Updated June 14, 2017
Every day, the media bring up “Russian influence” in the 2016 presidential election. Hearings, reports, articles, and social media are filled with discussion of the “meddling,” met by calls to action by Democrats for additional investigations. Republican Senator Lindsey Graham told Meet the Press he is “1,000% certain” the Russians “interfered” with the election, adding that they must be “punished” for their behavior. Senator John McCain described Russia’s election interference as an “act of war”:
Threatening to start World War III with a nuclear-armed enemy would be irresponsible without a full investigation. Here are the two theories: Russia vs Not Russia, head-to-head.
Timeline of Events
The FBI notified the Democratic National Committee of a hacking intrusion that took place sometime around August 2015; however, the DNC denied the FBI access to its servers and computers. Over the next several months, the FBI says it made repeated requests to inspect the DNC network. The DNC later denied receiving these requests; however, the fact remains that an FBI inspection of the DNC computer network never took place.
After not allowing the FBI to inspect its server, in September 2015, the DNC paid $60,000 to Good Harbor Risk Management, a firm owned by prior cabinet-level security expert Richard Clarke, for an extensive cybersecurity review. The review focused mainly on proper procedures and training; however, many of the warnings and recommended procedures were apparently ignored. Based on later reports, at least one Russian hacking group was already in the system at that point, but for unknown reasons was not discovered and rooted out–even with $60,000 worth of intervention from a professional security analyst, who presumably would have checked for hacking attempts.
In a December 2015 email, Clinton Campaign Chairman John Podesta discussed using allegations of a “bromance” between Donald Trump and Vladimir Putin to discredit Trump.
From March to late April 2016, over a period of five weeks, private cybersecurity firm CrowdStrike spent 128 hours performing an investigation for the DNC into unauthorized access by members of then-primary candidate Bernie Sanders’ campaign staff into Hillary Clinton’s section of the DNC’s voter file system. The breach lasted a total of one hour on December 15, 2015, after an internal firewall failed and provided the Sanders employees with unexpected access to the files. The DNC issued a press release about CrowdStrike’s findings on April 29, 2016, which confirmed–five weeks and 128 hours later–that a few Sanders staffers accessed Hillary Clinton’s voter data for an hour. For unknown reasons, no Russian hacking was detected at that time, suggesting CrowdStrike missed one or both of the Russian hacking groups that were allegedly present in the DNC network at the time.
Just days later, in late April 2016–nearly 10 months after the FBI informed the DNC it was exposed to hackers–the DNC re-hired CrowdStrike to evaluate its computer network. The company quickly assessed, using its own software, that two hacker networks affiliated with Russian intelligence likely carried out the attacks, one entering in 2015 and remaining (obtaining emails and messages) and the other entering at the end of April 2016 (taking opposition research files). CrowdStrike speculated that spear-phishing emails, which when opened install malicious software, were the method used; however, the firm denied having “hard evidence” in that regard. Notably, CrowdStrike was “not sure how the hackers got in,” per a Washington Post article covering the story two months later, on June 14, 2016, which began the “Russian hackers” media narrative.
Per a CrowdStrike executive, Dimitri Alperovitch, the reason for the two-month delay between discovering the hackers in the DNC network and disclosing this information to the public was to perform a “remediation,” which involved the following:
We had to conduct a remediation—a major event involving the entire network. The attackers were very well implanted into the network so, this past weekend, we shut off the entire network from the Internet. We rebuilt every machine and cleaned everything up. The announcement came out after that was done because we didn’t want to tip off the adversaries.
Alperovitch indicated that the DNC decided to “go public” with the hacking information on June 14, 2016, because it was a matter of “national security”:
Q: Usually, there is a high degree of confidentiality when these attacks occur. Organizations generally don’t reveal that they have been compromised. Why did CrowdStrike and the DNC choose to go public with this attack?
Alperovitch: Well it wasn’t our decision—it was the DNC’s decision. They thought it was very important to highlight to the American public that this is a national security story and they wanted to highlight what the Russians were doing to the US political system—that was very important. Then, we were able to convince [the DNC] that if you are going to go public, would you allow [CrowdStrike] to release indicators actually related to the attack and tell the story of how the adversaries did it so that others can better protect themselves and [the DNC] was fully supportive of that. We do these things almost weekly and never can we talk about them but in this case, [the DNC] brought it up…and we were thrilled.
Presumably, the thorough forensic analysis by CrowdStrike identified all of the ways in which Bernie Sanders’ employees, various Russian agents, and possibly even internal leakers, had breached the DNC network. It also appears that CrowdStrike then “cleaned everything up” by scrubbing or replacing the devices. Notably, the FBI was not involved in these efforts in any way whatsoever.
On July 6, 2016, just four days before his death, DNC Staffer Seth Rich was offered a job with the Hillary Clinton campaign, and would likely be moved to her Brooklyn office for the remainder of the campaign season, according to his father, Joel Rich.
On July 10, 2016, Seth Rich was walking down the street near his home, on the phone with his girlfriend, when he was gunned down by unknown assailants–shot twice in the back. While some believe he is the Wikileaks source behind the DNC leaks, others attribute his death to a botched robbery. No belongings were taken during the crime.
On July 22, 2016, Wikileaks released the first batch of DNC emails. Before the first document was ever released, the Russian hackers narrative was already infused into the Wikileaks publications by the Washington Post and New York Times.
On July 26, 2016, a New York Times article, titled Spy Agency Consensus Grows That Russia Hacked D.N.C., indicated that anonymous “federal officials” had “largely echoed” the findings of private security firms in concluding that Russians hacked the DNC emails.
The same day, then-President Obama indicated that Russia was a suspect in the hacking investigation, but noted that “anything’s possible,” adding that the FBI was still investigating:
On October 7, 2016, Wikileaks released the first batch of Clinton Campaign Chairman John Podesta’s private emails, which were hosted on his Gmail account. Podesta, in turn, immediately blamed “the Russians” for the hack, despite a complete lack of forensic evidence to support that conclusion.
The same day, the Obama administration followed suit, broadly blaming Russia for cyber attacks against various US institutions, as described by NBC News:
With no additional evidence, the unnamed intelligence “officials” had gone from “echoing” a private report to being “confident” that only Russia’s “senior-most officials” could have authorized the hacking of both the DNC and John Podesta’s emails. Notably, that was the first day Podesta’s emails were known to be hacked, so the level of confidence in the suspect seems to be matched by an even greater level of blind faith.
On November 17, 2016, Director of National Intelligence James Clapper said Russia was behind the virtually all hacking surrounding the election; however, the agencies lacked “good insight” into the connection between Russian email hacking and Wikileaks, describing the evidence as “not as strong.” Notably, in January 2016, DNI Clapper had his phone and personal email hacked by teenagers. Earlier, in October 2015, CIA Director John Brennan’s personal email account was hacked by the same teenagers. The hackers weren’t Russians–they were potheads:
After Donald Trump was elected President, the stories became wilder and less connected to reality, to the point where a New York Times reporter compared the supposed Russian hacking to Watergate just a month after the election. At the time, Trump wasn’t even sworn in.
On December 22, 2016, CrowdStrike upgraded its report regarding the certainty that Russian military intelligence hacking groups had hacked the DNC. The reason for the increased confidence was that CrowdStrike had found similar malware used against the Ukranian military in its howitzer units, which were controlled by a hacked Android application. At that point, CrowdStrike had “high confidence” that Russia was responsible for hacking the DNC. (More on this below.)
On December 30, 2017, Mark Maunder, the founder of cybersecurity company WordFence, which protects WordPress sites, released an extensive blog post that analyzed the evidence underlying the “Russian” hacking malware. Based on his company’s methodologies and information released by the US government, they concluded that the malware code used in the DNC hack was both old and commercially available, as well as not specific to Russian intelligence:
The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.
On January 6, 2017, the much-anticipated CIA, FBI, and NSA inter-agency intelligence assessment was released regarding Russian hacking of the US election. Notably, there were virtually no technical specifics describing how the DNC and John Podesta–whose accounts were hosted on completely different servers–were successfully hacked. Instead, the report relied heavily on “Russian behavior”:
The CIA and FBI both expressed “high confidence” that Vladimir Putin interfered in our election. These agencies speculated that Putin’s motive was payback for then-Secretary of State Hillary Clinton’s interference in Russia’s domestic affairs:
Although not backed by any detailed evidence, the agencies claimed that Wikileaks received the DNC and Podesta emails from Russian intelligence agencies, which in turn used fake accounts such as Guccifer 2.0 and DCLeaks to conceal their identities. It’s unclear what, when, or how any of this information was obtained and then transmitted by these parties to Wikileaks, yet the report indicates the FBI and CIA had “high confidence” in that conclusion.
