Trump was STILL trying to get Clinton emails in July

Dog. Bone.

In a confusing ramble [according to the released transcript], Trump told Zelenksy he’d like him to look into “the server,” and namedropped CrowdStrike, the cybersecurity firm that investigated the hack on the Democratic National Committee in 2016.

[...]

For what it's worth, people at CrowdStrike are as confused as we all are.

“I got nothing,” Adam Meyers, the vice president of intelligence at CrowdStrike, told me in an online chat, when asked why Trump may have referred to the company in the call.

A company spokesperson said that they were working on an official response.

“My media monitoring tool has been blowing up!” the spokesperson said in an email.

In a statement sent to reporters, CrowdStrike said that "with regards to our investigation of the DNC hack in 2016, we provided all forensic evidence and analysis to the FBI. As we've stated before, we stand by our findings and conclusions that have been fully supported by the US Intelligence community."

How Trump managed to remember the name "CrowdStrike," which is mentioned only four times in the Mueller report, each in footnotes, is anyone's guess. And honestly, who knows what the fuck Trump is actually trying to say here. It’s unclear why he believes Ukraine has “the server,” and what server he is even talking about. Presumably, Trump is referring to the DNC server that’s at the center of a conspiracy theory completely made up by Trump’s imagination, though perhaps he's thinking of Hillary Clinton's private email server.

[...]

According to this conspiracy, the FBI and CrowdStrike failed to seize a DNC server that supposedly holds important information related to the hack. In reality, there’s no missing server, and both CrowdStrike and the US government concluded that Russian government hackers broke into the DNC.

In a 2017 interview with the Associated Press, Trump said CrowdStrike is “Ukraine-based” (fact check: it’s based in Sunnyvale, California, and has a big office in Arlington, Virginia).

“That’s what I heard. I heard it’s owned by a very rich Ukrainian, that’s what I heard,” Trump said.

[...]

For the record, CrowdStrike is a cybersecurity company that makes an antivirus-like product called Falcon. This is a cloud-based software that monitors computers and protects them from malware. The company also investigates data breaches when customers hire its researchers to respond to an incident.

[...]

Trump is saying that CrowdStrike, an American company, is actually Ukrainian. That’s why he’s asking the new President of Ukraine, a former comedian by the way, to help him find a missing server that actually does not exist.

  Vice

Obsessed.

...but hey, do what you want...you will anyway.

UPDATE:  LOL, Matt.

There's a smart lad

A jailed Russian who says he hacked into the Democratic National Committee computers on the Kremlin’s orders to steal emails released during the 2016 U.S. presidential election campaign now claims he left behind a data signature to prove his assertion.

[...]

Konstantin Kozlovsky provided further details about what he said was a hacking operation led by the Russian intelligence agency known by its initials FSB. Among them, Kozlovsky said he worked with the FSB to develop computer viruses that were first tested on large, unsuspecting Russian companies, such as the oil giant Rosneft, later turning them loose on multinational corporations.

[...]

He placed a string of numbers that are his Russian passport number and the number of his visa to visit the Caribbean island of St. Martin in a hidden .dat file, which is a generic data file.

[...]

Kozlovsky’s claims include an assertion that for the past seven years he was under the control of Major Gen. Dmitry Dokuchayev, who he said gave him orders to breach the DNC servers to interfere in the U.S. election process. A federal court in San Francisco in February issued an arrest warrant for Dokuchayev for his alleged role in a hack of Yahoo accounts. A month later the FBI put the former hacker-turned-spy on a Wanted poster for his alleged role in directing hackers. He was arrested in Russia in late 2016 on treason charges in a high-profile incident that included the arrest of another FSB cyber leader.

[...]

In written answers from jail made public Wednesday by RAIN TV, a Moscow-based independent TV station that has repeatedly run afoul of the Kremlin, Kozlovsky said he feared his minders might turn on him and planted a “poison pill” during the DNC hack.

  McClatchy

Apparently his fears were founded if we're hearing from him in jail.  But, since he's in a Russian jail and has been permitted to communicate with a TV station at odds with the Kremlin, you have to wonder if his account is reliable, don't you?

But, to me, this is the mysterious part, that we already knew about, and which caused me to doubt the whole Russian hacking thing back when it first came out.

The DNC initially did not share information with the FBI, instead hiring a tech firm called CrowdStrike, run by a former FBI cyber leader. That company has said it discovered the Russian hand in the hacking, but had no immediate comment on the claim by Kozlovsky that he planted an identifier.

Why would the DNC hire its own tech firm and not allow the FBI to investigate instead? 

Somebody should easily be able to verify Kozlovsky's claim about leaving a digital signature if they find his passport number in the file. That should be an easy number to ascertain.

On the other hand, how would knowing Kozlovsky was the one who did the hacking prove that the Kremlin directed him to do it?

If the FSB did in fact direct Kozlovsky, then it debunks Russian President Vladimir Putin’s assertion that his government had nothing to do with hacking that all major U.S. intelligence agencies put at his feet.

 [...]

Kozlovsky says he worked largely from home, with limited knowledge of others and that the political hack was just part of larger relationship with the FSB’s top cyber officials on viruses directed at other countries and the private sector.

