clock menu more-arrow no yes

How Russian hackers stole information from Democrats, in 3 simple diagrams

Trump refused to say Russia interfered with US elections. These diagrams show exactly how it did.

President Donald Trump said he doesn’t “see any reason” why Russia would be responsible for interfering in the 2016 presidential election. After all, Russian President Vladimir Putin denies Russia’s involvement — and, being a friend, Putin even offered to help investigate whoever committed these crimes.

That’s what the two men said during their joint press conference Monday, but that version of the story contradicts what US intelligence agencies have concluded.

In fact, just days ago, we got an extremely detailed account of how Russian intelligence officers stole information from key Democratic groups during the 2016 presidential election. The hack was described in FBI special counsel Robert Mueller’s indictment against 12 Russian intelligence officers. The indictment describes how these hackers stole information from the DCCC, the Democratic National Committee, and several members of the Hillary Clinton campaign — and how they subsequently distributed the information to hurt Clinton’s chances against her opponent, Donald Trump.

The indictment confirms what had long been suspected: that Russians were behind the hacks, and that the information that came out of the hacks was leaked to hurt Clinton. It describes a confusing tangle of actors and actions that might be hard to sift through. Here are three simple diagrams to help you understand how Russian intelligence officers infiltrated key Democratic groups and the Clinton campaign.

How Russians hacked the Clinton campaign

The first hacks detailed by the indictment were of key members of the Clinton campaign; they started in March 2016.

And the method was incredibly basic: email phishing.

All of us have probably been targeted by these scam emails, which try to trick us into sharing sensitive information, like passwords. The scam that Clinton campaign chair John Podesta fell for was the classic “reset your password” email. Another phishing email involved a fake Excel file, which when opened by the recipients eventually directed them to a Russian-created website that also tried to steal their information.

On July 27, 2016, Trump said, “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing.” That night, Russian intelligence officers directed another phishing attack at third-party accounts used by Clinton’s personal office — and targeted 76 email addresses of Clinton campaign staffers.

How the Russians hacked the DCCC and DNC

Around March and April 2016, the Russian intelligence officers also targeted the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC).

The hackers apparently first got access to the DCCC network and, using information gathered from that hack, later got access to the DNC network.

According to the indictment, they connected to both groups’ networks to install malware on their computers. This malware, X-Agent, is a computer program that tracks a user’s activity by logging the keystrokes of everything typed on these devices, as well as taking screenshots.

They harvested everything, including email passwords, opposition research, staff communication, personal banking information of staffers, and a folder about the Benghazi investigation.

Then they tried to cover their tracks while they sent the information from the DCCC and DNC back to the servers leased by the GRU, Russia’s intelligence agency.

The DNC and DCCC learned they were hacked in May 2016 and hired a security company to remove the malware. But the security company did not find and remove a version of the malware on the DNC network until October 2016.

How the Russians distributed the stolen information

In June 2016, the Russians first released the information using the website DCLeaks.com and associated social media accounts. When the DNC said it was hacked by Russians, a person going by the moniker “Guccifer 2.0” claimed credit for the leaks, saying he was a lone Romanian hacker. The indictment says the people behind this moniker were actually the Russian hackers.

Using this persona, the hackers were in contact with US reporters, people close to the Trump campaign, and WikiLeaks.

WikiLeaks told Guccifer 2.0 to send “any new material” so they can ensure it will “have a much higher impact than what you are doing.” Then WikiLeaks said it would be best to release the leaks during the Democratic National Convention, in hopes of further sowing discord between Clinton and Bernie Sanders supporters. In July 2016, WikiLeaks began publishing the leaks.

Putin tried to say the hacks weren’t committed by the Russian state. US intelligence agencies disagree — but Trump does not.

After Trump complained about Clinton’s servers, rather than admonish Russia’s role in the hack, Putin added this:

For instance, the company that is brought up is being accused, it’s being accused of interference, but this company does not constitute the Russian state. It does not represent the Russian state.

But an Office of the Director of National Intelligence report using intelligence from the FBI, CIA, and NSA concludes with “high confidence” that “Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election.”

In short, top US intelligence agencies say Putin ordered this interference, and Mueller’s indictment details the nuts and bolts of how this happened.

But President Trump, standing next to Putin, decided to attack the FBI’s credibility and Hillary Clinton, and brag about how he won the election because of a brilliant campaign.