March 09, 2017
Was the DNC Hack Fake News?
Timothy Birdnow
Here is a story that dovetails with what I've been saying for a long time. A tweet by Donald Trump over the weekend 9and lost in the kafuffle over Trump's claim that Obama was spying on him) made an accusation - first delineated by a CNN article - that the DNC hack may have been done by our government and not the Russians.
According to Robert Romano at Netrightdaily:
"The second tweet on March 4 stated, "Is it true the DNC would not allow the FBI access to check server or other equipment after learning it was hacked? Can that be possible?"
Here, Trump was referring apparently to a CNN report from January that the Democratic National Committee (DNC) refused to give the FBI access to its computer servers after it claimed in June it had been hacked by the Russian government.
Although the DNC tells the story a different way, with DNC deputy communications director Eric Lake offering to Buzzfeed News, "The DNC had several meetings with representatives of the FBI's Cyber Division and its Washington Field Office, the Department of Justice's National Security Division, and US Attorney's Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC's computer servers."
But, either the FBI tried to get access to the servers, and was refused, or the FBI simply never requested access. Either way, per the CNN report, "The FBI instead relied on the assessment from a third-party security company called CrowdStrike," which had performed its own audit of the DNC server.
This raises the obvious question of how the U.S. government ever proved on its own that Russia was behind the hack — if there even was a hack — if it never accessed the DNC computers. For, this goes to the heart of all claims central to Russia and the 2016 election.
Namely, if Russia was not behind any hacking of the DNC or John Podesta, then the Trump campaign could not have possibly colluded with Russia in such efforts.
Enter into the mix Wikileaks once again with its bombshell disclosure of CIA cyber warfare hacking tools and capabilities, which, besides Edward Snowden, appears to be the most impactful dump of classified information in U.S. history. Included in the disclosure is the ability of the agency — and presumably other hackers — to mask who is performing a hack.
According to Wikileaks' press release, "The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation. With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the 'fingerprints' of the groups that the attack techniques were stolen from.""
End excerpt.
How indeed did Crowdstrike make this determination? And, perhaps more importantly, can the public trust the Crowdstrike investigation? After all, the DNC was the client, not the American People.
The entire case for Russian hacking is predicated on metadata suggesting the use of a Cyrillic typewriter and codes similar to those used by Russian national security. These can all be faked. In point of fact, one would expect better of Russian security operatives.
Romano points that out:
"But if those techniques can be co-opted by other hackers or intelligence agencies — as the UMBRAGE program appears designed to do — it appears that the list of potential intruders on the DNC server should have been longer than just Russia. How does analyzing techniques tell you who perpetrated a hack?
Because, not only did the U.S. government apparently not physically investigate the DNC servers, it should have known full well that the hacking techniques identified by Crowdstrike as being used by state actors could be mimicked.
Add to that the fact that the DNC servers were already compromised in Dec. 2015, not because of a hack, but because of its internal voter and donor database software, NGP VAN, kept dropping its firewall. The problems were so bad that opposing campaigns could access each other's files. Josh Uretsky was Bernie Sanders' national data director but was fired after he accessed and stored files from the Clinton campaign he was able to access via NGP VAN before a software patch was issued. Has the FBI investigated these internal vulnerabilities? Might they explain how somebody internally might have gotten to the files that did wind up on Wikileaks?"
End excerpt.
Here is a good article discrediting the "Russians did it" mantra. Here is a snippet:
"or one, a lot of the so-called evidence above is no such thing. CrowdStrike, whose claims of Russian responsibility are perhaps most influential throughout the media, says APT 28/Fancy Bear "is known for its technique of registering domains that closely resemble domains of legitimate organizations they plan to target.†But this isn’t a Russian technique any more than using a computer is a Russian technique — misspelled domains are a cornerstone of phishing attacks all over the world. Is Yandex — the Russian equivalent of Google — some sort of giveaway? Anyone who claimed a hacker must be a CIA agent because they used a Gmail account would be laughed off the internet. We must also acknowledge that just because Guccifer 2.0 pretended to be Romanian, we can’t conclude he works for the Russian government — it just makes him a liar.
Next, consider the fact that CrowdStrike describes APT 28 and 29 like this:
Their tradecraft is superb, operational security second to none and the extensive usage of "living-off-the-land†techniques enables them to easily bypass many security solutions they encounter. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and "access management†tradecraft — both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected.
Compare that description to CrowdStrike’s claim it was able to finger APT 28 and 29, described above as digital spies par excellence, because they were so incredibly sloppy. Would a group whose "tradecraft is superb†with "operational security second to none†really leave behind the name of a Soviet spy chief imprinted on a document it sent to American journalists? Would these groups really be dumb enough to leave Cyrillic comments on these documents? Would these groups that "constantly [go] back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels†get caught because they precisely didn’t make sure not to use IP addresses they’d been associated before? It’s very hard to buy the argument that the Democrats were hacked by one of the most sophisticated, diabolical foreign intelligence services in history, and that we know this because they screwed up over and over again.