...but hey, do what you want...you will anyway.

Fodder for the Investigation

I read the Wall Street Journal’s article yesterday on attempts by a GOP operative to recover missing Hillary Clinton emails with more than usual interest. I was involved in the events that reporter Shane Harris described, and I was an unnamed source for the initial story.

[...]

I’m writing this piece in the spirit of Benjamin Wittes’s account of his interactions with James Comey immediately following the New York Times story for which he acted as a source. The goal is to provide a fuller accounting of experiences which were thoroughly bizarre and which I did not fully understand until I read the Journal’s account of the episode yesterday. Indeed, I still do not fully understand the events I am going to describe, both what they reflected then or what they mean in retrospect. But I can lay out what happened, facts from which readers and investigators can draw their own conclusions.

[...]

[R]ight around the time the DNC emails were dumped by Wikileaks—and curiously, around the same time Trump called for the Russians to get Hillary Clinton’s missing emails—I was contacted out the blue by a man named Peter Smith, who had seen my work going through these emails. Smith implied that he was a well-connected Republican political operative.

[...]

Over the course of a long phone call, he mentioned that he had been contacted by someone on the “Dark Web” who claimed to have a copy of emails from Secretary Clinton’s private server, and this was why he had contacted me; he wanted me to help validate whether or not the emails were genuine.

[...]

[T]hey made it quite clear to me that it made no difference to them who hacked the emails or why they did so, only that the emails be found and made public before the election.

[...]

In the end, I never saw the actual materials they’d been given, and to this day, I don’t know whether there were genuine emails, or whether Smith and his associates were deluding themselves.

[...]

Smith and his associates’ knowledge of the inner workings of the campaign were insightful beyond what could be obtained by merely attending Republican events or watching large amounts of news coverage. But one thing I could not place, at least initially, was whether Smith was working on behalf of the campaign, or whether he was acting independently to help the campaign in his personal capacity.

[...]

[A] few weeks into my interactions with Smith, he sent me a document, ostensibly a cover page for a dossier of opposition research to be compiled by Smith’s group, and which purported to clear up who was involved. The document was entitled “A Demonstrative Pedagogical Summary to be Developed and Released Prior to November 8, 2016,” and dated September 7. It detailed a company Smith and his colleagues had set up as a vehicle to conduct the research: “KLS Research”, set up as a Delaware LLC “to avoid campaign reporting,” and listing four groups who were involved in one way or another.

The first group, entitled “Trump Campaign (in coordination to the extent permitted as an independent expenditure)” listed a number of senior campaign officials: Steve Bannon, Kellyanne Conway, Sam Clovis, Lt. Gen. Flynn and Lisa Nelson.

[...]

My perception then was that the inclusion of Trump campaign officials on this document was not merely a name-dropping exercise. This document was about establishing a company to conduct opposition research on behalf of the campaign, but operating at a distance so as to avoid campaign reporting. Indeed, the document says as much in black and white.

[...]

And while I believed—as I still do—that [Smith] was operating with some degree of coordination with the [Trump] campaign, that was at least a little murky too.

[...]

In the Journal’s story this evening, several of the individuals named in the document denied any connection to Smith, and it’s certainly possible that he was a big name-dropper and never really represented anyone other than himself. If that’s the case, Smith talked a very good game.

  Matt Tait, CEO and founder of Capital Alpha Security

But Smith is recently dead (ten days after leaking his story to the Wall Street Journal), so we can't find out.  How handy is that?

I wouldn't mind seeing Kellyanne Conway's future interviews held from a prison cell.

This thread links up Washington politial editor for Breitbart, Matthew Boyle, to Smith, Bannon and Trump.

Also...

The Whole Thing Stinks to High Heaven

In a Washington Post article titled Sessions’s testimony highlights Trump’s deep lack of interest in what Russia did in 2016 that exerpts Trump's past comments and actions, there's the bit about him saying this: "Why wouldn’t Podesta and Hillary Clinton allow the FBI to see the server? They brought in another company that I hear is Ukrainian-based."

I have that same question. It seems highly suspect and totally un-FBI-like. Why would the FBI take the word of someone they're investigating and the analysis of a third party rather than confiscate the computers and run their own investigation of them? Believe me, if those computers belonged to you or me, they would have hauled them off to an FBI lab.

At any rate...

The AP’s Julie Pace asked whether [Trump] meant Crowdstrike, the firm that detailed Russia’s involvement in the hacking of the Democratic National Committee. “That’s what I heard,” Trump said. “I heard it’s owned by a very rich Ukrainian, that’s what I heard.” This is not true.

  WaPo

This is a stupid and yet consistent Trump tactic to get a lie into the public arena: "That's what I heard." From the voices in his head, no doubt. It's a lie he's selling, and it's a lie that he heard it. Two lies in one.

Speaking to NBC’s Lester Holt shortly after the firing of Comey, Trump [...] said that he was worried about lengthening the investigation by firing Comey, but that he had to “do the right thing for the American people.”

Yes, it's obvious. Trump wants only to do what's right for the American people. And, by the way, want to buy a bridge?

