By George Parry
In his telephone conversation with Ukrainian leader Volodymyr Zelensky, President Trump requested Ukraine’s help in getting “to the bottom of” the Russian collusion narrative and the role of CrowdStrike, a private computer security company, in propagating that story. Lost in the volcanic eruption of faux outrage and condemnation aimed at the president by the Democrats and their wholly owned media subsidiary, this reference to CrowdStrike indicates that the Justice Department’s investigation of the counterintelligence operation against candidate and president-elect Trump may be hot on the trail of exposing what could well be a seminal lie that the Democratic National Committee’s computer server was hacked by Russian operatives. To understand why, consider the following:
On June 12, 2016, WikiLeaks announced that it would soon release stolen computer files that pertained to Hillary Clinton’s presidential campaign.
Two days later, CrowdStrike, which was working for the DNC, announced that it had detected Russian malware on the DNC’s computer server. The next day, a self-described Romanian hacker, Guccifer 2.0, claimed he was a WikiLeaks source and had hacked the DNC’s server. He then posted online DNC computer files that contained metadata that indicated Russian involvement in the hack.
On July 22, 2016, just days before the Democratic National Convention, WikiLeaks published approximately 20,000 DNC emails.
Much to the embarrassment of Hillary Clinton, the released files showed that the DNC had secretly collaborated with her campaign to promote her candidacy for the Democratic presidential nomination over that of Bernie Sanders. This caused the Clinton campaign serious political damage at the Democratic convention.
Well after the convention, Jennifer Palmieri, Clinton’s public relations chief, said in a March 2017 Washington Post essay that she worked assiduously during the nominating convention to “get the press to focus on … the prospect that Russia had not only hacked and stolen emails from the DNC, but that it had done so to help Donald Trump and hurt Hillary.”
In their breathless coverage of the Russian hacking story, the media downplayed the very odd behavior of the DNC, the putative victim. For, when the Department of Homeland Security and the FBI learned of the hacking claim, they asked to examine the server.
But the DNC refused.
Why would the purported victim of a crime refuse to cooperate with law enforcement in solving that crime? Was it hiding something? Was it afraid the server’s contents would discredit the Russia-hacking story?
The answers to those questions began to emerge thanks to a July 2017 memorandum to President Trump by the Veteran Intelligence Professionals for Sanity (VIPS), an organization of former CIA, FBI, National Security Agency, and military intelligence officers, technical experts, and analysts.
VIPS has a well-established record of debunking questionable intelligence assessments that have been slanted to serve political purposes. For example, in the run-up to the invasion of Iraq, VIPS courageously and correctly challenged the accuracy and veracity of the CIA’s intelligence estimates that Saddam Hussein possessed weapons of mass destruction and that he posed a threat to the United States. Similarly, VIPS has condemned the use of “enhanced interrogation techniques” on suspected terrorists. In short, VIPS can hardly be described as either a right-wing cabal or a group carrying water for the Republican Party.
In its analysis of the purported DNC hack, VIPS brought to bear the impressive talents of more than a dozen experienced, well-credentialed experts, including William Binney, a former NSA technical director and cofounder of the NSA’s Signals Intelligence Automation Research Center; Edward Loomis, former NSA technical director for the Office of Signals Processing; and Skip Folden, a former IBM information technology manager. As the French would say, these are l’hommes sérieux, as are the other computer-system designers, program architects, and analysts with whom they investigated the Clinton-DNC hack story.
As set forth in its memorandum, VIPS’ investigative findings were nothing short of stunning.
First, VIPS concluded that the DNC data were not hacked by the Russians or anyone else accessing the server over the internet. Instead, the data were downloaded by means of a thumb drive or similar portable storage device physically attached to the DNC server.
How was this determined? The time stamps contained in the released computer files’ metadata establish that, at 6:45 p.m. July 5, 2016, 1,976 megabytes (not megabits) of data were downloaded from the DNC’s server. This took 87 seconds, which means the transfer rate was 22.7 megabytes per second, a speed, according to VIPS, that “is much faster than what is physically possible with a hack.” Such a speed could be accomplished only by direct connection of a portable storage device to the server. Accordingly, VIPS concluded that the DNC data theft was an inside job by someone with physical access to the server.
VIPS also found that, if there had been a hack, the NSA would have a record of it that could quickly be retrieved and produced. But no such evidence has been forthcoming. Can this be because no hack occurred?
Even more remarkable, the experts determined that the files released by Guccifer 2.0 have been “run, via ordinary cut and paste, through a template that effectively immersed them in what could plausibly be cast as Russian fingerprints.” In other words, the files were deliberately altered to give the false impression that they were hacked by Russian agents.
Thanks to the VIPS experts, the Russia-hacking claim — the very prologue of the Trump-Russia conspiracy story — appeared to have been affirmatively and convincingly undercut.
