DNC Hack due to Gmail Phishing??

In two influential articles in June 2016 (June 16 here and June 26 here), SecureWorks purported to link the then recently revealed DNC hack to Russia via a gmail phishing campaign which they had been monitoring since 2015 and which they attributed to APT28 (Fancy Bear). They had observed multiple phishing targets at hillaryclinton.com, dnc.org and personal gmail accounts of campaign officials and surmised that one of these targets at DNC must have been tricked by the phishing campaign, from which APT28 obtained access to the DNC server.

Their argument was quickly accepted by computer security analysts. In an influential article in October 2016, Thomas Rid, a prominent commentator on computer security, stated that this argument was the most important evidence in attribution of the DNC hack to Russia – it was what Rid called the “hackers’ gravest mistake”.

However, the connection of the DNC hack to the gmail phishing campaign, as set out in the SecureWorks article, was very speculative, even tenuous.  In addition, subsequent evidence in the DNC emails themselves conclusively refuted even this thin connection. To be clear, the issues pertaining to the DNC hack are distinct from the Podesta hack – which, though unknown at the time of the June 2016 SecureWorks’ article, can be convincingly attributed to gmail phishing accompanied by bitly link-shorteners.

In today’s post, I’m going to look at the narrow issue of the connection between the gmail phishing campaign and the DNC hack and whether it contributes to Russian attribution of the DNC hack.

SecureWorks reported that they studied “8,909 Bitly links that targeted 3,907 individual Gmail accounts and corporate and organizational email accounts that use Gmail as a service” from May 2015 to mid-May 2016, looking for patterns in the targets.  Included among the target email addresses were 213 links to 108 email addresses on the hillaryclinton.com domain from mid-March to mid-May 2016; 16 links targeting nine dnc.org accounts; and 150 links to gmail accounts of individuals linked to the Hillary for America campaign, the DNC, or other aspects of U.S. national politics. Ironically, while they identified a couple of individual officials (by title) whose personal gmail had been hacked, Podesta was not among them.

They determined that there had been 20 clicks from hillaryclinton.com targets to the credentials page, four clicks from dnc.org targets and 40 clicks from the gmail accounts, but were unable to determine whether any credentials had been entered.

The destination page in a gmail phishing campaign is a webpage on a malicious site which reproduces a Google log-in page sufficiently to deceive the target into entering their credentials. After entering the credentials, the target is transferred to his actual Google page so that he is unaware of that his credentials have been harvested. An example of a phishing page is shown below (from here, taken from a source cited in the SecureWorks article).

 

It’s one thing to trick someone in regard to a personal email account, but how is this scam supposed to work on someone with a hillaryclinton.com or dnc.org email? And why would a gmail scam phish non-gmail addresses? Here SecureWorks begins to arm-wave.

In respect to the hillaryclinton.com domain, they observed that they appeared to have used gmail as their “organizational mail solution”:

An examination of the hillaryclinton.com DNS records shows that the domain’s MX records, which indicate the mail server used by the domain, point to aspmx.l.google.com, the mail server used by Google Apps. Google Apps allows organizations to use Gmail as their organizational mail solution.

It would be mildly interesting to know whether their hillaryclinton.com email sign in page was the generic Gmail sign-in page or whether it had campaign logos.  However, this issue is moot since the Wikileaks DNC hack consists of dnc.org emails (not hillaryclinton.com emails, except for very few and incidental emails, none from Hillary, Huma or other principals of the campaign).

This theory, such as it is, doesn’t work for dnc.org as SecureWorks themselves conceded:

As of this publication [June 16, 2016], dnc.org does not use the Google Apps Gmail email service.

To overcome this seemingly insurmountable obstacle, they arm-waved:

However, because dnc.org email accounts were targeted in the same way as hillaryclinton.com accounts, it is likely that dnc.org did use Gmail at that time and later moved to a different service. [my bold]

At the time, SecureWorks didn’t know of the very restricted effective time range of the Wikileaks DNC archive: from April 19, 2016 to May 25, 2016. (There are a very very small number of emails with an apparently earlier timestamp, but these are convincingly argued by steemwh1sks to have been transferred during the above window. Steemwh1sks1 also pointed out that DNC had a 30-day retention policy and convincingly argued that the Wikileaks archive was exfiltrated between May 19 and May 25, 2016.) On SecureWorks’ theory, it is necessary to show that it is likely that DNC was using gmail up to May 25, 2016, switching only a few days prior to their article on June 16 – something that seems implausible on its face.

Against this intuitively implausible theory, there is also direct evidence in the Wikileaks DNC emails themselves. On May 17, a response from the IT helpdesk shows that the DNC was using (Microsoft) Outlook for email – not Google Apps Gmail.

 

Conclusion

It is bewildering that attribution is made on such shallow reasoning. There was no basis at the time for SecureWorks’ assertion that it was “likely” that DNC had used gmail and subsequently changed. This was pulled out of thin air. None of the many computer security analysts opining on attribution bothered to confirm this hypothesis with DNC themselves or else they would have found out the opposite. Nor do the analysts appear to have checked this hypothesis against information from the Wikileaks DNC archive itself. If they had, they would have seen that it was untrue. Nonetheless, the attribution of the DNC hack to gmail phishing has been more or less universally adopted as a line of evidence supposed pointing squarely to Russia and Putin personally e.g. Rid cited above.

While the Podesta hack can be convincingly attributed to gmail phishing (as can related hacks of William Rinehart, Colin Powell and others published at DCLeaks), this is not the case for the hack of the Wikileaks DNC emails. Attribution of this hack must stand or fall on other lines of evidence.

Nor am I arguing that this shows that DNC credentials could not have phished some other way e.g. clicking malware on a phishing email or a non-gmail credential theft (dnc.org login), only that the nexus between the hack and phishing dnc.org email addresses is worse than flimsy.

 

Postscript

Neither SecureWorks nor other contemporary analysis discussed the democrats.org server, which is the website for the Democratic Party, while dnc.org is the website for the Democrat National Committee. The two are closely related, but not the same. In comments today, Jaap observed that, on April 29, 2016, a subdomain (factivists.democrats.org) of democrats.org was hacked

At 5:33 pm, she reported that they were locked out again. The situation seem to have settled by 7:52 pm when she again distributed password. democrats.org, according to MX information on DNStrails, presently uses Google Apps email, while dnc.org does not.


143 Comments

  1. Jaap Titulaer
    Posted Mar 21, 2018 at 4:02 PM | Permalink | Reply

    As I posted earlier the phishing email campaign was likely done by CyberBerkut, not APT28, see my comment 780324 on previous article for details and links to the reports.
    From that one:

    Forbes quotes research by Citizen Lab which Forbes says is about Fancy Bear, but which turns out to be about another hacking group: CyberBerkut, a group of pro-Russian Ukrainians.
    One domain used in the phishing campaign against a.o. Podesta (myaccount.google.com-securitysettingpage[.]tk) in March 2016 was used in late 2015 by CyberBerkut for another email phishing campaign.

    So at the very least re-use of the same infrastructure, used earlier by CyberBerkut, by APT28. But more likely simply yet another phishing campaign by the same group.
    If this attribution by Citizen Lab is correct, at least the phishing from March 2016 and perhaps April 2016 wasn’t done by APT28.
    For April I’m aware of only one target, this time a Yahoo target, belonging to Ukrainian DNC Consultant Chalupa, according to her because of her Ukrainian activities. And that seems quite likely as she was working for the DNC but also in concert with the Ukrainian government, which is at war with the pro-Russian Ukrainians (& Russians) in the Donbass (Donetsk and Lugansk People’s Republics).

    I’m not aware of a similar phishing campaign in May 2016. That’s when most or all of the accounts related to the DNC Emails release must have been hacked.

    • Steve McIntyre
      Posted Mar 21, 2018 at 4:16 PM | Permalink | Reply

      yes, I’m sympathetic to possibility of CyberBerkut attribution as well, tho not confidently. But I like to thoroughly parse the accepted theories first. Demonstration of flaws is usually necessary to get acceptance for an alternative explanation.

      • Steve McIntyre
        Posted Mar 21, 2018 at 4:31 PM | Permalink | Reply

        The gmail phishing campaigns published at DCLeaks continued through the summer of 2016. I parsed the date of the latest email in each DCLeaks archive in table below. Four archives end in June, two in July and one (Colin Powell) at end of August.
        null

        That the earliest published DCLeaks hack is connected to Breedlove, a general involved in Ukraine, is a slight additional indicator towards Ukraine involvement IMO.

      • Jaap Titulaer
        Posted Mar 21, 2018 at 4:44 PM | Permalink | Reply

        Agree.

        By the way: at least one of the DNC accounts in the WikiLeaks archive has emails dating back much further than May (those belonging to Scott Comer, earliest is 2015-10-19 14:31:31).
        I’ve not yet succeeded in simply getting a list of all of them, as there seem to be search limits in place at WL.

        • Jaap Titulaer
          Posted Mar 21, 2018 at 4:53 PM | Permalink

          As WL says:

          Starting on Friday 22 July 2016 at 10:30am EDT, WikiLeaks released over 2 publications 44,053 emails and 17,761 attachments from the top of the US Democratic National Committee — part one of our new Hillary Leaks series. The leaks come from the accounts of seven key figures in the DNC: Communications Director Luis Miranda (10520 emails), National Finance Director Jordon Kaplan (3799 emails), Finance Chief of Staff Scott Comer (3095 emails), Finanace Director of Data & Strategic Initiatives Daniel Parrish (1742 emails), Finance Director Allen Zachary (1611 emails), Senior Advisor Andrew Wright (938 emails) and Northern California Finance Director Robert (Erik) Stowe (751 emails). The emails cover the period from January last year until 25 May this year.

          Dating when these were retrieved seems a simple matter of the last date, because several of these people seem to have older emails saved in their inbox, so at least some are not following the max 30 day retention policy that Hillary’s campaign introduced (and advocated).

        • Steve McIntyre
          Posted Mar 21, 2018 at 7:52 PM | Permalink

          there are only 2-3 emails per month prior to April 19. On that day, there is a step change – see prior post on this. I am completely convinced by steemwh1sks tht this step change arose from 30 days retention policy combined with May 19 entry.

          The “early” emails require some sort of explanation given 30-day retention policy. steemwh1sks speculated some sort of transfer of earlier emails between April 19 and May 25. Makes sense to me, but maybe something else. BE that as it may, all but one account have very narrow date limits

        • Steve McIntyre
          Posted Mar 21, 2018 at 7:55 PM | Permalink

          Here’s a search string for early emails
          https://wikileaks.org/dnc-emails/?q=&mfrom=&mto=&title=&notitle=&date_from=2010-01-01&date_to=2016-03-31&nofrom=&noto=&count=50&sort=1#searchresult

        • Posted Mar 21, 2018 at 8:38 PM | Permalink

          “The “early” emails require some sort of explanation given 30-day retention policy.”

          Believe it or not, some emails just get stuck on a server despite policies such as this.

          I have retention limits set on a couple of IMAP accounts from a commercial provider and there are a few emails that just stick around.

        • Jaap Titulaer
          Posted Mar 22, 2018 at 3:47 AM | Permalink

          Yeah part of those ‘old’ emails have no valid date, displayed at WL as 1970-01-01 00:00:00 +0000.
          That is quite a number of the old ones.
          https://wikileaks.org/dnc-emails/?q=&mfrom=&mto=&title=&notitle=&date_from=&date_to=&nofrom=&noto=&count=50&sort=1#searchresult
          So those are clearly in error and a rule will likely not catch them.

          And then we have Comer, who’s old messages seems to contain a lot of automated emails related to ‘Outgoing call to ‘.
          From: ComerS@dnc.org
          2015-10-19 14:31:31 +0000
          Outgoing call to Miryam Lipper (Other)

          He also has old incoming ones.
          To: ComerS@dnc.org
          2015-08-14 13:16:54 +0000

          Note that these people use MS Outlook clients, so they can have other email retention rules than standard.
          Another option is that this is a recently invoked rule and in some cases the old mails have been archived into Archive.PST and those PST files have been retained in the user directories on the file servers or on backup-servers. So not deleted prior to a certain dated, but merely archived.

          And Charles is right, the software and/or data may have bugs, leading to retention. That will likely be the case with those corrupted emails without valid date/timestamp.

      • rose anderson
        Posted Apr 16, 2018 at 1:24 AM | Permalink | Reply

        Renting a hacker to hack isn’t a bad ideas had issues at my jobs co-worker blackmailed me, I had to hire THEDARKHACKER @ protonmail .com to help me locate and wipe out the evidence, am so glad its all gone now.

    • Steve McIntyre
      Posted Mar 21, 2018 at 4:33 PM | Permalink | Reply

      The syntax myaccount.google.com-securitysettingpage[.]ml was used in the William Rinehart hack.

      I’ve spent a lot (too much) time collating the precise syntax of the various hack emails, looking also in phishtank for parallels – not easy to do. It’s an interesting collection that I mean to report on.

    • David Blake
      Posted Mar 22, 2018 at 2:08 AM | Permalink | Reply

      Hi Jaap,

      Re Cyber Berkut. On the other thread you said:

      “I’m just not so sure that they were also Guccifer 2.0, as that group seems a bit too nice for the DNC and clearly inserts the links to Russia in the documents on purpose.”

      That’s the point. CyB are well known for altering documents – as mentioned in the Forbes article and elsewhere. It’s a pointer towards them, either by them, or as we already discussed by someone else pointing to them.

      Their language settings are already Russian. Compare a CyB doc with G2.0.’s 1.doc:

  2. Jaap Titulaer
    Posted Mar 21, 2018 at 4:40 PM | Permalink | Reply

    As to this:

    On May 17, a response from the IT helpdesk shows that the DNC was using (Microsoft) Outlook for email – not Google Apps Gmail.

    That excludes Google Apps Gmail, but it is possible to use regular Gmail with an Outlook client.

    When we check mail.dnc.org via WhoIs it seems that this is hosted by Google. It is not really the same as gmail, but more a company specific email solution hosted by Google on the gmail infrastructure.
    Direct IP is 172.217.10.147 but other lookups resolve to 216.58.209.243. Both are at Google.

    WhoIs lookup using ultratools.com for mail.dnc.org:

    Source: whois.arin.net
    IP Address: 172.217.10.147
    Name: GOOGLE
    Handle: NET-172-217-0-0-1
    Registration Date: 4/16/12
    Range: 172.217.0.0-172.217.255.255
    Org: Google LLC
    Org Handle: GOGL
    Address: 1600 Amphitheatre Parkway
    City: Mountain View
    State/Province: CA
    Postal Code: 94043
    Country: United States

    WhoIs lookup using whois.com.au for mail.dnc.org:

    NetRange: 216.58.192.0 – 216.58.223.255
    CIDR: 216.58.192.0/19
    NetName: GOOGLE
    NetHandle: NET-216-58-192-0-1
    Parent: NET216 (NET-216-0-0-0-0)
    NetType: Direct Allocation
    OriginAS: AS15169
    Organization: Google LLC (GOGL)
    RegDate: 2012-01-27

    Updated: 2012-01-27

    Port 80 (Web) according to https://www.threatcrowd.org/domain.php?domain=mail.dnc.org has mail.google.com/a/dnc.org, so similar to gmail (but not the same). Normal Gmail accounts are hosted at mail.google.com/gmail.

