I will make this very simple. The DNC emails that ultimately were published on Wikileaks likely originated with a DNC staffer, Seth Rich. It was not the Russians. The decision to blame the Russians was an intelligence construct that was concocted once U.S. and British intelligence officials plotting against Donald Trump realized that Rich had downloaded the emails and was communicating with Julian Assange and his cohorts.
Here are the facts:
- It was 29 April 2016, when the DNC claims it became aware its servers had been penetrated. No claim yet about who was responsible.
- According to CrowdStrike founder, Dimitri Alperovitch, his company first supposedly detected the Russians mucking around inside the DNC server on 6 May 2016. A CrowdStrike intelligence analyst reportedly told Alperovitch that:
- Falcon had identified not one but two Russian intruders: Cozy Bear, a group CrowdStrike's experts believed was affiliated with the FSB, Russia's answer to the CIA; and Fancy Bear, which they had linked to the GRU, Russian military intelligence.
The Wikileaks data shows that the last message copied from the DNC network is dated Wed, 25 May 2016 08:48:35.
- 10 June 2016–CrowdStrike waited until 10 June 2016 to take concrete steps to clean up the DNC network. Alperovitch told Esquire’s Vicky Ward that: 'Ultimately, the teams decided it was necessary to replace the software on every computer at the DNC. Until the network was clean, secrecy was vital. On the afternoon of Friday, June 10, all DNC employees were instructed to leave their laptops in the office."
- On June 14, 2016, Ellen Nakamura, a Washington Post reporter who had been briefed by computer security company hired by the DNC—Crowdstrike–, wrote:
- Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.
- The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts.
- The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some Republican political action committees, U.S. officials said. But details on those cases were not available.
- 15 June, 2016, an internet "personality" self-described as Guccifer 2.0 surfaces and claims to be responsible for the hacks but denies being Russian. However, the meta data in the documents posted by Guccifer 2.0 appear to be deliberately crafted to show "Russian" involvement.
- The DNC emails that were released on July 22, 2016 by Wikileaks covered the period from January 2015 thru 25 May 2016.
The public has been sold a phenomenal lie–i.e., that a top-notch cyber security company discovered on May 6, 2016 that the Russians were in the DNC network but did not act to remove the Russians until 35 days later. Crowdstrike's behavior defies common sense–who waits more than a month to shutdown a network that you claim was penetrated by a foreign power? No serious, competent cyber security expert would countenance such misconduct.
There are other critical facts that are not readily recognized by most pundits pontificating on the faux-Russian hack. One of the most important of these is understanding that U.S. and British intelligence are monitoring and recording every communication going into and out of Wikileaks. Julian Assange started getting this special treatment after he and his crew started publishing Chelsea Manning's classified document dump and helped Edward Snowden escape the clutches of U.S. law enforcement. Anyone who communicated with Julian Assange and/or Wikileaks was recorded.
Which brings me to Seth Rich. I will not speculate about Seth Rich's murder. Was it a robbery or was it because of his role in downloading the DNC emails from the server and passing them to Wikileaks? I do not know.
But we do know the following:
Seth Rich was murdered early on the 10th of July 2016. In reviewing the media coverage of the DNC “hack” during June and July the name of Seth Rich does not surface even as a minor concern.
On August 9, 2016, Wikileak’s Julian Assange announced via Twitter “a $20,000 reward for information leading to a conviction in Rich’s killing on July 10 in the 2100 block of Flagler Place NW.” Assange subsequently discussed the murder of Seth Rich during an interview with Dutch TV:
WikiLeaks editor Julian Assange suggested that the Democratic National Committee staffer shot dead last month in Washington, DC, was killed because he was a “source.”
“Whistleblowers go to significant efforts to get us material and often very significant risks. As a 27-year-old, works for the DNC, was shot in the back, murdered just a few weeks ago for unknown reasons as he was walking down the street in Washington,” he told Dutch TV, referring to Seth Rich, who was gunned down in the early morning hours of July 10 while walking to his apartment in Bloomingdale.
The interviewer followed up by asking, “That was just a robbery, I believe. Wasn’t it?”
The WikiLeaks founder cryptically replied, “No, there’s no finding … I’m suggesting that our sources take risks.”
Assange clearly refers to Seth as one of Wikileak's sources. Those were his words, not mine.
