« Open Thread 2 June 2019 | Main | "Here's a health unto her majesty!" Trump wants a UK/US trade deal. Bravo! »

02 June 2019


Feed You can follow this conversation by subscribing to the comment feed for this post.


I am wondering what Larry Johnson and others make of this recent analysis by b at Moon of Alabama: to wit, that there is an existing log of communications between Obama administration and Putin government the publication of which would clearly exculpate Russia from these accusations?


This information would seem to corroborate and help explain the utterly ridiculous chain-of-evidence collapse and timeline at the basis of Comey's "investigation" of the DNC leak.


I read some of the McCabe testimony and recall an interchange in which he said the FBI was determined to get hold of two laptops (which had been used to sort the emails into those deemed relevant to the investigation, and those not) and that the FBI would not close the investigation until they had. It came up as an example of FBI/DoJ differences - FBI wanting to subpoena the Doj preferring to negotiate for access - in the end they did get the units by negotiation. What I did not see (I did not read all of it) was any mention of efforts to get the servers.
My question to all is has anyone else seen anything on attempts to get the servers or, if none, why the same effort had not been made?


Here's a question that seemingly goes unanswered when anyone writes about the hack of the DNC servers - How did the FBI even know the DNC servers had been compromised in the first place? How did they know to warn them?

The DNC is a private corporation NOT a government entity. Are all registered political corporations tethered to a governmental system by law or by contract that the FBI is monitoring? If so, what is that system and why?

If not, then how did the FBI even know their system was compromised?

The reading public is left to assume a lot in how the FBI even knew to warn them a full 10 months before the FBI's vendor, Crowdstrike, released its hack report.

Larry, can you or Bill answer this question? If they have a contract of some sort for monitoring the corporate political parties great. It'd be nice to know. But if they don't, then how in the world did they know to warn them?

Larry Johnson

I'm not sure I have an answer. You ask an excellent question. Let me give it some thought. I think you are on to another part of the lie.


Funny that! I can't imagine the DNC, let alone any other private entity, permitting the FBI to monitor their systems daily activity 365 days out of the year. If they do, well, how stupid of them. If they don't then indeed St Comey may have told the biggest lie of them all. Crazy.

I sincerely look forward to reading what you learn.

You're doing great work here and I thank the good Colonel for hosting you.


Larry, would you along the lines give some thought to the argument, considering time frames between FBI alert as published and discovery. Ideally what additional "IT intelligence" may have resulted from cutting servers and whatever connected periphery, at, at what point in time?, off and analyze it.

JJ may want to know.


At this point I wonder if it's even true that the DNC was hacked in August, 2015. Could a false accusation have been planted to serve as a component of the plan to subvert Trump's candidacy/presidency?

The DNC/Clinton campaign's "Pied Piper" strategy to promote Trump, Cruz and Carson (thinking either of them would be the easiest for her to defeat) was launched in April, 2015. Cruz announced in March, 2015. Carson in May, 2015. Trump announced in June 2015. How did the DNC/Clinton camp even know Carson would be a candidate a month before his announcement, or that Trump would be a candidate 2 months before he announced?

I hope AG Barr and US Att'y. Durham are digging deeply.


Correction: I've discovered that both Trump and Carson launched "exploratory" committees in March 2015, so the possibilities of their candidacies were known by the time of the April 2015 Pied Piper memo.

The Twisted Genius

h, you're absolutely right. The standard position for private corporations and groups is to keep the Feds at arms length from their systems, even when they are hacked. They prefer to eat the losses rather than have the Feds nosing around their business. The DNC was no different. After Clinton's email mess and the NYC FBI office's role in leaking info to RNC operatives, the DNC had no desire to allow the FBI in. They also had no desire to shut down their systems to deal with the breach in the critical months before the election. Obviously they did not have a disaster recovery plan.

In addition to the INFRAGARD effort, the FBI made another effort to address this reticence to deal with the FBI. The National Cyber Forensics Training Alliance (NCFTA) was established in Pittsburgh in 2002. The NCFTA was quite successful in establishing a trusting relationship between the corporate and LE worlds. I knew the agent who set this up as a non-profit corporation. He was one sharp, non-traditional FBI agent. It's one of the few challenge coins I treasure.


An FBI agent first told the DNC about an APT29 breach of their system in September 2015. This wasn't the GRU breach which began the following Spring. Unfortunately they dropped the ball. This agent only contacted the DNC IT department several times over the next few months and didn't push the issue. Contact should have been made at a much higher level on both sides, even though the DNC was never required to let the FBI in. The FBI found this APT29 breach because they were following those hackers' activities since their brazen attacks on the JCS and DOS systems the previous year. These were the hackers the Dutch AIVD were also watching.


What do you make of the New York Times article here, https://www.nytimes.com/2017/01/06/us/politics/russia-hack-report.html saying that GCHQ was the source of the original alert on the DNC hack? Doesn't that provide an interesting lead in sourcing this entire fictional novel? Fits with what you have been told about broad based surveillance activity on all 2016 candidates. Your friend, Barbara

Mark McCarty

It's clear that the intelligence community tipped off the DNC that someone there was planning to leak their emails to Wikileaks. We know that because, when Assange announced he was planning to release "material related to Hillary", Crowdstrike soon after announced a hack of the DNC and their creation Guccifer 2.0 announced he had hacked DNC emails, and was releasing them through Wikileaks. Assange had said nothing about the DNC! I believe that our intelligence agencies had been monitoring Wikileaks associates (duh!), and learned that someone (Seth?) was planning to leak DNC emails to Wikileaks. After being tipped off, the DNC brought in Crowdstrike, and they decided to concoct a hack which they would blame on "the Russians", so as to detract from the incriminating content of the emails and brand Assange as a Russian puppet.

If there was a real hack, why wasn't the NSA brought in to confirm this? They weren't, because there was no hack.

The Twisted Genius

h, as Larry said, this is an excellent question. I can speak to the methodology used firsthand. Much more attribution information is gained by looking at hacking activity along its path rather than just concentrating on forensics of the targeted system. If you can see that activity on the proxy boxes, boxes used to launch tools, boxes to where the hackers move the stolen information and, best of all, the boxes, keyboards and networks where the hackers actually sit. This is how the FBI, NSA, CYBERCOM and/or others are aggressively pursue hackers. That's the kind of evidence offered in the indictment of the GRU12 rather than any CrowdStrike's forensics.

I created a HUMINT collection team shortly after 9/11 that sought to actively infiltrate the hackers. In essence, we acted as cyber pseudo gangs. In one instance we infiltrated an international group taking part in their daily activities. In the course of these activities, we could see the hackers were operating in the network devices of a major DoD activity. Although we were never in that DoD activity’s network, we could inform them that they were hacked and could pinpoint the exact devices that were hacked. When that DoD activity still could not see how they were hacked, we were able to explain to them exactly what the hackers did and how they were able to evade discovery. The point I’m making is that we never had to view the network devices to tell they were hacked and by who. That’s how attribution is now possible with a far greater certainty than when we just relied on forensics of targeted servers.

In the case of the DNC hack, I believe it was the Dutch AIVD and GCHQ who tipped off NSA and FBI to the presence of Russian hackers in the DNC’s network.

Larry Johnson

And the FBI did nothing in the ensuring 10 months and the FBI only learned of the May "hacking" when CrowdStrike told them. Right. You believe that nonsense?

The comments to this entry are closed.

My Photo

February 2020

Sun Mon Tue Wed Thu Fri Sat
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
Blog powered by Typepad