July 23, 2019 – The DNC and CrowdStrike refuse to provide records about alleged Russian email hack
“Last night, attorneys for the Democratic National Committee and CrowdStrike formally objected to subpoenas from Ed Butowsky, refusing to provide any records about whether DNC emails were leaked internally or hacked by Russians. The FBI also missed a deadline yesterday for providing records about Seth Rich.
Surprise, surprise. Three years after the purported Russian attack on DNC servers, and nobody outside the DNC or its contractors has seen those servers. Why not?
Frankly, I expected the DNC and CrowdStrike to balk, and I’ll be filing motions to compel in the next few weeks.
You will recall that Roger Stone forced federal prosecutors to admit in late May that neither the FBI nor Special Counsel Robert Mueller had investigated the DNC servers that allegedly were hacked by Russians. Instead, Mueller and the FBI relied exclusively on a redacted report from CrowdStrike.
To my knowledge, the U.S. Department of Justice had never before handed off a computer crime investigation to a third-party contractor hired by the alleged victim. Instead, the FBI (or some other law enforcement agency) had always investigated those crimes. Obviously, the DNC doesn’t want any independent investigation of its claims that Russian hackers — as opposed to a DNC employee like Seth Rich — were responsible for transferring DNC emails to Wikileaks.” (Read more: LawFlog, 7/23/2019)
July 2, 2019 – Subpoenas issued for FBI, Crowdstrike, and DNC records on “Russian hacking” and Seth Rich
Two years ago, Texas attorney, Ty Clevenger, appeared on Tucker Carlson’s show:
Ty Clevenger: Originally I thought there was some Obama holdover in the FBI that was trying to cover this up. But as you know last week Senator Graham and Senator Grassley released a letter indicating that the former FBI Director James Comey had already decided to exonerate Mrs. Clinton before she was even interviewed. And so at this point, I believe the FBI is trying to cover its own rear-end. I think they know this thing is going to look terrible for them. They deep-sixed this. They white-washed it. And they don’t want the documents coming out showing how badly they covered it up…
On July 2, 2019, “Ty Clevenger filed a series of subpoenas in the lawsuit filed against Matt Couch, and America First Media.
Per Attorney Ty Clevenger:
This afternoon I issued subpoenas to the FBI, CrowdStrike, and the Democratic National Committee for their records on murdered DNC employee Seth Rich. The subpoenas further demand all evidence that Russian hackers were responsible for obtaining DNC emails in 2016 that were later published by Wikileaks.
Two weeks ago, attorneys representing Roger Stone forced prosecutors to admit that Special Counsel Robert Mueller and Obama-era intelligence officials never examined the DNC servers that purportedly were hacked by the Russians. Instead, Mueller and Obama officials relied on redacted draft reports prepared by CrowdStrike, Inc., a private company hired by the law firm Perkins Coie, the same law firm that hired Fusion GPS and Christopher Steele.
(…) You can read the FBI subpoena by clicking here, the CrowdStrike subpoena by clicking here, and the DNC subpoena by clicking here. The case is Edward Butowsky v. Michael Gottlieb, et al., Case No. 4:19-cv-00180 (E.D.Tex.). (Read more: The DCPatriot, 7/02/2019)
May 31, 2019 – The DOJ admits the FBI has never seen an unredacted version of the Crowdstrike report on the DNC Russian hacking claim
“The foundation for the Russian election interference narrative is built on the claim of Russians hacking the servers of the Democrat National Committee (DNC), and subsequently releasing damaging emails that showed the DNC worked to help Hillary Clinton and eliminate Bernie Sanders.
Despite the Russian ‘hacking’ claim the DOJ previously admitted the DNC would not let FBI investigators review the DNC server. Instead the DNC provided the FBI with analysis of a technical review done through a cyber-security contract with Crowdstrike.
The narrative around the DNC hack claim was always sketchy; many people believe the DNC email data was downloaded onto a flash drive and leaked. In a court filing (full pdf below) the scale of sketchy has increased exponentially.
Suspecting they could prove the Russian hacking claim was false, lawyers representing Roger Stone requested the full Crowdstrike report on the DNC hack. When the DOJ responded to the Stone motion they made a rather significant admission. Not only did the FBI not review the DNC server, the FBI/DOJ never even saw the Crowdstrike report.
Yes, that is correct. The FBI and DOJ were only allowed to see a “draft” report prepared by Crowdstrike, and that report was redacted… and that redacted draft is the “last version of the report produced”; meaning, there are no unredacted & final versions.
This means the FBI and DOJ, and all of the downstream claims by the intelligence apparatus; including the December 2016 Joint Analysis Report and January 2017 Intelligence Community Assessment, all the way to the Weissmann/Mueller report and the continued claims therein; were based on the official intelligence agencies of the U.S. government and the U.S. Department of Justice taking the word of a hired contractor for the Democrat party….. despite their inability to examine the server and/or actually see an unredacted technical forensic report from the investigating contractor.
The entire apparatus of the U.S. government just took their word for it…
…and used the claim therein as an official position…
…which led to a subsequent government claim, in court, of absolute certainty that Russia hacked the DNC.
Think about that for a few minutes.
The full intelligence apparatus of the United States government is relying on a report they have never even been allowed to see or confirm; that was created by a paid contractor for a political victim that would not allow the FBI to investigate their claim.
The DNC server issue is foundation, and cornerstone, of the U.S. government’s position on “Russia hacking” and the election interference narrative; and that narrative is based on zero factual evidence to affirm the U.S. government’s position.” (Read more: Conservative Treehouse, 6/15/2019)
April 18, 2019 – Mueller’s own report undercuts its core Russia-meddling claims
“While the 448-page Mueller report found no conspiracy between Donald Trump’s campaign and Russia, it offered voluminous details to support the sweeping conclusion that the Kremlin worked to secure Trump’s victory. The report claims that the interference operation occurred “principally” on two fronts: Russian military intelligence officers hacked and leaked embarrassing Democratic Party documents, and a government-linked troll farm orchestrated a sophisticated and far-reaching social media campaign that denigrated Hillary Clinton and promoted Trump.
But a close examination of the report shows that none of those headline assertions are supported by the report’s evidence or other publicly available sources. They are further undercut by investigative shortcomings and the conflicts of interest of key players involved:
- The report uses qualified and vague language to describe key events, indicating that Mueller and his investigators do not actually know for certain whether Russian intelligence officers stole Democratic Party emails, or how those emails were transferred to WikiLeaks.
- The report’s timeline of events appears to defy logic. According to its narrative, WikiLeaks founder Julian Assange announced the publication of Democratic Party emails not only before he received the documents but before he even communicated with the source that provided them.
- There is strong reason to doubt Mueller’s suggestion that an alleged Russian cutout called Guccifer 2.0 supplied the stolen emails to Assange.
- Mueller’s decision not to interview Assange – a central figure who claims Russia was not behind the hack – suggests an unwillingness to explore avenues of evidence on fundamental questions.
- U.S. intelligence officials cannot make definitive conclusions about the hacking of the Democratic National Committee computer servers because they did not analyze those servers themselves. Instead, they relied on the forensics of CrowdStrike, a private contractor for the DNC that was not a neutral party, much as “Russian dossier” compiler Christopher Steele, also a DNC contractor, was not a neutral party. This puts two Democrat-hired contractors squarely behind underlying allegations in the affair – a key circumstance that Mueller ignores.
- Further, the government allowed CrowdStrike and the Democratic Party’s legal counsel to submit redacted records, meaning CrowdStrike and not the government decided what could be revealed or not regarding evidence of hacking.
- Mueller’s report conspicuously does not allege that the Russian government carried out the social media campaign. Instead it blames, as Mueller said in his closing remarks, “a private Russian entity” known as the Internet Research Agency (IRA).
- Mueller also falls far short of proving that the Russian social campaign was sophisticated, or even more than minimally related to the 2016 election. As with the collusion and Russian hacking allegations, Democratic officials had a central and overlooked hand in generating the alarm about Russian social media activity.
- John Brennan, then director of the CIA, played a seminal and overlooked role in all facets of what became Mueller’s investigation: the suspicions that triggered the initial collusion probe; the allegations of Russian interference; and the intelligence assessment that purported to validate the interference allegations that Brennan himself helped generate. Yet Brennan has since revealed himself to be, like CrowdStrike and Steele, hardly a neutral party — in fact a partisan with a deep animus toward Trump.
