Eric Zuesse – Highlights from the Mueller Report

robert mueller report

Following are the passages that I consider to be the chief and most important allegations that are in the opening 11% (that’s up through page 49 of the of the 448-page document) of the “Report On The Investigation Into Russian Interference In The 2016 Presidential Election”. That’s Robert Mueller’s March 2019 report, which had been commissioned by the U.S. Congress to find grounds to charge U.S. President Donald Trump with being an agent of the Russian Government and to replace him with Vice President Mike Pence for that reason.

https://viewfromll2.files.wordpress.com/2019/04/mueller-report.pdf

Report On The Investigation Into Russian Interference In The 2016 Presidential Election

The Internet Research Agency (IRA) carried out the earliest Russian interference operations identified by the investigation — a social media campaign designed to provoke and amplify political and social discord in the United States. The IRA was based in St. Petersburg, Russia, and received funding from Russian oligarch Yevgeniy Prigozhin and companies he controlled. Prighozhin is widely reported to have ties to Russian President Vladimir Putin. …

The IRA later used social media accounts and interest groups to sow discord in the U.S. political system through what it termed “information warfare.” The campaign evolved from a generalized program designed in 2014 and 2015 to undermine the U.S. electoral system, to a targeted operation that by early 2016 favored candidate Trump and disparaged candidate Clinton.

The IRA’ s operation also included the purchase of political advertisements on social media in the names of U.S. persons and entities, as well as the staging of political rallies inside the United States. To organize those rallies, IRA employees posed as U.S. grassroots entities and persons and made contact with Trump supporters and Trump Campaign officials in the United States. The investigation did not identify evidence that any U.S. persons conspired or coordinated with the IRA. …

At the same time that the IRA operation began to focus on supporting candidate Trump in early 2016, the Russian government employed a second form of interference: cyber intrusions (hacking) and releases of hacked materials damaging to the Clinton Campaign. The Russian intelligence service known as the Main Intelligence Directorate of the General Staff of the Russian Army (GRU) carried out these operations.

In March 2016, the GRU began hacking the email accounts of Clinton Campaign volunteers and employees, including campaign chairman John Podesta. In April 2016, the GRU hacked into the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC). The GRU stole hundreds of thousands of documents from the compromised email accounts and networks. Around the time that the DNC announced in mid-June 2016 the Russian government’s role in hacking its network, the GRU began disseminating stolen materials through the fictitious online personas “DCLeaks” and “Guccifer 2.0.” The GRU later released additional materials through the organization WikiLeaks. …

While the investigation identified numerous links between individuals with ties to the Russian government and individuals associated with the Trump Campaign, the evidence was not sufficient to support criminal charges. Among other things, the evidence was not sufficient to charge any Campaign official as an unregistered agent of the Russian government or other Russian principal. And our evidence about the June 9, 2016 meeting and WikiLeaks’s releases of hacked materials was not sufficient to charge a criminal campaign-finance violation. Further, the evidence was not sufficient to charge that any member of the Trump Campaign conspired with representatives of the Russian government to interfere in the 2016 election.

The Office investigated several other events that have been publicly reported to involve potential Russia-related contacts. For example, the investigation established that interactions between Russian Ambassador Kislyak and Trump Campaign officials both at the candidate’s April 2016 foreign policy speech in Washington, D.C., and during the week of the Republican National Convention were brief, public, and non-substantive. And the investigation did not establish that one Campaign official’s efforts to dilute a portion of the Republican Party platform on providing assistance to Ukraine were undertaken at the behest of candidate Trump or Russia. The investigation also did not establish that a meeting between Kislyak and Sessions in September 2016 at Sessions’s Senate office included any more than a passing mention of the presidential campaign.

Throughout 2016, IRA accounts published an increasing number of materials supporting the Trump Campaign and opposing the Clinton Campaign. For example, on May 31, 2016, the operational account “Matt Skiber” began to privately message dozens of pro-Trump Facebook groups asking them to help plan a “pro-Trump rally near Trump Tower.”55

To reach larger U.S. audiences, the IRA purchased advertisements from Facebook that promoted the IRA groups on the newsfeeds of U.S. audience members. According to Facebook, the IRA purchased over 3,500 advertisements, and the expenditures totaled approximately $100,000.56

During the U.S. presidential campaign, many IRA-purchased advertisements explicitly supported or opposed a presidential candidate or promoted U.S. rallies organized by the IRA (discussed below). As early as March 2016, the IRA purchased advertisements that overtly opposed the Clinton Campaign. For example, on March 18, 2016, the IRA purchased an advertisement depicting candidate Clinton and a caption that read in part, “If one day God lets this liar enter the White House as a president – that day would be a real national tragedy.”57

Similarly, on April 6, 2016, the IRA purchased advertisements for its account “Black Matters” calling for a “flashmob” of U.S. persons to “take a photo with #HillaryClintonForPrison2016 or #nohillary2016.”58 IRA-purchased advertisements featuring Clinton were, with very few exceptions, negative.59

IRA-purchased advertisements referencing candidate Trump largely supported his campaign. The first known IRA advertisement explicitly endorsing the Trump Campaign was purchased on April 19, 2016. The IRA bought an advertisement for its Instagram account “Tea Party News” asking U.S. persons to help them “make a patriotic team of young Trump supporters” by uploading photos with the hashtag “#KIDS4TRUMP.”60 In subsequent months, the IRA purchased dozens of advertisements supporting the Trump Campaign, predominantly through the Facebook groups “Being Patriotic,” “Stop All Invaders,” and “Secured Borders.” …

The IRA operated individualized Twitter accounts similar to the operation of its Facebook accounts, by continuously posting original content to the accounts while also communicating with U.S. Twitter users directly (through public tweeting or Twitter’s private messaging).

The IRA used many of these accounts to attempt to influence U.S. audiences on the election. Individualized accounts used to influence the U.S. presidential election included @TEN_ GOP ( described above); @jenn _ abrams ( claiming to be a Virginian Trump supporter with 70,000 followers); @Pamela_Moore13 (claiming to be a Texan Trump supporter with 70,000 followers); and @America:__Ist_ (an anti-immigration persona with 24,000 followers).67 In May 2016, the IRA created the Twitter account @march_for_trump, which promoted IRA-organized rallies in support of the Trump Campaign (described below).68 …

The IRA organized and promoted political rallies inside the United States while posing as U.S. grassroots activists. First, the IRA used one of its preexisting social media personas (Facebook groups and Twitter accounts, for example) to announce and promote the event. The IRA then sent a large number of direct messages to followers of its social media account asking them to attend the event. From those who responded with interest in attending, the IRA then sought a U.S. person to serve as the event’s coordinator. In most cases, the IRA account operator would tell the U.S. person that they personally could not attend the event due to some preexisting conflict or because they were somewhere else in the United States.82 The IRA then further promoted the event by contacting U.S. media about the event and directing them to speak with the coordinator.83

After the event, the IRA posted videos and photographs of the event to the IRA’s social media accounts. 84

The Office identified dozens of U.S. rallies organized by the IRA. The earliest evidence of a rally was a “confederate rally” in November 2015. 85 The IRA continued to organize rallies even after the 2016 U.S. presidential election. The attendance at rallies varied. Some rallies appear to have drawn few (if any) participants while others drew hundreds. …

From June 2016 until the end of the presidential campaign, almost all of the U.S. rallies organized by the IRA focused on the U.S. election, often promoting the Trump Campaign and opposing the Clinton Campaign. Pro-Trump rallies included three in New York; a series of pro-Trump rallies in Florida in August 2016; and a series of pro-Trump rallies in October 2016 in Pennsylvania. The Florida rallies drew the attention of the Trump Campaign, which posted about the Miami rally on candidate Trump’s Facebook account (as discussed below).86 …

Starting in June 2016, the IRA contacted different U.S. persons affiliated with the Trump Campaign in an effort to coordinate pro-Trump IRA-organized rallies inside the United States. In all cases, the IRA contacted the Campaign while claiming to be U.S. political activists working on behalf of a conservative grassroots organization. The IRA’s contacts included requests for signs and other materials to use at rallies, 107 as well as requests to promote the rallies and help coordinate Iogistics.108 While certain campaign volunteers agreed to provide the requested support (for example, agreeing to set aside a number of signs), the investigation has not identified evidence that any Trump Campaign official understood the requests were coming from foreign nationals.

III. RUSSIAN HACKING AND DUMPING OPERATIONS

Beginning in March 2016, units of the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU) hacked the computers and email accounts of organizations, employees, and volunteers supporting the Clinton Campaign, including the email account of campaign chairman John Podesta. Starting in April 2016, the GRU hacked into the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC). The GRU targeted hundreds of email accounts used by Clinton Campaign employees, advisors, and volunteers. In total, the GRU stole hundreds of thousands of documents from the compromised email accounts and networks. 109 The GRU later released stolen Clinton Campaign and DNC documents through online personas, “DCLeaks” and “Guccifer 2.0,” and later through the organization WikiLeaks. The release of the documents was designed and timed to interfere with the 2016 U.S. presidential election and undermine the Clinton Campaign. …

By no later than April 12, 2016, the GRU had gained access to the DCCC computer network using the credentials stolen from a DCCC employee who had been successfully spearphished the week before. Over the ensuing weeks, the GRU traversed the network, identifying different computers connected to the DCCC network. By stealing network access credentials along the way (including those of IT administrators with unrestricted access to the system), the GRU compromised approximately 29 different computers on the DCCC network. 119

