Thomas Rid is professor of Strategic Studies at Johns Hopkins University’s School of Advanced International Studies. Follow him on Twitter at @RIDT.

In Helsinki on Monday, President Donald Trump stood feet away from Russian President Vladimir Putin and fielded a simple question from an AP reporter: Whose account of the 2016 election does he believe—that of Putin, who claims Russia did not interfere in the U.S. presidential election, or every major U.S. intelligence agency, which have unanimously concluded that it did?

In response, the president brought up a well-rehearsed conspiracy theory implying that after being hacked, the Democratic National Committee refused to help the FBI investigation, and that therefore all evidence implicating Russia in election meddling was shaky. “You have groups that are wondering why the FBI never took the server,” Trump said. “Why didn’t they take the server? Where is the server, I want to know, and what is the server saying?”


Trump’s view is unmoored from reality in several ways.

Three days earlier, special counsel Robert Mueller published an indictment of 12 officers from the GRU, the Russian military intelligence service, for interfering in the 2016 U.S. election, including by hacking into the DNC. The indictment is historically unprecedented in scope and detail. The FBI named-and-shamed two specific GRU units, their commanding officers and 10 subordinate officers while revealing stunning details of Russia’s hacking tradecraft. And a close read of it all shows why Trump’s “DNC didn’t give the server to the FBI” conspiracy theory makes no sense.

First off, CrowdStrike, the company the DNC brought in to initially investigate and remediate the hack, actually shared images of the DNC servers with the FBI. For the purposes of an investigation of this type, images are much more useful than handing over metal and hardware, because they are bit-by-bit copies of a crime scene taken while the crime was going on. Live hard drive and memory snapshots of blinking, powered-on machines in a network reveal significantly more forensic data than some powered-off server removed from a network. It’s the difference between watching a house over time, carefully noting down who comes and goes and when and how, versus handing over a key to a lonely boarded-up building. By physically handing over a server to the FBI as Trump suggested, the DNC would in fact have destroyed evidence. (Besides, there wasn’t just one server, but 140.)

An advanced investigation of an advanced hacking operation requires significantly more than just access to servers. Investigators want access to the attack infrastructure—the equivalent to a chain of getaway cars of a team of burglars. And the latest indictments are rich with details that likely come from intercepting command-and-control boxes (in effect, bugging those getaway cars) and have nothing to do with physical access to the DNC’s servers.

The FBI and Robert Mueller’s investigators discovered when and how specific Russian military officers logged into a control panel on a leased machine in Arizona. They found that the GRU officers secretly surveiled an empoyee of the Democratic Congressional Campaign Committee all day in real time, including spying on “her individual banking information and other personal topics.” They showed that “Guccifer 2.0,” the supposed lone hacker behind the DNC hack, was in fact managed by a specific GRU unit, and even reconstructed the internet searches made within that unit while a GRU officer with shoddy English skills was drafting the first post as Guccifer 2.0. None of this information could have possibly come from any DNC server.

With help from the broader intelligence community, the FBI was able to piece all these details together into the bigger picture of the GRU’s vast hacking effort. The complexity of high-tempo, high-volume hacking campaigns means that attackers can make myriad mistakes; Mueller’s latest indictments reveal just how successful American investigators have been at exploiting those repeated errors and uncovering more and more information about what Russia did.

The Russian spies, for example, reused a specific account for a virtual private network (a purportedly secure communication link) to register deceptive internet domains for the DNC hack, as well as to post stolen material online under the Guccifer 2.0 front. Cryptocurrency payments—the kind the Russians used to pay for registering the DCLeaks.com site and their VPN—were neither as anonymous nor as secure as the GRU thought they would be. Third-party platforms including Google, Twitter and the link-shortening service Bitly were convenient and reliable for Russian hackers, but they could also be subpoenaed. Mueller’s team did exactly that, reconstructing how, when and how frequently Russian intelligence officers communicated with WikiLeaks, which they used as an outlet for the stolen material. The Russians weren’t even particularly careful: WikiLeaks and the Russians officers, in a major cock-up, encrypted the hacked emails, but did not encrypt the details of their collaboration. And in using a Bitly account to automate the shortened links sent out to targets of their email-phishing scheme, the GRU left an investigative gold mine: a vast target list of more than 10,000 potential victims’ email addresses.

American spies could even watch the Russian spies trying, in vain, to cover their tracks, likely in real time. Indeed, the Russian officers made so many mistakes that it is almost surprising the GRU even tried to be stealthy. The U.S. intelligence community has stunning visibility into GRU hacking operations—not just against the DNC, but against the Hillary Clinton campaign, the DCCC and state election infrastructure. The notion that all this high-resolution visibility hinges on physical access to “the DNC server” defies logic or even a basic understanding of what is actually happening.

The Mueller indictment of GRU officers is so detailed and comprehensive that it represents a major humiliation for what used to be one of the world’s most respected intelligence agencies. One can imagine laughter over at FSB and SVR, Russia’s other intelligence agencies, which are traditionally fierce rivals of GRU.

But in Helsinki, that laughter found a new target, as the president missed Mueller’s brilliant pass and turned it into a major American own goal. Donald Trump managed to bend what should have been an embarrassment for Russia and a firing offense for clumsy spies into an embarrassment for the United States and a punch in the gut of America’s intelligence community.