Diary

The DNC "Hack," Part 4: Hack, Inside Job, and Why Blame Russia?

(AP Photo/Alexander Zemlianichenko)

For previous parts see Part 1 here, Part 2 here, and Part 3 here.

There are two issues that require discussion.  The first is the story of Seth Rich since he is often referred to as the DNC insider who possibly is responsible for the DNC computer breach.   He eventually landed a job with the DNC helping to develop a computer application that would aid voters in finding polling stations.  

On the night of July 10, 2016, Rich went to a sports bar about 2 miles from his apartment that he often frequented and left when the bar closed around 1:45 a.m.  Responding to reports of gunfire, DC police went to the location and found the body of Rich, the victim of two gunshot wounds to his back.  He was rushed to the hospital where he died 1-½ hours later.  Police suspected robbery was the motive.  Later investigation revealed that Rich was on the phone with his girlfriend at the time and she reported hearing a commotion.  The investigation also revealed that there was an apparent struggle as he had defensive bruises on his hands, face, and knees.  Nothing was stolen as he still had his cell phone, wallet, money, and credit cards when police discovered his body.

Rich’s connection to the story took on added significance when Julian Assange offered a reward for information leading to the arrest of Rich’s killers.  Assange was cagey when asked if Rich was the source of the documents insisting that WikiLeaks did not expose their sources.  People who worked with Rich noted that he was anything but an experienced computer hacker.  By the time Rich was murdered, CrowdStrike and the DNC had already determined that the breach was a Russian hack, not an inside job.  Rich may not have been an experienced hacker, but he surely knew how to use a thumb drive.

The last extraction of material from the DNC computer system occurred in the early evening hours on July 5, 2016 by someone working in the Eastern Time Zone.  Exactly 1,976 megabytes of information were downloaded in 87 seconds.  It had to be an external storage device since that is far beyond the capacity of Internet downloads in 2016, and clearly beyond the capacity to download information across the Atlantic.  A few days later Rich is murdered.  

This has led to many conspiracy theories on the Internet. The timing of the events leads to this conjecture and we will likely never know the true story.  It has been suggested that Rich was a Sanders supporter who happened upon evidence that the DNC was rigging the process in favor of Hillary Clinton.  Newsweek later reported that Rich had decided to accept an unspecified job in the Clinton campaign and that this was evidence he was not a disgruntled Sanders supporter.  The alternative theory is that either Rich intended to join the Clinton campaign to burnish his resume by working for the eventual nominee, or that he intended to continue to extract information on the Clinton campaign from inside and to feed the information to WikiLeaks. 

The US, through the Mueller probe, did indict several Russians.  All 12 of them, which will never see the inside of a US court, are associated with the Russian GRU (military intelligence), not the FSB.  That indictment alleges that the 12 Russians used American-name online personas.  The methods Mueller used to determine these people were responsible for the hacks is either not specified or redacted.  This seems rather silly considering all the knowledge in the public sphere of how the alleged hack occurred, the malware used, and other items.  

We are led to believe that Russia engaged in a highly sophisticated hacking of the DNC and Clinton campaign.  Yet by the same token, this sophisticated operation left behind digital fingerprints that directly implicated Russia.  We have stories of both Cozy Bear and Fancy Bear intrusions attempting their nefarious deeds irrespective of what the other was doing and that it was all coordinated by Putin.

As the contents of the emails revealed, these were hardly earth-shattering revelations.  The revelations were of interest to political junkies and beltway insiders more than the general population and seemed directed at these people.  It did manage to foment dissent within the ranks of Democrats.  The Podesta emails simply connected the suspected dots between the Hillary campaign, the DNC, and the Clinton Foundation.  

We are left with no other conclusion but there was ample ineptitude to go around.  If Russia really was behind the hacks, they were inept in leaving digital fingerprints that any amateur cyber-sleuth would ultimately detect.  CrowdStrike was certainly an inept actor who, after they installed detection software on the DNC server, still could not determine who or exactly how the server was hacked other than drawing on circumstantial evidence.  Perhaps the FBI was the most inept here in not demanding that CrowdStrike or the DNC turn over the actual server for forensic analysis.  