When not explaining the firing of Comey to a reporter on national television, though, there’s no indication that Trump’s efforts to “get to the bottom” of the hacking involved any actual interest in the investigation.

At the end of May, Trump offered his most recent opinion on the alleged interference.

Russian officials must be laughing at the U.S. & how a lame excuse for why the Dems lost the election has taken over the Fake News. — Donald J. Trump (@realDonaldTrump) May 30, 2017

They indeed must be laughing at the US. Hysterically and in terror. Just like we are.

...but hey, do what you want...you will anyway.

CrowdStrike's Revised Story

U.S. cybersecurity firm CrowdStrike has revised and retracted statements it used to buttress claims of Russian hacking during last year's American presidential election campaign. The shift followed a VOA report that the company misrepresented data published by an influential British think tank.

[...]

The company removed language that said Ukraine's artillery lost 80 percent of the Soviet-era D-30 howitzers, which used aiming software that purportedly was hacked. Instead, the revised report cites figures of 15 to 20 percent losses in combat operations, attributing the figures to IISS.

[...]

The company also removed language saying Ukraine's howitzers suffered "the highest percentage of loss of any ... artillery pieces in Ukraine's arsenal."

[...]

Finally, CrowdStrike deleted a statement saying "deployment of this malware-infected application may have contributed to the high-loss nature of this platform" — meaning the howitzers — and excised a link sourcing its IISS data to a blogger in Russia-occupied Crimea.

[...]

"This update does not in any way impact the core premise of the report that the FANCY BEAR threat actor implanted malware into a D-30 targeting application developed by a Ukrainian military officer," Dmitrova wrote.

  VOA

It makes the whole report suspect, though, doesn't it?

...but hey, do what you want...you will anyway.

Background

It's Not Over Til the Fat Lady Sings

An influential British think tank and Ukraine’s military are disputing a report that the U.S. cybersecurity firm CrowdStrike has used to buttress its claims of Russian hacking in the presidential election.

[...]

The challenges to CrowdStrike’s credibility are significant because the firm was the first to link last year’s hacks of Democratic Party computers to Russian actors, and because CrowdStrike co-founder Dimiti Alperovitch has trumpeted its Ukraine report as more evidence of Russian election tampering.

[...]

The CrowdStrike report, released in December, asserted that Russians hacked into a Ukrainian artillery app, resulting in heavy losses of howitzers in Ukraine’s war with Russian-backed separatists.

But the International Institute for Strategic Studies (IISS) told VOA that CrowdStrike erroneously used IISS data as proof of the intrusion. IISS disavowed any connection to the CrowdStrike report. Ukraine’s Ministry of Defense also has claimed combat losses and hacking never happened.

[...]

IISS, based in London, publishes a highly regarded, annual reference called “The Military Balance” that estimates the strength of world armed forces.

[...]

VOA first contacted IISS in February to verify the alleged artillery losses. Officials there initially were unaware of the CrowdStrike assertions. After investigating, they determined that CrowdStrike misinterpreted their data and hadn’t reached out beforehand for comment or clarification.

In a statement to VOA, the institute flatly rejected the assertion of artillery combat losses.

[...]

VOA first contacted IISS in February to verify the alleged artillery losses. Officials there initially were unaware of the CrowdStrike assertions. After investigating, they determined that CrowdStrike misinterpreted their data and hadn’t reached out beforehand for comment or clarification.

In a statement to VOA, the institute flatly rejected the assertion of artillery combat losses.

[...]

“The vast majority of the reduction actually occurs ... before Crimea/Donbass,” she added, referring to the 2014 Russian invasion of Ukraine.

[...]

In a January post on LinkedIn, [Jeffrey Carr, a cyberwarfare consultant who has lectured at the U.S. Army War College, the Defense Intelligence Agency, and other government agencies] called CrowdStrike’s evidence in the Ukraine “flimsy.” He told VOA in an interview that CrowdStrike mistakenly assumed that the X-Agent malware employed in the hacks was a reliable fingerprint for Russian actors. “We now know that’s false,” he said, “and that the source code has been obtained by others outside of Russia."

  VOA

I can see how the Ukrainian military would be reluctant to admit it if they'd been hacked or lost over 50% of their weapons as the report stated, but with the IISS disputing the information, I have to still be extremely skeptical of CrowdStrike's dependability. It seems everyone has decided to take it as gospel that the Russian government hacked the DNC.  Certainly, they've accepted that as fact in the hearings and American press. I don't think that was ever proven.  I'm not saying it didn't happen.  I'm not praising the Russian government. I'm saying I don't believe the claim has been proven, and beyond that, the evidence still looks "flimsy".

Interestingly, this is an article in Voice of America, which is funded by the US government. Also, interestingly, there's an awful lot of RT bashing going on right now because of its funding by the Russian government, but those same people don't seem bothered by VOA. And, likewise, interesting is the fact that CrowdStrike was founded in 2011 by Dmitri Alperovitch, a Russian expatriate and senior fellow at the Atlantic Council policy research center in Washington, whose role is claimed by Global Research to be that of "securing the 21st century for NATO." (Previous concerns about CrowdStrike's report is in this YWA post and this Intercept article.)

