Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #943 The Gehlen Gang, the High-Profile Hacks and the New Cold War

Dave Emory’s entire life­time of work is avail­able on a flash drive that can be obtained HERE. The new drive is a 32-gigabyte drive that is current as of the programs and articles posted by early winter of 2016. The new drive (available for a tax-deductible contribution of $65.00 or more.) (The previous flash drive was current through the end of May of 2012.)

WFMU-FM is podcasting For The Record–You can subscribe to the podcast HERE.

You can subscribe to e-mail alerts from Spitfirelist.com HERE.

You can subscribe to RSS feed from Spitfirelist.com HERE.

You can subscribe to the comments made on programs and posts–an excellent source of information in, and of, itself HERE.

This broadcast was recorded in one, 60-minute segment.

Reinhard Gehlen: Nazi head of postwar German intelligence

Reinhard Gehlen: Nazi head of postwar German intelligence

Stephan Bandera, head of the OUN/B

Stephan Bandera, head of the OUN/B

Introduction: One of the foundational elements of Mr. Emory’s work over the decades has been the Reinhard Gehlen “Org.”

Beginning as the Eastern Front intelligence organization of the Third Reich under General Reinhard Gehlen, the organization then jumped to the CIA, becoming its department of Russian and Eastern affairs. It became the de-facto NATO intelligence organization and, ultimately the BND.

Incorporating large numbers of SS and Gestapo veterans, it manifested continuity with the Third Reich chain of command and was ultimately responsible to the remarkable and deadly Bormann capital network.

In this program, we examine the role of Ukrainian fascists evolved from the milieu of the OUN/B and other elements ultimately associated with, and/or evolved from the “Org” in the development of the meme of “Russia/Putin/Kremlin did it. The “it” in question are the high-profile hacks: the hacking of the DNC and Podesta computers and e-mail accounts, the “non-hack” of the NSA by the so-called Shadow Brokers and earlier hacks of the German Bundestag.

First, we review for the convenience of the listener/reader, key points of analysis presented in previous programs about the high-profile hacks:

Points of information reviewed include:

  • Evidence suggesting that Russia was NOT behind the DNC hacks. ” . . . . None of the technical evidence is convincing. It would only be convincing if the attackers used entirely novel, unique, and sophisticated tools with unmistakable indicators pointing to Russia supported by human intelligence, not by malware analysis.The DNC attackers also had very poor, almost comical, operational security (OPSEC). State actors tend to have a quality assurance review when developing cyberattack tools to minimize the risk of discovery and leaving obvious crumbs behind. Russian intelligence services are especially good. They are highly capable, tactically and strategically agile, and rational. They ensure that offensive tools are tailored and proportionate to the signal they want to send, the possibility of disclosure and public perception, and the odds of escalation. The shoddy OPSEC just doesn’t fit what we know about Russian intelligence. . . . Given these arguments, blaming Russia is not a slam dunk. Why would a country with some of the best intelligence services in the world commit a whole series of really stupid mistakes in a highly sensitive operation? Why pick a target that has a strong chance of leading to escalatory activity when Russia is known to prefer incremental actions over drastic ones? Why go through the trouble of a false flag when doing nothing would have been arguably better?. . . .”
  • Information indicating that the NSA “hack” may well not have been a hack at all, but the work of an insider downloading the information onto a USB drive. “. . . Their claim to have ‘hacked’ a server belonging to the NSA is fishy. According to ex-NSA insiders who spoke with Business Insider, the agency’s hackers don’t just put their exploits and toolkits online where they can potentially be pilfered. The more likely scenario for where the data came from, says ex-NSA research scientist Dave Aitel, is an insider who downloaded it onto a USB stick. . . . When hackers gain access to a server, they keep quiet about it so they can stay there. . . .One of the many strange things about this incident is the very public nature of what transpired. When a hacker takes over your computer, they don’t start activating your webcam or running weird programs because you’d figure out pretty quickly that something was up and you’d try to get rid of them. . . . . . . If the Shadow Brokers owned the NSA’s command and control server, then it would probably be a much better approach to just sit back, watch, and try to pivot to other interesting things that they might be able to find. . . People sell exploits all the time, but they hardly ever talk about it. . . . Most of the time, an exploit is either found by a security research firm, which then writes about it and reports it to the company so it can fix the problem. Or, a hacker looking for cash will take that found exploit and sell it on the black market. So it would make sense for a group like Shadow Brokers to want to sell their treasure trove, but going public with it is beyond strange. . . .”
  • Eddie the Friendly Spook endorsed the cover story of the Shadow Brokers’ NSA “hack”–that the event was a hack (despite indicators to the contrary) and that Russia did it.  . . . If you ask ex-NSA contractor Edward Snowden, the public leak and claims of the Shadow Brokers seem to have Russian fingerprints all over them, and it serves as a warning from Moscow to Washington. The message: If your policymakers keep blaming us for the DNC hack, then we can use this hack to implicate you in much more.‘That could have significant foreign policy consequences,’ Snowden wrote on Twitter. ‘Particularly if any of those operations targeted US allies. Particularly if any of those operations targeted elections. . . .” 
  • The code in the files was from 2013, when Snowden undertook his “op.”  “. . . . The code released by the Shadow Brokers dates most recently to 2013, the same year Edward Snowden leaked classified information about the NSA’s surveillance programs.. . . Snowden also noted that the released files end in 2013. ‘When I came forward, NSA would have migrated offensive operations to new servers as a precaution,’ he suggested — a move that would have cut off the hackers’ access to the server. . . . “
  • Author James Bamford highlighted circumstantial evidence that WikiLeaker Jacob Applebaum–who appears to have facilitated Snowden’s journey from Hawaii to Hong Kong–may have been behind the Shadow Brokers non-hack. “. . . . There also seems to be a link between Assange and the leaker who stole the ANT catalog, and the possible hacking tools. Among Assange’s close associates is Jacob Appelbaum, a celebrated hacktivist and the only publicly known WikiLeaks staffer in the United States – until he moved to Berlin in 2013 in what he called a “political exile” because of what he said was repeated harassment by U.S. law enforcement personnel. In 2010, a Rolling Stone magazine profile labeled him “the most dangerous man in cyberspace.”In December 2013, Appelbaum was the first person to reveal the existence of the ANT catalog, at a conference in Berlin, without identifying the source. That same month he said he suspected the U.S. government of breaking into his Berlin apartment. He also co-wrote an article about the catalog in Der Spiegel. But again, he never named a source, which led many to assume, mistakenly, that it was Snowden. . . .”
  • Applebaum was anti-Clinton, sentiments expressed in the clumsy Boris and Natasha-like broken English that accompanied announcement of the Shadow Brokers’ gambit. . . . . Shortly thereafter, he [Applebaum] turned his attention to Hillary Clinton. At a screening of a documentary about Assange in Cannes, France, Appelbaum accused her of having a grudge against him and Assange, and that if she were elected president, she would make their lives difficult. ‘It’s a situation that will possibly get worse’ if she is elected to the White House, he said, according to Yahoo News. . . .. . . . In hacktivist style, and in what appears to be phony broken English, this new release of cyberweapons also seems to be targeting Clinton. It ends with a long and angry ‘final message’ against ‘Wealthy Elites . . . breaking laws’ but ‘Elites top friends announce, no law broken, no crime commit[ed]. . . Then Elites run for president. Why run for president when already control country like dictatorship?’ . . .” 

We continue our analysis with information about the stunning, unsubstantiated allegation that Russia was behind the hacks:

  • The joint CIA/FBI/NSA declassified version of the Intelligence Report on Russian hacking came out. There is no substantive detail in the report:“ . . . . To summarize, the report says that the CIA, FBI, and National Security Agency believe that Russian hackers—directed ultimately by Vladimir Putin—hacked email accounts belonging to the Democratic National Committee and to Clinton campaign chairman John Podesta and then passed the material they obtained on to WikiLeaks through a third party. This was done, the report asserts, because the Russians believed that Donald Trump would be friendlier to their country’s interests, as president, than Hillary Clinton. And … that’s about it. Not counting intro pages or appendices, the report is five pages long and does not include any description of the actual evidence that Russian actors were responsible for the DNC/Podesta hacks (an assertion that’s supported by publicly available evidence analyzed by third parties) or the assertion that Putin ultimately directed the release of hacked material in order to help elect Donald Trump (an assertion that’s harder to verify independently). . . . .”
  • The Bitly technology used in the hacks enabled the entire world to see what was going on! This strongly indicates a cyber-false flag operation: ” . . . . Using Bitly allowed ‘third parties to see their entire campaign including all their targets— something you’d want to keep secret,’ Tom Finney, a researcher at SecureWorks, told Motherboard. It was one of Fancy Bear’s ‘gravest mistakes,’ as Thomas Rid, a professor at King’s College who has closely studied the case, put it in a new piece published on Thursday in Esquire, as it gave researchers unprecedented visibility into the activities of Fancy Bear, linking different parts of its larger campaign together. . . .”
  • It should be noted that while this report is signed off on by the CIA, NSA, and FBI, the FBI never examined the DNC’s hacked server. Instead, according to the DNC, the job was outsourced to CrowdStrike! Neither the FBI, nor any other U.S. government entity has run an independent forensic analysis on the system! ” . . . Six months after the FBI first said it was investigating the hack of the Democratic National Committee’s computer network, the bureau has still not requested access to the hacked servers, a DNC spokesman said. No US government entity has run an independent forensic analysis on the system, one US intelligence official told BuzzFeed News. . . .The FBI has instead relied on computer forensics from a third-party tech security company, CrowdStrike, which first determined in May of last year that the DNC’s servers had been infiltrated by Russia-linked hackers, the U.S. intelligence official told BuzzFeed News. . .‘CrowdStrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate,’ the intelligence official said, adding they were confident Russia was behind the widespread hacks. . . It’s unclear why the FBI didn’t request access to the DNC servers, and whether it’s common practice when the bureau investigates the cyberattacks against private entities by state actors, like when the Sony Corporation was hacked by North Korea in 2014. BuzzFeed News spoke to three cybersecurity companies who have worked on major breaches in the last 15 months, who said that it was “par for the course” for the FBI to do their own forensic research into the hacks. None wanted to comment on the record on another cybersecurity company’s work, or the work being done by a national security agency. . . .”
  • The FBI claims that the DNC denied them access to the servers! Right! Note the prominence of CrowdStrike in this imbroglio. More about them below. ” . . . . The FBI struck back at the Democratic National Committee on Thursday, accusing it of denying federal investigators access to its computer systems and hamstringing its investigation into the infiltration of DNC servers by Russia-backed hackers. ‘The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated. This left the FBI no choice but to rely upon a third party for information,’ a senior law enforcement official told BuzzFeed News in a statement. ‘These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.’ . . . The warring statements are the latest twists in an extraordinary standoff between the Democrats and federal investigators that reached a fever pitch over the bureau’s probe into Democratic nominee Hillary Clinton’s private email server. . . . The FBI announced it was investigating the hack of the DNC’s servers in July, after a third-party computer security firm, Crowdstrike, said it had evidence of Kremlin-backed hackers infiltrating its system. . . .”
  • The DNC responded to the FBI’s counter-assertion by reasserting that it’s giving the FBI full access to whatever it requested. If there’s a problem with the FBI getting access to that server, it’s a problem between the FBI and Crowdstrike: ” . . . The FBI had previously told lawmakers on the Hill that the DNC had not allowed federal investigators to access their servers. After BuzzFeed News reported on Wednesday that the DNC claimed FBI agents had never asked for the servers, congressional officials pressured the FBI for answers. A senior law enforcement official issued a public statement on the matter Thursday night. ‘Someone is lying their ass off,’ a US intelligence official said of the warring statements. But officials with the DNC still assert they’ve ‘cooperated with the FBI 150%.They’ve had access to anything they want. Anything that they desire. Anything they’ve asked, we’ve cooperated,’ the DNC official said. ‘If anybody contradicts that it’s between Crowdstrike and the FBI.’ . . .Without direct access to the computer network, another US intelligence official told BuzzFeed, federal investigators had been forced to rely on the findings of the private cybersecurity firm Crowdstrike for computer forensics. From May through August of 2016, the Democratic National Committee paid Crowdstrike $267,807 dollars for maintenance, data services and consulting, among other things, according to federal records. . . .”
  • An important article underscores that many tech experts disagree with the government’s so-called analysis: ” . . . . Yet despite the scores of breathless media pieces that assert that Russia’s interference in the election is ‘case closed,’might some skepticism be in order? Some cyber experts say ‘yes.’ . . . Cyber-security experts have also weighed in. The security editor at Ars Technica observed that ‘Instead of providing smoking guns that the Russian government was behind specific hacks,’ the government report ‘largely restates previous private sector claims without providing any support for their validity.’ Robert M. Lee of the cyber-security company Dragos noted that the report ‘reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.’ Cybersecurity consultant Jeffrey Carr noted that the report ‘merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists.’ . . .”
  • CrowdStrike–at the epicenter of the supposed Russian hacking controversy is noteworthy. Its co-founder and chief technology officer, Dmitry Alperovitch is a senior fellow at the Atlantic Council, financed by elements that are at the foundation of fanning the flames of the New Cold War: “In this respect, it is worth noting that one of the commercial cybersecurity companies the government has relied on is Crowdstrike, which was one of the companies initially brought in by the DNC to investigate the alleged hacks. . . . Dmitri Alperovitch is also a senior fellow at the Atlantic Council. . . . The connection between [Crowdstrike co-founder and chief technology officer Dmitri] Alperovitch and the Atlantic Council has gone largely unremarked upon, but it is relevant given that the Atlantic Council—which is is funded in part by the US State Department, NATO, the governments of Latvia and Lithuania, the Ukrainian World Congress, and the Ukrainian oligarch Victor Pinchuk—has been among the loudest voices calling for a new Cold War with Russia. As I pointed out in the pages of The Nation in November, the Atlantic Council has spent the past several years producing some of the most virulent specimens of the new Cold War propaganda. . . .
  • There was an update back in December from the German government regarding its assessment of the 2015 Bundgestag hacks (attributed to “Fancy Bear” and “Cozy Bear,” as mentioned in the Sandro Gaycken post above) that it attributed to APT28 and Russia: while it asserts the hacks did indeed take place, the leaked documents were later determined to be an insider leak (via Google translate). “ . . . . According to the report, federal security authorities are convinced that not hackers had stolen the 2420 documents published by the Internet platform Wikileaks in early December. There was certainly no evidence that the material had been stolen in the cyber attack on the Bundestag in 2015, it was called into security crises. . . . ”
  • Another article details at length the skepticism and outright scorn many cybersecurity experts feel concerning the report. ” . . . . Did the Russian government hack the DNC and feed documents to WikiLeaks? There are really two questions here: who hacked the DNC, and who released the DNC documents? These are not necessarily the same. An earlier intrusion into German parliament servers was blamed on the Russians, yet the release of documents to WikiLeaks is thought to have originated from an insider. [35] Had the Russians hacked into the DNC, it may have been to gather intelligence, while another actor released the documents. But it is far from certain that Russian intelligence services had anything to do with the intrusions. Julian Assange says that he did not receive the DNC documents from a nation-state. It has been pointed out that Russia could have used a third party to pass along the material. Fair enough, but former UK diplomat Craig Murray asserts: ‘I know who the source is… It’s from a Washington insider. It’s not from Russia.’ [We wonder if it might have been Tulsi Gabbard–D.E.] [36] . . . .”
  • Exemplifying some of the points of dissension in the above-linked story: ” . . . . Cybersecurity analyst Robert Graham was particularly blistering in his assessment of the government’s report, characterizing it as “full of garbage.” The report fails to tie the indicators of compromise to the Russian government. ‘It contains signatures of viruses that are publicly available, used by hackers around the world, not just Russia. It contains a long list of IP addresses from perfectly normal services, like Tor, Google, Dropbox, Yahoo, and so forth. Yes, hackers use Yahoo for phishing and maladvertising. It doesn’t mean every access of Yahoo is an ‘indicator of compromise’.’ Graham compared the list of IP addresses against those accessed by his web browser, and found two matches. ‘No,’ he continues. ‘This doesn’t mean I’ve been hacked. It means I just had a normal interaction with Yahoo. It means the Grizzly Steppe IoCs are garbage. . . .”
  • The source code used in the attacks traces back to Ukraine! ” . . . . In conjunction with the report, the FBI and Department of Homeland Security provided a list of IP addresses it identified with Russian intelligence services. [22] Wordfence analyzed the IP addresses as well as a PHP malware script provided by the Department of Homeland Security. In analyzing the source code, Wordfence discovered that the software used was P.A.S., version 3.1.0. It then found that the website that manufactures the malware had a site country code indicating that it is Ukrainian. [Note this!–D.E.] The current version of the P.A.S. software is 4.1.1, which is much newer than that used in the DNC hack, and the latest version has changed ‘quite substantially.’ Wordfence notes that not only is the software ‘commonly available,’ but also that it would be reasonable to expect ‘Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.’ To put it plainly, Wordfence concludes that the malware sample ‘has no apparent relationship with Russian intelligence.’ . . .”

The program concludes with a frightening piece of legislation signed into law by Barack Obama in December. It is an ominous portent of the use of government and military power to suppress dissenting views as being “Russian” propaganda tools! “. . . . The new law is remarkable for a number of reasons, not the least because it merges a new McCarthyism about purported dissemination of Russian ‘propaganda’ on the Internet with a new Orwellianism by creating a kind of Ministry of Truth – or Global Engagement Center – to protect the American people from ‘foreign propaganda and disinformation.’ . . . As part of the effort to detect and defeat these unwanted narratives, the law authorizes the Center to: ‘Facilitate the use of a wide range of technologies and techniques by sharing expertise among Federal departments and agencies, seeking expertise from external sources, and implementing best practices.’ (This section is an apparent reference to proposals that Google, Facebook and other technology companies find ways to block or brand certain Internet sites as purveyors of ‘Russian propaganda’ or ‘fake news.’) . . .”

Program Highlights Include:

  • Review of key points pointing to the milieu of the OUN/B in Ukraine in the generation of the “Russia did it” meme. Note similarities between: the PropOrNot list of supposed “Russian” fake news outlets, the list of “Russian” journalists and websites and the Global Engagement Center created by Obama in the waning days of his administration.
  • The “PropOrNot” group quoted in a Washington Post story tagging media outlets, websites and blogs as “Russian/Kremlin stooges/propaganda tools/agents” is linked to the OUN/B heirs now in power in Ukraine. ” . . . One PropOrNot tweet, dated November 17, invokes a 1940s Ukrainian fascist salute “Heroiam Slava!!” [17] to cheer a news item on Ukrainian hackers fighting Russians. The phrase means “Glory to the heroes” and it was formally introduced by the fascist Organization of Ukrainian Nationalists (OUN) at their March-April 1941 congress in Nazi occupied Cracow, as they prepared to serve as Nazi auxiliaries in Operation Barbarossa. . . . ‘the OUN-B introduced another Ukrainian fascist salute at the Second Great Congress of the Ukrainian Nationalists in Cracow in March and April 1941. This was the most popular Ukrainian fascist salute and had to be performed according to the instructions of the OUN-B leadership by raising the right arm ‘slightly to the right, slightly above the peak of the head’ while calling ‘Glory to Ukraine!’ (Slava Ukraїni!) and responding ‘Glory to the Heroes!’ (Heroiam Slava!). . . .”
  • The OUN/B heirs ruling Ukraine compiled a list of journalists who were “Russian/Kremlin stooges/propaganda tools/agents,” including personal data and contact information (like that made public in the WikiLeaks data dump of DNC e-mails). This list was compiled by the Ukrainian intelligence service, interior ministry and–ahem–hackers: “. . . . One of the more frightening policies enacted by the current oligarch-nationalist regime in Kiev is an online blacklist [42] of journalists accused of collaborating with pro-Russian ‘terrorists.’ [43]  The website, ‘Myrotvorets’ [43] or ‘Peacemaker’—was set up by Ukrainian hackers working with state intelligence and police, all of which tend to share the same ultranationalist ideologies as Parubiy and the newly-appointed neo-Nazi chief of the National Police. . . . Ukraine’s journalist blacklist website—operated by Ukrainian hackers working with state intelligence—led to a rash of death threats against the doxxed journalists, whose email addresses, phone numbers and other private information was posted anonymously to the website. Many of these threats came with the wartime Ukrainian fascist salute: ‘Slava Ukraini!’ [Glory to Ukraine!] So when PropOrNot’s anonymous ‘researchers’ reveal only their Ukrainian(s) identity, it’s hard not to think about the spy-linked hackers who posted the deadly ‘Myrotvorets’ blacklist of ‘treasonous’ journalists. . . .”
  • A Ukrainian activist named Alexandra Chalupa has been instrumental in distributing the “Russia did it” disinformation to Hillary Clinton and influencing the progress of the disinformation in the media. ” . . . . One of the key media sources [46] who blamed the DNC hacks on Russia, ramping up fears of crypto-Putinist infiltration, is a Ukrainian-American lobbyist working for the DNC. She is Alexandra Chalupa—described as the head of the Democratic National Committee’s opposition research on Russia and on Trump, and founder and president of the Ukrainian lobby group ‘US United With Ukraine Coalition’ [47], which lobbied hard to pass a 2014 bill increasing loans and military aid to Ukraine, imposing sanctions on Russians, and tightly aligning US and Ukraine geostrategic interests. . . . In one leaked DNC email [50] earlier this year, Chalupa boasts to DNC Communications Director Luis Miranda that she brought Isikoff to a US-government sponsored Washington event featuring 68 Ukrainian journalists, where Chalupa was invited ‘to speak specifically about Paul Manafort.’ In turn, Isikoff named her as the key inside source [46] ‘proving’ that the Russians were behind the hacks, and that Trump’s campaign was under the spell of Kremlin spies and sorcerers. . . .”

 

1a. An interesting piece by Dr. Sandro Gaycken, a Berlin-based former ‘hacktivist’ who now advises NATO and the German government on cyber-security matters, makes the case that the evidence implicating Russia was very much the type of evidence a talented team could spoof. He also notes that some of the tools used in the hack were the same used last year when Angela Merkel’s computer was hacked and used to infect other computers at the Bundestag. That hack was also blamed on Russian hackers. But, again, as the article below points out, when the evidence for who is responsible is highly spoofable, confidently assigning blame is almost too easy.

Dr. Gaycken’s observations will be expanded upon in material presented later in the program.

 “Blaming Russia For the DNC Hack Is Almost Too Easy” by Dr. Sandro Gaycken; Council on Foreign Relations Blog; 8/01/2016.

Dr. Sandro Gaycken is the Director of the Digital Society Institute, a former hacktivist, and a strategic advisor to NATO, some German DAX-companies and the German government on cyber matters.

The hack of the Democratic National Committee (DNC) definitely looks Russian. The evidence is compelling. The tools used in the incident appeared in previous cases of alleged Russian espionage, some of which appeared in the German Bundestag hack. The attackers, dubbed Cozy Bear and Fancy Bear, have been known for years and have long been rumored to have a Russian connection. Other indicators such as IP addresses, language and location settings in the documents’ metadata and code compilation point to Russia. The Kremlin is also known to practice influence operations, and a leak before the Democrats’ convention fits that profile as does laundering the information through a third party like Wikileaks. Finally, the cui bono makes sense as well; Russia may favor Donald Trump given his Putin-friendly statements and his views on NATO.

Altogether, it looks like a clean-cut case. But before accusing a nuclear power like Russia of interfering in a U.S. election, these arguments should be thoroughly and skeptically scrutinized.

A critical look exposes the significant flaws in the attribution. First, all of the technical evidence can be spoofed. Although some argue that spoofing the mound of uncovered evidence is too much work, it can easily be done by a small team of good attackers in three or four days. Second, the tools used by Cozy Bear appeared on the black market when they were first discovered years ago and have been recycled and used against many other targets, including against German industry. The reuse and fine-tuning of existing malware happens all the time. Third, the language, location settings, and compilation metadata can easily be altered by changing basic settings on the attacker’s computer in five minutes without the need of special knowledge. None of the technical evidence is convincing. It would only be convincing if the attackers used entirely novel, unique, and sophisticated tools with unmistakable indicators pointing to Russia supported by human intelligence, not by malware analysis.

The DNC attackers also had very poor, almost comical, operational security (OPSEC). State actors tend to have a quality assurance review when developing cyberattack tools to minimize the risk of discovery and leaving obvious crumbs behind. Russian intelligence services are especially good. They are highly capable, tactically and strategically agile, and rational. They ensure that offensive tools are tailored and proportionate to the signal they want to send, the possibility of disclosure and public perception, and the odds of escalation. The shoddy OPSEC just doesn’t fit what we know about Russian intelligence.

The claim that Guccifer 2.0 is a Russian false flag operation may not hold up either. If Russia wanted to cover up the fact it had hacked the DNC, why create a pseudonym that could only attract more attention and publish emails?Dumping a trove of documents all at once is less valuable than cherry picking the most damaging information and strategically leaking it in a crafted and targeted fashion, as the FSB, SVR or GRU have probably done in the past. Also, leaking to Wikileaks isn’t hard. They have a submission form.

Given these arguments, blaming Russia is not a slam dunk. Why would a country with some of the best intelligence services in the world commit a whole series of really stupid mistakes in a highly sensitive operation?Why pick a target that has a strong chance of leading to escalatory activity when Russia is known to prefer incremental actions over drastic ones? Why go through the trouble of a false flag when doing nothing would have been arguably better? Lastly, how does Russia benefit from publicly backing Donald Trump given that Republicans have been skeptical of improving relations?

The evidence and information in the public domain strongly suggests Russia was behind the DNC hack, even though Russian intelligence services would have had the choice of not making it so clear cut given what we know about their tools, tactics, procedures, and thinking.

The DNC hack leads to at least four “what if” questions, each with its own significant policy consequences. First, if Russia had poor operational security and misjudged its target, it needs to be educated about the sensitivity of certain targets in its favorite adversary countries to avoid a repeat of this disaster. Second, if Russia deliberately hacked the DNC to leak confidential information, it would represent a strategic escalation on behalf of the Kremlin and the world would need to prepare for difficult times ahead. Third, if the breach and leak were perpetrated by a bunch of random activists using the pseudonym “Guccifer 2.0“, it would be the first instance of non-state actors succeeding in creating a global incident with severe strategic implications, demanding more control of such entities and a much better design of escalatory processes among nations. Finally, it is entirely possible that this was a false flag operation by an unknown third party to escalate tensions between nuclear superpowers. If this is the case, this party has to be uncovered. . . .

1b.  The joint CIA/FBI/NSA declassified version of the Intelligence Report on Russian hacking came out. There is no substantive detail in the report:

“ . . . . To summarize, the report says that the CIA, FBI, and National Security Agency believe that Russian hackers—directed ultimately by Vladimir Putin—hacked email accounts belonging to the Democratic National Committee and to Clinton campaign chairman John Podesta and then passed the material they obtained on to WikiLeaks through a third party. This was done, the report asserts, because the Russians believed that Donald Trump would be friendlier to their country’s interests, as president, than Hillary Clinton. And … that’s about it. Not counting intro pages or appendices, the report is five pages long and does not include any description of the actual evidence that Russian actors were responsible for the DNC/Podesta hacks (an assertion that’s supported by publicly available evidence analyzed by third parties) or the assertion that Putin ultimately directed the release of hacked material in order to help elect Donald Trump (an assertion that’s harder to verify independently). . . . .”

Five pages of no evidence. Altogether unconvincing.

The charge that Russian government actors were responsible for the DNC/Podesta hacks is …an assertion that’s supported by publicly available evidence analyzed by third parties.

We note that the evidence that John Podesta spearphishing campaign was part of a broader attack against the DNC, like so much evidence in this case, based on the inexplicable and massive security mistake made by the hackers when they left their Bitly profile used to execute their spearphisphing attack open to the public so every in the world could see that these hackers set up special spearphishing attacks against a large number of Democratic officials. One of many inexplicable and massive security mistakes that these Russian hackers made.

“The Declassified Intelligence Report on Russian Hacking Tells Us Very Little We Don’t Already Know” by Ben Mathis-Lilley; Slate; 1/06/2017.

 On Thursday, Director of National Intelligence James Clapper told the Senate Armed Services Committee that an unclassified version of a joint “intelligence community” report about Russian hacking would be released next week. Said report was in fact posted online this afternoon, and after reading it, the “Friday news dump” timing makes sense: The top-line takeaways in the document are mostly conclusions that have already been leaked or discussed publicly by figures such as Clapper himself. Moreover, since the release is an unclassified version of a report that presumably involves material obtained through intelligence-gathering operations that are still active, no information about the “sources and methods” supporting its conclusions is included.

To summarize, the report says that the CIA, FBI, and National Security Agency believe that Russian hackers—directed ultimately by Vladimir Putin—hacked email accounts belonging to the Democratic National Committee and to Clinton campaign chairman John Podesta and then passed the material they obtained on to WikiLeaks through a third party. This was done, the report asserts, because the Russians believed that Donald Trump would be friendlier to their country’s interests, as president, than Hillary Clinton. And … that’s about it. Not counting intro pages or appendices, the report is five pages long and does not include any description of the actual evidence that Russian actors were responsible for the DNC/Podesta hacks (an assertion that’s supported by publicly available evidence analyzed by third parties) or the assertion that Putin ultimately directed the release of hacked material in order to help elect Donald Trump (an assertion that’s harder to verify independently).

The report’s final paragraph does involve what I believe is a new, ominous tidbit about ongoing hack attempts:

Immediately after Election Day, we assess Russian intelligence began a spearphishing campaign targeting US Government employees and individuals associated with US think tanks and NGOs in national security, defense, and foreign policy fields. This campaign could provide material for future influence efforts as well as foreign intelligence collection on the incoming administration’s goals and plans.

In other words: More fun times ahead!

2a. One of many remarkable aspects of this investigation, and one which argues strongly against Russia being the culprit, concerns the fact that the hackers used Bitly technology that enabled the whole world to see what they were doing!

How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts” by Lorenzo Franceschi-Bicchierai; Vice Motherboard; 10/30/2016.

. . . . SecureWorks was tracking known Fancy Bear command and control domains. One of these lead to a Bitly shortlink, which led to the Bitly account, which led to the thousands of Bitly URLs that were later connected to a variety of attacks, including on the Clinton campaign. With this privileged point of view, for example, the researchers saw Fancy Bear using 213 short links targeting 108 email addresses on the hillaryclinton.com domain, as the company explained in a somewhat overlooked report earlier this summer, and as BuzzFeed reported last week.

Using Bitly allowed “third parties to see their entire campaign including all their targets— something you’d want to keep secret,” Tom Finney, a researcher at SecureWorks, told Motherboard.

It was one of Fancy Bear’s “gravest mistakes,” as Thomas Rid, a professor at King’s College who has closely studied the case, put it in a new piece published on Thursday in Esquire, as it gave researchers unprecedented visibility into the activities of Fancy Bear, linking different parts of its larger campaign together. . . .

2b. The hack of John Podesta’s e-mail–alleged to have been performed by Russia–originated with a phishing attack from Ukraine.

 Although it may not be significant, the hack into Clinton campaign manager John D. Podesta’s gmail account originated with Ukraine.

NB: such information can be easily spoofed by a skilled hacker.

“The Phishing Email that Hacked the Account of John Podesta;” CBS News; 10/28/2016.

This appears to be the phishing email that hacked Clinton campaign chairman John Podesta’s Gmail account. Further, The Clinton campaign’s own computer help desk thought it was real email sent by Google, even though the email address had a suspicious “googlemail.com” extension. . . .

. . . . The email, with the subject line “*Someone has your password,*” greeted Podesta, “Hi John” and then said, “Someone just used your password to try to sign into your Google Account john.podesta@gmail.com.” Then it offered a time stamp and an IP address in “Location: Ukraine.” . . .”

3.  It should be noted that while this report is signed off on by the CIA, NSA, and FBI, the FBI never examined the DNC’s hacked server. Instead, according to the DNC, the job was outsourced to CrowdStrike!

Neither the FBI, nor any other U.S. government entity has run an independent forensic analysis on the system!

” . . . Six months after the FBI first said it was investigating the hack of the Democratic National Committee’s computer network, the bureau has still not requested access to the hacked servers, a DNC spokesman said. No US government entity has run an independent forensic analysis on the system, one US intelligence official told BuzzFeed News. . . .The FBI has instead relied on computer forensics from a third-party tech security company, CrowdStrike, which first determined in May of last year that the DNC’s servers had been infiltrated by Russia-linked hackers, the U.S. intelligence official told BuzzFeed News. . .‘CrowdStrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate,’ the intelligence official said, adding they were confident Russia was behind the widespread hacks. . . It’s unclear why the FBI didn’t request access to the DNC servers, and whether it’s common practice when the bureau investigates the cyberattacks against private entities by state actors, like when the Sony Corporation was hacked by North Korea in 2014. BuzzFeed News spoke to three cybersecurity companies who have worked on major breaches in the last 15 months, who said that it was “par for the course” for the FBI to do their own forensic research into the hacks. None wanted to comment on the record on another cybersecurity company’s work, or the work being done by a national security agency. . . .”

“The FBI Never Asked For Access To Hacked Computer Servers” by Ali Watkins; BuzzFeed; 1/4/2017.

The Democratic National Committee tells BuzzFeed News that the bureau “never requested access” to the servers the White House and intelligence community say were hacked by Russia.

The FBI did not examine the servers of the Democratic National Committee before issuing a report attributing the sweeping cyberintrusion to Russia-backed hackers, BuzzFeed News has learned.

Six months after the FBI first said it was investigating the hack of the Democratic National Committee’s computer network, the bureau has still not requested access to the hacked servers, a DNC spokesman said. No US government entity has run an independent forensic analysis on the system, one US intelligence official told BuzzFeed News.

“The DNC had several meetings with representatives of the FBI’s Cyber Division and its Washington (DC) Field Office, the Department of Justice’s National Security Division, and U.S. Attorney’s Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC’s computer servers,” Eric Walker, the DNC’s deputy communications director, told BuzzFeed News in an email.

The FBI has instead relied on computer forensics from a third-party tech security company, CrowdStrike, which first determined in May of last year that the DNC’s servers had been infiltrated by Russia-linked hackers, the U.S. intelligence official told BuzzFeed News.

“CrowdStrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate,” the intelligence official said, adding they were confident Russia was behind the widespread hacks.

The FBI declined to comment.

“Beginning at the time the intrusion was discovered by the DNC, the DNC cooperated fully with the FBI and its investigation, providing access to all of the information uncovered by CrowdStrike — without any limits,” said Walker, whose emails were stolen and subsequently distributed throughout the cyberattack.

It’s unclear why the FBI didn’t request access to the DNC servers, and whether it’s common practice when the bureau investigates the cyberattacks against private entities by state actors, like when the Sony Corporation was hacked by North Korea in 2014.

BuzzFeed News spoke to three cybersecurity companies who have worked on major breaches in the last 15 months, who said that it was “par for the course” for the FBI to do their own forensic research into the hacks. None wanted to comment on the record on another cybersecurity company’s work, or the work being done by a national security agency. . . .

4. The FBI claims that the DNC denied them access to the servers! ” . . . . The FBI struck back at the Democratic National Committee on Thursday, accusing it of denying federal investigators access to its computer systems and hamstringing its investigation into the infiltration of DNC servers by Russia-backed hackers. ‘The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated. This left the FBI no choice but to rely upon a third party for information,’ a senior law enforcement official told BuzzFeed News in a statement. ‘These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.’ . . . The warring statements are the latest twists in an extraordinary standoff between the Democrats and federal investigators that reached a fever pitch over the bureau’s probe into Democratic nominee Hillary Clinton’s private email server. . . . The FBI announced it was investigating the hack of the DNC’s servers in July, after a third-party computer security firm, Crowdstrike, said it had evidence of Kremlin-backed hackers infiltrating its system. . . .”

Note the ambiguity in the FBI’s statement. It’s not saying that the DNC rebuffed the FBI forever. It said the DNC rebuffed the FBI “until well after the initial compromise had been mitigated”. And the initial compromise was presumably “mitigated” by May of 2016 since that’s as far as the leaked emails go up to. So has the FBI, or any other government agency, requested access to the DNC servers after that point? How about since the election? If that request hasn’t been made, that adds to the strangeness of of the affair.

“The FBI Now Says Democrats Were Behind Hack Investigation Delay” by Ali Watkins; BuzzFeed; 1/5/2017.

The Democratic National Committee refused to give FBI investigators access to their hacked servers, according to an FBI statement, a conclusion the president-elect was quick to embrace.

The FBI struck back at the Democratic National Committee on Thursday, accusing it of denying federal investigators access to its computer systems and hamstringing its investigation into the infiltration of DNC servers by Russia-backed hackers.

“The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated. This left the FBI no choice but to rely upon a third party for information,” a senior law enforcement official told BuzzFeed News in a statement. ‘These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.’

The DNC said the FBI had never asked for access to their hacked servers, BuzzFeed News reported on Wednesday.

A DNC source familiar with the investigation tried to downplay that report on Thursday, hours before the FBI statement was issued. The fact that the FBI didn’t have direct access to the servers was not “significant,” the source said.

“I just don’t think that that’s really material or an important thing,” the source continued. “They had what they needed. There are always haters out here.”

The DNC source also brushed off the idea that it was the DNC that refused to let FBI access the server. When BuzzFeed News attempted to reach the official after the FBI statement came out, he declined to comment.

The warring statements are the latest twists in an extraordinary standoff between the Democrats and federal investigators that reached a fever pitch over the bureau’s probe into Democratic nominee Hillary Clinton’s private email server. That investigation saw FBI Director James Comey break long-standing tradition against potentially influencing elections, issuing a public letter to Congress 10 days before the election announcing potential new evidence in the case. The review ended with the FBI maintaining its Julyonclusion that Clinton should not face  criminal charges, a fact that was declared only two days before polls opened. The timing fueled speculation over Clinton’s potential wrongdoing and tipped the scales in Trump’s favor, Democrats say.

The FBI announced it was investigating the hack of the DNC’s servers in July, after a third-party computer security firm, Crowdstrike, said it had evidence of Kremlin-backed hackers infiltrating its system. That hack — which federal officials have formally attributed to Russian hackers cleared by senior Russian officials — and subsequent release of stolen emails was part of a broader effort by Russia to influence the US election and push Donald Trump into the White House, according to FBI and CIA analysis.

A US intelligence official, requesting anonymity to discuss the investigation, said that because the FBI did not have access to the DNC servers, investigators had been forced to rely on computer forensics from the Crowdstrike analysis. Crowdstrike was originally hired by the DNC to investigate the hacks in the spring of 2016.

In a statement sent to BuzzFeed News Wednesday, the DNC said it cooperated fully with the FBI investigation and shared all of the Crowdstrike information with the FBI.

The DNC declined to comment on the FBI’s statement.

The FBI and the Department of Homeland Security, in a report released in the last week of December, publicly accused Russia of being behind the sweeping cyberattacks. The White House subsequently expelled 35 Russian diplomats from the US, issued sanctions against Russian intelligence officials, and cut off access to two Russian diplomatic facilities in the US.

A separate report on the widespread Russian influence operation, compiled by the Director of National Intelligence, was briefed to the White House on Thursday. A declassified version is expected to be publicly released on Monday.

5. The DNC responded to the FBI’s counter-assertion by reasserting that it’s giving the FBI full access to whatever it requested. If there’s a problem with the FBI getting access to that server, it’s a problem between the FBI and Crowdstrike:

” . . . The FBI had previously told lawmakers on the Hill that the DNC had not allowed federal investigators to access their servers. After BuzzFeed News reported on Wednesday that the DNC claimed FBI agents had never asked for the servers, congressional officials pressured the FBI for answers. A senior law enforcement official issued a public statement on the matter Thursday night. ‘Someone is lying their ass off,’ a US intelligence official said of the warring statements. But officials with the DNC still assert they’ve ‘cooperated with the FBI 150%.They’ve had access to anything they want. Anything that they desire. Anything they’ve asked, we’ve cooperated,’ the DNC official said. ‘If anybody contradicts that it’s between Crowdstrike and the FBI.’ . . . ”

” . . . . Without direct access to the computer network, another US intelligence official told BuzzFeed, federal investigators had been forced to rely on the findings of the private cybersecurity firm Crowdstrike for computer forensics. From May through August of 2016, the Democratic National Committee paid Crowdstrike $267,807 dollars for maintenance, data services and consulting, among other things, according to federal records. . . .”

