As the major media outlets chase after the latest shiny object cast in front of them (the indictment of 13 Russian trolls who can’t be prosecuted), another major story is slipping by relatively unnoticed. It is a story that has the potential to answer many questions about the full extent of Russian meddling in the 2016 US elections. It might even substantiate speculations that have only existed on fringe media sites. The problem with this news story is that it hides under a rather bland banner: BuzzFeed Sues the DNC.
On the surface, this seems like a ‘so what’ story. I mean, everyone sues everyone these days. Maybe it has a mildly interesting cannibalistic angle in that a left wing media outlet is suing the Democratic National Committee. But the true story is in why this is happening at all.
The story begins with BuzzFeed’s decision to publish the now largely debunked Steele dossier on Donald Trump. It was a poor decision by a media outlet which was seeking the limelight at the expense of good journalism. However, in their defense, they must have been convinced, at least to a minimal degree, that there were reliable sources behind the document. The document, when published, referred to one Alexsej Gubarev and his company, Webzilla, as being behind the Russian hacking of the DNC. Gubarev was understandably upset with seeing himself openly and unjustly shamed and, seeing what this could do to the reputation of his company, sued BuzzFeed for libel.
The amount of money mentioned in the suit must have been substantial and may be enough to effectively close down BuzzFeed. I say this because BuzzFeed spared no expense in hiring former FBI and White House cybersecurity official, Anthony Ferrante, to seek information that may, in fact, implicate Gubarev in the DNC hacking or substantiate other sections of the dossier. The hope is that this would show that they were not negligent in their publication of the document. This and other suits filed against BuzzFeed over their publication of the dossier have forced BuzzFeed to fight for its journalistic life.
But what if Gubarev really was behind the hack of the DNC? What if he was not as innocent as he claims? In this case, not only would the lawsuit be dropped, but BuzzFeed could countersue. But there is only one organization that would know for sure who was behind the hack of the DNC, and that is the DNC itself. If clues to the hacking exist, that information may still be somewhere on their servers. At least, this is what BuzzFeed hopes, and this is why they sued the DNC. They want access to those servers to see if they can find out who really hacked the DNC.
But wait a minute. Don’t we already know that the Russian government, or at least someone connected to the Russian government, hacked the DNC? After all, didn’t 17 government intelligence agencies find this to be the case? Well, that’s a bit of an exaggeration. The fact is that the only people who ever saw the DNC servers were not part of the government at all. They were a private cybersecurity firm called, Crowdstrike. The DNC refused to let the FBI look at their servers, if you believe the FBI version of the story because, according to the DNC, the FBI never asked for access to their servers. Neither of these scenarios looks good for the FBI.
The DNC claimed they randomly chose Crowdstrike to help them when they suspected they may have been hacked. They continually worried about Sanders’ supporters trying to hack them. Their claim was that they hired an independent firm because they didn’t want to involve the FBI. At the time, the FBI was investigating Clinton’s use of a private server, and they felt that involving the FBI in this problem would make things worse for Hillary and the DNC. To put it bluntly, they were afraid that such an open investigation could hurt donations to the party. This is substantiated by the fact that, after they announced the hack in June, 2016, they immediately announced that no donor information was involved. This story later proved to be false when Guccifer 2.0 released pages of information on donors.
But did the DNC randomly choose Crowdstrike as they claimed? Crowdstrike, in fact, had already been contracted by the FBI back in July, 2015, as can be seen in the image from USASpending.gov seen below.
They were still under contract when they investigated the DNC hacking. This begs the question: Did the FBI suggest that Crowdstrike investigate the hack and, thus, simply trust their conclusions? The FBI had already known the DNC was being hacked. They had warned them to be careful months before. Crowdstrike, having previously dealt with Russian hacking, quickly concluded that Russian hacking groups were behind the attacks. There were certain Russian references in the malware code and the servers used to operate the attack were ones Crowdstrike had seen before. The government intelligence agencies that claimed the hack was organized by Russian operatives based their conclusions on the forensics performed by Crowdstrike. They did not, and could not verify this claim on their own. Now, keep in mind that this was one of the key cyber events in years and, perhaps, in history. Wouldn’t you think that the highest level law enforcement agency in the US government would want to double check the conclusions of a private cybersecurity firm?
