After the testimony of Bill Taylor, the former U.S ambassador to Ukraine, there is now plenty of information documenting the criminal actions of Donald Trump in attempting to extort and blackmail the president of Ukraine into launching investigations for Trump's benefit.
We now know that prior to the phone call with Ukraine President Volodymyr Zelensky, there was a previous discussion between U.S. Amabassador to the European Union Gordon Sondland and a member of Zelensky's staff where he was notified that the military aid money was being held up in exchange for a commitment from Ukraine to investigate both Hunter Biden and links between Crowdstrike and the DNC server. Yes, there was "quid,” and also a "pro" and "quo" linked to this deal. It was already illegal as a campaign finance violation, but the addition of this element takes it up to extortion and bribery.
We know that the investigation of Biden is bogus because Ukrainian prosecutor Viktor Shokin had started his look into Burisma before Hunter Biden ever joined the board of the company. After he joined, the investigation was ended. A year after that happened Joe Biden, along with the IMF and the European Union, called for Shokin to be removed because he had a tendency to drop corruption cases. So there is no link between the investigation and Hunter Biden, and there is no link between the request to remove Shokin and the investigation. We know this and it's well-documented, but what we don't have clearly laid out is the story of Crowdstrike and the mysterious DNC server.
What exactly, is up with that?
In short, the story of Ukraine's link to the 2016 election is just as bogus as the link to Joe Biden and the Shokin investigation, but it's really even more bonkers than that. Still, it doesn't get discussed much and gets largely blown off and treated as a joke, which it is. But it's an amazingly funny joke. Or amazingly sad, if you think more about it.
For example, here is former Rep. Sean Duffy pushing the Crowdstrike and DNC server conspiracy during his first appearance on CNN as a contributor.
Duffy gets countered within seconds because he should be, but he goes on to proclaim that the DNC server was never reviewed by the FBI and says it went to Crowdstrike, which is "partially owned by a Ukrainian." He gets told "this is a conspiracy theory from the right-wing blogs" because it is.
It started on 4Chan and it goes like this: Russia didn't hack the DNC. Russia didn't attack the U.S. election. They didn't hack the DCCC, and they didn't hack Hillary Clinton adviser John Podesta. They didn't supply the information to WikiLeaks. Russia had nothing to do with it. Apparently, the hacking was done by somebody else entirely. According to the theory, the CIA got it wrong, the FBI got it wrong, the NSA got it wrong, and the Mueller investigation got it wrong. Everyone who has looked at this in the past three years has come up with the wrong answer. In most versions of this theory, the hack was done by a former DNC staffer named Seth Rich who was found mysteriously murdered in Washington on July 10, 2016.
The first question is why exactly would Ukraine get involved in any of this? Why would they do it? Well, there's a key story from Politico that professes to claim that Hillary Clinton's links to Ukraine go all the way back to 2013.
The Ukrainian antipathy for Trump’s team — and alignment with Clinton’s — can be traced back to late 2013. That’s when the country’s president, Viktor Yanukovych, whom Manafort had been advising, abruptly backed out of a European Union pact linked to anti-corruption reforms. Instead, Yanukovych entered into a multibillion-dollar bailout agreement with Russia, sparking protests across Ukraine and prompting Yanukovych to flee the country to Russia under Putin’s protection.
In the ensuing crisis, Russian troops moved into the Ukrainian territory of Crimea, and Manafort dropped off the radar.
Manafort’s work for Yanukovych caught the attention of a veteran Democratic operative named Alexandra Chalupa, who had worked in the White House Office of Public Liaison during the Clinton administration. Chalupa went on to work as a staffer, then as a consultant, for Democratic National Committee. The DNC paid her $412,000 from 2004 to June 2016, according to Federal Election Commission records, though she also was paid by other clients during that time, including Democratic campaigns and the DNC’s arm for engaging expatriate Democrats around the world.
