The long-awaited report from Special Counsel Robert Mueller on Russia’s interference in the 2016 election is more than 440 pages long and offers granular details about the Russian government’s efforts to infiltrate Democratic organizations and obtain material damaging to Hillary Clinton’s presidential campaign. One thing that’s notable is what isn’t present: A definitive explanation of how Wikileaks obtained stolen emails from the Democratic campaign.
The report does not mince words. The purpose of these attacks, it clearly states, was to help elect President Donald Trump, whom the Putin government showed a clear preference for in the election. The investigation established that the Russian government perceived that hacking the Democrats would benefit Trump and that, in turn, a Trump presidency would benefit Russia.
Russian intelligence, therefore, worked to “secure that outcome,” according to the report; while the Trump campaign itself was hopeful all along that it would “benefit electorally from information stolen and released through Russian efforts.”
In the end, however, Mueller’s team was unable to establish that any members of the Trump campaign conspired with the Russians in the commission of any illegal acts—despite more than 100 known contacts between the president’s associates, including 17 campaign officials, and Russian nationals, several of whom have established ties to the country’s military and intelligence services.
Significant portions of the report are dedicated to analyzing the theft of Democratic emails, opposition research, and fundraising data by Russia’s main intelligence directorate, the GRU; and in particular, Russian military cyber units 26165 and 74455. It further summarizes the efforts to disseminate the stolen material through GRU’s own fictitious personas, as well as through WikiLeaks—which at one point claimed to have proof that Russia was not involved.
Notably, the report indicates that Mueller’s team faces unresolvable issues in piercing through the secrecy surrounding WikiLeaks and its founder Julian Assange. The report admits at one point that it remains unclear how the notorious publisher of classified U.S. material obtained all of the stolen Democratic files. While it does include references to at least one encrypted file sent via Twitter to WikiLeaks by Guccifer 2.0—a fictitious hacker identity invented, according to U.S. intelligence, by the GRU—it does not rule out other sources being involved.
“Both the GRU and WikiLeaks sought to hide their communications, which has limited the Office’s ability to collect all of the communications between them,” the report states. “Similar communications occurred between WikiLeaks and the GRU-operated persona DCLeaks,” it also says.
Assange was arrested in London last week after living nearly seven years there in the Ecuadorian embassy. He was subsequently found guilty of failing to surrender himself after breaching his bail conditions in connection with extradition proceedings brought on by accusations of rape in Sweden. He has been charged by the U.S. government for allegedly conspiring with former U.S. Army intelligence analyst Chelsea Manning to gain access to a Defense Department network used to store classified documents and communications.
If extradited to the U.S. and found guilty, Assange faces up to five years imprisonment. To date, none of the known charges against him relate to the 2016 election.
Last July, the special counsel issued an indictment of 12 Russian intelligence officers—also known as the Netyksho indictment—in the hacking of Democratic organizations, including the private email account of John Podesta, chairman of the Clinton campaign.
Mueller’s report reiterates the assessment of the U.S. intelligence community that the hacking operations against the Democrats were carried out by Russia’s main intelligence directorate, the GRU. As with the Netyksho indictment, the report describes the GRU’s use of various customized malware, including X-Agent, a cross-platform remote access toolkit, which enabled the GRU to record thousands of keylogging sessions, and X-Tunnel, a network tunneling tool that enabled large-scale data transfers from the Democratic National Committee (DNC) and Democratic Congressional Campaign Committee (DCCC) networks to GRU-controlled computers.
The malware section of the report is heavily redacted citing investigative techniques.
The report states:
The GRU began stealing DCCC data shortly after it gained access to the network. On April 14, 2016 (approximately three days after the initial intrusion) GRU officers downloaded rar.exe onto the DCCC’s document server. The following day, the GRU searched one compromised DCCC computer for files containing search terms that included “Hillary,” “DNC,” “Cruz,” and “Trump.” On April 25, 2016, the GRU collected and compressed PDF and Microsoft documents from folders on the DCCC’s shared file server that pertained to the 2016 election. The GRU appears to have compressed and exfiltrated over 70 gigabytes of data from this file server.
