Did Russia Hack the DNC?

Updated June 14, 2017

Every day, the media bring up “Russian influence” in the 2016 presidential election. Hearings, reports, articles, and social media are filled with discussion of the “meddling,” met by calls to action by Democrats for additional investigations. Republican Senator Lindsey Graham told Meet the Press he is “1,000% certain” the Russians “interfered” with the election, adding that they must be “punished” for their behavior. Senator John McCain described Russia’s election interference as an “act of war”:

Threatening to start World War III with a nuclear-armed enemy would be irresponsible without a full investigation. Here are the two theories: Russia vs Not Russia, head-to-head.

Timeline of Events

The FBI notified the Democratic National Committee of a hacking intrusion that took place sometime around August 2015; however, the DNC denied the FBI access to its servers and computersOver the next several months, the FBI says it made repeated requests to inspect the DNC network. The DNC later denied receiving these requests; however, the fact remains that an FBI inspection of the DNC computer network never took place.

After not allowing the FBI to inspect its server, in September 2015, the DNC paid $60,000 to Good Harbor Risk Management, a firm owned by prior cabinet-level security expert Richard Clarke, for an extensive cybersecurity review. The review focused mainly on proper procedures and training; however, many of the warnings and recommended procedures were apparently ignored. Based on later reports, at least one Russian hacking group was already in the system at that point, but for unknown reasons was not discovered and rooted out–even with $60,000 worth of intervention from a professional security analyst, who presumably would have checked for hacking attempts.

In a December 2015 email, Clinton Campaign Chairman John Podesta discussed using allegations of a “bromance” between Donald Trump and Vladimir Putin to discredit Trump.

From March to late April 2016, over a period of five weeks, private cybersecurity firm CrowdStrike spent 128 hours performing an investigation for the DNC into unauthorized access by members of then-primary candidate Bernie Sanders’ campaign staff into Hillary Clinton’s section of the DNC’s voter file system. The breach lasted a total of one hour on December 15, 2015, after an internal firewall failed and provided the Sanders employees with unexpected access to the files. The DNC issued a press release about CrowdStrike’s findings on April 29, 2016, which confirmed–five weeks and 128 hours later–that a few Sanders staffers accessed Hillary Clinton’s voter data for an hour. For unknown reasons, no Russian hacking was detected at that time, suggesting CrowdStrike missed one or both of the Russian hacking groups that were allegedly present in the DNC network at the time.

Just days later, in late April 2016–nearly 10 months after the FBI informed the DNC it was exposed to hackers–the DNC re-hired CrowdStrike to evaluate its computer network. The company quickly assessed, using its own software, that two hacker networks affiliated with Russian intelligence likely carried out the attacks, one entering in 2015 and remaining (obtaining emails and messages) and the other entering at the end of April 2016 (taking opposition research files). CrowdStrike speculated that spear-phishing emails, which when opened install malicious software, were the method used; however, the firm denied having “hard evidence” in that regard. Notably, CrowdStrike was “not sure how the hackers got in,” per a Washington Post article covering the story two months lateron June 14, 2016, which began the “Russian hackers” media narrative

Per a CrowdStrike executive, Dimitri Alperovitch, the reason for the two-month delay between discovering the hackers in the DNC network and disclosing this information to the public was to perform a “remediation,” which involved the following:

We had to conduct a remediation—a major event involving the entire network. The attackers were very well implanted into the network so, this past weekend, we shut off the entire network from the Internet. We rebuilt every machine and cleaned everything up. The announcement came out after that was done because we didn’t want to tip off the adversaries.

Alperovitch indicated that the DNC decided to “go public” with the hacking information on June 14, 2016, because it was a matter of “national security”:

Q: Usually, there is a high degree of confidentiality when these attacks occur. Organizations generally don’t reveal that they have been compromised. Why did CrowdStrike and the DNC choose to go public with this attack?

Alperovitch: Well it wasn’t our decision—it was the DNC’s decision. They thought it was very important to highlight to the American public that this is a national security story and they wanted to highlight what the Russians were doing to the US political system—that was very important. Then, we were able to convince [the DNC] that if you are going to go public, would you allow [CrowdStrike] to release indicators actually related to the attack and tell the story of how the adversaries did it so that others can better protect themselves and [the DNC] was fully supportive of that. We do these things almost weekly and never can we talk about them but in this case, [the DNC] brought it up…and we were thrilled.

