"Given the stakes involved, one would think it would become a top priority of the US government to take control of the DNC server and conduct a thorough forensic examination of all activity, with special attention to the period between May 5, 2016--when Crowdstrike installed its Falcon software and deployed its Overwatch capabilities--and June 12, 2016, when Crowdstrike purged the DNC server of all malware. There is every reason to believe that, in doing so, investigators will expose one of the greatest cons in modern American history."---Scott Ritter, Crowdstrike: Making it Up as They Go Along? published on Medium.com
What will be attempted in this part of the analysis of the alleged Russian hack of the DNC's computer network that was reported beginning on June 14, 2016, is a comparison between what was told about the hack in the Mainstream Media and in the final report by Crowdstrike, a cybersecurity firm hired by the DNC to expel the hackers from the network. A lot of the information contained in this article has been not so much hidden from the general public as it has been camouflaged behind a bunch of cyber security jargon, and through manipulation of the Mainstream Media (MSM). There were two different reports provided by the principles involved in the alleged hack, Crowdstrike, the cyber security company hired by the DNC's lawfirm, Perkins Coie, to eliminate the hack, and the senior management of the DNC. Before we begin, we have to set the scene and introduce all the actors involved.
In the summer of 2015, before anyone had been nominated by either party for President, the FBI had attempted to contact the leadership of both parties to warn them that their networks might be targeted by hackers in the upcoming 2016 election year. The Democratic National Committee (DNC) allegedly received such calls, but it is claimed at a lower level than those in management who make decisions. In Congressional testimony earlier this year, it was alleged that the Help Desk was called at least once by the FBI to warn about hacking. DNC leadership, such as former Chairwoman, Debbie Wasserman-Schultz, who remains a representative for a Florida Congressional district, denied knowing of any such contact, and claims the DNC discovered the hack on their own, April 29, 2016. The DNC management held meetings and discussions among its membership until May 4, 2016, when Murray Sussman, an attorney from the Perkins Coie Washington, DC law firm, made arrangements to hire Crowdstrike, a cyber security company that was rising in attention in government circles for information and cyber security. Keep Perkins Coie in the back of your minds because this was not the only hiring for the DNC and/or Hillary Clinton's campaign arranged by Perkins Coie. The other hiring was of Fusion GPS to get dirt on Donald Trump from Russian sources. Both Perkins Coie-arranged hirings took place in April 2016 as well. Was someone was in a hurry?
With founding management comprised largely by former managers and technicians who worked for long-time security software publishers, McAfee., Crowdstrike is now widely known in information security circles. It is not an exaggeration to say that people in the cyber security field either love Crowdstrike, or have no regard for them at all. Most important among the former McAfee employees who formed Crowdstrike is Dmitri Alperovitch, who is the firm's Chief Technology Officer (CTO). Alperovitch left McAfee when another former McAfee employee, George Kurtz, then working for Warburg Pincus, a private equity firm, recruited Alperovitch to join a cyber security firm Warburg Pincus was underwriting with $26 million. A number of other McAfee technical and administrative recruits joined Crowdstrike in addition to Dmitri Alperovitch, along with Shawn Henry, retired Executive Assistant Director of the Criminal, Cyber, Response and Services Branch of the FBI. Alperovitch and Shawn Henry are the main Crowdstrike actors in the engagement to respond to the DNC hack.
When it came to promoting future business for Crowdstrike, it is apparent that George Kurtz expected Alperovitch to help in attracting clients to Crowdstrike during the company's start-up period. In business, information security, and with President Obama's cyber security initiative and its movement for increased cyber security awareness, the name of Dmitri Alperovitch could only help. Alperovitch had made his reputation as a result of his attribution of a hacker botnet tool, nicknamed "Shady Rat," to the government of China. For more on this Shady Rat controversy, see Scott Ritter's Crowdstrike: Making it Up as They Go Along?, which is available on Medium.com. Not everyone of note in the cyber security community agreed with Alperovitch about the level of threat posed by Shady Rat.
Atrribution of a hack to a particular perpetrator, such as a foreign government, is the cutting edge of Dmitri Alperovitch's strategy, which prioritizes identifying the perpetrator. Alperovitch is of the opinion that if the perpetrator is named, the perpetrator will be less likely to hack the victim's network again. As Alperovitch once stated, "No one's focusing exclusively on how can we actually identify them, attribute them (hang the hack on someone's neck like a collar), deter them from taking this action again." In other words, no one but Crowdstrike focuses on attributing the hack to the named perpetrator as that is supposed to keep them from hacking the victim again. This theory was refuted when Crowdstrike informed the public that the Russians took more data from the DNC on July 5, 2016, about three weeks after Crowdstrike had supposedly eliminated all the "Russian hackers'" malware on the DNC's network and strengthened the security as well as "naming and shaming" the Russian government for the hack. Attribution must not be the great deterent that Alperovitch's theory claims.
