FOR: The President
FROM: Ray McGovern, former CIA briefer of The President’s Daily Brief, and William Binney, former Technical Director at NSA
SUBJECT: Info Your Summit Briefers May Have Missed
We reproduce below one of our most recent articles on “Russia-Gate,” which, in turn, draws from our Veteran Intelligence Professionals for Sanity Memorandum to you of July 24, 2017.
At the time of that Memorandum we wrote:
“Forensic studies of “Russian hacking” into Democratic National Committee computers last year reveal that on July 5, 2016, data was leaked (not hacked) by a person with physical access to DNC computer. After examining metadata from the “Guccifer 2.0” July 5, 2016 intrusion into the DNC server, independent cyber investigators have concluded that an insider copied DNC data onto an external storage device.
Key among the findings of the independent forensic investigations is the conclusion that the DNC data was copied onto a storage device at a speed that far exceeds an Internet capability for a remote hack.”
“We do not know who or what the murky Guccifer 2.0 is. You may wish to ask the FBI,” we wrote. However, we now have forensic evidence that shows the data provided by Guccifer 2.0 had been manipulated and is a fabrication.
We also discussed CIA’s cyber-tool “Marble Framework,” which can hack into computers, “obfuscate” who hacked, and leave behind incriminating, telltale signs in Russian; and we noted that this capability had been employed during 2016. As we pointed out, Putin himself made an unmistakable reference to this “obfuscating” tool during an interview with Megan Kelly.
Our article of June 7, 2018, explains further:
Waiting for Evidence of a Russian Hack”
If you are wondering why so little is heard these days of accusations that Russia hacked into the U.S. election in 2016, it could be because those charges could not withstand close scrutiny. It could also be because special counsel Robert Mueller appears to have never bothered to investigate what was once the central alleged crime in Russia-gate as no one associated with WikiLeaks has ever been questioned by his team.
Veteran Intelligence Professionals for Sanity – including two “alumni” who were former National Security Agency technical directors – have long since concluded that Julian Assange did not acquire what he called the “emails related to Hillary Clinton” via a “hack” by the Russians or anyone else. They found, rather, that he got them from someone with physical access to Democratic National Committee computers who copied the material onto an external storage device – probably a thumb drive. In December 2016 VIPS explained this in some detail in an open Memorandum to President Barack Obama.
On January 18, 2017 President Obama admitted that the “conclusions” of US intelligence regarding how the alleged Russian hacking got to WikiLeaks were “inconclusive.” Even the vapid FBI/CIA/NSA “Intelligence Community Assessment of Russian Activities and Intentions in Recent US Elections” of January 6, 2017, which tried to blame Russian President Vladimir Putin for election interference, contained no direct evidence of Russian involvement. That did not prevent the “handpicked” authors of that poor excuse for intelligence analysis from expressing “high confidence” that Russian intelligence “relayed material it acquired from the Democratic National Committee … to WikiLeaks.” Handpicked analysts, of course, say what they are handpicked to say.
Never mind. The FBI/CIA/NSA “assessment” became bible truth for partisans like Rep. Adam Schiff (D-CA), ranking member of the House Intelligence Committee, who was among the first off the blocks to blame Russia for interfering to help Trump. It simply could not have been that Hillary Clinton was quite capable of snatching defeat out of victory all by herself. No, it had to have been the Russians.
Five days into the Trump presidency, McGovern had a chance to challenge Schiff personally on the gaping disconnect between the Russians and WikiLeaks. Schiff still “can’t share the evidence” with me … or with anyone else, because it does not exist.
It was on June 12, 2016, just six weeks before the Democratic National Convention, that Assange announced the pending publication of “emails related to Hillary Clinton,” throwing the Clinton campaign into panic mode, since the emails would document strong bias in favor of Clinton and successful attempts to sabotage the campaign of Bernie Sanders. When the emails were published on July 22, just three days before the convention began, the campaign decided to create what we call a Magnificent Diversion, drawing attention away from the substance of the emails by blaming Russia for their release.
Clinton’s PR chief Jennifer Palmieri later admitted that she golf-carted around to various media outlets at the convention with instructions “to get the press to focus on something even we found difficult to process: the prospect that Russia had not only hacked and stolen emails from the DNC, but that it had done so to help Donald Trump and hurt Hillary Clinton.” The diversion worked like a charm. Mainstream media kept shouting “The Russians did it,” and gave little, if any, play to the DNC skullduggery revealed in the emails themselves. And like Brer’ Fox, Bernie didn’t say nothin’.
Meanwhile, highly sophisticated technical experts, were hard at work fabricating “forensic facts” to “prove” the Russians did it. Here’s how it played out:
June 12, 2016: Assange announces that WikiLeaks is about to publish “emails related to Hillary Clinton.”
June 14, 2016: DNC contractor CrowdStrike, (with a dubious professional record and multiple conflicts of interest) announces that malware has been found on the DNC server and claims there is evidence it was injected by Russians.
June 15, 2016: “Guccifer 2.0” affirms the DNC statement; claims responsibility for the “hack;” claims to be a WikiLeaks source; and posts a document that the forensics show was synthetically tainted with “Russian fingerprints.”
The June 12, 14, & 15 timing was hardly coincidence. Rather, it was the start of a preemptive move to associate Russia with anything WikiLeaks might have been about to publish and to “show” that it came from a Russian hack.
Enter Independent Investigators
A year ago independent cyber-investigators completed the kind of forensic work that, for reasons best known to then-FBI Director James Comey, neither he nor the “handpicked analysts” who wrote the Jan. 6, 2017 assessment bothered to do. The independent investigators found verifiable evidence from metadata found in the record of an alleged Russian hack of July 5, 2016 showing that the “hack” that day of the DNC by Guccifer 2.0 was not a hack, by Russia or anyone else.