Presumably, the thorough forensic analysis by CrowdStrike identified all of the ways in which Bernie Sanders’ employees, various Russian agents, and possibly even internal leakers, had breached the DNC network. It also appears that CrowdStrike then “cleaned everything up” by scrubbing or replacing the devices. Notably, the FBI was not involved in these efforts in any way whatsoever.

On July 6, 2016, just four days before his death, DNC Staffer Seth Rich was offered a job with the Hillary Clinton campaign, and would likely be moved to her Brooklyn office for the remainder of the campaign season, according to his father, Joel Rich.

On July 10, 2016, Seth Rich was walking down the street near his home, on the phone with his girlfriend, when he was gunned down by unknown assailants–shot twice in the back. While some believe he is the Wikileaks source behind the DNC leaks, others attribute his death to a botched robbery. No belongings were taken during the crime.

On July 22, 2016, Wikileaks released the first batch of DNC emails. Before the first document was ever released, the Russian hackers narrative was already infused into the Wikileaks publications by the Washington Post and New York Times.

On July 26, 2016, a New York Times article, titled Spy Agency Consensus Grows That Russia Hacked D.N.C., indicated that anonymous “federal officials” had “largely echoed” the findings of private security firms in concluding that Russians hacked the DNC emails.

The same day, then-President Obama indicated that Russia was a suspect in the hacking investigation, but noted that “anything’s possible,” adding that the FBI was still investigating:

On October 7, 2016, Wikileaks released the first batch of Clinton Campaign Chairman John Podesta’s private emails, which were hosted on his Gmail account. Podesta, in turn, immediately blamed “the Russians” for the hack, despite a complete lack of forensic evidence to support that conclusion.

The same day, the Obama administration followed suit, broadly blaming Russia for cyber attacks against various US institutions, as described by NBC News:

Obama admin blames

With no additional evidence, the unnamed intelligence “officials” had gone from “echoing” a private report to being “confident” that only Russia’s “senior-most officials” could have authorized the hacking of both the DNC and John Podesta’s emails. Notably, that was the first day Podesta’s emails were known to be hacked, so the level of confidence in the suspect seems to be matched by an even greater level of blind faith.

On November 17, 2016, Director of National Intelligence James Clapper said Russia was behind the virtually all hacking surrounding the election; however, the agencies lacked “good insight” into the connection between Russian email hacking and Wikileaks, describing the evidence as “not as strong.” Notably, in January 2016, DNI Clapper had his phone and personal email hacked by teenagers. Earlier, in October 2015, CIA Director John Brennan’s personal email account was hacked by the same teenagers. The hackers weren’t Russians–they were potheads:

After Donald Trump was elected President, the stories became wilder and less connected to reality, to the point where a New York Times reporter compared the supposed Russian hacking to Watergate just a month after the election. At the time, Trump wasn’t even sworn in.

Watergate.PNG
The DNC refused to give the FBI access to this server or other hardware in the DNC computer network, thereby preventing forensic analysis of the network by any government agency.

On December 22, 2016, CrowdStrike upgraded its report regarding the certainty that Russian military intelligence hacking groups had hacked the DNC. The reason for the increased confidence was that CrowdStrike had found similar malware used against the Ukranian military in its howitzer units, which were controlled by a hacked Android application. At that point, CrowdStrike had “high confidence” that Russia was responsible for hacking the DNC. (More on this below.)

On December 30, 2017, Mark Maunder, the founder of cybersecurity company WordFence, which protects WordPress sites, released an extensive blog post that analyzed the evidence underlying the “Russian” hacking malware. Based on his company’s methodologies and information released by the US government, they concluded that the malware code used in the DNC hack was both old and commercially available, as well as not specific to Russian intelligence:

The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.

