Posted on 05/06/2022 5:36:21 AM PDT by Red Badger
Documents obtained by The Federalist raise concerns about the validity of CrowdStrike’s analysis of the DNC hack.
The Georgia Tech cyber security experts ensnared in the Alfa Bank hoax conducted a retrospective analysis of the Democratic National Committee hack, according to the Department of Defense. While the results of that analysis have yet to be made public, internal documents obtained by The Federalist reveal that Georgia Tech’s computer scientists believed CrowdStrike’s approach to investigating computer intrusions relied on the use of easily “spoofed/impersonated” signals of traffic.
In June 2016, about one month before WikiLeaks released a trove of internal communiques revealing top DNC officials plotted to destroy Bernie Sanders’ presidential ambitions in favor of their preferred candidate, Hillary Clinton, the DNC publicly confirmed that its server had been hacked. In the Washington Post article breaking the story, the DNC maintained that the private security firm it had hired to investigate the hack, CrowdStrike, had concluded two Russian military intelligence groups, branded Cozy Bear and Fancy Bear, bore responsibility for the intrusions.
Given that Democrats and the media would later rely on CrowdStrike’s conclusion that Putin’s agents had hacked the DNC to support the Russia collusion hoax, those seeking to unravel Spygate paid particular attention to CrowdStrike’s initial assessment. The declassification of CrowdStrike President Shawn Henry’s December 2017 testimony before the House Intelligence Committee, that “there was no ‘concrete evidence’ that the emails were stolen electronically,” later raised more “questions about whether Special Counsel Robert Mueller, intelligence officials and Democrats misled the public” about the hack.
In his final report, Mueller concluded “that Russian intelligence ‘appears to have compressed and exfiltrated over 70 gigabytes of data’ and agents ‘appear to have stolen thousands of emails and attachments’ from Democratic Congressional Campaign Committee and DNC servers, respectively.” But CrowdStrike remained the only publicly known source to support Mueller’s conclusion. Given the numerous illegal efforts to frame Donald Trump as colluding with Russia exposed by then, conservatives were unwilling to trust either Mueller or CrowdStrike.
Concerns over CrowdStrike’s analysis reemerged after Special Counsel John Durham indicted former Clinton campaign attorney Michael Sussmann for allegedly lying to FBI General Counsel James Baker. That indictment and other documents filed in the Sussmann criminal case revealed that cyber-security experts assisted tech executive Rodney Joffe in crafting deceptive data and whitepapers to create the false appearance of a secret communication network between Trump and the Russian-based Alfa Bank. Sussmann then fed this “intel” to the CIA and FBI.
After the election, Sussmann also provided the CIA with deceptively cherry-picked data to suggest a connection between Trump or his transition team and Russians, using cyber-tracking of a Russian Yota cell phone. To compile both the Alfa Bank and Yota phone hoaxes, according to the indictment, Joffe exploited proprietary information he had access to because of his positions in various tech companies. More troubling still was the revelation that Joffe used sensitive data from the Executive Office of the President in his attempt to frame Trump.
This backdrop provided powder to the news The Federalist broke that Durham’s team had asked Georgia Tech cybersecurity expert Manos Antonakakis “point blank” whether the Department of Defense’s Defense Advanced Research Projects Agency (DAPRA) “should be instructing you to investigate the origins of a hacker (Guccifer_2.0) that hacked a political entity (DNC).”
Antonakakis, according to documents obtained by The Federalist, told lead prosecutor Andrew DeFilippis — in a seeming confirmation that DARPA had directed him to investigate the DNC hack or hacker — that that was “a question for DARPA’s director.”
Within days, however, DARPA denied any involvement “in efforts to attribute the DNC hack.” Jared Adams, then the spokesmen for the agency, told the Washington Examiner that “Dr. Antonakakis worked on DARPA’s Enhanced Attribution program, which did not involve analysis of the DNC hack.” The Washington Examiner further reported that Adams maintained “DARPA was not involved in efforts to attribute the Guccifer 2.0 persona, nor any involvement in efforts to attribute the origin of leaked emails provided to Wikileaks.”
But then another document dump by Georgia Tech revealed the university’s cybersecurity experts had drafted four “DARPA whitepapers.” Those included one “Whitepaper on DNC attack attribution” and a second identified as the “‘Mueller List’—list of domains and indicator related to APT-28.” (APT-28 is the more formal name for the Russian intelligence group of hackers known colloquially as Fancy Bear; Mueller would later charge 12 Russian intelligence agents with allegedly working as Fancy Bear with crimes related to the DNC hack.)
