The forensics from the leaked DNC emails don’t add up, according to a group of former intelligence officers who wrote a memorandum to President Donald Trump. The speed at which the emails were copied don’t indicate a hack but rather an internal leak, former CIA officer Ray McGovern, one of the authors, told RT America’s Natasha Sweatte.
According to the new book “Shattered,” which gathers its information from Clinton campaign insiders, the “Russia excuse” was hatched 24 hours after Hillary’s humiliating loss. According to the bombshell book, Hillary Clinton, John Podesta and Robby Mook made a conscious choice to:
- Blame Russia
- Blame the Media
In a memo to President Trump, a group of former U.S. intelligence officers, including NSA specialists, cite new forensic studies to challenge the claim of the key Jan. 6 “assessment” that Russia “hacked” Democratic emails last year.
Forensic studies of “Russian hacking” into Democratic National Committee computers last year reveal that on July 5, 2016, data was leaked (not hacked) by a person with physical access to DNC computers, and then doctored to incriminate Russia, Global Research reports.
After examining metadata from the “Guccifer 2.0” July 5, 2016 intrusion into the DNC server, independent cyber investigators have concluded that an insider copied DNC data onto an external storage device, and that “telltale signs” implicating Russia were then inserted.
Key among the findings of the independent forensic investigations is the conclusion that the DNC data was copied onto a storage device at a speed that far exceeds an Internet capability for a remote hack. Of equal importance, the forensics show that the copying and doctoring were performed on the East coast of the U.S. Thus far, mainstream media have ignored the findings of these independent studies [see here and here].
TEL AVIV — The narrative of a Russian hack into the computer system of the Democratic National Committee (DNC) is an “outright lie” and “manipulation process,” William Binney, a former highly placed NSA official, claimed during in a radio interview, Breitbart reports.
Utilizing recently unlocked information from data that purportedly originated on the DNC’s servers, Binney claimed that he is “something like 99%” sure that the DNC servers were not hacked from the outside. He urged the U.S. Intelligence Community to immediately release any evidence utilized to draw the conclusion that Russia may have been associated with the breach of the DNC servers.
Binney was an architect of the NSA’s surveillance program. He is a former NSA technical director who helped to modernize the agency’s worldwide eavesdropping network, co-founding a unit on automating NSA signals intelligence. He became a famed whistleblower when he resigned on October 31, 2001, after spending more than 30 years with the agency.
He is also a senior leader of Veteran Intelligence Professionals for Sanity (VIPS), a group of former officers of the United States Intelligence Community founded in 2003. During the interview, Binney repeatedly referred to a forensic analysis conducted by VIPS members on DNC files posted online by the hacker known as Guccifer 2.0. The VIPS analysis highlighted data that purportedly indicated the DNC server was most likely not hacked from the outside.
Binney’s findings are not without detractors, however, with some experts saying the VIPS report is flawed and ignores other explanations for the metadata. Binney pushed back against the criticism, charging the detractors have no evidence for their claims. He squarely placed the onus on the U.S. government to prove any hack.
He was speaking on this reporter’s Sunday radio program, “Aaron Klein Investigative Radio,” broadcast on New York’s AM 970 The Answer and Philadelphia’s NewsTalk 990 AM.
The VIPS analysis was made possible after an independent researcher who goes by the online name of Forensicator found a way to unlock metadata from Guccifer 2.0’s files.
The unlocked metadata shows that on July 5, 2016 a total of 1,976 megabytes of data were quickly downloaded into a file. A key finding is that the file downloads took only 87 seconds in total, which suggests a transfer rate of 22.7 megabytes per second.
A hack of the DNC server would have most likely used an Internet service provider. However, the analysts noted, in mid-2016 U.S. Internet service providers for residential clients did not have speeds capable of downloading data at that rate. The data upload is consistent with a regular transfer to a flash device like a thumb drive.
Yet, the VIPS report seemingly overlooked the fact that some corporate and cloud networks do have upload rates technically capable of transferring at that speed. The DNC has not commented on its own network speeds.
