Breaking News
More () »

Russians Hack the DNC's Server: A Timeline

With the Mueller Report finally published, a comprehensive list of Russia's 'active measures' against the 2016 U.S. election.
Credit: Getty Images/iStockphoto

WASHINGTON D.C., DC — Special Counsel Robert Mueller's redacted report into Russian interference in the 2016 election chronicled the full picture of how a foreign entity infiltrated and puppeteered our electoral process. 

The report, released April 18, unmasks the particulars behind the intention and extent of Russian meddling. 

The most surprising thing: This tentacled operation all started with phishing emails. Russia gained access to the DNC network through one small click.

Below find a timeline of hacking activities by the Russian government: 

  • Mid-March: Two cyber units of the Russian military agency called "GRU" send hundreds of spear-phishing emails to "hillaryclinton.com" emails, DNC emails and gmail accounts used by the Clinton campaign. The spear-phishing campaign allows them to gain access to John Podesta's email accounts. Podesta was a Clinton's campaign chairman.
  • April 12, 2016 – GRU gains access to the Democratic Congressional Campaign Committee (DDDC) server.
  • April 18, 2016 – GRU gains access to the Democratic National Committee (DNC) server.
  • April 18-June 8, 2016 – GRU compromises more than 30 computers on the DNC network, infecting them with malware.
  • April 19, 2016 – GRU registers a domain name to release stolen documents. The website is called dcleaks.com. DCLeaks also creates a Twitter, Facebook and email address.
  • June 14, 2016 – DNC announces the breach and theft of documents. That same day, DCLeaks and Guccifer 2.0 (both aliases of the Russian cyber military group) begin to communicate with WikiLeaks about combining forces. 
  • June 15, 2016 – GRU uses the Guccifer WordPress blog to begin releasing data online.
  • June 22, 2016 – WikiLeaks tells Guccifer 2.0 “send any new material here for us to review and it will have a much higher impact than what you are doing.” 
  • July 14, 2016 – Guccifer 2.0 sends stolen emails and documents to WikiLeaks
  • July 22, 2016 – WikiLeaks releases more than 20,000 emails and other documents stolen from the DNC computer networks, three days before the Democratic National Convention.
  • July 25, 2016 – The FBI begins probing the DNC hack.
  • June-August 2016 – Guccifer 2.0 begins talking to reporters about opposition research they stole.
  • Between August 2016 and September 9, 2016 – Guccifer 2.0 makes contact with “a former Trump Campaign member,” and sends him documents and asks what he thinks of them.
  • October 7, 2016- WikiLeaks releases the first dump of Podesta emails stolen by GRU one hour after the Washington Post publishes Trump's unsavory Access Hollywood video.
  • Between October 7-November 7, 2016 – WikiLeaks releases more than 50,000 documents stolen from Podesta's personal email account. 

In addition to GRU harvesting hundreds of thousands of documents from Democratic leaders, they also targeted private technology firms "responsible for manufacturing and administrating election-related software and hardware, such as voter registration software and electronic polling stations," according to the Mueller Report.

In July 2018, the Department of Justice indicted 12 Russians, including alleged GRU commander Victor Borisovich Netyksho, in connection with the hack.

Credit: Eliana Block
The DOJ indicted 12 Russian nationals alleged to be members of GRU for hacking the Democratic National Convention.

Thirteen other Russian nationals and three Russian entities, among them the Internet Research Agency, were also indicted on charges of illegally using social media to influence the U.S. election in support of Donald Trump.

According to the Mueller Report, the Internet Research Agency (IRA) – an "internet troll farm" with ties to Russian President Vladimir Putin – conducted its own "information warfare" against the U.S. Facebook estimates the IRA's posts were seen by more than 126 million people on the social network alone.

The IRA accomplished this by sending operatives to the U.S. on an intelligence gathering mission and then creating fake groups online posing as Americans with names like "Being Patriotic," "Stop All Invaders" and "Miners for Trump." According to the report, the IRA made more than 250,000 posts on social media through these front accounts in the 10 weeks before the election.

Before You Leave, Check This Out