=======
In Part 9, I speculated that computer viruses were placed onto the DNC's computer server not by Russian Intelligence, but rather by American computer experts who supported Bernie Sanders. Part 9 began as follows:
In 2015 and 2016, a company called NGP VAN provided the software that controlled the voter database of the Democrat National Committee (DNC). On the morning of December 16, 2015, NGP VAN launched a modification of that software.
On that same morning, Josh Uretsky, a member of Sanders' campaign staff, exploited a bug in the modification and thus accessed some database files that belonged to Hillary Clinton's campaign staff. Uretsky instructed three fellow members of Sanders' campaign staff how to exploit the bug. Then those four Sanders staff members accessed and downloaded data from Clinton's database files for about 45 minutes. Within about four hours of the modification's launch, the improper exploitation of the bug was discovered and stopped.
That incident was followed by a sequence of actions:
* The DNC restricted the Sanders campaign staff's use of the DNC server on December 17, 2015.
* The Sanders campaign staff filed a lawsuit against the DNC on December 18, 2015.
* The Sanders campaign staff served the lawsuit to the DNC on March 24, 2016.
* The DNC was allowed to initiate legal discovery processes against the Sanders campaign staff.
* The DNC terminated its lawsuit on April 29, 2016.
In regard to that sequence, I speculated:
For some Sanders-supporters, the fact that the DNC now was examining and searching the Sanders campaign staff's files aggravated resentments that the DNC was treating Sanders unfairly. In contrast, Clinton's campaign staff was not being examined and searched.
During the discovery process, the political circumstances were that from March 22 through April 9, 2016, the DNC conducted eight primary elections, and Sanders won seven of the eight elections. Specifically, Sanders won in Idaho, Utah, Alaska, Hawaii, Washington, Wisconsin and Wyoming -- and lost only in Arizona. Sanders' supporters felt that Sanders' campaign might be on the verge of passing Clinton decisively in the primary election race.
Perhaps a Sanders-supporter with the necessary computer skills decided that the time was ripe to discover information inside the Clinton campaign staff.
If such a Sanders-supporter indeed did decide to discover such information, then a key action occurred on March 19, 2016, when there was a successful phishing of the e-mail account of John Podesta, the chairman of Hillary Clinton's campaign staff. That phishing occurred five days before the Sanders campaign staff served the lawsuit to the DNC on March 24 -- the last legal day to serve the lawsuit.
=======
Let's imagine the perspective of the hypothetical Sanders-supporter computer expert on March 16, 2016. On the previous day, March 15, Clinton had defeated Sanders in five primary elections -- in Florida, Illinois, Missouri, North Carolina and Ohio. However, in the following days (through April 9) Sanders was favored to win (and did win) primary elections in seven states -- Idaho, Utah, Alaska, Hawaii, Washington, Wisconsin and Wyoming. Sanders still had a real chance to defeat Clinton in the primary race.
In such circumstances, however, the Sanders campaign staff had to serve its lawsuit on the DNC no later than March 24. Beginning on that day, the DNC would be able to initiate a legal discovery procedure against the Sanders campaign staff. If the DNC did discover any information discrediting or incriminating the Sanders campaign staff, then the DNC surely would share such information immediately with the Clinton campaign staff. In such circumstances, the Sanders-supporter computer expert felt morally justified in initiating his own secret "discovery procedure" against the DNC and against the Clinton campaign staff. One of the first actions in this secret "discovery procedure" was the phishing of Podesta on March 19.
Another eventual action in this secret "discovery procedure" was to place computer viruses onto the DNC server in order to collect information about the DNC. I speculate that the Sanders-supporter computer expert did so between April 15 and May 2 2016. (I will explain those two dates below.)
I speculate further that he used computer viruses that apparently had been developed by Russian Intelligence. As I told in my Part 9, the CIA had collected a so-called "arsenal" of foreign computer viruses but had lost its exclusive control of this arsenal. Therefore computer viruses developed by Russian Intelligence were available to the Sanders-supporter computer expert, who put them onto the DNC computer in late March 2016 during his own secret "discovery procedure".
Later, those computer viruses were found by CrowdStrike, and that finding eventually enabled the FBI to argue falsely that Russian Intelligence was meddling in the US elections in 2016.
======
CrowdStrike investigated the DNC computer system twice.
1) CrowdStrike investigated that system in regard to the Uretsky affair. This investigation took place sometime between December 16, 2015 and April 29, 2016.
2) CrowdStrike investigated that system in regard to the FBI's suspicion that Russian Intelligence had infiltrated the system. This investigation too place between May 2 and June 14, 2016.
The second CrowdStrike investigation began as follows.
