‘Too Big to Fail’: Russia-gate One Year After VIPS Showed a Leak, Not a Hack

One year later, the VIPS memo contending that the DNC emails were leaked and not hacked has yet to be successfully challenged. Meanwhile, the country sinks deeper into the morass of the new McCarthyism, comments Patrick Lawrence.

By Patrick Lawrence
Special to Consortium News

A year has passed since highly credentialed intelligence professionals produced the first hard evidence that allegations of mail theft and other crimes attributed to Russia rested on purposeful falsification and subterfuge. The initial reaction to these revelations—a firestorm of frantic denial—augured ill, and the time since has fulfilled one’s worst expectations. One year later we live within an institutionalized proscription of proven reality. Our discourse consists of a series of fence posts and taboos. By any detached measure, this lands us in deep, serious trouble. The sprawl of what we call “Russia-gate” now brings our republic and its institutions to a moment of great peril—the gravest since the McCarthy years and possibly since the Civil War. No, I do not consider this hyperbole.

Much has happened since Veteran Intelligence Professionals for Sanity published its report on intrusions into the Democratic Party’s mail servers on Consortium News on July 24 last year. Parts of the intelligence apparatus—by no means all or even most of it—have issued official “assessments” of Russian culpability. Media have produced countless multi-part “investigations,” “special reports,” and what-have-yous that amount to an orgy of faulty syllogisms. Robert Mueller’s special investigation has issued two sets of indictments that, on scrutiny, prove as wanting in evidence as the notoriously flimsy intelligence “assessment” of January 6, 2017.

Indictments are not evidence and do not need to contain evidence. That is supposed to come out at trial, which is very unlikely to ever happen. Nevertheless, the corporate media has treated the indictments as convictions.

Numerous sets of sanctions against Russia, individual Russians, and Russian entities have been imposed on the basis of this great conjuring of assumption and presumption. The latest came last week, when the Trump administration announced measures in response to the alleged attempt to murder Sergei and Yulia Skripal, a former double agent and his daughter, in England last March. No evidence proving responsibility in the Skripal case has yet been produced. This amounts to our new standard. It prompted a reader with whom I am in regular contact to ask, “How far will we allow our government to escalate against others without proof of anything?”

This is a very good question.

There have been many attempts to discredit VIPS50 as the group’s document is called. There has been much amateurish journalism, false reporting, misrepresentation, distortion, misquotation, and omission. We have been treated to much shoddy science, attempts at character assassination, a great deal of base name-calling, and much else. Russia is routinely advanced as the greatest threat to democracy Americans now face. Is there any denying that we live amid an induced hysteria now comparable to the “Red under every bed” period of the 1950s?

None of this has altered the basic case. VIPS and forensic scientists working with it have continued their investigations. New facts, some of which alter conclusions drawn last year, have come to light, and these are to be addressed. But the basic evidence that Russia-gate is a false narrative concocted by various constituents of national power stands, difficult as this is to discern. Scrape back all that is ethically unacceptable and unscrupulously conveyed into the public sphere and you find that nothing has changed: No one “hacked” the Democratic party’s mail in the summer of 2016. It was leaked locally. From what one can make out, it was done to expose the party leadership’s corrupt efforts to sink Bernie Sanders’ insurgent campaign to win the Democratic nomination.

But in another, very profound way, more has changed since VIPS50 was published than one could have imagined a year ago. American discourse has descended to a dangerous level of irrationality. The most ordinary standards of evidentiary procedure are forgone. Many of our key institutions—the foreign policy apparatus, the media, key intelligence and law-enforcement agencies, the political leadership—are now extravagantly committed to a narrative none appears able to control. The risk of self-inflicted damage these institutions assume, should the truth of the Russia-gate events emerge—as one day it surely will—is nearly incalculable. This is what inspires my McCarthy and Civil War references. Russia-gate, in a phrase, has become too big to fail.

This column is an attack on no one. However it may be read, it is not intended as another round of vituperative argument adding to the din and fog we already suffer daily. No shred of ideology informs it. I write a lament—this for all we have done to ourselves and our institutions this past year, and to the prospect of an orderly world, and for all that must somehow be done to repair the damage once enough of us indeed recognize what has been done.

New VIPS Findings

The forensic scientists working with VIPS continued their research and experiments after VIPS50 was published. So have key members of the VIPS group, notably William Binney, the National Security Agency’s former technical director for global analysis and designer of programs the agency still uses to monitor internet traffic. Such work continues as we speak, indeed. This was always the intent: “Evidence to date” was the premise of VIPS50. Over the past year there have been confirmations of the original thesis and some surprises that alter secondary aspects of it. Let us look at the most significant of these findings.

At the time I reported on the findings of VIPS and associated forensic scientists, that the most fundamental evidence that the events of summer 2016 constituted a leak, not a hack, was the transfer rate—the speed at which data was copied. The speed proven then was an average of 22.7 megabytes per second. That speed matches what is standard when someone with physical access uses an external storage device to copy data from a computer or server and is much faster than a remote hack, reliant on communications topology available at the time, could achieve.

Binney experimented into the autumn. By mid-autumn he had tested several routes—from East Coast locations to cities in eastern Europe, from New Jersey to London. The fastest internet transfer speed achieved, during the New Jersey–to–Britain test, was 12.0 megabytes of data per second. Since this time it has emerged from G-2.0’s metadata that the detected average speed—the 22.7 megabytes per second—included peak speeds that ran as high as 49.1 megabytes per second, impossible over the internet. “You’d need a dedicated, leased, 400–megabit line all the way to Russia to achieve that result,” Binney said in a recent interview.

To my knowledge, no one with an understanding of the science involved, including various former skeptics, any longer questions the validity of the specific finding based on the observed transfer rate. That remains the bedrock evidence of the case VIPS and others advance without qualification. No one—including the FBI, the CIA, and the NSA—has come out against this finding,” Binney said Monday. “Anyone who says the speed we demonstrated can be achieved remotely, our position is ‘Let’s see it. We’ll help any way we can.’ There hasn’t been anyone yet.”

There is also the question of where and when leaks were executed. Research into this has turned out differently.

Evidence last year, based on analysis of the available metadata, showed that the copy operation date-stamped July 5, 2016, took place in the Eastern U.S. time zone. But Forensicator, one of the chief forensic investigators working on the mail-theft case anonymously, published evidence in May showing that while there was activity in the Eastern zone at the time of that copy, there was also a copy operation in the Pacific time zone, where clocks run three hours earlier that EST. In an earlier publication he had also reported activity in the Central time zone.

Plainly, more was awaiting discovery as to the when and where of the copy operations. The identity of Guccifer 2.0, who claimed to be a Romanian hacker but which the latest Mueller indictment claims is a construct of the GRU, Russian military intelligence, has never been proven. The question is what G–2.0 did with or to the data in question. It turns out that both more, and less, is known about G–2.0 than was thought to have been previously demonstrated. This work has been completed only recently. It was done by Binney in collaboration with Duncan Campbell, a British journalist who has followed the Russia-gate question closely.

Peak Speed Established

Binney visited Campbell in Brighton, England, early this past spring. They examined all the metadata associated with the files G–2.0 has made public. They looked at the number of files, the size of each, and the time stamps at the end of each. It was at this time that Binney and Campbell established the peak transfer rate at 49.1 megabytes per second.

But they discovered something else of significance, too. At some point G–2.0 had merged two sets of data, one dated July 5, 2016, which had been known, and another dated the following September 1, which had not been known. In essence, Campbell reverse-engineered G–2.0’s work: He took the sets of data G–2.0 presented as two and combined them back into one. “G–2.0 used an algorithm to make a downloaded file look like two files,” Binney explained. “Those two shuffled back together like a deck of cards.”

G–2.0 then took another step. Running another algorithm, he changed all the dates on all the files. With yet another algorithm, he changed the hours stamped on each file. These are called “range changes” among the professionals. The conclusion was then obvious: G–2.0 is a fabrication and a fabricator. Forensicator had already proven that the G–2.0 entity had inserted Russian “fingerprints” into the document known as the “Trump Opposition Report,” which G-2.0 had published on June 15, 2016. It is clear that no firm conclusions can be drawn at this point as to when or where G–2.0 did what he did.

Now you need to prove everything you might think about him,” Binney told me. “We have no way of knowing anything about him or what he has done, apart from manipulating the files. We detected activity in the Eastern time zone. Now we have to ask again, ‘Which time zone?’ The West Coast copy operation [discovered by Forensicator] has to be proven. All the data has been manipulated. It’s a fabrication.”

This throws various things into question. The conclusions initially drawn on time and location in VIPS50 are now subject to these recent discoveries. “In retrospect, giving ‘equal importance’ status to data pertaining to the locale was mistaken,” Ray McGovern, a prominent VIPS member, wrote in a recent note. “The key finding on transfer speed always dwarfed it in importance.”

The indictments against 12 Russian intelligence officers announced in mid–July by Rod Rosenstein, the deputy attorney-general, also come into question. They rest in considerable part on evidence derived from G–2.0 and DCLeaks, another online persona. How credible are those indictments in view of what is now known about G–2.0?

Binney told me: “Once we proved G–2.0 is a fabrication and a manipulator, the timing and location questions couldn’t be answered but really didn’t matter. I don’t right now see a way of absolutely proving either time or location. But this doesn’t change anything. We know what we know: The intrusion into the Democratic National Committee mail was a local download—wherever ‘local’ is.” That doesn’t change. As to Rosenstein, he’ll have a lot to prove.”

What Role does Evidence Play?

Rosenstein’s predicament—and there is no indication he understands it as one—brings us to an essential problem: What is the place of evidence in American public discourse? Of rational exchange?

The questions are germane far beyond the Russia-gate phenomenon, but it is there that answers are most urgent. What is implicit in the Rosenstein indictments has been evident everywhere in our public sphere for a year or more: Make a presumption supported by circumstantial evidence or none and build other presumptions upon it until a false narrative is constructed. The press has deployed this device for as long as I have been a practitioner: “Might” or “could” or “possibly” becomes “perhaps,” “probably” and “almost certainly,” and then moves on to unqualified fact in the course of, maybe, several weeks. Now this is how our most basic institutions—not least agencies of the Justice Department—routinely operate.

This is what I mean when I refer to ours as a republic in peril.

There is the argument that certain things have been uncovered over the past year, and these are enough to conclude that Russia plots to undermine our democracy. I refer to the small number of Facebook advertisements attributed to Russians, to strings of Twitter messages, to various phishing exercises that occur thousands of times a day the world over. To be clear, I am no more satisfied with the evidence of Russian involvement in these cases than I am with the evidence in any other aspect of the Russia-gate case. But for the sake of argument, let us say it is all true.

Does this line up with the Russophobic hysteria—not too strong a term—that envelops us? Does this explain the astonishing investments our public institutions, the press, and leading political parties have made in advancing this hysteria as they did a variant of in the 1950s?

As global politics go, some serious thought should be given to a reality we have created all by ourselves: It is now likely that America has built a new Cold War division with Russia that will prove permanent for the next 20 to 30 years. All this because of some Facebook ads and Twitter threads of unproven origin? Am I the only one who sees a weird and worrisome gap between what we are intent on believing—as against thinking or knowing—and the consequences of these beliefs?

There was an orthodoxy abroad many centuries ago called Fideism. In the simplest terms, it means the privileging of faith and belief over reason. It was the enemy of individual conscience, among much else. Fideism has deep roots, but it was well around in the 16th century, when Montaigne and others had to navigate its many dangers. Closer to our time, William James landed a variant on American shores with an 1896 address called “The Will to Believe.” Bertrand Russell countered this line of thinking a couple of decades later with “Free Thought and Official Propaganda,” a lecture whose title I will let speak for itself. Twenty years ago, none other than Pope John Paul II warned of a resurgence of Fideism. It is still around, in short.

Do we suffer from it? A variant of it, I would say, if not precisely in name. There seems to be a givenness to it in the American character. I think we are staring into a 21st century rendition of it.

To doubt the hollowed-out myth of American innocence is a grave sin against the faith. It is now unpatriotic to question the Russia-gate narrative despite the absence of evidence to support it. Informal censorship of differing perspectives is perfectly routine. It is now considered treasonous to question the word of intelligence agencies and the officials who lead them despite long records of deceit. Do we forget that it was only 15 years ago that these same institutions and people deceived us into an invasion of Iraq the consequences of which still persist?

This was the question Craig Murray, the former British diplomat (who has vital information on the DNC mail theft but who has never been interviewed by American investigators) posed a few weeks ago. Eugene Robinson gave a good-enough reply in a Washington Post opinion piece shortly afterward: “God Bless the Deep State,” the headline read.

How we got here deserves a work of social psychology, and I hope someone takes up the task. Understanding our path into our self-created crisis seems to me the first step to finding our way out of it.

