Russian President Vladimir Putin has denied that he was involved with meddling in the 2016 U.S. presidential election. | Brendan Smialowski/AFP/Getty Images What we know about Russia’s election hacking U.S. officials have laid out a wealth of details about how they believe Moscow executed its plot.

The White House’s verbal gymnastics over Russia’s alleged campaign to hack American democracy threaten to obscure a basic fact: U.S. authorities have laid out a wealth of details about how they believe Moscow carried out its plot in 2016.

And, they say, Moscow is continuing to meddle in this year’s elections.


The U.S. intelligence community has offered specifics about the 2016 plot, which are also outlined in special prosecutor Robert Mueller’s indictments against Russian spies and internet saboteurs — conclusions that congressional leaders of both parties have endorsed.

That leaves one prominent waffler: President Donald Trump, who has said both that Russia “would” or “wouldn’t” have tried to tamper in the 2016 election, and whose staff was scrambling Wednesday to explain whether he thinks Russia continues to target the U.S.

This is the picture the evidence paints so far about Russia’s interference campaign — and the prognosis for 2018:

1) Russia launched a massive social media campaign to sow discord

An indictment that Mueller secured in February charged 13 Russian nationals and three entities with conducting an illegal "information warfare" effort to disrupt the 2016 presidential election and assist Trump’s candidacy. And it offered a detailed timeline of how the plot occurred — saying the scheme took years to carry out, cost millions of dollars and involved dozens of people, some of whom journeyed to the United States or organized political rallies on American soil.

As early as the spring of 2014, an infamous Russian “troll farm” known as the Internet Research Agency — a company tied to a close Putin associate — devised a strategy using fraudulent bank accounts and other fake identify documents to “spread distrust towards the candidates and the political system in general.”

The IRA also started an operation that used Facebook, Twitter, Instagram and YouTube to influence the U.S. voting public, mostly through thousands of fake "bot" accounts and misleading advertising, according to the Mueller indictment. For example, IRA trolls produced materials intended to promote pro-Trump and anti-Clinton hashtags on Twitter, including #TrumpTrain, #MAGA and #Hillary4Prison. The alleged trolls also encouraged minority groups either to not vote or to vote for a third-party candidate starting in the latter half of 2016.

More than 80 individuals were allegedly assigned to the team, which “procured and used computer infrastructure, based partly in the United States, to hide the Russian origin of their activities and to avoid detection by U.S. regulators and law enforcement,” the indictment said.

The firm has denied the charges and is challenging the legal basis for the federal indictment.

2) Hackers went after the Democrats

Last week’s indictments against 12 Russian intelligence laid out the other half of the alleged plot: the hacking of the Democratic National Committee, the Democratic Congressional Campaign Committee and other liberal political groups, as well as aides to Hillary Clinton’s presidential campaign.

The plot included an operation in mid-2016 that injected malware on “at least ten DCCC computers,” which then lurked on the DCCC network, stealing employees’ passwords, the indictment leaks. That allowed the hackers to watch Democratic staffers’ keystrokes and spirit away DCCC files to a server the Russians leased in Arizona.

The hackers then got into the DNC’s computers and transferred several gigabytes of data to a server they leased in Illinois. The hackers also breached the DNC’s Microsoft-hosted email service and stole “thousands of emails” from committee workers, according to the indictment.

The Russians then published their stolen files, using both outlets they created — a website called DC Leaks and a lone-hacker persona called Guccifer 2.0 — as well as an unidentified organization that’s believed to be WikiLeaks. The timing of the releases was no accident, said the indictments, which described private online conversations involving efforts to seize on the "conflict between bernie and hillary" before the Democratic National Convention.

The indictment names specific Russian intelligence officers as among the perpetrators, even describing particulars about the hackers’ search histories and Bitcoin transactions.

Morning Cybersecurity A daily briefing on politics and cybersecurity — weekday mornings, in your inbox. Email Sign Up By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

3) They breached state and county agencies, too

“Since early 2014, Russian intelligence has researched US electoral processes and related technology and equipment,” the U.S. intelligence community said in its initial assessment of Russian activities before the elections. Then, according to multiple accounts of Russian activity to interfere with the 2016 vote, they put that knowledge to use.

“The Kremlin’s campaign aimed at the US election featured disclosures of data obtained through Russian cyber operations; intrusions into US state and local electoral boards; and overt propaganda,” according to the intelligence agencies’ assessment, which Trump himself has said he backs.

The FBI went public about the threat roughly two months before the 2016 election, issuing a nationwide warning about possible attempts to hack state election offices after intruders hacked voter registration databases in Illinois and Arizona. But it wasn’t until January 2017 that the government blamed Russian operatives for those attacks and accused the Kremlin of targeting 21 states’ election systems.

The latest Mueller indictment added more details, such as a July 2016 breach in which hackers stole information on 500,000 voters from an unnamed state election office’s website, including their names, addresses, partial Social Security numbers, birthdays and driver’s license numbers. That state is probably Illinois, which has acknowledged such a compromise.

The charges also say that Russians “visited the websites of certain counties in Georgia, Iowa and Florida to identify vulnerabilities.”

Furthermore, the indictment says, Russians breached an unidentified company that sells voter registration software and then posed as an employee of that company in “over 100” fake messages to election administrators in several Florida counties. Those emails contained malicious software embedded in Word documents.

4) Warning: Moscow is still trying

Both Mueller and Director of National Intelligence Dan Coats have said the Russian efforts are continuing.

“It is 2018, and we continue to see Russian targeting of American society in ways that could affect our midterm elections,” Coats said during an early June appearance in France. He offered a less-specific warning last week, saying that "today, the digital infrastructure that serves this country is literally under attack” — comparing the threat of cyberattacks to what America faced before 9/11.

Mueller’s office offered a similar caution in a court filing in June, writing that “uncharged individuals and entities … are continuing to engage in interference operations like those” outlined in February’s indictment on social media trolling and fake news.

Neither Coats nor Mueller has offered a public explanation of what kind of threat they’re talking about, and lawmakers have complained that the Trump administration is keeping them in the dark. Officials from the Department of Homeland Security say they haven’t seen any evidence of digital tampering with election organizations, individuals or systems — though that doesn’t rule out some broader effort to undermine public faith in the U.S. political system or sow unrest.

5) States aren’t ready for November

According to a POLITICO survey of election upgrades in all 50 states, most states’ election offices have failed to fix their most glaring security weaknesses and few states are planning steps that would improve their safeguards before November. That’s even after they receive their shares of the $380 million in election security funding that Congress approved in March.

Only 13 states said they intend to use the federal dollars to buy new voting machines. At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability.

In addition, almost no states conduct robust, statistics-based post-election audits to look for evidence of tampering after the fact. And fewer than one-third of states and territories have requested a key type of security review from DHS.

At least one lawmaker is pushing her state to do more — faster. In response to a recent House Democratic report that called out Illinois and several states for not doing enough to bolster election security, Rep. Robin Kelly (D-Ill.) said in a letter to Republican Gov. Bruce Rauner that her state’s efforts were “deeply disturbing and cause for great concern."

Eric Geller, Michael Crowley, Louis Nelson, Brianna Milord and Maria Curi contributed to this report.