different tranches of stolen documents, arranged by victim or subject matter. Other dcleaks.com pages contained indexes of the stolen emails that were being released (bearing the sender, recipient, and date of the email). To control access and the timing of releases, pages were sometimes password-protected for a period of time and later made unrestricted to the public. Starting in June 2016, the GRU posted stolen documents onto the website dcleaks.com, including documents stolen from a number of individuals associated with the Clinton Campaign. These documents appeared to have originated from personal email accounts (in particular, Google and Microsoft accounts), rather than the DNC and DCCC computer networks. DCLeaks victims included an advisor to the Clinton Campaign, a former DNC employee 139 and Clinton Campaign employee, and four other campaign volunteers. The GRU released through dcleaks.com thousands of documents, including personal identifying and financial information, internal correspondence related to the Clinton Campaign and prior political jobs, and fundraising files and 140 information. GRU officers operated a Facebook page under the DCLeaks moniker, which 141 they primarily used to promote releases of materials. The Facebook page was administered through a small number of preexisting GRU-controlled Facebook 142 accounts. GRU officers also used the DCLeaks Facebook account, the Twitter account @dcleaks_, and the email account [email protected] to communicate privately with reporters and other U.S. persons. GRU officers using the DCLeaks persona gave certain reporters early access to archives of leaked files by sending them links and passwords to pages on the dcleaks.com website that had not yet become public. For example, on July 14, 2016, GRU officers operating under the DCLeaks persona sent a link and password for a non-public 143 DCLeaks webpage to a U.S. reporter via the Facebook account. Similarly, on September 14, 2016, GRU officers sent reporters Twitter direct messages from @dcleaks_, with a password to another non-public part of the dcleaks.com 144 website. The DCLeaks.com website remained operational and public until March 2017.
Mueller Report PDF Page 58 Page 60