Walls Closing in on Russiagate Conspiracy Theorists: Evidence Mounts That DNC Emails Provided to WikiLeaks By Inside Source
Cassandra Fairbanks
|
On Wednesday, the Nation confirmed previous reports by Big League Politics that DNC emails were provided to WikiLeaks by an inside source — not some shadowy Russian hacker.
On August 9, the Nation finally covered a report from the Veteran Intelligence Professionals for Sanity (VIPS) — a 30 member group made up of well respected former experts from the National Security Agency (NSA), tech companies, and other intelligence agencies.
The report from VIPS states that “forensic studies of ‘Russian hacking’ into Democratic National Committee computers last year reveal that on July 5, 2016, data was leaked (not hacked) by a person with physical access to a DNC computer. After examining metadata from the ‘Guccifer 2.0’ July 5, 2016 intrusion into the DNC server, independent cyber investigators have concluded that an insider copied DNC data onto an external storage device.”
Additionally, the former intelligence operatives detail how the FBI neglected to perform any independent forensics on the original “Guccifer 2.0.” They assert that “the reason the U.S. government lacks conclusive evidence of a transfer of a ‘Russian hack’ to WikiLeaks is because there was no such transfer.”
Among those who signed on to the report is William Binney, former NSA Technical Director for World Geopolitical & Military Analysis; Co-founder of NSA’s Signals Intelligence Automation Research Center, Larry C Johnson, who is retired from the CIA & State Department, Kirk Wiebe, former Senior Analyst at SIGINT Automation Research Center of the NSA, and many more.
For the Nation, Patrick Lawrence wrote this summary of the VETS findings:
“There was no hack of the Democratic National Committee’s system on July 5 last year—not by the Russians, not by anyone else. Hard science now demonstrates it was a leak—a download executed locally with a memory key or a similarly portable data-storage device. In short, it was an inside job by someone with access to the DNC’s system. This casts serious doubt on the initial “hack,” as alleged, that led to the very consequential publication of a large store of documents on WikiLeaks last summer.”
Lawrence goes on to detail the findings of Forensicator, an analyst whose in depth study we reported on in July, and Adam Carter, a tech security expert and former hacker who we interviewed in April.
As we previously reported, the Forensicator concluded that the files were most likely obtained through a USB drive directly plugged into a DNC computer — not a Russian hacker.
Additionally, the report found that the files were copied five days before the murder of Seth Rich, a data analyst for the Democratic National Committee, who WikiLeaks has hinted may have been their source.
The analyst found that the transfer took place at speeds of 23 MB/s, which means that a remote data transfer over the internet would be extremely unlikely. Instead, the report states that a more likely scenario would be “that the individual who was collecting the data either had physical access to the computer where the data was stored, or the data was copied over a local high speed network (LAN).”
“This initial copying activity was done on a system where Eastern Daylight Time (EDT) settings were in force. Most likely, the computer used to initially copy the data was located somewhere on the East Coast,” Forensicator reported.
The Forensicator found that the data was initially copied to a computer which was running Linux, as “the file last modified times all reflect the apparent time of the copy and this is a characteristic of the the Linux ‘cp’ command (using default options).” The report noted that a simple explanation for this would be that the Linux OS was booted from a USB flash drive — and that the data was subsequently copied back to the same drive. Using this method, the person transferring the files would be able to download a very large amount of data quickly.
“With all the billions of dollars we spend on this collection access system that the NSA has, there’s no way that could have missed all the packets being transferred from those servers to the Russians,” Binney told Sputnik News for my report at the outlet in December. “I mean, they should know exactly how and when those packets left those servers and went to the Russians, and where specifically in Russia it went. There’s no excuse for not knowing that.”
If it was a hack, Binney revealed, the NSA would know who the sender and recipients of the data are, thanks to mass internet surveillance programs. The intelligence apparatus does not depend on “circumstantial evidence,” as has been reported to point to Russia.
Disobedient Media reported at the time that “the very small proportion of files eventually selected for use in the creation of the “NGP-VAN” files were later published by the creators of the Guccifer 2.0 persona. This point is especially significant, as it suggests the possibility that up to 90% of the information initially copied was never published.”
Lawrence wrote that these revelations “split the DNC case open like a coconut.”
In April, we reported on Carter’s findings that alleged Democratic National Committee hacker and WikiLeaks source Guccifer 2.0 deliberately planted fake Russian fingerprints on documents linked to his persona.
Carter believes that this demonstrates that Guccifer 2.0 was actually a misdirection effort by people working for the Democratic Party, to have the upcoming WikiLeaks release blamed on Russian hackers — and therefore discredited. Speaking to Big League Politics, Carter referred to the persona as a “donkey in a bear costume.”
In the Guccifer documents in question, Warren Flood, an IT worker with links to the DNC and the Obama administration, appears to be the original author of the leaked documents, while they were last modified by “Феликс Эдмундович,” which translates to Felix Dzerzhinsky, the name of the founder of the Soviet secret police.
“For one thing, we know Flood was not the original author of the docs,” Carter told BLP. “So, it’s definitely odd to see that he’s shown as author of any of them initially.”
Carter elaborated that “Flood (or someone using a computer that had MS-Word set up by Flood using his own details in the past) actually started out by creating a blank file with a Russian stylesheet entry in it.”
“This was then saved as 1.doc, 2.doc and 3.doc,” he said. “Then 30 minutes later, on another computer, with MS-Word registered to the Russian name (the Soviet secret police founder that has been dead for almost a century). Each of those files was opened, had content copied into it (assumably from the original documents) and was then saved (writing the Russian name into the metadata at that time).”
Carter explained that the documents also had the same RSID, or Revision Save ID number. An RSID is a unique and random number that is generated whenever you create a new document or open a document that allows changes to be tracked
“So… because of the matching RSIDs we know the Russian stylesheets we see in all 3 documents were all from the same original document and revision session,” Carter said. “Because the content in each document has different RSIDs we also know the content was added later to the files. So, effectively, content from real DNC documents were copied into the pre-tainted ‘Russian’ template files. Which is bizarre.”
Ultimately, Carter says that there were too many hints dropped that Guccifer 2.0 was a Russian to have been carried out by a seasoned hacker with privacy concerns. He noted the persona’s choice to use a Russian VPN, the use of a Russian smiley (“)))”) in his first blog post, and his reference to hacks as “deals” in an interview.
Guccifer 2.0 also claimed to use an exploit that did not exist at the time.
“G2 claimed to hack into the DNC via NGP-VAN… something that wasn’t even installed on the DNC’s server. It’s actually a cloud-hosted SaaS platform, so a zero day exploit in that still wouldn’t really give him access to tie himself in with Fancy Bear/Apt28,” Carter explained. Cyber defense company ThreatConnect explained this factor in detail here.
Meanwhile, as all signs continue to point to a leak from inside, the media has began to change their tune on Seth Rich, the DNC analyst that WikiLeaks has consistently hinted was their source.
On August 9, Newsweek published a report that seemed to call into question if Rich was working with the Russians to undermine the Democratic Party. Previous reports, including from Big League, that Rich was the source of the WikiLeaks release have continuously been written off as “conspiracy theories” until this week. The report included a quote from DC lobbyist Jack Burkman claiming that Rich “may be the ‘missing link’ that connects otherwise incongruent events relating to Russia collusion in the 2016 presidential election.”
No matter what new evidence comes to light, it seems as though the swamp is unwilling to give up their “Russia did it” narrative.
Rich was an American citizen and a progressive, who many sources have told Big League Politics was simply a disenchanted Bernie Sanders supporter — upset at the DNC’s efforts to undermine the fiery Vermont senator’s campaign. This scenario seems far more likely than “he was working for the Russians,” though as nothing has been proven any guesses to his motives remain speculation.
On August 1, Big League Politics released audio of Pulitzer Prize winning journalist Seymour Hersh asserting that Seth Rich had contacted WikiLeaks with sample emails from the leak. Hersh cites an FBI document as proof for his claim.
“There are no DNC or Podesta emails that exist beyond May 21 or 22, last email from either one of those groups. What the report says is that some time in late Spring… he makes contact with WikiLeaks, that’s in his computer,” he says. “Anyway, they found what he had done is that he had submitted a series of documents — of emails, of juicy emails, from the DNC.”
Hersh explains that it was unclear how the negotiations went, but that WikiLeaks did obtain access to a password protected DropBox where Rich had put the files.
“All I know is that he offered a sample, an extensive sample, I’m sure dozens of emails, and said ‘I want money.’ Later, WikiLeaks did get the password, he had a DropBox, a protected DropBox,” he said. They got access to the DropBox.”
Hersh describes Rich, fearing for his safety, giving access to the DropBox to others incase something happened to him.
“The word was passed, according to the NSA report, he also shared this DropBox with a couple of friends, so that ‘if anything happens to me it’s not going to solve your problems,’” he added. “WikiLeaks got access before he was killed.”
Rich was shot in the back in the early morning hours of July 10, 2016, near his home while he was on the phone with his girlfriend — 12 days before the publication of the DNC emails by WikiLeaks. The police initially ruled that it was a botched robbery — but his wallet, watch, and necklace were still on his person when he was discovered by police.
Though Assange has infamously expressed interest in Rich, he has always maintained that WikiLeaks will never name a source. WikiLeaks has offered a $20,000 reward for Rich’s murderer however, and has retweeted articles that asserted he was their source, as well as our Hersh audio, without providing any additional comment.
As we previously revealed, the lead detective working on the Rich case — while refusing to comment about whether or not he had been the WikiLeaks source — stated that he had attempted to get in contact with Julian Assange and WikiLeaks for “help with the case.”
Perhaps the only person who could say for sure who the source was is Assange, and since he isn’t talking, the case is likely to remain a mystery. One thing seems certain however, this was a leak — and not a hack. Assange has said from day one that the emails were not provided to him by a state actor, which is backed by a mounting pile of evidence. This simple conclusion should put to bed the conspiracy theories about Russia hacking the election, and it is insane that it hasn’t.
Warren Flood did not return requests for comment for this or our previous report.
Share: