The Rest Is Classified - 133. How Russia Made Trump: Romanian Hackers, WikiLeaks, and Hillary’s Emails (Ep 3)
Episode Date: March 3, 2026The Russians have hacked into the Democrats' servers and WikiLeaks are threatening to expose Hillary Clinton's emails. Is this the moment that triggers the downfall of the 2016 Clinton campaign? Li...sten as David and Gordon explore how Julian Assange and his WikiLeaks team helped the Russian GRU and SVR expose the secrets of the Clinton campaign. ------------------- Sign-up for our free newsletter where producer Becki takes you behind the scenes of the show: https://mailchi.mp/goalhanger.com/tric-free-newsletter-sign-up ------------------- Join the Declassified Club to go deeper into the world of espionage with exclusive Q&As, interviews with top intelligence insiders, regular livestreams, ad-free listening, early access to episodes and live show tickets, and weekly deep dives into original spy stories. Members also get curated reading lists, special book discounts, prize draws, and access to our private chat community. Just go to therestisclassified.com or join on Apple Podcasts. ------------------- Get a 10% discount on business PCs, printers and accessories using the code TRIC10. Visit https://HP.com/CLASSIFIED for more information. T&C's apply. ------------------- EXCLUSIVE NordVPN Deal ➼ https://nordvpn.com/restisclassified Try it risk-free now with a 30-day money-back guarantee ------------------- Email: therestisclassified@goalhanger.com Instagram: @restisclassified Video Editor: Joe Pettit Social Producer: Emma Jackson Assistant Producer: Alfie Rowe Producer: Becki Hills Head of History: Dom Johnson Exec Producer: Tony Pastor Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
For exclusive interviews, bonus episodes, ad-free listening, early access to series,
first look at live show tickets, a weekly newsletter and discounted books.
Join the Declassified Club at the rest isclassified.com.
The Russians have hacked into the Democrat servers,
and WikiLeaks are threatening to expose Hillary Clinton's emails.
So is this the moment that triggers the downfall of the 2016 Clinton campaign?
Well, welcome to The Rest is Classified.
I'm Gordon Carrera and I'm David McClaasky. And we are deep in looking at the Russian
active measures campaign to influence the US presidential election of 2016. We've looked at what
active measures are, this tradition of Soviet and Russian espionage to not just steal secrets,
but actually influence events, often by leaking or putting out information. And we've looked at how
that's moved into the modern world with the arrival of the internet and this concept of the hack
and leak. Last time we looked at the hacking part of it as those sneaky Russian GRU hackers
with their pop tarts got into the DNC and the Clinton campaign through 2016, but now it's
time to look at the leak. This episode is sponsored by HP. Most people are not counter-espionage
experts, but that won't stop them getting targeted by cyber criminals seeking to extract their
secrets. H.P. understands that approximately four in 10 UK businesses have reported cyber
breaches in the past 12 months alone. That's why HP business laptops, desktops, and workstations
bought directly on HP store are secure straight out of the box with their endpoint security.
No more stressing about dodgy emails or unexplained pop-ups. HPs independently verified Wolf Pro
security works alongside your existing security tools to protect your business users and reputation
from malware and evolving cyber threats with your first click.
You don't need an alias or a secret hideout to stay safe. Just WolfPro Security working tirelessly
to protect your hard work. It's security that's built in, not bolted on.
Find out more about how HP can protect your business at HP.com forward slash classified.
Podcast listeners benefit from a 10% discount on all business PCs, printers and accessories
using the code TRIC-10 Terms and Conditions Apply.
Where are my gloves?
Come on, heat.
Any day now?
Winter is hard, but your groceries don't have to be.
This winter, stay warm.
Tap the banner to order your groceries online at voila.com.
in-store prices without leaving your home. You'll find the same regular prices online as in-store.
Many promotions are available both in-store and online, though some may vary.
So, David, this is where what's been the kind of espionage digital intrusion that had been seen
before, frankly, in US campaigns and all over the world, getting into a computer network,
stealing the information to try and find out what's going on. We've seen that before,
But this is the moment it switches to being an active measure, to actually doing something with the information that's been stolen, to try and have an impact and effect in the world.
