Guccifer 2.0

April 18, 2019 – Mueller’s own report undercuts its core Russia-meddling claims

(Credit: Carlo Allegri/Reuters)

“While the 448-page Mueller report found no conspiracy between Donald Trump’s campaign and Russia, it offered voluminous details to support the sweeping conclusion that the Kremlin worked to secure Trump’s victory. The report claims that the interference operation occurred “principally” on two fronts: Russian military intelligence officers hacked and leaked embarrassing Democratic Party documents, and a government-linked troll farm orchestrated a sophisticated and far-reaching social media campaign that denigrated Hillary Clinton and promoted Trump.

But a close examination of the report shows that none of those headline assertions are supported by the report’s evidence or other publicly available sources. They are further undercut by investigative shortcomings and the conflicts of interest of key players involved:

  • The report uses qualified and vague language to describe key events, indicating that Mueller and his investigators do not actually know for certain whether Russian intelligence officers stole Democratic Party emails, or how those emails were transferred to WikiLeaks.
  • The report’s timeline of events appears to defy logic. According to its narrative, WikiLeaks founder Julian Assange announced the publication of Democratic Party emails not only before he received the documents but before he even communicated with the source that provided them.
  • There is strong reason to doubt Mueller’s suggestion that an alleged Russian cutout called Guccifer 2.0 supplied the stolen emails to Assange.
  • Mueller’s decision not to interview Assange – a central figure who claims Russia was not behind the hack – suggests an unwillingness to explore avenues of evidence on fundamental questions.
  • U.S. intelligence officials cannot make definitive conclusions about the hacking of the Democratic National Committee computer servers because they did not analyze those servers themselves. Instead, they relied on the forensics of CrowdStrike, a private contractor for the DNC that was not a neutral party, much as “Russian dossier” compiler Christopher Steele, also a DNC contractor, was not a neutral party. This puts two Democrat-hired contractors squarely behind underlying allegations in the affair – a key circumstance that Mueller ignores.
  • Further, the government allowed CrowdStrike and the Democratic Party’s legal counsel to submit redacted records, meaning CrowdStrike and not the government decided what could be revealed or not regarding evidence of hacking.
  • Mueller’s report conspicuously does not allege that the Russian government carried out the social media campaign. Instead it blames, as Mueller said in his closing remarks, “a private Russian entity” known as the Internet Research Agency (IRA).
  • Mueller also falls far short of proving that the Russian social campaign was sophisticated, or even more than minimally related to the 2016 election. As with the collusion and Russian hacking allegations, Democratic officials had a central and overlooked hand in generating the alarm about Russian social media activity.
  • John Brennan, then director of the CIA, played a seminal and overlooked role in all facets of what became Mueller’s investigation: the suspicions that triggered the initial collusion probe; the allegations of Russian interference; and the intelligence assessment that purported to validate the interference allegations that Brennan himself helped generate. Yet Brennan has since revealed himself to be, like CrowdStrike and Steele, hardly a neutral party — in fact a partisan with a deep animus toward Trump.

Uncertainty Over Who Stole the Emails

The Mueller report’s narrative of Russian hacking and leaking was initially laid out in a July 2018 indictment of 12 Russian intelligence officers and is detailed further in the report.  According to Mueller, operatives at Russia’s main intelligence agency, the GRU, broke into Clinton campaign Chairman John Podesta’s emails in March 2016. The hackers infiltrated Podesta’s account with a common tactic called spear-phishing, duping him with a phony security alert that led him to enter his password. The GRU then used stolen Democratic Party credentials to hack into the DNC and Democratic Congressional Campaign Committee (DCCC) servers beginning in April 2016. Beginning in June 2016, the report claims, the GRU created two online personas, “DCLeaks” and “Guccifer 2.0,” to begin releasing the stolen material. After making contact later that month, Guccifer 2.0 apparently transferred the DNC emails to the whistleblowing, anti-secrecy publisher WikiLeaks, which released the first batch on July 22 ahead of the Democratic National Convention.

The report presents this narrative with remarkable specificity: It describes in detail how GRU officers installed malware, leased U.S.-based computers, and used cryptocurrencies to carry out their hacking operation. The intelligence that caught the GRU hackers is portrayed as so invasive and precise that it even captured the keystrokes of individual Russian officers, including their use of search engines.

In fact, the report contains crucial gaps in the evidence that might support that authoritative account. Here is how it describes the core crime under investigation, the alleged GRU theft of DNC emails:

Between approximately May 25, 2016 and June 1, 2016, GRU officers accessed the DNC’s mail server from a GRU-controlled computer leased inside the United States. During these connections, Unit 26165 officers appear to have stolen thousands of emails and attachments, which were later released by WikiLeaks in July 2016. [Italics added for emphasis.]

Mueller Report, March 2019, p. 41.

The report’s use of that one word, “appear,” undercuts its suggestions that Mueller possesses convincing evidence that GRU officers stole “thousands of emails and attachments” from DNC servers. It is a departure from the language used in his July 2018 indictment, which contained no such qualifier:

Netyksho/GRU Indictment, July 2018, p. 11.

“It’s certainly curious as to why this discrepancy exists between the language of Mueller’s indictment and the extra wiggle room inserted into his report a year later,” says former FBI Special Agent Coleen Rowley. “It may be an example of this and other existing gaps that are inherent with the use of circumstantial information.  With Mueller’s exercise of quite unprecedented (but politically expedient) extraterritorial jurisdiction to indict foreign intelligence operatives who were never expected to contest his conclusory assertions in court, he didn’t have to worry about precision. I would guess, however, that even though NSA may be able to track some hacking operations, it would be inherently difficult, if not impossible, to connect specific individuals to the computer transfer operations in question.”

The report also concedes that Mueller’s team did not determine another critical component of the crime it alleges: how the stolen Democratic material was transferred to WikiLeaks. The July 2018 indictment of GRU officers suggested – without stating outright – that WikiLeaks published the Democratic Party emails after receiving them from Guccifer 2.0 in a file named “wk dnc linkI .txt.gpg” on or around July 14, 2016. But now the report acknowledges that Mueller has not actually established how WikiLeaks acquired the stolen information: “The Office cannot rule out that stolen documents were transferred to WikiLeaks through intermediaries who visited during the summer of 2016.”

Mueller Report, p. 47.

Another partially redacted passage also suggests that Mueller cannot trace exactly how WikiLeaks received the stolen emails. Given how the sentence is formulated, the redacted portion could reflect Mueller’s uncertainty:

Mueller Report, p. 45.

Contrary to Mueller’s sweeping conclusions, the report itself is, at best, suggesting that the GRU, via its purported cutout Guccifer 2.0, may have transferred the stolen emails to WikiLeaks. ”

Aaron Mate’ addresses each of the bullet points above in much greater detail at: (RealClearInvestigations, 7/05/2019) 

April 18, 2019 – The Mueller investigation fails to provide evidence that the DNC was actually hacked

A photo created by the Daily Beast depicting Guccifer 2.0 as a Russian Intelligence officer on March 22, 2018. (Credit: The Daily Beast)

(…) “Unchallenged allegations of a computer “hack” permeated nearly all mainstream-media coverage of the investigation and were sprinkled throughout much of the final report from special counsel Robert Mueller. The indictment of 12 Russians by Mueller asserts that the emails were obtained through a remote network breach. The indictment drones on and on about a Russian military unit dubbed “Unit 26165” and “X-Agent malware” that supposedly allowed the DNC emails to be compromised.

But analysis of the files themselves (analysis that team Mueller either never conducted or never discussed) shows otherwise.

It’s not inconsequential that the DNC refused to let anyone examine the server. The FBI just accepted the hack narrative based on the word of CrowdStrike, a firm hired by the DNC—a firm whose analyst that supposedly examined the DNC server just happened to have previously worked for none other than … Robert Mueller.

The Mueller report repeatedly uses the words “hack” and “hacking,” yet fails to offer a shred of evidence that a hack actually took place. The public is just supposed to accept on good faith a claim made by a former FBI director (under his own cloud of suspicion), who’s investigating the current president in a case initiated by biased FBI officials whose investigation is based on opposition research provided by the Russians and paid for by the president’s political opposition, the Hillary Clinton campaign and the DNC.

Analysis of the stolen emails not only eviscerates the legitimacy of at least 12 of Mueller’s indictments—the ones against Russians he accused of conducting a hack that never actually occurred—it further calls into question the motives for the origin of the Mueller probe.

Specifically, the report states, “Taken together, these disparate data points combine to paint a picture that exonerates alleged Russian hackers and implicates persons within our law enforcement and intelligence community taking part in a campaign of misinformation, deceit and incompetence. It is not a pretty picture.”

