Bears Under The Bed

Thanks to a tweet by Stephen McIntyre, I’ve finally found a document that explains the hacking of the DNC emails. It’s by a company called “CrowdStrike”, a computer security firm which was called in by the Democrats back in June when the intrusions were discovered. The document is from June 16. Here’s the short version.

There are not one but two different hacking groups involved. The CrowdStrike folks name all Russian hacking groups with the code name “Bear”. One group called “Cozy Bear”, also known as TG-4127, was able to break into the DNC server and the Hillary Clinton campaign server. The “Fancy Bear” group attacked the Republican National Committee and Trump campaign, but couldn’t get in.

These two groups are known to have been involved in a host of other attacks, often in Russia, and are known to be hired by the Russian Government for this kind of operation. It gives the Russians deniability. Nor is it unusual to have two different groups working on it, different Russian government departments often hire different hacking groups.

So it appears that the ex-Communists have learned the beauty of outsourcing …

Here’s the ironic part. The difference in the ability to penetrate the two campaigns came down to a seemingly trivial choice. The DNC used Google mail. The GOP did not.

Seriously. The attackers used a phishing attack to penetrate the Google mail system.cozy-bear-fake-google-account

Now, this and a whole lot more was all publicly known back in June. So in answer to the question “Did the Russians mount a cyber-attack on both campaigns” the answer is “Yes”.

However, two things are NOT known. One is whether this particular instance of Russian ongoing attempts to hack anyone and everyone is or is not connected to the Wikileaks emails. This is closely related to the question of whether the Russians were trying to affect the election.

For me, I’d say on balance it’s not likely that the Russians were behind Wikileaks or trying to affect the election. To start with,  Julian Assange of Wikileaks says absolutely no way. His version is supported by a somewhat tarnished ex-British Ambassador, who said he was given the documents in a park by someone fed up with DNC dirty tricks aimed at denying Bernie Saunders the nomination. In other words, they were leaked, not hacked. He said:

I don’t understand why the CIA would say the information came from Russian hackers when they must know that isn’t true. Regardless of whether the Russians hacked into the DNC, the documents Wikileaks published did not come from that.

Next, as far as is known neither the CIA nor the FBI nor anybody have found the slightest scrap of evidence suggesting that the Russians were the source of the Wikileaks emails. None of them have even hinted at such evidence, and you know they’d love to prove Assange and company were being fed by the Russians.

Next, I can’t see the logic in trying to make Hillary lose. Does anyone seriously believe that the Russians would rather be up against General “Mad Dog” Mattis and Rex “T. Rex” Tillerson, than be up against Hillary and Huma?

Heck, throughout and since the Election the Democrats have kept saying they’re terrified that Trump is so unstable that he should be denied the Presidency for fear he might accidentally push the nuclear button. If that is true, where is the upside for the Kremlin in swinging the election to a madman? The missiles are all aimed at Russia, if Trump is loony do you think the Russians want him in charge of the nuclear button?

I say they’d much rather have Hillary and her famous big red “Reset” button that she pushed to signal a new relationship with Russia, than Trump with the actual red button. But not because they think Trump is crazy or unstable. The Russians know neither is true.

They’d prefer Hillary because Trump picks a Secretary of Defense whose nickname is the “Warrior Monk” and who is called “Mad Dog” …

Next, the fact that it was the Russians who hacked the DNC computer was publicly known back in early June when the CrowdStrike report was published. This was before the Wikileaks first release on 22 June … so the Russians would have to know that fingers would all be certain to point at them, and that the blowback would be intense, as indeed it has been. So facing the certain public knowledge that their penetration had already been discovered, why release the emails? Where’s the upside?

My final reason that I don’t think it’s the Russians is that it’s not their style. They’re more into blackmail than the Wikileaks-style expose because as J. Edgar Hoover proved, the payoff of having a blackmailed politician in your pocket is larger, longer-lived and more certain than just wasting your inside knowledge and evidence of wrongdoing on outing them in public. And the Russians are masters of blackmail, it’s a favorite KGB tactic.

