- Spitfire List - http://spitfirelist.com -

FTR #960 Update on the High Profile Hacks

WFMU-FM is pod­cast­ing For The Record–You can sub­scribe to the pod­cast HERE [1].

You can sub­scribe to e‑mail alerts from Spitfirelist.com HERE [2].

You can sub­scribe to RSS feed from Spitfirelist.com HERE [2].

You can sub­scribe to the com­ments made on pro­grams and posts–an excel­lent source of infor­ma­tion in, and of, itself HERE [3].

This broad­cast was record­ed in one, 60-minute seg­ment [4].

CIA Seal [5]Intro­duc­tion: As indi­cat­ed by the title, this broad­cast updates the high-pro­file hacks, at the epi­cen­ter of “Rus­sia Gate,” the bru­tal polit­i­cal fan­ta­sy that is at the core of Amer­i­can New Cold War pro­pa­gan­da and that may well lead to World War III.

(Oth­er pro­grams deal­ing with this sub­ject include: FTR #‘s 917 [6], 923 [7], 924 [8], 940 [9], 943 [10], 958, [11] 959 [12].)

As we have not­ed in many pre­vi­ous broad­casts and posts, cyber attacks are eas­i­ly dis­guised. Per­pe­trat­ing a “cyber false flag” oper­a­tion is dis­turbing­ly easy to do. In a world where the ver­i­fi­ably false and phys­i­cal­ly impos­si­ble “con­trolled demolition”/Truther non­sense has gained trac­tion, cyber false flag ops are all the more threat­en­ing and sin­is­ter.

Now, we learn that the CIA’s hack­ing tools [13] are specif­i­cal­ly craft­ed to mask CIA author­ship of the attacks. Most sig­nif­i­cant­ly, for our pur­pos­es, is the fact that the Agen­cy’s hack­ing tools are engi­neered in such a way as to per­mit the authors of the event to rep­re­sent them­selves as Russ­ian.

This is of para­mount sig­nif­i­cance in eval­u­at­ing the increas­ing­ly neo-McCarthyite New Cold War pro­pa­gan­da about “Russ­ian inter­fer­ence” in the U.S. elec­tion.

We then high­light the recent con­clu­sions [14] of the French cyber­in­tel­li­gence chief (Guil­laume Poupard) and his warn­ings about the incred­i­ble dan­gers of cyber-misattribution–the ease with which any ran­dom hack­er could car­ry­ing out a spear-phish­ing attack, and his baf­fle­ment [15] at the NSA’s recent Russ­ian attri­bu­tion to the spear-phish­ing French elec­tion hacks.

Char­ac­ter­is­tic of the disin­gen­u­ous, pro­pa­gan­dis­tic spin of Amer­i­can news media on Putin/Russia/the high pro­file hacks is a New York Times [16]arti­cle that accus­es Putin of lay­ing down a pro­pa­gan­da veil to cov­er for alleged Russ­ian hack­ing, omit­ting his remarks that–correctly–note that con­tem­po­rary tech­nol­o­gy eas­i­ly per­mits the mis­at­tri­bu­tion of cyber espionage/hacking.

Andrew Auerenheimer: Guest at Glenn Greenwald's party; apparent resident of Ukraine; probable author of the phony documents in the Macron hack [17]

Andrew Aueren­heimer: Guest at Glenn Green­wald’s par­ty; appar­ent res­i­dent of Ukraine; prob­a­ble author of the pho­ny doc­u­ments in the Macron hack

We then review [18] the grotesque­ly dark com­ic nature of the Macron hacks (sup­pos­ed­ly done by “Russ­ian intel­li­gence”.)

Those “Russ­ian gov­ern­ment hack­ers” real­ly need an OPSEC refresh­er course. The hacked doc­u­ments in the “Macron hack” not only con­tained Cyril­lic text in the meta­da­ta, but also con­tained the name of the last per­son to mod­i­fy the doc­u­ments. That name, “Rosh­ka Georgiy Petro­vichan”, is an employ­ee at Evri­ka, a large IT com­pa­ny that does work for the Russ­ian gov­ern­ment, includ­ing the FSB (Russ­ian intel­li­gence.)

Also found in the meta­da­ta is the email of the per­son who uploaded the files to “archive.org”, and that email address, frankmacher1@gmx.de [19], is reg­is­tered with a Ger­man free web­mail provider used pre­vi­ous­ly in 2016 phish­ing a

ttacks against the CDU in Ger­many that have been attrib­uted to APT28. It would appear that the “Russ­ian hack­ers” not only left clues sug­gest­ing it was Russ­ian hack­ers behind the hack, but they decid­ed to name names this time–their own names.

In relat­ed news, a group of cyber­se­cu­ri­ty researchers study­ing the Macron hack has con­clud­ed [20]that the mod­i­fied doc­u­ments were doc­tored by some­one asso­ci­at­ed with The Dai­ly Stormer neo-Nazi web­site and Andrew “the weev” Auern­heimer.

Aueren­heimer was a guest [21] at Glenn Green­wald and Lau­ra Poitras’s par­ty cel­e­brat­ing their receipt of the Polk award.

“ ‘We strong­ly believe that the fake off­shore doc­u­ments were cre­at­ed by some­one with con­trol of the Dai­ly Stormer serv­er,” said Tord Lund­ström, a com­put­er foren­sics inves­ti­ga­tor at Virtualroad.org.’ . . .”

The  pub­lic face, site pub­lish­er of The Dai­ly Stormer is Andrew Anglin. But look who the site is reg­is­tered to: Andrew Auern­heimer (the site archi­tect) who appar­ent­ly resided in Ukraine as of the start of this year.

The analy­sis from the web-secu­ri­ty firm Virtualroad.org. indi­cates that some­one asso­ci­at­ed with the Dai­ly Stormer mod­i­fied those faked documents–very pos­si­bly a high­ly skilled neo-Nazi hack­er like “the weev”.

Based on analy­sis of how the doc­u­ment dump unfold­ed, it’s look­ing like the inex­plic­a­bly self-incrim­i­nat­ing “Russ­ian hack­ers” may have been a bunch of Amer­i­can neo-Nazis. Imag­ine that. [10]

In FTR #917 [6], we under­scored the gen­e­sis of the Seth Rich mur­der con­spir­a­cy the­o­ry with Wik­iLeaks and Julian Assange, who was in touch with Roger Stone dur­ing the 2016 cam­paign. (Stone func­tioned as the unof­fi­cial dirty tricks spe­cial­ist for the Trump cam­paign, a role he has played–with relish–since Water­gate.

The far-right Seth Rich mur­der con­spir­a­cy the­o­ry [22] acquired new grav­i­tas, thanks in part to Kim Schmitz, aka “Kim Dot­com.” We exam­ined Schmitz at length in FTR #812 [23]. A syn­op­tic overview of the polit­i­cal and pro­fes­sion­al ori­en­ta­tion of Kim Dot­com is excerpt­ed from that broad­cast’s descrip­tion: “A col­league of Eddie the Friend­ly Spook [Snow­den], Julian Assange and Glenn Green­wald, Kim Schmitz, aka “Kim Dot­com”] espous­es the same libertarian/free mar­ket ide­ol­o­gy under­ly­ing the “cor­po­ratism” of Ben­i­to Mus­soli­ni. With an exten­sive crim­i­nal record in Ger­many and else­where, “Der Dot­com­man­dant” has elud­ed seri­ous pun­ish­ment for his offens­es, includ­ing exe­cut­ing the largest insid­er trad­ing scheme in Ger­man his­to­ry.

Embraced by the file-shar­ing com­mu­ni­ty and ele­ments of the so-called pro­gres­sive sec­tor, Dot­com actu­al­ly allied him­self with John Banks and his far-right ACT Par­ty in New Zealand. His embrace of the so-called pro­gres­sive sec­tor came lat­er and is viewed as hav­ing dam­aged left-lean­ing par­ties at the polls. Dot­com is enam­ored of Nazi mem­o­ra­bil­ia and owns a rare, author-auto­graphed copy of ‘Mein Kampf.’ . . .”

Pro­gram High­lights Include:

1a. As we have not­ed in many pre­vi­ous broad­casts and posts, cyber attacks are eas­i­ly dis­guised. Per­pe­trat­ing a “cyber false flag” oper­a­tion is dis­turbing­ly easy to do. In a world where the ver­i­fi­ably false and phys­i­cal­ly impos­si­ble “con­trolled demolition”/Truther non­sense has gained trac­tion, cyber false flag ops are all the more threat­en­ing and sin­is­ter.

Now, we learn that the CIA’s hack­ing tools are specif­i­cal­ly craft­ed to mask CIA author­ship of the attacks. Most sig­nif­i­cant­ly, for our pur­pos­es, is the fact that the Agen­cy’s hack­ing tools are engi­neered in such a way as to per­mit the authors of the event to rep­re­sent them­selves as Russ­ian.

This is of para­mount sig­nif­i­cance in eval­u­at­ing the increas­ing­ly neo-McCarthyite New Cold War pro­pa­gan­da about “Russ­ian inter­fer­ence” in the U.S. elec­tion.