Speaking to this reporter, Binney stated, “It is almost absolutely not possible to do it from outside. I mean you have to have some access to the DNC network and some access from there that would allow you to take that rate in. That meant you had to be on the DNC network or some very high-speed network connected to it.”
Binney stated that if the data were transferred via the Internet, outside entities would have recordings of the transfer. “The network managers would monitor the network log for the Internet, for example,” he said. “Basically, the people who manage the fiber optic lines. Like AT&T. If they saw a bulge in traffic being passed down one line they could see that maybe we need to offload to another line and reroute. It’s like load-leveling across the entire network to make sure that it functions and it doesn’t go down for being overloaded on one line only.”
Binney, who helped build the NSA’s surveillance program, alleged that the NSA would have picked up on any outside hack of the DNC.
“They would know exactly where the package went if it were transferred. I would also add that, on the other end, NSA and GCHQ (Government Communications Headquarters), the British equivalent, are watching [WikiLeaks founder] Julian Assange in the embassy and all of the people who are related to him or are contacting him or having any kind of data transfer to or from him.”
“They’re watching them all – that’s Wikileaks, basically – they are watching them 24 hours a day cast iron. So, if anybody passed data to them across the network they would know. And be reporting it. That’s the whole problem. They didn’t come out and say here is where the data came from that came to Wikileaks. And he is where it came from – the DNC server to that point that is related to Wikileaks.”
The Hill, however, quoted experts saying the VIP report overlooked other scenarios that could explain the quick transfer rate. “This theory assumes that the hacker downloaded the files to a computer and then leaked it from that computer,” Rich Barger, director of security research at Splunk, told the publication.
The Hill report continued:
But, said Barger and other experts, that overlooks the possibility the files were copied multiple times before being released, something that may be more probable than not in a bureaucracy like Russian intelligence.
“A hacker might have downloaded it to one computer, then shared it by USB to an air gapped [off the internet] network for translation, then copied by a different person for analysis, then brought a new USB to an entirely different air gapped computer to determine a strategy all before it was packaged for Guccifer 2.0 to leak,” said Barger.
Speaking to this reporter, Binney allowed that the files may have been copied multiple times before being posted by Guccifer 2.0. But he stated there is no proof that that was the case one way or the other. “We should never infer anything without at least one fact to indicate it’s true,” he replied. “I would say again, if anything happened like these suggested events then NSA would have a trace on at least most of it. They have produced no information at all.”
Besides the rate of transfer, here are some other findings from the unlock metadata included in the VIPS report:
- The time stamp recorded the download within the Eastern Daylight Time Zone at approximately 6:45 p.m on July 5, 2016. This means the transfer took place somewhere on the East Coast of the U.S. and not overseas. Gufficer 2.0 was reportedly based in Romania. Still, the hacker could have obtained the files from someone else on the U.S. East Coast.
The July date, however, is actually months after the DNC said they first registered a breach in April. Binney stated that it was “possible” the date and timestamp could have been changed.
- There are indications that prior to posting, the files were encoded with electronic Russian fingerprints, something the CIA is capable of doing.
The Nation related that possibility in a 4,500-word story on the VIPS analysis:
In addition, there is the adulteration of the documents Guccifer 2.0 posted on June 15, when he made his first appearance. This came to light when researchers penetrated what Folden calls Guccifer’s top layer of metadata and analyzed what was in the layers beneath. They found that the first five files Guccifer made public had each been run, via ordinary cut-and-paste, through a single template that effectively immersed them in what could plausibly be cast as Russian fingerprints. They were not: The Russian markings were artificially inserted prior to posting. “It’s clear,” another forensics investigator self-identified as HET, wrote in a report on this question, “that metadata was deliberately altered and documents were deliberately pasted into a Russianified Word document with Russian language settings and style headings.”
The magazine points out that the CIA’s cyber-tools would have allowed such an encoding. “WikiLeaks began to release in March and labeled Vault 7 includes one called Marble that is capable of obfuscating the origin of documents in false-flag operations and leaving markings that point to whatever the CIA wants to point to.”
The Nation story on the VIPS report is reportedly being reviewed by the publication. “We’re doing the review as we speak, and I don’t want to rush to say anything,” Katrina vanden Heuvel, the Nation’s editor and publisher, told the Washington Post earlier this month. The Post reported that the Nation’s review will include the technical feasibility of the article detailing the VIPS report.