“DNC: That Fight With FBI Over Hacked Servers Was All A Misunderstanding” by Ali WatkinsBuzzFeed; 1/6/2017.

The Democratic National Committee downplayed its public spat with the FBI on Friday over why federal investigators did not independently examine their servers breached by Russian cyberspies, saying it was a misunderstanding that didn’t have anything to do with lingering political tensions between the two.“There’s no fight between the Bureau and the DNC,” a high-level DNC official told BuzzFeed News, requesting anonymity to discuss the investigation. “I don’t know how this has happened, I don’t know where this is coming from.”

The FBI announced in July it was investigating a sweeping cyberattack against the DNC, later attributed to Russia-backed hackers. That intrusion, and subsequent release of stolen DNC emails, was part of a broader Kremlin-directed effort to undermine the US election, smearing Democrats and bolstering Donald Trump, according to an intelligence assessment released Friday.

The FBI’s investigation of the hack, launched in July, came under sharp scrutiny Wednesday after BuzzFeed News revealed that the FBI had never had direct access to the committee’s hacked servers, and that no US Government entity had yet run an independent forensic analysis on the system. Instead, federal investigators had relied on computer forensics from a third-party DNC contractor, Crowdstrike.

“How and why are they so sure about hacking if they never even requested an examination of the computer servers?” President-elect Donald Trump tweeted on Thursday about the scandal. “What is going on?”

A spokesman for the DNC did not respond when asked what had led to the communications breakdown between their organization and the FBI by Friday night. The FBI did not respond to a request for comment.

The DNC said Wednesday that the FBI had never asked for access to the servers. On Thursday, in a stunning counterpunch, the FBI said it had not only asked, but had consistently and repeatedly been denied access by DNC officials, who the bureau said had “inhibited” the investigation.

It was a startling twist in a tense storyline that’s emerged between the DNC and the FBI, who top Democrats say torpedoed Hillary Clinton’s presidential prospects by mishandling its wholly separate investigation into the Democratic presidential nominee’s use of a private email server while she was Secretary of State.

The FBI had previously told lawmakers on the Hill that the DNC had not allowed federal investigators to access their servers. After BuzzFeed News reported on Wednesday that the DNC claimed FBI agents had never asked for the servers, congressional officials pressured the FBI for answers. A senior law enforcement official issued a public statement on the matter Thursday night.

“Someone is lying their ass off,” a US intelligence official said of the warring statements.

But officials with the DNC still assert they’ve “cooperated with the FBI 150%.”

“They’ve had access to anything they want. Anything that they desire. Anything they’ve asked, we’ve cooperated,” the DNC official said. “If anybody contradicts that it’s between Crowdstrike and the FBI.”

DNC officials planned to reach out to the FBI Friday to try and clarify both institutions’ positions, the official said.

Without direct access to the computer network, another US intelligence official told BuzzFeed, federal investigators had been forced to rely on the findings of the private cybersecurity firm Crowdstrike for computer forensics. From May through August of 2016, the Democratic National Committee paid Crowdstrike $267,807 dollars for maintenance, data services and consulting, among other things, according to federal records. . . .

6. A key element of analysis is an important article in The Nation by James Carden. This story points out that a number of cyber-security experts are skeptical of the official findings.

Furthermore the story points out that Crowdstrike is headed by Dmitri Alperovitch a senior fellow at the Atlantic Council, which is funded, in part, by the State Department, NATO, Lithuania, Latvia, the Ukrainian World Congress and Ukrainian oligarch Victor Pinchuk!

” . . . . Yet despite the scores of breathless media pieces that assert that Russia’s interference in the election is ‘case closed,’might some skepticism be in order? Some cyber experts say ‘yes.’ . . . Cyber-security experts have also weighed in. The security editor at Ars Technica observed that ‘Instead of providing smoking guns that the Russian government was behind specific hacks,’ the government report ‘largely restates previous private sector claims without providing any support for their validity.’ Robert M. Lee of the cyber-security company Dragos noted that the report ‘reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.’ Cybersecurity consultant Jeffrey Carr noted that the report ‘merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists.’ . . .”

“In this respect, it is worth noting that one of the commercial cybersecurity companies the government has relied on is Crowdstrike, which was one of the companies initially brought in by the DNC to investigate the alleged hacks.”

” . . . . Dmitri Alperovitch is also a senior fellow at the Atlantic Council. . . . The connection between [Crowdstrike co-founder and chief technology officer Dmitri] Alperovitch and the Atlantic Council has gone largely unremarked upon, but it is relevant given that the Atlantic Council—which is is funded in part by the US State Department, NATO, the governments of Latvia and Lithuania, the Ukrainian World Congress, and the Ukrainian oligarch Victor Pinchuk—has been among the loudest voices calling for a new Cold War with Russia. As I pointed out in the pages of The Nation in November, the Atlantic Council has spent the past several years producing some of the most virulent specimens of the new Cold War propaganda. . . .

 “Is Skepticism Treason?” by James Carden; The Nation ; 1/3/2017.

Despite the scores of media pieces which assert that Russia’s interference in the election is “case closed,” some cyber experts say skepticism is still in order.

The final days of 2016 were filled with more developments—some real, some not—in the ongoing story of Russia’s alleged interference in the US presidential election. On December 29, the FBI and the Department of Homeland Security released a joint report that provided “technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election.”

In retaliation, the Obama administration announced that it was expelling 35 Russian diplomats, closing 2 diplomatic compounds in Maryland and New York, and applying sanctions on Russia’s intelligence service. A day later, December 30, The Washington Post reported that an electrical utility in Vermont had been infiltrated by the same Russian malware that used to hack the DNC.

Taken together, these events set off a wave of media condemnation not just of the Russian government, but of President-elect Donald J. Trump for what is widely believed to be his overly accommodative posture toward Russian President Vladimir Putin.

Yet despite the scores of breathless media pieces that assert that Russia’s interference in the election is “case closed,” might some skepticism be in order? Some cyber experts say “yes.”

As was quickly pointed out by the Burlington Free Press, The Washington Post’s story on the Vermont power grid was inaccurate. The malware was detected on a laptop that belonged to the utility but was not connected to the power plant. “The grid is not in danger,” said a spokesman for the Burlington utility. The Post has since amended its story with an editor’s note (as it did when its November 24 story on Russian “fake news” by reporter Craig Timberg was widely refuted) dialing back its original claims of Russian infiltration.

Cyber-security experts have also weighed in. The security editor at Ars Technica observed that “Instead of providing smoking guns that the Russian government was behind specific hacks,” the government report “largely restates previous private sector claims without providing any support for their validity.” Robert M. Lee of the cyber-security company Dragos noted that the report “reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.” Cybersecurity consultant Jeffrey Carr noted that the report “merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists.”

In this respect, it is worth noting that one of the commercial cybersecurity companies the government has relied on is Crowdstrike, which was one of the companies initially brought in by the DNC to investigate the alleged hacks.

In late December, Crowdstrike released a largely debunked report claiming that the same Russian malware that was used to hack the DNC has been used by Russian intelligence to target Ukrainian artillery positions. Crowdstrike’s co-founder and chief technology officer, Dmitri Alperovitch, told PBS, “Ukraine’s artillery men were targeted by the same hackers…that targeted DNC, but this time they were targeting cellphones [belonging to the Ukrainian artillery men] to try to understand their location so that the Russian artillery forces can actually target them in the open battle.”

Dmitri Alperovitch is also a senior fellow at the Atlantic Council.

The connection between Alperovitch and the Atlantic Council has gone largely unremarked upon, but it is relevant given that the Atlantic Council—which is is funded in part by the US State Department, NATO, the governments of Latvia and Lithuania, the Ukrainian World Congress, and the Ukrainian oligarch Victor Pinchuk—has been among the loudest voices calling for a new Cold War with Russia. As I pointed out in the pages of The Nation in November, the Atlantic Council has spent the past several years producing some of the most virulent specimens of the new Cold War propaganda.

It would seem then that a healthy amount of skepticism toward a government report that relied, in part, on the findings of private-sector cyber security companies like Crowdstrike might be in order. And yet skeptics have found themselves in the unenviable position of being accused of being Kremlin apologists, or worse.

 7. The OUN/B milieu in the U.S. has apparently been instrumental in generating the “Russia did it” disinformation about the high-profile hacks. In the Alternet.org article, Mark Ames highlights several points:

“The Anonymous Blacklist Quoted by the Washington Post Has Apparent Ties to Ukrainian Fascism and CIA Spying” by Mark Ames; Alternet.org; 12/7/2016.

  • Emblem of the Ukrainian Azov Battalion

    Emblem of the Ukrainian Azov Battalion

    The “PropOrNot” group quoted in a Washington Post story tagging media outlets, websites and blogs as “Russian/Kremlin stooges/propaganda tools/agents” is linked to the OUN/B heirs now in power in Ukraine. ” . . . One PropOrNot tweet, dated November 17, invokes a 1940s Ukrainian fascist salute “Heroiam Slava!!” [17] to cheer a news item on Ukrainian hackers fighting Russians. The phrase means “Glory to the heroes” and it was formally introduced by the fascist Organization of Ukrainian Nationalists (OUN) at their March-April 1941 congress in Nazi occupied Cracow, as they prepared to serve as Nazi auxiliaries in Operation Barbarossa. . . . ‘the OUN-B introduced another Ukrainian fascist salute at the Second Great Congress of the Ukrainian Nationalists in Cracow in March and April 1941. This was the most popular Ukrainian fascist salute and had to be performed according to the instructions of the OUN-B leadership by raising the right arm ‘slightly to the right, slightly above the peak of the head’ while calling ‘Glory to Ukraine!’ (Slava Ukraїni!) and responding ‘Glory to the Heroes!’ (Heroiam Slava!). . . .”

  • The OUN/B heirs ruling Ukraine compiled a list of journalists who were “Russian/Kremlin stooges/propaganda tools/agents,” including personal data and contact information (like that made public in the WikiLeaks data dump of DNC e-mails). This list was compiled by the Ukrainian intelligence service, interior ministry and–ahem–hackers: “. . . . One of the more frightening policies enacted by the current oligarch-nationalist regime in Kiev is an online blacklist [42] of journalists accused of collaborating with pro-Russian ‘terrorists.’ [43]  The website, ‘Myrotvorets’ [43] or ‘Peacemaker’—was set up by Ukrainian hackers working with state intelligence and police, all of which tend to share the same ultranationalist ideologies as Parubiy and the newly-appointed neo-Nazi chief of the National Police. . . . Ukraine’s journalist blacklist website—operated by Ukrainian hackers working with state intelligence—led to a rash of death threats against the doxxed journalists, whose email addresses, phone numbers and other private information was posted anonymously to the website. Many of these threats came with the wartime Ukrainian fascist salute: “Slava Ukraini!” [Glory to Ukraine!] So when PropOrNot’s anonymous “researchers” reveal only their Ukrainian(s) identity, it’s hard not to think about the spy-linked hackers who posted the deadly ‘Myrotvorets’ blacklist of “treasonous” journalists. . . .”
  • Helmets of the Ukrainian Azov battalion: Your tax dollars at work

    Helmets of the Ukrainian Azov battalion: Your tax dollars at work

    A Ukrainian activist named Alexandra Chalupa has been instrumental in distributing the “Russia did it” disinformation to Hillary Clinton and influencing the progress of the disinformation in the media. ” . . . . One of the key media sources [46] who blamed the DNC hacks on Russia, ramping up fears of crypto-Putinist infiltration, is a Ukrainian-American lobbyist working for the DNC. She is Alexandra Chalupa—described as the head of the Democratic National Committee’s opposition research on Russia and on Trump, and founder and president of the Ukrainian lobby group ‘US United With Ukraine Coalition’ [47], which lobbied hard to pass a 2014 bill increasing loans and military aid to Ukraine, imposing sanctions on Russians, and tightly aligning US and Ukraine geostrategic interests. . . . In one leaked DNC email [50] earlier this year, Chalupa boasts to DNC Communications Director Luis Miranda that she brought Isikoff to a US-government sponsored Washington event featuring 68 Ukrainian journalists, where Chalupa was invited ‘to speak specifically about Paul Manafort.’ In turn, Isikoff named her as the key inside source [46] ‘proving’ that the Russians were behind the hacks, and that Trump’s campaign was under the spell of Kremlin spies and sorcerers. . . .”

8a. There was an update back in December from the German government regarding its assessment of the 2015 Bundgestag hacks (attributed to “Fancy Bear” and “Cozy Bear,” as mentioned in the Sandro Gaycken post above) that it attributed to APT28 and Russia: while it asserts the hacks did indeed take place, the leaked documents were later determined to be an insider leak (via Google translate).

“ . . . . According to the report, federal security authorities are convinced that not hackers had stolen the 2420 documents published by the Internet platform Wikileaks in early December. There was certainly no evidence that the material had been stolen in the cyber attack on the Bundestag in 2015, it was called into security crises. . . . ”

The Bundestagspolizei is still looking for the apparent leaker.

The WikiLeaks leak of documents from the DNC was alleged by former UK diplomat Craig Murray to have come from a dissatisfied DNC insider, who gave him the information from a thumb drive.

The situation vis a vis the hack of the Bundestag is strikingly similar.

“Wikileaks Source for Revelations in the Bundestag Suspects;” Frankfurter Allgemeine Politik ; 12/17/2016.

After the publication of confidential files from the NSA investigation committee the Bundestagspolizei is looking for the perpetrators in parliament, as the news magazine “Spiegel” reports. “A violation of secrecy and a special duty of secrecy” is confirmed, a Bundestag spokesman confirmed to the magazine. Bundestag President Norbert Lammert (CDU) had approved the investigation against unknown. The German Bundestag is a separate police zone.According to the report, federal security authorities are convinced that not hackers had stolen the 2420 documents published by the Internet platform Wikileaks in early December. There was certainly no evidence that the material had been stolen in the cyber attack on the Bundestag in 2015, it was called into security crises.

The “mirror” pointed out that the Wikileaks material covered 90 gigabytes, but the infiltrated Bundestagsrechnern only 16 gigabytes of data were stolen. The Cyberattacke apparently also had no members of the Bundestag or employees from the environment of the NSA investigation committee affected.

The “Frankfurter Allgemeine Sonntagszeitung” had cited a high security officer a week ago with the words that there was “high plausibility” for the fact that the secrets published by Wikileaks were captured in the cyber attack on the Bundestag. Russian hackers are responsible for the attack. Also the committee chairman Patrick Sensburg (CDU) had not excluded a foreign hacker attack immediately after the publication of the documents.

According to WikiLeaks, the approximately 2400 documents come from various federal agencies such as the Bundesnachrichtendienst and the federal offices for constitutional protection and security in information technology. The documents are intended to provide evidence of cooperation between the US National Security Agency (NSA) and the BND.

After the publication of confidential files from the NSA investigation committee the Bundestagspolizei is looking for the perpetrators in parliament, as the news magazine “Spiegel” reports. “A violation of secrecy and a special duty of secrecy” is confirmed, a Bundestag spokesman confirmed to the magazine. Bundestag President Norbert Lammert (CDU) had approved the investigation against unknown. The German Bundestag is a separate police zone.

8b. The monikers Fancy Bear and Cozy Bear have been applied to “APT 28” and “APT 29,” abbreviations standing for “advanced persistent threat.”

As the article below also points out, it’s entirely possible that “APT28” and “APT29” aren’t distinct entities at all. Why? Because the conclusion by firms like FireEye and Crowdstrike that there are two groups, “APT28” and “APT29”, that were leaving years of electronic trails from all their hacking activities isn’t based on any distinct “APT28” or “APT29” calling card. It’s based on the tool sets of hacking tools and infrastructure (like servers) used by these groups. And those tool sets used by APT28 and APT29 are readily available on the Dark Web and circulating among hacker communities as was the infrastructure.

In other words, a wide variety of skilled hackers have access to the exact same hacking tools that were used by groups like FireEye and Crowdstrike to uniquely identify APT28/29 and the same sets of corrupted servers. Since so much of the rest of the evidence that was used to attribute the hacking evidence to Russian hackers is based on readily spoofable information – like the cyrillic characters in a hacked document or that the hacking tool set code appeared to be compiled during Moscow working hours…all spoofable evidence – the evidence used to attribute these hacks to Kremlin-backed hackers could have been spoofed by a wide variety of possible culprits.

” . . . . Did the Russian government hack the DNC and feed documents to WikiLeaks? There are really two questions here: who hacked the DNC, and who released the DNC documents? These are not necessarily the same. An earlier intrusion into German parliament servers was blamed on the Russians, yet the release of documents to WikiLeaks is thought to have originated from an insider. [35] Had the Russians hacked into the DNC, it may have been to gather intelligence, while another actor released the documents. But it is far from certain that Russian intelligence services had anything to do with the intrusions. Julian Assange says that he did not receive the DNC documents from a nation-state. It has been pointed out that Russia could have used a third party to pass along the material. Fair enough, but former UK diplomat Craig Murray asserts: ‘I know who the source is… It’s from a Washington insider. It’s not from Russia.’ [We wonder if it might have been Tulsi Gabbard–D.E.] [36] . . . .”

“Did the Russians Really Hack the DNC?” by Gregory Elich; Counter Punch; 1/13/2017.

Russia, we are told, breached the servers of the Democratic National Committee (DNC), swiped emails and other documents, and released them to the public, to alter the outcome of the U.S. presidential election.

How substantial is the evidence backing these assertions?

Hired by the Democratic National Committee to investigate unusual network activity, the security firm Crowdstrike discovered two separate intrusions on DNC servers. Crowdstrike named the two intruders Cozy Bear and Fancy Bear, in an allusion to what it felt were Russian sources. According to Crowdstrike, “Their tradecraft is superb, operational security second to none,” and “both groups were constantly going back into the environment” to change code and methods and switch command and control channels.

On what basis did Crowdstrike attribute these breaches to Russian intelligence services? The security firm claims that the techniques used were similar to those deployed in past security hacking operations that have been attributed to the same actors, while the profile of previous victims “closely mirrors the strategic interests of the Russian government. Furthermore, it appeared that the intruders were unaware of each other’s presence in the DNC system. “While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations,” Crowdstrike reports, “in Russia this is not an uncommon scenario.” [1]

Those may be indicators of Russian government culpability. But then again, perhaps not. Regarding the point about separate intruders, each operating independently of the other, that would seem to more likely indicate that the sources have nothing in common.

Each of the two intrusions acted as an advanced persistent threat (APT), which is an attack that resides undetected on a network for a long time. The goal of an APT is to exfiltrate data from the infected system rather than inflict damage. Several names have been given to these two actors, and most commonly Fancy Bear is known as APT28, and Cozy Bear as APT29.

The fact that many of the techniques used in the hack resembled, in varying degrees, past attacks attributed to Russia may not necessarily carry as much significance as we are led to believe. Once malware is deployed, it tends to be picked up by cybercriminals and offered for sale or trade on Deep Web black markets, where anyone can purchase it. Exploit kits are especially popular sellers. Quite often, the code is modified for specific uses. Security specialist Josh Pitts demonstrated how easy that process can be, downloading and modifying nine samples of the OnionDuke malware, which is thought to have first originated with the Russian government. Pitts reports that this exercise demonstrates “how easy it is to repurpose nation-state code/malware.” [2]

In another example, when SentinalOne Research discovered the Gyges malware in 2014, it reported that it “exhibits similarities to Russian espionage malware,” and is “designed to target government organizations. It comes as no surprise to us that this type of intelligence agency-grade malware would eventually fall into cybercriminals’ hands.” The security firm explains that Gyges is an “example of how advanced techniques and code developed by governments for espionage are effectively being repurposed, modularized and coupled with other malware to commit cybercrime.” [3]

Attribution is hard, cybersecurity specialists often point out. “Once an APT is released into the wild, its spread isn’t controlled by the attacker,” writes Mark McArdle. “They can’t prevent someone from analyzing it and repurposing it for their own needs.” Adapting malware “is a well-known reality,” he continues. “Finding irrefutable evidence that links an attacker to an attack is virtually unattainable, so everything boils down to assumptions and judgment.” [4]

Security Alliance regards security firm FireEye’s analysis that tied APT28 to the Russian government as based “largely on circumstantial evidence.” FireEye’s report “explicitly disregards targets that do not seem to indicate sponsorship by a nation-state,” having excluded various targets because they are “not particularly indicative of a specific sponsor’s interests.” [5] FireEye reported that the APT28 “victim set is narrow,” which helped lead it to the conclusion that it is a Russian operation. Cybersecurity consultant Jeffrey Carr reacts with scorn: “The victim set is narrow because the report’s authors make it narrow! In fact, it wasn’t narrowly targeted at all if you take into account the targets mentioned by other cybersecurity companies, not to mention those that FireEye deliberately excluded for being ‘not particularly indicative of a specific sponsor’s interests’.” [6]

FireEye’s report from 2014, on which much of the DNC Russian attribution is based, found that 89 percent of the APT28 software samples it analyzed were compiled during regular working hours in St. Petersburg and Moscow. [7]

But compile times, like language settings, can be easily altered to mislead investigators. Mark McArdle wonders, “If we think about the very high level of design, engineering, and testing that would be required for such a sophisticated attack, is it reasonable to assume that the attacker would leave these kinds of breadcrumbs? It’s possible. But it’s also possible that these things can be used to misdirect attention to a different party. Potentially another adversary. Is this evidence the result of sloppiness or a careful misdirection?” [8]

“If the guys are really good,” says Chris Finan, CEO of Manifold Technology, “they’re not leaving much evidence or they’re leaving evidence to throw you off the scent entirely.” [9] How plausible is it that Russian intelligence services would fail even to attempt such a fundamental step?