While light on details describing the hacking, the majority of the report focused on how Putin and other Russian officials deeply disliked Hillary Clinton, which according to the intelligence community made them the lead suspects in the case. The fact that Putin couldn’t stand Hillary was no secret, but it was a sentiment shared by millions of people in both Russia and the US–hardly specific:
The report also took up an inordinate amount of space, spanning nine pages, describing intelligence community complaints about Russia-based RT television network, which was accused of spreading “discontent” about American politics and ruining Hillary Clinton’s stellar reputation. Not discussed was the fact that nearly all of this content was produced in US alternative media as well, read and watched by millions of people in both Russia and the US–hardly specific:
The New York Times described the report as “damning,” despite its vagueness and the near-complete lack of proof supporting its conclusions about Russian hacking. The rest of the mainstream media has followed the same narrative until the present day, without ever questioning the reasoning behind the intelligence agencies’ “consensus.” If they did, they would know that these agencies outsourced most of the investigation to a private contractor with little-to-no oversight by the agencies themselves.
CrowdStrike issued reports containing its findings to the FBI, but did not grant the FBI access to the DNC computer network to verify the findings. Excluded from evaluating the actual computers and servers, the FBI was forced to rely on CrowdStrike’s report to render any conclusions, according to former FBI Director Comey’s testimony before the Senate Intelligence Committee on January 10, 2017, and House Intelligence Committee on March 20, 2017:
While former Director Comey expressed regret for not playing a more active role in the investigation, he referred to CrowdStrike as “pros,” testifying that using CrowdStrike was an “appropriate substitute” for conducting his own agency’s investigation. Like the Clinton email case, where Hillary’s lawyers and staff were allowed to print and sort “work-related” emails before destroying the rest, Comey let the DNC pick its own degree of cooperation.
What resulted was that the FBI not only allowed the DNC to obstruct justice in a national security matter, but then allowed DNC officials to substitute CrowdStrike’s report in place of a proper FBI investigation. In turn, CrowdStrike subsequently blamed Russia for the DNC hacks, the FBI and other agencies rubber-stamped this conclusion, and the mainstream media and establishment politicians uncritically accepted these findings. As noted above, Senator McCain described the Russian hacking as an act of war in January 2017. Just one month later, in February 2017, Sen. McCain was fooled into thinking a prank caller was the Prime Minister of Ukraine:
In early January 2017–the same month the “consensus” intelligence report was released and Comey testified before Congress–CrowdStrike became embroiled in controversy and was accused of misrepresenting data in a case involving one of the same hacking groups that allegedly hacked the DNC.
As Voice of America reported on March 24, 2017, CrowdStrike claimed that one of the Russian hacking groups involved in the DNC hack had installed similar malware on an Android-based artillery app used by the Ukranian military. This malware program allegedly provided Russia with the geolocation of Ukranian howitzer batteries, of which up to 80% were discovered and destroyed based on the malware revealing their locations. These events were flatly denied by the Ukranian military and think tanks, resulting in CrowdStrike dramatically revising the initial assessment and deleting significant portions of the assessment.
On April 13, 2017, the UK Daily Mail reported that CrowdStrike refused to testify in front of the House Intelligence Committee. Given that the FBI failed to examine the DNC servers, adopted the CrowdStrike “pros” report as absolute truth, and then CrowdStrike refused to testify about its methods and conclusions, it follows that refusing to testify is an indication that the DNC hacking report is not credible.
As noted above, CrowdStrike’s initial evaluation of the Ukranian hacking event directly influenced the company’s certainty that Russia was responsible for the DNC hack, elevating that conclusion to “high confidence,” followed by the joint-agency intelligence report a few weeks later indicating that they too had “high confidence.” It follows that the high level of collective confidence of our intelligence agencies was built, in large part, on the misinterpretation of the hack in Ukraine.
Even after these troubling revelations, former Dir. Comey still praised the company’s competence. His refusal to admit mistakes and change his opinions is reminiscent of the same reticence he displayed in the Clinton email case, during which he refused to change his opinion on that case after receiving devastating evidence proving obstruction of justice, followed by aggressive questioning–to the point of embarrassment–by the House Judiciary Committee.
With similar rigidity, CrowdStrike also stood with the Obama administration’s conclusion that North Korea hacked Sony in 2014, even after many other cybersecurity experts warned that the evidence suggested an inside job. North Korea can’t even translate a tweet into English correctly, but according to CrowdStrike they’re master hackers.
CrowdStrike expressing extreme certainty that North Korea was responsible for the Sony hacking incident, even when other scenarios appeared to be equally or more probable, suggests a willingness to unwaveringly agree with the US government’s assessment of blame in questionable cases.
Furthermore, in the DNC case, there was no concurrent or subsequent FBI investigation of the same network, no verification of the software used to identify the hackers’ country of origin actually works, and virtually no oversight of CrowdStrike’s secret investigation, the results of which were disclosed to the FBI shortly before the public was informed of the same. With virtually no oversight, an intelligence report based on an incorrect interpretation of other data, an unwillingness to testify about methods used and conclusions reached about Russian hacking, and the existence of competing facts regarding how the emails were obtained, it’s hard to trust the CrowdStrike report at all.
