Diving Deep into the GRU Indictment


One of the most impressive indictments to come out of the Special Counsel’s Office (SCO) in July 2018 recounts a sophisticated cyber warfare campaign launched by two teams of Russian military intelligence officers in Moscow.

The details of this GRU operation must be excruciatingly painful for Vladimir Putin – the SCO possesses such a depth of information that only an insider could provide it – and screams of a breakdown in the Kremlin’s veil of secrecy. Names of officers, online pseudonyms used by the GRU, dates of attacks, types of malware, identity of victims and the data compromised as well as locations of computers – all of this is revealed in the 29-page document.

U.S. vs Viktor Borisovich Netyksho et al is often passingly referred to as the “12 Russians” as opposed to the “troll farm” indictment. This is much more than a dozen guys sitting in a basement somewhere creating cyber havoc. They are not “bloggers” as Trump calls them.

The two GRU teams were composed of Military Units No. 26165 and 74455. Viktor Borisovich Netyksho commanded No. 26165. Netyksho is a military man and a scholar, who also taught at Moscow universities, and whose doctoral thesis carried the lofty title of Establishing The Parameters Of Discrete Devices Based On Reevaluating Probabilities Using Actual Threshold Ratios.” Netyksho’s unit of nine officers operated out of a nondescript building while Unit 74455, manned by three GRU officers, was located in a Moscow commerce center “Tower.”

The entrance to GRU military unit No. 26165 on Moscow’s Komsomolsky Prospekt, site of one team of Russian hackers indicted by Special Counsel Robert Mueller. The top photo shows a medal with the emblem of GRU military unit No. 74455, charged with releasing stolen documents during the 2016 presidential election. |RFE/RL|

With such a wealth of detail, we can assume that Robert Mueller’s team have identified all the players noted, including those who are unnamed. The arrest of Roger Stone, who is described as communicating with the GRU’s Guccifer 2.0 persona, is the first step in that identification.

There are more, including the casualties of this GRU operation. There are also accomplices and bit players. Their names may never appear on a charging document by the Special Counsel. Still these public mysteries were purposefully injected into the public mind by Mueller. And, the Special Counsel is nothing if not deliberate in his actions.


This is important. It tells us why a dozen Russian intelligence officers engaged in their criminal activity. Mueller doesn’t make this a partisan issue but a crime against Americans.

Object of the Conspiracy

20. The object of the conspiracy was to hack into the computers of U.S. persons and entities involved in the 2016 U.S. presidential election, steal documents from those computers, and stage releases of the stolen documents to interfere with the 2016 U.S. presidential election.


Over 300 people affiliated with Hillary Clinton and the Democratic Party structure were hacked by the GRU during her campaign. Several individuals were specifically targeted. Mueller mentions the Chairman of the Clinton Campaign, John Podesta, who had 50,000 emails hacked through a spear phishing ploy and later released (“It will soon [be John] Podesta’s time in the barrel,” tweeted Roger Stone prior to the release of those stolen email.).

jake sullivan
JAKE SULLIVAN, Senior Foreign Policy Advisor for the Clinton Campaign

A senior foreign policy advisor was also swept up in their efforts. This may be Jake Sullivan, a youngish, well-versed Yalie who often accompanied Clinton during the election, and whom she believed had the makings of a future president.

Robby Mook
ROBBY MOOK, Clinton Campaign Manager

Robby Mook,  Clinton’s affable campaign manager, received his spoofed email as well. It’s not known if the GRU were successful in hacking his email or that of the foreign policy advisor. But the indictment does talk about Victims 1 and 2 who were “affiliated” with the campaign, and could have been staff or volunteers. These two saw their spoofed emails distributed on DCLeaks, a public-facing site set-up by Unit 74455. The privacy of a multitude of campaign aides and employees were all violated as thousands of their emails were transported from private servers to various public repositories. One of the most egregious moves was hitting the third-party, personal accounts of Hillary Clinton the evening of 27 July 2016 after candidate Donald Trump called on Russia to cyber trespass on his political rival at a public rally.

The Russians did more than steal email. In the Spring of 2016, they began scouting the networks of the Clinton campaign, the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC).

Not satisfied with hacking the Clinton camp, Putin’s agents spread out to the key organizational structures of the Democrats, acting as digital voyeurs. They injected malware called X-Agent which let them spy on Employee 1 and Employee 2, who remain unknown other than a reference to their proximity to fund-raising and finance for the DCCC.  Altogether over 30 DCCC individuals were victimized, with the Russians watching their keystrokes, capturing passwords, stealing credentials and viewing banking information.

