Send a Tweet
Most Popular Choices
Poll Analyses
Share on Facebook 61 Share on Twitter Printer Friendly Page More Sharing
OpEdNews Op Eds    H2'ed 3/13/19

VIPS: Mueller's Forensics-Free Findings

By       (Page 2 of 5 pages) Become a premium member to see this article and all articles as one long page. (View How Many People Read This)   2 comments
Author 88820
Message Consortium News
Become a Fan
  (3 fans)

The media immediately awarded the ICA the status of Holy Writ, choosing to overlook an assortment of banal, full-disclosure-type caveats included in the assessment itself such as:

"When Intelligence Community analysts use words such as 'we assess' or 'we judge,' they are conveying an analytic assessment or judgment. "Judgments are not intended to imply that we have proof that shows something to be a fact. ... Assessments are based on collected information, which is often incomplete or fragmentary ... High confidence in a judgment does not imply that the assessment is a fact or a certainty; such judgments might be wrong."

To their credit, however, the authors of the ICA did make a highly germane point in introductory remarks on "cyber incident attribution." They noted: "The nature of cyberspace makes attribution of cyber operations difficult but not impossible. Every kind of cyber operation malicious or not leaves a trail." [Emphasis added.]

Forensics

The imperative is to get on that "trail" and quickly, before red herrings can be swept across it. The best way to establish attribution is to apply the methodology and processes of forensic science. Intrusions into computers leave behind discernible physical data that can be examined scientifically by forensic experts. Risk to "sources and methods" is normally not a problem.

Direct access to the actual computers is the first requirement the more so when an intrusion is termed "an act of war" and blamed on a nuclear-armed foreign government (the words used by the late Sen. John McCain and other senior officials). In testimony to the House Intelligence Committee in March 2017, former FBI Director James Comey admitted that he did not insist on physical access to the DNC computers even though, as he conceded, "best practices" dictate direct access.

In June 2017, Senate Intelligence Committee Chair Richard Burr asked Comey whether he ever had "access to the actual hardware that was hacked." Comey answered, "In the case of the DNC ... we did not have access to the devices themselves. We got relevant forensic information from a private party, a high-class entity, that had done the work." Sen. Burr followed up: "But no content? Isn't content an important part of the forensics from a counterintelligence standpoint?" Comey: "It is, although what was briefed to me by my folks ... is that they had gotten the information from the private party that they needed to understand the intrusion by the spring of 2016."

The "private party/high-class entity" to which Comey refers is CrowdStrike, a cybersecurity firm of checkered reputation and multiple conflicts of interest, including very close ties to a number of key anti-Russian organizations. Comey indicated that the DNC hired CrowdStrike in the spring of 2016.

Given the stakes involved in the Russia-gate investigation including a possible impeachment battle and greatly increased tension between Russia and the U.S. it is difficult to understand why Comey did not move quickly to seize the computer hardware so the FBI could perform an independent examination of what quickly became the major predicate for investigating election interference by Russia. Fortunately, enough data remain on the forensic "trail" to arrive at evidence-anchored conclusions. The work we have done shows the prevailing narrative to be false. We have been suggesting this for over two years. Recent forensic work significantly strengthens that conclusion.

We Do Forensics

Recent forensic examination of the Wikileaks DNC files shows they were created on 23, 25 and 26 May 2016. (On June 12, Julian Assange announced he had them; WikiLeaks published them on July 22.) We recently discovered that the files reveal a FAT (File Allocation Table) system property. This shows that the data had been transferred to an external storage device, such as a thumb drive, before WikiLeaks posted them.

FAT is a simple file system named for its method of organization, the File Allocation Table. It is used for storage only and is not related to internet transfers like hacking. Were WikiLeaks to have received the DNC files via a hack, the last modified times on the files would be a random mixture of odd- and even-ending numbers.

Why is that important? The evidence lies in the "last modified" time stamps on the Wikileaks files. When a file is stored under the FAT file system the software rounds the time to the nearest even-numbered second. Every single one of the time stamps in the DNC files on WikiLeaks' site ends in an even number.

We have examined 500 DNC email files stored on the Wikileaks site. All 500 files end in an even number -- 2, 4, 6, 8 or 0. If those files had been hacked over the Internet, there would be an equal probability of the time stamp ending in an odd number. The random probability that FAT was not used is 1 chance in 2 to the 500th power. Thus, these data show that the DNC emails posted by WikiLeaks went through a storage device, like a thumb drive, and were physically moved before Wikileaks posted the emails on the World Wide Web.

This finding alone is enough to raise reasonable doubts, for example, about Mueller's indictment of 12 Russian intelligence officers for hacking the DNC emails given to WikiLeaks. A defense attorney could easily use the forensics to argue that someone copied the DNC files to a storage device like a USB thumb drive and got them physically to WikiLeaks not electronically via a hack.

Role of NSA

Next Page  1  |  2  |  3  |  4  |  5

(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).

 

Must Read 1   Supported 1   Valuable 1  
Rate It | View Ratings

Consortium News Social Media Pages: Facebook page url on login Profile not filled in       Twitter page url on login Profile not filled in       Linkedin page url on login Profile not filled in       Instagram page url on login Profile not filled in

Consortiumnews.com was founded by Robert Parry in 1995 as the first investigative news magazine on the Internet. The site was meant to be -- and has become -- a home for important, well-reported stories and a challenge to the inept but dominant (more...)
 
Go To Commenting
The views expressed herein are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.
Writers Guidelines
Contact AuthorContact Author Contact EditorContact Editor Author PageView Authors' Articles
Support OpEdNews

OpEdNews depends upon can't survive without your help.

If you value this article and the work of OpEdNews, please either Donate or Purchase a premium membership.

STAY IN THE KNOW
If you've enjoyed this, sign up for our daily or weekly newsletter to get lots of great progressive content.
Daily Weekly     OpEdNews Newsletter
Name
Email
   (Opens new browser window)
 

Most Popular Articles by this Author:     (View All Most Popular Articles by this Author)

Did Clinton's Emails Expose CIA Agents?

A Demand for Russian "Hacking" Proof

US Intel Vets Dispute Russia Hacking Claims

VIPS to Trump: Intel on Iran Could be CATASTROPHIC

Judith Miller's Blame-Shifting Memoir

To View Comments or Join the Conversation: