184 GRU was able to identify these email accounts, which were not public. Unit 26165 officers also hacked into a DNC account hosted on a cloud- computing service Personal Privacy█ █ █ On September 20, 2016, the GRU began to generate copies of the DNC data using PP█ █ █ function designed to allow users to produce backups of databases (referred to PP█ █ █as “snapshots”). The GRU then stole those snapshots by moving them to PP█ █ █ account that they controlled; from there, the copies were moved to GRU- controlled computers. The GRU stole approximately 300 gigabytes of data from 185 the DNC cloud-based account. 2. Intrusions Targeting the Administration of U.S. Elections In addition to targeting individuals involved in the Clinton Campaign, GRU officers also targeted individuals and entities involved in the administration of the elections. Victims included U.S. state and local entities, such as state boards of elections (SBOEs), secretaries of state, and county governments, as well as 186 individuals who worked for those entities. The GRU also targeted private technology firms responsible for manufacturing and administering election- related software and hardware, such as voter registration software and electronic 187 polling stations. The GRU continued to target these victims through the elections in November 2016. While the investigation identified evidence that the GRU targeted these individuals and entities, the Office did not investigate further. The Office did not, for instance, obtain or examine servers or other relevant items belonging to these victims. The Office understands that the FBI, the U.S. Department of Homeland Security, and the states have separately investigated that activity. By at least the summer of 2016, GRU officers sought access to state and local computer networks by exploiting known software vulnerabilities on websites of state and local governmental entities. GRU officers, for example, targeted state and local databases of registered voters using a technique known as “SQL injection,” by which malicious code was sent to the state or local website in order to run commands (such as exfiltrating the database 188 contents). In one instance in approximately June 2016, the GRU compromised the computer network of the Illinois State Board of Elections by exploiting a vulnerability in the SBOE’s website. The GRU then gained access
Mueller Report PDF Page 66 Page 68