December 2016

December 30, 2016 – The credibility of cyber firm Crowdstrike, claiming Russia hacked the DNC, comes under serious question

Jeffrey Carr (Credit: Vimeo)

“The cyber security firm hired to inspect the DNC hack and determine who was responsible is a firm called Crowdstrike. Its conclusion that Russia was responsible was released last year, but several people began to call its analysis into question upon further inspection.

Jeffrey Carr was one of the most prominent cynics, and as he noted in his December post, FBI/DHS Joint Analysis Report: A Fatally Flawed Effort:

The FBI/DHS Joint Analysis Report (JAR) “Grizzly Steppe” was released yesterday as part of the White House’s response to alleged Russian government interference in the 2016 election process. It adds nothing to the call for evidence that the Russian government was responsible for hacking the DNC, the DCCC, the email accounts of Democratic party officials, or for delivering the content of those hacks to Wikileaks.

It merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists.

Unlike Crowdstrike, ESET doesn’t assign APT28/Fancy Bear/Sednit to a Russian Intelligence Service or anyone else for a very simple reason. Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone. In other words — malware deployed is malware enjoyed!

If ESET could do it, so can others. It is both foolish and baseless to claim, as Crowdstrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.

If the White House had unclassified evidence that tied officials in the Russian government to the DNC attack, they would have presented it by now. The fact that they didn’t means either that the evidence doesn’t exist or that it is classified.

If it’s classified, an independent commission should review it because this entire assignment of blame against the Russian government is looking more and more like a domestic political operation run by the White House that relied heavily on questionable intelligence generated by a for-profit cybersecurity firm with a vested interest in selling “attribution-as-a-service”.

Nevertheless, countless people, including the entirety of the corporate media, put total faith in the analysis of Crowdstrike despite the fact that the FBI was denied access to perform its own analysis. Which makes me wonder, did the U.S. government do any real analysis of its own on the DNC hack, or did it just copy/paste Crowdstrike?

As The Hill reported in January:

The FBI requested direct access to the Democratic National Committee’s (DNC) hacked computer servers but was denied, Director James Comey told lawmakers on Tuesday.

The bureau made “multiple requests at different levels,” according to Comey, but ultimately struck an agreement with the DNC that a “highly respected private company” would get access and share what it found with investigators.

“We’d always prefer to have access hands-on ourselves if that’s possible,” Comey said, noting that he didn’t know why the DNC rebuffed the FBI’s request.

This is nuts. Are all U.S. government agencies simply listening to what Crowdstike said in coming to their “independent” conclusions that Russia hacked the DNC? If so, that’s a huge problem. Particularly considering what Voice of America published yesterday in a piece titled, Cyber Firm at Center of Russian Hacking Charges Misread Data:

An influential British think tank and Ukraine’s military are disputing a report that the U.S. cybersecurity firm CrowdStrike has used to buttress its claims of Russian hacking in the presidential election.

The CrowdStrike report, released in December, asserted that Russians hacked into a Ukrainian artillery app, resulting in heavy losses of howitzers in Ukraine’s war with Russian-backed separatists.

But the International Institute for Strategic Studies (IISS) told VOA that CrowdStrike erroneously used IISS data as proof of the intrusion. IISS disavowed any connection to the CrowdStrike report. Ukraine’s Ministry of Defense also has claimed combat losses and hacking never happened.

The challenges to CrowdStrike’s credibility are significant because the firm was the first to link last year’s hacks of Democratic Party computers to Russian actors, and because CrowdStrike co-founder Dimiti Alperovitch has trumpeted its Ukraine report as more evidence of Russian election tampering.

