Evidence reveals emails leaks an inside job not due to hacking
This article is Part 2 in a series of three articles investigating the Seth Rich murder. Read Part 1 HERE.
Part 1 developed the following: Hillary’s campaign, lax on cybersecurity and working with the DNC to make sure Sanders did not have a chance of winning, invited multiple attacks from both hackers on the outside and from leakers on the inside.
Part 2 makes clear the multiple hacks and multiple leaks that plagued Hillary’s 2016 presidential campaign came from multiple sources.
The breakthrough in this series of articles is the attempt to apply intelligence analytical techniques to sort out the various known cybersecurity attacks on the Democrats during the 2016 presidential campaign to determine the rogue agent responsible for each separate known cybersecurity attack.
WASHINGTON, D.C. – Hillary’s 2016 presidential campaign was hit by so many hack attacks and so many leaks, the CSI problem is almost impossible to decipher.
By election day, Hillary Clinton’s electronic campaign began to resemble a corpse killed by multiple gunshot wounds.
The pattern of wounds upon wounds evident in the corpse were so combined and so confused, it is today hard to tell – if not impossible – how precisely many shooters there were or who fired the fatal round.
To sort this out, we begin with the first hack attack on Clinton emails, the hack that began with Guccifer in March 2013.
March 2013: Guccifer, the first hacker
In March 2013, a Romanian hacker Marcel Lazar, who went by the username “Guccifer,” a combination of “Gucci” and “Lucifer,” shocked the world by the revelation Hillary Clinton had utilized a private email server while secretary of state.
On March 15, 2013, the Smoking Gun broke the story, disclosing that Guccifer had spent the past several months “breaking into the e-mail accounts of family, friends, and political allies of the Bush family,” only to “cross party lines” and illegally access the AOL account of a former senior White House advisor to former President Bill Clinton, then 64-year-old Sidney Blumenthal, a longtime confident of Hillary Clinton.
Guccifer entertained himself by reading the cache of Blumenthal emails that went back to 2005, with emails sent to “an array of Washington insiders, including political operatives, journalists, and government officials.”
When he realized some of the emails between Blumenthal and Hillary involved an email address Hillary used, email@example.com — causing Guccifer a “WOW” moment when he realized the initials matched Clinton’s maiden name, Hillary Diane Rodham – and the email address “clintonemail.com” revealed the use of a private, unsecured email server.
During an interview given in Romania in 2015, Guccifer then in prison commented to a reporter that he accessed in Hillary’s hacked emails memos that Clinton got as secretary of state, with CIA briefings attached.
“I used to read her memos for six or seven hours then I’d get up and do the gardening in the yard,” Guccifer said.
Guccifer never published a trove of Clinton emails, tending to be more malicious than politically motivated, as demonstrated in March 2013, when he hacked Colin Powell’s AOL email account and defaced Powell’s Facebook page with an anti-Bush diatribe.
In June 2013, after Clinton had left office as secretary of state, the private server was moved from the Clintons’ Chappaqua home to a data center in northern New Jersey, where it was maintained by Platte River Networks in Denver; in early 2014, Platte River Network staff uploads Hillary’s emails to a Gmail account and then transfers them over to a Platte River Network server.
That Hillary had used a private server at the State Department was largely ignored until the New York Times ran a front page article on March 2, 2015, reporting that Clinton had turned over 55,000 pages of emails from her personal server to comply with federal record-keeping practices as required by the Federal Records Act.
In the period March 25-31, 2015, Platte River Staff member Paul Combetta realized he forgot to wipe Hillary’s email archive from the Platte River Network server, as he had been advised to do by Hillary aide Monica Hanley the previous December.
Now desperate, Combetta decided to use BleachBit software to wipe Hillary’s emails from the Platte River Network server, despite a subpoena Hillary received from the House Select Committee on Benghazi on March 4, 2015, instructing Clinton to preserve and deliver all emails from her personal servers.
The thousands of Hillary Clinton’s State Department emails that have been made public have resulted not from Guccifer’s hacking efforts in 2013, or from the private email server Pagliano set up for Clinton in Chappaqua, or from the Platte River Network server) to which Hillary’s State Department-era emails were transferred.
