My Whistleblower Complaint on the Alleged Russian Hack by Larry Johnson

Larry Johnson-5x7

Since Intelligence Community Inspector General Atkinson opened the door for anyone to report anything without having firsthand knowledge, I think I have a far more substantive complaint than the current alleged whistleblower.

The Intelligence Community claim that the DNC emails were taken via a Russian spearphishing attack is a lie. All 35,813 DNC emails posted on Wikileaks are in a FAT format according to the metadata. This means the emails were downloaded onto a recordable media, such as a thumb drive.

James Clapper, the U.S. Director of National Intelligence, released a document in January 2017 with the title, Assessing Russian Activities and Intentions in Recent US Elections. This document has been described in the media as an “Intelligence Community Assessment” aka “ICA.” But it includes the contribution of only three agencies—the Central Intelligence Agency (CIA), the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA). Two other members of the Intelligence Community that had key expertise on this subject matter—the Bureau of Intelligence and Research (INR) at the U.S. Department of State and the Defense Intelligence Agency (DIA)–and should have been involved in this assessment were excluded from contributing to and “coordinating” on this document.

(Note—the term “coordination” is a term used in the Intel Community as shorthand for describing the process that the analyst, who drafts this kind of report, follows prior to submitting the draft for publication. Once a draft is prepared the analyst must share it with those agencies/intel sources cited in the report and request their concurrence with the statements and conclusions. For example, if a CIA analyst is the lead writer and refers to or cites a piece of intelligence produced by the NSA, the analyst is supposed to get his or her counterpart at the NSA to review and approve what has been drafted or suggest alternative language or refuse to clear the use of the material in the report.)

A key conclusion of the ICA Key Judgments focuses on the actions of the Russia’s military intelligence organization, the GRU.

We assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and to release US victim data obtained in cyber operations publicly and in exclusives to media outlets and relayed material to WikiLeaks.

But two key members of the Intelligence Community with expertise on the GRU—INR and DIA—were not asked to contribute nor coordinate on this so-called Community Assessment.

The main narrative of this Intel Communisty Assessment (aka ICA) bears the title, Russia’s Influence Campaign Targeting the 2016 US Presidential Election. ICA specifically blames Russia’s GRU for taking the emails from the DNC server:

In July 2015, Russian intelligence gained access to Democratic National Committee (DNC) networks and maintained that access until at least June 2016.

The General Staff Main Intelligence Directorate (GRU) probably began cyber operations aimed at the US election by March 2016. We assess that the GRU operations resulted in the compromise of the personal e-mail accounts of Democratic Party officials and political figures. By May, the GRU had exfiltrated large volumes of data from the DNC.

If you go to the Wikileaks site you can see for yourself that the emails taken from the DNC cover the period from January 2015 to May 25, 2016. The ICA claims that “Russian intelligence gained access to the DNC networks” starting in July 2015 but offers no evidence or citation to support this conclusion. Taken at face value, this claim raises additional questions. For example, when did the U.S. intelligence community discover or learn that the Russians were attacking the DNC network starting in July 2015? Was it July 2015 or was it after the Washington Post reported in June 2016 that Russia had hacked the DNC?

If the U.S. Intelligence Community learned in real time in July of 2015 of this Russian military cyber offensive, then we have prima facia evidence of a major intelligence failure by the U.S. Intelligence Community. How so? One of our political parties was under attack by a foreign intelligence organization and the Obama Administration took no action to stop or disrupt this attack.

The failure to act could be explained by the fact that the IC only discovered the penetration of the DNC after the fact. If they only learned about the GRU activity in the wake of the Crowdstrike announcement in June 2016 about Russian penetration that this occurred then they are acknowledging that NSA has the technical systems in place to retroactively search NSA records and track certain activity by the Russians.

Here is what we know for certain–at no time in the 11 months between July 2015 and June 2016 did the Intelligence Community warn the DNC that they were the target of a Russian intelligence operation. And in May of 2016, when the DNC claims it was alerted to the GRU intrusion by a private contractor (Crowdstrike), neither the NSA nor the CIA nor the FBI spoke up to corroborate the Crowdstrike claim.

We also know that everything the FBI and NSA claim to know about the DNC servers came from Crowdstrike. FBI Director Jim Comey testified to the House Intelligence Committee in March 2017 and stated the following:

“we never got direct access to the machines themselves. The DNC in the spring of 2016 hired a firm that ultimately shared with us their forensics from their review of the system.”

Same with the NSA. NSA Director Admiral Mike Rogers and FBI Director Comey at the same March 2017 hearing told Congressman Hurd of Texas the following:

HURD: Director Rogers, did the NSA ever get access to the DNC hardware?

ROGERS: The NSA didn’t ask for access. That’s not in our job…

HURD: Good copy. So director FBI notified the DNC early, before any information was put on Wikileaks and when — you have still been — never been given access to any of the technical or the physical machines that were — that were hacked by the Russians.

COMEY: That’s correct although we got the forensics from the pros that they hired which – again, best practice is always to get access to the machines themselves, but this – my folks tell me was an appropriate substitute.

If the DNC really was attacked by a foreign government, why did the DNC keep U.S. law enforcement and intelligence agencies at arms length? This reaction is not consistent with a victim of a foreign attack. This is akin to a person being robbed in their home and refusing to let the police come in and collect evidence in order to identify the culprits and punish those responsible.

The lack of cooperation between DNC/Crowdstrike and the U.S Government is especially troubling because a senior executive at Crowdstrike was a former senior Agent of the FBI with cyber security responsibilities. Not a single member of the U.S. Intelligence Community did anything to stop or limit this alleged GRU attack.

In line with the claim in the January 2017 ICA, Special Prosecutor Robert Mueller also claimed that the alleged attack on the DNC was conducted using a “spearphishing” attack but provided more details:

Two military units of the GRU carried out the computer intrusions into the Clinton Campaign, DNC, and DCCC: Military Units 26165 and 74455. 110 Military Unit 26165 is a GRU cyber unit dedicated to targeting military, political , governmental , and non-governmental organizations outside of Russia, including in the United States. 111 The unit was sub-divided into departments with different specialties. One department, for example, developed specialized malicious software “malware”, while another department conducted large-scale spearphishing campaigns. 112 (see p. 36 of the Mueller Report). . . .

GRU officers also sent hundreds of spearphishing emails to the work and personal email accounts of Clinton Campaign employees and volunteers. Between March 10, 2016 and March 15, 2016 , Unit 26165 appears to have sent approximately 90 spearphishing emails to email accounts at Starting on March 15, 2016, the GRU began targeting Google email accounts used by Clinton Campaign employees, along with a smaller number of dnc.orgemail accounts. 117

The GRU spearphishing operation enabled it to gain access to numerous email accounts of Clinton Campaign employees and volunteers, including campaign chairman John Podesta , junior volunteers assigned to the Clinton Campaign’s advance team, informal Clinton Campaign advisors, and a DNC employee. 118 GRU officers stole tens of thousands of emails from spearphishing victims, including various Clinton Campaign-related communications.

The claim that the GRU obtained DNC emails via spearphishing is demonstrably false. If the DNC emails had been obtained via “spearphishing” then the documents would have been transferred via the internet and the metadata contained in the DNC emails would show specific markers consistent with such a transfer. But the metadata in the DNC emails tells a radically different story.

Before delving into the forensic evidence it is important to review how the alleged hack of the DNC was discovered and reported. Here are the facts on the public record. They are at odds with the claims of the Intelligence Community:

  1. It was 29 April 2016, when the DNC claims it became aware its servers had been penetrated. No claim yet about who was responsible. And no claim that there had been a prior warning by the FBI of a penetration of the DNC by Russian military intelligence.
  2. According to CrowdStrike founder, Dimitri Alperovitch, his company first supposedly detected the Russians mucking around inside the DNC server on 6 May 2016. A CrowdStrike intelligence analyst reportedly told Alperovitch that:
    1. Falcon had identified not one but two Russian intruders: Cozy Bear, a group CrowdStrike’s experts believed was affiliated with the FSB, Russia’s answer to the CIA; and Fancy Bear, which they had linked to the GRU, Russian military intelligence.
  3. The Wikileaks data shows that the last message copied from the DNC network is dated Wed, 25 May 2016 08:48:35.
  4. 10 June 2016–CrowdStrike waited until 10 June 2016 to take concrete steps to clean up the DNC network. Alperovitch told Esquire’s Vicky Ward that: ‘Ultimately, the teams decided it was necessary to replace the software on every computer at the DNC. Until the network was clean, secrecy was vital. On the afternoon of Friday, June 10, all DNC employees were instructed to leave their laptops in the office.”
  5. On June 14, 2016, Ellen Nakamura, a Washington Post reporter who had been briefed by computer security company hired by the DNC—Crowdstrike–, wrote:
    1. Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.
    2. The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts.
    3. The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some Republican political action committees, U.S. officials said. But details on those cases were not available.
  6. 15 June, 2016, an internet “personality” self-described as Guccifer 2.0 surfaces and claims to be responsible for the hacks but denies being Russian. However, the meta data in the documents posted by Guccifer 2.0 appear to be deliberately crafted to show “Russian” involvement.
  7. The DNC emails that were released on July 22, 2016 by Wikileaks covered the period from January 2015 thru 25 May 2016.

The public has been sold a fabricated story that does not pass the common sense smell test–i.e., that an allegedly competent cyber security company discovered on May 6, 2016 that the Russians were in the DNC network but Crowdstrike did not act to remove the Russians until 35 days later (i.e., June 10, 2016). Crowdstrike’s behavior defies common sense–who waits more than a month to shutdown a network that you claim was penetrated by a foreign power? You find a robber in your home and you wait a month to call the police or chase the criminal out? No serious, competent cyber security expert would countenance such misconduct.

There is forensic evidence that rebuts the Crowdstrike story of a Russian hack. The meta-data in the emails posted on Wikileaks provides clear evidence that the emails were not taken from the DNC via a spearphishing attack. If the Russians had actually “entered” the network, as claimed by Crowdstrike, by using a bogus email to bait an unsuspecting user to click on a link or reply then the emails from the DNC server, the metadata in the messages posted at Wikileaks would not be in FAT format.  It is essential to recall that Crowdstrike claimed this hack was done using malware christened as “Fancy Bear” and “Cozy Bear.” But the meta data tells a different story.

The metadata in the DNC emails at Wikileaks are in FAT format. This means that those messages were downloaded onto a physical device, such as a thumb drive.

An examination of the Wikileaks DNC files shows that the emails posted on 22 July 2016 were created on 23 and 25 May. Currently, there are other DNC emails posted at Wikileaks that have a last modified date stamp of 26 August. The fact that the metadata in all of these messages are in a FAT system format means that the data was transfered to a storage device, such as a thumb drive, before being sent to Wikileaks.

The truth lies in the “last modified” time stamps contained in the metadata on each DNC email posted on Wikileaks. Every single one of these time stamps end in even numbers. If you are not familiar with the FAT file system, you need to understand that when a date is stored under this system the data rounds the time to the nearest even numbered second.

Bill Binney has examined all 35,813 DNC email files stored on Wikileaks and found that all files “last modified” time stamps ended in an even number—2, 4, 6, 8 or 0. There are 10,520 emails with the last modified date of 23 May 2016. There are 11,936 emails with the last modified date of 25 May 2016. If a system other than FAT had been used, there would have been an equal probability of the time stamp ending with an odd number. But that is not the case with the data stored on the Wikileaks site. All end with an even number.

If the DNC emails had been stolen via a spearhphising attack, then the last modified time stamp would show odd numbers as well as even numbers. But that is not the case. There is no evidence apart from assertions by Robert Mueller and the Intelligence Community that Russian operatives spearphised their way into the DNC network. Let me repeat that–there is not one shred of evidence provided by either Robert Mueller or the U.S. Intelligence Community to support their claim that Russia was behind the DNC hack.

If the DNC network actually was penetrated by a spearphishing attack, i.e., an internet based hack of the DNC computer network, then the National Security Agency would have that evidence. The technical systems to accomplish this task have been in place since 2002. The NSA had an opportunity to make it clear that there was irrefutable proof of Russian meddling, particularly with regard to the DNC hack, when it signed on to the January 2017 “Intelligence Community Assessment,” regarding Russian interference in the 2016 Presidential election. They made no such claim.

Thanks to Edward Snowden we know that the NSA has been collecting the full content of U.S. domestic e-mail, without a warrant since 2002. The communications collected include the full content and associated metadata of phone calls, e-mail, text messages, and web queries performed by almost all United States citizens. (Metadata consists of information about other data. For e-mail, it would include information such as the name of the sender and recipient; the date and time it was sent; and the internet service provider used to send the message.)

These records are collected inside the United States, as well as at overseas locations. The data is then stored in data centers located at Fort Meade, Maryland; Bluffdale, Utah; and at other sites in the United States. Since 2001, NSA collection has expanded to collect everything on the fiber Communications inside the US. This is achieved within the “Upstream” NSA Program. This program includes subprograms for each communications company assisting them. For example, Fairview is the name for the AT&T Program, Stormbrew is the name for the Verizon program, etc.

The Snowden documents make it clear how this collection is occurring. For example, one of the documents taken by Edward Snowden is labeled “Fairview at a Glance.” Fairview is the NSA program responsible for the upstream collection of data from the AT&T telecommunications system. This slide shows the locations where the NSA has tapped into the AT&T system to collect data from the system. As the slide indicates, the vast majority of the data collected is domestic communications. Conversations with foreigners are represented by the green dots, which mark international fiber optic cables coming in from offshore. The slide shows that the NSA is collecting both “content” and “metadata” as part of the Fairview program.

Another document revealed by Edward Snowden is labeled “US-983 Stormbrew.” It is a photograph of the tap points for the NSA’s Stormbrew program. Stormbrew is the program responsible for the upstream collection of data from the Verizon telecommunications  network. As indicated by the photo, collection from Verizon is also occurring within the United States.

A document from the Snowden collection, labeled “Blarney Access,” shows the tap points for the NSA’s Blarney program. Blarney is the program responsible for the upstream collection of data from 30+ providers of internet service, domestic long-distance service, and data centers. Once the data is collected, the NSA breaks it down into various subcategories, which are made searchable through various query-programs.

The information released by Edward Snowden leaves no doubt that the NSA had systems and programs in place that collected any emails taken over the internet by a Russian intelligence operation. Moreover, if such an attack by Russia actually had taken place then the NSA also has the ability to trace the route or routes that those emails transitted.

There also is the question of how Wikileaks obtained this information. Both British and U.S. intelligence agencies made it a priority to monitor and collect all electronic communication going into Wikileaks in the aftermath of the classified information illegally taken by Bradley “Chelsea” Manning. In theory this intelligence community collection should provide some clue about the last communications point before the emails entered the Wikileaks system. But no such evidence has been proffered to the public.

Julian Assange, the founder of Wikileaks, has repeatedly and consistently insisted that Russia was not the source and, according to the Ellen Ratner, the sister of his lawyer, the source was someone within the Democratic campaign of Hillary Clinton.

This complaint does not reach any conclusion about the specific identity of the person or persons who leaked the DNC emails to Wikileaks. But the U.S. Government claim that Russia hacked the DNC is a lie. The evidence presented in public makes clear that Russia did not obtain those emails via spearphishing.

This entry was posted in Larry Johnson, Russiagate. Bookmark the permalink.

54 Responses to My Whistleblower Complaint on the Alleged Russian Hack by Larry Johnson

  1. akaPatience says:

    In light of the Ukraine Hoax, I’ve been anxiously waiting to read the latest from you Larry, but didn’t anticipate THIS! LOL, Brennan asked for it, didn’t he?

  2. Factotum says:

    Each piece of insight and information you present has always been interesting. But often almost as stand alone import – it seems now the threads are now explosively coming together. Keep this up – you are a beacon of clarity, LJ.

  3. Rhondda says:

    “For example, when did the U.S. intelligence community discover or learn that the Russians were attacking the DNC network starting in July 2015? Was it July 2015 or was it after the Washington Post reported in June 2016 that Russia had hacked the DNC?”
    FBI (at least) supposedly repeatedly called the DNC IT Help Desk to inform them their systems were hacked –in September 2015.
    Hmmm. Very memorable tale. Which was why I was able to find it again so easily! Even at the time I firstread it, it struck me that it’s a “date shifter” news story. Intended to be memorable and highly searchable, what with the “comedy of error” help desk drama nugget.
    So, more probably, July.

  4. Rhondda says:

    I find this to be a useful timeline. I thought others might, too.

    …the DNC hacking timeline in its entirety – including events overlooked in the DNC Lawsuit.
    DNC Lawsuit dates are bolded. Dates relating to NSA Director Rogers actions are italicized:
    July 20, 2015 – The Yates Memorandum denying Inspector General Access & Oversight of information collected by the DOJ & FBI under Title III is issued.
    July 27, 2015 – Russia’s cyberattack on the DNC began only weeks after Trump announced his candidacy for President of the United States.
    September 2015 – the FBI notified the DNC that hackers had compromised “at least one DNC server.” The FBI called the DNC Help Desk.
    November 2015 – the FBI notified the DNC one of the DNC’s computers was now transmitting information to Russia.
    November 2015-April 2016 – The FBI and DOJ’s National Security Division (NSD) used private contractors to access raw FISA information using “To” and “From” FISA-702(16) & “About” FISA-702(17) queries.
    March 9, 2016 – NSA Director Rogers became aware of improper access to raw FISA data…(continues at link above)”

  5. DonkeyOatey says:

    Good stuff
    But…. I think it’s spearphis(h)ing
    The missing ‘h’ was driving me nuts. Sorry, that’s my neurological problem

  6. You’re right. Good catch. I always benefit from a sharp-eyed editor.

  7. John Merryman says:

    Lol. Love to see this work its way through the wash cycle.
    There is no grand strategy, just a bunch of pawns, dreaming they are kings and queens. One dimensional chess.

  8. Factotum says:

    How does the timeline of the whole Awan family of Pakistani IT aides to Democrat congress persons, including Debbie Wasserman Schultz fit into this unfolding scenario? Many loose ends here – all Democrats hired them and exempted them from background checks, all involved in multiple nefarious and curious actions, and all left the US without consequence.
    We need a spread sheet setting out the overlapping timelines of the Awans, Wikilinks, Seth Rich and the Crowdstrike cover-up:
    ….”(Prosecutor) Coomey said he would not prosecute Imran Awan for any crimes on Capitol Hill in the plea agreement.
    “Particularly, the government has found no evidence that your client illegally removed House data from the House network or from House Members’ offices, stole the House Democratic Caucus Server, stole or destroyed House information technology equipment, or improperly accessed or transferred government information, including classified or sensitive information,” the prosecution stated in the plea deal…….”

  9. Larry, I was sad more than anything else not to see DIA involved in the ICA. DIA had a small, but very competent analytical effort in the cyber field. The analytical side had strong support from leadership. That was before I retired. The one true expert in Russian cyber and IW efforts probably retired soon after me. I don’t know where it stood at the end of 2016. The DIA collection side pretty much died when I retired. There was a sizable cabal of Luddites on the operational side that wanted nothing to do with that techno-spookery. They wanted me dead for years. The cyber collection and analytical efforts at CIA, NSA and FBI dwarfed anything we had at DIA. The INR was never a player in this field. I was surprised they didn’t make more of an effort since DOS was a punching bag for state and non-state hackers.
    Again, the NSA did give a high confidence assessment for Russia/GRU hacking. Their moderate confidence was in the finding that Putin personally directed this effort. Since that was most likely based on human sources rather than technical sources, I can understand the NSA reluctance. The spearphishing attacks were pretty well documented. The spearphishing attacks only allow hackers to gain access to a system. Spearphishing leaves no signatures beyond that initial stage of a hack. In the case of the DNC files, they were compiles and compressed using win.exe and transferred using x-tunnel. Those programs, especially rar.exe, left markers.

  10. Twisted,
    There is ZERO evidence of spear phishing. None. The metadata in the emails tells what happened. You may not accept the reality of the math, but the math does not lie. You also ignore the huge gaps in the supposed Crowdstrike effort to deal with this threat. Please deal with the facts.
    If those emails were snagged via spear phishing then the metadata would show a random distribution of odd and even numbers. They don’t.
    The Podesta emails, however, were spear phished. They exhibit the odd/even distribution.

  11. Jack says:

    What’s your take on what Barr and Durham are up to? Do you have any confidence they’ll get to the bottom of it and hold the putschists accountable. Or will they whitewash it all as is normally the case when high officials are involved. Similar to the Hillary “investigation”. Brennan in an interview today speculated that Durham would be calling him for an interview. I wonder if a grand jury has been empaneled?
    As David Habakkuk has noted, where are the servers, what happened to them and the logs on them? It would seem that the FBI & NSA could easily find out considering all electronic communications domestically are hoovered. And as we know Clapper lied under oath on the existence of these programs and got away with it.

  12. They are moving methodically and by the book. There will be indictments.

  13. J says:

    Did you see where the FBI is trolling Facebook with ads trying to recruit Russian spies.