That's right.
And for that active measure to work, you really don't want it to look like the Russians are responsible.
You want there to be some kind of plausible front for the information.
So it's not widely seen as coming from Russia.
So what do you do?
Well, you create a digital front.
It used to be the case in the Cold War that you'd go and find a journalist or, in the case of the sort of active measure around the AIDS virus, a weird sort of small Indian publication, and you see the story there, and then you'd have to wait for it to spread.
But now you need basically $37 worth of freshly minted Bitcoin, which is what the GRU uses.
and they reserve a domain, try to reserve a domain called election leaks.com.
But the domain name is taken, Gordon.
They don't, it doesn't work.
Who by?
Yeah, exactly.
Who has election leaks.com?
So they try again.
Just one day after compromising the DNC, the GRU registers another website, DCLeaks.com,
and they pay for the new site out of the same pool of Bitcoin.
They do some web design, Gordon, and the next day on April 20th, those Pop-Tart eating,
Borsh, swilling hackers have drawn a sleek logo with DC and blue, and there's a white silhouette
of the Capitol that's perched between the D and the C, it leaks is printed in red underneath.
The GRU works then throughout the month of May to get this portal ready to publicize all of the leaks,
although the leaks actually won't start until July.
The first portfolio of stuff uploaded to DC leaks kind of shows right off the bat that it's the GRU
because it's a bunch of emails that they've stolen a year earlier from a recently retired
Supreme Commander of NATO forces in Europe.
And it was an operation that had been widely believed to have been conducted by the GRU.
So already there are kind of GRU fingerprint.
on this. Three days after registering that leak site, the GRU begins preparations to
exfiltrate all the data that they've collected from the DNC's networks. And they do this
by moving gigabytes of data from the DNC through a what's called a command and control machine
that they had leased in the state of Illinois. Yermakov, one of the Unit 26155 hackers and his team,
have sort of half-heartedly attempted to cover their tracks
by deleting logs from the DNC network that show when they had logged in
and when they had conducted some of these data dumps.
This is interesting.
I think there's some murkiness around this.
According to the investigation that's done later by Special Counsel Robert Mueller,
there's another GRU unit, which is Unit 74455,
which receives a lot of this hacked material from Unit 261-665
and then essentially becomes the kind of interface with this sort of front sites
that had been created and helps to get this information out.
Yeah, that's right.
The murkiness is it's in the Mueller report, which investigated this, that that was the unit.
I think the one thing I'd note is that that unit is often known by another one of these
code words that these hacking groups have as sandworm and 74455 is actually associated with some of
the most intense cyber sabotage done by GRU hackers, things like taking down the power grid
in Ukraine in 2015. And that kind of activity is what they are normally associated with.
So it's interesting that Mueller links them in that report to building the infrastructure for
spreading the material hacked by another unit. It doesn't quite fit in with how we think of them,
but that's certainly what he says that they were doing, is creating the psychological warfare
element of pushing the material out that had been hacked by this other unit.
And in any case, I guess whether it was 2615 or 7445, I guess the point is, is that it
really matters how the information is released, what you release, when,
to whom there is a psychological and information warfare piece of this that is distinct from
the actual computer network exploitation. This is where it starts to veer more into the political
sphere of an actual active measure, because if you're the GRU, you were thinking about how do
you maximize the sort of impact of the information as it gets out and all of this sort of
the timings, the who, what, when, where matter a lot.
And what's interesting is that the GRU, they extract 72,
mostly random, it seems, attachments from John Podesta's inbox.
The chairman of the Clinton campaign, yeah.
And they publish these attachments on DC leaks, unmodified without any reference to John Podesta,
which kind of, I think to me suggests that.
they're sort of figuring out what to do in real time and maybe don't have the most highly attuned
political antenna to start. And it's interesting because we talked about how the internet has
transformed active measures from the past and how previously, if you wanted to launder information,
you'd have to use maybe publishers who are agents or use journals and then hope it gets
picked up and try and push that. Here you stick it on to the internet. And it is interesting,
because one of the things that people hope when they do that is that they don't actually have to process the information that much.
