More On The Supposed Russian DNC Hack
Comparing Comey's And Shawn Henry's Testimony
Former prosecutor George Parry has been examining John Durham’s 27 page indictment of Clinton legal operative Michael Sussmann, who was pretty much at ground zero of the Russia Hoax—the confluence of the Clinton campaign, Fusion GPS (Clinton oppo research), and the Clinton campaign’s legal wing, working out of DC law firm Perkins Coie. Parry’s reading of the indictment has led him to reexamine the whole DNC “hack”—supposedly by “Russia”—because 1) that appears to have been the initial narrative designed to get the Russia Hoax started and 2) Sussmann, once again, was Johnny on the spot, representing the DNC. Crucially, Sussmann hired computer security firm Crowdstrike, run by former FBI official Shawn Henry, to examine the DNC server. He also represented the DNC with regard to the FBI’s interest in the supposed “hack”—from April until mid-Summer of 2016—and later personally contacted top FBI lawyer, General Counsel James Baker, with regard to supposed evidence of Trump - Russia cyber collusion to manipulate the 2016 election.
Parry came out with a new article yesterday:
John Durham and the Amazing Disappearing DNC Hack
Evidence grows that the alleged Russian hacking of the DNC server in 2016 was an inside job.
The article proved so interesting that I was led to take another look at Shawn Henry’s testimony before the House Permanent Select Committee on Intelligence—chaired by Devin Nunes. That led to some troubling issues. I’m not going to attempt to formulate a theory of the DNC “hack”—I don’t have that kind of expertise, but there are definitely “issues” that haven’t been resolved, and were probably intended to never be resolved.
Let’s start by selecting several points from Parry’s article.
As is well known, the DNC—undoubtedly at the advice of Sussmann—refused to turn over the server that had supposedly been “hacked” by “the Russians.” Parry presents disgraced former FBI Director James Comey’s Senate testimony in that regard. I’ll quote Parry’s view of this testimony, but note that Comey—seemingly unchallenged by the SSCI senators—presents the matter of obtaining the physical evidence of a major foreign power using cyber intrusions to “meddle” in our elections as, more or less, a matter of style. It’s nice to obtain the evidence of the crime we’re investigating, but if other interested parties, such as the victim, tell the FBI to go pound sand, well, that’s what the FBI does. It starts pounding away. Unless there’s some connection to Donald Trump. That’s different.
So here, in edited form, is what Comey had to say:
Question (by Senator Burr): Did the FBI request access to those devices [the servers and Podesta’s devices] to perform forensics on?
A: Yes, we did.
...
Q: Were you given access to do the forensics on those servers?
A: We were not. We were … a highly respected private company eventually got access and shared with us what they saw there.
Q: But is that typically the way the FBI would prefer to do the forensics or would your forensic unit rather see the servers and do the forensics themselves?
A: We always prefer to have access hands on ourselves, if that’s possible.
Q: Do you know why you were denied access to those servers?
A: I don’t know for sure. Um, I don’t know for sure.
Q: Was there one request or multiple requests?
A: Multiple requests at different levels and ultimately what was agreed to is that the private company would share with us what they saw.
We’ll get back to some of those statements by Comey, but it’s worth reviewing former prosecutor Parry’s reaction to this twaddle:
So, instead of using a search warrant or some other legal process to perform a direct, hands on forensic examination of the DNC server, the FBI agreed to base its investigation on the findings of a private cybersecurity company. ...
Think about that. When presented with allegations of a devastating foreign cyber attack on one of the two major political parties, the FBI meekly agreed to allow CrowdStrike and Perkins Coie to do the forensic examination and, for all intents and purposes, run the investigation.
Not even the lowliest local police department would agree to such an absurd arrangement. What if this was a murder case? Would the Smallville PD allow a private investigator and lawyer hired by the murder victim’s family to process the crime scene, do the autopsy, and tell the police and district attorney what they supposedly found? ...
...
But that, in effect, is precisely what the FBI — the self-proclaimed greatest investigative agency in the world — did when faced with this purportedly monumental foreign attack on the Democrat Party apparatus.
The HPSCI held a closed door hearing on this subject on December 5, 2017. Crowdstrike’s Shawn Henry was questioned and was accompanied by a lawyer representing CrowdStrike and a lawyer from Perkins Coie. Once again, however, let’s review the matter of attorney - client privilege. If the DNC, upon discovering they’d been “hacked”, had hired Crowdstrike to check into their server and find out what happened, there would have been no question of a privilege. Michael Sussmann sussed that issue out right up front. Sussmann, acting for Perkins Coie, hired Crowdstrike to do the work so that Crowdstrike was working for Perkins Coie and not for the DNC. So …
Under questioning, Henry confirmed that CrowdStrike’s examination of the DNC server was done pursuant to its contract with Michael Sussmann of Perkins Coie. Consequently, as explained by the Perkins Coie lawyer, CrowdStrike’s findings were protected by the attorney-client privilege. Therefore, it would be up to Perkins Coie, acting on behalf of the DNC, to decide what information Henry would be allowed to share with the HPSCI.
