The Fancy Bear Graphic used by Crowdstrike.



The American people rely on the free press, guaranteed by the First Amendment of the Constitution, to provide them with the information they need to know exactly what is going on in the world, this nation, and their states and localities. If the people do not receive accurate information, it becomes difficult, if not impossible, for the citizenry to know such things as whether or not a military action is necessary, if we need to expend more money on a government program of some kind, or exactly which candidate might be best for the position to be decided in an election. While planning for the final two installments of this part of the blog, and there will be no more after the next unless some big story breaks, I found some serious incidents of inaccurate and misleading reporting about the 2016 DNC Data Loss, most of which was put together to further a particular story, or "narrative" as most punits and reporters call a story today. I guess they call the stories "narratives" since the use of the noun "story" sounds like something parents read to children at bedtime. Better to call it a narrative rather than a story, or a lie, or propaganda.

Note: For the rest of the series, what happened at the DNC will be referred to as the "DNC data loss," or just the "data loss." Since we cannot be totally certain how the data became lost, or exactly what items of data were stolen from the DNC, "data loss" seems the most accurate description of what took place.



Business Insider (BI) decided to study how Guccifer 2.0, the alleged GRU (Russian military intelligence operative) hacker who opened up a Word Press blog in order to publicly brag about his "secret" operation to elect Donald Trump by stealing the DNC emails and giving them to Wikileaks, manipulated some of the documents displayed on Guccifer 2.0's blog. Here are some of the claims they made about what the manipulations meant:

"The first document leaked by self-proclaimed hacker Guccifer 2.0 was edited to include the word "confidential," a former Democratic National Committee official told Business Insider on Friday.

"Guccifer 2.0 claimed responsibility for the DNC hack last June and said it had published some of the stolen documents on its WordPress site — but the first document the supposed hacker published actually came from the inbox of Hillary Clinton's campaign chairman, John Podesta.

"The former DNC official told Business Insider that the word "confidential" did not appear in the original document, titled "Donald Trump Report," that had been sent to Podesta. The word "confidential" also did not appear on the version published by WikiLeaks in October. "

CORRECTION: BI did not sufficiently research the past reports about the data loss, such as the very first report, the article Ellen Nakashima wrote for the Washington Post dated June 14, 2016, that was an exclusive story given to Nakashima by executives of the DNC and Crowdstrike. The document, the two files of opposition research about Donald Trump published by Guccifer 2.0 on his blog on June 15, 2016 did not have to originate by Guccifer2.0 stealing the email of John Podesta. All BI had to do was read Nakashima's article and see that Crowdstrike and DNC told Nakashima that the document was stolen from the DNC's network. There was no mention of the opposition research being stolen from the Podesta emails. The opposition research was prepared by the DNC, stored on a DNC server, and was merely an attachment to one email sent to John Podesta. Guccifer 2.0 stole the opposition research from the DNC network, if he stole it at all, as that was stated in the exclusive Washington Post front page story.

As we see in the last paragraph above from the BI excerpt, a DNC official told BI's reporters that the document did not contain the word CONFIDENTIAL, which Guccifer superimposed on to the digital copy he held. Since the source of that information was a DNC official, it is a reasonable conclusion that the document was, in fact, a document that was the property of the DNC and therefore stored on the DNC network where any successful intruder could steal it without having to bother to steal John Podesta's Gmail account to get it. Podesta did not work at the DNC, but at Hillary for America, Mrs. Clinton's campaign organization. BI's attempt to use this "evidence" to declare Guccifer 2.0 as the one who "spearphished" John Podesta's email at Hillary for America, is not reliable, but people who don't understand that will conclude that Guccifer 2.0 is the GRU hacker who stole Podesta's emails and gave them to Wikileaks just like the DNC emails. That is not true based on the evidence BI provides. BI connected dots that need more evidence to be connected.

It is also important to note, as further evidence, that the donor information Guccifer 2.0 published did not have to be stolen from John Podesta's email, nor from the 10 inboxes of DNC employees' email accounts that were looted. The donor information was stored on a server on the DNC network and were stolen there. More than just emails were stolen from the DNC network.