All Hillary Clinton emails from her term as Secretary of State that are public today have come either from Judicial Watch FOIA requests, or from various subpoenas Clinton was issued in Congressional investigations.
The Clinton emails that have been made public were archived as they were being released on the Judicial Watch website and on the U.S. Department of State website.
Guccifer was arrested in Romania on Jan. 22, 2014, and convicted to four years in prison, where he remained until he was extradited to the United States in March 2016 to face U.S. federal criminal charges.
On Sept. 1, 2016, a U.S. district judge in Alexandria, Virginia, sentenced Guccifer to four years in federal prison, after he pleaded guilty to one count each of aggravated identity theft and unauthorized access to a protected computer.
What this timeline makes clear is that the Podesta emails dating through May 25, 2015, published by WikiLeaks starting in October 2016, could not possibly have resulted from Guccifer’s 2013 hacking efforts, if only because Guccifer/Marcel Lazar has been in prison non-stop since he was arrested in Romania in January 2014.
It should also be clear that the source of the Podesta emails published by WikiLeaks in October 2016 could not have resulted from someone hacking the Pagliano server.
The Pagliano server remained unplugged in storage in New Jersey from June 2013 until the FBI seized it in August 2015.
In late-March 2015, the Platte River Network servers were scrubbed of all Hillary emails making it impossible for Podesta emails dated in May 2015 to have been hacked from that source.
The “Russian Hack” and Guccifer 2.0
On June 14, 2016, the Washington Post reported Russian government hackers had penetrated the DNC computer network, gaining access to the entire database of opposition research on GOP candidates – an article that cited unnamed “U.S. officials” who claimed the intrusion into the DNC was one of several targeting “American political organizations,” including the computer networks of the Clinton and the Trump campaign “targeted by Russian spies,” as well as computers of various GOP PACs.
“I completely rule out a possibility that the(Russian) government or the government bodies have been involved in this,” Dmitry Peskov, the Kremlin spokesman told Reuters in Moscow, on the same date.
The next day, June 15, 2016, cybersecurity firm CrowdStrike, Inc. posted a notice on its website that two separate Russian intelligence-affiliated adversaries began hacking DNC computers in May 2016.
The CrowdStrike posting noted that on June 15, 2016, a blog post to a WordPress site “authored by an individual using the moniker Guccifer 2.0” claimed credit for breaching the DNC.
“Whether or not this posting is part of a Russian Intelligence disinformation campaign, we are exploring the documents’ authenticity and origin,” CrowdStrike commented.
“Regardless, these claims do nothing to lessen our findings relating to the Russian government’s involvement, portions of which we have documented for the public and the greater security community,” CrowdStrike concluded.
In the June 15, 2016 posting on WordPress, Guccifer 2.0 revealed he had advance warning of the CrowdStrike conclusions ready to be posted the next day.
“Worldwide known cyber security company CrowdStrike announced that the Democratic National Committee (DNC) servers had been hacked by ‘sophisticated’ hacker groups,” Guccifer 2.0 wrote under the heading “DNC’s Servers Hacked by Lone Hacker.”
Guccifer 2.0 bragged that hacking the DNC’s servers was “easy, very easy.”
“Guccifer (Marcel Lazar) may have been the first one who penetrated Hillary Clinton’s and other Democrats’ mail servers,” Guccifer 2.0 noted. “But he certainly wasn’t the last. No wonder any other hacker could easily get access to the DNC’s servers.”
Then Guccifer 2.0 bragged: “Shame on CrowdStrike: Do you think I’ve been in the DNC’s networks for almost a year and saved only 2 documents? Do you really believe it? Here are just a few docs from the many thousands I extracted when hacking into the DNC’s networks.”
On June 15, 2016, Guccifer 2.0 published on WordPress an opposition research report the DNC wrote on Donald Trump, marked “Confidential,” and dated Dec. 19, 2015; several pages of donor lists, suggesting Guccifer 2.0 may have breached the NGP database; but no emails.
Guccifer 2.0 claimed he sent the main part of the hacked documents, “thousands of files and mails,” to WikiLeaks, bragging that WikiLeaks “will publish them soon.”
