There’s been a lot of words written about this whole affair, but very little clarity has been achieved. I hope to provide some clarity with this post, where I put together information I’ve found on the internet to demonstrate that the DNC hack (if there even was a hack) was not the source of the Wikileaks DNC dump.
First, we need to look at the timeline.
“Late April, 2016” – DNC IT staff notice unusual network activity and notify Executives. Within 24 hours Crowdstrike, a security firm that investigates and remediates hacks, is called in and installs software to detect the source of the leaks.
June 12, 2016 – Julian Assange announces that Wikileaks is planning to release leaks of Hillary’s emails.
June 14, 2016 – The Washington Post breaks the story that the DNC was hacked. They claimed that the hackers “stole opposition research on Trump”.
June 15, 2016 – Crowdstrike released their report on the hack. They claim that “two separate Russian intelligence-affiliated adversaries [were] present in the DNC network in May 2016”. There are solid reasons to doubt their claims. (More on that in this post.)
That same day a WordPress blog run by someone using the moniker “Guccifer2.0” claimed that he had hacked the DNC and released documents “proving” the hack. (The quotes will be explained later.) He claims he gave the files to Wikileaks. He also published some, as “proof” of his hack, in his blog post. Since its creation, his blog has only published Democrat Party documents that he likely had access to through his IT work and ongoing consulting work. Normally a hacker doesn’t focus exclusively on one target to “prove” his hacking skills.
Again that same day, both The Smoking Gun and Gawker receive emails from Guccifer2.0 including the Trump opposition research document. Gawker reveals that the opposition research document was created by Warren Flood on December 19, 2015. (That name will become important later in this post.)
June 16, 2016 – Ft.com reports that “The DNC and the report’s purported author, a Democratic strategist named Warren Flood, are currently verifying whether or not the leaked file is real”.
June 23, 2016 – Lorenzo Franceschi-Bicchierai publishes an article raising questions about Guccifer2.0’s native language based on his chat sessions with him. Guccifer2.0 claims to be Romanian, but his Romanian is unusual to say the least. His use of English reveals that he’s probably not Russian either.
June 29, 2016 – ThreatConnect challenges Guccifer2.0’s claims to have hacked the DNC. They point out that “All of the documents released in Guccifer 2.0’s first two dumps had file creation dates after the Washington Post article was published based on their metadata” and “All of the .xlsx and .xls files appear to be created hours before the Guccifer 2.0 WordPress Blog was posted publicly”. Clearly there is something suspicious going on with the documents that he released.
July 22, 2016 – Wikileaks releases the first series of a bunch of documents from the DNC. The emails extend from 2015 through May 25, 2016. (This date is crucial in understanding what happened.)
September 12, 2016 – Well respected security researcher, Jeffrey Carr, cautions that the rapidly congealing Russian hacking story may not be accurate. He quotes the Washington Post to justify his position: “The intelligence community has high confidence that Russian intelligence services hacked the Democratic National Committee but does not have the same level of confidence that Russia then leaked stolen committee emails to the anti-secrecy group WikiLeaks, several administration officials said.” (Highlighting is mine.) Carr also points out that there is “zero evidence” that Fancy Bear and Cozy Bear (the two hacking groups that Crowdstrike links directly to Russian intelligence agencies) are linked to the Russian government. (Carr has written a series of useful articles about the DNC hack demonstrating how careful analysis and logical thinking can deconstruct a faulty narrative.)
October 19, 2016 – Hillary claims, during the third debate, that the Russians hacked the DNC and released the emails.
November 3, 2016 – Julian Assange publicly states that the Wikileaks DNC document dump did not come from Russians but from DNC insiders.
December 15, 2016 – Sam Biddle publishes an article in Intercept entitled Here’s The Public Evidence Russia Hacked The DNC – It’s Not Enough.
Guccifer2.0 is not a hacker, but a DNC insider named Warren Flood
Someone named Adam Carter has been researching Guccifer2.0 since the story broke. He has uncovered conclusive proof that Guccifer2.0 is not Russian, is not a hacker and IS a Democrat insider. Another researcher named tvot2 has additional information about Guccifer2.0 that concludes the case against him.
- “Within two days of the Russians and CrowdStrike being brought into the picture (mentioned a day earlier in the DNC announcement,) guccifer2.wordpress.com appeared out of nowhere claiming she/he wasn’t Russian, and directly mentioning CrowdStrike as having gotten it wrong.”
