Establishment claims of Russian hacking lack one important ingredient… evidence

dark hacker
Katy Levinson/Flickr

As 2016 comes to a close and, with it, the final 20 days of the dreadful Obama administration, a madness has gripped much of the country that has been concocted, promoted, and drilled into the American psyche by the U.S. government and its corporate media/intelligence agency controlled mainstream corporate media. This new narrative, which has a deeper hold within the American “leftists” (more accurately labeled Democrats) circles around the claims that Russia has essentially launched a coup in the United States by “hacking American elections.”

These claims have been repeated ad nauseum by the President, high-level politicians, and the corporate media ever since shortly after the Trump victory and in the wake of Clinton’s treachery being unearthed by WikiLeaks in the months prior. The U.S. government is now provoking Russia yet again based on something that appears completely fabricated as 2017 appears on the calendar.

Because these claims, also supported by U.S. intelligence agencies, are being circulated minute by minute by the corporate media, they bear some analysis before the world is incinerated on the basis of ignorance, paranoia, and deception.

The U.S. Government Was Not Hacked. The Voting Machines Were Not Hacked.

This is one point of intense misinformation by the corporate media. With the tagline “Russia hacked US elections,” the typical uninformed, half-attentive viewer is left with the idea that the Russians hacked into the voting machines and somehow disturbed the true choice of America. In addition, with the rhetoric coming from the government and their media mouthpieces, one is led to believe – by inference – that Russia also hacked the government itself in some way. But the truth is that, regardless of who the hackers may have been, neither the government nor the vote was ever hacked. Only the DNC was hacked. In other words, the Democratic party was the only victim of hacking in this sequence of events. The information contained therein was then released to WikiLeaks which, in turn, released them to the public. Notably, it was through intense work and effort that the alternative media was able to bring the material contained in the DNC emails to light.

The Interference. Should The Skeletons Have Stayed In The Closet?

The “interference” in American elections thus centers around claims that Russian hackers obtained secret information that involved shady deals between Clinton’s team and the DNC, collusion between Clinton’s team and the corporate media, as well as Clinton’s team and bizarre sexual/occult/satanic rituals, then shared all of it with WikiLeaks and the press to the detriment of the Clinton campaign, thus causing Donald Trump to be elected. While we will discuss the alleged Russian connections separately, it is important to note that the issues surrounding the material obtained in the attacks were very real. There was collusion between Clinton’s team and the press as well as officials in the DNC. There were also bizarre rituals attended by Clinton’s campaign chair, John Podesta. None of the information released was false. So, essentially, Clinton, Obama, the U.S. government, and the corporate media are arguing that the skeletons should have stayed in the closet, at least until after the elections when it was too late to matter. They are arguing in favor of secrecy and against transparency.

But it cannot be ignored that the emails and communications were all very legitimate. Had Clinton and her team not acted inappropriately, there never would have been an issue to begin with. After all, back when the PATRIOT Act was being debated, its supporters (the ranks of which included Clinton) argued that if we had nothing to hide, we had nothing to fear. Clearly, Clinton’s team had something to fear.

Grizzly Steppe

While the corporate media loyally regurgitates everything the White House and its intelligence handlers produce, many outlets are, by inference alone, attempting to frame the alleged Russian hacking as having a code name, “Grizzly Steppe.” By reading many outlets, it sounds much like that is the name the Russians gave the hacking operations, thus making it appear that the hacking was a Russian intelligence operation, complete with a code name. However, Grizzly Steppe is only a name given to the alleged hacks by the U.S. intelligence community to represent the incident. There is nothing Russian about it.

Who Hacked The DNC?

The U.S government, via the FBI and the Department of Homeland Security, released a joint statement explaining the alleged details and proof that the Russians were behind the hacks. This report, like the reports and statements before them, prove nothing at all and only succeed in furthering rumors and propaganda against Russia itself and the narrative that the Russians were behind the moderate exposé of Hillary Clinton’s treachery.

The report, while claiming to produce the details, does nothing but provide a more in-depth story to be heaped upon the skeleton produced by the intelligence community a few weeks prior. The report is full of technical jargon but the basics of the claims remain the same – that the Russians, via hacking groups APT 28 and APT 29, hacked into the DNC emails and then colluded with WikiLeaks (which the pathetic corporate media also attempts to portray as an agent of Russia), to destroy the power of the Democratic party and the reputation of Hillary Clinton before the election to assure Donald Trump would be president.

The report, however, already had been debunked before it was ever published. Two weeks ago, in a mostly excellent article by Sam Biddle of The Intercept (despite his bizarre accusations of WikiLeaks being a “conspiracy” prone organization), the alleged “proof” being produced regarding the alleged Russian hacking was completely demolished. Biddle, maintaining a balanced view of the possibilities wrote,

There are some good reasons to believe Russians had something to do with the breaches into email accounts belonging to members of the Democratic party, which proved varyingly embarrassing or disruptive for Hillary Clinton’s presidential campaign. But “good” doesn’t necessarily mean good enough to indict Russia’s head of state for sabotaging our democracy.

There’s a lot of evidence from the attack on the table, mostly detailing how the hack was perpetrated, and possibly the language of the perpetrators. It certainly remains plausible that Russians hacked the DNC, and remains possible that Russia itself ordered it. But the refrain of Russian attribution has been repeated so regularly and so emphatically that it’s become easy to forget that no one has ever truly proven the claim. There is strong evidence indicating that Democratic email accounts were breached via phishing messages, and that specific malware was spread across DNC computers. There’s even evidence that the attackers are the same group that’s been spotted attacking other targets in the past. But again: No one has actually proven that group is the Russian government (or works for it). This remains the enormous inductive leap that’s not been reckoned with, and Americans deserve better.

We should also bear in mind that private security firm CrowdStrike’s frequently cited findings of Russian responsibility were essentially paid for by the DNC, which contracted its services in June. It’s highly unusual for evidence of a crime to be assembled on the victim’s dime. If we’re going to blame the Russian government for disrupting our presidential election — easily construed as an act of war — we need to be damn sure of every single shred of evidence. Guesswork and assumption could be disastrous.

. . .

So far, all of the evidence pointing to Russia’s involvement in the Democratic hacks (DNC, DCCC, Podesta, et al.) comes from either private security firms (like CrowdStrike or FireEye) who sell cyber-defense services to other companies, or independent researchers, some with university affiliations and serious credentials, and some who are basically just Guys on Twitter. Although some of these private firms groups had proprietary access to DNC computers or files from them, much of the evidence has been drawn from publicly available data like the hacked emails and documents.

Some of the malware found on DNC computers is believed to be the same as that used by two hacking groups believed to be Russian intelligence units, codenamed APT (Advanced Persistent Threat) 28/Fancy Bear and APT 29/Cozy Bear by industry researchers who track them.

The attacker or attackers registered a deliberately misspelled domain name used for email phishing attacks against DNC employees, connected to an IP address associated with APT 28/Fancy Bear. Malware found on the DNC computers was programmed to communicate with an IP address associated with APT 28/Fancy Bear.

Metadata in a file leaked by “Guccifer 2.0” shows it was modified by a user called, in cyrillic, “Felix Edmundovich,” a reference to the founder of a Soviet-era secret police force. Another document contained cyrillic metadata indicating it had been edited on a document with Russian language settings.

Peculiarities in a conversation with “Guccifer 2.0” that Motherboard published in June suggests he is not Romanian, as he originally claimed.

The DCLeaks.com domain was registered by a person using the same email service as the person who registered a misspelled domain used to send phishing emails to DNC employees.

Some of the phishing emails were sent using Yandex, a Moscow-based webmail provider.

