On WikiLeaks Email Releases, Mueller Team Ignored Findings Of Former US Intelligence Officials
Special Counsel Robert Mueller’s report on an investigation into alleged Russian efforts to meddle in the 2016 presidential election does not confirm, without a doubt, that Russian intelligence agents or individuals tied to Russian intelligence agencies passed on emails from Hillary Clinton’s campaign to WikiLeaks.
Mueller’s team highlighted statements from WikiLeaks on Twitter about former Democratic National Committee (DNC) staff member Seth Rich, which seemed to relate to the alleged source of emails and documents the organization published. Yet, more explicit claims from WikiLeaks founder Julian Assange on the source of emails from Clinton campaign chairman John Podesta were not addressed in the report.
A group of former military and intelligence officials, Veteran Intelligence Professionals for Sanity (VIPS), conducted their own forensic tests that received a bit of attention in the United States press because they were some of the first people with prior backgrounds in government to question the central allegations of hacking into DNC servers. They asserted their examinations of the files showed DNC emails published by WikiLeaks were leaked, not hacked.
However, the Mueller report makes no mention of the claims made by VIPS over the past two to three years—not even to debunk them.
The report stated, “Unit 26165 officers appear to have stolen thousands of emails and attachments, which were later released by WikiLeaks in July 2016.” But “appear to have” indicates the team did not have incontrovertible proof. They could only speculate.
“The Office cannot rule out that stolen documents were transferred to WikiLeaks through intermediaries, who visited during the summer of 2016,” the report acknowledged. “For example, public reporting identified Andrew Müller-Maguhn as a WikiLeaks associate who may have assisted with the transfer of these stolen documents to WikiLeaks.”
Yet, this is wildly misleading. The source for this example is a 2018 profile of Müller-Maguhn by journalist Ellen Nakashima that was published by the Washington Post. Müller-Maguhn told Nakashima it “would be insane” for him to hand deliver sensitive files, especially when the CIA has labeled WikiLeaks a “non-state hostile intelligence service.”
“How many of you wouldn’t be scared shitless by the head of the CIA declaring you the next target?” he said.
Müller-Maguhn, who met Assange through the Chaos Computer Club in 2007 and sits on the board of the Wau Holland foundation, characterized this allegation as a “lame attempt” by U.S. intelligence agencies to hurt the foundation so they cut off their tax-free donations to WikiLeaks in Europe.
Assange held a press conference in January 2017, where he responded to the intelligence community assessment on alleged Russian hacking. The media organization urged skepticism toward the assertion that publications of DNC and Hillary Clinton campaign emails were connected to alleged hacking operations.
“Even if you accept that the Russian intelligence services hacked Democratic Party institutions, as it is normal for the major intelligence services to hack each others’ major political parties on a constant basis to obtain intelligence,” you have to ask, “what was the intent of those Russian hacks? And do they connect to our publications? Or is it simply incidental?” Assange said.
Assange accused U.S. intelligence agencies of deliberately obscuring the timeline. He said they did not know when the DNC was hacked.
“The U.S. intelligence community is not aware of when WikiLeaks obtained its material or when the sequencing of our material was done or how we obtained our material directly. So there seems to be a great fog in the connection to WikiLeaks,” Assange declared.
He added, “As we have already stated, WikiLeaks sources in relation to the Podesta emails and the DNC leak are not members of any government. They are not state parties. They do not come from the Russian government.”
“The [Clinton campaign] emails that we released during the election dated up to March [2016]. U.S. intelligence services and consultants for the DNC say Russian intelligence services started hacking DNC in 2015. Now, Trump is clearly not on the horizon in any substantial manner in 2015,” Assange additionally concluded.
There is a statement in the Mueller report that begins, “Although it is clear that the stolen DNC and Podesta documents were transferred from the GRU to WikiLeaks…” It cuts off there because the rest was redacted to supposedly protect an “investigative technique.” The formulation of the sentence definitely suggests the Mueller team made a statement reflecting doubts around what happened with WikiLeaks.
In early 2017, Assange was willing to “provide technical evidence and discussion regarding who did not engage in the DNC releases.” He also was willing—before the release of “Vault 7” materials—to help U.S. agencies address “clear flaws in security systems” that led the U.S. cyber weapons program to be compromised.
When Democratic Senator Mark Warner learned Justice Department official Bruce Ohr was negotiating some kind of a deal for limited immunity and a limited commitment from Assange, he urged Comey to intervene.