Rather it originated with a copy (onto an external storage device – a thumb drive, for example) by an insider – the same process used by the DNC insider/leaker before June 12, 2016 for an altogether different purpose. (Once the metadata was found and the “fluid dynamics” principle of physics applied, this was not difficult to disprove the validity of the claim that Russia was responsible.)
One of these independent investigators publishing under the name of The Forensicator on May 31 published new evidence that the Guccifer 2.0 persona uploaded a document from the West Coast of the United States, and not from Russia.
In our July 24, 2017 Memorandum to President Donald Trump we stated, “We do not know who or what the murky Guccifer 2.0 is. You may wish to ask the FBI.”
Our July 24 Memorandum continued: “Mr. President, the disclosure described below may be related. Even if it is not, it is something we think you should be made aware of in this general connection. On March 7, 2017, WikiLeaks began to publish a trove of original CIA documents that WikiLeaks labeled ‘Vault 7.’ WikiLeaks said it got the trove from a current or former CIA contractor and described it as comparable in scale and significance to the information Edward Snowden gave to reporters in 2013.
“No one has challenged the authenticity of the original documents of Vault 7, which disclosed a vast array of cyber warfare tools developed, probably with help from NSA, by CIA’s Engineering Development Group. That Group was part of the sprawling CIA Directorate of Digital Innovation – a growth industry established by John Brennan in 2015. [ (VIPswarned President Obama of some of the dangers of that basic CIA reorganization at the time.]
“Scarcely imaginable digital tools – that can take control of your car and make it race over 100 mph, for example, or can enable remote spying through a TV – were described and duly reported in the New York Times and other media throughout March. But the Vault 7, part 3 release on March 31 that exposed the “Marble Framework” program apparently was judged too delicate to qualify as ‘news fit to print’ and was kept out of the Times at the time, and has never been mentioned since.
“The Washington Post’s Ellen Nakashima, it seems, ‘did not get the memo’ in time. Her March 31 article bore the catching (and accurate) headline: ‘WikiLeaks’ latest release of CIA cyber-tools could blow the cover on agency hacking operations.’
“The WikiLeaks release indicated that Marble was designed for flexible and easy-to-use ‘obfuscation,’ and that Marble source code includes a “de-obfuscator” to reverse CIA text obfuscation.
“More important, the CIA reportedly used Marble during 2016. In her Washington Post report, Nakashima left that out, but did include another significant point made by WikiLeaks; namely, that the obfuscation tool could be used to conduct a ‘forensic attribution double game’ or false-flag operation because it included test samples in Chinese, Russian, Korean, Arabic and Farsi.”
A few weeks later William Binney, a former NSA technical director, and Ray McGovern commented on Vault 7 Marble, and were able to get a shortened op-ed version published in The Baltimore Sun.
The CIA’s reaction to the WikiLeaks disclosure of the Marble Framework tool was neuralgic. Then Director Mike Pompeo lashed out two weeks later, calling Assange and his associates “demons,” and insisting; “It’s time to call out WikiLeaks for what it really is, a non-state hostile intelligence service, often abetted by state actors like Russia.”
Our July 24 Memorandum continued: “Mr. President, we do not know if CIA’s Marble Framework, or tools like it, played some kind of role in the campaign to blame Russia for hacking the DNC. Nor do we know how candid the denizens of CIA’s Digital Innovation Directorate have been with you and with Director Pompeo. These are areas that might profit from early White House review. [ President Trump then directed Pompeo to invite Binney, one of the authors of the July 24, 2017 VIPs Memorandum to the President, to discuss all this. Binney and Pompeo spent an hour together at CIA Headquarters on October 24, 2017, during which Binney briefed Pompeo with his customary straightforwardness. ]
“We also do not know if you have discussed cyber issues in any detail with President Putin. In his interview with NBC’s Megyn Kelly he seemed quite willing – perhaps even eager – to address issues related to the kind of cyber tools revealed in the Vault 7 disclosures, if only to indicate he has been briefed on them. Putin pointed out that today’s technology enables hacking to be ‘masked and camouflaged to an extent that no one can understand the origin’ [of the hack] … And, vice versa, it is possible to set up any entity or any individual that everyone will think that they are the exact source of that attack.
“‘Hackers may be anywhere,’ he said. ‘There may be hackers, by the way, in the United States who very craftily and professionally passed the buck to Russia. Can’t you imagine such a scenario? … I can.’
New attention has been drawn to these issues after McGovern discussed them in a widely published 16-minute interview last Friday.
In view of the highly politicized environment surrounding these issues, we believe we must append here the same notice that VIPs felt compelled to add to our key Memorandum of July 24, 2017:
“Full Disclosure: Over recent decades the ethos of our intelligence profession has eroded in the public mind to the point that agenda-free analysis is deemed well nigh impossible. Thus, we add this disclaimer, which applies to everything we in VIPs say and do: We have no political agenda; our sole purpose is to spread truth around and, when necessary, hold to account our former intelligence colleagues.
“We speak and write without fear or favor. Consequently, any resemblance between what we say and what presidents, politicians and pundits say is purely coincidental.” The fact we find it is necessary to include that reminder speaks volumes about these highly politicized times.
Ray McGovern works with Tell the Word, a publishing arm of the ecumenical Church of the Saviour in inner-city Washington. His 27-year career as a CIA analyst includes serving as Chief of the Soviet Foreign Policy Branch and preparer/briefer of the President’s Daily Brief. He is co-founder of Veteran Intelligence Professionals for Sanity (VIPS). William Binney worked for NSA for 36 years, retiring in 2001 as the technical director of world military and geopolitical analysis and reporting; he created many of the collection systems still used by NSA. Reprinted with permission from Consortium News.