James Scott of the Institute for Critical Infrastructure Technology points out that the very vulnerability of the DNC servers constitutes a muddied basis on which determine attribution. “Attribution is less exact in the case of the DNC breach because the mail servers compromised were not well-secured; the organization of a few hundred personnel did not practice proper cyber-hygiene; the DNC has a global reputation and is a valuable target to script kiddies, hacktivists, lone-wolf cyber-threat actors, cyber-criminals, cyber-jihadists, hail-mary threats, and nation-state sponsored advanced persistent threats; and because the malware discovered on DNC systems were well-known, publicly disclosed, and variants could be purchased on Deep Web markets and forums.” [10]

Someone, or some group, operating under the pseudonym of Guccifer 2.0, claimed to be a lone actor in hacking the DNC servers. It is unclear what relation – if any – Guccifer 2.0 has to either of the two APT attacks on the DNC. In a PDF file that Guccifer 2.0 sent to Gawker.com, metadata indicated that it was it was last saved by someone having a username in Cyrillic letters. During the conversion of the file from Microsoft Word to PDF, invalid hyperlink error messages were automatically generated in the Russian language. [11]

This would seem to present rather damning evidence. But who is Guccifer 2.0? A Russian government operation? A private group? Or a lone hacktivist? In the poorly secured DNC system, there were almost certainly many infiltrators of various stripes. Nor can it be ruled out that the metadata indicators were intentionally generated in the file to misdirect attribution. The two APT attacks have been noted for their sophistication, and these mistakes – if that is what they are – seem amateurish. To change the language setting on a computer can be done in a matter of seconds, and that would be standard procedure for advanced cyber-warriors. On the other hand, sloppiness on the part of developers is not entirely unknown. However, one would expect a nation-state to enforce strict software and document handling procedures and implement rigorous review processes.

At any rate, the documents posted to the Guccifer 2.0 blog do not necessarily originate from the same source as those published by WikiLeaks. Certainly, none of the documents posted to WikiLeaks possess the same metadata issues. And one hacking operation does not preclude another, let alone an insider leak.

APT28 relied on XTunnel, repurposed from open source code that is available to anyone, to open network ports and siphon data. The interesting thing about the software is its failure to match the level of sophistication claimed for APT28. The strings in the code quite transparently indicate its intent, with no attempt at obfuscation. [12] It seems an odd oversight for a nation-state operation, in which plausible deniability would be essential, to overlook that glaring point during software development.

Command-and-control servers remotely issue malicious commands to infected machines. Oddly, for such a key component of the operation, the command-and-control IP address in both attacks was hard-coded in the malware. This seems like another inexplicable choice, given that the point of an advanced persistent threat is to operate for an extended period without detection. A more suitable approach would be to use a Domain Name System (DNS) address, which is a decentralized computer naming system. That would provide a more covert means of identifying the command-and-control server. [13]Moreover, one would expect that address to be encrypted. Using a DNS address would also allow the command-and-control operation to easily move to another server if its location is detected, without the need to modify and reinstall the code.

One of the IP addresses is claimed to be a “well-known APT 28” command-and-control address, while the second is said to be linked to Russian military intelligence. [14] The first address points to a server located in San Jose, California, and is operated by a server hosting service. [15] The second server [16] Clearly, these are servers that have been compromised by hackers. It is customary for hackers to route their attacks through vulnerable computers. The IP addresses of compromised computers are widely available on the Deep Web, and typically a hacked server will be used by multiple threat actors. These two particular servers may or may not have been regularly utilized by Russian Intelligence, but they were not uniquely so used. Almost certainly, many other hackers would have used the same machines, and it cannot be said that these IP addresses uniquely identify an infiltrator. Indeed, the second IP address is associated with the common Trojan viruses Agent-APPR and Shunnael. [17]

“Everyone is focused on attribution, but we may be missing the bigger truth,” says Joshua Croman, Director of the Cyber Statecraft Initiative at the Atlantic Council. “[T]he level of sophistication required to do this hack was so low that nearly anyone could do it.”[18]

In answer to critics, the Department of Homeland Security and the FBI issued a joint analysis report, which presented “technical details regarding the tools and infrastructure used” by Russian intelligence services “to compromise and exploit networks” associated with the U.S. election, U.S. government, political, and private sector entities. The report code-named these activities “Grizzly Steppe.” [19]

For a document that purports to offer strong evidence on behalf of U.S. government allegations of Russian culpability, it is striking how weak and sloppy the content is. Included in the report is a list of every threat group ever said to be associated with the Russian government, most of which are unrelated to the DNC hack. It appears that various governmental organizations were asked to send a list of Russian threats, and then an official lacking IT background compiled that information for the report, and the result is a mishmash of threat groups, software, and techniques. “PowerShell backdoor,” for instance, is a method used by many hackers, and in no way describes a Russian operation.

Indeed, one must take the list on faith, because nowhere in the document is any evidence provided to back up the claim of a Russian connection. Indeed, as the majority of items on the list are unrelated to the DNC hack, one wonders what the point is. But it bears repeating: even where software can be traced to Russian origination, it does not necessarily indicate exclusive usage. Jeffrey Carr explains: “Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone.” Carr quotes security firm ESET in regard to the Sednit group, one of the items on the report’s list, and which is another name for APT28: “As security researchers, what we call ‘the Sednit group’ is merely a set of software and the related infrastructure, which we can hardly correlate with any specific organization.” Carr points out that X-Agent software, which is said to have been utilized in the DNC hack, was easily obtained by ESET for analysis. “If ESET could do it, so can others. It is both foolish and baseless to claim, as Crowdstrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.” [20]

The salient impression given by the government’s report is how devoid of evidence it is. For that matter, the majority of the content is taken up by what security specialist John Hinderaker describes as “pedestrian advice to IT professionals about computer security.” As for the report’s indicators of compromise (IoC), Hinderaker characterizes these as “tools that are freely available and IP addresses that are used by hackers around the world.” [21]

In conjunction with the report, the FBI and Department of Homeland Security provided a list of IP addresses it identified with Russian intelligence services. [22] Wordfence analyzed the IP addresses as well as a PHP malware script provided by the Department of Homeland Security. In analyzing the source code, Wordfence discovered that the software used was P.A.S., version 3.1.0. It then found that the website that manufactures the malware had a site country code indicating that it is Ukrainian. The current version of the P.A.S. software is 4.1.1, which is much newer than that used in the DNC hack, and the latest version has changed “quite substantially.” Wordfence notes that not only is the software “commonly available,” but also that it would be reasonable to expect “Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.” To put it plainly, Wordfence concludes that the malware sample “has no apparent relationship with Russian intelligence.” [23]

Wordfence also analyzed the government’s list of 876 IP addresses included as indicators of compromise. The sites are widely dispersed geographically, and of those with a known location, the United States has the largest number. A large number of the IP addresses belong to low-cost server hosting companies. “A common pattern that we see in the industry,” Wordfence states, “is that accounts at these hosts are compromised and those hacked sites are used to launch attacks around the web.” Fifteen percent of the IP addresses are currently Tor exit nodes. “These exit nodes are used by anyone who wants to be anonymous online, including malicious actors.” [24]

If one also takes into account the IP addresses that not only point to current Tor exits, but also those that once belonged to Tor exit nodes, then these comprise 42 percent of the government’s list. [25] “The fact that so many of the IPs are Tor addresses reveals the true sloppiness of the report,” concludes network security specialist Jerry Gamblin. [26]

Cybersecurity analyst Robert Graham was particularly blistering in his assessment of the government’s report, characterizing it as “full of garbage.” The report fails to tie the indicators of compromise to the Russian government. “It contains signatures of viruses that are publicly available, used by hackers around the world, not just Russia. It contains a long list of IP addresses from perfectly normal services, like Tor, Google, Dropbox, Yahoo, and so forth. Yes, hackers use Yahoo for phishing and maladvertising. It doesn’t mean every access of Yahoo is an ‘indicator of compromise’.” Graham compared the list of IP addresses against those accessed by his web browser, and found two matches. “No,” he continues. “This doesn’t mean I’ve been hacked. It means I just had a normal interaction with Yahoo. It means the Grizzly Steppe IoCs are garbage.” Graham goes on to point out that “what really happened” with the supposed Russian hack into the Vermont power grid “is that somebody just checked their Yahoo email, thereby accessing one of the same IP addresses I did. How they get from the facts (one person accessed Yahoo email) to the story (Russians hacked power grid)” is U.S. government “misinformation.” [27]

The indicators of compromise, in Graham’s assessment, were “published as a political tool, to prove they have evidence pointing to Russia.” As for the P.A.S. web shell, it is “used by hundreds if not thousands of hackers, mostly associated with Russia, but also throughout the rest of the world.” Relying on the government’s sample for attribution is problematic: “Just because you found P.A.S. in two different places doesn’t mean it’s the same hacker.” A web shell “is one of the most common things hackers use once they’ve broken into a server,” Graham observes. [28]

Although cybersecurity analyst Robert M. Lee is inclined to accept the government’s position on the DNC hack, he feels the joint analysis report “reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.” The report’s list “detracts from the confidence because of the interweaving of unrelated data.” The information presented is not sourced, he adds. “It’s a random collection of information and in that way, is mostly useless.” Indeed, the indicators of compromise have “a high rate of false positives for defenders that use them.” [29]

The intent of the joint analysis report was to provide evidence of Russian state responsibility for the DNC hack. But nowhere does it do so. Mere assertions are meant to persuade. How much evidence does the government have? The Democratic Party claims that the FBI never requested access to DNC servers. [32] The FBI, for its part, says it made “multiple requests” for access to the DNC servers and was repeatedly turned down. [33] Either way, it is a remarkable admission. In a case like this, the FBI would typically conduct its own investigation. Was the DNC afraid the FBI might come to a different conclusion than the DNC-hired security firm Crowdstrike? The FBI was left to rely on whatever evidence Crowdstrike chose to supply. During its analysis of DNC servers, Crowdstrike reports that it found evidence of APT28 and APT29 intrusions within two hours. Did it stop there, satisfied with what it had found? Or did it continue to explore whether additional intrusions by other actors had taken place?

In an attempt to further inflame the hysteria generated from accusations of Russian hacking, the Office of the Director of National Intelligence published a declassified version of a document briefed to U.S. officials. The information was supplied by the CIA, FBI, and National Security Agency, and was meant to cement the government’s case. Not surprisingly, the report received a warm welcome in the mainstream media, but what is notable is that it offers not a single piece of evidence to support its claim of “high confidence” in assessing that Russia hacked the DNC and released documents to WikiLeaks. Instead, the bulk of the report is an unhinged diatribe against Russian-owned RT media. The content is rife with inaccuracies and absurdities. Among the heinous actions RT is accused of are having run “anti-fracking programming, highlighting environmental issues and the impacts on health issues,” airing a documentary on Occupy Wall Street, and hosting third-party candidates during the 2012 election.[34] . . .

. . . . Mainstream media start with the premise that the Russian government was responsible, despite a lack of convincing evidence. They then leap to the fallacious conclusion that because Russia hacked the DNC, only it could have leaked the documents.

So, did the Russian government hack the DNC and feed documents to WikiLeaks? There are really two questions here: who hacked the DNC, and who released the DNC documents? These are not necessarily the same. An earlier intrusion into German parliament servers was blamed on the Russians, yet the release of documents to WikiLeaks is thought to have originated from an insider. [35] Had the Russians hacked into the DNC, it may have been to gather intelligence, while another actor released the documents. But it is far from certain that Russian intelligence services had anything to do with the intrusions. Julian Assange says that he did not receive the DNC documents from a nation-state. It has been pointed out that Russia could have used a third party to pass along the material. Fair enough, but former UK diplomat Craig Murray asserts: “I know who the source is… It’s from a Washington insider. It’s not from Russia.” [36]

There are too many inconsistencies and holes in the official story. In all likelihood, there were multiple intrusions into DNC servers, not all of which have been identified. The public ought to be wary of quick claims of attribution. It requires a long and involved process to arrive at a plausible identification, and in many cases the source can never be determined. As Jeffrey Carr explains, “It’s important to know that the process of attributing an attack by a cybersecurity company has nothing to do with the scientific method. Claims of attribution aren’t testable or repeatable because the hypothesis is never proven right or wrong.” [37]

Russia-bashing is in full swing, and there does not appear to be any letup in sight. We are plunging headlong into a new Cold War, riding on a wave of propaganda-induced hysteria. The self-serving claims fueling this campaign need to be challenged every step of the way. Surrendering to evidence-free emotional appeals would only serve those who arrogantly advocate confrontation and geopolitical domination.

 9. The high-profile hacks have helped spawn an Orwellian creation–the “Countering Foreign Propaganda and Disinformation Act.”

“The War Against Alternative Information” by Rick Sterling; Consortium News; 1/1/2017.

The U.S. establishment is not content simply to have domination over the media narratives on critical foreign policy issues, such as Syria, Ukraine and Russia. It wants total domination. Thus we now have the “Countering Foreign Propaganda and Disinformation Act” that President Obama signed into law on Dec. 23 as part of the National Defense Authorization Act for 2017, setting aside $160 million to combat any “propaganda” that challenges Official Washington’s version of reality.

The legislation was initiated in March 2016, as the demonization of Russian President Vladimir Putin and Russia was already underway and was enacted amid the allegations of “Russian hacking” around the U.S. presidential election and the mainstream media’s furor over supposedly “fake news.” . . . .

. . . . The new law is remarkable for a number of reasons, not the least because it merges a new McCarthyism about purported dissemination of Russian “propaganda” on the Internet with a new Orwellianism by creating a kind of Ministry of Truth – or Global Engagement Center – to protect the American people from “foreign propaganda and disinformation.”

As part of the effort to detect and defeat these unwanted narratives, the law authorizes the Center to: “Facilitate the use of a wide range of technologies and techniques by sharing expertise among Federal departments and agencies, seeking expertise from external sources, and implementing best practices.” (This section is an apparent reference to proposals that Google, Facebook and other technology companies find ways to block or brand certain Internet sites as purveyors of “Russian propaganda” or “fake news.”)

Justifying this new bureaucracy, the bill’s sponsors argued that the existing agencies for “strategic communications” and “public diplomacy” were not enough, that the information threat required “a whole-of-government approach leveraging all elements of national power.”

The law also is rife with irony since the U.S. government and related agencies are among the world’s biggest purveyors of propaganda and disinformation – or what you might call evidence-free claims, such as the recent accusations of Russia hacking into Democratic emails to “influence” the U.S. election.

Despite these accusations — leaked by the Obama administration and embraced as true by the mainstream U.S. news media — there is little or no public evidence to support the charges. There is also a contradictory analysis by veteran U.S. intelligence professionals as well as statements by Wikileaks founder Julian Assange and an associate, former British Ambassador Craig Murray, that the Russians were not the source of the leaks. Yet, the mainstream U.S. media has virtually ignored this counter-evidence, appearing eager to collaborate with the new “Global Engagement Center” even before it is officially formed. . . .

 

 

 

 

 

 

 

Discussion

11 comments for “FTR #943 The Gehlen Gang, the High-Profile Hacks and the New Cold War”

  1. What would George Orwell think of the Trump presidency thus far? Hopefully a great deal of disgust. But as the following article suggests, that disgust would probably be paired with a very different sentiment: ‘ka-ching!’:

    The Daily Dot

    Sales of ‘1984’ skyrocket after Kellyanne Conway cites ‘alternative facts’

    Andrew Couts —

    Jan 24 at 7:33PM | Last updated Jan 24 at 7:34PM

    “Life imitates Art far more than Art imitates Life,” Oscar Wilde wrote in his 1889 essay The Decay of Lying. Now, in the early days of President Donald Trump’s administration, an increasing number of Americans are self-investigating to see if that is true.

    Sales of George Orwell’s seminal novel 1984 have swelled this week following White House adviser Kellyanne Conway’s claim that the Trump administration operates on a set of “alternative facts”—a phrase many have deemed downright Orwellian.

    As of Monday afternoon, 1984 sat at No. 6 on Amazon’s weekly best-seller list. The dystopian novel, which envisions an inescapable authoritarian government defined by its omnipresent surveillance that intrudes even into citizens’ minds, birthed phrases that have come to define oppression, including: “newspeak,” “doublethink,” “thoughtcrime,” and “ThoughtPolice,” among others.

    Conway delivered her infamous “alternative facts” quote during an interview with NBC’s Meet the Press host Chuck Todd on Sunday while she attempted to defend White House Press Secretary Sean Spicer’s false claim that Trump’s inauguration audience was the “largest” in history. Spicer later stood by that claim.

    “Conway delivered her infamous “alternative facts” quote during an interview with NBC’s Meet the Press host Chuck Todd on Sunday while she attempted to defend White House Press Secretary Sean Spicer’s false claim that Trump’s inauguration audience was the “largest” in history. Spicer later stood by that claim.

    While “alternative facts”, otherwise known as “lies”, are nothing new to politics, attempting to reframe your lies as “alternative facts” during a televised interview…that’s kind of a new one. At least for incoming presidential administrations.

    But if this is going to be a ‘Big Lie’ kind of administration engaging in epic levels of corruption and looting, it’s not like it’s going to have a lot of options in terms of blatantly and aggressively lying to the public. So maybe their best option really is to just going with the “alternative facts” brand and hope that Team Trump can successfully sell his base even more deeply on the notion that everything is a lie except what Trump tells them. It’s worth a shot! Sure, not lying and looting is worth more of a shot, but if that’s not an option “alternative facts” might be the next best route for Team Trump. And as the article below makes clear, not constantly lying is not going to be an option:

    The Washington Post

    Without evidence, Trump tells lawmakers 3 million to 5 million illegal ballots cost him the popular vote

    By Abby Phillip and Mike DeBonis
    January 23, 2017 at 8:05 PM

    Days after being sworn in, President Trump insisted to congressional leaders invited to a reception at the White House that he would have won the popular vote had it not been for millions of illegal votes, according to people familiar with the meeting.

    Trump has repeatedly claimed, without evidence, that widespread voter fraud caused him to lose the popular vote to Hillary Clinton, even while he clinched the presidency with an electoral college victory.

    Two people familiar with the meeting said Trump spent about 10 minutes at the start of the bipartisan gathering rehashing the campaign. He also told them that between 3 million and 5 million illegal votes caused him to lose the popular vote.

    The discussion about Trump’s election victory and his claim that he would have won the popular vote was confirmed by a third person familiar with the meeting.

    The claim is not supported by any verifiable facts, and analyses of the election found virtually no confirmed cases of voter fraud, let alone millions.

    Clinton won the popular vote by more than 2.8 million votes. Trump won 304 electoral college votes to Clinton’s 227.

    House Majority Leader Kevin McCarthy (R-Calif.) alluded to Trump’s comments as he returned to the Capitol from the meeting Monday night.