From June 15, 2015, through Oct. 18, 2016, Guccifer 2.0 published a series of documents, making it clear he had extensive access to DNC internal memorandums and donor lists.
But what was missing in the Guccifer 2.0 publication of DNC hacked documents were emails, suggesting Guccifer 2.0 had not penetrated the DNC email server, or the private email archives of John Podesta and other Clinton campaign officials.
Also absent from the Guccifer 2.0 publications of DNC hacked documents were any documents prepared by the Clinton campaign.
The Guccifer 2.0 controversy flared again when the Wall Street Journal published on May 25, 2017, published an article claiming Guccifer 2.0 had sent Aaron Nevins, a GOP Republican consultant in Florida, 2.5 gigabytes of Democratic Congressional Campaign Committee (housed in the same building with the DNC) documents, some of which Nevins published on a blog HelloFLA.com that Nevins ran using a pseudonym.
Nevins told the Wall Street Journal he set up a Dropbox account “so whoever was using the Guccifer 2.0 name could send large amounts of material.”
This episode confirms that Guccifer 2.0 had hacked only the DNC computers, the donor data in the VAN computer servers in Massachusetts, and the data in the NPG computer servers in Washington.
Guccifer 2.0 confirms this in a post to his WordPress site posted on Jan. 12, 2017, in which Guccifer 2.0 wrote the following: “I already explained at The Future of Cyber Security Europe conference that took place in London in last September, I had used a different way to breach into the DNC network. I found a vulnerability in the NGP VAN software installed in the DNC system.”
Note also that Guccifer 2.0 is a different person than the first Guccifer, Marcel Lazar, whose hacking capabilities have been severely limited during his continuing imprisonment that began with his arrest in Romania in January 2014.
Give that the WikiLeaks publication of hacked documents that began in October 2016 – the hacked document dump the Clinton campaign, the FBI, and the U.S. intelligence agencies want to blame on Russia – consists almost entirely of emails from Podesta and others related to the Clinton campaign and/or the Clinton Foundation, it is extremely unlikely Guccifer 2.0 was the source, regardless how many assertions U.S. intelligence makes that Guccifer 2.0 was a Russian agent – something Guccifer 2.0 continues to deny.
U.S. intelligence blames WikiLeaks on Russians
The CrowdStrike post dated June 15, 2016, explained their experts had identified the “sophisticated adversaries” attacking the DNC computers as “Cozy Bear” and “Fancy Bear” – both identified by CrowdStrike as “Russian-based.”
On Jan. 6, 2017, the office of the Director of National Intelligence released a report entitled, “Background to ‘Assessing Russian Activities and Intentions in Recent U.S. Elections’: The Analytic Process and Cyber Incident Attribution.”
This report concluded “with high confidence” that Russian military intelligence “used the Guccifer 2.0 persona” to release the Podesta files to WikiLeaks, but the report also admitted the identification of the origin of a cybersecurity attack was “difficult” based only on “tradecraft” that relies on circumstantial evidence at best, presuming a hacker leaves a signature, such that cyberattacks like “Cozy Bear” and “Fancy Bear” can be reliably be attributed to Russian intelligence operatives.
On March 7, 2017, WikiLeaks released 8,761 documents on the CIA’s “global covert hacking program” that included documents from a project called “Umbrage” proving the CIA could launch “false flag” cyberattacks and make them look as if they originated from other countries, such as Russia.
“The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation,” WikiLeaks noted.
“When UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from,” WikiLeaks continued.
In December 2016, after Clinton had lost the election, John Podesta said on NBC’s “Meet the Press” that the first time he was contacted by the FBI was two days after Oct. 7, 2016, the date WikiLeaks started dropping his emails.
If the FBI had no reason to believe the then-known hacks of Clinton’s private email server and the DNC had also breached Podesta’s email files until after WikiLeaks began publishing Podesta’s emails, this strongly suggests the person who leaked Podesta’s emails was not Guccifer, Guccifer 2.0, “Cozy Bear,” or “Fancy Bear,” but a separate and distinct incident, likely carried off by someone not previously identified.
Yet, to date, the U.S. intelligence agencies have insisted on lumping together all hacks of the Democrats during the 2016 presidential, blaming the Russians for every hacking incident, regardless of the content released by the hack or the target data source known to have been hacked.