On January 6, 2017, the much-anticipated CIA, FBI, and NSA inter-agency intelligence assessment was released regarding Russian hacking of the US election. Notably, there were virtually no technical specifics describing how the DNC and John Podesta–whose accounts were hosted on completely different servers–were successfully hacked. Instead, the report relied heavily on “Russian behavior”:

Sources Intel

The CIA and FBI both expressed “high confidence” that Vladimir Putin interfered in our election. These agencies speculated that Putin’s motive was payback for then-Secretary of State Hillary Clinton’s interference in Russia’s domestic affairs:

Putin Motive

Although not backed by any detailed evidence, the agencies claimed that Wikileaks received the DNC and Podesta emails from Russian intelligence agencies, which in turn used fake accounts such as Guccifer 2.0 and DCLeaks to conceal their identities. It’s unclear what, when, or how any of this information was obtained and then transmitted by these parties to Wikileaks, yet the report indicates the FBI and CIA had “high confidence” in that conclusion.

While light on details describing the hacking, the majority of the report focused on how Putin and other Russian officials deeply disliked Hillary Clinton, which according to the intelligence community made them the lead suspects in the case. The fact that Putin couldn’t stand Hillary was no secret, but it was a sentiment shared by millions of people in both Russia and the US–hardly specific:

The report also took up an inordinate amount of space, spanning nine pages, describing intelligence community complaints about Russia-based RT television network, which was accused of spreading “discontent” about American politics and ruining Hillary Clinton’s stellar reputation. Not discussed was the fact that nearly all of this content was produced in US alternative media as well, read and watched by millions of people in both Russia and the US–hardly specific:

RT
Wikileaks email releases showed both corruption and ties to Islamic extremism, although the intelligence agencies apparently did not follow those leads.

The New York Times described the report as “damning,” despite its vagueness and the near-complete lack of proof supporting its conclusions about Russian hacking. The rest of the mainstream media has followed the same narrative until the present day, without ever questioning the reasoning behind the intelligence agencies’ “consensus.” If they did, they would know that these agencies outsourced most of the investigation to a private contractor with little-to-no oversight by the agencies themselves.

CrowdStrike issued reports containing its findings to the FBI, but did not grant the FBI access to the DNC computer network to verify the findings. Excluded from evaluating the actual computers and servers, the FBI was forced to rely on CrowdStrike’s report to render any conclusions, according to former FBI Director Comey’s testimony before the Senate Intelligence Committee on January 10, 2017, and House Intelligence Committee on March 20, 2017:

While former Director Comey expressed regret for not playing a more active role in the investigation, he referred to CrowdStrike as “pros,” testifying that using CrowdStrike was an “appropriate substitute” for conducting his own agency’s investigation. Like the Clinton email case, where Hillary’s lawyers and staff were allowed to print and sort “work-related” emails before destroying the rest, Comey let the DNC pick its own degree of cooperation.

What resulted was that the FBI not only allowed the DNC to obstruct justice in a national security matter, but then allowed DNC officials to substitute CrowdStrike’s report in place of a proper FBI investigation. In turn, CrowdStrike subsequently blamed Russia for the DNC hacks, the FBI and other agencies rubber-stamped this conclusion, and the mainstream media and establishment politicians uncritically accepted these findings. As noted above, Senator McCain described the Russian hacking as an act of war in January 2017. Just one month later, in February 2017, Sen. McCain was fooled into thinking a prank caller was the Prime Minister of Ukraine:

In early January 2017–the same month the “consensus” intelligence report was released and Comey testified before Congress–CrowdStrike became embroiled in controversy and was accused of misrepresenting data in a case involving one of the same hacking groups that allegedly hacked the DNC.

As Voice of America reported on March 24, 2017, CrowdStrike claimed that one of the Russian hacking groups involved in the DNC hack had installed similar malware on an Android-based artillery app used by the Ukranian military. This malware program allegedly provided Russia with the geolocation of Ukranian howitzer batteries, of which up to 80% were discovered and destroyed based on the malware revealing their locations. These events were flatly denied by the Ukranian military and think tanks, resulting in CrowdStrike dramatically revising the initial assessment and deleting significant portions of the assessment.

On April 13, 2017, the UK Daily Mail reported that CrowdStrike refused to testify in front of the House Intelligence Committee. Given that the FBI failed to examine the DNC servers, adopted the CrowdStrike “pros” report as absolute truth, and then CrowdStrike refused to testify about its methods and conclusions, it follows that refusing to testify is an indication that the DNC hacking report is not credible.