Even more troubling, Wikileaks’ recent Vault 7 CIA releases included a program created by the CIA that provided the means for creating false digital fingerprints that suggest foreign countries were behind hacking operations. Assuming this program was operational last year, the possibility exists that CrowdStrike was misled by our own government into thinking Russian hackers were behind the intrusions. As noted above, CrowdStrike had no “hard evidence” about how the DNC hack was accomplished, yet claimed it could conclude Russia was the source.
CrowdStrike is a private, profit-seeking entity with a financial interest in convincing governments, political parties, and militaries that their unique services and proprietary software are needed for protection against powerful hacking groups. They are alleged to have significant ties to Google, a Ukrainian oligarch, and possibly even Hillary Clinton. As a rapidly growing company, CrowdStrike’s reputation for accurately identifying hackers is intimately tied to profitability. Getting the DNC hackers’ identities wrong or waffling on the conclusion would be bad for business. As noted above, the DNC publicly disclosed the hacking for the purpose of blaming Russia for hacking its emails.
Presumably, a private security company’s employees are not vetted in a similar manner to FBI agents. It goes without saying that no one would ever find it acceptable for the DNC to pay the salaries of FBI agents investigating its network, but that’s exactly what happened in the business relationship between the DNC and CrowdStrike–a blatant conflict of interest. Further, choosing not to testify about methods and conclusions at an oversight hearing is not optional for the FBI, which is controlled (in theory) by our Constitution.
Additionally, there is no information (other than generalized assessments of “Russian behavior”) to establish that John Podesta’s Gmail account and the DNC emails were related hacking events. Besides using Gmail on a completely different server, Podesta had some of the worst cybersecurity practices imaginable. At least one of his passwords was p@ssw0rd. He lost his phone in a cab, before later retrieving it. And he apparently didn’t use two-step authentication. He eventually received a notification telling him to change his password after a login attempt from a Ukranian IP address–not Russian. Additionally, there is no indication that Google investigated and found evidence of Russia hacking his account. With such lousy security and a complete lack of investigation, there is no basis to believe Russia hacked John Podesta.
Further, given his coarse attitude toward staff displayed in the email below, it wouldn’t be surprising if Podesta was subjected to an inside job as well:
By contrast, Wikileaks has a perfect record for accuracy in its publications. Julian Assange has consistently and repeatedly denied that Russia was involved as a Wikileaks source in the DNC or Podesta email releases:
Further, former British Ambassador Craig Murray said he was the go-between who collected the DNC emails in a Washington-area park from “Americans with authorized access to the information,” presumably DNC employees, who were disgusted by the corruption of the Clinton Foundation and believed that the DNC’s conduct in the primary election was unfair to Bernie Sanders.
Although Wikileaks has a strict rule against revealing sources, they unexpectedly announced a $20,000 reward for the July 10th murder of DNC staffer Seth Rich, which created considerable suspicion that Seth Rich was the source of the DNC email leaks:
A private investigator recently indicated that he is aware of emails between Seth Rich and Wikileaks that are contained on a laptop, and that the investigation is being obstructed by authorities, with the recently revelation that critical witnesses weren’t interviewed by police. The Seth Rich connection to Wikileaks was also recently reinforced by Kim Dotcom recently reporting that he was in contact with Seth well before the election, and later assisted him in providing information to Wikileaks. If this and other forthcoming information eventually proves that Seth delivered the DNC emails to Wikileaks, that should finally end the Russian hackers narrative and prompt a serious investigation into his murder, which is currently being considered as a botched robbery by DC Police.
The received evidence does not inspire “high confidence” that Russia hacked either the DNC or Podesta emails, or otherwise played a significant role in our election. To recap:
- Wikileaks denies connections to Russia, and others have provided information about how the DNC emails were obtained by insiders.
- The DNC obstructed the FBI’s investigation for ten months before it hired a private cybersecurity firm, then gave the intelligence agencies that report as the basis for the intelligence community “consensus” that somehow followed.
- The same private firm has subsequently evaluated one of the same Russian hacking group’s activities and assessed important facts incorrectly during the process, in addition to having questionable judgment in a subsequent case and refusing to testify in this one.
- Obama’s CIA may have had a program that was able to create the false impression of “Russian hacking,” the inappropriate use of which sounds more plausible after his agencies spread false stories about incidents such as Benghazi.
- And based on his security practices alone, it’s very likely that John Podesta could have been hacked by almost anyone.
In matters of war or peace with Russia, we deserve better than a political party that refuses to cooperate with law enforcement investigations and a lousy intelligence assessment that was based almost entirely on the report of a questionable cybersecurity contractor.