The FBI, CIA and NSA claim that the DNC emails published by WIKILEAKS on July 26, 2016 were obtained via a Russian hack, but more than three years after the alleged “hack” no forensic evidence has been produced to support that claim. In fact, the available forensic evidence contradicts the official account that blames the leak of the DNC emails on a Russian internet “intrusion”. The existing evidence supports an alternative explanation--the files taken from the DNC on between 23 and 25May 2016 and were copied onto a file storage device, such as a thumb drive.
If the Russians actually had conducted an internet based hack of the DNC computer network then the evidence of such an attack would have been collected and stored by the National Security Agency. The technical systems to accomplish this task have been in place since 2002. The NSA had an opportunity to make it clear that there was irrefutable proof of Russian meddling, particularly with regard to the DNC hack, when it signed on to the January 2017 “Intelligence Community Assessment,” regarding Russian interference in the 2016 Presidential election:
We also assess Putin and the Russian Government aspired to help President-elect Trump’s election chances when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to him. All three agencies agree with this judgment. CIA and FBI have high confidence in this judgment; NSA has moderate confidence.
The phrase, “moderate confidence” is intelligence speak for “we have no hard evidence.” Thanks to the leaks by Edward Snowden, we know with certainty that the NSA had the capability to examine and analyze the DNC emails. NSA routinely “vacuumed up” email traffic transiting the U.S. using robust collection systems (whether or not anyone in the NSA chose to look for this data is another question). If those emails had been hijacked over the internet then NSA also would have been able to track the electronic path they traveled over the internet. This kind of data would allow the NSA to declare without reservation or caveat that the Russians were guilty. The NSA could admit to such a fact in an unclassified assessment without compromising sources and methods. Instead, the NSA only claimed to have moderate confidence in the judgement regarding Russian meddling. If the NSA had hard intelligence to support the judgement the conclusion would have been stated as “full confidence.”
We believe that Special Counsel Robert Mueller faces major embarrassment if he decides to pursue the indictment he filed--which accuses 12 Russian GRU military personnel and an entity identified as, Guccifer 2.0, for the DNC hack—because the available forensic evidence indicates the emails were copied onto a storage device.
According to a DOJ press release on the indictment of the Russians, Mueller declares that the emails were obtained via a “spearphising” attack:
In 2016, officials in Unit 26165 began spearphishing volunteers and employees of the presidential campaign of Hillary Clinton, including the campaign’s chairman. Through that process, officials in this unit were able to steal the usernames and passwords for numerous individuals and use those credentials to steal email content and hack into other computers. They also were able to hackinto the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC) through these spearphishing techniques to steal emails and documents,covertly monitor the computer activity of dozens of employees, and implant hundreds of files of malicious computer code to steal passwords and maintain access to these networks.
The officials in Unit 26165 coordinated with officials in Unit 74455 to plan the release of the stolen documents for the purpose of interfering with the 2016 presidential election. Defendants registered the domain DCLeaks.com and later staged the release of thousands of stolen emails and documents through that website. On the website, defendants claimed to be “American hacktivists” and used Facebook accounts with fictitious names and Twitter accounts to promote the website.
After public accusations that the Russian government was behind the hacking of DNC and DCCC computers, defendants created the fictitious persona Guccifer 2.0. On the evening of June 15, 2016 between 4:19PM and 4:56PM, defendants used their Moscow-based server to search for a series of English words and phrases that later appeared in Guccifer 2.0’s first blog post falsely claiming to be a lone Romanian hacker responsible for the hacks in the hopes of undermining the allegations of Russian involvement.
Notwithstanding the DOJ press release, an examination of the Wikileaks DNC files do not support the claim that the emails were obtained via spearphising. Instead, the evidence clearly shows that the emails posted on the Wikileaks site were copied onto an electronic media, such as a CD-ROM or thumbdrive before they were posted at Wikileaks.
