Deputy Attorney General Rod J. Rosenstein on Friday announced the indictment of 12 Russians affiliated with that country’s intelligence services for their alleged role in hacking the networks of the Democratic Party, the congressional campaign arm of the party and email accounts of individuals associated with the 2016 presidential campaign of Hillary Clinton. The indictment was the most significant of those obtained by special counsel Robert S. Mueller III and his team because it, for the first time, directly and publicly implicates the Russian government in the hacking effort, a central part of that country’s apparent attempt to influence the outcome of the election.
The indictment itself [see internal link above] offers a flurry of new details about that effort, including, perhaps most importantly, that the hackers tried to access Clinton’s personal server on July 27, 2016 -- the same day that then-candidate Donald Trump publicly implored unnamed Russian hackers to hack her server. Another interesting detail: At one point the hackers -- believed to be affiliated with Russia’s Main Intelligence Directorate, or GRU -- allegedly modified the Democratic Congressional Campaign Committee’s website to redirect donations from the popular site ActBlue to a domain they’d established, ActBlues.com.
Below, a timeline of the new allegations included in the indictment. We’ve also included information that was known prior to Friday’s announcement for additional context. They’re identified with a gray [pale yellow] background. (Those items generally come from two other timelines.)
May 2014. Russians working for a group called the Internet Research Agency begin their efforts to meddle in the election and American politics more broadly. Over the next several months, people working with the group travel to the U.S.
2015. Russian-linked hackers allegedly access and steal documents from individuals associated with the Republican Party.
June 16, 2015. Donald Trump announces his candidacy for the Republican presidential nomination. Among other things, the announcement is the culmination of years of advocacy on the part of Trump’s longtime friend and adviser, Roger Stone. Stone never takes a position with the campaign.
Feb. 1, 2016. Republican primary voting begins in Iowa.
March 6, 2016. George Papadopoulos is named a foreign-policy adviser by the campaign.
March 15, 2016. The Russian hackers allegedly begin trying to identify vulnerabilities in the network of the Democratic National Committee.
March 19, 2016. Clinton campaign chairman John Podesta and others are sent “spear-phishing” emails meant to steal the login credentials for their email accounts.
March 21, 2016. Hackers allegedly gain access to Podesta’s account and steal over 50,000 emails.
March 25-28, 2016. Hackers allegedly target a number of additional campaign staffers with spear-phishing emails. That effort apparently included researching staff on social media.
March 28, 2016. Paul Manafort is hired by the Trump campaign to focus on delegates at the Republican convention. His background includes work for a Russian oligarch close to Putin named Oleg Deripaska.
April 6, 2016. Hackers allegedly sent a purported link to an Excel document named “hillary-clinton-favorable-rating.xlsx” from an email account meant to look like a member of the Clinton campaign team. Clicking the link took staffers to a GRU-controlled website.
The same day, a DCCC employee clicks on a link in a spear-phishing email and provides her credentials to hackers.
April 7, 2016. Hackers allegedly begin trying to identify vulnerabilities in the DCCC network.
April 11, 2016. Manafort emails longtime aide Konstantin Kilimnik (who himself may have ties to Russian intelligence) to ensure the oligarch Deripaska’s “operation” has seen his media coverage, presumably about the Trump campaign. “How do we use to get whole?” he asks.
April 12, 2016. Hackers allegedly gain access to the DCCC network.
April 18, 2016. Hackers allegedly gain access to the DNC network using credentials stolen from a DCCC employee. By June, they’ve allegedly compromised 33 computers, using the same relay system as for the DCCC
April 19, 2016. Hackers register DCLeaks.com after unsuccessfully trying to register ElectionLeaks. The registration is paid with bitcoin, mined by the hackers themselves, in order to mask the hackers’ identity. The domain is registered to “Carrie Feehan” in New York.
April 22, 2016. Hackers allegedly compress and steal several gigabytes of opposition research material.
April 26, 2016. Papadopoulos is told by a Russian-linked professor named Joseph Mifsud that the Russians have “dirt” on Clinton. “They have thousands of emails,” he is told.
April 27, 2016. Papadopoulos emails senior campaign adviser Stephen Miller to say he had “some interesting messages coming in from Moscow about a trip when the time is right.”
Spring 2016. From April through June, hackers allegedly install malware on DCCC computers that allows them to steal information and maintain access to the network. Information from this breach, including screenshots and keystroke information is sent to a server in Arizona via an overseas connection. Files were compressed and then transferred allegedly to a server based in Illinois. Hackers allegedly went back and deleted log file of their activity.
Computers were searched for information based on keywords like “trump.” Folders about the Benghazi investigation and including opposition research are allegedly stolen.
May 2016. Both the DCCC and DNC become aware that their networks have been compromised.
