Aletho News


‘All the Evidence’ Suggests Guccifer 2.0 is Linked to CIA, Not Russia, NSA Whistleblower Says

Bill Binney

© Photo : Bill Binney
Sputnik | August 13, 2020

The internet is not capable of accommodating the download speeds necessary to validate the claims by Guccifer 2.0, that they hacked documents from across the Atlantic, according to a former technical director at the National Security Agency.

Guccifer 2.0, the cyber personality which claimed to have hacked documents belonging to members of the Democratic National Committee in 2016, is likely to be a front for the CIA, according to analysis conducted by members of Veteran Intelligence Professionals for Sanity (VIPS).

Bill Binney, a cryptogropher and former technical director at the US National Security Agency (NSA), blew the whistle on the agency’s mass surveillance programmes after serving with them for 30 years. Mr Binney explains to Sputnik that despite Guccifer 2.0 claiming to have hacked documents which the cyber criminal later published, the download speeds necessary to have obtained the documents simply are not available across the World Wide Web.

Sputnik: What were the conclusions that you came to regarding a cyber personality known as Guccifer 2.0 and his claims that he had hacked a trove of documents?

Bill Binney: Guccifer 2.0, posted files from the 5th of July [2016], the 1st of September [2016] in batch mode. He also put files out in the 15th of June that had Russian fingerprints. So to go straight at those, we had some collaborating analysts looking in the UK, looking at the data also. And they came up with a match of five files out of the Guccifer 2.0 batch on the 15th of June, they found five of those files also posted by Wikileaks in the Podesta emails, the same files. Now, the difference is the Guccifer 2.0 posts had Russian fingerprints. You know, Cyrillic characters and things like that implanted in the file. The WikiLeaks files posted, of those same five emails, did not have Russian signature prints in it. So that told us that Guccifer 2.0 was inserting these Russian fingerprints. And we had some other fingerprint evidence of them using that.

Then, when we looked at the 5th of July 2016 and the September 2016 data that was posted by Guccifer 2.0, he would give a bio, we had extracted file names, number of characters and the timestamp at the end of the file. And he did the batch. So there was one file after the other. It was timestamped at the end of each file. So all we had to do was [assess the] difference in time between the files and see how many characters were passed and we calculate the transfer rate. And when we did that we got rates between 14 and 49.1 megabytes per second. That’s between 19 and 49.1 million characters per second. And we knew that the international web across the Atlantic to Europe, somewhere in Eastern Europe could not handle that kind of rate transfer.

Some people here thought we could. So we said, okay, we’ll try it. And we tried it from Albania, Serbia, Netherlands and the UK. The fastest we got with between two data centres, one in New Jersey and one in the United Kingdom in London. And that was 12 megabytes per second, which is slightly less than one fourth necessary capacity to transfer just the data, not counting overhead that goes with it and all of that… So all of that said to us, it was not there.

Sputnik: Was there anything else?

Bill Binney: There was another factor. We looked at the files again and if you ignored the date and the hour, the two [batches] shuffled together like a deck of cards. That is the times, [if you] looked only at a minutes, seconds and milliseconds, the data from the 1st of September merged into the time holes of the 5 July data. Which meant it was shuffling like one of cards. You have one file, he separated in two, then they had a range change on the date and the hour. You can’t do it on minutes and seconds because they keep changing. I mean, you’d have to go up there every minute and every second you got to know it’s not possible to do that, without extreme effort I’d say. What that said to us was this guy is fabricating the data, he’s playing with the data, he’s playing with us…

Vault 7

Then we went back and looked at the Vault 7 material (descriptions of CIA hacking tools published by WikiLeaks), which said that there’s a programme called Marble Framework, which [the CIA can use to] modify an attack and make it look like someone else did the attack, and the countries they had the capability to do that [to] were Russia, China, North Korea, Iran and Arab countries. Also [Vault 7] said that the Marble Framework programme was [used] one time in 2016. Well, we think we found that one time. That one time came up and that fit very well with what was going on which we were finding out with the Guccifer 2.0 material. He was fabricating it. So that suggested us all the evidence was pointing back to CIA as the originator Guccifer 2.0. And that Guccifer 2.0 was inside CIA.

Sputnik: Just to clarify, the documents Guccifer 2.0 was publishing weren’t what is known as the DNC leaks or DNC hacks that WikiLeaks published in three batches?

