I’ve made several attempts at writing out the events of Russiagate, usually failing after several hours. Should I cover it chronologically? It quickly becomes dense and hard to follow. The most important events seem to blend into the background of all the details.
Should I cover it by event or by person? It feels like you miss things that were going on concurrently and it’s hard to show the depth of how bad this is.
Instead, I will focus on the “hack” of the Democratic National Committee in 2016. What follows is a theory. These are my opinions, take it all with a grain of salt, and do your own research. Shoutout to the defense lawyers reading this.
There have always been problems in the narrative.
Each concern spelled out in Sam Biddle’s December 2016 article is still valid, in addition to other issues that have developed. For all the talk about the sophistication of a nation-state actor, they left behind clues that screamed Russia.
Despite Dmitri Alperovitch stating that upon plugging in Crowdstrike’s sensors and immediately discovering Russians active in the network in early May 2016 they delayed the remediation event for 5 weeks. In the middle of a campaign. If you were the client who was told that a nation-state had hacked you and was going through your most sensitive files, would you be okay with a 5 week delay to fix it?
There was also testimony referencing a report that they had found data “staged” for exfiltration:
Well…hackers don’t do that until they are about to exfil the data, because it’s noisy. We’re talking about moving folders around and collecting the files into a single location. That draws red flags. It draws attention. With that in mind, why do you slow walk a remediation event? The experts are telling you that it’s gametime, the hackers are going to make a play for the documents. You’d better try something! When did they realize the data had been staged for exfil?
We know based on the dates of the emails later sent to Wikileaks that exfiltration did not occur until approximately May 25th, give or take a couple days. That’s about 3 weeks after Crowdstrike had found Russians active in the network. As Shawn Henry testified, Crowdstrike picked up nothing on their sensors during exfiltration.
My speculation is that the exfiltration had to occur on a system unmonitored by those sensors. That suggests that someone with administrative access or insight into all the nuances of the investigation had to take those emails. I do NOT believe or support any speculation that Seth Rich had anything to do with this.
Alternately, a nation-state employed a sophisticated program to exfiltrate the data, (albeit while inexplicably leasing and using servers from within the United States), in a manner that covered their tracks, and then made the jaw-dropping error of sending out documents after using Russian-language settings on them and left meta-data on the documents that referenced a Soviet-era figure, after using an IP address that had been publicly identified as being associated with the GRU, on top of failing to use a VPN and exposing their location to be in Moscow.
That creates a question for Michael Sussmann, who was the point person for the DNC on the hack. Hey Mr. Sussmann, what’s up with that? Who had that type of access? While asking him questions, someone should ask to what extent Rodney Joffe or other contractors were involved with his DNC hack investigation.
I want to back up a bit to the fall of 2015 when the DNC was broke. Desperate for cash, they negotiated a funding agreement with Hillary Clinton. In exchange for funding the DNC, Clinton wanted to choose the communications director of the DNC, she wanted full financial control over the DNC, and she wanted to be able to influence the way state parties were spending and some of the messaging.
It becomes interesting because when the emails are later dumped to Wikileaks, they come from 7 email accounts (despite media reports from the time indicating 30+ accounts were compromised):
DNC Communications Director Luis Miranda
DNC National Finance Director Jordon Kaplan
DNC Finance Chief of Staff Scott Comer
DNC Finance Director of Data & Strategic Initiatives Daniel Parrish
DNC Finance Director Allen Zachary
DNC Finance Senior Advisor Andrew Wright
Northern California Finance Director Robert (Erik) Stowe
Do you see the pattern? It’s a very odd coincidence.
Here’s what I think happened.
Someone involved in the DNC-led investigation into the hack collected these emails, downloaded them on a system not monitored by Crowdstrike and leaked them to Wikileaks themselves. Not Seth Rich.
It’s a fair point to look at the “swift boat” email later in this post and other emails as items they wouldn’t have voluntarily released. But, people are stupid and mistakes happen, so for me it does not rule out an inside-job. They didn’t think Clinton would lose. Perhaps there really was a hack but maybe there’s something wrong with the attribution.
I believe this was the first step into an operation approved by Hillary Clinton.
There was a multi-faceted conspiracy that consisted of a few phases:
The Steele Dossier (debunked as fraud)
The fake Alfa Communications server allegations (debunked as fraud)
The pressuring of the US government, by feeding information through the FBI, CIA, State Department, Harry Reid, and the media, in an apparent effort to create a criminal investigation into Trump.
