by digby
Emptywheel has a detailed analysis of the indictment yesterday. If you want to get the gist of what’s new and important about it I’d recommend you read it.
Here she is on Chris Hayes last night:
TIMELINE
February 1, 2016: gfade147 0.026043 bitcoin transaction
March 2016: Conspirators hack email accounts of volunteers and employees of Hillary campaign, including John Podesta
March 2016: Yermakov spearphishes two accounts that would be leaked to DC Leaks
March 14, 2016 through April 28, 2016: Conspirators use same pool of bitcoin to purchase VPN and lease server in Malaysia
March 15, 2016: Yermakov runs technical query for DNC IP configurations and searches for open source info on DNC network, Dem Party, and Hillary
March 19, 2016: Lukashev spearphish Podesta personal email using john356gh
March 21, 2016: Lukashev steals contents of Podesta’s email account, over 50,000 emails (he is named Victim 3 later in indictment)
March 25, 2016: Lukashev spearphishes Victims 1 (personal email) and 2 using john356gh; their emails later released on DCLeaks
March 28, 2016: Yermakov researched Victims 1 and 2 on social media
April 2016: Kozachek customizes X-Agent
April 2016: Conspirators hack into DCCC and DNC networks, plant X-Agent malware
April 2016: Conspirators plan release of materials stolen from Clinton Campaign, DCCC, and DNC
April 6, 2016: Conspirators create email for fake Clinton Campaign team member to spearphish Clinton campaign; DCCC Employee 1 clicks spearphish link
April 7, 2016: Yermakov runs technical query for DCCC’s internet protocol configurations
April 12, 2016: Conspirators use stolen credentials of DCCC employee to access network; Victim 4 DCCC email victimized
April 14, 2016: Conspirators use X-Agent keylog and screenshot functions to surveil DCCC Employee 1
April 15, 2016: Conspirators search hacked DCCC computer for “hillary,” “cruz,” “trump” and copied “Benghazi investigations” folder
April 15, 2016: Victim 5 DCCC email victimized
April 18, 2016: Conspirators hack into DNC through DCCC using credentials of DCCC employee with access to DNC server; Victim 6 DCCC email victimized
April 19, 2016: Kozachek, Yershov, and co-conspirators remotely configure middle server
April 19, 2016: Conspirators register dcleaks using operational email dirbinsaabol@mail.com
April 20, 2016: Conspirators direct X-Agent malware on DCCC computers to connect to middle server
April 22, 2016: Conspirators use X-Agent keylog and screenshot function to surveil DCCC Employee 2
April 22, 2016: Conspirators compress oppo research for exfil to server in Illinois
April 26, 2016: George Papadopolous learns Russians are offering election assistance in the form of leaked emails
April 28, 2016: Conspirators use bitcoin associated with Guccifer 2.0 VPN to lease Malaysian server hosting dcleaks.com
April 28, 2016: Conspirators test IL server
May 2016: Yermakov hacks DNC server
May 10, 2016: Victim 7 DNC email victimized
May 13, 2016: Conspirators delete logs from DNC computer
May 25 through June 1, 2016: Conspirators hack DNC Microsoft Exchange Server; Yermakov researches PowerShell commands related to accessing it
May 30, 2016: Malyshev upgrades the AMS (AZ) server, which receives updates from 13 DCCC and DNC computers
May 31, 2016: Yermakov researches Crowdstrike and X-Agent and X-Tunnel malware
June 2016: Conspirators staged and released tens of thousands of stolen emails and documents
June 1, 2016: Conspirators attempt to delete presence on DCCC using CCleaner
June 2, 2016: Victim 2 personal victimized
June 8, 2016: Conspirators launch dcleaks.com, dcleaks Facebook account using Alive Donovan, Jason Scott, and Richard Gingrey IDs, and @dcleaks_ Twitter account, using same computer used for other
June 9, 2016: Don Jr, Paul Manafort, Jared Kushner have meeting expecting dirt from Russians, including Aras Agalarov employee Ike Kaveladze
June 10, 2016: Ike Kaveladze has calls with Russia and NY while still in NYC
June 14, 2016: Conspirators register actblues and redirect DCCC website to actblues
June 14, 2016: WaPo (before noon ET) and Crowdstrike announces DNC hack
June 15, 2016, between 4:19PM and 4:56 PM Moscow Standard Time (9:19 and 9:56 AM ET): Conspirators log into Moscow-based sever and search for words that would end up in first Guccifer 2.0 post, including “some hundred sheets,” “illuminati,” “think twice about company’s competence,” “worldwide known”
June 15, 2016, 7:02PM MST (2:02PM ET): Guccifer 2.0 posts first post
June 15 adn 16, 2016: Ike Kaveladze places roaming calls from Russia, the only ones he places during the extended trip
June 20, 2016: Conspirators delete logs from AMS panel, including login history, attempt to reaccess DCCC using stolen credentials
June 22, 2016: Wikileaks sends a private message to Guccifer 2.0 to “send any new material here for us to review and it will have a much higher impact than what you are doing.”
June 27, 2016: Conspirators contact US reporter, send report password to access nonpublic portion of dcleaks
Late June, 2016: Failed attempts to transfer data to Wikileaks
July, 2016: Kovalev hacks into IL State Board of Elections and steals information on 500,000 voters
July 6, 2016: Conspirators use VPN to log into Guccifer 2.0 account
July 6, 2016: Wikileaks writes Guccifer 2.0 adding, “if you have anything hillary related we want it in the next tweo [sic] days prefabl [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after”
July 6, 2016: Victim 8 personal email victimized
July 14, 2016: Conspirators send WikiLeaks an email with attachment titled wk dnc link1.txt.gpg providing instructions on how to access online archive of stolen DNC documents
July 18, 2016: WikiLeaks confirms it has “the 1Gb or so archive” and would make a release of stolen documents “this week”
July 22, 2016: WikiLeaks releases first dump of 20,000 emails
July 27, 2016: Trump asks Russia for Hillary emails
July 27, 2016: After hours, conspirators attempt to spearphish email accounts at a domain hosted by third party provider and used by Hillary’s personal office, as well as 76 email addresses at Clinton Campaign
August 2016: Kovalev hacks into VR systems
August 15, 2016: Conspirators receive request for stolen documents from candidate for US congress
August 15, 2016: First Guccifer 2.0 exchange with Roger Stone noted
August 22, 2016: Conspirators transfer 2.5 GB of stolen DCCC data to registered FL state lobbyist Aaron Nevins
August 22, 2016: Conspirators send Lee Stranahan Black Lives Matter document
September 2016: Conspirators access DNC computers hosted on cloud service, creating backups of analytics applications
October 2016: Linux version of X-Agent remains on DNC network
October 7, 2016: WikiLeaks releases first set of Podesta emails
October 28, 2016: Kovalev visits counties in GA, IA, and FL to identify vulnerabilities
November 2016: Kovalev uses VR Systems email address to phish FL officials
January 12, 2017: Conspirators falsely claim the intrusions and release of stolen documents have “totally no relation to the Russian government”