Bill Binney: [Yes]. [Gucifer 2.0] claimed to have hacked [the documents he published].

The Hammer

There’s another whistleblower that we’re working with also and they’ve talked to us about a programme called The Hammer. This programme was set up inside CIA by, according to the whistleblower, by [former Director of National Intelligence James] Clapper and [former CIA chief John] Brennan. And it was done so that they could spy on anybody they wanted to, without anybody in the intelligence community or the US government or any other government knowing they were doing it. The programme actually goes… back to 2003, I believe, with you when they first set it up. But [the whistleblower] also said that after that they had a secret operation inside CIA, by this group of people inside CIA looking at the Trump campaign and anybody else they wanted to sign on.

And it was done in that way, because, see, if you go into the NSA data and which the Five Eyes can do that as well, if you do that, anybody going in there, you’re tracked and recorded [when you use the surveillance system]. It’s wherever you go and what you do. And that’s based on the network logs. And also if you do an unmasking, you have to make a request and that’s recorded, who did it, what time, what the subject was and what the justification was and what person they were after. So, you know, all that stuff is recorded to go there. But if you set up your own separate one, nobody knows what you’re doing. And that’s exactly what this [whistleblower] is claiming. I’m pointing to that group as the group that was probably the originator of Guccifer 2.0 and also this fabrication of the entire story of Russiagate.

This interview has been edited for clarity and concision.

August 13, 2020 Posted by | Deception, Russophobia, Timeless or most popular | , , | Leave a comment

I’m the Reporter Mentioned in Mueller’s Indictment. Why Hasn’t He Spoken to Me?

By Lee Stranahan | Sputnik | July 18, 2018

I was as surprised as anyone last Friday, when just days before US President Donald Trump’s historic meeting with Russian President Vladimir Putin, special counsel Robert Mueller dropped an indictment against 12 Russian nationals claiming that they were Guccifer 2.0, the entity that took credit on June 15, 2016, for the hack of the DNC and DCCC.

I was even more surprised to find that I was discussed in Mueller’s indictment.

Section 43c of the indictment says, “On or about August 22, 2016, the Conspirators, posing as Guccifer 2.0, sent a reporter stolen documents pertaining to the Black Lives Matter Movement. The reporter responded by discussing when to release the documents and offering to write an article about their release.”

I am that reporter.

Part of the reason I was surprised is that I have never been contacted by anyone from Mueller’s investigative team. That’s one reason I personally know that this is a shoddy investigation, but I’ll come back to that in a moment.

When I saw that I was being discussed in the indictment, I immediately mentioned it on Twitter. I also made it clear to the media that I was available for interviews. No media outlet has contacted me.

I went public because I have nothing to hide and nothing to be ashamed of. In fact, the reason that Mueller’s team knew about my contacts with Guccifer 2.0 is because I posted the direct messages we exchanged over Twitter myself a year ago.

For the record, I didn’t know who Guccifer 2.0 was at the time and I still don’t, despite Mueller’s indictment. I have never believed that Guccifer 2.0 was a Russian state actor and have seen no evidence that persuades me otherwise.

At the time of this contact with Guccifer 2.0, I was the lead investigative reporter for Breitbart News ; today, I co-host the best morning news radio show in America, Fault Lines with Nixon and Stranahan, which airs Monday through Friday, 7 a.m. to 10 a.m. Eastern Time on Radio Sputnik. Fault Lines is broadcast on 105.5 FM and 1390 AM in Washington, DC, and around the world on the Sputnik News website.

Of course, just seeing both Russian-funded Sputnik and formerly Steve Bannon-led-Breitbart News on my resume is enough to give many in the media the flutters. Never mind that I also wrote for years at the Huffington Post or did independent journalism on issues like the Syrian war, which I traveled to Beirut in 2013 to cover. All of that and more gets left out of media narrative on Russian CollusionTM!

Thus, the New York Times only mentions my work at Breitbart and Sputnik in their scarily titled article, Tracing Guccifer 2.0’s Many Tentacles in the 2016 Election. And like Mueller’s team, the New York Times also never bothered to get in touch with me for their story.

A few hours after the Mueller indictment came out, I left for my planned trip to Helsinki to cover the Trump-Putin summit for Sputnik.

A couple of days later, CNN’s Jake Tapper retweeted my initial tweet about my cameo in the indictment and added the comment “Employee for Sputnik confirms that when he was at Breitbart he was in touch with who DOJ says was Russian military intelligence masquerading as hacker Guccifer 2.0.”

I’ve spoken to Jake privately a number of times in the past. He’s praised my work on other stories. I’m easy to reach. Yet despite highlighting my contact with Guccifer 2.0, Tapper has also not reached out to interview me.

It’s almost like the media and Muller have no interest in hearing what I have to say. No, wait — it’s exactly like that, because there’s plenty that the indictment and the media leave out.

For example, when Guccifer 2.0 contacted me on August 22, 2016, Steve Bannon was no longer leading Breitbart News. Whoever Guccifer 2.0 is, they expressed no interest at all in the fact that Bannon had left Breitbart to head the Trump campaign.

Furthermore, when the indictment says I was given material on the Black Lives Matter movement, it’s not exactly accurate, something Mueller would know if he’d ever talked to me.

In fact, I was sent a file with a few documents, including one that was a memo about the Black Lives Matter movement that was sent out by the Democratic Congressional Campaign Committee (DCCC). That document sparked my interest because I’d been covering Black Lives Matter for months and had been arrested a little over a month earlier while covering the protests over the death of Alton Sterling in Baton Rouge. I was one of four journalists arrested. (All charges were dropped and we reached a very small settlement with the city.)

If the Muller investigation was legitimately trying to get to the truth, I’d think they would have asked me for this set of files, since it might contain useful information for a forensic investigation. I’d think they would also want to see my direct messages with Guccifer 2.0 for themselves.

That might not be possible now. You see, after Mueller’s indictment was released, the public Twitter account for Guccifer 2.0 was removed from Twitter. I no longer have live access to my direct messages, nor can the public see the account for themselves live on Twitter. For anyone wanting to make up his or her own mind about this facet of the Russiagate narrative, including through viewing the original information for themselves, this is an interesting development.

Luckily, researcher Adam Carter has saved screen captures of the entire account as well as Guccifer 2.0’s WordPress site on his must-read site dedicated to Guccifer 2.0.

People disinclined to simply take Mueller at his word on his unproven accusations will also want to read this article by Carter showing the contradictions between the information in the Mueller indictment and what is available already in public record.

Anyone who looks at that record for themselves can see what the media isn’t telling you — that I was far from the first journalist to talk to or interview Guccifer 2.0. It also makes clear that I did not request info from Guccifer 2.0, but was offered it.

However, as I’ve said, I did nothing remotely wrong in talking to Guccifer 2.0, no matter who is ultimately shown to be behind the account. I was following a story and working a lead. I wanted to find out who Guccifer 2.0 really was and I still do.

Robert Mueller’s investigation has now muddied that trail, and hindered the efforts of truth seekers everywhere.

The author is Lee Stranahan, co-host of Fault Lines on Radio Sputnik. 

July 18, 2018 Posted by | Deception, Mainstream Media, Warmongering, Russophobia | , | 1 Comment

New York Times undermines its own case Russia was behind Clinton leaks

By Alexander Mercouris | The Duran | December 15, 2016

The New York Times has published a lengthy article setting out what it says is the “evidence” that Russia was behind the leaks of the DNC and Podesta leaks by Wikileaks.

The article reveals nothing that is really new, but a number of points did immediately strike me:

(1) The article goes to some lengths to claim that the way the Russians go about carrying out cyber-attacks is far more stealthy than say the Chinese. Thus we read comments like this

“The Russians had not gone away, of course. “They were just a lot more stealthy,” said Kevin Mandia, a former Air Force intelligence officer who spent most of his days fighting off Russian cyberattacks before founding Mandiant, a cybersecurity firm that is now a division of FireEye — and the company the Clinton campaign brought in to secure its own systems.”

and this

“The Russians grew stealthier and stealthier, tricking government computers into sending out data while disguising the electronic “command and control” messages that set off alarms for anyone looking for malicious actions. The State Department was so crippled that it repeatedly closed its systems to throw out the intruders. At one point, officials traveling to Vienna with Secretary of State John Kerry for the Iran nuclear negotiations had to set up commercial Gmail accounts just to communicate with one another and with reporters traveling with them.”