On May 5, 2016, the Crowdstrike engagement at the DNC began. By the time Crowdstrike finally moved to take back control of the network, on June 10, 2016, a period of 36 days, the hackers had stolen any document of any value or importance from the DNC, and had them delivered to Wikileaks sometime before June 12, 2016. The engagement was a failure as far as limiting the damage suffered by the DNC. On July 22, 2016, Wikileaks published the DNC emails, to the surprise of the media. Before the Democratic National Convention was over, huge crowds would demonstrate outside chanting, "Hell, no, DNC, we won't vote for Hillary!"
The reader is cautioned to look carefully for personal attributions from Ms. Nakashima such as "Alperovitch said," as they indicate how careful she was to report the story as it was presented to her on June 13, 2016 in the private meeting with the Crowdstrike management and the leadership of the DNC.
"Cozy Bear had roamed uncontested throughout the totality of the DNC server, collecting email and Voice Over Internet Protocol (VOIP--telephone conversations sent over the Internet) communications."
Note--The reference to VOIP indicates the alleged Russian hackers stole entire telephone conversations.
"The intruders so thoroughly compromised the DNC's system that they also were able to READ (emphasis added) all email and chat traffic."
"The DNC said no financial, donor or personal information appears to have been accessed or taken, suggesting the breach was traditional espionage, not the work of criminal hackers."
Note--The second quote will be important later, so be sure that it is understood.
"Significant amounts of data had been exfiltrated (meaning stolen and sent to Russia via Internet), Crowdstrike assessed, and the DNC had to assume that ANYTHING STORED IN THE SERVER HAD BEEN COMPROMISED." (Emphasis Added)
Note--This means the hack was out of control at the time Crowdstrike arrived on May 5, 2016. Virtually anything of any importance was stolen, and it reads as if donor information had to be part of it, as in the use of the word "anything," yet DNC personnel, with Alperovitch present, told Ellen Nakashima that the hackers didn't even access the donor, financial, or private information. How sporting of them! Anything means EVERYTHING was compromised, and the donor information was later posted on-line by Guccifer 2.0.
"One (Russian) group, which Crowdstrike had dubbed Cozy Bear, had gained access last summer (in 2015) and was MONITORING (emphasis added) the DNC's email and chat communications, ALPEROVITCH SAID." (Emphasis Added)
Note--as cautioned above, pay attention to Ms. Nakashima directly attributing the assessment that the Cozy Bear Russian group "MONITORED" the email and chat communications to Dmitri Alperovitch. Alperovitch did not use the verb STOLEN, or the verb EXFILTRATED, which would indicate removing of the emails for transmission to Wikileaks. There is no mention of the VOIP telephone conversations being sent to Moscow in Ms. Nakashima's article, and, come to think of it, copies of those have not been exposed to the public by the Russians or anyone else.
"Sifting through the data collected by Shawn Henry and his Falcon Overwatch team, Dmitri Alperovitch was taken aback by the sheer audacity of what transpired."
"The other (Russian Group) which the firm (Crowdstrike) had named Fancy Bear, broke into the network in late April and targeted opposition research files. It was the breach that set off the alarm. The hackers stole TWO FILES." (Emphasis Added)
Note--The two files stolen were opposition research reports, compiled by Warren Flood, about Donald Trump. The fact that Ms. Nakashima was told by Crowdstrike and the DNC that these two files were the ONLY ones stolen by the Russians is indicated by the files being mentioned in the WAPO headline of her article. No`other documents were described as having been "stolen" in the article.
Obviously, something happened either before Crowdstrike started the cyber security engagement at the DNC on May 5, 2016, or after the engagement had begun, in order to have so many significant contradictions in these two stories. It appears that Crowdstrike planned to obfuscate the nature of the hack to the general American public, while perhaps telling another version to the FBI and other federal intelligence and law enforcment agencies. The question at large is: Which version of the nature, and the effects, of this alleged hack is the true version? Was this hack relatively benign, with the Russians only looking for information about Donald Trump, and peeking at a few emails without stealing them, or did the alleged Russians completely loot the DNC network of all of its critical information?
In the above paragraph, the verb obfuscate was used to describe what Crowdstrike and the DNC did in how they used Ellen Nakashima and the Washington Post to produce what was a more benign version of the hack, or to represent the hack as it actually was, with only opposition research stolen. Remember, neither the DNC, nor Crowdstrike knew, on June 13, 2016 at the meeting with Ms. Nakashima, that Julian Assange of Wikileaks had all the DNC emails that would be published on July 22, 2016. Most of the media did not know about Assange having DNC emails as indicated by two articles, one in Time magazine, and the other in the New York Times. When the emails came out, many in the MSM were astounded. They had no idea that the "Russian" hack of the DNC had anything to do with the DNC emails. Assange published the DNC emails on July 22, 2016. On June 12, 2016, Assange told Robert Preston of Britain's ITV that he had "emails about Hillary Clinton" that he intended to publish "coincident to the start of the Democratic National Convention" in July 2016. The MSM was taken totally by surprise that the emails published on July 22, 2016 were the DNC's emails. This prompted articles such as Charlie Savage's in The New York Times of July 26, 2016. Mr. Savage explained how the MSM was surprised by the fact that the Wikileaks emails came from the DNC by going back to the June 12, 2016 interview of Julian Assange by ITV:
"Mr. Assange's remarks last month (June 12, 2016) received only scattered attention (from the MSM), in part because in the interview Mr. Preston appeared to mistakenly assume that Wikileaks had obtained still-undisclosed emails from the private server Mrs. Clinton had used while Secretary of State, and kept cutting Mr. Assange off to ask about it. But now it seems clearer that Mr. Assange was trying to talk about the Democratic National Committee emails."
If the DNC and Crowdstrike people had known that Julian Assange of Wikileaks had the DNC's emails on June 13, 2016, then they would have blamed Russia so that Ellen Nakashima could include that in her article.
Unfortunately, just like Charlie Savage relates above, the media did not know that Wikileaks was going to publish DNC emails on July 22, 2016. Therefore, the DNC and Crowdstrike did not tell Ms. Nakashima about 20,000 emails pilfered by the alleged Russian hackers while Crowdstrike watched it happen and did nothing to stop it. More on that later. The remaining question is whether or not Crowdstrike knew emails were stolen from the DNC, and lied to Ms. Nakashima about the theft of the emails, or if their cyber security software did not apprehend hackers exfiltrating emails. Well, Dmitiri Alperovitch prepared the report, Bears in the Midst: Intrusion into the Democratic National Committee, shortly after the end of the engagement at the DNC. The report reflects that the information about the emails, the VOIP conversations, and the donor information was withheld from the Washington Post . That must be the case, as Alperovitch's report reflected the fact that everything on the network should be assumed to be compromised, and that a staggering amount of data was exfiltrated from the DNC network. The Post was given exclusive access to DNC and Crowdstrike management in producing the only story about the hack in the MSM published on the first day. All other MSM entities had to go to the Post for the information.
The general public isn't going to read Bears in the Midst: Intrusion into the Democratic National Committee, as it is full of cyber security descriptions and language that most ordinary people are not going to understand. The cyber security professionals and the government officials will read it, but not your average American. Most Americans rely on the MSM for their news, so the Washington Post version of the "Russian" hack became the version of most of the public as television networks and local stations picked up on Ellen Nakashima's reporting. This hack was not nearly as serious as the one in the formal Crowdstrike report, which described it as a complete disaster for the Democratic Party and an act of aggression by Moscow. When Wikileaks finally published the emails on July 22, 2016, the public forgot that the media did not include the emails in the alleged Russian hack reported back in June. The public made the email theft part of their knowledge of the hack, and moved on as they always do, puzzled about why people like me keep asking questions. Psychologists call this type of phenomenon as the human mind "closing the circle." If someone sees a partially drawn circle on a blackboard, the person just might call it a circle anyway, despite the circle not being closed. The person's mind closes the circle. The public just added the stolen emails to what was called a hack, and assumed the stolen emails were reported from the beginning.
