On May 3, 2016, when asked by MSNBC’s Andrea Mitchell if there was any indication that foreign governments had penetrated her private email server that contained classified information, Democratic presidential candidate Hillary Clinton emphatically denied the charge, saying, “No, not at all.”
The rationale for denying this was obvious enough. If the classified information on her private email server had fallen into the hands of foreign powers, then there would be real damage — potentially placing her in greater legal jeopardy.
Just a day later, on May 4, 2016, Romanian hacker Marcel Lehel Lazar, AKA Guccifer, who had first exposed Hillary Clinton’s private email server that contained classified information, contradicted Clinton in an interview with Fox News, claiming to have penetrated that email server.
“For me, it was easy … easy for me, for everybody,” Lazar claimed.
Later, former FBI Director James Comey corroborated Clinton’s account when he exonerated her of any wrongdoing related to her server in July 2016, saying, “With respect to potential computer intrusion by hostile actors, we did not find direct evidence that Secretary Clinton’s personal e-mail domain, in its various configurations since 2009, was successfully hacked.”
But, Comey added, “given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private commercial e-mail accounts of people with whom Secretary Clinton was in regular contact from her personal account.” Here, Comey was referring to the original Guccifer hack of Clinton associate Sydney Blumenthal.
Guccifer, a Romanian national, was not some state actor. He was a crackpot obsessed with finding evidence of what he called the “Illuminati.” So, he targeted members of those he believed to be a part of this “Illuminati,” including the Bush family, Colin Powell, and others, by successfully guessing their passwords or the answers to password security questions based on publicly available information to unlock their email or social media accounts.
“Lehel was [not] a good hacker, technologically speaking. He was not. He mainly had the time and patience to design social engineering attacks. He would comb the internet for background information on his intended victims and then try to guess the password or password question from their email or Facebook accounts. He guessed Colin Powel’s AOL password by learning his grandmother’s name,” Steve Mierzejewski noted on his blog at the time.
In a letter written from prison written in 2015, Lehel explained his method: “Breaking into [Blumenthal’s] email address took me a few minutes… By utilising a complex kit of social engineering and deeply accessing open-source information, a vulnerability of the email account permits the possibility of resetting the password. Once into the core of the communications of the man who had been supporting the Clintonian crime syndicate for decades, I modified the passwords of the email accounts associated with the main account.”
Once in Blumenthal’s AOL account, emails to Hillary Clinton’s private email server were revealed, including those that appeared to contain classified information. He uploaded them to a Google folder and sent it around to media outlets. This was the first time Clinton’s private email address was revealed to the world. The Smoking Gun online newspaper published a story about the Blumenthal emails on March 15, 2013 and March 18, 2013.
It was only years later and after Lazar’s Fox News interview stating he had accessed Clinton’s email server directly that any Russian connection to Guccifer was asserted. The claim was made by the conspiracy website whatdoesitmean.com on May 6, 2016 that asserting that somehow Russian intelligence services had piggybacked on Guccifer’s “hacks” and used that to penetrate Hillary Clinton’s private email server and obtain tens of thousands of Clinton’s emails. Gateway Pundit picked up on this, which is likely how then-candidate Donald Trump became aware of the claim.
Except, there was no evidence Guccifer had ever penetrated Clinton’s email server, although he claimed he did. The whatdoesitmean.com story was intended to falsify Clinton’s claims that her server had been hacked by foreign adversaries, but no verifiable evidence was provided.
Then, just a month later in June 2016, the Democrats suddenly changed their tune on foreign hacks, when it came to the Democratic National Committee (DNC) servers had been supposedly penetrated by Russia. Immediately, it was assessed that Russia was behind everything. Out of nowhere, Guccifer 2.0 appeared, and this time he or she was leaving Russian fingerprints everywhere. Interestingly, whoever was adopting the Guccifer 2.0 persona wanted to make it sound like the original Guccifer, claiming to be from Romania and renewing the interest in the “Illuminati,” stating in the June 15, 2016 blog post, “F**k the Illuminati and their conspiracies!”
