Joint Analysis Report (JAR)

May 31, 2019 – The DOJ admits the FBI has never seen an unredacted version of the Crowdstrike report on the DNC Russian hacking claim

“The foundation for the Russian election interference narrative is built on the claim of Russians hacking the servers of the Democrat National Committee (DNC), and subsequently releasing damaging emails that showed the DNC worked to help Hillary Clinton and eliminate Bernie Sanders.

Despite the Russian ‘hacking’ claim the DOJ previously admitted the DNC would not let FBI investigators review the DNC server.  Instead the DNC provided the FBI with analysis of a technical review done through a cyber-security contract with Crowdstrike.

The narrative around the DNC hack claim was always sketchy; many people believe the DNC email data was downloaded onto a flash drive and leaked.  In a court filing (full pdf below) the scale of sketchy has increased exponentially.

Suspecting they could prove the Russian hacking claim was false, lawyers representing Roger Stone requested the full Crowdstrike report on the DNC hack.  When the DOJ responded to the Stone motion they made a rather significant admission.  Not only did the FBI not review the DNC server, the FBI/DOJ never even saw the Crowdstrike report.

Yes, that is correct.  The FBI and DOJ were only allowed to see a “draft” report prepared by Crowdstrike, and that report was redacted… and that redacted draft is the “last version of the report produced”; meaning, there are no unredacted & final versions.

Whiskey-Tango-Foxtrot!

This means the FBI and DOJ, and all of the downstream claims by the intelligence apparatus; including the December 2016 Joint Analysis Report and January 2017 Intelligence Community Assessment, all the way to the Weissmann/Mueller report and the continued claims therein; were based on the official intelligence agencies of the U.S. government and the U.S. Department of Justice taking the word of a hired contractor for the Democrat party….. despite their inability to examine the server and/or actually see an unredacted technical forensic report from the investigating contractor.

The entire apparatus of the U.S. government just took their word for it…

…and used the claim therein as an official position…

…which led to a subsequent government claim, in court, of absolute certainty that Russia hacked the DNC.

Think about that for a few minutes.

The full intelligence apparatus of the United States government is relying on a report they have never even been allowed to see or confirm; that was created by a paid contractor for a political victim that would not allow the FBI to investigate their claim.

The DNC server issue is foundation, and cornerstone, of the U.S. government’s position on “Russia hacking” and the election interference narrative; and that narrative is based on zero factual evidence to affirm the U.S. government’s position.” (Read more: Conservative Treehouse, 6/15/2019)

December 29, 2016 – Tech experts disagree with Crowdstrike’s assessment and are critical of the FBI/DHS Joint Analysis Report (JAR)

(…)  “Breitbart News has interviewed tech experts who do not agree with the CrowdStrike assessment or Obama administration’s claims that the DNC/DCCC hacks clearly committed by Russian state actors, with much criticism aimed at the FBI/DHS Joint Analysis Report (JAR) “Grizzly Steppe” that was released at the end of December. As ZDNet reported after the JAR report was released by the Obama administration on the same day that they announced sanctions against Russia:

Mark Maunder, CEO, Wordfence (Credit: public domain)

The JAR included “specific indicators of compromise, including IP addresses and a PHP malware sample.” But what does this really prove? Wordfence, a WordPress security company specializing in analyzing PHP malware, examined these indicators and didn’t find any hard evidence of Russian involvement. Instead, Wordfence found the attack software was P.AS. 3.1.0, an out-of-date, web-shell hacking tool. The newest version, 4.1.1b, is more sophisticated. Its website claims it was written in the Ukraine.

Mark Maunder, Wordfence’s CEO, concluded that since the attacks were made “several versions behind the most current version of P.A.S sic which is 4.1.1b. One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.”

Rob Graham, CEO of Errata Security (Credit: public domain)

True, as Errata Security CEO Rob Graham pointed out in a blog post, P.A.S is popular among Russia/Ukraine hackers. But it’s “used by hundreds if not thousands of hackers, mostly associated with Russia, but also throughout the rest of the world.” In short, just because the attackers used P.A.S., that’s not enough evidence to blame it on the Russian government.

Jeffrey Carr (Credit: public domain)

Independent cybersecurity experts, such as Jeffrey Carr, have cited numerous errors that the media and CrowdStrike have made in discussing the hacking in what Carr refers to as a “runaway train” of misinformation.

For example, CrowdStrike has named a threat group that they have given the name “Fancy Bear” for the hacks and then said this threat group is Russian intelligence. In December 2016Carr wrote in a post on Medium:

A common misconception of “threat group” is that [it] refers to a group of people. It doesn’t. Here’s how ESET describes SEDNIT, one of the names for the threat group known as APT28, Fancy Bear, etc. This definition is found on p.12 of part two “En Route with Sednit: Observing the Comings and Goings”:

As security researchers, what we call “the Sednit group” is merely a set of software and the related network infrastructure, which we can hardly correlate with any specific organization.

Unlike CrowdStrike, ESET doesn’t assign APT28/Fancy Bear/Sednit to a Russian Intelligence Service or anyone else for a very simple reason. Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone.

Despite these and other criticisms from technical experts with no political ax to grind, the House Intelligence Committee has called no independent cybersecurity professionals to challenge the Democrats’ claims of “Russian hacking” that have been repeated ad naseum by the media.

