133. How Russia Made Trump: Romanian Hackers, WikiLeaks, and Hillary’s Emails (Ep 3)

A

For exclusive interviews, bonus episodes, ad free listening, early access to series first look at live show tickets, a weekly newsletter and discounted books. Join the Declassified club@the restisclassified.com.

B

The Russians have hacked him into the Democrats servers and WikiLeaks are threatening to expose Hillary Clinton's emails. So is this the moment that triggers the downfall of the 2016 Clinton campaign? Well, welcome to the Rest is Classified. I'm Gordon Carrera.

A

And I'm David McCloskey and we are

B

deep in looking at the Russian Active Measures campaign to influence the US presidential election of 2016. We've looked at what active measures are this tradition of Soviet and Russian espionage to not just steal secrets, but actually influence events, often by leaking or putting out information. And we've looked at how that's moved into the modern world with the arrival of the Internet and this concept of the hack and leak. Last time we looked at the hacking part of it as those sneaky Russian GRU hackers with their pop tarts got into the DNC and the Clinton campaign through 2016. But now it's time to look at the leak. This episode is sponsored by hp. Most people are not counterespionage experts, but that won't stop them getting targeted by cybercriminals seeking to extract their secrets.

A

HP understands that approximately 4 in 10 UK businesses have reported cyber breaches in the past 12 months alone. That's why HP Business laptops, desktops and workstations bought directly on HP Store are secure, straight out of the box with their endpoint security.

B

No more stressing about dodgy emails or unexplained pop ups. HP's independently verified Wolf Pro Security works alongside your existing security tools to protect your business users and reputation from malware and evolving cyber threats. With your first click.

A

You don't need an alias or a secret hideout to stay safe, just WolffPro security working tirelessly to protect your hard work. It's security that's built in, not bolted on.

B

Find out more about how HP can protect your business@hp.com Classified podcast listeners benefit from a 10% discount on all business PCs, printers and accessories using the code TRIC10. Terms and conditions apply.

C

This podcast is brought to you by Carvana Car shopping shouldn't feel like preparing for a marathon of paperwork. That's why Carvana makes buying and financing your car easy. From start to finish, search thousands of vehicles with great prices, all online, all on your time. And when you're ready, your new car shows up right at your door. It doesn't get Better than that, buy your car the easy way on Carvana. Delivery fees may apply. Starting a business can seem like a daunting task unless you have a partner like Shopify. They have the tools you need to start and grow your business. From designing a website to marketing, to selling and beyond, Shopify can help with everything you need. There's a reason millions of companies like Mattel, Heinz and Allbirds continue to trust and use them. With Shopify on your side, turn your big business idea into sign up for your $1 per month trial at shopify.com specialoffer.

B

So, David, this is where what's been the kind of espionage digital intrusion that had been seen before, frankly, in US campaigns and all over the world. Getting into a computer network, stealing the information to try and find out what's going on. We've seen that before. But this is the moment it switches to being an active measure to actually doing something with the information that's been stolen to try and have an impact and effect in the world.

A

That's right. And for that active measure to work, you really don't want it to look like the Russians are responsible. You want there to be some kind of plausible front for the information so it's not widely seen as coming from Russia. So what do you do? Well, you create a digital front. It used to be the case in the Cold War that you'd go and find a journalist or in the case of the sort of active measure around the AIDS virus, a weird sort of small Indian publication and you see the story there and then you'd have to wait for it to spread. But now you need basically $37 worth of freshly minted Bitcoin, which is what the GRU uses. And they reserve a domain, try to reserve a domain called electionleaks.com but the domain name is taken. Gordon. They, they don't. It doesn't work.

B

Who buy?

