DNC HACK: CrowdStrike, Julian Assange & Seth Rich

DNC Emails–A Seth Attack Not a Russian Hack by Publius Tacitus

Sic Semper Tyrannis

Tacitus01

If Russia had actually “hacked” the DNC emails then the National Security Agency would have had proof of such activity. In fact, the NSA could have tracked such activity. But they did not do that. That lack of evidence did not prevent a coordinated media campaign from spinning up to pin the blame on Russia for the “theft” and to portray Donald Trump as Putin’s lackey and beneficiary.

Any effort to tell an alternative story has met with stout opposition. Fox News, for example, came under withering fire after it published an article in May 2017 claiming that Seth Rich, a young Democrat operative, had leaked DNC emails to Julian Assange at WikiLeaks. The family of Seth Rich reacted with fury and sued Fox, Malia Zimmerman and Ed Butowsky, but that suit subsequently was dismissed.

Now there is new information, courtesy of the National Security Agency aka NSA, that confirms that the NSA has Top Secret and Secret documents that are responsive to a FOIA request for material on Seth Rich and his contacts with Julian Assange. While the content of these documents remain classified for now, they may provide documentary proof that Seth Rich “dropped boxed” the emails to Julian. If these documents are declassified, a big hole could be blown in the claim that Russia hacked the DNC.

If Seth Rich was just a normal kid in the wrong place at the wrong time, his murder and untimely death would only have been a minor blip in the news cycle. Blip or not, it was a terrible loss for his family and friends. But Seth was not an ordinary kid. He worked for the Democratic National Committee aka the DNC and described himself as an “experienced and impassioned data analyst” keen on making the world a better place.

Rich met a sudden and brutal end in a neighborhood near the U.S. Capitol in Washington, DC in the early hours of July 10, 2016. The initial report about the murder did not raise any political antennae in the United States. The CNN reporting of the murder was representative of the coverage at the time:

A Democratic National Committee employee died this weekend after he was shot in Northwest Washington.

Seth Rich, 27, suffered multiple gunshot wounds early Sunday morning in Washington’s Bloomingdale neighborhood, according to law enforcement officials.

D.C. police said officers who had been patrolling the area responded to the sound of shots fired, ultimately finding Rich at the scene both “conscious and breathing.” He was then transported to an area hospital, where police said he “succumbed to his injuries and was pronounced dead.”

Rich worked as voter expansion data director for the DNC since 2014, the DNC confirmed. A 2011 graduate of Creighton University, Rich’s resume is filled with various jobs in Democratic politics and political consulting.

But the circumstances and facts surrounding the murder were strange. Seth was shot in the back. Nothing was taken from his body—not his watch, not his wallet, not his gold necklace and not his credit cards. There was no obvious answer to the questions—who shot Seth and why?

The interest in Seth’s death took a dramatic turn when WikiLeaks dumped the contents of DNC emails on its website on July 22, 2016. In order to put the WikiLeaks theory regarding Seth’s death in proper perspective, we must review events in the prior months connected to the Hillary Clinton and DNC email controversies.

Seth Rich will go down in history, fairly or unfairly, linked to the debate surrounding Hillary Clinton’s missing and/or classified emails. During her time as Secretary of State, Hillary used a private server and sent thousands of messages over that server. This included emails containing Top Secret material.

In May 2016, the State Department Inspector General added further fuel to the controversy by concluding that Hillary had violated State Department protocols and policies:

The Inspector General was unable to find evidence that Clinton had ever sought approval from the State Department staff for her use of a private email server, determining that if Clinton had sought approval, Department staff would have declined her setup because of the “security risks in doing so.”[54] Aside from security risks, the report stated that “she did not comply with the Department’s policies that were implemented in accordance with the Federal Records Act.”[57]

Public interest in Hillary’s emails grew on June 12, 2016 when Wikileaks founder, Julian Assange, stated during an ITV interview that his outfit had more a Hillary emails:

“We have upcoming leaks in relation to Hillary Clinton … We have emails pending publication, that is correct,” Assange said.

Two days later (June 14) came news that the DNC computers had been “hacked” by the Russians. Ellen Nakamura, a Washington Post reporter who had been briefed by computer security company hired by the DNC—Crowdstrike–, wrote:

Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.

The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts.

The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some Republican political action committees, U.S. officials said. But details on those cases were not available.

The Nakamura piece marked the first salvo in the Russian hacking meme. But the claim was not backed up by independently verified forensic evidence—it rested solely on the conclusions of a computer security company—CrowdStrike. The pro-Ukrainian politics of Crowdstrike’s founder, Dmitri Alperovitch, and his strident opposition to Russia cast a pall of bias over the findings of CrowdStrike. No U.S. Federal Law Enforcement official or agency was given access to the DNC servers. Neither the FBI nor Homeland Security were permitted to examine the servers and the alleged evidence of a hack.

