DNC hack update: Crowdstrike likely used false data to conclude Russia hacked DNC servers
Margot Cleveland at The Federalist uncovers still more evidence that Putin had nothing to do with the DNC hack
The intrepid Margot Cleveland over at The Federalist follows the Durham investigation very closely. VERY closely. Her level of detail can make your eyes bleed, so I’m here to synthesize it for you. Her latest article about how the DNC hack analysis may be tainted is (bloody?) eye opening.
The recent Durham filings and upcoming trial (May 16th) deal mostly with a new vein in the sprawling web of Deep State deceit carried out to entrap, undermine, and topple DJT.
Thread 1: Dossier, Steele, Fusion GPS, Comey, FISA, FBI, Mueller.
Thread 2: Alfa Bank, Sussmann, DARPA, GA State, Joffe.
Thread 1 we've been following forever. Thread 2 is the focus of the upcoming trial and is a relatively new corpus of corruption.
Thread 1 is rooted in the DNC (Democratic National Committee) email hack. That is, the DNC hack was necessary to plant the seed of Trump-Putin coordination that gave rise to all manner of Deep State nefariousness.
No DNC hack, no "RUSSIA RUSSIA RUSSIA" (Thread 1).
Now it appears the corrupt crew uncovered in Thread 2 also had a part in the DNC hack storyline. Thus, the DNC hack spans the two threads. This is new information. Importantly, this finding casts even more doubt that the Russkies were involved in the DNC hack in the first place.
Recall that Wikileaks (“Guccifer 2.0”), run by the hapless Julian Assange, published DNC emails on the eve of the Democratic Convention in late summer 2016. They showed that (surprise!) Team Clinton worked to undermine Team Bernie. Bernie later rolled over and settled for his mansions. For his part, Trump made much of the Wikileaks leak.
The interesting new connection that Cleveland writes about is that the team of computer experts at GA Tech performed a retrospective review of the Crowdstrike forensic analysis of the DNC hack it performed and conclude that Crowdstrike was likely snookered by the same doctored network traffic that had formed the basis for the phony Alfa Bank story.
This means that the same technique the bad guys engineered to falsely show regular, substantive traffic between Russia's Alfa Bank and Trump servers in Trump Tower, his residence, AND the White House (Thread 2) was also used to indicate a phony link between DNC servers and Russian hack houses (APT-28, or "Fuzzy Bear") — a connection vital to Deep State pursuit of Thread 1.
If so, this casts further doubt in the Deep State narrative underpinning the DNC hack: that Putin grabbed the DNC emails and leaked them through Wikileaks -- in cahoots with Team Trump -- in order to embarrass Clinton and declare Trump a Putin puppet.
If this pans out, it would totally eviscerate the entire RUSSIA-RUSSIA-RUSSIA narrative foundation.
This needs some unpacking.
Background: before the Wikileaks DNC release in late summer 2016, the FBI alerted DNC of infiltration attempts by unknown players. DNC contracted Crowdstrike to analyze their systems and to harden them. Three issues here: (1) FBI is friendly to DNC; one wonders if RNC would have been similarly extended this courtesy; (2) such high profile systems are ALWAYS probed and hacked; it'd be unusual if Russia, China, North Korea, Iran, Israel, UK, Germany, and other nation states were NOT probing their servers; and (3) Crowdstrike performed a routine analysis -- at that time, it was deemed standard fare.
It was only some months later after the Wikileaks email dump that Crowdstrike was brought in to forensically analyze the servers. In an extraordinary move, FBI was disallowed access. Quite chummy. Crowdstrike dutifully pinned the hack on the Russkies.
(Later, to House Intel, the CEO of Crowdstrike Services (a former FBI dude) testified that there was "no concrete evidence" of an electronic hack. Hmmm. This contradicts Crowdstrike’s own statements on the matter.)
Fast forward to recent Durham filings and reporting by Cleveland and others. Key aspects and players bearing on the new news are as follows:
Crowdstrike: the Democrat-friendly network security and forensic analysis firm that went public in 2019 and made many Demmie players rich. Crowdstrike = Demmie.
GA Tech: Yes, the university. It was found (by Durham) to have participated intricately in the analysis of (the spying on) DNS traffic from Trump servers.
DNS traffic: Domain Name Service, an internet mechanism where human-readable URLs (lurker.substack.com) are translated to IP addresses (172.64.154.11) that routers then use to scour the internet to find the server(s) containing the desired content. An analysis of DNS queries informs you of what computer visited what site, and when -- very sensitive data.
Rodney Joffe: Joffe is CEO of Neustar, a company that has access to top-level domain DNS queries, which is geek-speak for being able to hoover-up DNS queries across the entire internet. It sells this data. It's this data that the maggots at GA Tech used to sniff (that is, to spy) on DJT's servers.
Deep State problem: DJT's servers DID NOT converse with Alfa Bank's servers in any substantive way.
Deep State “solution”: Joffe, the big wig who was gunning for a top job in the then-certain Clinton administration? Why he would do what any Deep State corrupt mofo would do -- he planted DNS data to falsely concoct traffic between Trump Tower servers and Alfa Bank servers!!
Deep State outcome: Even the CIA didn't buy it. But it was enough for Sussmann to run to his BFF (Best Friends Forever!!!) at FBI (General Counsel James Baker) and dump the Alfa Bank story into the FBI.
With this background, let's snap back to the DNC hack. Job #1 for Crowdstrike when examining the DNC servers would be to ascertain, using DNS query logs from Neustar and other tools, just what servers were communicating with the DNC servers. A key goal would be to find the command-and-control server(s) in use by the hackers to control exfiltration activities. (C&C servers guide malware activities and act as data exfiltration endpoints and, frequently, as dead-man switches to stop/start activities, like exfiltration.) And look at that!! Crowdstrike found references to servers under control of Russia's notorious APT-28 and APT-29 (Fancy Bear and Fuzzy Bear) hacker groups.
Cleveland's reporting indicates these references were likely falsely planted, just like those between Trump and Alfa Bank servers.
GA Tech is not releasing white papers that have recently come to light that would likely indicate that Crowdstrike's conclusions were falsely derived. No wonder the bad guys are fiercely resisting document releases. But I think more court filings will uncover the white papers soon enough.
I'll close this lengthy post with a few more thoughts:
Was Crowdstrike unwittingly duped into finding "evidence"? It would be relatively simple to steer Crowdstrike to a false conclusion. The absence of FBI forensic tools (more extensive than Crowdstrike's) removed any dissenting view. And the first whiff of Russian involvement would have stopped Crowdstrike from any further investigation — they would happily support the narrative. All Crowdstrike needed was some sliver of evidence of Russkie malfeasance. It appears Joffe planted false evidence to provide exactly that. Joffe certainly had the means and the motive.
I didn't mention DARPA in this mix although Cleveland’s reporting does. Suffice it to say here that the Defense Department's Research Projects Agency is involved in this mess, too. Just like they've been involved in the Pfizer/vaccine scuffle. The Deep State is wide-ranging, indeed.
Could Russia have performed the hack? Absolutely. But exfiltrating 66G of data leaves a mark and none was found; inexplicably, there was no FBI forensic analysis; Crowdstrike alone tagged the Russkies (no second opinion); Assange's (Wikileaks) denies he received the content from Russkies where he has every motivation to claim otherwise; Crowdstrike CEO's comments indicate a high degree of uncertainty; and now this. Finally, it’s entirely possible DNC servers were concurrently under multiple attacks by multiple players.
It's noteworthy that Thread 1 has largely dead-ended -- you don't see Durham actively pursuing this thread. Thread 2 is active and indictments and the trial itself are largely centered there. Why the difference, you ask? Thread 1 is populated by Deep State activity promulgated by in-government actors (Comey, McCabe, Brennan, etc.) while Thread 2 mostly has Deep State types outside government (Sussmann, Joffe, etc.). Interesting how that works, huh?
The upcoming Durham trial should be eye-opening. One witness given immunity (and thus must testify truthfully and cannot plead the 5th) is associated with the GA Tech antics. It's a Federal trial so no cameras -- boo. But you can bet I'll be closely following it.