I believe that portion of the plan went somewhat awry. Clinton was hoping for something a little bigger to happen, or she thought/hoped it would blow up into something bigger before the election. Maybe she thought with the New York Times originally in line to publish a bombshell Alfa-Putin-Trump secret communications channel story that everything else would explode onto the scene given all the conversations and posturing behind the scenes to seed the dossier information to journalists of every major news outlet, Congress, and others.
I also believe that the lightly-reported on “Russian Twitter bots” of the 2016 election were similarly the result of fraud based on the events of the 2017 Alabama Senate race and “Project Birmingham” where operatives tied to Fusion GPS and Daniel Jones (who was also involved in Alfa Bank allegations) admitted to a false flag operation that involved creating Twitter bots to tie the Republican Senate candidate to them in the hopes of orchestrating a smear campaign. Some of the same “researchers” involved in the false flag operation had reported on the alleged Russian interference of 2016, including to the US Senate. That is either a remarkable 180 degree shift to them being the criminals, or, it raises the question of what actually happened in 2016 and given what we know about the Steele dossier and Alfa allegations, I err on the side of fraud.
I also believe that:
The hack of the DNC was a false flag operation to manufacture interest in the dossier and other allegations.
Whatever swift boat project they were referencing in February 2016 never happened unless it was this Trump-Russia collusion narrative.
We got a glimpse into the effectiveness of that campaign in a Durham filing where after news of the hack broke, we can see that there was substantial media interest and numerous emails to Fusion GPS operatives from reporters wanting to discuss dossier allegations.
Without the “DNC hack” the dossier was going to be worthless. The dossier was just a bunch of words on a page. No reporter was going to spend time to run those stories down. It would’ve been seen as typical election-fodder.
The DNC successfully navigated to have a private entity conduct the investigation into the “hack” and then withheld all of the data and work product from the FBI until at least October 2016 and we know that based on exhibit 147 of the Sussmann trial. Somehow, they managed to keep the FBI from ever obtaining and analyzing the servers themselves.
That does not seem normal.
We’re talking about an adversary hacking a political party. You turn those servers over, and if you’re the FBI, you go get those servers.
This is where the conspiracy seems to grow to involve elements of the federal government. I previously asked how the government made its October 7, 2016 attribution for the hacks without the evidence from Crowdstrike.
If you’ve read me before, you’ve seen me make the point several times asking why Rodney Joffe, Manos Antonakakis, and David Dagon, who were involved in the phony Alfa bank allegations, were also involved in helping Special Counsel Mueller and why they did work on the DNC hack. It blows my mind that they could be associated with both investigations.
I’m not suggesting they did something wrong and I don’t know if it would’ve been intentional, but it doesn’t make sense.
A certain signature of Russiagate is that everything that hasn’t made sense has turned out to be breathtakingly bad.
Why is there a hypersensitivity here? Why does Manos care? A draft of a speech is sent out that someone else is going to make, and he makes a special point to address Crowdstrike and the DNC hack specifically. Why? Is it fair to assume he has some time of stake in the issue? In September 2017? [Not the only conversation he had about Crowdstrike, see here]
And as we’ve discussed, Antonakakis was working for Mueller (“via DARPA”), perhaps at the exact moment he was sending that email.
We’ve tiptoed around this in numerous postings. The plain language and most reasonable interpretation of these emails and other snippets I’ve shared is that the attribution for the hack of the Democratic National Committee was done by Manos Antonakakis and perhaps with the assistance of David Dagon and/or Rodney Joffe.
We’ve previously noted that a source revealed to sleuths that it was Rodney Joffe who traced the hack of the DNC back to the Russia.
As Guccifer 2.0 is alleged to be one of the 12 GRU agents indicted by Mueller, our previous speculation that a substantial body of evidence produced or analyzed by Antonakakis/Dagon/Joffe is likely permanently sequestered as grand jury material in that case seems likely to be accurate. Based on our recent reporting, it appears this work product was submitted “via DARPA” to Special Counsel Mueller.
Given the allegations around the fraudulent nature of the Alfa Bank data and the white papers, should that evidence in the DNC hack case be re-examined? Yes it should, in our opinion.
We haven’t even discussed how Ilya Sachkov and Sergei Mikhailov fit in, largely because we don’t have much detail beyond what Bloomberg wrote. We do know that Christopher Davis (HYAS) who was associated with the Alfa allegation media write-ups had a social media connection to Group-IB. Is there a connection there? Or is it only CIA connected? We don’t know.
There seems to be much more to the GRU attribution story as a whole.