But blackmail only works when you DON’T publish what you find …

My conclusions are:

• Yes, the Russians did hack the Democrats and try to hack the Republicans, the CrowdStrike documentation is detailed and convincing, and

• Yes, the DNC emails released by Wikileaks were leaked to them rather than hacked by the Russians, and

• No, the Russians did not release whatever they found, they’ve kept it close to their vests. They may or may not have more or different information than revealed in the Wikileaks emails. Whatever they have, I greatly doubt they’d waste it trying to swing an election after their penetration was discovered, particularly to support Trump.

Anyhow, that’s how it looks from the outside. We may find out more from the inside, who knows … but at least I have a better handle on what’s happening.

Finally, Assange has said that there are more emails to be released … who knows? The beat goes on, it’s the most fascinating election I could ever imagine.

Best to all, and don’t write anything down that you wouldn’t want to see in the tabloid headlines … I just assume the NSA is totally fascinated by my emails and act accordingly.


As is my custom, let me request that if you disagree with someone, you QUOTE THE EXACT WORDS YOU OBJECT TO. That way we can all be clear what you are referring to.



39 thoughts on “Bears Under The Bed

  1. Organisations are at great risk with Gmail. So an organisation has to ensure that staff are very aware etc. Clearly not the Clinton gang. It surprised me that in UK the two prime internet providers had been using it for a long time. Hence all the disastrous phishing stories over the years. Its not news anymore, to the numpties it is! The easy access via the web to Outlook Contact files…I often see my old business email being used where I seem to have millions of dollars in pretty much any UK or US bank suddenly. Then the “big ask” emails from Nigeria? Our Parliament (+ others) looses plenty of laptops, Blackberrys, iPhones etc each year…not difficult to dig into them is it?

    In my view…you asked for it and you really got it. The attacks come from anywhere globally I think…ooo-er the Dark Web where the captured credit card info resides.


  2. Dead on Willis. Isn’t it funny how most people still don’t get history, even over a 6 month period?

    Oh, shiny!

    What were you saying? Something about KGB and blackmail, but the Russians got rid of the KGB right? Putin wouldn’t have anything to do with anybody like that in his government would he, I mean just because he once was…


  3. It has been my point all along that Vladimir Putin, friend and business associate of Hillary Rodham Clinton /Clinton Foundation, would not be trying to thwart her run for US President. I don’t really care WHO exposed the criminal activities of the Democrat Party, other than to give them a fat cash reward. And mark my words, the next phase of this will be “Republicans had something to hide, that is why they had such good security!”. Don’t doubt me.


  4. Thanks, Willis. I didn’t hear about the Assange statement regarding his source… of course the media, including Fox, are skipping over that for some reason. The Russian source never made sense for so many reasons, which you suggest.

    Now, if only… if only the CIA and FBI, through Congressional hearings(?), would validate this story, we could pull one more crutch out from under the perverted “why we lost” stories. Most who voted for Hillary won’t be convinced, but enough may be that we’ll be able to give this administration 8 years (assuming the first 4 warrant that) to demonstrate what sensible government policies can accomplish.

    The bigger problem is how to convince the “one world” SJW folks (one of my sons and daughter-in-laws are among them) that their ideology, despite its idealistic appeal, is simply not workable. Sigh.


    • JP Miller: Fox News has reported the Assange statement about the source of the leaks (not being the Russians) many times over the past few months. The most recent instance was on the Hannity show two days ago.

      And my condolences about your SJW son and daughter-in-law. I feel your pain as I also have a son who is of that mindset.


    • I heard the statement by Assange that the hacked emails were given to them NOT by the Russians, but someone else. Hannity asked him after the first few minutes “let me get this clear, the emails published on WikiLeaks did not come from the Russians to you?” His reply was an unqualified “definitely not the Russians”.


      • That, plus the fact that not one agency has offered up the slightest scrap of evidence that the Russians gave the emails to Wikileaks, is the under-reported story that I’ve been trying to tell.



  5. Of interest:

    Secret World of US Election: Julian Assange talks to John Pilger (FULL INTERVIEW) – Embassy of Ecuador, London late this year


  6. I read the WaPo daily. None of the information and context you have provided has appeared in this newspaper. Instead there have been many articles about the Russians trying to sway the election to Trump, what a bad man he is, and come the 19th Electors should vote for somebody else out of fear of a Russian connection. The WaPo has become so intensely biased on the recent election that they cannot or will not report faithful news. I suspect it is the same with the other big city dailies. Sad.