    HTTP/1.1 302 Found Location: https://mail.google.com/a/dnc.org Date: Wed, 21 Mar 2018 20:22:49 GMT Content-Type: text/html; charset UTF-8 Server: ghs Content-Length: 230X-XSS-Protection: 1; modeblockX-Frame-Options: SAMEORIGIN

    This means that the only way to get DNC.org emails are leaks or via email phishing (like was done to Podesta).
    Breaking into the DNC servers (hosted by MIS or usually by Amazon) will not get you there (as the email servers are somewhere else entirely).

    • Posted Mar 21, 2018 at 11:35 PM | Permalink | Reply

      “As to this:

      On May 17, a response from the IT helpdesk shows that the DNC was using (Microsoft) Outlook for email – not Google Apps Gmail.

      That excludes Google Apps Gmail, but it is possible to use regular Gmail with an Outlook client.”

      This is not correct. You can use the Outlook client with Google Apps mail, and I have been doing so for years.

      (By the way, Google Apps was rebranded “G Suite” on 29 September 2016.)

      • Jaap Titulaer
        Posted Mar 22, 2018 at 3:51 AM | Permalink | Reply

        Yes you can use an Outlook client with GMail or any kind of SMTP email. What I mean is that they are not using a GMail App but instead they are using an Outlook client on their PC’s.
        Because DNC is using a web-enabled kind of email they can also fetch their email via a webpage (likely, could be blocked) and via any other kind of email application on other platforms, like phones.
        But on their PCs they are using Outlook, not any Google App for GMail.

    • Jaap Titulaer
      Posted Mar 22, 2018 at 3:55 AM | Permalink | Reply

      I said: “This means that the only way to get DNC.org emails are leaks or via email phishing (like was done to Podesta).”

      But that is incorrect because they were using Outlook clients. Those clients normally download the emails to a local Outlook.PST which is in their personal (user) data directories. The retention policy may use and probably will have used in the past, the option to archive old messages to Archive.PST. Both PST files will (likely) also have been backed up to file servers.
      So you can still get at their PST files when you have access to their PC’s (and user data) or when you have access to file or backup servers.

      • Mickey Reno
        Posted Mar 25, 2018 at 12:24 PM | Permalink | Reply

        Jaap, yes, even with a cloud-based Outlook mail browser, it’s likely that Podesta had a local Outlook mailbox (.PST file) for use in offline browsing and / or backup purposes. This fairly common, especially among those who are frequent travelers, and who want their entire e-mail history available at all times.

        Any hacker able to login to Podesta’s laptop, after it had been successfully phished, would then be able to open Outlook and then export all his PST file to another location to be read at their own leisure.

        • Steve McIntyre
          Posted Mar 25, 2018 at 1:04 PM | Permalink

          Are you mixing up DNC hack and Podesta hack?

          Podesta hack easier to follow. His gmail account was phished – NOT his laptop. Phishers could empty his gmail account directly.

          Podesta doesn’t appear at all as correspondent in DNC hack emails. Nor do any major figures in Hillary campaign. To portray DNC hack as an attempt to undermine Hillary doesn’t really accord with actual emails.

        • Mickey Reno
          Posted Mar 25, 2018 at 5:51 PM | Permalink

          Yes, I mixed up the two distinct events. The point was not to make any positive claim, only to say that with the presence of PST files on a local disk drive, a very common event even for those who generally access their server via a browser, no server hack would be necessary.

  3. Posted Mar 21, 2018 at 6:05 PM | Permalink | Reply

    Steve, have you considered contacting a reporter to do the legwork of asking ex-DNC personnel about their email setup and security training and such? They could also confront the security experts that have written on the topic, making them defend their assertions against your informed scrutiny.

    The puzzling thing to me is that Dems in both Hillary and DNC are under attack for months before the late May DNC exfiltration and yet they show only small improvement in falling prey to credentials phishing (even if they were using Gmail). Clearly, if Hillary had announced she was under attack in March she would have created awareness at the DNC to be on guard and take special precaution. Nobody points out how they kept quiet for months.

  4. AntonyIndia
    Posted Mar 21, 2018 at 11:35 PM | Permalink | Reply

    This also didn’t help: https://wikileaks.org/dnc-emails/emailid/5674

    DNC’s press assistant sending out our password by e-mail to many after a known hack shows their total lack of cyber awareness.

    • AntonyIndia
      Posted Mar 21, 2018 at 11:55 PM | Permalink | Reply

      RegionalPress@dnc.org ‘s “new” password on 2016-04-29 19:52 was HQTevgHQ@z&8b6.
      The “old” ones for dncpress@dnc.org were Obama-Biden-2012 and obamain08 https://wikileaks.org/dnc-emails/emailid/12412

      With such simple passwords any script kiddy could have hacked in; Teddy Bear could have managed.

    • AntonyIndia
      Posted Mar 22, 2018 at 5:06 AM | Permalink | Reply

      RegionalPress @dnc.org ‘s “new” password on 2016-04-29 19:52 was HQTevgHQ@z&8b6.
      The “old” ones for dncpress @dnc.org were Obama-Biden-2012 and obamain08 https://wikileaks.org/dnc-emails/emailid/12412

      With such simple passwords any script kiddy could have hacked in; Teddy Bear could have managed.

      • Jaap Titulaer
        Posted Mar 22, 2018 at 5:12 AM | Permalink | Reply

        Nice find!

        Hi Team, Apologies for delay in sending this out but I cannot login to dncpress@dnc.org with either of the passwords I have on file for the account (Obama-Biden-2012 and obamain08). ….

        LOL !!! 🙂 😉

        • MikeN
          Posted Mar 23, 2018 at 12:40 PM | Permalink

          Did UEA/RC send tech staff to DNC?

  5. AntonyIndia
    Posted Mar 22, 2018 at 1:06 AM | Permalink | Reply

    Hackers discussed about the DNC breach: https://news.ycombinator.com/item?id=13279600
    My favorite lines: Exactly, why burn zero-days when you’re targeting a technologically unsophisticated adversary with a huge organizational attack surface? & The DNC isn’t exactly an air-gapped Iranian nuclear centrifuge.

  6. Posted Mar 22, 2018 at 8:05 AM | Permalink | Reply

    Question: “DNC Hack due to Gmail Phishing??”

    Answer: any of the above.

    Since emails were on the Google server, PCs and backup servers and the passwords were weak enough to be guessed, Trump was correct in the debate when he said the hacker could be anyone, including a 300-lb teenager in bed. The question remains though of why the exfiltration to WL happens so late, May 25? By that time everyone in the DNC had to be aware of the rampant threats, including their hired top-notch security monitor, Crowdstrike, supposedly locked down the hatches on May 6 or May 11 at the latest. This points back to a leak, especially when every knows the DNC netowork is already compromised. We have the strange cases of Imran Awan with DWS password, who we learn later will steal anything of value to sell to the black market. And we have Bernie Sanders’ supporter, Seth Rich, who’s murder investigation is now in a box at the North Pole.

    • Steve McIntyre
      Posted Mar 22, 2018 at 9:19 AM | Permalink | Reply

      The question remains though of why the exfiltration to WL happens so late, May 25?

      Maybe it’s because an opportunity arose in the period May 19-25, 2016. (To be pedantic, we don’t know that the exfiltration to WIKILEAKS happened around that time – it could have been later – only that the exfiltration of emails in the Wikileaks DNC archive happened then.)

      We haven’t spent much time on MISDepartment. The total evisceration of its website between early June 2016 and July 2016 strongly suggests to me that there is some fundamental connection between them and these events. MIS had direct access to DNC server in May 2016. Would they also have direct access to individual email accounts? Here is the login page at MISDepartment on June 8, 2016.

      Here is the defunct MIS login page on July 31, 2016.

      Recall that a watering hole site misdepatrment[.]com had been set up in March. Hmmmm…

      There was almost immediate attention to this site (June 17, 2016) by ThreatConnect here. (Question: I wonder if there was some coordination between CrowdStrike and some of their “partners”, in which some of these early “independent” articles arose from CrowdStrike tips/plants.) The IP address hosting misdepatrment[.]com was one of the IP addresses baked into X-Tunnel malware. Pretty convenient bread crumb.

      • AntonyIndia
        Posted Mar 22, 2018 at 10:38 AM | Permalink | Reply

        “The domain misdepatrment.com was registered on March 21, 2016. Farsightsecurity lists the earliest domain resolution as March 24, 2016. On April 24th, 2016 the domain misdepatrment.com moved from the parking IP Address 5.135.183[.]154 to the FANCY BEAR Command and Control IP Address 45.32.129[.]185 where it remains resolved at of the time of this writing.” https://www.virustotal.com/en/ip-address/45.32.129.185/information/

        The DCCC ‘s funding website called actblue.com got the same spoofed domain name treatment next: actblues.com https://www.slideshare.net/CanSecWest/csw2017-kyle-ehmke-lots-of-squats-apts-never-miss-leg-day

      • Jaap Titulaer
        Posted Mar 22, 2018 at 11:03 AM | Permalink | Reply

        Their last 2 posts on twitter:

        It's #PasswordDay ! How good is your password security? @BettyWhite has advice on how to keep your accounts private. https://t.co/qZCb4X7JKS— The MIS Department (@MISdepartment) May 5, 2016

        https://platform.twitter.com/widgets.js

        Seems some of their customers failed to listen to such sage advice.

        Personal data should remain personal. Data security should be a priority for all tech leaders. #ApplevsFBI https://t.co/Rl9J6svBOi— The MIS Department (@MISdepartment) March 22, 2016

        https://platform.twitter.com/widgets.js

        • Steve McIntyre
          Posted Mar 22, 2018 at 12:59 PM | Permalink

          yes, I noticed that. The date of their last tweet on security is May 5, 2016, a day in which Crowdstrike is preparing to install their magic programs at DNC server (May 6). Wonder if they felt slighted?

        • Steve McIntyre
          Posted Mar 22, 2018 at 4:38 PM | Permalink

          Subsequent IP addresses of misdepatrment.com are full of malware that looks like crimeware, rather than APT28.

        • Jaap Titulaer
          Posted Mar 22, 2018 at 5:15 PM | Permalink

          Just lookup the name servers related to misdepatrment, and the related company. See also the DCCC ‘hack’ as described here https://www.fidelissecurity.com/tags/dccc-hack

          Then check out David Blake’s website, he is describing a set of related (mostly) Romanian companies and entities who seem to be way to helpful to all kind of cyber miscreants. Many malware sites are hosted by the same group. It looks a lot like the Lurker gang, but then operating from elsewhere.
          Of course it could be that they are just a bit too helpful (everything can be arranged anonymous, like paying via bitcoin etc).

          A lots of links lead back to those guys. Some quotes from Blake’s site.

          He registered DCLeaks.com in 2010, 2012, & 2016 under different names and two different hosting and nameserver companies for DCLeaks.com
          Behind many known scams
          Many linked domains seized by Microsoft
          Strontium is MS name for Fancy Bear
          Therefore it’s just a criminal scam. Not Russia
          domains4bitcoins, a partner company, to Florica’s THCServers:
          registered misdepatrment.com
          which was “used to hack” the DCCC
          ititch.com which registered actblues.com, “used to hack” DNC uses exactly the same anonymising services as THCServers.

          Apparently several of the Strontium (aka Fancy Bear aka APT28) domains that where seized by Microsoft [ original links to the courtfilings noticeofpleadings.com/strontium/…] were hosted by THCServers.
          2 corrections: misdepatrment.com was used for attack on DNC (not DCCC)
          and actblues.com (secure.actblues.com) was used for attack on DCCC (not DNC).

        • Steve McIntyre
          Posted Mar 22, 2018 at 9:24 PM | Permalink

          Another oddity of “APT28” is that many of its IP servers are located in the US.

        • Jaap Titulaer
          Posted Mar 23, 2018 at 4:52 AM | Permalink

          Depends a bit on what those servers are used for. There are generally two kinds: those that have names used for phishing or misdirection and those that are mere work-horses.

          The misdepatrment server is likely used for either misdirection or for phishing. Because that IP address was used in one of the X-Tunnel binaries (meaning it is used as a C&C server) the most likely reason was misdirection. Traffic from the malware binary from inside DNC to that fake misdepatrment server (over HTTPS) could then be unnoticed by network admins, even those from MIS department.

          What matters is that the first group (phishing etc) often have suspicious names, so you would not be able to register those names at any proper normal ISP. But there are quite a number of ISPs with less scruples. The ISP in this case has registered a whole list of very suspicious websites, whose only purpose can be something criminal (named after Google, Microsoft, Symantec etc. or other companies and public institutions). Payment in bitcoins …
          But after the name has been registered somewhere (using fake registration details and/or using a privacy hiding registration service) the later use can be done on another server. Re-hosting an already named domain somewhere else is easy. And again we have lot’s of especially smaller ISP’s who will then host such a server, no questions asked. Again payments in something like bitcoins is preferred by the hackers.

          The work-horses will either be hacked servers belonging to unsuspecting companies (usually small web-servers) or just given some random unimportant name.

          So those servers in the USA either are hacked (and belong to unsuspecting third parties) or are just unremarkable work-horses. Or they are the new place for a name created & registered earlier somewhere else. And of course payment in bitcoins.

          When we see lot’s of malicious sites using the same name servers and registered via the same companies, that says more about the nefarious nature of those ISPs and registration companies than about whether all those criminal operations are related.

          The link between misdepatrment[.]com server and one of the X-Tunnel binaries (via IP number 45.32.129.185) seems clear, but the relationship between that one and the servers used for the phishing campaign(s) is not clear to me at all. If that relationship is just that they use or have used the same name server, or registrar, than that in itself does not mean that it’s the same group of hackers.

        • Steve McIntyre
          Posted Mar 23, 2018 at 9:23 PM | Permalink

          https://informnapalm.org/6439-zashhyta-ot-krazhy-parolya-ot-uchetnoj-zapysy-gmail-cherez-fyshyngovye-pysma/

          InformNapalm reported on google-themed bitly-shortening phishing campaign in Feb 2015 –

        • AntonyIndia
          Posted Mar 23, 2018 at 5:28 AM | Permalink

          These tiny misspellings are easily overlooked by humans, but computer software sees them at once.

  7. Steve McIntyre
    Posted Mar 22, 2018 at 10:47 PM | Permalink | Reply

    Looks like news on Guccifer 2 tomorrow
    https://www.thedailybeast.com/exclusive-lone-dnc-hacker-guccifer-20-slipped-up-and-revealed-he-was-a-russian-intelligence-officer

    IP address in social media (Guccifer 2 ran both Twitter and FB) apparently leads to Moscow. Why wouldn’t this have been reported 12 months ago.

    • AntonyIndia
      Posted Mar 22, 2018 at 11:19 PM | Permalink | Reply

      “The CIA needed Putin’s prompting/assistance to manipulate the Russian elections”
      Absurd yes, just like the opposite: the GRU needed Trump’s prompting/assistance to manipulate the American elections.

    • Posted Mar 22, 2018 at 11:53 PM | Permalink | Reply

      From your Daily Beast link:

      Almost immediately various cyber security companies and individuals were skeptical of Guccifer 2.0 and the backstory that he had generated for himself,” said Kyle Ehmke, an intelligence researcher at the cyber security firm ThreatConnect

      It’s especially nauseating to read material that you know about when it’s in the MSM lens. Someone should write Threatconnect if they mis-stated G2 connection to DCLeaks or Russian GRU reserved VPN server. If they were wrong on those two points I would say they are worthless or worse.

      Guccifer 2.0 maintained a sporadic online presence throughout the election, posting to his dedicated WordPress blog and on Twitter, and spilling more DNC documents, sometimes in private emails to journalists.

      I wonder if the reporter knew that G2 never posted any DNC documents that WL posted? That fact would provide the opposite of the impression the above sentence gave. If the reporter didn’t personally do any research should they, ethically speaking, even be reporting?

