It's widely predicted Special Counsel Robert Mueller will publish the findings of his two-year investigation into 'collusion' between the Russian government and Donald Trump's campaign — in advance, Veteran Intelligence Professionals for Sanity, a group comprised of retired US intelligence officials, has issued a damning critique of the probe's forensic approach, in particular, its reliance on a cybersecurity company hired by the Democratic party.
"We've done enough detailed forensic work to prove the speciousness of the prevailing story that the DNC emails published by WikiLeaks came from Russian hacking. We believe Mueller may choose to finesse this key issue and leave everyone hanging…[helping] sustain the widespread belief Trump owes his victory to President Vladimir Putin, and strengthen the hand of those who pay little heed to the unpredictable consequences of an increase in tensions with nuclear-armed Russia," the group writes.
‘Might Be Wrong'
It has long-been claimed Russian agents were behind the ‘hack' of the Democratic National Committee emails, and provided them to WikiLeaks to embarrass Hillary Clinton and assist Trump's victory — central to this allegation is a January 2017 "Intelligence Community Assessment", prepared by "handpicked analysts" from the CIA, FBI, and NSA, which expressed "high confidence" that Russia was responsible.
Moreover, the veterans note direct access to the actual computers would be crucial for determining how the files were hacked, or indeed whether they were even hacked in the first place — however, in testimony to the House Intelligence Committee in March 2017, former FBI Director James Comey admitted he didn't insist on physical access to the DNC computers even. In June, Senate Intelligence Committee Chair Richard Burr asked Comey whether he ever had "access to the actual hardware that was hacked", to which he responded in the negative.
"In the case of the DNC we didn't have access to the devices themselves. We got relevant forensic information from a private party, a high-class entity, that had done the work", he said, a reference to CrowdStrike, a cybersecurity firm of questionable reputation and multiple conflicts of interest, including very close ties to a number of anti-Russian organisations.
Moreover, forensic examination of the Wikileaks DNC files conducted by VIPS shows they were created on 23, 25 and 26 May 2016, and the files' FAT (File Allocation Table) system property shows the data had been transferred to an external storage device, such as a USB drive, before WikiLeaks posted them. This is notable, VIPS suggest, as FATs are used for storage only and unrelated to internet transfers like hacking. Were WikiLeaks to have received the DNC files via a hack, the last modified times on the files would be a random mixture of odd-and even-ending numbers — but every one of the time stamps in the 500-strong DNC files on WikiLeaks' site ends in an even number.
Plugging a Leak
VIPS has been of the strong conviction the DNC emails were leaked, rather than hacked, for two years — they are also "intrigued" by the apparent failure of NSA's dragnet, collect-it-all approach to provide forensic evidence (as opposed to ‘assessments') as to how the DNC emails reached WikiLeaks and who sent them.
"Is it possible the NSA has not yet been asked to produce the collected packets of DNC email data claimed to have been hacked by Russia? Surely, this should be done before Mueller competes his investigation. NSA has taps on all the transoceanic cables leaving the US and would almost certainly have such packets if they exist. The forensics we examined shed no direct light on who may have been behind the leak. The only thing we know for sure is the person had to have direct access to the DNC computers or servers in order to copy the emails. The apparent lack of evidence from the most likely source, NSA, regarding a hack may help explain the FBI's curious preference for forensic data from CrowdStrike," VIPS write.
The groups suspicions about the Guccifer 2.0 "persona" grew when the entity claimed responsibility for a "hack" of the DNC on July 5 2016 which released data that was "rather bland" compared to what WikiLeaks published 17 days later that among other things demonstrated the DNC had conspired to sabotage the Presidential campaign of Bernie Sanders. As a result, they suggest the "July 5 intrusion" was a "contrivance to preemptively taint anything WikiLeaks might later publish from the DNC".
The findings don't indicate who copied the information to an external storage device, but does disprove that Guccifer 2.0 hacked into the DNC 5 July 2016, and strongly indicate the data breach was local, and the emails were copied from the network.
VIPS submitted the memorandum to Obama's office 24 July 2017 — Binney was invited to discuss the findings with then-CIA Director Mike Pompeo, and they duly met in October for an hour-long discussion. Binney warned Pompeo — "to stares of incredulity" — his people should stop lying about the Russian hacking. Pompeo asked Binney if he would talk to the FBI and NSA. Binney agreed, but has not been contacted by those agencies since.