(Read more: Michael Krieger/Liberty Blitzkrieg, 3/22/2017)

December 29, 2016 – The Intel community releases the Joint Analysis Report claiming Russia hacked the DNC, then Obama imposes sanctions

“Prior to March 9th, 2016, the political surveillance and spy operations of the Obama administration were using the FBI and NSA database to track/monitor their opposition. However, once the NSA compliance officer began initiating an internal review of who was accessing the system, the CIA and FBI moved to create ex post facto justification for their endeavors. [Full Backstory]

After the November 8th, 2016, election everyone within the Obama network associated with the Trump surveillance operation was at risk. This is the impetus for the “Muh Russia” collusion- conspiracy narrative that was used as a mitigating shield. Within a few days after the election ODNI James Clapper and CIA Director John Brennan began pushing the Russia election interference narrative in the media.

By mid-December 2016 the Obama administration was deploying a full-court-press using their media allies to promote the Russia conspiracy.  However, despite their public proclamations Clapper and Brennan were refusing to give any specifics to congress.

(Credit: Conservative Treehouse)

The hard narrative was that Russia interfered. That was the specific push from within the Obama intelligence apparatus writ large.  All IC officials, sans Mike Rogers (NSA), had a self-interest in pushing this narrative; after all, it was the defensive mechanism to justify their illegal spying operation throughout 2016.  This was their insurance policy.

The media was doing their part; and using the information leaked to them by those who were part of the 2016 operation(s) began battering the Trump transition team every hour of every day with questions about the Russia hacking narrative; thereby fertilizing the seeds of a collusion conspiracy.

On December 29, 2016, the IC produced, and rushed to completion, a ridiculous document to support the false-premise.  This was called the Joint Analysis Report which claimed to outline the details of Russia’s involvement hacking into targeted political data base or computer systems during the election.  We were introduced to “Grizzley Steepe” and a goofy claim of Russian hackers.

On the same day (12/29/16) President Obama announced a series of sanctions against Russians who were located in Maryland.  This was Obama’s carefully constructed response to provide additional validity to the Joint Analysis Report.  After fueling the Russia conspiracy for several weeks the Obama administration knew this action would initiate a response from both Russia and the incoming Trump administration.

On the day the JAR was released and Obama made the announcement, President-elect Donald Trump and some of his key members were in Mar-a-Lago, Florida.  Incoming National Security Adviser Mike Flynn was on vacation in the Dominican Republic. As expected the Obama action spurred calls between Russian emissary Kislyak and Flynn.

The Obama IC were monitoring Kislyak communications and waiting for the contact.  Additionally, it is suspected Flynn may have been under a FISA surveillance warrant which seems confirmed by the Weissmann/Mueller report. The FBI intercepted, recorded, and later transcribed the conversation.

The media continued to follow the lead from the Obama White House and Intelligence Community (writ large) fueling a narrative that any contact with the Russians was proof of collusion of some sort.   In addition, the communications team of the White House, DOJ, FBI and aggregate IC began pushing a narrative surrounding the obscure Logan Act.

The ridiculous Logan Act promotion was targeted to infer that any action taken by the Trump campaign prior to taking office was interference with the political Obama Russia action, and would be evidence of collusion. That was the plan.  DOJ Deputy AG Sally Yates was in charge of pushing the Logan Act narrative to the media.” (Read more: Conservative Treehouse, 4/28/2016)

December 29, 2016 – March 30, 2017: A timeline of General Michael Flynn events

General Michael Flynn (Credit: Congressional Quarterly/Roll Call)

December 29 2016General Michael Flynn speaks to the Russian Ambassador. The conversation takes place the same day that outgoing President Barack Obama imposes sanctions against Russia for suspected hacking of Democrats’ emails during the election.

The conversation is recorded by intelligence agencies and later reviewed by the FBI. Recording or releasing Americans’ conversations is prohibited without written approval from the Foreign Intelligence Surveillance Court (FISA). The existence of recorded conversations and the contents of the conversation are barred from public release by classification rules and privacy laws.

December 29 2016 – Obama announces sanctions on Russia.

December 30 2016 – Russian leader Vladimir Putin addresses Obama’s sanctions by not expelling any U.S. officials. Putin’s lack of retaliatory action prompts some to later conclude that Flynn relayed a message regarding the sanctions in his December 29th conversation with the Russian Ambassador.

