![\"\"](\"https:\/\/stateofthenation2012.com\/wp-content\/uploads\/2017\/06\/2kqg4ka-james-comey_photo-640x415.jpg\")
<\/a>The Associated Press<\/p><\/div>\n
by \u00a0Lee Stranahan Executives from Crowdstrike and Director Comey are both scheduled to testify in front of the House Intelligence Committee set for Monday morning at 10 am.<\/p>\n By issuing a still-unrestricted report about an incident that never happened and then tying it to the alleged Russian hacks that Democrats claim tipped the elections for Pres. Trump, the DNC-employed Crowdstrike\u2019s credibility deserves to be called into question, however, despite excellent reporting by cybersecurity expert Jeffrey Carr<\/a>, Bloomberg\u2019s Leonid Bershidsky<\/a>, and Voice of America reporter Oleksiy Kuzmenko<\/a>, the media has ignored the story and continued to cite Crowdstrike\u2019s work\u2026 even after the Ukrainian Defense Ministry issued a statement on January 6th, 2017 refuting Crowdstrike\u2019s claims.<\/p>\n Even more troubling than the media malfeasance about the discredited Crowdstrike report, in testimony in front of the Senate intelligence committee on January 10 \u2013 four days after the Ukrainian DOD denied Crowdstrike\u2019s report \u2014 Director Comey admitted that the FBI had been denied access to the DNC servers and praised Crowdstrike, without mentioning that they worked for the DNC or that their recent report had been debunked.<\/p>\n The Crowdstrike report, titled \u201cUse of Fancy Bear Android Malware in Tracking of Ukrainian Field Artillery Units<\/a>\u201c, was issued by the company on December 22, 2016. It\u2019s a slickly produced document, with a frightening comic book-style cover and plenty of charts and graphs. Crowdstrike\u2019s villain in the report is Fancy Bear, which they say is a hacking group controlled by Russia\u2019s GRU intelligence agency. Crowdstrike itself gave the group the name Fancy Bear, with \u2018Bear\u2019 referring to Russia and \u2018Fancy\u2019 referring to the song Fancy by Iggy Izalea<\/a>.<\/p>\n On June 15, 2016 Crowdstrike claimed that Fancy Bear was behind the DNC hacks in an article title Bears in the Midst: Intrusion into the Democratic National Committee.<\/a> That post came the day after the Washington Post<\/em> published an article claiming\u00a0Russian government hackers penetrated DNC and stole opposition research on Trump<\/a>, quoting Crowdstrike\u2019s co-founder Dmitri Alperovitch, who is scheduled to testify Monday in front of the House Intel committee hearing. In that June WaPo article, Alperovitch seemed unsure on details but pinned the hack on Fancy Bear:<\/p>\n CrowdStrike is not sure how the hackers got in. The firm suspects they may have targeted DNC employees with \u201cspearphishing\u201d emails. These are communications that appear legitimate \u2014 often made to look like they came from a colleague or someone trusted \u2014 but that contain links or attachments that when clicked on deploy malicious software that enables a hacker to gain access to a computer. \u201cBut we don\u2019t have hard evidence,\u201d Alperovitch said. The two groups did not appear to be working together, Alperovitch said. Fancy Bear is believed to work for the GRU, or Russia\u2019s military intelligence service, he said.<\/p><\/blockquote>\n In light of his possible testimony Monday, it\u2019s worth noting Alperovitch\u2019s statements in the June 2016 Washington Post<\/em> article that there\u2019s no \u201chard evidence\u201d of how the hack occurred and that Fancy Bear is \u201cbelieved to work\u201d for GRU.<\/p>\n That June WaPo article also quoted Crowdstrike\u2019s President and former FBI agent Shawn Henry, who is also scheduled to testify Monday.<\/p>\n \u201cIt\u2019s the job of every foreign intelligence service to collect intelligence against their adversaries,\u201d said Shawn Henry, president of CrowdStrike, the cyber firm called in to handle the DNC breach and a former head of the FBI\u2019s cyber division. He noted that it is extremely difficult for a civilian organization to protect itself from a skilled and determined state such as Russia.<\/p><\/blockquote>\n If Henry\u2019s statement to the Washington Post<\/em> seems more political than technical, that\u2019s because Crowdstrike was being utilized by their clients at the Democratic National Committee to put out a narrative about Russian hacking to use against the Trump campaign. As later confirmed by a laudatory piece in Esquire magazine<\/a>, starting in June 2016 the DNC used Crowdstrike executives Alperovitch and Henry as part of an anti-Trump publicity plan related to allegations of Russian hacking:<\/p>\n The DNC wanted to go public. At the committee\u2019s request, Alperovitch and Henry briefed a reporter from The Washington Post about the attack.