    • Steve McIntyre
      Posted Mar 23, 2018 at 11:19 AM | Permalink | Reply

      no followup yet on G2 story. Justice Dept cyber announcement turned out to be about Iranians stealing university professor credentials to read academic journals.

    • David Blake
      Posted Mar 24, 2018 at 3:06 AM | Permalink | Reply

      I’m sure it’s just a co-incidence that the Daily Beast’s owner (IAC) has Chelsea Clinton as a board member

      http://iac.com/about/leadership/board-directors/chelsea-clinton

      The story itself seems to have been written by CNN. An anonymous source, an anonymous IP, and anonymous GRU agent. No code. No proof. Case closed.

      {open sarcasm} But, sources “…familiar with Guccifer2.0’s thinking …” {close sarcasm}

      • Steve McIntyre
        Posted Mar 24, 2018 at 11:23 AM | Permalink | Reply

        It will be interesting to see if anything comes of it.

        Now that you mention it, remember the Dec 9, 2016 (or so) WaPo article which said that the CIA could identify Russian individuals who transmitted documents to Wikileaks. Shortly afterwards, FBI got fully onboard the Brennan-Clapper program. The assertion permitted the Jan 6, 2017 assessment and attempts to undermine Trump. However, to this day, nobody’s ever identified the individuals. And everybody’s forgotten the false claim.

      • Steve McIntyre
        Posted Mar 24, 2018 at 11:28 AM | Permalink | Reply

        With a couple of days to think about it, it’s hard to believe that GRU methodology would permit operatives to directly access US social media on their own IPs.

        Another point: looking at IP addresses was first thing that people did after Climategate hack. Gavin Schmidt of realclimate wanted to know IP address behind Mr FOIA’s comment at this blog. (It was from a proxy server). Given the active social media presence of G2, if I were FBI, I would have looked at IP addresses at Twitter, wordpress, etc on day 1.

        If G2 left an unbleached IP address on social media, they should have caught him in July 2016, not being cute now.

  8. Don Monfort
    Posted Mar 22, 2018 at 11:58 PM | Permalink | Reply

    So says Daily Beast. But the ‘news’ that it was the likely the GRU was reported more than a year ago:

    “Five months later, in January 2017, the CIA, NSA, and FBI assessed “with high confidence” that “Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com to release US victim data.” But the assessment did not directly call Guccifer a Russian intelligence officer. Nor did it provide any evidence for its assertions.”

    Now old reliable Daily Beast claims that they have learned through an anonymous source that Guccifer 2.0 had been IDed as a particular GRU officer. Who would have guessed that the GRU would use one of their own officers to do GRU work.

    “Mueller’s office declined to comment for this story. But the attribution of Guccifer 2.0 as an officer of Russia’s largest foreign intelligence agency would cross the Kremlin threshold—and move the investigation closer to Trump himself.”

    Looks like a leak from the Mueller team. If Daily Beast isn’t making the whole thing up, as is their usual style, expect Mueller to indict some designated worker bee in the GRU. He may even be the real Guccifer 2.0, but the indictment will be window dressing. I don’t believe that Putinski will surrender any GRU officers to stand trial.

    How this brings the investigation closer to Trump is not explained. Perhaps the Daily Beast geniuses are assuming that the clown Roger Stone knew that he was casually and openly communicating/conspiring with a GRU officer in the guise of Guccifer 2.0. Of course, it is highly unlikely that this foolishness will ever be hashed out in a courtroom.

    • franktoo
      Posted Mar 23, 2018 at 11:04 PM | Permalink | Reply

      Don asked: “Who would have guessed that the GRU would use one of their own officers to do GRU work?”

      If the GRU was serious about hiding their tracks, they might have engaged a third party to play Guccifer 2.0. I hear a lot of rumors about Ukrainian involvement in hacking. If the GRU cared enough, couldn’t they have made Guccifer 2.0 appear to be a Ukrainian operation? Of course, the recent assassination and several others suggests – superficially at least – that Russian intelligence doesn’t care much about their public reputation. as long as their mission was successful. They have created a lot of dissension in the US and intimidated Putin’s vulnerable opponents.

      Don said: “He may even be the real Guccifer 2.0, but the indictment will be window dressing. I don’t believe that Putinski will surrender any GRU officers to stand trial.”

      … as long as Putinski appears invulnerable. After that, everyone will be looking out for themselves and cutting deals. I know you are looking forward to this day.

      Don writes: “How this brings the investigation closer to Trump is not explained.”

      Guccifer 2.0 attempted to divert attention from Russia as the hackers of the DNC. Guccifer 2.0 presumably will now be unambiguously IDed as GRU. Doesn’t that dramatically reduce the chances that someone else hacked the DNC? … At least in a logical world without grand conspiracies? (If I’m at a climate skeptic website, I’m admitting that some very strange things do go on. Like the most influential tree in the world.) Given the timing of the releases of the hacked email, this increases the clarity that Russia was out to harm HRC, which is synonymous with help Trump. But NO, it doesn’t bring us closer to any form of collusion or compromise. For that you simply need to evaluate Trump’s treatment of Putin and attempts to discredit the FBI and Mueller. See Trey Gowdy:

      • Don Monfort
        Posted Mar 24, 2018 at 3:43 AM | Permalink | Reply

        Trump’s treatment of Putinski doesn’t indicate any collusion or compromise. As Obama did the last time Putinski rigged an election, Trump congratulated him on his glorious victory. Just a meaningless courtesy. And his pointing out the obvious facts of the composition of Mueller’s team of inquisitors and the conduct of the witch hunt just might be the protestations of an innocent and frustrated man who is being persecuted and distracted from his very important job of MAGA. I hope little holier-than-thou Trey gets the opportunity to have a comparably funded and staffed witch hunt conducted against himself and his family, friends and associates as soon as possible.

        It seems likely to me that former FBI Director Mueller is sympathetic to the Comey-McCabe-FBI cabal that wants to see Trump destroyed. I don’t believe he will find any legitimate evidence of collusion. But I expect him to do as much damage to Trump as he can manage. Probably in the form of “We can’t indict the guy, but it sure looks like he tried to obstruct justice. And he is mean and nasty. Should probably be impeached for something.”

      • Posted Mar 24, 2018 at 10:56 AM | Permalink | Reply

        Guccifer 2.0 attempted to divert attention from Russia as the hackers of the DNC.

        Only if you think that G2’s sensational appearance days after the DNC announcement of a hack buried the story rather than amplifying it and establishing it as a Russian attack rather than a leak. To say people were supposed to believe G2’s claim that he was Romanian seems unrealistic.

        Guccifer 2.0 presumably will now be unambiguously IDed as GRU.

        If past is prologue I very much doubt that.

        Doesn’t that dramatically reduce the chances that someone else hacked the DNC?

        I don’t know if it’s even possible to leave an un-spoofable digital fingerprint. But for argument sake it is, this proves only the Russian meddling’s main objective was to so discourse and create mayhem rather than elect Trump since G2 helped Hillary’s narrative of Russian hack without doing any damaging revelations on Hillary. But according to the Daily Beast Mueller is about to indict conservative fundraiser Roger Stone as a Russian conspirator for the crime of having been personally contacted by G2. The theory is that Stone may have told G2 to tell Assange release the Podesta emails just hours before the Access Hollywood tape release because everyone knows that campaign conversations are more interesting than salacious video.

      • Steve McIntyre
        Posted Mar 24, 2018 at 12:03 PM | Permalink | Reply

        you say: “Guccifer 2.0 attempted to divert attention from Russia as the hackers of the DNC.”

        I disagree strongly. In my opinion, Guccifer 2 operation attempted to pin blame on Russia. Documents in first G2 release were manipulated to add “Russian” metadata, which was immediately “spotted” by GCHQ alumnus as “mistake” proving Russia. Except that alternations in first G2 release could NOT have been “mistake”. They were intentional. Reasonable people can disagree on purpose of alteration, but I do not believe that anyone can reasonable contend that metadata changes were an accident.

        • Don Monfort
          Posted Mar 24, 2018 at 1:35 PM | Permalink

          According to Steve’s opinion, it was a transparent attempt to pin the blame on Russia. Another possibility is that it was a deliberate GRU mis-direction ploy that hasn’t been very successful. In any case, guccifer 2 is not sufficient or necessary to blame Russia.

      • Steve McIntyre
        Posted Mar 24, 2018 at 12:06 PM | Permalink | Reply

        Trump’s attempts to discredit Mueller are no different than Bill Clinton’s successful campaign to discredit Ken Starr. Bill Clinton had to do so to survive. So does Trump against prosecutorial misconduct all-stars.

        • Frank
          Posted Mar 28, 2018 at 11:45 AM | Permalink

          Steve wrote: “Many more people have been killed and maimed by US supplied bombs and armaments in Iraq and elsewhere. According to your definition, US is, by far, the leading state sponsor of terror.”

          According to Wikipedia: “Terrorism is defined in Title 22 Chapter 38 U.S. Code § 2656f as “premeditated, politically motivated violence perpetrated against noncombatant targets by subnational groups or clandestine agents.”

          US policy is to carefully distinguish between civilian and military target and to only attack the latter while taking into consideration and minimizing damage to the latter. We don’t support nations or groups that target civilians.

          You could raise questions about bombing during WWII, but our policies have evolved, especially since the PLO attack on the Munich Olympics, and the rise of the IRA and other groups whose main targets are civilian. We suppose Kurds (SDF) in Syria, but not the PKK which has conducted terrorists attacks in Turkey.

        • Steve McIntyre
          Posted Mar 28, 2018 at 12:28 PM | Permalink

          I was responding to Don’s definition. He said “Steve:I know people who were killed and maimed by Iranian supplied IEDs in Iraq.” If he had used different definition, I would have responded differently. According to the Wikipedia definition (which seems better to me), killing of American soldiers and militaty contractors in Iraq is regrettable, but hardly “terrorism”, let alone by Iran. Not trying to take sides here, just being precise.

        • Don Monfort
          Posted Mar 28, 2018 at 6:57 PM | Permalink

          Steve: “Don’s definition” No. Just because you keep saying it is my definition doesn’t make it so. It is not my definition. You asked on what basis the U.S. designates Iran worst state sponsor of terrorism. I told you. If you had done a 2 minute googling, you would have known about the attacks carried out by Iran and their proxies in the recent past, many of which fit the general description of terrorism.

          I wouldn’t bother calling them the leading state sponsor of terrorism. Seems childish to me. I would just bomb the crap out of them for killing our people. Clear?

        • MrPete
          Posted Apr 1, 2018 at 9:38 PM | Permalink

          I don’t see that Trump “needs to discredit” Mueller. All he needs to do is expose Mueller to the light of day, since the MSM won’t do it.

          Mueller discredits himself quite nicely.

          To see that whole mess with clarity requires some understanding of just how deep the Swamp is. I found a very articulate interview on that subject recently: https://www.youtube.com/watch?v=aa95jLxZfc4&feature=youtu.be

      • Frank
        Posted Mar 25, 2018 at 4:05 PM | Permalink | Reply

        Criticisms of my comment on the importance of the possible identification of Guccifer 2 were very credible. Let’s me try again.

        In the process of indicting a Russian intelligence officer for the activities of Guccifer 2, the public will obtain some addition confirmation that Guccifer 2 was a Russian operation. Each of us can personally evaluate the reliability of that information, but there should be more.

        Based on what I read here and elsewhere, Guccifer 2 was too crude and flawed an operation to represent serious attempt to point the finger at non-Russians: If the GRU really wanted us to believe someone else did the hacking, Guccifer 2 wouldn’t have had so many flaws. Nor would Guccifer 2 have disclosed authentic hacked material (as I understand he did.)

        (Aside: IMO, the Russians don’t care if the world thinks they hacked the DNC, assassinated Russian traitors in Britain and dissidents at home, or used their special forces to take over Crimea or Eastern Ukraine. They want the vulnerable to fear them. So they don’t need to cover their tracks.)

        If someone else had hacked the Democrats, there would be NO REASON for the GRU to mount the Guccifer 2 operation. Logically, whatever increased confidence you personally gain from Mueller’s indictment of a GRU agent should translate into increased confidence the Russians hacked the Democrats.

        So, given increasing evidence that Guccifer 2 was a GRU operation, what was its objective?

        IMO, the objective was to create confusion, mistrust and dissension. The GRU operates in a world where even their most important secrets can leak. So they provide a steady stream of mis-information and mis-direction. False documents, false-defectors, false internet persona, false websites and false videos. That way, when reliable information arrives, no one knows whether it can be trusted, especially with the deterioration of the MSM. Our intelligence agencies were likely to gain increasing confidence that the Democrat hackings were Russian operations no matter what the Russians did. However, the discussions here and elsewhere provide conclusive evidence that Guccifer 2 SUCCEEDED in creating increased public skepticism about the reliability and impartiality of our intelligence services. (This is true whether or not that was the intention of the operation in the first place.) That skepticism extends to Congress and even the President. Even someone who is now 100% sure about who was responsible for the hacking and Guccifer has subconscious doubts that create confirmation bias next time they are suspicious of our intelligence services.

        Authoritarians such as Putin recognize the openness of democratic societies (a prerequisite for an informed electorate) as a major vulnerability. They can add their misinformation to the 9/11 conspiracies, the JFK assassination, the Moon landing hoax, Pearl Harbor conspiracies, and climate change conspiracies that are already circulating. Of course, as a long-time reader of this blog, I realize that the climate science community reeks of confirmation bias and has put out a lot of deeply flawed material. Some conspiracies turn out to be real. If it can happen in climate change. it can happen elsewhere, perhaps by a path too convoluted for me to follow, or follow without help from others. Our/my job is to evaluate each new piece of evidence as objectively as possible and not let our/my preconceptions and confirmation bias influence our/my judgments. When this blog focused only on climate change, the comments seemed to be more objective.

        Sorry for letting my required ID at Judy Curry’s (franktoo) slip in here where elsewhere where I simply use frank.

        • Posted Mar 25, 2018 at 7:13 PM | Permalink

          “If someone else had hacked the Democrats, there would be NO REASON for the GRU to mount the Guccifer 2 operation.”

          Frank, there was no reason for the GRU to create Guccifer 2.0, especially if they were caught hacking and giving the DNC and Podesta emails to WL. First, they would have made their hack emulate another cyber gang or at least have included another cyber gang to muddy the water (and not the FSB). They would have recruited an insider like Seth Rich as an unwitting cut-out to submit the documents to Wikileaks. (This makes the Russians equal suspect with Hillary if Seth Rich was murdered for his being involved.) Hillary’s intelligence machine had much more motive to create Guccifer 2.0 in order to point away from a politically damaging implication of a whistleblower and toward what she knew was a politically damaging case for Trump. Remember, at this exact time she is paying millions of dollars to create a case for Trump-Russia collusion that did not see light until now. If she had been elected it would never have seen light.

          “Logically, whatever increased confidence you personally gain from Mueller’s indictment of a GRU agent should translate into increased confidence the Russians hacked the Democrats.”

          I already have moderate confidence that the Russians hacked the Democrats. Cozy Bear was spotted in the DNC by the NSA in the summer of 2015. The question is was this, combined with Trump’s allowing Paul Manafort into the leadership of his campaign on March 30, 2016, seen as too good of an opportunity by Hillary’s dirty tricks squad to be wasted? They had direct links to Christopher Steele, Victoria Nuland, the FISA archives through Bruce Ohr, via his wife Nellie, who was handling the Trump-Russia collusion dossier for Fusion GPS. The Russian agent Natalia V., as you well know, worked for the same Russian Oligarch as Fusion GPS on the same case defending against William Browder and controlling his damage in court and in legislatures around the world. What are the chances that Natalia could have gotten wind of Hillary hiring Fusion and their new interest in Trump dirt from anyone with a Russian connection? What are the chances that Natalia would not have reported this valuable info up the chain to Vlad? What are the chances of all the Russian agents that could have dangled Hillary emails to Donald Jr. Natalia would be chosen, her only aware she was assigned to pitch the Magnitsky Act repeal?

          Frank, you are absolutely spot on that Russian meddling was a win-win for Putin, assuming Russia see’s America its arch rival.

        • Frank
          Posted Mar 25, 2018 at 9:19 PM | Permalink

          Ron wrote: “Frank, there was no reason for the GRU to create Guccifer 2.0, especially if they were caught hacking and giving the DNC and Podesta emails to WL. First, they would have made their hack emulate another cyber gang or at least have included another cyber gang to muddy the water.

          Above, I asserted that the GRU’s “objective with [Guccifer 2] was to create confusion, mistrust and dissension”, not a plausible alternative hacker.

          Confusion and mistrust of government authorities allowed the naive to be distracted by Seth Rich. A professional hit man would have put two shots through Rich’s head. In reality, Rich lived at least an hour, talked in the hospital, and might have survived his attack. Assange’s British side kick, who claims he picked up the hacked material on a trip to the US, came here after Rich died. So a second conspirator is needed; one stupid enough not to run to the police after Rich had been killed.

        • Frank
          Posted Mar 25, 2018 at 10:56 PM | Permalink

          Ron asked a bunch of questions about Natalie V:

          Would Fusion GPS tell one client what they were doing for another client? Wouldn’t you fire them immediately if they passed such gossip on to you, suggesting that they gossiped about your business with other clients? However, knowledge and favors are power in the slimy corners of DC, Wall Street, and elsewhere. I don’t understand that world, so Natalie V could have been told about Steele.

          AFAIK, the Natalie V meeting with Trump Jr. doesn’t fit well with any conspiracy originating near Putin. If there were an existing back channel from Putin to Trump, then there would have been NO NEED for an insecure new approach to Trump (who was then being protected by the Secret Service). If Natalie V were part of an approved first approach to Trump, Browder and common sense tell us she would brought a tempting offer. Which leaves two possibilities: 1) Trump Jr and Kushner lied about what was offered and Manafort knows this. Since Manafort is facing life in prison and apparently hasn’t ratted, death threats from the GRU or a pardon someday become possibilities. Any serious offer would need to be discussed with Trump and an answer sent back through someone. Who would Trump pick to return an answer? Kushner? Cohen? Himself? Without anyone willing to admit talking with Trump about an offer, Mueller’s investigation would be at a dead end. 2) The Agaralov family knew about the Russian hacking of the DNC and the likely future release of more material. They decided to make a ROGUE APPROACH through Trump Jr., and see what might be offered. I have little confidence in these scenarios, but #2 makes more sense to me than anything else.

        • Posted Mar 25, 2018 at 11:27 PM | Permalink

          Frank, I first postulated the “crazy Ivan” creating mayhem scenario for G2 being a possibility back in September starting here. So yeah, I still hold it as a possibility. But the extra gain of attention was minimal since he did not produce revelations. The Russian attribution was already made by Alperovitch. Providing further evidence of Russian hands only made more sanctions likely. If the purpose was to taunt Hillary into action why not embarrass her rather than help distract from the WL revellations? And, as I mentioned before, the seeming anticipation of G2’s need for an authentication Trump oppo document citing the prior day by Alperovitch was convenient. G2’s inability to produce any DNC documents other than the Trump doc seems odd.

          Regarding Seth Rich, we had that discussion back in September also here. There are ton of unanswered questions. And, to his being shot execution style, that might be professional for the mob making a statement but tradecraft might rely on poison tainted bullets. Then the unexplained death of survivable wounds gives the hospital has a scandal to cover up, joining the police and DNC as gatekeepers to buried evidence.

        • Frank
          Posted Mar 26, 2018 at 1:56 AM | Permalink

          Ron: So, you think the likelihood the Russian hacked the Dems is X%. That leaves 1-X% for the other possibilities. That includes Y% that someone else did the hacking. That leaves 1-X%-Y% for the possibility that the information was leaked. If we are to believe WL’s story about the leak, there must have been at least one person besides Rich was involved. That person didn’t go to the police when Rich was killed. Low likelihood here (A%). Low likelihood that Rich was killed by a professional, but you suggest some alternative explanations (B%). Some likelihood (C%) that the Russians would know about an innocent DNC staffer who was a Bernie supporter with computer skills, and choose to knock him off to obscure their role in the hacking and sow confusion. Adding it up: A%*B%*C%*(1-X%-Y%). Too small for me to take seriously. You are certainly entitled to make your own estimates.

          Perhaps Assange’s side kick lied about being handed the Podesta material in Washington DC. Then a second person wouldn’t need to have been involved after Rich was dead. That would reduce the credibility of WL’s claim that the material didn’t come from the Russians – if you thought their denials had any credibility in the first place. (I didn’t.) In this scenario, A% would be the likelihood LW lied.

        • Posted Mar 26, 2018 at 5:27 PM | Permalink

          Frank, I like your beginning of a Bayesian framework for the unknowns. Our beliefs on every unknown come with the priors of our experience and education of history, which is going to vary from person to person. Before Watergate one could hold a credible prior that any sizable US government conspiracy would unthinkable to be attempted because of it’s impossibility to cover up. If the Watergate burglars were not caught — if the Nixon were a Democrat — if J.E. Hoover had lived another couple of years in the director post — If Bob Woodward had not struck up a secret mentor relationship (before becoming a reporter) with the man that would become the Deputy Director of the FBI, whom Nixon would pass over in favor one counted as a political ally, Nixon would have finished his term a pretty good president. Opening China and establishing detente with Russia, negotiating the SALT treaties, ending Vietnam would have put him in similar light as Reagan. The North Vietnamese would have waited for Carter to break the deal and invade the south. If Hillary had focused a little more in the rust belt and not called their people deplorable we would not know she was behind the dossier or that it was used to spy on Trump. (Half the country still doesn’t know.)

          All the weights in your variables are interdependent. If Steve manages to produce a strong case for MIS Department being the source for WL that changes all of your calculations. Right? Because if that is true then Seth Rich could have easily been a part or simply been the whistleblower that told on them. If there was any money involved you can be sure Awan had his hand out. If the DNC discovered the leaker after the leak then damage control (G2) and dirty tricks (dossier) are SOP. Think Nixon plumbers.

      • Posted Mar 26, 2018 at 9:31 PM | Permalink | Reply

        In Reply to Franktoo, who I believe posted Trey Gowdy video.

        I listened to several minutes of this. Gowdy is way out of line. He says that Mueller needs to investigate a Russian attack on the US. Baloney. A special counsel has no particular expertise (particularly with only a staff of 16) to do international investigations. Mueller’s investigation of Trump’s supposed collusion could lead to (technically) an investigation of Russian “attacks” on the US, but a special counsel is particularly ill-equipped to investigate foreign matters.

        My only potential explanation for Gowdy going off the reservation is that he was a US Attorney like Mueller and has developed an affinity for him. Very little that Mueller did in the FBI gives him much credibility to handle sensitive and potentially complex cases. For instance, he was one of the main movers in the spectacularly unsuccessful and unfair prosecution of Arthur Anderson. (Overruled by the Supreme Court by 9-0 vote) Also, while he was at the FBI, he supported the FBI’s practice of not transcribing the testimony of witnesses and defendants — an obvious practical effect of this is subornation of perjury by FBI agents.

        Finally, he has done a very poor job as special counsel. 12 out of his 16 staffers are Democrats and none are Republicans. If he was engaging in a fair investigation, and not a persecution, he could easily find competent non-partisan attorneys out of the roughly 1,000,000 attorneys in the US. Instead, he thumbs his nose at fairness and, ultimately a competent investigation by hiring partisan staff.

        JD

        • Steve McIntyre
          Posted Mar 26, 2018 at 9:41 PM | Permalink

          As JD knows but others may not, Andrew Weissman, Mueller’s main deputy, was senior DOJ attorney handling the unfair Arthur Andersen prosecution and even more unfair prosecution of Merrill Lynch executives. Both overturned. Not just overturned, but Weissman and others committed prosecutorial misconduct. See Sidney Powell’s Licenced to Lie for good account of rampant misconduct at DOJ.

          Judge Emmett Sullivan, who surprisingly emerged in Flynn case after Contreras recusal, was hero of Powell’s book, for holding a line against prosecutorial misconduct by Weissman and other DOJ attorneys. Even young Mueller attorney Kyle Freeney has already been remonstrated for prosecutorial misconduct. Collected onto Mueller team, naturally.

        • Don Monfort
          Posted Mar 26, 2018 at 11:43 PM | Permalink

          Mueller was a very bad choice for this investigation , but Russian interference in our elections and alleged collusion of U.S. citizens is not a foreign matter. There were already Justice Dept./FBI investigations underway and the intel community had determined that it was the Russkis what done it.

          Rosenstein bowed to political pressure and appointed a Special Counsel, after Trump fired Comey. The theory being that the Executive Branch could not properly investigate matters that might lead to the POTUS. It was Rosey’s prerogative to appoint a snooper nominally outside the Justice Dept. He picked a former FBI director pal of Comey. We are stuck with it. I suspect that Mueller will keep it going beyond the upcoming election. That little self-righteous mutt.

          Mueller is not limited to a staff of 16 attorney-political hack inquisitors. He has dozens of FBI, and some IRS investigators on his staff. He has the co-operation of the NSA, CIA etc. etc. Basically a blank check.

        • Posted Mar 27, 2018 at 1:06 AM | Permalink

          Steve,

          Thanks for the reference to Licensed to Lie. It got great reviews. I bought the Kindle version.

        • Posted Mar 27, 2018 at 1:11 AM | Permalink

          DM “Mueller is not limited to a staff of 16 attorney-political hack inquisitors. He has dozens of FBI, and some IRS investigators on his staff. He has the co-operation of the NSA, CIA etc. etc. Basically a blank check.”

          The point is that the Special Counsel Office is a legal institution. Legal institutions are not well-suited to investigations dealing with foreign countries and affairs and are not structured to deal with foreign matters. If you were a foreign country with information pertinent to Russia, would you rather give it to a Special Counsel or to the CIA.

        • Frank
          Posted Mar 27, 2018 at 2:54 AM | Permalink

          jdd and Steve: Let’s get real. First, the head of the FBI is not responsible for the instructions given to the Arthur Anderson jury. You can blame the judge and the defense, especially when a guilty verdict would doom AA before an appeal could be heard. Second, the verdict survived appeal, so the instructions weren’t blatantly wrong. Third, in overturning the decision, the Supreme Court made it clear that: “Only persons conscious of wrongdoing can be said to ‘knowingly corruptly persuade'”. To this amateur, the Supreme Court applied the same mens rea standard that Comey applied to HRC in refusing to indict over the email scandal. How about a little consistency?

          Enron was only one of many accountings scandals AA was involved with. Companies were offering their accountants lucrative consulting projects, which inhibited rigorous audits. AA’s lead partner at Enron reassigned one of his most experienced auditors because Enron complained. I hate to say that AA (which was already under threat of deferred prosecution and involved in other scandals) got what it deserved without having been found guilty in a court of law. But that is what I think. Their business was already dying before the trial and the WorldCom scandal had just broken. Their chances of survival with proper jury instructions were poor.

          Rosenstein instructed Mueller to look into Russia’s attempts to interfere with our election and prosecute any crimes he uncovered.

          Mueller doesn’t have his pick of 1M attorneys in the US. He needs experienced prosecutors willing to set aside their current work to investigate a Republican in DC? or NYC? Maybe a thousand? I’ve read that the government is not allowed to ask about party affiliation when hiring. If Mueller were prosecuting HRC in Houston, his hiring process might have produced a team dominated by Republicans, but not in DC and Washington. And THE most important person on the team is a Republican. The prosecution team is not the jury. And Trump’s grand jury, if it gets that far, will be a House committee. If there are biases in Mueller’s report, they will be exposed.

          I ordered the book you recommended, Steve.

          In some respects, Mueller has done a great job, especially compared to some other slow special prosecutors/counsels. He’s gained cooperation of many insiders who were in the best position to know about any collusion, and Manafort could still cooperate. It doesn’t look like substantial evidence of collusion has been produced, except the Natalie V meeting. So far, I wouldn’t call that substantial. Mueller has indicted a number of Russians for interfering in our election, probably Guccifer 2 in the hacking, and helped illuminate the role of social media. Despite partisanship, he seems to retain the trust of key leaders in both parties. He got rid of Strzok and Page as soon has he hear about their issues. I can’t recall him ever responding to Trump’s tweeting. As best I can tell, he’s remained in the background and ducked most of the mud. Most importantly, will his report have credibility no matter what he concludes?

        • Don Monfort
          Posted Mar 27, 2018 at 3:37 AM | Permalink

          The CIA investigated the Russian involvement, jdd. They cannot conduct a criminal investigation of U.S. citizens in the U.S., or indict and prosecute anybody. That is the FBI’s job. You should know this stuff. The CIA, NSA, DIA etc. will provide whatever info they have to the FBI and Special Counsel. Who do you think investigated the 9-11 crimes committed by foreign terrorists? It’s the job of the DOJ and the FBI. Do you think that information given to the CIA by a foreign country won’t be passed on to the FBI, if it involves FBI business? Think about it. Google it. Or just rust me. I know.

        • AntonyIndia
          Posted Mar 27, 2018 at 8:53 AM | Permalink

          Please don’t mention 9/11 IF you want shore up the image of your old employer.

        • Don Monfort
          Posted Mar 27, 2018 at 9:37 AM | Permalink

          We are sure a non-entity would have done a better job.

        • AntonyIndia
          Posted Mar 27, 2018 at 9:41 AM | Permalink

          T’was not those bad Russians but our good $audis.

        • JDD Ohio
          Posted Mar 27, 2018 at 9:42 AM | Permalink

          “The head of the FBI is not responsible for the instructions given to the Arthur Anderson jury.

          Wrong, the FBI is responsible for the instructions. The parties submit instructions to the judge and the judge chooses from the instructions given by the parties. The judge does not independently give the jury instructions.

           “To this amateur, the Supreme Court applied the same mens rea standard that Comey applied to HRC in refusing to indict over the email scandal”. No, the statute that Comey refused to enforce specifically criminalized negligent behavior. The obstruction of justice statute requires intentional behavior. There is a significant difference.

          Also, forgetting everything else that Mueller has wrongfully done, he deserves to be fired for hiring Weissman. Weissman praised Sally Yates for violating her duty to her client, the president, and refusing to enforce the travel ban. He stated that he was proud of her and in awe of her. He was the attorney directly responsible for the incorrect Arthur Andersen instructions. I have other points to make but I am on my Android now. I may make them later.

          JD

        • JDD Ohio
          Posted Mar 27, 2018 at 10:10 AM | Permalink

          A minor clarification of my previous comment. The FBI was not a party to the Arthur Andersen case. Of course, the federal government was the party. However, Mueller was one of the 3 top people on the Enron task force. In that position, he would have a major responsibility for the illegal instructions that were given to the jury.