January 3 2017 – Loretta Lynch signs Section 2.3 of Executive Order 12333 – Procedures for the Availability or Dissemination of Raw Signals Intelligence Information by the NSA – into effect. This order is significant. As I note in, The Suspicious Timing of Obama’s NSA Data-Sharing Order:

Prior to the formal signing of Section 2.3 it appears that there existed more latitude within the White House in regards to collection of information on the Trump Campaign. However, once signed into effect, Section 2.3 granted broad latitude in regards to inter-agency sharing of information. By the time the new order was signed, the information was already in the Obama White House’s possession.

The new order, had it been implemented earlier, might have restricted White House access to information regarding the Trump Team. Once signed, it granted broad latitude to inter-agency sharing of information already held.

Importantly, the transcript of Flynn’s call was already in the possession of the Obama White House.

January 4 2017Mike Flynn informs transition White House Counsel Don McGahn that he is under federal investigation for work as a paid lobbyist to Turkey.

Jan 12 2017 –  Mike Flynn’s Dec 29 2016 call is leaked to Washington Post. The article portrays Flynn as undermining Obama’s Russian sanctions.

Jan 15 2017 – VP Pence appears on Face the nation to defend Flynn’s calls – five days before the inauguration of President Trump.

January 19 2017 – The New York Times reports, on the eve of Inauguration Day, that several agencies — the Federal Bureau of Investigation, the Central Intelligence Agency, the National Security Agency and the Treasury Department are monitoring several associates of the Trump campaign suspected of Russian ties.

January 19 2017 – Obama’s top intelligence and law-enforcement deputies meet to talk about Flynn’s conversation with Kislyak, according to a Feb 13 article in the Washington Post.

January 20 2017 – Inauguration.

January 23 2017Acting Attorney General Sally Yates increases pressure on FBI Director Comey regarding Mike Flynn – telling Comey that Flynn could be vulnerable to blackmail.

January 23 2017 – The Washington Post reports that the FBI intercepted a conversation in late December 2016 between Michael Flynn and Russian Ambassador Sergey Kislyak. The intercept is supposedly part of routine spying on the ambassador.

January 23 2017 – The FBI reports nothing unlawful in content of Flynn call. Having listened to the tapes, the FBI clears General Michael Flynn of any wrongdoing in his conversations with Russian Ambassador Sergey Kislyak. Flynn did not violate the Logan Act by attempting to influence US foreign policy.

January 24 2017 – Mike Flynn is interviewed at the White House by the FBI. It is during this interview that Flynn supposedly lies to the FBI – despite having his calls already cleared by the FBI. The surprise – and unscheduled – interview is conducted by Peter Strzok.

January 25 2017 –  The Department of Justice receives a detailed briefing on Flynn from the FBI.

January 26 2017 – Yates contacts White House Counsel McGahn who agrees to meet with Yates the same day.

January 26 2017 – Sally Yates meets with McGahn. She also brings Mary McCord – Acting Assistant Attorney General – and Head of the DOJ’s National Security Division.

Yates later testifies the meeting surrounds General Flynn’s phone calls and his FBI Interview. She also testifies that Flynn’s call and subsequent interview “was a topic of a whole lot of discussion in DOJ and with other members of the intel community.”

January 27 2017 – McGahn calls Yates and asks if she can come back to his office.

January 27 2017 – Yates returns to the White House without McCord. McGahn asks to examine the FBI’s evidence on Flynn. Yates says she will respond by Monday.

To my knowledge, Yates fails to provide McGahn with the FBI’s evidence on Flynn.

A timeline of these multi-day events can be found here. The timeline comes from Yates’s full testimony which can be viewed here. Yates’s testimony specific to Mike Flynn can be seen here.

Sally Yates became Acting Attorney General on January 20, 2017, after Loretta Lynch left office upon President Trump’s inauguration. On January 30, 2017, President Trump fired Yates for refusing to enforce the Travel Ban.

January 27 2017 – (evening) President Trump has dinner with FBI Director James Comey. President Trump asks Director Comey if he is under investigation, BUT President Trump does not ask about the Flynn investigation at this meeting.