    “We talked about different electoral college, popular votes, going through the different ones,” McCarthy said. “Well, we talked about going back through past elections. Everyone in there goes through elections and stuff, so everybody’s giving their different histories of different parts.”

    “Two people familiar with the meeting said Trump spent about 10 minutes at the start of the bipartisan gathering rehashing the campaign. He also told them that between 3 million and 5 million illegal votes caused him to lose the popular vote.”

    It’s worth noting that while it seems like that Trump knows he’s spewing out blatant lies when he keeps saying millions of illegal voters for voting in the election, keep in mind that it doesn’t have to be an actual lie. It’s entirely possible that Trump is so divorced from reality that he really does believe this stuff. And that’s something to keep in mind during our “official alternative facts” era: these are necessarily part of a ‘Big Lie’ agenda. It could also be a ‘Big Lies but also Big Delusions’ agenda.

    Something else to keep in mind in all this: The German government recently created an initiative to hunt down and eradicate fake news on the internet due to fears of a Russian misinformation campaign in the upcoming 2017 German elections. So…is that going to include the hunting down and eradicating Trump’s “alternative facts”? Or are some alternative facts going to be more acceptable than others? We’ll find out:

    Christian Science Monitor

    Germany’s plan to fight fake news

    Warning that Russian disinformation campaigns are the new normal, German officials have proposed efforts to hunt down and eradicate fake news and other defamatory information from the internet.

    Rachel Stern

    January 9, 2017 —In May 2015, hackers infected some 20,000 computers in Germany’s parliament with malicious software designed to steal sensitive data. The vast and damaging cyberattack was the most expansive in the government’s history.

    The culprits? Experts and officials blamed the hacking group “APT 28,” the same outfit that the US government says hacked the Democratic National Convention in July 2015 and helped Russia execute an extensive influence operation to discredit Hillary Clinton’s presidential campaign.

    Now, a growing number of German politicians are deeply concerned that Russia will interfere in their own elections this coming fall, seeking to discredit pro-European Chancellor Angela Merkel as she runs for a fourth term, and strengthen support for the burgeoning populist party Alternative for Germany (AFD). In response, Berlin is considering new ways of blunting any attempt from Moscow to influence its political process through cyberattacks and misinformation.

    In December, the German Interior Ministry proposed creating a Center of Defense Against Misinformation, to help hunt down and eradicate fake news or other false information from the internet. The ministry has already told political parties to disable bots, technology that automatically shares news, tweets, and Facebook posts, saying those can be easily tricked into distributing propaganda.

    In fact, one German official has proposed fining Facebook 500,000 euros ($528,700) for failing to delete fake news stories and hate messages within 24 hours, describing the social media giant as a “value chain of digital propaganda.”

    Elsewhere in Europe, officials are also taking steps to defend against disinformation campaigns. The Czech Republic, set to hold its general elections in October, plans to open a fake news center ahead of the vote. Officials there say Russia is behind 40 extremist websites. These new efforts will build on a broader European Union task force that relies on native Russian speakers to comb through the web for Russian-language fake news stories.

    “We have to learn how to deal with it,” said Ms. Merkel recently, warning that Russian cyberattacks and propaganda campaigns have become the norm in Germany.

    Russia is waging “aggressive and increased cyberspying and cyberoperations that could potentially endanger German government officials, members of parliament and employees of democratic parties,” Hans-Georg Maasen, head of Germany’s domestic security agency, said in a recent statement.

    Yet critics say it may be too late to short circuit hackers’ attempts to disrupt the German elections and discredit Merkel and her allies.

    In light of the German parliament hack, “there is a strong expectation that Russia has already collected material that will be released closer to the elections,” says Joerg Forbrig, a Senior Transatlantic Fellow for Central and Eastern Europe at the German Marshall Fund in Berlin. “My hunch is that at some point in late spring or early summer, as the campaign reaches its peak and when everyone goes on holidays, that we will see releases on Wikileaks, perhaps elsewhere.”

    In Germany, where privacy is considered a national right, there are already mechanisms in place to safeguard voter information from hackers. Interference in the voting process itself is prohibitively difficult, as the country legally requires the use of paper ballots in federal elections.

    In order to increase information sharing about cyberattacks, Germany’s Interior Ministry created a National Cyber Defense Center in 2011 that has discussed or examined over 3,700 cases, according to a government statement. It plans to increase its number of staffers this year.

    In a recent article cowritten with his colleague Mirko Hohmann, he recommended that the German government incentivize political parties to improve their digital security, either through relying on government agencies or hiring private security companies, in part to better trace the origins of cyberattacks.

    Furthermore, if secret services identified Russian government officials authorizing digital attacks, Russian diplomats would have to be expelled or new sanctions introduced, writes Mr. Benner. “Political response is key,” he says, “since it is now too late to up the cybersecurity game in time for the elections in the fall.”

    One of the most prominent case of fake news in Germany, says European Journalism Observatory Direction Stephan Russ-Mohl, was last year’s “Lisa case” in which Russian media reported on a German-Russian girl allegedly sexually abused by refugees. By the time the story was revealed to be false, it had already caused political harm.

    Last month, Social Democratic Party Chairman Thomas Oppermann suggested legislation that would fine Facebook if the company didn’t take step to remove fake stories and news from its platform. The company would be responsible for setting up new offices to respond to complaints about defamatory posts.

    Yet free speech advocates are skeptical of a strategy that makes a private company responsible for deciding what’s good for the public interest.

    Facebook will be driven to remove content only if it could hurt its profit margin, says Joe McNamee, executive director of European Digital Rights in Brussels. Facebook, through the trade group Computer and Communication Industry Association is lobbying for protection from liability for deleting legal content.

    According to Facebook, the company is already taking steps to minimize the spread of fake news such as working with third-party fact checking organizations to flag suspicious stories and stopping fake news sites from purchasing ad space.

    Politically, Mr. Oppermann’s strategy to force Facebook to delete suspicious or fake news could backfire, says Mr. McNamee. “It is entirely imaginable that ‘banned by Facebook’ or ‘the story Facebook didn’t want you to read’ could become a badge of honor for a populist campaign.”

    In December, the German Interior Ministry proposed creating a Center of Defense Against Misinformation, to help hunt down and eradicate fake news or other false information from the internet. The ministry has already told political parties to disable bots, technology that automatically shares news, tweets, and Facebook posts, saying those can be easily tricked into distributing propaganda.”

    Well, that certainly sounds like a plan by the German government to counter almost everything coming out of the Trump administration. Unless the new Center of Defense Against Misinformation is only going to be focused on Russian misinformation.

    Posted by Pterrafractyl | January 24, 2017, 8:29 pm
  2. The head of GCHQ resigned on Monday, much to everyone’s surprise. And while personal reasons and family health issues were stressed as the only reason for the sudden resignation, it’s hard to ignore the fact that this happened on the first full day of Donald Trump’s presidency. So the timing of this surprise resignation with the massive shift in the character and loyalties of the people running the US government was either unintentionally coincidental or intentionally coincidental. Either way it’s a hell of a coincidence:

    The Guardian

    GCHQ chief Robert Hannigan quits

    Hannigan oversaw a more open approach at GCHQ after the Snowden revelations exposed mass surveillance by the agency

    Ewen MacAskill

    Monday 23 January 2017 12.57 EST

    The director of GCHQ, Robert Hannigan, is to stand down early for personal reasons, mainly health issues involving his wife and other family members.

    Hannigan only took over at the UK’s surveillance agency in November 2014 to oversee a more open approach after revelations by the National Security Agency whistleblower Edward Snowden put GCHQ on the defensive in 2013.

    His sudden resignation – he informed staff just hours before making this decision public – prompted speculation that it might be related to British concerns over shared intelligence with the US in the wake of Donald Trump becoming president.

    But the GCHQ press release stressed his decision was exclusively for family reasons. As well as his ill wife, Hannigan has two elderly parents to look after. He will remain in post until a successor is appointed.

    In a press statement, he said: “I have been lucky enough to have some extraordinary roles in public service over the last 20 years, from Northern Ireland to No 10, the Cabinet Office and the Foreign Office. But they have all demanded a great deal of my ever patient and understanding family and now is the right time for a change in direction.”

    Applications will be invited from within GCHQ and elsewhere in government. The salary last year was between £160,00 and £165,000.

    At GCHQ, Hannigan had led a push to make the agency more transparent, a process that included a major speech in the US last year on encryption and tech companies. He also pressed to try to put GCHQ at the forefront of digital challenges, leading to the creation of the National Cyber Security Centre in October last year.

    Hannigan’s background was not initially in intelligence. Born in Gloucester in 1965 and brought up in Yorkshire, he had been a high-flying civil servant at the Northern Ireland Office, where he was head of communications and later political director. He was involved in the peace process, credited with coming up with the idea for a diamond-shaped table in order to get over objections by the opposing sides about seating arrangements.

    He transferred to London where he became involved in a series of intelligence jobs, including defence and liaison with the US, before going on to GCHQ, where he worked for six months as part of the handover before taking control.

    At the time, GCHQ, in spite of many of its secrets spilled by Snowden, remained the most secretive of the three intelligence agencies: the others being MI6 and MI5. But Hannigan expanded the press team, invited more journalists to visit GCHQ and encouraged a stream of news stories aimed at bringing the agency into the public eye.

    In his first week in office, he created controversy with a column published in the Financial Times accusing US technology companies of becoming the command and control networks of choice” for terrorists.

    In March last year, he softened his criticism in a speech to the Massachusetts Institute of Technology, calling for a new relationship between the intelligence agencies and the tech companies, part of a campaign to try to secure the help of the companies in providing access to supposedly encrypted messages.

    It is understood that the explanation for his sudden departure was reinforced in an internal message to GCHQ staff, acknowledging that many members faced enormous personal pressures and that he had opted to make his family his priority.

    “His sudden resignation – he informed staff just hours before making this decision public – prompted speculation that it might be related to British concerns over shared intelligence with the US in the wake of Donald Trump becoming president.

    Well, if Hannigan’s resignation really was a kind of public crypto-protest it’s going to be interesting if his replacement ends up quietly scaling back the US/UK intelligence sharing operations. But it’s not like the UK is the only country extensively sharing intelligence with the US, so it’s also going to be quite interesting to see if there are any other actions by high-level intelligence officials from the rest of the 5-Eyes/9-Eyes/Whatever-Eyes nations that appear to be some sort of protest about intelligence sharing with the US. Especially after the reports that Trump is still using an unsecured Android phone:

    New York Magazine

    Why It Matters That Trump Is Still Using an Insecure Phone

    By Brian Feldman

    January 25, 2017 5:01 p.m.

    Last week, just ahead of the inauguration, a nation’s fears were put to rest when it was reported that Donald Trump had given up the old, unsecured Android phone he used to accept unscreened phone calls and compose deranged tweets, and been issued a new mobile phone approved by the Secret Service. Only: This morning, the New York Times reported that Trump has not relinquished his old phone, despite having been issued a secure one. But what does this really mean, besides the fact that the president clearly doesn’t really care what the Secret Service wants?

    Technical security should be pretty simple to understand, though, for obvious reasons, the detailed specs of the president’s Secret Service–approved phone are kept under wraps. That phone has a military-grade level of encryption that is much higher than that of the standard consumer device, making it more difficult to break into and extract data from.

    The agency in charge of the president’s phone is the Defense Information Systems Agency, which is part of the Department of Defense. Let’s assume that whatever Trump has been issued is similar to the phone Obama was issued last June when he finally relinquished his dated BlackBerry for an Android phone. The phone is reportedly a Samsung Galaxy S4, the only phone that was supported by the DOD Mobility Classified Capability-Secret (DMCC-S) program. The DMCC-S fact sheet displays three Galaxy S4 models, branding removed.

    When Obama described it to Jimmy Fallon, he noted a few drawbacks. The phone could not take pictures, presumably so the camera couldn’t be accessed remotely (and so that Obama wouldn’t be able to take pictures that might later be stolen).

    The phone couldn’t send text messages (SMS messages are notoriously easy to intercept), only email, and couldn’t make regular phone calls, only VoIP (voice over internet protocol, like Skype). Presumably, this was so all of his communications could be routed through secure channels.

    He also couldn’t load music onto it — because if you can load files onto the phone, you can load malware onto the phone. A user can’t download apps from the Google Play storefront onto a DMCC-S phone.

    The point of all of this security, frustrating as it may be, is that it makes the president difficult to reach, and difficult to hack. It makes it almost impossible for him to conduct digital diplomacy through anything but the most official channels, even while on the go.

    Trump, on the other hand, is using a phone with none of these protections. Texts he sends and calls he makes could easily be intercepted by a device called a Stingray, currently in use by law enforcement, that mimics a cell tower. A person given access to his phone, physically or remotely, could quickly and easily steal files or download malware. And if Trump is using the phone as often as the New York Times reports — that is, every night — there’s likely lots of information on it that prying eyes would like to see.

    But what use to Trump is a phone that can’t send tweets and can’t receive calls? He’s not able to yell at straw men on Twitter, or receive the praise he thrives on, with a pared-down device, secure as it may be. Trump’s consumer-grade Android is too technically insecure for the Secret Service, but it’s also being wielded by an insecure man with a highly public Twitter account, and that’s what makes it truly dangerous.

    Trump, on the other hand, is using a phone with none of these protections. Texts he sends and calls he makes could easily be intercepted by a device called a Stingray, currently in use by law enforcement, that mimics a cell tower. A person given access to his phone, physically or remotely, could quickly and easily steal files or download malware. And if Trump is using the phone as often as the New York Times reports — that is, every night — there’s likely lots of information on it that prying eyes would like to see.”

    Yeah, reports like that probably don’t do much to allay concerns from the US’s closest allies about intelligence sharing with a Trump-run government. But there is one argument that could be made to the US’s allies that might at least reduce any Trump-specific concerns: there’s a good chance that whatever sensitive intelligence that gets shared with the US won’t actually be seen be Trump since Trump still doesn’t seem to actually care about intelligence:

    MSNBC
    The Maddow Blog

    In intelligence briefings, Trump prefers ‘as little as possible’

    01/18/17 12:50 PM—Updated 01/18/17 01:06 PM
    By Steve Benen

    One of the unexpected developments of the transition period has been Donald Trump’s disinterest in daily intelligence briefings. President Obama, immediately after the election, ordered the relevant agencies to make available to the president-elect the same information that’s delivered to the Oval Office, but in a bit of a surprise, Trump largely blew off the information.

    Last month, Fox News’ Chris Wallace noted reports that the Republican was only receiving one briefing a week, instead of seven. Trump didn’t deny the accounts, but said it didn’t matter because he’s “like, a smart person.” He added, “I get it when I need it.”

    A month later, with his inauguration drawing closer, Trump sat down with Axios yesterday, and referring to the intelligence he’s seen, the president-elect said, “I’ve had a lot of briefings that are very … I don’t want to say ‘scary,’ because I’ll solve the problems.” The exceedingly confident Republican added this in reference to the PDB:

    Trump said he likes his briefings short, ideally one-page if it’s in writing. “I like bullets or I like as little as possible. I don’t need, you know, 200-page reports on something that can be handled on a page. That I can tell you.”

    Hmm. President Obama likes to read daily intelligence briefings and pose follow-up questions in writing. Bill Clinton had a similar approach. George W. Bush, during his two terms, changed the briefing process, preferring oral reports from intelligence professionals.

    Trump, apparently, has in mind something akin to Powerpoint slides.

    “Trump said he likes his briefings short, ideally one-page if it’s in writing. “I like bullets or I like as little as possible. I don’t need, you know, 200-page reports on something that can be handled on a page. That I can tell you.””

    Well there we go: while it’s probably the case that Trump’s administration is going to flood the intelligence agencies with far-right crypto-fascists intent on disseminating as many secrets to far-right governments and groups around the world as they can, at least if Trump’s phone gets hacked he’s unlikely to have many sensitive documents on there since he doesn’t actually care about such topics. Phew!

    Posted by Pterrafractyl | January 25, 2017, 3:42 pm
  3. So, uh, ‘Russian hackers’ apparently hacked a number of Wisconsin county Democratic Party websites. The hacks didn’t actually do any damage other than redirecting people to a random website and no data was successfully harvested from the server according to investigators. And why are Russian hackers suspected? Because the hackers created two new admin accounts on the first server where the hack was detected and, lo and behold, these new accounts had “.ru” email addresses. They also created profiles for the admin accounts that included Russian characters in the “About” and “Bio” sections. So while it’s unclear what exactly the purpose of the hack was, it’s pretty clear that one of the primary goals of the hack was to make sure the Democrats found out they were hacked and make sure it looked like Russian hackers did it:

    Green Bay Press-Gazette

    Russians suspected of hacking local Dems

    Paul Srubas , USA TODAY NETWORK-Wisconsin
    8:56 p.m. CT Jan. 23, 2017

    GREEN BAY – County websites of the Democratic Party in the area have been under attack, at least one apparently by Russian hackers, an officer of the party says.

    What appears to have been Russian hackers compromised the website of the 8th Congressional District Democratic Party as well as the sites of seven county Democratic party organizations, said Mary Ginnebaugh, who chairs the congressional district as well as the Brown County Democratic parties.

    While no one can prove beyond doubt that Russians also were involved in the local hack job, two hackers left “calling cards” with Russian email addresses on the local websites in an apparent gesture of contempt or braggadocio, Ginnebaugh said. Green Bay police were notified and have forwarded information to the FBI, she said.

    Ginnebaugh said she was stunned when a computer security consultant told her that Russians may have been involved.

    “It was ‘Wait a minute, we’re little bitty Green Bay, not some powerhouse,’” she said. “I was like, ‘Really?’”

    The hackers may have been targeting the state site and stumbled onto the 8th Congressional District site, Ginnebaugh said. “We’re one letter off,” she said. “We’re wiscdems.com and the state is wisdems.com.”

    The 8th Congressional domain name wiscdems.com serves as an umbrella for county democratic organizations within the district, Ginnebaugh said. Visitors can get to the individual sites from the umbrella site or vice versa. However, the sites are independent of the state and national sites, she said.

    The Winnebago County Democratic Party first noticed a problem with its website in November, shortly after the election. People trying to get into that website were being abruptly redirected to some random website and couldn’t get to the party’s site, Ginnebaugh said.

    Officers from the Winnebago County party, part of whose county lies in the 8th District, notified the 8th District party. Staff looked into it and determined the problem appeared to be isolated to the Winnebago County site, Ginnebaugh said.

    But when technicians from the 8th District couldn’t fix it, they contacted Jane Benson of Main Jane Designs of Green Bay. Benson is a web designer and does online marketing, but she also often works as an IT consultant for the local Democratic parties.

    Benson found the problem was wider than 8th District staffers thought. Seven county sites, including Brown County’s, and the umbrella site all were compromised, Benson said. Aside from Winnebago County noticing the problem with its link, they also were notified by Google that their searches were revealing a corruption. Google demanded the corruption be fixed or the site would be blacklisted from Google searches.

    Shawano, Marinette, Oconto, Kewaunee and Calumet county party sites were hacked, as were Brown and Winnebago and the overall 8th district site, Ginnebaugh said. Door, Outagamie, Menominee and Waupaca counties were not affected.

    No clear answer

    At Benson’s direction, the party hired Sucuri, an internationally known cyber security company. It cleaned their sites of all malware and took a variety of other protective steps, Benson said.

    All websites are made up of code that often turns out to have a security weakness that can make a website vulnerable, Benson said. Patches are sent out and administrators must update each website to keep it protected. With the election over and the holidays in full gear, people were on vacation, few were visiting the websites and attentiveness apparently lapsed, allowing hackers to get back in, Benson said.

    “Somehow, somebody was able to disable one of the Sucuri security features on the wiscdems.com website,” Benson said. “There’s an expectation that the plugins and platform code will be updated, and if they’re not, it can leave an opening for hackers to get in.”

    Two new users showed up as registered administrators of the website: larisa@steamreal.ru and ewartumba@mail.ru. The “.ru” suffix indicates a Russian origin, Benson said. The profile pages of the users had characters in the Russian alphabet in “Address” and “About Me” fields, she said.

    Code was entered, apparently through a back door, to add two registered users, but the website is set up to automatically block new registrants, so the intruders could do no damage. “It’s not clear how they got there,” Benson said.

    The intruders could just as easily have removed all trace of having been there and just backed quietly out, but they chose to leave their names “as if to say ‘we can get in whenever we want,’” Benson said.