There is corroborating testimony from Ellen Ratner, whose brother, a lawyer, represented Julian Assange. Ellen appeared on November 9th, 2016, at an Embry Riddle University symposium and said the following:
Ellen Ratner:By the way, as an fyi, I met with Wikileaks. I spent three hours with Julian Assange on Saturday at the Ecuadorian Embassy in London. Well, I did. One thing he did say was the leaks were not from, they were not from the Russians, they were an internal source from the Hillary Campaign. From somebody who knew Hillary, an enemy. He does not think they’re from Russians. And he says Russia should not get credit for something Wikileaks should have gotten credit for.
And then there is a letter from the National Security Agency. In response to a FOIA request filed in November 2017 by attorney Ty Clevenger on behalf of his client, Edward Butowsky, Clevenger requested any information regarding Seth Rich and and Julian Assange. The NSA informed Clevenger in a letter dated 4 October 2018 that:
Your request has been processed under the provisions of the FOIA. Fifteen documents (32 pages) responsive to your request have been reviewed by this Agency as required by the FOIA and have found to be currently and properly classified in accordance with Executive Order 13526. These documents meet the criteria for classification as set forth in Subparagraph (c) of Section 1.4 and remains classified TOP SECRET and SECRET.
Some critics insist this proves nothing because Clevenger's request was "overly broad." But I have confirmed through a knowledgeable source that communications between Seth Rich and Wikileaks are in the hands of the U.S. intelligence community.
The targeted collection against Wikileaks revealed to U.S. and British intelligence agencies that Seth Rich had emails and was working a deal to put them in the hands of Julian Assange. Now comes the supposition. I cannot prove at this time that the Crowdstrike story about Russian hacking was cooked up after the 25th of May, but I can prove, based on the public claims by Crowdstrike's CEO, that no action was taken to stop Russians from spearphising until the 10th of June. That is a sixteen day gap from the time the emails were taken until Crowdstrike supposedly took action. But there is no evidence to support the spearphising hypothesis.
The final nail in the coffin of the Russian DNC Hack hoax is the meta-data in the emails posted on Wikileaks. If the Russians had actually "entered" the network as claimed by Crowdstrike, then the emails would have been removed over the internet. Remember, the culprits reportedly were "Fancy Bear" and "Cozy Bear." But the meta data tells a different story.
Bill Binney, a former Technical Director of the National Security Agency, and I co-authored a piece that appeared in February 2019. Put succinctly, the meta-data in the DNC emails on Wikileaks shows that those messages were downloaded onto a physical device, such as a thumb drive. Bill and I made the following key points:
Special Counsel Mueller declared that the emails were obtained via a “spearphising” attack:
In 2016, officials in Unit 26165 began spearphishing volunteers and employees of the presidential campaign of Hillary Clinton, including the campaign’s chairman. Through that process, officials in this unit were able to steal the usernames and passwords for numerous individuals and use those credentials to steal email content and hack into other computers. They also were able to hackinto the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC) through these spearphishing techniques to steal emails and documents,covertly monitor the computer activity of dozens of employees, and implant hundreds of files of malicious computer code to steal passwords and maintain access to these networks.
If the DNC network actually was penetrated by a spearphising attack, i.e., an internet based hack of the DNC computer network, then the National Security Agency would have that evidence. The technical systems to accomplish this task have been in place since 2002. The NSA had an opportunity to make it clear that there was irrefutable proof of Russian meddling, particularly with regard to the DNC hack, when it signed on to the January 2017 “Intelligence Community Assessment,” regarding Russian interference in the 2016 Presidential election. They made no such claim.
The NSA is still collecting the full content of U.S. domestic e-mail, without a warrant. We know this because of the highly detailed information contained in the documents leaked by former NSA-contractor, Edward Snowden. The communications collected include the full content and associated metadata of phone calls, e-mail, text messages, and web queries performed by almost all United States citizens. (Metadata consists of information about other data. For e-mail, it would include information such as the name of the sender and recipient; the date and time it was sent; and the internet service provider used to send the message.)
These records are collected inside the United States, as well as at overseas locations. The data is then stored in data centers located at Fort Meade, Maryland; Bluffdale, Utah; and at other sites in the United States. Since 2001, NSA collection has expanded to collect everything on the fiber Communications inside the US. This is achieved within the “Upstream” NSA Program. This program includes subprograms for each communications company assisting them.
An examination of the Wikileaks DNC files shows they were created on 23 and 25 May and 26 August respectively. The fact that they appear in a FAT system format indicates the data was transfered to a storage device, such as a thumb drive.