“Wik­iLeaks Vault 7 Part 3 Reveals CIA Tool Might Mask Hacks as Russ­ian, Chi­nese, Ara­bic” by Stephanie Dube Dwil­son; Heavy; 4/3/2017. [13]

This morn­ing, Wik­iLeaks released part 3 of its Vault 7 series, called Mar­ble. Mar­ble reveals CIA source code files along with decoy lan­guages that might dis­guise virus­es, tro­jans, and hack­ing attacks. These tools could make it more dif­fi­cult for anti-virus com­pa­nies and foren­sic inves­ti­ga­tors to attribute hacks to the CIA. Could this call the source of pre­vi­ous hacks into ques­tion? It appears that yes, this might be used to dis­guise the CIA’s own hacks to appear as if they were Russ­ian, Chi­nese, or from spe­cif­ic oth­er coun­tries. These tools were in use in 2016, Wik­iLeaks report­ed.

 It’s not known exact­ly how this Mar­ble tool was actu­al­ly used. How­ev­er, accord­ing to Wik­iLeaks, the tool could make it more dif­fi­cult for inves­ti­ga­tors and anti-virus com­pa­nies to attribute virus­es and oth­er hack­ing tools to the CIA. Test exam­ples weren’t just in Eng­lish, but also Russ­ian, Chi­nese, Kore­an, Ara­bic, and Far­si. This might allow a mal­ware cre­ator to not only look like they were speak­ing in Russ­ian or Chi­nese, rather than in Eng­lish, but to also look like they tried to hide that they were not speak­ing Eng­lish, accord­ing to Wik­iLeaks. This might also hide fake error mes­sages or be used for oth­er pur­pos­es. . . .

1b. We then review the recent con­clu­sions of the French cyber­in­tel­li­gence chief and his warn­ings about the incred­i­ble dan­gers of cyber-misattribution–the ease with which any ran­dom hack­er could car­ry­ing out a spear-phish­ing attack, and his baf­fle­ment at the NSA’s recent Russ­ian attri­bu­tion to the spear-phish­ing French elec­tion hacks.

“French Secu­ri­ty Chief Warns of Risk for “Per­ma­nent War” in Cyber­space”; CBS News; 06/02/2017 [14]

Cyber­space faces an approach­ing risk of “per­ma­nent war” between states and crim­i­nal or extrem­ist orga­ni­za­tions because of increas­ing­ly destruc­tive hack­ing attacks, the head of the French government’s cyber­se­cu­ri­ty [28] agency warned Thurs­day.

In a wide-rang­ing inter­view in his office with The Asso­ci­at­ed Press, Guil­laume Poupard lament­ed a lack of com­mon­ly agreed rules to gov­ern cyber­space and said: “We must work col­lec­tive­ly, not just with two or three West­ern coun­tries, but on a glob­al scale.”

“With what we see today – attacks that are crim­i­nal, from states, often for espi­onage or fraud but also more and more for sab­o­tage or destruc­tion – we are get­ting clos­er, clear­ly, to a state of war, a state of war that could be more com­pli­cat­ed, prob­a­bly, than those we’ve known until now,” he said.

His com­ments echoed tes­ti­mo­ny from the head of the U.S. Nation­al Secu­ri­ty Agency, Adm. Michael Rogers [29], to the Sen­ate Armed Ser­vices Com­mit­tee on May 9. Rogers spoke of “cyber effects” being used by states “to main­tain the ini­tia­tive just short of war” and said: “‘Cyber war’ is not some future con­cept or cin­e­mat­ic spec­ta­cle, it is real and here to stay.”

Poupard said “the most night­mare sce­nario, the point of view that Rogers expressed and which I share” would be “a sort of per­ma­nent war — between states, between states and oth­er orga­ni­za­tions, which can be crim­i­nal and ter­ror­ist orga­ni­za­tions — where every­one will attack each oth­er, with­out real­ly know­ing who did what. A sort of gen­er­al­ized chaos that could affect all of cyber­space.

Poupard is direc­tor gen­er­al of the gov­ern­ment cyber-defense agency known in France by its acronym, ANSSI. Its agents were imme­di­ate­ly called to deal with the after­math of a hack and mas­sive doc­u­ment leak that hit the elec­tion cam­paign of Pres­i­dent Emmanuel Macron [30] just two days before his May 7 vic­to­ry.

Macron’s polit­i­cal move­ment said the uniden­ti­fied hack­ers accessed staffers’ per­son­al and pro­fes­sion­al emails and leaked cam­paign finance mate­r­i­al and con­tracts — as well as fake decoy doc­u­ments — online.

Con­trary to Rogers, who said the U.S. warned France of “Russ­ian activ­i­ty” before Macron’s win, Poupard didn’t point the fin­ger at Rus­sia. He told the AP that ANSSI’s inves­ti­ga­tion found no trace behind the Macron hack of the noto­ri­ous hack­ing group APT28 — iden­ti­fied by the U.S. gov­ern­ment as a Russ­ian intel­li­gence out­fit and blamed for hacks of the U.S. elec­tion cam­paign, anti-dop­ing agen­cies and oth­er tar­gets. The group also is known by oth­er names, includ­ing “Fan­cy Bear.”

Poupard described the Macron cam­paign hack as “not very tech­no­log­i­cal” and said: “The attack was so gener­ic and sim­ple that it could have been prac­ti­cal­ly any­one.”

With­out rul­ing out the pos­si­bil­i­ty that a state might have been involved, he said the attack’s sim­plic­i­ty “means that we can imag­ine that it was a per­son who did this alone. They could be in any coun­try.”

“It real­ly could be any­one. It could even be an iso­lat­ed indi­vid­ual,” he said.

Poupard con­trast­ed the “Macron Leaks” hack with anoth­er far more sophis­ti­cat­ed attack that took French broad­cast­er TV5 Monde off the air in 2015. There, “very spe­cif­ic tools were used to destroy the equip­ment” in the attack that “resem­bles a lot what we call col­lec­tive­ly APT28,” he said.

“To say ‘Macron Leaks’ was APT28, I’m absolute­ly inca­pable today of doing that,” he said. “I have absolute­ly no ele­ment to say whether it is true or false.”

Rogers, the NSA direc­tor, said in his Sen­ate Armed Ser­vices hear­ing that U.S. author­i­ties gave their French coun­ter­parts “a heads-up” before the Macron doc­u­ments leaked that: “‘We are watch­ing the Rus­sians. We are see­ing them pen­e­trate some of your infra­struc­ture. Here is what we have seen. What can we do to try to assist?’”

Poupard said Rogers’ com­ments left him per­plexed and that the French had long been on alert about poten­tial threats to their pres­i­den­tial elec­tion.

“Why did Admi­ral Rogers say that, like that, at that time? It real­ly sur­prised me. It real­ly sur­prised my Euro­pean allies. And to be total­ly frank, when I spoke about it to my NSA coun­ter­parts and asked why did he say that, they didn’t real­ly know how to reply either,” he said. “Per­haps he went fur­ther than what he real­ly want­ed to say.”

Still, Poupard said the attack high­light­ed the cyber-threat to demo­c­ra­t­ic process­es. “Unfor­tu­nate­ly, we now know the real­i­ty that we are going to live with for­ev­er, prob­a­bly,” he said.

The attack on TV5 was a rare pub­lic exam­ple. In 2016, oth­ers tar­get­ed gov­ern­ment admin­is­tra­tions and big com­pa­nies quot­ed on the bench­mark French stock mar­ket index, the CAC-40, he said.

Point­ing fin­gers at sus­pect­ed authors is fraught with risk, because sophis­ti­cat­ed attack­ers can mask their activ­i­ties with false trails, he said.

“We suf­fered attacks that were attrib­uted to Chi­na, that we think came from Chi­na. Among them, some came from Chi­na. Chi­na is big, I don’t know if it was the state, crim­i­nals,” he said. “What I am cer­tain of is that among these attacks, some strange­ly resem­bled Chi­nese attacks but in fact didn’t come from Chi­na.”

“If you start to accuse one coun­try when in fact it was anoth­er coun­try … we’ll get inter­na­tion­al chaos,” he said. “We’ll get what we all fear, which is to say a sort of per­ma­nent con­flict where every­one is attack­ing every­one else.”

1c. Mr. Poupard denied the NSA/U.S. asser­tion that APT28 aka “Cozy Bear/Fancy Bear/Russia” hacked the French elec­tion.

“French Cyber Secu­ri­ty Leader: No Trace of Russ­ian Hack­ing Group in Emmanuel Macron Cam­paign Leaks”; Asso­ci­at­ed Press; 06/01/2017 [15]

The head of the French government’s cyber secu­ri­ty agency, which inves­ti­gat­ed leaks from Pres­i­dent Emmanuel Macron’s elec­tion cam­paign, says they found no trace of a noto­ri­ous Russ­ian hack­ing group behind the attack.

In an inter­view in his office Thurs­day with The Asso­ci­at­ed Press, Guil­laume Poupard said the Macron cam­paign hack “was so gener­ic and sim­ple that it could have been prac­ti­cal­ly any­one.”

He said they found no trace that the Russ­ian hack­ing group known as APT28, blamed for oth­er attacks includ­ing on the U.S. pres­i­den­tial cam­paign, was respon­si­ble.

Poupard is direc­tor gen­er­al of the gov­ern­ment cyber-defense agency known in France by its acronym, ANSSI. Its experts were imme­di­ate­ly dis­patched when doc­u­ments stolen from the Macron cam­paign leaked online on May 5 in the clos­ing hours of the pres­i­den­tial race.

Poupard says the attack’s sim­plic­i­ty “means that we can imag­ine that it was a per­son who did this alone. They could be in any coun­try.”

2. A New York Times arti­cle by Andrew Hig­gins (one of the more fla­grant­ly pro­pa­gan­diz­ing NYT writ­ers vis a vis Russia/Ukraine) spins Vladimir Putin’s com­ments about Russ­ian hack­ing. Where­as the Times por­trayed his com­ments as “giv­ing an out” to the non­sense about Rus­sia hack­ing U.S. elec­tions. What the Times eclipsed (along with oth­er U.S. media) was the con­clu­sion of Putin’s com­ments. He not­ed that hack­ing is very eas­i­ly dis­guised and mis­rep­re­sent­ed.

“Maybe Pri­vate Russ­ian Hack­ers Med­dled in Elec­tion, Putin Says” by Andrew Hig­gins; The New York Times; 06/01/2017 [16]

. . . . An expert at mud­dy­ing the waters and cre­at­ing con­fu­sion, Mr. Putin advanced a num­ber of alter­na­tive the­o­ries that could help Moscow address any firm evi­dence that might emerge as a trail lead­ing to Rus­sia.

Stat­ing that mod­ern tech­nol­o­gy can eas­i­ly be manip­u­lat­ed to cre­ate a false trail, he said, “I can imag­ine that some­one is doing this pur­pose­ful­ly — build­ing the chain of attacks so that the ter­ri­to­ry of the Russ­ian Fed­er­a­tion appears to be the source of that attack.” He added, “Mod­ern tech­nolo­gies allow to do that kind of thing; it’s rather easy to do.”

Mr. Putin appeared to be repeat­ing an argu­ment he first made ear­li­er in the week in an inter­view with the French news­pa­per Le Figaro.

“I think that he was total­ly right when he said it could have been some­one sit­ting on their bed or some­body inten­tion­al­ly insert­ed a flash dri­ve with the name of a Russ­ian nation­al, or some­thing like that,” Mr. Putin told the French news­pa­per, refer­ring to Mr. Trump. “Any­thing is pos­si­ble in this vir­tu­al world. Rus­sia nev­er engages in activ­i­ties of this kind, and we do not need it. It makes no sense for us to do such things. What for?” . . .

3. Those “Russ­ian gov­ern­ment hack­ers” real­ly need a OPSEC refresh­er course. The hacked doc­u­ments in the “Macron hack” not only con­tained Cyril­lic text in the meta­da­ta, but also con­tained the name of the last per­son to mod­i­fy the doc­u­ments. And that name, “Rosh­ka Georgiy Petro­vichan”, is an employ­ee at Evri­ka, a large IT com­pa­ny that does work for the Russ­ian gov­ern­ment, includ­ing the FSB.

Also found in the meta­da­ta is the email of the per­son who uploaded the files to “archive.org”, and that email address, frankmacher1@gmx.de [19], is reg­is­tered with a Ger­man free web­mail provider used pre­vi­ous­ly in 2016 phish­ing attacks against the CDU in Ger­many that have been attrib­uted to APT28. It would appear that the ‘Russ­ian hack­ers’ not only left clues sug­gest­ing it was Russ­ian hack­ers behind the hack, but they decid­ed name names this time–their own names.

Not sur­pris­ing­ly, giv­en the fas­cist nature of Wik­iLeaks, they con­clud­ed that Rus­sia was behind the hacks. (For more on the fas­cist nature of Wik­iLeaks, see FTR #‘s 724 [31], 725 [32], 732 [33], 745 [34], 755 [35], 917 [6].)

“Evi­dence Sug­gests Rus­sia Behind Hack of French Pres­i­dent-Elect” by Sean Gal­lagher; Ars Tech­ni­ca; 5/8/2017. [18]

Russ­ian secu­ri­ty firms’ meta­da­ta found in files, accord­ing to Wik­iLeaks and oth­ers.

Late on May 5 as the two final can­di­dates for the French pres­i­den­cy were about to enter a press black­out in advance of the May 7 elec­tion, nine giga­bytes of data alleged­ly from the cam­paign of Emmanuel Macron were post­ed on the Inter­net in tor­rents and archives. The files, which were ini­tial­ly dis­trib­uted via links post­ed on 4Chan and then by Wik­iLeaks, had foren­sic meta­da­ta sug­gest­ing that Rus­sians were behind the breach—and that a Russ­ian gov­ern­ment con­tract employ­ee may have fal­si­fied some of the dumped doc­u­ments.

Even Wik­iLeaks, which ini­tial­ly pub­li­cized the breach and defend­ed its integri­ty on the organization’s Twit­ter account, has since acknowl­edged that some of the meta­da­ta point­ed direct­ly to a Russ­ian com­pa­ny with ties to the gov­ern­ment:

#Macron­Leaks [36]: name of employ­ee for Russ­ian govt secu­ri­ty con­trac­tor Evri­ka appears 9 times in meta­da­ta for “xls_cendric.rar” leak archive pic.twitter.com/jyhlmldlbL [37]— Wik­iLeaks (@wikileaks) May 6, 2017 [38]

Evri­ka (“Eure­ka”) ZAO [39] is a large infor­ma­tion tech­nol­o­gy com­pa­ny in St. Peters­burg that does some work for the Russ­ian gov­ern­ment, and the group includes the Fed­er­al Secu­ri­ty Ser­vice of the Russ­ian Fed­er­a­tion (FSB) among its acknowl­edged cus­tomers (as not­ed in this job list­ing [40]). The com­pa­ny is a sys­tems inte­gra­tor, and it builds its own com­put­er equip­ment and pro­vides “inte­grat­ed infor­ma­tion secu­ri­ty sys­tems.” The meta­da­ta in some Microsoft Office files shows the last per­son to have edit­ed the files to be “Rosh­ka Georgiy Petro­vich,” a cur­rent or for­mer Evri­ka ZAO employ­ee.

Accord­ing to a Trend Micro report on April 25 [41], the Macron cam­paign was tar­get­ed by the Pawn Storm threat group (also known as “Fan­cy Bear” or APT28) in a March 15 “phish­ing” cam­paign using the domain onedrive-en-marche.fr. The domain was reg­is­tered by a “Johny Pinch” using a Mail.com web­mail address. The same threat group’s infra­struc­ture and mal­ware was found to be used in the breach of the Demo­c­ra­t­ic Nation­al Com­mit­tee in 2016, in the phish­ing attack tar­get­ing mem­bers of the pres­i­den­tial cam­paign of for­mer Sec­re­tary of State Hillary Clin­ton, and in a num­ber of oth­er cam­paigns against polit­i­cal tar­gets in the US and Ger­many over the past year.

The meta­da­ta attached to the upload of the Macron files also includes some iden­ti­fy­ing data with an e‑mail address for the per­son upload­ing the con­tent to archive.org:

Well this is fun pic.twitter.com/oXsH83snCS [42]— Pwn All The Things (@pwnallthethings) May 6, 2017 [43]

The e‑mail address of the uploader, frankmacher1@gmx.de [19], is reg­is­tered with a Ger­man free web­mail provider used pre­vi­ous­ly in 2016 Pawn Storm / APT28 phish­ing attacks against the Chris­t­ian Demo­c­ra­t­ic Union [44], Ger­man Chan­cel­lor Angela Merkel’s polit­i­cal par­ty.

The involve­ment of APT28, the edit­ing of some doc­u­ments leaked by some­one using a Russ­ian ver­sion of Microsoft Office, and the attempt to spread the data through ampli­fi­ca­tion in social media chan­nels such as 4Chan, Twit­ter, and Facebook—where a num­ber of new accounts post­ed links to the data—are all char­ac­ter­is­tics of the infor­ma­tion oper­a­tions seen dur­ing the 2016 US pres­i­den­tial cam­paign.

Andrew Auerenheimer: Guest at Glenn Greenwald's party [17]

Andrew Aueren­heimer aka “Weev”: Guest at Glenn Green­wald’s par­ty

4. In relat­ed news, a group of cyber­se­cu­ri­ty researchers study­ing the Macron hack has con­clud­ed that the mod­i­fied doc­u­ments were doc­tored by some­one asso­ci­at­ed with The Dai­ly Stormer neo-Nazi web­site and Andrew “the weev” Auern­heimer.

Aueren­heimer was a guest [21] at Glenn Green­wald and Lau­ra Poitras’s par­ty cel­e­brat­ing their receipt of the Polk award.

“ ‘We strong­ly believe that the fake off­shore doc­u­ments were cre­at­ed by some­one with con­trol of the Dai­ly Stormer serv­er,” said Tord Lund­ström, a com­put­er foren­sics inves­ti­ga­tor at Virtualroad.org.’ . . .”

Who is in con­trol of the Dai­ly Stormer? Well, its pub­lic face and pub­lish­er is Andrew Anglin. But look who the site is reg­is­tered to: Andrew Auern­heimer, who appar­ent­ly resided in Ukraine as of the start of this year:

The analy­sis from the web-secu­ri­ty firm Virtualroad.org. indi­cates that some­one asso­ci­at­ed with the Dai­ly Stormer mod­i­fied those faked doc­u­ments. Like, per­haps a high­ly skilled neo-Nazi hack­er like “the weev”.

Based on an analy­sis of how the doc­u­ment dump unfold­ed it’s look­ing like the inex­plic­a­bly self-incrim­i­nat­ing ‘Russ­ian hack­ers’ may have been a bunch of Amer­i­can neo-Nazis. Imag­ine that. [10]

“U.S. Hack­er Linked to Fake Macron Doc­u­ments, Says Cyber­se­cu­ri­ty Firm” by David Gau­thi­er-Vil­lars; The Wall Street Jour­nal; 5/16/2017. [20]

Ties between an American’s neo-Nazi web­site and an inter­net cam­paign to smear Macron before French elec­tion are found

A group of cyber­se­cu­ri­ty experts has unearthed ties between an Amer­i­can hack­er who main­tains a neo-Nazi web­site and an inter­net cam­paign to smear Emmanuel Macron days before he was elect­ed pres­i­dent of France.

Short­ly after an anony­mous user of the 4chan.org dis­cus­sion forum post­ed fake doc­u­ments pur­port­ing to show Mr. Macron had set up an undis­closed shell com­pa­ny in the Caribbean, the user direct­ed peo­ple to vis­it nouveaumartel.com for updates on the French elec­tion.

That web­site, accord­ing to research by web-secu­ri­ty provider Virtualroad.org [45], is reg­is­tered by “Wee­v­los,” a known online alias of Andrew Auern­heimer, an Amer­i­can hack­er who gained noto­ri­ety three years ago when a U.S. appeals court vacat­ed his con­vic­tion for com­put­er fraud. The site also is host­ed by a serv­er in Latvia that hosts the Dai­ly Stormer, a neo-Nazi news site that iden­ti­fies its admin­is­tra­tor as “Weev,” anoth­er online alias of Mr. Aeurn­heimer, Virtualroad.org says.

“We strong­ly believe that the fake off­shore doc­u­ments were cre­at­ed by some­one with con­trol of the Dai­ly Stormer serv­er,” said Tord Lund­ström, a com­put­er foren­sics inves­ti­ga­tor at Virtualroad.org.

Through Tor Eke­land, the lawyer who rep­re­sent­ed him in the com­put­er-fraud case in the U.S., Mr. Auern­heimer said he “doesn’t have any­thing to say.”

A French secu­ri­ty offi­cial said a probe into the fake doc­u­ments was look­ing into the role of far-right and neo-Nazi groups but declined to com­ment on the alleged role of Mr. Auern­heimer.

In the run-up to the French elec­tion, cyber­se­cu­ri­ty agen­cies warned Mr. Macron’s aides that Russ­ian hack­ers were tar­get­ing his pres­i­den­tial cam­paign, accord­ing to peo­ple famil­iar with the mat­ter. On May 5, nine giga­bytes of cam­paign doc­u­ments and emails [46] were dumped on the inter­net. The Macron cam­paign and French author­i­ties have stopped short of pin­ning blame for the hack on the Krem­lin.

Intel­li­gence and cyber­se­cu­ri­ty inves­ti­ga­tors exam­in­ing the flur­ry of social-media activ­i­ty lead­ing up to the hack fol­lowed a trail of com­put­er code they say leads back to the Amer­i­can far-right.

Con­tact­ed by email over the week­end, the pub­lish­er of the Dai­ly Stormer, Andrew Anglin, said he and Mr. Auern­heimer had used their news site to write about the fake doc­u­ments because “We fol­low 4chan close­ly and have a more mod­ern edi­to­r­i­al process than most sites.”

When asked if he or Mr. Auern­heimer were behind the fake doc­u­ments, Mr. Anglin stopped reply­ing.

Mr. Auern­heimer was sen­tenced to 41 months in prison by a U.S. court in late 2012 for obtain­ing the per­son­al data of thou­sands of iPad users through an AT&T web­site. In April 2014, an appeals court vacat­ed his con­vic­tion [47] on the grounds that the venue of the tri­al, in New Jer­sey, was improp­er.

Asked if Mr. Auern­heimer resided in Ukraine, as a Jan­u­ary post on a per­son­al blog indi­cates, his lawyer said: “I think this is about right.”

The day after the data dump, French secu­ri­ty offi­cials sum­moned their U.S. coun­ter­parts sta­tioned in Paris to for­mal­ly request a probe of the role Amer­i­can far-right web­sites might have played in dis­sem­i­nat­ing the stolen data, accord­ing to a West­ern secu­ri­ty offi­cial. A U.S. secu­ri­ty offi­cial had no com­ment.

Mounir Mahjoubi, who was in charge of com­put­er secu­ri­ty for Mr. Macron’s cam­paign said far-right groups, or “an inter­na­tion­al col­lec­tive of con­ser­v­a­tives,” may have coor­di­nat­ed to dis­rupt the French elec­tion.

“We will take time to do analy­sis, to decon­struct who real­ly runs these groups,” Mr. Mahjoubi told French radio last week. He couldn’t be reached for com­ment.

French pros­e­cu­tors have launched for­mal probes [48] into both the fake doc­u­ments and the data dump.

The pho­ny doc­u­ments intend­ed to smear Mr. Macron were post­ed to 4chan.org twice by an anony­mous user, first on May 3 and again on May 5 using high­er-res­o­lu­tion files.

Soon after the sec­ond post, sev­er­al 4chan.org users in the same online con­ver­sa­tion below the post appeared to con­grat­u­late Mr. Auern­heimer.

“Weev… you’re doing the lord’s work,” wrote one of the anony­mous users.


That web­site, accord­ing to research by web-secu­ri­ty provider Virtualroad.org [45], is reg­is­tered by “Wee­v­los,” a known online alias of Andrew Auern­heimer, an Amer­i­can hack­er who gained noto­ri­ety three years ago when a U.S. appeals court vacat­ed his con­vic­tion for com­put­er fraud. The site also is host­ed by a serv­er in Latvia that hosts the Dai­ly Stormer, a neo-Nazi news site that iden­ti­fies its admin­is­tra­tor as “Weev,” anoth­er online alias of Mr. Aeurn­heimer, Virtualroad.org says.

When asked if he or Mr. Auern­heimer were behind the fake doc­u­ments, Mr. Anglin stopped reply­ing.

Asked if Mr. Auern­heimer resided in Ukraine, as a Jan­u­ary post on a per­son­al blog indi­cates, his lawyer said: “I think this is about right.”

5. The far-right Seth Rich mur­der con­spir­a­cy the­o­ry acquired new grav­i­tas, thanks in part to Kim Schmitz, aka “Kim Dot­com.” We exam­ined Schmitz at length in FTR #812 [23]. A syn­op­tic overview of the polit­i­cal and pro­fes­sion­al ori­en­ta­tion of Kim Dot­com is excerpt­ed from that broad­cast’s descrip­tion: “A col­league of Eddie the Friend­ly Spook [Snow­den], Julian Assange and Glenn Green­wald, Kim Schmitz, aka “Kim Dot­com”] espous­es the same libertarian/free mar­ket ide­ol­o­gy under­ly­ing the “cor­po­ratism” of Ben­i­to Mus­soli­ni. With an exten­sive crim­i­nal record in Ger­many and else­where, “Der Dot­com­man­dant” has elud­ed seri­ous pun­ish­ment for his offens­es, includ­ing exe­cut­ing the largest insid­er trad­ing scheme in Ger­man his­to­ry.

Embraced by the file-shar­ing com­mu­ni­ty and ele­ments of the so-called pro­gres­sive sec­tor, Dot­com actu­al­ly allied him­self with John Banks and his far-right ACT Par­ty in New Zealand. His embrace of the so-called pro­gres­sive sec­tor came lat­er and is viewed as hav­ing dam­aged left-lean­ing par­ties at the polls. Dot­com is enam­ored of Nazi mem­o­ra­bil­ia and owns a rare, author-auto­graphed copy of ‘Mein Kampf.’ . . .”

6. Right-wing media is going to keep bit­ing on Dotcom’s nuggets of ‘tes­ti­mo­ny’, giv­en its seem­ing­ly insa­tiable appetite for this sto­ry­line already and the long-held appetite for seem­ing­ly any sto­ry­line that pro­motes the ‘Clin­ton Body Count’ nar­ra­tive and por­trays Hillary and ‘Kil­lary’.

“The Bonkers Seth Rich Con­spir­a­cy The­o­ry, Explained” by Jeff Guo; Vox; 05/24/2017 [22]

The life of Seth Rich, a 27-year-old Demo­c­ra­t­ic Nation­al Com­mit­tee staffer, end­ed near­ly a year ago when he was shot to death near his house in Wash­ing­ton, DC. Then came the trag­ic and bizarre after­life: Since July, Rich has been the focus of intense right-wing con­spir­a­cy the­o­ries that have only esca­lat­ed as the Trump administration’s scan­dals have deep­ened.

As the police have repeat­ed­ly stat­ed, there is no evi­dence that Rich’s death was any­thing oth­er than the con­se­quence of a botched rob­bery. But some peo­ple, espe­cial­ly on the right, believe Rich was mur­dered by the Clin­tons for know­ing too much about some­thing. The most recent the­o­ries claim that Rich, not the Rus­sians, was respon­si­ble for leak­ing the emails, pub­lished in Wik­iLeaks, that revealed Demo­c­ra­t­ic par­ty lead­ers had talked dis­parag­ing­ly about Bernie Sanders.

Thanks to an erro­neous Fox News sto­ry last week, which was final­ly retract­ed on Tues­day, Rich recent­ly became the focus of an intense media blitz from con­ser­v­a­tive out­lets — many of which were eager for some­thing to talk about besides the scan­dals swirling around Don­ald Trump.

Fox News’s Sean Han­ni­ty was one of the most enthu­si­as­tic rumor­mon­gers, devot­ing seg­ments on three sep­a­rate occa­sions last week to Rich. Even after Fox News retract­ed its sto­ry, Han­ni­ty promised he would con­tin­ue to inves­ti­gate. “I retract­ed noth­ing,” he said defi­ant­ly on his radio show Tues­day.

Rich’s fam­i­ly has been beg­ging right-wing news out­lets to stop spread­ing unfound­ed rumors about him, but by now the sit­u­a­tion seems to have got­ten out of con­trol.