As noted above, CrowdStrike’s initial evaluation of the Ukranian hacking event directly influenced the company’s certainty that Russia was responsible for the DNC hack, elevating that conclusion to “high confidence,” followed by the joint-agency intelligence report a few weeks later indicating that they too had “high confidence.” It follows that the high level of collective confidence of our intelligence agencies was built, in large part, on the misinterpretation of the hack in Ukraine.

Even after these troubling revelations, former Dir. Comey still praised the company’s competence. His refusal to admit mistakes and change his opinions is reminiscent of the same reticence he displayed in the Clinton email case, during which he refused to change his opinion on that case after receiving devastating evidence proving obstruction of justice, followed by aggressive questioning–to the point of embarrassment–by the House Judiciary Committee.

With similar rigidity, CrowdStrike also stood with the Obama administration’s conclusion that North Korea hacked Sony in 2014, even after many other cybersecurity experts warned that the evidence suggested an inside job. North Korea can’t even translate a tweet into English correctly, but according to CrowdStrike they’re master hackers.

CrowdStrike expressing extreme certainty that North Korea was responsible for the Sony hacking incident, even when other scenarios appeared to be equally or more probable, suggests a willingness to unwaveringly agree with the US government’s assessment of blame in questionable cases.

Furthermore, in the DNC case, there was no concurrent or subsequent FBI investigation of the same network, no verification of the software used to identify the hackers’ country of origin actually works, and virtually no oversight of CrowdStrike’s secret investigation, the results of which were disclosed to the FBI shortly before the public was informed of the same. With virtually no oversight, an intelligence report based on an incorrect interpretation of other data, an unwillingness to testify about methods used and conclusions reached about Russian hacking, and the existence of competing facts regarding how the emails were obtained, it’s hard to trust the CrowdStrike report at all.

Even more troubling, Wikileaks’ recent Vault 7 CIA releases included a program created by the CIA that provided the means for creating false digital fingerprints that suggest foreign countries were behind hacking operations. Assuming this program was operational last year, the possibility exists that CrowdStrike was misled by our own government into thinking Russian hackers were behind the intrusions. As noted above, CrowdStrike had no “hard evidence” about how the DNC hack was accomplished, yet claimed it could conclude Russia was the source.

CrowdStrike is a private, profit-seeking entity with a financial interest in convincing governments, political parties, and militaries that their unique services and proprietary software are needed for protection against powerful hacking groups. They are alleged to have significant ties to Google, a Ukrainian oligarch, and possibly even Hillary Clinton. As a rapidly growing company, CrowdStrike’s reputation for accurately identifying hackers is intimately tied to profitability. Getting the DNC hackers’ identities wrong or waffling on the conclusion would be bad for business. As noted above, the DNC publicly disclosed the hacking for the purpose of blaming Russia for hacking its emails.

Presumably, a private security company’s employees are not vetted in a similar manner to FBI agents. It goes without saying that no one would ever find it acceptable for the DNC to pay the salaries of FBI agents investigating its network, but that’s exactly what happened in the business relationship between the DNC and CrowdStrike–a blatant conflict of interest. Further, choosing not to testify about methods and conclusions at an oversight hearing is not optional for the FBI, which is controlled (in theory) by our Constitution.

Additionally, there is no information (other than generalized assessments of “Russian behavior”) to establish that John Podesta’s Gmail account and the DNC emails were related hacking events. Besides using Gmail on a completely different server, Podesta had some of the worst cybersecurity practices imaginable. At least one of his passwords was p@ssw0rd. He lost his phone in a cab, before later retrieving it. And he apparently didn’t use two-step authentication. He eventually received a notification telling him to change his password after a login attempt from a Ukranian IP address–not Russian. Additionally, there is no indication that Google investigated and found evidence of Russia hacking his account. With such lousy security and a complete lack of investigation, there is no basis to believe Russia hacked John Podesta.

Further, given his coarse attitude toward staff displayed in the email below, it wouldn’t be surprising if Podesta was subjected to an inside job as well:

By contrast, Wikileaks has a perfect record for accuracy in its publications. Julian Assange has consistently and repeatedly denied that Russia was involved as a Wikileaks source in the DNC or Podesta email releases:

Further, former British Ambassador Craig Murray said he was the go-between who collected the DNC emails in a Washington-area park from “Americans with authorized access to the information,” presumably DNC employees, who were disgusted by the corruption of the Clinton Foundation and believed that the DNC’s conduct in the primary election was unfair to Bernie Sanders.