January 30 2017President Trump fires Acting Attorney General Sally Yates for refusing to enforce the Travel Ban.

February 2 2017 – Details of conversations between President Trump, the Australian Prime Minister, and the Mexican President are leaked – portraying the calls as contentious. Both Australia and Mexico denied the calls were contentious.

February 8 2017 – In an interview with the Washington Post, Michael Flynn denies having discussed sanctions with Russian Ambassador Sergey Kislyak.

February 8 2017Jeff Sessions is confirmed as Attorney General.

February 9 2017 – The New York Times and the Washington Post publish articles claiming that General Michael Flynn discussed sanctions with Russian ambassador Sergey Kislyak in December of 2016.

The articles are confusing and some details contradictory.

February 13 2017 – The Washington Post reports that Acting Attorney General Sally Yates warned the White House in January that General Michael Flynn may be vulnerable to Russian blackmail, due to his conversations with Ambassador Kislyak.

February 13 2017 – Mike Flynn resigns as National Security Advisor after it was revealed he had misled Vice President Mike Pence about phone conversations he had with Sergey Kislyak, the Russian ambassador to the United States.

February 14 2017 – The New York Times reports that members of the Trump campaign had “repeated contacts with senior Russian intelligence officials” – according to four anonymous sources. The Trump campaign denies the claims – and the Times admits that there is “no evidence” of cooperation or collusion between the Trump campaign and the Russians.

February 15 2017 – Former intelligence officer John Schindler, now a journalist, tweets about escalating hostility in the Intelligence Community to Trump’s Presidency.

March 1 2017 – the NYT inadvertently reported on why the Obama Administration wanted a last minute January 3, 2017 rule change that allowed for intra-agency sharing of globally intercepted personal communications. In a piece titled “Obama Administration Rushed to Preserve Intelligence of Russian Hacking“, it was made clear that the Obama Administration was sharing information broadly and at low levels of security classification:

In the Obama administration’s last days, some White House officials scrambled to spread information about Russian efforts to undermine the presidential election — and about possible contacts between associates of President-elect Donald J. Trump and Russians — across the government.

For more on this important detail, see: The Suspicious Timing of Obama’s NSA Data-Sharing Order.

March 30 2017 – Mike Flynn offers to testify in exchange for immunity. He makes the offer to the FBI and the House and Senate intelligence Communities. There are no takers of his offer.

Per Flynn’s lawyer:

General Flynn certainly has a story to tell, and he very much wants to tell it, should the circumstances permit.

The Washington feeding frenzy was stunning at this point in time. The Obama/Clinton Russia-Trump narrative was in full swing.

Fast-forward to today so we can add a further twist to the whole mess:

This was immediately scoffed at – but ask yourself, why would the White House risk making this statement without proof.

Then this video from January 13, 2017, suddenly surfaced:

Flynn knew his calls were being recorded. He engaged in nothing illegal on these calls. Flynn knew he had done nothing illegal.

Flynn had no legal obligation to speak with the FBI.

But he did so anyway.

(Read much more: themarketswork.com, 12/03/2017)

(Reposted with special permission.)

December 29, 2016 – Tech experts disagree with Crowdstrike’s assessment and are critical of the FBI/DHS Joint Analysis Report (JAR)

(…)  “Breitbart News has interviewed tech experts who do not agree with the CrowdStrike assessment or Obama administration’s claims that the DNC/DCCC hacks clearly committed by Russian state actors, with much criticism aimed at the FBI/DHS Joint Analysis Report (JAR) “Grizzly Steppe” that was released at the end of December. As ZDNet reported after the JAR report was released by the Obama administration on the same day that they announced sanctions against Russia:

Mark Maunder, CEO, Wordfence (Credit: public domain)

The JAR included “specific indicators of compromise, including IP addresses and a PHP malware sample.” But what does this really prove? Wordfence, a WordPress security company specializing in analyzing PHP malware, examined these indicators and didn’t find any hard evidence of Russian involvement. Instead, Wordfence found the attack software was P.AS. 3.1.0, an out-of-date, web-shell hacking tool. The newest version, 4.1.1b, is more sophisticated. Its website claims it was written in the Ukraine.

