The American public, with the enthusiastic support of most of the media, have been sold a big lie about Russian meddling in the 2016 Presidential election. As I have noted in previous pieces, there was nothing new nor special nor unique about Russian espionage activities inside the United States, including information and computer network operations, in 2016. Russian espionage and covert action against the United States has been a matter of fact since 1919. And the United States has been similarly engaged in such activities inside Russia.
What made 2016 unique and dangerous is that US law enforcement and intelligence agencies decide to use the ruse of Russia as a weapon to attack the candidacy and then the Presidency of Donald Trump. This attack entailed creating evidence that Trump was soliciting Russian assistance and the creation of the myth that Russia hacked the DNC. Anyone who challenges this lie is branded immediately as a Russian stooge and puppet of Putin.
We have very specific evidence regarding the fraud perpetrated about the so-called “hacking” of the DNC. Bill Binney and I have posted two pieces–one showing that the forensic evidence in the metadata of the DNC documents posted at Wikileaks could not have transferred over the internet and one showing that Guccifer 2.0 was the creation of some person or entity other than Russia.
There is another piece of public evidence that provides circumstantial evidence that the intelligence community case against Russia with respect to the allegation of extraordinary meddling is a fabrication. I am referring to the January 2017 Intelligence Community Assessment–Assessing Russian Activities and Intentions in Recent US Elections.
I want to focus on one of the more important Key Judgements:
We assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com to release US victim data obtained in cyber operations publicly and in exclusives to media outlets and relayed material to WikiLeaks.
It is natural and understandable to assume that this judgment is based on real intelligence held in classified channels. But it is not. Bill Binney and I have shown that Guccifer 2.0 was a fabrication. But we also have the testimony of NSA Director Admiral Mike Rogers and FBI Director Jim Comey on the “evidence” underlying the so-called hack. This key judgment was based on unverified and uncorroborated information provided by CrowdStrike.
Three months after the ICA was published, Rogers and Comey testified before the House Intelligence Committee. They were asked specifically about the proof that the DNC was hacked by the Russians. Here is the key part of that testimony:
HURD: So there was about a year between the FBI’s first notification of some potential problems with the DNC network and then that information getting on — getting on Wikileaks.
COMEY: Yes, sir.
HURD: Have you been able to — when did the DNC provide access for — to the FBI for your technical folks to review what happened?
COMEY: Well we never got direct access to the machines themselves. The DNC in the spring of 2016 hired a firm that ultimately shared with us their forensics from their review of the system.
HURD: Director Rogers, did the NSA ever get access to the DNC hardware?
ROGERS: The NSA didn’t ask for access. That’s not in our job…
HURD: Good copy. So director FBI notified the DNC early, before any information was put on Wikileaks and when — you have still been — never been given access to any of the technical or the physical machines that were — that were hacked by the Russians.
COMEY: That’s correct although we got the forensics from the pros that they hired which — again, best practice is always to get access to the machines themselves, but this — my folks tell me was an appropriate substitute.
HURD: The — at what point did the company and the DNC use — share that forensic information to you?
COMEY: I don’t remember for sure. I think June. I could be wrong about that. . . .
HURD: So — so that was — how long after the first notification of — that the FBI did of the DNC?
COMEY: Ten months.
HURD: Ten months? So the FBI notified the DNC of the hack and it was not until 10 months later that you had any details about what was actually going on forensically on their network?
COMEY: That’s correct, assuming I have the dates about right. But it was — it was some months later.
Neither the FBI nor the NSA got “direct access to the machines”. Their words, not mine.
And where did the forensic data come from? CrowdStrike.
So much for the intelligence community relying on real intelligence. They were given information from a cyber security firm that waited at least 5 weeks before allegedly taking steps to disconnect the DNC computers from the infected network.
Even in an unclassified setting, Admiral Rogers and Director Comey could have stated that they had other information from intelligence sources that corroborated the CrowdStrike findings. They did not testify to this. This is more than curious, it is a tacit admission that they were relying on information from a firm hired by the Democrats and the law firm working for Hillary Clinton. This is not an independent, reliable source of information.
This fact alone does not prove the lie. But when considered as part of the entire evidence available, including the metadata from the documents posted at Wikileaks, the case for fabrication grows.
UPDATE–Thanks to “H” for spotting the obvious. I missed this completely but “H” is quite correct that this statement by Comey raises more disturbing questions. Let’s go to the transcript:
HURD: Copy, I apologize. Director Comey, when was the first time the FBI notified the DNC of the hack? Roughly.
COMEY: I think august of 2015.
HURD: And was that prior to information being leaked to — being sent on — put on WikiLeaks?
