By Adam Carter — May 6, 2019
On April 18, 2019, a redacted version of Robert Mueller's report on "RussiaGate" related activities was released to the public.
This article focuses on Volume I Part III titled "Russian Hacking & Dumping Operations" and provides details of the errors made, critical omissions, lack of conclusive evidence and reliance on assumptions and speculation.
We will also look at problems relating to attribution methods used, countervailing evidence that has clearly been disregarded and other problems that are likely to have affected the quality of the investigation and the report.
The Mueller Report: Context & Contradiction
We start with a read-through of this section of the report, highlighting missing context, contradictions and errors.
[To minimize repetition, we'll deal with statements made in this introduction where the basis is explained or details are provided on other pages ahead.]
While the Netyksho indictment does provide details of intrusions and infrastructure used, it's still unclear how the infrastructure has been attributed back to individuals in the GRU and no conclusive evidence has been presented to support that in the indictment or the report.
Some of the claims relating to state boards of elections are contradicted by the Department of Homeland Security, we'll return to this where it's covered in more detail later in the report.
Whatever the sources are the GRU did their "learning" from they seem to have been outdated as many of the phishing emails were bounced due to being for individuals that were not involved in Clinton's 2016 campaign and that no longer had mailboxes on the relevant domains (they were involved in earlier campaigns in previous years).
In the Netyksho indictment it is stated that the "middle-servers" are overseas:
So, what was the point in having a US-based AMS Panel if you're using overseas servers as proxies?
This seems to be a needlessly noisy setup that somewhat defeats the purpose of having a US-based server for the AMS panel.
This setup makes the assets allegedly used by GRU officers subject to US laws, subject to Internet monitoring by US intelligence agencies and prone to being physically seized.
With the GRU using middle-servers, as alleged, there would have been absolutely no reason to have the AMS panel hosted on a server within the US and every reason to have it hosted elsewhere.
It almost seems like they wanted to get caught!
We are told the GRU obtained files from the DNC network on April 22, 2016, (this is a little different to the Netyksho indictment that states the files were archived on April 22, 2016 and extracted later):
The problem with this is that it suggests the GRU had their implant on the DNC network earlier than what the available evidence supports.
The malware samples provided by CrowdStrike show that the earliest compile date of Fancy Bear malware reportedly discovered at the DNC was April 25, 2016.
Perhaps they didn't discover all the malware until later? (Though, with their flagship product installed across the network, one would think they'd have detected all the malware present by the time they reported on discoveries).
The implication that this was stolen from the DNC is questionable due to this.
Going further, the story surrounding this changed in November 2017 when the Associated Press published a story titled "How Russians hacked the Democrats’ emails" in which they cite an anonymous former DNC official who asserts that Guccifer 2.0’s first document (the Trump opposition report) did not originate in the DNC as initially reported.
Another interesting point relating to this is the "HRC_pass.zip" archive released by Guccifer 2.0 on June 21, 2016 (which also provided another US central timezone indication) contained files with last modification dates of April 26, 2016. While this fits within the above timeframe, the transfer of the files individually, the apparent transfer speeds involved and the presence of FAT-like 2-second rounding artifacts (noted elsewhere in Guccifer 2.0's releases) when the files came from an NTFS system (and the ZIP implementation was not the cause) does not correlate well with what the report outlines.
In spite of its name ("HRC_pass.zip") this archive appears to contain files that can be sourced to the DNC. Out of 200 files, only one showed up as an attachment (in the Podesta emails).
Regarding the May 25 – June 1 timeframe cited, this seems to exclude the date on which approximately 70% of the DNC's emails published on WikiLeaks' website were acquired (May 23, 2016)
What makes this interesting is that this is apparently being evaluated on evidence that was very likely to have been provided by CrowdStrike:
How did Crowdstrike's evidence not inform the FBI and Special Counsel of the real initial acquisition date of WikiLeaks' DNC emails?
Was the May 23, 2016 activity not recorded?
Going back to the Netyksho indictment, we have also been told that Yermakov was searching for Powershell commands between the May 25 – June 1st period:
However, we know 70% of the DNC emails published by WikiLeaks had already been acquired prior to that time, before Yermakov had allegedly researched how to access and manage the Exchange server.
We can tell from the use of "appear" here that the Special Counsel does not have conclusive evidence to demonstrate this.
While the overlap between reported phishing victims and the output of DCLeaks cannot be denied, it is still unclear how bitcoin pools or leased infrastructure have been definitively tied back to any GRU officers or the GRU itself.
This isn't to say that there isn't evidence of it (I would assume there is some evidence or intelligence that supports the premise to some degree, at the very least) but we have no idea what that could be and there is no explanation of how associations to individual GRU officers were made (perhaps to protect HUMINT but this still leaves us completely in the dark as to how attributions were made).
We know already that things are assumed by the Special Counsel on the basis of circumstantial evidence, so there is good reason to question whether the attributions made are based on conclusive evidence.
This is the first point at which to recall Assange's announcement on 12 June that WikiLeaks was working on a release of "emails related to Hillary Clinton" – two days before the DNC goes public about being hacked by Russians, and three days before the appearance of Guccifer 2.0.
It's also approximately one month before Mueller says Guccifer 2.0 first successfully sent anything to WikiLeaks.
Whoever was controlling the Guccifer 2.0 persona went out of their way to be perceived as Russian and made specious claims about having already sent WikiLeaks documents, even claiming that WikiLeaks would release them soon (all before Mueller records any initial contact between the parties).
While WikiLeaks did mention this via their Twitter feed on June 16, 2016, they were clearly skeptical of his claims to be a hacker and although they cite his claim about sending material to WikiLeaks, they don't confirm it:
It also seems a little odd that the GRU would do searches for already translated phrases (using Google translate to get English translations would be more understandable) and if it's Guccifer 2.0 doing it why did he not use the VPN he used for his other activities throughout the same day?
Why does the Mueller report not report on the IP address of the Moscow-based server from which searches occurred? It wouldn't really expose sources and methods to disclose it and it's unclear how it was determined to have been used and managed by a unit of the GRU. (Citation #146 references the Netyksho indictment, however, that fails to provide evidence or explanation of this too.)
Also, Guccifer 2.0 did not attribute the hack to a Romanian hacker in his first blog post, he didn't mention nationality until a week later (after he'd already gone out of his way to leave Russian breadcrumbs behind).
The version of the opposition research document Guccifer 2.0 released was built using a prepared "Russian-tainted" template document.
The template was made by taking an attachment from one of John Podesta's emails (a document originally authored by Warren Flood in 2008), stripping out the content, adding in Russian language stylesheet entries, altering "Confidential Draft" in the background of the document to "Confidential", altering the footer and then stripping out the body content.
The body content of a Trump Opposition research document (originally authored by Lauren Dillon) that was attached to another of Podesta's emails was then copied into the template document.
The document was saved (with a Russian author name), its body content cleared and this was then re-used to produce two further "Russia-tainted" documents.
It was no accident that led to the documents being tainted in the way that they were and it looks like Guccifer 2.0's version of the Trump opposition research didn't really come from the DNC.
The email sent to The Smoking Gun revealed that Guccifer 2.0 appeared to be operating from somewhere in the central (US) time zone. It is one of several inexplicable examples of US timezone indications from Guccifer 2.0.
It should be noted that the data referenced above was also unrelated to the general election and didn't have any noticeable impact on it (the 2.5Gb of data Guccifer 2.0 provided to Aaron Nevins was unlikely to have hurt the Clinton campaign or affect the outcome of the general election).
In the states that the data related to, general election results didn't flip between the time of the publication of the documents and the election:
Interesting to note that Guccifer 2.0 lied about DCLeaks being a "sub project" of WikiLeaks.
The only materials Mueller alleges that WikiLeaks confirmed receipt of was a "1gb or so" archive, for which, instructions to access were communicated in an attached message (none-too-discreetly titled "wk dnc link1.txt.gpg") and sent by Guccifer 2 via unencrypted email.
It is an assumption that this was an archive of DNC emails (it could have contained other files Guccifer 2.0 subsequently released elsewhere).
We don't even know for sure whether WikiLeaks released what had been sent to them by either entity.
Even if, theoretically, the archive contained the emails, it couldn't have been the whole collection because the whole collection, when compressed, exceeds 2Gb of data.
This, of course, doesn't rule out the possibility of it being a portion of the overall collection but what the persona had sent to WikiLeaks could also easily have been other material relating to the DNC that we know Guccifer 2.0 later released or shared with other parties.
This is the second point at which to recall Assange's 12 June TV announcement of upcoming "emails related to Hillary Clinton", coming two days before Guccifer 2.0's colleagues at DCLeaks reach out to WikiLeaks via unencrypted means on 14 June 2016 to offer "sensitive information" on Clinton.
Then, seven days after Guccifer 2 had already claimed to have sent material to WikiLeaks and stated that they'd soon release it (which made it sound as though he'd had confirmation back), we see that WikiLeaks reaches out to Guccifer 2.0 and suggests he sends material to them (as though there's never been any prior contact or provision of materials previously discussed).
How is it "clear" that both the DNC and Podesta documents were transferred from the GRU to WikiLeaks when there is only around a gigabyte of data acknowledged as received (and we don't even know what that data is) and little is known about the rest (and the report just speculates at possibilities)?
We aren't provided the full dialogue between WikiLeaks and Guccifer 2.0. Instead we have just a few words selected from the communication that could easily be out of context. The Netyksho indictment did exactly the same thing. Neither the indictment nor the report provide the full DM conversation in context.
(It certainly wouldn't harm HUMINT resources or expose methods if this evidence was released in full context.)
Would the GRU really engage in internal communications (eg GRU Guccifer 2.0 to GRU DCLeaks) via Twitter DMs? Maybe, but it seems insanely sloppy with regards to operational security of a clandestine organization communicating between its own staff.
The statement that concludes on the following page (see below) also seems a little bizarre. Would WikiLeaks really ask Guccifer 2.0 to DM DCLeaks to pass on such a message on their behalf?
Why doesn't Mueller provide the comms evidence of WikiLeaks asking Guccifer 2.0 for assistance in contacting DCLeaks?
As written, we are expected to take the words of Guccifer 2.0 (stating that the media organisation wished to talk to DCLeaks) at face value.
The problem with this is that we are talking about a persona who lied publicly about when he first sent material to WikiLeaks (claiming to have done so already on the day appeared), lied about the relationship between WikiLeaks and DCLeaks and who had gone to a great deal of trouble to leave false Russian fingerprints in his work output.
It was actually the last-modification date, not the creation date that was recorded as 19 September, 2016.
This wasn't necessarily the creation date and is only indicative of the last recorded write/copy operation (unless last modification date is preserved when copying but there's no way to determine that based on the available evidence).
The gap between email file timestamps and attachment timestamps may simply be explained by WikiLeaks extracting the attachments from the EML files at a later stage. With the DNC emails we observed last-modifications dates as far back as May 23, 2016 but the attachments had last-modification dates that were much later (eg. July 21, 2016).
The wording is also worth noting: "Based on information about Assange's computer and its possible operating system" [emphasis mine] does not sound like it's based on reliable and factual information, it sounds like this is based on assessment/estimation. This also seems to be relying on an assumption that the only person handling files for WikiLeaks is Assange.
How have the Special Counsel cited WikiLeaks metadata for evidence where it's suited them yet, somehow, have managed to miss the May 23, 2016 date on which the DNC emails were initially being collected?
Going further, the report, based on speculation, suggests that the GRU staged releases in July (for DNC emails) and September (for Podesta emails). However, going off the same logic as the Special Counsel, with last-modification dates indicating when the email files are "staged", the evidence would theoretically point to the DNC emails being "staged" in May 2016).
It doesn't seem so reliable when the rule is applied multilaterally.
Of course, if both assumptions about staging dates are true, then we're left wondering what Julian Assange could have been talking about on June 12, 2016 when mentioning having emails relating to Hillary Clinton.
The speculation in the final paragraph of the above section also shows us that the Special Counsel lacks certainty on sources.
Really, this correlation of dates (March 21, 2016 and the reported phishing incident relating to March 19, 2016) is one of the best arguments for saying that emails published by WikiLeaks were acquired through phishing or hacking incidents reported.
However, this merely suggests the method of acquisition, it says nothing of how the material got to WikiLeaks. We can make assumptions, but that's all we can do because the available evidence is circumstantial rather than conclusive.
Far from "discredit[ing] WikiLeaks' claims about the source of the material it posted", the file transfer evidence doesn't conclusively demonstrate that WikiLeaks published anything sent to it by Guccifer 2.0 or DCLeaks.
Although there are hints that what was sent by Guccifer 2.0 related to the DNC, we don't know if this contained DNC emails or the other DNC related content he later released and shared with others.
"The statements about Seth Rich implied falsely that he had been the source of the stolen DNC emails" is itself a false statement. The reason Assange gave for offering a reward for information leading to the conviction of Seth Rich's killers was "Our sources take risks and they become concerned when they see things occurring like that [the death of DNC worker Seth Rich]… We have to understand how high the stakes are in the United States" (source).
This implies WikiLeaks is offering the reward for info about Seth Rich at the behest of its actual source/s.