Mark Maunder, Wordfence’s CEO, concluded that since the attacks were made “several versions behind the most current version of P.A.S sic which is 4.1.1b. One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.”

Rob Graham, CEO of Errata Security (Credit: public domain)

True, as Errata Security CEO Rob Graham pointed out in a blog post, P.A.S is popular among Russia/Ukraine hackers. But it’s “used by hundreds if not thousands of hackers, mostly associated with Russia, but also throughout the rest of the world.” In short, just because the attackers used P.A.S., that’s not enough evidence to blame it on the Russian government.

Jeffrey Carr (Credit: public domain)

Independent cybersecurity experts, such as Jeffrey Carr, have cited numerous errors that the media and CrowdStrike have made in discussing the hacking in what Carr refers to as a “runaway train” of misinformation.

For example, CrowdStrike has named a threat group that they have given the name “Fancy Bear” for the hacks and then said this threat group is Russian intelligence. In December 2016Carr wrote in a post on Medium:

A common misconception of “threat group” is that [it] refers to a group of people. It doesn’t. Here’s how ESET describes SEDNIT, one of the names for the threat group known as APT28, Fancy Bear, etc. This definition is found on p.12 of part two “En Route with Sednit: Observing the Comings and Goings”:

As security researchers, what we call “the Sednit group” is merely a set of software and the related network infrastructure, which we can hardly correlate with any specific organization.

Unlike CrowdStrike, ESET doesn’t assign APT28/Fancy Bear/Sednit to a Russian Intelligence Service or anyone else for a very simple reason. Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone.

Despite these and other criticisms from technical experts with no political ax to grind, the House Intelligence Committee has called no independent cybersecurity professionals to challenge the Democrats’ claims of “Russian hacking” that have been repeated ad naseum by the media.

Instead of presenting counter-arguments to allow the general public to make up their own minds, the House committee has invited Shawn Henry and Dmitri Alperovitch from CrowdStrike. (Read more: Breitbart, 3/09/2017)

December 19, 2016 – Strzok text to Page: “It will make your head spin to realize how many stories we played a major role in! Sheesh, this has been quite a year…”

(Credit: public domain)

(…) “A former senior U.S. intelligence official told SaraACarter.com that Strzok, who was also “playing partisan politics was then worried that sharing information with the other agencies would be used by the Obama administration for political purposes is the real height of hypocrisy and his boss Comey was just the same. What needs to happen is an investigation outside the DOJ into this whole mess.”

The disagreement between the FBI and the Intelligence Community Assessment didn’t stop the FBI from wanting to attach the unverified dossier to the report. And that was disputed by James R. Clapper, then director of national intelligence, and then CIA Director John O. Brennan, who both objected stating that the dossier was unconfirmed information from a former British spy and not vetted U.S. intelligence.

Brennan has stated on the record that he did not see the dossier until December 2016. A spokesman for Brennan told this reporter in an interview earlier this year that “former FBI Director Comey has said publicly that he wanted to make sure President Obama and Trump knew about the dossier. Comey decided to attach it to the IC Assessment. There was even talk of including it as part of the IC Assessment but Brennan (and Clapper) in fact were the ones who didn’t allow the dossier to be part of it, and they didn’t allow that because they said the information wasn’t verified intelligence and that wasn’t what the IC Assessment was about.”

In early December 2016, Strzok and Page texted that there were some conflicts between classified intelligence and the information that was already in the hands of White House officials. And they were both concerned that information would leak.

“Man, our intel submission is going to be a BOMB,” said Strzok in a text on Dec. 18, 2016.

“Oh god, why do you say that?” said Page. “Was planning to try to go in early to reach it before our mtg with Jim,“ referencing the FBI Chief of Staff James Rybicki.

