You are here

Fancy Bears, Disgruntled Insiders, Russian Hackers and old fashioned incompetence, who really took down the DNC?

Gerry Bello

As the leaks from Hillary Clinton's circle mounted, there was a rush to blame the Russians. Putin likes Trump, therefore Russian spies must have carried out the hacks that lead to the DNC leaks, Clinton Email Leaks and the Podesta Files all in the span of a few short months. Those files, released on Wikileaks, follow a lower profile leak that happened withing the Clinton Foundation in 2015 to the mainstream press and that leak was from a suspected insider. It is clear from the Podesta files that Clinton's inner circle had a short list of suspects that were already being watched.

The Russian hacker explanation relies on somewhat thin evidence if one considers the actual chain of events.


March of 2015 John Podesta and Neera Tanden became aware that there is a leak within the Clinton Foundation to NBC. Podesta initially suspected Eric Braverman then noted that it could also be Doug Brand or Ira Magazine.

August 7 2015 The Pentagon announces that non-classified but sensitive networks had been hacked by Russian or Chinese state sponsored hackers. The attacks used Spearphishing techniques later associated with Fancy Bear.

December of 2015 a data breach occurs between the Clinton and Sanders campaign on a server hosting voter and donor data of both campaigns. The Clinton Campaign accuses Sander's staff of breaching the firewall when data suggestions the firewall is breached by both campaigns. Sander's staffers claim they were attempting to reverse engineer an attack by Clinton's staffers. The server is managed by Bryan Pagliano, a Clinton IT guru at the center of the state department email scandal.

---February 2016 The FBI begins court proceedings to force Apple to write a custom verision of IOS in order to crack the San Bernardino Shooter's cellphones. It is quickly proven that no such software is needed to crack the phones. This does not stop FBI director James Comey from making grand public pronouncements. Eventually an Israeli firm, Cellbrite, are brought in to help the FBI with their homework.

March 2016 Wikileaks releases the Clinton email archive. No claim of Russian involvement is made.

---April 2016 DNC email server is allegedly hacked. No mention of this is made to the press although a cybersecurity firm, Crowdstrike, is allegedly called in. Crowdstrike would later blame the Russian hacking group Fancy Bear for the attack. The attack is kept quiet, despite Crowdstrike, and their colleagues at Fireye blaming Fancy Bear (Also known as APT28) for nearly every attack they investigate, loudly and without delay. Fireye received start up funding for In-Q-Tel, a venture capital firm, while both received additional funding from Menlo Park firms with a history of intelligence community investment.

July 11 2016 DNC staffer Seth Rich is killed in an alleged 4 am mugging in Washington DC, although his cellphone and wallet are left at the scene. Police have no suspects. Rich's family later claimed he was on the phone with his girlfriend when he was killed. Said phone call is not mentioned in the police report nor did his girlfriend report the attack. No report was made until his body was found that later that morning. Rich worked on voter data expansion for the DNC and would have had intimate knowledge of the Sanders – Clinton data breach as well as any coordinated cyber attack on the DNC.

--July 22 2016 Wikileaks begins releasing the DNC email files.

July 24 2016 The Clinton campaign begins blaming Russian intelligence for the DNC leaks, citing unnamed “experts.” These “experts” presumably do not include Bryan Pagliano, who got accidentally hacked by Bernie Sander's interns.

August 2016 The FBI begins investigating the Clinton email break in and DNC email hack. The FBI had already been investigating the security of Clinton's private email server and it's contents prior to their release by Wikileaks and the alleged Russian attack. The FBI makes no comment. The agency was simultaneously investigating Clinton herself for mishandling classified information potentially including the file released to Wikileaks. No mention is made of the FBI as being the potential source of the hacked materials either as leaker or target.

At No Time, Ever: The NSA which is the intelligence agency tasked with defending United States Government information systems is brought in to investigate an alleged attack made by a foreign government and investigated by two Intelligence community associated cybersecurity firms.


The lack of NSA involvement is the smoking gun. There are massive disputes around the very same stolen emails and their contents are the subject of Congressional Hearings before any attack occurred. Those Congressional hearings focus on what, if any, of the information in those emails is classified. Had classified information been stolen by a Russian Government attack, that is State level action that is under the jurisdiction of the NSA statute and military standing orders.

Crowdstrike and Fireye's public pronouncements of Russian involvement rest on three facts. The attacks occurred during business hours in Moscow, the software was compiled on Russian language compilers and a Russian group uses the same tactics. A quick look at hacker culture and history shows how thin these explanations are.

Business hours in Russia means middle of the night in the USA. Hackers are up all night. Making a cyber attack is easier when nobody is watching the target machine. Attacks take place when security is low and hacker culture is literally built around junk food and caffeine. They stay up all night on sugar and coffee figuring out a way in while security experts go home and to bed.

Hackers pass around and trade in hacking tools. Very few of them actually write original software. A great many simply copy and slightly modify existing code. The best example of this is the famed virus writer of the early 1990s known as The Dark Avenger. Little is known about this person other than he is likely to have lived in Sofia Bulgaria, was in love with a woman named Dianna P., and was a huge fan of the 1980s heavy metal powerhouse Iron Maiden. Hundreds of other virus writers in over a dozen countries copied his code without reading it at all, thus his shout outs to his favorite lady and his favorite band without optimizing their versions for 386 type machines rather than the 286 he wrote the code for which in terms of machine language was an evolutionary dead end.

The tactics the Fancy Bear group uses are not dissimilar to tactics employed by dozens of hackers against millions of targets on a daily basis. Together with software that was originally written in Russian they tell us nothing.

The idea that two different Russia intelligence agencies hacked the DNC at exactly the same time without coordination in order to influence the election falls flat on it's face when it is known that there were insiders at work, some disloyal, and some of questionable competence. One of those insiders is mysteriously dead.

The Russian connection is a PR deflection aimed at distracting from the content of the released email rather than a grand Geo-strategic ploy by Vladimir Putin, who would have at the very least ordered his intelligence agencies to not step on each others toes while carrying out the operation, as he is a former spy himself.

At no time has anyone denied the authenticity of the information actually released.