          JD

        • Steve McIntyre
          Posted Mar 27, 2018 at 11:34 AM | Permalink

          Speaking of Mueller (and Comey), there is a little known and discussed incident joining the two with a long shadow. Discussed on Twitter here

          Briefly, in 1996, Khobar Towers housing complex in Saudi, then used as quarters for US troops, was bombed (Wikipedia brief summary here). If you were asked to suggest a likely suspect with no other information, Osama bin Laden and AlQaeda would be, by far, the most logical suspect – as they were even then when less was known about them. The Saudi government tortured several political prisoners who “confessed” that it was really done by “Saudi Hezbollah” and Iran, a more convenient villain for Saudi government than Saudi-supported AlQaeda. The Clinton administration and FBI DC field office were unconvinced but then FBI director Louis Freeh was. During Clinton administration, Freeh’s attempts to indict Saudi Hezbollah were thwarted by DOJ, who didn’t believe evidence.

          Soon after Bush administration was installed in 2001, Mueller, then responsible acting official at DOJ, allowed transfer of case from DC (where FBI field office unconvinced by Saudi Hezbollah) to eastern Virginia and rising star ….. James Comey. Rather than investigating AlQaeda in connection with Khobar Towers, Comey, with Mueller’s blessing, investigated Saudi Hezbollah, bringing charges in June 2001. The indictment was for show, in that none of the accused were within US jurisdiction and none arrested for 15 years (when one arrested under mysterious circumstances.) One can reasonably speculate as to possible outcomes if Mueller, Comey and FBI had been investigating of AlQaeda in first half 2001, rather than the supposed Saudi Hezbollah.

          Another long shadow of Mueller and Comey’s indictment of “Saudi Hezbollah” (at first and second blush, an oxymoron) is that, without allocation of Khobar Towers deaths to Hezbollah, it’s hard to support US rhetoric about Hezbollah and Iran being the primary terrorist scourges, as opposed to the more obvious AlQaeda and ISIS.

        • Don Monfort
          Posted Mar 27, 2018 at 12:50 PM | Permalink

          jdd: Mueller is a clown, but you have presented no evidence or rationale for claiming that he has a major responsibility for the instructions given to the Arthur Anderson jury. Mueller was in charge of the FBI investigation. He was not the prosecutor. The responsibility lies with the prosecutor for proposing the instructions and ultimately with the judge, who decided which instructions to give to the jury. According to the SCOTUS, the judge made a mistake. The Fifth Circuit Court made the same mistake in upholding the trial judge’s decision.

          https://supreme.justia.com/cases/federal/us/544/696/

        • Don Monfort
          Posted Mar 27, 2018 at 12:55 PM | Permalink

          Steve: I don’t recall seeing any U.S rhetoric that labels Iran and Hezbollah as the primary terrorist scourges. Everybody knows that the great majority of terrorist killings have been perpetrated by the Sunni terrorist organizations-primarily Al Qaeda and ISIS. The U.S and other countries have designated Iran as the leading, most active, nastiest, whatever “state sponsor of terrorism”.

        • Steve McIntyre
          Posted Mar 27, 2018 at 6:04 PM | Permalink

          US calls Iran the leading “state sponsor of terrorism” all the time. On what basis? Both Iran and Hezbollah fought hard against ISIS. Can you name any terrorist incidents sponsored by Iran in past 30 years? Iran sponsors Hezbollah. OK, name any terrorist incidents carried out by Hezbollah in past 30 years? I’m inquiring, as much as arguing. … Khobar Towers.

        • Posted Mar 27, 2018 at 4:10 PM | Permalink

          Don M “but you have presented no evidence or rationale for claiming that he has a major responsibility for the instructions given to the Arthur Anderson jury. Mueller was in charge of the FBI investigation. He was not the prosecutor.”

          I did present a rationale. He was one of the 3 people managing the Enron case, of which Arthur Andersen was a part. The most important decision in the case was the legal standard that Andersen was to be subjected to. He along with Chertoff and Larry Thompson managed the Andersen case. Also, he was a former US Attorney. See this for description of his responsibility. https://www.nytimes.com/2017/07/13/opinion/robert-mueller-enron-russia-investigation.html All three important decision makers had to be involved in this crucial decision.

          Weismann, who Mueller has on the Trump prosecution team, was the lead lawyer on the failed Andersen prosecution. Interestingly, when a judge found out about prosecutorial abuse he resigned from the Enron task force, almost certainly to avoid questioning about his misconduct while the jury was deliberating. http://www.businessinsider.com/the-complete-and-utter-humiliation-of-the-enron-task-force-2009-10#enron-broadband-3 It is extremely unusual for a lawyer to resign while a jury is deliberating.

          Yes the lower court judges bear some responsibility for the wrongful Andersen verdict. However, most of the responsibility lies with Enron Task force that wrongfully initiated the proceedings and wrongfully advocated for incorrect jury instructions. It is not as if the Court independently went out and prosecuted Andersen. Mueller and his two cohorts initiated the proceeding and brought the wrong jury instructions to the court.

        • Posted Mar 27, 2018 at 4:36 PM | Permalink

          Don M: “They (CIA) cannot conduct a criminal investigation of U.S. citizens in the U.S., or indict and prosecute anybody. That is the FBI’s job. You should know this stuff.”

          You have little snippets of legal knowledge and think you have the big picture. The US legal system is primarily designed to be open. It is not protected by layers of secrecy as would be necessary to prevent determined incursions by foreign adversaries. A Special Counsel, even assisted by the CIA, is not a good institutional way to deal with foreign adversaries. For instance, Federal Criminal cases must be presented to Grand Juries. There are only minimal qualifications to sit on Grand Juries (such as being a voter, 18, speaking English, and not having committed a felony). Wouldn’t be that difficult for foreign power bribe one person on jury. (In fact, in one Gotti trial a petit juror was bribed)

          There are all sorts of potential holes that could be exploited in the clerk of courts’ office, in the public knowledge of who the judge is, in the public knowledge of who the prosecutors are et. cet. Also, various court employees are not well trained in how to protect themselves or in secret information a court may possess.

          This is the last time I will respond to any of your legal comments.

        • Posted Mar 27, 2018 at 4:51 PM | Permalink

          Frank: “He needs experienced prosecutors willing to set aside their current work to investigate a Republican in DC? or NYC? Maybe a thousand?”

          Other than managing the case, which can be done by 2 or 3 people, this is not particularly complex work. All the special prosecutor is doing is finding as much mud as possible that can be flung at the wall and hoping some of it sticks. For instance, in Ohio there are roughly 50 counties, and each county has a prosecutor with a separate staff. Each state has many prosecutors. Many, many of these State Prosecutors are qualified and many of them are probably much more ethical than Mueller’s appointees. The Federal Government has 93 offices of US Attorneys which have often been staffed with Republicans. So there are many of them. I would add that in most cases, it would not be a sacrifice for someone from out of state to serve as a special prosecutor staff person. Later on they can use that experience to attract clients who would pay for the inside knowledge of past staff people.

          Thus, I would say that there are many qualified prosecutors out there. Second, even if they don’t have federal criminal law experience, prosecutors can learn quickly under competent supervision.

          I would add that there are many examples of prominent federal officials leapfrogging past their lack of experience. For instance, Elena Kagan had never argued one appeal before she became Solicitor General, the federal government’s top appellate lawyer. Of course, she was never a judge before she was appointed to the Supreme Court. Additionally, Earl Warren had never been a judge before he was appointed Chief Justice of the US Supreme Court. (There was a funny incident where Felix Frankfurter treated him as a law student after Warren became Chief Justice)

          JD

        • Don Monfort
          Posted Mar 27, 2018 at 6:37 PM | Permalink

          jdd: What can I say. You don’t really have a clue. You started this thread by commenting that Mueller with a staff of only sixteen was particularly ill-equipped to investigate foreign matters. Wrong. Mueller was head of the FBI and supervised overseas FBI work for more than a decade. In addition to being unaware that Mueller has dozens of FBI agents working for him, you seem to be unaware that the FBI operates all over the planet:

          https://www.fbi.gov/contact-us/legal-attache-offices

          And you continued the foolishness after I had pointed out your error:”The point is that the Special Counsel Office is a legal institution. Legal institutions are not well-suited to investigations dealing with foreign countries and affairs and are not structured to deal with foreign matters. If you were a foreign country with information pertinent to Russia, would you rather give it to a Special Counsel or to the CIA.”

          What are all those FBI agents doing working overseas? You don’t have a clue what the CIA does and doesn’t do. The CIA is not a law enforcement agency. The FBI is a law enforcement agency and also the country’s lead counter-intelligence agency. Investigating Russian interference in U.S. elections is in the FBI’s job description. Period.

          What you also seem to not understand is that the FBI reports to the DOJ. In the Enron case, Mueller was working for the two stooges from the DOJ. It was not a triumvirate. You can only assume that Mueller was fully on-board with the jury instructions submission. And Mueller did not submit the proposed jury instructions to the judge. Not his job and not his responsibility. The judge presumably had some experience dealing with overzealous prosecutors. He should have known better. The Fifth Circuit should have known better. You should know better about a lot of things.

          And this is just silly:”Wouldn’t be that difficult for foreign power bribe one person on jury.” So, we throw our hands up and forget about prosecuting cases involving foreigners. And another laugher “There are all sorts of potential holes that could be exploited in the clerk of courts’ office”.

          Your non-response will be very much appreciated.

        • Don Monfort
          Posted Mar 27, 2018 at 6:50 PM | Permalink

          Steve:I know people who were killed and maimed by Iranian supplied IEDs in Iraq. But don’t take my word for it. Google it: Iran state sponsor of terror

          Here is wiki:

          https://en.wikipedia.org/wiki/Iran_and_state-sponsored_terrorism

          Of course, they could be completely innocent. Like Saddam.

        • Steve McIntyre
          Posted Mar 27, 2018 at 9:56 PM | Permalink

          Many more people have been killed and maimed by US supplied bombs and armaments in Iraq and elsewhere. According to your definition, US is, by far, the leading state sponsor of terror.

        • Don Monfort
          Posted Mar 27, 2018 at 10:47 PM | Permalink

          I knew that was coming. Congratulations.

          You asked why the U.S. calls Iran whatever and I replied. It’s not my definition. I am in favor of dropping the name calling and just squashing them at the slightest provocation. A couple more of their threats to destroy us would do it for me.

        • AntonyIndia
          Posted Mar 27, 2018 at 11:07 PM | Permalink

          Wahhabi Saudi Elite are powerful in the KSA and are responsible for the second place in that tally of state sponsored terrorism: not just in Iraq, Syria or Yemen but in Pakistan, Afghanistan, Somalia etc. etc. Those Wahhabis copied the Pakistani approach of official deniability: allow jihads in your heavens, don’t prosecute them, support them, deny them, finance them, export them, get your business partners (US oil & treasury) to turn a blind eye etc.

          One note: KSA has many tribes and also a 10-15% Shia minority (20 million!). This makes the Elite extra nervous.

        • Posted Mar 28, 2018 at 12:03 AM | Permalink

          Jdd, Don, Antony, you’re distracting from Steve and Jaap solving the Wikileaks mystery. As my son used to do years at bedtime to me, clap clap — get back to the story.

        • AntonyIndia
          Posted Mar 28, 2018 at 12:22 AM | Permalink

          Ron, Wikileaks is only the messenger; the messages were that HRC was sabotaging her own party’s competition (Bernie) systematically, playing fast and loose with State secrets, amassing money from dubious sources etc. etc.
          Those who should have been on to the last two – DHS, FBI – were (made) AWOL, so they want us all to focus on Trump, Cozy Bear, Assange, G2 anything else.
          Similar narrative as with messenger Snowden.

        • Don Monfort
          Posted Mar 28, 2018 at 12:55 AM | Permalink

          Somebody has to help the non-entities, Ron. Shia pop of SA less than 5 million.

          Send up a flare when they have solved the wikileaks mystery. I’ll be fishing.

        • AntonyIndia
          Posted Mar 28, 2018 at 1:06 AM | Permalink

          Don is correct: the Shia pop of KSA is “only” ~ 5 million (= 10-15%).
          Watch out: our local Don went phishing.

        • Frank
          Posted Mar 28, 2018 at 11:05 AM | Permalink

          Steve wrote: “Can you name any terrorist incidents sponsored by Iran in past 30 years?”

          A member of Iranian-supported Hamas conducted a suicide bombing on a bus in Jerusalem in 2016.

          http://www.bbc.com/news/world-middle-east-36100485

          There have been four lethal incidents of violence against Israelis in 2018 (no suicide attacks) that you may or may not consider terrorism and may not have been clearly linked to Hamas.

          The US State Department publishes (annually?) a summary of terrorist organizations with information about their attacks, about which nations support them, and which nations don’t cooperate with the US to suppress terrorist organizations. Pakistan has horrible problems with terrorist organizations, but their official policy is to oppose them and they cooperate (sometimes grudgingly) with international efforts to suppress terrorism. Iran doesn’t cooperate and their official policy is to support many terrorist organizations. I’ve provided a link to this report once before, but I respectfully submit the real problem is that you don’t want to know. It is trivial to do a search on Hamas, Hezbollan, etc and and learn about their recent activities.

        • AntonyIndia
          Posted Mar 28, 2018 at 8:25 PM | Permalink

          Organizations like the EU pay a lot of money to the Palestinians yearly; some of it end up here: https://en.wikipedia.org/wiki/Palestinian_Authority_Martyrs_Fund
          This is one of the few topics where I can agree with Nethanyahoo: “an incentive for murder”.

        • Frank
          Posted Mar 28, 2018 at 8:30 PM | Permalink

          Steve: On your recommendation, bought and read: Sidney Powell’s Licenced to Lie. Scared the h_11 out of me. I can see why some call Weissmann a thug. However, the book does tell only one side of these stories. However, an unfriendly judge is a lot more dangerous than an unscrupulous prosecutor. According to Wikipedia:

          “Not all exculpatory evidence is required to be disclosed by Brady and its progeny; only evidence that is “material to guilt or punishment, with “material” evidence being defined as such as to create a reasonable probability that disclosure of the evidence would have changed the outcome of the proceeding.”

          Which potentially leaves a lot of discretion in the hands of prosecutors – who obviously could (and should) feel that none of the material they haven’t disclosed would change the outcome of a proceeding. Which probably explains why Powell was unsuccessful in her quest for retrials based on outrageous violations of Brady. IMO, Brady protections need to be expanded and more clearly defined. Judge Sullivan has done so for his courtroom, but Powell writes as if all prosecutors are required to follow Sullivan’s example. As best I can tell, they are not.

        • AntonyIndia
          Posted Mar 28, 2018 at 11:21 PM | Permalink

          Buried deep in a recent interview of the WaPo with the KSA leader: “Asked about the Saudi-funded spread of Wahhabism, the austere faith that is dominant in the kingdom and that some have accused of being a source of global terrorism, Mohammed said that investments in mosques and madrassas overseas were rooted in the Cold War, when allies asked Saudi Arabia to use its resources to prevent inroads in Muslim countries by the Soviet Union. Successive Saudi governments lost track of the effort, he said, and now “we have to get it all back.” Funding now comes largely from Saudi-based “foundations,” he said, rather than from the government.”

          https://www.washingtonpost.com/world/national-security/saudi-prince-denies-kushner-is-in-his-pocket/2018/03/22/701a9c9e-2e22-11e8-8688-e053ba58f1e4_story.html?utm_term=.e771386fd029

  9. EdeF
    Posted Mar 23, 2018 at 12:05 PM | Permalink | Reply

    In ClimateGate, it looks like the leak was from someone inside the Team, possibly disgruntled by what they had seen. I think the DNC hack may be the same thing, possibly a Bernie supporter unhappy with how the DNC and HRC
    campaign were shutting out their guy. Its still early enough to affect the primaries or to put pressure on for the upcoming DEM convention.