How can you prove this? The truth lies in the “last modified” time stamps on the Wikileaks files. Every single one of these time stamps end in even numbers. If you are not familiar with the FAT file system, you need to understand that when a date is stored under this system the data rounds the time to the nearest even numbered second.
Bill examined 500 DNC email files stored on Wikileaks and found that all 500 files ended in an even number—2, 4, 6, 8 or 0. If a system other than FAT had been used, there would have been an equal probability of the time stamp ending with an odd number. But that is not the case with the data stored on the Wikileaks site. All end with an even number.
When you consider this information in its entirety there is an enormous amount of evidence that implicates Seth Rich as the source for the DNC emails supplied to Wikileaks. There is no evidence–just assertions by Robert Mueller and the Intelligence Community–that Russian operatives spearphised their way into the DNC network. Let me repeat that–there is not one shred of evidence provided by either Robert Mueller or the U.S. Intelligence Community to support their claim that Russia was behind the DNC hack.
As an old fan of Dragnet, that show's punchline remains my guiding principle–just the facts. The facts surrounding the so-called DNC hack point to an inside job. Not a bunch of Russian intel operatives.
The FSB is not really Ruusias CIA equvalent though. It is more akin to an unholy alliance of homeland security and the FBI. GRU is kind of like DIA + the army, navy, air force and marine intelligence. Closest thing to the CIA Russia has would be the SVR, but their overall remit is still somewhat different.
Oscar Peterson says
Nice laydown. One really needs this sort of step-by-step letdown to get and keep the facts straight.
Some sort of link chart/diagram that could be updated as needed would be great.
Between the DNC emails, the Steele faux-dossier, Seth Rich, Guccifer 2.0, and whatever connection there might be to Skripal and the British, it’s really challenging to keep all the players and actions in the right relationship to one another.
One side question: Where does DC Leaks fit into this?
Stephen McIntyre says
Larry, one important permutation to keep in mind as a possibility is that Russia did hack DNC, but weren’t the Wikileaks source. In case you haven’t read it, there’s a fascinating interview with Marc Elias of Perkins Coie https://shift.newco.co/2017/03/09/Russia-Hacked-Our-Election–So-When-Are-We-Going-to-Get-Serious-About-That-/#.ypivj1847 in which Elias was initially unconcerned when he learned that DNC had been hacked by Russia. You’ll be interested in interview.
Elias said: “I don’t mean to be dismissive about it, but at some level if the question was, “The Russians want to know how we run elections so that when Hillary Clinton is president, they have a better sense of the role that the party plays in our system versus the White House.””
In other words, Elias and leading Democrats had no objection to Russia knowing how the DNC “ran elections”; but they strenuously objected to ordinary Americans knowing how the DNC “ran elections”. Indeed, it was the provision of this information to ordinary Americans that they characterized as a “threat” to American democracy.
Turning back to your point: APT28 and APT29 (Fancy Bear and Cosy Bear) were well known hackers, but their prior modus operandi was simply to observe. Mueller’s link between DNC hack and delivery of emails to Wikileaks is almost entirely arm-waving.
This leaves open the possibility that DNC was hacked by Russians but it was Seth Rich (or perhaps someone at MISDepartment) who exfiltrated emails to Wikileaks.
Assange is going to get what Epstein got.
Ja, more extra-judicial assassinations. Yeah, team. The descent into post-Constitutional America gathers momentum.
You pays your money and you takes your chances.
Tom Wonacott says
1. Consider the words by Ray McGovern – a member of VIPS and a partner of Bill Binney (https://consortiumnews.com/2017/01/20/obama-admits-gap-in-russian-hack-case/)
Therefore, a hack of the DNC was not only a possibility, but it was extremely likely according to McGovern – so there did not have to be a conspiracy that involved Crowdstrike or the cybersecurity firms that corroborated the results of Crowdstrike like Fireeye since evidence of a Russian hack would have been on the DNC computer (Wikipedia).
Of course, this is not evidence that the GRU gave the information to WikiLeaks.
2. The Russian government had a strong motive to elect Trump (or keep Hillary from being elected). As a side note, Julian Assange also clearly favored the election of Trump over Hillary Clinton. First, Putin accused HRC of interfering in the Russian parliamentary elections in 2012 (Why Putin hates Hillary http://politi.co/2EwrOVM via @politico):
Hillary was seen by Putin as supporting regime change in Russia – “a grave threat to his own survival”. Additionally, Hillary favored a no fly zone in Syria – and challenging Russia. Hillary was also a very important supporter of Ukraine independence while supporting the strong sanction against Russia. She was behind the regime change in Libya. HRC was a hawk on foreign policy supported by many neoconservatives.
This was all in contrast to Trump. Putin and Trump formed a mutual admiration society. Trump ran on a more isolationist US foreign policy and building better relations with Russia i.e., more likely to favor a multipolar world. Trump criticized NATO – and the war in Syria.
3. Assange had every motive to hide the Russians role in giving him the emails (considering his known relationship with RT) – and create a conspiracy theory that the “hack” was an inside job despite the WikiLeaks policy of NEVER revealing the source. Assange seems to have made an exception by implicating Seth Rich. Why?
Additionally, if Assange knows that Rich is the source of the emails, he certainly would have proof considering he supposedly communicated with Seth Rich numerous times as you outline:
Why not disclose that proof now before he is extradited to the US. What is the point of withholding evidence that would certainly implicate the US government in a conspiracy!? Indeed, he should welcome the chance to prove US Intel wrong, but he clearly fears extradition.
Assange also communicated with Guccifer 2.0 after the death of Seth Rich to receive emails. What is the source of information which suggests that “the documents posted by Guccifer 2.0 appear to be deliberately crafted to show “Russian” involvement”?
4. I can’t comment on the FAT file. Maybe that is definitive proof of a download. However, I can say that Binney and McGovern have tried everything to disprove this was an outside hack including promoting the hack was done by the US government using vault 7 tools and the attempt to show that the download speed (incorrectly) proved that it was an inside job. The release of vault 7 by WikiLeaks plays far better to the idea that Assange was trying to muddy the Russian hack accusation by US Intel. This latest attempt (FAT file) needs to be addressed by US Intel or any expert in cybersecurity – and it is a good point by the author.
Finally, this is a very complex theory that US Intel was behind the “hack” to blame Russia and entrap Trump without anyone (that I am aware of) coming forward and leaking the truth. I find it fascinating that US intel could put together something so elaborate and fail with the last piece of the “coup” – the Special Prosecutor, Mueller. Mueller indicted the IRA and 12 GRU agents, but failed to find any collusion between the Trump campaign and Russia.
Jim Ticehurst says
Larry..Keep Fishing Bud..I won a Fishing Derby..By Leaving My Bait out after everyone else quit and Reeled In..Caught the Biggest Game Fish..And Door Prize for Biggest Bottom Fish..Split the Money with My coworkers on the Boat…
Anyhow..You Pushed me to Do some research on COZY BEAR..My Most interesting Three Reads were the “”Cozy Bear” Wikipedia Site and all the Timelines and Who was Hacked Where..Ukraine..Germany..France TV Station..US..White House..DOD..etc..
The Second Read was Microsofts Lawsuit againt Cozy Bear Operators..with fascinating Details on The Means…and Methods..
The Third Read was an Article in The “Irish Times”..April 8..2018..by Peter Clusky..Called..”Dutch JSCU..Alerted the United States to Cozy Bear and Fancy Bear Attacks..” That was in the Summer of 2015..
Is there any similar analysis of the attempted hacks against the state election rolls in 2017 or of the Facebook ads also attributed to Russia?
Which alleged attack in which state or county? There are a lot of countries in the US.
Jim Ticehurst says
Larry…I have reread your very good Thinking on this matter Five times…Then I looked at the Questions You were asking..Those Questions all Point in the Right Direction..Then I did a long Research into The Hacking…All Could be Easily done By BOTH Bears..The American from New Jersey and The Russian..His Co Founder.and I Suspect they DID….who Both Are out to Attack Russia For their Own Reasons and Experiences.There..i/e is a lot of Background Data on Both Wiki and other Profiles..Those TWO Are capable of Hacking and Giving “Tips” to anyone in The World..Since they are Primary Contractors One ALL Government Computers..When They Recommended Shutting Down The DNC Computer systems and Telling All employees to leave their Lap Tops on Their Stations..That was The Opportunity to Go In..Get everyons Data..Download Thumb Drives..and Maybe Catch Seth Rich…..These Guys have Access to ALL Government Computers..All Probably Most Others Globally too…and Manipulate Without Detection..They Are The SECURITY Experts..