After the DNC denied law enforcement access to its server, the FBI — under James Comey’s leadership — meekly agreed to accept the findings of CrowdStrike, the DNC’s private cybersecurity firm, as to the server’s contents. This was in lieu of the FBI’s using legal process (such as a search warrant or forthwith grand jury subpoena) to seize and search the server for Russian malware and evidence of hacking, even though, in testimony before the House Judiciary Committee, Comey conceded that “best practices” require “direct access” to the allegedly hacked computers.
So why did Comey and the FBI agree to such an impotent, absurd, and self-defeating arrangement?
In June 2017, Senate Intelligence Committee Chair Richard Burr asked Comey whether he ever had “access to the actual hardware that was hacked.” Comey replied under oath, “In the case of the DNC … we did not have access to the devices themselves. We got relevant forensic information from a private party, a high-class entity [CrowdStrike], that had done the work.”
Sen. Burr then asked, “But no content? Isn’t content an important part of forensics from a counterintelligence standpoint?” To which Comey answered, “It is, although what was briefed to me by my folks … is that they had gotten the information from the private party [CrowdStrike] that they needed to understand the intrusion by the spring of 2016.”
Given that the allegation of Russian hacking resulted in increased tensions between the United States and the nuclear-armed Russian Federation and also served as a cornerstone of the argument that Trump had engaged in treasonous conduct, why were Comey and his FBI willing to rely solely on the word of CrowdStrike? Weren’t the stakes high enough to mandate that the FBI use the “best practice” of conducting its own forensic examination of the DNC’s computers?
And then came the investigation by Special Counsel Robert Mueller and his band of Hillary Clinton sycophants. On March 13, 2019, a month before the Mueller report was released, VIPS submitted a memorandum to the attorney general in which they accurately predicted that Mueller would choose to “finesse” the key issue of whether or not the Russians hacked the DNC computers by relying on the purported analysis by “CrowdStrike, a cybersecurity firm of checkered reputation and multiple conflicts of interest, including very close ties to a number of key anti-Russian organizations.”
VIPS stated that “direct access to the actual computers is the first requirement” in any valid forensic analysis. The memorandum then set forth VIPS’ additional analysis of the WikiLeaks DNC files which revealed “a FAT (File Allocation Table) system property. This shows that the data had been transferred to an external storage device, such as a thumb drive, before WikiLeaks posted them” (Emphasis in original).
After explaining in detail the significance of the FAT system property, the memorandum then re-addressed the elephant in the room that the media and investigators were ignoring: “the apparent failure of NSA’s dragnet, collect-it-all approach — including ‘cast-iron’ coverage of WikiLeaks — to provide forensic evidence (as opposed to ‘assessments’) as to how the DNC emails got to WikiLeaks and who sent them.” Further to this point, VIPS posed this critical question:
Is it possible that NSA has not yet been asked to produce the collected packets of DNC email data claimed to have been hacked by Russia? Surely, this should be done before Mueller completes his investigation. NSA has taps on all the transoceanic cables leaving the U.S., and would most certainly have such packets if they exist.
VIPS proved to be prescient. As with the seemingly feckless Comey, Mueller reported neither a direct access forensic examination of the DNC computers nor a query directed to the NSA for its intercepts of the purportedly hacked files.
In summary, by denying law enforcement access to its allegedly hacked computers, the DNC conducted itself like a criminal suspect with something to hide. And, in the face of this suspicious behavior, the failure by Comey’s FBI and Team Mueller to conduct a direct access forensic examination of the DNC’s computers or to seek corroboration from the NSA of any hacking strongly suggests that they had no interest in getting to the truth about the Russian hacking story.
As the old saying goes, the cover-up is frequently worse than the crime. That certainly appears to be the case with the Russian hacking story given that Comey’s FBI and Team Mueller appear to have deliberately declined to probe the Russian hacking claim purveyed by the DNC and Hillary Clinton’s campaign with the assistance of CrowdStrike.
So it is that Trump’s reference to CrowdStrike had to have sent shockwaves through the Democrats and their media enablers. Unless the DNC has followed Hillary Clinton’s example by using BleachBit or hammers on its computers, it is still possible that an honest direct access forensic analysis coupled with a simple records search by the NSA could prove that — in addition to Mueller’s finding of no evidence of collusion by the Trump campaign with Russia — the whole Russian hacking story was a scam orchestrated by the DNC and the Clinton campaign.
No wonder the Democrats and their media co-conspirators are running around with their hair on fire.
George Parry is a former federal and state prosecutor. He is a regulate contributor to the Philadelphia Inquirer and blogs at knowledgeisgood.net. He may be reached by email at firstname.lastname@example.org.