DCLeaks is a website that was established in June 2016. Since its creation, it has been responsible for publishing leaks of emails belonging to multiple prominent figures in the United States government and military. Cybersecurity research firms say the site is a front for the Russian cyber-espionage group Fancy Bear. On July 13, 2018, an indictment was made against 12 Russian GRUmilitary officers; it alleged that DCLeaks is part of a Russian military operation to interfere in the 2016 U.S. presidential election.
Identity
In the summer of 2016 following the murder of Seth Rich, numerous media sources, which were critical of the Democratic National Committee and the Hillary Clinton Campaign, were implicating Rich as a source for the DNC leaks found on DCLeaks, Guccifer 2.0, and Wikileaks. Roger Stone used his Twitter account to spread many statements implicating Rich as the source while Julian Assange and others refused to stop the falsehoods from circulating. Later, WikiLeaks would neither name Rich as a source nor state that Rich was not the source. Cybersecurity research firm ThreatConnect concluded in their analysis that the DCLeaks project shows the hallmarks of Russian intelligence, matching the attack pattern of the GRU hacker group Fancy Bear. ThreatConnect concluded that the site is likely linked to Russian persona Guccifer 2.0 and the GRU-linked hacker group Fancy Bear. The site is thought by private cybersecurity analysts and the US intelligence community to be a part of Russian interference in the 2016 US elections. According to the DCLeaks site's "About" page, their aim is "to find out and tell you the truth about U.S. decision-making process as well as about the key elements of American political life." Of themselves, they say that they were launched by "the American hacktivists who respect and appreciate freedom of speech, human rights and government of the people." On July 13, 2018 a federal grand jury for the District of Columbia indicted 12 members of Unit 26165 of the Russian Main Intelligence Directorate for creating the false identity DCLeaks website, hacking the Democratic National Committee and releasing stolen data on the website.
History
The domain name dcleaks.com was registered on April 19, 2016, on the THCservers.com founded by Catalin Florica on a former farm near Craiova, Romania. Shinjiru Technology in Kuala Lumpur hosted the DCLeaks files during the electoral campaign. The dcleaks.com website was launched in June 2016.
Leaks
On August 12, 2016, the press reported that one DNC computer had been breached for nearly a year, from the summer of 2015 and another in April 2016. The attacker was knocked out of its network during the weekend of June 11 and 12, 2016. In late June 2016, Guccifer 2.0 informed reporters to visit the DCLeaks website for emails stolen from Democrats. With the WikiLeaks disclosure of additional stolen emails beginning on July 22, 2016, more than 150,000 stolen emails from either personal Gmail addresses or via the DNC that were related to the Hillary Clinton 2016 Presidential campaign were published on the DCLeaks and WikiLeaks websites. On July 1, 2016, DCLeaks released the emails of four-star General Philip Breedlove, the former NATO supreme commander in Europe. The emails allegedly show that Breedlove sought to overcome President Barack Obama's reluctance to escalate military tensions with Russia over the war in Ukraine in 2014. On August 12, 2016, DCLeaks released roughly 300 emails from Republican targets, including the 2016 campaign staff of Arizona Senator John McCain, South Carolina Senator Lindsey Graham, and 2012 presidential candidate and former Minnesota Representative Michele Bachmann. The release included 18 emails from the Illinois Republican Party. On August 12, 2016, DCLeaks released information about more than 200 Democratic lawmakers, including their personal cellphone numbers. The numerous crank calls that Hillary Clinton received from this disclosure along with the loss of her campaign's email security caused a very severe disruption of her campaign which subsequently changed their contact information on October 7, 2016, by calling each of her contacts one at a time. On August 15, 2016, DCLeaks released 2,576 files predominately related to George Soros' Open Society Foundation. The leak included the Foundation's internal work plans, strategies, priorities and other worldwide activities by Soros. In August 2017, Dana Rohrabacher meets with Julian Assange in the Ecuadorian Embassy in London to offer Assange a pardon from President Trump if Assange could offer material supporting Seth Rich as the source of email leaks from the Democratic National Committee during 2016 and not Russians. In February 2020, Rohrabacher told Yahoo News his goal during this meeting with Assange was to find evidence for a widely debunked conspiracy theory that WikiLeaks' real source was not Russian intelligence agents for the DNC emails but former DNC staffer Seth Rich. Stephanie Grisham, White House spokesperson for President Trump, stated that Trump barely knows Rohrabacher except that he's an ex-congressman and has not spoken with Rohrabacher on almost any subject. On February 19, 2020, Edward Fitzgerald, Julian Assange's barrister, asserted at Westminster Magistrates’ Court in London that Rohrabacher had been sent on behalf of President Trump in August 2017 to offer Assange a pardon from Trump if Assange could release material to show that Russian hackers were not involved in the 2016 United States election interference. However, on July 14, 2016, which is four days after the death of Seth Rich, WikiLeaks had received from Russian hackers the stolen documents file of emails. During November 2017, the Associated Press revealed that the FBI had failed to notify almost all of the persons in the cross hairs of the Kremlin-backed Fancy Bear's attack of 312 prominent government and defense officials who had their emails posted on DCLeaks. The FBI was in violation of its own policy of robustly informing victims of hacking.
Indictments
On July 13, 2018, Deputy Attorney General Rod Rosenstein announced that twelve Russian hackers, who were operating in multiple units including Units 26165 and 74455 with the Main Intelligence Directorate of the General Staff, were named on an 11-count indictment for obtaining access and distributing information from data about 500,000 voters from a state election board website as well as the email accounts of John Podesta, Hillary Clinton, and volunteers and employees of the Unites States Presidential Campaign of Hillary Clinton, the Democratic Congressional Campaign Committee and the Democratic National Committee. Following Donald Trump's request on July 27, 2016, during a rally in Florida that Vladimir Putin should have Russia hack into Trump's opponents networks, servers, and emails to make Hillary Clinton's 30,000 missing emails made public, Russian hackers tried for the first time to hack into Hillary Clinton's personal offices. The GRU mined Bitcoins to later purchase the DCLeaks domain and operate both the DCLeaks server and Guccifer 2.0 server to distribute information obtained from these hackers in order to discredit and disrupt the Clinton Campaign, the DCCC, and the DNC so that the Bernie Sanders Presidential Campaign, Republican candidates and the Donald Trump Presidential Campaign would benefit during the 2016 election cycle. They obtained the data about 500,000 voters by breaking into voter verification software and targeting local and state election officials. Although Roger Stone did not know the names of the Russian's sources, he had publicly stated that these Russians were in contact with the Trump Campaign and that he had communicated with them. Russians had passed embarrassing information from these hacks to Wikileaks, too. This damaging information about Hillary Clinton, John Podesta, the Clinton Campaign, the DCCC, and the DNC led to the resignation of the DNC Chairwoman Debbie Wasserman-Schultz in July, 2016. Using peer-to-peer exchanges and pre-paid cards, the Russians mined and used Bitcoins with public Blockchain recorded transactions using hundreds of emails with fictitious names to prevent monitoring by United States authorities on traditional financial transaction networks. The Internet Research Agency in Saint Petersburg spearheaded the operation.