According to the WaPo (using CrowdStrike, DOJ, and their other usual hush-hush government sources in the know), the attack was perpetrated by a Russian unit lead by Lieutenant Captain Nikolay Kozachek who allegedly crafted a malware called X-Agent and used it to get into the network and install keystroke loggers on several PCs. This allowed them to see what the employees were typing and take screenshots of the employees’ computer.
This is pretty detailed information, but if this was the case, then how did the DOJ learn all of these ‘details’ and use them in the indictments without the FBI ever forensically evaluating the DNC/HRC computers? And since when does the DOJ, an organization that only speaks the language of indictments use hearsay and 3rd parties like the British national Matt Tait (a former GCHQ collector and a connoisseur of all things related to Russian collusion), CrowdStrike, or any other evidence lacking chain of custody certification as a primary source for prosecution?
A second point by Apelbaum is –
… that three of the Russian GRU officers on the DOJ wanted list were allegedly working concurrently on multiple non-related projects like interfering with the 2016 United States elections (both HRC and DNC) while at the same time they were also allegedly hacking anti-doping agencies (Images 2-3).
Above are pictures of the individuals the FBI says were working on both the DNC/HRC email hacking and the Olympic doping projects.
The same guys were working on both projects which is all but impossible. (Do we really know if they’re even Russians?)
The fact that the three had multiple concurrent high impact and high visibility project assignments is odd because this is not how typical offensive cyber intelligence teams operate. These units tend to be compartmentalized, they are assigned to a specific mission, and the taskforce stays together for the entire duration of the project.
Next Apelbaum questions the Mueller gang’s assertion that the ‘hacker’ named Guccifer 2.0 was a Russian –
Any evidence that Guccifer 2.0 is Russian should be evaluated while keeping these points in mind:
He used a Russian VPN service to cloak his IP address, but did not use TOR. Using a proxy to conduct cyber operations is a SOP [Standard Operating Procedure] in all intelligence and LEA [Law Enforcement Agency] agencies. [i.e. Russia would have masked their VPN service]
He used the AOL email service that captured and forwarded his IP address and the same AOL email to contact various media outlets on the same day of the attack. This is so overt and amateurish that its unlikely to be a mistake and seems like a deliberate attempt to leave traceable breadcrumbs.
He named his Office User account Феликс Эдмундович (Felix Dzerzhinsky), after the founder of the Soviet Secret Police. Devices and accounts used in offensive cyberspace operations use random names to prevent tractability and identification. Why would anyone in the GRU use this pseudonym (beside the obvious reason) is beyond comprehension.
He copied the original Trump opposition research document and pasted it into a new .dotm template (with an editing time of about 2 minutes). This resulted in a change of the “Last Modified by” field from “Warren Flood” to “Феликс Эдмундович” and the creation of additional Russian metadata in the document. Why waste the time and effort doing this?
About 4 hours after creating the ‘Russian’ version of the document, he exported it to a PDF using LibreOffice 4.2 (in the process he lost/removed about 20 of the original pages). This was most likely done to show additional ‘Russian fingerprints’ in the form of broken hyperlink error messages in Russian (Images 4 and 5). Why bother with re-formatting and converting the source documents? Why not just get the raw data out in the original format ASAP?