Former US intelligence analysts: CIA allegations of Russian email hacking are baseless

qrysdonnell said:

Even if it was someone internal there would have been hacking involved to get into his personal Gmail. As head of IT for my company I could easily 'leak' anyone's work emails, but I don't have access to anyone's personal email. I'd have to hack it to get it.

Exactly. That's why I don't understand the "leak" argument.

While one can conceive that either Podesta shared his personal credentials with the IT support at the DNC, it's not terribly likely. The average semi-sensible person wouldn't share that, and you'd think Podesta would be more sensitive than average as far as knowing that he was letting someone in. Obviously, we know what went wrong with the phishing, but in my experience getting phished is not an indicator of actual stupidity.

So without that in order for someone on the inside to get it he'd either have to phish Podesta or use something like a keylogger. As this person would likely have easier access to much juicier information (insert risotto joke here) they would have gone there first.

Also, Podesta's emails being released fits the profile of what you're likely to get if you're phishing an organization with a relatively wide net. Based on what they got out of it, it's pretty clear that it wasn't something you'd risk your career or freedom over. It looks like they just got whatever they got and let the Internet/Wikileaks go through it and figure out what they could claim were horrible details. 

So, while Podesta's emails also could also have been originally carved by lizard people onto clay tablets and then transcribed by aliens from Zeta Reticuli into self aware star-dna and then uploaded to bits on the Internet by midichlorians... well, the phishing story makes the best sense.

dave23 said:

qrysdonnell said:

Even if it was someone internal there would have been hacking involved to get into his personal Gmail. As head of IT for my company I could easily 'leak' anyone's work emails, but I don't have access to anyone's personal email. I'd have to hack it to get it.

Exactly. That's why I don't understand the "leak" argument.

qrysdonnell said:

Even if it was someone internal there would have been hacking involved to get into his personal Gmail. As head of IT for my company I could easily 'leak' anyone's work emails, but I don't have access to anyone's personal email. I'd have to hack it to get it.

dave23 said:


What you request the opposite of expediting. I didn't say anything about the Russians in my question to you. No need to get distracted by who might have done what. 

It's quite simple: The contents of Podesta's personal email account were published. How could that have been a leak and not a hack.

The IT manager of an organization doesn't have access to personal emails, but the NSA does and what Assange associate Craig Murray intimates is that he has direct knowledge that the Podesta emails were leaked by an "insider" who had access to Podesta's emails collected by the NSA:

http://dissentradio.com/radio/...

Cramer is correct that Murray incorrectly identifies John Podesta as a lobbyist for Saudi Arabia.  He's a founder of the Podesta Group which lobbies for the Saudi government (as well as Russia's largest bank), but his brother Tony runs the group now.  But this doesn't preclude the possibility that John Podesta's emails were being monitored by the NSA in connection with his brother's lobbying or for other reasons.

qrysdonnell said:

While one can conceive that either Podesta shared his personal credentials with the IT support at the DNC, it's not terribly likely. The average semi-sensible person wouldn't share that, and you'd think Podesta would be more sensitive than average as far as knowing that he was letting someone in. Obviously, we know what went wrong with the phishing, but in my experience getting phished is not an indicator of actual stupidity.

So without that in order for someone on the inside to get it he'd either have to phish Podesta or use something like a keylogger. As this person would likely have easier access to much juicier information (insert risotto joke here) they would have gone there first.

Also, Podesta's emails being released fits the profile of what you're likely to get if you're phishing an organization with a relatively wide net. Based on what they got out of it, it's pretty clear that it wasn't something you'd risk your career or freedom over. It looks like they just got whatever they got and let the Internet/Wikileaks go through it and figure out what they could claim were horrible details. 

So, while Podesta's emails also could also have been originally carved by lizard people onto clay tablets and then transcribed by aliens from Zeta Reticuli into self aware star-dna and then uploaded to bits on the Internet by midichlorians... well, the phishing story makes the best sense.

dave23 said:

qrysdonnell said:

Even if it was someone internal there would have been hacking involved to get into his personal Gmail. As head of IT for my company I could easily 'leak' anyone's work emails, but I don't have access to anyone's personal email. I'd have to hack it to get it.

Exactly. That's why I don't understand the "leak" argument.

With regard to the "phishing" scenario, there is no evidence of Russian government actors, only allegations. Which takes us back to the OP:

The evidence that should be there is absent; otherwise, it would surely be brought forward, since this could be done without any danger to sources and methods. Thus, we conclude that the emails were leaked by an insider

There is evidence of phishing in the emails themselves, regardless of where the phishing efforts originated.

Paul you need to stop talking about Assange and his circle like their words at face value mean jack s***. If you're naive enough to believe this fairy tale, keep it to yourself it will be less embarrassing that way. 

pro tip: never believe a word by anyone who does a RT exclusive. In fact- assume the opposite is true. 

paulsurovell said:

The IT manager of an organization doesn't have access to personal emails, but the NSA does and what Assange associate Craig Murray intimates is that he has direct knowledge that the Podesta emails were leaked by an "insider" who had access to Podesta's emails collected by the NSA:

qrysdonnell said:

So, while Podesta's emails also could also have been originally carved by lizard people onto clay tablets and then transcribed by aliens from Zeta Reticuli into self aware star-dna and then uploaded to bits on the Internet by midichlorians... well, the phishing story makes the best sense.

FWIW, this made my evening yesterday.

0dollars2cents said:

Paul you need to stop talking about Assange and his circle like their words at face value mean jack s***. If you're naive enough to believe this fairy tale, keep it to yourself it will be less embarrassing that way. 

pro tip: never believe a word by anyone who does a RT exclusive. In fact- assume the opposite is true. 

paulsurovell said:

The IT manager of an organization doesn't have access to personal emails, but the NSA does and what Assange associate Craig Murray intimates is that he has direct knowledge that the Podesta emails were leaked by an "insider" who had access to Podesta's emails collected by the NSA:

. . . and never accept at face value what the CIA says unless it provides proof.

DaveSchmidt said:

qrysdonnell said:

So, while Podesta's emails also could also have been originally carved by lizard people onto clay tablets and then transcribed by aliens from Zeta Reticuli into self aware star-dna and then uploaded to bits on the Internet by midichlorians... well, the phishing story makes the best sense.

FWIW, this made my evening yesterday.

Thanks for pointing this out. I lol'd, as they say.

paulsurovell said:

. . . and never accept at face value what the CIA says unless it provides proof.

And don't cherry-pick facts and figures or ignore inconvenient truths (blatant evidence of phishing, for instance) to conform to a preordained conclusion.

dave23 said:

paulsurovell said:

. . . and never accept at face value what the CIA says unless it provides proof.

And don't cherry-pick facts and figures or ignore inconvenient truths (blatant evidence of phishing, for instance) to conform to a preordained conclusion.

I didn't ignore it, I addressed it.

Someone phishing could spoof the IP address of a Russian govt agency.  Proof requires more than just an e-mail.  There may be proof, but I don't think it has been made public.

From David Simon (creator of 'The Wire')

A year with some good detectives taught me that often WHAT ISN'T SAID is the actual tell. And note what isn't discussed between Trump and Comey. At no point does Trump make any concerted effort to discern whether or not Russia did in fact attempt to interfere in the election. Indeed, he notes that the claim has created a cloud over his governance -- so he can scarcely say that it isn't of real concern to him; his concern is premised in this meeting. Yet, he doesn't inquire as to what Comey and the FBI is yet discerning about Russia's role. He doesn't even do so as a means of disparaging the claim. (i.e. "I'm sure you're finding out that there's nothing to the claims of Russian interference, right?" It. Doesn't. Come. Up. 