Instead of presenting counter-arguments to allow the general public to make up their own minds, the House committee has invited Shawn Henry and Dmitri Alperovitch from CrowdStrike. (Read more: Breitbart, 3/09/2017)

December 12, 2016 – CIA director Brennan selects FBI Peter Strzok to work on the Joint Analysis Report (JAR) and help write the Intel Community Assessment (ICA)

March 26, 2019 – “Last week Fox News journalist Catherine Herridge announced she had received 40 pages of text messages between former FBI Deputy Director Andrew McCabe and his FBI Lawyer Lisa Page. [See Here]  These text communications have not been seen by congress, and were not released during prior requests for documents.  Herridge, released and wrote about two of the pages. [See Here]

Today, Herridge releases two more pages….  She’s awesome, and likely slow in the overall release to absorb the import; and for good reason.  Herridge’s release today highlights an important meeting as discussed within the texts:

In a Dec. 12, 2016, text reviewed by Fox News, Page wrote to McCabe: “Btw, [Director of National Intelligence James] Clapper told Pete that he was meeting with [CIA Director John] Brennan and Cohen for dinner tonight. Just FYSA [for your situational awareness].”

Herridge’s angle is questioning why Peter “Pete” Strzok would be told about a meeting between CIA Director John Brennan, ODNI James Clapper and Deputy CIA Director David Cohen.  Current officials cannot explain the context of this December 12th, 2016 meeting and why “Pete” would know about it.

However, there’s an aspect to the background of this time-frame that Catherine Herridge is overlooking…. bear with me.

This meeting takes place on December 12th, 2016.  This is in the epicenter of the time when the Obama intelligence officials, specifically Clapper and Brennan – along with DHS Secretary Jeh Johnson, were hastily putting together something called the JAR “Joint Analysis Report”, on Russian activity in the 2016 election.

The Joint Analysis Report: aka GRIZZLY STEPPE – Russian Malicious Cyber Activity”  was released on December 29th, 2016, to coincide with President Obama kicking out Russian diplomats as punishment for the content therein which outlined malicious Russian activity in the 2016 election.

We’ve been talking about the JAR from the day it was initially released.  This specific report is total garbage. [Read it Here]  The “Russian Malicious Cyber Activity – Joint Analysis Report” is pure nonsense. This is the report that generated the “17 intelligence agencies” narrative and talking points.  The JAR outlines nothing more than vague and disingenuous typical hacking activity that is no more substantive than any other hacking report on any other foreign actor.  But the “17 Intel Agencies” narrative stuck like glue.

(…)  There’s no doubt the intended outcome was to create confusion and begin selling a narrative to undermine the incoming President-elect Trump administration. No-one expected him to win; Trump’s victory sent a shock-wave through the DC system the professional political class were reacting to it.  The emotional crisis inside DC made manipulating them, and much of the the electorate, that much easier.

Understanding the JAR was used to validate the Russian sanctions and expulsion of the 35 Russian diplomats; and understanding that some coordination and planning was needed for the report therein; and understanding that Brennan and Clapper would need someone to author the material; that’s where Peter “Pete” Strzok comes in.

Remember, CIA Director John Brennan enlisted FBI Agent Peter Strzok to write much of the follow-up within the ICA report, another sketchy construct.  Paul Sperry wrote a great article about it (emphasis mine):

(…) In another departure from custom, the report is missing any dissenting views or an annex with evaluations of the conclusions from outside reviewers. “Traditionally, controversial intelligence community assessments like this include dissenting views and the views of an outside review group,” said Fred Fleitz, who worked as a CIA analyst for 19 years and helped draft national intelligence estimates at Langley. “It also should have been thoroughly vetted with all relevant IC agencies,” he added. “Why were DHS and DIA excluded?”

Fleitz suggests that the Obama administration limited the number of players involved in the analysis to skew the results. He believes the process was “manipulated” to reach a “predetermined political conclusion” that the incoming Republican president was compromised by the Russians.

“I’ve never viewed the ICA as credible,” the CIA veteran added.

A source close to the House investigation said Brennan himself selected the CIA and FBI analysts who worked on the ICA, and that they included former FBI counterespionage chief Peter Strzok.

Strzok was the intermediary between Brennan and [former FBI Director James] Comey, and he was one of the authors of the ICA,” according to the source.  (read more)

Now does the picture from within Catherine Herridge’s story make more sense?

Peter “Pete” Strzok knew about the December 12th meeting between Brennan, Clapper and Cohen, because Clapper told Strzok of the meeting.  Likely this discussion surrounded the need for Pete’s help in constructing the JAR; which would be the underlying evidence President Obama would use to expel the Russians….  Which is to say, give increased validity to the manufactured premise there was Russian interference.  There wasn’t. (Read more: Conservative Treehouse, March 26, 2019)

Fast forward two months: “Trey Gowdy appears on Fox News to discuss the current ‘investigative’ status and reports of Brennan -vs- Comey on the use of the Steele Dossier within the 2017 Intelligence Community Assessment or ICA.

Gowdy is one of the few people, along with John Ratcliffe, who has seen the full and unredacted FISA application used against Carter Page.

Regarding the use of the Steele Dossier within the January 2017 Intelligence Community Assessment; as Gowdy notes there is a likelihood both Brennan and Comey are both correct. (Read more: Conservative Treehouse, 5/14/2019)