“Oh it’s fine. You’ve heard it all. I’m just saying the C (classified) portion is absolutely different from the bulk of the stuff in the community. And the community and especially the WH will jump all over it since it’s what they WANT to say and they can attribute it to us, not themselves,” Strzok texted back. “All the benefit, none of the political risk. We get all of that.”

On December 19, 2016, Strzok and Page boast about the number of stories they had a hand in shaping. Page sends a text at 20:17 saying, “And this. It will make your head spin to realize how many stories we played a personal role in. Sheesh, this has been quite a year…NYTimes: The most-read stories of 2016 (with a link).”

Strzok responds “Jesus, I want to take people out for a drink. I want to take YOU out for a drink. I hope this upcoming presidency doesn’t fill my years with regret wondering what we might have done differently.”

Then page responds to Strzok with a “sad” emoji face. (Read more: Sara Carter, 9/20/2018)

December 15, 2016 – Peter Strzok-Lisa Page texts discuss others ‘leaking like mad’ ahead of Russia investigation: Report

“New text messages between ex-FBI employees Peter Strzok and Lisa Page reveal others were “leaking like mad” in the run-up to the Trump-Russia collusion probe, according to new communications between the former lovers obtained exclusively by Fox News.

Richard Quinn transfers to the FBI in St. Louis, Missouri on November 7, 2017. (Credit: public domain)

A lengthy exchange dated Dec. 15, 2016 appears to reveal a potential leak operation for “political” purposes.

“Oh, remind me to tell you tomorrow about the times doing a story about the rnc hacks,” Page texted Strzok.

“And more than they already did? I told you Quinn told me they pulling out all the stops on some story…” Strzok replied.

A source told Fox News “Quinn” could be referring to Richard Quinn, who served as the chief of the Media and Investigative Publicity Section in the Office of Public Affairs. Quinn could not be reached for comment.

Strzok again replied: “Think our sisters have begun leaking like mad. Scorned and worried, and political, they’re kicking into overdrive.”

(…) “The “leaking like mad” text came on the same day that several news outlets reported that U.S. intelligence officials said they were convinced that Russian President Vladimir Putin was personally involved, and approved Russian meddling in the 2016 presidential election.

Days before, the New York Times published an article titled “Russian Hackers Acted to Aid Trump in Election, U.S. Says,” citing “senior administration officials.”

A story published by the New York Times on Jan. 10, 2017, suggested that Russian hackers “gained limited access” to the Republican National Committee. Jan. 10, 2017 is also the same day BuzzFeed News published the infamous anti-Trump dossier.

Following the text about “sisters leaking,” Strzok wrote to Page:

“And we need to talk more about putting C reporting in our submission. They’re going to declassify all of it…”

Page replied: “I know. But they’re going to declassify their stuff, how do we withhold…”

“We will get extraordinary questions. What we did what we’re doing. Just want to ensure everyone is good with it and has thought thru all implications,” Strzok wrote. “CD should bring it up with the DD.” (Read more: Fox News, 9/13/2018)

December 2016 – Lisa Page travels to London on official business with Strzok and three other unnamed individuals

“Page noted that she only traveled abroad once while she worked for McCabe, in December 2016, on official business in London. Strzok traveled with her, as did three other unnamed individuals. One individual that Page specified as not being part of the trip was Bill Priestap, the FBI’s head of counterintelligence. Page was prohibited by FBI counsel for detailing the purpose of her visit.” (Read more: Epoch Times, 1/21/2019)

December 13, 2016 – Christopher Steele gives his final report to Republican Rep. Adam Kinzinger and Paul Ryan’s chief of staff, Jonathan Burks

Republican Rep. Adam Kinzinger, left, and House Speaker Paul  Ryan. (Credit: Tom Williams/Roll Call)

(…) “In his testimony, Comey again pushed the fiction that Republicans opposed to Trump first paid for the dossier. Congressional Republicans are right that Comey is trying to muddy the waters—the Clinton campaign and the Democratic National Committee funded Steele’s work.