But how do we even know these oddly named groups are Russian? CrowdStrike co-founder Dmitri Alperovitch himself describes APT 28 as a "Russian-based threat actor†whose modus operandi "closely mirrors the strategic interests of the Russian government†and "may indicate affiliation [Russia’s] Main Intelligence Department or GRU, Russia’s premier military intelligence service.†Security firm SecureWorks issued a report blaming Russia with "moderate confidence.†What constitutes moderate confidence? SecureWorks said it adopted the "grading system published by the U.S. Office of the Director of National Intelligence to indicate confidence in their assessments. … Moderate confidence generally means that the information is credibly sourced and plausible but not of sufficient quality or corroborated sufficiently to warrant a higher level of confidence.†All of this amounts to a very educated guess, at best.
Even the claim that APT 28/Fancy Bear itself is a group working for the Kremlin is speculative, a fact that’s been completely erased from this year’s discourse
End excerpt.
In short, all of the evidence for Russian involvement is circumstantial. In a world of top level security one does not make these kinds of mistakes. That is, unless one WANTS to.
So why didn't the FBI examine the DNC server? Strange they did not, and then did nothing to correct the misperception that they had.
Leaked e-mails show that the Clinton camp planned to skew polling data to make her elevation appear immanent, and that suggest to me her people suspected she might lose - and planned for such a contingency. Obama - with the more powerful tools of the State security apparatus at his disposal - likely knew this as well. In fact, I theorized all along that Obama really did not want Hillary to win but preferred to see Trump win and then destroy him. Obama is a rabble rouser, a community organizer who loves the chaos of political theater and revolution. I wonder if this isn't what he intended all along.
That may be paranoid speculation, but it doesn't change the fact that there is no hard evidence linking the Russians to the DNC hack, and certainly no evidence linking Trump to the Russians. This was clearly a carefully thought-out strategy by the Democrats, one that appears to have had the assistance of Barack Obama BEFORE the election. In short, something does not smell clean.
Here is a story that dovetails with what I've been saying for a long time. A tweet by Donald Trump over the weekend 9and lost in the kafuffle over Trump's claim that Obama was spying on him) made an accusation - first delineated by a CNN article - that the DNC hack may have been done by our government and not the Russians.
According to Robert Romano at Netrightdaily:
"The second tweet on March 4 stated, "Is it true the DNC would not allow the FBI access to check server or other equipment after learning it was hacked? Can that be possible?"
Here, Trump was referring apparently to a CNN report from January that the Democratic National Committee (DNC) refused to give the FBI access to its computer servers after it claimed in June it had been hacked by the Russian government.
Although the DNC tells the story a different way, with DNC deputy communications director Eric Lake offering to Buzzfeed News, "The DNC had several meetings with representatives of the FBI's Cyber Division and its Washington Field Office, the Department of Justice's National Security Division, and US Attorney's Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC's computer servers."
But, either the FBI tried to get access to the servers, and was refused, or the FBI simply never requested access. Either way, per the CNN report, "The FBI instead relied on the assessment from a third-party security company called CrowdStrike," which had performed its own audit of the DNC server.
This raises the obvious question of how the U.S. government ever proved on its own that Russia was behind the hack — if there even was a hack — if it never accessed the DNC computers. For, this goes to the heart of all claims central to Russia and the 2016 election.
Namely, if Russia was not behind any hacking of the DNC or John Podesta, then the Trump campaign could not have possibly colluded with Russia in such efforts.
Enter into the mix Wikileaks once again with its bombshell disclosure of CIA cyber warfare hacking tools and capabilities, which, besides Edward Snowden, appears to be the most impactful dump of classified information in U.S. history. Included in the disclosure is the ability of the agency — and presumably other hackers — to mask who is performing a hack.
According to Wikileaks' press release, "The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation. With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the 'fingerprints' of the groups that the attack techniques were stolen from.""
End excerpt.
How indeed did Crowdstrike make this determination? And, perhaps more importantly, can the public trust the Crowdstrike investigation? After all, the DNC was the client, not the American People.
The entire case for Russian hacking is predicated on metadata suggesting the use of a Cyrillic typewriter and codes similar to those used by Russian national security. These can all be faked. In point of fact, one would expect better of Russian security operatives.
Romano points that out:
"But if those techniques can be co-opted by other hackers or intelligence agencies — as the UMBRAGE program appears designed to do — it appears that the list of potential intruders on the DNC server should have been longer than just Russia. How does analyzing techniques tell you who perpetrated a hack?
