Saturday, July 14, 2018

Read This Spy Novel Now!

Forget your "beach reading"! Put down that latest issue of US Weekly. The published indictment of 12 Russian military intelligence officers offers 18 pages of thrills and chills straight out of the truly frightening world of computer hacking.

Seeing in black and white that the Russians could impersonate official email from Google, ordering a user to log on and fix this or that "on your account" -- I recognize that I've received those "spearphishing" messages myself. I bet most people reading this have too. That's only one way into your secrets. If they can gain access to one of your best friends, they can gain access to you too. It's chilling.
On or about April 6, 2016, the Conspirators created an email account in the name of a known member of the Clinton Campaign (with a one-letter deviation from the actual spelling).  The Conspirators then used that account to send spearphishing emails to the work accounts of more than thirty different Clinton Campaign employees. In the spearphishing emails, LUKASHEV and his co-conspirators embedded a link purporting to direct the recipient to a document titled “hillary- clinton-favorable-rating.xlsx.” In fact, this link directed the recipients’ computers to a GRU [Russian Military Intelligence]-created website.
Once they're inside, look what they can do:
The keylog function allowed the Conspirators to capture keystrokes entered by DCCC [Democratic Congressional Campaign Committee] employees. The screenshot function allowed the Conspirators to take pictures of the DCCC employees’ computer screens.

One Obvious Reason Twitterman Is So Cowed by Putin

The indictments released yesterday drop this tidbit: They stole "opposition research" off Democratic Party and Clinton campaign computers. Opposition research. Get it? The Russians know everything bad about DJT that the Democrats were able to dig up -- not to mention, obviously what the Russians themselves already have on him.

Russians Subvert Actblue

"On or about June 14, 2016, the Conspirators registered the domain, which mimicked the domain of a political fundraising platform that included a DCCC donations page. Shortly thereafter, the Conspirators used stolen DCCC credentials to modify the DCCC website and redirect visitors to the domain."

What the Russians Did with the Stolen Documents

Oh, you know about Wikileaks ("Organization 1" in the indictment) and their publication of stolen material. But did you know about this "candidate for the U.S. Congress"?
On or about August 15, 2016, the Conspirators, posing as Guccifer 2.0, received a request for stolen documents from a candidate for the U.S. Congress. The Conspirators responded using the Guccifer 2.0 persona and sent the candidate stolen documents related to the candidate’s opponent.
Asked for and received stolen documents. That's a new detail, and doesn't that suggest that other indictments are sure to come? Receiving stolen property. Asking for stolen property.

Aaron Nevins.
Butter won't melt in his mouth
Not only a sitting member of Congress but also an enterprising lobbyist:
On or about August 22, 2016, the Conspirators, posing as Guccifer 2.0, transferred approximately 2.5 gigabytes of data stolen from the DCCC to a then-registered state lobbyist and online source of political news. The stolen data included donor records and personal identifying information for more than 2,000 Democratic donors.
"State lobbyist." Puzzling over what that means, Google sends me to a Florida newspaper. That "state lobbyist" appears to be one Aaron Nevins (according to the Sun-Sentinel), "a state and local lobbyist and operator of the political news website 'Mark Miewurd's HelloFLA!' (The name is a play on 'mark my words.') "

We also learn that the Conspirators, posing as Guccifer 2.0, contacted a U.S. reporter with an offer to provide stolen emails from Hillary Clinton’s staff. "The Conspirators then sent the reporter the password to access a nonpublic, password-protected portion of containing emails stolen from Victim 1."

We've known since at least February of this year that the Russians attempted to penetrate the computers of 21 state boards of election, but "an exceptionally small number of them were actually successfully penetrated" (NBC News). The indictment specifies just one, "SBOE 1." Was that Illinois, which admitted in 2016 that its system had been breached? Or some other state, like North Carolina?

"With Others Known and Unknown"

Other shoes are yet to drop. Obviously.

In the section of the indictment that specifies which American laws have been broken, there are a couple of references to "others known and unknown" as having participated in theft and conspiracy with the Russians. Some -- most? -- of those persons -- especially the known ones -- are likely American citizens, aren't they? And aren't we likely to see yet a cascade of additional indictments of persons who don't enjoy the protection of Vladimir Putin?

No comments: