« Trump kicked the Islamic world in the teeth today, and loved doing it. | Main | A Modest Proposal to dismember Syria ... »

26 January 2018


Feed You can follow this conversation by subscribing to the comment feed for this post.



Even if I would buy the interference narrative, Russia basically backed everyone who did not happen to be Hillary Clinton. Given Hillaries position on no Fly zones in Syria, which basically meant that she wanted to launch a fully unprovoked war of aggression upon Syria and her Russian allies, they had legitimate reasons to oppose her.

As a matter of fact, just war theory would obligate the Russian to try every mean short of war first. Backing first Sanders and then Trump could also be seen as a Russian statement along the lines of "the USAs internal affairs are none of our business, as long as a major candidate does not openly campaign on a platform of effectively global thermonuclear war with our nation. We do have a right to oppose such a candidate by airing his/her dirty laundry."

Now, my associates in Moscow have the following opinion:

1: "Fancy Bear" is not the SVR, or the GRU, or Spezsvyaz etc. it is a fairly group of hackers with some Krysha that uses shotgun approaches to get something, and then offers this something to various interested customers. They are on decent relations with the Russian authorities, and may have, by now, a Kurator among them who actually is Russian intel.
2: If you are a hacker in the CIS region, you do strive for one of 2 scenarios, either you try to get decent relations with the authorities, or you try to stay under their radar. Word is that the authorities are actually fairly chill unless you do something stupid (like shitting where you live in criminal terms), so most prefer option one.
3: Hacking the DNC was something this mid tier cyber crime group did, and it wasnt exactly difficult.
4: Crowdstrike was basically hired to turn this into "we were hacked by Russian super Cyber Ninjas which is an act of god, so our keystone cops cyber defenses totally arent at fault etc. ."
5: GRU was mildly displeased by considerable parts of the western world thinking that fancy bear represents their hacking skill level. Spy organizations do have a reputation to protect. The awnswer was the pretty epic hack of the equation group by the "Shadow Brokers" (heard 3 version about them, either they are just another somewhat higher tier cyber group with somewaht better relations with the authorities, which basically let the GRU smurf as them while GRU was hacking the hell out of the NSA, or that they are the SVRs equation group equivalent and the SVR was trolling the GRU by taking care of things for them, or that they were the GRUs equation group equivalent all along), this was specifically intended to be a "warning shot" by Russian intel.
6: That the Americans send the Dutch, who are not exactly an independent actor, in front is seen as a hedge to make the next "warning shot", by this time the SVR, hit the Dutch and not the USA. That the USA hacks all Russian universities, and anything associated with Moscow state University in particular, is common knowledge in Russia. Heck, my brother studied kryptography there for a year and they basically got a "Every meaningfull Intel agencies is trying to hack us, and has probably hacked us because we dont have money, so dont enter dumb search queries or develop malware on university PCs." talk during his introductory week.

The Twisted Genius


Excellent comment. I appreciate your insights and those of SmoothieX12 very much. I pretty much agree with your assessment. In my opinion it would have been negligent for the Russian government not to try to influence our 2016 presidential election for the reasons you outlined. That's the main point of my argument.

Your associates in Moscow also confirm my experiences with Russian hackers and Russian intelligence/government operatives as well as the complicated relationship between these two groups. The assessment of the DNC penetration as not a particularly impressive hack is right. I doubt the goal was to pull off an elegant hack. Its purpose was to obtain useful raw material for the ensuing IO campaign. There was no need for elite tools or skills, just whatever got the job done.

The story of the Shadow Brokers and the Equation Group is, indeed, an epic hack. It shows how sloppy and careless groups like NSA's TAO can be over time. As I said earlier in this discussion, even the best of hackers make mistakes and eventually one of these mistakes will lead to their downfall. I attribute much of this to NSA's and CYBERCOM's push to expand too quickly into industrial level programs. Hacking should be left to small guilds of dedicated, patient artists and craftsmen.

FB Ali

Re the Volksrant extract that starts off this thread.

I see the following in today's Foreign Policy Sitrep: Reading between the lines of the Nieuwsuur and de Volkskrant expose, there’s good reason to be skeptical of this story....

If this reasonably well-regarded US magazine (by no means pro-Russian) says this about the Dutch story, one wonders what was the point of quoting this and building a post on it.