CrowdStrike revealed that not one but two groups of hackers believed to be based in Russia had done just that. The intruders, according to CrowdStrike and the DNC officials who spoke to the Washington Post, fully accessed the campaign organization’s emails and chats, and stole opposition research on Republican presidential front-runner Donald Trump. . . .

In a blog post detailing the attack, CrowdStrike pointed to two groups of known Russian government-aligned hackers, one dubbed Cozy Bear and another called Fancy Bear. According to CrowdStrike, the two teams seemingly worked independently, either unaware of each others’ existence or even vying for dominance within the strange, internally competitive intelligence apparatus of Vladimir Putin’s regime.

The most bizarre aspect of CrowdStrike’s claim is that it started its “investigation” of the so-called hacking on the 7thof May and supposedly immediately discovered it was “the Russians.” Yet CrowdStrike waited more than a month to do what should have been done on 7 May—shutdown the network. Vicky Ward reported in Esquire on 24 October 2016 that CrowdStrike waited until June 10 to take steps to protect the DNC network:

Ultimately, the teams decided it was necessary to replace the software on every computer at the DNC. Until the network was clean, secrecy was vital. On the afternoon of Friday, June 10, all DNC employees were instructed to leave their laptops in the office.

For the next two days, three CrowdStrike employees worked inside DNC headquarters, replacing the software and setting up new login credentials using what Alperovitch considers to be the most secure means of choosing a password: flipping through the dictionary at random. (After this article was posted online, Alperovitch noted that the passwords included random characters in addition to the words.) The Overwatch team kept an eye on Falcon to ensure there were no new intrusions. On Sunday night, once the operation was complete, Alperovitch took his team to celebrate at the Brazilian steakhouse Fogo de Chão.

This was a classic case of closing the barn door after the horse had escaped. CrowdStrike started work in early May 2016 but failed to prevent the DNC emails from making their way to WikiLeaks. The DNC emails that were released on July 22, 2016 by WikiLeaks covered the period from January 2015 thru 25 May 2016. CrowdStrike started work on 7 May at the DNC. If this was truly a hack from an outside computer network then it should have been impossible for any outsider to electronically hack the DNC network. But the information on the DNC network was taken around the close of business on the 25thof May.

The day after Ellen Nakamura reported that the Russians had hacked the DNC, Guccifer 2.0 surfaced and took credit for the hack.  Guccifer 2.0 made a point of specifically denying that he was Russian in an interview with Motherboard:

“I don’t like Russians and their foreign policy. I hate being attributed to Russia,” he said, adding that he was from Romania, just like the first Guccifer.

Guccifer 2.0 said he hacked into the DNC in the summer of 2015. He claimed that he used an unknown vulnerability in NGP VAN, which is a software provider for the DNC, to hack into the DNC servers, which have a Windows architecture. (There’s no evidence whatsoever that the hacker really broke through via NGP VAN.)

“Then I installed my Trojans on several PCs. I had to go from one PC to another every week so CrowdStrike couldn’t catch me for a long time,” he said. “I know that they have cool intrusion detection system. But my heuristic algorithms are better.”

Guccifer’s claim to be something other than Russian immediately was derided by those invested in the blame Russia meme. Motherboard, for example, published a piece on June 16 labeling Guccifer 2.0 as a Russian front, but that conclusion was based solely on circumstantial, stylistic evidence:

. . . considering a long trail of breadcrumbs pointing back to Russia left by the hacker, as well as other circumstantial evidence, it appears more likely that Guccifer 2.0 is nothing but a disinformation or deception campaign by Russian state-sponsored hackers to cover up their own hack—and a hasty and sloppy one at that.

Guccifer 2.0 surfaced again the end of June with more documents:

On June 30, Guccifer 2.0 posted additional documents from the Democratic National Committee’s servers on the WordPress blog. The post again denied Russian links, and spoke admiringly of Julian Assange, the founder of WikiLeaks; Edward J. Snowden, the former intelligence analyst who leaked archives of surveillance documents; and Chelsea Manning, the Army private who sent a huge trove of military and diplomatic documents to WikiLeaks in 2010.

Guccifer 2.0 faded into the woodwork when WikiLeaks released the DNC emails on the 22 of July. Although WikiLeaks protected the source of the DNC material, Julian Assange insisted that Russia had nothing to do with putting the DNC trove into his hands.