Nevertheless, Chris Stewart [R-UT] questioned Henry persistently and ultimately pinned him down to this bottom line:
“Counsel just reminded me that, as it relates to the DNC, we have indicators that data was exfiltrated. We did not have concrete evidence that data was exfiltrated from the DNC, but we have indicators that it was exfiltrated…. There’s not evidence that they were actually exfiltrated. There’s circumstantial evidence … we didn’t have direct evidence. But we made a conclusion that data left the network.”
Parry, naturally, jumps on that with both feet. No evidence, but … indications? What would those indications look like?
According to Henry, CrowdStrike found “indicators of [server] compromise, which are pieces of malware, et cetera.” He then explained that CrowdStrike’s investigative report states that the data [emails] were “staged for exfiltration” by the purported Russian hacker.
He added, “There are times when we can see data exfiltrated, and we can say conclusively. But in this case, it appears that it was set up to be exfiltrated, but we just don’t have the evidence that says it actually left.” (Emphasis added.)
Got that? With no evidence that the emails were actually hacked, CrowdStrike nevertheless concluded that the Russians hacked the emails.
Perfectly logical, right? It’s a conclusion based on … indicators.
But, if you read Henry’s testimony, some further interesting statements crop up, with regard to Comey story, with regard to the actual supposed “hack”, and also with regard to the “indicators.”
Let’s start on p. 31. Adam Schiff is questioning Henry, and he wants to know exactly when “the Russians” exfiltrated the emails. That’s the line of questioning that led to the awkward revelation that, actually, Crowdstrike had no specific evidence of exfiltration. That causes Schiff to try to find out for how specific the FBI had been in notifying the DNC of a “potential breach.” Henry responds that what he heard from the company that serviced the DNC server was that the FBI had contacted them about a “potential breach” as early as September, 2015, and periodically over the months until near the end of April, 2016. But no actual action was taken—not by the FBI and not by the DNC. Huh.
So what changed at the end of April, 2016, when Michael Sussmann got in touch with Crowdstrike’s Henry? Funny you should ask.
MR. SCHIFF: ln your report, when you stated the data was staged for exfiltration on April 22nd of last year, that would have been the first time that you found evidence that the data was staged for exfiltration?
MR. HENRY: I believe that is correct'
MR. SCHIFF: Did you have a chance to read the information that was filed in conjunction with the George Papadopoulos plea?
MR. HENRY: l did not.
MR. SCHIFF: ln that information, it states that Mr. Papadopoulos was informed at the end of April that the Russians were in possession of stolen DNC or Clinton emails. If that information is correct, that would be only days after that data was staged for exfiltration?
MR. HENRY: Yes'.
Well, that was Schiff in early December, 2017. We all know that the ‘Papadopoulos knew about the hack’ case fell apart. Still, without pointing a definite finger, if I were John Durham, and if I were as interested in Russia Hoax origins as Durham is said to be, then I would sure like to get to the bottom of this whole DNC hack story. This Papadopoulos angle that Schiff brings up could be coincidence, it could be opportunism. It could also be an attempted setup. We know that Durham has shown a lot of interest in Aussie “diplomat” Alexander Downer, and we also know he’s still interested in the DNC “hack.” Has he found anything?
To get the full flavor of this, you need to immerse yourself in the transcript a bit. For the first 25-30 pages or so, out of 80, Stewart questioned Henry closely about FBI procedures in handling cases of this sort. As we saw, for perhaps eight months the FBI had been notifying the company that handled the DNC server of a “potential breach,” with no other action taken. Henry portrays this as relatively normal, although his questioners aren’t fooled that the FBI would have no interest in a Russian op like this. To me, it sounds like the FBI saw nothing particularly interesting in whatever they had seen—probably because they had no suspicions of Russians seeking to diddle the upcoming election. Moreover, whatever the FBI said to the DNC didn’t seem to raise any particular alarm in that quarter. Then something happened that lit a fire under the FBI and they went running to Sussmann. Did somebody tell the FBI a story about George Papadopoulos and “the Russians” and Hillary’s emails? And how does that square with the Downer story? Something seems fishy.
Just to nail the dates down:
MR.HENRY: I don't recall when we came in.There had been some I mentioned notification to the DNC in the months prior to the phone call that I received from Sussmann. When Michael Sussmann provided me with information that the FBI had contacted the DNC, he said that they had told him—they used a term that I know is related to the Russian Government.
MR.STEWART: And that was—I'm sorry, that was when, at what point in this relationship or this work?
MR.HENRY: I found that out from Sussmann the first day or two after he made notification, so April 30th or May 1st of 2016, but that that notification had been made to the DNC months prior.
Now, as for the “indicators” that led Crowdstrike to the “conclusion” that it was “the Russians”, check this out:
MR. HENRY: We said that we had a high degree of confidence it was the Russian Government. And our analysts that looked at it that had looked at these types of attacks before, many different types of attacks similar to this in different environments, certain tools that were used, certain methods by which they were moving in the environment, and looking at the types of data that was being targeted, that it was consistent with a nation-state adversary and associated with Russian intelligence.