Uncertainty Over Who Stole the Emails
The Mueller report’s narrative of Russian hacking and leaking was initially laid out in a July 2018 indictment of 12 Russian intelligence officers and is detailed further in the report. According to Mueller, operatives at Russia’s main intelligence agency, the GRU, broke into Clinton campaign Chairman John Podesta’s emails in March 2016. The hackers infiltrated Podesta’s account with a common tactic called spear-phishing, duping him with a phony security alert that led him to enter his password. The GRU then used stolen Democratic Party credentials to hack into the DNC and Democratic Congressional Campaign Committee (DCCC) servers beginning in April 2016. Beginning in June 2016, the report claims, the GRU created two online personas, “DCLeaks” and “Guccifer 2.0,” to begin releasing the stolen material. After making contact later that month, Guccifer 2.0 apparently transferred the DNC emails to the whistleblowing, anti-secrecy publisher WikiLeaks, which released the first batch on July 22 ahead of the Democratic National Convention.
The report presents this narrative with remarkable specificity: It describes in detail how GRU officers installed malware, leased U.S.-based computers, and used cryptocurrencies to carry out their hacking operation. The intelligence that caught the GRU hackers is portrayed as so invasive and precise that it even captured the keystrokes of individual Russian officers, including their use of search engines.
In fact, the report contains crucial gaps in the evidence that might support that authoritative account. Here is how it describes the core crime under investigation, the alleged GRU theft of DNC emails:
Between approximately May 25, 2016 and June 1, 2016, GRU officers accessed the DNC’s mail server from a GRU-controlled computer leased inside the United States. During these connections, Unit 26165 officers appear to have stolen thousands of emails and attachments, which were later released by WikiLeaks in July 2016. [Italics added for emphasis.]
The report’s use of that one word, “appear,” undercuts its suggestions that Mueller possesses convincing evidence that GRU officers stole “thousands of emails and attachments” from DNC servers. It is a departure from the language used in his July 2018 indictment, which contained no such qualifier:
“It’s certainly curious as to why this discrepancy exists between the language of Mueller’s indictment and the extra wiggle room inserted into his report a year later,” says former FBI Special Agent Coleen Rowley. “It may be an example of this and other existing gaps that are inherent with the use of circumstantial information. With Mueller’s exercise of quite unprecedented (but politically expedient) extraterritorial jurisdiction to indict foreign intelligence operatives who were never expected to contest his conclusory assertions in court, he didn’t have to worry about precision. I would guess, however, that even though NSA may be able to track some hacking operations, it would be inherently difficult, if not impossible, to connect specific individuals to the computer transfer operations in question.”
The report also concedes that Mueller’s team did not determine another critical component of the crime it alleges: how the stolen Democratic material was transferred to WikiLeaks. The July 2018 indictment of GRU officers suggested – without stating outright – that WikiLeaks published the Democratic Party emails after receiving them from Guccifer 2.0 in a file named “wk dnc linkI .txt.gpg” on or around July 14, 2016. But now the report acknowledges that Mueller has not actually established how WikiLeaks acquired the stolen information: “The Office cannot rule out that stolen documents were transferred to WikiLeaks through intermediaries who visited during the summer of 2016.”
Another partially redacted passage also suggests that Mueller cannot trace exactly how WikiLeaks received the stolen emails. Given how the sentence is formulated, the redacted portion could reflect Mueller’s uncertainty:
Contrary to Mueller’s sweeping conclusions, the report itself is, at best, suggesting that the GRU, via its purported cutout Guccifer 2.0, may have transferred the stolen emails to WikiLeaks. ”
Aaron Mate’ addresses each of the bullet points above in much greater detail at: (RealClearInvestigations, 7/05/2019)
July 13, 2018 – Mueller’s Latest Indictment Contradicts Evidence In The Public Domain
“On July 13th, 2018, an indictment was filed by Special Counsel Robert Swan Mueller III.
