Since before the election, President Donald Trump has been bedeviled by accusations that the Russians hacked emails from the Democratic National Committee (DNC) to help him get elected. But a recent report may put those allegations to rest.
A July 24 open memo to Trump from a group of former intelligence officers called Veteran Intelligence Professionals for Sanity (VIPS) uses forensic evidence to show the emails were not hacked, and lays out a theory to explain why fake evidence was used to create the impression that the Russians had hacked the DNC’s emails.
Key to the VIPS case is the distinction between leaking (physically downloading files onto a data storage device, such as a flash drive, and conveying them to others) and hacking (removing files remotely from a computer through the internet). In VIPS’s account of the DNC emails case, there are two significant instances of data being leaked, with forensic evidence that shows each case was not a Russian hack.
The first leak of DNC files was announced by Julian Assange of WikiLeaks, who said on June 12, 2016, that he had “emails related to Hillary Clinton which are pending publication.”
The second leak took place on July 5, 2016, and, according to VIPS, was undertaken to distract from the content that Assange was presumed to have, redirecting attention toward Russian interference.
On July 22, three days before the Democratic National Convention, Assange published DNC emails that showed the committee was biased toward Hillary Clinton and against her opponent, Bernie Sanders.
According to VIPS, the DNC was waiting for this shoe to drop, and in preparation for it, the case that the Russians were behind the June 12 leak had been swiftly established.
Two days after the initial announcement, on June 14, a cybersecurity company hired by the DNC, Crowdstrike, announced it had found malware on the DNC server, which it claimed was placed there by Russia—a claim that was later demonstrated as having several factual errors, and was at best inconclusive.
“Malicious actors can easily position their breach to be attributed to Russia,” states a blog post from the Institute for Critical Infrastructure Technology, a cybersecurity think tank, in response to the claims from Crowdstrike. The think tank added, “It would be easy to baselessly declare that all of the attacks were launched by Russia based on the malware employed.”
Then one day later, on June 15, an unknown figure calling himself or herself “Guccifer 2.0” backed the claim. Guccifer 2.0 claimed responsibility for hacking the DNC and for leaking the information to WikiLeaks, and posted a document online to corroborate the claims. The individual piggybacked on the same name as the original “Guccifer,” who had already been arrested and denied having ties to Russia.
There were then several other “hacks” claimed by the mysterious Guccifer 2.0 figure, including a large download from the DNC server on July 5. That download was undertaken “to pre-emptively taint anything WikiLeaks might later publish by ‘showing’ it came from a ‘Russian hack,'” according to the VIPS memo.
According to VIPS, because of the implications of the emails showing an effort to help Sanders, “[the Clinton] campaign saw an overriding need to divert attention from content to provenance—as in, who ‘hacked’ those DNC emails.” This led to selling the press on the narrative that Russia was interfering in the election to aid Trump.
Clinton’s PR chief, Jennifer Palmieri, wrote about how she made the rounds among the press gathered at the Democratic National Convention, in an article for The Washington Post. Her “mission [was] to get the press to focus on something even we found difficult to process: the prospect that Russia had not only hacked and stolen emails from the DNC, but that it had done so to help Donald Trump and hurt Hillary Clinton,” she wrote.
What the Forensics Show
The July 24 memo is the third report VIPS has devoted to making the case that the Russians were not responsible for hacking the DNC.
In a Dec. 12, 2016, memo, VIPS says: “We have gone through the various claims about hacking. For us, it is child’s play to dismiss them. The email disclosures in question are the result of a leak, not a hack.”
Due to the “awesome technical capabilities” of the National Security Agency (NSA), which “would know where and how any ‘hacked’ emails from the DNC, HRC [Hillary Rodham Clinton] or any other servers were routed through the network,” VIPS concludes the emails were not hacked.
In backing up VIPS’s claim to authority on these matters, a Jan. 17 memo points out that VIPS member William Binney “was technical director of NSA and created many of the collection systems still in use.”
In the July 24 memo, Binney and Skip Folden, who was a program manager for IBM for 25 years, authenticate recent independent forensic investigations.
The credibility of Guccifer 2.0 as providing evidence for the Russian narrative depends in part on the document he shared that had Russian language metadata. But, VIPS says, “the forensics show [the document] was synthetically tainted with ‘Russian fingerprints,'” giving the illusion of Russian involvement.
A report published by Investment Watch Blog in May shows that someone using a copy of Microsoft Word that was registered in the same name as a Democratic Party technology official “shoehorned in obvious ‘Russian’ fingerprints all over the documents.”
VIPS reports that an investigation into the July 5, 2016, “hack” found that the files were downloaded from the DNC directly by someone using an external storage device, such as a USB thumb drive. This means the files were downloaded locally, by someone who was physically present at the DNC location.
The downloading took place in the early evening, from a location in the Eastern Daylight time zone, according to the researchers. It was carried out from a computer directly connected to the DNC server or DNC Local Area Network. The unknown individual “copied 1,976 megabytes of data in 87 seconds onto an external storage device,” according to VIPS.
“That speed is much faster than what is physically possible with a hack.” In other words, Guccifer could not possibly have hacked the DNC server on July 5, in VIPS’s judgment.
Some cybersecurity experts have argued the download speed may not be conclusive evidence that the files were downloaded internally.
Binney, a co-author of the VIPS memo, challenged the criticism, however, during a segment on the “Aaron Klein Investigative Radio” show.
Binney says the critics have no evidence for their claims and that it’s now on the shoulders of the U.S. government to prove whether the cyberattack took place.
The finding that the July 5 document leak could not have been a hack raises serious questions as to why the DNC and former Clinton campaign manager John Podesta refused to allow the FBI, or any government agency, to investigate the alleged cyberattack.
The DNC and former FBI director James Comey have given conflicting statements on what took place. A DNC spokesman told Buzzfeed on Jan. 4 the FBI never requested access to the DNC computer servers, while Comey testified under oath on Jan. 10 before the Senate intelligence committee that the FBI made “multiple requests at different levels,” and the DNC denied their requests.
Instead, the DNC hired a private company, Crowdstrike (which VIPS describes as having “a dubious professional record and multiple conflicts of interest”) to assess the alleged cyberattack. CrowdStrike released inconclusive findings. The FBI and other intelligence agencies then based their assessments of the alleged cyberattack off Crowdstrike’s findings.
In the Jan. 17 memo, VIPS points out that no tangible evidence has been shown to back up the claim that Russians had hacked the DNC to assist Trump. It calls upon President Barack Obama “to authorize public release of any tangible evidence that takes us beyond the unsubstantiated, ‘we-assess’ judgments by the intelligence agencies.”
In the July 24 memo, VIPS notes that in a Jan. 18 press conference, Obama admitted that the assessment of the intelligence community was “not conclusive.” It was later revealed that much of the Obama administration’s evidence came from a debunked dossier on Trump, collected from Russian government sources, and released by Fusion GPS, which had been hired by unnamed Democrats and was lobbying for a Russian government official at the same time.
The VIPS report is signed by 17 experts, including individuals who formerly served in various U.S. military branches, the CIA, the State Department, the FBI, and other agencies.
The July 24 memo was the 50th report by VIPS. Its first, in 2003, warned President George W. Bush that the intelligence Secretary of State Colin Powell used to justify war in Iraq in his speech to the United Nations appeared to be fraudulent.
The memo ends with this disclaimer: “We have no political agenda; our sole purpose is to spread truth around and, when necessary, hold to account our former intelligence colleagues.”