  14. Jack says:

    Can one make a definitive determination of how files were exfiltrated without examining the servers and all the log files as well as the firewalls?
    One of the startups that I had invested in was a company that helped large enterprises identify and prevent the exit of proprietary information. I invested in them because they showed me data that the vast majority of IP theft were perpetrated by insiders. Mostly due to carelessness not malice. They had a very successful run and Symantec made us an offer we couldn’t refuse. I recall asking one of their top engineers sometime back about who could have done it and he said he wouldn’t even speculate without looking at the computer systems and networks. I’m curious how the IC and FBI could have made any determination without direct examination? I believe in a recent court filing the FBI stated they didn’t even look at the Crowdstrike report details.
    I believe stealing digital information through exploitation of network vulnerabilities has only picked up in scale in recent years. Maybe only after guys like you began doing it in earnest 🤣

  15. Certainly hope you’re right and they are and there will be (although one can wonder how high they will go with indictments) because, apart from any US domestic implications, the Russofrenzy can have very bad results for the rest of us.

  16. Joe100 says:

    Serious investigative journalists, like John Helmer, identified the links between Ukraine oligarchs and Western politicians years back. See for example: I was thus reading about Burisma corruption and the companies financial links to Hunter Biden and John Kerry’s stepson quite dome time back. Also reading about Victor Pinchuk’s (check out his reputation) annual “friends party” typically attended by participants like Bill Clinton, Tony Blair, George Soros and Hillary Clinton. And it seems pretty likely to me that his “big name” political guests were not attending because Pinchuk (worth many billions) holds a nice party.
    So again, I wonder if the Dems had a clue what would creep out from under the Ukraine rock they are turning over.
    FYI, Helmer does amazing work and even though he lives in Moscow, he is clearly an “equal opportunity” investigator and does not hold back on Russian corruption, etc.

  17. Jack, forensic examination of a network’s servers, routers, switches and dedicated firewall boxes offers a wealth of information to determine how data is exfiltrated, but it has serious limitations. Logs are often changed by hackers. That’s all we had for a long time to try to determine how data was taken and who took that data from USG systems. Determining what was taken was still difficult unless you caught them in the act of exfiltration. Attribution was even more difficult. The breakthrough came when we started focusing on the attackers’ infrastructure, their attack points, their drop off and transfer points. That approach gave clear answers to what was taken and by whom. In the case of the DNC, we identified the Russian’s infrastructure used for staging/controlling the attacks, the transfer points for the stolen data and the spear phishing servers. We even hacked back to the GRU computers in Moscow. The Dutch AIVD went further and obtained film of GRU hackers through the GRU’s own Moscow surveillance cameras, but this was prior to the DNC attacks. However, this AIVD penetration was key to stopping an unusually aggressive GRU attack on DOS and JCS systems in 2014.

  18. Larry, I don’t think you understand what spear phishing accomplishes. It enables entry into a system by tricking a legitimate user to open an infected email, attachment or connecting to a bogus server where the users credentials are given up (Podesta’s case). No data is transferred from the target system (other than a user’s credentials) during a spear phishing attack. Data is stolen AFTER a successful spear phishing attack.
    In the case of the DNC, APT29 sent spear phishing emails to more than 1,000 addresses. The emails used a common phishing technique: malicious attachments. The recipients were tricked into opening what appeared to be a harmless file but instead was malware. Someone at the DNC must have received and open one of the attachments. This allowed APT 29 to install malware, establish persistence, escalate privileges, steal and exfiltrate emails to the attacker’s infrastructure through an encrypted connection.
    APT28 also used phishing emails but not with malware attachments. These emails tricked the users into sharing or resetting their passwords. The emails asked users to reset their passwords and provided a link to do so. Clicking the link brought the users to a spoofed webmail domain. There they entered or reset their passwords and gave APT28 the keys to their mailbox. APT28 targeted DNC, and Gmail email addresses. From there, APT28 had access to the DNC network and used their tools to exfiltrate data through the APT28 infrastructure.
    I also think your faith in metadata is misplaced. It can be faked including the dates/times of last copy. I didn’t think that was possible until I read this critique of the forensicator work.
    To create this archive, the leaker ran the following command (or used GUI to the same effect):
    > rar a DNC DNC -r
    But wait… the folder he was packaging, along with other enclosed folders, was last modified on September 1, 2016 at 12:47 EDT and packaged into an archive immediately after that at 12:48 EDT, taking into account the time zone difference. Seth Rich was killed on July 10, 2016. So, did he raise from the dead on September 1, 2016 to create the archives???
    As a more sane explanation, the hacker copied the files locally on September 1, 2016 then recursively ran a script to change file dates to July 5, 2016, but forgot to change the date for enclosing folders. As a proof of concept, the following script makes a copy of a directory of your choice into a “mytest” folder, then changes the date for files only 2 years back. If you pick a directory which contains other directories, timestamps for those will not change.
    > echo “Enter folder name”; read var1; cp $var1 mytest -r — no-preserve=timestamp — remove-destination; cd mytest; find . -type f -exec touch -d “2 years ago” {} \; ; cd ../; ls -lA — time-style=”+%Y-%m-%d %H:%M:%S.%N” — group-directories-first mytest;

  19. You familiar with an old Missouri expression, “Thick as mule shit?”
    I very well understand. You seem to have the reading comprehension problem. I made a point of separating out the emails that were posted on 22 July by Wikileaks that carried the last modified dates of 23 and 26 May. Also pointed out that additional emails were added to that collection that carried a date in August. I never suggested the emails posted in August were the result of Seth Rich. So, please stop making accusations that are not founded in what I ‘ve written.
    To be very candid, you do not have the scientific or math chops that Bill Binney does. That’s one reason he was promoted to a position as Technical Director and you were not. You can keep repeating Democrat talking points all day long but it does not change the facts–the DNC emails are in a FAT format. PERIOD. Not my opinion. AN OBJECTIVE FACT.
    You do not get a FAT format from spearphishing. Stop trying to complicate what is very simple. You continue to ignore the other FACT that neither the FBI nor anyone in the IC ever examined the DNC servers. Their conclusions are based entirely on a report from Crowdstrike. If you think that is a valid investigative technique then you expose the fact that you know nothing about how to conduct an investigation.

  20. Keith Harbaugh says:

    TTG, is there not an organization in America which tracks, and perhaps archives, ALL packets that move across the web?
    Just speculation…..

  21. Larry,
    I think it is rather obvious that anyone who thinks it appropriate for the FBI to have relied upon CrowdStrike for the analysis of the evidence provided by the DNC servers rules themselves out as a serious contributor to this investigation.
    Among many other things, the Atlantic Council link in itself has always been adequate to establish that Alperovitch could not conceivably claim to be an impartial analyst.
    As I have written before, anyone interested in the truth should obviously see it as a top priority to recover the DNC server(s) and have them subjected to an impartial analysis, if they still exist, or establish when, by whom, and in what circumstances they were destroyed, if destroyed they were.
    That said, the August emails are clearly very interesting.
    Particularly now that Ed Butowsky has showed so much more of his hand, it seems to me clear that the vast bulk of the material produced by WikiLeaks came from downloads by Seth Rich which were completed by late May 2016.
    While I may be being stupid, it would appear that there would have had to be some further material supplied after his death.
    A question arises as to whether Bill Binney’s analysis of the ‘scientific forensics’ can establish whether this was material downloaded by Rich but not passed on by an intermediary until after his death, or material downloaded by someone else.
    It may well be I am thrashing around, and adding 2 + 2 to make 5. And it also may be that there is a simple solution to my puzzle, which there are good reasons to keep ‘under wraps’, for the moment at least.
    However, as this discussion has demonstrated, the fact that some of the materials from the DNC carried dates clearly later than Rich’s death has proved enormously helpful to those who want to prevent the conspiracy against the Constituition being exposed.

  22. Keith, I doubt NSA collects and stores every packet crossing the internet. They prioritize. In 2008 they were still trying to just map the internet. Even today I doubt they can analyze all they collect, but I’m sure they can go back and find stuff after the fact in what they do collect.

  23. akaPatience says:

    David Habakkuk, since you raised the issue, for those who think there may be something to the Seth Rich angle, it’s purportedly claimed by Julian Assange that Seth’s brother Aaron assisted him, which could explain metadata that post-date Seth’s death.
    Many here may already be familiar with this report which touches on the subject:

  24. David Habakkuk, the DNC servers are still in place in the DNC headquarters. CrowdStrike was brought in specifically to ensure minimal disruption to DNC operations while dealing with the intrusion. If the FBI was responding, they would just investigate without any concern for DNC operations. CrowdStrike rebuilt/cleaned DNC systems with minimal impact on DNC operations. Any FBI examination of those servers now would yield no information on what happened in 2016.
    CrowdStrike supposedly took images of the servers. If they did not share those images with the FBI once all realized the gravity of the situation, the FBI, the DNC and CrowdStrike were negligent at best or engaged in conspiratorial criminal activity at worse. I don’t know if the images were shared with the FBI. What the FBI did have was access to the hacker’s attack server and transfer point servers as well as whatever access NSA developed in the GRU systems in Moscow. That is apparent in the indictment of the GRU 12.

  25. Jim Ticehurst says:

    Larry..I have been following your Open Work since your Days of Going Public about the Players involved in the 9/11 Attacks..The WMD claims..The Invasion of Iraq..and The Motives of Domestic and Foreign Officials..and Organizations…You are Honest..a Very Talented Analyist..and often so Well Researched…and Far ahead of the Curve…That very few People..even in the IC…Can keep up with you..You know who the Bad guys are..The level of Intrigue…and Espionage Involved…and What The Real Means and Methods And Who Used Them and Why..Cyber Espionage..You have done everything you can to Expose It..Most is Internal..Good Work…Larry

  26. turcopolier says:

    jim ticehurst
    His ego is big enough. Don’t inflate it any more than it is. I have to live with him. (internet and telephone)

  27. Larry, you don’t get files of any format from spear phishing. All you get is access. The fact that DNC emails provided by the Guccifer 2.0 entity were, at some time, copied to a drive, volume or partition (maybe even a thumb drive) formatted in FAT32 does not rule out Russian hackers or local leakers. The files could have been copied to a hidden partition created by hackers within the DNC network t for later tar balling and transfer. That’s just another theory just like the Forensicator’s thumb drive theory. In fact the thumb drive theory posits that the thumb drive was a bootable Linux drive. Since when does Linux run on FAT32? They’re both theories, not proof. Another theory is that all those files were deliberately manipulated through date/time changes, file format changes and other manipulation by whoever is behind the Guccifer 2.0 entity just to obfuscate the issue. Just another theory.

  28. David, I have discussed this with Bill. Since this material was provided after the death of Seth and after Julian published the initial tranche his belief is that this indicates someone else was involved beyond Seth.

  29. For the love of God. Are you being deliberately obtuse? If the Crowd Strike story was true (it is not, it is a total fabrication) they would have shutdown the servers on the 7th of May and installed new malware detection software. THEY DID NOT DO THIS. THEY WAITED MORE THAN 40 DAYS (SUPPOSEDLY) TO DO THAT. Please deal with the facts. Not with your blind hatred of Trump.

  30. JerseyJeffersonian says:

    Joe, et al, Yes, I, too, recall reading things on Pinchuk & his support of the Clinton “Foundation” way before Russiagate via Helmer. Stench was overwhelming even then.

  31. turcopolier says:

    I hope everyone knows I was joking about Larry. He is a splendid fellow and the closest of friends.

  32. CK says:

    A server is just a computer. The various parts inside the computer case can be replaced/upgraded as necessary. Hard drives are the interesting part(s) of any computer/server. The hard drives are where the files are and it takes at most 5 minutes to remove and replace a hard drive. So the correct questions would be 1) Are the
    current hard drives the hard drives that were in the servers when they files were taken. 2) Are there any tape or offsite or other backups of, or images of the original hard drives.

  33. akaPatience,
    Unfortunately I am in transit, and so cannot comment as extensively as I would like on a range of matters brought up in this thread.
    However, there is one critical point of fact. As Ty Clevenger, who submitted the complaint which was the basis of the ‘sundance’ post to which you link, noted in a ‘mea culpa’ on his ‘Lawflog’, the suggestion that Ellen Ratner had told Ed Butowsky that Assange had identified both Rich brothers as sources was a mistake made by him.
    What he says is that Butowsky was already on public record as saying that he first learned that Aaron Rich was involved along with Seth from the boys’ parents. This was obviously an error very embarrassing to Assange, given that he would have been putting Seth’s brother very clearly at risk.
    It was corrected in the ‘Second Amended Complaint’ submitted on 31 July – after the ‘sundance’ post.
    In my view this document – freely available if one puts ‘Butowsky v Gottlieb Courtlistener’ into Google – should be read with care by anyone seriously interested in getting to the truth about ‘Russiagate.’
    Those who are still attempting to defend the hokum put out by Alperovitch, Mueller et al should either provide a reasoned critique of the version Butowsky has provided, or fall silent.
    There is another key claim he is making which should be central to informed public discussion of this whole farrago.
    Like others, I had assumed that the account of Rich’s role in supplying the materials from the DNC published by ‘WikiLeaks’, and the role of the FBI in covering this up, which was supplied by Seymour Hersh in the extended conversation with Butowsky which has been available on the net for a long time, came from a genuine ‘whistleblower’ who was likely to be telling the truth.
    What Butowsky is now saying is that in a separate conversation, Hersh told him his source was Andrew McCabe.
    If this is so, I think we have seriously to consider the possibility that a journalist with a very well-merited reputation was being successfully manipulated by some of the conspirators in a bid to obscure the most damaging parts of the truth by a kind of ‘limited hangout.’
    Unfortunately I am relying on memory, but if I recall right a key suggestion by Hersh in the conversation was that Seth Rich approached ‘WikiLeaks’ with a sample of emails in late spring/early summer 2016 – the dividing line given being, I think, 22 June.
    My strong suspicion is that surveillance on Assange and virtually anybody who could be in direct or indirect contact with him had established significantly before this that materials from the DNC were likely to be published by ‘WikiLeaks.’ It is likely that both GCHQ and MI6 were intimately involved in this.
    The identity of the source, however, is only likely to have been established significantly later. Quite possibly, it was only possible to identify Seth Rich following the calling in of the laptops on 10 June. That said, key figures in the conspiracy are likely to have well aware of the actual position significantly before his murder, a month later.
    It is my quite strongly held view that Butowsky has already provided enough documentary evidence in support of his version for the onus of proof to be very heavily on those who want to defend the conventional ‘narrative’ according to which he is some kind of malign ‘conspiracy theorist.’
    Further, I think it highly unlikely that he would ‘gone public’ with claims about what figures like Hersh, Ellen Ratner, and Rich’s father said to him if he thought they had any realistic chance of exposing him as a liar. And more generally, my very strong sense of the man – not least from the impression left by his discussion with Hersh – is that, with Butowsky, what you see is what you get.
    Perhaps, when all the ‘smoke’ is cleared away, he will have been seen to have a role in this whole sorry affair different from, but as heroic as, that of Colonel Picquart in the Dreyfus scandal.

  34. Keith Harbaugh says:

    Thanks for your reply, and observations.
    I had “in-the-building” contact with their professionals back in the 1970s,
    and based on that I would never underestimate their ability to organize and analyze data, nor their ability to acquire the money to store a lot of data.
    Of course, there is so much now flowing over the net, it may be beyond their ability to store.
    A real problem they must have, though, is a human problem: How to interpret what they are seeing and reading?
    There is a large amount of subjectivity in interpreting text, and I am sure that is driving them bonkers.
    Another point on NSA:
    I was rather gobsmacked when I read the background of their new Director of Cybersecurity, Anne Neuberger.
    Among other things, both her parents were among the hostages at Entebbe!
    Just what we DON’T need, in my opinion: people with family ties to countries such as Israel.
    Dual loyalties may be a radioactive subject, but that doesn’t lessen its reality.
    Just my opinion.
    More on her background:

    Neuberger is well versed in the business world, having worked for many years in her family’s companies in an array of financial and online capacities.
    Not many (if any) high-level staffers at the NSA have private sector credits on their résumé.
    “My business background is very much valued here, because I understand budgets and know how to think about strategies and resources,” she said.

    This is a far cry from what was once the ideal at NSA, a person such as Dr. Tordella (NSA bio, Wikipedia).
    He was all but revered when I was there.
    I wonder if their criteria for leadership have changed from those years.

  35. Joe100 says:

    For those interested in the Clinton connections see:
    While all of these connections have been in “plain” view for years by those following the few solid investigative journalist sources, I think little or none of this reporting has surfaced in mainstream media.
    This may be why the same crowd (Lawfare, etc.) trying to use “Ukraine” to entrap Trump after their Russiagate scam failed has used a topic that could surface the potentially very damaging Clintons/Biden, etc. connections with highly corrupt oligarchs like Pinchuk..
    It feels to me that Pelosi/Nadler have leaped before looking..

  36. Jack says:

    Don’t you find it interesting that Hersh has been so quiet for couple years on this story?

  37. j says:

    Why isn’t DOJ going after former vp (small letters) Joe Biden for ‘money laundering’ with his strong arm tactics on the Ukraine?
    Biden blackmailed Ukrainians using his position with U.S. Taxpayer monies to force the firing of the Ukrainian Attorney General for investigation of the Biden bribes. The sad thing is that Biden’s criminal extortion was out in the open, flagrant, blaring. Biden even boasted about his criminal racketeering in public. Rico statute. Burisma Oil transferred to Biden via Biden’s son Hunter Biden. More than $166 grand a month from 2014 into 2015. Even after the Ukrainian AG’s firing, the Biden extortion money continued to flow in.
    Biden, like Hillary Clinton considers himself ‘untouchable’. My Christmas wish is that DOJ will put Joe and Huter Biden in their proper fashion suits, federal orange.

  38. Fred says:

    Why did Obama let him get away with it?

  39. Jack,
    I find it extremely interesting. As I said, I am in transit, and am also trying to assimilate a lot of new information.
    Hopefully, there will be further discussion of these matters in the not too distant future, and I may be able to produce a more considered contribution then.
    But, briefly, it is not evident to me, yet at least, that the failure of either Hersh or Ellen Ratner publicly to support Butowsky’s claims gives me any reason to revise my judgement that the latter’s accounts are both provided in good faith and essentially accurate.
    Accordingly, I think it likely that the claim that Hersh identified McCabe as his high level source is accurate.
    If this is so, a $60,000 – or perhaps $600,000 – question is what was one of the ‘prime suspects’ in “Russiagate’ doing when he sold this version to someone who has been one of the best-informed, and most courageous, ‘conduits’ for elements in the U.S. Intelligence and military apparatus who are deeply unhappy with the directions in which their country’s foreign and security policies have gone.
    A further question then becomes why did Hersh believe, or at least profess to believe, McCabe.
    Of course, I may well be barking up the wrong tree. But I think it would be helpful if the claims made in the various lawsuits filed on behalf of Butowsky by Ty Clevenger and Steven S. Biss were seriously evaluated, rather than ignored or misrepresented.

  40. David,
    If Ed Butowsky claims that Sy identified McCabe as his source, Butowsky is lying. Under no circumstances would Sy ever identify a source (as least a living one). I’ve played golf regularly with Sy over the last 10 years. Never once has he offered up the name of a source.

  41. blue peacock says:

    Very few want to get to the truth. Definitely not the mainstream media. No wonder the Average Joe has no idea about this defamation law suit by Butowsky.
    Take a look at NBC’s hysterical Chuck Todd:
    He says Trump calling on China and Ukraine to investigate Biden is an “attack on democracy”. Yet he was the same guy peddling Russia Collusion based an administration and Democratic party campaign using foreign intelligence to actually interfere in an election.
    I hope Butowsky is vindicated in the federal court in Texas.

  42. j says:

    Complicit in Racketeering.
    All White House Administrations view the Teflon rule as their own, sure appears that way. The only one with the Teflon application that I can see is the number one position, not the number 2. Number 2 can always claim that number 1 made them do it. Their get of jail free card, or so they think anyways. Number 1 using number 2 as their pleasurable deniability or fall guy rule.

  43. Fred says:

    “Though her parents are not Israeli, they were held by the hijackers for a week along with Israeli passengers because they were Jewish.”
    “A member of one of the 100 wealthiest families in the United States, Neuberger transitioned from the private sector into government service following the September 11 attacks.”
    I’m sure that will trigger more people than her religion.
    “She told The Wall Street Journal that the directorate will more actively use signals intelligence gleaned from expanded operations against adversaries. As part of its mission, the directorate will work to protect the US from foreign threats by sharing insight into specific cyber threats with other federal agencies as well as the private sector.”
    Now that sounds both good and bad. Just how do you vet the people in the “private sector” and just which people/companies are those going to be? I believe there was a big problem with private contracts and government intelligence in the last election.

  44. Fred says:

    VP Agnew resigned because of his financial crimes, which Nixon did not direct him to commit. Baltimore still seems to be rather lucrative for politicians, though now they are in the other party. Quid Pro Joe is out of office. Maybe he can cut a plea deal to avoid jail, just like Spiro and Jeffrey Epstein.

  45. j says:

    Ah yes, but that was the days when J. Edgar was alive and politicians were scared beejez of JE because he probably had something on them he could always flash in front of them to send them like a roach scurrying for shade.
    This whole Russia, excuse me Ruskie-gate stuff has shown just how corrupted that DOJ and the FBI have become. Politicians are understood to be corrupt to begin with, but the American people don’t expect their hallways of justice to be corrupted as well. They’re hoping somebody will be honest.
    Congress today and for many years has appeared no better than an Organized Crime Organization, the major parties being different sides of the same corrupted coin.
    Narcissism goes to the head of most White House Administrations as they forget who/whom they’re supposed to be working for — Mom and Pop America.
    The Constitution is designed by our nation’s founders to be a protection guide to protect Mom and Pop America. These days only the CJCS General Mark A. Milly seems to be the lone individual in D.C. who understands their oath to the Constitution and what it entails.

  46. j says:

    The so-called ‘whistle-blower’ committed a crime it would appear.
    Federal orange for the so-called ‘whistle-blower’ is in order, Oui?

  47. David, Sy Hersh has stated that he made up the story purely in an attempt to elicit information from Butowsky. He further stated he didn’t talk to anybody from the FBI concerning Seth Rich.

  48. Twisted. That is total bullshit. Sy has never said that he “made up the story.” He doesn’t do that. And yes, unlike you, I’ve known Sy as a friend for almost forty years. Stop making things up or repeating talking points from God knows where. If you listen to the illegal recording that Butowsky made it is Sy talking honestly about what he believes. But, as he noted in that conversation, he was not prepared to write. Did not have enough corroborating sources. Seriously, I thought you were better than this.

  49. Larry,
    Still in transit, sitting in Madrid airport. I hope to produce some considered responses when back in London.
    However, if TTG wants to claim that Hersh has said he was spinning fiction, he should provide us with a link to where — supposedly — this repudiation of the contents of the tape was made. It is not at all my recollection of the statements I have seen quoted on the net.
    To anyone who knows anything about Hersh — one does not need to be a personal friend, as you are — this attribution to him of a particularly devious Machiavellianism sounds wildly out of character.
    Likewise, I cannot see how anyone who has listened to the tape with any care could conceivably think this a plausible interpretation.
    It does seem to me that, given that the tape — whatever one thinks about the Machiavellianism clearly displayed by Butowsky in making it — has emerged as a fundamental document in ‘Russiagate’, it would greatly help if a more adequate transcript was available than the only one I have been able to find on the net.
    Meanwhile, while I have no doubt that Hersh was providing Butowsky with an entirely accurate account of what he thought had happened, a central question is whether he was right to think it accurate.
    It is very difficult for even the best and most experienced of journalists, as also of intelligence analysts, accurately to gauge what is reliable and unreliable information 100% of the time.

  50. Larry, you’re in a unique position to clear this up directly with Sy Hersh. The recorded conversation between Hersh and Butowsky seems to be central to most of Seth Rich conspiracy theories. Hersh has said a hack of the DNC does not rule out a leak from the DNC or vice versa. That is a wise statement. One I agree with. Here are a few excerpts and links to support the point I made earlier.
    In an interview with NPR, Hersh says he is skeptical of the official account by intelligence officials that the Russians hacked the DNC. But Hersh now says he was fishing for information from Butowsky. “I did not talk to anybody at the FBI — not about this,” Hersh tells NPR. “Nothing is certain until it’s proved. And I didn’t publish any story on this.”
    In an August 8 interview with Folkenflik, Hersh provided a partial explanation. Reported Folkenflik: “Hersh now says he was fishing for information from Butowsky. ‘I did not talk to anybody at the FBI—not about this,’ Hersh tells NPR. ‘Nothing is certain until it’s proved. And I didn’t publish any story on this.’” But that hardly explains his lengthy comments in the recorded call.
    In his response to The Nation, Hersh was reluctant to revisit the episode. “I’d rather bay at the moon than say anything more about someone like Butowsky,” Hersh wrote in his e-mail. Pressed to explain his comments, however, he said, “What I write and what I say to someone…are different animals,” adding, “I did not write about the issue at the time.” Butowsky, he said, “used the tape to push a story that he wanted to believe.”
    Big League Politics posted an article containing what purported to be an email exchange between Butowsky and Hersh from June 2. In the exchange, Butowsky wrote:
    I am curious why you haven’t approached the house committee telling them what you were read by your FBI friend related to Seth Rich that you in turn read to me. Based on all your work, it appears that you care about the truth. Even though, as you said you couldn’t get a second, shouldn’t you tell them so they could use their powers to determine the truth?
    Hersh replied:
    ed—you have a lousy memory…i was not read anything by my fbi friend..i have no firsthand information and i really wish you would stop telling others information that you think i have…please stop relaying information that you do not have right…and that i have no reason to believe is accurate…
    In an interview with NPR reporter David Folkenflik on Aug. 1, Hersh remarked, “I hear gossip. [Butowsky] took two and two and made 45 out of it.” In a phone interview with me this week, Hersh said much the same, and added that he never claimed to have a source in the FBI on the Rich case.

  51. Twisted, You are very good at being very wrong. Just deal with the facts.
    It was Julian Assange who offered a reward up for the murder of Seth Rich and alluded to him as a source.
    It was Ellen Ratner, the sister of Assange’s lawyer, that said she had talked to Assange and was told the source of the DNC emails came from within the Hillary Campaign.
    The only reason Butowsky got involved with this is that Ellen Ratner asked him on behalf of Assange to contact Seth’s parents and offer help to find the killer.
    Folkenflik is a liar. Period. Having personally dealt with that asshole before I know he cannot be trusted to report that the Sun rose in the east.
    Listen to the recording. Sy’s words are Sy’s words. He was legitimately pissed at Butowsky illegally taping him. But Butowsky and Hersh are a mere side show to the reality that Seth is a likely suspect for having downloaded the emails from the DNC and sold them to Wikileaks. Certainly warrants an investigation.

  52. Keith Harbaugh says:

    LJ, since you have claimed, I believe, to be a whistle blower yourself,
    I wonder if you have any thoughts on the accuracy of this article:
    “The ‘Whistleblower’ Probably Isn’t”
    It’s an insult to real whistleblowers to use the term with the Ukrainegate protagonist
    by Matt Taibi, 2019-10-06
    Here’s a sample from the article:

    “It took me and my lawyers a full year to get [the media] to stop calling me ‘CIA Leaker John Kirakou,” he says.
    “That’s how long it took for me to be called a whistleblower.”

    BTW, the article also mentions Bill Binney, among others.

  53. TTG,
    I am now back at base, and can look back at my files, rather than having to rely on memory.
    Did you, by any chance, read the 29 April post here entitled ‘Fake News Media Suffers Body Blow on Case Linked to Seth Rich by Larry Johnson’?
    In addition to the – very great – importance of the piece itself, some of the discussion it produced looks very relevant in the light of subsequent developments. (I am rather proud of my own remarks on the ‘politics of Lilliput’ and ‘Galician Gamblers.)
    (See .)
    The post led me to look at the materials from a range of cases in which the lawyers Ty Clevenger and Stephen S. Biss are involved, which are freely available on the invaluable ‘Courtlistener’ site.
    At the time Larry wrote the piece, the – devastating – denial issued on 17 April by Magistrate Judge Caroline Craven of the ‘Motion to Dismiss’ filed by Folkenflik and his NPR colleagues in relation to the defamation suit the pair filed on behalf of Butowsky in response to the article you quote, and a range of companion pieces, required a ‘PACER’ subscription.
    It can now be accessed without one, as also can other key materials from the case, including in particular the ‘Amended Complaint’ filed by the two lawyers on March – before Judge Craven issued her judgement, but after the hearings on which it was based.
    (See .)
    I suspect it may have been the growing confidence resulting from these proceedings which was reflected in the ‘Second Amended Complaint’ against Michael Gottlieb et al submitted by Clevenger on 31 July, which contains the claim that Hersh had said his FBI source was McCabe (see section 57, p. 20.)
    On the same day, a ‘Complaint’ against Douglas H. Wigdor and Rod Wheeler was entered on Butowsky’s behalf by the two lawyers jointly.
    (See .)
    It is a matter of some moment that both the Folkenflik story to which you link, published on 17 August 2017, and that in the ‘Nation’ by Robert Dreyfuss, to which you also link, follow, and take at face value, the ‘Complaint’ filed on 1 August by Wigdor on behalf of Wheeler against Fox, Malia Zimmerman, and Butowsky.
    This is freely available on the relevant ‘Courtlistener’ page. So also is the acceptance of the defendants’ ‘motion to dismiss for failure to state a claim’ on 2 August 2018, in which Judge George B. Daniels ruled that:
    ‘In this case, Plaintiffs and Defendants embarked on a collective effort to support a sensational claim regarding Seth Rich’s murder. Plaintiff [Rod Wheeler – DH] cannot now seek to avoid the consequences of his own complicity and coordinated assistance in perpetuating a politically motivated story not having any basis in fact.’
    (See .)
    The rather obvious point here was that, as one of the principal supports of the claims about Rich’s death which Wheeler and Wigdor were attacking were statements which the former had demonstrably made, he was hardly in a position to sue Fox and Butowsky for repeating them or making allegations based on them.
    What however has been provided in the current versions of the ‘Complaints’ against these various figures is a mass of evidence suggesting not only that the initial versions provided by Wheeler were the honest ones, but that they were essentially accurate.
    This brings me on to questions to do with the remarks about and from Hersh you quote.
    My reading of the evidence here reflects the fact that, in days long past I was once involved – successfully I hasten to add – in a protracted libel suit in relation to a programme I had made.
    A sometime colleague of mine, Sean McPhilemy, became involved in a much more protracted series of legal battles, over rather more dramatic matters: a programme, and then a book, he made about the collusion of the Royal Ulster Constabulary with loyalist death squads in Northern Ireland.
    At the centre of the protracted lawsuits – on both sides of the Atlantic – that followed was the fact that his story had essentially relied on a single source, and that source had then retracted his initial claims.
    (For a useful account of the affair, see ; Sean’s book is now freely available at .)
    As it happens, while in general I am uneasy about ‘single source’ stories, I had known Sean – actually a Northern Irish Catholic married to a Northern Irish Protestant – well enough to be confident that, although his emotions were clearly engaged, he was not in the habit when dealing with Ireland of allowing his loyalties to compromise his capacity for objective analysis.
    And I have long thought that the obvious interpretation, in his case as in those around Butowsky, is that a key witness had started by giving an honest account, and then persuaded by pressures and/or inducements to retract.
    It is very often easier to provide a coherent account of why people should tell the truth first and then obfuscate latter, than it is to explain the reverse movement in a way that will withstand serious examination.
    In relation to the lawsuits involving Butowsky and Zimmermann, and in particular the role of Hersh, some other points arising out of my own experience and Sean’s may be relevant.
    It is very commonly the case that, if one produces the kind of articles/programmes which precipitate libel suits, there is a rather large gulf between what one thinks one has good reason to believe and what one is confident one can prove in court.
    In particular, very many people who may have provided entirely credible information privately will not be prepared to testify in your favour.
    And there can be very good reasons why witnesses are not able to stand up against the kind of sustained pressures and inducements that can frequently be deployed against them.
    So, when plaintiffs and defendants are preparing their cases, the question of who can actually – by fair means or foul – persuade critical ‘witnesses’ to support their version, or at least not oppose it, is commonly important.
    Equally important are the dynamics of the ‘discovery’ process.
    A critical aspect of the preparation for hearings is, commonly, to employ evidence one cannot produce publicly – yet at least – to identify documentation for which one can legitimately ask, which will help your case and undermine that of the other side.
    There is a great deal here which I am still trying to think may way through. What I can see is a possible line of defence which a good defamation lawyer might use, in relation to the subterfuge involved in secretly recording Hersh.
    What might be argued is that Butowsky had already seen the Rich family – in particular Aaron – and then Wheeler ‘turned’, by a combination of pressures and inducements. In such a situation, he could have had quite rational reasons to calculate that, if there was any possibility of anyone else changing their story, he needed to ensure that he could prove they had done so.
    One then comes on to the – extraordinary – claim that Hersh had identified McCabe as his FBI source.
    My initial assumption had been that this was likely to be true. Among other things, a lawyer providing ‘good counsel’ could surely have been expected to tell Butowsky that, if Hersh got up in court and said he was lying, he would have difficulties.
    What we now have, however, is testimony from an eminently well-qualified ‘character witness’ – Larry – that it would be quite extraordinary if Hersh had identified a source.
    If I were the judge in the case, I would take this as very strong, although not quite absolutely conclusive evidence.
    Quite possibly, of course, Butowsky, Clevenger and Biss are simply bungling. However, I can see another interpretation that, at least, merits investigation.
    It is here relevant that it appears that Hersh did not actually see the FBI report which he described in the recorded conversation, but relied upon a description of it by his source.
    For one thing, it is clearly going to be a central objective of Butowsky, Clevenger and Biss to obtain the document as part of the discovery process, or alternatively provoke the kind of excuses for its non-production which incriminate those who make them.
    I also think it eminently possible that they have obtained, from sources whose identity they want to conceal, what they believe to be reliable evidence that Hersh’s source was McCabe. If that was so, it would be a top priority to cross-examine both men about what happened.
    All in all, I can see possible ‘Machiavellian’ arguments for inventing a second – unrecorded – conversation with Hersh.
    Also relevant here is the fact that, if the source was McCabe, the possibility that the account of the contents of the report which was provided in the conversation that was recorded is disingenuous on some key points needs to be taken seriously – and those of us who accepted it as accurate have to ask themselves whether they may have been duped.
    This brings one back to the possibility – whose central importance I tried to bring out in my comments on Larry’s piece back in April – that the fact that material was going to be coming to ‘WikiLeaks’ from the DNC may have been identified, as a result of surveillance on Assange, significantly earlier than is generally recognised.
    The identification of Rich as the conduit could have come very much later.
    In the account given to Hersh, the dating of the initial approach by Rich to ‘WikiLeaks’ is given as some time in late spring/early summer 2016 (the dividing line was given by Hersh as June 21, not June 22 as I wrote earlier.)
    If it was significantly earlier, a lot of elements in the ‘timeline’ might look markedly different.
    I have gone on too long to go in detail into your – tendentious – readings of the various accounts of what Hersh said. As is evident, your recycling of Folkenflik’s account, according all the claims about the FBI report were simply a ruse to get Butowsky to reveal his sources, would suggest that he is cynical and unprincipled.
    This is I think wildly implausible, both as a reading of the man in general, and of the recording. It seems to me that he is an honest man, and a very fine journalist, in a very difficult position.
    What are also however critical are the grounds on which Folkenflik and his colleagues sought the ‘Motion to Dismiss’ which Judge Craven refused.
    They were trying to circumvent criticism of the evidential basis of the relevant articles, including the one you quoted, by use of the ‘fair report privilege’ and an attempt to deny that the claims about Butowsky were defamatory.
    This strategy – which clearly irritated Judge Craven – does not suggest to me that Folkenflik and his lawyers are looking forward with confidence to cross-examining Hersh, and seeing him blow Butowsky’s claims out of the water.

Comments are closed.