In this regard, I am reminded of every innocent and guilty man I ever witnessed in an interrogation room. The innocent ask a multitude of questions about what the detectives know, or why the cops might think X or Y or whether Z happened to the victim. The guilty forget to inquire. They know. An old law school saw tells young trial lawyers to remind their clients to stay curious in front of a jury. There's a famous tale of a murder case in which the body of the defendant's wife had not been recovered yet he was charged with the killing. Defense attorney tells the jury in final argument there's been no crime and the supposed victim will walk through the courtroom doors in 10 seconds. 30 seconds later the door remains shut. "Ok, she isn't coming today. But the point is all of you on jury looked, and that my friends is reasonable doubt. You must acquit."

Jury comes back in twenty minutes: Guilty. Attorney goes to the foreman: "I thought I had you." Foreman: "You had me and ten others. But juror number 8 didn't look at the door, he looked at your client. And he didn't eye the door, he was examining his nails."

Even when he was completely alone with Comey, Trump didn't look at the door. He eyed his nails. It's an absolute tell. Why? Because Trump already knows that there is some fixed amount of Russian interference on his behalf, and possibly, collusion as well.

paulsurovell said:

dave23 said:
And don't cherry-pick facts and figures or ignore inconvenient truths (blatant evidence of phishing, for instance) to conform to a preordained conclusion.

I didn't ignore it, I addressed it.

No you didn't. What you wrote was, "With regard to the "phishing" scenario, there is no evidence of Russian government actors, only allegations."

My point was that there is ample evidence that it was a phishing expedition--whether by Russians or others. XKeyscore does not use phishing, therefore it seems quite obvious that this was not done by an NSA insider.

dave said:

Someone phishing could spoof the IP address of a Russian govt agency.  Proof requires more than just an e-mail.  There may be proof, but I don't think it has been made public.

True.

dave23 said:

paulsurovell said:

dave23 said:
And don't cherry-pick facts and figures or ignore inconvenient truths (blatant evidence of phishing, for instance) to conform to a preordained conclusion.

I didn't ignore it, I addressed it.

No you didn't. What you wrote was, "With regard to the "phishing" scenario, there is no evidence of Russian government actors, only allegations."

My point was that there is ample evidence that it was a phishing expedition--whether by Russians or others. XKeyscore does not use phishing, therefore it seems quite obvious that this was not done by an NSA insider.

Well, at least we agree that there is no evidence that Russia hacked Podesta.

Today, Bloomberg reported that Russian probes of electoral-related targets was far more extensive than previously reported. It reached into 39 states. 

"In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said."

https://www.bloomberg.com/poli...

Phishing doesn't match up well with IP spoofing, which while it can be used to obscure the source of an attack, it doesn't work in a situation where bidirectional communication is involved. Generally with spoofing you're interfacing with your marks via shortly lived resources hacked resources. Emails come from hacked addresses. Target web addresses are via hacked computers. The connections made by people harvesting their handiwork would generally be traceable in some way, but it would be common for people to layer connections to obfuscate their actual location.

One can also reasonably count on the NSA to understand all of this. This is not high level stuff. It's also slightly crazy to assume that the NSA is going to release nitty gritty details of why they know what they know. While I'm not going to advocate that we always trust our government, I think it's just as silly to operate from a never trust the government viewpoint.

dave23 said:

dave said:

Someone phishing could spoof the IP address of a Russian govt agency.  Proof requires more than just an e-mail.  There may be proof, but I don't think it has been made public.

True.

paulsurovell said:

Well, at least we agree that there is no evidence that Russia hacked Podesta.

Not true but if that's what you have to convince yourself of to drop the XKeyscore nonsense, then so be it.

qrysdonnell said:

Phishing doesn't match up well with IP spoofing, which while it can be used to obscure the source of an attack, it doesn't work in a situation where bidirectional communication is involved. Generally with spoofing you're interfacing with your marks via shortly lived resources hacked resources. Emails come from hacked addresses. Target web addresses are via hacked computers. The connections made by people harvesting their handiwork would generally be traceable in some way, but it would be common for people to layer connections to obfuscate their actual location.

One can also reasonably count on the NSA to understand all of this. This is not high level stuff. It's also slightly crazy to assume that the NSA is going to release nitty gritty details of why they know what they know. While I'm not going to advocate that we always trust our government, I think it's just as silly to operate from a never trust the government viewpoint.

