Joe Biden’s Former IT Director, Warren Flood, Implicated in ‘Russia Hacked the DNC Email’ Narrative

CAP

 

On June 16, 2019, we presented arguments against the Mueller gang’s assertion that the DNC was hacked by Russians. Cyber expert Yaacov Apelbaum posted an incredible report with information basically proving that the DNC was not hacked by the Russians.

Today we have support implicating an IT Direct0r, Warren Flood, connected to Joe Biden.  Flood is linked to the ‘Russia hacked the DNC hoax’.

Last year we reported a series of arguments proving that there is no proof that Russians hacked the DNC.  These arguments came from cyber expert Yaacov Apelbaum whose first argument was this –

According to the WaPo (using CrowdStrike, DOJ, and their other usual hush-hush government sources in the know), the attack was perpetrated by a Russian unit lead by Lieutenant Captain Nikolay Kozachek who allegedly crafted a malware called X-Agent and used it to get into the network and install keystroke loggers on several PCs. This allowed them to see what the employees were typing and take screenshots of the employees’ computer.

This is pretty detailed information, but if this was the case, then how did the DOJ learn all of these ‘details’ and use them in the indictments without the FBI ever forensically evaluating the DNC/HRC computers? And since when does the DOJ, an organization that only speaks the language of indictments use hearsay and 3rd parties like the British national Matt Tait (a former GCHQ collector and a connoisseur of all things related to Russian collusion), CrowdStrike, or any other evidence lacking chain of custody certification as a primary source for prosecution?

A second point by Apelbaum was –

… that three of the Russian GRU officers on the DOJ wanted list were allegedly working concurrently on multiple non-related projects like interfering with the 2016 United States elections (both HRC and DNC) while at the same time they were also allegedly hacking anti-doping agencies.

Above are pictures of the individuals the FBI says were working on both the DNC/HRC email hacking and the Olympic doping projects.

The same guys were working on both projects which is all but impossible. (Do we really know if they’re even Russians?)

Apelbaum argues –

The fact that the three had multiple concurrent high impact and high visibility project assignments is odd because this is not how typical offensive cyber intelligence teams operate. These units tend to be compartmentalized, they are assigned to a specific mission, and the taskforce stays together for the entire duration of the project.

Next Apelbaum questioned the Mueller gang’s assertion that the ‘hacker’ named Guccifer 2.0 was a Russian –

Any evidence that Guccifer 2.0 is Russian should be evaluated while keeping these points in mind:

  1. He used a Russian VPN service to cloak his IP address, but did not use TOR. Using a proxy to conduct cyber operations is a SOP [Standard Operating Procedure] in all intelligence and LEA [Law Enforcement Agency] agencies. [i.e. Russia would have masked their VPN service]

  2. He used the AOL email service that captured and forwarded his IP address and the same AOL email to contact various media outlets on the same day of the attack. This is so overt and amateurish that its unlikely to be a mistake and seems like a deliberate attempt to leave traceable breadcrumbs.

  3. He named his Office User account Феликс Эдмундович (Felix Dzerzhinsky), after the founder of the Soviet Secret Police. Devices and accounts used in offensive cyberspace operations use random names to prevent tractability and identification. Why would anyone in the GRU use this pseudonym (beside the obvious reason) is beyond comprehension.

  4. He copied the original Trump opposition research document and pasted it into a new .dotm template (with an editing time of about 2 minutes). This resulted in a change of the “Last Modified by” field from “Warren Flood” to “Феликс Эдмундович” and the creation of additional Russian metadata in the document. Why waste the time and effort doing this?

  5. About 4 hours after creating the ‘Russian’ version of the document, he exported it to a PDF using LibreOffice 4.2 (in the process he lost/removed about 20 of the original pages). This was most likely done to show additional ‘Russian fingerprints’ in the form of broken hyperlink error messages in Russian (Images 4 and 5). Why bother with re-formatting and converting the source documents? Why not just get the raw data out in the original format ASAP?

Apelbaum next discussed Guccifer 2.0 –

In June 21, 2016, Lorenzo Franceschi-Bicchierai from Vice Motherboard interviewed a person who identified himself as “Guccifer 2.0”. During their on-line chat session, the individual claimed that he was Romanian (see transcript of the interview below). His poor Romanian language skills were later used to unmask his Russian identify.