A bit.ly link believed to have been used by APT 28/Fancy Bear in the past was also used against Podesta.

Biddle then goes into why the information provided above is not enough to prove that the Russians hacked anything at all, much less justification to provoke World War Three in retaliation. He writes,

Viewed as a whole, the above evidence looks strong, and maybe even damning. But view each piece on its own, and it’s hard to feel impressed.

For one, a lot of the so-called evidence above is no such thing. CrowdStrike, whose claims of Russian responsibility are perhaps most influential throughout the media, says APT 28/Fancy Bear “is known for its technique of registering domains that closely resemble domains of legitimate organizations they plan to target.” But this isn’t a Russian technique any more than using a computer is a Russian technique — misspelled domains are a cornerstone of phishing attacks all over the world. Is Yandex — the Russian equivalent of Google — some sort of giveaway? Anyone who claimed a hacker must be a CIA agent because they used a Gmail account would be laughed off the internet. We must also acknowledge that just because Guccifer 2.0 pretended to be Romanian, we can’t conclude he works for the Russian government — it just makes him a liar.

Next, consider the fact that CrowdStrike describes APT 28 and 29 like this:

Their tradecraft is superb, operational security second to none and the extensive usage of “living-off-the-land” techniques enables them to easily bypass many security solutions they encounter. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and “access management” tradecraft — both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected.

Compare that description to CrowdStrike’s claim it was able to finger APT 28 and 29, described above as digital spies par excellence, because they were so incredibly sloppy. Would a group whose “tradecraft is superb” with “operational security second to none” really leave behind the name of a Soviet spy chief imprinted on a document it sent to American journalists? Would these groups really be dumb enough to leave cyrillic comments on these documents? Would these groups that “constantly [go] back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels” get caught because they precisely didn’t make sure not to use IP addresses they’d been associated before? It’s very hard to buy the argument that the Democrats were hacked by one of the most sophisticated, diabolical foreign intelligence services in history, and that we know this because they screwed up over and over again.

But how do we even know these oddly named groups are Russian? CrowdStrike co-founder Dmitri Alperovitch himself describes APT 28 as a “Russian-based threat actor” whose modus operandi “closely mirrors the strategic interests of the Russian government” and “may indicate affiliation [Russia’s] Main Intelligence Department or GRU, Russia’s premier military intelligence service.” Security firm SecureWorks issued a report blaming Russia with “moderate confidence.” What constitutes moderate confidence? SecureWorks said it adopted the “grading system published by the U.S. Office of the Director of National Intelligence to indicate confidence in their assessments. … Moderate confidence generally means that the information is credibly sourced and plausible but not of sufficient quality or corroborated sufficiently to warrant a higher level of confidence.” All of this amounts to a very educated guess, at best.

Even the claim that APT 28/Fancy Bear itself is a group working for the Kremlin is speculative, a fact that’s been completely erased from this year’s discourse. In its 2014 reveal of the group, the high-profile security firm FireEye couldn’t even blame Russia without a question mark in the headline: “APT28: A Window into Russia’s Cyber Espionage Operations?” The blog post itself is remarkably similar to arguments about the DNC hack: technical but still largely speculative, presenting evidence the company “[believes] indicate a government sponsor based in Moscow.” Believe! Indicate! We should know already this is no smoking gun. FireEye’s argument that the malware used by APT 28 is connected to the Russian government is based on the belief that its “developers are Russian language speakers operating during business hours that are consistent with the time zone of Russia’s major cities.”

As security researcher Jeffrey Carr pointed out in June, FireEye’s 2014 report on APT 28 is questionable from the start:

To my surprise, the report’s authors declared that they deliberately excluded evidence that didn’t support their judgment that the Russian government was responsible for APT28’s activities:

“APT28 has targeted a variety of organizations that fall outside of the three themes we highlighted above. However, we are not profiling all of APT28’s targets with the same detail because they are not particularly indicative of a specific sponsor’s interests.”