This author is responding to the indictment because it features claims about Guccifer 2.0 that are inconsistent with what has been discovered about the persona, including the following:
Evidence was found over 500 days ago relating to the Guccifer 2.0 persona that showed they had deliberately manipulated files to have Russian metadata. We know the process used to construct the documents was not due to accidental mistakes during the creation process.
The original template document that Guccifer 2.0 used has been identified. It is also the source of the presence of Warren Flood’s name, and can be found attached to one of Podesta’s emails (it has RSIDs matching with .
The Trump opposition research, which CrowdStrike claimed was targeted at the DNC, apparently in late April 2016, isn’t what Guccifer 2.0 actually presented to reporters. It also didn’t come from the DNC, but was an attached file on one of John Podesta’s emails – not the DNC’s. This specific copy appears to have been edited by Tony Carrk shortly before it was sent to Podesta. The fact that Guccifer 2.0’s initial releases were Podesta email attachments was even conceded by a former DNC official.
It appears that Guccifer 2.0 fabricated evidence on June 15, 2016, that coincidentally dovetailed with multiple claims made by CrowdStrike executives that had been published the previous day.
Guccifer 2.0 went to considerable effort to make sure Russian error messages appeared in copies of files given to the press.
Evidence – which Guccifer 2.0 couldn’t manipulate due to being logged by third parties – suggests he was operating in the US.
Additional evidence, which Guccifer 2.0 would have been unlikely to realize “he” was leaving, indicated that the persona was archiving files in US time zones before release, with email headers giving him away early on.
Virtually everything that has been claimed to indicate Guccifer 2.0 was Russian was based on something he chose to do.
Considering that Guccifer 2.0 had access to Podesta’s emails, yet never leaked anything truly damaging to the Clinton campaign even though he would have had access to it, is highly suspicious. In fact, Guccifer 2.0 never referenced any of the scandals that would later explode when the DNC emails and Podesta email collections were published by WikiLeaks.” (Read more: Adam Carter, Disobedient Media, 7/15/2018)
April 28, 2018 – FBI delays release of communications with firm that examined DNC servers
“The Federal Bureau of Investigation (FBI) has pushed back the estimated completion date of a Freedom of Information Act (FOIA) request for documents pertaining to its communications with the security firm that examined the Democratic National Committee’s hacked servers to October.
The Washington Free Beacon submitted the FOIA request in July 2017 with the FBI seeking all communication between the bureau and CrowdStrike, Inc., the California-based cyber security firm that examined the DNC’s servers following the infiltration that led to the release of John Podesta’s emails. The FBI said in December the documents should be available by March.
The FBI, which was never granted access to the DNC’s servers for inspection, instead relied on the third-party firm that was brought in by the DNC for information regarding the compromised network who concluded that Russia was behind the hack.
The FBI previously awarded an unrelated $150,000 contract to CrowdStrike in July 2015. Details and communications between the firm and the bureau regarding that past contract were requested as part of the FOIA.” (Read more: The Washington Free Beacon, 04/28/2018)
April 2018 – The National Republican Campaign Committee is hacked after retaining DNC cybersecurity provider, Crowdstrike
“The House GOP campaign arm suffered a major hack during the 2018 election, exposing thousands of sensitive emails to an outside intruder, according to three senior party officials.
The email accounts of four senior aides at the National Republican Congressional Committee were surveilled for several months, the party officials said. The intrusion was detected in April by an NRCC vendor, who alerted the committee and its cybersecurity contractor. An internal investigation was initiated and the FBI was alerted to the attack, said the officials, who requested anonymity to discuss the incident.
However, senior House Republicans — including Speaker Paul Ryan (R-Wis.), House Majority Leader Kevin McCarthy (R-Calif.) and Majority Whip Steve Scalise (R-La.) — were not informed of the hack until POLITICO contacted the NRCC on Monday with questions about the episode. Rank-and-file House Republicans were not told,
(…) The hack was first detected by an MSSP, a managed security services provider that monitors the NRCC’s network. The MSSP informed NRCC officials and they, in turn, alerted Crowdstrike, a well-known cybersecurity firm that had already been retained by the NRCC.” (Read more: Politico, 12/04/2018)
October 25, 2017 – Editorial: When Scandals Collide
By: Andrew McCarthy
(…) “we have learned finally, courtesy of the Washington Post, that Fusion GPS, the research firm that produced the notorious “Trump Dossier,” was funded by the Hillary Clinton presidential campaign and the Democratic National Committee. Of course, the Clinton campaign and the DNC always want layers of deniability and obfuscation – and let’s note that it has served them well – so they hire lawyers to do the icky stuff rather than doing it directly. Then, when the you-know-what hits the fan, outfits like Fusion GPS try to claim that they can’t share critical information with investigators because of (among other things) attorney-client confidentiality concerns.
Here, the Clinton campaign and the DNC retained the law firm of Perkins Coie; in turn, one of its partners, Marc E. Elias, retained Fusion GPS. We don’t know how much Fusion GPS was paid, but the Clinton campaign and the DNC paid $9.1 million to Perkins Coie during the 2016 campaign (i.e., between mid-2015 and late 2016).
In its capacity as attorney for the DNC, Perkins Coie – through another of its partners, Michael Sussman – is also the law firm that retained CrowdStrike, the cyber security outfit, upon learning in April 2016 that the DNC’s servers had been hacked.
A friend draws my attention to an intriguing coincidence.
Interesting: Despite the patent importance of the physical server system to the FBI and Intelligence-Community investigation of Russian meddling in the 2016 election, the Bureau never examined the DNC servers. Evidently, the DNC declined to cooperate to that degree, and the Obama Justice Department decided not to issue a subpoena to demand that the servers be turned over (just like the Obama Justice Department decided not to issue subpoenas to demand the surrender of critical physical evidence in the Clinton e-mails investigation).
Instead, the conclusion that Russia is responsible for the invasion of the DNC servers rests on the forensic analysis conducted by CrowdStrike. Rather than do its own investigation, the FBI relied on a contractor retained by the DNC’s lawyers.” (Read more: National Review, 10/25/2017)
December 30, 2016 – The credibility of cyber firm Crowdstrike, claiming Russia hacked the DNC, comes under serious question
“The cyber security firm hired to inspect the DNC hack and determine who was responsible is a firm called Crowdstrike. Its conclusion that Russia was responsible was released last year, but several people began to call its analysis into question upon further inspection.
Jeffrey Carr was one of the most prominent cynics, and as he noted in his December post, FBI/DHS Joint Analysis Report: A Fatally Flawed Effort:
The FBI/DHS Joint Analysis Report (JAR) “Grizzly Steppe” was released yesterday as part of the White House’s response to alleged Russian government interference in the 2016 election process. It adds nothing to the call for evidence that the Russian government was responsible for hacking the DNC, the DCCC, the email accounts of Democratic party officials, or for delivering the content of those hacks to Wikileaks.
It merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists.
Unlike Crowdstrike, ESET doesn’t assign APT28/Fancy Bear/Sednit to a Russian Intelligence Service or anyone else for a very simple reason. Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone. In other words — malware deployed is malware enjoyed!
If ESET could do it, so can others. It is both foolish and baseless to claim, as Crowdstrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.
If the White House had unclassified evidence that tied officials in the Russian government to the DNC attack, they would have presented it by now. The fact that they didn’t means either that the evidence doesn’t exist or that it is classified.
If it’s classified, an independent commission should review it because this entire assignment of blame against the Russian government is looking more and more like a domestic political operation run by the White House that relied heavily on questionable intelligence generated by a for-profit cybersecurity firm with a vested interest in selling “attribution-as-a-service”.
Nevertheless, countless people, including the entirety of the corporate media, put total faith in the analysis of Crowdstrike despite the fact that the FBI was denied access to perform its own analysis. Which makes me wonder, did the U.S. government do any real analysis of its own on the DNC hack, or did it just copy/paste Crowdstrike?
As The Hill reported in January:
The FBI requested direct access to the Democratic National Committee’s (DNC) hacked computer servers but was denied, Director James Comey told lawmakers on Tuesday.
The bureau made “multiple requests at different levels,” according to Comey, but ultimately struck an agreement with the DNC that a “highly respected private company” would get access and share what it found with investigators.