…I’m not a scientific linguist nor do I even know where to find one if my life depended on it, but I’m certain that you can’t reliably determine nationality based on someone impersonating another language or from the use of fake metadata in files. This elaborate theory also has the obvious flaw of assuming that the Russian intelligence services are dumb enough to show up to an interview posing as Romanians without actually being able to read and write flaunt Romanian.

Yesterday we noted that based on the process itself, it is highly unlikely Russians hacked the DNC:

Esteemed NSA whistleblower Bill Binney reported in June 2019 that there was no way Russians hacked the DNC based on the speed of the transfer of the data that was hacked. But according to Apelbaum the transfer speeds is a minor issue here. It’s just an indicator that it would have been difficult for Guccifer 2 who was sitting in Romania to access the DNC system remotely.

Per an illustration from Apelbaum, Guccifer 2 is depicted as the red devil icon below:

CAP

This illustration shows the Crowdstrike was obviously false in its claims that Russia hacked the DNC.

This is because:

1. If Guccifer 2 did it from Romania (the red devil icon on the left of the illustration), he needed a 23 Mbit/s transfer rate. At the time of this hack in 2016, Romania was only supporting 16Mbit/s speeds. But to do that he had to go through all of the red hell in the middle of the illustration, which I don’t believe he did based on the poor technical skill set he demonstrated during his interview with Motherboard vice.

2. If the leak came from the inside (the half green half red icon in the right side of illustration), he had the full 23 Mbit/s transfer rate because he just plugged-in a USB drive to the computer. He also didn’t need any hacking skills because he most likely had full system access.

The Russian story doesn’t stick, Apelbaum closed with this –

The bottom line is that if we want to go beyond the speculative trivia, the pseudo science, and the bombastic unverified claims, we have to ask the real tough questions, mainly: is Guccifer 2.0 even the real attacker and how did he circumvent all of the logs during several weeks of repeated visits while downloading close to 2 GB of data?

We also know that WikiLeaks stated numerous times that Russia did not provide them with the emails they leaked in 2016 and Julian Assange stated that WikiLeaks had nothing to do with Russia.

But of course the Mueller gang never interviewed WikiLeaks in an effort to determine how they received the Clinton emails. Of course the Mueller team could not risk WikiLeaks saying the emails were not received from Russia which would destroy their Russia hacked the DNC fairy tale.

Today we identify Warren Flood, a Biden protege who appears to have helped create the ‘Russia Hacked the DNC’ narrative:

Apelbaum obtained a parts of the Word and PDF versions of the purported DNC Opposition research document showing the original English template and the pasted version into a Russian template and resulting subsequent broken hyperlink error messages in Russian:

CAP

In the image above, on the left it shows the Word doc properties of the document created at 1:38 PM on June 15, 2016. The Company name is given as GSA. This appears to be the General Services Administration (US gov agency), which shows as the Company for MS Office documents created via GSA-contracted copies of MS Word.

(Note that the DNC server wasn’t supposed to be using a GSA-contracted MS Office suite. A number of Democratic politicians and aides (e.g,, many members of the US House of Representatives) had DNC email accounts, but the DNC is a private entity and should not have hosted GSA-contracted software.)

The supposed author of this document is Warren Flood as is noted at the bottom left of the diagram above.  He was Vice President Joe Biden’s IT Director at the White House (which does use GSA registered software).

CAP

But interestingly, if you cross-reference this document to the same document in the verified Wikileaks dump, the original author is Lauren Dillon. Lauren Dillon was the DNC Research Director in charge of GOP/Trump research.

Considering the document’s timestamp of June 15th, 2016, it appears that a user on a computer registered to Warren Flood (GSA) opened the DNC document (authored by Lauren Dillon), copied it, and pasted it to a new document.  Then the user on the Warren Flood computer set the theme language to Russian and modified the document’s ‘Author’ field to Феликс Эдмундович.  After this the user likely uploaded the modified document to the Guccifer 2.0 WordPress website and published it to various media outlets.  (Remember as noted above, Guccifer 2.0 is likely made up.)

Based on the document metadata there is little doubt that either Warren Flood (who BTW, speaks Russian), or someone using his GSA licensed MS Word software created the Russian fingerprint. Also, it’s important to note that several other documents also show this type of manipulation, but they were created by users named “Blake” and “jbs836”.

In terms of the big picture, it is possible that whoever added the Russian fingerprint did this as part of laying the ground work or for future unmasking. We know that in June 2016 the Obama administration (via people like Susan Rice, John Brennan, and Samantha Power) started unmasking Trump campaign officials on the pretext of ‘Russian interference’.  This June 2016 activity overlaps with dates of the Guccifer 2.0 saga.

So, it is possible that Guccifer 2.0 and MSM outlets like the NYTimes who promoted him were part of a larger campaign to affirm Russian interference with the DNC hacks.

If this is indeed the case, then it means that the DNC email leak could implicate Obama administration officials who were doing all this document manipulation on government time and on GSA registered computers all in an effort to tie Russia to the DNC email heist.

Based on information available today, there is no way Russians hacked the DNC. This was made up from the start.  Now we know that the Obama White House, and specifically Warren Flood, is involved in the Russian hoax.

Larry C. Johnson: Did John Brennan’s CIA Create Guccifer 2.0 and DCLeaks?

Guest post by Larry C. Johnson

Special Counsel Robert Mueller’s report insists that Guccifer 2.0 and DCLeaks were created by Russia’s military intelligence organization, the GRU, as part of a Russian plot to meddle in the U.S. 2016 Presidential Election. But this is a lie.

Guccifer 2.0 and DCLeaks were created by Brennan’s CIA and this action by the CIA should be a target of U.S. Attorney John Durham’s investigation. Let me explain why.

Let us start with the January 2017 Intelligence Community Assessment aka ICA. Only three agencies of the 17 in the U.S. intelligence community contributed to and coordinated on the ICA–the FBI, the CIA and NSA. In the preamble to the ICA, you can read the following explanation about methodology:

When Intelligence Community analysts use words such as “we assess” or “we judge,” they are conveying an analytic assessment or judgment

To be clear, the phrase,“We assess”, is intel community jargon for “opinion”. If there was actual evidence or source material for a judgment the writer of the assessment would state, “According to a reliable source” or “knowledgeable source” or “documentary evidence.”

Pay close attention to what the analysts writing the ICA stated about the GRU and Guccifer 2.0 and DCLeaks:

We assess with high confidence that the GRU used the Guccifer 2.0 persona, DCLeaks.com, and WikiLeaks to release US victim data obtained in cyber operations publicly and in exclusives to media outlets.

    • Guccifer 2.0, who claimed to be an independent Romanian hacker, made multiple contradictory statements and false claims about his likely Russian identity throughout the election. Press reporting suggests more than one person claiming to be Guccifer 2.0 interacted with journalists.
    • Content that we assess was taken from e-mail accounts targeted by the GRU in March 2016 appeared on DCLeaks.com starting in June.

We assess with high confidence that the GRU relayed material it acquired from the DNC and senior Democratic officials to WikiLeaks. Moscow most likely chose WikiLeaks because of its self-proclaimed reputation for authenticity. Disclosures through WikiLeaks did not contain any evident forgeries.

Not one piece of corroborating intelligence. It is all based on opinion and strong belief. There was no human source report or electronic intercept pointing to a relationship between the GRU and the two alleged creations of the GRU–Guccifer 2.0 persona and DCLeaks.com.

Now consider the spin that Robert Mueller put on this opinion in his report on possible collusion between the Trump campaign and the Russians. Mueller bluffs the unsuspecting reader into believing that it is a proven fact that Guccifer 2.0 and DCLeaks were Russian assets. But he is relying on a mere opinion from a handpicked group of intel analysts working under the direction of then CIA Director John Brennan.

Here’s Mueller’s take (I apologize for the lengthy quote but it is important that you read how the Mueller team presents this):

DCLeaks

“The GRU began planning the releases at least as early as April 19, 2016, when Unit 26165 registered the domain dcleaks.com through a service that anonymized the registrant.137 Unit 26165 paid for the registration using a pool of bitcoin that it had mined.138 The dcleaks.com landing page pointed to different tranches of stolen documents, arranged by victim or subject matter. Other dcleaks.com pages contained indexes of the stolen emails that were being released (bearing the sender, recipient, and date of the email). To control access and the timing of releases, pages were sometimes password-protected for a period of time and later made unrestricted to the public.


