CNN counterterrorism analyst Phil Mudd, who worked for the FBI when now-special counsel Robert Mueller was the director, should have caused a bigger stir when he appeared to threaten President Trump: “Let me give you one bottom line as a former government official, the government is going to kill this guy.”
That’s because the president “defends Vladimir Putin,” Mudd said. After a few comments of agreement, CNN’s Jake Tapper made sure Mudd was speaking in a “metaphor.” “Obviously,” Mudd replied. “What I’m saying is government — people talk about the deep state — when you disrespect government officials who’ve done 30 years, they’re going to say, ‘Really’?”
The intelligence community seems to have it out for Donald Trump—but why? This CNN exchange was about Trump’s tongue-in-cheek response to Russia sending home U.S. embassy officials and spooks, Russia’s response to the latest bout of sanctions from Congress.
But the ire goes much deeper. Before the G20 summit, an NBC reporter asked Trump if he would definitively say that Russia interfered in the American election. Despite the U.S. intelligence community insisting otherwise, President Trump refused to place sole blame on Russia, adding that “nobody really knows for sure.”
In the beltway, this is unacceptable conspiracy-peddling that all but proves Trump-Russia collusion. After Trump’s G20 comments, MSNBC’s Joe Scarborough took time away from his budding music career to chide Trump on Facebook for “attacking US intelligence patriots.” Chuck Todd took to Twitter to call this yet another capitulation to Putin. These are but a few examples.
The problem with all this? Trump is 100 percent correct when he says, more or less, that although Russia would love to meddle in American elections, and probably did meddle to some extent, there is a troubling lack of proof that Russia was behind the release of Democratic National Committee (DNC) emails and files to WikiLeaks, or the phishing of John Podesta’s email.
This isn’t just about the legitimacy of Trump’s election, or whether he will be impeached. The degree to which Russia interfered in the election affects the pace of Trump’s policy agenda, our foreign policy, our defense budget, and even the chances of open war between the world’s two predominant nuclear powers. Getting to the truth of what happened in the 2016 election could even affect the future of the republic. Because of this, the unanswered questions surrounding Russia’s election interference should trouble every American.
Russian DNC and RNC Hacking in Late 2015
Start in 2015, when the Russian hacking began, before Trump was the Republican nominee. According to reports, a sole FBI agent contacted the DNC in September 2015 to notify them of hacking, possibly tied to Russia. The DNC claims that because their employee didn’t believe the caller was an FBI agent, the employee didn’t return the agent’s subsequent calls. At this point, hackers were also attempting to enter the RNC’s systems.
Around this time the DNC hired cybersecurity consultants from Good Harbor Security Risk Management, which provided a list of recommendations for improving DNC cybersecurity. The DNC failed to take action on any of the consultants’ recommendations. Further, although Russian hackers were allegedly already in the DNC network at the time, Good Harbor did not discover any hackers in its review.
In December 2015, the failure of an internal firewall at the DNC allowed Sen. Bernie Sanders’ campaign staffers to access team Clinton voter data. This led to a brawl that reached its zenith when team Bernie lost its access to the data, then retaliated by suing the DNC.
The DNC Announces Russia Hacked It
As a result, the DNC hired the cybersecurity firm CrowdStrike in early 2016, which released their findings on the Bernie staffers’ misdeeds in April 2016, with no mention of any Russian intrusion. Only days later, however, CrowdStrike allegedly found evidence of Russian hackers in the DNC’s computers, after the hackers had accessed opposition research on then-candidate Trump. CrowdStrike and the DNC did not make public their claims of Russian hacking until mid-June of 2016.
Specifically, on June 12, 2016, WikiLeaks head Julian Assange announced that he had Hillary Clinton-related documents. On June 14, the DNC released news of the DNC’s hacking, blaming Russia. On June 15, anonymous hacker “Guccifer 2.0” claimed responsibility for the DNC hack and claimed to be the WikiLeaks source. Guccifer 2.0 started posting documents outside of WikiLeaks on June 15, 2016, and continued posting documents over the next couple months. WikiLeaks began publishing on July 22.
An important distinction must be made here. WikiLeaks posted information showing DNC staff were targeting Sanders to benefit Clinton’s campaign. This created a lot of friction, especially since the release occurred right before the Democrat National Convention. When you heard about materials gained from “Russian hacking” in the news, the materials came from WikiLeaks.
Guccifer 2.0’s releases, on the other hand, were in all likelihood a non-factor. They were also largely obtained from the Democratic Congressional Campaign Committee (DCCC), not the DNC. You likely did not hear about Guccifer 2.0’s files in the news.