An email from Georgia’s attorney general’s office further indicated involvement by the tech researchers in Mueller’s investigation. The lawyer handling Durham’s subpoena of Georgia Tech noting that one of the individuals involved had “indicated that there was a ‘fairly large file of Trump related materials’ that had been assembled for production to the office of Special Counsel Robert Muller (sic) or the DOJ.” The state’s lawyer added that they were “unable to locate such a file,” and sought further assistance.
Following The Federalist’s reporting on this latest inconsistency between DARPA’s story and what the documents obtained through Right To Know requests showed, Republican Sens. Ron Johnson and Charles Grassley sent a letter to Stefanie Tompkins, the director of DARPA, demanding copies of the alleged “whitepapers.”
In their joint letter, the senators stressed that “the DNC hack occurred during the lead up to the 2016 presidential election, which was marked by claims of meddling by foreign actors. Some of those claims have since been confirmed to be disinformation efforts by operatives from the Democratic campaign.” “As details continue to emerge,” the letter continued, “the public is rightly concerned about the extent to which various federal agencies investigated, validated, dispelled, or relied on these claims. Indeed, the credibility of some agencies has been called into question, and the public deserves a full accounting of federal officials’ involvement in these activities.”
When contacted by The Federalist concerning Johnson and Grassley’s letter, DARPA’s new spokeswoman, Tabatha Thompson, noted it had received the letter and “is following proper procedures to respond to the inquiry.” In response to questions concerning the whitepapers that appeared connected to the Mueller investigation and the DNC hack, Thompson told The Federalist that, “consistent with our previous statements, the research neither contributed to the Mueller investigation nor the investigation into the DNC hack or Guccifer 2.0 attribution.”
Thompson, however, then noted that contractors often conduct “retrospective analyses of publicly disclosed, real-world scenarios to verify and validate tools and capabilities in development on the EA program,” and that in the course of such programs, the contractors may “produced reports, sometimes referred to as white papers, explaining the retrospective analyses on those topics, relying on commercially available data to analyze attributions previously disclosed to the public.” “For example,” DARPA’s representative, added, enhanced attribution “performers analyzed indicators from publicly released DoJ indictments, such as the Mueller indictment, as well as public attribution reports from other federal agencies.”
In response to multiple requests from The Federalist for comment, Mark Schamel, the lawyer for Antonakakis, refused to go on the record with an explanation or to state whether the Georgia Tech whitepaper confirmed or contradicted CrowdStrike’s conclusion that Russians had hacked the DNC. He also refused to answer whether the whitepaper had been provided to Mueller’s office.
Also unknown is whether Joffe provided Antonakakis the data used for the research and the whitepapers related to the DNC hack. That is a concern given Joffe’s role in the Alfa Bank and Yota phone hoaxes and given that other documents from Georgia Tech state that Joffe assisted with two other attribution requests performed by Antonakakis over the summer of 2016.
Other documents recently obtained by The Federalist likewise raise concerns over the validity of CrowdStrike’s analysis of the hack, namely an exchange between Antonakakis and the executive director of the university’s Institute for Information Security and Privacy, Lee Wenke.
In an email thread from May of 2018, in response to Antonakakis’ statement that “you do attribution from studying the mistakes they do during an operation,” Wenke wrote: “Then are you in principle doing the same as crowdstrike, e.g., using ‘signatures’ of coding/texting styles? And didn’t we all agree[] that those can be ‘spoofed/impersonated’?”
The exchange continued with Antonakakis stating that he is “not like” CrowdStrike, and is “not building signatures,” to which Wenke replied: “I was saying that if you are using signatures/signals of traffic and if those can be (easily) spoofed/impersonated, then in principle your approach would suffer the same weakness (spoof-able) as [CrowdStrike.]”
Antonakakis ended the exchange by acknowledging his point, but “strongly” disagreeing on the “value that policy has in computer security.” What remains unclear from this email thread, though, is whether Antonakakis’ retroactive analysis of the DNC hack reached the same conclusion as CrowdStrike, namely that Russians had hacked the servers.
Frankly, given Cozy Bear and Fancy Bear’s propensity to hack government networks, it is extremely likely the Russian intelligence services were behind the DNC hack. Evidence unrelated to Trump or attempts to destroy the former president indicate, for instance, that between 2012 and 2018, Russian intelligence officers “targeted hundreds of energy companies around the world.”
Both U.S. and U.K. national security agencies likewise believe the Russia’s military intelligence agency, GRU, has “engaged in a global campaign to target ‘hundreds’ of predominantly American and European entities, including government and military organizations, energy companies, think tanks and media companies.”
But given what we know now about the Steele dossier and Alfa Bank and Yota cell phone hoaxes, as well as the FISA abuse by the Crossfire Hurricane team, taking the word of the intelligence community no longer suffices. It’s now: Show me the evidence, who gave you the evidence, and that person’s political affiliation.
That is far from the ideal situation for national security, but it is the intelligence agencies and those in the cybersecurity world who own that reality — as well as Hillary Clinton and the media.
Margot Cleveland is The Federalist's senior legal correspondent. She is also a contributor to National Review Online, the Washington Examiner, Aleteia, and Townhall.com, and has been published in the Wall Street Journal and USA Today. Cleveland is a lawyer and a graduate of the Notre Dame Law School, where she earned the Hoynes Prize—the law school’s highest honor. She later served for nearly 25 years as a permanent law clerk for a federal appellate judge on the Seventh Circuit Court of Appeals. Cleveland is a former full-time university faculty member and now teaches as an adjunct from time to time. As a stay-at-home homeschooling mom of a young son with cystic fibrosis, Cleveland frequently writes on cultural issues related to parenting and special-needs children. Cleveland is on Twitter at @ProfMJCleveland. The views expressed here are those of Cleveland in her private capacity.
The DNC never let the FBI analyze their servers.
They just told everybody it the RUSSIANS, RUSSIANS, RUSSIANS...................
Seth Rich........................................... Rest in Peace, You will be avenged.........
I hope Assange lives long enough to talk frankly about Seth Rich. Keep in mind, Seth’s murder had the same earmarks as Donald Young’s murder...both likely were done by gang-related wet operators. Both occurred to suppress DNC “issues”.
The whole thing was a “spoof”.
The whole thing was a outright lie.
The servers were not ‘hacked’, someone on the inside had direct access to the servers and downloaded a lot of information file onto a portable data format, ie ‘thumb drive’.
.
.
.
.
.
.
Seth Rich...............................
As we get more and more information from Durham on the Russia Collusion Hoax, it is well to note and reference this really important and INCREDIBLE testimony by a former high ranking FBI official (FBI Director of National Intelligence).
His testimony should be the foundation of covering a grand jury to charge all those involved in/out of government with conspiracy to undermine and sabotage a Federal Election and the US Government:
https://www.hsgac.senate.gov/imo/media/doc/Testimony-Brock-2020-12-03.pdf
The whole thing was fake. Libs on Twitter have thousands of followers who are fake (Obama’s being the most glaring example). Millions of Biden votes were fake. Much of the pandemic was fake. The media has created a false reality. Meanwhile, people who should know better still want the mainstream media stamp of approval on their news. They lie about most everything.
What is not fake is the Deep State. That is quite real. The FBI and a handful of other alphabet agencies need to be dismantled. A lot of the people responsible need to (at best) be sent to prison.
We may never find out who actually pulled the trigger, but we will find out who gave the order.....................
Wikileaks, Vault 7, Umbrage Program. A CIA collection of tools and techniques that allow them to lay any cyber crimes or breaches at the feel of any nation they want.
A few random Cyrillic lines or Chinese characters. Conducted during business hours of the country you want to blame, etc.
Well it’s not like Crowd Strike appeared to have done a conclusive investigation. They stopped at a point midway and put out an unsupported conclusion.
Have an acquaintance who was in a position to know everything about just about nearly everything (he’s not really on our side either) tell me several years ago that crowdstrike will be completely taken down over something eventually
Been suspecting this would be why for a while
And then they will have a jury trial in Washington DC, where they voted 92% for Biden.
This “investigation” is only intended as a pressure valve. To tell us something is being done.
Funny thing about that is if they did let the FIB “analyze” their servers they would have helped them cover all of this up!
The DNC would have been a legitimate intelligence target for Russian intelligence. I’d be surprised if they *didn’t* penetrate it.
They probably did.
Years and years before...................
And Hillary’s home computer, too, I bet.
I have been hoping the focus on Alfa Bank was leading ti this. Someone pointed out to me they relied on CrowdStrike when i brought this up weeks ago, but thatdoesnt mean their data wasn’t suspect and the focus by Clinton on Trump/Russia was started as early as fall 2015
‘’ They stopped at a point midway and put out an unsupported conclusion.’’
———-
Exactly. People need to read what they told Nunes committee back in 2017-18. They were far from definitive under oath
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.