Approximately six days after first hacking into the DCCC network, on April 18, 2016, GRU officers gained access to the DNC network via a virtual private network (VPN) connection120 between the DCCC and DNC networks.121 Between April 18, 2016 and June 8, 2016, Unit 26165 compromised more than 30 computers on the DNC network, including the DNC mail server and shared file server.122

b. Implantation of Ma/ware on DCCC and DNC Networks

Unit 26165 implanted on the DCCC and DNC networks two types of customized malware, 123 known as “X-Agent” and “X-Tunnel”; Mimikatz, a credential-harvesting tool; and rar.exe, a tool used in these intrusions to compile and compress materials for exfiltration. X-Agent was a multi-function hacking tool that allowed Unit 26165 to log keystrokes, take screenshots, and gather other data about the infected computers (e.g., file directories, operating systems).124 XTunnel was a hacking tool that created an encrypted connection between the victim DCCC/DNC computers and GRU-controlled computers outside the DCCC and DNC networks that was capable of large-scale data transfers. 125 GRU officers then used X-Tunnel to exfiltrate stolen data from the victim computers. …

c. Theft of Documents from DNC and DCCC Networks

Officers from Unit 26165 stole thousands of documents from the DCCC and DNCnetworks, including significant amounts of data pertaining to the 2016 U.S. federal elections.

Stolen documents included internal strategy documents, fundraising data, opposition research, and emails from the work inboxes of DNC employees.

The GRU began stealing DCCC data shortly after it gained access to the network. On April 14, 2016 (approximately three days after the initial intrusion) GRU officers downloaded rar.exe onto the DCCC’s document server. The following day, the GRU searched one compromised DCCC computer for files containing search terms that included “Hillary,” “DNC,” “Cruz,” and “Trump.”131 On April 25, 2016, the GRU collected and compressed PDF and Microsoft documents from folders on the DCCC’s shared file server that pertained to the 2016 election.132 The GRU appears to have compressed and exfiltrated over 70 gigabytes of data from this file server.133

The GRU also stole documents from the DNC network shortly after gaining access. On April 22, 2016, the GRU copied files from the DNC network to GRU-controlled computers. Stolen documents included the DNC’ s opposition research into candidate Trump.134 Between approximately May 25, 2016 and June 1, 2016, GRU officers accessed the DNC’s mail server from a GRU-controlled computer leased inside the United States.135 During these connections, Unit 26165 officers appear to have stolen thousands of emails and attachments, which were later released by WikiLeaks in July 2016.136

B. Dissemination of the Hacked Materials

The GRU began planning the releases at least as early as April 19, 2016, when Unit 26165 registered the domain dcleaks.com through a service that anonymized the registrant.137 Unit 26165 paid for the registration using a pool of bitcoin that it had mined. 138 The dcleaks.com landing page pointed to different tranches of stolen documents, arranged by victim or subject matter. Other dcleaks.com pages contained indexes of the stolen emails that were being released (bearing the sender, recipient, and date of the email). To control access and the timing of releases, pages were sometimes password-protected for a period of time and later made unrestricted to the public.

Starting in June 2016, the GRU posted stolen documents onto the website dcleaks.com, including documents stolen from a number of individuals associated with the Clinton Campaign.

These documents appeared to have originated from personal email accounts (in particular, Google and Microsoft accounts), rather than the DNC and DCCC computer networks. DCLeaks victims included an advisor to the Clinton Campaign, a former DNC employee and Clinton Campaign employee, and four other campaign volunteers. 139 The GRU released through dcleaks.com thousands of documents, including personal identifying and financial information, internal correspondence related to the Clinton Campaign and prior political jobs, and fundraising files and information.140 …

  1. Guccifer 2.0

On June 14, 2016, the DNC and its cyber-response team announced the breach of the DNC network and suspected theft of DNC documents. In the statements, the cyber-response team alleged that Russian state-sponsored actors (which they referred to as “Fancy Bear”) were responsible for the breach. 145 Apparently in response to that announcement, on June 15, 2016, GRU officers using the persona Guccifer 2.0 created a WordPress blog. In the hours leading up to the launch of that WordPress blog, GRU officers logged into a Moscow-based server used and managed by Unit 74455 and searched for a number of specific words and phrases in English, including “some hundred sheets,” “illuminati,” and “worldwide known.” Approximately two hours after the last of those searches, Guccifer 2.0 published its first post, attributing the DNC server hack to a lone Romanian hacker and using several of the unique English words and phrases that the GRU officers had searched for that day. 146 …