We are left with if not Russia, then who?  Every reliable forensic analysis of the metadata points to the fact that the DNC/Podesta “hacks” were not a hack but an inside job by someone who downloaded the information directly from the network of the DNC and provided it to WikiLeaks.  

For the sake of argument, let us assume that Russia and Putin were behind this.  What did they hope to gain?  One has to ask themselves, if you were Vladimir Putin in 2016, who would you prefer to be the next President of the United States?  Would you want a known entity in Hillary Clinton, or an unknown entity like Donald Trump who said nice things about you on the campaign trail?  Would you want a man who since at least 1999 had been urging US energy independence, who opposed the Nordstream 2 pipeline, who endorsed the Keystone XL pipeline and offshore oil exploration, and who opposed the Paris Climate Accords that would have decimated the domestic energy sector?  Did Putin change course and simply want to sow discord?

So let me conclude with some basic investigative questions.  We know what was exfiltrated since it was published on WikiLeaks and the Guccifer 2.0 WordPress blog.  We have a general idea of when the information was downloaded given timestamps and forensic analysis embedded in the metadata.  We are unsure of the where although that same analysis indicates the information could not have been exfiltrated on transatlantic cables and was most likely done through an external device like a thumb drive.  We can surmise the why from the information released- either to expose the DNC’s favoritism for Clinton at the expense of Sanders, or to just generally play political mischief and sow discord.  

The “how” is murky.  One theory states the information was downloaded to a server (never found) traced to Illinois, while another theory states it was a thumb drive.  It is possible that the information first went to the Illinois server, then was downloaded from there multiple times before ending up at WikiLeaks.  Or it could just possibly be that the information was extracted directly onto a thumb drive.  All that is left is who is responsible.  

To believe the Russia theory, one has to take CrowdStrike at their word and forget that they had a reputation to preserve and that they were a paid consultant of the DNC which also had a reputation to preserve.  

Perhaps the one overlooked fact, and one barely mentioned by Robert Mueller or the many congressional investigations concerns the Republican Party- namely, they were also a victim of the “Russians.”  Some unnamed government sources told Realclearinvestigations that RNC emails were stolen by using the same spear-phishing techniques used against John Podesta.  

In the Mueller indictment against GRU officials, on page 13 of a 29-page indictment there is a passing reference to this.  If there was such coordinated cooperation between Russia and the Trump campaign as the Steele dossier contends, then why hack their emails?  In testimony before Congress, James Comey seemed to suggest that the GOP was also a target of these hacking schemes, but would not go into deta

Overlooked is another fact: the release through Guccifer 2.0 of 237 pages of damaging information on Trump just before the start of the Republican convention in Cleveland.  Some of the documents delved into accusations that Donald Trump had raped his first wife and looked at his personal life in great detail.  It does not answer the question of why Guccifer 2.0, allegedly a Russian front persona, published the damaging information if the goal was to help Trump win?  One would think they would selectively bury that information if that was the goal.

In the congressional investigations, any mention of the attempts against the GOP are either excluded or covered up.  It is not as if the House committee did not look at the matter.  But in their report the section about attempts against Republican targets runs eight pages and is totally redacted.  

There is a third possibility here that some may not have considered at the time and that is Mueller and company are correct about Russian attempts while simultaneously there was an internal breach at the DNC by someone working for different reasons.  If we assume someone in the DNC exfiltrated the emails on a thumb drive because they were a Sanders supporter and the goal was to expose the favoritism shown to Clinton, while the DNC was simultaneously successfully hacked by Russian entities because the Russian goal was to sow discord, things sort of make sense.  In effect, there were two “operations” against the DNC but for different reasons.

This makes sense and says little about the security measures at the DNC.  We know that they were warned in late 2015 about attempted hacks and they did little to respond other than to contact CrowdStrike who installed apparently useless or ineffective software.  One would think that if they had that information, they would have acted more vigorously upon it, but they didn’t.  

Next: A look at the Steele dossier