It is very important to note that Ellen Nakashima did not lie, exaggerate, or make material errors in her reporting of what the DNC and Crowdstrike people told her. No one has ever accused Ms. Nakashima of any kind of malpractice as a journalist about how she wrote the DNC hack story, and no one ever will. Ms. Nakashima reported accurately what people like Dmitri Alperovitch and Shawn Henry of Crowdstrike, and Debbie Wasserman-Schultz and Amy Dacey of the DNC told her. They just misrepresented the situation to Ms. Nakashima in material ways, if the final Crowdstrike report is any indication. The emails would have been identified as documents stolen had the DNC and Crowdstrike managers known that Julian Assange had them. The information that Assange had the DNC emails was not known to the DNC and Crowdstrike, so the emails were not included in the documents exfiltrated by the alleged Russian hackers in the material given to Ms. Nakashima. I haven't come up with any other explanation for this absence of alarmed descriptions of 20,000 emails being spirited away to the Kremlin. If Ms. Nakashima had known that the emails included incriminating material about how the DNC was hosing Old Man Sanders in the primary campaign, I am sure that she would have thought that worthy of reporting.
As you read the differences in factual descriptions of the hack between the Crowdstrike report, as rendered by Scott Ritter, and by Ellen Nakashima in the Washington Post, the reader can't help but wonder if the authors were talking about separate incidents. Scott Ritter's article is full of sturm und drang about the extent of the alleged Russian penetration of the DNC network. So much was compromised that one was forced to decide that all the files and records saved on the system were compromised by the "Russian hackers." It was shocking to Alperovitch that the Russians showed so much audacity. It was like Alperovitch has never seen such a hack in his entire life. The alleged Russian hack was devastating. It was an act of aggression by Russia, and a threat to our democracy by Vladimir Putin.
Ellen Nakashima's article is a lot less shocked and outraged than the Crowdstrike report. All that appears stolen are the opposition research files about Trump that were compiled by Warren Flood. The emails and chats were only "monitored" or "read" by the dastardly Russians. The reason that the Trump research was stolen was largely benign. The Russians just didn't know much about Trump because a lot of their information sources dried up with sanctions leveled against them for Ukraine and other matters. All private data and the donor personal information were not even touched. Check out both articles and see if my description is very far off the mark.
One has to ponder what Ms. Nakashima would have said about the Russians not knowing much about Trump if she had known that Hillary Clinton and the DNC had hired Fusion GPS, the Washington, DC lobbying and private intelligence firm, to gather dirt about Trump from members of the Russian government, including spies in the Russian intelligence agencies. This resulted, as we know now, in the DNC's acquistion of the "Peegate Dossier," which was compiled by Christopher Steele, acting as a subcontractor for Fusion GPS. Fusion GPS has done work for the P:utin regime in the past, and this will come up in a future chapter of this research. Ms. Nakashima was led to believe that the Russians had no information about Trump, while Christopher Steele has claimed that Trump was already being blackmailed by the Putin regime for hiring the Moscow prostitutes to urinate on a hotel bed once slept in by former President Barack Obama. It looks as if somebody was telling lies again. Either the Russians don't know anything about Trump, as one story suggests, or they know everything about him. It can't be both.
(Note: This writing of this article began in November 2017, and continued through December 17, 2017. During a two-week period when I was preparing for Christmas, and dealing with an eye injury, we were all informed about how Bruce Ohr, a high-ranking official of the Department of Justice, and his wife, Nellie Ohr, were involved with Fusion GPS. There will be more about this in the future article "The Amazing Adventures of Fusion GPS." Mrs. Ohr, you see, has worked for the CIA and was paid $500,000 by Fusion GPS to compile opposition research about Donald Trump from Russian sources. Christopher Steele was paid less than $200,000. The reader can decide who did the most work.)
As a result of studying results of Crowdstrike's work, and how a major part of what are Best Practices in responding to hackers was not implemented in a timely manner by Crowdstrike to limit damage to their client, I have to conclude that Crowdstrike's performance in managing the hack of the DNC was unsatisfactory. Following are all the reasons I have come to this rating of Crowdstrike's work for the DNC.