    Steve: I’m persuaded that Climategate was a hack by a lone individual. No evidence that it was a leak.

    • barn E. rubble
      Posted Mar 25, 2018 at 6:25 AM | Permalink | Reply

      RE: Steve: “I’m persuaded that Climategate was a hack by a lone individual. No evidence that it was a leak.”

      I was thinking more of a hybrid, IE: lone hacker with inside info. I mean, you would have to know, or least suspect, there was something there to hack to make the effort worthwhile, no?

      • Steve McIntyre
        Posted Mar 25, 2018 at 7:55 AM | Permalink | Reply

        Were you a Climate Audit reader in summer 2009?

        I believe that Climategate “hack” arose from the “Mole” incident somehow. I was making fun of University of East Anglia’s lies as to why they couldn’t disclose some routine data to me and, during the incident, UEA rearranged their FTP site on the run to take some data private. At the time, many Climate Audit readers were looking through their FTP site.
        https://climateaudit.org/2009/07/25/a-mole/
        https://climateaudit.org/2009/07/28/met-officecru-finds-the-mole/
        https://climateaudit.org/2009/07/29/cru-erases-data/
        https://climateaudit.org/2009/07/31/the-cru-data-purge-continues/
        https://climateaudit.org/2009/08/04/dr-phil-confidential-agent/

        A couple of readers reported to me at the time that they fell into unexpected private areas of the website and/or they encountered a password in plain view.

        My belief is that Mr FOIA similarly encountered a password or private area, but followed his nose deeper into the system, taking care to use proxy servers once he had embarked on the process.

        I.e. I’m not thinking of a “hack” through using phishing emails or hacking software but in the sense of it not being a leaker from inside.

        In 2013, Mr FOIA sent an email to me, Anthony and a couple of others saying that he was a lone individual, not from UK or US.

        • barn E. rubble
          Posted Mar 25, 2018 at 11:21 PM | Permalink

          RE: “Were you a Climate Audit reader in summer 2009?”

          Yes I was. And I wish I remembered everything I read last week . . . sigh . . . however, your links from the past made an interesting revisit on a cold Sunday afternoon. (Yes, cold in late March in S. Ont.) Your premise certainly seems far more reasonable to me than the Team’s assertion of a targeted ‘hack’ from outside. As though they would’ve been targeted by someone who didn’t already know there was something there worth hacking.

          I’ll have to go back through your archives for some conclusions to the links you posted . . . IE: I can’t remember how the issues of those links ended . . . sigh.

          Steve: it distresses me that I lose track of things that I wrote, let alone read. On cold Monday morning in S Ontario

  10. Jaap Titulaer
    Posted Mar 23, 2018 at 5:10 PM | Permalink | Reply

    An unrelated but interesting data point:
    BBC: US sanctions Iranian hackers for ‘stealing university data’

    The Mabna Institute was established in 2013, and US prosecutors believe it was designed to help Iranian research organisations steal information.
    It is accused of carrying out cyber attacks on 144 US universities, and 176 universities in 21 foreign countries, including the UK, Germany, Canada, Israel and Japan.
    By targeting the email accounts of more than 100,000 professors worldwide, the hackers compromised about 8,000 of them, according to the justice department.

    That means that the email accounts 8% of all people targetted in an email phishing campaign were compromised. Perhaps not really a representative sample, as most of the people involved are professors (perhaps several of those ‘professors’ are ‘merely’ scientists associated with those institutions).
    That is a pretty high rate of return.

    By the way: In case you are wondering how this probably works (IMHO): the people targeted usually have (institutional) access to all kinds of pay-walled scientific publications… So that is the icing on the cake on top of the direct access to their email.

    • Jaap Titulaer
      Posted Mar 23, 2018 at 5:19 PM | Permalink | Reply

      OK that last bit was just an educated guess, one that seems to be confirmed by Reuters. As they report it, the primary target were the login credentials for the university portals, not so much their email credentials.

      U.S. charges, sanctions Iranians for global cyber attacks on behalf of Tehran

      The emails purported to be from professors at another university and indicated the sender had read an article written by them, prosecutors said.

      The emails would then direct recipients to click on links to related articles that would direct victims to a malicious internet domain that appeared similar to the victim’s actual university portal, where they would be prompted to enter their login credentials.

      Once accounts were compromised, the hackers would steal reams of academic data and intellectual property related to science and technology, engineering, social sciences and medicine, the indictment said.

      Stolen data was obtained to benefit Iran’s Revolutionary Guard and sold within Iran through the websites Megapaper and Gigapaper to universities in Iran, prosecutors said.

  11. Frank
    Posted Mar 27, 2018 at 11:24 PM | Permalink | Reply

    Steve: I read Sidney Powell’s book, Licensed to Lie. Really scared the h11 out of me. Wouldn’t want Weissmann on my team or my opponent’s team.

    Unfortunately, Powell (like all defense attorneys) tells only one side of the story. According to Wikipedia:

    “Not all exculpatory evidence is required to be disclosed by Brady and its progeny; only evidence that is “material to guilt or punishment, with “material” evidence being defined as such as to create a reasonable probability that disclosure of the evidence would have changed the outcome of the proceeding.”

    If a prosecutor sincerely believes a defendant would be found guilty despite the exculpatory evidence, does it need to be turned over? Powell and a prosecutor can come to different conclusions about this and possibly why Powell’s Brady arguments were unsuccessful. This ambiguity is why Powell wants the Supreme Court to expand Brady protection and why bills have been proposed to more clearly define the prosecutor’s obligations. And why Judge Sullivan provides clear standards that will apply in his courtroom. (Corrections to this amateur summary would be appreciated.)

    You can say AA was destroyed by the guilty verdict, but it was already beginning to fail because it had been involved in too many accounting scandals. It made a deferred prosecution agreement to settle problems 1996 and was in trouble with the SEC. WorldCom was about to make AA the auditor for the two biggest bankruptcies in history, both connected to accounting failures. David Duncan forgot who he was working for (technically the BoD and shareholders) and caved to Enron management that provided lucrative consulting contracts. There is no doubt AA started shredding as soon as they heard the SEC was asking questions. A bit like Cheryl Mills destroying HRC’s server before Congressional subpoenas arrived. Only in this case, [over?]-zealous prosecutors pushed the limits of the law when They didn’t after the financial crisis. They simply charged huge fines paid for by innocent shareholders.

    Most of Powell’s nightmare story was enabled by a local judge (looking to punish anyone connected with Enron) combined with unprincipled prosecutors. Not unprincipled prosecutors alone. Powell didn’t tell us that numerous fraudulent transactions like the putative parking of the Nigerian barges had inflated Enron’s profits. The written legal agreement didn’t specify Enron’s obligations to ML (guaranteed buy back? assist re-sale?), so the prosecutors had little reason to believe the defendants. For all I know, Fastow could have verbally promised someone at ML a guaranteed re-purchase – and the barges were indeed repurchased by an Enron affiliate. And Powell doesn’t tell you that the ML employees involved would have profited via their bonuses. ML didn’t belong in this stinky deal made with verbal “understanding”.

    About the same time, GS helped the Greek government cook their books, a disaster that still exists today. The same amoral insanity was a major cause of the financial crisis.

    As for Ted Stevens (the road to nowhere), his home remodeling was done by an oil services business that was caught giving numerous other bribes. The oil services business hired a local contractor(s) to do the actual work on Stevens’ house and were “sloppy” keeping track of how much they paid the local contractor(s). A great way to pay a bribe. And Stevens was caught on tape discussing local corruption cases and speculating that he might have to spend a few years in jail.

    None of this excuses prosecutorial misconduct, though it might explains some. However, some of the prosecutor’s victims don’t deserve as much sympathy as one might imagine – IMO (respectfully). Nevertheless, government prosecutors and judges are extremely power and their misconduct is terrifying.

  12. Posted Mar 28, 2018 at 9:48 AM | Permalink | Reply

    The fundamental evidence that most points to the Russians is the fact there are two independent Dem organizations hacked and exposed through Wikileaks because of the pattern of high ability mixed with political motive. But in such case one would normally expect one set of tools (MO) to be used by a single actor. If the two attacks can be separated as two actors by their MOs then the fact that the Podesta emails are given to WL is likely a response after the DNC WL to make it look like a pattern. In other words, hacks can be covers for leaks by insiders with their own motives. And the Podesta WL is a cover to point away from them being leaks at all.

    I would be interested in seeing Steve’s and Jaap’s inventory of evidence along this line.

    • Frank
      Posted Mar 28, 2018 at 8:42 PM | Permalink | Reply

      Ron wrote: “In other words, hacks can be covers for leaks by insiders with their own motives.” When you do a Bayesian analysis of these scenarios, be sure to include the probability the GRU would have launched the Guccifer 2 operation if someone else had hacked or leaked. And managed to give Guccifer one? (or a few?) authentic documents before they appeared at WL.

      • Posted Mar 29, 2018 at 9:23 AM | Permalink | Reply

        Frank, re-reading my own comment I see I should clarify what I meant. Since we are working in the political realm with the attack on political campaigns there are many motivated actors, including the campaign itself. All of these actors are competing to shape the ultimate media narrative by the surreptitious additions of misdirection. This makes the timeline of what was known by whom extremely important. Hillary becomes aware by late March that her campaign was under a sophisticated cyber attack. Alperovitch told her, of course, it’s the Russians. State intelligence organizations usually do not expose the fruits of their operations to the public, so she makes no announcement to the press because she does not expect it to become public. And, to be hacked at this time when an investigation was freshly launched about her mishandling of documents on an unsecured network also motivated her to stay quiet.

        On March 30 Hillary sees Paul Manafort come into the leadership of the Trump campaign. Her intelligence people would immediately know Manafort had pro-Kremlin connections. (It remains unclear if Trump was aware of Manafort’s history.) By mid April Hillary’s IC contacts Christopher Steele to investigate Trump’s Russia connections. By May 6 Hillary becomes aware “the Russians” have hacked the DNC. Remember, besides being best buddies with DWS they also share MIS Department Inc as their network admins and CS as their cyber security consultant (hired by both through Perkins Coie). This close knit family is a circumstantial result of trying to maintain security but ironically it puts many actors into a position of having information and thus being our suspects. She never counted on Bernie Sanders becoming a viable rival with large sympathies inside the DNC.

        Frank, if I understand your scenario, the Russians see the Wikileaks and decide to take credit for it by using the fruits of the Podesta hack, assuming they operated the phishing scam there. I’m not sure if I can see a motivation for that unless they are aware of Hillary’s Steele operation and they are adding evidence to confirm her paranoia. The G2 doctored Trump oppo document being created on a computer registered to Warran Flood, a 2012 Obama campaign staffer, becomes and important clue IMO, knowing now that MIS Department Inc was the network admin for Obama in 2012.

        • Frank
          Posted Mar 30, 2018 at 4:12 PM | Permalink

          Ron: As I understand it, the DNC engaged Fusion GPS to do a variety of opposition research on Trump. A portion of that research was directed towards investigating Trump’s BUSINESS interests in Russia. That project was assigned to Steele. Because of the nature of the Russian kleptocracy, business and state are closely intertwined there. It was possible that Russian intelligence could have become involved in Trump’s business activities – but I doubt that the DNC’s was hoping to exposed collusion between Trump and Putin (an absurd idea at that time IMO). The DNC was obviously interested in anything Russian might unilaterally do concerning the election (including the hacking), since they obviously preferred Trump. I doubt that HRC herself played any role organizing the opposition research except in choosing who would be responsible (and reading the product).

          So I view the Steele Dossier – rightly or wrongly – as part of the product Steele produced, not the product HRC or the DNC “commissioned”. I don’t think they expected in their wildest dreams to receive anything like the collusion in Dossier. The first hacked material wasn’t released until the week before the convention, so I doubt Steele was retained because of rumors about hacking. Yes, the DNC could have hoped for compromising information from Trump’s beauty pageant, but that was part of Trump’s business in Russia.

          FWIW, I think the Russians did both hacking operations, and created G2 to cause confusion and distrust when US intelligence blamed Russia for the hacking (which the Russians knew was nearly inevitable no matter how hard they tried to cover their tracks). As best I can tell they, didn’t collude with Trump through newly hired intermediaries as described by Steele. (The Natalie V meeting doesn’t fit into any bigger picture that makes sense.)

        • Posted Mar 31, 2018 at 6:12 PM | Permalink

          Steve, please delete the draft of this comment that’s still in moderation. Thx.

          “So I view the Steele Dossier – rightly or wrongly – as part of the product Steele produced, not the product HRC or the DNC “commissioned”. I don’t think they expected in their wildest dreams to receive anything like the collusion in Dossier.”

          Frank, are you arguing that Hillary was just looking for Trump business scandals, and since he did business internationally Fusion GPS decided to hire international spies, and since Christopher Steele just happened to be an expert on the Russia IC with Russian contacts he happened to find allegations that Trump had been a Putin groomed mole ready to take over America for many years? Are you claiming this because you don’t agree that anyone seeing their campaign being attacked by a Russian attributed hack (by Alperovitch in March) at the same time seeing their opponent hire a former pro-Putin lobbyist, Paul Manafort, would put two things together? Are you saying that Hillary did not believe in the possibility of their being coordination? I hope you agree that the more one argues this perspective the harder it is to argue that the US IC should have concluded, on the same circumstantial evidence, it would be justified to secretly and illegally spy on Trump (who just happened to be their political opposition) to counter the obvious Trump-Putin alliance.

          I do agree it’s difficult to know who’s deceiving whom when their exists a common interest in the false narrative. For example, I am still not certain who proposed the dossier was initiated by a never-Trumper, taken over by the DNC later. Was that Fusion GPS’s misinformation, the DNC, Hillary’s or the MSM? Certainly all fought to continue the false impression after the truth was revealed last October. To this point, one saw even conservatives, until very recently, accepting the false version.

          Frank said: “FWIW, I think the Russians did both hacking operations, and created G2 to cause confusion and distrust when US intelligence blamed Russia for the hacking (which the Russians knew was nearly inevitable no matter how hard they tried to cover their tracks).”

          As an aside, if one believes that state initiated “active ops” are inevitably transparent to their attribution, notwithstanding plausible deniability, that is a very strong argument for abolishing the covert ops. Because if operations cannot be cloaked in an autocratic regime like Russia there is certainly no hope they would be cloaked in an inherently transparent one, where internal political battling make intelligence agency leaks at the highest level are and every-day occurrence. And, the few ops that might successfully be kept secret would eventually be revealed through historical research, creating blowback for future generations ability to trust.

        • Frank
          Posted Apr 1, 2018 at 5:00 PM | Permalink

          Ron: In March 2016, beating Bernie Sanders, not Trump, was HRC’s main concern. And beating him as soon as possible, so that the divisiveness of the campaign could heal. In addition to her full-time job campaigning, she was chief policy wonk and consumed with the email scandal. She wasn’t even sure the Republicans would commit political suicide (from her perspective) by nominating Trump. Any material produced by opposition research would be used in 3-6 months, but the process needed to get started. Her concerns likely were with people: who would manage this sensitive operation and what friends would profit. The opposition research produced wouldn’t be a key issue on March, unless the entire plan from the beginning was to create fake material. It would have been extremely expensive to recruit a real professional like Steele to create fake material and thereby likely destroy his current career. IMO, the Dossier was the result of a growing obsession with and fear of Trump as polls continued to show that he was a viable (though not favored) candidate, not a plan hatched in March.