A

Yeah, Exactly. Who has electionleaks.com so they try again. Just one day after compromising the DNC, the GRU registers another website, dcleaks.com and they pay for the new site out of the same pool of bitcoin. They do some web design, Gordon. And the next day, on April 20th, those pop tart eating borsch swilling hackers have drawn a sleek logo with DC and blue and there's a white silhouette of the Capitol. It's perched between the D and the C. It leaks is printed in red underneath. The GRU works then throughout the month of May to get this portal ready to publicize all of the leaks, although the leaks actually won't start until. Until July. The first portfolio of stuff uploaded to DC Leaks kind of shows right off the bat that it's the gru, because it's a bunch of emails that they've stolen a year earlier from a recently retired Supreme Commander of NATO forces in Europe. And it was an operation that had been widely believed to have been conducted by the gru. So already there are kind of GRU fingerprints on this. Three days after registering that leak site, the GRU begins preparations to exfiltrate all the data that they've collected from the DNC's networks. And they do this by moving gigabytes of data from the DNC through a what's called a command and control machine that they had leased in the state of Illinois. Yermakov, one of the unit 26165 hackers, and his team have sort of half heartedly attempted to cover their tracks by deleting logs from the DNC network that show when they had logged in and when they had conducted some of these data dumps. This is interesting. I think there's some murkiness around this. According to the investigation that's done later by Special Counsel Robert Mueller, there's another GRU unit, which is unit 74455, which receives a lot of this hacked material from unit 26165 and then essentially becomes the kind of interface with this sort of front sights that had been created and helps to get this information out.

B

Yeah, that's right. The murkiness is, it's in the Mueller report which investigated this, that that was the unit. I think the one thing I'd note is that that unit is often known by another one of these code words that these hacking groups have as sandworm. And 74455 is actually associated with some of the most intense cyber sabotage done by GRU hackers. Things like taking down the power grid in Ukraine in 2015. And that kind of activity is what they are normally associated with. So it's interesting that Muller links them in that report to building the infrastructure for spreading the material hacked by another unit. It doesn't quite fit in with how we think of them, but that's certainly what he says that they were doing, is creating the psychological warfare element of pushing the material out that had been hacked by this other unit.

A

And in any case, I guess whether it was 26165 or 74455, I guess the point is, is that it really matters how the information is released, what you release, when to whom There is a psychological and information warfare piece of this that is distinct from the actual computer network exploitation. This is where it starts to veer more into the political sphere of an actual active measure. Because if you're the gru, you were thinking about how do you maximize the. The sort of impact of the information as it gets out? And all of this sort of the timings, the who, what, when, where matter a lot. And what's interesting is that the GRU, they extract 72, mostly random, it seems, attachments from John Podesta's inbox, the chairman

B

of the Clinton campaign. Yeah.

A

And they publish these attachments on DC Leaks unmodified without. Without any reference to John Podesta, which kind of, I think, to me suggests that they're sort of figuring out what to do in real time and. And maybe don't have the most highly attuned political antenna to start.

B

And it's interesting because we talked about how the Internet has transformed active measures from the past and how previously, if you wanted to launder information, you'd have to use maybe publishers who are agents or use journals and then hope it gets picked up and try and push that here, you stick it onto the Internet. And it is interesting because one of the things that people hope when they do that is that they don't actually have to process the information that much. They don't have to pick out and say, this is the interesting bit. In this new world, you just dump the stuff and then you let journalists sift through it and find what they want and find their stories within it. It's a slightly different model from the active measures of the past, and it's one that relies on journalists, often Western journalists, to be picking through this material. We'd seen some previous aspects of this, speaking as a journalist, when the North Koreans, back to our friends in Pyongyang, had hacked Sony Pictures and they put up on the Internet a ton of material, quite sensitive material, from executives of Sony Pictures. All their internal emails, which included, had things which executives were saying about some film stars which were not entirely flattering and cost them their job. But the point was they just dumped the stuff and then they let journalists find it. And it was already becoming, although I don't think we thought about it enough in journalism at that point, a question which is, when this material gets dumped and maybe you don't know who's behind it, how do you, as a journalist, what's your responsibility in terms of looking at it? Because if it's true, do you just go, well, it's true and there's a good story in it, or do you have to worry if you're being manipulated and used by someone? And I think they were taking advantage of something, which was just starting then, which is this idea of dumping material on the Internet and letting journalists sift through it. And it just meant that they didn't have to do that much work. It makes it easier for the hackers because they just dump it there on DC Leaks.

