Unfortunately, not all Americans are computer geeks. That is one reason they have had trouble keeping all of these hacking stories, allegations, and investigations straight. There were three networks involved in the campaign, and at least two were allegedly hacked, according to more than one source, and FBI Director James Comey claimed a third one was hacked, probably by Russia and perhaps other state actors. Below is a review of all three servers and how they relate to the story of the election.
Network One--This is the Democratic National Committee (DNC) network. This will be the first network, which is usually referred to as a "server," that we will analyze in several parts. There are typically several servers operating on a network, such as a file server, an email server, a domain name server, etc. These are computers on the network with different tasks to perform, sometimes different operating systems driving them, and different programs performing work for the owners of the network. One server can perform more than one operation, and there are "virtual servers," which are nothing more than computer code that mimicks a physical server, which is that box-like computer in a rack that you can see. Several virtual servers can exist in one box, and they cannot be seen with the human eye.
Network Two--The Hillary Clinton for President Campaign's network--This network is frequently confused with the DNC Network, since Hillary was a Democratic Party candidate. A candidate's campaign is supposed to be separate from the DNC, since there might be multiple candidates trying to get nominated for President, and the DNC is supposed to be neutral and not support any one of them over the others. Therefore, Hillary's campaign had its own network.
Network Three--The private network, or server(s), that Hillary ran separately from the State Department's dot gov domain. This network was not in compliance with State Department or Federal Government policy and eventually had several extremely top secret documents stored on it that are legally not permitted to be removed from their place of origin. We will cover this in depth. This is the "Email Scandal" that had a serious negative impact on the Hillary Clinton campaign. While the media called it an "Email Investigation," in reality it was an investigation into violations of 18 United States Code, Section 793, the Espionage Act. It was very serious as the "email" in question is not the kind of "email" most Americans receive.
We will start with an analysis of all that is presently known about the hacking of Network One, the DNC Network.
THE ALLEGED RUSSIAN HACK OF THE DNC NETWORK AND THE TRANSMISSION OF THE EMAILS TO WIKILEAKS
Most Americans think they know all about this story. They are, unfortunately, deeply mistaken. One of the reasons that the information about this alleged hack are only known by most citizens in fragmentary form is that the story broke in the same week in June 2016 as the Orlando Pulse Nightclub alleged mass shooting incident. Since it was reported that 49 died, and over 50 wounded, making the Pulse shooting the worst mass shooting ever, the media's attention was riveted to Orlando throughout the week of June 12, 2016 when the story broke into the media. It has taken months of research to be able to tell this story with a high level of confidence, as the spy agencies describe it, that the research is complete now. The last piece fell into place when Senator Charles Grassely (R-Iowa), chairman of the Senate Judiciary Committee, questioned James Clapper, former Director of National Intelligence, and former Acting Attorney General Sally Yates in May 2017.
The Grassley queries of Clapper and Yates included a series of questions about the alleged Russian hack of the DNC server. A video of this interrogative will be embedded on the footnotes page of this report. Grassley framed a series of questions about the hack by setting forth some documented facts about the alleged Russian hack. The first one was that the FBI informed the DNC in August 2015, the year before the election, that Russian hackers had breached the DNC network. Grassley stated that the DNC response to this was basically to do nothing. The DNC management refused FBI assistance in removing the alleged Russian hackers, and to refuse access by the FBI into the servers to accomplish the removal of the hackers. (1)
What the FBI wanted to do was conduct a forensic audit of the DNC network. One major step in conducting such an audit is to gain access to the server's Audit and Event logs so that the hacker's entry into the network, and activities within the network, could be identified, such as what files were accessed, and what files were copied and removed, which is called "exfiltration" of documents from a network by a hacker. The DNC refused to permit the FBI to access their network in August 2015. After this, they did nothing on their own to eliminate the breach that the FBI alleged was a Russian hacker attack. The DNC didn't permit the FBI to access their network servers, but seemed not to mind that, according to the FBI, the Russians were all over their network. Through the rest of 2015, nothing was done about the breach by the DNC, and Russian hackers allegedly had access to the network for nearly a year.
