Wanna have some fun? Let's go catch some bad guys with physics!
Let's start at the end and then lets up the stakes again. The Russian Fancy Bear Hackers everyone is looking for are Ukrainian nationalists in Ukraine and the USA. That's why no one can seem to find the little Ruskies anywhere. Yeah, I know, shocker. I'm channeling Babchenko on this one.
We are going to need some of these people to confess to parts of this before it's over that add up to a believable whole. That's just how I see things need to go. Are you with me?
The Pauli Exclusion Principle in Action
The first group we can take out of play is Shaltai Boltai (Humpty Dumpty). Although they are called a hacking group, even among their hacker buddies, they are known as information operation specialists. This means that anything they say they hacked was more than likely fabricated by them instead. And if you read the linked article, they make this point especially clear by themselves.
However, Shaltai Boltai does play a pivotal role in identifying Fancy Bear and the hacker groups relationship with these Russians is the only reason identification is possible. In late October 2016, 2 sets of hackers: the Ukrainian group CYBERHUNTA (consisting of FalconsFlame, RUH8, and TRINITY) and the Russian group Shaltai Boltai both supposedly hacked Russian presidential aide Vladislav Surkov at the same time, independent of each other.
We can apply the Pauli exclusion principle by segregating the moving parts. Remember only one object can be in one place at one time doing one thing.
Exhibit A- One specific group(hackers) hack(one specific action) emails(one specific set of data)in late October 2016 (one specific time) in one specific place (Vladislav Surkov email was purported to be hacked). This was credited to more than one group when only one group was present.
Since 2016, Ukrainian hackers have been credited across media for the alleged Surkov hack. But it was the Russian group Shaltai Baltai that supplied the first cache of emails to the Ukrainians at the Cyberhunta website on October 25, 2016. At the time he posted it, Lewis (Shaltai Baltai's leader) was in Kiev working with the Atlantic Council's Ukrainian hacker team.
After posting these emails, Shaltai Boltai's Lewis was tricked into returning to Moscow at the end of the year by the Russian FSB where he was arrested. The first data dump on October 25th was from Lewis. He was charged with treason for working with the US.
a) October 26, 2016(time) How the Kremlin Handles Hacks: Deny, Deny, Deny by Leonid Berishidsky- "Ukrainian hackers broke into the mailbox (action) of a top aide to Vladimir Putin (place) but found no messages with his name on it."
b) January 30, 2017, How Russian Hackers became a Kremlin Headache was an article at Bloomberg News by the same journalist, Leonid Berishidsky. During this timeframe, he corrected his assessment from Ukrainian hackers to Shaltai Boltai for the Surkov leaks. Look at the date of his first article. This was because the Ukrainians were trying to gain the notoriety for the supposed hack.
"According to the Rosbalt source, it was deemed that they'd (Shaltai Boltai) gone too far after a Ukrainian website published the contents of the official mailbox that belonged to Putin adviser Vladislav Surkov. The Rosbalt leak identifies Anikeev as "Lewis," Shaltai Boltai's leader, and claims he was responsible for the Surkov hack."
c) An American Cover Story for Russia's Undercover Hackers. An unprecedented spy saga plays out at the heart of Russia's intelligence community. " A Moscow Times source who claims to have been blackmailed by Shaltai Boltai, (group) insists the information that Shaltai gathered on him "could have been obtained only by surveillance and operative action, not just hacking." This would mean that Mikhailov could have been involved in Shaltai's activities from its founding, the source said.
In any case, in autumn 2016(time), the group got hold of thousands of messages (action) from the official email account of Vladislav Surkov (place), the coordinator of Russia's Ukraine policy, and shared it with Ukrainian news websites (2nd action)."
The article goes further to state that the current thought was Shaltai Boltai worked for American Intel. This is corroborated by their association with CyberHunta and the other Ukrainian hacking groups that work with the Atlantic Council's DFR Lab.