Guccifer 2.0 has denied having any links to Russia. But digital fingerprints were left on the hacks that led the US intelligence community — as well as several private cybersecurity firms — to conclude that the cyberattacks were largely, if not entirely, carried out by two Russian intelligence groups.

CORRECTION: BI's reporters have not thought through the meaning of the evidence they found that Guccifer 2.0 manipulated the opposition research report about Donald Trump by superimposing the warning "CONFIDENTIAL" at the bottom of each page. If Guccifer 2.0 could manipulate the opposition research document to make it look more sensitive and important by adding the false warning "CONFIDENTIAL" on each page, those "Russian Fingerprints" are artifacts that are also capable of being added in by similar techniques. Copy and pasting a DNC document onto a Word file that flags errors in the Russian language, for example, or putting the name of the first head of the Soviet secret police into the metadata of a file, could have been added in just the same manner, by Guccifer 2.0 himself, to provide false evidence that Guccifer 2.0 was a GRU hacker. In fact, we'll take a look at the evidence of that next. Many will be surprised at what is really out there about how the Russian intelligence agencies, supposedly behind the DNC data loss, are really structured. Basically, if Guccifer 2.0 was a GRU hacker, he had no business hacking into the DNC, as we will see.

Guccifer 2.0's stated motive for blabbing about his exploits on his Word Press blog, which still exists, is because his ego was bent out of shape by Ellen Nakashima's June 14, 2016 report, based on information provided by DNC and Crowdstrike executives. Here is what he had to say about Crowdstrike's claims about his work in his June 15, 2016 blog post:

"Shame on CrowdStrike: Do you think I've been in the DNC's networks for almost a year and saved only 2 documents? Do you really believe it?"

If the reader needs to refresh their recollections about the official story about the DNC data loss, the previous two articles in this blog would probably be sufficient for a review since they inform the reader of the following:

Two Russian intelligence services were accused of hacking the DNC network at different times. These two intelligence services are as follows:

THE SVR--The Russian foreign intelligence service responsible for obtaining political intelligence

As the official story goes, hackers controlled by the SVR breached the DNC network in summer of 2015. Because of insufficient response by the FBI, and the DNC not able to find evidence of any hack on their network, the SVR had access to the DNC network for at least one year. The SVR used the Advanced Persistent Threat (APT) 29, nicknamed "Cozy Bear" by Crowdstrike, to breach the DNC network and maintain long term access to that network.


THE GRU---The Russian military intelligence service responsible for obtaining military intelligence

Crowdstrike, the Mainstream Media (MSM), and the United States Government (FBI, CIA, and Special Counsel Robert Mueller, among others) all tell us the GRU hackers, part of APT 28, breached the DNC network in March/April 2016, stole the DNC emails, and gave them to Wikileaks in order to help Donald Trump, the favored candidate of the Russian government, to get elected. APT 28, nicknamed "Fancy Bear" by Crowdstrike, was removed from the DNC network before the end of July 2016. Fancy Bear was only on the DNC network from approximately the end of March 2016 to the end of July 2016. That constitutes only four months or less. The official position of the US government, and the MSM, is that Guccifer 2.0 was a GRU hacker.

But Guccifer 2.0 claims he was on the DNC network for at least an entire year, not four months or less. Guccifer would have to be an SVR hacker to be on the network for at least a year, if he was a Russian intelligence hacker at all, or just some UNKNOWN SUBJECT assigned to make himself look like a Russian hacker. I don't pretend to know which one is true, but if he was on the network for a year, he is NOT a GRU hacker. At least he can't be according to the official story.

Of course, people will say he is lying just to confuse us. Well, he hasn't really confused anyone, since most people who think about this stuff at all think whatever the government, MSM, etc. tell them about this incident. If MSM says Mueller's report says Guccifer 2.0 was a GRU hacker, then most think that he was. There is other evidence that runs counter to this, and we'll look at it next.



The Associated Press (AP), and several other media outlets, seemed to know that having two different Russian spy agencies hack the same target ,at the same time, sounds a little improbable. Actually, not to most people, but, as we will see there were media outlets who drilled down a bit to find out how plausible that part of the "narrative" is. What AP found was the most valuable, as we will see. It also gave the narrative so much trouble AP's source had to contradict himself to make the "Russian Spies Reunion," in the DNC network of all places, sound like something that, untidy as it seems, could actually happen. Really.

