On Friday, Special Counsel Robert Mueller, as part of his investigation into interference with the 2016 presidential election, charged 12 Russian military intelligence officers with conducting “large-scale cyber operations to interfere with the 2016 U.S. presidential election.” The indictment contains a surprising amount of technical information about alleged Russian cyberattacks against a range of U.S. political targets, including the Democratic Congressional Campaign Committee, the Democratic National Committee, members of Hillary Clinton’s presidential campaign, the Illinois (probably) State Board of Elections, and an American election vendor, apparently VR Systems, and its government customers.

While the indictment only describes the U.S. government’s charges in this case, the specific technical evidence presented is compelling and paints by far the most detailed and plausible picture yet of what exactly occurred in 2016.

It also sheds light on what the U.S. government is capable of doing when it investigates cyberattacks, as well as how Russia’s Main Intelligence Directorate of the General Staff, or GRU, allegedly conducted the attacks — which it denies — and what operational security mistakes they made. Here are what I find to be the most compelling takeaways from the indictment.


A man walks past the building of the Russian military intelligence service in Moscow, Russia, Saturday, July 14, 2018. Twelve Russian military intelligence officers hacked into the Clinton presidential campaign and Democratic Party and released tens of thousands of private communications in a sweeping conspiracy by the Kremlin to meddle in the 2016 U.S. election, according to an indictment announced days before President Donald Trump's summit with Russian President Vladimir Putin. (AP Photo/Pavel Golovkin)Russia

A man walks past the building of the Russian military intelligence service in Moscow, Russia, on July 14, 2018.

Photo: Pavel Golovkin/AP

The Russians Got Caught Because They Didn’t Compartmentalize Enough

The indictment says that the organization DCLeaks, which claimed that it was started by a group of “American hacktivists,” and the persona Guccifer 2.0, who claimed to be a Romanian “lone hacker,” are both controlled by the named Russian intelligence officers. DCLeaks operated the website dcleaks.com and the Twitter account @dcleaks_, and Guccifer 2.0 operated the website guccifer2.wordpress.com and the Twitter account @Guccifer_2.

Russian officers took steps to anonymize their hacking and infrastructure, according to the indictment, trying to leave no trace of their identity as they rented servers, registered internet domain names, and set up accounts for email, Twitter, and other uses. But they didn’t do the best job compartmentalizing this infrastructure. This allowed Mueller’s team to confirm that the same people were behind a number of ostensibly distinct operations: DCLeaks, Guccifer 2.0, the spear-phishing campaign, and the hacks of the DCCC and DNC networks.