Patrick Lawrence, a correspondent abroad for many years, chiefly for the International Herald Tribune, is a columnist, essayist, author, and lecturer. His most recent book is Time No Longer: Americans After the American Century (Yale). Follow him @thefloutist. His web site is www.patricklawrence.us. Support his work via www.patreon.com/thefloutist.




New Cracks in Russia-gate Foundation

The Russia-gate groupthink always rested on a fragile foundation of dubious analysis and biased guesswork, but now has been shaken by new forensic studies of the purported “hack,” as Patrick Lawrence reported at The Nation.

By Patrick Lawrence

It is now a year since the Democratic National Committee’s mail system was compromised — a year since events in the spring and early summer of 2016 were identified as remote hacks and, in short order, attributed to Russians acting in behalf of Donald Trump.

A great edifice has been erected during this time. President Trump, members of his family, and numerous people around him stand accused of various corruptions and extensive collusion with Russians. Half a dozen simultaneous investigations proceed into these matters. Last week news broke that Special Counsel Robert Mueller had convened a grand jury, which issued its first subpoenas on August 3. Allegations of treason are common; prominent political figures and many media cultivate a case for impeachment.

The President’s ability to conduct foreign policy, notably but not only with regard to Russia, is now crippled. Forced into a corner and having no choice, Trump just signed legislation imposing severe new sanctions on Russia and European companies working with it on pipeline projects vital to Russia’s energy sector. Striking this close to the core of another nation’s economy is customarily considered an act of war, we must not forget.

In retaliation, Moscow has announced that the United States must cut its embassy staff by roughly two-thirds. All sides agree that relations between the United States and Russia are now as fragile as they were during some of the Cold War’s worst moments. To suggest that military conflict between two nuclear powers inches ever closer can no longer be dismissed as hyperbole.

All this was set in motion when the DNC’s mail server was first violated in the spring of 2016 and by subsequent assertions that Russians were behind that “hack” and another such operation, also described as a Russian hack, on July 5. These are the foundation stones of the edifice just outlined.

The evolution of public discourse in the year since is worthy of scholarly study: Possibilities became allegations, and these became probabilities. Then the probabilities turned into certainties, and these evolved into what are now taken to be established truths. By my reckoning, it required a few days to a few weeks to advance from each of these stages to the next. This was accomplished via the indefensibly corrupt manipulations of language repeated incessantly in our leading media.

Lost in a year that often appeared to veer into our peculiarly American kind of hysteria is the absence of any credible evidence of what happened last year and who was responsible for it. It is tiresome to note, but none has been made available. Instead, we are urged to accept the word of institutions and senior officials with long records of deception. These officials profess “high confidence” in their “assessment” as to what happened in the spring and summer of last year — this standing as their authoritative judgment.

Few have noticed since these evasive terms first appeared that an assessment is an opinion, nothing more, and to express high confidence is an upside-down way of admitting the absence of certain knowledge. This is how officials avoid putting their names on the assertions we are so strongly urged to accept — as the record shows many of them have done.

We come now to a moment of great gravity.

There has been a long effort to counter the official narrative we now call “Russiagate.” This effort has so far focused on the key events noted above, leaving numerous others still to be addressed. Until recently, researchers undertaking this work faced critical shortcomings, and these are to be explained. But they have achieved significant new momentum in the past several weeks, and what they have done now yields very consequential fruit.

Forensic investigators, intelligence analysts, system designers, program architects, and computer scientists of long experience and strongly credentialed are now producing evidence disproving the official version of key events last year. Their work is intricate and continues at a kinetic pace as we speak. But its certain results so far are two, simply stated, and freighted with implications:

  • There was no hack of the Democratic National Committee’s system on July 5 last year — not by the Russians, not by anyone else. Hard science now demonstrates it was a leak — a download executed locally with a memory key or a similarly portable data-storage device. In short, it was an inside job by someone with access to the DNC’s system. This casts serious doubt on the initial “hack,” as alleged, that led to the very consequential publication of a large store of documents on WikiLeaks last summer.
  • Forensic investigations of documents made public two weeks prior to the July 5 leak by the person or entity known as Guccifer 2.0 show that they were fraudulent: Before Guccifer posted them they were adulterated by cutting and pasting them into a blank template that had Russian as its default language. Guccifer took responsibility on June 15 for an intrusion the DNC reported on June 14 and professed to be a WikiLeaks source — claims essential to the official narrative implicating Russia in what was soon cast as an extensive hacking operation. To put the point simply, forensic science now devastates this narrative.

