaks.com website that had not yet become public. For example, on July 14, 2016, GRU officers operating under the DCLeaks persona sent a link and password for a non-public DCLeaks webpage to a U.S. reporter via the Facebook account.^[3] Similarly, on September 14, 2016, GRU officers sent reporters Twitter direct messages from @dcleaks_, with a password to another non-public part of the dcleaks.com website.^[4]

The DCLeaks.com website remained operational and public until March 2017.

2. Guccifer 2.0

On June 14, 2016, the DNC and its cyber-response team announced the breach of the DNC network and suspected theft of DNC documents. In the statements, the cyber-response team alleged that Russian state-sponsored actors (which they referred to as "Fancy Bear") were responsible for the breach.^[5] Apparently in response to that announcement, on June 15, 2016, GRU officers using the persona Guccifer 2.0 created a WordPress blog. In the hours leading up to the launch of that WordPress blog, GRU officers logged into a Moscow-based server used and managed by Unit 74455 and searched for a number of specific words and phrases in English, including "some hundred sheets," "illuminati," and "worldwide known." Approximately two hours after the last of those searches, Guccifer 2,0 published its first post, attributing the DNC server hack to a lone Romanian hacker and using several of the unique English words and phrases that the GRU officers had searched for that day.^[6]

Tennessee-based web-hosting company, called Smartech Corporation. William Bastone, RNC E-Mail Was, in Fact, Hacked By Russians, The Smoking Gun (Dec. 13, 2016).

↑ Netyksho Indictment ¶ 38.
↑ See, e.g., Facebook Account 100008825623541 (Alice Donovan).
↑ 7/14/16 Facebook Message, ID 793058100795341 (DC Leaks) to ID Personal Privacy
↑ See, e.g., 9/14/16 Twitter DM, @dcleaks_ to Personal Privacy ; 9/14/16 Twitter DM, @dcleaks_ to Personal Privacy . The messages read; "Hi https:// t.co/QTvKUjQcOx pass:KvFsg%*14@gPgu& enjoy ;)."
↑ Dmitri Alperovitch, Bears in the Midst: Intrusion into the Democratic National Committee, CrowdStrike Blog (June 14, 2016). CrowdStrike updated its post after the June 15, 2016 post by Guccifer 2.0 claiming responsibility for the intrusion.
↑ Netyksho Indictment ¶¶ 41–42.

42

[2] Netyksho Indictment ¶ 38.

[3] See, e.g., Facebook Account 100008825623541 (Alice Donovan).

[4] 7/14/16 Facebook Message, ID 793058100795341 (DC Leaks) to ID Personal Privacy

[5] See, e.g., 9/14/16 Twitter DM, @dcleaks_ to Personal Privacy ; 9/14/16 Twitter DM, @dcleaks_ to Personal Privacy . The messages read; "Hi https:// t.co/QTvKUjQcOx pass:KvFsg%*14@gPgu& enjoy ;)."

[6] Dmitri Alperovitch, Bears in the Midst: Intrusion into the Democratic National Committee, CrowdStrike Blog (June 14, 2016). CrowdStrike updated its post after the June 15, 2016 post by Guccifer 2.0 claiming responsibility for the intrusion.

[7] Netyksho Indictment ¶¶ 41–42.

[1]

[2]

[3]

[4]

[5]

[6]