Keep in mind that Fusion GPS signed its contract with Perkins Coie on April 11, 2016, just days before the “hack” of the DNC. What were they going to do? They’d already been doing research for someone else and hadn’t come up with much. So why engage them? Recall that “swift boat” email from February 2016 we noted above.
Did they plan to manufacture a controversy?
Jumping ahead, recall that it was the Clinton campaign who announced the DNC hack. The announcement on June 14, 2016 and it was absolutely hammered in a massive Clinton media campaign. Washington Post obtained quotes from Alperovitch, Shawn Henry, and others for their first article announcing the hack, with Fusion GPS friendly Tom Hamburger contributing. The Guardian also got Alperovitch on record for their article, as did other outlets.
These added to a blog post by Alperovitch also posted on June 14th. It was a massive media push. The FBI had barely gotten any information or access at that point.
The next day, Guccifer 2.0 posted his first blog. [coincidentally using Wordpress, just like Tea Leaves would later do]
Isn’t that convenient? Boom, here is the hacker, right in your face after Clinton had a bunch of articles published. Not two days later, not a week later, the very next day. This created massive pressure and would’ve made the FBI much more receptive to Steele’s dossier reports, with the first one written on June 20th and given to the FBI shortly thereafter. A coordinated campaign makes the most logical sense.
Through a series of just-clumsy enough posts, Guccifer 2.0 masqueraded as a blundering group of Russians trying in vain to hide their affiliations, we were led to believe. This, despite largely posting and interacting during eastern standard time’s typical work hours. At times, his (their) English is outstanding.
Just before the Trump inauguration, Guccifer 2.0 posted for the last time. A hacking psuedonym with massive readership and reach, and they never use the account again. They never post other documents from other hacks with it, even if for no other reason that to sow confusion. The Russians have done plenty of hacks in Ukraine and elsewhere, and they’ve never used the persona again.
Here’s where another coincidence comes in.
Remember when I said both Tea Leaves and EmptyWheel-QuoteTweeting-Guccifer 2.0 liked using Wordpress blogs? On October 4th 2016 they also both used a file share website called Mediafire.
That upload from Guccifer 2.0 took place at 5:35pm on October 4th.
Curiously April Lorenzen (Tea Leaves) also uploaded documents to MediaFire on October 4th.
In the span of less than 4 hours, both April Lorenzen and Guccifer 2.0 uploaded files to MediaFire. To be sure, Guccifer 2.0 did upload some files to other fileshare websites as well, and I’m not saying that April Lorenzen is also Guccifer 2.0. I’m just saying it’s odd to me as someone who has never used MediaFire or been given a link to a MediaFire file.
Again, I’m just pointing out some coincidences. Don’t draw an inference that I am slyly accusing April Lorenzen of being Guccifer 2.0. I am just putting questions out there that seem somewhat obvious.
I believe that the hack of the DNC and other efforts we observed were all part of a sophisticated scheme by Hillary Clinton and various government operatives.
It’s worth pointing out that it’s entirely possible to mimic a hacking group - with a little bit of research on their techniques. That said, I have no idea whether any cybersecurity researchers or any specific individuals mentioned in this post were engaged in any misconduct related to Guccifer 2.0 or the hack of the DNC and I am not suggesting that were was misconduct on the part of any specific individual.
Whether or not there was malfeasance on the part of any cybersecurity researchers, my opinion on the DNC hack as a false flag operation does not change. The spoofing or faking of a hack or its attribution is the only thing that ties together all the other facets of the conspiracy.
I am not certain that John Durham looked at this angle at all, as late as May 2022 he was still trying to get Fusion GPS emails and employed a skeleton staff.
At a length cutoff for a post that I could probably expand on quite a bit, but I would also like to review all the connections of the cyber researchers, and talk about the Intelligence Community Assessment and Mueller/Danchenko/Comey insanity soon as an extension of the conspiracy.
Yeah, the DNC hack just reeks. Two other related things come to mind. First, wasn't Cozy Bear already on their system from like fall of 2015? Why no action there?
Second, is that Clapper evidently said in an interview that in early August 2016 that Obama basically directed everyone to go all out to investigate and Russian election meddling. That was, of course, immediately after Brennan briefed Obama about having intercepted a Russian communication showing that they knew about Hillary's swift boat plan. That basically had the effect of giving the DNC "Russian/Fancy Bear Hack" an imprimatur of legitimacy and simultaneously blowing so much other "Russian" smoke out there that no one could see the forest for the trees.
BTW-- anyone have a copy of that Clapper article/statement or remember where it came from? I want it for my "library."