New Analyses

This article is based on an examination of the documents these forensic experts and intelligence analysts have produced, notably the key papers written over the past several weeks, as well as detailed interviews with many of those conducting investigations and now drawing conclusions from them. Before proceeding into this material, several points bear noting.

One, there are many other allegations implicating Russians in the 2016 political process. The work I will now report upon does not purport to prove or disprove any of them. Who delivered documents to WikiLeaks? Who was responsible for the “phishing” operation penetrating John Podesta’s e-mail in March 2016?

We do not know the answers to such questions. It is entirely possible, indeed, that the answers we deserve and must demand could turn out to be multiple: One thing happened in one case, another thing in another. The new work done on the mid-June and July 5 events bears upon all else in only one respect. We are now on notice: Given that we now stand face to face with very considerable cases of duplicity, it is imperative that all official accounts of these many events be subject to rigorously skeptical questioning. Do we even know that John Podesta’s e-mail was in fact “phished”? What evidence of this has been produced? Such rock-bottom questions as these must now be posed in all other cases.

Two, houses built on sand and made of cards are bound to collapse, and there can be no surprise that the one resting atop the “hack theory,” as we can call the prevailing wisdom on the DNC events, appears to be in the process of doing so.

Neither is there anything far-fetched in a reversal of the truth of this magnitude. American history is replete with similar cases. The Spanish sank the Maine in Havana harbor in February 1898. Iran’s Mossadegh was a Communist. Guatemala’s Árbenz represented a Communist threat to the United States. Vietnam’s Ho Chi Minh was a Soviet puppet. The Sandinistas were Communists. The truth of the Maine, a war and a revolution in between, took a century to find the light of day, whereupon the official story disintegrated. We can do better now. It is an odd sensation to live through one of these episodes, especially one as big as Russiagate. But its place atop a long line of precedents can no longer be disputed.

Three, regardless of what one may think about the investigations and conclusions I will now outline — and, as noted, these investigations continue — there is a bottom line attaching to them. We can even call it a red line. Under no circumstance can it be acceptable that the relevant authorities — the National Security Agency, the Justice Department (via the Federal Bureau of Investigation), and the Central Intelligence Agency — leave these new findings without reply. Not credibly, in any case. Forensic investigators, prominent among them people with decades’ experience at high levels in these very institutions, have put a body of evidence on a table previously left empty. Silence now, should it ensue, cannot be written down as an admission of duplicity, but it will come very close to one.

It requires no elaboration to apply the above point to the corporate media, which have been flaccidly satisfied with official explanations of the DNC matter from the start.

Qualified experts working independently of one another began to examine the DNC case immediately after the July 2016 events. Prominent among these is a group comprising former intelligence officers, almost all of whom previously occupied senior positions. Veteran Intelligence Professionals for Sanity (VIPS), founded in 2003, now has 30 members, including a few associates with backgrounds in national-security fields other than intelligence. The chief researchers active on the DNC case are four: William Binney, formerly the NSA’s technical director for world geopolitical and military analysis and designer of many agency programs now in use; Kirk Wiebe, formerly a senior analyst at the NSA’s SIGINT Automation Research Center; Edward Loomis, formerly technical director in the NSA’s Office of Signal Processing; and Ray McGovern, an intelligence analyst for nearly three decades and formerly chief of the CIA’s Soviet Foreign Policy Branch. Most of these men have decades of experience in matters concerning Russian intelligence and the related technologies. This article reflects numerous interviews with all of them conducted in person, via Skype, or by telephone.

The customary VIPS format is an open letter, typically addressed to the President. The group has written three such letters on the DNC incident, all of which were first published by Robert Parry at www.consortiumnews.com. Here is the latest, dated July 24; it blueprints the forensic work this article explores in detail. They have all argued that the hack theory is wrong and that a locally executed leak is the far more likely explanation.

In a letter to Barack Obama dated January 17, three days before he left office, the group explained that the NSA’s known programs are fully capable of capturing all electronic transfers of data. “We strongly suggest that you ask NSA for any evidence it may have indicating that the results of Russian hacking were given to WikiLeaks,” the letter said. “If NSA cannot produce such evidence — and quickly — this would probably mean it does not have any.”