May 25 – June 1, 2016. Hackers allegedly access the DNC’s Microsoft Exchange server and steal thousands of emails.
June 2016. The Russian hackers begin researching information about state boards of election and political parties.
June 3, 2016. Donald Trump Jr. receives an email from a publicist working for a Russian pop star named Emin Agalarov offering to set up a meeting to “provide the Trump campaign with some official documents and information that would incriminate Hillary and her dealings with Russia and would be very useful to your father. This is obviously very high level,” the email reads, “and sensitive information but is part of Russia and it’s government’s support for Mr. Trump.”
Trump Jr. and Agalarov allegedly talk by phone about the possible meeting; the date is finalized on June 7, 2016.
June 8, 2016. DCLeaks launches. The site will eventually publish material allegedly stolen by the hackers including emails, DNC files and information stolen from Republicans in 2015. The same day, the hackers allegedly also create Twitter and Facebook pages for DCLeaks. The computer used to operate the Twitter account was also used to operate Twitter accounts associated with the Russian effort to influence the campaign over social media.
June 9, 2016. Trump Jr., Manafort and Jared Kushner meet at Trump Tower with a Kremlin-linked attorney.
June 12, 2016. In an interview with ITV, WikiLeaks’ Julian Assange says the organization has more emails from Hillary Clinton.
June 14, 2016. With the public revelation that the DNC network had been hacked, the Russians allegedly created the “Guccifer 2.0” persona, mimicking a prominent Romanian hacker from several years prior.
At some point in March or April, 2016, hackers allegedly use bitcoin to buy server space and a virtual private network account in Malaysia. The server is used to host DCLeaks.com; the VPN is used in July to update the Guccifer 2.0 Twitter account.
After setting up the domain ActBlues.com, meant to mimic the popular fundraising site ActBlue, hackers allegedly update the DCCC website to point to the new domain.
[... image ...] -- Code from the DCCC website captured in June 2016 showing a link to the “ActBlues” domain. ( Internet Archive )This same day, The Post reports that Russians accessed the DNC network.
June 15, 2016. In Moscow, Russians use a computer to search for certain expressions like “Illuminati” or “think twice about.” Those phrases and words later appear in Guccifer blog posts.
[... image ...] -- of blog post: GUCCIFER 2.0 DNC'S SERVERS HACKED BY A LONE HACKERGawker publishes an opposition research file on Trump obtained from Guccifer 2.0.
June 22, 2016. An unnamed organization, later indirectly identified in the indictment as WikiLeaks, reaches out to Guccifer 2.0 (apparently over Twitter) to request he/they “[s]end any new material [stolen from the DNC] here for us to review and it will have a much higher impact than what you are doing.”
WikiLeaks subsequently requests any information about Clinton over the short term because the Democratic convention was approaching, after which Clinton “will solidify bernie supporters behind her.” WikiLeaks notes that they think “trump has only a 25% chance of winning” so “conflict between bernie and hillary is interesting.”
June 27, 2016. Hackers allegedly contact a reporter offering access to emails stolen from a DNC staffer.
July 2016. Hackers allegedly access the website of a state board of elections and steal detailed information on 500,000 voters. It’s later reported that systems in Illinois and Arizona were compromised with vast amounts of information stolen. (No election results are alleged to have been affected by the hacks.)
Attempts to compromise boards of election continued through the campaign.
July 7, 2016. Manafort contacts Kilimnik again to invite Deripaska to get a private briefing on the campaign.
July 14, 2016. The hackers allegedly send a file to WikiLeaks with instructions on downloading the full archive of DNC documents.
July 18, 2016. WikiLeaks allegedly confirms to Guccifer 2.0 that it has accessed the one-gigabyte file and would publish the documents “this week.”
July 22, 2016. WikiLeaks releases emails stolen from the Democratic National Committee. The Democratic convention begins on the 25th.
July 27, 2016. At a news conference, Trump dismisses the idea that Russia is behind the hacking -- and makes a request.
“If it is Russia -- which it’s probably not, nobody knows who it is -- but if it is Russia, it’s really bad for a different reason, because it shows how little respect they have for our country, when they would hack into a major party and get everything,” he said. “But it would be interesting to see -- I will tell you this -- Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing [from Clinton’s private server]. I think you will probably be rewarded mightily by our press. Let’s see if that happens. That’ll be next.”
Trump’s press conference began in the morning in Florida, late afternoon in Russia. The same day, the GRU hackers allegedly try to access Clinton’s personal email server in addition to targeting 76 more email addresses within the campaign. The indictment doesn’t mention any other attempt to access the server.
[... video ...] --During the 2016 presidential campaign, Donald Trump said he hoped Russia can find Hillary Clinton's emails on July 27, 2016.(Reuters)July 31, 2016. The FBI begins investigating possible links between the Russian government and Trump’s campaign. The investigation is triggered when Australian authorities contact the agency to say that Papadopoulos had mentioned stolen material in a May conversation with one of their diplomats.