On the late afternoon of Friday, April 29, 2016 -- the very same day when the Sanders campaign staff terminated its lawsuit that had been caused by a Sanders supporter's hack of the DNC's computers -- an unidentified FBI official conducted a conference call with two people:
1) an unidentified DNC staff member who managed the DNC computer system
2) Michael Sussman, a computer-security expert employed by the Perkins Coie law firm, which provided legal services to the DNC.
The FBI official discussed with them the FBI's suspicion that Russian Intelligence was hacking into the DNC computer system.
During the following weekend, April 30-May 1, Sussman called Shawn Henry, a CrowdStrike manager. Sussman arranged with Henry that CrowdStrike would study the alleged Russian Intelligence hack of DNC computers. Thus, the second investigation began on May 2.
I speculate that the first investigation ended by April 15. I say so because that FBI official contacted the DNC computer manager in about the third week of April 2016 (i.e. April 17-23) to request the DNC's computer server logs. I speculate that the FBI's request was prompted at least partially by the conclusion of CrowdStrike's first investigation.
Since CrowdStrike apparently did not find any allegedly Russian-Intelligence computer viruses on the DNC system during the first investigation, the computer viruses were placed on the DNC system during the interval between April 15 and May 2, 2016.
(Keep in mind that I can only guess that the first CrowdStrike investigation ended on April 15, 2016. If the actual date ever is revealed, then I will be able to correct the interval.)
========
CrowdStrike's second investigation ended by June 14, 2016, since on that day The Washington Post published an article about that investigation's findings. Essentially, the second investigation found computer viruses that were attributed to Russian Intelligence.
However, I am suggesting in my article here that those viruses actually were placed on the DNC computer system by a Sanders-supporter computer expert who was conducting his own "discovery procedure" against Hillary Clinton's campaign. Furthermore, I am suggesting that that computer expert did so sometime between April 15 and May 2, 2016.
The Washington Post article that was published on June 14 would have informed the Sanders-supporter computer expert that CrowdStrike had found the computer viruses that he had placed onto the DNC system. However, if that computer expert was an "insider" -- if he worked, for example, at DNC or in the Sanders campaign or at NGP VAN -- then he might have been informed a couple days before June 14. (As you will see below, something significant happened on June 12.)
In any case, the computer expert had to deal with the possibility that further investigation might find the actual truth -- that the computer viruses had been placed on the DNC not by Russian Intelligence, but rather by the Sanders-supporter computer expert.
Let's suppose that the computer expert worked at the DNC or at NGP VAN and that his normal access to the DNC system enabled him to simply infiltrate the viruses directly onto the DNC system. In other words, the viruses were not "hacked" onto DNC by phishing or some other such trick.
Let's suppose further that CrowdStrike did find the computer viruses on the DNC system but could not figure out for sure how the viruses infiltrated onto the system. Until CrowdStrike did figure out that mystery, the Sanders-supporter computer expert had to worry that CrowdStrike eventually might figure out the actual culprit and infiltration method.
Therefore, the Sanders-supporter computer expert had to provide to CrowdStrike a plausible explanation of how the computer viruses were infiltrated onto the DNC by means of a hacking trick. Because of his computer expertise and because of his actual experience in working with the DNC computer system, he indeed was able to provide such plausible explanation. To commuicate that plausible explanation to CrowdStrike, the Sanders-supporter computer expert created the fictional character Guccifer 2.0.
=======
The actual person who pretended to be Guccifer 2.0 pretended to be a Romanian hacker. The actual person spoke native English but apparently spoke also Romanian, but not with native skill. (Or he at least was helped by some such Romanian speaker.) Pretending to speak Russian would have made more sense in this situation, but the actual person apparently did not speak Russian adequately.
On June 21, 2016, the character Guccifer 2.0 (i.e. the Sanders-supporter computer expert) arranged to be interviewed, by means of e-mail, by a journalist named Lorenzo Franceschi-Bicchierai. In that interview, Guccifer provided a plausible explanation of how the DNC computer system was hacked.
Why else would this supposed hacker reveal his hacking method to a journalist?
The below interview transcript was published by Yaacov Apelbaum in his superb blog article Who Done It?. There, the journalist is called "Motherboard". I have added the emphasis to the transcript.
========
[Motherboard:] So, first of all, what can you tell me about yourself? Who are you?
[Guccifer 2.0:] i’m a hacker, manager, philosopher, women lover. I also like Gucci! I bring the light to people. I’m a freedom fighter! So u can choose what u like!
[Motherboard:] And where are you from?
[Guccifer 2.0:] From Romania.
[Motherboard:] Do you work with Russia or the Russian government?
[Guccifer 2.0:] No because I don’t like Russians and their foreign policy. I hate being attributed to Russia.
[Motherboard:] Why?
[Guccifer 2.0:] I’ve already told! Also I made a big deal, why you glorify them?
[Motherboard:] Tell me about the DNC hack. How did you get in?
[Guccifer 2.0:] I hacked that server through the NGP VAN soft, if u understand what I’m talking about.