They don't have to pick out and say, this is the interesting bit.
In this new world, you just dump the stuff and then you let journalists sift through it and find what they want and find their stories within it.
It's a slightly different model from the active measures of the past.
And it's one that relies on journalists, often Western journalists, to be picking through this material.
We'd seen some previous aspects of this, speaking as a journalist, when the North Koreans, back to our friends in Pyongyang, had hacked Sony Pictures. And they put up on the internet a ton of material, quite sensitive material from executives of Sony Pictures, all their internal emails, which included had things which executives were saying about some film stars, which were not entirely flattering and cost them their job. But the point was, they just dumped the stuff and then they let journalists find it. And it was already
coming, although I don't think we thought about it enough in journalism at that point,
a question which is when this material gets dumped and maybe you don't know who's behind it,
how do you as a journalist, what's your responsibility in terms of looking at it?
Because if it's true, do you just go, well, it's true and there's a good story in it,
or do you have to worry if you're being manipulated and used by someone?
And I think they were taking advantage of something which was just starting then,
which is this idea of dumping material on the internet and letting journalists sift through it.
And it just meant that they didn't have to do that much work.
It makes it easier for the hackers because they just dump it there on DC leaks.
That's right.
And the GRU had called themselves American hacktivists, right, who were proponents of freedom of speech and transparency and democracy.
And they wrote on DC leaks that they were open for more cooperation, ready to publish more leaks.
They obviously don't attribute any of the hacking to the GRU on DC leaks.
but they say that, you know, this is kind of being done by citizen, citizen activists.
And initially, they don't get a lot of traction.
I mean, the GRU tries to amplify the profile that DCLeaks has.
And they actually, they use an avatar who goes by the name of Melvin Reddick, who is on Facebook.
And Melvin wrote after the DC Leaks portal went up and those attachments had been placed on it.
quote, these guys show hidden truth about Hillary Clinton, George Soros.
It's really interesting, exclamation.
Exclamation mark.
Exclamation mark.
And a few other Facebook accounts, you know, amplify it or kind of write similar things,
but nobody really notices.
At this point, I imagine, you know, poor Lukashiv and the Tick show and the other
Pop-Tart eaters kind of scratching their heads and thinking, well, how do we get the word out?
And it's a big question because you're kind of, the distribution of the leak is not, is not going so well initially.
And so, you know, I mean, what do you do, Gordon?
You could go find a friendly journalist at the BBC.
Yeah. Who's willing to just.
Definitely know the BBC.
Who's willing to report whatever he's given, you know, as one example.
But you could also, you could go to an anti-American, anti-secrecy group with a track record at that
point of just dumping stolen information online regardless of the content. Does such a group exist
in 2016, Gordon? Enter WikiLeaks and Julian Assange, who I think is first appearance on the pod,
I think, which is amazing that we've got this part without dealing with the character of Julian
Assange and WikiLeaks. We've somehow found someone more reprehensible than Edward Stodah.
Well, I tell you what, just a brief foray into Julian Assange and Wickely's.
I think it is really interesting.
Julian Nassandra, we should say, starts off as an Australian hacker.
But by the 2000s, he's created this thing called Wikileaks,
which is where you can basically publish information,
which has come from lots of different places.
And then it really gets attention in 2010 when it starts publishing some really interesting material.
And some of it at first, there's particularly some videos of American strikes on journalists in Iraq, killing them, which drew a lot of attention and were widely seen as actually being very important, journalistically, because this was bringing something to light which had been covered up by the US military, which was having killed a journalist with an airstrike. I think it was in Baghdad.
And at that point, Julian Assange's and WikiLeaks are seen as this kind of anti-government.
slightly heroic whistleblowing organization through whom whistleblowers with something to share
can go to and get the material out using some of the anonymity of the internet.
But then through 2010, it starts to develop into bigger and bigger data dumps because you get
a series of leaks about Iraq and then State Department cables and State Department cables
from around the world.
