Page:Report On The Investigation Into Russian Interference In The 2016 Presidential Election.pdf/45

This page has been validated.

U.S. Department of Justice

~~Attorney Work Product~~ // ~~May Contain Material Protected Under Fed. R. Crim. P. 6(e)~~

secure bitcoins used to purchase computer infrastructure used in hacking operations.^[1]

Military Unit 74455 is a related GRU unit with multiple departments that engaged in cyber operations. Unit 74455 assisted in the release of documents stolen by Unit 26165, the promotion of those releases, and the publication of anti-Clinton content on social media accounts operated by the GRU. Officers from Unit 74455 separately hacked computers belonging to state boards of elections, secretaries of state, and U.S. companies that supplied software and other technology related to the administration of U.S. elections.^[2]

Beginning in mid-March 2016, Unit 26165 had primary responsibility for hacking the DCCC and DNC, as well as email accounts of individuals affiliated with the Clinton Campaign:^[3]

Unit 26165 used IT to learn about Investigative Technique different Democratic websites, including democrats.org, hillaryclinton.com, dnc.org, and dccc.org. Investigative Technique

began before the GRU had obtained any credentials or gained access, indicating that the later DCCC and DNC intrusions were not crimes of opportunity but rather the result of targeting.^[4]
GRU officers also sent hundreds of spearphishing emails to the work and personal email accounts of Clinton Campaign employees and volunteers. Between March 10, 2016 and March 15, 2016, Unit 26165 appears to have sent approximately 90 spearphishing emails to email accounts at hillaryclinton.com. Starting on March 15, 2016, the GRU began targeting Google email accounts used by Clinton Campaign employees, along with a smaller number of dnc.org email accounts. ^[5]

The GRU spearphishing operation enabled it to gain access to numerous email accounts of Clinton Campaign employees and volunteers, including campaign chairman John Podesta, junior volunteers assigned to the Clinton Campaign's advance team, informal Clinton Campaign advisors, and a DNC employee.^[6] GRU officers stole tens of thousands of emails from spearphishing victims, including various Clinton Campaign-related communications.

download malware that enables the sender to gain access to an account or network. Netyksho Indictment ¶ 10.

↑ Bitcoin mining consists of unlocking new bitcoins by solving computational problems. IT kept its newly mined coins in an account on the bitcoin exchange platform CEX.io. To make purchases, the GRU routed funds into other accounts through transactions designed to obscure the source of funds. Netyksho Indictment ¶ 62.
↑ Netyksho Indictment ¶ 69.
↑ Netyksho Indictment ¶ 9.
↑ See SM-2589105, serials 144 & 495.
↑ Investigative Technique
↑ Investigative Technique

37

[2] Bitcoin mining consists of unlocking new bitcoins by solving computational problems. IT kept its newly mined coins in an account on the bitcoin exchange platform CEX.io. To make purchases, the GRU routed funds into other accounts through transactions designed to obscure the source of funds. Netyksho Indictment ¶ 62.

[3] Netyksho Indictment ¶ 69.

[4] Netyksho Indictment ¶ 9.

[5] See SM-2589105, serials 144 & 495.

[6] Investigative Technique

[7] Investigative Technique

[1]

[2]

[3]

[4]

[5]

[6]