Vol. XLI No. 02 January 08, 2017

Obama, Why this Kola Veri?

Prabir Purkayastha

THE US has imposed fresh sanctions on Russia and expelled 35 of her diplomats on Russia's supposed hacking of the US elections. Obama, as president, was seen to be less prone to war unlike his predecessor George Bush (Junior) or even his secretary of state, Hillary Clinton. What explains then, his almost unprecedented (or shall we call it unpresidented?) move to sanction Russia and expel Russian diplomats on such a flimsy charge?

Experts agree that no real evidence has been produced by the US spook agencies – in this case the Home Land Security (DHS) and FBI – of the Russian hacking of the Democratic National Committee (DNC), and the publication of its internal e-mails by WikiLeaks. Or, shall we say that the evidence that the Home Land Security has produced, is on par with the pictures that Colin Powell had produced in the Security Council on Iraq's Weapons of Mass Destruction? Remember those scary pictures of Iraq's “mobile biological weapons labs” that turned out to be simply mobile health vans?

WikiLeaks has asserted that what they have published was from an internal leak within the DNC, and not from anyone hacking into DNC computers. This claim has been backed up by Craig Murray, a former British diplomat and now associated with WikiLeaks. Murray has said that Russia did NOT provide the Clinton emails; instead they were handed over to him in a park in Washington DC by somebody representing “disgusted” Democratic insiders. These insiders were angry about the corruption of the Clinton Foundation, and DNC's rigging of the primaries against Bernie Sanders.

According to Julian Assange, the WikiLeaks founder editor, the fiction of a Russian hack has been created by the coterie controlling the Democratic Party, only in order to divert attention from the damning content of the emails. Hillary Clinton and the Democratic Party leadership ducked the question of the authenticity of the emails, instead focussed exclusively on Russians hacking their servers and help Trump.

As if the diplomatic escalation was not enough, an even more scary picture of Russia hacking the US electricity grid was circulated by Washington Post on December 31, and picked up by all the major news agencies. The actual news that the concerned Vermont utility – Burlington Electric – put out was far less scary, that it was only an isolated laptop found infected by malware, not any equipment or computer connected to the grid. Neither did the malware have anything to do with Russians. That it was an isolated laptop and nothing to do with the grid, was completely ignored by the US and the global media. What has stayed in peoples' mind is a dangerous Russian cyber attack on the US electricity grid!




This one-sided escalation of warlike hysteria -- ejection of Russian diplomats, imposing sanctions, and then talking about a Russian attack on the electricity grid -- is difficult to understand without addressing the larger political context.

The political context is that before the unpredictable Trump takes power from Obama on January 20, the Washington deep state wants to lock into place a set of policies that Trump will find difficult to reverse. Obama and the current US policymakers thought that the expulsion of 35 Russian diplomats and new sanctions, would draw an immediate tit-for-tat response from Moscow, thereby creating a US-Russia strategic lockdown. By not retaliating, Putin has effectively blocked Obama, virtually dismissing him as a lame duck president. To rub home the point, the Russian Embassy in UK even tweeted a picture of a duck!

There are two sets of issues with the DNC hacking story, one is who or which organisation hacked the DNC. The second is, did Wikileaks get its treasure trove of DNC emails including DNC chairperson Podesta's and Clinton's from such a hack. By mixing up these two sets of issues, the Obama administration and the US mainstream media is claiming that Russia has hacked the US elections, and not just DNC computers. The narrative of hacking of the DNC computers has segued into Russia helping Trump to win and therefore interfering with the US elections. While the US electorate may have rejected the Clinton's campaign's theme – Trump is a Putin stooge – the Obama and the media are still continuing with this stale narrative.

Let us first examine the evidence regarding Russians hacking the DNC servers. The first set of claims regarding Russian government’s direct involvement in the DNC hacking was made by CrowdStrike, a private security company called in by the DNC. For the DNC, blaming the Russians and claiming Trump was being supported by Putin was the obvious defensive ploy. Predictably, CrowdStrike claimed that the “Russians done it”, with very little evidence to support this claim. Their strongest “evidence” was that the attack used the same malware that was used to hack Germany's Bundestag and French TV network TV5Monde in 2015, and as Russian intelligence agencies were allegedly involved with these two hacks, ergo, this was also a Russian intelligence operation. The problem with this reasoning is that the full source code used in these two attacks, were reconstructed Eset, an anti-virus company, and so was available to others.

CrowdStrike's claims were also put into doubt after a lone wolf operator, Guccifer 2.0 claimed that he had hacked the DNC servers and even provided evidence by dumping original material from the hack. DNC's security became a laughing stock when it was found that an aide of Podesta, the DNC chairman, had sent him his Apple I-Cloud password in an email. After a WikiLeaks dump of his emails, it turned out it was also his Twitter and also his Apple devices' password. Someone used the same password to hack into Podesta's Twitter account, and tweeted that Podesta was leaving the Clinton campaign and joining Trump! They also wiped out all the data from his I-Pad and I-Phone.

Most security experts had discounted CrowdStrike claims. They expected better evidence from the US government. Commenting on the 13-page Joint Analysis Report produced by the two agencies – DHS and FBI, ArsTechnica, a publication catering to technically savvy audience, stated “Instead of providing smoking guns that the Russian government was behind specific hacks, it largely restates previous private-sector claims without providing any support for their validity. Even worse, it provides an effective bait and switch by promising newly declassified intelligence into Russian hackers' "tradecraft and techniques" and instead delivering generic methods carried out by just about all state-sponsored hacking groups.” In other words, rehashing of already discredited claims of CrowdStrike and some general tips of what is a hack, and how to prevent it.

An independent analysis done by a security company WordFence was even more damning. The report by DHS and FBI had named the attack Grizzly Steppe, and identified a specific PHP malware as a key component. WordPress is a widely used platform for websites, and uses PHP as the programming language. WordFence provides protection to WordPress sites, and maintains an archive of attacks on its client sites. It was able to extract the specific PHP malware from its extensive database and showed that the particular malware in question was not Russian, but of Ukrainian origin. It is also a tool widely used by hackers worldwide, and has no specific Russian connection.

The other evidence that the report on Grizzly Steppe provided was a set of IP addresses from which attacks had originated. IP addresses are the equivalent of telephone numbers for computers, it identifies which computers participated in the attack. Again, the WordFence team found no specific Russian connections. In other words, no smoking gun here too.

The interesting question that WordFence also deals with is that if a computer is found to have “footprints” or Indicators of Compromise (IOCs) of Grizzly Steppe identified by DHS and FBI, does it mean Russians have hacked this computer? This question is important when we see the worldwide hysteria created on “Russians” hacking of the US electricity grid. This is exactly what happened in Vermont, a lone laptop, probably used by an employee for seeing emails and surfing the net, was found to have such footprints. We give below WordFence Team's response:

The IOC’s in the report are tools that are freely available and IP addresses that are used by hackers around the world. There is very little Russia-specific data in the Grizzly Steppe report.

If you find an IOC that is in the report on your network or server, it is unlikely that you have been targeted by Russian Intelligence.

In other words, no apocalypse, no Russian spooks bringing the US grid down. On this non-evidence, the Vermont Governor Peter Shumlin tweeted, "One of the world's leading thugs, (Putin) has been attempting to hack our electric grid." Many other threats were issued to Putin and Russia. Glenn Greenwald reported on this hysteria in his article Russia Hysteria Infects WashPost: False Story about Hacking the US Electricity Grid. A shoddy report meant for largely US domestic politics, which now threatens to spin out of control by finding Russian hacks everywhere.

For those who may not be aware, hackers continuously attack computers for hijacking them, not because they want to steal their secrets. Such hijacked computers are used for a variety of purposes, including hiding the actual source of cyber attacks.



If Russians did hack into the DNC servers and “exfiltrate” their contents, they would have left a signature on the network. Snowden has said that with XKeyScore tools, these signatures would be easy to trace. Why then have the US agencies not provided such evidence? Snowden goes further and says that he himself has done such forensic analysis of some Chinese hacks.

It is the business of intelligence agencies to hack into each others networks. This is the core business of NSA, who have hacked the whole world, including Indian networks. The issue is not that the Russians hacked the DNC servers, but did they provide the hacked output to WikiLeaks? Why has the US failed to provide any evidence that the WikiLeaks revelations originated from such hacks? If XKeyScore can indeed trace this so easily, why this reticence?

The problem is that irrespective of what is the truth, what stays in people’s minds are the scary headlines. Not surprisingly, 42 percent people in the US, still believe that Saddam Hussein had Weapons of Mass Destruction and the US did find such weapons in Iraq. Irrespective of the opinion of the experts and the shoddiness of the DHS and FBI Report, people will still believe that if the US agencies and the White House are saying the Russians hacked the US elections, it must be true. No, the Post Truth world was not invented by Trump's supporters. It has always been there. And the mainstream media is very much a part of this world.