Discover more from Sleuth News
Was the DNC hack a false-flag operation?
Like a finely tuned dowsing rod, my ears perked up during the Sussmann trial testimony of Jared Novick this week. I was in the courtroom on Tuesday as Novick said the magic words in describing Packet Forensics, “...I understand them to put internet sensors around the world that would observe internet traffic data.”
It is this sentence that feeds into the biggest story in political history. Was the hack of the DNC a false flag operation? It certainly had the impact of turning recalcitrant journalists into a group beating down the doors of Fusion GPS for more information on the dossier materials they were disseminating.
Recall that Michael Sussmann was the representative on behalf of the DNC who engaged Crowdstrike and interfaced with Crowdstrike and the FBI in the ensuing investigation. We’ve previously established the long-standing ties between Rodney Joffe and Michael Sussmann, given that Sussmann was the outside counsel for Neustar and represented Joffe personally in a matter during 2015.
That becomes notable given Jared Novick’s testimony this week that he was given a list of 5-7 Trump associates by Joffe sometime in mid August 2016. The 3 names testified to at trial as being on the list were Richard Burt, Carter Page and Sergei Millian.
That becomes crucial, as footnotes 461 and 223 of the IG Horowitz report appears to reference the same list arriving in late July 2016 to the FBI:
How were the names of Carter Page and Sergei Millian given to Rodney Joffe? How would he know their importance in late July or early August?
The only data point known is that of a July 29th, 2016 meeting between Sussmann, Elias, members of Fusion GPS and Joffe. Christopher Steele was in the building, and apparently down the hall in another room if you believe his deposition in the Alfa civil case.
What is interesting is that the first public media report on Page would come in September, but dossier report 94 which mentions the false allegations of Page meeting with Igor Sechin is dated July 19th, just days before this meeting.
Within days of the July 29 meeting, the list of Trump associates along with physical addresses, email addresses, business ties, spouse information and more was provided to the FBI. The only apparent means for these names to be conveyed to Joffe would be a tasking by Michael Sussman between July 19-29 or during this discussion which involved Fusion GPS (and Steele was in the building).
I make that point to raise the specter that Sussmann was a witting participant in the scheme to tie Trump to Russia.
Backing up to the hack of the DNC. Sussmann and the DNC were allegedly slow to respond to the FBI requests for information (who never obtained the servers in question). In fact, the first time the FBI connected with Crowdstrike and began receiving any information from them was after media reports on June 14th pushed by the Clinton campaign which offered conclusions that Russia was behind it.
First obtained by the great Margot Cleveland of The Federalist, not all cyber security professionals are on board with the techniques used by Crowdstrike.
In what can only be described as a hypersensitivity, Manos Antonakakis resigned as attribution director in May 2018 after a blowup over discussion of Crowdstrike. An earlier email from September 2017 forwarded the draft of a speech on Cybersecurity with a single sentence alluding to not all cyber security professionals being on board with the techniques used by Crowdstrike which led Manos to protest, suggested that “Crowdstrike should not be called out, especially with respect to the DNC incident.”
If the name Manos Antonakakis sounds familiar, he is Researcher-1 of the Sussmann indictment, and played a role in the fake Alfa server allegations. Additionally, as we learned through another FOIA release, Antonakakis, along with David Dagon provided a body of work to Special Counsel Mueller and the Department of Justice:
There are indications that it may not be just Manos Antonakakis and David Dagon involved in the attribution of the DNC hack. A source close to Rodney Joffe has previously provided information to a small group of Twitter sleuths suggesting that Joffe had a role in the attribution of the hack.
The question that remains open is when? Joffe could conceivably have been called by Sussmann at the time of the hack. He is a world renowned DNS expert who has studied cyber attacks, it would almost be odd if Sussmann did not contact him.
We’ve learned during the Sussmann trial that the FBI relied in some capacity on the cyber security firm Mandiant and their evaluation of the Alfa server claims. We also learned they reached out to GoDaddy and other entities to pull data. This shows us that the FBI relies to a significant degree on 3rd party companies to provide analysis and data.
Did the FBI engage Rodney Joffe, someone with multiple business contracts with the FBI, a sterling reputation at the time including receiving the Directors Award in 2013, and someone whose companies including Packet Forensics had massive amounts of data, in order to make their official attribution to Russia for the attacks?
A hint may have been dropped in the Grasso testimony. Tom Grasso, a former FBI agent testified that Joffe worked on Russia related cyber matters for the FBI.
Why does it matter?
The involvement of Antonakakis, Dagon, and potentially Joffe should send a shiver down the spine. What are the odds they were involved in fake, manufactured and manipulated evidence showing an alleged communications server between Trump and Putin, and then would’ve done their work on the DNC hack above board?
If you believe that despite emails indicating they themselves had issues with the Alfa server allegations and understood the goal was to support an inference or to fool non-DNS experts, that any of them had a degree of innocence, the alternative is not much better. If they sincerely believed this was real and plausible, one must question their credentials.
These esteemed professors at Georgia Tech with tens of millions of dollars of contracts for Cyber Security couldn’t figure out what it took the FBI less than a day? The logs themselves were incomplete. They spent weeks analyzing the data.
There are a multitude of issues with the current narrative around the DNC hack.
The evidence left behind didn’t just suggest Russia was behind it, it screamed it.
A nation-state actor with an advanced skill set apparently employed the Guccifer persona to disseminate a portion of the hack materials. Hacked materials sent from this persona to journalists left Cyrillic characters on the documents. Metadata on others reference a user called “Felix Edmunovich” , a callout to a one-time Soviet leader of secret police organizations.
The idea that an advanced nation-state would create a single persona who, in their first blog post, would clumsily deny that Russia was responsible just one day after the Clinton-pushed news articles named Russia as the attacker defies belief. One must also question what type of advanced hacking group would use any user profiles or language settings that would point solely at Russia?
The narrative around the Russians hacking the DNC has always been inextricably linked to one of Trump collusion, something pushed early on by the Clinton campaign. As that narrative has crumbled, the motivation for the hack and the unnecessary Guccifer persona remains elusive.
Phishing emails were sent using Yandex, a Moscow-based email provider. An IP address identified publicly prior to the attacks as being connected to Fancy Bear was used at one point. If this was Russia, why were they so bad at OPSEC?
Why would they lease computer equipment from an unnamed vendor in Arizona, a place so coincidentally associated with Rodney Joffe?
Crowdstrike
As Stephen Mcintyre and others have pointed out, there are certain illogical occurrences with the current timeline.
Crowdstrike was engaged by Michael Sussmann and arrived in early May 2016. Dmitri Alperovitch has previously described plugging in Crowdstrike’s Falcon product and immediately finding Russians active in the DNC network.
Knowing this, that Russians had brazenly hacked into the network, exposing files of the highest sensitivity, Crowdstrike did something inexplicable.
They did nothing. They pushed any remediation efforts off for 5 weeks.
This is important, because we know based on the dates of emails later uploaded to Wikileaks, the files were not exfiltrated until May 25th, give or take a couple days. This was weeks after Crowdstrike determined Russians were active.
The clumsy excuse provided was a desire to collect more information.
Why?
Crowdstrike was supposed to defend their client’s interests. Why would the DNC care about anything other than protecting their files? Their donor information was exposed. Their strategy and opposition research were exposed. Crowdstrike isn’t the FBI or the DOJ, they have no jurisdiction to punish Russians for the hack.
Despite this effort to collect more information, Crowdstrike sensors recorded no activity around the exfiltration of a very significant amount of data.
This seems to suggest that the exfiltration had to occur on a system unmonitored by Crowdstrike, or the Falcon product from Crowdstrike has serious deficiencies. Who would know which systems were being monitored?
The indictments of the 12 never-to-be-prosecuted GRU operatives by the Department of Justice has effectively sequestered all relevant materials related to the hack. Crowdstrike reports have been shielded from Freedom of Information Act requests, and more than 6 years later, the same questions present in June 2016 persist today.
Did the Russians hack the DNC? No. They didn’t.
And if they did, prove it.
Subscribe to Sleuth News
Russiagate analysis, FOIA's, litigation, and more