[Motherboard:] So that was your entry point, what happened next?
[Guccifer 2.0:] I used 0-day exploit of NGP VAN soft then I installed shell-code into the DNC server. it allowed me to intrude into DNC network. They have Windows-based domain architecture. then I installed my Trojans on several PCs. I had to go from one PC to another every week so Crowdstrike couldn’t catch me for a long time. I know that they have cool intrusion detection system. But my heuristic algorithms are better.
[Motherboard:] When did you first hack them?
[Guccifer 2.0:] Last summer.
[Motherboard:] And when did you get kicked out?
[Guccifer 2.0:] June 12, when they rebooted their system.
[Motherboard:] And why did you hack the DNC in the first place?
[Guccifer 2.0:] DNC isn’t my first deal.
[Motherboard:] Who else have you hacked?
[Guccifer 2.0:] Follow my blog and u’ll know! I can’t tell u now about all my deals. My safety depends on it.
[Motherboard:] OK, I understand. But why did u target DNC? why are you interested in them?
[Guccifer 2.0:] Lazar began this deal and I follow him! I think we must fight for freedom of minds, fight for the world without Illuminati
[Motherboard:] Lazar?
[Guccifer 2.0:] Marcel Lazăr [The original Gufficer]
[Motherboard:] Ah yeah of course. Did you know him personally?
[Guccifer 2.0:] I can’t answer cause I care for Marcel.
[Motherboard:] Ai vrea să vorbească în română pentru un pic? [You want to talk for a bit in Romanian?]
[Guccifer 2.0:] Vorbiți limbă română? [Speak Romanian?]
[Motherboard:] Putin. Poți să-mi spui despre hack în română? cum ai făcut-o? [A little. Can you tell me about hack in Romanian? How did you do it?]
[Motherboard:] Or u just use Google translate?
[Motherboard:] Poți să răspunzi la întrebarea mea? [Can you answer my question?]
Guccifer 2.0: V-am spus deja. încercați să-mi verifica? [I have already said. try to check?]
Guccifer 2.0: Da [Yes]
Guccifer 2.0: Nu vreau să-mi pierd timpul [I do not want to waste my time]
[Motherboard:] De ce ai pus metadate rusă în primul lot de documente? [Why did you put Russian metadata in the first batch of documents?]
Guccifer 2.0: Este filigranul meu [It is my watermark]
[Motherboard:] De ce nu l-ai pus pe documentele de azi? [Why didn’t you put it in the documents today?]
Guccifer 2.0: Puteți găsi de asemenea alte filigrane în limbă spaniolă. Caută mai bine. [You can also find other watermarks in Spanish. Look better]
[Motherboard:] Sunt confuz de ceea ce spui, filigran, pentru că este mereu în schimbare. Pot să vă rog să-mi explicați în propria ta limba maternă? Așa că este mult mai clar. [I’m confused by what you say, why is watermark changing? Can you please explain to me in your own language? So it is more clear.]
[Guccifer 2.0:] Oare nu știți ce este filigran? [You do not know what watermark?]
[Motherboard:] Eu fac. Dar eu nu înțeleg de ce ai folosit filigrane rusești în unele Docs și nu în altele [I do. But I do not understand why you use watermarks in Russian in some documents and not in others?]
[Guccifer 2.0:] îți voi arăta [I will show you]
[Motherboard:] Please do.
[Motherboard:] De ce faci toate astea? [Why are you doing this?]
[Guccifer 2.0:] Asta e din partea următoare [That’s the next]
[Motherboard:] What?
[Guccifer 2.0:] Am spus deja, e un filigran, un semn special [I have already said, it’s a watermark, a special sign]
[Motherboard:] Do you like Trump?
[Guccifer 2.0:] I don’t care at all
[Motherboard:] кто-то говорит мне, что ты румынская полна ошибок [Someone tells me that your Romanian is full of mistakes.]
[Guccifer 2.0:] What’s this? Is it russian?
[Motherboard:] You don’t understand it?
[Guccifer 2.0:] R u kidding? Just a moment I’ll look in google translate what u meant. “Someone tells me that you are full of mistakes Romanian.”
[Motherboard:] Hai sa-ti pun cateva intrebari, ca sa vad ca esti cu adevarat roman [Let me ask you a few questions to see that you are truly native.]
[Guccifer 2.0:] Man, I’m not a pupil at school.
[Motherboard:] What do you mean?
[Guccifer 2.0:] If u have serious questions u can ask. Don’t waste my time.
[Guccifer 2.0:] Am mult de făcut [I have much to do]
[Motherboard:] Si cat umblai prin reteaua astora de la DNC, mai hackuise si altcineva in afara de tine [When you got into the DNC network was someone else there besides you?]
[No answer]
=======
Continued in Part 11
No comments:
Post a Comment