Greg Miller

The Apprentice


Скачать книгу

      Under congressional pressure, the State Department sent letters to Clinton and her predecessors asking them to produce any work emails still in their possession. (Former secretary of state Colin Powell had also used a private email account.) In December 2014, Clinton’s lawyers arrived at the department with twelve boxes filled with hard copies of more than thirty thousand messages. But she withheld another thirty-one thousand, insisting that while they were stored on her system they pertained to personal matters, including her daughter’s upcoming wedding and mother’s funeral, and were “not related in any way to my job as Secretary of State.” Having concluded this, she had then erased the emails she deemed personal.[2]

      It was a decision that played straight into decades-long depictions of Clinton as secretive and duplicitous when it came to concealing the family’s alleged misdeeds. The committee was, reasonably, outraged that she had deleted a massive stockpile of messages without allowing any outsider to review what was being destroyed.

      The controversy remained under wraps until The New York Times broke the story several months later, on March 2, saying Clinton’s use of private email “may have violated federal requirements that officials’ correspondence be retained,” and reignited lingering concerns about the Clintons’ “lack of transparency and inclination toward secrecy.” Immediately, the Clinton campaign was on its heels.

      A week later, in a tense press conference, Clinton said that in using her private email address she had “opted for convenience,” and acknowledged that “it would have been better if I’d simply used a second email account.” Republicans rushed forward with sinister interpretations, implying that she was hiding incriminating messages about Benghazi or other scandals. The panel issued a subpoena for all of her communications, hoping to stave off any further email destruction. At the same time, the State Department came under court order to start publicly releasing batches of Clinton emails after they had been internally reviewed. The result was a disaster for Clinton—monthly dumps for the media to sift through, generating a seemingly endless stream of stories on the very issue that Trump and Putin would come to see as one of her most acute vulnerabilities.

      State Department investigators subsequently determined that “classified information may exist on at least one private server and thumb drive that are not in the government’s possession.” Because some of the sensitive information in the emails belonged not to State but to spy agencies, the inspector general for the entire intelligence community examined a sample of forty Clinton emails and found that at least four contained classified material. He then relayed that finding to the Justice Department. The fallout from that referral would be devastating to her chances of becoming president.

      IN THE SPRING OF 2016, NEARLY A YEAR AFTER THE DUTCH HAD ALERTED Washington to the penetration of the DNC, a second wave of Russian hackers converged on Clinton-related targets. These new intruders were working not for Russia’s foreign intelligence service, but its military spy agency: the Main Intelligence Directorate of the General Staff, otherwise known as the “GRU.” Long seen as inferior to other Russian services, the GRU had invested heavily in cyber capabilities and had raised its standing in the Kremlin through one successful hacking operation in particular.

      The head of the Russian military, General Valery Gerasimov, had delivered an address in 2013 that American spies studied closely.[3] Reprinted in a Russian publication called the Military-Industrial Courier, the speech spoke of a new era of hybrid warfare, one in which “the role of nonmilitary means of achieving political and strategic goals has grown, and, in many cases, they have exceeded the power of force of weapons.” The GRU had tested this theory in Ukraine in 2014, where it used a series of cyberattacks to shut down telecommunications systems, disable websites, and jam the cell phones of Ukrainian officials before Russian forces entered the Crimean peninsula.

      After the Russian military had seized control of key Crimean facilities, GRU turned its information warfare troops loose to rally public support among Crimea’s largely ethnic Russian population to break with Ukraine and support annexation by Moscow. To do so, GRU psyops teams blitzed social media platforms, including Facebook and the Russian-language social network VKontakte, with fake personas and pro-Russian propaganda. In one week alone GRU cyber teams targeted dozens of Ukrainian activist groups, hubs of protesters on social media, and English-language publications, sowing confusion and creating the impression of a groundswell of support for Russian intervention.

      Three years later, the GRU joined the Putin-ordered operation to damage or defeat Clinton. Working out of a building on Komsomolsky Prospekt in Moscow, a GRU cyber-operative named Aleksey Lukashev sent a spearphishing email to Clinton campaign chairman John Podesta on March 19, 2016. Lukashev had used a popular online service for shortening website addresses to help mask his baited missive and make it look like a legitimate security notification from Google. The breach was enabled when one of Podesta’s aides saw a supposed security warning from Google and had asked a computer technician to evaluate it. “This is a legitimate email,” the technician wrote. “John needs to change his password immediately.” With the ensuing mouse click, Russia gained access to a trove of messages stored on Podesta’s account. Within two days, Lukashev and his GRU unit had made off with more than 50,000 emails.

      Lukashev was part of a GRU hacking group designated by its unit number, 26165. That same month, the hackers began probing the DNC network for gaps in defenses, seemingly oblivious to the fact that another Russian intelligence service was already rummaging through the files. U.S. spies said it was not uncommon for Putin to unleash separate agencies on the same target. In April, the Russian unit found an indirect route into the DNC system, stealing the computer credentials of an employee at a sister organization, the Democratic Congressional Campaign Committee, which occupied the same office and worked to help elect congressional candidates. Another spearphishing operation did the trick, luring the DCCC employee into clicking a link that effectively gave the GRU the keys into the network.

      Once inside, Lukashev’s group installed a program known as X-Agent malware on at least ten DCCC machines, enabling them to steal passwords and data from other employees, and even monitor their keystrokes and take photos of their computer screens as they typed away unsuspectingly. The hackers tried to hide their tracks by transmitting the pilfered information to a server the GRU had leased in Arizona (paid for not with rubles or dollars but with bitcoin cryptocurrency). By April 18, the GRU used its access to the passwords and files of the DCCC—some of whom also had access to the DNC network—to sneak across a digital bridge into the main party organization’s network.

      In April, GRU operatives registered a new internet domain—dcleaks.com—after discovering that the first address they wanted, “electionleaks.com” was already taken.

      For all its advances, the GRU made a number of costly blunders that would help U.S. investigators reconstruct the incursion. The Russian hackers often used the same computers, email addresses, and phony online accounts for multiple transactions related to the operation—registering the dcleaks.com domain, accessing URL-shortening services, and facilitating bitcoin payments.

      Those clues would be collected and revealed nearly two years later. But even at the time, the GRU arrived inside the DNC system with all the stealth of a cymbal crash. At long last, the committee’s overmatched security team finally encountered an intruder that its systems could detect.

      The GRU’s hackers were “like a thunderstorm moving through the network,” recalled one investigator involved in the case. “They were actively compromising systems. They were remote accessing into systems in the middle of the night. They were deleting logs. They were opening up files on administrators’ desktops. They were archiving massive amounts of files.” At one point, the GRU crew began stashing pilfered material in a massive single file, presumably to make it easier to drag out when the raid was done. But they stuffed so much into the single container that it crashed the system they had set up to export their stolen data in the first place. Left behind, the copy of the busted file provided investigators a comprehensive inventory of the loot—but no firm sense of how much other material the GRU might have captured in other smash-and-grabs.