To get this information, the AP turned to Pavel Felgenhauer, whom AP describes as "an independent Moscow-based military analyst," to describe the relationship between the GRU and the SVR. This is what AP quotes Felgenhauer as saying: "the SVR runs into military intelligence, they have to share it with the GRU; that means they try not to run into military intelligence and tell their agents not to report anything military even if they know it. The other way around, military or GRU assets are asked never to report anything political.'"

The SVR and GRU have clear lines of responsibility. I liken these to what is called "battery limits" in some union contracts. When a company employs union labor, but sometimes hires outside contractors to perfrom some jobs, what the contractors can do, and where they can do it, is controlled by what are called "battery limits" in the contract. If the company has a contractor do work inside the union's battery limits, this is a breach of the contract with the union. This is what Putin has set up between SVR and GRU. SVR gathers foreign political intelligence. GRU gathers military intelligence. Neither can intrude on the other's area of responsibility, but if they stumble onto something of interest to the other agency, they have to report that to the other agency, and not to anyone higher up in the Kremlin, like Putin. If the GRU stumbles onto political intelligence, GRU can't try to suck up to Putin by reporting it to him. The GRU had to give that intelligence to SVR to report to Putin.

So, what was GRU doing in the DNC network? There was no military intelligence in those emails, nor was there military intelligence anywhere on the DNC network. So, what was GRU doing inside the DNC network at the same time SVR was in there? AP wanted Felgenhauer to solve that mystery, and here is how he attempted to thread that needle: "But in the case of the alleged U.S. election-related hacking, I believe that was an inter-service operation, because it’s not military but they gained some kind of hacking access and then they shared it with the FSB and the SVR.”

Felgenhauer has to be wrong because the alleged GRU hack followed the SVR hack, it did not precede it. This would mean GRU is violating the "battery limits" by hacking where GRU knew SVR might be operating. If SVR got the hacking access from GRU, as Felgenhauer's theory claims, GRU would not have hacked the DNC network after SVR breached the DNC network as only SVR could report the intelligence taken from the DNC. GRU would not actively hack the DNC because GRU would have no use for the intelligence gathered inside the DNC network. Felgenhauer, therefore, contradicts himself badly by this attempted shell game. His attempt of reconciling the division of labor between GRU and SVR to the official story fails.

These first few examples are not the first, nor last time the MSM has been spinning the facts to fit the official narrative of the data loss. In the very first article about the DNC data loss, in the Washington Post of June 14, 2016, there were plenty of examples of what would follow throughout the MSM in the course of the next three years.



Now, let us return to the original exclusive story in the Washington Post about the DNC data loss dated June 14, 2016. This is the article that smoked Guccifer 2.0, whatever and whomever he is, out of his hole and into the public eye. We'll start with this quote from Michael Sussmann, an attorney for the DNC from the Perkins Coie law firm:

"But at this time, it appears no financial information or sensitive employee, donor or voter information was accessed by the Russian attackers," he said.

CORRECTION: We already know Guccifer 2.0 proved the above quote from Michael Sussmann, based on whatever Crowdstrike and the DNC executives told him, to be patently false. This was proven the very day after the Washington Post article was published when Guccifer 2.0 surfaced and posted donor information on his blog at Word Press. Where was the media follow-up to this contradiction of this Washington Post first-in-the-nation article about the DNC data loss which was originally reported as being just two files of opposition research about Donald Trump? There has never been any follow-up by anyone from the MSM. The MSM simply moves from one government/institutional press release to the next without any follow-up to account for any contradictions between the most recent press release and previous ones. Is there any wonder why there are "conspiracy theories" and what gives rise to them?

Here's another corker of a quote, this time from Florida Congresswoman and DNC Chair at the time, Debbie Wasserman Schultz: "When we discovered the intrusion, we treated this like the serious incident it is and reached out to Crowdstrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network."