It is important to note that the most likely source about the alleged Russian breach of the DNC was the National Security Agency (NSA) that monitors some, and records all, electronic communications inside the United States, and would easily be able to determine if a breach that appears to come from a foreign source has taken place. The FBI has fine cybersecurity experts among its agents, but not the kind of sophisticated electronic surveillance equipment of the NSA. It is my conclusion that the NSA contacted the FBI to inform the DNC that they had been breached by Russia. Keep the electronic surveillance capability of the NSA in mind throughout this long series of articles about the election.
The Ellen Nakashima Article in the Washington Post About the DNC Hack of June 14, 2016
Ellen Nakashima was assigned by the Washington post to cover the DNC hack once the DNC made the story public on June 13, 2016. The article she produced was once considered by this writer to be "The Rosetta Stone of the Russian Hack of the DNC," and there are a lot of very important facts to be found in Ms. Nakashima's article. The missing piece was what Senator Grassley revealed about the timing of the event, which put a different light on the entire incident, and the fact that the Russians stealing over 27,000 emails was not mentioned in the story.
What most Americans will find interesting is the response of some of the intelligence professionals Ms. Nakashima interviewed. There was no sense among them that anything alarming had happened as a consequence of what they considered a Russian hack. Such hacks were treated as routine events by these people, as we will see, and there was no mention of any emails being stolen by the Russians, let alone the approximately 27,000 that were allegedly stolen by the Russian hackers. As Senator Grassley pointed out in the Senate hearing, only 500 of the stolen emails existed as of August 2015 when the DNC was first alerted that they were hacked. Not doing anything about it cost them 26,500 more lost emails, with many showing up on Wikileaks by July 2016.
Let's take a look at some exact quotes from Ms. Nakashima's article, one of the first major newspaper articles about this incident, to get the idea of how the DNC responded to the alleged Russian hack. We need to get an idea of how serious the breach was considered by the management of the DNC, the private cybersecurity firm the DNC contracted to deal with the breach, and the Intelligence Community veterans and experts consulted by Ms. Nakashima in compiling the article. The excerpts from Ms. Nakashima's article are displayed in bold and italics.
DNC leaders were tipped to the hack in late April. Chief executive Amy Dacey got a call from her operations chief saying that their information technology team had noticed some unusual network activity.
“It’s never a call any executive wants to get, but the IT team knew something was awry,” Dacey said. And they knew it was serious enough that they wanted experts to investigate.,
That evening, she spoke with Michael Sussmann, a DNC lawyer who is a partner with Perkins Coie in Washington. Soon after, Sussmann, a former federal prosecutor who handled computer crime cases, called Henry, whom he has known for many years.
Within 24 hours, CrowdStrike had installed software on the DNC’s computers so that it could analyze data that could indicate who had gained access, when and how.
So, with the above quotations from the Washington Post's first article about the alleged Russian hack, we see no statement about the FBI contacting DNC management in August 2015 to inform them of the Russian hack. This means that, from August 2015 until the last week of April 2016, the DNC management did nothing about the Russian hack, and let the Russian hackers basically run barefoot through their network for eight months. When listening to Senator Grassley quizzing James Clapper and Sally Yates, we learn that this delay in response to the hack cost the DNC thousands more emails that the Russians allegedly exfiltrated from the network. There is also no mention by DNC management, or Crowd Strike's technicians and management, that the Russians stole any of the emails. The only thing the Russians allegedly did with the emails and the text messages and saved chat logs was to read them, as reflected in this statement from the Ellen Nakashima article.
The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts.
Of course this story changed to the Russians turning the emails over to Wikileaks to make available to the public. The motive of the Russians was allegedly to help Donald Trump win the 2016 election. Keep in mind, this is June 14, 2016. Donald Trump was not even nominated for President by the Republican Party, and there was considerable discussion in media and political circles that the hierarchy of the Republican Party would attempt to block Trump's nomination on the floor of the convention that would not take place for approximately one month. The theory that the emails were stolen during the August 2015 to May 2016 timeline, which is the time the FBI first informed the DNC that they were hacked until Crowd Strike technicians expelled the hackers from the DNC network, the Russians could not know that Donald Trump would even be running for President as they could not know if the Republican Party would nominate him during this time period of August 2015 until late May 2016 when the hackers were forced out of the DNC network by Crowd Strike.
So, we can see there is more to this alleged Russian hack story than what we have been told. There has been ample speculation of what alleged Russian hackers were doing breaching the DNC network, and this series of articles will offer a possible alternative explanation, as one is apparently needed, but not until later in this series of articles. A timeline will be produced to help the reader get a firm grasp of the chronology of the events to prevent the kind of confusion that would lead the casual observer to think that Russian intelligence would try to get a man elected who was not even nominated for President by his party, and whose candidacy was hardly viewed as a positive thing to many powerful individuals in the Republican Party. The US media was speculating that those powerful elements in the Republican Party could derail Trump at the convention if they put forth a serious challenge to him on the convention floor. Russian intelligence would know that as a Russian Government-owned television network, RT, was covering the Presidential campaign inside the United States.
It is also instructive to note that, sophisticated foreign intelligence operations, such as Russia's and China's, know all about the ability of the NSA to electronically intercept hack attempts from foreign sources. Typically, such hacks would employ proxy servers to provide a false US or other national IP address for the computers being used by the hackers. An IP address is the digital address that each computer on the Internet uses to communicate. If a Russian hacker configures his computer to use a US proxy server to enter the Internet, it will appear in the logs of a server hacked by the Russians that the attack originated in the United States, not Russia. This might fool a technician in a target's computer room, but would not necessarily fool the NSA. The NSA is aware of the proxy server providers and the IP addresses they provide their clients, so they are of little use in fooling the NSA. We can conclude from this that the Russians were taking considerable risks of detection in hacking the DNC network, and, indeed the Russians, if they were actually hacking the DNC, were detected according to the official version of the event.
Now, as the Washington Post article by Ellen Nakashima implied by omission, the Russians only read the emails, they did not steal them. The Russians stealing the emails became part of the narrative once Wikileaks published the emails in July 2016, about the time of the start of the Democratic National Convention in Philadelphia. When Ms. Nakashima's article came out, all that the Russians stole from the DNC were files from the DNC's database of Opposition Research about Donald Trump, as reflected in the quotes from Ms. Nakashima's article below.
Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.
The Russian hackers exfiltrated these "opposition research" files on Trump, which essentially consist of derogatory stories about Trump. As we experienced during the campaign, damaging stories about Trump were "out there." At least one was thought to have effectively damaged his campaign to the point of sealing his defeat. One has to wonder why, after the Russians obtained this bushel basket of dirt on the billionaire, they would continue to assume the man could be elected, yet that is what we are still being told by our media and intelligence agencies. In fact, this is what the Nakashima article tells us about the DNC opposition research about Trump.
Other analysts noted that any dirt dug up in opposition research is likely to be made public anyway. Nonetheless, DNC leadership acted quickly after the intrusion’s discovery to contain the damage.
Translated, this means that the DNC and the Republican National Committee (RNC) dig up dirt on their prospective opposition candidates in order to make the dirt public, not to keep it secret. With both the DNC and the Russians allegedly in possession of the same dirt on Trump, the dirt would be useless to the Russians to use as blackmail as the Russians could not keep the Democrats from publishing the dirt and knocking "their man," Trump, out of the race with it.
