Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Russia Hacked Clinton's Computers Five Hours After Trump's Call

Mueller report finds that in July 2016, after then-candidate Donald Trump publicly called for Russia to "find the 30,000 emails," Russian agents targeted Hillary Clinton's personal office with cyberattacks.

While the Mueller report did not find evidence that Donald Trump or his campaign knowingly coordinated with Russia to target the computers and data of Hillary Clinton's campaign during the 2016 US presidential election, the investigation did show that both sides were willing to reap the benefits of each other's actions. 

One new detail included in the report, released April 18 by the US Department of Justice, highlighted the significance of the symbiotic relationship. On July 27, 2016, within five hours of then-candidate Trump's call for Russia to "find the 30,000 e-mails that are missing," officers of the Russian Main Intelligence Directorate of the General Staff (GRU) targeted Clinton's personal office for the first time, attempting to compromise 15 nonpublic accounts.

Previous details on Russia's activities during the run-up to the 2016 election, released as part of a 2018 indictment and charging documents against 12 GRU members, did not include the close link between the actions of the Trump campaign and Russia cyber activities.

In the report, special counsel Robert S. Mueller III specifically acknowledged the relationship but concluded it did not amount to knowing coordination. 

"Although the investigation established that the Russian government perceived it would benefit from a Trump presidency and worked to secure that outcome, and that the Campaign expected it would benefit electorally from information stolen and released through Russian efforts, the investigation did not establish that members of the Trump Campaign conspired or coordinated with the Russian government in its election interference activities," the report stated.

The redacted 448-page Mueller report — or, more officially, the "Report On The Investigation Into Russian Interference In The 2016 Presidential Election" — concludes that two Russian operations directly benefited the Trump campaign and detracted from the Clinton campaign during the 2016 election cycle.

In the first operation, the Internet Research Agency (IRA), based in St. Petersburg, Russia, and funded by a Russian oligarch, created a "social media campaign designed to provoke and amplify political discord in the United States," eventually evolving from "a generalized program designed in 2014 and 2015 to undermine the U.S. electoral system, to a targeted operation that by early 2016 favored candidate Trump and disparaged Clinton." In some cases, IRA employees contacted members of the Trump campaign directly to coordinate political activities, but they did so "without revealing their Russian association," the report found. 

Much of the report's details and conclusions regarding IRA interactions with the Trump campaign are redacted, citing potential harm to ongoing matters, one of the four categories that Attorney General William Barr stated he would use as a reason for redaction.

The second operation, conducted by Russia's intelligence service, focused on hacking the computers and e-mail accounts of various officials in the Clinton campaign. The operatives targeted "hundreds of e-mail accounts" and stole "hundreds of thousands of documents" from Clinton campaign officials, releasing them through online personas, such as "DCLeaks" and "Guccifer 2.0," and later WikiLeaks, according to the report. The operation began in March 2016; by April it had access to a variety of e-mail accounts and networks, including those of the Democratic Congressional Campaign Committee and Democratic National Committee. 

The GRU later targeted the officials and administrators of US elections, as well as the technology firms responsible for making and managing election hardware and software, according to the report.  

As the GRU released collections of e-mails from Democratic organizations and the Clinton campaign, the Trump campaign used the information to criticize Clinton. In particular, Clinton's use of a personal e-mail server for government work, as well as her legal team's deletion of e-mail messages they deemed to be nonwork-related, became significant rallying points for Republicans. Trump frequently called on Clinton to release the e-mail messages and for other parties to "find" the messages.

As Secretary of State from 2009 to 2013, Clinton used a personal e-mail server to a much greater extent than her predecessors. In 2013, a hacker known as "Guccifer" — whose handle would later be used as an alias for Russian intelligence operations — compromised the e-mail account of Sidney Blumenthal, an adviser to both Secretaries of State Colin Powell and Clinton, and publicly revealed Clinton's personal e-mail server.

In 2014, as part of the aftermath of the investigation into US diplomats' deaths in Benghazi, the US Department of State requested that Clinton and other former Secretaries of State submit any work-related e-mails. Clinton's legal team identified 33,000 e-mails that fell within that category and deleted personal e-mail messages, according to testimony by James Comey, director of the FBI at the time

The e-mail investigation came to a political head during a press conference on July 27, 2016, with Trump taking the unprecedented step of calling for a foreign country to take action.

"If Russia or China or any other country has those e-mails, I mean to be honest with you, I'd love to see 'em," he said, later adding, "Russia, if you are listening, I hope you're able to find the 30,000 e-mails that are missing. I think you will probably be rewarded mightily by our press."

Within five hours of that statement, GRU operatives were attempting to hack into Clinton's e-mail servers and nonpublic accounts, according to the Mueller report.

Related Content:




Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
User Rank: Ninja
4/22/2019 | 9:22:03 AM
Re: FACTS don't matter
The Russians did alot on the 2016 election and that would be ineteresting aside from the stupid Facbook campaign (see Zucky boy for that mess among many others) but this article has a political bent which should really be kept somewhere else.  Linkedin was getting political too at time and FB is of course a mess.  Just an attempt to keep the integrity and intellectual level of this fine discussion group on the up and up.  


User Rank: Strategist
4/22/2019 | 8:41:51 AM
FACTS don't matter
This board does not support FACTS uncovered by Bill Binney, well-known NSA whistleblower, but rather supports a make-believe "the Russians did it" fairy tale told by the deep state who attempted to overthrow a duly elected President of the United States. Shame on you!

User Rank: Strategist
4/20/2019 | 1:40:03 PM
Re: Keep Politics out of this forum
If you ever handled website administration, you would know that Russian bots attack every 3 to 4 seconds, at least. So to state that there was an attempt on HRC's computer is not news to anyone who has ever worked in this area.
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
4/19/2019 | 2:00:01 PM
Re: Keep Politics out of this forum
@REISEN1955, I'm not sure I understand your comment on the article as "political." This is reporting on a key cybersecurity element/finding in the Mueller report. Dark Reading has been covering the Russian hacking of the DNC and DCCC, & Podesta, etc., issue for some time, as well as the surrounding election security issues. 
User Rank: Ninja
4/19/2019 | 1:28:32 PM
Re: Keep Politics out of this forum
Agree - an article on HOW they did it might be more interesting.  
User Rank: Apprentice
4/19/2019 | 1:25:40 PM
Re: Keep Politics out of this forum
I know the tempation to allow your politics to bleed into your business is powerful, but please stop. This is not the place for it. 
User Rank: Ninja
4/19/2019 | 12:58:35 PM
Keep Politics out of this forum
Like Linkedin ---- political articles do NOT belong here. 
<<   <   Page 2 / 2
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Could you pass the hash, I really have to use the bathroom!
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-05-21
my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&amp;delete_posting.
PUBLISHED: 2019-05-21
IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log.
PUBLISHED: 2019-05-21
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.
PUBLISHED: 2019-05-21
A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as.
PUBLISHED: 2019-05-21
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.