A list of Guccifer’s materials include congressional passwords to news services, Lexis, and a federal courts public access system called PACER; a list of Democratic donors from 2005, files on a Democrat donor jailed in 2009, and files on a disgraced lobbyist’s donations to Republicans; opposition research on Sarah Palin and information that somewhat placed Barack Obama in a bad light; along with information on House races and candidates, almost all of it inconsequential. Guccifer also had a habit of lying, including that he or she had gained access to the Clinton Foundation donor list, when really the donors released were to the DCCC.
In other words, don’t conflate Guccifer 2.0 with WikiLeaks. Although it is possible that the two were affiliated entities in Russia’s election-interference campaign, the two groups released very different materials in consequence and scope. More on this later.
CrowdStrike and the DNC
Back at the DNC, between April, when the Russian hacking was allegedly discovered, and June, when news of the hacking went public, CrowdStrike proceeded to clean or replace all of the DNC servers. Because of this, direct confirmation of the DNC hack did not come from the FBI, but only from CrowdStrike.
According to former FBI Director James Comey, the FBI made “multiple requests at different levels” to examine the DNC servers, but the DNC refused. Ultimately, the FBI reached an agreement with the DNC that, in Comey’s words, a “highly respected private company” would report to the FBI what it found in the DNC servers.
This is odd. Checking out the DNC servers, especially with an election and U.S. national security on the line, should be the FBI’s job. Next, CrowdStrike had incentives that might conflict with an honest assessment. Because CrowdStrike was being paid by the DNC, not taxpayers, it had a clear incentive to report whatever the DNC wanted it to report. The DNC had a political incentive to blame the hacking on Russia, which allowed the Clinton team to first falsely claim that the documents were heavily doctored or even wholly manufactured, then pivot to attacking Trump as a Putin stooge whenever WikiLeaks material came up.
Most important, CrowdStrike has a monetary incentive to find something big when skunking out hackers—the better to get its name in the public domain and go on to bigger and better contracts. In the words of Jeffrey Carr, a cybersecurity consultant who has lectured at the U.S. Army War College: “The only things that pay in the cybersecurity world are claims of attribution. Which foreign government attacked you? If you are critical of the attack, you make zero money. CrowdStrike is the poster child for companies that operate like this.”
Remember the Sony hack, supposedly perpetrated by North Korea? CrowdStrike was sure that North Korea was behind the hack, even though cybersecurity experts pointed out the evidence was thin and it was equally likely that the “hack” was the work of an insider.
CrowdStrike has also been wrong about Russian hacking in the past. Crowdstrike reported in December 2016 that the same malware used in the DNC attack had infected Ukrainian military Android devices and tracked and targeted Ukrainian artillery units. This allowed CrowdStrike to upgrade their assessment of the DNC hack to a “high degree of certainty.”
The only problem? No such “hacking” took place, and it could even be argued that by making the Ukrainian military doubt its equipment, the CrowdStrike report temporarily aided the Russian-backed rebels. CrowdStrike was roundly criticized by the Ukrainian government and cybersecurity experts as a result.
The Podesta Email Theft and Obama’s Response
After news of the DNC hacking, U.S. officials publicly expressed reticence to positively blame Russia for the DNC hacking, rightly not wanting to base U.S. national security assessments on the work of a private cybersecurity firm with ties to the Clinton campaign.
This changed in early August, when, according to the Washington Post, President Obama received a double-secret report from the CIA that Russia was indeed attempting to influence the election in favor of Trump. The NSA did not attach a high degree of confidence to the intelligence due to the nature of the source (likely an Eastern European intelligence agency), and the White House sat on the information. That changed on October 7, the very day WikiLeaks released the Podesta emails, when the Obama administration officially blamed Russia for both the DNC hack and the Podesta email theft.
There are several discrepancies to this tale. First, the Podesta email theft resulted from a ploy that tricked Podesta into giving the “hacker” his Gmail password. Phishing, the method used, isn’t hacking per se. It works by getting the victim to type his or her password into a “fake” website. Although Russian hacking groups have used the fake link trick before, saying that it can only be used by Russians is a stretch. In the words of Sam Biddle, “this isn’t a Russian technique any more than using a computer is a Russian technique.”
It should also be questioned whether the Obama administration used the Podesta phishing to assess that Russia was behind the separate DNC hack, and why the Obama administration picked the very day of the Podesta email release to officially make its assessment.
Second, WikiLeaks’ Podesta email release occurred just hours after NBC released the infamous Trump-Billy Bush tape. Thus some say the Podesta emails were only released at this time to distract the hayseeds in flyover country from Trump’s vulgarity. Actually, everyone knew that WikiLeaks was set to release that day, and the NBC tape could have been shot to distract from the Podesta email trove.
Either way, the U.S. intelligence community never presented much proof, and even worse seemed to be working from the assessment of a private cybersecurity firm that had conveniently supplied the Clinton-campaign with much needed talking points for when the DNC or Podesta emails came up. During this time, former CIA director Michael Morell and former CIA and NSA director Michael Hayden were calling Trump, in Morell’s words, “an unwitting agent of the Russian Federation.”
The Forensic Evidence of Russian Hacking
After the election, the Obama administration prompted U.S. intelligence agencies to conduct a conclusive review of Russian meddling in the election. The FBI and Department of Homeland Security (DHS) released a report in December, and the director of national intelligence (DNI), which coordinates the appendages of the intelligence bureaucracy, released a report in January. These reports were supposed to contain definitive proof of Russian hacking.
Forensic evidence from CrowdStrike provided in the FBI and DHS report labeled the Russian cyber-campaign “Grizzly Steppe.” The Grizzly Steppe report, as proof of Russian interference, listed malware, called X-Agent, along with other “signatures,” such as hacking tools used to sort files.
CrowdStrike and the FBI reasoned that because X-Agent had been used to hack Germany’s Bundestag and a French TV network, then X-Agent must be tied to the Russian government. There are two obvious problems with this line of reasoning. First, we don’t know with certainty that the Russian government was behind the European hacks.
Second, in Carr’s words, “It is both foolish and baseless to claim, as CrowdStrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.”
This is true across the board. For example, one of the tools detected was attributed to the Russian government, but is commonly and widely used by hackers all over Russia and Ukraine. So little in the CrowdStrike forensics pointed to the Russian government with any modicum of certainty. Matt Taibbi at Rolling Stone called the report “long on jargon and short on specifics.”
Dan Goodin at Ars Technica summed up the report: “Instead of providing smoking guns that the Russian government was behind specific hacks, it largely restates previous private-sector claims without providing any support for their validity. Even worse, it provides an effective bait and switch by promising newly declassified intelligence into Russian hackers’ ‘tradecraft and techniques’ and instead delivering generic methods carried out by just about all state-sponsored hacking groups.”
Robert Lee, former Air Force cyberwarfare officer and cybersecurity fellow at New America, and Errata Security CEO Rob Graham believe the generous verdict is that the FBI and DHS left out more conclusive evidence. Lee believes the report was likely rushed. Graham concluded that the forensics “can be a reflection of the fact the government has excellent information for attribution. Or, it could be a reflection that they’ve got only weak bits and pieces. It’s impossible for us outsiders to tell.”
CrowdStrike’s weak forensic evidence even led to the somewhat-laughable caper where a Vermont utility found a code listed in the report on a laptop, which prompted the Washington Post to run a story about Russians hacking the electrical grid, with quotes from breathless Vermont Democrats decrying the Russian threat. In the end, it became apparent that the malware wasn’t associated with the Russians, that the laptop wasn’t connected to the grid, and that the illustrious Washington Post hadn’t bothered to contact the Vermont utility before publishing.
The DNI report, out in January 2017, was no better. While all except the NSA pinned the DNC and Podesta hacks on Russia with a high degree of confidence, the report forgot to include any new information. A third of the DNI report was devoted to decrying RT, the Russian-owned cable channel that nobody watches. The report went on to make the ludicrous claim that Russia peddled propaganda such as “Hillary’s no-fly zone risked starting a war with Russia,” when this was a legitimate concern many voters and members of Congress held, given a no-fly zone would require that American airpower shoot down Russian aircraft over Syria.
As to the two pages that did cover the supposed Russian hack of the DNC, cybersecurity and intelligence experts widely held the report to be underwhelming at best. Much of it was yet again a regurgitation of techy-sounding but generic terms.
Flynn, Comey, and Trump Collusion
Before the election, a separate but connected narrative began to emerge, also pushed if not originated by Clinton’s campaign: since Russia had interfered in the election, maybe Trump was more than just an unwitting stooge of the Kremlin. As proof of this was the story—now largely disproven despite resurrection attempts by the media—that a Russian bank was communicating with a server in Trump Tower. We also know that during this time the BuzzFeed Trump-Russia dossier had made its way to the FBI.
Ostensibly because of this, a shell-shocked post-election Obama administration moved to allow any “information” on Trump’s “possible collusion with Russia” to be disseminated widely down the daisy-chain of command in the federal intelligence bureaucracies. This enabled widespread leaking and is likely what snared Michael Flynn, when his non-nefarious intercepted communication with the Russian ambassador was illegally leaked, contradicting what he had told the vice president.
Since then have been three big developments. First, there was the unverified and error-ridden BuzzFeed dossier, compiled by a discredited former British agent and paid for by Fusion GPS, a firm with ties to the Kremlin and a history of smearing conservatives and opponents of Planned Parenthood. Fusion GPS also has ties to Natalia Veselnitskaya and Rinat Akhmetshin, the Russian lawyer and former Russian intelligence agent, respectively, who met with Donald Jr. under the guise of promising dirt on Clinton just days before the DNC made the theft of its files public.
Currently, Fusion GPS is stonewalling Chuck Grassley’s Senate investigators. Grassley is wondering why the FBI paid the former British agent, who went on to pay Russian agents, and in so doing entertained garbage opposition research partially written using the ol’ copy-paste trick from Google and Wikipedia.
Second, there was the firing of James Comey, likely because Comey was not cooperating with Congress’ investigation into the illegal leaks by intelligence officials, and the Obama administration’s unmasking of Americans’ communications. It is also likely that Trump was upset after Comey seemed to tell Congress, under oath, that President Trump was under FBI investigation, when he had told Trump privately that he was not.
Third, there was the appointment of a special counsel, former FBI director and pal of James Comey Robert Mueller, who is tasked with investigating Trump’s ties with Russia. This was only made possible by Attorney General Jeff Sessions’ recusal from all matters related to Russia, after anonymous leaks brought into question how many times Sessions had met with the Russians during the 2016 campaign.
On top of this there is the constant drip of unverified and anonymous leaks to The New York Times and Washington Post. The leaks are themselves laughable. The best example is the “backchannel” story, if you’ve ever read a history book about the halcyon Cold War days. Thrown together, however, this constant drip from anonymous intelligence officials has perpetuated the narrative that Russia not only hacked the election, but that President Trump also colluded with the Russians.
VIPS and Guccifer 2.0
One last bombshell dropped several weeks ago, and was picked up by Bloomberg View’s Leonid Bershidsky and The Nation, a leftwing publication. A group of former U.S. intelligence officials, Veteran Intelligence Professionals for Sanity (VIPS), has been investigating the alleged Russian hacking of the DNC and related intelligence reports. Several VIPS members are “famous” for questioning the Bush administration’s Iraq weapons of mass destruction claims before the 2003 War in Iraq, and were quoted by The New York Times’ Nicholas Kristof.
VIPS is around 30 members strong, some prominent and highly experienced former intelligence officials. It has been working with two outside sources. Remember Guccifer 2.0, and this hacker’s largely inconsequential files? Each source has managed to pull the metadata from the files, something akin to each file’s fingerprint.
The first source, the “Forensicator,” has found that on July 5, 2016, 1,976 megabytes of data were downloaded from the DNC’s server in 87 seconds, a rate of 22.7 megabytes per second. While it’s debatable, some say this speed is virtually impossible over the Internet, but it is definitely consistent with the transfer rate when downloading information to a USB thumb-drive. The Forensicator also found that time stamps in the metadata show that the download occurred at approximately 6:45 p.m. EST.
Adam Carter, the second source, found evidence in the metadata that the first five files Guccifer made public on June 15 had each been copied-and-pasted into a “Russianified [W]ord document with Russian language settings and style headings” to make it appear as if the Russian language was used in the hacking process. The traces of Russian found in the documents had been cited as the prime evidence that Guccifer 2.0 was a Russian hacking group. Carter is examining the July 5, 2016 documents to see if they were doctored in a similar fashion, but has yet to find anything.
Who are these sources? The Forensicator is someone in the Pacific Time Zone, and VIPS believes this person is “someone very good with the FBI,” given the level of expertise. Carter is located in the United Kingdom, and the pseudonym is play off a character from a BBC espionage show titled “Spooks.”
How far does VIPS go down the rabbit hole? VIPS believes the DNC experienced an internal theft then went to war, creating “Guccifer 2.0” to point to Russia whenever the stolen DNC files came up. Is this fanciful? Probably. Does this forensic evidence and the lack of forensic evidence from CrowdStrike warrant more investigation and explanation? Most definitely.
Beltway Republican Talking Points
All this brings us to today, where the latest development in the Trump-Russia story more or less says that President Obama knew about Russian hacking and didn’t do enough to stop it. It is now conventional wisdom within the Beltway that the Obama administration dropped the ball, and maybe even cost Clinton the election. Even Democrat Adam Schiff, Congress’ latest reincarnation of Joe McCarthy, was on a Sunday show saying that the Obama administration didn’t do enough to combat Russian interference in the election.
Meanwhile, there is an ongoing dispute between the DNC, its former chairwoman Debbie Wasserman Schultz, and the DHS and FBI over how much assistance the DNC was offered during and after the alleged Russian hacking.
Most Republicans have used this as an opportunity to jump on a traditional Republican talking point: “The Democrats are weak on national security, which explains why Obama didn’t act.” Maybe true, but these developments also highlight a flaw in the “Russia hacked the election story.” If such an unprecedented attack was taking place, why wasn’t more done to stop it?
There is one potential answer we don’t hear much about: The Obama administration and the FBI didn’t take major action because Russian interference was not as clear-cut as it is being made to seem post-election. What if Russia’s election hacking and preference for Trump has been grossly exaggerated? What if the Russians could have been behind the hacks, but the only hard evidence is inconclusive?
More Evidence Before We Jump to Conclusions
Because of all the unanswered questions, most people known to the author here in flyover country—Republicans and Democrats alike—treat the intelligence community with a big healthy dose of skepticism. Too many in the Beltway fail to do the same. The GOP’s deference to intelligence agencies especially shows in the Senate, particularly the Senate Intelligence Committee. There is a reason Comey testified here, and not on Grassley’s Judiciary Committee.
Just for example, when Comey claimed during his hearings that CrowdStrike was such a high-class cybersecurity outfit that it didn’t matter that the FBI didn’t actually examine the DNC servers, there was no follow-up question.
Beltway types say more evidence is being withheld due to the fear of compromising “sources and methods.” But this isn’t the Cold War, where we risk exposing a human spy hiding in the Kremlin. Everybody knows what the NSA sucks up, and where the FBI spies, so there should be little problem with the government divulging any other forensic evidence found on the DNC’s computers, as has been done for previous hacking episodes perpetrated by state actors.
In the words of William Binney, a former NSA technical director and designer of many programs now in use, “Everything that they say must remain classified is already well-known; they’re playing the Wizard of Oz game.” Cybersecurity experts have mused that maybe Congress has been given more info, but members of Congress also seem left in the dark about CrowdStrike’s analysis, and clearly the president himself is ignorant of the undisclosed silver-bullet information that proves Russian interference.
Even the idea that Trump is better for Putin, so Putin wanted Trump elected, is laughable. If this is true, Putin is the real “useful idiot.” Putin’s lifeblood is oil and natural gas. We are to believe he just helped elect the most pro-energy U.S. president in decades, who plans on exporting oodles of cheap U.S. natural gas to U.S.-allied Europe?
Ditto for the revelation, first from the affably named Reality Winner, that Russian hackers got into state databases. Sure, Russia would do this, and probably did, but the only cybersecurity issue aired publicly after the election came from Georgia, Indiana, and Idaho election officials, who traced an attempted hack in their systems back to a computer at the Obama administration’s DHS (DHS has plausibly disputed at least the Georgia incident).
There’s obviously a good explanation for all of this, but given that there is a good explanation, why would state officials be complaining to the media about the DHS while they were under massive attack by Russian hackers? Wouldn’t state officials worry that they would end up looking stupid, or even losing their jobs? Is it possible that they were not properly informed by DHS, or that the hacking was less widespread than is currently being reported?
As for the reporting on state election infrastructure hacking, far too many breathless news outlets forgot to mention that little proof has been publicly provided for this episode of Russian hacking, either. It is all too likely that Russia really did hack state election databases (they certainly would like to), but, again, let’s hear the evidence before we pass sanctions that will harm our European allies, or start calling a U.S. presidential election illegitimate.
In all this, congressional Democrats, the beltway media, and too many Republican senators are woefully out of touch with the American people. It goes a long way to explain why President Trump won both the GOP nomination, and the general election. Worse, right on Russian hacking or not, is the degree to which the unelected U.S. intelligence community has been influencing policy decisions. Too many Republicans have been completely silent on this.
The American people in flyover country no longer trust any of these groups. If we can’t even trust the FBI to give an honest assessment of the Alexandria shooter’s motives, why should we trust everything the intelligence bureaucracies say if insufficient evidence is provided? What sounds like an oaf mouthing pro-Putin blather to some sounds like common sense in flyover country.
This is not the fault of flyover country. They have grown cynical for good reason. To win back its trust, start by providing more evidence to justify invalidating their political choices.