In a post at Gateway Pundit on 6 March, Joe Hoft notes some pushback to a Los Angeles Times story, which suggests that the cyber security firm CrowdStrike is putting daylight between itself and the well-worn claims that, in July 2016, Russian cyber-thieves handed Democratic Party documents over to WikiLeaks.
The wording used by CrowdStrike’s lawyers makes clear what CrowdStrike wants to establish: that the company itself never advanced the theory about the Russians and WikiLeaks. Following a brief back-and-forth with LAT, CrowdStrike’s counsel provided a statement that concluded with this language (emphasis by Gateway Pundit):
CrowdStrike was hired by the DNC to respond to the suspected breach of its servers, and did not do any investigations around the release of the information [i.e., the public release via WikiLeaks].
As a refresher, this was the story with Guccifer 2.0 supposedly abstracting files from the DNC system and later distributing them via several methods. One was forwarding a small batch of them to two media outlets (Gawker and The Smoking Gun) in June 2016. Another was setting up the website DCLeaks and publishing files there.
Which Candidate Do You Support in the Republican Primaries?
Guccifer 2.0 was also in contact with WikiLeaks in the summer of 2016, and WikiLeaks released batches of DNC files in July 2016, as well as batches of John Podesta’s emails, most of them about the Clinton campaign, in October and November 2016.
“U.S. intelligence” was said to be convinced Guccifer 2.0 was actually the Russians. In this case, it was supposedly Russian military intelligence (the GRU), the organization thought to be behind the “advanced persistent threat” (APT28) known as Fancy Bear. Julian Assange has consistently said WikiLeaks did not receive the released Democratic material from the Russians.
These points bring us up to speed on the story Gateway Pundit updated. Keep in mind also that the DNC intrusion CrowdStrike was brought in on started with the phishing of John Podesta, chairman of the Hillary Clinton campaign, in March 2016, and expanded into the DNC and DCCC by early April.
This timeline refers to Fancy Bear’s attack. Cozy Bear, or APT29, another Russian cyber threat, had been on the DNC system since July 2015.
CrowdStrike was brought in shortly after top DNC officials held an emergency meeting (29 April 2016) on discovery of the malicious activity on their system. The CrowdStrike experts diagnosed the presence of threat tools “Cozy Bear” and “Fancy Bear” the next day, and by 5 May had installed a monitoring package on the DNC IT system.
However, emails stolen from the DNC system by Fancy Bear continued with dates through 25 May 2016. In fact, more than half of the emails later published from the DNC haul occurred between 5 and 25 May 2016 – after CrowdStrike began monitoring the DNC system.
And that’s a perfect, head-scratching note on which to head for our next topic.
The pivotal significance of the latest, seemingly marginal move by CrowdStrike – choosing to emphasize that CrowdStrike itself never said the Russians were connected to the WikiLeaks releases – is that it increases the doubt surrounding the U.S. intelligence assessment that Guccifer 2.0 was a persona created by the Russians to publicize material from the DNC hacking campaign.
I plan to address the specific doubt about Guccifer 2.0 in Part II of this pair of articles. It’s the (slightly) lesser of the concerns that arise with the fresh look emerging in early 2020.
The greater concern is a separate but related one that was highlighted briefly in January 2020, when it was announced that James Comey is being investigated for his apparent unauthorized disclosure of classified information about Democratic emails in the spring of 2016.
This concern is related, both because it too is about the Democratic emails from that period, and because so much doubt now attends the official narrative, once we start looking at the other facts in evidence.
The kompromat on Loretta Lynch, again
The particular element of the narrative is Comey’s claim, first aired publicly in April of 2017, that he became aware in early 2016 of what looked like kompromat on Loretta Lynch as regards the FBI review of Hillary Clinton’s emails “matter.”
Extended treatment of this episode has been done here and here. Comey’s story is that he feared the eventual exposure of supposed “Russian intelligence” suggesting that Lynch was in the tank for Hillary, and wouldn’t let the investigation “go too far.” The source for the Russians’ intelligence was said to be an email from Debbie Wasserman Schultz, then the chair of the DNC, to a man named Leonard Bernardo at the Open Society Foundations. In it, Wasserman Schultz supposedly told Bernardo that Lynch had communicated the vow of “not going too far” to Hillary’s national political director, Amanda Renteria.
Comey’s tale hasn’t seemed to have a consistent emphasis as regards the validity of this “intelligence.” But his bottom line has been that he worried the “intelligence” could be exposed, and therefore, whether valid or not, could make the decision about Hillary’s email “matter” look compromised – if Lynch were to be directly associated with it.
That’s all very well for the narrative. But ever since the first report on this wrinkle of Spygate/Russiagate, I have had serious questions about why the FBI would need to be in a dither over it. The existence (if not the contents) of an email between Wasserman Schultz and Leonard Bernardo shouldn’t be that hard to track down.
Moreover, as discussed in my 27 February article, it has been a huge part of the Russiagate narrative that the Russians were, in fact, hacking into precisely the email communications that would have handed them such an exchange in (or just before) March of 2016, when Comey said he became aware of the “Russian intelligence.”
If, as Comey claimed, the Russian intelligence on the DWS-Bernardo email contained the specifics indicated, what occasion was there for the FBI to be in the dark for months about whether the Russians’ data point was possible and how to vet it?