A potential deal with Assange was killed, the “Vault 7” files were eventually published, and no testimony was ever collected that would have helped the Mueller team gain a better understanding of what happened with the DNC and Clinton campaign email publications.
Bill Binney, former National Security Agency technical director for world geopolitical and military analysis and co-founder of NSA’s Signals Intelligence Automation Research Center, conducted forensic examinations of the files posted by the Guccifer 2.0 persona as well as WikiLeaks. He was the principal author of multiple memos that significantly undermined key allegations. But no one from Mueller’s team ever contacted Binney or Ed Loomis, who also is a former technical director at NSA, to interview them about their findings.
In a published memo addressed to Attorney General Bill Barr, the steering group for VIPS, which includes Binney and Loomis, declared, “We have scrutinized publicly available physical data — the ‘trail’ that every cyber operation leaves behind. And we have had support from highly experienced independent forensic investigators who, like us, have no axes to grind. We can prove that the conventional-wisdom story about Russian-hacking-DNC-emails-for-WikiLeaks is false.”
“Drawing largely on the unique expertise of two VIPS scientists who worked for a combined total of 70 years at the National Security Agency and became Technical Directors there, we have regularly published our findings. But we have been deprived of a hearing in mainstream media — an experience painfully reminiscent of what we had to endure when we exposed the corruption of intelligence before the attack on Iraq 16 years ago,” the group added.
The DNC files published by WikiLeaks, according to a forensic examination by VIPS, show data was “transferred to an external storage device, such as a thumb drive, before WikiLeaks posted them.”
VIPS drew this conclusion based on something called the File Allocation Table (FAT) system property. This is a “method of organization.” If the files were received as a hack, “the last modified times on the files would be a random mixture of odd-and-even-ending numbers.” However, the “last modified” time stamps for the WikiLeaks DNC files each end in even numbers.
“We have examined 500 DNC email files stored on the Wikileaks site,” the memo indicated. “All 500 files end in an even number—2, 4, 6, 8 or 0. If those files had been hacked over the Internet, there would be an equal probability of the timestamp ending in an odd number. The random probability that FAT was not used is one chance in two to the 500th power. Thus, these data show that the DNC emails posted by WikiLeaks went through a storage device, like a thumb drive, and were physically moved before Wikileaks posted the emails on the World Wide Web.”
On the Podesta emails, Binney said the FAT file format was not introduced by WikiLeaks. The media organization did not have a standard procedure. But it still means the files were put on a removable storage device or CD-ROM, physically transported, and then posted.
The former officials additionally claim the Guccifer 2.0 persona published a document that was “synthetically tainted with ‘Russian fingerprints.’” Primarily, they assert this because the Guccifer 2.0 data was transferred with an Internet connection speed faster than what is possible from remote online Internet connections. The transfer rate was “as high as 49.1 megabytes per second,” which coincided with “the rate that copying onto a thumb drive could accommodate.”
As part of the “Vault 7” materials published by WikiLeaks on March 31, 2017, the media organization revealed the Marble Framework. This was described as a tool for hampering “forensic investigators and anti-virus companies from attributing viruses, trojans, and hacking attacks to the CIA.”
“The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi,” WikiLeaks described. “This would permit a forensic attribution double game, for example, by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion—but there are other possibilities, such as hiding fake error messages.”
VIPS contends that whoever engaged in the activity referred to as “Russian hacking” actually used an obfuscator to make it seem like the Russians were responsible.
“The timestamps we were getting from Guccifer internally in the data were showing places like east coast in the U.S. and the central time in the U.S. Also one in the west coast. So the time stamping isn’t there for being anywhere outside the U.S.,” Binney told Shadowproof.” “[But] once you have a fabricator, you have to find some way of proving everything about him, and you know we can’t really prove that that’s not also a fabrication.”
The Mueller report, however, does not contemplate the possibility that someone or a group potentially used a special tool, similar to what the CIA employs, in order to obfuscate their acts.
Most of the technical assertions around what happened with Democratic Party computers or servers are not backed up so that a person could research the claims and validate them. On the other hand, Binney points out that is not the case with VIPS claims.
“The stuff we looked at is out there on the web for everybody to go look and verify for themselves,” Binney said. “The stuff they’re talking about we don’t even see. How can you have any confidence in anything like that, especially when they don’t address the things you can see and anybody can go look at it?”
Furthermore, former FBI director James Comey said “multiple requests” were made at “different levels” for access to Democratic servers. Ultimately, these servers, or computers, that were allegedly targeted were not taken by the FBI for their own forensic examination. They relied on the conclusions of an in-house cyber-response team working for the Democrats known as CrowdStrike.
Where the Mueller report stated the FBI “later received images of DNC servers and copies of relevant traffic logs,” they were most likely referring to the material that CrowdStrike handed over for the investigation.
“Our forensics folks would always prefer to get access to the original device or server that’s involved, so it’s the best evidence,” Comey admitted during a Senate intelligence committee hearing. And yet, the FBI allowed the Democratic Party to rebuff their request for access.
“It’s like you’re denying. You don’t want to get the firsthand evidence because then you’ll have it, and you’ll have to address it,” Binney suggested.
He added, “You can’t say the words. You have to put down the raw data that says this is why I’m saying that, and they’re not doing that.”
***
There is good reason to demand that the Mueller team show their work. Many of these same intelligence agency officials that made claims, which form the narrative for “Russiagate,” work for agencies that fabricated intelligence around so-called weapons of mass destruction in Iraq back in 2002.
Binney and Loomis, along with Thomas Drake and Kirk Wiebe, were part of the NSA Four. They were falsely accused in 2007 of leaking. As journalist Timothy Shorrock detailed, they “endured years of legal harassment for exposing the waste and fraud behind a multibillion-dollar contract for a system called Trailblazer, which was supposed to ‘revolutionize’ the way the NSA produced signals intelligence (SIGINT) in the digital age.”
According to Binney, the government backed away from targeting them because they could show the government was engaged in a malicious prosecution. Agency officials immediately tried to “confiscate everything” on their computers and fabricated allegations for a federal judge. But they had backed up all their data and could prove they were facing retaliation for their work. (Drake was later the target of an Espionage Act prosecution cooked up by the Justice Department.)
The claims made by VIPS members are easy to reject because they do not fit into the dominant narrative around what happened with the 2016 presidential election, but former U.S. Army infantry/intelligence officer & CIA presidential briefer Ray McGovern believes Binney and Loomis ought to be taken much more seriously because they helped perfect the very systems that the government relies upon to draw technical conclusions.
“When you have people like that, they deserve a modicum of trust,” McGovern argued. “When you have these people, who have absolutely no suspicion or no secret agenda, who are indisputably the best experts in this area,” even if you don’t understand every detail, you ought to seriously consider what they say.
Finally, because of NSA whistleblower Edward Snowden, McGovern said the NSA would have any evidence of hacking as a result of “dragnet coverage.” If Russia hacked, “where’s the intercepts” they should have?
Binney conversely argued it cannot be NSA data that the Mueller team relied upon to draw conclusions about Guccifer and WikiLeaks. “The NSA data, once they collect data, it’s classified. The only person that can expose classified material in the public and authorize that is the president. No one else is authorized to do that. So, if [Rod] Rosenstein and Mueller are doing that from NSA data, then they’re compromising classified information, which is a felony.”
“It’s obvious that that’s not NSA data. It is data from a third-party. It’d very likely be CrowdStrike or somebody like that,” Binney added. “Any rate, it is tainted material. They’ve never had continuous control of that information.”
The vast majority of the press throughout the world will dismiss the work of VIPS. It is quite easy because it clashes terribly with the convenient narrative that intelligence agencies and powerful elites deployed. It undermines the claims that WikiLeaks is a media organization that was compromised during the 2016 election by Russian intelligence. It fuels the notion that the Mueller team suffered from confirmation bias and then sought to find details that confirmed what intelligence agencies concluded in 2017. Anything conflicting was to be dismissed or discarded.
Yet, a review of the “Russian Hacking and Dumping Operations” does not contain much more than circumstantial evidence and speculation about WikiLeaks and Guccifer 2.0., leaving many valid questions about the timeline of events unanswered.
One small concession for Assange may be Attorney General Bill Barr’s statement that can apply to WikiLeaks as much as individuals who worked for the Trump campaign. “Under applicable law, publication of these types of materials would not be criminal unless the publisher also participated in the underlying hacking conspiracy.”
While Democrats push for the Justice Department to add further charges against Assange and extradite him to the United States for publishing Clinton campaign and DNC emails, this points to the reality that the Justice Department would have to prove WikiLeaks was involved in stealing or hacking the materials.
With the national security apparatus so invested in this “Russiagate” narrative, they probably do not want to graft on additional charges relating to the election that would allow Assange to make discovery requests that would potentially poke additional holes in their preferred theory of events.