Starting in June 2016, the GRU posted stolen documents onto the website dcleaks.com, including documents stolen from a number of individuals associated with the Clinton Campaign. These documents appeared to have originated from personal email accounts (in particular, Google and Microsoft accounts), rather than the DNC and DCCC computer networks. DCLeaks victims included an advisor to the Clinton Campaign, a former DNC employee and Clinton Campaign employee, and four other campaign volunteers.139 The GRU released through dcleaks.com thousands of documents, including personal identifying and financial information, internal correspondence related to the“Clinton Campaign and prior political jobs, and fundraising files and information.140


GRU officers operated a Facebook page under the DCLeaks moniker, which they primarily used to promote releases of materials.141 The Facebook page was administered through a small number of preexisting GRU-controlled Facebook accounts.142


GRU officers also used the DCLeaks Facebook account, the Twitter account @dcleaks__, and the email account dcleaksproject@gmail.com to communicate privately with reporters and other U.S. persons. GRU officers using the DCLeaks persona gave certain reporters early access to archives of leaked files by sending them links and passwords to pages on the dcleaks.com website that had not yet become public. For example, on July 14, 2016, GRU officers operating under the DCLeaks persona sent a link and password for a non-public DCLeaks webpage to a U.S. reporter via the Facebook account.143 Similarly, on September 14, 2016, GRU officers sent reporters Twitter direct messages from @dcleaks_, with a password to another non-public part of the dcleaks.com website.144


The dcleaks.com website remained operational and public until March 2017.”

Guccifer 2.0

On June 14, 2016, the DNC and its cyber-response team announced the breach of the DNC network and suspected theft of DNC documents. In the statements, the cyber-response team alleged that Russian state-sponsored actors (which they referred to as “Fancy Bear”) were responsible for the breach.145 Apparently in response to that announcement, on June 15, 2016, GRU officers using the persona Guccifer 2.0 created a WordPress blog. In the hours leading up to the launch of that WordPress blog, GRU officers logged into a Moscow-based server used and managed by Unit 74455 and searched for a number of specific words and phrases in English, including “some hundred sheets,” “illuminati,” and “worldwide known.” Approximately two hours after the last of those searches, Guccifer 2.0 published its first post, attributing the DNC server hack to a lone Romanian hacker and using several of the unique English words and phrases that the GRU officers had searched for that day.146

That same day, June 15, 2016, the GRU also used the Guccifer 2.0 WordPress blog to begin releasing to the public documents stolen from the DNC and DCCC computer networks.

The Guccifer 2.0 persona ultimately released thousands of documents stolen from the DNC and DCCC in a series of blog posts between June 15, 2016 and October 18, 2016.147 Released documents included opposition research performed by the DNC (including a memorandum analyzing potential criticisms of candidate Trump), internal policy documents (such as recommendations on how to address politically sensitive issues), analyses of specific congressional races, and fundraising documents. Releases were organized around thematic issues, such as specific states (e.g., Florida and Pennsylvania) that were perceived as competitive in the 2016 U.S. presidential election.


Beginning in late June 2016, the GRU also used the Guccifer 2.0 persona to release documents directly to reporters and other interested individuals. Specifically, on June 27, 2016, Guccifer 2.0 sent an email to the news outlet The Smoking Gun offering to provide “exclusive access to some leaked emails linked [to] Hillary Clinton’s staff.”148 The GRU later sent the reporter a password and link to a locked portion of the dcleaks.com website that contained an archive of emails stolen by Unit 26165 from a Clinton Campaign volunteer in March 2016.149 “That the Guccifer 2.0 persona provided reporters access to a restricted portion of the DCLeaks website tends to indicate that both personas were operated by the same or a closely-related group of people.150

The GRU continued its release efforts through Guccifer 2.0 into August 2016. For example, on August 15, 2016, the Guccifer 2.0 persona sent a candidate for the U.S. Congress documents related to the candidate’s opponent.151 On August 22, 2016, the Guccifer 2.0 persona transferred approximately 2.5 gigabytes of Florida-related data stolen from the DCCC to a U.S. blogger covering Florida politics.152 On August 22, 2016, the Guccifer 2.0 persona sent a U.S. reporter documents stolen from the DCCC pertaining to the Black Lives Matter movement.153”

Wow. Sounds pretty convincing. The documents referencing communications by DCLeaks or Guccifer 2.0 with Wikileaks are real. What is not true is that these entities were GRU assets.

Blog at WordPress.com.

Up ↑