Exclusive:Researchers Said DNC Hack Claims Relied On 'Spoofed' Data
…But then another document dump by Georgia Tech revealed the university’s cybersecurity experts had drafted four “DARPA whitepapers.” Those included one “Whitepaper on DNC attack attribution” and a second identified as the “‘Mueller List’—list of domains and indicator related to APT-28.” (APT-28 is the more formal name for the Russian intelligence group of hackers known colloquially as Fancy Bear;…
An email from Georgia’s attorney general’s office further indicated involvement by the tech researchers in Mueller’s investigation. The lawyer handling Durham’s subpoena of Georgia Tech noting that one of the individuals involved had “indicated that there was a ‘fairly large file of Trump related materials’ that had been assembled for production to the office of Special Counsel Robert Muller (sic) or the DOJ.” The state’s lawyer added that they were “unable to locate such a file,” and sought further assistance.
Following reporting on this latest inconsistency between DARPA’s story showed, Republican Sens. Ron Johnson and Charles Grassley sent a letter to Stefanie Tompkins, the director of DARPA, demanding copies of the alleged “whitepapers.”
Thompson, however, then noted that contractors often conduct “retrospective analyses of publicly disclosed, real-world scenarios to verify and validate tools and capabilities in development on the EA program,” and that in the course of such programs, the contractors may “produced reports, sometimes referred to as white papers, explaining the retrospective analyses on those topics, relying on commercially available data to analyze attributions previously disclosed to the public.” “For example,” DARPA’s representative, added, enhanced attribution “performers analyzed indicators from publicly released DoJ indictments, such as the Mueller indictment, as well as public attribution reports from other federal agencies.”
In response to multiple requests, Mark Schamel, the lawyer for Antonakakis, refused to go on the record with an explanation or to state whether the Georgia Tech whitepaper confirmed or contradicted CrowdStrike’s conclusion that Russians had hacked the DNC. He also refused to answer whether the whitepaper had been provided to Mueller’s office.
Also unknown is whether Joffe provided Antonakakis the data used for the research and the whitepapers related to the DNC hack. That is a concern given Joffe’s role in the Alfa Bank and Yota phone hoaxes and given that other documents from Georgia Tech state that Joffe assisted with two other attribution requests performed by Antonakakis over the summer of 2016.
Other documents recently obtained likewise raise concerns over the validity of CrowdStrike’s analysis of the hack, namely an exchange between Antonakakis and the executive director of the university’s Institute for Information Security and Privacy, Lee Wenke.
In an email thread from May of 2018, in response to Antonakakis’ statement that “you do attribution from studying the mistakes they do during an operation,” Wenke wrote: “___Then are you in principle doing the same as crowdstrike, e.g., using ‘signatures’ of coding/texting styles? And didn’t we all agree[] that those can be ‘spoofed/impersonated’?”__
The exchange continued with Antonakakis stating that he is “not like” CrowdStrike, and is “not building signatures,” to which Wenke replied: “I was saying that if you are using signatures/signals of traffic and if those can be (easily) spoofed/impersonated, then in principle your approach would suffer the same weakness (spoof-able) as [CrowdStrike.]”
Antonakakis ended the exchange by acknowledging his point, but “strongly” disagreeing on the “value that policy has in computer security.” What remains unclear from this email thread, though, is whether Antonakakis’ retroactive analysis of the DNC hack reached the same conclusion as CrowdStrike, namely that Russians had hacked the servers.
Frankly, given Cozy Bear and Fancy Bear’s propensity to hack government networks, it is extremely likely the Russian intelligence services were behind the DNC hack. Evidence unrelated to Trump or attempts to destroy the former president indicate, for instance, that between 2012 and 2018, Russian intelligence officers “targeted hundreds of energy companies around the world.”
Both U.S. and U.K. national security agencies likewise believe the Russia’s military intelligence agency, GRU, has “engaged in a global campaign to target ‘hundreds’ of predominantly American and European entities, including government and military organizations, energy companies, think tanks and media companies.”
https://thefederalist.com/2022/05/06/exclusive-spygate-researchers-believed-democratic-firm-relied-on-spoofed-data-to-claim-russians-hacked-dnc/