That is the very definition of confirmation bias. Had FireEye published a detailed picture of APT28’s activities including all of their known targets, other theories regarding this group could have emerged; for example, that the malware developers and the operators of that malware were not the same or even necessarily affiliated.

The notion that APT 28 has a narrow focus on American political targets is undermined in another SecureWorks paper, which shows that the hackers have a wide variety of interests: 10 percent of their targets are NGOs, 22 percent are journalists, 4 percent are aerospace researchers, and 8 percent are “government supply chain.” SecureWorks says that only 8 percent of APT 28/Fancy Bear’s targets are “government personnel” of any nationality — hardly the focused agenda described by CrowdStrike.

Truly, the argument that “Guccifer 2.0” is a Kremlin agent or that GRU breached John Podesta’s email only works if you presume that APT 28/Fancy Bear is a unit of the Russian government, a fact that has never been proven beyond any reasonable doubt. According to Carr, “it’s an old assumption going back years to when any attack against a non-financial target was attributed to a state actor.” Without that premise, all we can truly conclude is that some email accounts at the DNC et al. appear to have been broken into by someone, and perhaps they speak Russian. Left ignored is the mammoth difference between Russians and Russia.

Security researcher Claudio Guarnieri put it this way:

[Private security firms] can’t produce anything conclusive. What they produce is speculative attribution that is pretty common to make in the threat research field. I do that same speculative attribution myself, but it is just circumstantial. At the very best it can only prove that the actor that perpetrated the attack is very likely located in Russia. As for government involvement, it can only speculate that it is plausible because of context and political motivations, as well as technical connections with previous (or following attacks) that appear to be perpetrated by the same group and that corroborate the analysis that it is a Russian state-sponsored actor (for example, hacking of institutions of other countries Russia has some geopolitical interests in).

Finally, one can’t be reminded enough that all of this evidence comes from private companies with a direct financial interest in making the internet seem as scary as possible, just as Lysol depends on making you believe your kitchen is crawling with E. Coli.

Biddle also cited the Department of Homeland Security and Office of the Director of National Intelligence statement that alleged Russian hacking. The statement read,

The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process.

Absent anywhere in this statement, of course, is anything close to proof or even anything a step away from being a mostly baseless accusation.

Note that, in 2014, the Department of Justice released a 56-page indictment of a team of Chinese hackers who were accused of stealing American trade secrets for the People’s Liberation Army. In that case, we had 56 pages of evidence for such a relatively small offense but today there are zero pages of evidence from the entire intelligence community against alleged Russian hackers that supposedly swayed American elections in the direction they wanted. Are we seriously supposed to believe the claims being peddled by the intelligence community who has proven itself to not only be untrustworthy but also incredibly political and deceptive in the past? Are we to take their claims at face value, merely on trust and little to no evidence?

So what would be proof? According to Security researcher, Claudio Guarnieri, “All in all, technical circumstantial attribution is acceptable only so far as it is to explain an attack. It most definitely isn’t for the political repercussions that we’re observing now. For that, only documental evidence that is verifiable or intercepts of Russian officials would be convincing enough, I suspect.” Obviously, that is something that the U.S. government does not have.

WikiLeaks Has Denied That Russia Was The Source of The Information

For its part, WikiLeaks has denied that Russia is the source of the hacks. Founder of WikiLeaks, Julian Assange, stated clearly in an interview with RT that “Hillary Clinton has stated multiple times, falsely, that 17 US intelligence agencies had assessed that Russia was the source of our publications. That’s false. We can say that the Russian government is not the source.”

WikiLeaks Is Not Protecting Russia

Much of the corporate media continues to repeat the mantra that, while WikiLeaks has released so many documents relating to the U.S. government, U.S. elections, and U.S. foreign policy, it has released nothing on Russia. This, of course, is completely untrue as a short search of the WikiLeaks website with the search term “Russia” will prove. Assange himself has stated that WikiLeaks has released over 800,000 documents related to Russia since its existence.