Chalupa was concerned with former Trump campaign manager Paul Manafort and his links to Yanukovych, and soon after the Democratic National Convention left to do her own research into the subject. The report seems to suggest some type of wrongdoing on her part but the details seem quite fuzzy. Simply linking a Ukranian-American to the Clinton campaign seems to be enough. (Even though being a consultant for the DNC doesn't make someone a "Clinton associate" her campaign and the DNC did work together once Hillary became the Democratic nominee, but they were always distinctive entities.)
In this theory there was no hack of the DNC. Instead, Rich made copies of the files and placed them on a thumb drive then walked them out of the building. Crowdstrike gets involved when it comes to the files that were given to the FBI, because apparently the theory goes that they completely faked the Russia hack, and then kept their own copy of the real server, which is now located somewhere in Ukraine because one of the owners of the Crowdstrike was born in the Ukraine.
There are a lot of problems with this theory, to say the least. The first is the fact that there is no DNC server, and their email services were provided by a cloud-based system that actually included more than 140 virtual servers.
The “server” Trump is obsessed with is actually 140 servers, most of them cloud-based, which the DNC was forced to decommission in June 2016 while trying to rid its network of the Russian GRU officers working to help Trump win the election, according to the figures in the DNC’s civil lawsuit against Russia and the Trump campaign. Another 180 desktop and laptop computers were also swapped out as the DNC raced to get the organization back on its feet and free of Putin’s surveillance.
But despite Trump’s repeated feverish claims to the contrary, no machines are actually missing.
So in this case, the DNC server can't be in Ukraine, because there was never a box in the closet at the DNC headquarters for the FBI to take to their own offices to analyze.
Trump and his allies are capitalizing on a basic misapprehension of how computer intrusion investigations work. Investigating a virtual crime isn’t a like investigating a murder. The Russians didn’t leave DNA evidence on the server racks and fingerprints on the keyboards. All the evidence of their comings and goings was on the computer hard drives, and in memory, and in the ephemeral network transmissions to and from the GRU’s command-and-control servers.
When cyber investigators respond to an incident, they capture that evidence in a process called “imaging.” They make an exact byte-for-byte copy of the hard drives. They do the same for the machine’s memory, capturing evidence that would otherwise be lost at the next reboot, and they monitor and store the traffic passing through the victim’s network. This has been standard procedure in computer intrusion investigations for decades. The images, not the computer’s hardware, provide the evidence.
Both the DNC and the security firm Crowdstrike, hired to respond to the breach, have said repeatedly over the years that they gave the FBI a copy of all the DNC images back in 2016. The DNC reiterated that Monday in a statement to the Daily Beast.
“The FBI was given images of servers, forensic copies, as well as a host of other forensic information we collected from our systems,” said Adrienne Watson, the DNC’s deputy communications director. “We were in close contact and worked cooperatively with the FBI and were always responsive to their requests. Any suggestion that they were denied access to what they wanted for their investigation is completely incorrect.”
The FBI received digital copies of the server hard drives, and that wasn't because the DNC had anything to hide or was trying to cover up. It's because that's the only way that they could provide the forensic information to be examined. I should stop right here, as this pretty much debunks the idea that Crowdstrike pulled a switcheroo with the files and falsely planted information that implicated Russia.
But I know that if any of you guys end up debating this with your family or online trolls, simply pointing out that there was never a physical server at the DNC which has now somehow wound up in Ukraine won't be enough.
In addition, there's the fact that when Crowdstrike looked at the server, they found malware known as APT28 and APT29 that came from both the GRU and FSB located in the system.
It began ominously. Nearly two months earlier, in April, the Democrats had noticed that something was wrong in their networks. Then, in early May, the DNC called in CrowdStrike, a security firm that specializes in countering advanced network threats. After deploying their tools on the DNC's machines, and after about two hours of work, CrowdStrike found "two sophisticated adversaries" on the Committee's network. The two groups were well-known in the security industry as "APT 28" and "APT 29." APT stands for Advanced Persistent Threat—usually jargon for spies.