The indicators were grouped under three headings:
certain tools that were used,
certain methods by which they were moving in the environment, and
the types of data that was being targeted.
Unfortunately, as far as I could tell, nobody asked whether those “indicators” could be faked. We know that they can, and “the types of data that was being targeted” seems like a particularly easy indicator to fake. All in all, this is pretty weak stuff to hang a solid conclusion on. When gently pushed on this, all Henry was able to come up with was to say that these “indicators” were “consistent with” past Russian cyber activity. Nobody asks—possibly to avoid giving something away—and what if someone wanted to stage a “hack” that looked like a Russian op? But those are the kinds of questions Durham is free to ask whomever he wishes to ask.
Finally, we find an interesting contrast between Comey’s testimony and what Henry has to say. Recall that the GOP questioners peppered Henry with questions about how the FBI usually handled cases of this sort. Henry made it sound, improbably, as if the FBI might not have been very interested. Once again, Adam Schiff probably should have left the matter there.
MR. HENRY: I talked to the FBI for the first time about this matter after the network was remediated. we were sure that the network was rocked down. That would have been in June. The remediation took place June 10th to June 12th. I thlnk June 13th, I contacted the Assistant Director of the FBl.
MR. SCHIFF: And I think you said either you or your firm had thereafter hundreds of contacts with the FBI?
MR. HENRY: I said more than a hundred. I don't know exactly the number, but it was phone calls, it was meetings, it was emails.
MR. SCHIFF: And during those hundred or more contacts, did the FBI ever tell you that they needed the DNC server for their own forensic analysis?
MR. HENRY: They asked us to provide to them the images of the computers and the results of our collection. They did ask for that, and we shared that with them.
MR. SCHIFF: And did they ever indicate to you that they thought that the images that you had given them or the information you had given them was incomplete for their own analysis and they required access to the servers?
MR. HENRY: I have no recollection of them saying that to me or anybody on my team, no.
MR. SCHIFF: And the DNC never communicated to you that the FBI was asking for the server?
MR. HENRY: No, sir.
It’s pretty hard to square what Henry is saying here with what Comey told the Senate. According to Comey the FBI made “multiple requests” for the servers, not just images. But Henry is saying that in, at a minimum, over one hundred contacts with the FBI nobody asked for the original server. Henry says he spoke with FBI officials at the AD level (Bill Priestap?), but nobody said, Hey, what about those servers? Nor did he hear about that from anyone at the DNC. Nor, presumably, from Sussmann. And yet, judging from Comey’s version of events you’d have thought there would have been enough buzz generated that Henry—career FBI, remember, and still in contact with his old mates—would have heard about it.
One way or another, there appear to be reasons why the DNC “hack” retains interest for Durham.
shipwreckedcrew.substack.com
@shipwreckedcrew
IMO, this has always been behind Barr and Durham's claim that events leading to the CH investigation did not start in a London Pub or with Downer's report to the FBI.
The "hack" of the DNC has never looked legit.
ALL the firewalls break if Durham proves it was faked.
Armageddon.
Something to consider re: the origins of the Russia Hoax:
>> “January 2016, is when Glenn Simpson, Christopher Steele, and Bruce Ohr start speaking together about a bunch of things they’re up to.” -- Kash Patel <<
>> https://twitter.com/MonsieursGhost/status/1447967947759050756 <<
Another thought: Cody Shearer was circulating a mini-version of the Dossier material in April 2016, including the sex perversion in a Moscow Hotel allegations.
Lastly, the copying of the DNC emails has been narrowed down to a small window of time of several days in late May 2016, given the dates on the emails themselves and the apparent 30 day retention of emails policy for the DNC email server. (The very small number of emails with dates > 30 days old all have some digital defect in the date field, and the operative hypothesis is if the server can't read the date on an email, it default is to retain it.) Whoever copied the emails and gave them to Wikileaks didn't do it in April or even early May.
And, as we all know by now, an analysis of the start/stop times for the file transfers and the total number of bytes transferred produces an average transfer rate that can't be done via internet between Europe and the US. The only technology that fits in with the the file transfer time stamp features and transfer rates are things like a USB thumb drive with solid state memory with a very specific file structure format common to USB thumbdrives.
Somebody desperately didn't want the FBI to have access to the DNC email servers. That could include high up officials within FBI as well as DNC, Perkins Coie, and Crowdstrike, because access could have revealed the hoax that was being perpetrated. (Note the same players from Perkins Coie are coordinating the DNC Hack Hoax just as Sussmann did with Joffe's Alfa bank DNS data hoax. Quite a coincidence. Pattern and practice?)
I'm still going with my hypothesis that Crowdstrike (or somebody like them) planted the malware in early April, in preparation for "Operation Blame the Russians" for a hack that wasn't supposed to actually happen, but just faked. Then someone like Seth Rich came along, copied the emails and gave them to Wikileaks, nearly blowing up the nicely planned fake hack op.