What seems likely is the FBI had no idea Podesta emails had been hacked (or leaked) until WikiLeaks started publishing them.
Yet, despite this intelligence failure, U.S. intelligence agencies took their fallback position, concluding the Russians must have hacked Podesta’s emails too.
On Dec. 30, 2016, after the presidential election was over, then-President Obama took a step to implant the “Russian interference” meme into the U.S. mainstream media, by expelling 35 Russians from the United States and ordered sweeping new sanctions as retaliation, stressing that U.S. intelligence services believe Russia had ordered cyberattacks on the DNC.
Interestingly, there was an earlier expulsion of Russian diplomats during the 2016 presidential convention.
On July 8, 2016, the Obama administration expelled two Russian diplomats from the United States supposedly in retaliation for a Russian police guard who had tackled a U.S. diplomat outside the American Embassy in Moscow in a scuffle that was captured on security footage and broadcast on Russian television.
Anonymous, in a video released May 24, 2015, provides an alternative explanation why these two diplomats were expelled.
Anonymous claimed Mikhail Fradkov, the head of Russia’s SVR intelligence agency from Oct. 6, 2006 to Oct. 5, 2016, authorized an emergency contact with the U.S. State Department on July 7, 2016, to reveal the details of Seth Rich’s breach of Podesta’s emails and the subsequent danger to his life, only to find themselves expelled immediately.
Fox News host Sean Hannity got suspended over the Memorial Day holiday following a series of broadcasts beginning March 12, 2017, in which Hannity appeared to be advancing what is being termed the “WikiLeaks’ conspiracy theory.”
This theory suggests U.S. intelligence agencies hacked Hillary’s email server, the DNC, the VGP-VAN database, and Podesta’s emails, in a “false flag” that used tradecraft leaving cyberattack “fingerprints” that traced back to the Russians.
On the broadcast March 12, 2017, two former U.S. intelligence operatives, Lt. Col. Tony Shaffer and former NSA official William Binney, told Hannity that retired NSA intelligence officers were responsible for hacking the DNC.
“Sean, we did it [hack the DNC], not me, but our guys—former members of NSA, retired intelligence officers used these tools to break in there and get the information out. That’s what the Democrats don’t want to talk about because it doesn’t fit their narrative,” Shaffer explained.
The U.S. Intelligence agencies have assumed the Russian government hacked the Democrats because Vladimir Putin wanted Donald Trump to win.
But there is well-documented proof the Russians had been paying Hillary Clinton through the Clinton Foundation for her decision as secretary of state to support the Frank Giustra ploy that resulted in Russia getting control of 20 percent of the uranium in the United States, while Russia was using a shell company in the Netherlands to pay Podesta in stock for supporting the “technology transfer” to Russia the Obama administration had authorized under Secretary Clinton’s “reset” initiative.
How would Russia know in advance that hacking Hillary, Podesta, and the DNC would turn up sufficiently damaging documentary evidence to throw the election for Trump?
Why would Putin want Trump to be president, when the Russians had invested millions during the Obama administration to establish their blackmail potential to control the actions of both Clinton and Podesta, starting the minute Hillary took the oath of office as president of the United States?
Despite all the U.S. intelligence and Democratic Party hoopla, the fact remains there is no irrefutable proof the Russians hacked Hillary Clinton or the DNC during the 2016 presidential campaign, nor is there any proof the Russians accessed John Podesta’s email account.
So far, the “Russian Collusion” meme implicating Trump in a supposed Russian hacking scheme is nothing more than a lame Clinton excuse for losing.
In the final analysis, if Hillary and the DNC had not conspired to steal the nomination from Sanders, and if Podesta’s emails were not so filled with dark brooding and scheming (often aimed at HRC herself), it would not have mattered their documents were hacked, leaked, and published.
The dark, dirty truth is that Hillary Clinton could not sustain the revelation to the American people of the truth Podesta and the DNC spoke in private, almost every day, as they schemed to put Hillary in the White House.
Hillary even today refuses to acknowledge the problems that continue to dog her White House ambitions, ranging from Benghazi, to the Clinton Foundation, to her handling of classified material transmitted over her private email server, to name just a few.