After an investigation that had 19 lawyers, 2,800 subpoenas, 500 search warrants, 500 witnesses interviewed, and more than 230 orders for communication records, not only was there no finding of collusion, conspiracy, or obstruction, we are also still left with a question about how this whole thing started.

Who actually stole the DNC emails? (Read more: The Epoch Times, 7/09/2019)

July 13, 2018 – Mueller’s Latest Indictment Contradicts Evidence In The Public Domain

“On July 13th, 2018, an indictment was filed by Special Counsel Robert Swan Mueller III.

This author is responding to the indictment because it features claims about Guccifer 2.0 that are inconsistent with what has been discovered about the persona, including the following:

Evidence was found over 500 days ago relating to the Guccifer 2.0 persona that showed they had deliberately manipulated files to have Russian metadata. We know the process used to construct the documents was not due to accidental mistakes during the creation process.

The original template document that Guccifer 2.0 used has been identified. It is also the source of the presence of Warren Flood’s name, and can be found attached to one of Podesta’s emails (it has RSIDs matching with .

The Trump opposition research, which CrowdStrike claimed was targeted at the DNC, apparently in late April 2016, isn’t what Guccifer 2.0 actually presented to reporters. It also didn’t come from the DNC, but was an attached file on one of John Podesta’s emails – not the DNC’s. This specific copy appears to have been edited by Tony Carrk shortly before it was sent to Podesta. The fact that Guccifer 2.0’s initial releases were Podesta email attachments was even conceded by a former DNC official.

It appears that Guccifer 2.0 fabricated evidence on June 15, 2016, that coincidentally dovetailed with multiple claims made by CrowdStrike executives that had been published the previous day.

Guccifer 2.0 went to considerable effort to make sure Russian error messages appeared in copies of files given to the press.

Evidence – which Guccifer 2.0 couldn’t manipulate due to being logged by third parties – suggests he was operating in the US.

Additional evidence, which Guccifer 2.0 would have been unlikely to realize “he” was leaving, indicated that the persona was archiving files in US time zones before release, with email headers giving him away early on.

Virtually everything that has been claimed to indicate Guccifer 2.0 was Russian was based on something he chose to do.

Considering that Guccifer 2.0 had access to Podesta’s emails, yet never leaked anything truly damaging to the Clinton campaign even though he would have had access to it, is highly suspicious. In fact, Guccifer 2.0 never referenced any of the scandals that would later explode when the DNC emails and Podesta email collections were published by WikiLeaks.” (Read more: Adam Carter, Disobedient Media, 7/15/2018)

July 24, 2017 – Intel vets challenge ‘Russia Hack’ evidence

In a memo to President Trump, a group of former U.S. intelligence officers, including NSA specialists, cite new forensic studies to challenge the claim of the key Jan. 6 “assessment” that Russia “hacked” Democratic emails last year. 

MEMORANDUM FOR: The President

FROM: Veteran Intelligence Professionals for Sanity (VIPS)

SUBJECT: Was the “Russian Hack” an Inside Job?

Executive Summary

Then-Director of National Intelligence James Clapper (right) talks with President Barack Obama in the Oval Office, with John Brennan and other national security aides present.(Credit: Office of Director of National Intelligence)

Forensic studies of “Russian hacking” into Democratic National Committee computers last year reveal that on July 5, 2016, data was leaked (not hacked) by a person with physical access to DNC computer. After examining metadata from the “Guccifer 2.0” July 5, 2016 intrusion into the DNC server, independent cyber investigators have concluded that an insider copied DNC data onto an external storage device.

Key among the findings of the independent forensic investigations is the conclusion that the DNC data was copied onto a storage device at a speed that far exceeds an Internet capability for a remote hack. Of equal importance, the forensics show that the copying was performed on the East coast of the U.S. Thus far, mainstream media have ignored the findings of these independent studies [see here and here].

Independent analyst Skip Folden, who retired after 25 years as the IBM Program Manager for Information Technology, US, who examined the recent forensic findings, is a co-author of this Memorandum. He has drafted a more detailed technical report titled “Cyber-Forensic Investigation of ‘Russian Hack’ and Missing Intelligence Community Disclaimers,” and sent it to the offices of the Special Counsel and the Attorney General. VIPS member William Binney, a former Technical Director at the National Security Agency, and other senior NSA “alumni” in VIPS attest to the professionalism of the independent forensic findings.

