Written by Veteran Intelligence Professionals for Sanity
Breaking information: Former U.S. intelligence officers cite new forensic research to problem the declare of the important thing “evaluation” that Russia “hacked” Democratic emails. Newly-released memo revealed in full under.
Proof: In a memo to President Trump, a gaggle of former U.S. intelligence officers, together with NSA specialists, cite new forensic research to problem the declare of the important thing Jan. 6 “evaluation” that Russia “hacked” Democratic emails final yr.
MEMORANDUM FOR: The President
FROM: Veteran Intelligence Professionals for Sanity (VIPS)
SUBJECT: Was the “Russian Hack” an Inside Job?
Forensic research of “Russian hacking” into Democratic Nationwide Committee
computer systems final yr reveal that on July 5, 2016, knowledge was leaked (not hacked) by an individual with bodily entry to DNC pc. After analyzing metadata from the “Guccifer 2.zero” July 5, 2016 intrusion into the DNC server, unbiased cyber investigators have concluded that an insider copied DNC knowledge onto an exterior storage system.
Key among the many findings of the unbiased forensic investigations is the
conclusion that the DNC knowledge was copied onto a storage gadget at a velocity that far exceeds an Web functionality for a distant hack. Of equal significance, the forensics present that the copying was carried out on the East coast of the U.S.
So far, mainstream media have ignored the findings of those unbiased research [see here and here].
Unbiased analyst Skip Folden, who retired after 25 years because the IBM Program Supervisor for Info Know-how, US, who examined the current forensic findings, is a co-author of this Memorandum. He has drafted a extra detailed technical report titled “Cyber-Forensic Investigation of ‘Russian Hack’ and Lacking Intelligence Group Disclaimers,” and despatched it to the workplaces of the Particular Counsel and the Lawyer Basic.
VIPS member William Binney [pictured]a former Technical Director on the Nationwide Safety Company, and different senior NSA “alumni” in VIPS attest to the professionalism of the unbiased forensic findings.
The current forensic research fill in a crucial hole. Why the FBI uncared for to carry out any unbiased forensics on the unique “Guccifer 2.zero” materials stays a thriller – as does the shortage of any signal that the “hand-picked analysts” from the FBI, CIA, and NSA, who wrote the “Intelligence Group Evaluation” dated January 6, 2017, gave any consideration to forensics.
NOTE: There was a lot conflation of fees about hacking that we want to make very clear the first focus of this Memorandum. We focus particularly on the July 5, 2016 alleged Guccifer 2.zero “hack” of the DNC server.
In earlier VIPS memoranda we addressed the shortage of any proof connecting the Guccifer 2.zero alleged hacks and WikiLeaks, and we requested President Obama particularly to reveal any proof that WikiLeaks acquired DNC knowledge from the Russians [see here and here].
Addressing this level at his final press convention (January 18), he described “the conclusions of the intelligence group” as “not conclusive,” despite the fact that the Intelligence Group Evaluation of January 6 expressed “excessive confidence” that Russian intelligence “relayed materials it acquired from the DNC … to WikiLeaks.”
Obama’s admission got here as no shock to us. It has lengthy been clear to us that the rationale the U.S. authorities lacks conclusive proof of a switch of a “Russian hack” to WikiLeaks is as a result of there was no such switch.
Based mostly totally on the cumulatively distinctive technical expertise of our ex-NSA colleagues, we now have been saying for nearly a yr that the DNC knowledge reached WikiLeaks by way of a replica/leak by a DNC insider (however virtually definitely not the identical as per DNC knowledge on July 5, 2016).
From the knowledge out there, we conclude that the identical inside-DNC, copy/leak course of was used at two totally different occasions, by two totally different entities, for 2 distinctly totally different functions:
-(1) an inside leak to WikiLeaks earlier than Julian Assange introduced on June 12, 2016, that he had DNC paperwork and deliberate to publish them (which he did on July 22) – the presumed goal being to show robust DNC bias towards the Clinton candidacy; and
-(2) a separate leak on July 5, 2016, to pre-emptively taint something WikiLeaks may later publish by “displaying” it got here from a “Russian hack.”