Talked about State Department cables last time, didn't we?
which were often based on conversations between diplomats and locals,
which were confidential conversations rather than intelligence agent conversations.
And these are all going to be dumped on the WikiLeaks site,
which draws WikiLeaks and Julian Assange into deep conflict,
particularly with the US State Department around this time,
a very deep conflict because of the views.
that some of this material was going to endanger some of the sources who had talked to Americans
and hadn't realized their material would be reported back and made public.
And 250,000 diplomatic cables get released.
Junior Sondra was a really kind of made him a very controversial figure and was still seen,
and is still seen in some circles as a kind of heroic figure,
but is increasingly, as we'll see, kind of drift to a different part of the political spectrum
through this period. I interviewed him very briefly in late 2010 in London, and I spoke to him
briefly outside on the kind of, you know, some of those quick interviews out on the grass
outside it. And he had that kind of slightly messianic-driven look in his eyes already then.
But at that point, he is really coming into conflict with the US. And of course, another figure
for this series, with Hillary Clinton, whose US Secretary of State and is therefore responsible
for these for these cables. And so the kind of tension between him and the US government is just
going to grow from this point onwards, isn't that? I was hoping to bait you into into defending
Julian Assange, Gordon. Given your longstanding admiration for various traders on this program.
But it's not coming. It won't happen on Julian Assange. Not happening. Not happening on Assange,
I'm afraid. We will do a series on Assange and WikiLeaks because it is a fascinating, a fascinating story.
I mean, I remember I was at the agency in 2010 when that leak case.
out and there was an entire task force stood up to deal with the fallout from it because it was just it was absolutely massive. I mean, it's just the number of embarrassing conversations that came out of those diplomatic cables or U.S. diplomats commenting in a negative light on foreign leaders, critiquing foreign leaders, things like that is, again, it's kind of similar to Snowden in this way of just it was absolutely indiscriminate. Unlike perhaps the leaks of videos showing the U.S. killing journalists in Iraq where it's a very focused.
specific thing. This is just an indiscriminate dump of information. And to your early point,
just like, let's let the world sort it out. Hillary Clinton has gathered around her a host of
very interesting enemies in the series, hasn't she? Because she's got Putin coming after her.
And, I mean, it's an interesting question. Why does Assange care about Hillary Clinton?
He does. And I think it's because of the conflict. I mean, Sweden is going to
want to extradite him on sexual assault charges, which he denied, and he's going to hide in
the Ecuadorian embassy, but he's always going to fear that the plan was to extradite him to the
US, and that the US was after him. That's probably true, which was true, yeah. But also,
you see him drift increasingly. I mean, he always had the kind of anti-authoritarian hacker mindset,
but you also start to see him drift increasingly to a kind of anti-American mindset, anti-Western
mindset and then into the circle of the kind of pro-Russian world because I think 2012,
even though he holds up in the Ecuadorian embassy in London, so he's hiding there to avoid
being extradited, he starts hosting a show for RT, Russia Today, the Russia-backed news
network, and he hosts a show in 2012. And so you can see him developing those relationships
and links with Russia from that point onwards.
you can sense the tension and the aggravation.
And he runs a big site where you can dump loads of information and people can sift through it.
That's an interesting kind of place to be once we get to 2016, isn't it?
Well, yeah, in 2016, so the 12th of June, 2016, Julian Assange gives an interview to a British News network.
He mentions that a major political leak is forthcoming.
He says, we have upcoming leaks in relation to Hillary Clinton, which,
great WikiLeaks has a very big year ahead. Hillary Clinton, Julian Assange does not like her,
and Hillary Clinton has an e-bail problem, doesn't she? She does. Yeah. Yeah. And it helps, I think,
explain why the public's interest in private email traffic among leaders in the Democratic Party
is going to have so much residence in 2016 and, frankly, in some quarters in the U.S. still does. Because
shortly before Hillary is sworn in as Obama's Secretary of State in 2009, Hillary Clinton sets up an email server, a private email server at her home in Chappaqua, New York.
Which you shouldn't do. You shouldn't do for official emails.