  7. I think you are being generous to accept that it was the Russian Government It could have been and there is not much reason to think they wouldn’t but there is also no real good evidence that it was them.


        • Thanks, Francis. Indeed they said “moderate confidence”. But that was only the opinion of a private firm immediately after the attack. The conclusion of all of the US intelligence agencies now, after having six more months more to study it, is that the Russians were behind it. No surprise there, all countries are constantly probing the other side.

          So for me, preponderance of the evidence says Russians did attack both Republican and Democratic campaigns.

          What it does NOT say is that the Wikileaks releases came from the Russians, and I doubt it greatly.



  8. Speaking of blackmail, it is inconceivable that the Russians (as well as the Chinese, the Iranians, and any other interested parties) do not have all of the emails that Miz Clinton stored on her wide-open homebrew server. Is it not likely that they were all salivating at the prospect of holding the juiciest tidbits in readiness in case a little leverage was needed on a President Hillary? Just another reason why Putin would have preferred another easily-managed Democrat.

    /Mr Lynn


    • True ‘dat, Mr. Lynn. That poor server would have been attacked by everyone.

      The other point arguing against it being the Russians who RELEASED the information is that everyone expected her to win … why muddy the waters with her when it is a god-given opportunity for blackmail?



  9. Willis, been doing some further research on this interesting topic. (I liked early LeCarre and Len Deighton novels and was intrigued by the Philby saga. Later I learned that my grandfather had been judge in some Canadian spy trials in the wake of the Gouzenko revelations.)

    Thousands of “spear phishing” attempts by APT28 (aka Pawn Storm aka Fancy Bear) have been publicly documented since 2014. So the threat was well known. They had penetrated the State Department and the Hillary for America campaign. It seems implausible that they wouldnt have also penetrate the Hillary server. Indeed, I can’t help but wondering whether that might have been their wedge into the State Department.

    Like you, I’m unconvinced that APT28 or APT29 were Wikileaks’ source. In all other cases, they seem to have laid in the weeds with their knowledge – traditional espionage. The U.S. can hardly object to this, since they’ve done the same thing on a much more massive scale.

    There’s an interesting development in Germany as we speak. After Edward Snowden revealed the extent of NSA penetration of Germany, the Bundestag had an investigation in 2015. Russian hacking of the Bundestag was reported in 2015, but it appears to have been APT28 – a distinction that is of more interest given the DNC events. Wikileaks subsequently published extensive documents on the Bundestag investigation, which were attributed to “Russian hackers” at the time in the media. Recently, there are suggestions that the provenance to Wikileaks was a leak, rather than hack.

    This is obviously relevant to the DNC situation insofar as it bears on the method operandi of APT28.


    • Stephen, thanks as always for your interesting findings and take. I agree with your thought that the Clinton basement server was quite possibly their entry point into the State Department. That poor server had more friends

      The surprising thing to me is that the CrowdStrike information about the DNC attack was made public by CNN on June 12. This was ten days before the first Wikileaks release. While some argue this shows Russian involvement, I find it more likely that the Russians were looking for blackmail material, not to affect the election. After all, back in June nobody believed that Trump would possibly win. Also, publication of the attack meant there would be guaranteed blowback on the Russians … seems unlikely they’d do it.

      Someone else pointed out that the Russians had already successfully bought off Hillary in the uranium mine deal. Seems to me like they were looking for extra insurance, not looking for information to waste gambling on an extraordinary electoral upset.

      My best to you and thanks for your tireless curiosity and interest,



  10. Next, I can’t see the logic in trying to make Hillary lose. Does anyone seriously believe that the Russians would rather be up against General “Mad Dog” Mattis and Rex “T. Rex” Tillerson, than be up against Hillary and Huma?

    At the time of the Russian intrusions they did not know Trump’s eventual picks for his cabinet. What the Russians did know was they could do business with Clinton (uranium mine deal). So if Putin was after dirt on Clinton it was more likely he expected her to win and was looking for leverage to use in the future.

    Liked by 1 person

    • Alan, I’d forgotten about the uranium mine deal. So yes, Putin would definitely be looking for dirt on her … I hadn’t thought about this, but Putin must have been bummed when Wikileaks turned his golden information to dead leaves like the song says … but he’ll have more secrets. He wasn’t head of the KGB for nothing …


      “When you’re in the little land
      They fill your hands with gold
      You think you’ll stay for just a day
      You come out bent and old.