The Gufficer 2.0 files are a key part of the Russia hacking narrative. A January 6, 2017 U.S. Intelligence Community report alleging Russian government interference in the 2016 presidential campaign states this of the Gufficer 2.0 files:
We assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com to release US victim data obtained in cyber operations publicly and in exclusives to media outlets and relayed material to WikiLeaks.
The U.S. Intelligence Community has not publicly released any evidence to back up its charges. Despite false media characterizations of 17 intelligence agencies, the January 6 report was authored by three U.S. agencies – the NSA, the FBI and the CIA. The Washington Post, in its extensive June 23 article, reported on details of the compartmentalized operation that indicates a high degree of secrecy involving top Obama administration officials.
A Bloomberg opinion piece by Leonid Bershidsky asserted that Binney’s information “should get more attention.”
Unlike the “current and former intelligence officials” anonymously quoted in stories about the Trump-Russia scandal, VIPS members actually have names. But their findings and doubts are only being aired by non-mainstream publications that are easy to accuse of being channels for Russian disinformation. The Nation, Consortium News, ZeroHedge and other outlets have pointed to their findings that at least some of the DNC files were taken by an insider rather than by hackers, Russian or otherwise.
In response to the Nation report, the DNC released the following statement:
U.S. intelligence agencies have concluded the Russian government hacked the DNC in an attempt to interfere in the election. Any suggestion otherwise is false and is just another conspiracy theory like those pushed by Trump and his administration. It’s unfortunate that the Nation has decided to join the conspiracy theorists to push this narrative.
During the radio interview, Binney pushed back against the DNC “conspiracy theory” charge.
“They are joining the lie,” Binney stated. “I mean, it is an outright lie. All they are saying is they are claiming something. Where is any substance from anybody to prove any of that? There isn’t any. They haven’t given any proof whatsoever.”
“The intelligence community has said it is highly likely. Well, they should absolutely know with all of the taps they have on the fiber lines in the U.S. and around the world. They should have no question whatsoever. Saying high confidence – that means that they don’t know. That’s really what they are saying. If they have anything else to say, let them produce any evidence that they have so that we can all look at it. So far, they have produced nothing but opinion and speculation and a lie to keep this Cold War going.”
In a move that has raised eyebrows, the DNC did not allow the FBI to inspect its servers.
In January testimony before the Senate Intelligence Committee, then-FBI Director James Comey confirmed that the FBI registered “multiple requests at different levels” to review the DNC’s hacked servers. Ultimately, the DNC and FBI came to an agreement in which a “highly respected private company” would carry out forensics on the servers and share any information that it discovered with the FBI, Comey testified.
A senior law enforcement official stressed the importance of the FBI gaining direct access to the servers, a request that was denied by the DNC.
“The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated,” the official was quoted by the news media as saying.
“This left the FBI no choice but to rely upon a third party for information. These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.”
Comey’s statement about a “highly respected private company” gaining access to the DNC servers was a reference to CrowdStrike, the third-party company ultimately relied upon by the FBI to make its assessment about alleged Russian hacking into the DNC.
As this reporter documented, CrowdStrike was financed to the tune of $100 million from a funding drive last year led by Google Capital.
Google Capital, which now goes by the name of CapitalG, is an arm of Alphabet Inc., Google’s parent company. Eric Schmidt, the chairman of Alphabet, has been a staunch and active supporter of Hillary Clinton and is a longtime donor to the Democratic Party.
CrowdStrike is a California-based cybersecurity technology company co-founded by experts George Kurtz and Dmitri Alperovitch.
Alperovitch is a nonresident senior fellow of the Cyber Statecraft Initiative at the Atlantic Council. The Council takes a hawkish approach toward Russia and has released numerous reports and briefs about Russian aggression.
The Council is funded by the Rockefeller Brothers Fund, Inc., the U.S. State Department and NATO ACT.
Another Council funder is the Ploughshares Fund, which in turn has received financing from billionaire George Soros’ Open Society Foundations.