Following the WikiLeaks dump, Donald Trump made news on the campaign trail by sarcastically calling on the Russians to provided Hillary’s missing 30,000 emails:

“Russia, if you’re listening, I hope you’ll be able to find the 30,000 emails that are missing,” he said, referring to deleted emails from the private account Hillary Clinton used as secretary of State. “I think you’ll probably be rewarded mightily by our press.”. . .

“If Russia or China or any other country has those emails, I’ve got to be honest with you. I’d love to see them,” he said later, declining to back down.

Experts suspect that Russian agents  are behind the hack and release of Democratic officials’ emails last week that showed officials discussing ways to undermine Bernie Sanders’ primary campaign against Clinton.

Trump often has praised Putin and has claimed to have met him, but on Wednesday, he denied that they have met. He also denied multiple media reports that he is in debt to Russian lenders.

Trump clearly was joking. He was riffing on the fact that the DNC emails had been published on WikiLeaks and that Russia was being blamed. But the Democrats, never known for their keen sense of humor, seized on this moment as an opportunity to introduce the meme that Trump and Russia were collaborating to stop Hillary’s quest for the Presidency. The Hillary team understood the fundamentals of good drama–i.e., a solid story needs a good villain. Donald and Vladimir Putin became the villains of this tale:

Hillary Clinton . . . accused Russian intelligence services of hacking into the Democratic National Committee computers and she said her Republican rival Donald Trump has shown support for Russian president Vladimir Putin.

“We know that Russian intelligence services hacked into the DNC and we know that they arranged for a lot of those emails to be released and we know that Donald Trump has shown a very troubling willingness to back up Putin, to support Putin,” Ms Clinton said in an interview with Fox News, as reported by Reuters.

US officials and cyber security experts have previously said they believed Russia had something to do with the release of the emails in order to influence the election.

In reviewing the media coverage of the DNC “hack” during June and July the name of Seth Rich does not surface even as a minor concern. This all changed on August 9, 2016 when Wikileak’s Julian Assange announced via Twitter “a $20,000 reward for information leading to a conviction in Rich’s killing on July 10 in the 2100 block of Flagler Place NW.” Assange subsequently discussed the murder of Seth Rich during an interview with Dutch TV:

WikiLeaks editor Julian Assange suggested that the Democratic National Committee staffer shot dead last month in Washington, DC, was killed because he was a “source.”

“Whistleblowers go to significant efforts to get us material and often very significant risks. As a 27-year-old, works for the DNC, was shot in the back, murdered just a few weeks ago for unknown reasons as he was walking down the street in Washington,” he told Dutch TV, referring to Seth Rich, who was gunned down in the early morning hours of July 10 while walking to his apartment in Bloomingdale.

The interviewer followed up by asking, “That was just a robbery, I believe. Wasn’t it?”

The WikiLeaks founder cryptically replied, “No, there’s no finding … I’m suggesting that our sources take risks.”

Rather than address the substance and facts of what WikiLeaks and Assange were saying and doing with respect to Seth Rich, most of the media concentrated on dismissing the Seth Rich story as a crazed conspiracy theory.

The only media outlet that tried to tell this story–Fox News–soon found itself in a media and legal maelstrom. Fox released a well-sourced article in May 2017. Written by Malia Zimmerman, the article reported that Seth had downloaded the WikiLeaks documents, uploaded them to a DropBox account and passed them on to Julian Assange. Malia wrote:

The Democratic National Committee staffer who was gunned down on July 10 on a Washington, D.C., street last July just steps from his home in the cozy Washington DC’s Columbia Heights neighborhood, leaked thousands of highly controversial emails to WikiLeaks that were generated internally between DNC party leaders, Fox News has confirmed after a 10-month investigation.

A federal investigator who reviewed an FBI forensic report detailing the contents of DNC staffer Seth Rich’s computer generated within 96 hours after his murder, said Rich made contact with WikiLeaks through Gavin MacFadyen, a famous American investigative reporter and director of Wikileaks.

“I have seen and read the emails between Seth Rich and Wikileaks,” the federal investigator told Fox News, confirming the MacFayden connection. But he said the whole case was put to rest after the FBI initial audit, and agents were told not to investigate further. The emails sit inside the FBI today, said the federal agent, who asked to remain a confidential source.

The Fox News piece was solid and well sourced. In addition to the Federal agent who confirmed Seth Rich had made contact with WikiLeaks using a cut out,  two other people with direct access to Julian Assange also told Fox reporters that Seth was the source for the DNC emails.

The DNC sprang into action and moved aggressively to shut down the Fox story. Fox, along with Malia Zimmerman and Ed Butowsky, were sued by the Rich family and by investigator Rod Wheeler claiming that some or all elements of the story were false. The lawyers behind these suits were tied to the Democrats. In the face of this pressure, Fox News folded like a cheap tent in a hurricane and pulled the Malia Zimmerman story.

Too bad Fox lacked the courage to back Malia Zimmerman because the lawsuit fell apart. The cases were dismissed in August 2018:

A federal judge in Manhattan dismissed a lawsuit Thursday that was brought against Fox News by the parents of Seth Rich, the young Democratic aide whose unsolved murder was turned into fodder for a lingering right-wing conspiracy theory.

In his dismissal of the lawsuit, Judge George B. Daniels said he sympathized with Mr. Rich’s parents, but added that they had not been personally defamed by the story. . .”

Who killed Seth Rich remains a mystery. It is unfortunate that the Fox News story intermingled the speculation that Seth’s murder was a deliberate hit with the actual factual statements identifying him as the source of the DNC emails.

But now there is new information that may corroborate what the human sources quoted in the Fox article claimed about Seth’s role in getting the DNC documents to WikiLeaks.  Borne from a FOIA request filed in November 2017 by attorney Ty Clevenger, who requested any information regarding Seth Rich and Julian Assange. The NSA informed Clevenger in a letter dated 4 October 2018 that:

Your request has been processed under the provisions of the FOIA. Fifteen documents (32 pages) responsive to your request have been reviewed by this Agency as required by the FOIA and have found to be currently and properly classified in accordance with Executive Order 13526. These documents meet the criteria for classification as set forth in Subparagraph (c) of Section 1.4 and remains classified TOP SECRET and SECRET.

If NSA had come back and said, “No, we do not have anything pertaining to Seth Rich,” that would have been news. It would have been especially unwelcome news for those who believe that Seth was the source on the DNC emails. But now the opposite is true. The NSA says that it has documents that are classified TS and S. What do those documents say or prove? That remains to be seen.

But there is other evidence that buttresses the claim that the DNC emails were physically downloaded and then transferred to WikiLeaks rather than being taken via an electronic intrusion of the DNC network. This is not a matter of opinion. It is a simple matter of science and math.

As noted earlier, Guccifer 2.0 took credit in mid-June 2016 for “hacking” the DNC and published documents as proof of his culpability. Those documents contain meta data. Bill Binney, who served with distinction as a Technical Director at the NSA, has written extensively on this issue:

We stand by our main conclusion that the data from the intrusion of July 5, 2016, into the Democratic National Committee’s computers, an intrusion blamed on “Russian hacking,” was not a hack but rather a download/copy onto an external storage device by someone with physical access to the DNC.

That principal finding relied heavily on the speed with which the copy took place – a speed much faster than a hack over the Internet could have achieved at the time – or, it seems clear, even now. Challenged on that conclusion – often by those conducting experiments within the confines of a laboratory – we have conducted and documented additional tests to determine the speeds that can be achieved now, more than a year later.

To remind: We noted in the VIPS memo that on July 5, 2016, a computer directly connected to the DNC server or DNC Local Area Network, copied 1,976 megabytes of data in 87 seconds onto an external storage device. That yields a transfer rate of 22.7 megabytes per second. (https://consortiumnews.com/2017/09/20/more-holes-in-russia-gate-narrative/)

The meta data does not prove that Seth Rich did it or that it occurred at the DNC headquarters. But the meta data does conclusively show that the material provided by Guccifer 2.0, which the US DOJ now insists was a Russian front, could not have been obtained via a computer hack.

So what do we know for certain?

First, no one in the Federal Government—law enforcement or intelligence—was granted access to examine the computer servers and files on the DNC server even after the DNC claimed they had been hacked by a foreign government.

Second, the steps that CrowdStrike allegedly took to shut down computer hacking by Russia do not match the timeline of the actual download of the documents from the DNC server.

Third, Seth Rich worked at the DNC and had access to the computer server and systems.

Fourth, WikiLeaks founder Julian Assange identified Seth Rich as a “source” and posted a $20,000 reward for information concerning his murder.

Fifth, a Federal law enforcement agent told two witnesses that Seth Rich had email exchanges with WikiLeaks.

Sixth, two people with direct access to Julian Assange told three separate sources that Seth Rich was the source of the DNC material published by WikiLeaks.

Seventh, the documents published by Guccifer contain meta data that establish that the documents were physically downloaded onto a device like a thumb drive.

Eighth, the NSA has confirmed that it has Top Secret and Secret documents responsive to a FOIA request for information concerning contact between Seth Rich and other people including Julian Assange.

___
https://turcopolier.typepad.com/sic_semper_tyrannis/2018/10/dnc-emails-a-seth-attack-not-a-russian-hack-by-publius-tacitus.html

This entry was posted in Uncategorized. Bookmark the permalink.