    She said she can’t say whether Russians were really involved or whether the addresses could have been faked by someone mimicking a connection based on what had been in the news. But it was important that police and the FBI become involved, to “make this information part of the body of information police and the FBI are compiling from the national investigation,” she said.

    A call to Green Bay police detectives was not returned Monday.

    Benson said it was important for the public to know the hackers did not succeed in “harvesting information,” that breaches in the sites have been repaired and that everything is being professionally monitored to keep it secure.

    Ginnebaugh said the state Democratic Party also has been notified and would presumably be passing the information on to national levels.

    “Two new users showed up as registered administrators of the website: larisa@steamreal.ru and ewartumba@mail.ru. The “.ru” suffix indicates a Russian origin, Benson said. The profile pages of the users had characters in the Russian alphabet in “Address” and “About Me” fields, she said.

    The self-incriminating Russians strike again! It’s the only possibility. Or not:


    She said she can’t say whether Russians were really involved or whether the addresses could have been faked by someone mimicking a connection based on what had been in the news. But it was important that police and the FBI become involved, to “make this information part of the body of information police and the FBI are compiling from the national investigation,” she said.

    Well, at least we’ve hit a point where people are open to the idea that these “I’m Russian!” calling card hacks are maybe, just maybe, not actually done by Russians. At least not all of them. Unless the hacks really are being done by Russians using a reverse psychology to sow doubts about the Russian hacking campaign by being so blatantly Russian about it. It’s also possible that it really was Russian hackers who are really trying to send a “ha, ha, we can hack you” kind of message, but if so it’s a very strange decision for Russia to intentionally piss off Americans during a period when Trump might be willing to warm US/Russian relations.

    This is all part of the weird nature of crime in the digital age: a skilled hacker could, in theory, get away with the ‘perfect crime’ by leaving no trace of who did it, but that doesn’t stop people from speculating about who did it (unless the hack is never detected). So leaving little ‘calling cards’ has potential value to a hacker, but only if it’s not assumed that the evidence left behind isn’t evidence of who the hacker wants people to assume pulled off the hack. So leaving behind self-incriminating evidence is a potentially effective defense. It’s sort of an “anyone smart enough to pull off this hack wouldn’t be stupid enough to leave this kind of obvious evidence” defense. And it’s a viable defense since framing someone else (or some nationality) for the hack is one way to carry out that ‘perfect crime’. But only if it’s assumed that someone wouldn’t intentionally self-incriminate.

    It’s also worth noting that this kind of self-incriminating evidence isn’t meaningless evidence from a propaganda/disinfo perspective unless the public interprets this evidence as spoofable and meaningless. And the American public in general is still clearly very willing to take the “I’m Russian!” evidence at face value and that public learning curb is part of what’s so fascinating about the possibility that we could be looking at a period where hackers of all stripes start leaving Russian calling cards, whether its for intentional propaganda, reverse psychology, or just for the LOLs: If this goes on long enough with enough blatantly self-incriminating “I’m Russian!” hacks of this nature it’s possible we’re going to eventually get to a point where it’s just assumed that any hack blamed on the Russians due to self-incriminating evidence is probably someone trying to make it look like the Russians (as opposed to assuming that self-incriminating evidence is meaningless and could come for Russian hackers or non-Russian hackers). And that would allow for a nearly ‘perfect crime’, specifically for Russian hackers, because while you can’t stop people from speculating about who did a hack it’s still possible for the public to develop a “this is spoofed to make it look Russian” reflexive response.

    So one of the possible blowbacks of an extended spoofed ‘Russian’ hacking campaign (or successes of a clever reverse-psychology self-incriminating hacking campaign actually carried out by the Kremlin) could be the creation of ingrained skepticism against future Russian hacks…specifically those hacks with self-incriminating evidence. And if that happens for Russia, a whole bunch of other countries might start thinking, “hey, maybe we need a self-incriminating hacking campaign!”, and then proceed to launch waves of self-incriminating nuisance attacks that hopefully aren’t enough to start a war between nations but still enough to get a lot of public attention about all the blatantly self-incriminating evidence. Who knows if that will happen but it’s a fascinating possibility. And kind of scary.

    Posted by Pterrafractyl | January 27, 2017, 4:10 pm
  4. Slightly off topic
    Btw DE in case you didn’t know,
    Bibliomania bookstore in Oakland
    has an expanded Fascism section
    with many “classics” Bormann Brotherhood, American Swastika, Trade with Enemy, Old Nazis New Germany, Control of Candy Jones (in Espionage), Skorzeny Infield, Skorzeny Memoirs, Gehlen The General was a Spy, and many more. Also highly recommend the historical fiction of Philip Kerr;especially “Hitler’s Peace” and “A Quiet Flame” latter draws heavily from “The Real Odessa” by Uki Goni.

    Posted by Wasabi | January 30, 2017, 12:16 pm
  5. Check out the latest twist in mysterious DNC hacks: malware said to belong to “Fancy Bear” appeared online earlier this week by a pair of security firms. And following some analysis of the code by an ex-NSA staffer running his own security firm, a large amount of the spyware targeting Macs look an awful lot like the code sold by Italian “lawful intercept” spyware vendor Hacking Team, based on a comparison of the leaked code to Hacking Team’s code that was published by Wikileaks back in 2015. And while the Russian government was indeed known a customer of Hacking Team, guess who reportedly bought the same code: Israel, the FBI, DEA, and the US Department of Defense:

    Forbes

    The Little Black Book of Billionaire Secrets
    DNC Hackers Are Using Apple Mac Spyware Code From FBI Surveillance Vendor, Claims Ex-NSA Researcher

    Thomas Fox-Brewster
    Forbes Staff
    Feb 16, 2017 @ 11:00 AM

    Earlier this week, malware said to belong to the Russian group behind the hack of the Democratic National Committee, known as APT28 or Fancy Bear, leaked online. Though novel both for its targeting of Apple Macs and iPhone backups, the surveillance tool’s real intrigue lies underneath the hood. According to Patrick Wardle, an ex-NSA staffer and head of research at bug hunting firm Synack, a significant chunk of the APT28 Mac spyware looks much like that shipped by Italian spyware vendor Hacking Team, which sold to both Russian and U.S. government agencies.

    Wardle compared the Hacking Team Mac malware, available on Wikileaks after a 2015 breach of the surveillance company, to that published earlier this week by security firms BitDefender and Palo Alto Networks. He claimed the APT28 code resembled Hacking Team’s malware in numerous ways. In particular, Wardle noticed that the two malware samples used the same techniques for injecting code onto a target system, a feature that’s quite rare on Apple Macs, he told FORBES.

    After exploring further, he now believes the Russian crew “may have copied and pasted” that entire code injection function of the malware, which could explain some of the “weirdness” Wardle saw. That weirdness included what appeared to be mistakes, or “wrong logic” as Wardle put it, where the code that appeared to have some function would do nothing other than return failed.

    “[I’m] 100 per cent sure this is the same code,” Wardle added.

    Hacking Team’s sells to adversaries

    Hacking Team, a so-called “lawful intercept” company whose emails and files were dumped on Wikileaks after a breach in 2015, sold to both America and Russia. It was a provider for the FBI from 2011, selling as much as $775,000 in surveillance tools, though the feds found limited use for them. The DEA and the DoD were also customers, spending $567,000 and $190,000 respectively. Emails indicated it demoed and sold kit to the FSB too, spending as much as $450,000 via research center Kvant. And in leaked emails an employee from Hacking Team’s chief Israeli surveillance partner NICE noted the FSB was particularly interested in infecting Apple Macs.

    Whilst intriguing, the fact that a slice of APT28’s Mac malware looks like Hacking Team’s does not mean it was purchased from the Milan-based firm. It could be that APT28 did what other cybercriminals did after Hacking Team’s files were spilled online, copying and reusing the malware from Wikileaks. Furthermore, the FSB was not the Russian organization linked by the U.S. government to the DNC hack; the military intelligence arm, known as the GRU, was instead blamed by the FBI and DHS. Putin himself was said to have direct involvement in Fancy Bear’s spy operations.

    “Now whether the Russians bought it from Hacking Team directly, or simply copied and pasted from the leaks, who knows,” Wardle added. “But I’m leaning towards the copy and paste with removing some of logic that they didn’t need, but leaving in some other code that then didn’t really make sense.

    “Hacking Team could have done that themselves and then sold it to the Russians. But if so, the removal of the unneeded code … was done in a really shitty way.” Wardle plans to publish his full technical analysis on his own blog Thursday. He is unsure if the code injection feature created by Hacking Team works on the most recent Mac OS.

    Even Hacking Team had previously warned that terrorists would use its leaked tools, in condemning the 2015 breach. It may not have anticipated the hacker group linked to the most significant breach in history would borrow its code for their own machinations.

    “Hacking Team, a so-called “lawful intercept” company whose emails and files were dumped on Wikileaks after a breach in 2015, sold to both America and Russia. It was a provider for the FBI from 2011, selling as much as $775,000 in surveillance tools, though the feds found limited use for them. The DEA and the DoD were also customers, spending $567,000 and $190,000 respectively. Emails indicated it demoed and sold kit to the FSB too, spending as much as $450,000 via research center Kvant. And in leaked emails an employee from Hacking Team’s chief Israeli surveillance partner NICE noted the FSB was particularly interested in infecting Apple Macs.”

    So if the Russian government really was behind the hacks, it apparently used code from a “lawful intercept” malware firm that was known to have sold to the FSB, along with multiple US government agencies and the Israelis. And, of course, might also be used by anyone who happened to decide to reuse the code from the 2015 Wikileaks release:


    Whilst intriguing, the fact that a slice of APT28’s Mac malware looks like Hacking Team’s does not mean it was purchased from the Milan-based firm. It could be that APT28 did what other cybercriminals did after Hacking Team’s files were spilled online, copying and reusing the malware from Wikileaks. Furthermore, the FSB was not the Russian organization linked by the U.S. government to the DNC hack; the military intelligence arm, known as the GRU, was instead blamed by the FBI and DHS. Putin himself was said to have direct involvement in Fancy Bear’s spy operations.

    So if the code released this week by those security firms really is from a Russian government hacking entity, it’s another indication that that entity appears to use readily available code that could be attributed to numerous different actors. Which makes sense. Except for all the things the DNC hackers did to ensure that the hacks would be attributed back to Russians.

    So if transcripts of the calls between Donald Trump’s campaign officials and Russian government officials are ever released, you have to wonder if the topic of “why are the hackers implicating Russia?” ever came up. And given the ambiguous and spoofable nature of the technical evidence, you also have to wonder which side will be asking that question.

    Posted by Pterrafractyl | February 16, 2017, 4:37 pm
  6. Here is right wing blog’s explanation of the Russian Hacks – it was actually the CIA.  There obviously was not any mention that this could be a black operation created by the Underground Reich’s intelligence Operation.

    The Russians hack as much US information as they can, as do the Chinese, Pakistanis, and others. However, no Russian Intelligence Agency Hacking Operation would have a handle name which even remotely could be tied to Russia such as “Fancy Bear”. This was an obviously chosen name by the perpetuator of this hack to discedit US public opinion against Russia. This is similar to how the Nazis perpetuated the cold war to serve their own purposes.

    https://jonrappoport.wordpress.com/2017/03/07/wikileaks-cia-hackers-can-pose-as-russians-ring-a-bell/

    WikiLeaks: CIA hackers can pose as Russians—ring a bell?
    by Jon Rappoport
    March 7, 2017
    (Part-2, here)

    Let’s see. The CIA claims that Russian government hackers interfered in the US election, on the side of Trump.

    But suppose CIA hackers fabricated an operation to make it look like a Russian hack? Too far-fetched?

    Not anymore.

    In conjunction with their new data-dump of CIA material, WikiLeaks issues this statement:
    “The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation. With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from.”
    Spy games.

    A group within the CIA wanted to shift blame for Hillary Clinton’s defeat? How about pointing at the Russians? “Easy. We can use Russian hacking tools and fabricate a scenario. We can say we discovered ‘fingerprints’ that point to the Russian government.”

    Here is what the CNN Wire Service reported on January 2, 2017: “…even as President-elect Donald Trump and his aides cast doubt on the links between Russia and recent hacks against Democrats, US intelligence officials say that newly identified ‘digital fingerprints’ indicate Moscow was behind the intrusions.”

    “One official told CNN the administration has traced the hack to the specific keyboards — which featured Cyrillic characters — that were used to construct the malware code, adding that the equipment leaves ‘digital fingerprints’ and, in the case of the recent hacks, those prints point to the Russian government.”
    Really? We live in a world where spies and their cronies are constantly fixing reality to suit themselves.

    So now all this bravado about discovering how the Russians hacked and stole the election blows up like a cream puff with a firecracker inside.

    Who originally hacked/accessed the Democratic National Committee (DNC) email files and handed them to WikiLeaks for publication? That appeared to be an insider at the DNC. But the cover story—“the Russians did it”—floated by the CIA other US intelligence agencies now takes on a new hue.

    The CIA has worked, over the years, to refine its ability to fake a hack-trace to all sorts of people, including the Russian government.

    This gives people yet another opportunity to realize that employees of intelligence agencies are trained to lie. It’s their bread and butter. A day without lying is a misspent day.

    They purposely lie in their investigations, in their reports, in their testimony, in their leaks to the press, in their budget requests, in their clandestine operations, in their statements about the circumscribed limits of their activities.

    In their minds, they lie in order to tell the truth.

    They will, when it suits them, also tell the truth in a way that supports a larger lie.

    Some CIA agents eventually forget which way is up and what they’re doing. This is a

    Posted by Roger McDonald | March 8, 2017, 6:17 pm
  7. While this isn’t new news, it’s worth noting that Roger Stone once again confirmed that he has a back channel to Julian Assange. A “perfectly legal back channel” as Stone put it:

    Ther Guardian

    Roger Stone claims he has ‘perfectly legal back channel’ to Julian Assange

    The former political adviser to Trump, with whom he maintains close ties, later deletes tweet that was part of series of profane challenges to president’s critics

    Alan Yuhas
    Sunday 5 March 2017 14.29 EST

    Roger Stone, a former adviser to Donald Trump, wrote on Saturday night that he had a “perfectly legal back channel” to Julian Assange, whose organization WikiLeaks published emails related to Hillary Clinton’s presidential campaign that intelligence agencies say were hacked by Russian intelligence. Stone then deleted the message.

    While tweeting his support of the president’s unsubstantiated claims that Barack Obama tried to undermine the Trump campaign, Stone directed a series of angry and abusive messages at a scientist who questioned him.

    In one post, later deleted, Stone said he had “never denied perfectly legal back channel to Assange who indeed had the goods on #CrookedHillary”.

    He also invited challengers to file libel suits against him, saying: “Bring it! Would enjoy crush u in court and forcing you to eat shit – you stupid ignorant ugly bitch!”

    Stone sent similar, profanity-laced messages to other critics of the president, including author JK Rowling, whom he suggested should take refugees and migrants into her own home. Stone then deleted the tweets.

    Hours later, he added: “Just nothing better than calling out liberal jerk offs on Twitter. We won, you lost. You’re done!”

    Here are the tweets Roger Stone deleted. pic.twitter.com/2S0mFvKcsu— Lili Loofbourow (@Millicentsomer) March 5, 2017

    A political operative whose work with the Republican party dates back to the days of Richard Nixon – whose face is tattooed on Stone’s back – Stone reportedly retains ties to the president, though he officially left Trump’s campaign in late 2015.

    In an interview last week with Breitbart News, the site previously run by Steve Bannon, now Trump’s chief strategist, Stone was described as one of Trump’s “political mentors” and someone who “remains one of his closest confidantes”.

    Last fall, US intelligence agencies formally accused the Kremlin of trying to interfere in the 2016 election, and in January reported that Russia’s intent was to help Trump’s campaign defeat Clinton.

    Part of that covert effort, the agencies said, was to hack into the emails of the Democratic party and Clinton’s campaign chairman, John Podesta. Those emails were then released by WikiLeaks over several months of the campaign.

    During the campaign last August, Stone was recorded on video telling a group of Florida Republicans: “I actually have communicated with Assange.”

    “I believe the next tranche of his documents pertain to the Clinton Foundation, but there’s no telling what the October surprise may be,” he said.

    He then seemed to preview the WikiLeaks dump of Podesta emails, writing on Twitter: “Trust me, it will soon the Podesta’s time in the barrel.”

    In October, he told a local CBS reporter about “a back-channel communication with Assange, because we have a good mutual friend”.

    “That friend travels back and forth from the United States to London and we talk,” Stone said.

    In an interview with CBS last week, Stone denied having any “direct conversations” with Assange and added: “Nor did I have advance knowledge of either the matter of his subsequent disclosures, or who he did or did not hack.”

    The FBI is reportedly investigating Stone, along with former Trump campaign chief Paul Manafort, former adviser Carter Page and former national security adviser Michael Flynn, for possible contacts with Russian officials.

    In an interview with the Guardian last month, Stone called for an unbiased investigation into such alleged links, saying: “The president should tell his attorney general that either he finds proof of this, or he puts it to bed and announces none of it happened.”

    He added: “I would relish the opportunity to testify in public under oath on this issue.”

    Stone also denied that he had any contact with Russian officials during or after the campaign. “There was no collusion,” he said. “I have had no connection with the Russians. If the government has evidence that I was colluding with the Russians in Donald Trump’s campaign, they should indict me immediately.”

    “In one post, later deleted, Stone said he had “never denied perfectly legal back channel to Assange who indeed had the goods on #CrookedHillary”.”

    It’s not hard to particularly surprising that Stone would have deleted that particular tweet since it was part of a tweetstorm that made him seem like a psycho, although it’s a little hard to see what exactly Stone thought he was accomplishing since his psycho status has been long established and it’s not like he’s ever minded coming off as a psycho in the past.

    So who knows what Stone thought he was accomplishing by delete those tweets including the tweet where he once again acknowledging having a back channel with Assange, but if the latest report by The Smoking Gun is accurate, there might be some tweets Stone really wishes he could delete right now. His private tweets with “Guccifer 2.0”:

    RawStory

    FBI has records of Trump trickster Roger Stone communicating with Russians behind DNC hacks: report

    Travis Gettys
    09 Mar 2017 at 07:46 ET

    Roger Stone, a Donald Trump confidante and longtime Republican dirty trickster, communicated privately with a Russian hacking group identified by U.S. intelligence officials as the culprit in the theft of emails related to the Democratic presidential campaign.

    Stone, who is under FBI investigation for his alleged ties to Russia, communicated through private Twitter messages with the “hacktivist” known as Guccifer 2.0 during the presidential campaign, reported The Smoking Gun.

    Guccifer 2.0 claimed to be a lone activist committed to “fight all those illuminati,” and Stone promoted those claims, but U.S. intelligence officials believe with “high confidence” that Russia’s intelligence service, GRU, operated the hacker’s Twitter, WordPress and “burner” emails used to communicate with the media — including The Smoking Gun — and other individuals.

    A source told the website that Stone, who admitted over the weekend to back-channel communications with WikiLeaks founder Julian Assange, exchanged private direct messages with Guccifer 2.0, in addition to exchanges on their public Twitter accounts.

    Stone said, in a series of profane and combative tweets defending Trump’s baseless claims that Barack Obama had wiretapped his campaign, that he had “never denied perfectly legal back channel to Assange who indeed had the goods on #CrookedHillary.”

    He made a similar claim in August to a group of Florida Republicans and in October to CBS News, and he seemed to know ahead of time that WikiLeaks would release emails stolen from John Podesta, Hillary Clinton’s campaign chairman.

    Last week, Stone denied any having “direct conversations” with Assange and advance knowledge of hacked data dumped online by WikLeaks.

    The Smoking Gun, which has reported extensively on its own communications with the hackers, asked Stone whether he had exchanged private messages with Guccifer 2.0, to which he replied via text: “don’t recall.”

    Stone, who was paid $50,000 for two months of work at the start of the Trump campaign, told the website that “numerous people who work for me have access to my twitter feed.”

    The FBI is reportedly investigating Stone, as well as former Trump campaign chairman Paul Manafort, former adviser Carter Page and former national security adviser Michael Flynn, for alleged contacts with Russian officials during the presidential campaign.