      Dead leaves in your pockets, oh, my enchanted, have a care
      Run, run from the little folk, or you’ll have dead leaves in your pockets and snowflakes in your hair.”


      • I started to add something else and decided not to lest it stir animosity. But if we are speculating about foreign interference in the US election specifically aimed at hurting Clinton, the top of my list would be Israel. They certainly have the capability and probably the strongest motivation. Given the countries Clinton has cozied up to together with the presumption she would continue Obama foreign policy, Israel had to be extremely concerned. Russia is not threatened by a Clinton presidency, but Israel is, or at least they can be excused for thinking so.

        I suspect that DNC and Podesta emails were penetrated by multiple interests. One of them decided to leak the information. While we should be concerned about attempts to pervert the US electoral process, the greatest risk is always going to come from domestic sources. Indeed the Clinton campaign itself was a major force attempting to “fix” the election, as the released emails show.

        Precisely who provided the emails which WIkileaks released and why I do not know, but Democrats are on very thin ice claiming it was “interference”, since it only revealed what they were doing in secret and lying about.


  11. The uproar over the Russian Hacking is a classic response to the release of incriminating information that cannot be refuted.

    When you can’t attack the message, you attack the messenger (alleged, in this case) instead. So far, they seem to be doing pretty well at this tactic.

    Liked by 1 person

  12. Good analysis. I concluded when the Russian thing first got media legs that both the CIA assessment and the Wikileaks leak not from Russia were likely true. The Democratic ‘Russia leak’ spin is a psychological fantasy excuse for HRC’s loss, because Dems simply cannot imagine that there are more deplorables in more places (except California) than Dem progressives. They lost Wisconsin, Ohio, Indiana, Pennsylvania, and Florida. They lost both congress and veto check on Congress. And will lose the Supreme Court. And barring some administration disaster, might well also lose Senate cloture in the 2018 midterms.


    • Gerry, I don’t think it’s “arty”, nor do I appreciate the gibe. I have a limited choice of themes. I have changed to this one. Is it better? Who knows. I’d like to find one with slightly larger font … but I have only found larger ones with gray font.

      Finally, I don’t see anywhere to change font color. The gray is what the theme designer chose … so your gibe isn’t even accurate.

      It’s a work in progress …



      • Willis, I suspect Gerry was trying to communicate that he was having trouble reading the previous site themes. Don’t take it personal. I too have had trouble reading various websites, and just quit going back unless the content is riveting. As long as the print is dark, we can solve the font size with CNTRL-+.


        • Thanks, Terry. Is the new theme better? The site is new and is a work in progress. I understood Gerry couldn’t read the gray. I didn’t like being called “arty” when I’ve been fighting to solve that very issue.

          Your conciliatory tone is noted and appreciated,



  13. I posted a related article on one of my blogs before I read your article.
    Title: “The Russians Did It ? ” on 12/20/16.
    My article is located here:

    Two comments on your good article:
    (1) Who is CrowdStrike and why do we have access to their document? Is that really their document? Is their analysis correct, or just speculation? Why should we trust them? Their statement below does not give me high confidence they KNOW exactly who hacked John Podesta’s emails:
    “CTU researchers do not have evidence that these spearphishing emails are connected to the DNC network compromise that was revealed on June 14. ”

    Democrats smeared Trump about Russia before the election, which diverted attention from the CONTENT of the Podesta emails. Did Democrats’ shop for a company with the “correct” conclusion (blaming Russia) they wanted? I have no logical reason to trust Democrats.

    (2) I see two facts, (a) and (b) … and then jumping to a conclusion:
    (a) Russians are always trying to hack US organizations
    (b) WikiLeaks published DNC documents
    Therefore, Russians must have hacked the DNC and gave the hacked documents to WikiLeaks ??
    The facts don’t add up to the conclusion.


  14. Pingback: Bears Under The Bed | Skating on the underside of the ice | Cranky Old Crow

You are invited to add your comments. Please QUOTE THE EXACT WORDS YOU ARE DISCUSSING so we can all be clear on your subject.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s