You should not do this. Now, she sets it up so that her email address is HDR22 at Clinton email.com.
and she uses this email for all of her work and personal-related correspondence
during her four years as Obama's Secretary of State.
She also reportedly sets up email addresses on the server for longtime aides.
She did not use or ever even activate a state.gov email account,
which would have been hosted on servers owned and managed by the U.S. government.
Former Secretary of State, Colin Powell, had also done this.
This is not to excuse it.
It's just to note that this is not a one-of-one situation.
And I think we would both agree, Gordon, that it was a, I think, strikingly bad judgment to do this.
She's going to pay a heavy price for that misjudgment.
And she's going to pay a very heavy price for this.
Because in the first week of March in 2015, so a year before the GRU's hacks,
This becomes a national story.
And the New York Times runs a front page article on the subject of Hillary's private server and her emails.
And the article says the system may have violated federal requirements and it was, quote, alarming to current and former government archive officials.
You never want government archive officials alarmed by what you're doing, Gordon.
But they were.
Not good.
And this had been revealed by a Romanian hacker.
who went by the moniker. And I always pronounce this goochifer, I'd say it's, I'd say, I think it's
Guesher. Goosephor is how I'd say. It's Gucifer, it's Gusifer, two Cs in the middle.
Remember the name, because it's an important name. We'll come back to them, yeah, the Romanian
hack of Goosephor, yeah. And so this all comes out following what had been a really nasty
investigation into the attack in Benghazi, which is a 2012 attack on two American diplomatic
compounds in Benghazi, Libya, that had led to the tragic death of the U.S. ambassador and
three other Americans.
And congressional Republicans had been investigating Clinton, who had been Secretary of State
at the time, on suspicion that she had played a role in blocking a viable rescue mission
or covering up malfeasance that had led to the deaths.
It becomes very political, doesn't it?
intensely political. And Clinton basically says, you know, she had set up this private server for
convenience, but she had also written at one point that she didn't want to risk the personal
becoming accessible, which I think is a large part of the reason for setting up the server in
the first place. And really critically, she had deleted a massive trove of emails that she
considered to be personal. So the deletion of emails from this private server starts to feed theories
that she had covered up some wrongdoing associated with Benghazi. Hence, this kind of spiral of the
investigation is trying to get to the bottom of whether she had done something wrong. And then,
lo and behold, they realized that a bunch of the email traffic that she'd been sending at the time,
which she claimed as personal, had been deleted. The State Department investigators, they're going
subsequently determine that classified information may have existed on at least one of her private
servers and a thumb drive that weren't in the government's possession. And some of that sensitive
information in the emails, it seems, belonged not to the State Department, but to intelligence
agencies. So you have the intelligence communities inspector general who actually looks at a
sample of the emails and finds that at least four contained classified material. So then that gets
related to the Justice Department.
So you have this long-running investigation.
Long-running investigation.
It's going to become just a never-ending scandal that surrounds her and will surround her for the rest of the year.
But Julian Assange and WikiLeaks to bring it back to our definitely not friend of the pod, Julian Assange.
They've been all over this.
And now we have, Gordon, a very happy alignment in this active measure because the GRU has
got a ton of Podesta's emails.
They've got information from inside the DNC.
They've got information from inside the D-Triple-C.
And they've struggled, haven't they,
to distribute that information, to get it out there.
What does WikiLeaks have, though?
A platform.
They have a platform.
By the 14th of June, the GRU,
sensing that their DC leaks platform had been a hard sell
and wasn't really getting the word out,
They start to reach out to WikiLeaks directly.
And they don't do this as the GRU, of course.
They do this through the DCLeaks Twitter account,
privately messaging WikiLeaks.
Thank you,
announced your organization was preparing to publish more Hillary's emails.
We're ready to support you.
We have some sensitive information too.
In particular, her financial documents.
Let's do it together.
What do you think about publishing our info at the same moment?
And Assange, I like this.
he doesn't respond to the first contact attempt
because he just misses he misses the message on Twitter.
I don't know how you are, Gordon, with your Twitter.
DMs.
