Trying to hold on to the “Legend of the Russian Hack”

Suggested Labor Day reading … or perhaps only if you have insomnia

A Forum by The Nation

In publishing Patrick Lawrence’s article, “A New Report Raises Big Questions About Last Year’s DNC Hack,” on August 9, The Nation ran into widespread cognitive dissonance on the part of many of its readers, who found themselves challenged to rethink the official Putin-Hacked-and-We-Ended-Up-With-Trump narrative.  Lawrence’s article was based largely on VIPS Memo #50 of July 24, “Was the ‘Russian Hack’ an Inside Job.”  And that Memo began to take some serious “incoming,” including potshots by six VIPS “dissenters,” most of whom lack much experience with the technical issues involved.

Never mind.  The Nation has now published a “forum” featuring their dissent and including replies to their dissent by the main authors of VIPS #50 – with the kind of related experience that will not quit.  Fortunately, credentials of the authors are included.

There was hope that the “debate” would bring some degree of closure.  But not so fast.  In an overabundance of caution, the The Nation decided to go (another) extra mile and hired “an independent expert,” a young technologist named Nathan Freitas, to “conduct a rigorous review” of the “technical claims” of the VIPS authors of Memo #50.  Without showing them Freitas’s findings in advance, The Nation simply tacked them on to the forum – and just when some of the real issues in question were starting to be understood and clarified.  The Nation proudly notes that Freitas lays out several scenarios – which, of course, are just what is needed at this juncture, more evidence-deprived “scenarios.”

One of our Silicon Valley volunteer experts has already weighed in, pointing out that Freitas “did not exert much effort other than abstract logic” and noted that there are lots of Silicon Valley specialists who could have added real value.  “Freitas’s real harm,” our adviser quipped, “is in making patently criminal activity seem boring.”

And so it goes.  In sum, the “dissenters” seemed often confused and, though they took almost six weeks to prepare their dissent, they did not lay a glove on the basic conclusions of VIPS Memo #50 – nor even pretend to.  As for Freitas, if his function was to add the veneer of an independent scientist to the discussion, he may have done that to The Nation’s satisfaction.  But, all told, for those honestly attempting to understand the essence of the controversy, Freitas did little more than muddy the waters.  Cynics suggest that he was retained to achieve both purposes.

VIPS Memo #50 is buffeted but remains standing.  Its Executive Summary is pasted in below, for easy reference.  The key question now, as it was six weeks ago, is whether this recent flurry of attention will lead to further exposure of VIPS’s explosive findings.  Or will seriously interested people now throw up their arms in despair after trying to digest Freitas’s turgid prose.


July 24, 2017


FROM: Veteran Intelligence Professionals for Sanity (VIPS)

SUBJECT: Was the “Russian Hack” an Inside Job?

Executive Summary

Forensic studies of “Russian hacking” into Democratic National Committee computers last year reveal that on July 5, 2016, data was leaked (not hacked) by a person with physical access to DNC computer. After examining metadata from the “Guccifer 2.0” July 5, 2016 intrusion into the DNC server, independent cyber investigators have concluded that an insider copied DNC data onto an external storage device.

Key among the findings of the independent forensic investigations is the conclusion that the DNC data was copied onto a storage device at a speed that far exceeds an Internet capability for a remote hack. Of equal importance, the forensics show that the copying was performed on the East coast of the U.S. Thus far, mainstream media have ignored the findings of these independent studies [see here and here].

Independent analyst Skip Folden, who retired after 25 years as the IBM Program Manager for Information Technology, US, who examined the recent forensic findings, is a co-author of this Memorandum. He has drafted a more detailed technical report titled “Cyber-Forensic Investigation of ‘Russian Hack’ and Missing Intelligence Community Disclaimers,” and sent it to the offices of the Special Counsel and the Attorney General. VIPS member William Binney, a former Technical Director at the National Security Agency, and other senior NSA “alumni” in VIPS attest to the professionalism of the independent forensic findings.

The recent forensic studies fill in a critical gap. Why the FBI neglected to perform any independent forensics on the original “Guccifer 2.0” material remains a mystery – as does the lack of any sign that the “hand-picked analysts” from the FBI, CIA, and NSA, who wrote the “Intelligence Community Assessment” dated January 6, 2017, gave any attention to forensics.

NOTE: There has been so much conflation of charges about hacking that we wish to make very clear the primary focus of this Memorandum. We focus specifically on the July 5, 2016 alleged Guccifer 2.0 “hack” of the DNC server. In earlier VIPS memoranda we addressed the lack of any evidence connecting the Guccifer 2.0 alleged hacks and WikiLeaks, and we asked President Obama specifically to disclose any evidence that WikiLeaks received DNC data from the Russians [see here and here].

Addressing this point at his last press conference (January 18), he described “the conclusions of the intelligence community” as “not conclusive,” even though the Intelligence Community Assessment of January 6 expressed “high confidence” that Russian intelligence “relayed material it acquired from the DNC … to WikiLeaks.”

Obama’s admission came as no surprise to us. It has long been clear to us that the reason the U.S. government lacks conclusive evidence of a transfer of a “Russian hack” to WikiLeaks is because there was no such transfer. Based mostly on the cumulatively unique technical experience of our ex-NSA colleagues, we have been saying for almost a year that the DNC data reached WikiLeaks via a copy/leak by a DNC insider (but almost certainly not the same person who copied DNC data on July 5, 2016).

From the information available, we conclude that the same inside-DNC, copy/leak process was used at two different times, by two different entities, for two distinctly different purposes:

-(1) an inside leak to WikiLeaks before Julian Assange announced on June 12, 2016, that he had DNC documents and planned to publish them (which he did on July 22) – the presumed objective being to expose strong DNC bias toward the Clinton candidacy; and

-(2) a separate leak on July 5, 2016, to pre-emptively taint anything WikiLeaks might later publish by “showing” it came from a “Russian hack.”