CrowdStrike declined to answer VOA’s written questions about the Ukraine report, and Alperovitch canceled a March 15 interview on the topic.

...but hey, do what you want...you will anyway.

UPDATE:  CrowdStrike has revised its report.

Update to FBI-DNC Server Story

Looks like the FBI wasn't happy with the story that they didn't ask to look at the DNC servers.

LATEST: FBI says they asked DNC for servers, and DNC refused, "inhibited" the investigation. pic.twitter.com/AfkAPlJsYZ

— Ali Watkins (@AliWatkins) January 5, 2017

No shit.

"The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated," a senior law enforcement official told CNN. "This left the FBI no choice but to rely upon a third party for information. These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier."

  CNN

"No choice."  The FBI.  No choice.

I'm not sure which story makes them sound more incompetent: that they didn't even ask to look at the servers or that they did and the DNC simply refused to turn them over.  Maybe I should apply for a job in the PR department of the FBI.  They could use some help.

...but hey, do what you want...you will anyway.

How About We Just Privatize National Security?

The FBI did not examine the servers of the Democratic National Committee before issuing a report attributing the sweeping cyberintrusion to Russia-backed hackers, BuzzFeed News has learned.

Six months after the FBI first said it was investigating the hack of the Democratic National Committee’s computer network, the bureau has still not requested access to the hacked servers, a DNC spokesman said. No US government entity has run an independent forensic analysis on the system.

[...]

The FBI has instead relied on computer forensics from a third-party tech security company, CrowdStrike, which first determined in May of last year that the DNC’s servers had been infiltrated by Russia-linked hackers, the U.S. intelligence official told BuzzFeed News.

“CrowdStrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate,” the intelligence official said, adding they were confident Russia was behind the widespread hacks.

  Buzzfeed

Amazing, while not necessarily surprising.

...but hey, do what you want...you will anyway.

UPDATE 1/5/2017:  Hmmmm.  The FBI didn't like this story.  In their version, the DNC refused to answer their requests.   "This left the FBI no choice but to rely upon a third party for information. These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier."

Got that?   "No choice."  The FBI.   That makes them sound so much more competent, doesn't it?  I think I should apply for a PR job at the FBI.  Also, remember if the FBI ever comes round to you, just stall.  They'll eventually give up and go away.

Trying to Keep Up

Somebody (or somebodies) is trying very hard to create some real trouble between the US and the Russians. Who it is, I can't say. But the Democrats and the US media are certainly helping them along. Jeffrey Carr, who recently debunked some of the Russia-hacked-Vermont's-grid "fake" news, has now written another article debunking CrowdStrike's latest claim that led to widespread reporting in the US media that the same Russian group who supposedly hacked Vermont also hacked Ukrainian field artillery. (Crowdstrike, you will recall, is the company that made the claims of Russian hacking of the US presidential election.)

Crowdstrike’s latest report regarding Fancy Bear contains its most dramatic and controversial claim to date; that GRU-written mobile malware used by Ukrainian artillery soldiers contributed to massive artillery losses by the Ukrainian military. “It’s pretty high confidence that Fancy Bear had to be in touch with the Russian military,” Dmitri Alperovich told Forbes. “This is exactly what the mission is of the GRU.”

  Medium

Read the whole article if you like, but I'm going to jump straight to the conclusions:

Crowdstrike never contacted the app’s developer to inform him about their findings. Had they performed that simple courtesy, they might have learned from Jaroslav Sherstuk how improbable, if not impossible, their theory was. Instead, they worked inside of their own research bubble, performed no verification of infected applications or tablets used by Ukraine’s artillery corps, and extrapolated an effect of 80% losses based upon a self-proclaimed, pro-Russian propagandist and an imaginary number of infected applications.

Major media outlets including the The Washington Post, CNN, NBC News, and PBS Newshour ran the story without fact-checking a single detail. Motherboard, Forbes, SC Magazine, and other media did the same. Only VOA and Bloomberg took the time to question Crowdstrike’s claims and do some of their own investigating.

[...]

Part of the evidence supporting Russian government involvement in the DNC and related hacks (including the German Bundestag and France’s TV5 Monde) stemmed from the assumption that X-Agent malware was exclusively developed and used by Fancy Bear. We now know that’s false, and that the source code has been obtained by others outside of Russia.

The GRU, according to Crowdstrike, developed a variant of X-Agent to infect an Android mobile app in order to geolocate and destroy Ukraine’s D-30 howitzers. To do this, they chose an artillery app which had no way to send or receive data, and wrote malware for it that didn’t ask for GPS position information? Bitch, please.

[...]

Crowdstrike invented a “devastating” cyber attack out of thin air and called it DNA evidence of Russian government involvement.

Maybe it's time to investigate Crowdstrike.  Maybe we should start with co-founder Dmitri Alperovitch, a Russian ex-pat?

....but hey, do what you want...you will anyway.

The Vermont "Hacking" Incident - Even Worse

Recall that the Washington Post recently published an article saying the state of Vermont's electric grid had been hacked by the Russians. They quickly had to retract, saying the offensive software was found on a laptop that wasn't even connected to the grid. Turns out, it wasn't even that big of a deal. This is not only highly unprofessional of the Post, it's extremely dangerous.

The Post has now (unironically and unapologetically) had to publish this article:

An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party. Officials told the company that traffic with this particular address is found elsewhere in the country and is not unique to Burlington Electric, suggesting the company wasn’t being targeted by the Russians. Indeed, officials say it is possible that the traffic is benign, since this particular IP address is not always connected to malicious activity.

[...]

The Post initially reported incorrectly that the country’s electric grid had been penetrated through a Vermont utility. After Burlington Electric released its statement saying that the potentially compromised laptop had not been connected to the grid, The Post immediately corrected its article and later added an editor’s note explaining the change.

U.S. officials are continuing to investigate the laptop. In the course of their investigation, though, they have found on the device a package of software tools commonly used by online criminals to deliver malware. The package, known as Neutrino, does not appear to be connected with Grizzly Steppe, which U.S. officials have identified as the Russian hacking operation. The FBI, which declined to comment, is continuing to investigate how the malware got onto the laptop.

  WaPo

Christ. How does any malware get on anyone's laptop? Absolutely commonplace on insufficiently protected computers, and sometimes on highly protected ones. I'd like to see figures on what percent of computers in this country get infected by malware.

But, that doesn't even appear to be the case here. The computer in question simply connected to an IP address. For what duration, we aren't told, but from this latest information, it didn't necessarily download any malware during the connection.

Initially, company officials publicly said they had detected code that had been linked by the Department of Homeland Security to Grizzly Steppe.

Over the weekend, the company issued a statement, saying only that it had “detected suspicious Internet traffic” on the computer in question.

That can happen to anyone on any computer anywhere every single day. If your anti-virus software is good enough, it won't let your computer be infected. And by good enough, I mean able to keep up with the constant barrage of new code created by hackers round the clock. No mean feat.

Experts also said that because Yahoo’s mail servers are visited by millions of people each day, the fact that a Burlington Electric employee checking email touched off an alert is not an indication that the Russian government was targeting the utility.

[...]

Authorities also were leaking information about the utility without having all the facts and before law enforcement officials were able to investigate further.

[...]

“Federal officials have indicated that the specific type of Internet traffic, related to recent malicious cyber activity that was reported by us [on Friday], also has been observed elsewhere in the country and is not unique to Burlington Electric,” company spokesman Mike Kanarick said in a statement.

[...]

“It’s not descriptive of anything in particular,” said Robert M. Lee, chief executive of Dragos, a cybersecurity firm.

Bingo. The USG, rushing to react to the growing rabble of voices declaring Russia a bad actor in our election, and to appear to be doing something about it, sent out a report to companies like the Vermont utility provider listing a number of IP addresses to look for in their computer logs without any detail about what it meant or what they should do if they found any of them other than report it to the DHS. How could anything go wrong with that?

At least 30 percent of the IP addresses listed were commonly used sites such as public proxy servers used to mask a user’s location, and servers run by Amazon.com and Yahoo.

[...]

The IP address information alone is not useful, experts noted. Moreover, a server that is used by Russian spies one year might be used by “granny’s bake shop” the next, Lee said.

Or, the same year. At the same exact time.

And, you know what's especially ironic?

Amazon’s founder and chief executive, Jeffrey P. Bezos, owns The Washington Post.

He needs to have a talk with them.

“No one should be making any attribution conclusions purely from the indicators in the [government] report,” tweeted Dmitri Alperovitch, chief technology officer of CrowdStrike, which investigated the DNC hack and attributed it to the Russian government. “It was all a jumbled mess.’’

Nice talk from someone who provided the questionable information that started the jumbled mess.

A senior DHS official, speaking on the condition of anonymity to discuss a sensitive security matter, defended the report.

“We know the Russians are a highly capable adversary who conduct technical operations in a manner intended to blend into legitimate traffic,” the official said. The indicators of compromise contained in the report, he said, “are indicative of that. That’s why it’s so important for net defenders to leverage the recommended mitigations contained in the [report], implement best practices, and analyze their logs for traffic emanating from those IPs, because the Russians are going to try and hide evidence of their intrusion and presence in the network.”

And here's the key: the Russians are quite capable of doing just that. Hiding it. Not having it out there where you can simply run down a list of IP addresses and find it. But hey, thanks for reflexively doing the government's bidding by reporting to it information that you have no freaking idea what it really means, without any kind of court order or legal assurance. You'll be very useful to Big Brother.

...but hey, do what you want...you will anyway.

Re: Russia Did It

Today, The Intercept (the news source founded by Glenn Greenwald, Laura Poitras and Jeremy Scahill) has this to say about the alleged Russian hacking of our election, written by Sam Biddle:



Click here.

[T]he refrain of Russian attribution has been repeated so regularly and so emphatically that it’s become easy to forget that no one has ever truly proven the claim. There is strong evidence indicating that Democratic email accounts were breached via phishing messages, and that specific malware was spread across DNC computers. There’s even evidence that the attackers are the same group that’s been spotted attacking other targets in the past. But again: No one has actually proven that group is the Russian government (or works for it). This remains the enormous inductive leap that’s not been reckoned with, and Americans deserve better.

We should also bear in mind that private security firm CrowdStrike’s frequently cited findings of Russian responsibility were essentially paid for by the DNC, who contracted their services in June. It’s highly unusual for evidence of a crime to be assembled on the victim’s dime. If we’re going to blame the Russian government for disrupting our presidential election — easily construed as an act of war — we need to be damn sure of every single shred of evidence.

  The Intercept

One would hope. Alas, that doesn't seem to be happening.

Finally, with this Intercept article, someone is using some cognitive and logical skills in looking at the "evidence". We should have been able to say the same for the New York Times.

Continue reading the article.

...but hey, do what you want...you will anyway.

The Russians Did It

This New York Times piece is as puzzling as it is bizarre. Since the President has ordered an investigation, which has barely had time to begin, and no one has actually offered any evidence as proof that the Russians (known to mean "the Russian Government") hacked the DNC, why is the Times publishing this?

It was the cryptic first sign of a cyberespionage and information-warfare campaign devised to disrupt the 2016 presidential election, the first such attempt by a foreign power in American history. What started as an information-gathering operation, intelligence officials believe, ultimately morphed into an effort to harm one candidate, Hillary Clinton, and tip the election to her opponent, Donald J. Trump.

Like another famous American election scandal, it started with a break-in at the D.N.C.

  NYT

Has everyone just accepted this was the Russians?

Look at this:

Yared Tamene, the tech-support contractor at the D.N.C. who fielded the call, was no expert in cyberattacks. His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion. By his own account, he did not look too hard even after Special Agent Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real F.B.I. agent and not an impostor.

Does the FBI just make phone calls without presenting themselves in person with at least a badge?

The D.N.C.’s fumbling encounter with the F.B.I. meant the best chance to halt the Russian intrusion was lost.

How can that be blamed on the DNC? Shouldn't the FBI have gone to see someone personally?  According to the story, eventually it was established that the phone calls did come from the FBI.

What started as an information-gathering operation, intelligence officials believe, ultimately morphed into an effort to harm one candidate, Hillary Clinton, and tip the election to her opponent, Donald J. Trump.

"Officials believe." Is that all the "evidence" we're going to get?

The Times article talks about a group that was identified as hacking the DNC, and says, "may or may not be associated with the F.S.B., the main successor to the Soviet-era K.G.B., but it is widely believed to be a Russian government operation.."  Is "widely believed" supposed to be evidence?

Or, regarding the only other group they identified, the damning evidence is that they were found "first penetrating the computers of the Democratic Congressional Campaign Committee, and then jumping to the D.N.C., investigators believe."  Does "investigators believe" carry more or less weight than "widely believed?"

And here's the clincher:

It is often impossible to name an attacker with absolute certainty. But over time, by accumulating a reference library of hacking techniques and targets, it is possible to spot repeat offenders. Fancy Bear, for instance, has gone after military and political targets in Ukraine and Georgia, and at NATO installations.

That largely rules out cybercriminals and most countries, Mr. Alperovitch said. “There’s no plausible actor that has an interest in all those victims other than Russia,” he said. Another clue: The Russian hacking groups tended to be active during working hours in the Moscow time zone.

That's the craziest basis for attribution I ever saw: Nobody else could possibly be interested, and the time zone is right. Are you kidding me?

At least they've given these two sources cute names: Fancy Bear and Cozy Bear.

But wait, there's more.

To their astonishment, Mr. Alperovitch said, CrowdStrike experts found signs that the two Russian hacking groups had not coordinated their attacks. Fancy Bear, apparently not knowing that Cozy Bear had been rummaging in D.N.C. files for months, took many of the same documents.

So, the simplest reason for that might be something that's not astonishing at all: they aren't who you think they are, and they don't have anything to do with each other - or even with the Russian government. Or, if you want to play the propaganda game: one of them is from the Chinese embassy in Moscow.

This whole thing just gets nutser and nutser. I'm more inclined to believe the government is using the Times (again, as it did in the run up to the Iraq invasion - and who knows what all else) to foist an untrue story on the public.

But then, the Times  actually blames the White House for not responding sooner. So, is it government propaganda? Perhaps CIA behind the president's back? Or is it really the Russians? Read the story yourself and see what you think.  It makes a big deal out of the history of Russian hacking.  I'd be willing to believe they have been, just as any - or should I say, every - country with spies and computers has been doing since computers were invented.  But did they hack the DNC to try to mess with the election?  (Gee, we would never do something like that.)

...but hey, do what you want...you will anyway.

UPDATE

Analyzing the DNC Hack

One expert in the field, who is well aware of the evidence-gathering capabilities of the U.S. government, is Edward Snowden, the former Central Intelligence Agency technician and National Security Agency whistleblower who exposed the extent of mass surveillance and has been given temporary asylum in Russia. “If Russia hacked the #DNC, they should be condemned for it,” Snowden wrote on Twitter on Monday.

[...]

What’s more, Snowden added, the NSA has tools that should make it possible to trace the source of the hack. Even though the Director of National Intelligence usually opposes making such evidence public, he argued, this is a case in which the agency should do so, if only to discourage future attacks.