Guccifer 2.0 also appeared to adopt some of the methodology of the original Guccifer, cutting and pasting the contents of emails into new documents in an attempt to strip the metadata. However, this plan was not ultimately successful, casting major doubts on Guccifer 2.0’s connection to a foreign hostile actor like Russia, which was later asserted by the FBI, CIA and NSA in the joint intelligence assessment on supposed Russian meddling in the 2016 elections issued in January. On July 24, a group of forensic investigators called Veteran Intelligence Professionals for Sanity issued a memorandum to President Trump, “Was the ‘Russian Hack’ an Inside Job?” calling that whole narrative into question.
According to the report, “Forensic studies of ‘Russian hacking’ into Democratic National Committee computers last year reveal that on July 5, 2016, data was leaked (not hacked) by a person with physical access to DNC computer. After examining metadata from the ‘Guccifer 2.0’ July 5, 2016 intrusion into the DNC server, independent cyber investigators have concluded that an insider copied DNC data onto an external storage device. Key among the findings of the independent forensic investigations is the conclusion that the DNC data was copied onto a storage device at a speed that far exceeds an Internet capability for a remote hack.”
All of which calls into question just how the FBI, CIA and NSA was so certain the DNC servers had been hacked — when it never took possession of the servers. As Comey noted last July, when it came to the Clinton private email server, even with it in possession, “given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence [of a hack].” So, even with server in-hand, ascertaining a hack was deemed “unlikely.” Without it, as with the DNC server, making such a forensic determination should have been impossible.
Yet, in January, the FBI, CIA and NSA concluded that “We assess with high confidence that the GRU used the Guccifer 2.0 persona, DCLeaks.com, and WikiLeaks to release U.S. victim data obtained in cyber operations publicly and in exclusives to media outlets… Content that we assess was taken from email accounts targeted by the GRU in March 2016 appeared on DCLeaks.com starting in June. We assess with high confidence that the GRU relayed material it acquired from the DNC and senior Democratic officials to WikiLeaks.”
Somehow, the federal government concluded that the DNC emails were obtained via “cyber operations” without ever examining the DNC servers. Comey later confirmed in testimony on Jan. 10 before the Senate Intelligence Committee that “Ultimately what was agreed to is the private company would share with us what they saw… Our forensics folks would always prefer to get access to the original device or server that’s involved, so it’s the best evidence.” Instead, the FBI deferred to the private group, Crowdstrike, which conducted an independent analysis of the supposed DNC hack.
But even that is questionable. Crowdstrike co-founder Dmitri Alperovitch in the Washington Post published June 14, 2016 spoke of the lack of evidence as to how it was that somebody got onto the Democratic National Committee (DNC) servers to get the emails that were ultimately published on Wikileaks in July 2016. According to the Washington Post, “CrowdStrike is not sure how the hackers got in. The firm suspects they may have targeted DNC employees with ‘spearphishing’ emails… ‘But we don’t have hard evidence,’ Alperovitch said,” the report stated. Nor was Alperovitch really sure who had hacked the DNC emails: “CrowdStrike is less sure of whom Cozy Bear works for but thinks it might be the Federal Security Service, or FSB, the country’s powerful security agency, which was once headed by Putin.”
Interestingly, even though Crowdstrike had cited the Russian Federal Security Service as the source of the DNC emails, and even though the FBI had relied on the Crowdstrike assessment for forensics, the joint intelligence report by the FBI, CIA and the NSA contradicted that report, saying instead that it was the GRU. No reason for the discrepancy was given. But perhaps it had something to do with the fact that Crowdstrike was so unsure of where Wikileaks had actually gotten the emails.
On Nov. 17, former National Intelligence Director James Clapper told the House Intelligence Committee: “As far as the WikiLeaks connection, the evidence there is not as strong and we don’t have good insight into the sequencing of the releases or when the data may have been provided,” adding, “We don’t have as good of insight into that.”
Maybe that’s because that the federal government never examined the DNC servers. How can Special Counsel Robert Mueller purport to investigate Russia’s supposed interference of the 2016 election if the primary piece of evidence, the DNC servers, have never been impounded? What’s Mueller waiting for?
This is a guest post by Robert Romano Vice President of Public Policy of Americans for Limited Government.