DEMs, but you know, I can be spotty, right?
And I guess Julian Assange is probably getting hit up
with this kind of stuff all the time at this point.
And he just, he just misses it.
What I think is interesting is that, you know,
the GRU at this time is monitoring
Assange's statements so closely and that offering their support because it's very likely.
And I should say there is still, even after years of investigations, there still is some mystery
here, I think.
There is, yeah.
On the kind of the tick-tock.
The contacts and the sequence of events, yeah.
The contact between the GRU and WikiLeaks.
But what seems to be the case is that the reason they're watching Assange and WikiLeaks so closely
on Twitter, is that they've already passed the archive of John Podesta's inbox to Wikileaks
before the 12th of June, but done so anonymously. And WikiLeaks had not acted on it and had just
sat. But this isn't going to remain secret and unspotted in DMs for long, because very soon
after that, the whole issue of the hacking of the DNC is going to get very public and very political.
Let's look at that after the break.
So, David, we talked a little bit, haven't we, about how the DNC had been hacked by actually two Russian intelligence groups.
And it's worked out it's been hacked.
And it's called in a security firm CrowdStrike to investigate what had happened to it.
And they're going to find evidence of those hacks, which is important at this point.
Well, that's right.
And once CrowdStrike gets involved, essentially what happens is that,
the DNC has to clean up its entire network and run a very tedious cleanup process over a weekend in June, right?
So on Friday, the 10th of June, after realizing that they had been hacked, the DNC takes its machines offline.
Everyone has to, like, turn in devices over the weekend.
They have to be wiped and cleaned.
This whole thing is going to end up costing the DNC over a million dollars.
But by the end of the weekend on the 12th of June 2016, the DNC's networks are back online.
And the Democrats know that they've been hacked.
But this is what's fascinating is initially it's kind of not that big of a deal.
I mean, the Post, the Washington Post is working on a story that's probably leaked to the post by the DNC itself.
And you have the, you have Crowdstrike, which has prepared a technical report to kind of coincide with the Post.
So you know, I guess, an outline of what's happened that the DNC has been hacked.
In the Crowdstrike report, there's been evidence of the tradecraft that the Russians have used in both intrusions.
And on the 14th of June, hat tip to our producer Becky, who notes that this is Trump's birthday, the Washington Post writes a story that reveals that Russian government hackers had penetrated the DMC,
Yeah, and I remember this very well, covering the campaign, covering cybersecurity.
This was a story, but interestingly enough, it wasn't a massive story at the time,
because I think it was seen in the context still of espionage, of this is the kind of thing
you'd have expected Russian hackers to have done and the questions about whether their security
had been weak. But it did make clear that they potentially got access to the DNC's database
of opposition research, which is very interesting information because obviously campaigns do
opo research on their adversaries in which they collect basically the dirt. Well, not dirt, but
anything that could be used against them. And, you know, that's going to include Donald Trump.
It's going to include others. But the Washington Post definitely framed it as traditional
espionage, trying to understand each campaign, what it was doing, what the candidates might be,
what positions they would take.
So it was not seen as a real emergency, even though actually the reality was something
else was already going on involving those GRU hackers.
I kind of like this part of the story, Gordon, because there's a pissing match between the hackers
and CrowdStrike, isn't there?
Because CrowdStrike, in the report that they put out, basically expose a bunch of the
a bunch of the shoddy tradecraft that the GRU had used and explain how they did the,
how they did the hack.
And that doesn't lay in so well inside the GRU.
The GRU guys are kind of ticked off that CrowdStrike has outed them and how they've done this.
So what does this be is just kind of set the timeline is that by mid-June, the GRU has been
outed as the perp and the post has run a story, right?
So by the middle of June, it is understood that the Russians are behind a hack of the DNC.
But the GRU guys are looking to embarrass crowd strike and go back at the people who outed them.
And the GRU creates an online persona.
They whip this together quite quickly.
Goosephor 2.0.
So remember, we talked about the first Goosephor who had been involved in breaking really the
the sort of Hillary email story.
And who I think had been imprisoned or detained, so no one thought it was him.