Hillary’s 17 Agencies

Hillary Clinton has consistently repeated the line that 17 agencies in the intelligence community have evaluated the information related to the hacks and have determined that the Russians were at fault. In reality, Clinton is only referring to Jake Tapper’s Office of the Director of National Intelligence since this is the organization that is tasked with representing them all. Thus, Clinton’s statement is nothing but an attempt to make her argument appear backed up by actual evidence. Considering the nature of the ODNI’s evidence, however, Clinton’s case is weak at best. It is typical Clinton spin, containing a pinch of truth with a whole pot full of falsehood.

Bill Binney, Former NSA Official Who Created Digital Surveillance Program, Questions The Veracity Of The Report

In light of all the questions surrounding the alleged Russian hacks, Washington’s Blog reached out to Bill Binney, which Washington’s Blog described as

the NSA executive who created the agency’s mass surveillance program for digital information, who served as the senior technical director within the agency, who managed six thousand NSA employees, the 36-year NSA veteran widely regarded as a “legend” within the agency and the NSA’s best-ever analyst and code-breaker, who mapped out the Soviet command-and-control structure before anyone else knew how, and so predicted Soviet invasions before they happened (“in the 1970s, he decrypted the Soviet Union’s command system, which provided the US and its allies with real-time surveillance of all Soviet troop movements and Russian atomic weapons”).

Binney’s response was highly critical of the report being peddled by corporate media. Binney stated,

I expected to see the IP’s or other signatures of APT’s 28/29 [the entities which the U.S. claims hacked the Democratic emails] and where they were located and how/when the data got transferred to them from DNC/HRC [i.e. Hillary Rodham Clinton]/etc. They seem to have been following APT 28/29 since at least 2015, so, where are they?

Further, once we see the data being transferred to them, when and how did they transfer that data to Wikileaks? This would be evidence of trying to influence our election by getting the truth of our corrupt system out.

And, as Edward Snowden said, once they have the IP’s and/or other signatures of 28/29 and DNC/HRC/etc., NSA would use Xkeyscore to help trace data passing across the network and show where it went. [Background.]

In addition, since Wikileaks is (and has been) a cast iron target for NSA/GCHQ/etc for a number of years there should be no excuse for them missing data going to any one associated with Wikileaks.

***

Too many words means they don’t have clear evidence of how the data got to Wikileaks.

Iraq WMDs All Over Again

What we are seeing is yet another attempt to provoke conflict abroad and upheaval here at home on the basis of the “intelligence community” simply saying to the American public, “trust us.” This is the same intelligence community which claimed there were weapons of mass destruction in Iraq. Thirteen years later, I would say it is wise not to give them the benefit of the doubt.

Once again, we are given no evidence, only vague unproven allegations to justify actions that very well may be destructive not only to the American people but to all the people of the world. All we need is for Colin Powell to give a PowerPoint presentation in front of the United Nations and the circle will be complete.

Via Activist Post

Brandon Turbeville – article archive here – is the author of seven books, Codex Alimentarius — The End of Health Freedom, 7 Real Conspiracies, Five Sense Solutions and Dispatches From a Dissident, volume 1 and volume 2, The Road to Damascus: The Anglo-American Assault on Syria, and The Difference it Makes: 36 Reasons Why Hillary Clinton Should Never Be President. Turbeville has published over 850 articles on a wide variety of subjects including health, economics, government corruption, and civil liberties. Brandon Turbeville’s radio show Truth on The Tracks can be found every Monday night 9 pm EST at UCYTV. His website is BrandonTurbeville.com He is available for radio and TV interviews. Please contact activistpost (at) gmail.com.
Featured Image: Activist Post composite/Canva
Comment Policy: Threats of violence, foul language, bullying, and spam will not be tolerated and may be flagged.