A

That's right. And they had. The GRU had called themselves American hacktivists, right, who were proponents of freedom of speech and transparency and democracy. And they wrote. They wrote on DC Leaks that they were open for more cooperation, ready to publish more leaks. They obviously don't attribute any of the hacking to the GRU on DC Leaks, but they say that, you know, this is kind of being done by citizen, Citizen activists. And initially they don't get a lot of traction. I mean, the GRU tries to amplify the profile that DC Leaks has, and they actually, they use. They use an avatar who goes by the name of Melvin Reddick, who is on Facebook. And Melvin wrote after the DC Leaks portal went up and those attachments had been placed on it, quote, these guys show hidden truth about Hillary Clinton, George Soros. It's really interesting. Exclamation mark, exclamation mark, exclamation mark. And a few other Facebook accounts, you know, amplify it or kind of write similar things, but nobody really notices at this point. I imagine, you know, poor Lukashev and the Tick show and the other pop tart eaters kind of scratching their heads and thinking, well, how. How do we get. How do we get the word out? And it's a big question because you're kind of. The distribution of the leak is not going so well initially. And so, you know, I mean, what do you. What do you do, Gordon? You could go find a friendly journalist at the BBC who's willing to.

B

Definitely not the BBC, who's willing to

A

report whatever he's given, you know, as one example. But you could also, you could go to an anti American, anti secrecy group with a track record at that point, of just dumping stolen information online, regardless of the content. Does such a group exist in 2016? Gordon?

B

Enter WikiLeaks and Julian Assange, who, I think, his first appearance on the pod, I think, which is amazing that we've got this far without dealing with the character of Julian Assange and WikiLeaks.

A

We've somehow found someone, someone more reprehensible than Edward Snowden.

B

Well, I tell you what, just a brief foray into Julian Assange and WikiLeaks. I think it is really interesting. Julian Assange starts off as an Australian hacker, But by the 2000s, he's created this thing called WikiLeaks, which is where you can basically publish information which has come from lots of different places. And then it really gets attention in 2010 when it starts publishing some really interesting material. And some of it at first there's particularly some videos of American strikes on journalists in Iraq, killing them, which drew a lot of attention and were widely seen as actually being very important journalistically because this was bringing something to light which had been covered up by the US Military, which was having killed journalists with an airstrike. And they it was in Baghdad. And at that point, Junior Assanges and WikiLeaks are seen as this kind of anti government, slightly heroic whistleblowing organization through whom whistleblowers with something to share can go to and get the material out using some of the anonymity of the Internet. But then through 2010, it starts to develop into bigger and bigger data dumps because you get a series of leaks about Iraq. And then State Department cable and State Department cables from around the world. Talked about State Department cables last time, didn't we, which were obvious, often based on conversations between diplomats and locals, which were confidential conversations rather than intelligence agent conversations. And these are all going to be dumped on the WikiLeaks site, which draws WikiLeaks and Julian Assange into deep conflict, particularly with the US State Department around this time. A very deep conflict, because of the view that some of this material was going to endanger some of the sources who had talked to Americans and hadn't realized their material would be reported back and made public. And 250,000 diplomatic cables get released. Julius Sandra was a really kind of made him a very controversial figure and was still seen and is still seen in some circles as a kind of heroic figure, but is increasingly, as we'll see, kind of drifts to a different part of the political spectrum through this period. I interviewed him very briefly in late 2010 in London, and I spoke to him just briefly outside on the kind of, you know, it's one of those quick interviews out on the grass outside it. And he had that kind of slightly messianic driven look in his eyes already then. But at that point, he is really coming into conflict with the US and of course, another figure with our for this series with Hillary Clinton, who's US Secretary of State and is therefore responsible for these, for these cables. And so the kind of tension between him and the US government is just going to grow from this point onwards, isn't it?

A

I was hoping to bait you into, into defending Julian Assange, Gordon, given, given your long standing admiration for various traders on this program. It won't happen on Julian Assange.

B

Not happening, not happening on Assange.

A

I'm afraid we will do a series on Assange and WikiLeaks because it is a fascinating, yeah, a fascinating story. I mean, I remember I was at the agency in 2010 when that leak came out and there was an entire task force stood up to deal with the fallout from it because it was just, it was absolutely massive. I mean just the number of embarrassing conversations that came out of those diplomatic cables or US diplomats commenting in a negative light on foreign leaders, critiquing foreign leaders, things like that is again, it's kind of similar to Snowden in this way of just. It was absolutely indiscriminate. Unlike perhaps the leaks of videos showing the US killing journalists in Iraq, where it's a very focus specific thing. This is just an indiscriminate dump of information. And, and to your early point, just like let's let the world sort it out. Hillary Clinton has, has gathered around her a host of very interesting enemies in this series, hasn't she? Because she's got Putin coming after her. And I mean it's an interesting question of like why, why does Assange care about Hillary Clinton?

B

He does. And I think it's because of the conflict. I mean Sweden is going to want to extradite him on sexual assault charges, which he denied. And he's going to hide in the equidistant embassy. But he's always going to fear that the plan was to extradite him to the US and that the US was after him.

A

That's probably true, which is true.

B

Yeah. But also you see him drift increasingly. I mean he always had the kind of anti authoritarian hacker mindset, but you also start to see him drift increasingly to a kind of anti American mindset, anti Western mindset and then into the circle of the kind of pro Russian world because I think 2012, even though he holds up in the Ecuadorian embassy in London, so he's hiding there to avoid being extradited. He starts hosting a show for rt, Russia Today, the Russia backed news network, and he hosts a show in 2012. And so you can see him developing those relationships and links with Russia from that point onwards. And you can sense the tension and the aggravation and he runs a big site where you can dump loads of information and people can sift through it. That's an interesting kind of place to be once we get to 2016, isn't it?

A

Well, yeah, in 2016. So 12 June 2016, Julian Assange gives an interview to a British news network. He mentions that a major political leak is forthcoming. He says, we have upcoming leaks in relation to Hillary Clinton, which are great. WikiLeaks has a very big year ahead. Hillary Clinton. Julian Assange does not like her. And Hillary Clinton has an email problem, doesn't she? She does in 2016. And it helps, I think, explain why the public's interest in private email traffic among leaders in the Democratic Party is going to have so much resonance in 2016. And frankly, in some quarters in the US still does. Because shortly before Hillary is sworn in as Secretary, is Obama's Secretary of State. In 2009, Hillary Clinton sets up an email server, a private email server at her home in Chappaqua, New York, which

B

you shouldn't do, you shouldn't do for

A

official emails where you should, you should not do this. Now, she sets it up so that her email address is hdr22@clintonemail.com and she used this, uses this email for all of her work and personal related correspondence during her four years as Obama's Secretary of State. She also reportedly sets up email addresses on the server for longtime aides. She did not use or ever even activate a state to email account which would have been hosted on servers owned and managed by the US Government. Former Secretary of State Colin Powell had also done this. This is not to excuse it, it's just to note that this is not a one of one situation. And I think we would both agree, Gordon, that it was a, I think, strikingly bad judgment.

B

Oh yes.

A

To do that.

B

She's going to pay a heavy price for that misjudged.

A

And she's gonna pay a very heavy price for this. Because in the first week of March in 2015, so a year before the GRU's hacks, this becomes a national story. And the New York Times runs a front page article on the subject of Hillary's private server and her emails. And the article says the system may have violated federal requirements. And it was, quote, alarming to current and former government archive officials. You never want government archive officials alarmed by what you're doing, Gordon. But they were not good. And this had been revealed by a Romanian hacker who went by the moniker, and I always pronounce this Guccifer Gordon Guccifer. I'd say it's Goose. I think it's Goosifer.

B

Goosefer is how I'd say it's Guccifer.

A

Two C's in the middle.

B

Remember the name because it's an important name. We'll come back then. Yeah, the Romanian hacker Guccifer.

A

Yeah. And so this all comes out following what had been a really nasty investigation into the attack in Benghazi, which is a 2012 attack on two American diplomatic compounds in Benghazi, Libya that had led to the tragic death of the US Ambassador and three other Americans. And Congressional Republicans had been investigating Clinton, who had been Secretary of State at the time, on suspicion that she had played a role in blocking a viable rescue mission or covering up malfeasance that had led to the, to the deaths.

B

It comes very political, doesn't it?

A

Intensely political. And Clinton basically says, you know, she had set up this private server for convenience, but she'd also written at one point that she didn't want to risk the personal becoming accessible, which I think is a large part of the reason for setting up the server in the first place. And really critically, she had deleted a massive trove of emails that she considered to be personal. So the deletion of emails from this private server starts to feed theories that she had covered up some wrongdoing associated with Benghazi. Hence this kind of spiral of the investigation is trying to get to the bottom of whether she had done something wrong. And then lo and behold, they realized that a bunch of the email traffic that she'd been sending at the time, which she claimed as personal, had been, had been deleted. The State Department investigators, they, they're going to subsequently determine that classified information may have existed on at least one of her private servers and a thumb drive that weren't in the government's possession. And some of that sensitive information in the emails, it seems, belonged not to the State Department but to intelligence agencies. So you have the intelligence community's Inspector General who actually looks at a sample of the emails and finds that at least four contain classified material. So then that gets relayed to the Justice Department. So you have this long running investigation, long running investigation. It's going to become just a never ending scandal that surrounds her and will surround her for the fort the rest of the year. But Julian Assange and WikiLeaks to bring it back to our definitely not friend of the pod, Julian Assange. They've been all over this. And now we have Gordon, a very happy alignment in this active measure because The GRU has got a ton of Podesta's emails. They've got information from inside the dnc, they've got information from inside the dccc and they've struggled, haven't they, to distribute that information, to get it out there. What does WikiLeaks have though?

B

A platform.

A

They have a platform. By the 14th of June, the GRU, sensing that their DC leaks platform had been a hard sell and wasn't really getting the word out, they start to reach out to WikiLeaks directly. They don't do this as the GRU, of course. They do this through the DC leaks Twitter account, privately messaging WikiLeaks. Think you announced your organization was preparing to publish more Hillary's emails. We're ready to support you. We have some sensitive information too, in particular her financial documents. Let's do it together. What do you think about publishing our info at the same moment? And Assange, I like this. He doesn't respond to the first contact attempt because he just, he misses, he misses the message on Twitter. I don't know how you are, Gordon, with, with your Twitter dms, but, you know, very erratic. I can be spotty. Right. And I guess Julian Assange is probably getting hit up with this kind of stuff all the time at this point and he just, he just misses it. What I think is interesting is that, you know, the, the GRU at this time is monitoring Assange's statement so closely and then offering their support because it's very likely, and I should say there is still, you know, even after years of investigations, there still is some mystery here.

B

I think there is, yeah.

A

On the kind of the TikTok of

B

the contacts and the secrets contact between

A

the GRU and WikiLeaks. But what seems to be the case is that the reason they're watching Assange WikiLeaks so closely on Twitter is that they've already passed the archive of John Podesta's inbox to WikiLeaks before 12 June, but done so anonymously. And WikiLeaks had not acted on it and had just sat.

B

But this isn't gonna remain secret and unspotted in DMs for long. Cause very soon after that, the whole issue of the hacking of the DNC is going to get very public and very political. Let's look at that after the break.

A

Close your eyes. Exhale.

C

Feel your body relax and let go

A

of whatever you're carrying today.

C

Well, I'm letting go of the worry that I wouldn't get my new contacts in time for this class, I got them delivered free from 1-800-contacts. Oh my gosh. They're so fast.

A

And breathe.