But credit Comey for underscoring, and maybe not accidentally, a larger truth—the operation that sought to defraud the American voter had bipartisan support all along. Court documents released in December show that Steele gave his final report to Republican Rep. Adam Kinzinger and House Speaker Paul Ryan’s chief of staff, Jonathan Burks.

How is it possible that so many people knew and said nothing? Everyone knows it’s impossible to sustain a real conspiracy that size. People in the know talk and the press makes it public. But they did talk—all the time. But the conversations, implicit confessions, of FBI agents and other U.S. officials were hidden by colleagues who classified their talk, or deleted it, like FBI employees Peter Strzok and Lisa Page’s text messages.

The press didn’t report it because the press is part of the operation, the indispensable part. None of it would have been possible, and it certainly wouldn’t have lasted for two years, had the media not linked arms with spies, cops, and lawyers to relay a story first spun by Clinton operatives.

Starting with a relatively small group consisting of Steele, Fusion GPS founder Glenn Simpson, and senior FBI, DOJ, CIA, and State Department officials, the dossier operation gained momentum and adherents, senior officials across the political spectrum, a large part of the press corps, then the many millions of Americans it wound into a frenzied madness. Thus, much of the dossier operation was improvised.

But the core component appears to be the result of a carefully constructed plan requiring technical and legal know-how. Interviews with current and former U.S. officials provide fresh insight into how Clinton-funded operatives and senior law enforcement figures orchestrated a media campaign and weaponized the dossier to obtain the October 21, 2016 warrant on Page.” (Read more: The Federalist, 1/02/2019)

December 12, 2016 – Clapper says CIA is wrong on Russia and Clinton leaks

“The overseers of the U.S. intelligence community have not embraced a CIA assessment that Russian cyber attacks were aimed at helping Republican President-elect Donald Trump win the 2016 election, three American officials said on Monday.

While the Office of the Director of National Intelligence (ODNI) does not dispute the CIA’s analysis of Russian hacking operations, it has not endorsed their assessment because of a lack of conclusive evidence that Moscow intended to boost Trump over Democratic opponent Hillary Clinton, said the officials, who declined to be named.

The position of the ODNI, which oversees the 17 agency-strong U.S. intelligence community, could give Trump fresh ammunition to dispute the CIA assessment, which he rejected as “ridiculous” in weekend remarks, and press his assertion that no evidence implicates Russia in the cyber attacks.

Trump’s rejection of the CIA’s judgment marks the latest in a string of disputes over Russia’s international conduct that have erupted between the president-elect and the intelligence community he will soon command.

An ODNI spokesman declined to comment on the issue.

“ODNI is not arguing that the agency (CIA) is wrong, only that they can’t prove intent,” said one of the three U.S. officials. “Of course they can’t, absent agents in on the decision-making in Moscow.”

The Federal Bureau of Investigation, whose evidentiary standards require it to make cases that can stand up in court, declined to accept the CIA’s analysis – a deductive assessment of the available intelligence – for the same reason, the three officials said.” (Read more: Reuters, 12/12/2016)

December 12, 2016 – US Intel vets dispute Russia hacking claims because the evidence should be there and is absent

“As the hysteria about Russia’s alleged interference in the U.S. election grows, a key mystery is why U.S. intelligence would rely on “circumstantial evidence” when it has the capability for hard evidence, say U.S. intelligence veterans.

Veteran Intelligence Professionals for Sanity

MEMORANDUM

Allegations of Hacking Election Are Baseless

Seal of the National Security Agency (Credit: NSA)

A New York Times report alluding to “overwhelming circumstantial evidence” leading the CIA to believe that Russian President Vladimir Putin “deployed computer hackers with the goal of tipping the election to Donald J. Trump” is, sadly, evidence-free. This is no surprise, because harder evidence of a technical nature points to an inside leak, not hacking – by Russians or anyone else.

Monday’s Washington Post reports that Sen. James Lankford, R-Oklahoma, a member of the Senate Intelligence Committee, has joined other senators in calling for a bipartisan investigation of suspected cyber-intrusion by Russia. Reading our short memo could save the Senate from endemic partisanship, expense and unnecessary delay.