August 2016. Hackers allegedly access information for a software vendor that is used to verify voter registration information. This is likely Florida-based VR Systems, which later sends out an alert about people impersonating the company.
When the FBI sent out an alert about the hacking, some of those involved in the hacking effort allegedly began trying to cover their tracks.
Aug. 5, 2016. Roger Stone writes an essay for Breitbart blaming the DNC hacks solely on Guccifer 2.0 -- and not on Russian actors.
Aug. 8, 2016. Stone tells a Republican group that he has been in contact with Julian Assange and that the next documents to be released were related to the Clinton Foundation.
Aug. 9, 2016. WikiLeaks obliquely denies in a tweet having had contact with Stone.
In private messages obtained by the Intercept, the group refers to Stone as a “bulls——” who is “trying to imply that he knows anything.”
Aug. 12, 2016. Guccifer 2.0 releases more information purportedly stolen from the DCCC. The hacker thanks Stone on Twitter for his defense.
Aug. 14, 2016. Stone and Guccifer 2.0 begin having a conversation over Twitter direct messages.
Aug. 15, 2016. The hackers allegedly receive a request from a candidate for Congress through the Guccifer 2.0 identity. They provide information about the candidate’s opponent that was stolen from the DNC. Information stolen from the DCCC about races in Florida and Pennsylvania are released over the next several days.
Aug. 19, 2016. Manafort is fired from the campaign after questions arise about his work in Ukraine.
Aug. 21, 2016. Stone tweets, “Trust me, it will soon [be] Podesta’s time in the barrel.” (Stone’s Twitter account is later suspended.)
Aug. 22, 2016. The hackers allegedly transfer 2.5 gigabytes of data to a lobbyist and blogger in Florida. Aaron Nevins later admits having accepted the data, which included a get-out-the-vote strategy for the Democrats in the state.
Posing as Guccifer 2.0, the hackers on the same day allegedly offer a reporter stolen documents about Black Lives Matter. Those documents are eventually published on DCLeaks.
On Aug. 31, the Washington Examiner publishes a story about how the DNC wanted candidates to approach the subject, citing Guccifer 2.0.
September 2016. Hackers allegedly gain access to virtual DNC computers hosted by a third-party and duplicate their contents.
Sept. 9, 2016. Guccifer 2.0 asks Stone his opinion on a Democratic Party document over Twitter direct message; he offers a curt reply.
Sept. 20, 2016. WikiLeaks messages Trump Jr. privately over Twitter, pointing to a new site linking Putin to Trump. The next day, Trump Jr. responds to say he’ll “ask around” about it. Trump Jr. then emailed senior campaign staff about the message. “Do you know the people mentioned,” he wrote, apparently referring to those behind the Putin-Trump site, “and what the conspiracy they are looking for could be?”
October 2016. The last malware tool allegedly implanted by the Russians is removed from the DNC network.
Oct. 2, 2016. Stone tweets, “Wednesday@HillaryClinton is done. #WikiLeaks.”
Oct. 3, 2016. Stone tweets, “I have total confidence that @wikileaks and my hero Julian Assange will educate the American people soon. #LockHerUp”
Oct. 5, 2016. Stone tweets, “Libs thinking Assange will stand down are wishful thinking. Payload coming #Lockthemup”
Oct. 6, 2016. With Wednesday having come and gone, Stone again tweets about WikiLeaks: “Julian Assange will deliver a devastating expose on Hillary at a time of his choosing. I stand by my prediction.”
Oct. 7, 2016. WikiLeaks begins releasing documents stolen from Podesta.
Oct. 11, 2016. Podesta tells reporters that he thinks Trump’s campaign was warned about the release of his emails, pointing the finger at Stone.
Oct. 12, 2016. WikiLeaks again contacts Trump Jr. to share a link to file archives. Shortly afterward, the candidate tweets about the leaks.
Oct. 13, 2016. WikiLeaks releases another statement denying contact with Stone. He subsequently contacts the organization over Twitter direct message in an exchange reported by the Atlantic.
Oct. 19, 2016. During the final presidential debate, Trump says Putin has no respect for his opponent, Hillary Clinton. She responds,
“That’s because he’d rather have a puppet as president of the United States.”
“No puppet,” Trump replies. “You’re the puppet.”
Trump then argues that Clinton doesn’t know who’s behind the hacking, if it’s “Russia, China, or anybody else.”
Nov. 8, 2016. Trump wins the presidency.
January 12, 2017. The Guccifer 2.0 website is updated to deny any connection to the Russian government.
March 1, 2017. The DCLeaks website is shut down.
This article was corrected to fix dates surrounding the launch of the DCLeaks website.