C

Oh, sorry. I almost couldn't breathe when I saw the discount they gave me on my first order. Oh, sorry. Namaste. Visit 1-800-contacts.com today to save on your first order.

B

1-800-contacts.

C

This episode is brought to you by Nespresso introducing Virtuo up, the latest in a long line of innovation from Nespresso. It's innovation you can touch so sense and taste in every single cup. With a three second start, easy open lever and dedicated brew over ice button, it's even easier to enjoy your coffee your way. Sip for yourself. Shop Vertuo up exclusively@nespresso.com your planet is

B

now marked for death.

A

Marvel Studios the Fantastic Four First Steps is now streaming on Disney. We will protect you as a family. Them light them up. Johnny Marvel's first family is certified fresh on Rotten Tomatoes. That is fantastic. And critics say it's one of the best superhero movies of all time. Marvel Studios the Fantastic Four first steps now streaming on Disney Plus. Rated PG 13. What time is it, Ben? It's Clover time.

B

So, David, we talked a little bit, haven't we, about how the DNC had been hacked by actually two Russian intelligence groups. And it's worked out it's been hacked and it's called in a security firm, CrowdStrike, to investigate what had happened to it. And they're going to find evidence of those hacks, which is important at this point.

A

Well, that's right. And once CrowdStrike gets involved, I mean, essentially what happens is that the DNC has to clean up its entire network and run a very tedious cleanup process over. Over a weekend in June. Right. So on Friday 10 June, after realizing that they had been hacked, the DNC takes its machines offline. Everyone has to like turn in devices over the weekend. They have to be wiped and cleaned. This whole thing is going to end up costing the DNC over a million dollars. But by the end of the weekend, on 12 June 2016, the DNC's networks are back online and the Democrats know that they've been hacked. But this is, this is what's fascinating is initially it's kind of not that big of a deal. I mean, the Post, the Washington Post is working on a story that's probably leaked to the Post by the DNC itself. And you have the, you have CrowdStrike, which has prepared a technical report to kind of coincide with the Post. So you, you know, I guess an outline of what's happened that the DNC has been hacked on. In the CrowdStrike report, there's been evidence of the. The tradecraft that the Russians have used in both intrusions. And on the 14th of June, hat tip to our producer Becky, who notes that this is Trump's birthday. The Washington Post writes a story that reveals that Russian government hackers had penetrated the dnc.

B

Yeah, and I remember this very well, covering the campaign, covering cybersecurity. This was a story, but interestingly enough, it wasn't a massive story at the time, because I think it was seen in the context still of espionage, of this is the kind of thing you'd have expected Russian hackers to have done, and the questions about whether their security had been weak. But it did make clear that they potentially got access to the DNC's database of opposition research, which is very interesting information because obviously campaigns do oppo research on their adversaries in which they collect basically the dirt. Well, not dirt, but anything that could be used against them. And, you know, that's going to include Donald Trump, it's going to include others. But the Washington Post definitely framed it as traditional espionage, trying to understand each campaign, what it was doing, what the candidates might be, what positions they would take. So it was not seen as a real emergency, even though actually the reality was something else was already going on involving those GRU hackers.

A

I kind of like this part of the story, Gordon, because there's a pissing match between the hackers and CrowdStrike, isn't there? Because CrowdStrike, in the report that they put out, basically expose a bunch of the. A bunch of the shoddy tradecraft that the GRU had had used and explain how they did that, how they did the hack. And that doesn't land so well inside the gru. The GRU guys are, are kind of ticked off that CrowdStrike has. Has outed them and. And how they've done this. So what this means just kind of said the timeline is that by mid June, the GRU has been outed as the per. And the Post has run a story, Right? So by the middle of June, it is understood that the Russians are behind a hack of the DNC. But the GRU guys are looking to embarrass CrowdStrike and go back at the people who outed them. And the GRU creates an online Persona. They whip this together quite quickly. Guccifer 2.0. So, remember, we talked. We talked about the first Guccifer who had been involved in breaking really the sort of Hillary email story and who

B

I think had been imprisoned or detained, so no one thought it was him. But Guccifer 2.0, they're trying to make out it's another kind of independent hacker, like the Romanian, who's trying to have a go at the Americans but is not linked to the state. So it's kind of deliberate front for them.