Since the idea that the Russians hacked the DNC in order to help Trump get elected was such an unlikely scenario at the time this article was published (June 14, 2016), let's see what some Intelligence professionals, including some retired FBI cybersecurity experts, had to say about Russia's possible motives for this alleged hack for Ms. Nakashima's article:
Western sanctions, imposed after Russia’s annexation of Crimea in Ukraine, have hurt the economy and led the government to increase its theft of intellectual property to limit the impact of import restrictions, he said. And Russia’s growing isolation has increased the need for intelligence to understand and influence political decisions in other countries, he added.
The above quote tells us that the Russians are isolated by sanctions and cannot obtain conventional sources to intelligence about Trump to find out how they could influence his decisions if he should be elected President. There is nothing in the quote about doing anything to help Trump get elected, only how to deal with him should he be elected.
“The purpose of such intelligence gathering is to understand the target’s proclivities,” said Robert Deitz, former senior councillor to the CIA director and a former general counsel at the National Security Agency. “Trump’s foreign investments, for example, would be relevant to understanding how he would deal with countries where he has those investments” should he be elected, Deitz said. “They may provide tips for understanding his style of negotiating. In short, this sort of intelligence could be used by Russia, for example, to indicate where it can get away with foreign adventurism.”
This second quote discusses what could be an actual problem with a Trump Presidency, and that is Trump's wide-ranging, international business holdings that could constitute conflicts of interest for Trump, particularly in foreign policy decisions where Russia has interests. The GOP hierarchy could have used this as leverage to either keep Trump from being nominated, or to force him into putting Trump's business empire into a blind trust, or divesting himself of the business holdings as a prerequisite for receiving the nomination. For some reason, the GOP leadership did not take this step.
“It’s the job of every foreign intelligence service to collect intelligence against their adversaries,” said Shawn Henry, president of CrowdStrike, the cyber firm called in to handle the DNC breach and a former head of the FBI’s cyber division. He noted that it is extremely difficult for a civilian organization to protect itself from a skilled and determined state such as Russia.
I like to call the above quote by Shawn Henry the "spies-will-be-spies" and "Russians-will-be-Russians" position about the alleged DNC hack by Russia. It is routine "tradecraft," for a spy agency to hack to get information. Mr. Henry's position, which is somewhat blase' about the hack as it did not impact on national security, reflects that Shawn Henry has dealt with such matters over a long career. After such a long time, one takes these things in stride and does not run around with one's hair on fire.
Russian President Vladimir Putin has spoken favorably about Trump, who has called for better relations with Russia and expressed skepticism about NATO. But unlike Clinton, whom the Russians probably have long had in their spy sights, Trump has not been a politician for very long, so foreign agencies are playing catch-up, analysts say.
The above conclusion, that Trump was not a politician before, therefore the Russians do not know anything about him, is a classic non sequitur. Trump has been a public figure in the United States for decades. The Russians know about his business holdings, and they know about his negotiation style from reading The Art of the Deal. Much of the information the "analysts" and "experts" quoted in the article claim Russian hackers might have been pursuing was already long in the public domain and in easy reach of Moscow since the end of the Cold War.
The intrusions are an example of Russia’s interest in the U.S. political system and its desire to understand the policies, strengths and weaknesses of a potential future president — much as American spies gather similar information on foreign candidates and leaders.
The last quote is yet another "spies-will-be-spies," attitude, along with assuring us that, "we do it, too."
I want to point out one fact gleaned from all of this that the author and the people quoted somehow missed. As of June 14, 2016, the Russians were after the Democratic Party's Opposition Research Database about Donald Trump. Those files were the Russians' main objective, if it was Russia that hacked the DNC, and if the DNC was even hacked by any government or individual. Here is what we know with 100% certainty:
As of June 14, 2016, the Democratic National Committee knew more about Donald J. Trump than the government of the Russian Federation. This is a finding of some significance, given that we are supposed to think the Russians knew enough about Trump to induce him to collude with them.
There is more to come in the second installment of The DNC Server Affair.