1. CrowdStrike was called in and supposedly installed its anti-breach software on May 6, 2016. However, much of the leaked emails were extracted from the DNC servers AFTER that date. Indeed, the leaked emails have clearly been curated based on his analysis of the dates in the metadata (e.g., there are few emails dated prior to April 19, when the hack is meant to have started, but hackers would have taken everything they could extract once they got it in).
Steve writes: There were no fewer than 14409 emails in the Wikileaks archive dating after Crowdstrikes installation of its security software. In fact, more emails were hacked after Crowdstrikes discovery [of the breach] on May 6 than before. Whatever actions were taken by CrowdStrike on May 6, they did nothing to stem the exfiltration of emails from the DNC; and
2. The DHS-FBI intel assessment of the DNC hack [linked above] concluded with high confidence that Guccifer 2 was a Russian operation, but provided (literally) no evidence in support of their attribution. Ever since Guccifer 2s surprise appearance on June 15, 2016 (one day after CrowdStrikes announcement of the DNC hack by Russia), there has been a widespread consensus that Guccifer 2 was a Russian deception operation, with only a few skeptics (e.g., Jeffrey Carr questioning evidence but not necessarily conclusion, Adam Carter challenging attribution). Perhaps the most prevalent argument in attribution has been the presence of Russian metadata in documents included in Guccifer 2s original post the theory being that the Russian metadata was left by mistake. Ive looked at lots of metadata both in connection with Climategate and more recently in connection with the DNC hack, and, in my opinion, the chances of this metadata being left by mistake is zero. Precisely what it means is a big puzzle though.
http://www.powerlineblog.com/archives/2017/11/the-blabbermouth-angle-2.php
Some of McIntyre's very interesting analysis can be found here:
https://climateaudit.org/2017/09/23/guccifer-2-and-russian-metadata/#more-23416
Very interesting material. Ritter’s report is well done, even if heavily reliant on what rival cyber experts say about each other.
Some questions in my mind: How did the DNC become aware of the intrusion in April that triggered the rest? Who/what/when/how might be revealing. I’m sure they say some junior IT person stumbled across it. Yeah right.
How do we know that CrowdStrike wasn’t in on this from the start? Alperowitch, according to Ritter, is a big advocate of entering computers and taking files, in “self-defense”. Surprise! Cozybear and Fancybear entered the DNC’s computers and stole files. CrowdStrike’s magic software detected it all in moments. As your Item 1 suggests, perhaps they then extracted and promulgated the files themselves for a variety of motives. Unleashing a craze over cyber security, and getting massive free publicity couldn’t have been too bad for business. Has anyone noticed that Alperowitch’s vaunted concept of chasing down stolen files and zapping them seems either not to have been deployed or a complete failure?
Is there a common ingredient between the DNC and DCCC? Yes — Debbie Wasserman Schultz, who is known to be a major client of the Awan ring of Pakistani IT crooks. Mebbie the target was Debbie? Or was she just conveniently inept?