The day after Parry published this letter, Obama gave his last press conference as President, at which he delivered one of the great gems among the official statements on the DNC e-mail question. “The conclusions of the intelligence community with respect to the Russian hacking,” the legacy-minded Obama said, “were not conclusive.” There is little to suggest the VIPS letter prompted this remark, but it is typical of the linguistic tap-dancing many officials connected to the case have indulged so as to avoid putting their names on the hack theory and all that derives from it.

Cyber-Evidence

Until recently there was a serious hindrance to the VIPS’s work, and I have just suggested it. The group lacked access to positive data. It had no lump of cyber-material to place on its lab table and analyze, because no official agency had provided any.

Donald Rumsfeld famously argued with regard to the WMD question in Iraq, “The absence of evidence is not evidence of absence.” In essence, Binney and others at VIPS say this logic turns upside down in the DNC case: Based on the knowledge of former officials such as Binney, the group knew that (1) if there was a hack and (2) if Russia was responsible for it, the NSA would have to have evidence of both. Binney and others surmised that the agency and associated institutions were hiding the absence of evidence behind the claim that they had to maintain secrecy to protect NSA programs.

“Everything that they say must remain classified is already well-known,” Binney said in an interview. “They’re playing the Wizard of Oz game.”

New findings indicate this is perfectly true, but until recently the VIPS experts could produce only “negative evidence,” as they put it: The absence of evidence supporting the hack theory demonstrates that it cannot be so. That is all VIPS had. They could allege and assert, but they could not conclude: They were stuck demanding evidence they did not have — if only to prove there was none.

Research into the DNC case took a fateful turn in early July, when forensic investigators who had been working independently began to share findings and form loose collaborations wherein each could build on the work of others. In this a small, new website called www.disobedientmedia.com proved an important catalyst. Two independent researchers selected it, Snowden-like, as the medium through which to disclose their findings.

One of these is known as Forensicator and the other as Adam Carter. On July 9, Adam Carter sent Elizabeth Vos, a co-founder of Disobedient Media, a paper by the Forensicator that split the DNC case open like a coconut.

By this time Binney and the other technical-side people at VIPS had begun working with a man named Skip Folden. Folden was an IT executive at IBM for 33 years, serving 25 years as the IT program manager in the United States. He has also consulted for Pentagon officials, the FBI, and the Justice Department. Folden is effectively the VIPS group’s liaison to Forensicator, Adam Carter, and other investigators, but neither Folden nor anyone else knows the identity of either Forensicator or Adam Carter. This bears brief explanation.

The Forensicator’s July 9 document indicates he lives in the Pacific Time Zone, which puts him on the West Coast. His notes describing his investigative procedures support this. But little else is known of him. Adam Carter, in turn, is located in England, but the name is a coy pseudonym: It derives from a character in a BBC espionage series called Spooks. It is protocol in this community, Elizabeth Vos told me in a telephone conversation this week, to respect this degree of anonymity.

Kirk Wiebe, the former SIGINT analyst at the NSA, thinks Forensicator could be “someone very good with the FBI,” but there is no certainty. Unanimously, however, all the analysts and forensics investigators interviewed for this column say Forensicator’s advanced expertise, evident in the work he has done, is unassailable. They hold a similarly high opinion of Adam Carter’s work.

Forensicator is working with the documents published by Guccifer 2.0, focusing for now on the July 5 intrusion into the DNC server. The contents of Guccifer’s files are known — they were published last September — and are not Forensicator’s concern. His work is with the metadata on those files. These data did not come to him via any clandestine means. Forensicator simply has access to them that others did not have. It is this access that prompts Kirk Wiebe and others to suggest that Forensicator may be someone with exceptional talent and training inside an agency such as the FBI.

“Forensicator unlocked and then analyzed what had been the locked files Guccifer supposedly took from the DNC server,” Skip Folden explained in an interview. “To do this he would have to have ‘access privilege,’ meaning a key.”

What has Forensicator proven since he turned his key? How? What has work done atop Forensicator’s findings proven? How?

The Transfer Rate

Forensicator’s first decisive findings, made public in the paper dated July 9, concerned the volume of the supposedly hacked material and what is called the transfer rate — the time a remote hack would require. The metadata established several facts in this regard with granular precision: On the evening of July 5, 2016, 1,976 megabytes of data were downloaded from the DNC’s server. The operation took 87 seconds. This yields a transfer rate of 22.7 megabytes per second.

