WASHINGTON — Special counsel Robert Mueller is assembling a case for criminal charges against Russians who carried out the hacking and leaking of private information designed to hurt Democrats in the 2016 election, multiple current and former government officials familiar with the matter tell NBC News.
Much like the indictment Mueller filed last month charging a different group of Russians in a social media trolling and illegal-ad-buying scheme, the possible new charges are expected to rely heavily on secret intelligence gathered by the CIA, the FBI, the National Security Agency (NSA) and the Department of Homeland Security (DHS), several of the officials say.
Mueller's consideration of charges accusing Russians in the hacking case has not been reported previously. Sources say he has long had sufficient evidence to make a case, but strategic issues could dictate the timing. Potential charges include violations of statutes on conspiracy, election law as well as the Computer Fraud and Abuse Act. One U.S. official briefed on the matter said the charges are not imminent, but other knowledgeable sources said they are expected in the next few weeks or months. It's also possible Mueller could opt not to move forward because of concerns about exposing intelligence or other reasons — or that he files the indictment under seal, so the public doesn't see it initially.
The sources say the possible new indictment — or more than one, if that's how Mueller's office decides to proceed — would delve into the details of, and the people behind, the Russian intelligence operation that used hackers to penetrate computer networks and steal emails of both the Democratic National Committee (DNC) and Clinton campaign chairman John Podesta. The release of embarrassing Democratic emails through WikiLeaks became a prominent feature in the 2016 presidential election, cited at least 145 times by Republican candidate Donald Trump in the final month of the campaign. At one point he publicly urged "Russia" to find and release emails Trump believed were missing from Democrat Hillary Clinton's private server.
DHS and the Office of the Director of National Intelligence (ODNI) released a joint statement in the month before the 2016 election saying officials were "confident that the Russian government directed the recent compromises" that led to leaked emails being published by DCLeaks.com, WikiLeaks and an online persona known as Guccifer 2.0. — all considered to have been acting as Russian agents.
No criminal charges have been filed, however. In July 2016 the FBI began a counterintelligence investigation into how the Russians carried out the operation and whether any Americans, including members of the Trump campaign, were involved. Mueller took over the probe in May 2017. His office has filed more than 100 criminal charges against 19 people and three companies, securing guilty pleas and cooperation agreements from three members of the Trump campaign.
It is unlikely that the United States would be able to extradite alleged Russian hackers or their paymasters, but an indictment would "send a signal" both to Russia and to any Americans who may have participated, a government official said. In 2014, the Justice Department filed charges against five Chinese military hackers, accusing them of economic espionage. In 2016, authorities indicted seven hackers associated with the government of Iran, accusing them of hacking into bank websites and a computer system that controlled a small New York state dam. None of the accused in either case are in custody.
It could not be learned to what extent, if at all, Mueller's office would make allegations in the possible indictments about the role of Russian President Vladimir Putin in ordering and supervising the operation. NBC News has reported that U.S. intelligence agencies have evidence Putin was closely involved, but sources say the intelligence underlying that conclusion is extremely sensitive.
The CIA long ago turned over all the relevant intelligence it had on the Russian operation to FBI investigators, officials said. The NSA, DHS and the ODNI have also passed along to Mueller analysis and forensic information connected to the hacks, including telltale "signatures," malware and methods.
Another question is whether Mueller will charge Russian intelligence officers alleged to have supervised the operation. Often, the people who do the hacking for the Russian government are private freelancers. A former FBI official briefed on the matter said it was likely Russian government officials would be charged — but that Mueller would have to consult widely in the government about that decision.
"The Kremlin has used hackers to steal personal communications that Russian operatives then parceled out in targeted leaks, and created fake social media personas and news items on all sides of controversial issues in the hope of stirring discord in the West," Adm. Mike Rogers, the director of the NSA and commander of U.S. Cyber Command, told Congress this week.
Last November, The Wall Street Journal reported that the Justice Department had identified more than six members of the Russian government involved in hacking the Democratic National Committee’s computers and swiping sensitive information that became public during the 2016 presidential election, and that prosecutors and agents have assembled evidence to charge the Russian officials.
Another major unanswered question is whether Mueller's grand jury will charge any Americans as witting participants in the hacking and leaking scheme — including anyone associated with Trump's presidential campaign. Americans referenced in Mueller's previous indictment of Russians were described as "unwitting."
One source suggested that a new indictment could include unnamed American co-conspirators as part of a strategy to pressure those involved to cooperate. The previous Mueller indictment involving the Russian social media operation cited a co-conspirator that it did not name.
Much like the social media activity laid out in Mueller's recent indictment, the Russian hacking operation began long before the 2016 election.
In 2015, Russian hackers stepped up a campaign to use "spear phishing" techniques to steal emails and other data from Capitol Hill staffers, political operatives and foreign policy experts, U.S. officials and outside experts tell NBC News. Such techniques involve sending what appears to be a friendly email that is actually loaded with malware that gives the sender access to the recipient's computer, and potentially the organization's network.
In March 2016, Clinton campaign chairman John Podesta got an email instructing him to change his password. A staffer told him it was legitimate. The staffer was wrong. The Russians soon were inside his machine.
A few days later, a DNC employee acted on a similar email.
The GRU, Russia's military intelligence agency, began vacuuming up emails from Podesta and from DNC accounts, according to CrowdStrike, the firm hired to analyze the breach. Another Russian intelligence agency, the SVR, also at some point breached DNC networks, CrowdStrike found.
A month later, in April, a junior Trump campaign adviser named George Papadopoulos met a mysterious European professor for breakfast at a London hotel.
According to court documents, the professor conveyed to Papadopoulos that he had learned from Russian government officials in Moscow that the Russians had obtained "'dirt' on then-candidate Clinton," including "thousands of emails."
Papadopoulos pleaded guilty to lying to federal agents and is now cooperating with Mueller.
The bulk of the stolen Democratic emails ultimately were made public through WikiLeaks, the self-described transparency organization that CIA Director Mike Pompeo has branded as a “hostile nonstate intelligence service” that “collaborated” with Russia. WikiLeaks founder Julian Assange disputes that his organization got the emails from the Russians. Another big question is whether Mueller will seek to charge anyone associated with WikiLeaks, who may claim in defense that they were acting as journalists.
On Wednesday, NBC News reported that Mueller's team is asking witnesses pointed questions about whether Trump was aware that Democratic emails had been stolen before that was publicly known, and whether he was involved in their strategic release, according to multiple people familiar with the probe.
Trump has repeatedly denied collusion and has called the Mueller investigation a "witch hunt."
A spokesman for the special counsel declined to comment.