The Washington Post reported Thursday that unsealed court documents proved Russian hackers stole Democratic National Committee (DNC) emails in 2016. However, the report’s authors admit they have no physical evidence, only supposition.
The Washington Post’s article on unsealed documents from Webzilla founder and Russian businessman Aleksej Gubarev’s lawsuit against BuzzFeed makes a very leading suggestion in its headline: “Documents shed light on Russian hacking of Democratic Party leaders.”
However, this is a gross misrepresentation of not only the contents of the files, but also of the text of the article itself, which doesn’t support the claim in the headline: that the DNC’s emails, and those of its leaders, were hacked by Russians, Jim Kavanagh, the editor of thepolemicist.net, told Radio Sputnik’s Loud and Clear Friday.
In January 2017, BuzzFeed published former MI6 agent Christopher Steele’s now-eponymous dossier on US President-Elect Donald Trump and many of his close confidants just days before Trump was sworn in as head of state. That 35-page dossier, its contents unverified, was taken as fact by politicos desperate to prove a Russian connection to Trump’s campaign and his electoral victory the previous November. Included in the dossier were claims that Gubarev had helped facilitate the hacking of the DNC’s server by hacking group Guccifer 2.0 sometime in the spring of 2016.
Gubarev’s ongoing lawsuit alleges BuzzFeed defamed him by publishing the univerified report. US District Court Judge Ursula Ungaro, who presides over the case, ordered the vast majority of the case’s documents unsealed on Thursday, following a request by the New York Times. Included was a deposition from May 2018 by Anthony Ferrante, global head of cybersecurity at FTI Consulting and a former chief of staff of the FBI’s Cyber Division.
Ferrante’s report concludes that “technical evidence suggests that [hacking group] Fancy Bear used XBT infrastructure to support malicious spear phishing campaigns against the Democratic Party leadership” resulting in the theft of emails from Hillary Clinton campaign chair John Podesta, and in the past used internet addresses owned by XBT, which is Webzilla’s parent company.
When those emails were published by DCLeaks and WikiLeaks over the summer and fall of 2016, it sent shockwaves throughout the country, as the Democratic Party’s dirty laundry was aired for the world to see, including the extent to which party operatives had gone to help Clinton defeat her opponents.
Evan Fray-Witzer, Gubarev’s lawyer, ridiculed the report, saying that having spent $4.5 million to try and prove the dossier’s allegations and failed to do so, “they pivoted to try and show that our networks might have been used — and they didn’t even prove that conclusion.”
“Trying to blame XBT for this is like trying to blame Verizon for everything bad that happens on the Internet because they happen to own some of the fiber cables,” he told the Washington Post.
“It’s just like a phone number,” Kavanagh told Sputnik hosts John Kiriakou and Brian Becker. “Anybody who’s a halfway-decent hacker can fake an IP address, especially since it seems like these were Tor addresses, which — it’s an anonymizing internet browser, the purpose of it is to anonymize it — so these really are nothing; they’re headlines, they’re suggestions.”
Kavanagh noted that some of the key assumptions underpinning the report’s entire argument had been verified by entities with a vested interest in Ukraine.
“Throughout the thing, there’s the assumption that ‘Fancy Bear’ — that’s Russian intelligence,” Kavanagh said, noting that “a lot of people have done work on this and showed that’s not to be taken for granted. It was Crowdstrike, who has an interest in this, who identified Fancy Bear as Russian.”
Kiriakou noted a 2017 report by William Binney, a former National Security Agency technical director who became a whistleblower and sharp critic of the agency in 2001. Binney’s group, Veteran Intelligence Professionals for Sanity, wrote a memo to US President Donald Trump in July 2017 in which they explained that the evidence points not to a remote hack, but to theft at the source — a whistleblower.
“Forensic studies of ‘Russian hacking’ into Democratic National Committee computers last year reveal that on July 5, 2016, data was leaked (not hacked) by a person with physical access to DNC computer,” the memo states. “Key among the findings of the independent forensic investigations is the conclusion that the DNC data was copied onto a storage device at a speed that far exceeds an Internet capability for a remote hack.”
That server was examined by Crowdstrike, but never looked at by the FBI, which trusted the findings of the private security firm, which was employed by the Democratic Party.
However, that’s not true of Podesta’s emails, which the article claims were grabbed during a phishing attack — a claim to which Kavanagh gave more credit.
“Podesta was hacked when he or an aide clicked on a malicious link in an email. The link was created on a server belonging to Root S.A., which is owned by XBT,” the Post notes.
That said, the report further hedges the claim: “FTI cannot definitively state that the [link]. . . was ever sent to or received by John Podesta,” but technical evidence shows the link was created “with the intent” to steal Podesta’s email credentials as part of the campaign against the Democratic Party leadership, according to Ferrante.
The analyst further testified that “the malicious cyber activity described in the Steele dossier was facilitated by using their [XBT Webzilla] infrastructure,” but also that he had “no evidence of them actually sitting behind a keyboard.”
“This guy’s really smart,” Kavanagh said, “because he can look at a number and say, ‘I know what the intent of the person who invented that number is.'”