<\/p><\/blockquote>\n The Democrats\u2019 attempts to smear Donald Trump with allegations of Russian involvement failed to win them the election and by December the Obama administration was taking a number of steps to make the incoming president\u2019s job as difficult as possible. On December 13th, the New York Times<\/a><\/em> published a major piece pushing the narrative \u2013 without any new definitive technical evidence \u2013 that the Russians were behind \u201ca cyberespionage and information-warfare campaign devised to disrupt the 2016 presidential election, the first such attempt by a foreign power in American history.\u201d<\/p>\n If influential media outlets like the New York Times<\/em> were completely sold on the Democrat-promote idea that the Russian government was behind hacking operations intended to hurt Hillary Clinton and Donald Trump, independent technical experts were not so sure. On the same day that the Times<\/em> published its piece, cybersecurity expert Jeffrey Carr wrote<\/a> that while there was technical evidence that the Hacker\u2019s may have spoken Russian, that there \u201cis also ZERO technical evidence to connect those Russian-speaking hackers to the GRU, FSB, SVR, or any other Russian government department.\u201d<\/p>\n Carr continued to eviscerate those claims, such as an October statement released by the Director of National Intelligence:<\/p>\n The ODNI\/DHS statement\u2019s opening paragraph ends with their rationale for placing blame on the Russian government:<\/p>\n \u201cWe believe, based on the scope and sensitivity of these efforts, that only Russia\u2019s senior-most officials could have authorized these activities.\u201d<\/p>\n I have no explanation for what the author of that statement was thinking when he or she composed it. It is, in my opinion, ludicrous on its face. There is nothing about the attacks against the DNC, the DCC, high profile email accounts like Podesta\u2019s, or even election data bases like those in Arizona and Illinois (that the ODNI\/DHS statement specifically excluded) which preclude them from being attacked by any individual hacker or hacker team from anywhere in the world, on their own, and without any government control or direction.<\/p><\/blockquote>\n What could provide the link between the Russian intelligence agency GRU and Fancy Bear, the group that Crowdstrike claimed was behind the DNC hack? Enter the Ukrainian story.<\/p>\n Crowdstrike needed to strengthen the hack\u2019s connection to the GRU, as Dmitri clearly stated in an interview he did with PBS on December 22:<\/p>\n \u2026this is why we wanted to produce more evidence that raises the level of confidence that we have, even internally, that this is Russian intelligence agency called the GRU.<\/p><\/blockquote>\n That interview was part of the promotional campaign for Crowdstrike\u2019s ominous December 22nd \u201cUse of Fancy Bear Android Malware in Tracking of Ukrainian Field Artillery Units<\/a>\u201d report, which claims that it provides evidence that \u201cfurther supports CrowdStrike\u2019s previous assessments that FANCY BEAR is likely affiliated with the Russian military intelligence (GRU)\u201d.<\/p>\n The Crowdstrike report opens with a few key claims about malware that they say infected tablets, including:<\/p>\n \u2022 From late 2014 and through 2016, FANCY BEAR X-Agent implant was covertly distributed on Ukrainian military forums within a legitimate Android application developed by Ukrainian artillery officer Yaroslav Sherstuk.<\/p>\n \u2026<\/p>\n \u2022 Successful deployment of the FANCY BEAR malware within this application may have facilitated reconnaissance against Ukrainian troops. The ability of this malware to retrieve communications and gross locational data from an infected device makes it an attractive way to identify the general location of Ukrainian artillery forces and engage them.<\/p>\n \u2022 Open source reporting indicates that Ukrainian artillery forces have lost over 50% of their weapons in the 2 years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in Ukraine\u2019s arsenal.<\/p><\/blockquote>\n In other words, Crowdstrike was making a truly shocking claim: that the Ukrainian military had lost 80 percent of its D-30 Howitzers due to malware installed by the Russian hacking group FancyBear that they said is connected to the GRU.