1. Crowdstrike did not follow Best Practices in Incident Response. These Best Practices are best described in the SANS Institute's Handbook for Incident Response. When an entity like Crowdstrike is hired to deal with a hack of a system, this is termed Incident Response. The most important of these Best Practices in Incident Response is the need for containment. The responder is to limit the damage caused by the hackers. If necessary, the compromised computers, servers, routers, etc., must be removed from the network to end the hackers' access to them, thus protecting the information stored in them. As we saw in the table comparing the two stories about the hack, the Crowdstrike final report described a system totally at the mercy of the hackers with anything stored on the system assumed to be compromised. Crowdstrike didn't take containment measures until over thirty days after the engagement began. By then, 75% of the emails stolen from the DNC were sent and received by DNC personnel from May 5 through May 30, 2016, which was during Crowdstrike's work at the DNC. These emails included all the damaging information about how the DNC was favoring Hillary Clinton in the contest for the Presidential nomination. Crowdstrike was trying to determine who the hackers were, and attempt to track them back to their origin, which Crowdstrike thought was in Russia. They never achieved that objective, nor did Crowdstrike contain the damage to their client, the DNC. The damage was maximized as supporters of Bernie Sanders demonstrated vociferously during the Democrats' Philadelphia convention, protesting about how Sanders was treated by the DNC. That was all thanks to Wikileaks making the emails available to the public. Debbie Wasserman Schultz lost her job as Chair of the DNC as a result. Taking the compromised servers and workstations off line, replacing them with equipment with hardened security, and working with the DNC to improve security related policies and procedures could have prevented the lion's share of the damage for Crowdstrike's client. Defeating the hackers, no matter who they are, is the primary objective, not finding a way to plant malware on the "mother ship" server of the hackers, whether in Moscow, Peking, or wherever. Defeating the hackers means keeping the vast majority of the sensitive data of the client from being accessed or stolen by the hackers. Crowdstrike failed to defeat the hackers, permitting them to take most of the incriminating emails out of the DNC network and get them to Julian Assange's Wikileaks.
2. Crowdstrike failed at reaching out to the employees of the DNC to make them aware of the hack and its potential ramifications. Instructing the employees in security awareness should have been part of Crowdstrike's engagement. Most of the damaging emails, at least 75% of them, were produced by the employees, and stolen by the alleged Russian hackers, while Crowdstrike was supposed to be responding to the hack. If "responding" meant watching the documents be removed from the system by the hackers, and doing nothing to stop them for almost 40 days, the engagement was a smashing success. If the employees had been informed of the problem, and were reminded daily to be cautious of what they wrote in emails, perhaps the damage to the DNC could have been significantly reduced.
3. Crowdstrike either mislead the DNC leadership into thinking the donor information was not stolen by hackers, or even accessed by them, or the vaunted anti-hacker software used by Cloudstrike to monitor hackers, Falcon Overwatch, does not work as well as claimed. Another alternative is that the DNC knew the donor information was compromised and they lied to Ellen Nakashima while Crowdstrike people listened to them lie. The DNC people told Ellen Nakashima that donor and financial information was not even accessed by the hackers. On June 15, 2016, Guccifer 2.0 was publishing donor information at places on the Web like The Smoking Gun and Gawker. It would not be either ethical, nor very effective strategy, for Crowdstrike to not inform the client of the extent of the client's exposure. Donor information is critical to an organization like the DNC. The donors should hear from the DNC people that their information was compromised, and not wake up some morning to find out that their private data resides on a Web site called "Gawker." As of this writing, the DNC's donations are not doing as well as in the past.
4. Critical bases for Crowdstrike's attribution of the hack to the Russian government have been overturned. The naming of individuals, organizations, or governments involved in a hack is called attribution. Forensic evidence is required to support an attribution. Attributing a hack to a nation state requires a high level of verifiable forensic computer evidence as there are millions of private individuals working as hackers without direction of any national government. Below are some of the reasons many members of the cyber security profession do not agree that Crowdstrike has sufficient evidence to support that the hack was state sponsored.
First, we take the claim that the hackers did not access the financial and donor information, therefore it was more likely a state-sponsored espionage hack rather than a simple criminal hack. That statement is refuted by the fact the hackers did steal donor information. Therefore, employing Crowdstrike's logic, we can now be confident that the DNC hack was a simple criminal hack, or might just be an inside leak rather than a hack, as the DNC donor information database was looted by the hackers.
Second, after Guccifer 2.0 published donor and other information to prove he hacked the DNC, Crowdstrike and the DNC automatically claimed Guccifer 2.0 was a Russian hacker. This was supported by Russian words, in Cyrillic alphabet, being in the metadata of the documents. The name "Felix Edmundovich" was also in the metadata. Felix Edmundovich is an alias of Felix Dzerzhinsky, first chief of the Soviet security service. These convenient markers in Guccifer 2.0's stolen documents' metadata are, of course, too convenient. Guccifer was trying to convince everyone he wasn't a Russian spy, yet here he is giving people a reason to suspect him as being a Russian agent. Some cyber security professionals studied some of Guccifer's published documents, finding forensic evidence that someone copied and pasted the documents to a blank template that used Russian as its default language. It is doubtful that someone trying to convince the world he is not a Russian agent, would do something so unnecessary to his stolen documents.
