No he didn’t…Putin did !!

The Russians are coming! The Russians are coming!

To quote you “ Get your head out of your ass”!

The claim by CrowdStrike that the “APT’s” they found in the DNC server(s) were Russian has been pretty much debunked. Neither CrowdStrike nor the US “Intelligence Community” has any proof whatsoever.

The latest, in two installments, from Steve McIntyre. First, from 10/6:

I draw the contrast to draw attention to the facial absurdity of Crowdstrike’s claim that the tradecraft of the DNC hackers was “superb” — how could it be “superb” if Crowdstrike was immediately able to attribute them?

In fact, when one looks more deeply into the issue, it would be more accurate to say that the clues left by the DNC hackers to their “Russian” identity were so obvious as to qualify for inclusion in the rogue’s gallery of America’s Dumbest Criminals, criminals like the bank robber who signed his own name to the robbery demand.

To make matters even more puzzling, an identically stupid and equally provocative hack, using an identical piece of software, had been carried out against the German Bundestag in 2015. A further common theme to the incidents is that both resulted in a dramatic deterioration of relations with Russia — between Germany and Russia in 2015 and USA and Russia in 2016–2017. Perhaps it’s time to ask “Cui bono?” and re-examine the supposedly “superb tradecraft”.

Then, from 10/10:

In his attribution of the DNC hack, Dmitri Alperovitch, of Crowdstrike and the Atlantic Council, linked APT28 (Fancy Bear) to previous hacks at TV5 Monde in France and of the Bundestag in Germany [my bold]:

FANCY BEAR (also known as Sofacy or APT 28) is a separate Russian-based threat actor, which has been active since mid 2000s … FANCY BEAR has also been linked publicly to intrusions into the German Bundestag and France’s TV5 Monde TV station in April 2015.

Alperovitch’s identification of these two incidents ought to make them of particular interest for re-examination (CA readers will recall that the mention of Peter Gleick in the forged Heartland memo proved important.) In each case, including the DNC hack, attribution of the TV5 Monde and Bundestag hacks resulted in a serious deterioration of relations between Russia and the impacted nation — arguably the major result of each incident. [my bold]


Re-reading the two stages of contemporary articles, the first analyses of malware, linking back to malware known in Arabic language forums, to IP addresses in Iraq and Algeria and to jihadi-sympathizing hackers, are much more specific than the subsequent analyses attributing the hack to APT28, which did not present a single technical detail (hash, IP address etc.) It is also frustrating and troubling that the proponents of APT28 attribution did not discuss and refute the seemingly plausible connections to jihadi sources. It is also troubling that so much emphasis in contemporary discussion of FireEye’s analysis incorrectly associated the Cyrillic characters previously described by FireEye in October 2014 with the TV5 Monde incident.

Second, the confidence of attribution to APT28 was dramatically aggrandized in subsequent reporting, fostered in part by inaccurate original reporting. Contrary to newspaper reports, Trend Micro did not attribute the seizure of TV5 facilities to APT28. Its assessment was indeterminate, weakly preferring that the seizure was separate from APT28 eavesdropping.

Third, Trend Micro was asked to comment on indicators of compromise by L’Express. One can only conclude from events that the indicators did not include the indicators of compromise considered by Breaking 3.0 and Blue Coat in the original attribution of the attack (or else Trend Micro would have discussed them). It seems implausible that the original indicators were invalid, given how specific they were. So why were these indicators not included in the list given to L’Express and/or Trend Micro?


Overall, the presumption that the CyberCaliphate was a false flag created by APT28 to conceal their vandalization of TV5 Monde seems very much unproven, with substantial evidence to the contrary. It seems ludicrous that attribution of the DNC hack should, in any way, be based on such piffle.

So we have three attacks, blamed on Russia with no good evidence, which in each case “resulted in a serious deterioration of relations between Russia and the impacted nation — arguably the major result of each incident.

It makes a lot more sense that CrowdStrike, arguably a tentacle of the Atlantic Council, was working to frame Russia for these attacks in pursuit of its own geo-political agenda.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store