          Unlike you, I don’t connect the hiring of Manafort with Trump’s friendliness towards Putin. When Manafort was hired, Trump needed a campaign manager with as much convention experience and ties to the Republican establishment as possible. Few people with such qualifications were willing to risk their political careers by working for Trump. Manafort lived in Trump Tower and had worked on Republican campaigns going back to Ford. I don’t think Trump cared whether Manafort had lobbied for Yanukovitch or Tymoshenko. Manafort was hired to ensure that Turmp’s victories at the polls translated into a win when delegates actually chose the nominee. When that job was complete and Manafort’s lobbying record became a liability, Manafort was rudely dumped.

  13. Don Monfort
    Posted Mar 31, 2018 at 9:02 PM | Permalink | Reply

    There is always hope, Ron. The reality is that many active ops are never exposed. You only see the tip of the iceberg. Anyway, it’s a cost benefit analysis. Is the benefit of the active operation worth the cost of exposure? There are even benefits to exposure. Having the enemy know what you are capable of can intimidate the crap out of them and cause them to spend resources on attempting to protect themselves. See Stuxnet. Do we care that they know we did it? Do the Israeli’s care that the mullahs know they have been knocking off their atomic scientists? Covert ops are never going to be abolished.

  14. Posted Apr 1, 2018 at 6:49 AM | Permalink | Reply

    This post heavily promotes a basic factual misunderstanding. Note:

    Against this intuitively implausible theory, there is also direct evidence in the Wikileaks DNC emails themselves. On May 17, a response from the IT helpdesk shows that the DNC was using (Microsoft) Outlook for email – not Google Apps Gmail.

    And:

    It is bewildering that attribution is made on such shallow reasoning. There was no basis at the time for SecureWorks’ assertion that it was “likely” that DNC had used gmail and subsequently changed. This was pulled out of thin air. None of the many computer security analysts opining on attribution bothered to confirm this hypothesis with DNC themselves or else they would have found out the opposite. Nor do the analysts appear to have checked this hypothesis against information from the Wikileaks DNC archive itself. If they had, they would have seen that it was untrue.

    A person might be bewildered at people not seeing an e-mail which says Outlook was used and concluding it contradicted the idea Google Apps was used to manage e-mails for the network. However, that confusion that is entirely on them. There is no contradiction in this.

    The Google Apps e-mail system referred to here is part of Google’s G Suite software bundle which includes things like Gmail, Google Docs and Google Calendar. Most readers have likely used the version made for individuals before, which is free. Many companies use an enterprise level version though, which is not free. The concept is the same in both casees. Google handles the backend. It handles the things like servers.

    Microsoft Outlook is a very different thing. Outlook is an information management tool, software a user uses to manage their own information. It includes support for many things G Suite manages, like e-mail. It does not run servers for them though. It does not handle the backend. It handles the front end. It manages how a user accesses data stored on other servers.

    There is no contradiction between a network using G Suite to handle its e-mails while a user uses Outlook to access the e-mails managed by G Suite. One service handles the backend, the other service handles the frontend. Using Outlook to access e-mails managed by G Suite isn’t just possible, it’s common. People use Outlook to access their personal Gmail accounts all the time. It’s easy. Anyone here could set it up in a few minutes. That’s not much different than what would be done in a workplace which uses G Suite to manage e-mails.

    Microsoft Outlook provides you a way to access e-mails stored on a server. That in no way contradicts the idea some other software manages the server the e-mails are stored on. The idea one person on a domain uses Outlook to access their e-mail does not contradict the idea the e-mail is managed by G Suite. In fact, a person could use Outlook to access e-mail in some situations while using a browser to do so in other situations.

    On a non-factual matter, once we exclude this imaginary contradiction, I’m inclined to agree with what Secureworks concluded. While this post says their claim was completely baseless and pulled out of thin air, people were targeted with a spear phishing attack based upon the idea they used a particular service. The fact the people carrying out this attack believed the service was being used is a basis for believing that service was being used. People may argue about how much weight to give this evidence, but to pretend it isn’t evidence at all is inappropriate.

  15. Posted Apr 1, 2018 at 7:15 AM | Permalink | Reply

    I wanted to make a follow-up comment on a separate matter which bugs me. The first paragraph of this post says:

    They had observed multiple phishing targets at hillaryclinton.com, dnc.org and personal gmail accounts of campaign officials and surmised that one of these targets at DNC must have been tricked by the phishing campaign, from which APT28 obtained access to the DNC server.

    Yet that is not what SecureWorks said. Not even close. This is what they concluded:

    CTU researchers do not have evidence that these spearphishing emails are connected to the DNC network compromise that was revealed on June 14. However, a coincidence seems unlikely, and CTU researchers suspect that TG-4127 used the spearphishing emails or similar techniques to gain an initial foothold in the DNC network.

    Secureworks explicitly said it did not have evidence the spearphishing was connected to the DNC hack. It said the timing was coincidental enough they suspected a connection. They then indicated that connection might not even be a direct one, suggesting “similar techniques” might have been used. This post’s portrayal of what they said is entirely false. The post then expands upon this by saying:

    Their argument was quickly accepted by computer security analysts. In an influential article in October 2016, Thomas Rid, a prominent commentator on computer security, stated that this argument was the most important evidence in attribution of the DNC hack to Russia – it was what Rid called the “hackers’ gravest mistake”.

    When Rid never said this campaign was anyones “gravest mistake.” What he said the gravest mistake was was the fact “the hackers forgot to set two of their Bitly accounts to ‘private.'” (I have no idea what the claim Rid say this “was the most important evidence in attribution of the DNC hack to Russia” refers to. I was unable to find anything which supports it, but it doesn’t appear to directly contradict anything either.)

    A common maxim of this site has been that people who claim others have made some point should quote the words which were written and explain why they mean what is claimed. The reason for this is it has often been seen that paraphrases are imprecise/inaccurate/mistaken. I think much of what is wrong with this post could have been avoided if that policy had been followed.

    • Posted Apr 1, 2018 at 7:26 AM | Permalink | Reply

      For a bit of extra… what people may call pedantry, please remember Secureworks discussed how they felt the attackers managed to “gain an initial foothold in the DNC network.” This post claims they discussed how “APT28 obtained access to the DNC server.”

      Gaining access to a person’s business e-mail account would provide a foothold into the business’s network, but it would in no way give the attacker access to the server so that they could steal e-mails and documents from many people. There would need to be a number of steps in-between.

      I’ll shut up now though. If I don’t, I’ll start going on about how the phrase “the DNC server” doesn’t even make sense. But then I’m certain people will say I’m being pedantic.

    • Posted Apr 1, 2018 at 11:13 AM | Permalink | Reply

      Brandon, I’m glad to have the benefit of your scrutiny. And thanks for not being pedantic. Your point that having G-Suite does not preclude the use of email clients operating on individual PCs, which would put email files as pst archives on the PC as well as backups, which likely would put them on a local network server. Others also came to this conclusion just like you did, which led to my observation that Trump’s assertion made at one of the debates that anyone could have hacked the DNC, and to accuse the Russians with certainty was foolish. Brandon, do you now agree with Trump?

      • Posted Apr 1, 2018 at 11:16 AM | Permalink | Reply

        Correction of my link to my earlier comment: https://climateaudit.org/2018/03/21/dnc-hack-due-to-gmail-phishing/#comment-780465

      • Posted Apr 1, 2018 at 3:47 PM | Permalink | Reply

        Ron Graf, I’m afraid I was unable to follow the logic of your comment, perhaps because you seem to have spent a lot of effort to build up into a leading question. Perhaps I could follow it if you were to quote whatever it was you want to know if I agree with and explain why you think what I’ve said today aligns with it.

        That said, I’ll try to answer anyway. As best I can tell, I do not agree with the idea you refer to nor think anything I’ve said suggests it would be true. I don’t think the technical issues discussed today do anything to support the conclusion in you ask about. I suspect if you were to better understand the IT concepts involved you’d not ask me this.

        But as I said, I didn’t follow your logic so perhaps that answer is different that what I’d offer if I had.;

  16. Don Monfort
    Posted Apr 1, 2018 at 1:36 PM | Permalink | Reply

    I agree with Trump, Ron. Anyone could have hacked the DNC and it has not been proven with certainty that Russia done it. According to Trump, it was likely the Russians. That was explained to the President by the head of NSA-CYBERCOM. The NSA had been observing hackers, most likely Russians, attacking the DNC from Summer of 2015, well before there was any hint of the coming Russia-Trump collusion BS.

    Anybody can rob a bank. But if you have a preponderance of evidence pointing to one suspect, you don’t waste a lot of time investigating random 300 lb mischievious fat boys living in their mothers’ basements. Of course, you always have to suspect those Nasty Ukes.

    Brandon’s nitpicking often has a large grain of truth to it.

    • Frank
      Posted Apr 1, 2018 at 5:30 PM | Permalink | Reply

      Ron wrote and Don agreed: “Trump’s assertion made at one of the debates that anyone could have hacked the DNC, and to accuse the Russians with certainty was foolish.”

      However, it’s been 1.5 YEARS since this politically-motivated assertion was made. Today, we expect an indictment to show that Guccifer 2, who disclosed authentic material from the DNC hacking, was a GRU agent. Other aspects of Russian interference in the 2016 election have been revealed.

      • Don Monfort
        Posted Apr 1, 2018 at 6:10 PM | Permalink | Reply

        “Trump’s assertion made at one of the debates that anyone could have hacked the DNC, and to accuse the Russians with certainty was foolish.”

        That is perhaps not literally true, but it is basically correct. It’s not like anyone could be a successful hacker. It’s not likely it was a precocious two year old toddler, but there were plenty of possible suspects other than the Russkis. At the time, we knew very little about what the intel community allegedly had discovered about the hacking. We still don’t know with certainty that it was the Russkis. We would be interested to know why you are certain, Frank.

        An indictment will not show that Guccifer 2 was a GRU agent. If that is your standard of proof, Guccifer 2 could be a ham sandwich. We expect better of you, Frank.

    • Posted Apr 1, 2018 at 9:27 PM | Permalink | Reply

      I think Steve posts have demonstrated that both the Hillary For America and DNC cyber security were in the lowest percentile. This not only allowed vulnerabilities to second echelon threats, it also allowed plausible deniability for anyone to perpetrate an active op or a leak. Trump, in the debate, may have not made a sophisticated and informed assessment but his instincts happened to be dead on. Don, with all due respect, the top levels of the US IC appear to have been led by left wing radicals. [see John Brennan 3-17-18 tweet. I don’t think you have an obligation to give the “official assessments” any more credence that the NOAA official assessments warning of increasingly extreme weather.

      Frank, I am open to change my assessment with new evidence but I am very doubtful that G2 was GRU agents. The Russian meddling on FB and blog comments was an insignificant drop in the bucket, probably a product of poor management rather than cunning. Causing mayhem in another country while flying your own flag serves little advantage. Division in American politics did not start with, or need any boost from, Russia. We have been doing a fine job on our own, likely an effect of not having an external existential threat to force unity. Russia attacks have the opposite effect of causing division. I see the left on a mission to save us from ourselves. This cause is new and exciting only to those unfamiliar with history since the suspension of openness and truth required to gain power usually results in suffering and poverty whenever tried.

      • Posted Apr 3, 2018 at 4:25 PM | Permalink | Reply

        According to the “sober” experts G2 was a Russian GRU agent.

        Ninety percent of the confidence appears to be from reliance on Dmitri Alperovitch and his company Crowdstrike, who had announced in a press conference on June 14, 2016, that the Russian government hacked the DNC. Alperovitch specifically named the Trump oppo research document as the only one the GRU (second Russian hacker group) got away with. The next morning, as The Smoking Gun reported they got an email from someone who wrote, “Hi. This is Guccifer 2.0 and this is me who hacked Democratic National Committee.”

        When asked if he was Russian Guccifer 2.0, “No, no. I’m Romanian.” This was the same nationality as the original Guccifer hacker who was found to be a Romanian after being caught. That Guccifer, who had hacked Sydney Blumenthal, exposing embarrassing emails between Clinton and Blumenthal regarding Benghazi and other matters, also revealed to the US Congress the existence of her private email server. So there is a Clinton email connection to “Guccifer” as well.

        But just like the original Guccifer, G2 slipped up. Within days all other cyber security firms, like Threatconnect were pinning the Russian flag on G2 by his use of Russian VPNs and other clues. ARS Technica was the first to analyze the Trump oppo document that G2 released. It was apparently pasted into a MS Word document (for no reason) and had the author entered as Felix Dzerzhinsky, the founder of the Soviet Union’s secret police. Clearly, G2 was sloppy indeed, he even left the Russian Cyrillic font selected as the user default. Game over, the experts were right.

        But wait. Some meddling online conspirasy theorists months later noticed that the author entered on the Trump oppo doc was to cover over the default author, which is created by the computer operating system from its original setup information. Using a forensic trick they found the metadata still contained that original author, Warren Flood.

        • Posted Apr 3, 2018 at 5:14 PM | Permalink

          So, under the Russian G2 theory, the expert consensus must be that the GRU immediately responded to Alperovitch’s press conference and hastily hatched a plan to throw everyone off the scent with a Romanian false flag in the establishment the whacky online persona G2. But knowing that they were already caught because US Cyber Command, (which knows every step the GRU makes,) and knowing that Cyber Command would not be able to demonstrate their proof publicly, they decide to frame G2 as a Clinton motivated information operation. By June 15 the GRU and Putin knew that Clinton had likely been informed by Fusion GPS about the June 9 Trump Tower meeting that was set up by Putin to look like a Fusion GPS frame-up of Manafort and Trump Jr. The Russians also knew that Christopher Steele at that moment was drafting the Russian-Trump collusion dossier that Clinton would surely share with her allies throughout the US IC as a pretext to spy on Trump’s campaign and to have an October US IC press leak regarding Trump’s Russian collusion to hack to election. Knowing all this they had to decide how best to leave this impression (to those who really dug deep) that Hillary was behind Guciffer 2.0. Of course, the GRU knew that Cyber Command was on their shoulder watching all of this but would be helpless to expose it. So the GRU, with the deadline to go online just hours away came up with a plan to frame Warran Flood, who would be linked to the Democrats.

          Warren Flood we know now was a campaign staff member doing voter analytics for Obama-Biden 2012. We also know that the same network IT group was used for Obama-Biden as Hillary For America and also the DNC. This made it look like somebody at the DNC or Hillary For America was using an old laptop on the shelf at the IT room left over from 2012 campaign to hatch the Guccifer 2.0 persona, who would claim to be a Romanian but would clearly be Russian.

          The alternative scenario is that Admiral Mike Rogers never heard of Warren Flood or any of this and simply pointed to the Russians because they saw Cozy Bear traffic entering and leaving the DNC for six months, which CS confirmed, as well as knowing about Brennan cries of having intelligence on Russian collusion throughout the US IC.

          Which is the simpler theory?

    • Posted Apr 1, 2018 at 9:33 PM | Permalink | Reply

      I think these posts have demonstrated that both the Hillary For America and DNC cyber security were in the lowest percentile. This not only allowed vulnerabilities to second echelon threats, it also allowed plausible deniability for anyone to perpetrate an active op or a leak. Trump, in the debate, may have not made a sophisticated and informed assessment but his instincts happened to be dead on. Don, with all due respect, the top levels of the US IC appear to have been led by left wing radicals. [see John Brennan 3-17-18 tweet]. I don’t think you have an obligation to give the “official assessments” any more credence than the NOAA official assessments warning of increasingly extreme weather.