There was also talk about the use of a Cyrillic keyboard being used in the hacks as evidence Russians did the hack. Actually, an ordinary civilian Russian hacker could have done it, not necessarily a state sponsored one from either of the Russian intelligence agencies, the FSB or the GRU. An ordinary Russian citizen and rogue hacker might use a Cyrillic keyboard, but not a Russian spy hacking from Moscow. Russian intelligence likes to operate in secret, being spies, after all. Russia's intelligence services have on staff people who know the English language as well, or better, than some Americans. Russian agents who know English well enough to use an English alphabet keyboard would be the ones used in a high profile hack like the DNC. The hackers would have to be able to read English, and speak English, in order to analyze the contents of documents and telephone conversations to apprehend the ones with the most value for their covert operations. This is especially true when the stakes are as high as those supporting the Trump/Russia collusion (conspiracy) theory claim. Nothing short of control of a sitting President was at stake. Using a Cyrillic keyboard, and Russian language software platforms, would easily expose it as a Russian operation. While this evidence is easy for the goal of convincing average Americans to accept the theory that the Russians did it, the evidence does not stand on its own as proof beyond a reasonable doubt when put under detailed analysis. Ordinary Russian citizens, who were not employees of the Russian government, could have done the hack. However, it is unlikely that professional Russian intelligence agents, working as hackers, would have done it in a way that would make it so easy for the Russian government to be so swiftly named as the perpetrator.
The rating of Unsatisfactory is given to the DNC engagement by Crowdstrike based upon all four of the findings set forth above, particularly the fact that the hack was not contained while Crowdstrike technicians observed the exfilitration of gigabytes of DNC documents and recorded telephone conversations. Why the DNC has not sought some sort remedy for what happened to them, I do not know.
As we know, the FBI sought a Foreign Intelligence Surveillance Act (FISA) warrant at least once during the Presidential campaign, in around October 2016. There are some observors who have concluded that the "Peegate Dossier" was used to get a FISA warrant approved in October, after an earlier application for a warrant was refused in June 2016. The only incident I can conclude that the FBI used to apply for the warrant in June was the alleged Russian hack of the DNC. As to why the FBI didn't apply for a FISA warrant to gain access to the DNC network, there are several potential answers to that question. I can't help it if none of them are satisfactory, as they are not to me. If I had run the investigation, I would have used Crowdstrike's report to get the FISA warrant and use the warrant to compel the DNC to provide access to the entire DNC computer network in order to perform my own forensic examination to verify the hack came from Russia. I would be able to seek the National Security Agency's (NSA) electronic captures to seek that information as well. The NSA is constantly monitoring internet communications and could tell us who is responsible for the hack without a lengthy forensic examination. So, why did the FBI not apply for a FISA warrant?
1. They got the NSA's data about the traffic in and out of the DNC network and determined it was a Russian hack. Therefore, the FBI did not need access to the machines on the DNC network, or to rely on Crowdstrike's work, to blame Russia for the hack. It is important to note that, in the report of the Director of National Intelligence, James Clapper, the NSA gave a lower level of "confidence" in the findings about Russian involvement in the hack. While the CIA and FBI had "high confidence," the NSA only had "moderate confidence" in that finding.
2. The FBI already had the NSA's data and it informed them that there was no hack of the DNC. An insider had to have stolen the emails and given them to Wikileaks. The United States Government made the decision to blame Russia for the hack for some objective unknown to us.
3. The FBI already knew that the United States Government, through NSA or another intelligence agency, hacked the DNC as part of a major operation to accomplish some objective unknown to us, which included blaming Russia for the hack.
4. The FBI simply believed Shawn Henry of Crowdstrike, former head of Cyber Crimes for the FBI, since Henry was one of their own. They just trused Henry to tell them the truth and to have done his job professionally.
It could be almost any of the above reasons. In the past two weeks, I have formulated my own theory, which was not my first to explain all of this. I'm sure other objective researchers have changed their theories as new evidence has been brought to light. Since then, other evidence has been uncovered which has made my present theory stronger, in my opinion. I will offer this theory after we look at Fusion GPS' involvement in some detail. Without that evidence, it is impossible to support the theory. I will provide this advice for looking at this evidence: You cannot be partisan when looking at the evidence. You can't just look at Hillary having all those emails stolen and published, but must also look at Trump being accused of practically high treason of some kind. Your first step in understanding this is to concede that both candidates were victimized in some way by the same groups of people. Let's take a look at that rule standing all by itself below, and take a while to think about it.