We also learn that the Russians attempted to conceal their responsibility for the leaks by creating the persona of a supposed Romanian hacker called “Guccifer 2.0” who supposedly claimed responsibility for the hacks and warned he would publish the information he got from them.

It is very difficult to understand why in that case these so very “stealthy” and presumably well-resourced Russians failed to make sure that “Guccifer 2.0” was able to speak fluent Romanian.  I say this because it is clear that whoever has created the persona of “Guccifer 2.0” obviously does not speak Romanian. See for example this paragraph

“That gave Mr. Franceschi-Bicchierai an idea. Using Google Translate, he sent the purported hacker some questions in Romanian. The answers came back in Romanian. But when he was offline, Mr. Franceschi-Bicchierai checked with a couple of native speakers, who told him Guccifer 2.0 had apparently been using Google Translate as well — and was clearly not the Romanian he claimed to be.”

Presumably Russian intelligence agencies are not short of fluent Romanian speakers they can call on in situations like this?

It becomes even more bizarre when one reads the following

“Cyberresearchers found other clues pointing to Russia. Microsoft Word documents posted by Guccifer 2.0 had been edited by someone calling himself, in Russian, Felix Edmundovich — an obvious nom de guerre honouring the founder of the Soviet secret police, Felix Edmundovich Dzerzhinsky. Bad links in the texts were marked by warnings in Russian, generated by what was clearly a Russian-language version of Word.”

That does not sound at all “stealthy”.  On the contrary it suggests that whoever is behind “Guccifer 2.0” was going out of his way to try to implicate Russia’s intelligence agencies in “Guccifer 2.0’s” activities. 

That in turn suggests that “Guccifer 2.0” has nothing to do with Russia’s intelligence agencies, and that whoever has created his persona is either trying to cover his tracks by misdirecting investigators towards the Russians, or is engaging in an anti-Russian provocation.

What this means is that if “Guccifer 2.0” is the persona of the person responsible for the leaks, then he almost certainly has nothing to do with Russia’s intelligence agencies, and he may not even be Russian.

As it happens, the fact “Guccifer 2.0” pretends to be Romanian but is apparently unable to speak Romanian points to whoever he is being a private individual rather than an intelligence agency.

(2) A great deal in The New York Times article turns on the fact that the DNC and Podesta hacks were carried out by two groups of hackers identified respectively as Cozy Bear and Fancy Bear. 

The connection of either of these two groups of hackers to Russia’s intelligence agencies appears to be inferred from their previous activity rather than based on actual knowledge. However the important point is that whoever they are they were clearly not working together

“To their astonishment, Mr. Alperovitch said, CrowdStrike experts found signs that the two Russian hacking groups had not coordinated their attacks. Fancy Bear, apparently not knowing that Cozy Bear had been rummaging in D.N.C. files for months, took many of the same documents.”

Given the sensitivity of any covert operation to swing the US Presidential election to Donald Trump, it is a certainty that if someone like Putin or Nikolay Patrushev (the secretary of Russia’s Security Council who is believed to coordinate the work of Russia’s intelligence agencies) had ordered it they would have ensured that it was coordinated and kept under tight control.

The fact this was not the case, and that Cozy Bear and Fancy Bear were apparently acting independently of each other and at times even at cross purposes, is an extremely strong reason for doubting such an order was ever given.

If Cozy Bear and Fancy Bear really are run by Russian intelligence agencies, then the fact they were not coordinating with each other suggests they were each engaging in ordinary spying activities and not in anything more sinister.

(3) Lastly, what the New York Times article shows is how exceptionally sloppy cyber security on the part of the DNC and Podesta was, and how extraordinarily complacent they were about the possibility of being hacked. 

Whilst that makes it possible they were hacked by Russia’s intelligence agencies, it also leaves open the possibility they were hacked by all sorts of other people, including people within the US.   Any one of these people might have been the person or persons behind the persona of “Guccifer 2.0”, or might have been the source of the leaks that were provided to Wikileaks.

In summary, I don’t think this article in The New York Times adds very much. If anything it shows how thin the case the Hillary Clinton campaign and the CIA are making that Russia was behind the leaks in order to swing the election to Donald Trump actually is.

December 14, 2016 Posted by | Deception, Fake News, Mainstream Media, Warmongering | , , , , , | 2 Comments