For over 4 years I have been analyzing the evidence related to the DNC email hack/leak and whether or not it involved an insider. I have decided to share my insights in the form of a blog.
In each blog entry, I will lay out the facts as presented in court filings, interviews of key participants and social media posts. I will also discuss my own theories on what may have occurred based on applying basic logic.
All of this comes with a disclaimer. I have no inside knowledge on whether Seth Rich actually was involved in the leak or why he was murdered.
FIRST MYSTERY – The Investigation of the Hack/Leak
The following is a list of unusual actions taking by the DNC, Crowdstrike, and investigators in the spring of 2016 when the DNC was alerted to a possible cyber attack of their servers.
1) The DNC never instructed their employees to change their passwords or to not send sensitive information via email. Most employees never knew anything about a possible intrusion until a story was written by the Washington Post. This was after all the emails were already in the possession of Wikileaks.
The majority of damaging emails were written while Crowdstrike was monitoring the network with their state of the art tool called Falcon.
Falcon is specifically designed to capture every keystroke on the network. The tool alerts those monitoring the server to unusual activity and creates logs for further analysis. It can be used to identify employees who are doing inappropriate or illegal things while at work.
What would have been so difficult to call a staff meeting and let everyone know in person to change their password frequently and report any unusual activity? One possible explanation is that the DNC may have been concerned that an insider was involved and they didn’t want to tip that person off that he or she was being monitored. Crowdstrike could have actually been hired to identify disgruntled employees or dishonest contractors who sought to sell data or leak information to harm the Hillary Clinton campaign.
2) The FBI did not inspect the DNC servers and it appears they did not interview any of the employees whose emails were part of the Wikileaks release.
The Mueller report mentions the Russians allegedly stole thousands of emails from the work accounts of DNC’s employees after hacking into the DNC’s Microsoft Exchange Server using Power Shell commands (which magically escaped the ever vigilant Falcon monitoring tool).
There were probably hundreds of active email accounts if not more in 2016 including high level executives such as Debbie Wasserman Schultz and Donna Brazile. If the Russians really wanted to hurt Hillary why not release emails from those accounts? If Putins elite team of cyber hackers actually accessed the exchange server, they could have taken all the emails.
A good investigator would ask the above question and look at the simplest explanation as to why only a fraction of the DNC emails (from mostly mid level employees) made it to Wikileaks.
The simplest explanation is that someone knew the passwords of the 10 employees. The Mueller report goes into extensive detail as to how the Podesta and DCCC emails were obtained via spearfishing. Why would the same hackers use Power Shell commands when spearfishing worked so well with the DCCC (33 successes per Mueller).
NOTE: During 2017, a Twitter user STEEMWH1SKS revealed that 7 of the 10 DNC employees with emails published by Wikileaks had their credentials listed on a now disabled dark website called LeakedSource.com.
STEEMWH1SKS is credited for being the first person to breakdown the dates and times of when the emails were extracted in late May of 2016. In other words, he was not your average Twitter user. At a minimum, he should have been interviewed by Mueller or the LeakedSource website should have been checked out.
Another reason to consider that the hacker/leaker simply downloaded the emails to their own storage device using Webmail from the comfort of their home or another secure location is that password security was very weak at the DNC.
Podesta identified his password in one of his emails. After it was revealed by Wikileaks, hackers found out he used it for other social media websites and he had those sites hacked as well. In another email ir was revealed his email password was known by at least 1 coworker.
Debbie Wasserman Schultz revealed her password was known by her IT contractor Imran Awan. Awan likely knew the passwords of other DNC and DCCC employees (who shared the same office spaces).
With all that being said, did the FBI ask any of the 10 employees if they were spearfished either at the DNC or their personal email accounts? People tend to use the same passwords across various sites. The FBI certainly interviewed the DCCC employees since many facts are detailed in the Mueller report.
Crowdstrike was oddly not monitoring the DCCC servers. It appears the FBI was given permission to look at the DCCC servers and interview its employees but was prohibited from doing the same with the DNC server and staff.
If Crowdstrike had monitored the DCCC server it likely would have detected highly questionable actions by their IT consultants. The Awan Brothers were reportedly given carte blanche to access dozens of computers on the network.
3) It appears the he FBI did not work with Google to see where Podestas hacker logged in from. Google logs the IP address of every successful and unsuccessful login attempt. It would have been worth checking to see where his account was accessed from.
4) Why were there no emails in the Wikileaks dump mentioning Seth Rich?
A good investigator would wonder why there were no emails sent to or received from the Voter Expansion Data Director of the DNC (Seth Rich).
There were emails from those he reported to and those he worked side by side with. Pratt Wiley had a parallel position to Seth in the Voter Expansion project and he was actually fired because of emails he wrote that were critical of Bernie Sanders. See the following article. https://medium.com/@MeanJean/what-is-the-dnc-voter-expansion-project-264395c439f3
Here is additional unverified information from a respected Twitter user posted in July 2019 … In the dnc leak, Pratt Wiley yeilds 340 results, seth rich = 0. Pratt wiley was seths direct supervisor. Pratt was also the nephew of former dc mayor and dnc official sharon pratt and the dnc brass went through pratt when they needed to get ahold of donna B.
This should have been seen as a red flag especially because it has been revealed that Peter Strzok and Lisa Page sent messages to each other about Seth.
4) Crowdstrike has no proof that any DNC emails were exfiltrated. Their CEO testified to that fact during a Congressional hearing. Also, according to Bill Binney, a member of VIPS, there would be evidence of data being transmitted from the DNC server to another destination within the NSA. Binney designed the system for the NSA that tracks every message from one source to another.
The Mueller report makes no mention of researching any NSA data captures.
Interestingly, there would be no trail of data being copied from a desktop to a thumb drive. If someone using Webmail logged into the email account of a coworker and then used the Export feature, the emails could be downloaded to a device as small as a thumb drive. They likely would be compressed to maximize the volume of emails to extract.
To summarize, all of the actions taken to identify the source of the Wikileaks emails excluded any other possibility other than a sophisticated cyber attack that Putins top spies had to resort to Googling how to use Power Shell commands to access a Microsoft Exchange Server.
Its hard to believe that not one agent was assigned to look into the possibility that an insider could learn a password of a coworker and use Webmail to download as many emails and other documents from their coworkers desktop.
Finally, its hard to believe that the Mueller report could not include even one screenshot from Crowdstrikes Falcon product which was running on the DNC network for the days where nearly 90% of the emails were extracted.
Update: I did learn from a November 2017 AP article …Guccifer 2.0, WikiLeaks and DCLeaks ultimately published more than 150,000 emails stolen from more than a dozen Democrats, according to an AP count. The AP has since found that each of one of those Democrats had previously been targeted by Fancy Bear, either at their personal Gmail addresses or via the DNC, a finding established by running targets’ emails against the Secureworks’ list.
My Views on the News 