The recent forensic studies fill in a critical gap. Why the FBI neglected to perform any independent forensics on the original “Guccifer 2.0” material remains a mystery – as does the lack of any sign that the “hand-picked analysts” from the FBI, CIA, and NSA, who wrote the “Intelligence Community Assessment” dated January 6, 2017, gave any attention to forensics.” (Read more: Consortium News, 7/24/2017)

The US government formally accuses the Russian government of hacking and publishing emails related to US political entities.

161007JamesClapperMarkWilsonGetty

James Clapper (Credit: Mark Wilson / Getty Images)

Director of National Intelligence James Clapper releases a statement in conjunction with the Department of Homeland Security claiming that leaked emails that have appeared on a variety of websites “are intended to interfere with the US election process. … We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.”

The New York Times comments that the statement does “not name President Vladimir V. Putin of Russia, but that appear[s] to be the intention.”

Many thousands of emails and other documents have been posted in recent months on the WikiLeaks website, but WikiLeaks won’t say where their leaks come from. Two newly created websites attributed to DCLeaks and Guccifer 2.0 have also posted leaks. Both groups claim to have no ties to the Russian government, but the US government claims otherwise.

The statement adds that US intelligence agencies are less certain who is responsible for “scanning and probing” online voter registration lists in various US states in recent months. Those “in most cases originated from servers operated by a Russian company,” but the statement doesn’t assert that the Russian government is responsible.

161007KerryLavrovGenevaAFP

Kerry (left) and Russian Minister for Foreign Affairs Sergei Lavrov meet in Geneva to discuss the Syrian crisis on September 9, 2016. (Credit: Agence France Presse)

The Times notes that the “announcement [comes] only hours after Secretary of State John Kerry called for the Russian and Syrian governments to face a formal war-crimes investigation over attacks on civilians in Aleppo and other parts of Syria. Taken together, the developments mark a sharp escalation of Washington’s many confrontations with [Russia] this year.”

US officials had debated for months whether or not to formally accuse Russia, and if so, when. An unnamed “senior administration official” says that with only about a month to go before the November presidential election, President Obama was “under pressure to act now,” in part because the closer the declaration would be to election day, the more political it would seem.

It is unclear what action the US will take in an attempt to punish Russia, if any. A range of options are being considered, including economic sanctions and covert cyber attacks against Russian targets. (The New York Times, 10/7/2016)

Whoever hacked DNC and other Democrat-related emails in the last year may have also targeted Republicans.

The Daily Beast reports that cybersecurity experts believe the hacker or hackers who stole emails from the DNC (Democratic National Committee) are behind a website known as DCLeaks. The site went public in June 2016 to little media attention. But the site contains emails from hundreds of Republican and Democratic US politicans, including staffers to Republican Senators John McCain and Linsey Graham, plus staffers to former Republican Repesentative Michelle Bachmann.  An unnamed “an individual close to the investigation of the Democratic Party hacks” says the evidence is growing that both parties have been targeted. “Everyone is sweating this right now. This isn’t just limited to Democrats.”

160812McCainGrahamKevinLamarqueReuters

Senators John McCain (left) and Linsey Graham (right) (Credit: Kevin Lamarque / Reuters)

The cybersecurity company ThreatConnect has been investigating the recent hacks of US political targets, and they call DCLeaks a “Russian-backed influence outlet.” In particular, they have linked it to Fancy Bear (a.k.a. APT 28), a hacking group also accused of hacking the DNC, an believed by many to be working for the Russian government. “DCLeaks’ registration and hosting information aligns with other Fancy Bear activities and known tactics, techniques, and procedures.” They also claim that the hacker or hacking group known as Guccifer 2.0, who claims to be behind the hacking of the DNC emails that WikiLeaks publicly posted in July 2016, is linked to DCLeaks.
The Daily Beast reports that “researchers, at ThreatConnect and elsewhere, also now believe that Guccifer 2.0 was WikiLeaks’ source and that the group is acting as a front for the Russian government.” (The Daily Beast, 8/12/2016)

A cybersecurity group claims to have new evidence that Guccifer 2.0 is actually a team of Russian hackers.

Threat Connect Logo (Credit: public domain)

Guccifer 2.0 is a hacker who claims he broke into the Democratic National Committtee (DNC) computer network and then gave the emails he found to WikiLeaks. He also claims to be an East European with no connection to Russia.