So BuzzFeed appears to have a case. In fact, many in the cybersecurity community had their doubts about Russia being the source of this cyber attack. First of all, attribution for an attack is very difficult. The best hackers will hide all traces of where the attack came from. In fact, they will insert code or use servers that appear to point to other countries entirely. If they believe they have been discovered, they have a ‘kill switch’ that will wipe all evidence of the infiltration from the compromised network. What if someone just wanted to make it look like the Russians were the culprits? You could not absolutely exclude this possibility from the evidence given.
As soon as the hack was announced, the DNC put forth the story that Russia hacked them to help then candidate Donald Trump. But were these hackers allied with the Russian government or were the hacks performed by one of the numerous, independent Russian hacking groups? One would expect an attack by the Russian government to be sophisticated. In fact, this one was not. According to the Crowdstrike employee who worked on the hack, Robert Johnston, this was not an example of a sophisticated hack. “The target list was, like, 50 to 60,000 people around the world. They hit them all at once.” He observed that it was unusual for “an intel service to be so noisy.” To be blunt, this looks more like an attack performed by an amateurish hacking group that just happened to get lucky with one of its mass phishing campaigns. Whether the bounty gained from this attack was subsequently used by the Russian government is impossible to say. (For details on how this attack occurred, see this post.)
What is somewhat unsettling is that Crowdstrike has since lost some of its credibility. Crowdstrike falsely attributed attacks on a Ukrainian artillery app to Russia in December, 2016. At that time, Dmitri Alperovitch, the anti-Russian founder of Crowdstrike, claimed that this buttressed Crowdstrike’s conclusions for Russia’s involvement in the DNC hack. When this claim proved to be false, Crowdstrike’s reputation as experts on Russian hacking was tarnished. In addition, when asked to testify before an intelligence committee investigating the DNC hack, they refused, making some wonder if they were trying to hide something.
It was such behavior that has spawned a number of alternative theories. Although some of these may be classified as true conspiracy theories, others have a certain amount of support and could, indeed, be credible. Among the latter are those presenting evidence that the DNC documents were leaked and not stolen. Other theories have suggested that Crowdstrike or the FBI may have inserted malware into the DNC servers to intentionally make it look like the Russians were involved in the hacking. Why would they do this? Most such theories suggest that the DNC was trying to hide something and needed the Russian story to distract the public.
Crowdstrike used its Falcon platform to detect the unusual movements of large numbers of files within the DNC network. At the same time they were doing this, the Awan family was illegally moving thousands of files belonging to over 40 Congressional Democrats (including those of DNC Chairperson, Debbie Wasserman-Schultz) to Dropbox accounts and a server for the House Democratic Caucus. (The server was subsequently stolen.) Did Crowdstrike detect any of this unusual activity? (For more information on the Awan family scam, read this post.)
In the end we are left with more questions than answers. If judges allow BuzzFeed access to the DNC servers, and assuming there is still evidence of the hacking on them, it might just be possible to answer some of these questions on Russia’s involvement in the election. It is possible that what is found could squelch some of the conspiracy theories surrounding Russian collusion and support others. Then again, information may surface that could change the course of the Mueller investigation completely. Some decision should be made next month. However, the DNC lawyers are pushing back saying that, “if these documents were disclosed, the DNC’s internal operations, as well as its ability to effectively achieve its political goals, would be harmed.”
I don’t mean to be sarcastic, but I think their internal operations and political goals were already harmed. It’s time to stop sandbagging and let everyone get to the bottom of this matter once and for all.