Assistant Attorney General Rosenstein announced a bizarre indictment against Russian military intelligence operatives today that, rather than confirming the case of "Russian meddling" in the U.S. 2016 Presidential election raises more questions. Here are the major oddities:
- How did the FBI obtain information about activity on the DNC and DCCC servers when the DNC/DCCC refused to give the Feds access to the servers/computers?
- Why does Crowdstrike get credit as being a competent computer security firm when, according to the indictment, they completely and utterly failed to stop the "hacks?"
- Why does the indictment refuse to name Wikileaks by name as the Russian collaborator?
Please go read the indictment (here) for yourself. I have taken the time to put together a timeline based on the indictment and other information already on the public record. Here is the bottomline–if US officials knew as early as April that Russia was hacking the DNC, why did it take US officials more than six months to stop the activity? The statement of "facts" contained in the indictment also raise another troubling issue–what is the source of the information? For example, if the FBI was not given access to the DNC/DCCC servers and computers then how do they know what happened on specific dates as alleged in the complaint?
Here is the timeline:
18 April 2016–The Russians hacked into the DNC using DCCC computers and installed malware on the network. (p. 10, para 26)
22 April 2016–The GRU (Russian military intelligence) compressed gigabytes of data using X-tunnel and moved it to a GRU computer located in ILLINOIS. (p. 11, para 26a)
28 April 2016–The Russians stole documents from the DCCC and moved them on to the computer in Illinois. (p. 11, para 26b).
Late April – 5 May 2016–DNC leaders were tipped to the hack in late April. Chief executive Amy Dacey got a call from her operations chief saying that their information technology team had noticed some unusual network activity. That evening, she spoke with Michael Sussmann, a DNC lawyer who is a partner with Perkins Coie in Washington. Soon after, Sussmann, a formerfederal prosecutor who handled computer crime cases, called Henry, whom he has known for many years. (Ellen Nakashima’s 14 June Washington Post article) (see p. 12, para 32 of th
13 May 2016–The Russians deleted logs and files from a DNC computer. (p. 11, para 31)
25 May – 1 June 2016–the Russians hacked the DNC Microsoft Exchange Server and stole thousands of emails from DNC employees. (p. 11, para 29).
8 June 2016–DCLeaks.com set up, allegedly by the GRU (no proof offered). Also created Facebook and Twitter accounts (pp. 13-14, paras. 35, 38, 39)
10 June 2016–Ultimately, the [Crowdstrike] teams decided it was necessary to replace the software on every computer at the DNC. Until the network was clean, secrecy was vital. On the afternoon of Friday, June 10, all DNC employees were instructed to leave their laptops in the office. (Esquire Magazine offers a different timeline)
22 June 2016–Wikileaks contacts Guccier 2.0 stating, "send any new material here for us to review and it will have a much higher impact than what you are doing."
14 July 2016–The GRU, under the guise of Guccifer 2.0, sent Wikileaks an attachment with an encrypted file that explained how to access an online archive of "stolen" documents.
15 August 2016–Guccifer, alleged to be the GRU, has email exchange with Roger Stone.
22 July 2016–Wikileaks publishes 40,000 plus emails (note, the Indictment INCORRECTLY states that the number was 20,000).
September 2016–The GRU obtained access to a DNC server hosted by a third party and took "data analytics" info. (p. 13, para 34)
October 2016–A functioning Linux-based version of X-agent remained on the DNC server until October. (p. 12, para 32)
Another great curiosity is the timing of the announcement of the indictments. Why today? There was no urgency. No one was on the verge of fleeing the United States. All of the defendants are in Russia and beyond our reach.
A careful read of the indictment reveals a level of detail that could only have been obtained from intelligence sources (which means that information would be invalidated if the defendants ever decide to challenge the indictment) or it was provided by an unreliable third party.
I was shocked to discover, thanks to the indictment, how inept Crowdstrike was in this entire process. Not only did more than 30 days lapse before they attempted to shutdown the Russian hacking by installing new software and issuing new email passwords, but their so-called security fix left the Russians running an operation until October 2016. How can you be considered a credible cyber security company yet fail to shutdown the alleged Russian intrusion? It does not make sense.
The most glaring deficit in the indictment is the lack of supporting evidence to back up the charges levied in the indictment. How do we know that computer files were erased if the FBI did not have access to the computers and the servers? How do we know the names of the 12 Russian GRU officers? The Russians do not publish directories of secret organizations. Where did this information come from?
It would appear that the release of the indictment today was a deliberate political act designed to detract and distract from the Trump visit to the UK and to put pressure on him to confront Vladimir Putin. I have heard from many of my former colleagues who are hoping that Putin calls the Rosenstein bluff. If forced to reveal the "evidence" behind this indictment because of a challenge from a defendant, the results will be a disaster for the prosecution.