ENTRY DATE: January 16, 2018


The article An Extraordinary Timeline: DNC, Fusion (GPS), Hillary, Trump, Dossier, CrowdStrike, Hirings, Payments, and the 2016 Primaries, dated October 30, 2017, addressed why the DNC permitted Crowdstrike to indefinitely allow the Russian hack to continue while their employees operated on the contaminated workstations and servers as they normally would. Crowdstrike advised the executives of the DNC, such as Debbie Wasserman-Schultz and CEO Amy Dacey to make the extraordinary decision as Crowdstrike told them that they could track the stolen documents to their destination by embedding a "tracker" malware on a document intended to be attractive to the hacker. The hacker would steal the document, and the malware, and take it back to the hacker's "lair," in this case a computer of some kind, either a PC or a server where the document and malware would be stored. There is a problem with this claim, as we will see in the interview of William Binney, former National Security Agency (NSA) official and whistleblower who designed a lot of the NSA's systems.

The main problem with Crowdstrike's claim is that they are claiming that their software can enable them to track data packets through the Internet to their destinations. Documents to do not move through the Internet in one piece. Through software called "Touring" software, documents are broken into packets, sent through the Internet through different routes, and reassembled at the final destination. To track packets, the NSA designed pieces of software called "Trace Route Programs," which enable the NSA to track packets to their destination. These "Trace Route Programs" are installed in all routers and switches produced worldwide. The NSA arranged for that to be done by the manufacturers of routers and switches. As William Binney points out in the interview below, the NSA is the only organization in the world that can track packets of data through their routes in the Internet, to their final destinations. No other organization can track individual packets to their destination on the Internet.

This fact is further evidenced by the fact that Crowdstrike failed to track any of the packets of data to any destination computer in Russia, despite whatever software they embedded in their "bait" documents. If Crowdstrike claimed that they have some kind of malware that broadcasts from the location of a hacker's lair in Russia, to a Crowdstrike location in the United States, I would have to seriously doubt that capability. To prove it, some kind of demonstration would have to be staged to support the claim that any software could achieve this "tracking" over long distances. As of now, I am a total skeptic.

Now, to the Binney interview. The discussion of the NSA being the only entity that can track data packets over the Internet to their destination was conducted on an Internet broadcasting site called Infowars. I recalled another interview in which Binney presented this information, but did not have the Embed code. I used YouTube search to find this particular interview, and picked up Mr. Binney giving the same information on Infowars. Many people do not like Infowars, but the person providing the critical information is William Binney. He knows about the subject matter. It does not matter what entity is providing Mr. Binney the platform to inform the public. If you want to cut things short, use the timing slide below the screen and use your cursor to settle on the time of 11:00, and start viewing then. You can sign off the video once you have heard Mr. Binney explain why only the NSA can track packets through the Internet to their final destination where a document is reassembled from all its packets.

I consider this matter closed unless some proof of the claims that Crowdstrike can trace packets to their destination is provided, in which case that will become another article posted here. I don't think we will have to post such an article. The fact is, Crowdstrike did not trace one packet to any computer in Russia or anywhere else. If they had, we would have heard about it through the June 14, 2016 Washington Post article by Ellen Nakashima. The DNC executives made a serious mistake, in my opinion, agreeing to wait approximately 36 days before Crowdstrike contained the hack.

We also do not know that, if there was a hack of the DNC, that the emails published by Wikileaks came to Wikileaks as a result of that particular hack, or through some other means. More than one hacker could have looted the DNC network of emails, or a DNC employee could have just copied them onto a flash drive and given the flashdrive to a Wikileaks representative. We assume that, just because Crowdstrike reported a hack then that hack was the only hack that could have supplied Julian Assange of Wikileaks with the DNC emails. The conclusion does not necessarily follow from the premise of that argument.

 It should also be noted that there is nothing in Best Practices in Incident Response that recommends that any cyber security professional, or information security auditor, should try to track packets of data to hacker's lair prior to securing the client's network by containing the hack. There is probably a reason for why containment is the first thing a responder to hacking incident should do.