Indictments Against 12 Russians Show How Hackers Were Hacked

(Bloomberg) -- Today's newsletter is about Special Counsel Robert Mueller's indictment this week of 12 Russian military officers for allegedly orchestrating the hacks of the 2016 U.S. presidential election.

The indictment, which I encourage you to read if you’re interested in technical details about how the hacks worked, is remarkable in a number of ways. Foremost, it's the first time the American public gets to see, in exacting detail, how Russian intelligence services actually conducted the attacks. The document has a fly-on-the-wall feel that's rare for a federal hacking indictment, in that it provides great specificity about how the FBI and U.S. intelligence services know what they know about the Russians' operation. It reads like a thriller: the only thing a reader can conclude after finishing the document is that it's based on extraordinarily sensitive —and, apparently, highly successful— operations by the U.S. and its allies to penetrate the hackers' computers.

Outside of leaked documents from former NSA contractor Edward Snowden, the public rarely gets an inside look at the spy-versus-spy game in cyberspace. Details are lacking because the ability of one country's government hackers to infiltrate the computers of their counterparts in another country is among the most treasured of intelligence assets. The takeaway from Mueller's indictments is clear: he wanted to leave nothing to the imagination about just how deeply the suspects' computers and networks had been compromised to build this case.

There are lots of fascinating passages, but take this one, for example: Starting on page 9, the indictment lays out the "command and control" structure for the operation, which shows that the hackers leased a server in Arizona to serve as their staging area from which to manage the attacks.

It's not the existence of that server that's interesting, but the level of detail that Mueller supplies about how and when the attackers accessed the server to do things like activate keyloggers and other surveillance tools inside hacked computers involving the campaign of Hillary Clinton. Or even how and when the attackers configured a different machine overseas to act as a relay point and obscure the traffic.

The information doesn't read like a reconstruction based on forensic evidence found on those machines: it's presented from the perspective of the hackers, and what the day-to-day efforts looked like from the inside to manage an increasingly sprawling operation as they got deeper into Democratic Party computers. To make the point absolutely clear that some of prosecutors' information comes from the hackers' own computers, the indictment notes that the hackers were careful to cover their tracks, including deleting all of their log-in records on the staging servers.

An amusing passage starting on page 14 details how some of the suspects created the online persona Guccifer 2.0. They searched, from their private computers in Moscow, numerous English phrases that had been used in public documents allegedly written by the suspects and seeking to deflect blame from Russia. Those phrases appeared later that day in Guccifer 2.0's first blog post, allegedly written by the suspects and sought to deflect blame from Russia.

For those of us who've been following the election-hacking case closely, the document is absolutely devastating to any suggestion that, as then-candidate Donald Trump famously put it before the election: “I mean, it could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, OK? You don’t know who broke in to DNC.”

What the indictment now makes clear is that U.S. investigators have the technical expertise to know the exact answer to that question.

And here’s what you need to know in global technology news

What should a self-driving car look like if designed from scratch? $800 million startup Zoox says it has the answer.

Amazon recovers from its stumble with soaring sales. And Prime Day is becoming, well, more prime

More, more. Behind Facebook’s push to hire more researchers. Also: Donald Trump is the biggest spender of political ads on the social-media platform, according to the New York Times.

And that’s three. Texas Instruments CEO Brian Crutcher became the third chip-industry leader to be sacked in two months. 

©2018 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.