Skip to main contentSkip to navigationSkip to navigation
Donald Trump and Hillary Clinton at their presidential debate in St Louis in October 2016. The timing coincidence was only one of the striking details contained in Friday’s indictment.
Donald Trump and Hillary Clinton at their presidential debate in St Louis in October 2016. The timing coincidence was only one of the striking details contained in Friday’s indictment. Photograph: POOL/Reuters
Donald Trump and Hillary Clinton at their presidential debate in St Louis in October 2016. The timing coincidence was only one of the striking details contained in Friday’s indictment. Photograph: POOL/Reuters

Russians tried to hack Clinton server on day Trump urged email search

This article is more than 5 years old

Prosecutors say spies began hacking on 27 July 2016 – but indictment does not suggest direct link with Trump’s request

Russian spies began trying to hack Hillary Clinton’s personal email server on the very day Donald Trump urged the Russian government to find emails Clinton had erased, prosecutors said on Friday.

An indictment filed by Robert Mueller, the special counsel, said Russian hackers attempted “for the first time” to break into email accounts used by Clinton’s personal office “after hours” on 27 July 2016.

That day, at an event in Florida, Trump invited the Russian state to search for the approximately 30,000 emails that Clinton was found to have deleted from her private server on the grounds that they were not related to government work.

“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” Trump said. “I think you will probably be rewarded mightily by our press.”

No direct link with Trump’s remark was alleged in Mueller’s indictment.

Trump’s message of encouragement has become notorious since US intelligence agencies concluded that Russia hacked the email of senior Democrats as part of a wide-ranging operation to damage Clinton’s campaign and assist Trump. The US alleged the operation was personally directed by president Vladimir Putin.

Clinton was investigated by the FBI for using a private email server for her correspondence as secretary of state. Investigators said she had been “extremely careless” but no evidence of a successful foreign intrusion was found.

The timing coincidence was only one of the striking details contained in Friday’s indictment of 12 alleged Russian intelligence officials, who are accused of wreaking havoc in the 2016 US election with a hack-and-leak conspiracy.

The 29-page filing told the story of an aggressive cyber-attack on the Democratic party establishment that was working to elect Clinton. It said Russia also conspired to break into the computer systems of state elections authorities and election equipment manufacturers, to steal sensitive information about American voters.

It further revealed that an unidentified US congressional candidate received stolen documents relating to his or her opponent from the Russian operatives in August 2016. The Russian hackers also transferred large amounts of data to a state-registered lobbyist and a reporter, the indictment said.

And it confirmed that in August 2016, Russian intelligence communicated with “a person who was in regular contact with senior members of the presidential campaign of Donald J Trump”. Roger Stone, a longtime adviser to Trump and a veteran of political dark arts, has already acknowledged messaging with “Guccifer 2.0”, identified in Friday’s indictment as a cover for Russian spies.

Mueller also said Guccifer 2.0 passed many of the stolen documents to WikiLeaks, referred to in the indictment only as “Organization 1”. WikiLeaks is accused of conspiring with the Russian intelligence officials to release the documents for maximum impact on the election campaign.

Prosecutors found the Russian hackers, who were working for the GRU military intelligence agency, used a common and relatively crude technique known as “spearphishing” to gain access to the email accounts of useful victims including John Podesta, Clinton’s campaign chairman. They used Bitcoin and bogus American identities to build a computer infrastructure for the attacks.

On 19 March 2016, Podesta received an email that was disguised as a security notification from Google, instructing him to change his password by clicking a link. In fact it was from Aleksey Lukashev, a senior lieutenant in the Russian military. When Podesta clicked, he unwittingly gave Russian intelligence access to his account. They promptly stole more than 50,000 emails, according to Mueller.

Rod Rosenstein, the deputy attorney general, on Friday reiterated past statements from US officials that no evidence of vote tampering had been found.

The Russian spies also created a bogus email account purporting to be from a Clinton campaign staffer, the indictment said. They used this account to email 30 other Clinton aides what appeared to be a spreadsheet on the candidate’s poll ratings. “In fact, this link directed the recipients’ computers to a GRU-created website,” said Mueller’s filing.

In April 2016, the Russian hackers allegedly used a spearphish to install spying software on the computer network of the the Democratic Campaign Committee (DCCC, known as the “D-triple-C”). This allowed them to record what employees were typing on their keyboards and to take screenshots of their monitors.

By spying on the computer activity of one DCCC worker who also had access to the Democratic National Committee (DNC) systems, the Russian hackers gained access to 33 DNC computers, according to Mueller.

The hackers allegedly searched for documents using terms such as “hillary” and “trump” and took thousands of emails and confidential information on Democratic fundraising, voter outreach and other activity.

Mueller said gigabytes of data were funnelled out of the DCCC and DNC by the hackers and sent to servers rented by the Russians in Arizona and Illinois. Lieutenant captain Nikolay Kozachek and second lieutenant Artem Malyshev were allegedly caught logging into the Arizona server to download their haul. Later, the hackers deleted files to cover their tracks.

Then, according to Mueller, the Russian spies pushed their electronic loot on to an unsuspecting American public.

They allegedly created the online personas DCLeaks, which claimed to be a group of “American hacktivists”, and Guccifer 2.0, supposedly a lone Romanian hacker. From June 2016, these screennames used their own websites, along with Facebook and Twitter pages, to begin publishing emails they had stolen from the Democrats. WikiLeaks joined the publication effort in July.

Mueller said that on 6 July, WikiLeaks urged the Russians to give it damaging material about Clinton in time for the Democratic convention in Philadelphia, so her efforts to unite the party after a bruising primary with Bernie Sanders could be undermined.

Sure enough, emails showing ostensibly neutral party officials working to help Clinton over Sanders were soon leaked. Amid an outcry on the party’s left wing, chairwoman Debbie Wasserman Schultz resigned, throwing the convention into disarray.

Behind the scenes, according to Mueller, the Russian spies successfully hacked the website of an unidentified state elections board and stole personal information on about half a million voters. Over the following months, they repeatedly searched for vulnerabilities in the systems of Florida and Iowa, two swing states. They also broke into the system of a company that makes voter registration software.

Meanwhile, the leaks kept coming. On 7 October, soon after the separate publication of a leaked recording in which Trump boasted of grabbing women by their genitals, WikiLeaks published a tranche of the emails taken from Podesta. Another 32 sets, totalling 50,000 messages, were released over the following month.

On 6 January 2017, US intelligence published the extraordinary report alleging that Russia had carried out a vast “influence campaign” aimed at undermining the US electoral process and assisting Trump’s bid for the White House.

Within a week, Mueller’s team noted, the alleged Russian intelligence operatives published a statement on Guccifer 2.0’s blog site, claiming that the hacks and leaks “had totally no relation to the Russian government”. Eight days later, Trump was inaugurated.

Most viewed

Most viewed