“We’d always prefer to have access hands-on ourselves if that’s possible,” Comey said, noting that he didn’t know why the DNC rebuffed the FBI’s request.
This is nuts. Are all U.S. government agencies simply listening to what Crowdstike said in coming to their “independent” conclusions that Russia hacked the DNC? If so, that’s a huge problem. Particularly considering what Voice of America published yesterday in a piece titled, Cyber Firm at Center of Russian Hacking Charges Misread Data:
An influential British think tank and Ukraine’s military are disputing a report that the U.S. cybersecurity firm CrowdStrike has used to buttress its claims of Russian hacking in the presidential election.
The CrowdStrike report, released in December, asserted that Russians hacked into a Ukrainian artillery app, resulting in heavy losses of howitzers in Ukraine’s war with Russian-backed separatists.
But the International Institute for Strategic Studies (IISS) told VOA that CrowdStrike erroneously used IISS data as proof of the intrusion. IISS disavowed any connection to the CrowdStrike report. Ukraine’s Ministry of Defense also has claimed combat losses and hacking never happened.
The challenges to CrowdStrike’s credibility are significant because the firm was the first to link last year’s hacks of Democratic Party computers to Russian actors, and because CrowdStrike co-founder Dimiti Alperovitch has trumpeted its Ukraine report as more evidence of Russian election tampering.“
December 29, 2016 – Tech experts disagree with Crowdstrike’s assessment and are critical of the FBI/DHS Joint Analysis Report (JAR)
(…) “Breitbart News has interviewed tech experts who do not agree with the CrowdStrike assessment or Obama administration’s claims that the DNC/DCCC hacks clearly committed by Russian state actors, with much criticism aimed at the FBI/DHS Joint Analysis Report (JAR) “Grizzly Steppe” that was released at the end of December. As ZDNet reported after the JAR report was released by the Obama administration on the same day that they announced sanctions against Russia:
The JAR included “specific indicators of compromise, including IP addresses and a PHP malware sample.” But what does this really prove? Wordfence, a WordPress security company specializing in analyzing PHP malware, examined these indicators and didn’t find any hard evidence of Russian involvement. Instead, Wordfence found the attack software was P.AS. 3.1.0, an out-of-date, web-shell hacking tool. The newest version, 4.1.1b, is more sophisticated. Its website claims it was written in the Ukraine.
Mark Maunder, Wordfence’s CEO, concluded that since the attacks were made “several versions behind the most current version of P.A.S sic which is 4.1.1b. One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.”
True, as Errata Security CEO Rob Graham pointed out in a blog post, P.A.S is popular among Russia/Ukraine hackers. But it’s “used by hundreds if not thousands of hackers, mostly associated with Russia, but also throughout the rest of the world.” In short, just because the attackers used P.A.S., that’s not enough evidence to blame it on the Russian government.
Independent cybersecurity experts, such as Jeffrey Carr, have cited numerous errors that the media and CrowdStrike have made in discussing the hacking in what Carr refers to as a “runaway train” of misinformation.
For example, CrowdStrike has named a threat group that they have given the name “Fancy Bear” for the hacks and then said this threat group is Russian intelligence. In December 2016, Carr wrote in a post on Medium:
A common misconception of “threat group” is that [it] refers to a group of people. It doesn’t. Here’s how ESET describes SEDNIT, one of the names for the threat group known as APT28, Fancy Bear, etc. This definition is found on p.12 of part two “En Route with Sednit: Observing the Comings and Goings”:
As security researchers, what we call “the Sednit group” is merely a set of software and the related network infrastructure, which we can hardly correlate with any specific organization.
Unlike CrowdStrike, ESET doesn’t assign APT28/Fancy Bear/Sednit to a Russian Intelligence Service or anyone else for a very simple reason. Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone.
Despite these and other criticisms from technical experts with no political ax to grind, the House Intelligence Committee has called no independent cybersecurity professionals to challenge the Democrats’ claims of “Russian hacking” that have been repeated ad naseum by the media.
Instead of presenting counter-arguments to allow the general public to make up their own minds, the House committee has invited Shawn Henry and Dmitri Alperovitch from CrowdStrike. (Read more: Breitbart, 3/09/2017)