A

That's right. And on the 15th of June, this Guccifer 2.0 issues a rambling post that dismisses the CrowdStrike conclusions. And they refer to CrowdStrike as a, quote, worldwide known company. There will be a problem with syntax throughout. Yeah, the books that are issued by the GRU. So instead, Guccifer 2.0 says the DNC has been hacked by a lone hacker. And Lukashev and his compadres inside the GRU try to portray themselves as Romanians because the original Guccifer had been Romanian. But this will be a fiction that's exposed when they are posed questions by a Romanian journalist and the responses come back, it looks like it's been been through Google Translated. Google translated, yeah, that's right. So as proof though, Guccifer 2.0 puts out on a blog 11 documents that he claims had come from the DNC. Right. And this includes an oppo research file on Trump and a list of major Democratic donors. By this time, though, the GRU has tampered with some of the files. Five of the leaked documents, they're Microsoft Word files, they're named like 1/doc, 2/doc, and on and on. All of them had been modified on 15 June, just before being published. The GRU had used kind of an old active measures trick and had decided, well, we better make these documents look more interesting. And so they had upgraded four out of the five. They had written confidential across the top, and another one of them, they wrote secret. Right. Just to me.

B

They know journalists.

A

That's what people want more interesting.

B

That's.

A

Yeah, exactly. But in the haste of kind of this whole story breaking, the GRU officer who had edited the documents did not clean up the metadata and left his machine's username visible in the original Cyrillic. The name was Felix Edmundovich. Now, Felix Edmundovich is not a pop tart eating GRU hacker. This is the first name in the patrodymic of Felix Dzerzynski, the founder of

B

the founder of the Cheka, the hero of every. Every Soviet and Russian spy. So it's a little bit of a giveaway, isn't it? Which gets spotted, I think, including by a few people online who start to go, ah, this looks like the Russians.

A

That's right, that's right. And so there's basically a group of kind of online volunteer detectives who quickly spot these metadata errors.

B

A bit sloppy, which, which is classic GRU and which basically allows everyone to go, this does not look like a lone hacker, you know, this looks like Russian intelligence. And that Guccifer 2 is just a front for the GRU.

A

I guess. The hackers are consumed in the month of June with establishing their DC Leagues portal and fighting with CrowdStrike online. But on July 14, Guccifer 2.0 sends an email to WikiLeaks that includes an attachment with detailed instructions. Now, I wondered if Gordon was going to prevent me from reading the attachments file.

B

Go for it.

A

I'm just going to do it anyway. WKDNC Link1.txt GPG this is the attachment, which I can't believe anyone would click on something that has that for.

B

For.

A

For an attachment file name. But a few days later, WikiLeaks privately acknowledges the receipt of the archive, which is about a gigabyte of information. And they tell the GRU officers that the public release would be ready that week. So on Friday 22nd July, three days ahead of this timing is really important. Three days ahead of the Democratic convention, WikiLeaks will dump online 19,252 emails with more than 8,000 attachments, all stolen from the DNC's computers and. And made searchable by keyword. And Julian Assange himself announces the release that morning. He says, are you ready for Hillary? He's writing on Twitter. We begin our series today with 20,000 emails from the top of the DNC. And then a while later, WikiLeaks own account sends out links to that trove and it's got hashtags, which is Hillary2016 and hashtag feeltheburn B E R N. Because her primary opponent at that point is Bernie Sanders.