That is our first VIPS Memorandum for you, however we now have a historical past of letting U.S. Presidents know once we assume our former intelligence colleagues have gotten one thing necessary flawed, and why. For instance, our first such memorandum, a same-day commentary for President George W. Bush on Colin Powell’s U.N. speech on February 5, 2003, warned that the “unintended penalties have been more likely to be catastrophic,” ought to the U.S. assault Iraq and “justify” the warfare on intelligence that we retired intelligence officers might readily see as fraudulent and pushed by a warfare agenda.
The January 6 “Intelligence Group Evaluation” by “hand-picked” analysts from the FBI, CIA, and NSA appears to suit into the identical agenda-driven class. It’s largely based mostly on an “evaluation,” not supported by any obvious proof, that a shadowy entity with the moniker “Guccifer 2.zero” hacked the DNC on behalf of Russian intelligence and gave DNC emails to WikiLeaks.
The current forensic findings talked about above have put an enormous dent in that evaluation and forged critical doubt on the underpinnings of the terribly profitable marketing campaign in charge the Russian authorities for hacking. The pundits and politicians who’ve led the cost towards Russian “meddling” within the U.S. election may be anticipated to attempt to forged doubt on the forensic findings, in the event that they ever do bubble up into the mainstream media. However the technical limitations of right now’s Web are extensively understood. We’re ready to reply any substantive challenges on their deserves.
You could want to ask CIA Director Mike Pompeo what he is aware of about this. Our personal prolonged intelligence group expertise means that it’s attainable that neither former CIA Director John Brennan, nor the cyber-warriors who labored for him, have been utterly candid with their new director relating to how this all went down.
Copied, Not Hacked
As indicated above, the unbiased forensic work simply accomplished targeted on knowledge copied (not hacked) by a shadowy persona named “Guccifer 2.zero.” The forensics mirror what appears to have been a determined effort to “blame the Russians” for publishing extremely embarrassing DNC emails three days earlier than the Democratic conference final July. Because the content material of the DNC emails reeked of pro-Clinton bias, her marketing campaign noticed an overriding have to divert consideration from content material to provenance – as in, who “hacked” these DNC emails? The marketing campaign was enthusiastically supported by compliant “mainstream” media; they’re nonetheless on a roll.
“The Russians” have been the perfect offender. And, after WikiLeaks editor Julian Assange introduced on June 12, 2016, “We’ve emails associated to Hillary Clinton that are pending publication,” her marketing campaign had greater than a month earlier than the conference to insert its personal “forensic information” and prime the media pump to place the blame on “Russian meddling.” Mrs. Clinton’s PR chief Jennifer Palmieri has defined how she used golf carts to make the rounds on the conference. She wrote that her…
“..mission was to get the press to give attention to one thing even we discovered troublesome to course of: the prospect that Russia had not solely hacked and stolen emails from the DNC, however that it had carried out so to assist Donald Trump and harm Hillary Clinton.”
Unbiased cyber-investigators have now accomplished the type of forensic work that the intelligence evaluation didn’t do. Oddly, the “hand-picked” intelligence analysts contented themselves with “assessing” this and “assessing” that. In distinction, the investigators dug deep and got here up with verifiable proof from metadata discovered within the report of the alleged Russian hack.
They discovered that the purported “hack” of the DNC by Guccifer 2.zero was not a hack, by Russia or anybody else. Fairly it originated with a replica (onto an exterior storage system – a thumb drive, for instance) by an insider. The info was leaked to implicate Russia. We have no idea who or what the murky Guccifer 2.zero is.
Chances are you’ll want to ask the FBI.
The Time Sequence
June 12, 2016: Assange declares WikiLeaks is about to publish “emails associated to Hillary Clinton.”
June 14, 2016: DNC contractor Crowdstrike, (with a doubtful skilled document and a number of conflicts of curiosity) pronounces that malware has been discovered on the DNC server and claims there’s proof it was injected by Russians.
June 15, 2016: “Guccifer 2.zero” affirms the DNC assertion; claims duty for the “hack;” claims to be a WikiLeaks supply; and posts a doc that the forensics present was synthetically tainted with “Russian fingerprints.” We don’t assume that the June 12, 14, & 15 timing was pure coincidence.
Relatively, it suggests the beginning of a pre-emptive transfer to affiliate Russia with something WikiLeaks may need been about to publish and to “present” that it got here from a Russian hack.
The Key Occasion
July 5, 2016: Within the early night, Japanese Daylight Time, somebody working within the EDT time zone with a pc instantly related to the DNC server or DNC Native Space Community, copied 1,976 MegaBytes of knowledge in 87 seconds onto an exterior storage system.
That velocity is far quicker than what’s bodily attainable with a hack.
It thus seems that the purported “hack” of the DNC by Guccifer 2.zero (the self proclaimed WikiLeaks supply) was not a hack by Russia or anybody else, however was relatively a replica of DNC knowledge onto an exterior storage system.
‘Obfuscation & De-obfuscation’
Mr. President, the disclosure described under could also be associated. Even when it isn’t, it’s one thing we expect you need to be made conscious of on this common connection. On March 7, 2017, WikiLeaks started to publish a trove of unique CIA paperwork that WikiLeaks labeled “Vault 7.” WikiLeaks stated it received the trove from a present or former CIA contractor and described it as comparable in scale and significance to the knowledge Edward Snowden gave to reporters in 2013.
Nobody has challenged the authenticity of the unique paperwork of Vault 7, which disclosed an enormous array of cyber warfare instruments developed, in all probability with assist from NSA, by CIA’s Engineering Improvement Group. That Group was a part of the sprawling CIA Directorate of Digital Innovation – a progress business established by John Brennan in 2015.
Scarcely conceivable digital instruments – that may take management of your automotive and make it race over 100 mph, for instance, or can allow distant spying by means of a TV – have been described and duly reported within the New York Occasions and different media all through March. However the Vault 7, half three launch on March 31 that uncovered the “Marble Framework” program apparently was judged too delicate to qualify as “information match to print” and was stored out of the Occasions.
The Washington Submit’s Ellen Nakashima, it appears, “didn’t get the memo” in time. Her March 31 article bore the catching (and correct) headline:
“WikiLeaks’ newest launch of CIA cyber-tools might blow the duvet on company hacking operations.”
The WikiLeaks launch indicated that Marble was designed for versatile and easyto-use “obfuscation,” and that Marble supply code features a “deobfuscator” to reverse CIA textual content obfuscation.
Extra necessary, the CIA reportedly used Marble throughout 2016. In her Washington Submit report, Nakashima left that out, however did embrace one other vital level made by WikiLeaks; specifically, that the obfuscation software might be used to conduct a “forensic attribution double recreation” or false-flag operation as a result of it included check samples in Chinese language, Russian, Korean, Arabic and Farsi.
The CIA’s response was neuralgic. Director Mike Pompeo lashed out two weeks later, calling Assange and his associates “demons,” and insisting; “It’s time to name out WikiLeaks for what it truly is, a non-state hostile intelligence service, typically abetted by state actors like Russia.”
Mr. President, we have no idea if CIA’s Marble Framework, or instruments prefer it, performed some sort of position within the marketing campaign in charge Russia for hacking the DNC. Nor do we all know how candid the denizens of CIA’s Digital Innovation Directorate have been with you and with Director Pompeo. These are areas which may revenue from early White Home assessment.
Putin and the Know-how
We additionally have no idea in case you have mentioned cyber points in any element with President Putin. In his interview with NBC’s Megyn Kelly, he appeared fairly prepared – maybe even keen – to deal with points associated to the type of cyber instruments revealed within the Vault 7 disclosures, if solely to point he has been briefed on them.
Putin identified that right now’s know-how allows hacking to be “masked and camouflaged to an extent that nobody can perceive the origin” [of the hack] … And, vice versa, it’s potential to arrange any entity or any particular person that everybody will assume that they’re the precise supply of that assault.” “Hackers could also be anyplace,” he stated. “There could also be hackers, by the best way, in the USA who very craftily and professionally handed the buck to Russia. Can’t you think about such a state of affairs? … I can.”
Full Disclosure: Over current many years the ethos of our intelligence career has eroded within the public thoughts to the purpose that agenda-free evaluation is deemed properly nigh unattainable. Thus, we add this disclaimer, which applies to every thing we in VIPS say and do: We have now no political agenda; our sole function is to unfold fact round and, when essential, maintain to account our former intelligence colleagues.
We converse and write with out worry or favor. Consequently, any resemblance between what we are saying and what presidents, politicians and pundits say is only coincidental.
The very fact we discover it’s needed to incorporate that reminder speaks volumes about these extremely politicized occasions. That is our 50th VIPS Memorandum because the afternoon of Powell’s speech on the UN. Stay hyperlinks to the 49 previous memos could be discovered at https://consortiumnews.com/vips-memos/.
FOR THE STEERING GROUP, VETERAN INTELLIGENCE PROFESSIONALS FOR SANITY
William Binney, former NSA Technical Director for World Geopolitical & Army Evaluation; Co-founder of NSA’s Alerts Intelligence Automation Analysis Middle
Skip Folden, unbiased analyst, retired IBM Program Supervisor for Info Know-how US (Affiliate VIPS)
Larry C Johnson, CIA & State Division (ret.)
Michael S. Kearns, Air Drive Intelligence Officer (Ret.), Grasp SERE Resistance to Interrogation Teacher
John Kiriakou, Former CIA Counterterrorism Officer and former Senior Investigator, Senate Overseas Relations Committee
Linda Lewis, WMD preparedness coverage analyst, USDA (ret.)
Edward Loomis, Jr., former NSA Technical Director for the Workplace of Alerts
David MacMichael, Nationwide Intelligence Council (ret.)
Ray McGovern, former U.S. Military Infantry/Intelligence officer and CIA analyst
Elizabeth Murray, former Deputy Nationwide Intelligence Officer for Center East, CIA
Kirk Wiebe, former Senior Analyst, SIGINT Automation Analysis Middle, NSA
Sarah G. Wilton, Intelligence Officer, DIA (ret.); Commander, US Naval Reserve (ret.)
Ann Wright, U.S. Military Reserve Colonel (ret) and former U.S. Diplomat
Editor’s Observe: This VIPS Memo included two mistaken dates. Neither affected the Memo’s principal conclusion; i.e., that the July 5, 2016 intrusion into DNC emails that was blamed on Russia couldn’t have been a hack – by Russia or anybody else.
The parts of the Memo affected by the mistaken dates have been corrected.
A brief rationalization of the corrections:
-(1) June 14, 2016 (not the 15th, because the VIPS memo erroneously said) was the
day Crowdstrike stated malware had been discovered on the DNC server and claimed there was proof the malware was injected by Russians. (On the next day – the 15th) – “Guccifer 2.zero” claimed duty for the “hack” and claimed to be a WikiLeaks supply.)
-(2) Though the VIPS Memo indicated, appropriately, that on June 15, 2016,
“Guccifer 2.zero” … posts a doc that the forensics present was synthetically
tainted with ‘Russian fingerprints,’” different language within the Memo was mistaken in indicating that proof of such tainting was additionally discovered within the “Guccifer 2.zero” metadata from the copying occasion on July 5.
Trackback out of your website.