COMEY: Yes the — the first Russian directed releases where middle of June of the next year by D.C. leaks and this Guccifer 2.0 persona and then that was followed by Wikileaks. So about a year. A little less than a year really.
HURD: So there was about a year between the FBI’s first notification of some potential problems with the DNC network and then that information getting on — getting on Wikileaks. . . .
HURD: So — so that was — how long after the first notification of — that the FBI did of the DNC?
COMEY: Ten months.
HURD: Ten months? So the FBI notified the DNC of the hack and it was not until 10 months later that you had any details about what was actually going on forensically on their network?
COMEY: That’s correct, assuming I have the dates about right. But it was — it was some months later.
HURD: Knowing what we know now, would the FBI have done anything different in trying to notify the DNC of what happened?
COMEY: Oh Sure.
HURD: What — what — what measures would you have done differently?
COMEY: We’d have set up a much larger flare. Yeah we’d have just kept banging and banging on the door, knowing what I know now. We made extensive efforts to notify, we’d have — I might have walked over there myself, knowing what I know now. But I think the efforts we made, that are agents made were reasonable at the time.
Whoa!!! How did the FBI know that the DNC was “hacked” in August 2015? The FBI does not have a “Hacking Monitor” team that sits around identifying attempted hacks within the United States. There are only a few possibilities that would account for the FBI’s knowledge of this alleged event:
- The FBI had an informant who was connected to the hacker.
- The FBI had an informant inside the DNC that alerted them to the hack.
- The FBI had an active counter intelligence investigation of the person/group that was conducting this hack.
Regardless of how the FBI learned of the August 2015 hack, the natural and unanswered question is why did the FBI not act to warn the DNC and to pursue the person or entity responsible for the hack? Moreover, how did the FBI know that the person/entity doing the hack of the DNC in August 2015 was the same one responsible for the May 2016 “theft” of emails? Given that Comey admitted that the FBI did not have forensic access to any of the DNC computers or network, how could Comey know that the same person/entity was responsible for the unspecified activities in August 2015?
A lot of disturbing questions that require an answer.
I am wondering what Larry Johnson and others make of this recent analysis by b at Moon of Alabama: to wit, that there is an existing log of communications between Obama administration and Putin government the publication of which would clearly exculpate Russia from these accusations?
https://www.moonofalabama.org/2019/05/trump-administration-withholds-information-that-could-debunk-russian-interference-claims.html
This information would seem to corroborate and help explain the utterly ridiculous chain-of-evidence collapse and timeline at the basis of Comey’s “investigation” of the DNC leak.
I read some of the McCabe testimony and recall an interchange in which he said the FBI was determined to get hold of two laptops (which had been used to sort the emails into those deemed relevant to the investigation, and those not) and that the FBI would not close the investigation until they had. It came up as an example of FBI/DoJ differences – FBI wanting to subpoena the Doj preferring to negotiate for access – in the end they did get the units by negotiation. What I did not see (I did not read all of it) was any mention of efforts to get the servers.
My question to all is has anyone else seen anything on attempts to get the servers or, if none, why the same effort had not been made?
Here’s a question that seemingly goes unanswered when anyone writes about the hack of the DNC servers – How did the FBI even know the DNC servers had been compromised in the first place? How did they know to warn them?
The DNC is a private corporation NOT a government entity. Are all registered political corporations tethered to a governmental system by law or by contract that the FBI is monitoring? If so, what is that system and why?
If not, then how did the FBI even know their system was compromised?
The reading public is left to assume a lot in how the FBI even knew to warn them a full 10 months before the FBI’s vendor, Crowdstrike, released its hack report.
Larry, can you or Bill answer this question? If they have a contract of some sort for monitoring the corporate political parties great. It’d be nice to know. But if they don’t, then how in the world did they know to warn them?
I’m not sure I have an answer. You ask an excellent question. Let me give it some thought. I think you are on to another part of the lie.
Funny that! I can’t imagine the DNC, let alone any other private entity, permitting the FBI to monitor their systems daily activity 365 days out of the year. If they do, well, how stupid of them. If they don’t then indeed St Comey may have told the biggest lie of them all. Crazy.
I sincerely look forward to reading what you learn.
You’re doing great work here and I thank the good Colonel for hosting you.
Larry, would you along the lines give some thought to the argument, considering time frames between FBI alert as published and discovery. Ideally what additional “IT intelligence” may have resulted from cutting servers and whatever connected periphery, at, at what point in time?, off and analyze it.
JJ may want to know.
At this point I wonder if it’s even true that the DNC was hacked in August, 2015. Could a false accusation have been planted to serve as a component of the plan to subvert Trump’s candidacy/presidency?
