Veterans Intelligence Professionals for Sanity (VIPS)

April 18, 2019 – The Mueller investigation fails to provide evidence that the DNC was actually hacked

A photo created by the Daily Beast depicting Guccifer 2.0 as a Russian Intelligence officer on March 22, 2018. (Credit: The Daily Beast)

(…) “Unchallenged allegations of a computer “hack” permeated nearly all mainstream-media coverage of the investigation and were sprinkled throughout much of the final report from special counsel Robert Mueller. The indictment of 12 Russians by Mueller asserts that the emails were obtained through a remote network breach. The indictment drones on and on about a Russian military unit dubbed “Unit 26165” and “X-Agent malware” that supposedly allowed the DNC emails to be compromised.

But analysis of the files themselves (analysis that team Mueller either never conducted or never discussed) shows otherwise.

It’s not inconsequential that the DNC refused to let anyone examine the server. The FBI just accepted the hack narrative based on the word of CrowdStrike, a firm hired by the DNC—a firm whose analyst that supposedly examined the DNC server just happened to have previously worked for none other than … Robert Mueller.

The Mueller report repeatedly uses the words “hack” and “hacking,” yet fails to offer a shred of evidence that a hack actually took place. The public is just supposed to accept on good faith a claim made by a former FBI director (under his own cloud of suspicion), who’s investigating the current president in a case initiated by biased FBI officials whose investigation is based on opposition research provided by the Russians and paid for by the president’s political opposition, the Hillary Clinton campaign and the DNC.

Analysis of the stolen emails not only eviscerates the legitimacy of at least 12 of Mueller’s indictments—the ones against Russians he accused of conducting a hack that never actually occurred—it further calls into question the motives for the origin of the Mueller probe.

Specifically, the report states, “Taken together, these disparate data points combine to paint a picture that exonerates alleged Russian hackers and implicates persons within our law enforcement and intelligence community taking part in a campaign of misinformation, deceit and incompetence. It is not a pretty picture.”

After an investigation that had 19 lawyers, 2,800 subpoenas, 500 search warrants, 500 witnesses interviewed, and more than 230 orders for communication records, not only was there no finding of collusion, conspiracy, or obstruction, we are also still left with a question about how this whole thing started.

Who actually stole the DNC emails? (Read more: The Epoch Times, 7/09/2019)

October 24, 2017 – CIA director Mike Pompeo meets with former NSA official, William Binney, to discuss the DNC “leak” vs “hack” theory

(Credit: public domain)

“CIA director Mike Pompeo met late last month with a former U.S. intelligence official who has become an advocate for a disputed theory that the theft of the Democratic National Committee’s emails during the 2016 presidential campaign was an inside job, rather than a hack by Russian intelligence.

Pompeo met on October 24 with William Binney, a former National Security Agency official-turned-whistleblower who co-authored an analysis published by a group of former intelligence officials that challenges the U.S. intelligence community’s official assessment that Russian intelligence was behind last year’s theft of data from DNC computers. Binney and the other former officials argue that the DNC data was “leaked,” not hacked, “by a person with physical access” to the DNC’s computer system.

In an interview with The Intercept, Binney said Pompeo told him that President Donald Trump had urged the CIA director to meet with Binney to discuss his assessment that the DNC data theft was an inside job. During their hour-long meeting at CIA headquarters, Pompeo said Trump told him that if Pompeo “want[ed] to know the facts, he should talk to me,” Binney said.

A senior intelligence source confirmed that Pompeo met with Binney to discuss his analysis, and that the CIA director held the meeting at Trump’s urging. The Intercept’s account of the meeting is based on interviews with Binney, the senior intelligence source, a colleague who accompanied Binney to CIA headquarters, and others who Binney told about the meeting. A CIA spokesperson declined to comment. “As a general matter, we do not comment on the Director’s schedule,” said Dean Boyd, director of the CIA’s Office of Public Affairs.

Binney said that Pompeo asked whether he would be willing to meet with NSA and FBI officials to further discuss his analysis of the DNC data theft. Binney agreed and said Pompeo said he would contact him when he had arranged the meetings.” (Read more: The Intercept, 11/07/2017)

July 24, 2017 – Intel vets challenge ‘Russia Hack’ evidence

In a memo to President Trump, a group of former U.S. intelligence officers, including NSA specialists, cite new forensic studies to challenge the claim of the key Jan. 6 “assessment” that Russia “hacked” Democratic emails last year. 

MEMORANDUM FOR: The President

FROM: Veteran Intelligence Professionals for Sanity (VIPS)

SUBJECT: Was the “Russian Hack” an Inside Job?

Executive Summary

Then-Director of National Intelligence James Clapper (right) talks with President Barack Obama in the Oval Office, with John Brennan and other national security aides present.(Credit: Office of Director of National Intelligence)

Forensic studies of “Russian hacking” into Democratic National Committee computers last year reveal that on July 5, 2016, data was leaked (not hacked) by a person with physical access to DNC computer. After examining metadata from the “Guccifer 2.0” July 5, 2016 intrusion into the DNC server, independent cyber investigators have concluded that an insider copied DNC data onto an external storage device.

Key among the findings of the independent forensic investigations is the conclusion that the DNC data was copied onto a storage device at a speed that far exceeds an Internet capability for a remote hack. Of equal importance, the forensics show that the copying was performed on the East coast of the U.S. Thus far, mainstream media have ignored the findings of these independent studies [see here and here].