However, the cybersecurity research group ThreatConnect claims to have new evidence linking Guccifer 2.0 to an Internet server in Russia and to a digital address that has been linked to previous Russian online scams. They conclude that Guccifer 2.0 is actually an “apparition created under a hasty Russian [denial and deception] campaign” to influence political events in the US.

Their report concludes, “Maintaining a ruse of this nature within both the physical and virtual domains requires believable and verifiable events which do not contradict one another. That is not the case here.” For instance, Guccifer 2.0 claims to have broken into the DNC network in the summer of 2015 using a software flaw that didn’t exist until December 2015.

Furthermore, the Guccier 2.0 entity is “a Russia-controlled platform that can act as a censored hacktivist. Moscow determines what Guccifer 2.0 shares and thus can attempt to selectively impact media coverage, and potentially the election, in a way that ultimately benefits their national objectives.” (The Daily Beast, 7/26/2016)

WikiLeaks discourages suggestions that the Russian government is behind its release of DNC emails.

160725WikileaksDNCLogo

Wikileaks cartoon that accompanied the DNC documents release. (Credit: Latoff / Wikileaks)

In an interview with NBC News, Wikileaks leader Julian Assange won’t say who gave WikiLeaks the Democratic National Committee (DNC) emails they have recently made public, as the group has a policy to never reveal their sources.

However, Assange discourages the widespread speculation that the emails come from hackers linked to the Russian government. Assange suggests that the DNC’s security was so weak that it could have been hacked by multiple groups. He also insists, “The emails that we have released are different sets of documents to the documents of those [that] people have analyzed.”

A hacker or hacking group going by the name of Guccifer 2.0 claims to have given the emails to WikiLeaks, but WikiLeaks has not confirmed this.

A WikiLeaks representative also comments, “Our publication of leaked DNC emails and the many DNC hacks over the last two years are separate incidents and should not be conflated.” (The Daily Beast, 7/26/2016)

Guccifer 2.0 takes credit for the DNC emails posted by WikiLeaks.

160722Guccifer2Tweet

Tweet posted by Guccifer 2.0 on July 22, 2016. (Credit: Guccifer 2.0 / Twitter)

Shortly after WikiLeaks publishes almost 20,000 emails from the Democratic National Committee (DNC), the hacker known as Guccifer 2.0 takes credit. His website is not updated, but he writes at his Twitter account: “@wikileaks published #DNCHack docs I’d given them!!!” (Twitter, 6/22/2016)

He has previously posted many DNC files on his own website, starting on June 15, 2016. And on that same day, he claimed that he had given “thousands of files and mails” to WikiLeaks.

WikiLeaks releases almost 20,000 DNC emails as the first of a series of Clinton-related leaks.

WikiLeaks publicly releases 19,252 emails and 8,034 email attachments recently hacked from the Democratic National Committee (DNC). The emails are from seven DNC officials: Communications Director Luis Miranda (10,770 emails), National Finance Director Jordon Kaplan (3,797 emails), Finance Chief of Staff Scott Comer (3,095 emails), Finance Director Zachary Allen (1,611 emails), Finance Director of Data and Strategic Initiatives Daniel Parrish (1,472 emails), Senior Advisor Andrew Wright (938 emails) and Northern California Finance Director Robert (Erik) Stowe (751 emails). The emails are from January 2015 until May 25, 2016.

160722DNCMontage

The seven DNC officials are left to right Luis Miranda (Credit: public domain), Jordan Kaplan (Credit: Facebook), Scott Comer (Credit: Linked In), Zachary Allen (Credit: Twitter), Daniel Parrish (Credit: Linked In), Andrew Wright (Credit: Linked In), Robert (Erik) Stowe (Credit: Linked In)

In announcing the release, WikiLeaks mentions this is “part one of our new Hillary Leaks series.” (WikiLeaks, 7/22/2016)

Julian Assange, head of WikiLeaks, mentioned in a June 2016 interview that other coming releases will relate to the Clinton Foundation and to Clinton’s emails (although it’s not clear how many there are or where and when they are from). It also was reported in June 2016 that the DNC computer network had been recently hacked, along with other political entities, such as the Clinton campaign. It also was suspected that the Russian government was behind the DNC hack. However, a previously unknown hacker named Guccifer 2.0 emerged and claimed to be behind the hack, and also claimed to have no ties to Russia. He furthermore claimed to have given thousands of documents to WikiLeaks.

WikiLeaks has a policy of never revealing the sources of their leaked material, and has maintained that policy for this release.