Since before President Donald Trump was elected, he has been bedeviled by accusations that the Russians hacked emails from the Democratic National Committee (DNC) in order to help him get elected, but a recent report may now put those allegations to rest.
A July 24 open memo to President Donald Trump from a group of former intelligence officers called Veteran Intelligence Professionals for Sanity (VIPS) uses forensic evidence to show the emails were not hacked, and lays out a theory to explain why fake evidence was used to create the impression that the Russians had hacked the DNC’s emails.
Key to the VIPS case is the distinction between leaking—physically downloading files onto a data storage device, such as flash drive, and conveying them to others— and hacking—removing files remotely from a computer through the internet. In the VIPS recounting of the case of the DNC emails, there are two significant instances of data being leaked, with forensic evidence that shows each case was not a Russian hack.
The first leak of DNC files was announced by Julian Assange of Wikileaks, who said on June 12, 2016, that he had “emails related to Hillary Clinton which are pending publication.”
The second leak discussed by VIPS took place on July 5, 2016, and, according to VIPS, was undertaken to distract from the content that Assange was presumed to have, redirecting attention toward Russian interference.
On July 22, three days before the Democratic National Convention, Assange published DNC emails that showed a bias by the DNC toward Hillary Clinton and against her opponent, Bernie Sanders.
According to VIPS, the DNC was waiting for this shoe to drop, and in preparation for it, the case that the Russians were behind the June 12 leak had been swiftly established.
Two days after the initial announcement, on June 14, a cybersecurity company hired by the DNC, Crowdstrike, announced it found malware on the DNC server, which it claimed was placed there by Russia—a claim that was later demonstrated as having several factual errors, and was at best inconclusive.
“Malicious actors can easily position their breach to be attributed to Russia,” states a blog post from the Institute for Critical Infrastructure Technology, a cybersecurity think tank, in response to the claims from Crowdstrike. It added “It would be easy to baselessly declare that all of the attacks were launched by Russia based on the malware employed.”
Then one day later, on June 15, an unknown figure calling him or herself “Guccifer 2.0,” backed the claim from Crowdstrike and the DNC, and this person claimed to have hacked the DNC. Guccifer 2.0 also claimed to be a source for WikiLeaks, and posted a document online to corroborate the claims. The individual piggybacked on the same name as the original “Guccifer,” who had already been arrested and denied having ties to Russia.
There were then several other “hacks” claimed by the mysterious Guccifer 2.0 figure, including a large download from the DNC server on July 5. That download was undertaken “to pre-emptively taint anything WikiLeaks might later publish by ‘showing’ it came from a ‘Russian hack,'” according to the memo.
According to VIPS, because of the implications of the emails showing an effort to help Sanders, “[the Clinton] campaign saw an overriding need to divert attention from content to provenance—as in, who ‘hacked’ those DNC emails.” This led to selling the press on the narrative that Russia was interfering in the election to aid Trump.
Mrs. Clinton’s PR chief, Jennifer Palmieri, wrote how she made the rounds among the press gathered at the Democratic National Convention. Her “mission was to get the press to focus on something even we found difficult to process: the prospect that Russia had not only hacked and stolen emails from the DNC, but that it had done so to help Donald Trump and hurt Hillary Clinton.”
What the Forensics Show
The July 24 memo is the third report VIPS has devoted to making the case that the Russians were not responsible for hacking the DNC.
In a Dec. 12, 2016, memo, VIPS says: “We have gone through the various claims about hacking. For us, it is child’s play to dismiss them. The email disclosures in question are the result of a leak, not a hack.”
Due to the “awesome technical capabilities” of the NSA, which “would know where and how any ‘hacked’ emails from the DNC, HRC [Hillary Rodham Clinton] or any other servers were routed through the network,” VIPS concludes the emails were not hacked.
In backing up its claim to authority in these matters, the Jan. 17, 2017, memo points out that VIPS member William Binney “was Technical Director of NSA and created many of the collection systems still in use.”
In the July 24, 2017, memo Binney and “Skip Folden, who retired after 25 years as the IBM Program Manager for Information Technology, US,” authenticate recent, independent forensic investigations.
The credibility of Guccifer 2.0 as providing evidence for the Russian narrative depends in part on the document he shared that had Russian language metadata. But VIPS says, “the forensics show [the document] was synthetically tainted with ‘Russian fingerprints,'” giving the illusion of Russian involvement.
A June 2016 report published by Investment Watch Blog shows that someone using a copy of Microsoft Word registered in the same name as a Democratic Party technology official “shoehorned in obvious ‘Russian’ fingerprints all over the documents.”
VIPS reports an investigation into the July 5, 2016, “hack” found the files were downloaded from the DNC directly by someone using an external storage device, such as a USB thumb drive. This means the file were downloaded locally, by someone who was physically present within the DNC location.
The downloading took place in the early evening, from a location with Eastern Daylight Time, according to the researchers. It was carried out from a computer directly connected to the DNC server or DNC Local Area Network. The unknown individual “copied 1,976 MegaBytes of data in 87 seconds onto an external storage device,” VIPS reports.
“That speed is much faster than what is physically possible with a hack.” In other words, Guccifer could not possibly have hacked the DNC server on July 5.
Some cybersecurity experts have argued the download speed may not be conclusive evidence that the files were downloaded internally.
William Binney, a co-author of the VIPS memo and an architect of the NSA’s surveillance program, challenged the criticism, however, during a segment on the “Aaron Klein Investigative Radio,” show.
Binney says the critics have no evidence for their claims, and says it’s now on the shoulders of the U.S. government to prove whether the cyberattack took place.
Assessments
The finding that the July 5 document leak could not have been a hack raises serious questions as to why the DNC and former Clinton campaign manager John Podesta refused to allow the FBI, or any government agency, to investigate the alleged cyberattack.
The DNC and former FBI director James Comey have given conflicting statements on what took place. A DNC spokesman told Buzzfeed on Jan. 4 the FBI never requested access to the DNC computer servers, while Comey testified under oath on Jan. 20, before the Senate intelligence committee, that the FBI made “multiple requests at different levels,” and that the DNC denied their requests.
Instead, they hired a private company, Crowdstrike (which VIPS describes as having “a dubious professional record and multiple conflicts of interest”) to assess the alleged cyberattack, which released inconclusive findings. The FBI and other intelligence agencies then based their assessments of the alleged cyberattack off the findings of the private company hired by the DNC.
In the Jan. 17 memo, VIPS points out that no tangible evidence has been shown to back up the claim that Russians had hacked the DNC to assist Trump. It calls upon President Obama “to authorize public release of any tangible evidence that takes us beyond the unsubstantiated, ‘we-assess’ judgments by the intelligence agencies.”
In the July 25 memo, VIPS notes that in a Jan. 6 press conference Obama admitted that the assessment of the intelligence community was “not conclusive.” It was later revealed that much of the Obama administration’s evidence came from a debunked dossier on Trump, collected from Russian government sources, and released by an opposition research company, Fusion GPS, which had been hired by unnamed Democrats and was lobbying for a Russian government official at the same time.
The VIPS report is signed by 16 experts, including individuals who formerly served in various U.S. military branches, the CIA, State Department, FBI, and other agencies.
The July 25 memo was the 50th report by VIPS. Its first one in 2003 warned President Bush that the intelligence Colin Powell used to justify war in Iraq appeared fraudulent.
The memo ends with this disclaimer: “We have no political agenda; our sole purpose is to spread truth around and, when necessary, hold to account our former intelligence colleagues.”