  1. Use of WikiLeaks

In order to expand its interference in the 20 I 6 U.S. presidential election, the GRU units transferred many of the documents they stole from the DNC and the chairman of the Clinton Campaign to WikiLeaks. GRU officers used both the DCLeaks and Guccifer 2.0 personas to

communicate with WikiLeaks through Twitter private messaging and through encrypted channels, including possibly through WikiLeaks’s private communication system. …

c. The GRU’s Transfer of Stolen Materials to WikiLeaks

Both the GRU and WikiLeaks sought to hide their communications, which has limited the Office’s ability to collect all of the communications between them. Thus, although it is clear that the stolen DNC and Podesta documents were transferred from the GRU to WikiLeaks, [REDACTED] …

An analysis of the metadata collected from the WikiLeaks site revealed that the stolen Podesta emails show a creation date of September 19, 2016.171 Based on information about Assange’s computer and its possible operating system, this date may be when the GRU staged the stolen Podesta emails for transfer to WikiLeaks (as the GRU had previously done in July 2016 for the DNC emails). 172 The WikiLeaks site also released PDFs and other documents taken from Podesta that were attachments to emails in his account; these documents had a creation date of October 2, 2016, which appears to be the date the attachments were separately staged by WikiLeaks on its site. 173

Beginning on September 20, 2016, WikiLeaks and DCLeaks resumed communications in a brief exchange. On September 22, 2016, a DCLeaks email account [email protected] sent an email to a WikiLeaks account with the subject “Submission” and the message “Hi from DCLeaks.” The email contained a PGP-encrypted with the filename “wiki_mail.txt.gpg.” 174 …

d. WikiLeaks Statements Dissembling About the Source of Stolen Materials

As reports attributing the DNC and DCCC hacks to the Russian government emerged, WikiLeaks and Assange made several public statements apparently designed to obscure the source of the materials that WikiLeaks was releasing. The file-transfer evidence described above and other information uncovered during the investigation discredit WikiLeaks’s claims about the source of material that it posted.

Beginning in the summer of 2016, Assange and WikiLeaks made a number of statements about Seth Rich, a former DNC staff member who was killed in July 2016. The statements about Rich implied falsely that he had been the source of the stolen DNC emails. On August 9, 2016, the @WikiLeaks Twitter account posted: “ANNOUNCE: WikiLeaks has decided to issue a US$20k reward for information leading to conviction for the murder ofDNC staffer Seth Rich.” 180

Likewise, on August 25, 2016, Assange was asked in an interview, “Why are you so interested in Seth Rich’s killer?” and responded, “We’re very interested in anything that might be a threat to alleged Wikileaks sources.” The interviewer responded to Assange’s statement by commenting, “I know you don’t want to reveal your source, but it certainly sounds like you’re suggesting a man who leaked information to WikiLeaks was then murdered.” Assange replied, “If there’s someone who’s potentially connected to our publication, and that person has been murdered in suspicious circumstances, it doesn’t necessarily mean that the two are connected. But it is a very serious matter … that type of allegation is very serious, as it’s taken very seriously by us.”181

After the U.S. intelligence community publicly announced its assessment that Russia was behind the hacking operation, Assange continued to deny that the Clinton materials released by WikiLeaks had come from Russian hacking. According to media reports, Assange told a U.S. congressman that the DNC hack was an “inside job,” and purported to have “physical proof” that Russians did not give materials to Assange. 182

 

Those are highlights from the opening 11% of the report, which is up through page 49 in the 448-page document. These are a prosecutor’s allegations; they are not necessarily true. Robert Mueller has a lengthy history of publicly alleging things that subsequently have come to be widely recognized to have been false. Furthermore, there are very serious reasons to doubt some of the most basic aspects of the Mueller report’s accounts of how information came to Wikileaks from Hillary Clinton’s and her campaign’s computers. Mueller even has been condemned by the FISA court for having violated the law and deceived that court. But these are his main allegations in Mueller’s ‘Russiagate’ report.

—————

Investigative historian Eric Zuesse is the author, most recently, of  They’re Not Even Close: The Democratic vs. Republican Economic Records, 1910-2010, and of  CHRIST’S VENTRILOQUISTS: The Event that Created Christianity.

 

Tags:

Support Countercurrents

Countercurrents is answerable only to our readers. Support honest journalism because we have no PLANET B.
Become a Patron at Patreon

Join Our Newsletter

GET COUNTERCURRENTS DAILY NEWSLETTER STRAIGHT TO YOUR INBOX

Join our WhatsApp and Telegram Channels

Get CounterCurrents updates on our WhatsApp and Telegram Channels

Related Posts

Join Our Newsletter


Annual Subscription

Join Countercurrents Annual Fund Raising Campaign and help us

Latest News