<\/p>\n The Crowdstrike report provided just the connective tissue that was needed in late December to connect the Russian government to a shocking example of cyberespionage affecting the real world, but it had one big problem; it wasn\u2019t true.<\/p>\n True to form, however, the establishment media simply took Crowdstrike\u2019s word and failed to fact-check the report.<\/p>\n Within the day, major establishment media outlets faithfully promoted Crowdstrike\u2019s tale of Russian hacking destroying 80 percent of Ukrainian D-30 Howitzers. In addition to the PBS interview mentioned above, Forbes<\/a>, Newsweek<\/a>, The Inquirer<\/a>, Reuters<\/a>, Engadget<\/a> and others were echoing Crowdstrike\u2019s claim that this was a major piece of new proof for the GRU\u2019s involvement in the DNC hacks.<\/p>\n However, some dissenting voices began to speak up. On the same day that the report was released, a Bloomberg article<\/a> by Leonid Bershidsky was published criticizing the level of confidence that Crowdstrike was placing in their new statements. Bershidsky cites several first-hand sources associated with the Ukrainian military who were criticizing Crowdstrike\u2019s report:<\/p>\n Yaroslav Sherstyuk, the Ukrainian military officer who developed the application, reacted angrily\u00a0on Facebook to the CrowdStrike report, saying he never published the software on any public forums and encouraging fellow Ukrainian servicemen to keep using the latest version of his app.\u00a0Via Facebook Messenger, he told me that he didn\u2019t believe an infected version of the app even existed. \u201cThis is a hoax to scare everyone and make us go back to the old methods of targeting fire,\u201d he wrote. A CrowdStrike spokesperson did not respond when I asked if it had contacted\u00a0Sherstyuk. He said it hadn\u2019t.<\/p>\n The spokesperson, Ilina Dimitrova, wrote that \u201cit is indisputable that the app has been hacked with Fancy Bear malware \u2014 we have published the indicators related to it and they have been confirmed by others in the cybersecurity community.\u201d CrowdStrike said that it found the infected app \u201cin limited public distribution on a Russian language, Ukrainian military forum.\u201d I doubt anyone in the Ukrainian military would download software for targeting artillery fire from a forum. Typically, they obtain it\u00a0directly from known developers such as Sherstyuk. If I can contact him directly, so can Ukrainian artillery officers seeking to improve their performance in battle.<\/p>\n Hence, it\u2019s hard for me to believe that this\u00a0infected app \u2014 found somewhere on the internet and likely never used by Ukrainian soldiers \u2014 offers evidence tying the GRU to APT28.<\/p><\/blockquote>\n There was more good reporting the next day when Voice of America (VOA) reporter Oleksiy Kuzmenko\u2019s article titled Skeptics Doubt Ukraine Hack, Its Link to DNC Cyberattack<\/a> was published. Like Bershidsky he referenced the developer of the app, who had in a Facebook post called the Crowdstrike report \u201cdelusional.\u201d Kuzmenko also interviewed a Ukrainian military technical advisor named Pavlo Narozhnyy, who admitted that tablets had been sent to the Ukraine\u2019s armed forces, but also made a stunning statement that directly contradicts the premise of Crowdstrike\u2019s report.<\/p>\n He told VOA that contacts in the Ukrainian military units that used the app reported no losses of D-30 howitzers, which contradicts large battlefield losses referenced in the CrowdStrike report.<\/p>\n \u201cI personally know hundreds of gunmen in the war zone. None of them told me of D-30 losses caused by hacking or any other reason,\u201d Narozhnyy stressed to the VOA.<\/p><\/blockquote>\n Kuzmenko also reported that the equipment statistics cited in the report had come not from the International Institute for Strategic Studies (IISS), as Crowdstrike had claimed, but instead from a pro-Russian propagandist\u2019s blog:<\/p>\n The article is an English translation from a post first published by Boris Rozhin, a popular Russian blogger, who covers Russian military operations under the moniker \u201cColonel Cassad\u201d from Russian-annexed Crimea.<\/p>\n \u2026<\/p>\n His posting provides a table, based on what he said was data from the IISS reports, that shows Ukraine had 369 D-30 howitzers in 2013 and 75 in 2016. It included links to Rozhin said were the original IISS studies uploaded to a Russian torrent site dedicated to pushing pirated software and movies.