But Goosefer 2.0, they're trying to make out it's another kind of independent hacker like
the Romanian who's trying to have a go at the Americans, but is not linked to the state.
So it's a kind of deliberate front for them.
That's right.
And on the 15th of June, this Goosefer 2.0 issues a rambling post that dismisses the crowdstrike
conclusions and they refer to
CrowdStrike as a quote,
worldwide known company. There will be a problem with
syntax throughout the
post that are issued by the GRU.
So instead, Guzifer 2.0
says the DNC has been hacked by a loan hacker
and Lukashev
and his compadres
inside the GRU
try to portray themselves as
Romanians because the
original Guzifer had been Romanian
but this will be a fiction that's exposed
when they are posed questions by a Romanian journalist.
And the responses come back.
It looks like it's been been through Google translated.
Yeah.
That's right.
So as proof, though,
Goosefer 2.0 puts out on a blog 11 documents that he claims had come from the DNC.
And this includes an APO research file on Trump and a list of major Democratic donors.
By this time, though, the GRU has tampered with some of the files.
five of the leaked documents, their Microsoft Word files, they're named like 1.Doc, 2.Doc, and on and on.
All of them had been modified on the 15th of June just before being published.
The GRU had used kind of an old active measures trick and had decided, well, we better make these documents look more interesting.
And so they had upgraded four out of the five.
They had written confidential across the top.
And another one of them, they wrote secret, right?
Just to make a big.
They know journalists.
That's what people look more interesting.
Yeah, exactly.
But in the haste of kind of this whole story breaking, the GRU officer who had edited the documents
did not clean up the metadata and left his machines a username visible at the original Cyrillic.
The name was Felix Edmundovich.
Now, Felix Edmundovich is not a Pop-Tart eating GRU.
You hacker.
This is the first name and the patronymic of Felix Zersinski.
The founder of the Cheka.
The hero of many.
Right.
Of every Soviet and Russian spy.
So it's a little bit of a giveaway, isn't it?
Which gets spotted, I think, including by a few people online who start to go,
this looks like the Russians.
That's right.
That's right.
So there's basically a group of kind of online.
volunteer detectives who quickly spot these metadata errors.
A bit sloppy, which is classic GRU, and which basically allows everyone to go,
this does not look like a lone hacker.
You know, this looks like Russian intelligence and that Goosephi 2 is just a front for the
GRIU.
I guess the hackers are consumed in the month of June with establishing
their DCLeaks portal and fighting with CrowdStrike online.
But on July 14th, Gucifer 2.0 sends an email to WikiLeaks that includes an attachment
with detailed instructions.
Now, I wondered if Gordon was going to prevent me from reading the attachments file name,
but I'm just going to do it anyway.
WKDNCLink1.text.g.
This is the attachment, which I can't believe anyone would click on something that has that
for an attachment file name.
But a few days later, WikiLeaks privately acknowledges the receipt of the archive, which is about a gigabyte of information.
And they tell the GRU officers that the public release would be ready that week.
So on Friday, the 22nd of July, three days ahead of the timing is really important, three days ahead of the Democratic
convention, WikiLeaks will dump online 19,252 emails with more than 8,000 attachments,
all stolen for the DNC's computers and made searchable by keyword.
And Julian Assange himself announces the release that morning.
He says, are you ready for Hillary?
He's writing on Twitter.
We begin our series today with 20,000 emails from the top of the DNC.
and then a while later, WikiLeaks' own account sends out links to that trove, and it's got hashtags, which is hashtag Hillary 2016, and hashtag feel the burn, a B-E-R-N, because her primary opponent at that point is Bernie Sanders.
And it's at this point, I remember it well, the story explodes. Really interesting, but they've been trying for so long to get traction from the stolen emails, and now suddenly it takes off.
it's something about WikiLeaks, it's something about the timing ahead of the convention,
and crucially, that there is actually really interesting information in there,
because what it shows is that the DNC, which is the Democratic Party,
which is supposed to be neutral between the different candidates trying to become the nominee for the Democratic Party,
it seems to show that the senior officials have been taking sides
and supporting Hillary Clinton against Bernie Sanders.
And this, I think, is really important because there is a genuine story in there, if you like, which is the DNC has taken sides.
And it's going to have an impact on the anger in the Democratic Party.
You obviously have Bernie Sanders, which is the insurgent wing of the Democratic Party.
And suddenly his supporters are going to feel very pissed off with both the Democratic Party and with Hillary Clinton for apparently secretly behind, you know, when they shouldn't.
have been conspiring against him. I mean, it's going to lead to the chair of the DNC, Debbie
Wasserman Schultz, resigning. I mean, she's going to resign over what's in those emails. So it is,
damaging in that sense, isn't it? What is it? I mean, in a few emails, Debbie Wasserman Schultz
had called Bernie Sanders campaign manager an ass and a liar. And there was one particularly
embarrassing chain that had the DNC's chief financial officer proposing to other DNC officials. I mean,
just a straight up attack on Bernie Sanders on the grounds of Bernie Sanders religious beliefs, right?
Or kind of his lack thereof.
It said basically, can we get someone to ask his belief?
Does he believe in a God?
He had skated on saying he has a Jewish heritage.
I think I read he is an atheist.
My Southern Baptist peeps would draw a big difference between a Jew and an atheist, right?
It doesn't look so good.
You're supposed to be the impartial CFO of the DNC.
There isn't evidence that the DNC really ever acted on these ideas?
But it kind of doesn't matter because, and especially it doesn't matter from, you know, again, to bring this back to a Russian intelligence operation.
The Russian standpoint, if you are attempting to weaken Hillary Clinton, this is a good way to do that because what it does is it exposes the fact that your entire party has, well, you could spin it this way, I guess, has essentially rigged the outcome of the primary in your favor.
Yeah, and I think, you know, we'll come back later, I think, to the question of how much difference did the Russian active measure make on the election.
But I think it's worth just briefly saying, I think this is one point where I think you can make the case that it does make a difference, not just to this moment and being a news story, but to the eventual outcome of what we know later will be a close election.
Because if some of those Bernie Sanders supporters are sufficiently pissed off that the DNC has been conspiring,
against them and Hillary Clinton's been conspiring against them. They are not going to throw their
support behind her, are they? When she comes out of the convention as the nominee, they're going to
be kind of annoyed. So your ability to unify support across the Democratic Party and bring in the left-wing
Bernie Sanders supporters is going to be undermined by this. And in a close election, I think you can
make the case that that actually has a material impact in terms of the energy and the breadth of support that
gets behind Hillary Clinton once she comes out of the convention.
Well, and someone else, Gordon, is going to seize on the spill of these emails.
And there's going to be a tweet from Donald Trump that says,
leaked emails of DNC show plans to destroy Bernie Sanders,
Maka's heritage, and much more, online from WikiLeaks, really vicious, rigged.
And I think that that'll say it all about how this active measure is going to start to just seep
into the bloodstream of this election and how it's going to just ricochet around and be used
and really promulgated by media, the candidates themselves.
It's really a startling story. It's going to show how this thing is going to turn into
absolute wildfire as the summer turns into the fall.
So perhaps there with Donald Trump entering the fray of the election campaign and this issue
of the leaked e-mails. Let's stop for this time.
of course, a reminder, if you want to hear the rest of this series, do join the Declassified
Club at the Rest Is Classified.com, where you'll also get access to the bonus series we're
doing for members, which is going to look very specifically at that issue of the Trump
campaign and Russia and that relationship, which sits alongside this series looking at,
if you like, the Russian active measures. So lots there for members to enjoy, but otherwise,
we'll see you next time. See you next time.
Do you want to know what really happens inside MI5?
Or what we chat about when the cameras aren't rolling?
If you love the show and you want to come behind the scenes with us,
who better to join than our producer, Becky?
From now on, she'll be writing a free newsletter every week
taking you behind the mic at The Rest Is Classified.
Make sure to subscribe via the link in the episode description
to be the first to read the latest classified insider
or head to the rest is classified.com to find out for it.
Thank you.