Independent analyst Skip Folden, who retired after 25 years as the IBM Program Manager for Information Technology, US, who examined the recent forensic findings, is a co-author of this Memorandum. He has drafted a more detailed technical report titled “Cyber-Forensic Investigation of ‘Russian Hack’ and Missing Intelligence Community Disclaimers,” and sent it to the offices of the Special Counsel and the Attorney General. VIPS member William Binney, a former Technical Director at the National Security Agency, and other senior NSA “alumni” in VIPS attest to the professionalism of the independent forensic findings.

The recent forensic studies fill in a critical gap. Why the FBI neglected to perform any independent forensics on the original “Guccifer 2.0” material remains a mystery – as does the lack of any sign that the “hand-picked analysts” from the FBI, CIA, and NSA, who wrote the “Intelligence Community Assessment” dated January 6, 2017, gave any attention to forensics.” (Read more: Consortium News, 7/24/2017)

December 12, 2016 – US Intel vets dispute Russia hacking claims because the evidence should be there and is absent

“As the hysteria about Russia’s alleged interference in the U.S. election grows, a key mystery is why U.S. intelligence would rely on “circumstantial evidence” when it has the capability for hard evidence, say U.S. intelligence veterans.

Veteran Intelligence Professionals for Sanity

MEMORANDUM

Allegations of Hacking Election Are Baseless

Seal of the National Security Agency (Credit: NSA)

A New York Times report alluding to “overwhelming circumstantial evidence” leading the CIA to believe that Russian President Vladimir Putin “deployed computer hackers with the goal of tipping the election to Donald J. Trump” is, sadly, evidence-free. This is no surprise, because harder evidence of a technical nature points to an inside leak, not hacking – by Russians or anyone else.

Monday’s Washington Post reports that Sen. James Lankford, R-Oklahoma, a member of the Senate Intelligence Committee, has joined other senators in calling for a bipartisan investigation of suspected cyber-intrusion by Russia. Reading our short memo could save the Senate from endemic partisanship, expense and unnecessary delay.

In what follows, we draw on decades of senior-level experience – with emphasis on cyber-intelligence and security – to cut through uninformed, largely partisan fog. Far from hiding behind anonymity, we are proud to speak out with the hope of gaining an audience appropriate to what we merit – given our long labors in government and other areas of technology. And corny though it may sound these days, our ethos as intelligence professionals remains, simply, to tell it like it is – without fear or favor.

We have gone through the various claims about hacking. For us, it is child’s play to dismiss them. The email disclosures in question are the result of a leak, not a hack. Here’s the difference between leaking and hacking:

Leak: When someone physically takes data out of an organization and gives it to some other person or organization, as Edward Snowden and Chelsea Manning did.

Hack: When someone in a remote location electronically penetrates operating systems, firewalls or any other cyber-protection system and then extracts data.

All signs point to leaking, not hacking. If hacking were involved, the National Security Agency would know it – and know both sender and recipient.

In short, since leaking requires physically removing data – on a thumb drive, for example – the only way such data can be copied and removed, with no electronic trace of what has left the server, is via a physical storage device.

Awesome Technical Capabilities

Former National Security Agency contractor Edward Snowden. (Photo credit: The Guardian)

Again, NSA is able to identify both the sender and recipient when hacking is involved. Thanks largely to the material released by Edward Snowden, we can provide a full picture of NSA’s extensive domestic data-collection network including Upstream programs like Fairview, Stormbrew and Blarney. These include at least 30 companies in the U.S. operating the fiber networks that carry the Public Switched Telephone Network as well as the World Wide Web. This gives NSA unparalleled access to data flowing within the U.S. and data going out to the rest of the world, as well as data transiting the U.S.

In other words, any data that is passed from the servers of the Democratic National Committee (DNC) or of Hillary Rodham Clinton (HRC) – or any other server in the U.S. – is collected by the NSA.  These data transfers carry destination addresses in what are called packets, which enable the transfer to be traced and followed through the network.

Packets: Emails being passed across the World Wide Web are broken down into smaller segments called packets. These packets are passed into the network to be delivered to a recipient. This means the packets need to be reassembled at the receiving end.

To accomplish this, all the packets that form a message are assigned an identifying number that enables the receiving end to collect them for reassembly. Moreover, each packet carries the originator and ultimate receiver Internet protocol number (either IPV4 or IPV6) that enables the network to route data.

When email packets leave the U.S., the other “Five Eyes” countries (the U.K., Canada, Australia, and New Zealand) and the seven or eight additional countries participating with the U.S. in bulk-collection of everything on the planet would also have a record of where those email packets went after leaving the U.S.

These collection resources are extensive [see attached NSA slides 1, 2, 3, 4, 5]; they include hundreds of trace route programs that trace the path of packets going across the network and tens of thousands of hardware and software implants in switches and servers that manage the network. Any emails being extracted from one server going to another would be, at least in part, recognizable and traceable by all these resources.

The bottom line is that the NSA would know where and how any “hacked” emails from the DNC, HRC or any other servers were routed through the network. This process can sometimes require a closer look into the routing to sort out intermediate clients, but in the end sender and recipient can be traced across the network.

The various ways in which usually anonymous spokespeople for U.S. intelligence agencies are equivocating – saying things like “our best guess” or “our opinion” or “our estimate” etc. – shows that the emails alleged to have been “hacked” cannot be traced across the network. Given NSA’s extensive trace capability, we conclude that DNC and HRC servers alleged to have been hacked were, in fact, not hacked.

The evidence that should be there is absent; otherwise, it would surely be brought forward, since this could be done without any danger to sources and methods. Thus, we conclude that the emails were leaked by an insider – as was the case with Edward Snowden and Chelsea Manning. Such an insider could be anyone in a government department or agency with access to NSA databases, or perhaps someone within the DNC.” (Read more: Consortium News, December 12, 2016)