<\/p>\n Although the source of the information listed by CrowdStrike is not the actual website of IISS, CrowdStrike defended its findings.<\/p><\/blockquote>\n With both their sourcing and underlying claim refuted, Crowdstrike could have at that point admitted that they were wrong, issued a retraction, and pulled the report. Given the size of their error and the importance of the entire topic of alleged Russian hacking to international affairs, a retraction would not only have been the responsible thing to do but a necessity for anyone concerned about presenting the truth.<\/p>\n Instead, Crowdstrike chose to simply ignore the heart of the criticism and defend themselves, telling VOA in an email that it \u201cis indisputable that the app has been hacked with FANCY BEAR malware \u2014 we have published the indicators related to it and they have been confirmed by others in the cybersecurity community.\u201d Pavlo Narozhnyy remained skeptical even of that claim and told VOA he would like to see more proof.<\/p>\n The critiques by Bloomberg and VOA were ignored by the establishment media, however, who had bigger fish to fry a week later when the Obama administration delivered a one-two punch on the Russian hacking story.<\/p>\n On December 29, the Obama White House announced sanctions against Russia over the allegations of hacking, ordering 35 Russian diplomats to leave the United States<\/a>. On the same day, Obama\u2019s DHS and FBI released a joint analysis report (JAR) that they thought would cement the Russian hacking connection once and for all.<\/p>\n Once again, the lapdog media did its part and acted as stenographers for the Obama administration on the \u2018Russian hacking\u2019 narrative. The New York Times<\/em> declared Obama Strikes Back at Russia for Election Hacking<\/a>, while the Washington Post<\/em> trumpeted Obama administration announces measures to punish Russia for 2016 election interference<\/a>.<\/p>\n Criticism of the Crowdstrike report from a week earlier went down the memory hole.<\/p>\n Then on January 3, cybersecurity expert Jeffrey Carr posted an article on Medium titled The GRU-Ukraine Artillery Hack That May Never Have\u00a0Happened<\/a>. This was another devastating critique of Crowdstrike\u2019s report, but like the VOA and Bloomberg articles, it was ignored by the establishment media. Carr sums up the Crowdstrike report by saying:<\/p>\n Crowdstrike\u2019s latest report regarding Fancy Bear contains its most dramatic and controversial claim to date; that GRU-written mobile malware used by Ukrainian artillery soldiers contributed to massive artillery losses by the Ukrainian military. \u201cIt\u2019s pretty high confidence that Fancy Bear had to be in touch with the Russian military,\u201d Dmitri Alperovich told Forbes. \u201cThis is exactly what the mission is of the GRU.\u201d<\/p><\/blockquote>\n Once again, the establishment media had failed to do basic technical vetting on the claims of Russian hacking by Crowdstrike and were exposed by a few brave, lone voices in the media wilderness.<\/p>\n However, the most devastating rebuttal of Crowdstrike\u2019s December 22 report came from the Ukrainian Ministry of Defense itself.<\/p>\n On January 6, the Ukrainian Defense Ministry posted a denial on their official website<\/a>, stating flatly that the claim that 80 percente of D-30 Howitzers had been destroyed by Russian malware was false. (The following is a Google Translate version of the Ukrainian information posted by their defense ministry.)<\/p>\n In connection with the emergence in some media reports which stated that the alleged \u201c80% howitzer D-30 Armed Forces of Ukraine removed through scrapping Russian Ukrainian hackers software gunners,\u201d Land Forces Command of the Armed Forces of Ukraine informs that the said information is incorrect .<\/p>\n According Command Missile Forces and Artillery Land Forces of Ukraine, artillery weapons lost during the time of ATO times smaller than the above and are not associated with the specified cause. Currently, troops Missile Forces and Artillery Army Forces of Ukraine fully combat-ready, staffed and able to fulfill the missions.<\/p>\n Ministry of Defence of Ukraine asks journalists to publish only verified information received from the competent official sources. Spreading false information leads to increased social tension in society and undermines public confidence in the Armed Forces of Ukraine.<\/p><\/blockquote>\n As Jeffrey Carr summed it up, \u201cNot only did Crowdstrike choose to quote improbably high losses estimated by a Pro-Russia analyst, we now have confirmation from Ukraine\u2019s MOD that (1) those figures were wrong, (2) Crowdstrike\u2019s reason for the losses were wrong, and (3) Crowdstrike\u2019s spread of false information caused harm.