The GRU also stole documents from the DNC network shortly after gaining access. On April 22, 2016, the GRU copied files from the DNC network to GRU-controlled computers. Stolen documents included the DNC’s opposition research into candidate Trump. Between approximately May 25, 2016 and June 1, 2016, GRU officers accessed the DNC’s mail server from a GRU-controlled computer leased inside the United States. During these connections, Unit 26165 officers appear to have stolen thousands of emails and attachments, which were later released by WikiLeaks in July 2016.
The report describes the Russian government’s efforts to disseminate the hacked material through fictitious online personas DCLeaks and Guccifer 2.0, as well as through WikiLeaks. “DCLeaks victims included an advisor to the Clinton Campaign, a former DNC employee and Clinton Campaign employee, and four other campaign volunteers,” the report says. The GRU also operated a Facebook page, it says, administered through several other pre-existing Facebook accounts, which was used to promote the release of the materials.
The report notes that the Guccifer 2.0 account was in contact with a former Trump campaign member, though the name of the individual is redacted citing potential harm to an ongoing matter. That individual has been previously identified by news sources as Roger Stone, a Republican operative and advisor to longtime friend President Trump. (Prosecutors said in a court filing Wednesday that details related to Stone, whose case won’t be heard until November, would be redacted in the report.) Stone, who sold himself to the Trump campaign as a conduit to WikiLeaks, was indicted on felony charges in January for allegedly lying to investigators for the House Intelligence Committee and attempting to persuade a witness to provide false testimony.
The report goes on to describe how the GRU made contact with WikiLeaks for the purpose of further disseminating the stolen Democratic documents. “GRU officers used both the DCLeaks and Guccifer 2.0 personas to communicate with WikiLeaks through Twitter private messaging and through encrypted channels,” it says, “including possibly through WikiLeaks’s private communication system.”
The report makes clear that Mueller’s team struggled to figure out how all of the stolen files were transferred to WikiLeaks. It was unable to determine, for example, if WikiLeaks obtained the material from an intermediary, identified by the report as Andy Müller-Maguhn. The focus of a 2018 Washington Post article, Andy Müller-Maguhn is described as “one of Assange’s few connections to the outside world.”
The article notes that, in 2016, Müller-Maguhn, himself a computer hacker, delivered a thumb drive to Assange allegedly containing “personal messages,” as by that time, Assange had ceased use of most electronic communications.
The report states that investigators were able to discredit the claims of WikiLeaks and its Republican allies regarding the source of the stolen material. On the false claims made by WikiLeaks, the report states:
After the U.S. intelligence community publicly announced its assessment that Russia was behind the hacking operation, Assange continued to deny that the Clinton materials released by WikiLeaks had come from Russian hacking. According to media reports, Assange told a U.S. congressman that the DNC hack was an “inside job,” and purported to have “physical proof’ that Russians did not give materials to Assange.
The “reports” cited by Mueller include a CNN article from May 2018, in which GOP Congressman Dana Rohrabacher, a staunch defender of Assange, claimed that the hack was an “inside job” and that Assange told him personally that he had “physical proof” the leak did not originate with the Russians.
A section of the report describing contacts between the Trump campaign and WikiLeaks is heavily redacted but includes references to testimony by Michael Cohen, Trump’s former special counsel and longtime fixer, who pleaded guilty last year to making false statements to Congress. Multiple quotes attributed by Cohen to Trump are also redacted.
The report further describes several known contacts between Donald Trump Jr., the president’s son, and the WikiLeaks Twitter account, including a request by WikiLeaks to tweet “a link alleging candidate Clinton had advocated using a drone to target Julian Assange.”
Trump Jr. responded to WikiLeaks saying he had already “done so,” it says.
Ultimately, the report simply concludes what has been obvious since October 2016, when then-candidate Trump began praising WikiLeaks for publishing material stolen by a foreign adversary from his political rivals: “The presidential campaign of Donald J. Trump showed interest in WikiLeaks’s releases of documents and welcomed their potential to damage candidate Clinton.”
“Under applicable law, publication of these types of materials would not be criminal unless the publisher also participated in the underlying hacking conspiracy,” Attorney General William Barr said in a statement Thursday. “Here too, the Special Counsel’s report did not find that any person associated with the Trump campaign illegally participated in the dissemination of the materials.”
You can read a full, searchable copy of the Mueller report here.