By the time Trump had made the statements cited above, it was already assumed that Hillary had been hacked by the Russians, so Trump saying he hoped the Russians would find the emails seems more likely to have been in reference to what he assumed was already in their possession.
Finding those 30,000 emails also wouldn't be achieved through hacking at that point in time as the emails had already been deleted by Hillary Clinton's IT consultants in March 2015.
What is being described here is, to a considerable extent, just common exploit scanning on web services, scanning that will almost certainly have come from other nodes based in other nations too.
These scans are typically done via compromised machines, often with machines that are in nations completely separate to the nationality of those running the scanning effort.
The Department of Homeland Security threw cold water on this a long time ago.
DHS would not characterize these efforts as attacks, only “simple scanning … which occurs all the time”.
There was no alteration of ballots or results at all anywhere as of a testimony by DHS Secretary Jeh Johnson on June 21 2017 nor since that time, according to Brian Krebs, to the date of a hearing on November 27, 2017.
The remaining pages in this section of the report include a lot of redactions and mostly cover the actions of individuals in the US in relation to communications they had with or in relation to WikiLeaks. As this article is about the technical claims made in relation to hacking and so much is redacted, we'll only look at those really relevant to this.
By the time Assange made the announcement referenced above, the Hillary Clinton emails obtained through FOIA had already been published by WikiLeaks.
Considering what WikiLeaks subsequently published, it would seem that Assange was making a reference to at least one of the upcoming leaks.
At this time, there was no record of contact between WikiLeaks and either of the parties alleged to be the GRU.
Regarding the timing of the leaks and the Access Hollywood tape, it's important to note that journalist Stefani Maurizi, who had worked with WikiLeaks on the Podesta leaks, has stated publicly that she knew of WikiLeaks intention to publish on that date on the evening prior to it.
WikiLeaks stated the "timing conspiracy theory" was the other way round: "The [Access Hollywood] tape was moved forward to the day of our release, which WikiLeaks had been teasing" and was "well-documented".
[The remaining pages in this section have little relevance to the technical aspects of this section of the report and/or acquisition of materials that this article is intended to cover.]
Circumstantial Evidence & Understandable Assumptions
While the above does show numerous issues with the report, it's important not to fall into the trap of outright dismissing as false anything for which evidence is lacking or assuming there is no evidence at all to support assertions.
However, without knowing what evidence exists we're left to make assumptions about whether it's conclusive or circumstantial, we don't know if the source of evidence is dependable and it's clear in the report that the Special Counsel has relied on assumptions and made numerous statements on the basis of presuppositions.
There is also a considerable amount of circumstantial evidence that, although it doesn't conclusively prove what the report tries to convince us of, it does at least raise questions about relationships between different entities, especially with regards to any overlaps in resources and infrastructure used.
For example, based on the cited evidence, it is perfectly understandable that people will assume Guccifer 2.0 provided DNC emails to WikiLeaks and will also assume that WikiLeaks published whatever it was that Guccifer 2.0 had sent them (especially with Mueller presenting that conversation in the form of a couple of words devoid of all context).
The apparent overlap between a VPN service used by Guccifer 2.0 and by DCLeaks does suggest the two could be associated beyond Guccifer 2.0 just being a source of leaks for them.
Also, DCLeaks publishing some DNC emails that later appeared in the DNC email collection (though not necessarily from the same mailboxes) also suggests that DCLeaks and WikiLeaks could have had access to some of the same material and/or sources.
The same is true for Guccifer 2.0 releasing Podesta and DNC email attachments before WikiLeaks released both collections. Unless given good reason to consider any ulterior motive, the implied explanation, on the surface, seems to be that it was this persona that was a source for those emails. If nothing else, that's how it appears based on the little information typically made available to us by the mainstream press.
However, despite all of this, we still have not seen conclusive evidence showing that either of the entities was really controlled by the GRU and, when the countervailing evidence (which seems to have been completely ignored by the Special Counsel's investigation) is considered, there is reason to give consideration to Guccifer 2.0's efforts to not just associate himself with WikiLeaks and DCLeaks but also to associate third parties with each other through false claims.
The Mystery Of The May 23, 2016 Omission
One of the most notable omissions is the date on which emails from several mailboxes (including Luis Miranda's) were originally collected.
We know, from analysis of metadata of files hosted by WikiLeaks that this was May 23, 2016.
Not only is this prior to the May 25, 2016 – June 1, 2016 timeframe given for the DNC's exchange server being hacked, this activity is unmentioned throughout the entire report.
How has this failed to come to the surface when it should have been apparent in evidence CrowdStrike provided to the FBI and also apparent based on the WikiLeaks metadata? How is it the Special Counsel can cite some of the metadata in relation to WikiLeaks releases yet somehow manage to miss this?
What the Special Counsel's investigation also seems to have completely disregarded is the volume of countervailing evidence that has been discovered by several independent researchers in relation to the Guccifer 2.0 persona.
It's worth considering what evidence the Special Counsel has brought to the surface and comparing it with the evidence that has come to the surface as a result of discoveries being made by independent researchers over the past two years and the differences between the two sets of evidence (especially with regards to falsifiability and verifiability of evidence).
Some excellent examples are covered in the following articles:
- Guccifer 2.0 NGP/VAN Metadata Analysis
- Guccifer 2.0's First Five Documents: The Process
- Did Guccifer 2.0 Plant His Russian Fingerprints
- More Evidence that Guccifer 2 Planted His Russian Breadcrumbs
- Guccifer 2.0's US Time Zone Indicators
- Guccifer 2.0's Russian Breadcrumbs
- Guccifer 2 Returns to the East Coast
- When USB’s Fly: Recent Research Supports Forensicator’s Controversial Theory
- Data From Twitter And WordPress Is Giving Intelligence Committees The Opportunity To Gain Insights Into The Real "Guccifer 2.0"
- Guccifer 2.0 CF Files Metadata Analysis
- Timezone of Guccifer 2 cf.7z
- Guccifer 2.0 Email Time Zone
- A Closer Look At Guccifer 2.0's DNC Email Attachments
- Guccifer 2's West Coast Fingerprint
- Media Mishaps: Early Guccifer 2 Coverage
- Russia & WikiLeaks: The Case of The Gilded Guccifer
- Guccifer 2.0: A Two Tier Masquerade
- Fancy Frauds, Bogus Bears & Malware Mimicry?
- Sorting The WikiLeaks DNC Emails
- Email Dates In The WikiLeaks DNC Archive
- Mueller’s Latest Indictment Contradicts Evidence In The Public Domain
Reliability Of Attribution Methods
Skip Folden (who introduced me to VIPS members and has been a good friend ever since) recently shared with me his assessment of problems with the current attribution methods being relied on by the Special Counsel and others.
It covered several important points and was far more concise than anything I would have written, so, with his permission, I'm publishing his comments on this topic:
No basis whatsoever
APT28, aka Fancy Bear, Sofacy, Strontium, Pawn Storm, Sednit, etc., and APT29, aka Cozy Bear, Cozy Duke, Monkeys, CozyCar,The Dukes, etc., are used as ‘proof’ of Russia ‘hacking’ by Russian Intelligence agencies GRU and FSB respectively.
There is no basis whatsoever to attribute the use of known intrusion elements to Russia, not even if they were once reverse routed to Russia, which claim has never been made by NSA or any other of our IC.
On June 15, 2016 Dmitri Alperovitch himself, in an Atlantic Council article, gave only “medium-level of confidence that Fancy Bear is GRU” and “low-level of confidence that Cozy Bear is FSB.” These assessments, from the main source himself, that either APT is Russian intelligence, averages 37%-38% [(50 + 25) / 2].
None of the technical indicators, e.g., intrusion tools (such as X-Agent, X-Tunnel), facilities, tactics, techniques, or procedures, etc., of the 28 and 29 APTs can be uniquely attributed to Russia, even if one or more had ever been trace routed to Russia. Once an element of a set of intrusion tools is used in the public domain it can be reverse-engineered and used by other groups which precludes the assumption of exclusivity in future use. The proof that any of these tools have never been reverse engineered and used by others is left to the student – or prosecutor.
Also, targets have been used as basis for attributing intrusions to Russia, and that is pure nonsense. Both many state and non-state players have deep interests in the same targets and have the technical expertise to launch intrusions. In Grizzly Steppe, page 2, second paragraph, beginning with, “Both groups have historically targeted …,” is there anything in that paragraph which can be claimed as unique to Russia or which excludes all other major state players in the world or any of the non-state organizations? No.
Key Logger Consideration
On the subject of naming specific GRU officers initiating specific actions on GRU Russian facilities on certain dates / times, other than via implanted ID chips under the finger tips of these named GRU officers, the logical assumption would be by installed key logger capabilities, physical or malware, on one or more GRU Russian computers.