Former high-level NSA analysts such as William Binney and Kurt Wiebe have said categorically that if the NSA has evidence that Russia hacked the DNC and Podesta they could provide that evidence without compromising sources and methods.  One reason is that the software is already in the public realm.

On the other hand, as Comey's testimony revealed, the intelligence community doesn't know who gave Wikileaks the emails.

I agree that it's silly to "never trust the government," but I think that experience shows that it is equally silly to trust the government unconditionally -- which is another way of saying that we should demand that the government provide evidence for its allegations.

This is especially important when those allegations are aimed at persuading the public that a foreign leader is developing weapons of mass destruction -- whether those weapons are physical or in cyberspace.

I don't see any reason to assume that all (or perhaps any?) of the ability to track and identify Russian actors rests in the capabilities of Xkeyscore. Binney and Wiebe, they left the NSA in 2001. They're anti data-collection advocates that have been at odds with the NSA for a long time. While I'm not going to discount their opinions of what happened at the NSA in 2001, I don't know that they're likely to have much contact with anything going on there in 2016.

As far as the cutout between Russian intelligence (or affiliated 'artist' hackers and Wikileaks) there's no reason to assume that just because Comey doesn't know the nature of the cutout that doesn't mean that Wikileaks wouldn't know the data was ultimately sourced by the Russians. It just means that the Russians would have said, we're not going to send this to you directly, but it will get to you.

As far as your march to inevitable war if Russia was guilty. I think that's a tactic that you're falling for. There's no reason to assume that cyberwar will lead to a shooting (or nuclear, let's go all the way, right) war. It's more likely to result in an economic war, and I think looking at the corruption that is currently in place in Russia that there is justification for that.

I'm not personally anti-Russia. I've traveled there in the past and have always been interested in it. That doesn't mean that I'm a fan of their current government. I do think it would be great if we had a better relationship, and we sort of did before it devolved into a gangster's paradise, but I don't think it's useful for this to be on Putin's terms. The idea that any defiance of Russia is equivalent to nuclear war is preposterous, and is essentially just letting Putin win like he's freakin' wookie or something.

paulsurovell said:

qrysdonnell said:

Phishing doesn't match up well with IP spoofing, which while it can be used to obscure the source of an attack, it doesn't work in a situation where bidirectional communication is involved. Generally with spoofing you're interfacing with your marks via shortly lived resources hacked resources. Emails come from hacked addresses. Target web addresses are via hacked computers. The connections made by people harvesting their handiwork would generally be traceable in some way, but it would be common for people to layer connections to obfuscate their actual location.

One can also reasonably count on the NSA to understand all of this. This is not high level stuff. It's also slightly crazy to assume that the NSA is going to release nitty gritty details of why they know what they know. While I'm not going to advocate that we always trust our government, I think it's just as silly to operate from a never trust the government viewpoint.

Former high-level NSA analysts such as William Binney and Kurt Wiebe have said categorically that if the NSA has evidence that Russia hacked the DNC and Podesta they could provide that evidence without compromising sources and methods.  One reason is that the software is already in the public realm.

On the other hand, as Comey's testimony revealed, the intelligence community doesn't know who gave Wikileaks the emails.

I agree that it's silly to "never trust the government," but I think that experience shows that it is equally silly to trust the government unconditionally -- which is another way of saying that we should demand that the government provide evidence for its allegations.

This is especially important when those allegations are aimed at persuading the public that a foreign leader is developing weapons of mass destruction -- whether those weapons are physical or in cyberspace.

qrysdonnell said:

I don't see any reason to assume that all (or perhaps any?) of the ability to track and identify Russian actors rests in the capabilities of Xkeyscore. Binney and Wiebe, they left the NSA in 2001. They're anti data-collection advocates that have been at odds with the NSA for a long time. While I'm not going to discount their opinions of what happened at the NSA in 2001, I don't know that they're likely to have much contact with anything going on there in 2016.

XKeyscore was disclosed in 2013.

qrysdonnell said:

As far as the cutout between Russian intelligence (or affiliated 'artist' hackers and Wikileaks) there's no reason to assume that just because Comey doesn't know the nature of the cutout that doesn't mean that Wikileaks wouldn't know the data was ultimately sourced by the Russians. It just means that the Russians would have said, we're not going to send this to you directly, but it will get to you.

The importance of this is that in addition to the CIA/NSA/FBI failure to provide evidence of the alleged hacks they admit that they don't even know who gave Wikileaks the emails.

qrysdonnell said:

As far as your march to inevitable war if Russia was guilty. I think that's a tactic that you're falling for. There's no reason to assume that cyberwar will lead to a shooting (or nuclear, let's go all the way, right) war. It's more likely to result in an economic war, and I think looking at the corruption that is currently in place in Russia that there is justification for that.

There is no "if Russia was guilty" in the constant false allegations that Russian hacking has been established as fact.

The narrative that we are under attack by the Russians, and that contacts with Russians are nefarious, are aimed at thwarting Trump's declared intentions to improve relations with Russia.  This has undermined chances to reduce tensions with Russia in Europe, to find common ground in Syria and to lower the risk of nuclear war.

qrysdonnell said:

I'm not personally anti-Russia. I've traveled there in the past and have always been interested in it. That doesn't mean that I'm a fan of their current government. I do think it would be great if we had a better relationship, and we sort of did before it devolved into a gangster's paradise, but I don't think it's useful for this to be on Putin's terms. The idea that any defiance of Russia is equivalent to nuclear war is preposterous, and is essentially just letting Putin win like he's freakin' wookie or something.

Denial of the need to work with Russia to prevent nuclear war (by intent or mistake) is equivalent to denial of the need to work to halt climate change.

agree to share source code information with Russia.

Not helpful to the Russian-hacking-of-the-DNC-and-Podesta-was-the-worst-attack-on-US-democracy-in-history-and-we-must-punish-them-for-it narrative.

http://mobile.reuters.com/arti...

Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found.

Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country. The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems.

I don't see how this undermines the suggestion that Russia was behind the attacks.

that would be because it doesn't.

dave23 said:

I don't see how this undermines the suggestion that Russia was behind the attacks.

drummerboy said:

that would be because it doesn't.

dave23 said:

I don't see how this undermines the suggestion that Russia was behind the attacks.

But it clearly undermines the "we-must-punish-them-for-it" part of what I wrote.

And sharing software secrets by major US companies with Russia at this time does undermine the credibility of the "worst-attack-on-US-democracy-in-history" part of the narrative.

But it doesn't. The two things aren't even connected. What do the business interests of US corporations (clearly they're only sharing because they stand to benefit) have ANYTHING to do with Putin's desire to ratf**k our election?

paulsurovell said:

drummerboy said:

that would be because it doesn't.

dave23 said:

I don't see how this undermines the suggestion that Russia was behind the attacks.

But it clearly undermines the "we-must-punish-them-for-it" part of what I wrote.

And sharing software secrets by major US companies with Russia at this time does undermine the credibility of the "worst-attack-on-US-democracy-in-history" part of the narrative.

drummerboy said:

But it doesn't. The two things aren't even connected. What do the business interests of US corporations (clearly they're only sharing because they stand to benefit) have ANYTHING to do with Putin's desire to ratf**k our election?

paulsurovell said:

drummerboy said:

that would be because it doesn't.

dave23 said:

I don't see how this undermines the suggestion that Russia was behind the attacks.

But it clearly undermines the "we-must-punish-them-for-it" part of what I wrote.

And sharing software secrets by major US companies with Russia at this time does undermine the credibility of the "worst-attack-on-US-democracy-in-history" part of the narrative.

Focus on the words "punish them" and maybe you'll see a connection.

The last line of the article pretty much sums it all up.

dave23 said:

The last line of the article pretty much sums it all up.

But if the alleged Russian hacking was really "in political terms, the crime of the century" don't you think our Govt would use sanctions to stop this transfer of sensitive cyber security software?

ETA i.e to "punish" Russia?