CrowdStrike linked both groups to "the Russian government's powerful and highly capable intelligence services." APT 29, suspected to be the FSB, had been on the DNC's network since at least summer 2015. APT 28, identified as Russia's military intelligence agency GRU, had breached the Democrats only in April 2016, and probably tipped off the investigation. CrowdStrike found no evidence of collaboration between the two intelligence agencies inside the DNC's networks, "or even an awareness of one by the other," the firm wrote.
This was big. Democratic political operatives suspected that not one but two teams of Putin's spies were trying to help Trump and harm Clinton. The Trump campaign, after all, was getting friendly with Russia. The Democrats decided to go public.
APT28 is a known malware tool used by the GRU that had previously been found on other systems attacked by the Russians, including the State Deptartment and White House email systems in 2014.
Western governments have attributed APT28 and APT29 to different parts of Russia’s intelligence services.
The campaign tracked by FireEye sent malicious emails purporting to be from a State Department public affairs official. The offensive targeted a range of sectors, from the U.S. military and defense contractors, to the law enforcement, media, transportation, and pharmaceutical industries, FireEye said.
Russian hackers carried out a 2014 breach of the State Department’s unclassified computer system, according to reporting from The Washington Post and The New York Times. FireEye said there is no indication that State Department networks were used in the newly uncovered campaign.
“The attacker appears to have compromised the email provider for a hospital and the corporate website of a consulting company, in order to use their infrastructure to send phishing emails,” FireEye analysts wrote in a blog.
APT28 and APT29 are definitively linked to Russia hacking activities, but again in this theory there was no hack, it was an inside job perpetrated by Seth Rich. The filings by Roger Stone in his case depend deeply on this theory and argue that the government has not provided sufficient evidence that a thumb drive was used to transport the key files from the DNC.
To support his argument, Stone submitted affidavits from two former intelligence officials who agreed that Russia was an unlikely source for the files, citing metadata, time stamps and even time zone data as evidence that the removal of DNC files may have originated in the United States. Stone argued that if the evidence Russia was behind the hacks was faulty, the search warrants used to ultimately indict him.
But prosecutors, who revealed they obtained 18 search warrants on Stone to support their charges against him, rebutted the arguments forcefully Friday, taking aim at the two former intelligence officials he cited.
"Even if those claims were correct and well supported (which they are not), they would not come close to suggesting that any statements about Russia conducting the hacks were false," wrote prosecutors in the office of Washington’s U.S. Attorney Jessie Liu, who assumed oversight of the case after special counsel Robert Mueller began winding down his work.
"For example, allegations concerning the time stamps and the time signatures would be equally consistent with Russia intelligence officers using a thumb drive to transfer hacked materials among themselves after the hack took place," prosecutors wrote. "Similarly, the time zone analysis is wholly consistent with the fact that the victims were in the Eastern Daylight Time Zone, rather than providing any information regarding the location of the perpetrators."
Ultimately, they argue, Stone presented no evidence "that suggests that Russia was not involved in the hack."
If Seth Rich is the one who had transferred the file using a thumb drive, there are several problems with that idea beyond what prosecutors have mentioned so far in court. The first is the fact that Rich died on July 10, and that three days later on July 13, Russia's SVR intelligence unit started the rumor that he was the source of the hacked files and that he had been killed by Hillary Clinton's "hit squad."
Russia’s foreign intelligence service, known as the SVR, first circulated a phony “bulletin” — disguised to read as a real intelligence report —about the alleged murder of the former DNC staffer on July 13, 2016, according to the U.S. federal prosecutor who was in charge of the Rich case. That was just three days after Rich, 27, was killed in what police believed was a botched robbery while walking home to his group house in the Bloomingdale neighborhood of Washington, D.C., about 30 blocks north of the Capitol.
The purported details in the SVR account seemed improbable on their face: that Rich, a data director in the DNC’s voter protection division, was on his way to alert the FBI to corrupt dealings by Clinton when he was slain in the early hours of a Sunday morning by the former secretary of state’s hit squad.
Yet in a graphic example of how fake news infects the internet, those precise details popped up the same day on an obscure website, whatdoesitmean.com, that is a frequent vehicle for Russian propaganda. The website’s article, which attributed its claims to “Russian intelligence,” was the first known instance of Rich’s murder being publicly linked to a political conspiracy.
“To me, having a foreign intelligence agency set up one of my decedents with lies and planting false stories, to me that’s pretty outrageous,” said Deborah Sines, the former assistant U.S. attorney in charge of the Rich case until her retirement last year. “Maybe other people don’t think it’s that outrageous. I did ... once it became clear to me that this was coming from the SVR, then that triggers a lot of very serious [questions about] ‘What do I do with this?’”
Isn't it nice to have your own personal "hit squad" to take out lowly DNC workers on a whim?
The very next day after this theory was posted by SVR, a link was emailed to WikiLeaks which included a 1GB archive file of DNC email, as documented by the Mueller report.
Although the broad outlines of the hacking and influence campaign have been widely reported, the indictment describes for the first time the identities, techniques and tactics of the operation to disrupt American democracy.
It includes details on how the Russians, using an encrypted file with instructions, delivered their trove of hacked emails to WikiLeaks, the online anti-secrecy organization led by Julian Assange that became the main platform for the Russians to display their trove of hacked emails.
Not long after this, WikiLeaks began to champion the Seth Rich case and suggest that he was the source of the files, but the Mueller report indicates this was false.
The newly released report on Russian interference in the 2016 elections rejected the claims of WikiLeaks founder Julian Assange that he received leaked emails from a young employee at the Democratic National Committee, as Special Counsel Robert Mueller said Assange used the murder of DNC worker Seth Rich in an effort to cover up the fact that Russian Intelligence had hacked the DNC emails, and transferred them to WikiLeaks.
"As reports attributing the DNC and DCCC hacks to the Russian government emerged, WikiLeaks and Assange made several public statements apparently designed to obscure the source of the materials that WikiLeaks was releasing," the Mueller report stated, referring to Assange's claim that Rich was involved.
"The statements about Rich implied falsely that he had been the source of the stolen DNC emails," the report added on page 56 of the 448 page document released on Thursday by the Justice Department.
The redacted version of the Mueller Report reiterated what had been alleged in a previous indictment of a group of Russian Intelligence agents, that they had hacked into a DNC email server starting in May 2016, and posing as 'Guccifer 2.0,' sent an encrypted attachment, "wk dnc link1.txt.gpg" to WikiLeaks.
The Mueller report said WikiLeaks did not receive the hacked DNC emails and documents from GRU officers until July 14 - four days after Rich had been murdered.
If Rich was indeed the source of the hacked files, how did he send them (while pretending to be Guccifer 2.0) four days after his death? I'm just saying that's a fairly neat trick.
Also, since Rich didn't have access to the DCCC’s and John Podesta's files, how exactly did he get ahold of them and provide them to WikiLeaks as well, when those attacks were identical?
According to ThreatConnect and Fidelis Cybersecurity, two security firms that have been studying the activities of a hacker group dubbed Cozy Bear, hackers from that organization used some of the same internet infrastructure to attack the two Democratic groups. Cozy Bear hackers utilized an email address identified by German intelligence as one used by the group to register an internet domain that was then used in the attack on the DCCC.
The more you dig into the Rich conspiracy, the more it falls apart. Rich was already dead when WikiLeaks received both the DNC files and the John Podesta emails, which were sent to WikiLeaks by DCLeaks months later on Sept. 22.
Also if Crowdstrike faked the appearance of APT28 and APT29 malware on the DNC server, how did those malware files get to the DCCC and Podesta systems?
Then there's the point that Crowdstrike's cofounder isn't from Ukraine: The CTO is actually from Russia and was born in Moscow.
Dmitri Alperovitch is Russian-born American computer security industry executive. He is co-founder and chief technology officer of CrowdStrike. In August 2011, as vice president of threat research at McAfee, he published Operation Shady RAT, a report on suspected Chinese intrusions into at least 72 organizations, including defense contractors, businesses worldwide, the United Nations and the International Olympic Committee.[1] "Alperovitch is an American citizen born in Russia who escaped to the United States with his family during the Soviet era."
Born in Russia, Alperovitch is a U.S. citizen.[3] In 1994, his father was granted a visa to Canada, and a year later the family moved to Chattanooga,[4] Alperovitch earned a B.S. in computer science in 2001, and a M.S. in information security in 2003, both from Georgia Institute of Technology. It was the school’s first graduate degree in information security.[5]
So if the argument is that Alperovitch had links to Ukraine that would make him want to falsify the DNC hack as coming from Russia, but he's actually a former Russian born in Moscow who escaped the Soviet system, that really doesn't make much sense now, does it? He has nothing to do with Ukraine.
This entire theory frankly makes no sense at all. Seth Rich (from beyond the grave) apparently sent the DNC and DCCC files to WikiLeaks magically, while Crowdstrike (which isn't run by a Ukranian) doesn't have a hidden copy of the DNC server hidden away somewhere, because in fact there was no physical DNC server for them to take and not give to the FBI.
Meanwhile, the assessment by the CIA and other intelligence agencies that Russia did the hacks is not wrong.
The CIA has concluded in a secret assessment that Russia intervened in the 2016 election to help Donald Trump win the presidency, rather than just to undermine confidence in the U.S. electoral system, according to officials briefed on the matter.
Intelligence agencies have identified individuals with connections to the Russian government who provided WikiLeaks with thousands of hacked emails from the Democratic National Committee and others, including Hillary Clinton’s campaign chairman, according to U.S. officials. Those officials described the individuals as actors known to the intelligence community and part of a wider Russian operation to boost Trump and hurt Clinton’s chances.
“It is the assessment of the intelligence community that Russia’s goal here was to favor one candidate over the other, to help Trump get elected,” said a senior U.S. official briefed on an intelligence presentation made to U.S. senators. “That’s the consensus view.”
Similarly, that view was held by the Mueller report.
The Russian government interfered in the 2016 presidential election in sweeping and systematic fashion. Evidence of Russian government operations began to surface in mid-2016. InJune, the Democratic National Committee and its cyber response team publicly announced thatRussian hackers had compromised its computer network. Releases of hacked materials—hacks that public reporting soon attributed to the Russian government—began that same month.Additional releases followed in July through the organization WikiLeaks, with further releases inOctober and November.
In late July 2016, soon after WikiLeaks’s first release of stolen documents, a foreign government contacted the FBI about a May 2016 encounter with Trump Campaign foreign policy advisor George Papadopoulos. Papadopoulos had suggested to a representative of that foreign government that the Trump Campaign had received indications from the Russian government that it could assist the Campaign through the anonymous release of information damaging toDemocratic presidential candidate Hillary Clinton. That information prompted the FBI on July31, 2016, to open an investigation into whether individuals associated with the Trump Campaign were coordinating with the Russian government in its interference activities.
That fall, two federal agencies jointly announced that the Russian government “directed recent compromises of e-mails from US persons and institutions, including US political organizations,” and, “[t]hese thefts and disclosures are intended to interfere with the US election process.” After the election, in late December 2016, the United States imposed sanctions on Russia for having interfered in the election. By early 2017, several congressional committees were examining Russia’s interference in the election.
Mueller also issued an indictment against members of the GRU which named their members specifically and documented exactly what files each of them accessed when.