\u201d<\/p>\n This produced more crickets from the establishment media that had used Crowdstrike as the basis of their narrative for months.<\/p>\n Worse than the obvious media malpractice that left Crowdstrike\u2019s claims fully debunked, the DNC-employed group continued to be given praise by embattled FBI Director James Comey, even after this shocking refutation by the Ukrainians.<\/p>\n On January 10th, Comey testified before the Senate Intelligence Committee<\/a> and made a stunning admission: despite \u201cmultiple requests at different levels,\u201d the Democratic National Committee had denied the FBI\u2019s requests to examine the servers themselves. Instead, the FBI took the word of Crowdstrike, who Comey called a \u201chighly respected private company.\u201d<\/p>\n It bears repeating that this complimentary assessment by James Comey of Crowdstrike came days after the Ukrainian military itself had challenged the basic factual premise of their report from just weeks earlier.<\/p>\n Furthermore, Comey\u2019s January 10th testimony praising Crowdstrike \u2013 who was working for the DNC at the time, remember \u2013 came after the DNC had told Buzzfeed<\/a> on January 4th, days before Comey testified, that the FBI had never asked to examine their servers in the first place. DNC deputy communications director Eric Walker had said in an email that:<\/p>\n The DNC had several meetings with representatives of the FBI\u2019s Cyber Division and its Washington (DC) Field Office, the Department of Justice\u2019s National Security Division, and U.S. Attorney\u2019s Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC\u2019s computer servers.<\/p><\/blockquote>\n This claim by a DNC official that the FBI had never asked for access to the servers clearly rankled some within the Bureau because the next day The Hill<\/em> reported<\/a> that an anonymous source not only contradicted the DNC\u2019s claim, but said that the DNC\u2019s lack of cooperation had caused severe problems for the investigation:<\/p>\n \u201cThe FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated,\u201d the official said.<\/p>\n \u201cThis left the FBI no choice but to rely upon a third party for information. These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.\u201d<\/p><\/blockquote>\n If any of this raised any suspicions for James Comey, he failed to show it in his January 10th testimony. Instead, Comey calmly told the Senate committee that while he would have liked to have<\/em> the information directly from the DNC servers, that he was okay with getting the information from the company that they employed, the \u201chighly respected\u201d Crowdstrike. As\u00a0The Hill reported<\/a>:<\/p>\n \u201cWe\u2019d always prefer to have access hands-on ourselves if that\u2019s possible,\u201d Comey said, noting that he didn\u2019t know why the DNC rebuffed the FBI\u2019s request.<\/p><\/blockquote>\n But none of this behavior by the DNC, Crowdstrike, or James Comey fit the media\u2019s narrative that somehow Donald Trump was connected to the Russians who had helped to throw him the election because\u2026 something. For the establishment, the technical details didn\u2019t matter, Crowdstrike\u2019s connection to the Democrats didn\u2019t matter, their gross errors and misstatements didn\u2019t matter, none of it mattered. The media pile-on of Donald Trump would continue after his inauguration and right through to this day.<\/p>\n Now, on Monday at 10 am, FBI Director James Comey and Crowdstrike\u2019s Dmitri Alperovitch and Shawn Henry are all scheduled to testify in front of the House Intelligence Committee, and once again Republicans will have a chance to question Comey and Crowdstrike and finally bring some clarity to the American people.<\/p>\n The only question at this point is whether the House Republicans will do their duty to the American people to shed light on the story, or allow the members of the opposition party \u2013 Democrats and the media alike \u2013 to continue to spread disinformation.<\/p>\n
\nBreitbart.com<\/span><\/p>\nCrowdstrike, the cybersecurity company working for the Democratic National Committee (DNC), released a report tying \u201cRussian hacking\u201d to an incident that never happened, yet \u202ceven after the report had been debunked, FBI Director James Comey still referred to Crowdstrike as a \u201chighly respected private company\u201d at a Senate hearing.<\/h2>\n