In what follows, we draw on decades of senior-level experience – with emphasis on cyber-intelligence and security – to cut through uninformed, largely partisan fog. Far from hiding behind anonymity, we are proud to speak out with the hope of gaining an audience appropriate to what we merit – given our long labors in government and other areas of technology. And corny though it may sound these days, our ethos as intelligence professionals remains, simply, to tell it like it is – without fear or favor.

We have gone through the various claims about hacking. For us, it is child’s play to dismiss them. The email disclosures in question are the result of a leak, not a hack. Here’s the difference between leaking and hacking:

Leak: When someone physically takes data out of an organization and gives it to some other person or organization, as Edward Snowden and Chelsea Manning did.

Hack: When someone in a remote location electronically penetrates operating systems, firewalls or any other cyber-protection system and then extracts data.

All signs point to leaking, not hacking. If hacking were involved, the National Security Agency would know it – and know both sender and recipient.

In short, since leaking requires physically removing data – on a thumb drive, for example – the only way such data can be copied and removed, with no electronic trace of what has left the server, is via a physical storage device.

Awesome Technical Capabilities

Former National Security Agency contractor Edward Snowden. (Photo credit: The Guardian)

Again, NSA is able to identify both the sender and recipient when hacking is involved. Thanks largely to the material released by Edward Snowden, we can provide a full picture of NSA’s extensive domestic data-collection network including Upstream programs like Fairview, Stormbrew and Blarney. These include at least 30 companies in the U.S. operating the fiber networks that carry the Public Switched Telephone Network as well as the World Wide Web. This gives NSA unparalleled access to data flowing within the U.S. and data going out to the rest of the world, as well as data transiting the U.S.

In other words, any data that is passed from the servers of the Democratic National Committee (DNC) or of Hillary Rodham Clinton (HRC) – or any other server in the U.S. – is collected by the NSA.  These data transfers carry destination addresses in what are called packets, which enable the transfer to be traced and followed through the network.

Packets: Emails being passed across the World Wide Web are broken down into smaller segments called packets. These packets are passed into the network to be delivered to a recipient. This means the packets need to be reassembled at the receiving end.

To accomplish this, all the packets that form a message are assigned an identifying number that enables the receiving end to collect them for reassembly. Moreover, each packet carries the originator and ultimate receiver Internet protocol number (either IPV4 or IPV6) that enables the network to route data.

When email packets leave the U.S., the other “Five Eyes” countries (the U.K., Canada, Australia, and New Zealand) and the seven or eight additional countries participating with the U.S. in bulk-collection of everything on the planet would also have a record of where those email packets went after leaving the U.S.

These collection resources are extensive [see attached NSA slides 1, 2, 3, 4, 5]; they include hundreds of trace route programs that trace the path of packets going across the network and tens of thousands of hardware and software implants in switches and servers that manage the network. Any emails being extracted from one server going to another would be, at least in part, recognizable and traceable by all these resources.

The bottom line is that the NSA would know where and how any “hacked” emails from the DNC, HRC or any other servers were routed through the network. This process can sometimes require a closer look into the routing to sort out intermediate clients, but in the end sender and recipient can be traced across the network.

The various ways in which usually anonymous spokespeople for U.S. intelligence agencies are equivocating – saying things like “our best guess” or “our opinion” or “our estimate” etc. – shows that the emails alleged to have been “hacked” cannot be traced across the network. Given NSA’s extensive trace capability, we conclude that DNC and HRC servers alleged to have been hacked were, in fact, not hacked.

The evidence that should be there is absent; otherwise, it would surely be brought forward, since this could be done without any danger to sources and methods. Thus, we conclude that the emails were leaked by an insider – as was the case with Edward Snowden and Chelsea Manning. Such an insider could be anyone in a government department or agency with access to NSA databases, or perhaps someone within the DNC.” (Read more: Consortium News, December 12, 2016)