    The Smoking Gun revealed that investigation was being run out of the FBI’s San Francisco office, and two sources told the website reported that agents had obtained detailed records for the Guccifer 2.0 Twitter and WordPress accounts.

    The sources did not say whether the records were obtained through a search warrant or grand jury subpoena, and the sources weren’t sure whether investigators had gathered enough evidence to seek an indictment against anyone connected to the Guccifer 2.0 hacks.

    Both Twitter and WordPress are based in San Francisco, and any records obtained by FBI agents would include IP addresses, which The Smoking Gun reported would not likely identify where Guccifer 2.0 was based because the hackers took steps to cover their tracks.

    But agents would have obtained tweets and direct messages sent by the Guccifer 2.0 account, which would include any private communications with Stone — who has known Trump for decades and is connected with both Breitbart News and Alex Jones’ InfoWars website.

    “A source told the website that Stone, who admitted over the weekend to back-channel communications with WikiLeaks founder Julian Assange, exchanged private direct messages with Guccifer 2.0, in addition to exchanges on their public Twitter accounts.”

    So according to one source, Stone exchanged private direct message over Twitter with Guccifer 2.0, although Stone claims he doesn’t recall whether or not that happened:


    The Smoking Gun, which has reported extensively on its own communications with the hackers, asked Stone whether he had exchanged private messages with Guccifer 2.0, to which he replied via text: “don’t recall.”

    But if two of The Smoking Gun’s sources are correct, the FBI might be in a position to help Stone recall:


    “The Smoking Gun revealed that investigation was being run out of the FBI’s San Francisco office, and two sources told the website reported that agents had obtained detailed records for the Guccifer 2.0 Twitter and WordPress accounts.

    So we’ll see if the FBI investigation into Stone’s links with Russia ends up charging him with anything, but it’s important to recall that one of the reasons Guccifer 2.0 was assumed to be Russian is because the hacked files they released kept leaving little hints in the documents there were leaking that strongly suggested they were Russian:

    Counter Punch

    Did the Russians Really Hack the DNC?

    by Gregory Elich
    January 13, 2017

    Someone, or some group, operating under the pseudonym of Guccifer 2.0, claimed to be a lone actor in hacking the DNC servers. It is unclear what relation – if any – Guccifer 2.0 has to either of the two APT attacks on the DNC. In a PDF file that Guccifer 2.0 sent to Gawker.com, metadata indicated that it was it was last saved by someone having a username in Cyrillic letters. During the conversion of the file from Microsoft Word to PDF, invalid hyperlink error messages were automatically generated in the Russian language. [11]

    This would seem to present rather damning evidence. But who is Guccifer 2.0? A Russian government operation? A private group? Or a lone hacktivist? In the poorly secured DNC system, there were almost certainly many infiltrators of various stripes. Nor can it be ruled out that the metadata indicators were intentionally generated in the file to misdirect attribution. The two APT attacks have been noted for their sophistication, and these mistakes – if that is what they are – seem amateurish. To change the language setting on a computer can be done in a matter of seconds, and that would be standard procedure for advanced cyber-warriors. On the other hand, sloppiness on the part of developers is not entirely unknown. However, one would expect a nation-state to enforce strict software and document handling procedures and implement rigorous review processes.

    At any rate, the documents posted to the Guccifer 2.0 blog do not necessarily originate from the same source as those published by WikiLeaks. Certainly, none of the documents posted to WikiLeaks possess the same metadata issues. And one hacking operation does not preclude another, let alone an insider leak.

    And don’t forget that the name signed in Cyrillic was that of Felix Dzerzhinksy, the founder of the Soviet secret police.

    It raises the question: if the FBI investigation identifies Guccifer 2.0 and also reveals that Stone was indeed coordinating the hacks (or coordinating how to disseminate the information after the hacks took place), but it’s also learned that Guccifer 2.0 wasn’t actually a Russian agent, will the FBI drop the case against Stone? We’ll see. Or probably not see since there’s a good chance we’ll never find out what the FBI learned about Stone’s activities if it can’t find any conclusive Stone/Russia connections.

    But at least it was nice to learn that it’s the FBI’s San Francisco office doing this investigation and not the New York office.

    So that’s part of the latest update on the Trump campaign’s collusion with Wikileaks and possible collusion with the Democratic Party hackers. But it’s not the only recent update of that nature:

    Talking Points Memo
    Editor’s Blog

    The Fuse Is Burning

    By Josh Marshall
    Published March 9, 2017, 2:37 PM EDT

    Let’s walk through this chain of events today that mixes together Julian Assange, President Trump, Nigel Farage and Sean Spicer.

    1. Yesterday, Wikileaks released a trove of documents which purport to document numerous hacking tools used by the CIA. The authenticity of these documents hasn’t been formally confirmed. But all signs suggest they are real. Knowledgable observers say it is a huge setback for the CIA.

    2. Around noon today, someone tipped off Buzzfeed (tip is my surmise but how else would they know to be there?) that Nigel Farage was meeting with Julian Assange at the Ecuadorean Embassy in London where Assange been holed up since 2012 to avoid questioning and possible arrest on a sexual assault accusation in Sweden. Farage is a close ally and advisor to President Trump. He has been regularly visiting Washington and New York since Trump’s election and meets with Trump regularly. We don’t know what the two men were discussing. But Farage’s whole world right now is Trump, Trump and breaking apart the EU.

    3. Some time after noon in London, Farage emerged from the Embassy. Buzzfeed photographed him and asked what he was doing there. Farage refused to say. “I never discuss where I go or who I see.”

    4. A short time later, a source with the UK Independence Party, the party Farage until recently led, confirmed to The Independent that Farage was meeting with Assange and had met with him for about 40 minutes.

    5. This afternoon UK time, Assange holds a press conference discussing his new batch of CIA documents and promising more revelations.

    6. During Sean Spicer’s daily press briefing, an AP reporter asks Spicer about the Farage/Assange meeting and whether he carrying a message from President Trump. Spicer basically ducked the question. But when asked specifically whether Farage was “delivering a message” from Trump, Spicer replied: “I have no idea.”

    “A short time later, a source with the UK Independence Party, the party Farage until recently led, confirmed to The Independent that Farage was meeting with Assange and had met with him for about 40 minutes”

    Is Nigel Farage a new Trump administration back channel to Wikileaks? Sean Spicer wasn’t ready to deny it. And could Farage be Stone’s back channel? Well, keep in mind that Stone previously asserted that his go-between was an American libertarian on the “opinion side” of the US media. Also keep in mind that there’s basically no reason to believe anything coming out of Stone’s mouth so who knows. But Trump’s closest ally in the UK just met with Julian Assange days after the big CIA hacking tool leak and right before Assange holds a press conference promising more revelations so one thing we can say with increasing certainty is that Donald Trump has a lot of friends who are friendly with Wikileaks.

    Posted by Pterrafractyl | March 9, 2017, 4:50 pm
  8. So Nixon hagiographer Monica Crowley, who forfeited a job with Trumps”s National Security Council
    due to charges of plagiarism, is now a registered lobbyist for the Ukrainian steel billionaire who funds
    the Atlantic Council: Victor Pinchuk!
    Pinchuk appears to be quite the artful dodger having donated to both the Clinton and Trump Foundations prior to the US election.
    However it was the op-ed he wrote in December for the Wall Street Journal that thrust Pinchuk into the
    spotlight while angering Ukrainian Poroshenko at the same time. It read “Ukraine Must Make Painful
    Compromise for Peace With Russia.” Pinchuk recommended Ukraine defer any plans to join the EU
    and NATO. In return he indicated Kiev might approve the lifting of sanctions imposed on Russia.
    Naturally Poroshenko now views Pinchuk as an appeaser and probably a contender for his job.
    Ah yes the Art of the Deal!

    Posted by Dennis | March 15, 2017, 11:50 am
  9. With the House Intelligence Committee public hearings over the investigation into Russian interference in the 2016 election now underway, one of the more interesting questions from a political sh#t-storm perspective is whether or not Roger Stone is going to be called to testify. John McCain said Stone should be called to testify before the Senate Intelligence Committee just last week, so it certainly seems possible he’ll be testifying before at least one congressional body at some point soon. And while it’s unclear what Stone will say if he does end up testifying, based on the preview he gave us in a series of tweets it sounds like Stone is characterize the suspicions that he was colluding with Russian government assets on a conspiracy of US intelligence services and George Soros:

    Talking Points Memo
    Livewire

    Roger Stone: Talk Of My ‘Collusion’ With Russia Made Up By Intel Community

    By Caitlin MacNeal
    Published March 20, 2017, 3:28 PM EDT

    Longtime Trump confidante Roger Stone lashed out at the ranking member on the House Intelligence Committee Monday, saying that his claims that Stone had contact with Russians were “manufactured by the intelligence community.”

    During a hearing on Russia’s election meddling, Rep. Adam Schiff (D-CA) noted that Stone communicated with Guccifer 2.0, a hacker that U.S. officials believe is associated with the Russian government and that published stolen Democratic National Committee emails online.

    Stone said on a Monday tweet that it would only be “fair” if he could respond to allegations of collusion with Russia during the hearing.

    It’s only fair that I have a chance to respond 2 any smears or half truths about alleged “Collusion with Russians” from 2day’s Intel Hearing— Roger Stone (@RogerJStoneJr) March 20, 2017

    Stone then said in an interview with SiriusXM radio’s “The Wilkow Majority” that his contact with Guccifer 2.0 was “benign” and slammed Schiff for mentioning it at the hearing. The interview was first flagged by CNN’s KFILE.

    He insisted that his interaction with Guccifer 2.0 was “benign in its content” and said that it took place after the DNC had been hacked.

    “This is does not constitute collusion,” Stone said. “I had no contacts with Russians. This one has been manufactured by the intelligence service with a nice assist from [billionaire philanthropist George] Soros and [David] Brock. I’m not gonna stop fighting for Donald Trump, nor are they going to silence me. I am anxious to go to the committee. Let’s see if they can handle the truth.”

    “This is does not constitute collusion…I had no contacts with Russians. This one has been manufactured by the intelligence service with a nice assist from [billionaire philanthropist George] Soros and [David] Brock. I’m not gonna stop fighting for Donald Trump, nor are they going to silence me. I am anxious to go to the committee. Let’s see if they can handle the truth.”

    Are suspicions about Roger Stone’s collusion with Russian assets purely a fabrication of US intelligence services and George Soros? Well, it’s certainly possible that the US intelligence community is hyping the strength of any evidence that it was indeed the Russian government behind the “Fancy Bear” and “Cozy Bear” hacks, especially since much of the technical evidence pointing towards Russian government hackers is evidence predicated on the assumption that these Russian government hackers either had incredibly poor operational security for this operation or actively want the US to know it was the Russian government doing the hacking and openly invited the kind of broad public uproar in the aftermath. But it’s pretty undeniable that either Russian hackers or hackers who wanted everyone to think they were Russian hackers did the hacking. That’s not really disputable.

    So if Stone wants to prove that the suspicions that he was coordinating with Russian assets were just a fabrication of US intelligence he’ll need to help everyone determine who the hackers actually were. And he just might be in a position to do exactly that since so much of the interest surrounding Roger Stone’s collusion with the hackers has to do with the fact that he openly communicated with “Guccifer 2.0”, openly bragged about a “back channel” with Wikileaks, and openly predicted the nature of upcoming hacks (like the hacks of John Podesta’s emails) before anyone knew they were coming. So it will be interesting to see what he has to say about all those topics should he be called to testify before Congress, although as Stone has already indicated, he’s going to take the stance that he just randomly guessed John Podesta’s emails were going to get hacked based on his personal research and never actually had any direct or indirect communication with Wikileaks (despite now-deleted tweets to the contrary):

    CNN

    Senate Intelligence Committee asks Roger Stone to preserve records

    By Kevin Bohn and Gloria Borger

    Updated 2:53 PM ET, Sun March 19, 2017

    (CNN)The Senate Intelligence Committee has asked Roger Stone, the flamboyant political adviser who has been connected to Donald Trump for years, to preserve any records he might have that could be related to the panel’s investigation into Russian actions targeting the U.S. election, Stone confirmed to CNN.

    One avenue of interest for the committee could be contacts Stone had with “Guccifer 2.0”– the online persona who claims responsibility for hacking the Democratic National Committee — which he characterized as an innocuous “brief exchange” of a few direct messages that he says amount to nothing.

    Any suggestion otherwise, he told CNN, is “a fabrication.”

    Stone said his few exchanges with Guccifer 2.0 occurred in August after Twitter briefly banned the hacker for posting DNC information. He says he did not communicate in any way beforehand. The timeline, he insists, proves he did not collude in the hack itself.

    “I have this brief exchange with him on Twitter,” he recalled. “To collude, I would have to have written him before. … We would need a time machine to collude.”

    Stone told CNN he would like to testify before the committees investigating the allegations of Russian ties so long as it is in public. “I am anxious to rebut allegations that I had any improper or nefarious contact with any agent of the Russia state based on facts — not misleading and salacious headlines,” Stone told CNN. “I am willing to appear voluntarily if the committee isn’t looking for the headline of issuing a subpoena.”

    Burr told CNN’s Manu Raju last week that Stone’s contacts were part of the “ongoing investigation,” and Warner raised concerns about Stone saying the committee might bring him in for questions.

    The New York Times first reported the records preservation request as several congressional committees look to see if there was any collusion between Trump associates and individuals connected to Russia.

    “The intelligence agencies pushing this false Russian narrative through a series of illegal hacks have hurt my ability to make a living and are soiling my reputation,” Stone said. “The government is in possession of no evidence whatsoever that I colluded with the Russian State. Any inference that my innocuous fully disclosed Twitter exchange and tweets with a hacker known as Gruccifer 2.0 (sic), who may not may not be a Russian asset, constitutes ‘collusion’ is disproved by the content, the facts and the timeline of events.”

    The Smoking Gun website and then The Washington Times reported the direct messages between Stone and Guccifer 2.0.

    Afterward, Stone released screen shots of the purported messages himself, posting them online in a blog. In those messages, he said he was “delighted” to see Guccifer 2.0 reinstated after the hacking persona’s brief banning by Twitter.

    Stone also said in the blog post that he noted publicly on his Twitter account when the social media site reinstated the Guccifer 2.0 “because I abhor censorship.”

    While Stone says his messages to the hacker alias are of no consequence, this is the first time anyone in Trump’s orbit has acknowledged any contact with a hacker — not to mention one that claimed responsibility for hacking the DNC.

    US officials may well be interested in Stone’s communications with Guccifer 2.0, whom they believe with “high confidence” was actually a front for Russian military intelligence and was part of the effort to influence America’s elections.

    Stone claims to be the subject of a warrant under the Foreign Intelligence Surveillance Act, saying his knowledge of that comes from “credible sources” that he cannot reveal. His communications with others — by phone and email — are being monitored, he claims to CNN.

    Stone vigorously denies that any monitoring would be productive. You might get “a lot of funky campaign stuff, nothing that’s illegal … [and] no Russians,” he said, denying any contact with Russia.

    US officials have not confirmed any such warrant.

    Questions have also been raised about Stone’s cryptic tweets last August that John Podesta, Hillary Clinton’s campaign manager, would endure his “time in the barrel,” which he posted after WikiLeaks began publishing other Democrats’ hacked emails. The website posted thousands of emails it said were from Podesta’s account in the closing weeks of the campaign.

    Stone offers a “simple” explanation for his Podesta tweet: He was referring to “my own research” about Podesta and his family. He also says that tweet “does not in any way prove I was foreshadowing” the WikiLeaks release.

    And what of Stone’s ominous tweet in early October, “Wednesday@HillaryClinton is done. #Wikileaks”? He tells CNN that is the result of information from a source he would not reveal.

    Stone says he has never communicated with WikiLeaks founder Julian Assange “either directly or indirectly.” Rather, the tweet was based on information from a friend who had spoken with Assange, he said. Earlier this month, however, Stone tweeted that he had a “back channel” to WikiLeaks during the presidential campaign only to delete the post a short time later.

    “[N]ever denied perfectly legal back channel to Assange, who indeed had the goods on #CrookedHillary,” Stone tweeted. The post was gone after about 40 minutes.

    Stone adds that he does not believe Assange works for the Russians, although the US intelligence community concluded in a report on January 6 that WikiLeaks did, in fact, work with Russian intelligence during the US election.

    Instead, Stone offers that all of this could be “disinformation” disseminated by what he calls “rogue intelligence agencies,” a line that is becoming increasingly popular in some far-right circles.

    “Stone claims to be the subject of a warrant under the Foreign Intelligence Surveillance Act, saying his knowledge of that comes from “credible sources” that he cannot reveal. His communications with others — by phone and email — are being monitored, he claims to CNN.”

    Stone is confident he’s under a FISA warrant but won’t reveal the “credible sources”. Huh. So does Stone legally have to reveal the “credible sources” telling him that he’s under a FISA warrant if Congress asks? Isn’t that a very high-level leak someone like Stone shouldn’t have any access to? Hopefully he’ll be asked to testify and we can find out. Along with what Stone will finally say about all this:


    Questions have also been raised about Stone’s cryptic tweets last August that John Podesta, Hillary Clinton’s campaign manager, would endure his “time in the barrel,” which he posted after WikiLeaks began publishing other Democrats’ hacked emails. The website posted thousands of emails it said were from Podesta’s account in the closing weeks of the campaign.

    Stone offers a “simple” explanation for his Podesta tweet: He was referring to “my own research” about Podesta and his family. He also says that tweet “does not in any way prove I was foreshadowing” the WikiLeaks release.

    And what of Stone’s ominous tweet in early October, “Wednesday@HillaryClinton is done. #Wikileaks”? He tells CNN that is the result of information from a source he would not reveal.

    Stone says he has never communicated with WikiLeaks founder Julian Assange “either directly or indirectly.” Rather, the tweet was based on information from a friend who had spoken with Assange, he said. Earlier this month, however, Stone tweeted that he had a “back channel” to WikiLeaks during the presidential campaign only to delete the post a short time later.

    “[N]ever denied perfectly legal back channel to Assange, who indeed had the goods on #CrookedHillary,” Stone tweeted. The post was gone after about 40 minutes.

    Aha. So Stone admits beint in contact with “Guccifer 2.0” in August, but he asserts that it was all out in the open and it’s just a coincidence that Stone also predicted late in August that John Podesta’s “time in the barrel” was coming. A coincidence brought about by Stone’s “own research” into Podesta. And all those admissions about a back channel to Wikileaks were wrong…instead he was merely speaking to a friend who had spoken with Assange and somehow this doesn’t constitute a back channel. Nope.

    Posted by Pterrafractyl | March 20, 2017, 2:58 pm
  10. Now that Donald Trump’s former national security adviser Michael Flynn has requested immunity in return for his testimony in the various investigations swirling around the Trump administration and its ties to Russia, it’s worth noting that Flynn and his possible illegal actions are a great example of why any investigation into foreign influence of the Trump administration must extend far being Russia if it’s going to be a comprehensive investigation. Yes, Flynn may have violated the Logan Act during his conversation the Russian ambassador in late December. But what about possible improper Turkish influences?

    The Independent

    Donald Trump’s former national security adviser ‘discussed removing Gulen from US’, former CIA director says

    Michael Flynn’s spokesman denies issue was discussed with Turkish officials

    Lizzie Dearden
    March 25, 2017 14:33 GMT

    Donald Trump’s former national security adviser has denied discussing the removal of an exiled cleric from the US to face charges over an attempted coup in Turkey.

    Michael Flynn was forced to resign from his post after giving “incomplete information” on discussions over sanctions with the Russian ambassador and is one of several figures being investigated over ties with the Kremlin.

    James Woolsey Jr, the former director of the CIA, said Mr Flynn had met with senior representatives of Recep Tayyip Erdogan’s government in the run-up to the US election on behalf of his Flynn Intel Group.

    Mr Woolsey, who was a Trump campaign adviser at the time, advised late to the meeting to find Mr Flynn and Turkish officials allegedly discussing Fethullah Gulen.

    “It looks as if there was at least some strong suggestion by one or more of the Americans present at the meeting that the United States would be able, through them, to be able to get hold of Gulen,” he told CNN.

    Mr Woolsey told The Wall Street Journal he arrived in the middle of the conversation but described the basic plan as a “covert step in the dead of night to whisk this guy away”.

    He said he alerted American officials to the alleged conversation, which he called “suspicious and concerning”.

    Mr Gulen, a Pennsylvania-based Turkish cleric has been accused of fomenting a violent attempted coup against President Erdogan in July but denies the charge, although his “Hizmet” movement admits some of its supporters may have been involved.

    A lack of evidence caused Barack Obama’s administration to refuse Ankara’s calls to extradite Mr Gulen but there has been speculation that Mr Trump may not share the position.

    A spokesperson for Mr Flynn denied he or anyone else at the meeting had “discussed physical removal of Mr Gulen from the United States”.

    “No such discussion occurred,” Price Floyd added in a statement. “Nor did Mr Woolsey ever inform General Flynn that he had any concerns whatsoever regarding the meeting, either before he chose to attend, or afterwards.”

    Mr Flynn heavily criticised Mr Gulen in an article published on election day in November, arguing the US should not give him a “safe haven” and treat Turkey as a priority and a friend.

    Justice Department documents later revealed that the article was linked to research conducted for a Turkish-owned company whose owner is an ally of Mr Erdogan.

    Inovo BV paid Flynn Intel Group $530,000 (£425,000) for work he admitted may have “principally benefitted” the Turkish government in official filings.

    Sean Spicer, the White House spokesman, said Mr Trump did not know Mr Flynn was acting as a “foreign agent when he was hired after the documents emerged.

    Anyone representing the interests of foreign powers in a political capacity must declare their interest to the US government under the Foreign Agents Registration Act.

    Refusals by the American government and much of Europe to recognise the Ankara’s accusations against Mr Gulen has worsened relations with Turkey amid Mr Erdogan’s anger over international criticism of security crackdowns and purges in the military, government and media since the coup.

    A report by the House of Commons Foreign Affairs Committee found that evidence of the Gulen movement’s involvement in the group was “anecdotal and circumstantial”, as was evidence used for its terrorist designation by the Turkish government.

    “While some of the individuals involved in the coup may have been Gülenists, given the large number of Gülenist supporters and organisations in Turkey, it does not necessarily follow that the Gülenists were responsible for the coup or that their leadership directed the coup,” MPs concluded last week.

    The Turkish President hit out at the head of Germany’s BND foreign intelligence service on Friday for suggesting Berlin is not convinced that Mr Gulen orchestrated July’s coup.

    Bruno Kahl told Der Spiegel magazine that Turkey tried to “convince us on a number of different levels. But they haven’t yet been successful”.

    “Mr Woolsey told The Wall Street Journal he arrived in the middle of the conversation but described the basic plan as a “covert step in the dead of night to whisk this guy away”.”

    Extraordinary rendition by the US. Within the US. On behalf of Erdogan. Yeah, that’s pretty extraordinary. And a pretty good reason for requesting immunity. Along with the Turkish lobbying:


    Mr Flynn heavily criticised Mr Gulen in an article published on election day in November, arguing the US should not give him a “safe haven” and treat Turkey as a priority and a friend.

    Justice Department documents later revealed that the article was linked to research conducted for a Turkish-owned company whose owner is an ally of Mr Erdogan.

    Inovo BV paid Flynn Intel Group $530,000 (£425,000) for work he admitted may have “principally benefitted” the Turkish government in official filings.

    Sean Spicer, the White House spokesman, said Mr Trump did not know Mr Flynn was acting as a “foreign agent when he was hired after the documents emerged.

    Anyone representing the interests of foreign powers in a political capacity must declare their interest to the US government under the Foreign Agents Registration Act.

    “Anyone representing the interests of foreign powers in a political capacity must declare their interest to the US government under the Foreign Agents Registration Act.”

    So there’s plenty of in-your-face potentially criminal Turkish government influences. And then there’s all those business-related conflicts of interest that Trump himself has in Turkey. And, of course, there’s the ideological ties a far-right rogue administration like the Trump’s will have with a far-right rogue administration like Erdogan’s as part of the general far-right global movement to destroy all that which is non-far-right. Is that going to be part of these various investigations into foreign influences of the Trump administration? Especially given the spoofable nature of the Russian hacking evidence? Of course not, since ties to Russia are apparently the only foreign influences that matter and not the Trump administration’s ties to the global far-right. For some mysterious reason.

    So if Flynn testifies it’s pretty clear that the investigations are going to be exclusively interested in Russia and only Russia. So hopefully some of the investigators can get Flynn to shed light on why it is that the ‘Russian hackers’ keep going out of their way to ensure they are identified as Russian hackers:

    Talking Points Memo
    DC

    Rubio Reveals Russian Hackers Targeted His Presidential Campaign Staff

    By Alice Ollstein
    Published March 30, 2017, 3:14 PM EDT

    In the Senate Intelligence Committee’s first open hearing on Russian meddling in the 2016 election, Sen. Marco Rubio (R-FL) revealed that Russian hackers may have targeted his former presidential campaign staffers—as recently as this week.

    In the morning session of the hearing, former FBI agent Clint Watts said he believed Rubio was among the candidates from both parties that Russia aimed to discredit due in particular to their “adversarial views towards the Kremlin.” Rubio did not respond to the allegation in that morning session, and his office did not respond to TPM’s request for comment.

    But when the hearing reconvened in the afternoon, Rubio said that while he couldn’t comment on the former agent’s allegation that he was targeted during his bid for the Republican presidential nomination, he could confirm he has been targeted at least twice since bowing out.

    “In July of 2016, shortly after I announced I would seek re-election to the United States Senate, former members of my presidential campaign team who had access to the internal information of my presidential campaign were targeted by I.P. addresses with an unknown location within Russia,” he said. “That effort was unsuccessful.”

    I’d also inform the committee that within the last 24 hours, at 10:45 a.m. yesterday, a second attempt was made, again against former members of my presidential campaign team who had access to our internal information, again targeted from an I.P. address from an unknown location in Russia,” he continued. “That effort was also unsuccessful.”

    The Senate Intelligence Committee is examining, among other factors, Russia’s use of hacking, selective leaking and social media bots to spread disinformation and create political divisions to weaken confidence in the American electoral system.

    I’d also inform the committee that within the last 24 hours, at 10:45 a.m. yesterday, a second attempt was made, again against former members of my presidential campaign team who had access to our internal information, again targeted from an I.P. address from an unknown location in Russia,” he continued. “That effort was also unsuccessful.”

    Yep, on the same day Vladimir Putin uses a bungled “Read my lips” line to deny Russian involvement in the hacks, Marco Rubio informs that world that Russian hackers made their second attempt to hack Rubio’s staff within the last 24 hours. And how do they know it was Russian hackers? Because their I.P. addresses led back to Russia. So of course it was Russians. And specifically the Russian government. And definitely not someone else.

    And since all these investigations are apparently exclusively interested in Russian ties, and only Russian ties, hopefully Flynn will at least shed some light on that strange ‘Russian hacker’ behavior. After all, if those ‘Russian hackers’ hadn’t been so blatantly Russian there’s a good chance Flynn wouldn’t be in this situation in the first place. Sure, he would still have the Turkish government lobbying conflicts of interest even if these ‘Russian hackers’ didn’t frame themselves as Russian hackers, but as is abundantly clear at this point, if it’s not a Russian-related foreign conflict of interest – like a conflict of interest that could potentially motivate a foreign government (or international far-right network) to hack the DNC and make it look like the Russians did it – nobody really cares. At least not enough to investigate it. Or even consider the possibility.

    Posted by Pterrafractyl | March 31, 2017, 3:22 pm
  11. One of the questions that’s been looming over Wikileaks ever since the organization chose Donald Trump’s side in the 2016 US elections and played a key spoiler role by strategically dribbling out new anti-Hillary leaks for the final months of the campaign was the question of whether or not Wikileaks had a bunch of dirt on Trump that it was strategically not leaking. Well, if they do have such information on Trump, they’re probably at least a little tempted to dump it now:

    CNN

    Sources: US prepares charges to seek arrest of WikiLeaks’ Julian Assange

    By Evan Perez, Pamela Brown, Shimon Prokupecz and Eric Bradner
    Updated 0230 GMT (1030 HKT) April 21, 2017

    Washington (CNN)US authorities have prepared charges to seek the arrest of WikiLeaks founder Julian Assange, US officials familiar with the matter tell CNN.

    The Justice Department investigation of Assange and WikiLeaks dates to at least 2010, when the site first gained wide attention for posting thousands of files stolen by the former US Army intelligence analyst now known as Chelsea Manning.

    Prosecutors have struggled with whether the First Amendment precluded the prosecution of Assange, but now believe they have found a way to move forward.

    During President Barack Obama’s administration, Attorney General Eric Holder and officials at the Justice Department determined it would be difficult to bring charges against Assange because WikiLeaks wasn’t alone in publishing documents stolen by Manning. Several newspapers, including The New York Times, did as well. The investigation continued, but any possible charges were put on hold, according to US officials involved in the process then.

    Going after Assange

    The US view of WikiLeaks and Assange began to change after investigators found what they believe was proof that WikiLeaks played an active role in helping Edward Snowden, a former NSA analyst, disclose a massive cache of classified documents.

    Assange remains holed up in the Ecuadorian embassy in London, seeking to avoid an arrest warrant on rape rape allegations in Sweden. In recent months, US officials had focused on the possibility that a new government in Ecuador would expel Assange and he could be arrested. But the left-leaning presidential candidatewon the recent election in the South American nation has promised to continue to harbor Assange.

    Last week in a speech at the Center for Strategic and International Studies in Washington, CIA Director Mike Pompeo went further than any US government official in describing a role by WikiLeaks that went beyond First Amendment activity.

    He said WikiLeaks “directed Chelsea Manning to intercept specific secret information, and it overwhelmingly focuses on the United States.”

    “It’s time to call out WikiLeaks for what it really is: A non-state hostile intelligence service often abetted by state actors like Russia,” Pompeo said.

    US intelligence agencies have also determined that Russian intelligence used WikiLeaks to publish emails aimed at undermining the campaign of Hillary Clinton, as part of a broader operation to meddle in the US 2016 presidential election. Hackers working for Russian intelligence agencies stole thousands of emails from the Democratic National Committee and officials in the Clinton campaign and used intermediaries to pass along the documents to WikiLeaks, according to a public assessment by US intelligence agencies.

    Still, the move could be viewed as political, since Assange is untouchable as long as he remains in the Ecuadorian embassy, and Ecuador has not changed its stance on Assange’s extradition.

    Stepping up efforts
    Attorney General Jeff Sessions said at a news conference Thursday that Assange’s arrest is a “priority.”

    “We are going to step up our effort and already are stepping up our efforts on all leaks,” he said. “This is a matter that’s gone beyond anything I’m aware of. We have professionals that have been in the security business of the United States for many years that are shocked by the number of leaks and some of them are quite serious. So yes, it is a priority. We’ve already begun to step up our efforts and whenever a case can be made, we will seek to put some people in jail.”

    “We’ve had no communication with the Department of Justice and they have not indicated to me that they have brought any charges against Mr. Assange,” said Assange’s lawyer, Barry Pollack. “They’ve been unwilling to have any discussion at all, despite our repeated requests, that they let us know what Mr. Assange’s status is in any pending investigations. There’s no reason why WikiLeaks should be treated differently from any other publisher.”

    Pollack said WikiLeaks is just like the Washington Post and the New York Times, which routinely publish stories based on classified information. WikiLeaks, he says, publishes information that is in “the public’s interest to know not just about the United States but other governments around the world.”

    Freedom of speech?
    Assange has also compared WikiLeaks to a news media organization that uses documents provided by whistleblowers to expose the actions of governments and powerful corporations.

    “Quite simply, our motive is identical to that claimed by the New York Times and The Post — to publish newsworthy content,” Assange wrote in a a recent op-ed in The Washington Post. “Consistent with the U.S. Constitution, we publish material that we can confirm to be true irrespective of whether sources came by that truth legally or have the right to release it to the media. And we strive to mitigate legitimate concerns, for example by using redaction to protect the identities of at-risk intelligence agents.”

    In his speech last week, Pompeo rejected that characterization and said Assange should not be afforded constitutional free speech protections.

    “Julian Assange has no First Amendment freedoms. He’s sitting in an Embassy in London. He’s not a US citizen,” Pompeo said.

    But Ben Wizner, director of the American Civil Liberties Union’s Speech, Privacy and Technology Project, argued that US prosecution of Assange sets a dangerous precedent.

    “Never in the history of this country has a publisher been prosecuted for presenting truthful information to the public,” Wizner told CNN. “Any prosecution of WikiLeaks for publishing government secrets would set a dangerous precedent that the Trump administration would surely use to target other news organizations.”

    “”It’s time to call out WikiLeaks for what it really is: A non-state hostile intelligence service often abetted by state actors like Russia,” Pompeo said.”

    Well, while Wikileaks probably isn’t thrilled by this announcement, they’re probably pretty please about how CIA director Mike Pompeo is making no effort to highlight Wikileaks’ extensive connections to neo-Nazis and the far-right. The far-right is probably pretty pleased by that too, as they must be in general with the current characterization in the West on Russia as the main sponsor/backer for all things far-right. It’s a great narrative! For the far-right.

    So is Wikileaks going to retaliate with some sort of embarrassing data dump? Could it all be theatrics? We’ll see. And don’t forget that if the prosecution of Assange really does establish a legal precedent that could be used to silence other publishers of leaked documents, as groups like the ACLU are claiming, that could also be a big incentive for the leak-prone Trump administration to pursue this case. Chilling the press would be a huge incentive for Team Trump. It’s a reminder that this case could have implications that go far beyond Wikileaks so learning more about what exactly they’re going to charge Assange with is going to something to watch.

    But note one of the other big complications with this declared desire to arrest Assange: Ecuador’s new government has no interest in letting that happen:


    Still, the move could be viewed as political, since Assange is untouchable as long as he remains in the Ecuadorian embassy, and Ecuador has not changed its stance on Assange’s extradition.

    And that’s part of what makes the timing of this announcement so interesting. It comes just after Ecuador’s closely contested elected held a recount that the right-wing candidate, who said he would kick Assange out of Ecuador’s embassy, continues to contest as unfair:

    BBC

    Ecuador recount confirms Lenín Moreno won presidential poll

    19 April 2017

    Following a recount of almost 1.3 million votes in Ecuador, the electoral council has confirmed left-wing candidate Lenín Moreno as the winner of the presidential poll held on 2 April.

    The recount slightly boosted Mr Moreno’s margin over his conservative rival, Guillermo Lasso.

    Mr Lasso had demanded a full recount citing allegations of fraud but the national electoral council only agreed to a recount of 10% of the votes.

    Mr Moreno will be sworn in on 24 May.

    Increased lead

    The National Electoral Council said that following the recount Lenín Moreno had increased his lead over Mr Lasso by 0.01 percentage points.

    Mr Moreno won with 51.16% against Mr Lasso’s 48.84%, National Electoral Council President Juan Pablo Pozo said.

    Mr Lasso dismissed the partial recount as a “show” and a “manoeuvre” by the governing party of Mr Moreno “to legitimise a process which has been less than transparent”.

    But monitors from the Organization of American States said they considered “a recount of this magnitude and under these norms to be an exercise in transparency”.

    Mr Lasso said he would give a news conference on Wednesday to announce how he will proceed next.

    Mr Moreno will take over from President Rafael Correa, who has been in power since 2007.

    He is expected to continue many of his predecessor’s policies, including allowing Wikileaks founder Julian Assange to remain at the Ecuadorean embassy in London.

    Mr Lasso had said that if he was elected he would kick out Mr Assange, who has been living at the Ecuadorean embassy since 2012 to avoid extradition to Sweden.

    “Mr Lasso had demanded a full recount citing allegations of fraud but the national electoral council only agreed to a recount of 10% of the votes.”

    And these allegations by Ecuador’s right-wing followed similar allegations of voting rigging after the first vote. So it’s going to be very interesting to see what the US’s stance is toward Ecuador if Lasso continues to contest the recount outcome. The fact that the Organization of American States validated the recount suggests we won’t be seeing some sort of covert regime-change policy. But let’s not forget about one of the more disturbing potential Trump administration appointments that almost happened: Elliot Abrams was about to be named deputy secretary of State, and only lost the post after Trump learned Abrams trashed him during the campaign. So while Abrams didn’t get the job, he almost got the job. Either way, it doesn’t bode well for the US’s regime change policies towards Central and South American left-wing governments:

    New York Magazine
    Daily Intelligencer

    Trump Nixes Plan to Appoint a War Criminal to the State Department

    By Eric Levitz

    February 10, 2017 2:25 pm

    Until Friday, Elliott Abrams was expected to be named the Trump administration’s deputy secretary of State — a powerful position, particularly in a department headed by a former oil executive with no diplomatic experience.

    Abrams’s apparent selection was not treated as a scandal. But in a less degenerate republic, it would have been: The last time Abrams worked at the State Department, he helped the Reagan White House covertly sell weapons to Iran — in defiance of an embargo — so as to fund reactionary rebels in Nicaragua, in defiance of a federal law that Congress had passed 411 to 0.

    After his crime against the rule of law was exposed, Abrams lied to Congress about what he had done. He eventually pled guilty for that last offense, but was promptly pardoned by our first President Bush.

    When Abrams wasn’t undermining democratic rule at home, he promoted genocide abroad. As the Nation’s Eric Alterman writes:

    As assistant secretary of state for human rights, Abrams sought to ensure that General Efraín Ríos Montt, Guatemala’s then-dictator, could carry out “acts of genocide”—those are the legally binding words of Guatemala’s United Nations–backed Commission for Historical Clarification—against the indigenous people in the Ixil region of the department of Quiché, without any pesky interference from human-rights organizations, much less the US government.

    As the mass killings were taking place, Abrams fought in Congress for military aid to Ríos Montt’s bloody regime. He credited the murderous dictator with having “brought considerable progress” on human-rights issues … When The New York Times published an op-ed challenging the official State Department count of the mass murders under way—by a woman who had witnessed a death-squad-style assassination in broad daylight in Guatemala City without ever seeing it mentioned in the press—Abrams lied outright in a letter to the editor, even citing an imaginary story in a nonexistent newspaper to insist that the man’s murder had, in fact, been reported.

    Nevertheless, Abrams persisted. A decade after George H.W. Bush pardoned his crime against Congress, Abrams was plotting coups against democratically elected South American governments — as an adviser to George W.

    Later, Abrams oversaw the National Security Council directorate responsible for promoting Democracy, Human Rights — which is a bit like having Hannibal Lecter oversee the directorate of Homicide Reduction and Veganism.

    During his campaign, Trump pledged not to surround himself “with those who have perfect résumés but very little to brag about except responsibility for a long history of failed policies and continued losses at war.”

    “We have to look to new people because many of the old people frankly don’t know what they’re doing,” the GOP nominee continued, “even though they may look awfully good writing in the New York Times or being watched on television.”

    This is a (generous) description of Elliott Abrams. But the president did not hold that against him.

    Rex Tillerson and Jared Kushner both lobbied the president on Abrams’s behalf. And, after a meeting with the war criminal, Trump was prepared to make the neoconservative his number-two diplomat.

    And then, Trump came upon a column Abrams had written in May 2016, titled “When You Can’t Stand Your Candidate.”

    “The party has nominated someone who cannot win and should not be president of the United States,” Abrams wrote. “Do not allow the Republican convention to be a coronation wherein Trump and Trumpism are unchallenged … The party needs to be reminded that there are deep divisions, and Trump needs to be reminded of how many in the party oppose and even fear his nomination.”

    Now, Trump has personally vetoed Abrams appointment, according to sources who spoke with CNN.

    “Nevertheless, Abrams persisted. A decade after George H.W. Bush pardoned his crime against Congress, Abrams was plotting coups against democratically elected South American governments — as an adviser to George W.

    Yep, we almost had a former South American coup-plotter as the new deputy Secretary of State. Almost. But then Trump found out Abrams dissed him. That was the deal-breaker. But the coup-plotting was fine.

    So that’s all something to keep in mind with the announcement by Mike Pompeo that they’re going to seeking Assange’s arrest: making left-wing South and Central American governments was a specialty of the guy Trump almost made the deputy secretary of State and Assange’s arrest is only going to happen if Ecuador’s newly elected left-wing government is suddenly gone.

    Well, ok, there are other options for getting Assange.

    Posted by Pterrafractyl | April 21, 2017, 3:23 pm

Post a comment