The Twisted Genius

Brigadier Ali,

Foreign Policy never says what those good reasons for skepticism are. I would expect at least a hint if that statement is anything more than a journalistic device.

FB Ali

This is a Foreign Policy Sitrep, a short report on important news items. I presume they have good reasons for their skepticism.

I'm afraid if I have to choose between your version and Foreign Policy's, I'd much rather go with Foreign Policy. On the face of it, Volksrant's tale sounds totally fanciful. In fact, a typical "journalistic device".

blue peacock

I've been speculating for some time that the Nunes memo will be the first of many memos. The leaks so far about the contents of the memo say it is about FISA abuse. That makes sense since it would help bring to the fore several elements.

The FISA violations detected by Admiral Rogers and the subsequent compliance review at the NSA. The contents of the FISA applications including why they were rejected earlier and why they were approved in October 2016. Who were the FISC judges that rejected and approved? Why did FISC Judge Contreras recuse himself subsequently? What incidental information on US persons were collected? Who was the raw information shared with? Who made the unmasking requests? Who was that shared with? What role did the FBI, Clinton campaign, DNC play in the Fusion GPS dossier? Who paid what to whom and why? Why was Christopher Steele hired and what role did he play? Was GCHQ involved? Did Fusion GPS pay media outlets to launder the dossier?

So it opens up many avenues of questioning. And that is even before we get to the Clinton mishandling of classified information investigation at the FBI or the backstory to the appointment of Mueller and the staffing of his team and of course the roles played by Clapper & Brennan.

The Democrats and the media are being true to form here and exactly what Nunes wants. The more the push that this initial memo does not accurately reflect the underlying evidence, the more they play into the hands of declassification of the evidence and the appointment of another special counsel. The next big shoe to drop is the IG report expected sometime this Spring. The declassification of the Nunes memo, IMO, is just the first step. The momentum will continue to build and there is a decent probability that over the course of the next several months it will lead directly into the Obama White House and Obama himself.


Dutch folk magically got gold around the same time frame:
also note magic disappearance of gold from Ukraine previously:
just sayin'.


Scott Humor advances various evidence Kremlin Trolls/Internet Research group was a CIA initiative, which casts a whole new light on the matter:

Keith Harbaugh

Imagine this:
One of the key figures in the FBI's investigation of both HRC and DTJ,
in fact the intermediate between McCabe and Strzok in the FBI's chain of command,
was/is married to a rich Jewish woman whose father was an executive at Goldman Sachs.
Further, the woman is a donor to HRC.

Too hard to believe?
and Google turns up this interesting, if a trifle non-PC, page:

I'm not familiar with Nardello & Co., but it sure sounds like something closely related to what spooks do.
(Colonel Lang, if you are reading this,
do you have any comments on them?)

From her bio at Nardellos & Co.
we find this, which may explain how she met her husband:

After graduating from Harvard Business School,
Sabina served as a Special Advisor in the Directorate of Intelligence at the Federal Bureau of Investigation’s headquarters in Washington, DC.
In that capacity, she worked with senior management
to refine and strengthen the FBI’s intelligence gathering capabilities
and implement its intelligence transformation efforts
in response to the recommendations of the 9/11 Commission.


TTG, Here is the response from Suzie Dawson to your critique of her 10 points debunking the Dutch/NSA story - "Re 1: his proposition would require that the russian hackers didn't alter their choice of home network in several years of operation of HVT's. bizarre. including post-snowden revelations. even more bizarre. it is far more likely that they would continually change both location and host network as a basic opsec practice. but then, none of the behaviours alleged by the intelligence agencies match up with the most basic of opsec practices so... either someone is mindlessly incompetent for years on end, or someone is lying. pretty sure its the latter. especially given the later lies about both offensive and defensive methodologies.

2: the FBI is a customer of the NSA. the NSA is who the Dutch have their partnership with. The FBI warning the DNC in 2016 does not excuse the inaction between 2014-2016, given that the Dutch claim to have kept the US in the loop the entire time.

3. *my* point 3 was in reference to tweet I cited by Eric Garland - who was indeed trying to spin from the 'collusion' narrative back to just 'Russian hacking' - an attitude that was being mimicked by Western media. Which is why I correctly referenced it in my article as a 'bait and switch' tactic. It is very common.

4. anonymity is routinely utilised by intelligence sources as cover for their media psyops

5. the Snowden document I cited shows how deep and intrinsic the relationship between the Dutch and NSA already was, as of 2013. Six Dutch intelligence officers had visited NSA headquarters - the same number of sources cited in the article. Also that the Dutch were already looking into allowing "full-take" collection for NSA at cable level. This legislation the Dutch are facing is the same that has been implemented elsewhere, to enable mass surveillance of the kind that Snowden leaked to try to alert the world about the dangers of.

6. Actually, in cases of extreme public interest, information has been declasified... such as Reagan. The NSA even complains about this in the leaked documents.

7. it was a dog whistle. It was them saying 'we are getting you back and this is why'. The claim that the hack must have taken place before was completely erroneous and unfounded.

8 & 9 are both relevant points and stand, they outline further lies, improbabilities and inconsistencies, whereas this person trying to debunk my post earlier claims I didn't demonstrate any. Wrong.

10. I clearly stated that the credible narrative would be that all intelligence agencies try to undermine other intelligence agencies. And then gave clear examples of actual documented evidence of US interference in the French Presidential election, utilising its FVEY partners to do so, a fact conveniently ignored by the person trying to debunk my debunking. Even Snowden has pointed out that the Russians probably *did* take some action to interfere with the election purely because all intelligence agencies do such things by default. But to make the allegation requires actual evidence, ie. documents, photographs, video etc etc, none of which either the Dutch nor the USA has produced."


Interesting take on the Dutch Joint Sigint Cyber Unit (JSCU) in FP magazine. Written by Mark Galeotti, who is author of several books on the Russian military. The article mirrors TTGs point that a small dedicated team of smart & professional hackers can do as good or better work than a project with a ton of manpower.



Mark Galeotti, who is author of several books on the Russian military

Most what Galeotti writes on Russia in general or her military in particular is rubbish. It is expected from the man with degree in "history" and political "science". In general Galeotti is precisely the type which contributed enormously to the US utter failure with Russia across the whole spectrum of activities from economy to military. His investigation of organized crime, however, could be of some interest.

The Twisted Genius


Thanks for your effort in getting a response from Suzie Dawson. Her response leaves me even less convinced of debunking, although I have no doubt of her sincerity.

1. I've spent 10+ years dealing with USG and allied cyber units. There is nothing unusual about these units remaining in the same physical location for several years. What is changed out is the operational network between the operator and the target. During the discussion of the DOS hack, the Dutch article and other articles explain that the APT29 group changed operational midpoints several times over a 24 hour period in an effort to remain in the DOS network.

2. What inaction? The Dutch were instrumental in defeating the 2014 DOS attack. They apparently relayed info about the DNC intrusion sometime prior to September 2015 when the FBI first notified the DNC of the APT29 intrusion. It was an FBI/DNC screw up in not reacting more aggressively to this first warning, not any delay by the Dutch. The article only covers these two APT29 intrusions so we don't know what else was shared. My guess they were also helpful during the 2015 JCS intrusion.

3. I don't follow Eric Garland. I'll take a look to see what's the source of his egregiousness.

4. As I said anonymity is used by many, not just intelligence sources. Hell, I use light anonymity. Hence the pseudonym TTG.

5. With the access developed by the Dutch, I'm not at all surprised by the close relationship between the NSA and their Dutch counterpart. That's the norm post-9/11 across the IC.

6. I predict that a lot more will be declassified when more indictments are made public and the investigation wraps up.

7. I have severe tinnitus. Perhaps that's why I can't hear the dog whistle. Seriously, I see the connection between the AIVD and MH17 made by the author to be unsubstantiated assumptions adopted to support the desired narrative.

8 & 9. Based on my experience and familiarity with these operations, I fail to see the improbabilities and inconsistencies in the Dutch account of the 2014 DOS intrusion. It is consistent will all other descriptions of that attack that i have read.

10. So, Snowden said "the Russians probably *did* take some action to interfere with the election." That's not helpful to "Russia did nothing" narrative. I have no doubt the US spied on the French election. I remember the brouhaha over US spying on Merkel's phone. That's the nature of intelligence on the national level. So the credible narrative is that Russia could have hacked the DNC because all intel agencies do it. I rest my case.

The Twisted Genius


I'm closing the comments to this posting. The discussion has been remarkably on topic, professional and useful, but it's gone on long enough for now. I guarantee I will offer more opportunities to discuss these things in the future.

The comments to this entry are closed.

My Photo

February 2021

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
Blog powered by Typepad