Although Wikileaks has a strict rule against revealing sources, they unexpectedly announced a $20,000 reward for the July 10th murder of DNC staffer Seth Rich, which created considerable suspicion that Seth Rich was the source of the DNC email leaks:

A private investigator recently indicated that he is aware of emails between Seth Rich and Wikileaks that are contained on a laptop, and that the investigation is being obstructed by authorities, with the recently revelation that critical witnesses weren’t interviewed by police. The Seth Rich connection to Wikileaks was also recently reinforced by Kim Dotcom recently reporting that he was in contact with Seth well before the election, and later assisted him in providing information to Wikileaks. If this and other forthcoming information eventually proves that Seth delivered the DNC emails to Wikileaks, that should finally end the Russian hackers narrative and prompt a serious investigation into his murder, which is currently being considered as a botched robbery by DC Police.

Conclusion

The received evidence does not inspire “high confidence” that Russia hacked either the DNC or Podesta emails, or otherwise played a significant role in our election. To recap:

  • Wikileaks denies connections to Russia, and others have provided information about how the DNC emails were obtained by insiders.
  • The DNC obstructed the FBI’s investigation for ten months before it hired a private cybersecurity firm, then gave the intelligence agencies that report as the basis for the intelligence community “consensus” that somehow followed.
  • The same private firm has subsequently evaluated one of the same Russian hacking group’s activities and assessed important facts incorrectly during the process, in addition to having questionable judgment in a subsequent case and refusing to testify in this one.
  • Obama’s CIA may have had a program that was able to create the false impression of “Russian hacking,” the inappropriate use of which sounds more plausible after his agencies spread false stories about incidents such as Benghazi.
  • And based on his security practices alone, it’s very likely that John Podesta could have been hacked by almost anyone.

In matters of war or peace with Russia, we deserve better than a political party that refuses to cooperate with law enforcement investigations and a lousy intelligence assessment that was based almost entirely on the report of a questionable cybersecurity contractor.

21 thoughts on “Did Russia Hack the DNC?

  1. Would you consider it ordinary for available public data to be all that’s needed to prove that the CIA and FBI have no reason at all to be confident in their conclusions? Doesn’t that seem unlikely on the face of it? Investigations deal with unreleased information until they are concluded.

    Reading this, there is no reason whatsoever for the security agencies to say what they’re saying. What makes you believe no unreleased information may be coming to justify their conclusions?

    Like

    1. It would be amazing if they had some real source material to release that would prove unequivocally that Russia was behind the hacking of the DNC and John Podesta’s emails. However, I’m old enough to remember Colin Powell showing the world diagrams of truck trailers where the Iraqis were making WMDs and everyone agreeing to a war based on that great intelligence. I also remember Susan Rice lying to the American people about YouTube videos the day after we later discovered that Hillary emailed “Diane Reynolds,” aka Chelsea Clinton, stating that it was an “Al Queda-like group.”

      What they have released so far is underwhelming and suspicious in the extreme, so there is no reason to think the silver bullet of investigative materials is forthcoming. Not to mention that I put this in a timeline intentionally, so you could see how the certainty level evolved over time in the DNC case, as well as how an accusation was made literally the first day Podesta’s emails were released. It looks shoddy. If it isn’t we’ll find out when they prove it.

      Like

  2. This is the best. Thank you . It is so irritating when all media even fox anchors always say ” Ok we know that Russia hacked the DNC but were they COLLLLUUUDDING ” When its obvious that Russia didn’t hack the DNC it was a leak . I want to tweet this link but it wont past ARGH !