- Julian Assange and Craig Murray have both refuted claims from Guccifer2.0 that he was their source for the leaked emails.
- The date that the Wikileaks emails stopped (May 25, 2016) is at least a month after Crowdstrike was called in. Are we to believe that by May 25 the hackers still had access to the network despite Crowdstrike being there for a full month? It’ s much more likely that an insider with access simply handed them over to Wikileaks.
- As an IT specialist, Warren Flood had access to every document on the DNC servers. He didn’t need to hack them. He could simply copy them.
- Obvious alterations to the released documents demonstrate that Guccifer2.0 wanted people to believe the documents were released by a Russian
- Guccifer2.0’s use of language indicates that he is probably a native English speaker trying to masquerade as a Romanian and conceal his native language roots
- Guccifer2.0’s claimed method of hacking the DNC, NGP-VAN, was proven “impossible” by ThreatConnect.
- The metadata in the documents Guccifer2.0 proves that Warren Block created them. As you can see, the document was created by Warren Flood just 30 minutes before being modified to appear that it was created by a Russian and on the same day that the documents were published by Guccifer2.0.
Created by Warren Flood on 15th of June at 13:38
Modified by Феликс Эдмундович on 15th of June at 14:08
The modified by name is Felix Dzerzhinsky. Dzerzhinsky was a Polish/Russian Bolshevik who died in 1926. He was the founder and first director of the Russian Secret Police. He obviously could not have edited a document created in 2016.
Who is Warren Flood? His LinkedIn profile says he works for Bright Blue Data LLC but previously worked for Obama For America, the DNC and the White House – Executive Office of the President. His blog profile says he worked in the 2008 and 2012 Obama campaigns as a data analytics person and worked in the White House as VP Biden’s Technology Director. His about page on BrightBlueData.com says:
What started as a single volunteer hour for Barack Obama’s presidential campaign in 2007, quickly grew into a series of dream jobs for me, including: National Regional Data Director for Obama for America in 2008, Information Systems & Technology Director for Vice President Biden’s office at the White House, National Targeting Generalist for the Democratic National Committee in 2010, and Analytics Strategic Projects Director for Obama for America in 2012.
So why would Warren Flood, a DNC and Obama insider, create a persona and claim to have hacked the DNC? Study the timeline. In April, 2016, the DNC knew that they had been hacked. Crowdstrike would have identified any documents that could be confirmed to have been stolen by the hackers. On June 12, Assange announces that he is preparing to release emails exposing Hillary Clinton. Three days later Crowdstrike announces “the Russians did it” and Guccifer2.0 claims he did it, leaving breadcrumbs strewn all over the documents suggesting that he’s Russian. One of the documents released was authored by Warren Flood in 2015, but no one looks at the metadata in the other documents. They assume that Guccifer2.0 is telling the truth and further assume that he’s aligned with the Russians. The narrative is underway. The media will carry it forward, completely convinced that the Russians did it.
Who benefits from that narrative? Hillary Clinton and the Democrats. By blaming the Russians, the discussion of the content of the documents on Wikileaks is subsumed in the outrage of the Russians “hacking our elections”. A convenient excuse for losing then appears after the shocking results of the election, and the left, feeling that the election was “stolen” from them, justifies violence and outrage, protests and #resistance against the duly elected President of the United States.
So we come to March, 2017. The Russian story is still front and center, and the truth of what happened is buried. Will it ever come to light?
In my opinion, the DNC hired Flood to create a persona that could be used to point at the Russians. They also convinced Crowdstrike to write its report in such a way as to confirm that the Russians were involved. The FBI has never asked to examine their servers, because they didn’t want an alternate narrative getting out.
UPDATE: Thanks to reader Fofoa for pointing out my date error in the next to last paragraph. (I wrote March 2016 instead of March 2017.) It now appears that Julian Assange has all but admitted that Seth Rich, the DNC staffer who was murdered in Washington, D.C. on July 10, 2016, was at least one source of the emails that Wikileaks posted. Hat tip to @matthewpellis for the info. Since Wikileaks released the emails on July 22, that raises the question of how someone might have known that Rich had leaked them. Did Crowdstrike tip off the DNC? Reading the article, he seems like an unlikely source. He was considering joining the Hillary campaign. The leakers were more likely to be altruistic Bernie supporters angry about how he was treated by the DNC.
Second UPDATE: A new file metadata analysis seems to be pretty conclusive proof that the DNC files were stolen by an insider and not by hackers.