In death, Rich has become a mar­tyr to the right, buoyed by a host of char­ac­ters each with their own ulte­ri­or motives: There is Wik­iLeaks founder Julian Assange, who wants to down­play the con­nec­tions between Wik­iLeaks and the Rus­sians; there are the Clin­ton haters, who want to spread the idea that the Clin­tons are mur­der­ers; there are the Trump sup­port­ers, who want to min­i­mize the idea that Russ­ian hack­ers helped deliv­er the elec­tion to their can­di­date; and there are the talk­ing heads on Fox News, who last week need­ed some­thing oth­er than neg­a­tive Trump sto­ries to make con­ver­sa­tion about.

We might not know who killed Seth Rich, but we do know who turned his lega­cy into a text­book study of where fake news comes from, how it spreads, and the vic­tims it cre­ates.

Seth Rich was mur­dered in a sense­less act of vio­lence

Seth Rich worked in Demo­c­ra­t­ic pol­i­tics for most of his career. He grew up and went to col­lege in Oma­ha, Nebras­ka, where as a stu­dent he vol­un­teered on two Demo­c­ra­t­ic Sen­ate cam­paigns. After grad­u­at­ing, he moved to Wash­ing­ton, DC, for a job at Green­berg Quin­lan Ros­ner, a pro­gres­sive opin­ion research and con­sult­ing firm. He was lat­er hired by the Demo­c­ra­t­ic Nation­al Com­mit­tee, where he worked on a project to help peo­ple find where to vote.

On Sun­day, July 10, Rich was shot to death about a block from where he lived in the Bloom­ing­dale neigh­bor­hood of DC. Gun­shot detec­tion micro­phones place the time of the shoot­ing at around 4:20 am. Rich had last been seen at around 1:30 am leav­ing Lou’s City Bar in Colum­bia Heights, about a 40-minute walk from where he lived.

It is unclear exact­ly what hap­pened dur­ing those three inter­ven­ing hours. The Wash­ing­ton Post report­ed [49] that, accord­ing to his par­ents, cell­phone records show that Rich called his girl­friend at 2:05 am and talked to her for more than two hours. He hung up just min­utes before he was shot.

The police found Rich on the side­walk with mul­ti­ple gun­shot wounds, at least two in the back. He still had his watch, his cell­phone, and his wal­let. There were signs of a strug­gle: bruis­es on his hands, knees, and face [50], and a torn [51] wrist­watch strap. Accord­ing to the police report, he was still “con­scious and breath­ing.” Fam­i­ly mem­bers say they were [49] told that Rich was “very talk­a­tive,” though it is not pub­licly known if he was able to describe his assailant or assailants. Rich died a few hours lat­er in the hos­pi­tal.

The police sus­pect­ed Rich had been the vic­tim of an attempt­ed rob­bery. Bloom­ing­dale is a gen­tri­fy­ing part of Wash­ing­ton that still suf­fers from vio­lent crime. In 2016, there were 24 report­ed rob­beries with a gun that occurred with­in a quar­ter-mile of the street cor­ner where Rich was shot.

The first con­spir­a­cy the­o­ries grew out of the “Clin­ton body count” rumor

Almost imme­di­ate­ly after news of Rich’s death, con­spir­a­cy the­o­ries began cir­cu­lat­ing on social media. A few fac­tors helped make Rich a tar­get of spec­u­la­tion:

* The mur­der­ers left behind Rich’s valu­ables. (Though, by that same para­noid log­ic, wouldn’t a pro­fes­sion­al hit­man have tak­en Rich’s wal­let and phone in order to make it look like a reg­u­lar mug­ging?)
* Rich worked at the DNC, where in Decem­ber there had been a minor scan­dal involv­ing a soft­ware glitch that allowed the Bernie Sanders cam­paign to access pri­vate vot­er data col­lect­ed by the Clin­ton cam­paign.
* Hillary Clin­ton had just clinched the nom­i­na­tion after a sur­pris­ing­ly bruis­ing pri­ma­ry, and there were still sore feel­ings in the air.
* There’s a long-run­ning con­spir­a­cy the­o­ry [52] that the Clin­tons have assas­si­nat­ed dozens of their polit­i­cal ene­mies.

If those facts don’t seem to add up to a coher­ent sto­ry, well, you’re think­ing too hard. Con­spir­a­cy the­o­ries don’t oper­ate log­i­cal­ly. They start from an assump­tion — for instance, “the Clin­tons are shady” — and spi­ral out­ward in search of cor­rob­o­ra­tion.

On Red­dit, for instance, one user wrote a 1,400-word post list­ing things that he found “sus­pi­cious.” Here were some of the stray facts the red­di­tor claimed were evi­dence of a hit job by the DNC or the Clin­tons:

* Rich’s for­mer employ­er, Green­berg Quin­lan Ros­ner, once did some con­sult­ing work for British Petro­le­um. (“Is it pos­si­ble that Mr. Rich was aware of the public’s dis­dain for oil industry/fracking?”)
* Rich once worked on Ben Nelson’s cam­paign for sen­a­tor. (“[Nel­son] con­tributed a cru­cial vote to help pass Oba­macare back in 2009.”)
* The polit­i­cal con­ven­tions were com­ing up. (“The TIMING of this tragedy seems too ‘coin­ci­den­tal’”)

It’s unclear what any of these facts have to do with the Clin­tons, but some­how the Red­dit user con­clud­ed [53]: “giv­en his posi­tion & tim­ing in pol­i­tics, I believe Seth Rich was mur­dered by cor­rupt politi­cians for know­ing too much infor­ma­tion on elec­tion fraud.”

Oth­ers on Twit­ter and the trolling web­site 4chan also spec­u­lat­ed [54] that Rich might have crossed [55] the Clin­tons in some way. Rich’s death seemed to fit in with the “Clin­ton body count” the­o­ry, which dates to the 1990s and claims that the Clin­tons are so vin­dic­tive that they hire hit­men to mur­der peo­ple they don’t like.

Peo­ple who believe the Clin­tons are mur­der­ers often point to deputy White House coun­sel Vince Fos­ter, who suf­fered from clin­i­cal depres­sion [56] and died of a gun­shot wound to the mouth in 1993. Sev­er­al inves­ti­ga­tions all ruled Foster’s death a sui­cide, but some con­ser­v­a­tives insist­ed there must have been foul play. They claimed that Fos­ter, who was look­ing into the Clin­tons’ tax­es, may have uncov­ered evi­dence of cor­rup­tion in con­nec­tion to the White­wa­ter con­tro­ver­sy [57], a guilt-by-asso­ci­a­tion scan­dal involv­ing friends of the Clin­tons’.

The “Clin­ton body count” the­o­ry has endured over the years sim­ply because peo­ple don’t live for­ev­er. Any time some­one dies who was con­nect­ed to the Clin­tons — and since Bill Clin­ton was the pres­i­dent of the Unit­ed States, lit­er­al­ly thou­sands of peo­ple were in his orbit — this the­o­ry is dredged up again [52] by the tin­foil hat crowd. And then it slow­ly fades.

At first it seemed the spec­u­la­tion about Seth Rich would die down quick­ly as well. But then 12 days lat­er, on July 22, Wik­iLeaks pub­lished thou­sands of pri­vate emails from the DNC, and Rich became a polit­i­cal­ly use­ful dis­trac­tion.

Julian Assange and Wik­iLeaks super­charged the Seth Rich rumors

A month before Rich was mur­dered, the DNC admit­ted that Russ­ian hack­ers had bro­ken into its com­put­er net­work, gain­ing access to all of the DNC’s emails. The thought of Russ­ian inter­fer­ence in Amer­i­can pol­i­tics was infu­ri­at­ing to Rich, accord­ing to one per­son “who was very close” to him, the Wash­ing­ton Post report­ed [49]: “It was crazy. Espe­cial­ly for Seth. He said, ‘Oh, my God. We have a for­eign enti­ty try­ing to get involved in our elec­tions?’ That made him so angry.”

When Wik­iLeaks released its dump of DNC emails on July 22, the obvi­ous expla­na­tion was that it had obtained those emails from the Russ­ian hack­ers. This con­nec­tion was lat­er con­firmed [58] by top US intel­li­gence agen­cies, who con­clud­ed “with high con­fi­dence” that DNC servers were hacked by top Russ­ian gov­ern­ment hack­ers, who had then giv­en the emails to Wik­iLeaks. “Moscow most like­ly chose Wik­iLeaks because of its self-pro­claimed rep­u­ta­tion for authen­tic­i­ty,” the US intel­li­gence report explained [58], as well as for its con­nec­tion to the Russ­ian pro­pa­gan­da out­let Rus­sia Today.

But Wik­iLeaks has repeat­ed­ly denied its ties to Rus­sia, and ever since last sum­mer it has used Seth Rich as a way to dis­tract from claims that it abet­ted Russ­ian inter­fer­ence in the US elec­tion. Wik­iLeaks founder Julian Assange had his own rea­sons to fear a Clin­ton pres­i­den­cy — as sec­re­tary of state, Clin­ton want­ed to indict Assange for his involve­ment in releas­ing the mil­lions of US diplo­mat­ic cables leaked by Chelsea Man­ning.

On Dutch tele­vi­sion in August 2016, Assange hint­ed that Rich, not Rus­sia, may have been the source for the Wik­iLeaks emails. “Whistle­blow­ers go to sig­nif­i­cant efforts to get us mate­r­i­al, and often very sig­nif­i­cant risks,” he said. “As a 27-year-old, works for the DNC, was shot in the back, mur­dered just a few weeks ago for unknown rea­sons as he was walk­ing down the street in Wash­ing­ton.”

“Was he one of your sources then?” the anchor asked.

“We don’t com­ment on who our sources are,” Assange replied.

“Then why make the sug­ges­tion about a young guy being shot in the streets of Wash­ing­ton?” the anchor replied.

Pressed repeat­ed­ly for clar­i­fi­ca­tion, Assange con­clud­ed that “oth­ers, oth­ers have sug­gest­ed that. We’re inves­ti­gat­ing to under­stand what hap­pened in that sit­u­a­tion with Seth Rich. I think it’s a con­cern­ing sit­u­a­tion; there’s not a con­clu­sion yet.”

As part of its “inves­ti­ga­tion,” Wik­iLeaks offered a $20,000 prize in August for infor­ma­tion about Rich’s mur­der.

This is the point where Seth Rich became a prop in a game of inter­na­tion­al espi­onage.

Trump sup­port­ers and the alt-right ampli­fied the the­o­ry that Rich was some kind of Demo­c­ra­t­ic whistle­blow­er or leak­er, even though the facts didn’t real­ly fit this pat­tern. He didn’t have access to the DNC emails, and he had nev­er shown any prowess at hack­ing — being a data ana­lyst involves a very dif­fer­ent set of skills. Besides, the DNC wasn’t the only orga­ni­za­tion that was hacked: Clin­ton cam­paign chair John Podesta’s per­son­al emails, for instance, were stolen sep­a­rate­ly, as were the emails at the Demo­c­ra­t­ic Con­gres­sion­al Cam­paign Com­mit­tee.

Nev­er­the­less, many on the right were inspired by the Wik­iLeaks insin­u­a­tions and start­ed to con­coct their own con­spir­a­cy the­o­ries about Rich’s mur­der. In August, for­mer House speak­er and pres­i­den­tial can­di­date Newt Gin­grich told a con­ser­v­a­tive talk show host that Rich’s death was sus­pi­cious. “First of all, of course it’s worth talk­ing about,” he said. “And if Assange says he is the source, Assange may know. That’s not com­pli­cat­ed.”

That same month, Trump advis­er Roger Stone claimed, with­out evi­dence, that Rich was mur­dered “on his way to meet with the FBI to dis­cuss elec­tion fraud.”

To Trump sup­port­ers, the claim that Rich had been mur­dered by the Clin­tons had twofold appeal: It rein­forced the rumor that the Clin­tons were shady oper­a­tives, and it dis­tract­ed from the mount­ing evi­dence that Rus­sia had inter­fered with the US elec­tion — pos­si­bly in col­lu­sion with the Trump cam­paign.

In the pres­i­den­tial debate on Sep­tem­ber 26, Trump famous­ly sug­gest­ed that it could have been a lone hack­er who was respon­si­ble for the stolen DNC emails. “It could be Rus­sia, but it could also be Chi­na. It could also be lots of oth­er peo­ple. It also could be some­body sit­ting on their bed that weighs 400 pounds,” he said.

Thanks to a weird mis­com­mu­ni­ca­tion, the con­spir­a­cy the­o­ry comes back in May

After the elec­tion, the con­spir­a­cy the­o­ries about Seth Rich fad­ed from pub­lic con­scious­ness, as the focus turned instead to the FBI’s inves­ti­ga­tion of con­nec­tions between Trump staffers and Russ­ian agents. Sus­pi­cions still bub­bled in right-wing cor­ners of Red­dit [59] and on alt-right web­sites like Gate­way Pun­dit [60], and Assange con­tin­ued to claim that it wasn’t the Rus­sians who pro­vid­ed the hacked emails — but most of Amer­i­ca had moved on.

But Rich returned to the news last week, when the local TV sta­tion FOX 5 DC aired an inter­view with pri­vate inves­ti­ga­tor Rod Wheel­er, who claimed that sources in the FBI told him there was evi­dence of a con­nec­tion between Rich and Wik­iLeaks:

FOX 5 DC: You have sources at the FBI say­ing that there is infor­ma­tion…

WHEELER: For sure…

FOX 5 DC: …that could link Seth Rich to Wik­iLeaks?

WHEELER: Absolute­ly. Yeah. That’s con­firmed.

Con­ser­v­a­tive media out­lets jumped on the sto­ry, which aired the night of Mon­day, May 15. By Tues­day morn­ing, con­ser­v­a­tive out­lets like Bre­it­bart, the Blaze, and the Dai­ly Caller [61] all had their own pieces relay­ing Wheeler’s claims.

On Tues­day, Fox News added its own rev­e­la­tion: It claimed that an unnamed “fed­er­al inves­ti­ga­tor” had con­firmed that Rich had been in con­tact with Wik­iLeaks. “I have seen and read the emails between Seth Rich and Wik­ileaks,” the source said, accord­ing [62] to Fox News. Fox News addi­tion­al­ly claimed this source had evi­dence that Rich had giv­en thou­sands of DNC emails to Wik­iLeaks.

This was a two-source sto­ry: The report also said that Wheel­er had inde­pen­dent­ly cor­rob­o­rat­ed what the anony­mous “fed­er­al inves­ti­ga­tor” had told Fox News.

But here’s where it gets con­fus­ing. By Tues­day after­noon, Wheel­er told CNN that he had mis­spo­ken. It turns out he didn’t have any evi­dence of his own.

What had hap­pened, appar­ent­ly, was that ear­li­er in the week, Fox News had con­tact­ed Wheel­er for its own sto­ry on Rich. That was when Wheel­er learned that Fox News had a source alleg­ing there was con­tact between Rich and Wik­iLeaks. When Wheel­er went on local TV on Mon­day night to talk about Rich, he believed he was giv­ing view­ers a “pre­view” of the Fox News sto­ry set to run on Tues­day.

That, at least, is how Wheel­er explained [63] the sit­u­a­tion to CNN last Tues­day. Some­how, through mis­com­mu­ni­ca­tion or slop­py report­ing, the Fox News report used Wheel­er to back up its claims about the Rich-Wik­iLeaks con­nec­tion. This was incor­rect, Wheel­er said. He had no inde­pen­dent knowl­edge.

“I only got that [infor­ma­tion] from the reporter at Fox News,” he told CNN [63].

Yes­ter­day, after leav­ing it up for a week, Fox News final­ly retract­ed its Seth Rich sto­ry, which was down to one anony­mous source. “The arti­cle was not ini­tial­ly sub­ject­ed to the high degree of edi­to­r­i­al scruti­ny we require for all our report­ing,” an editor’s note explained. “Upon appro­pri­ate review, the arti­cle was found not to meet those stan­dards and has since been removed.”

Con­ser­v­a­tive media has a field day

It’s unlike­ly that any of this would have been a big deal had there not been a stun­ning series of dam­ag­ing reports about Don­ald Trump last week.

Among oth­er things, it was revealed that Trump had shared state secrets with the Rus­sians, that he had pres­sured FBI Direc­tor James Comey to drop his inves­ti­ga­tion into ties between Trump affil­i­ates and Rus­sia, and that the Rus­sia probe had reached a cur­rent high-lev­el White House offi­cial, who many sus­pect is Trump’s son-in-law, Jared Kush­n­er [64].

One way the con­ser­v­a­tive media min­i­mized all the bad news was to focus on oth­er sto­ries. The lat­est Seth Rich alle­ga­tions became a wel­come dis­trac­tion from the con­stant rev­e­la­tions com­ing out of the Wash­ing­ton Post and the New York Times.

For instance, while most out­lets were cov­er­ing the rev­e­la­tion that Trump had vol­un­teered clas­si­fied infor­ma­tion to Rus­sians, the alt-right web­site Bre­it­bart devot­ed [65] its front page to the Seth Rich con­spir­a­cy. Bre­it­bart even slammed the main­stream media for ignor­ing the rumors about Rich: “Silence from Estab­lish­ment Media over Seth Rich Wik­iLeaks Report” [66] was the title of one sto­ry.

Fox News in par­tic­u­lar devot­ed out­size atten­tion to the Rich sto­ry, repeat­ed­ly rehash­ing the con­spir­a­cy the­o­ry. On his 10 pm show, Fox pun­dit Sean Han­ni­ty devot­ed seg­ments to Rich on Tues­day, Thurs­day, and Fri­day last week. “I’m not back­ing off ask­ing ques­tions even though there is an effort that nobody talk about Seth Rich,” he said on Fri­day night.

On Tues­day, even after Fox News retract­ed the sto­ry that ignit­ed the lat­est round of spec­u­la­tion, Han­ni­ty remained con­vinced that the Seth Rich con­spir­a­cy the­o­ry had legs. “I am not Fox.com or FoxNews.com,” he said on his radio show. “I retract­ed noth­ing.”

Lat­er that evening, on his tele­vi­sion show, Han­ni­ty said that for now, he would stop talk­ing about Rich “out of respect for the family’s wish­es.” On Twit­ter, though, he was defi­ant, claim­ing that “lib­er­al fas­cism [67]” was try­ing to silence his voice.

“Ok TO BE CLEAR, I am clos­er to the TRUTH than ever,” he tweet­ed [68]. “Not only am I not stop­ping, I am work­ing hard­er.”

“Please retweet,” he added [69].

Rich was an unlucky vic­tim of the con­ser­v­a­tive media

The recent atten­tion has reignit­ed the old Seth Rich con­spir­a­cy the­o­ries, bring­ing forth even more unsub­stan­ti­at­ed claims.

On Fox News’s Sun­day morn­ing talk show, Newt Gin­grich repeat­ed his belief that Rich [70], not Rus­sia, was respon­si­ble for the DNC hack. “It turns out, it wasn’t the Rus­sians,” he said. “It was this young guy who, I sus­pect, was dis­gust­ed by the cor­rup­tion of the Demo­c­ra­t­ic Nation­al Com­mit­tee.”

On Mon­day, Assange issued a cryp­tic tweet [71] using the hash­tag “#SethRich” which fanned the flames even fur­ther: “Wik­iLeaks has nev­er dis­closed a source. Sources some­times talk to oth­er par­ties but iden­ti­ties nev­er emerge from Wik­iLeaks. #SethRich.”

And on Tues­day, New Zealand file-shar­ing entre­pre­neur Kim Dot­com, who is want­ed [72] by the US gov­ern­ment for copy­right infringe­ment and rack­e­teer­ing, claimed that Rich had per­son­al­ly con­tact­ed him in 2014, and that the two had talked about “a num­ber of top­ics includ­ing cor­rup­tion and the influ­ence of cor­po­rate mon­ey in pol­i­tics.”

“I know that Seth Rich was involved in the DNC leak,” Dot­com wrote in a state­ment. . . .

Kim Dotcom manifesting the lifestyle of the politically and economically oppressed. [73]

Kim Dot­com man­i­fest­ing the lifestyle of the polit­i­cal­ly and eco­nom­i­cal­ly oppressed.

7. Kim Dot­com just tweet­ed out a doc­u­ment that’s alleged­ly from the FBI demon­strat­ing that Seth Rich was indeed the source of the hacked DNC emails. The twist is that the doc­u­ment is a bla­tant fraud and Kim Dot­com acknowl­edges as much. Ol’ Kim decid­ed to tweet it out any­way, Dotcom’s assert­ing that there’s no need to delete the tweet pro­mot­ing the fake doc­u­ment because, hey, he put up some sub­se­quent tweets ques­tion­ing their authen­tic­i­ty. Twist & spin.

How­ev­er, there was anoth­er rather intrigu­ing admis­sion by Dot­com in the fol­low­ing inter­view ask­ing him why he tweet­ed out doc­u­ments he knew were fake: Dot­com is con­tin­u­ing to assert that he has evi­dence Rich was the source of the DNC hacks.

He’s just not ready to reveal it yet but he strong­ly hints that the evi­dence has to do with his close ties to Wik­ileaks. And then he refers back to a Bloomberg TV inter­view he did on May 13th, 2015, where Dot­com pre­dicts that Julian Assange is going to be Hillary Clinton’s “worst night­mare” in the upcom­ing elec­tion. How so? Because, says Dot­com, Assange “has access to infor­ma­tion,” with­out going into specifics.

Of fun­da­men­tal impor­tance to out under­stand­ing is the asser­tion by Craig Mur­ray, for­mer UK ambas­sador to Uzbek­istan, that the infor­ma­tion giv­en to Wik­iLeaks was­n’t a hack at all, but infor­ma­tion from a flash dri­ve giv­en to him by a DNC insid­er.

There may well have been hacks into the DNC and e‑mail of John D. Podes­ta, but they were NOT Russ­ian.

Dot­com refers to a May 2015 inter­view – long before Seth Rich would have been in a posi­tion to pass along emails. It is before Rich would have had a motive if he real­ly was a dis­il­lu­sioned Bernie-crat but short­ly before Crowd­strike “con­clud­ed” the DNC was ini­tial­ly hacked – where Dot­com con­fi­dent­ly asserts that Julian Assange already had a bunch of dirt on Hillary and was going to be her worst night­mare. And yet we didn’t real­ly see any old embar­rass­ing emails emerge from Wik­ileaks dur­ing the cam­paign. Along with being incred­i­bly sleazy it’s all rather curi­ous [24]:

“Kim Dot­com Says FBI File About Seth Rich Is Fake, But He Won’t Delete It From Twit­ter” by Matt Novak; Giz­mo­do; 5/20/2017 [24]

Have you seen that FBI file, pur­port­ing to be about the death of DNC staffer Seth Rich? Kim Dot­com, who thrust him­self into the sto­ry recent­ly by telling Sean Han­ni­ty [74] that he had evi­dence Rich had sent doc­u­ments to Wik­ileaks, pub­lished the doc­u­ment on Twit­ter, help­ing to spread it online. Dot­com now acknowl­edges that the doc­u­ment is fake. But he told Giz­mo­do that he’s not going to delete it.

The fake FBI doc­u­ment was first pub­lished on a web­site called Bor­der­land Alter­na­tive Media [75] and it wasn’t long before it start­ed to spread on social media, includ­ing by Kim Dot­com. Alex Jones’ Prison Plan­et picked it up, but has since delet­ed its own ver­sion of the sto­ry [76].

The internet’s inter­est in the July 2016 mur­der of Seth Rich revolves around claims that he leaked Demo­c­ra­t­ic Par­ty doc­u­ments to Wik­ileaks, an idea that Julian Assange has hint­ed at repeat­ed­ly. The police say that Seth Rich’s mur­der was a rob­bery gone bad. But inter­net con­spir­a­cy the­o­rists believe that Rich was killed as ret­ri­bu­tion for leak­ing emails about the DNC. What­ev­er the case, the FBI file is com­plete bull­shit.

“I was skep­ti­cal. I tweet­ed that the doc­u­ment could be a fake and that the FBI has to weigh in about it,” Dot­com told me over direct mes­sage on Twit­ter.

The doc­u­ment is obvi­ous­ly fake to any­one who’s looked at real FBI files. For one thing, the FBI doesn’t use black to redact infor­ma­tion, it uses white box­es. And much more damn­ing­ly, the redac­tions include par­tial words and par­tial dates, as well as the par­tial redac­tion of its clas­si­fi­ca­tion stamp, things that would nev­er be done.

[see pics of hoax FBI doc­u­ments [77]]

You can see the com­par­i­son between the fake FBI file on Seth Rich (above left) with a recent­ly obtained FBI file on mil­i­tary his­to­ri­an Robert Dorr [78] (above right). It’s a slop­py fake.

“After doing some foren­sic analy­sis of the doc­u­ment I came to believe it is not authen­tic. And I have retweet­ed Wik­ileaks which came to the same con­clu­sion,” Dot­com told me.

But as any Twit­ter user knows, tweets with incor­rect infor­ma­tion spread much faster than cor­rec­tions. So I asked Dot­com why he didn’t delete the tweets with the fake FBI file [79].

“There is no need to delete those tweets because I have been very cau­tious and warned with­in an hour of the release of that doc­u­ment that it could be a fake,” Dot­com told me.

That all seemed rea­son­able, if mis­guid­ed, to me. But then I asked Dot­com for evi­dence of his claims that he knows Rich was involved in the DNC leak. Dur­ing our back and forth on Twit­ter DM, Dot­com sent me a mes­sage say­ing that he knew I wasn’t going to write a bal­anced piece, and insin­u­at­ed that he sim­ply knows because of his close ties to Wik­ileaks.

I just had a look at your twit­ter feed and it looks like your are very much anti-trump. And that’s ok. I already know that your sto­ry wont be bal­anced. But this is not a Trump issue. Seth was a Sanders sup­port­er. The pro­gres­sives should ask what real­ly hap­pened to Seth. He’s one of yours. And they should be inter­est­ed that the mat­ters I have raised are prop­er­ly inves­ti­gat­ed.

Please have a look at my Bloomberg inter­view in which I announced long before the elec­tion that Julian is going to be a prob­lem for Clin­ton. My rela­tions to Wik­ileaks are well known. I have said many times in the past that I have been a major donor and Julian has been a guest at my moment of Truth event.

How do you think I knew?

The Bloomberg inter­view Dot­com is refer­ring to is from May 13, 2015 [80], where­in he said that Assange would be “Clinton’s worst night­mare.” At this point, Clin­ton had just announced her can­di­da­cy a month ear­li­er [81] and Don­ald Trump hadn’t even entered the race yet.

Inter­view­er: You’re say­ing Julian Assange is going to be Hillary’s worst night­mare?

Dot­com: I think so, yeah.

Inter­view­er: How so?

Dot­com: Well, he has access to infor­ma­tion.

Inter­view­er: What infor­ma­tion?

Dot­com: I don’t know the specifics.

Inter­view­er: Why Hillary in par­tic­u­lar?

Dot­com: Hillary hates Julian. She’s just an adver­sary, I think, of inter­net free­dom.

Inter­view­er: And she signed your extra­di­tion request.

Dot­com: Yeah.

Inter­view­er: So, you have a bone to pick with her.

Dot­com: You know what the cra­zi­est thing is? I actu­al­ly like Hillary. I like Oba­ma. So it’s so crazy that all of this hap­pened.

Dur­ing the course of our con­ver­sa­tion over Twit­ter DM, Dot­com point­ed me to numer­ous links online, but none of them answered my basic ques­tion: How do you know that Seth Rich was involved in the DNC leak?

One of the links Dot­com sent me con­tained his open let­ter to the fam­i­ly of Seth Rich [82], who have asked Dot­com to stop spread­ing con­spir­a­cy the­o­ries about the mur­der of their son.

In that let­ter, Dot­com says “I sim­ply wish to make sure that the inves­ti­ga­tors have the ben­e­fit of my evi­dence.” Again, I asked Dot­com for that evi­dence and he said that he would only show such things to the Rich fam­i­ly, at the advice of his lawyers and “out of respect for the Rich fam­i­ly.”

But Dotcom’s most recent pub­lic com­ment on the mat­ter, a let­ter post­ed today direct­ed to the FBI Spe­cial Coun­sel [83] who are inves­ti­gat­ing the Trump regime’s ties to Rus­sia, makes it look like Dotcom’s inter­est in the Seth Rich case may not be alto­geth­er altru­is­tic.

Dot­com is orig­i­nal­ly from Ger­many but moved to New Zealand from Hong Kong in 2009, and is cur­rent­ly want­ed in the Unit­ed States for run­ning the file host­ing and shar­ing site Megau­pload, which was accused of sys­tem­at­i­cal­ly vio­lat­ing copy­right. His extra­di­tion to the US has been blocked repeat­ed­ly and he’s been in a state of legal lim­bo for years.

But Dotcom’s new let­ter to the FBI Spe­cial Coun­sel says that he’d be will­ing to share his evi­dence that Seth Rich was involved in leak­ing infor­ma­tion to Wik­ileaks pro­vid­ed he’s giv­en safe pas­sage to the US [83]:

Mr Dot­com is also com­mit­ted to achiev­ing an out­come where his evi­dence can be prop­er­ly received and reviewed by you as part of the Inves­ti­ga­tion. You will, how­ev­er, appre­ci­ate that, giv­en his cur­rent sta­tus, he is not in a posi­tion to vol­un­tar­i­ly leave New Zealand’s juris­dic­tion. Fur­ther, he is con­cerned that, should he trav­el to the Unit­ed States vol­un­tar­i­ly, he would be arrest­ed and detained in cus­tody on the cur­rent counts on which he has been indict­ed.

The let­ter goes on to say that after “spe­cial arrange­ments” have been made, he’ll be glad to trav­el to the US to give his evi­dence. One imag­ines that those spe­cial arrange­ments would involve drop­ping the case against him.

Accord­ing­ly, for Mr Dot­com to attend in per­son in the Unit­ed States to make a state­ment, and/or give oral evi­dence at any sub­se­quent hear­ing, spe­cial arrange­ments would need to be dis­cussed and agreed between all rel­e­vant par­ties. Such arrange­ments would need to include arrange­ments for his safe pas­sage from New Zealand and return. This is because Mr Dot­com is deter­mined to clear his name in New Zealand.

So make of that what you will. Kim Dot­com clear­ly has rea­son to be angry at the US Jus­tice Depart­ment, but if he real­ly had evi­dence prov­ing that a man was mur­dered for polit­i­cal rea­sons, it seems a bit shady to use it as a bar­gain­ing chip for your own free­dom. It seems unlike­ly that the FBI would grant Dotcom’s request, so if he real­ly does have any infor­ma­tion on the Seth Rich case, we may nev­er get to see it.

But giv­en the fact that there’s vir­tu­al­ly no evi­dence out­side of the wildest con­spir­a­cy the­o­ry boards that Seth Rich was killed by any­one con­nect­ed to the Clin­ton cam­paign, I wouldn’t hold my breath any­way.

8. The Shad­ow Bro­kers, released some more NSA hack­ing tools, along with a list of IP address­es the NSA was tar­get­ing. All of this was appar­ent­ly in response to a sense of betray­al. Betray­al by Don­ald Trump. Yes, when Don­ald Trump launched a cruise mis­sile attack against Syr­ia this so upset The Shad­ow Bro­kers that they wrote anoth­er long bro­ken Eng­lish rant (with a white nation­al­ist theme) about Trump liv­ing up to his promis­es and then released some more hack­ing tools. [25]

We ana­lyzed the Shad­ow­Bro­kers in FTR #923 [7].

Suf­fice it to say, that this group is, in all prob­a­bil­i­ty, not Russ­ian at all.

“Mys­te­ri­ous Group Posts More Alleged NSA Hack­ing Tools; Rus­sia Link Sus­pect­ed” by Tim John­son; McClatchy DC; 4/10/2017. [25]

In the lat­est in a drum­beat of intel­li­gence leaks, a hack­ing group known as the Shad­ow Bro­kers has released anoth­er set of tools it said were designed by the top-secret Nation­al Secu­ri­ty Agency to pen­e­trate com­put­er sys­tems world­wide.

In a rant-filled state­ment [84]over the week­end, Shad­ow Bro­kers also released a list of servers it said the tools had infect­ed.

One doc­u­ment appeared to show that NSA spy­ware had been placed on servers [85] in South Korea, Rus­sia, Japan, Chi­na, Mex­i­co, Tai­wan, Spain, Venezuela and Thai­land, among oth­er coun­tries. The dump includ­ed details of how the NSA pur­port­ed­ly had gained access to Pakistan’s main mobile net­work.

The release marked the most recent in a steady stream of dis­clo­sures of pur­port­ed hack­ing tools devel­oped by the NSA and the CIA. Shad­ow Bro­kers made a sim­i­lar release in August, and in March the anti-secre­cy group Wik­iLeaks released sev­er­al batch­es of files that pur­port­ed to show how the CIA spies on its tar­gets. Wik­iLeaks has dubbed those leaks Vault7 [86].

Cyber­se­cu­ri­ty experts dif­fered in their assess­ment of the leaked mate­r­i­al but sev­er­al agreed that it would give glob­al foes cru­cial infor­ma­tion about Amer­i­can hack­ing abil­i­ties and plans.

In its state­ment, Shad­ow Bro­kers said the lat­est leak, fol­low­ing one eight months ago, “is our form of protest” to goad Pres­i­dent Don­ald Trump into stay­ing loy­al to his fol­low­ers and pro­mot­ing anti-glob­al­ism. The screed includ­ed pro­fan­i­ty, some white suprema­cist com­men­tary and a pass­word to the cache of tools. . . .

8. CrowdStrike–at the epi­cen­ter [26] of the sup­posed Russ­ian hack­ing con­tro­ver­sy is note­wor­thy. Its co-founder and chief tech­nol­o­gy offi­cer, Dmit­ry Alper­ovitch is a senior fel­low at the Atlantic Coun­cil, financed by ele­ments that are at the foun­da­tion of fan­ning the flames of the New Cold War.

 “Is Skep­ti­cism Trea­son?” by James Car­den; The Nation; 1/3/2017. [26]

. . . In this respect, it is worth not­ing that one of the com­mer­cial cyber­se­cu­ri­ty com­pa­nies the gov­ern­ment has relied on is Crowd­strike, which was one of the com­pa­nies ini­tial­ly brought in by the DNC to inves­ti­gate the alleged hacks. . . . Dmitri Alper­ovitch [87] is also a senior fel­low at the Atlantic Coun­cil. . . . The con­nec­tion between [Crowd­strike co-founder and chief tech­nol­o­gy offi­cer Dmitri] Alper­ovitch and the Atlantic Coun­cil has gone large­ly unre­marked upon, but it is rel­e­vant giv­en that the Atlantic Coun­cil—which is is fund­ed in part [88] by the US State Depart­ment, NATO, the gov­ern­ments of Latvia and Lithua­nia, the Ukrain­ian World Con­gress, and the Ukrain­ian oli­garch Vic­tor Pinchuk—has been among the loud­est voic­es call­ing for a new Cold War with Rus­sia. As I point­ed out in the pages of The Nation in Novem­ber, the Atlantic Coun­cil has spent the past sev­er­al years pro­duc­ing some of the most vir­u­lent spec­i­mens of the new Cold War pro­pa­gan­da. . . . 

9. Next, the pro­gram high­lights [27] a top­ic that was ini­tial­ly broached in the last pro­gram. The OUN/B milieu in the U.S. has appar­ent­ly been instru­men­tal in gen­er­at­ing the “Rus­sia did it” dis­in­for­ma­tion about the high-pro­file hacks. A Ukrain­ian activist named Alexan­dra Chalu­pa has been instru­men­tal in dis­trib­ut­ing this dis­in­for­ma­tion to Hillary Clin­ton and influ­enc­ing the progress of the dis­in­for­ma­tion in the media. 

“The Anony­mous Black­list Quot­ed by the Wash­ing­ton Post Has Appar­ent Ties to Ukrain­ian Fas­cism and CIA Spy­ing” by Mark Ames; Alternet.org; 12/7/2016. [27]

. . . . One of the key media sources [89] [46] who blamed the DNC hacks on Rus­sia, ramp­ing up fears of cryp­to-Putin­ist infil­tra­tion, is a Ukrain­ian-Amer­i­can lob­by­ist work­ing for the DNC. She is Alexan­dra Chalupa—described as the head of the Demo­c­ra­t­ic Nation­al Committee’s oppo­si­tion research on Rus­sia and on Trump, and founder and pres­i­dent of the Ukrain­ian lob­by group ‘US Unit­ed With Ukraine Coali­tion’ [90] [47], which lob­bied hard to pass a 2014 bill increas­ing loans and mil­i­tary aid to Ukraine, impos­ing sanc­tions on Rus­sians, and tight­ly align­ing US and Ukraine geostrate­gic inter­ests. . . . In one leaked DNC email [91] [50] ear­li­er this year, Chalu­pa boasts to DNC Com­mu­ni­ca­tions Direc­tor Luis Miran­da that she brought Isikoff to a US-gov­ern­ment spon­sored Wash­ing­ton event fea­tur­ing 68 Ukrain­ian jour­nal­ists, where Chalu­pa was invit­ed ‘to speak specif­i­cal­ly about Paul Man­afort.’ In turn, Isikoff named her as the key inside source [89] [46] ‘prov­ing’ that the Rus­sians were behind the hacks, and that Trump’s cam­paign was under the spell of Krem­lin spies and sor­cer­ers. . . .