The GRU is a highly advanced Russian intelligence unit. It would be very surprising were the GRU open to any method used to install key logger capabilities. It would be even more surprising, if not beyond comprehension that the GRU did not scan all systems upon start-up and in real time, including key logger protection and anomalies of performance degradation and data transmissions.
Foreign intelligence source
Other option would be via a foreign intelligence unit source with local GRU access. Any such would be quite anti-Russian and be another nail in the coffin of any chain of evidence / custody validity at Russian site.
Chain Of Custody – Without An Anchor There Is No Chain
Another big problem with the whole RussiaGate investigation is the reliance on a private firm, hired by the DNC, to be the source of evidence.
As I don't have a good understanding of US law and processes surrounding evidence collection and handling, I will, again, defer to something that my aforementioned contact shared:
Chain of Evidence / Custody at US end, i.e., DNC and related computing facilities
Summary: There is no US end Chain of Evidence / Custody
The anchor of any chain of evidence custody is the on-site crime scene investigation of a jurisdictional law enforcement agency and neutral jurisdictional forensic team which investigate, discover, identify where possible, log, mark, package, seal, or takes images there of, of all identified elements of potential evidence as discovered at the scene of a crime by the authorized teams. The chain of this anchor is then the careful, documented movement of each element of captured evidence from crime scene to court.
In the case of the alleged series of intrusions into the DNC computing facilities, there is no anchor to any chain of evidence / custody.
There has been no claim that any jurisdictional law enforcement agency was allowed access to the DNC computing facilities. The FBI was denied access to DNC facilities, thereby supposedly denying the FBI the ability to conduct any on-site investigation of the alleged crime scene for discovery or collection of evidence.
Nor did the FBI exercise its authority to investigate the crime scene of a purported federal crime. Since when does the FBI need permission to investigate an alleged crime site where it is claimed a foreign government’s intelligence attacked political files in order to interfere in a US presidential election?
Instead, the FBI accepted images of purported crime scene evidence from a contractor hired by and, therefore, working for the DNC. On July 05, 2017 a Crowdstrike statement said that they had provided “… forensic images of the DNC system to the FBI.” It was not stated when these images were provided. Crowdstrike was working for the DNC as a contractor at the time.
This scenario is analogous to an employee of a crime scene owner telling law enforcement, “Trust me; I have examined the crime scene for you and here’s what I’ve found. It’s not necessary for you to see the crime scene.”
Crowdstrike cannot be accepted as a neutral forensic organization. It was working for and being paid by the DNC. It is neither a law enforcement agency nor a federal forensic organization. Further Crowdstrike has serious conflicts of interest when it comes to any investigation of Russia.
Crowdstrike co-founder and Director of Technology, Dimitri Alperovitch, is a Nonresident Senior Fellow, Cyber Statecraft Initiative, of the Atlantic Council. Alperovitch has made it clear of his dislike of the government of Putin, and The Atlantic Council can not be considered neutral to Russia, receiving funding from many very staunch and outspoken enemies of Russia.
Summary: Not only was no federal jurisdictional law enforcement agency allowed to investigate the alleged crime scene, but the organization which allegedly collected and provided the ‘evidence’ was not neutral by being employed by the owner of the alleged crime scene, but seriously compromised by strong anti-Russian links.
This issue of this substitute for an anchor then leads us to our next problem: an apparent conflict of interest from the investigation's outset.
Conflict of Interest Inherent In The Investigation?
Would it seem like a conflict of interest if the person in charge of an investigation were friends with a witness and source of critical evidence relied upon by that investigation?
This is effectively the situation we have with the Special Counsel investigation because Robert Mueller and CrowdStrike's CSO (and President) Shawn Henry are former colleagues and friends.
If nothing else, it's understandable for people to feel that the Special Counsel would have struggled to be truly impartial due to such relationships.
The Special Counsel seems to have been impervious to critical pieces of countervailing evidence (some of which demonstrates that Guccifer 2.0 deliberately manufactured Russian breadcrumbs) and they have failed to accurately account for the acquisition of WikiLeaks' DNC emails (missing the date on which approximately 70% of them were collected), which is, in itself, a stunning failure for a supposedly thorough investigation costing US taxpayers tens of millions of dollars.
There should have been a proper, thorough, independent and impartial investigation into the Guccifer 2.0 persona. The Special Counsel certainly hasn't done that job and, in retrospect, looks to have been ill-equipped (and perhaps somewhat reluctant) to do so from the outset.
This article may be republished/reproduced in part or in full on condition that content above is unaltered and that the author is credited (or, alternatively, that a link to the full article is included).