Reading the Mueller Report: Part 3, The Leaks

April 18, 2019 - Washington, District of Columbia, U.S. - A few pages of special counsel Robert Mueller's report on Russian interference in the 2016 election which was printed out by staff in the House Judiciary Committee's hearing room. (Credit Image: © Tom Williams/Congressional Quarterly/Newscom via ZUMA Press)

GRU Unit 74455 was responsible for leaking documents they had stolen and publicizing the leaks through social media. They used three main channels through which they dumped documents: two websites created by GRU themselves (DCLeaks and Guccifer 2.0), and later, Wikileaks—which, given their long experience publishing leaked archives, appears to have had the most impact.

[Part 2 is here. The full report is here. This post deals with Volume I, Section III. B.]

Almost as soon as GRU began to steal documents, they started planning to dump them. They created the domain on April 19, pretty much right as they managed to break into the DCCC computers. They leaked documents through this website in neatly labeled tranches, publicizing them through their Facebook and Twitter accounts, and occasionally directly contacting journalists to give them sneak previews of documents that hadn’t been publicly leaked yet. They hid the GRU ownership of the domain behind an anonymous registration and paid for it with Bitcoin.

The Facebook accounts they created to publicize dumps were given fake American personas: “Jason Scott,” “Richard Gingrey,” and “Alice Donovan”. “Alice”, indeed, was a greater scam that merely a fake name; “she” had an exciting profile picture on Twitter (shown below); and was known to several news websites as a beginning freelance journalist who would often pitch articles on foreign policy favorable to Russia. “She” was even published, several times, by CounterPunch, a left-wing news website. Here is their account of learning that “Alice” was not a real person at all.

“Alice Donovan”‘s Twitter profile

Guccifer 2.0 began posting in June; on June 14th, security firm Crowdstrike made a public announcement that they believed the Russian State was involved in the operation. They dubbed the DNC hackers “Fancy Bear” to denote their connection to Russia. This announcement seems to have triggered GRU into taking steps to cover their tracks. The very next day, June 15th, GRU operatives launched a WordPress site called Guccifer 2.0. “Guccifer 2.0” claimed to be a “sole Romanian hacktivist” and took credit for the DNC hacks. Trying to deflect attention away from Russia’s involvement, GRU rode on the cachet of Guccifer, an actual sole Romanian hacker from 2013.

The FBI found that Guccifer 2.0’s grand opening announcement was painstakingly constructed, Google search by Google search, of English phrases such as “some hundred sheets,” “illuminati,” and “worldwide known”. My guess is that the FBI must have subpoenaed Google in order to obtain searches performed by GRU.

Not only did the GRU attempt to pass off Guccifer 2.0 as a Romanian hacker, they also tried to pass off as a “Wikileaks sub-project.” In truth, the same group within Russia’s military intelligence ran both. They also attempted to deflect attention in a different way: they also created a fake “” website to mimic the well-known Democratic donation site, and redirected some of DCCC’s links to their fake domain. It appears as if they were trying to make it look like their intrusion was run by garden-variety thieves, not a foreign intelligence.

Much like, Guccifer 2.0 began releasing troves of the stolen DNC/DCCC documents. Between June and October, “he” released thousands of documents, relating to a number of subjects from opposition research on Trump, to policy discussions, to analyses of congressional races. On occasion they reached out directly to news organizations (for instance the Smoking Gun), much like DCLeaks did, in order to give them access to password-locked documents. On another occasion the Guccifer 2.0 persona reached out to a Congressional candidate in Southern Florida to give them documents about their opponent. Another time gigabytes of data were given to a Florida blogger (Mueller Report does not mention his name, but this is blogger Aaron Nevins).

Mueller Report, page 44 (Volume I Section III-B-2)

Guccifer 2.0 also famously reached out to Roger Stone. His name is under redaction in the Report as an ongoing matter. However, his exchange with Guccifer is well-known: not only did Guccifer 2.0 appear to have provided Stone with stolen documents, Stone also appears to have spurred GRU on to steal more precise analytical data from DNC, as I covered in the last post.