      • Don Monfort
        Posted Apr 1, 2018 at 10:50 PM | Permalink | Reply

        Adm. Mike Rogers is not a left wing radical. The intel agencies are now led by Trump appointees. Do you think they haven’t reviewed the evidence and the assessments? Don’t you think that Trump is better informed than he was in 2016? Now he reluctantly says it was probably the Russkis. Try to catch up.

        We are getting nowhere discussing this stuff here. Waste of time.

        • Posted Apr 2, 2018 at 8:24 AM | Permalink

          We have seen many of Trump’s appointees pay more respect to the swamp than to him, much to his chagrin. It’s possible Mike Rogers has a wiretap on Putin’s phone or has spent hundreds of hours looking at evidence but I suspect he just parroted the swamp-sensus. The evidence coming out in the last 12 months supports Trump’s instincts (again) that the national security apparatus was used to spy on him. Remember last March when all the swamp leaders laughed at that allegation?

        • Don Monfort
          Posted Apr 2, 2018 at 2:03 PM | Permalink

          OK, Admiral Rogers is a swamp parrot and Trump’s instincts are uncanny, but our hapless POTUS can’t pick the right people to pay him more respect than they pay the swamp. And the national security apparatus was used to spy on him, so it was a 300 lb pimple-faced fat boy living in his mother’s basement what hacked the DNC and Podesta. And Trump is really smart with his 24D chess moves and all that crap, but the swamp parrot Admiral Rogers has used the jedi mind trick on his boss to make him believe it was probably the Russkis what done it. Well thought out theory of the case, Ron.

          If you had a clue, you would know that Admiral Rogers is not a swamp creature. I could explain it to you again, but I am tired of pointing out facts and logic that are just ignored, because a lot of folks here prefer facile speculation.

        • Posted Apr 2, 2018 at 3:04 PM | Permalink

          “Well thought out theory of the case, Ron.”

          Shame on you, using those tactics, false and twisted recitals and mocking of paranoia.

          I expect better from you, Don.

          Trump is no genius. He’s just unafraid. He voices what he feels and acts on what he dreams. Some call it bravery; some call it idiocy.

          The swamp does not have to have creatures to be a swamp.

        • Don Monfort
          Posted Apr 2, 2018 at 6:23 PM | Permalink

          You are a font of cliches, Ron. Carry on without me.

    • Posted Apr 1, 2018 at 9:39 PM | Permalink | Reply

      Frank, I am open to change my assessment with new evidence but I am very doubtful that G2 was GRU agents. The Russian meddling on FB and blog comments was an insignificant drop in the bucket, probably a product of poor management rather than cunning. Causing mayhem in another country while flying your own flag serves little advantage. Division in Americ@n politics did not start with, or need any boost from, Russia. We have been doing a fine job on our own, likely an effect of not having an external existential threat to force unity. Russia attacks have the opposite effect of causing division. I see the left on a mission to save us from ourselves. This cause is new and exciting only to those unfamiliar with history since the suspension of openness and truth required to for such a movement to gain power usually results in suffering and poverty whenever tried.

  17. Posted Apr 4, 2018 at 8:50 PM | Permalink | Reply

    If one is to admit that the Natalia V. meeting was unlikely set up to benefit Trump the question becomes who organized it. Natalia V. claims she was as confused and bewildered as Trump, Manafort and Kushner when she learned of the false pre-tense of the meeting. It was embarrassing to all.

    “Today, I understand why it took place to begin with and why it ended so quickly with a feeling of mutual disappointment and time wasted,” Veselnitskaya wrote. “The answer lies in the roguish letters of Mr. Goldstone.” -NBC News 12-6-17

    Rob Goldstone, a self-described openly gay and brash man, is British music publicist who says his emails to Trump Jr. claiming the Russian government wanted to help Trump by providing Hillary Clinton emails was just “puffery.” A funny accident it was to happen June 9, approximately the same time Jullian Assange was receiving DNC emails from an unknown source and 5 days before the DNC (under Hillary’s control at that point) would claim to be hacked by the Russians. And, of course Steele was preparing his first draft to begin his Trump dossier, dated June 18.

    Mr. Goldstone claims his real intention was to have get the Trump family to meet one of his music clients, who happened to be the daughter of a Russian oligarch who Trump has purportedly had dealings at some point in the past. There is no explanation of why Natalia V. was lied to. We are supposed that was just a practical joke that was to make everyone laugh and become friends which would lead to a relationship where Goldstone could claim credit and ask for selfie’s with Donald and Melania with his musician client.

    I can understand the liberal press being disinterested in Goldstone. But isn’t anyone curious to ask a few more questions of this guy?

    The Hill’s John Solomon reported July 12, 2017, that Natalia V.’s visa was initially turned down but then approved by Attorney General Loretta Lynch at the DoJ.

  18. Posted Apr 4, 2018 at 9:07 PM | Permalink | Reply

    One of the curious exploits of Guccifer 2.0 was to contact conservative fundraiser and Trump campaign adviser, Roger Stone. If one has the theory that Guccifer 2.0 was a GRU agent trying to help Trump one might have a difficult time explaining the purpose of contacting a garrulous old character desperately trying to make a splash in the Trump act. Stone is currently in the media cross hairs for his careless tweets suggesting he had advance knowledge of the Podesta WL.

    If I were Guccifer 2.0, but instead of being GRU was a Clinton op, giving inside info to a talkative hanger-on of Trump would be ideal. I would also have tried as much as possible to contact others close to Trump. I would not be surprised if we see such contact revealed. If G2 made it to Trump himself I would be sure Mueller got that tip and was preparing questions on that topic for a coup de gras.

  19. Frank
    Posted Apr 5, 2018 at 11:40 AM | Permalink | Reply

    Ron: Assuming Mueller indicts a GRU agent for being Guccifer 2.0 and assuming the public learns that the indictment is backed by substantial information, then G2 looks like a disinformation campaign. As I understand it, a source of disinformation must provide a significant amount of true information, otherwise the source will be ignored. Most of the true information for information will be insignificant, but something of value must be given away to generate credibility. As I understand it, G2 provided one or a few authentic documents that had been hacked, but were not released by WikiLeaks. Now G2 has credibility and can provide a variety of confusing and false material that must be taken seriously. When no coherent picture emerges, then no one knows what to believe and whom to trust. If this were the reason for G2’s existence, then the success of his operation can be seen here at climateaudit. (I gather you have expressed some thoughts along these lines before rumors that G2 was a GRU agent appeared. IMO, they make even more sense now.)

    If the expectation about the G2/GRU connection or my assumptions about an indictment with real evidence aren’t realized, then all the above speculation is meaningless.

    Could G2 be a DNC op? I’m sure that they could find someone capable of playing this role, but that might take some time to set up. If they did and Steele were a fabricator from the beginning, these operations would be used to provide credibility to the other. (I slightly favor the idea that Steele began as a professional who was corrupted by the hysteria surrounding Trump and grossly mischaracterized the reliability and significant of his sources.)

    • Posted Apr 5, 2018 at 9:47 PM | Permalink | Reply

      Frank, thanks for your thoughtful analysis. As you pointed out, I have leaned in several directions as to motivations behind the G2’s avatar. But I have always felt there was ample evidence of it being part of an information operation. The clues being dropped in many directions (to confound profiling) is a classic indicator, (as you pointed out). We don’t know if G2 couldn’t provide the any of the DNC WL emails or if he purposely withheld them to confound solid profiling. Instead he provided just enough evidence to establish he was bonafide. Here are some clues to consider:

      1) G2 was the first to annunciation the connection between Assange’s having “Hillary emails” and the DNC announcing the Russian cyber attack.

      2) G2 appeared lightning fast, within 24 hours, after DNC announcement, leaving little time for such a complex and sensitive operation to be initiated. One would think it would have been in the works for some days or weeks.

      3) G2 never offers irrefutable proof of being the WL source, like supplying a missing email in a WL released email string, or leaving some sort of watermark on the WL dump. In fact, he never supplied any of the DNC WL emails. Thus he is falsely taking credit (or appearing to falsely take credit) for being the WL source.

      4) His act serves to discredit WL as dealing with hackers, or worse – the GRU, rather than whistleblowing leakers.

      5) He does harm to Trump, especially engaging with Roger Stone, while never fulfilling promises to embarrass Hillary.

      6) He evaporates after the election.

      Guccifer 2.0 is I believe the first time in history that an anonymous online presence has been used rather than a physical agent to play such a part. The question still hangs in the air: whose operation was this. The reason that I doubt solid evidence will be presented of a GRU identity is that unlike the salaried trolls G2 had an extremely sensitive mission, one controlled by a head of state or candidate to be one. I agree with Natalia V. that answers lie with more careful questioning of Rob Goldstone.

  20. AntonyIndia
    Posted Apr 5, 2018 at 11:38 PM | Permalink | Reply

    The action at the moment is in the newly released batch of Strzok-Page texts of 2015-08-21 till 2017-06-25:
    even with all the black outs(!) one can still see for example that this duo didn’t like Bernie: https://www.scribd.com/document/370966192/Strzok-Page-texts#download

    • AntonyIndia
      Posted Apr 8, 2018 at 7:42 AM | Permalink | Reply

      Our host Steve McI made a 31 long series of Tweet-observations using this material on Twitter @ClimateAudit. Highlight: Strzok was send to London on Aug 02 2016. A lot of Strzok-Page texts have been “redacted” (censored), but the guess has to be that Strzok interviewed Steele. The Mother Jones article was on October 31 2016, 3 months later. https://www.motherjones.com/politics/2016/10/veteran-spy-gave-fbi-info-alleging-russian-operation-cultivate-donald-trump/

      SwampAudit has more reach on Twitter than here obviously and might therefore evoke interesting replies from involved “actors”.

      • Posted Apr 8, 2018 at 1:03 PM | Permalink | Reply

        Antony, I read the Steele-Fusion GPS commissioned Mother Jones article by David Corn for the first time from your link. A very skilled propagandist can create a picture opposite the truth without telling any clearly identifiable lies. Corn get’s and A+ for collaborating beautifully in this regard with Steele and Simpson, whom he only refers to in shadow. Referencing the Yahoo News article by Isiskoff, Harry Reid and the FBI as an independent confirmations is also nice work.

        The one deception that Steele and Simpson had to know would eventually be exposed (but could be minimized) was the claim that a Republican initiated the Trump-Russia opposition research.

        This was for an opposition research project originally financed by a Republican client critical of the celebrity mogul. (Before the former spy was retained, the project’s financing switched to a client allied with Democrats.) “It started off as a fairly general inquiry,” says the former spook, who asks not to be identified. But when he dug into Trump, he notes, he came across troubling information indicating connections between Trump and the Russian government. According to his sources, he says, “there was an established exchange of information between the Trump campaign and the Kremlin of mutual benefit.”

        The “client allied with the Democrats” is coincidentally similar to the source description for the FISA application to wiretap Carter Page. As both Steele and Simpson were confirming this to Corn it is hard to blame him for misinforming the public for over a year on this critical fact. But it is hard to reconcile that after they learned the truth Corn and Isiskoff collaborated on a book (Russian Roulette) to further the narrative in the Trump-Russia collusion.

        For those who are still not certain that this was an intentional lie and part of an (dis-) information operation here is the quote from the only anti-Trump conservative client of Fusion GPS in 2016.

        The Free Beacon had no knowledge of or connection to the Steele dossier, did not pay for the dossier, and never had contact with, knowledge of, or provided payment for any work performed by Christopher Steele. Nor did we have any knowledge of the relationship between Fusion GPS and the Democratic National Committee, Perkins Coie, and the Clinton campaign.

      • Follow the Money
        Posted Apr 9, 2018 at 9:54 PM | Permalink | Reply

        Strzok was send to London on Aug 02 2016. A lot of Strzok-Page texts have been “redacted” (censored), but the guess has to be that Strzok interviewed Steele.

        He had a morning meeting on August 2, “With the ___. yes, good meeting.” Later he texted, “interesting fact. Guy we’re about to interview was ______________________.”

        I think the latter missing part is ‘Mi6 chief of Moscow Station’. The first omission I think could be an acronym for a US official in London. But it could also be a British official, which would mean the British government had a direct hand here promoting Steele’s wild memos.

        By the way about Lisa’s anti-Russian text. She has also text-vented about Romanians calling them a bad cross between Russians and Italians.

        • AntonyIndia
          Posted Apr 9, 2018 at 10:26 PM | Permalink

          Censoring interpersonal stuff between these two “love-birds” I can understand; It is the other 90% white outs that bother me. Why are US Senators not allowed to see that? Isn’t part of their jobs oversight? 9/11 Commission report flashbacks.

        • AntonyIndia
          Posted Apr 9, 2018 at 10:57 PM | Permalink

          “Guy we’re about to interview was “: looks like Strzok didn’t go alone to London from the US.

        • Follow the Money
          Posted Apr 10, 2018 at 4:25 PM | Permalink

          He may mean someone from the London embassy like an FBI liaison is coming with him.

          His meetings need not be limited to the two derivable here.

          I am most curious if he met concurrent British officials.
          To see if they were part of the game. They could be active, or could vouch for Steele like the DOJ’s Baker did for Steele when he met journalists in America.

    • AntonyIndia
      Posted Apr 9, 2018 at 11:53 PM | Permalink | Reply

      Another revealing text: 2016-09-02 13:50:29, Fri OUTBOX: “Yes, bc potus wants to know everything we are doing”

  21. AntonyIndia
    Posted Apr 7, 2018 at 1:36 AM | Permalink | Reply

    (ex) Deep State troopers lobby at the US Supreme court against President Trump’s travel ban: Madeleine K. Albright, John O. Brennan, James Clapper, John Kerry, General (ret.) Michael V. Hayden, Susan E. Rice etc. etc. https://www.supremecourt.gov/DocketPDF/17/17-965/42290/20180404123144117_17-965AmicusBriefofFormerNationalSecurityOfficials.pdf The pecking order is also interesting.

    Did all these came together to increase US National Security by keeping human traffic open with these 6 countries OR to keep the Gulf Arab $unni (oil) money flow going ?
    Both Russia and Iran have huge amounts of oil too but cannot be US controlled, so have to be demonized.

    • Posted Apr 7, 2018 at 5:37 PM | Permalink | Reply

      “Did all these came together to increase US National Security by keeping human traffic open with these 6 countries OR to keep the Gulf Arab $unni (oil) money flow going”

      Neither. These fifty-two high level DoS and IC executives from the Clinton, Bush and Obama administrations all came together to join in a law suit because it was against Donald J. Trump. If Trump had ordered dark green federal highway road signs replaced with light green they would have laid the weight of their expertise denouncing it.

  22. Frank
    Posted Apr 9, 2018 at 11:05 PM | Permalink | Reply

    Those skeptical that our media is being manipulated might want to run a search on Youtube for the Syrian rescue group, the “White Helmuts”. Who is dominating the coverage of this group? Are Youtube rankings being manipulated or are a large number of people suddenly recognizing the truth about the White Helmuts? How can we know for sure?

    • Posted Apr 10, 2018 at 8:00 AM | Permalink | Reply

      If British intelligence could run information ops inside the US in 1940-41 in hopes of swaying American public opinion away from isolationism it demonstrates misinformation can be anywhere and that one always needs to be skeptical. But also, one can be lied to and still know who the real bad guys are. In this case it’s whoever used the chlorine gas.

One Trackback

  1. […] of this post should in no way be taken to indicate what I discuss is not ludicrous. Because it is. This post by Steve McIntyre is, without a doubt, the most absurd thing I've ever seen him […]

Post a Comment

Required fields are marked *

*
*

%d bloggers like this: