Federal investigators have identified several Russian government hackers who penetrated the Democratic National Committee's computers last year and siphoned out information that was released online, according to individuals familiar with the matter.
Gathering the evidence necessary to bring charges against them has proven to be a challenge, and it is not clear when that might happen, the individuals said. Prosecutors and FBI agents have been in discussions about the case and could bring charges next year, according to the Wall Street Journal.
The Justice Department declined to comment. Russian President Vladimir Putin has denied his government played any role in the hacking or in seeking to influence the 2016 election.
Bringing such a prosecution could stir political controversy. President Trump, both as a candidate and after his election, has repeatedly expressed skepticism that Russia was behind the hack of Democratic targets including the DNC.
He famously suggested the hackers could be Russian, Chinese, or "somebody sitting on their bed that weighs 400 pounds."
By long-standing principle, the Justice Department makes decisions on prosecutions without any White House knowledge or involvement. Exceptions include national security cases in which there is a potentially significant impact on foreign relations; in such cases the White House and other agencies might get notified in advance of charges being filed.
The DNC hack, revealed by The Washington Post in June of last year, was a pivotal event in a series of actions undertaken by the Russian government to meddle in the 2016 election.
FBI agents had zeroed in last year on five or six individuals they believed worked for Russia's military spy agency, the GRU, and hacked the DNC, according to one individual familiar with the case.
The GRU is one of two Russian spy agencies that hacked the Democratic committee. But it is the one that was called out by the U.S. intelligence community in its January report on Russian interference in the 2016 election. The report stated the GRU "probably began cyber operations aimed at the U.S. election by March 2016."
It concluded "the GRU operations resulted in the compromise of the personal email accounts of Democratic Party officials and political figures. By May, the GRU had exfiltrated large volumes of data from the DNC."
Though Russian spy agencies often use contractors to carry out their hacking activities, the individuals being scrutinized by the Justice Department are said to work for the GRU, the first person said.
Separately, the FBI also has identified at least one person who was behind the persona known as Guccifer 2.0, who last year claimed to be an independent Romanian hacker who stole the DNC documents. In reality, the intelligence community's report stated, "the GRU used the Guccifer 2.0 persona" and two websites to release data hacked from the Democrats.
It is likely more than one person is behind the Guccifer 2.0 persona, experts said. The intelligence community report, citing press accounts, suggested the same.
The DNC hackers are believed to be separate from the people behind Guccifer 2.0. At one point last year, federal prosecutors in San Francisco briefly considered indicting Guccifer 2.0, even though the true identities were not yet known.
The FBI investigation into Russian cyber operations is being conducted by a variety of field offices. San Francisco has handled Guccifer 2.0. Pittsburgh and Houston are working on the GRU hackers and Washington has focused on another group, known by private sector security analysts as APT29 or Cozy Bear. That group belongs to the SVR, the Russian Foreign Intelligence Service.
Last December, the United States expelled a number of Russian operatives. According to an intelligence community official, they included 18 from the SVR, 16 from the GRU, and one from the FSB — the federal security service once headed by Putin and the main successor agency to the KGB.