Connecting “dots”

So, a while back the Democrat National Committee hired a firm known as “CrowdStrike” to investigate what they alleged were hacks into their computer networks. This is a private firm, and not a government agency. At the same time, the FBI was refused access to investigate the hardware and software involved in what was alleged to have been a “Russian” hack. While the FBI could have easily compelled that the DNC and the DCCC turn over any evidence of Russian (or other) intrusion for national security reasons, they decided not to do this.

Subsequently, CrowdSrike was scheduled to testify in the US Congress about their report. This is the same report that “17” agencies (later admitted to be only 3) said was the basis of their conclusion that Russians hacked into a US political campaign. However, several discrepancies in CrowdStrike’s report and past reports were published and their testimony was cancelled a few days before they were set to appear.

This company’s credibility has now been largely discredited by people in the infosec community.

One of the more interesting aspects to their reporting and the various hacks is the extent to which these alleged “hackers” made themselves and their apparent nationality known by using IP addresses associated with Russia (which are available regardless of the true intruder’s nationality).

If you argue that Russia was behind these actions, then you have to conclude that they wanted to be known for having done it (which is a possibility, however remote). One interesting tidbit to this is how in John Podesta’s alleged phish, there were Cyrillic characters purposely entered into the subject, as if to sign the phish email as being Russian.

Another interesting clue that calls these claims into question was a recent claim that the files copied and published by a “Guccifer 2.0” were originally copied locally due to the timestamps. One is able to deduce the file transfer speeds that produce various timestamps for files in copied directory. A high-speed transfer is easy to distinguish as being local vs network. It’s interesting to note that this same technique was used in Sony hack to show that the files were originally copied by a local person.

So either Russians wanted it to be known that they performed these actions (as a “fuck you” to Hillary), AND they had a person locally in the DNC/DCCC, OR, someone wanted it to appear that the Russians were the culprits.

If you go back to June 2013, you will find that Hillary Clintoni was in the middle of moving her server to a location in Colorado after it’s existence had become public by the original “Guccifer” we refer to as 1.0.

It just so happens that during this time-frame in June 2013, very top secret NSA tools created by “The Equation Group” were leaked from the NSA (presumably by rogue NSA contractors) and given to a group known as “The Shadow Brokers.”

These “Shadow Brokers” wanted to earn Bitcoin from an auction of the tools, exploits, and 0-days they obtained from the NSA. This was the “keys to the kingdom,” as they say. And this intrusion had to have been local to NSA facilities, or purposely done by NSA for some reason. To facilitate the auction, they offered a “free” auction file, which included a sample of some of the tools so they could prove their origin and make it known that the paid files were worth the very large sums of money they were seeking in their “auction.”

Included in this free batch of files with a reference to module known as “TADAQUEOUS.” This code was a payload to be delivered to a Fortinet firewall device that also included VPN services.

The purpose of this code, presumably stolen in June 2013, was to break into Fortinet VPNs and ruin the security so that encrypted VPN traffic could be easily decrypted. This has not been covered by any journalists.

It just so happens that Hillary & Bill Clinton’s server used a Fortinet firewall & VPN. Gawker has published screen captures of the web client-less login page for this VPN server. The FBI’s own published reports describe the Fortinet hardware & software used. So right as the same time as Hillary is moving her co-located server to Colorado, the NSA tools that could (or would) be used to break into the server, were mysterious given/stolen away to unknown entities, years before the Shadow Brokers started trying to sell the wider tool-set & we learned of it.

The current thinking is that rogue NSA contractors potentially became compromised by Chinese counter-intelligence. If they obtained these tools, they could easily make anyone appear to have been foolish enough to click a phishing link, or break into various firewalls & VPNs to make a hacker appear to be any other nationality.

It’s further possible, perhaps even likely, that Chinese counter-intelligence officers used the OPM hack to compromise NSA contractors into doing their bidding. The OPM hack was a disclosure of every US security clearance application, including sensitive and damaging information that all US DoD/military, Congress memberes, Judges, etc. are required to submit to obtain security clearances.

Is therefore interesting that Trump would suggest partnering with Russia as a “cyber” group to not only disprove the CrowdStrike hoax, but also track down The Shadow Brokers, who may have used the NSA’s own tools to make various “hacks” and pseudo-phishing attempts appear to be Russian in origin.

There’s an interesting scene in Clancy’s book/movie, The Hunt for Red October. The Russians are saying that their sub is “missing,” but we know it’s gone rogue to defect. To counter the Russian Foreign Minister, our Secretary of State asks, “how can we help” to “find it.” If you take Putin at “his word,” you are then in the position to ask him “how we can help” disprove the claims they allege are false against them.

China benefits if the US and Russia continue to maintain tensions. And China also has a unique and sordid history with the Clintons, including a rich Chinese guy who was recently arrested and held until the election was over.

Whoever got the 2013 NSA hack had the ability to get into Clinton’s files, totally. That means that whoever did this could seriously leverage not only the Clintons, the foundation, but also the DNC, their donors, perhaps even Barack Obama himself and OFA people. And by all indications the perpetrators of this grand scheme of influence “brokering,” extorting, blackmailing, etc. would be China, not Russia. And it all traces back to the OPM hack.

It is important to note that these “Shadow Brokers” are still on the loose. They’ve not been caught. Although one Hal Martin was arrested and is thought to be connected to the group and the files taken, we know that the group remains at large with unknown files & data yet to be published.