[...]

"To summarize: the US Intel Community should modernize their position on disclosure. Defensive capabilities should be aggressively public."

[...]

As my colleague Glenn Greenwald told WNYC on Monday, while there may never be conclusive evidence that the Democratic National Committee was hacked by Russian intelligence operatives to extract the trove of embarrassing emails published by WikiLeaks, it would hardly be shocking if that was what happened.
[...]

The theory gained some traction, particularly among Trump’s detractors, in part because the candidate has seemed obsessed at times with reminding crowds that Russian President Vladimir Putin once said something sort of nice about him (though not, as Trump falsely claims, that the American is “a genius”).

[...]

“Russians make up a pretty disproportionate cross-section of a lot of our assets,” Trump’s son Donald Jr. told a real estate conference in 2008, the Washington Post reported last month. “We see a lot of money pouring in from Russia.”

[...]

Unhelpfully for Trump, his most senior adviser with knowledge of the world of hacking, retired Lt. Gen. Michael T. Flynn, former director of the Defense Intelligence Agency, told Bloomberg View that he “would not be surprised at all” to learn that Russia was behind the breach of the DNC network.

[...]

Since very few of us are cybersecurity experts, and the Iraq debacle is a reminder of how dangerous it can be to put blind faith in experts whose claims might reinforce our own political positions, there is also the question of who we can trust to provide reliable evidence.

[...]

Last month, one of the firm’s founders, Dmitri Alperovitch, explained in a detailed technical analysis of their findings that CrowdStrike discovered “two separate Russian intelligence-affiliated adversaries present in the DNC network in May.”

   at The Intercept

How many Sanders' supporters? After all, they're the ones who were vindicated by the release of the emails.

One day after this initial attribution of the attack to Russian intelligence was made public by CrowdStrike and the DNC, someone using the pseudonym Guccifer 2.0, in reference to the Romanian hacker who famously uncovered George W. Bush’s secret career as a painter of selfies, started publishing documents stolen from the committee’s servers on a WordPress blog set up that day, and taunting the security experts on Twitter.

Guccifer 2.0, who claims to be a Romanian who dislikes Russians, told my colleague Sam Biddle that he or she had carried out the attack with no help from anyone else, just to expose “all those illuminati that captured our world,” and had provided hacked documents to WikiLeaks.

Nope. It was the Russians.

Although WikiLeaks describes the hacked DNC emails as “part one of our new Hillary Leaks series,” Assange himself rejected the charge that he is helping in a partisan attack. “This is a quite a classical release,” he told Amy Goodman of “Democracy Now” on Monday, “showing the benefit of producing pristine data sets, presenting them before the public, where there’s equal access to all journalists and to interested members of the public to mine through them and have them in a citable form where they can then be used to prop up certain criticisms or political arguments.”

[...]

Parsing the documents on Twitter, the blogger Davi Ottenheimer and an information security analyst who writes as @pwnallthethings pointed out that copies of the stolen documents uploaded to WordPress rendered the hacker’s username, Iron Felix, in Cyrillic characters, and gave error messages for links in Russian.

[...]

Doubts were also cast over Guccifer 2.0’s identity by his or her apparent lack of fluency in Romanian in an online chat with Lorenzo Franceschi-Bicchierai of Motherboard.

See. We told you. A Romanian couldn't possibly be in Russia or using a Russian processor. After all, unhappy immigrants or infiltrators don't exist anywhere in the world, let alone Russia. And nobody online claims to be someone they're not when taking responsibility for doing something illegal.

And, finally, everyone knows Russian hackers are stupid and easily caught.

And, seriously, it could be the Russians.  Not sure that matters except for the case that Snowden brought up: if it is them, they should know we know it is.

...but hey, do what you want...you will anyway.

Why Would the Russians want Trump to Be President?

Are these claims that the Russians are behind the Wikileaks DNC documents because Trump said something nice about Vladimir Putin? Or what?

Attribution, simply put, purports to answer the question of who is responsible. For example, CrowdStrike investigated the DNC network breach and determined that the Russian government was responsible. FireEye investigated the Sony Entertainment network attack and determined that the North Korean government was responsible.

It’s important to know that the process of attributing an attack by a cybersecurity company has nothing to do with the scientific method. Claims of attribution aren’t testable or repeatable because the hypothesis is never proven right or wrong.

  Medium

So, I have just as plausible a suggestion: The DNC leaked the documents in order to blame Putin in order to scare American voters off Trump. Not plausible, since the emails are damning, but just as plausible as blaming the leak on Putin.  And with just about the same amount of evidence.

Neither are claims of attribution admissible in any criminal case, so those who make the claim don’t have to abide by any rules of evidence (i.e., hearsay, relevance, admissibility).

[...]

[N]o one holds the company that makes the claim accountable because there’s no way to prove whether the assignment of attribution is true or false unless (1) there is a criminal conviction, (2) the hacker is caught in the act, or (3) a government employee leaked the evidence.

[...]

Even if cyber intelligence managers and analysts were trained to apply the latest techniques to counter things like fundamental attribution error, confirmation bias, and bias blindspot, they would still have a huge deficit to overcome — the inability to measure the accuracy of their assessments.

[...]

Many of the cyber intelligence analysts who work at companies like CrowdStrike, FireEye, and Mandiant have come out of the military or the Intelligence Community with prior analytic training.

[...]

The solution to this problem is a simple one. If you can prove attribution, do it.

If you can’t, say so.

This weekend, Wikileaks revealed thousands of hacked emails from within the DNC that showed what the New York Times described as “hostility” and “derision” towards the Sanders campaign from top party officials.

[...]

While it’s impossible to know whether systemic pro-Hillary Clinton bias at the DNC was decisive in the 2016 Democratic primary race, we now know beyond any doubt that such a bias not only existed, but was endemic and widespread. DNC officials worked to plant pro-Clinton stories, floated the idea of using Sanders’ secular Judaism against him in the South, and routinely ran PR spin for Clinton, even as the DNC claimed over and over it was neutral in the primary. The evidence in the leaks was so clear that Debbie Wasserman Schultz has resigned her role as DNC chair—after her speaking role at the Democratic National Convention this week was scrapped—while DNC co-chair Donna Brazile, who is replacing Wasserman Schultz in the top role, has apologized to the Sanders camp.

[...]

Clinton partisans decided to focus on the alleged Russian links behind the DNC hack. Talking Points Memo editor Josh Marshall (7/23/16) released a rather paranoid rundown the day of the leaks on how Putin was conspiring with Trump (a fairly good debunking of which can be found here), soon after dismissing the substance of the leaks as Russian propaganda white noise. Many soon followed suit: The DNC leaks as Russian spy operation was the preferred talking point of the day, omitting or glossing over what the leaks actually entailed.

[...]

The actual culpability of Russia for those leaks, it’s worth noting, is still unproven. The only three parties that have audited the hack are contractors for the US government.

[...]

Thus far, the Obama administration has avoided any such claims. Indeed, if one reads carefully, so have the security firms in question. Buried in the followup report by the Washington Post (6/20/16) alleging “confirmation” of Russian involvement is the admission by the three firms (the “experts” Clinton’s camp refers to) that they cannot be sure WikiLeaks’ alleged source Guccifer 2.0 is Russian, let alone an agent of “Putin”.

[...]

The “outrage” over Russia’s “hidden hand” is being used to outweigh the damning substance of the leak itself. Parlay this with the recent uptick in “Trump as Putin puppet” conspiracy takes, and what you have is a clear picture of a partisan media that would rather float pitches for a Manchurian Candidate reboot than confront the repeated attempts by an ostensibly neutral DNC to undermine one candidate in favor of another.

  Adam Johnson @ Faiir

Of course they would.  And good riddance to Wasserman-Schultz, but we can't get a do-over.  So, Clinton mission accomplished.

I, on the other hand, would have little problem saying I have serious doubts.

And, I have NO problem admitting to that (even though it wasn't directed at me.)

So what else do the emails reveal besides the DNC acting as a Clinton hack that makes them want to refocus public attention elsewhere?  (Here's a Washington Post rundown.)

The DNC emails show how the party has tried to leverage its greatest weapon — the president — as it entices wealthy backers to bankroll the convention and other needs. At times, DNC staffers used language in their pitches to donors that went beyond what lawyers said was permissible under a White House policy designed to prevent any perception that special interests have access to the president.

[...]

White House officials said Obama’s attendance at DNC events is well within the law and the administration’s own ethics policies.

“As presidents of both parties have done for decades, President Obama takes seriously his role as the head of the Democratic Party,” White House spokeswoman Jennifer Friedman said in a statement. “To this end, the President participates in a range of events to raise awareness and support for the party, and to outline his priorities for making progress for the American people, in line with federal election and ethics laws.”

  WaPo

As you would expect a president to do - support the party that has his agenda. Of course, in this case, the party was pushing its own agenda.

The top-tier donor package for this week’s Democratic National Convention required a donor to raise $1.25 million or give $467,600 since January 2015, according to a document in the emails. In return, a contributor got booking in Philadelphia at a premier hotel, VIP credentials and six slots at “an exclusive roundtable and campaign briefing with high-level Democratic officials,” according to the terms.

[...]

DNC finance officials did not respond to requests for comment. A party spokesman said the DNC had “revolutionized online fundraising and worked to rein in the influence of special interests” during Obama’s time in office.

[...]

[T]he emails show several instances in which DNC fundraisers pitched donors with promises of a “roundtable” chat with Obama.

[...]

The emails also show the intensive efforts to get corporations to sign on as sponsors of the convention’s host committee — a reversal from 2012, when Obama prohibited such donations.

But apparently they were okay with Hillary taking money from lobbyists.

Last year, the DNC, in consultation with Clinton’s campaign, also decided to reverse a ban on donations from the PACs of corporations, unions and other groups.

After those limits were lifted, DNC Chairwoman Debbie Wasserman Schultz and other top party officials showered corporate lobbyists with calls, emails and personal meetings seeking convention support and PAC contributions to the party, according to a spreadsheet logging the contacts.

Gee, I wonder why Trump's constant wailing that the system is rigged finds traction with American voters.

...but hey, do what you want...you will anyway.