The defendants, all Russian nationals and residents, are Aleksei Sergeyevich Morenets, 41, Evgenii Mikhaylovich, Serebriakov, 37, Ivan Sergeyevich Yermakov, 32, Artem Andreyevich Malyshev, 30, and Dmitriy Sergeyevich Badin, 27, who were each assigned to Military Unit 26165, and Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46, who were also GRU officers.
The indictment alleges that defendants Yermakov, Malyshev, Badin, and unidentified conspirators, often using fictitious personas and proxy servers, researched victims, sent spearphishing emails, and compiled, used, and monitored malware command and control servers.
When the conspirators’ remote hacking efforts failed to capture log-in credentials, or if the accounts that were successfully compromised did not have the necessary access privileges for the sought-after information, teams of GRU technical intelligence officers, including Morenets, Serebriakov, Sotnikov, and Minin, traveled to locations around the world where targets were physically located. Using specialized equipment, and with the remote support of conspirators in Russia, including Yermakov, these close access teams hacked computer networks used by victim organizations or their personnel through Wi-Fi connections, including hotel Wi-Fi networks. After a successful hacking operation, the close access team transferred such access to conspirators in Russia for exploitation.
This level of specificity and detail may have been possible because the hack was first discovery by Dutch Intelligence who had infiltrated the surveillance system inside GRU headquarters.
In the Summer of 2015, Dutch intelligence services were the first to alert their American counterparts about the cyberintrusion of the Democratic National Committee by Cozy Bear, a hacking group believed to be tied to the Russian government. Intelligence hackers from Dutch AIVD (General Intelligence and Security Service) had penetrated the Cozy Bear computer servers as well as a security camera at the entrance of their working space, located in a university building adjacent to the Red Square in Moscow.
Over the course of a few months, they saw how the Russians penetrated several U.S. institutions, including the State Department, the White House, and the DNC. On all these occasions, the Dutch alerted the U.S. intelligence services, Dutch tv programme Nieuwsuur and de Volkskrant, a prominent newspaper in The Netherlands, jointly report on Thursday. This account is based on interviews with a dozen political, diplomatic and intelligence sources in The Netherlands and the U.S. with direct knowledge of the matter. None of them wanted to speak on the record, given the classified details of the matter.
Not only had Dutch intelligence penetrated the computer network of the hackers, they also managed to hack a security camera in the corridor. This allowed them to see exactly who entered the hacking room. Information about these individuals was shared with the US intelligence services. Dutch intelligence services consider Cozy Bear an extension of the SVR, the Russian foreign intelligence service, which is firmly controlled by President Putin.
And yet the conspiracy persist that the Russians had nothing to do with this attack even though right from the beginning they were caught red-handed.
To believe this you'd have to believe that George Papadopoulos was wrong when he said Russia had "tons of Hillary's emalls" and that the fairly recent Senate Intelligence report was wrong when it said Russia hacked our election in 2016.
A new report by the Senate Intelligence Committee released Thursday reveals that Russia's attempt to hack America's election systems in 2016 was more widespread than previously thought. The heavily-redacted report, which is the first of five volumes the committee will release on Russia's meddling, reveals that Moscow didn't just target 21 state election systems, as had previously been reported—they were going after all 50. “Russian government-affiliated cyber actors conducted an unprecedented level of activity against state election infrastructure in the run-up to the 2016 U.S. elections,” the report notes. “The Committee found ample evidence to suggest that the Russian government was developing and implementing capabilities to interfere in the 2016 elections, including undermining confidence in U.S. democratic institutions and voting processes.”
There is, simply put, no way this theory makes sense. Trump and his minions would have you believe that Ukraine somehow pulled off an incredible magic trick of fooling Crowdstrike and the FBI, CIA, NSA, Robert Mueller, and the Senate without leaving a single solitary trace of evidence. If you believe that, I have a bridge over the Potomac to sell you.