Oddly placed uncertainty from Comey, with the massive Russian hacking going on
Consider how very much the Russians were reportedly known to be hacking into the DNC system. By July of 2015, the Cozy Bear APT was established on the DNC system, according to a lawsuit filed by the DNC in April 2018. (CrowdStrike analyst Robert Johnston has said the Cozy Bear infiltration attempts started earlier, in May 2015.) What Cozy Bear was yielding to the Russians was a trove of emails, direct messages, VOIPs, etc. sent and received by DNC users. In March 2016, Cozy Bear was in at least its eighth month of funneling this data off to the Russians.
Dutch intelligence, moreover, was informing the FBI about this intrusion at each step along the way. The American public didn’t find out about that until January of 2018. But Comey knew it when it started in 2015.
When we learned in January 2020 that the specific kompromat on Lynch was Russian intelligence that had come to us through Dutch intelligence – a detail noted in the reporting that Comey was under investigation – it seemed pretty obvious that the source of the intelligence the Russians gained through looking at Debbie Wasserman Schultz’s email traffic would probably have been Cozy Bear.
In other words, the “mysterious” source of the Russian intelligence has been there in plain sight all along. It hasn’t just been there; it’s been emphasized to us in flaming capital letters by the media, the FBI, the DOJ, and Democratic politicians: RUSSIA WAS HACKING THE DNC! The FBI knew it!
Yet somehow, the Russians getting hold of an email about the Hillary campaign from Debbie Wasserman Schultz was too confusing and troubling an event for Comey to process. All he could do for months – no, years – thereafter was worry about whether it meant something.
Now, granted, DWS undoubtedly had other email accounts, and could have communicated with Bernardo through one of them, rather than her DNC email account. (That’s not what the reporting on this has implied, but let us cover all the bases.) About her congressional email accounts, we know for sure that the Pakistani Awan family had unhindered access to them throughout this period.
It’s also a very good bet that DWS sent things to herself back and forth between her different email accounts, including private ones, which would have exposed all of them at some point to Cozy Bear. That isn’t proof that the Russians were reading her other email accounts, but it certainly means there was ready opportunity for the Russians to identify and hack them. If you’re James Comey, or at least an FBI director with his resources at your fingertips, it shouldn’t take you more than 30 seconds to recognize that and know what to do.
But there’s more. The kompromat allegation has been presented, in some tellings, as if it looked more like a Russian interpretation of signs from or about Wasserman Schultz than a faithful repetition of something she said (see my analysis from April 2018). In that case, we would want to know what Chuck Grassley wanted to know back in April of 2017, when he asked the DOJ and FBI to respond to him about the matter. Grassley wanted to know if Renteria, Bernardo, or Lynch had been interviewed.
The double-down with Fancy Bear wasn’t a clue?
A related question would be whether the Russians had developed an interest in Renteria, then a Hillary campaign official, and if they might be trying to monitor her, either as a prelude to drawing the conclusion in their “intelligence,” or as a follow-up to it.
And what do you know – the Russians were indeed interested in Renteria. In fact, the FBI had every facility to know that. After the phishing hook of John Podesta on 19 March, the FBI watched Fancy Bear mount a barrage of probes between 22 and 24 March of 2016, and according to the cyber-security firm Secureworks a significant percentage of those attacks were on top officials of the Hillary Clinton campaign. The first position in Secureworks’s list of targets was Amanda Renteria’s: national political director.
The public didn’t know who was targeted in the Hillary campaign until the Secureworks report came out on 16 June 2016. But the FBI, watching it happen, knew who was targeted at the time it was happening (and reportedly briefed the Clinton campaign on it in late March or early April).
The point is not that knowing this would by itself have enabled Comey to verify or discredit the Russian intelligence, per se. Knowing since July 2015 about Cozy Bear, and watching an attacker – identified within weeks as Fancy Bear – mounting phishing attacks on the Clinton campaign, wasn’t a method of verifying whom DWS or Renteria was in email contact with.
But the whole situation was highly relevant to the question Comey has said was taxing his moral spirit during this period, about the kompromat on Lynch. And yet he and the media have been treating it for nearly three years as if there were no context of RUSSIAN HACKING! in which to evaluate the “Russian intelligence.”
That is exceptionally incongruous. So is the reporting over the last three years that the FBI repeatedly warned the DNC about the Cozy Bear threat, and the DNC failed to take it seriously. That really makes no sense, especially if Dutch intelligence was forwarding information about the Russians’ harvest from this operation to U.S. intelligence.
The FBI warnings to the DNC were probably not all merely generic or precautionary. It’s a good bet that the single piece of “intelligence” on the DWS email wasn’t the only thing the FBI got through this conduit. It’s very likely that there were prior instances – similar intelligence alerts – to defensively brief responsible Democrats on.
If nothing else, it seems like you’d inform the Democratic president, the head of his party and the nation’s chief executive, about it. But Comey speaks not only as if he didn’t do that, but as if it didn’t occur to him.
And the media let him get away with that. Democrats have let him get away with it too, seemingly more worried about whether Comey timed his public statements about Hillary’s “matter” stupidly than about whether the Russians were monitoring their party officials’ every text and email for nearly a year. Their bizarre passivity in May 2016, as CrowdStrike apparently watched the “Russians” siphon off thousands of emails from the DNC system for nearly three weeks, certainly raises the question what the heck that was all about.
Comey’s Lynch kompromat story is a particularly glaring instance in which there is a narrative being repeated that begs for contextualization with the rest of the larger narrative, and yet is retailed as if it happened in a vacuum. In this case, that looks increasingly like an excuse for Comey to not understand what would be rationally obvious about the situation.
The wonder is not that James Comey is being investigated over this now. The wonder is that he wasn’t investigated sooner.
Part II is here.