    Liked by 1 person

  3. I’m loathe to support Republicans in general and especially with an enemy of humanity like Trump in the White House, but this reporting is right on — “What resulted was that the FBI not only allowed the DNC to obstruct justice in a national security matter, but then allowed DNC officials to substitute CrowdStrike’s report in place of a proper FBI investigation. In turn, CrowdStrike subsequently blamed Russia for the DNC hacks, the FBI and other agencies rubber-stamped this conclusion, and the mainstream media and establishment politicians uncritically accepted these findings.” That should be headline news at WaPo, but that corrupt rag isn’t interested in truth that doesn’t serve its predetermined agenda…

    Like

  4. I’m loathe to support anything from a Republican when they support a guy like Trump who is a clear enemy of humanity, but this reporting by Mr. Marty is right on the money — “What resulted was that the FBI not only allowed the DNC to obstruct justice in a national security matter, but then allowed DNC officials to substitute CrowdStrike’s report in place of a proper FBI investigation. In turn, CrowdStrike subsequently blamed Russia for the DNC hacks, the FBI and other agencies rubber-stamped this conclusion, and the mainstream media and establishment politicians uncritically accepted these findings.” — This should be the headline news at WaPo & NYT, but those sad media institutions no longer pursue truth unless it fits their corrupt political agenda…

    Liked by 1 person

    1. Did you read the article? It’s not even about Trump’s presidency. It’s about whether we can trust the Russian hackers media narrative, which started almost a year before he became president. It’s not being a “Russian tool” to say that we shouldn’t start a war over false intelligence. I say the exact same thing about the Iraq War, which started under Bush.

      Like

    2. http://g-2.space supports, from a purely technical angle, that the G2-Russia narrative was a massive lie. – Nobody is being a Russian tool, you were just duped by a DNC disinformation campaign intended to save Hillary Clinton and the DNC leadership from harm to reputation from the leaked emails coming out.

      Liked by 1 person

  5. Awesome article!
    Crowd Strike sucks I can’t believe they have credibility! Even worse they were able to wipe all DNC and dramatically clean entire agency after Seth Rich’s miser in July. That’s a lot of power in a company to propagate this narrative they have contrived. I hope our DOJ is hecking them out closely.

    Liked by 1 person

  6. Awesome article!
    Crowd Strike sucks I can’t believe they have credibility! Even worse they were able to wipe all DNC and dramatically clean entire agency after Seth Rich’s miser in July. That’s a lot of power in a company to propagate this narrative they have contrived. I hope our DOJ is hecking them out closely.

    Liked by 1 person

    1. Thanks! CS has a Russian ex-pat as one of the owners, so I’m not sure where that would put him in their hierarchy now. The thing that struck me was that the FBI/CIA gave this huge illusion of consensus in the intelligence community while relying on just one opinion from outside government, repeating it over and over again. It’s totally irresponsible for Comey to let them run the investigation, but even worse to magnify it without even checking the source material. Not to mention that being hired by the DNC is an automatic conflict of interest for CS.

      If the DNC thought the hackers were unknown and believed that one day the investigation would result in arrests and prosecutions, there is no way they’d cut out the FBI like this. Either they had illegal things the FBI couldn’t see in their files (likely) or they already ID’d the leaker/hacker (likely too). As a defense attorney, I look for overreaction and inflated views of the evidence (signaling nervousness), followed by avoidance of things like providing evidence or returning calls. The other day Lindsey Graham practically took an opinion poll of the Judiciary Committee, during which he demanded faith in the Russian conspiracy theory for no reason. That’s why I started researching for this article. He’s always trying to start a war somewhere. Thank God he’s not president.

      Liked by 1 person

      1. “By contrast, Wikileaks has a perfect record for accuracy in its publications”

        How do you know that? How can you say that? Have you checked every single thing they have published? And if you have, how did you do that because much of what they have released is classified and you don’t have clearance. How can you prove anything you have said?

        Simple answer is you can’t. You’re full of crap. I know it.You know it. Everybody that isn’t stupid knows it.

        Like

      2. I’ll put it on you to find one single email or other publication that they’ve ever produced that was wrong, using journalists, governments, and everyone else who has an interest in saying they’re fake.

        No one denies the DNC or Podesta emails are real. The strategy is to get people to conflate being a “Russian” with considering the contents, blaming the original source as being so big and mean that you shouldn’t hold it against them when they rig the primary against Bernie or send Hillary debate questions or even get $1,000,000 birthday gifts from the King of Qatar. That’s a moral and ethical issue, but authenticity has never been an issue with Wikileaks.

        Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s