These statistics are matters of record and essential to disproving the hack theory. No Internet service provider, such as a hacker would have had to use in mid-2016, was capable of downloading data at this speed. Compounding this contradiction, Guccifer claimed to have run his hack from Romania, which, for numerous reasons technically called delivery overheads, would slow down the speed of a hack even further from maximum achievable speeds.

What is the maximum achievable speed? Forensicator recently ran a test download of a comparable data volume (and using a server speed not available in 2016) 40 miles from his computer via a server 20 miles away and came up with a speed of 11.8 megabytes per second — half what the DNC operation would need were it a hack. Other investigators have built on this finding. Folden and Edward Loomis say a survey published August 3, 2016, by www.speedtest.net/reports is highly reliable and use it as their thumbnail index. It indicated that the highest average ISP speeds of first-half 2016 were achieved by Xfinity and Cox Communications. These speeds averaged 15.6 megabytes per second and 14.7 megabytes per second, respectively. Peak speeds at higher rates were recorded intermittently but still did not reach the required 22.7 megabytes per second.

“A speed of 22.7 megabytes is simply unobtainable, especially if we are talking about a transoceanic data transfer,” Folden said. “Based on the data we now have, what we’ve been calling a hack is impossible.” Last week Forensicator reported on a speed test he conducted more recently. It tightens the case considerably. “Transfer rates of 23 MB/s (Mega Bytes per second) are not just highly unlikely, but effectively impossible to accomplish when communicating over the Internet at any significant distance,” he wrote. “Further, local copy speeds are measured, demonstrating that 23 MB/s is a typical transfer rate when using a USB–2 flash device (thumb drive).”

Time stamps in the metadata provide further evidence of what happened on July 5. The stamps recording the download indicate that it occurred in the Eastern Daylight Time Zone at approximately 6:45 pm. This confirms that the person entering the DNC system was working somewhere on the East Coast of the United States.

In theory the operation could have been conducted from Bangor or Miami or anywhere in between — but not Russia, Romania, or anywhere else outside the EDT zone. Combined with Forensicator’s findings on the transfer rate, the time stamps constitute more evidence that the download was conducted locally, since delivery overheads — conversion of data into packets, addressing, sequencing times, error checks, and the like — degrade all data transfers conducted via the Internet, more or less according to the distance involved.

Russian ‘Fingerprints’

In addition, there is the adulteration of the documents Guccifer 2.0 posted on June 15, when he made his first appearance. This came to light when researchers penetrated what Folden calls Guccifer’s top layer of metadata and analyzed what was in the layers beneath. They found that the first five files Guccifer made public had each been run, via ordinary cut-and-paste, through a single template that effectively immersed them in what could plausibly be cast as Russian fingerprints. They were not: The Russian markings were artificially inserted prior to posting. “It’s clear,” another forensics investigator self-identified as HET, wrote in a report on this question, “that metadata was deliberately altered and documents were deliberately pasted into a Russianified [W]ord document with Russian language settings and style headings.”

To be noted in this connection: The list of the CIA’s cyber-tools WikiLeaks began to release in March and labeled Vault 7 includes one called Marble that is capable of obfuscating the origin of documents in false-flag operations and leaving markings that point to whatever the CIA wants to point to. (The tool can also “de-obfuscate” what it has obfuscated.) It is not known whether this tool was deployed in the Guccifer case, but it is there for such a use.

It is not yet clear whether documents now shown to have been leaked locally on July 5 were tainted to suggest Russian hacking in the same way the June 15 Guccifer release was. This is among several outstanding questions awaiting answers, and the forensic scientists active on the DNC case are now investigating it.

In a note Adam Carter sent to Folden and McGovern last week and copied to me, he reconfirmed the corruption of the June 15 documents, while indicating that his initial work on the July 5 documents — of which much more is to be done — had not yet turned up evidence of doctoring.

In the meantime, VIPS has assembled a chronology that imposes a persuasive logic on the complex succession of events just reviewed. It is this:

  • On June 12 last year, Julian Assange announced that WikiLeaks had and would publish documents pertinent to Hillary Clinton’s presidential campaign.
  • On June 14, CrowdStrike, a cyber-security firm hired by the DNC, announced, without providing evidence, that it had found malware on DNC servers and had evidence that Russians were responsible for planting it.
  • On June 15, Guccifer 2.0 first appeared, took responsibility for the “hack” reported on June 14 and claimed to be a WikiLeaks source. It then posted the adulterated documents just described.
  • On July 5, Guccifer again claimed he had remotely hacked DNC servers, and the operation was instantly described as another intrusion attributable to Russia. Virtually no media questioned this account.

It does not require too much thought to read into this sequence. With his June 12 announcement, Assange effectively put the DNC on notice that it had a little time, probably not much, to act preemptively against the imminent publication of damaging documents. Did the DNC quickly conjure Guccifer from thin air to create a cyber-saboteur whose fingers point to Russia? There is no evidence of this one way or the other, but emphatically it is legitimate to pose the question in the context of the VIPS chronology. WikiLeaks began publishing on July 22. By that time, the case alleging Russian interference in the 2016 elections process was taking firm root. In short order Assange would be written down as a “Russian agent.”

By any balanced reckoning, the official case purporting to assign a systematic hacking effort to Russia, the events of mid-June and July 5 last year being the foundation of this case, is shabby to the point taxpayers should ask for their money back. The Intelligence Community Assessment, the supposedly definitive report featuring the “high confidence” dodge, was greeted as farcically flimsy when issued January 6.

Ray McGovern calls it a disgrace to the intelligence profession. It is spotlessly free of evidence, front to back, pertaining to any events in which Russia is implicated.

‘Hand-Picked’ Analysts

James Clapper, the former director of national intelligence, admitted in May that “hand-picked” analysts from three agencies (not the 17 previously reported) drafted the ICA.

There is a way to understand “hand-picked” that is less obvious than meets the eye: The report was sequestered from rigorous agency-wide reviews. This is the way these people have spoken to us for the past year.

Behind the ICA lie other indefensible realities. The FBI has never examined the DNC’s computer servers — an omission that is beyond preposterous. It has instead relied on the reports produced by Crowdstrike, a firm that drips with conflicting interests well beyond the fact that it is in the DNC’s employ. Dmitri Alperovitch, its co-founder and chief technology officer, is on the record as vigorously anti-Russian. He is a senior fellow at the Atlantic Council, which suffers the same prejudice. Problems such as this are many.

“We continue to stand by our report,” CrowdStrike said, upon seeing the VIPS blueprint of the investigation. CrowdStrike argues that by July 5 all malware had been removed from the DNC’s computers. But the presence or absence of malware by that time is entirely immaterial, because the event of July 5 is proven to have been a leak and not a hack. Given that malware has nothing to do with leaks, CrowdStrike’s logic appears to be circular.

In effect, the new forensic evidence considered here lands in a vacuum. We now enter a period when an official reply should be forthcoming. What the forensic people are now producing constitutes evidence, however one may view it, and it is the first scientifically derived evidence we have into any of the events in which Russia has been implicated. The investigators deserve a response, the betrayed professionals who formed VIPS as the WMD scandal unfolded in 2003 deserve it, and so do the rest of us. The cost of duplicity has rarely been so high.

I concluded each of the interviews conducted for this column by asking for a degree of confidence in the new findings. These are careful, exacting people as a matter of professional training and standards, and I got careful, exacting replies.

All those interviewed came in between 90 percent and 100 percent certain that the forensics prove out. I have already quoted Skip Folden’s answer: impossible based on the data.

“The laws of physics don’t lie,” Ray McGovern volunteered at one point.

“It’s QED, theorem demonstrated,” William Binney said in response to my question. “There’s no evidence out there to get me to change my mind.” When I asked Edward Loomis, a 90 percent man, about the 10 percent he held out, he replied, “I’ve looked at the work and it shows there was no Russian hack. But I didn’t do the work. That’s the 10 percent. I’m a scientist.”

Editor’s note: In its chronology, VIPS mistakenly gave the wrong date for CrowdStrike’s announcement of its claim to have found malware on DNC servers. It said June 15, when it should have said June 14. VIPS has acknowledged the error, and we have made the correction.

Patrick Lawrence is a longtime columnist, essayist, critic, and lecturer, whose most recent books are Somebody Else’s Century: East and West in a Post-Western World and Time No Longer: America After the American Century. His website is patricklawrence.us. [This article was originally published at The Nation at https://www.thenation.com/article/a-new-report-raises-big-questions-about-last-years-dnc-hack/ ]