Evidence of Russian Election Hacking Is Inconclusive

Analysis of the information released by the US Government concerning Russian cyber activity.

Preface: I would like to clarify that the intention of this article is to analyze the publicly available evidence against Russian hacking recently released by the Department of Homeland Security. It is not my intention to defend Russia, or Russian interests. I am a patriotic American who works in cloud computing and cyber security. One of my personal goals is to help secure American infrastructure against all cyber threats, and the only reason I am writing this is to educate and inform the American public on technical matters as they relate to geopolitics.

Jan 6th Update: I’ve recently been interviewed concerning this article which you can listen to here.


On October 7th, 2016 two days before a Presidential debate, and on the same day Wikileaks released the first set of e-mails from Hillary Clinton’s campaign Chairman John Podesta, the United States Government officially accused Russia of cyber activity interfering with the 2016 election.

The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process.

The statement presents a number of conclusions without providing any sources, or evidence. The story was initially covered by the mainstream media, but was soon ignored and only recently brought up again by anonymous CIA sources through the Washington Post and The New York Times after Donald Trump won the election.

On December 29, 2016 the Department of Homeland Security and the FBI released a joint statement on the technical capabilities of software they believe the Russians might have used. Once again, without providing any evidence of direct ties to Russia or the Russian government.

The result of this statement was President Obama issuing an executive order to place sanctions on two Russian intelligence agencies, eject 35 Russian diplomats from US soil within 72-hours, as well as seizing several properties owned by Russian diplomats, and making threats of future covert actions against Russia. All of which is unprecedented for an outgoing President with less than a month left in office.

“These actions are not the sum total of our response to Russia’s aggressive activities. We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized” — President Obama

The document itself is a highly technical general security guide, and once again contains several conclusions presented as facts without evidence or proof. The document fails to identify how the DHS/FBI concluded the Russians were behind the cyber activity. The document also fails to provide proof of intrusion, intent, or what evidence they have linking it to the Russians, Wikileaks, or the impact it had on election results. What evidence they have released oddly seems to indicate they do not know who was responsible.

Without a doubt, someone sent phishing e-mails to the DNC, and John Podesta. That is an indisputable fact at this point, we even have the e-mail sent to John Podesta. What is unknown is who sent these e-mails, what their intention was, and if they used them for political purposes during the election. Since there is no evidence connecting these phishing e-mails to Wikileaks, the DNC insider narrative is still entirely possible.

Even if Russia is responsible, everything exposed about the DNC, Hillary Clinton, and John Podesta was the truth, and the content of the e-mails should not be discredited or ignored.

Further investigation, and publicly disclosed forensic evidence is warranted for any logical conclusion. What has been released so far is entirely circumstantial, and if anything is evidence that the US Government does not have the proof required to make a strong enough case against Russia or anyone else.

The most bizarre and baffling factor in all of this is the fact the US Government released hundreds of untraceable Tor IP addresses which from a technical standpoint suggests they don’t have the evidence they need to even prove this in a US court. If there isn’t enough evidence to try this in a US court, then should we really be issuing sanctions against a nuclear power?

For the sake of our country, I truly hope there is actual evidence the Government has simply decided not to make public. Given the amount of propaganda and misinformation they continue to spread, it is starting to look like they are purposely trying to take advantage of the American people’s lack of technical understanding to manipulate them into believing Russia had some kind of dramatic effect on the 2016 election.

The current publicly available evidence is simply not enough.

GRIZZLY STEPPE — Russian Malicious Cyber Activity

The U.S. Government confirms that two different RIS actors participated in the intrusion into a U.S. political party. The first actor group, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016.

This claim is completely unverified, and no evidence has been presented to conclude Russian agents were in fact responsible for the cyber attacks against the DNC or John Podesta. If anything, the evidence indicates the US Government has no idea who was responsible, and is merely assuming it is Russian influenced based on past cyber activity witnessed by Russian agents in other countries.

According to Wordfence, an Internet security company, the hacking software or malware used by whoever targeted the DNC and John Podesta is publicly available for anyone to download (http://profexer.name/pas/download.php). The authors of this malware are Ukrainian, and not Russian. Not only is this malware free to download, but the version of the software the DHS/FBI is just now warning the public about is significantly outdated, and newer versions of the software are available for free online.

What this means is ANYONE could have downloaded this software and used it from anywhere in the world. Merely identifying the tool used does not identify the person who used it. What this also suggests is whoever was responsible for this cyber activity was using very old, and unsophisticated methods not common of state sponsored intelligence agencies. It appears to be the work of a novice hacker, although it could have been intentionally designed to look like that.

Meanwhile, the DHS/FBI released a list of 876 IP addresses, which are not conclusive indicators of identity as they can easily be faked in a technique called “spoofing”. In fact, an IP address alone is not enough evidence as proof of identity.

As for the list of 876 IPs, the majority of the IPs are from what are called Tor nodes. Tor is an anonymous communication technology developed by the US Navy, and is also free to download by anyone, as well as completely untraceable. The IPs that were traceable mostly came from the US, and other European countries (see image below).

Break down of IPs from the DHS/FBI possibly related to Russian hacking https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/

It is also important to note that anyone can use what is called a virtual private network, or VPN, to reroute their network traffic and identity through servers located in any country in the world. A VPN can easily mask someones identity by making it difficult to trace them in the real world. Using a VPN someone can make it appear as if they are physically located in another country when they are not.

Wikileaks: Leak vs. Hack

No evidence has been released to tie Wikileaks to Russia, or the agent who sent phishing e-mails to the DNC and John Podesta.

According to Julian Assange, the founder of Wikileaks, they did not receive any of these documents from the Russian government, or Russian agents. Meanwhile, Craig Murray, a former ambassador and Wikileaks activist, claims to have personally obtained the documents from an American DNC insider in Washington DC. It is suspected that murdered DNC Data Analyst, Seth Rich, was responsible for the leaks because he was upset over the DNC’s actions against Bernie Sanders during the primary elections. This narrative contradicts the DHS/FBI claims.

As for John Podesta, we know because of Wikileaks that he did in fact fall for what is known as a “phishing” attack, where he literally gave his password to the person who asked him for it. What this means is John Podesta is responsible for not practicing proper security measures, and willfully gave up access to his own e-mail account. It was not a sophisticated hacking attempt, nor was it a technical security failure.

Leaking is not the same thing as hacking.

A leak, similar to a whistleblower, is when someone who has legal access to documents takes those documents and reveals them publicly through the media for the common good of the people. This is similar to what Edward Snowden did when revealing the NSA’s illegal spying programs.

It is important to clarify that both the DNC’s e-mails, and John Podesta’s e-mails that were released on Wikileaks were released separately to maximize their impact but were given to Wikileaks at the same time. It is also important to note that Wikileaks has a 10-year record of never releasing a single falsified document.

Everything released by Wikileaks was in fact the real authentic e-mails of the DNC, Hillary Clinton, and John Podesta. There is no conclusive evidence that any of the e-mails were modified in any way, meaning the content of everything released on Wikileaks is in fact relevant to our current political system no matter who won the election. It provided unprecedented transparency into the operations of a major US political party during an election year and exposed all kinds of embarrassing and potentially illegal activities.

Regardless of who was responsible for the leak, the content of Wikileaks is absolutely still relevant as they revealed the DNC and Hillary Clinton rigged the primaries against Bernie Sanders, and improperly coordinated with Super PACs.

WMDs, McCarthysim, COINTELPRO, and Project MKUltra

Much like the George W. Bush administration when accusing Iraq of having Weapons of Mass Destruction (WMDs) — which did not exist, the Obama administration has provided circumstantial evidence concerning Russian election hacking.

The Obama White House is trying to use various intelligence agencies reputations and authority to convince the American people that Russia has something to do with Wikileaks, and the election of Donald Trump. This is likely an attempt to distract the American people from the content of Wikileaks, delegitimize Trump’s election and future Presidency, invoke Cold War fears, and establish a new wave of 1950’s McCarthysim against anyone who questions the Obama narrative.

For those of you who don’t know, McCarthyism was the practice of making accusations of subversion or treason without proper evidence to restrict political dissent and opposition. It was an era of political repression in the US from 1950–1956 against communism and espionage by Soviet Agents (despite the fact the Soviet Union was our ally in WW2). It was mostly used as a divisive propaganda technique to purposely create conflict between Americans for political gain.

As for the FBI, shortly after the spread of McCarthyism in 1956, the FBI began COINTELPRO which was a covert operation to illegally surveil, infiltrate, disrupt, and discredit various political organizations. The FBI used psychological warfare and other subversive tactics against the Civil Rights Movement, anti-war movements, and feminist organizations. The program was eventually exposed in 1971.

The CIA’s reputation isn’t much better, from the early 1950's through the 1970’s the CIA was illegally experimenting on Americans during Project MKUltra using drugs, hypnosis, sensory deprivation, isolation, sexual abuse, and other forms of torture in an attempt force confessions through mind control. The program was eventually exposed in the 1970’s, and declassified in 2001.

With the Democrats losing power in the White House, Senate, and House of Representatives they desperately need a political identity and ideology for their supporters to latch on to during a Trump Presidency. It is very likely Obama is using his last days in office to plant the seeds of opposition against Trump, and his supporters by rallying Democrats with divisive propaganda which Obama conveniently legalized in 2012.

With all of that said, it is both reasonable and patriotic to question our Government given their track record of manipulating the American people. Which is why it is so important that the US Government provide actual proof of Russian hacking, and election interference. If there is a smoking gun, the American people have the right to see it.