WikiLeaks founder Julian Assange is seen as he leaves a police station in London, Britain April 11, 2019. REUTERS/Peter Nicholls – RC1D08477610

Back in November 2015, before GRU ever sent their first spearphishing email, Julian Assange, in a private message to other Wikileaks members, had already set an agenda pushing for a Republican victory and a Hillary Clinton defeat in the then-upcoming 2016 election. They hosted a searchable archive of about 30,000 Clinton emails [that number again!] that had been obtained through FOIA partially in order to, in their words, “annoy Hillary;” they wanted to become the standard place on the Internet for Hillary leaks.

So when GRU-as-DCLeaks appeared on the scene, they were the new kids on the block attempting to do what Wikileaks was already doing—“annoy Hillary”, to put it in understated terms. The alignment between their goals was as clear to them as to us. DCLeaks reached out to Assange in June, with the stated goal of working together and claiming to have some stolen financial information. Barely a week after that, Wikileaks reached out to Guccifer 2.0, who had just released “his” first tranche of documents, offering help on disseminating leaks in a more effective way. The next month, before the DNC convention, Wikileaks sought documents that would increase conflict between Sanders and Clinton supporters.

Thereafter the communications shifted to largely secret channels. It is clear from the tracks left in timestamps and the few public conversations that stolen files from DNC and Podesta emails were transferred from the GRU hackers to Wikileaks. But the means of transferring those files is not always clear; it might involve go-betweens physically visiting Assange at the Ecuadorean Embassy where he was given refuge at the time.

In all, in a single month between October 7 and November 8, Wikileaks dumped 50,000 documents stolen from Podesta’s email.

Wikileaks’s attempt to blame Seth Rich

Seth Rich, a DNC staffer, was shot and killed in a DC neighborhood in the early hours of the morning of July 10th, 2016 by an unknown assailant. Within a couple weeks, Assange was insinuating that the DNC hacks might have been an inside job. Conspiracy theories about Rich’s death were already aflame on Reddit, also promoted by Roger Stone, but the first person to insinuate that Rich might have been Assange’s source for the DNC leaks was Assange himself, on August 9, in an interview with Dutch television program Nieuwsuur, barely a month after his death. On the same day, Wikileaks announced a reward of $20,000 for information about Seth Rich’s murder. Within a day, right-wing media ran with this insinuation and turned it into a presumed fact in their readers’ minds. Outlets like, The Drudge Report, and Fox & Friends, were stating with confidence that Assange “had fingered” Seth Rich as his source—and that the Russians were not involved. Sean Hannity on Fox later drove that narrative nightly, to the point that he was sued by Rich’s bereaved parents for defamation.

Source: SplinterNews

One priceless service that the Mueller Report has performed is to puncture the myth of Julian Assange as an honest broker. Consider the context: not only was Assange explicitly trying to influence an election to go his preferred way by timing the subject matter of leaks, but he was actively dissembling about the source of his material.

At the time he went out to insinuate that Seth Rich was his source, Rich himself was dead and could not be reached for comment. Assange knew, with dead certainty, that Seth Rich was not, in fact, his source—he even received some documents after Rich’s death. He projected the notion that his source was a whistle-blower exposing corrupt behavior, while he was actually obtaining documents from two anonymous accounts (DCLeaks and Guccifer 2.0) who were nothing of the kind. Even if we assume that Assange knew nothing of Russia’s involvement in the two front accounts first-hand, Crowdstrike’s assessment that Russia had pulled off the hacks was then in the news. Not knowing who DCLeaks and Guccifer 2.0 actually were, surely he must have at least suspected they were fronts for Russian Intelligence, as all the experts were saying. And yet, what he felt called upon to do at that time was to help Russia hide their tracks.

Follow me at @TheOddPantry.

(Featured image source: Tom Williams—Newscom via ZUMA Press)

Print Friendly, PDF & Email