Mueller report says Russian hacking once went through Arizona server

Outtakes of the Special Counsel’s report – the Mueller report – on Russian meddling in the 2016 presidential election and a June indictment by the special counsel’s office of 12 alleged Russian hackers both cite a leased computer server in Arizona that was used to transmit stolen Democratic Party data. (Cronkite News illustration)

PHOENIX – The road from Washington to St. Petersburg apparently passes through Arizona – at least the cyber-road does.

That’s according to the long-awaited Mueller report on the two-year investigation into possible Russian meddling in the 2016 presidential election.

Buried in the 448-page report is a little more than a page that said Russian intelligence officers used a “leased computer” in Arizona to help funnel information that was stolen from hacked Democratic Party computers.

About half of the page on the Arizona server is redacted because the information relates to an “investigative technique” – one of the areas blacked out from the report, along with information about grand jury testimony, ongoing investigation and privacy concerns.

The unredacted portions do not reveal where in Arizona the leased computer was located or which company might have leased it.

But the report echoes information that was cited in a June indictment filed by Special Counsel Robert Mueller’s office against 12 officers of the GRU, the Russian intelligence directorate.

Related story

It said the 12 conspired to “gain unauthorized access (to ‘hack’) into the computers of U.S. persons and entities involved in the 2016 U.S. presidential election, steal documents from those computers, and stage releases of the stolen documents to interfere with the 2016 U.S. presidential election.”

The indictment said the GRU officers installed malware called “X-Agent” on 10 computers of the Democratic National Committee and the Democratic Congressional Campaign Committee in April 2016. The malware “transmitted information from the victims’ computers to a GRU-leased server located in Arizona” that the Russians checked for information – keystroke logs and information on fundraising and voter outreach, for example.

The bulk of the information stolen using the Arizona-based computer “included passwords, internal communications between employees, banking information, and sensitive personal information” and occurred between April and June 2016, according to the Special Counsel’s report.

The Arizona computer “served as a nerve center,” the report said, allowing the Russian hackers to control the malware that broke in and stored the stolen Democratic data. In addition to X-Agent, the Russians used “X-Tunnel” that gave the hackers the capability to view screenshots of Democratic employees’ computers.

Stolen data first went to a group of “middle servers” that communicated with the Arizona server, which the Russians would then access, according to the report. It said the Arizona server held “thousands of files” for the GRU officers for their operations in 2016.

Calls to cybersecurity experts and academics seeking comment on the Russians’ reported methods were not immediately returned Friday.