Because, not only did the U.S. government apparently not physically investigate the DNC servers, it should have known full well that the hacking techniques identified by Crowdstrike as being used by state actors could be mimicked.
Add to that the fact that the DNC servers were already compromised in Dec. 2015, not because of a hack, but because of its internal voter and donor database software, NGP VAN, kept dropping its firewall. The problems were so bad that opposing campaigns could access each other's files. Josh Uretsky was Bernie Sanders' national data director but was fired after he accessed and stored files from the Clinton campaign he was able to access via NGP VAN before a software patch was issued. Has the FBI investigated these internal vulnerabilities? Might they explain how somebody internally might have gotten to the files that did wind up on Wikileaks?"
End excerpt.
Here is a good article discrediting the "Russians did it" mantra. Here is a snippet:
"or one, a lot of the so-called evidence above is no such thing. CrowdStrike, whose claims of Russian responsibility are perhaps most influential throughout the media, says APT 28/Fancy Bear "is known for its technique of registering domains that closely resemble domains of legitimate organizations they plan to target.†But this isn’t a Russian technique any more than using a computer is a Russian technique — misspelled domains are a cornerstone of phishing attacks all over the world. Is Yandex — the Russian equivalent of Google — some sort of giveaway? Anyone who claimed a hacker must be a CIA agent because they used a Gmail account would be laughed off the internet. We must also acknowledge that just because Guccifer 2.0 pretended to be Romanian, we can’t conclude he works for the Russian government — it just makes him a liar.
Next, consider the fact that CrowdStrike describes APT 28 and 29 like this:
Their tradecraft is superb, operational security second to none and the extensive usage of "living-off-the-land†techniques enables them to easily bypass many security solutions they encounter. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and "access management†tradecraft — both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected.
Compare that description to CrowdStrike’s claim it was able to finger APT 28 and 29, described above as digital spies par excellence, because they were so incredibly sloppy. Would a group whose "tradecraft is superb†with "operational security second to none†really leave behind the name of a Soviet spy chief imprinted on a document it sent to American journalists? Would these groups really be dumb enough to leave Cyrillic comments on these documents? Would these groups that "constantly [go] back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels†get caught because they precisely didn’t make sure not to use IP addresses they’d been associated before? It’s very hard to buy the argument that the Democrats were hacked by one of the most sophisticated, diabolical foreign intelligence services in history, and that we know this because they screwed up over and over again.
But how do we even know these oddly named groups are Russian? CrowdStrike co-founder Dmitri Alperovitch himself describes APT 28 as a "Russian-based threat actor†whose modus operandi "closely mirrors the strategic interests of the Russian government†and "may indicate affiliation [Russia’s] Main Intelligence Department or GRU, Russia’s premier military intelligence service.†Security firm SecureWorks issued a report blaming Russia with "moderate confidence.†What constitutes moderate confidence? SecureWorks said it adopted the "grading system published by the U.S. Office of the Director of National Intelligence to indicate confidence in their assessments. … Moderate confidence generally means that the information is credibly sourced and plausible but not of sufficient quality or corroborated sufficiently to warrant a higher level of confidence.†All of this amounts to a very educated guess, at best.
Even the claim that APT 28/Fancy Bear itself is a group working for the Kremlin is speculative, a fact that’s been completely erased from this year’s discourse
End excerpt.
In short, all of the evidence for Russian involvement is circumstantial. In a world of top level security one does not make these kinds of mistakes. That is, unless one WANTS to.
So why didn't the FBI examine the DNC server? Strange they did not, and then did nothing to correct the misperception that they had.
Leaked e-mails show that the Clinton camp planned to skew polling data to make her elevation appear immanent, and that suggest to me her people suspected she might lose - and planned for such a contingency. Obama - with the more powerful tools of the State security apparatus at his disposal - likely knew this as well. In fact, I theorized all along that Obama really did not want Hillary to win but preferred to see Trump win and then destroy him. Obama is a rabble rouser, a community organizer who loves the chaos of political theater and revolution. I wonder if this isn't what he intended all along.
That may be paranoid speculation, but it doesn't change the fact that there is no hard evidence linking the Russians to the DNC hack, and certainly no evidence linking Trump to the Russians. This was clearly a carefully thought-out strategy by the Democrats, one that appears to have had the assistance of Barack Obama BEFORE the election. In short, something does not smell clean.
Posted by: Timothy Birdnow at
08:17 AM
| No Comments
| Add Comment
Post contains 1544 words, total size 10 kb.
30kb generated in CPU 0.0846, elapsed 0.2748 seconds.
35 queries taking 0.2667 seconds, 182 records returned.
Powered by Minx 1.1.6c-pink.
35 queries taking 0.2667 seconds, 182 records returned.
Powered by Minx 1.1.6c-pink.