B

And it's at this point I remember it well, the story explodes. Really interesting, but they've been trying for so long to get traction from the stolen emails, and now suddenly it takes off. It's something about WikiLeaks. It's something about the timing ahead of the convention, and crucially, that there is actually really interesting information in there, because what it shows is that the dnc, which is the Democratic Party, which is supposed to be neutral between the different candidates trying to become the nominee for the Democratic Party, it seems to show that the senior officials have been taking sides and supporting Hillary Clinton against Bernie Sanders. And this I think is really important because there is a genuine story in there, if you like, which is the DNC has taken sides and it's going to have an impact on the anger in the Democratic Party. You obviously have Bernie Sanders, which is the insurgent wing of the Democratic Party and suddenly his supporters are going to feel very pissed off with both the Democratic Party and with Hillary Clinton for apparently secretly behind when they shouldn't have been conspiring against him. It's going to lead to the chair of the dnc, Debbie Wasserman Schultz, resigning. I mean, she's going to resign over what's in those emails. So it is, it is damaging in that sense, isn't it?

A

Well, it is. And I mean in a few emails Debbie Wasserman Schultz had called Bernie Sanders campaign manager an ass and a liar. And there was one particularly embarrassing chain that had the DNC's chief financial officer proposing to other DNC officials. I mean, just a straight up attack on, on Bernie Sanders. On the grounds of Bernie Sanders religious beliefs. Right. Or kind of his, his lack thereof. It said basically, can we get someone to ask his belief, does he believe in a God? He had skated on saying he has a Jewish heritage. I think I read he's an atheist. My Southern Baptist peeps would draw a big difference between a Jew and an atheist. Right. Doesn't look so good. You're supposed to be the impartial CFO of, of the dnc. There isn't evidence that the DNC really ever acted on these ideas. But it kind of doesn't matter because and especially it doesn't matter from, you know, again to bring this back to a Russian intelligence operation, the Russian standpoint, if you are attempting to weaken Hillary Clinton, this is a good way to do that because what it does is it exposes the fact that your, your entire party has, well, you could spin it this way, I guess has essentially rigged the outcome of the primary in your favor.

B

Yeah. And I think, you know, we'll come back later, I think to the question of how much difference did the Russian active measure make on the election. But I think it's worth just briefly saying, I think this is one point where I think you can make the case that it does make a difference not just to this moment and being a news story, but to the eventual outcome of what we know later will be a close election. Because if some of those Bernie Sanders supporters are sufficiently pissed, pissed off that the DNC has been conspiring against them and Hillary Clinton's been conspiring against them. They are not going to throw their support behind her, are they? When she comes out of the convention as the nominee, they're going to be kind of annoyed. So your ability to unify support across the Democratic Party and bring in the left wing Bernie Sanders supporters is going to be undermined by this. And in a close election, I think you can make the case that that actually has a material impact in terms of the energy and the breadth of support that gets behind Hillary Clinton once she comes out of the convention.

A

Well, and someone else, Gordon, is going to seize on the spill of these emails and there's going to be a tweet from Donald Trump that says leaked emails of DNC show plans to destroy Bernie Sanders, mock his heritage and much more online from WikiLeaks really vicious rigged. And I think that that'll say it all about how this active measure is going to start to just seep into the bloodstream of this election and how it's going to just ricochet around and be used and, and really promulgated by media, the candidates themselves. It's, it's really a startling story and it's going to show how this thing is going to turn into absolute wildfire as the summer turns into the fall.

B

So perhaps there with Donald Trump entering the fray of the election campaign and this issue of the leaked emails, let's stop for this time. But of course, a reminder, if you want to hear the rest of this series, do join the Declassified club@the restisclassified.com where you'll also get access to the bonus series we're doing for members which is going to look very specifically at that issue of the Trump campaign in Russia and that relationship which sits alongside this series looking at, if you like, the Russian active measures. So lots there for members to enjoy. But otherwise we'll see you next time.

A

See you next time.

B

Do you want to know what really happens inside MI5 or what we chat

A

about when the cameras aren't rolling?

B

If you love the show and you want to come behind the scenes with, with us, who better to join than our producer Becky? From now on, she'll be writing a free newsletter every week taking you behind the mic at the Rest is Classified.

A

Make sure to subscribe via the link in the episode description to be the first to read the latest Classified Insider or head to thereestisclassified.com to find out more.