They had the keys to the kingdom. If the Russians were acting in the interests of Donald Trump, then their exploits were unbelievably fruitful. Their malware was the equivalent of a troop of spies in the enemy’s camp, capturing opposition research, internal strategizing, the direction of resources, and any other plums that might fall into their dirty hands.

DEBBIE WASSERMAN-SCHULTZ, Congresswoman and Former DNC Chair

One can surmise that when Rep. Debbie Wasserman Schultz was forced out of her position as head of the DNC, it was compliments of the military intelligence units in Moscow, who disseminated her stolen email to their public fronts. The hit job on her was coordinated here in the U.S. by elements of the Bernie Sanders campaign, and was as vicious as that launched on Hillary Clinton.

At this point, one might wonder if former FBI Director James Comey was in receipt of stolen email hacked from Huma Abedin‘s laptop – the one her spouse borrowed – and this generated that horrible October surprise announcement that he was reopening an investigation into Hillary Clinton. The possibility is not far-fetched, considering the 27 July hack of Clinton’s personal servers. As her closest aide, Abedin’s email may well have been caught up in that violation. It would not have required a brilliant deduction to recognize her husband was a vulnerability, and then to feed those purloined emails to Comey.

|READ “Did The GRU Feed Clinton’s Email To The FBI?”|

One can surmise that email interactions among various Democratic House and Senate members were tracked as well. This would account for the mostly silent but plainly enraged faces of leaders such as Speaker Nancy Pelosi and Rep. Maxine Waters, following Comey’s briefing post-election.

This was an invasion of the entire Democratic Party. When the Watergate allusion is used, know that this is worse by geometric factors of depth and criminality.  When the talking heads of cable TV blithely refer to this mass attack as “the 12 Russians” one wonders if they have read the indictment.


Apart from the identified Kremlin military operatives and their various fake personae, other accomplices carried this prolonged attack to fruition. Not all were human.

In paragraph 24, section c of the indictment, Mueller refers to a “GRU-leased server located in Arizona” that they named the “AMS” server. In the next paragraph, defendant Yershov and other co-conspirators “remotely configured an overseas computer,” which they referred to as the “middle server.” And further on, there is mention of yet another GRU-leased computer in Illinois. Each was used to first test then deliver malware to the DNC and DCCC in the Spring of 2016 and shortly after, steal documents.

There was cause to connect a Dallas-based company called Webzilla with these efforts even though the company had vehemently denied any such connection and sued for libel.

In January 2017, Webzilla, owned by former Soviet cosmonaut Aleksej Gubarev, published a statement on its website which read in part:

There has been absolutely no involvement by Webzilla, XBT or any of its other subsidiaries with the people or alleged activities in this unsubstantiated report. In fact, Webzilla and XBT companies provide online server capacity for their customers and wouldn’t be involved in the kind of activity alleged in the account published by Buzzfeed.

Linking Webzilla is not speculation. It provides servers. It is located in the U.S. and has a global reach. Its CEO is a Russian, and is as susceptible to Kremlin pressure as the many freelance Russian hackers attacking the U.S.

Today, 14 March 2019, the company’s involvement is undeniably demonstrated through unsealed court documents.

The  NY Times publicized the unsealed report, which was produced as part of the libel case between Webzilla and Buzzfeed News. Its primary writer, a former FBI agent named Anthony Ferrante, detailed the technical evidence showing that Gubarev’s companies did indeed assist in malicious cyber activities with the GRU as outlined in the dossier. In addition to its role in this criminal activity, the report produced evidence connecting Webzilla/XBT with other malign activity including cyber strikes on the Ukrainian power grid and a widespread digital advertising fraud. As the report notes:

XBT-owned infrastructure has been used to support malicious cyber campaigns tied to Russian state actors, high-profile malicious schemes and cyber attacks on critical infrastructure networks across the globe.


This single indictment by the Special Counsel’s Office shows a massive criminal operation by Russian military intelligence against a major United States political party. It should not be understated or ignored. It was successful. That in itself ought to evoke both fear and rage among American citizens of any political persuasion. The fact that it was a military campaign directly implies that it was an act of war against this nation. The effective use of cyber tools to wage that war does not lessen the reality of that hostile action. If anything, it deepens the effect. Too many Americans are ignorant of this aggression. Too many Americans flatly deny this act of war even took place. But it did. The cyber weapons of the Russian state defeated us once. This is no hoax. This is our reality. Those weapons are still in place.


~Add your two cents~

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.