The DNC/Clinton campaign’s “Pied Piper” strategy to promote Trump, Cruz and Carson (thinking either of them would be the easiest for her to defeat) was launched in April, 2015. Cruz announced in March, 2015. Carson in May, 2015. Trump announced in June 2015. How did the DNC/Clinton camp even know Carson would be a candidate a month before his announcement, or that Trump would be a candidate 2 months before he announced?
I hope AG Barr and US Att’y. Durham are digging deeply.
Correction: I’ve discovered that both Trump and Carson launched “exploratory” committees in March 2015, so the possibilities of their candidacies were known by the time of the April 2015 Pied Piper memo.
h, you’re absolutely right. The standard position for private corporations and groups is to keep the Feds at arms length from their systems, even when they are hacked. They prefer to eat the losses rather than have the Feds nosing around their business. The DNC was no different. After Clinton’s email mess and the NYC FBI office’s role in leaking info to RNC operatives, the DNC had no desire to allow the FBI in. They also had no desire to shut down their systems to deal with the breach in the critical months before the election. Obviously they did not have a disaster recovery plan.
In addition to the INFRAGARD effort, the FBI made another effort to address this reticence to deal with the FBI. The National Cyber Forensics Training Alliance (NCFTA) was established in Pittsburgh in 2002. The NCFTA was quite successful in establishing a trusting relationship between the corporate and LE worlds. I knew the agent who set this up as a non-profit corporation. He was one sharp, non-traditional FBI agent. It’s one of the few challenge coins I treasure.
https://www.ncfta.net
An FBI agent first told the DNC about an APT29 breach of their system in September 2015. This wasn’t the GRU breach which began the following Spring. Unfortunately they dropped the ball. This agent only contacted the DNC IT department several times over the next few months and didn’t push the issue. Contact should have been made at a much higher level on both sides, even though the DNC was never required to let the FBI in. The FBI found this APT29 breach because they were following those hackers’ activities since their brazen attacks on the JCS and DOS systems the previous year. These were the hackers the Dutch AIVD were also watching.
What do you make of the New York Times article here, https://www.nytimes.com/2017/01/06/us/politics/russia-hack-report.html saying that GCHQ was the source of the original alert on the DNC hack? Doesn’t that provide an interesting lead in sourcing this entire fictional novel? Fits with what you have been told about broad based surveillance activity on all 2016 candidates. Your friend, Barbara
It’s clear that the intelligence community tipped off the DNC that someone there was planning to leak their emails to Wikileaks. We know that because, when Assange announced he was planning to release “material related to Hillary”, Crowdstrike soon after announced a hack of the DNC and their creation Guccifer 2.0 announced he had hacked DNC emails, and was releasing them through Wikileaks. Assange had said nothing about the DNC! I believe that our intelligence agencies had been monitoring Wikileaks associates (duh!), and learned that someone (Seth?) was planning to leak DNC emails to Wikileaks. After being tipped off, the DNC brought in Crowdstrike, and they decided to concoct a hack which they would blame on “the Russians”, so as to detract from the incriminating content of the emails and brand Assange as a Russian puppet.
If there was a real hack, why wasn’t the NSA brought in to confirm this? They weren’t, because there was no hack.
h, as Larry said, this is an excellent question. I can speak to the methodology used firsthand. Much more attribution information is gained by looking at hacking activity along its path rather than just concentrating on forensics of the targeted system. If you can see that activity on the proxy boxes, boxes used to launch tools, boxes to where the hackers move the stolen information and, best of all, the boxes, keyboards and networks where the hackers actually sit. This is how the FBI, NSA, CYBERCOM and/or others are aggressively pursue hackers. That’s the kind of evidence offered in the indictment of the GRU12 rather than any CrowdStrike’s forensics.
I created a HUMINT collection team shortly after 9/11 that sought to actively infiltrate the hackers. In essence, we acted as cyber pseudo gangs. In one instance we infiltrated an international group taking part in their daily activities. In the course of these activities, we could see the hackers were operating in the network devices of a major DoD activity. Although we were never in that DoD activity’s network, we could inform them that they were hacked and could pinpoint the exact devices that were hacked. When that DoD activity still could not see how they were hacked, we were able to explain to them exactly what the hackers did and how they were able to evade discovery. The point I’m making is that we never had to view the network devices to tell they were hacked and by who. That’s how attribution is now possible with a far greater certainty than when we just relied on forensics of targeted servers.
In the case of the DNC hack, I believe it was the Dutch AIVD and GCHQ who tipped off NSA and FBI to the presence of Russian hackers in the DNC’s network.
And the FBI did nothing in the ensuring 10 months and the FBI only learned of the May “hacking” when CrowdStrike told them. Right. You believe that nonsense?