Swallowing Russia-Gate Hook, Line, and Sinker

Guess what. Those highly embarrassing Democratic National Committee emails published by WikiLeaks on July 22, 2016 were not hacked by the Russians, or by anyone else. This was revealed in sworn, horses’-mouth testimony of Dec. 5, 2017 before he House Intelligence Committee by the head of the cyber security firm CrowdStrike.

The testimony was published exactly a year ago on May 7, 2020. "Mainstream media" deep-sixed it.

House Intelligence Committee Chair Adam Schiff was forced to release testimony given on December 5, 2017 by Shawn Henry of CrowdStrike, the outfit to which FBI Director James Comey deferred to investigate the theft of DNC emails. The emails showed how Hillary Clinton and top DNC officials had tipped the scales against Bernie Sanders. To divert attention from that, a major campaign was launched to blame the theft on the Russians. Russia-gate was launched in earnest; Sen. John McCain called the "Russian hack" an "act of war".

But wait. Testimony taken at the end of 2017? But that’s three and half years ago. Yes.

Consumers of Establishment media – and just about everyone else – have been led to believe Russian President Putin himself had ordered the "hacking" in order to help Donald Trump win the election. But credible evidence was lacking. CrowdStrike boss Shawn Henry, a protégé of former FBI Director Robert Mueller (from 2001 to 2012), for whom Henry served as head of the FBI’s cyber crime investigations unit, testified as follows:

Ranking Member Mr. [Adam] Schiff: Do you know the date on which the Russians exfiltrated the data from the DNC? … when would that have been?

Mr. Henry: Counsel just reminded me that, as it relates to the DNC, we have indicators that data was exfiltrated from the DNC, but we have no indicators that it was exfiltrated [sic]. … There are times when we can see data exfiltrated, and we can say conclusively. But in this case, it appears it was set up to be exfiltrated, but we just don’t have the evidence that says it actually left.

Mr. [Chris] Stewart of Utah: Okay. What about the emails that everyone is so, you know, knowledgeable of? Were there also indicators that they were prepared but not evidence that they actually were exfiltrated?

Mr. Henry: There’s not evidence that they were actually exfiltrated. There’s circumstantial evidence … "We didn’t have a sensor in place that saw data leave. We said that the data left based on the circumstantial evidence. That was the conclusion that we made."

In answer to a follow-up query, Henry delivered this classic: "Sir, I was just trying to be factually accurate, that we didn’t see the data leave, but we believe it left, based on what we saw."

Inadvertently highlighting the tenuous underpinning for CrowdStrike’s "belief" that Russia hacked the DNC emails, Henry added: "There are other nation-states that collect this type of intelligence for sure, but the – what we would call the tactics and techniques were consistent with what we’d seen associated with the Russian state."


Some of the testimony remains opaque. Part of the problem is ambiguity in the word "exfiltration."

The word can denote (1) transferring data from a computer via the Internet (hacking) or (2) copying data physically to an external storage device with intent to leak it.

As we Veteran Intelligence Professionals for Sanity have been reporting since Dec. 2016, reported there has been no convincing evidence that the Russians hacked the DNC emails.

Rather, they were copied onto an external storage device by someone with access to DNC computers. Besides, any hack over the Internet would almost certainly have been discovered by the dragnet coverage of the National Security Agency and its cooperating foreign intelligence services.

Henry testified that "it appears it [the theft of DNC emails] was set up to be exfiltrated, but we just don’t have the evidence that says it actually left." This, in VIPS view, suggests that someone with access to DNC computers "set up" selected emails for transfer to an external storage device – a thumb drive, for example. The Internet is not needed for such a transfer. Use of the Internet would have been detected, enabling Henry to pinpoint any "exfiltration" over that network.

In June 2019 we learned that CrowdStrike never produced an un-redacted or final forensic report for the government because the FBI never required it to, according to the Department of Justice. Now we know why; CrowdStrike failed in its forensic hunt for the Russian hand in the (non-existent) "hack".

Preferring CrowdStrike; ’Splaining to Congress

CrowdStrike already had a tarnished reputation for credibility when the DNC and Clinton campaign chose it to do work that the FBI should have been doing to investigate how the DNC emails got to WikiLeaks. It had asserted that Russians hacked into a Ukrainian artillery app, resulting in heavy losses of howitzers in Ukraine’s struggle with separatists supported by Russia. A Voice of America report explained why CrowdStrike was forced to retract that claim.

Why did FBI Director James Comey not simply insist on access to the DNC computers? Surely he could have gotten the appropriate authorization. Reacting to media reports that the FBI never asked for access, Comey told the Senate Intelligence Committee on January 10 that there were "multiple requests at different levels" for access to the DNC servers.

"Ultimately what was agreed to is the private company would share with us what they saw," he said. Comey described CrowdStrike as a "highly respected" cybersecurity company.

Asked by committee Chairman Richard Burr (R-NC) whether direct access to the servers and devices would have helped the FBI in their investigation, Comey said it would have. "Our forensics folks would always prefer to get access to the original device or server that’s involved, so it’s the best evidence," he said.

Five months later, after Comey had been fired, Burr gave him a Mulligan in the form of a few kid-gloves, clearly well-rehearsed, questions:

BURR: And the FBI, in this case, unlike other cases that you might investigate – did you ever have access to the actual hardware that was hacked? Or did you have to rely on a third party to provide you the data that they had collected?

COMEY: In the case of the DNC, … we did not have access to the devices themselves. We got relevant forensic information from a private party, a high-class entity, that had done the work. But we didn’t get direct access.

BURR: But no content?

COMEY: Correct.

BURR: Isn’t content an important part of the forensics from a counterintelligence standpoint?

COMEY: It is, although what was briefed to me by my folks – the people who were my folks at the time is that they had gotten the information from the private party that they needed to understand the intrusion by the spring of 2016.

Comey’s Record For Veracity

Two days after his initial Senate testimony Comey signed a Foreign Intelligence Surveillance Court application to renew surveillance on Carter Page, certifying that the widely discredited information from former British spy Christopher Steele regarding Russian collusion had been “verified”. On that same day, January 12, 2017, Comey admitted in an email to then-National Intelligence Director James Clapper that the FBI was "not able to sufficiently corroborate Steele’s reporting".

Making Stuff Up About Russia

Many of my friends are huge fans of Rachel Maddow and cannot believe she, and the usually unnamed sources that feed her, are making things up. The reality is that Comey and his intelligence pals James Clapper and John Brennan ran a cottage industry producing charges against Donald Trump, charges gobbled up by those blinded by hate for the man. So what if the Russians didn’t hack, I am asked. The Russians do all manner of other heinous things; we know because we read about it in the New York Times.

I have taken to adducing a quote from John Maynard Keynes: "When my information changes, I alter my conclusions. What do you do, sir?"

What I do find helpful in keeping my sanity is watching this segment of Saturday Night Live.

If you find Russia-gate as tiresome and dreary as I do, you may wish to click on.

Ray McGovern works with Tell the Word, a publishing arm of the ecumenical Church of the Saviour in inner-city Washington. His 27-year career as a CIA analyst includes serving as Chief of the Soviet Foreign Policy Branch and preparer/briefer of the President’s Daily Brief. He is co-founder of Veteran Intelligence Professionals for Sanity (VIPS).

7 thoughts on “Swallowing Russia-Gate Hook, Line, and Sinker”

  1. Thank you, Ray! I would personally like to add “hate speech” to “…tiresome and dreary…” in your last sentence. But that could be just me.

  2. “Did CrowdStrike have proof that Russia hacked the DNC?

    “Yes, and this is also supported by the U.S. Intelligence community and independent Congressional reports.

    “Following a comprehensive investigation that CrowdStrike detailed publicly, the company concluded in May 2016 that two separate Russian intelligence-affiliated adversaries breached the DNC network.

    “To reference, CrowdStrike’s account of their DNC investigation, published on June 14, 2016, “CrowdStrike Services Inc., our Incident Response group, was called by the Democratic National Committee (DNC), the formal governing body forthe US Democratic Party, to respond to a suspected breach. We deployed our IR team and technology and immediately identified two sophisticated adversaries on the network – COZY BEAR and FANCY BEAR….

    At DNC, COZY BEAR intrusion has been identified going back to summer of
    2015, while FANCY BEAR separately breached the network in April 2016.”


    1. And you seriously think that anybody in the right mind believes Crowdstrike?

      “The dossier published by BuzzFeed had been circulating for a while; on closer inspection, it appeared to be repurposed opposition research from the doomed Jeb Bush campaign. Its author was a former British intelligence operative apparently overeager to market salacious speculation. By the end of this latest lurid installment of the Russian hacking saga, no one knew anything more than they had when the heavy-breathing allegations first began to make their way through the political press. Nevertheless, the Obama White House had expelled Russian diplomats and expanded sanctions against Putin’s regime, while the FBI continued to investigate reported contacts between Trump campaign officials and Russian intelligence operatives during the campaign.

      This latter development doesn’t exactly inspire confidence. As allegations of Russian responsibility for the DNC hack flew fast and furious, we learned that the FBI never actually carried out an independent investigation of the claims. Instead, agency officials carelessly signed off on the findings of CrowdStrike, a private cybersecurity firm retained by the Democratic National Committee. Far from establishing an airtight case for Russian espionage, CrowdStrike made a point of telling its DNC clients what it already knew they wanted to hear: after a cursory probe, it pronounced the Russians the culprits. Mainstream press outlets, primed for any faint whiff of great-power scandal and poorly versed in online threat detection, likewise treated the CrowdStrike report as all but incontrovertible.

      Other intelligence players haven’t fared much better. The Director of National Intelligence produced a risible account of an alleged Russian disinformation campaign to disrupt the 2016 presidential process, which hinged on such revelations as the state-sponsored TV news outlet Russia Today airing uncomplimentary reports on the Clinton campaign and reporting critically on the controversial U.S. oil-industry practice of fracking as a diabolical plot to expand the market for Russian natural gas exports. In a frustratingly vague statement to Congress on the report, then-DNI director James Clapper hinted at deeper and more definitive findings that proved serious and rampant Russian interference in America’s presidential balloting—but insisted that all this underlying proof must remain classified. For observers of the D.C. intelligence scene, Clapper’s performance harkened back to his role in touting definitive proof of the imminent threat of Saddam Hussein’s WMD arsenal in the run-up to the U.S. invasion of Iraq.

    2. Two questions:
      Why did they not turn over all their computers to the FBI?
      Why did the FBI not insist on the DNC turn over their computers?
      The answer is the same to both questions.

      1. Good ol’ Perry can be relied upon to try, always without any success, to counter the bulk of fact and logic that leads any reasonable person to the necessary conclusion that the Russian hack narrative was fabricated. You won’t get any good answers from him and you will certainly not persuade him. If, after all these facts and excellent articles by Ray and others, he still defends that false narrative, he is either one of those for whom preferred belief trumps fact OR completely dishonest. I suspect he trolls Ray obo the Dem. Party OR the deep state folk who began this propaganda.

  3. “There were big problems with CrowdStrike’s account. For one thing, the names of the two Russian espionage groups that CrowdStrike supposedly caught, Cozy Bear and Fancy Bear, were a fiction. Cozy Bear and Fancy Bear are what cyber monitors call “Advanced Persistent Threats,” or APTs. When investigators analyze an intrusion, they look at the tools and methods that the hackers used to get inside: source code, language settings, compiler times, time zones, IP settings, and so on. They then compare all these things against a database of previously recorded hacks that is shared among cyber professionals. If the attack fits an old profile, they assign it to an existing APT. If they find something new, they create a group and give it an official name (say, APT911) and then a cooler moniker they can throw around in their reports (say, TrumpDump).

    CrowdStrike followed the protocols for existing APTs. Its investigation of DNC servers turned up two known threat actor groups: APT28 and APT29. Depending on the cybersecurity firm doing the analysis, these two APTs have been called by all sorts of names: Pawn Storm, Sofacy, Sednit, CozyCar, The Dukes, CozyDuke, Office Monkeys. Neither of them has ever been linked by any cybersecurity firm to the Russian government with certainty. Some firms have tried—most notably FireEye, CrowdStrike’s bigger and wealthier competitor. But FireEye’s evidence was ridiculously thin and inferential—in nearly any other industry, it would have been an embarrassment.”


Comments are closed.