Former NSA Official Questions the Intelligence Community’s Assessment on the DNC Hack
Bill Binney, former National Security Agency (NSA) Technical Director, became a well-known NSA whistleblower after the September 11th terrorist attack. Binney alleged that the NSA “buried key intelligence that could have prevented 9/11” and that “electronic intelligence gathering is being used for covert law enforcement, political control and industrial espionage.” During Binney’s tenure with the NSA, he was a Russia specialist and his expertise spans intelligence analysis, traffic analysis, systems analysis, etc. According to The Intercept, Binney ultimately resigned from the NSA over a dispute about the use of an expensive tool from a powerful defense company rather than an in-house project. In recent years, he has been a prominent skeptic of the narrative that the 2016 Trump Campaign unlawfully collaborated with Russia to interfere into the election by coordinating the release of confidential DNC emails.
Wikileaks Receives and Publishes the DNC Emails
The core allegation of Russiagate is that Russian state-affiliated hackers conducted a cyberintrusion into the DNC’s servers, provided the compromised emails to Wikileaks for publication during the 2016 election cycle, and did all of this in order to benefit the Trump Campaign. Upon discovering the cyber-intrusion into the DNC’s servers, Perkins Coie, the DNC’s counsel, retained the cybersecurity firm Crowdstrike to conduct an assessment. To the public’s knowledge, no government agency has looked at the DNC’s servers. In fact, the DNC “did not allow the FBI to physically inspect its machines, including servers,” according to Rowan Scarborough. The DNC’s refusal to accept assistance from the FBI and the Department of Homeland Security prompted numerous questions.
Among those questions was whether or not the DNC was intentionally hiding their information from government investigators. Additionally, Crowdstrike’s connections to former FBI officials close to former FBI Director Robert Mueller raised possible conflicts of interest. Crowdstrike’s CEO Shawn Henry was in charge of the FBI’s cyber division under former Director Mueller.
From a surface level, the DNC’s refusal to give the FBI access to its servers raised serious eyebrows. Given the unprecedented nature of the allegation against the Trump Campaign, one would expect the FBI to follow best practices and “get access to the machines themselves,” as former FBI Director James Comey told Congressman Will Hurd before the House Permanent Select Committee on Intelligence.
United States government intelligence reporting alleges that Russian state-affiliated hackers conducted a cyberintrusion and leaked the stolen data to Wikileaks. A summary of a U.S. intelligence community reports states that Russia’s President ordered “an influence campaign in 2016 aimed at the US presidential election.” Among Russia’s goals was to “undermine faith in the US democratic process,” as well as demonstrating a clear preference for Trump. It is clear that Russia’s efforts to sow chaos succeeded as both political parties continue to discuss the 2016 election.
Problematically, the Intelligence Community’s assessment provided only “the uncorroborated assertion of intelligence officials to go.” Even The New York Times’s Scott Shane wrote of the Intelligence Community’s assessment, “What is missing from the public report is…hard evidence to back up the agencies’ claims that the Russian government engineered the election attack…. Instead, the message from the agencies essentially amounts to ‘trust us.’”
The broader topic of Russian interference continues to fester in the media as Attorney General Bill Barr and United States Attorney John Durham investigate the origins of the Russia investigation. Independent thinkers like Bill Binney and the Veteran Intelligence Professionals for Sanity (VIPS) continue to question conventional knowledge by providing various possibilities.
Throughout the past few years, Binney has been featured on Fox News and on other networks outlining his analysis. In a recent interview he discussed the hack of the Democratic National Committee (DNC). For the sake of clarity, his argument is broken down into multiple points.
Binney’s team analyzed Wikileaks’ data to determine how they received that information. Whomever provided the emails to Wikileaks did so in three batches, all of which “had a last modified time that was rounded off [rounded up] to an even [the next-higher] second, so they all ended up in even [meaning complete or full, not fractional] seconds.” Data files can be modified using File Allocation Table (FAT). FAT is a process whereby “when doing a batch process of data and transferring it to a storage device like a thumb drive or a CD-ROM, it rounds off the last modified time to the nearest even [next-higher] second, so that’s exactly the property we found in all that data posted by Wikileaks.”
Here, Binney’s contention is that the data from the DNC was “downloaded to a storage device a CD-ROM or a thumb drive and physically transported before Wikileaks could post it, so that meant it was not a hack.” This may indicate that the DNC data was likely downloaded and physically transported to Wikileaks rather than a cyberintrusion.
Binney and his team of analysts then tested the data transfer speeds using information contained in the DNC Wikileaks files, including file names, numbers of characters in the file, and a timestamp at the end of the file. With this information, his team used a program to calculate the transfer rate of all the data. To calculate the transfer rate, Binney contends, “all you have to do is look at between the two time stamps, the file name and the number of characters in the file, and take the difference between the times [start-time versus end-time], and that’s the transfer rate for that number of characters, so we found that the variations ran from something like 19 to 49.1 megabytes per second.” 19 to 49.1 megabytes per second is roughly 19 to 49 million characters per second; however, the Internet cannot support that rate of transfer “not for anybody who’s just…a hacker coming in across the net.” Binney’s team tested the Internet’s transfer speeds and the highest rate they achieved was “one-fourth the rate, little less than one-fourth the rate necessary to do the transfer at the highest rate that we saw in the Guccifer 2 data, which meant it didn’t go across the net, so, in fact, the file rate transfers couldn’t.”
Binney’s team also found evidence that potentially points to Guccifer 2 manipulating the data files with Russian signatures saying the Russians did this. “If you go back to the Vault 7 release from Wikileaks again, from CIA, and you look, they have this Marble framework program that will modify files to look like someone else did the hack, and who were the countries that they had the ability to do that [to], in the in the Marble framework program? Well, one was Russia, the other was China,” said Binney. Combine this possible data tampering with the circumstantial evidence and it led Binney’s team to conclude that all signs point back to the CIA.
All of this circumstantial evidence further aligns with Crowdstrike’s assessment of the DNC server. Crowdstrike is the cybersecurity investigator who conducted an investigation on behalf of the DNC. Crowdstrike’s CEO Shawn Henry testified before Congress: “We have indicators that data was exfiltrated. We did not have concrete evidence that data was exfiltrated from the DNC, but we have indicators that it was exfiltrated.” Henry additionally testified “there are times when we can see data exfiltrated, and we can say conclusively. But in this case it appears it was set up to be exfiltrated, but we just don’t have the evidence that says it actually left.”
Binney and his team’s memo should ring alarm bells for civil libertarians, journalists, conservatives, and officials in the Trump Administration. This memo may eventually be found to be without merit; however, it does raise the broader question of why federal agencies never (to our knowledge) required the DNC to provide its servers and as to why there has been little independent investigation into the actual information released by Wikileaks. Our republic is best served when the press acts as a watchdog on government. As The Nation’s Patrick Lawrence writes, “we are urged to accept the word of institutions and senior officials with long records of deception.”
We will eventually be presented more evidence given how much scrutiny the current Department of Justice has focused on the origins of the Russia investigation. If Binney and team’s theory has even a scintilla of truth to it, then we may be looking into the scandal of generation. The possibility of the Central Intelligence Agency interfering into the electoral process on behalf of the incumbent president’s political party is no laughing matter. As United States Attorney John Durham and his investigators interview former CIA Director John Brennan and inevitably reach a final conclusion, we should be prepared to question our prior assumptions.