CORRECTION: Now, we know that statement from Wasserman Schultz is simply not true. On May 6, 2016, Crowdstrike told the DNC executives Russian intelligence had hacked into their network. The FBI had told them the same thing in the summer of 2015. In both instances, the DNC failed to take proportionate measures, and in a timely manner, to resolve the intrusions, and forbade entry into their network by the FBI and Homeland Security. In the case of the April 2016 discovery of the alleged Fancy Bear intrusion, someone in the DNC ordered Crowdstrike to refrain from disconnecting the network from the Internet, in order to eliminate the hackers from the network until computers could be replaced and/or reimaged with new authentications and other security protocols.

The "Stand Down Order" the DNC gave Crowdstrike provided the alleged Russian hackers 36 days to steal the emails, starting 17 days after the order was given. Crowdstrike did nothing but, allegedly, watch the theft of the data. Is that what really happened? Remember, Crowdstrike and the DNC executives told Ellen Nakashima of the Washington Post, and therefore the American people, that only two files of opposition research were stolen during the 36 days, not all the emails in the ten employees' email INBOXES, the donor information, and other potentially damaging material.

Where was the media follow-up to this contradiction in the information provided by Crowdstrike and DNC executives? Why would the Washington Post's readers be expected to accept any other information from these representatives of the two institutions, Crowdstrike and the DNC? Should we accept the following appraisal, by Crowdstrike's Dmitri Alperovitch, of why two different Russian spy agencies, GRU and SVR, decided to hack the DNC at about the same time? As if she anticipated that anomaly would be noticed, Nakashima put that question to Alperovitch, who has no known past experience in the intelligence field. He is a cybersecurity expert.

"'The lack of coordination (between GRU and SVR) is not unusal, he (Alperovitch) said. 'There's an amazing adversarial relationship' among the Russian intelligence agencies,' Alperovitch said. 'We have seen them steal assets from one another, refuse to collaborate. They're all vying for power, to sell Putin on how good they are.'"

CORRECTION: Just refer to the Pavel Felgenhauer description about how Putin manages SVR and GRU, not permitting them to invade their different responsbilities. GRU cannot report political intelligence to Putin, but must give any such intelligence to SVR to report to Putin. SVR cannot report military intelligence directly to Putin, but must give it to GRU to report to Putin.

Let's check another comment from Alperovitch about the world of intelligence, namely the tradecraft employed by the alleged Russian hackers in looting the network Alperovitch was hired to protect. I'll quote from the Nakashima article again in which she quotes Alperovitch as saying the alleged Russian hackers had "superb operational tradecraft."

CORRECTION: Oh, really? "Superb,"was it? Cozy Bear, SVR's APT 29, that penetrated the DNC in 2015, seemed to forget about NSA's capabilities and broadcasted a data transmission from the DNC to Moscow. All that saved them was James Comey's (convenient and inexplicable) limpwristed response to the news Russian spies penetrated the DNC. The DNC is a network accessed by elected Democrat members of Congress with access to classified information. Cozy Bear was on the DNC network for an entire year without any opposition, but not because they practiced "superb tradecraft." By their inaction, the DNC and FBI permitted the alleged Russians to stay on the DNC network that long. So far, no one has demanded a real explanation from either institution about why this happened. The media sloughed it off altogether.

Fancy Bear's "tradecraft," or, what reality actually demonstrates, Fancy Bear's LACK of tradecraft, enabled the DNC's regular IT personnel to discover Fancy Bear's breach of the DNC network in a matter of days, or weeks. The DNC IT personnel never found evidence of Cozy Bear's presence in an entire year. If that isn't enough to convince anyone that Alperovitch either is grossly ignorant of the concept of "tradecraft," or worse, read the following description of Fancy Bear's actual level of "tradecraft" from Donna Brazile in her book, HACKS:

"Fancy Bear showed up in April 2016. Fancy Bear, the one our IT department detected, was loud and did not seem concerned about being found out. As our technology director, Andrew Brown said, it was like Fancy Bear smashed in the front window and raged around grabbing whatever was at hand, less concerned with being detected than Cozy Bear had been."

If the official narrative of this whole affair is true, that the Russian government, and Putin in particular, wanted Donald Trump in the White House, and sent the Fancy Bear GRU hackers to do the job in April 2016, then the operation would have to be totally covert. If the American people found out Putin was in control of Trump, he didn't stand a prayer of getting elected. Yet, the GRU hackers were "loud, did not seem concerned about being found out," and seemed to "smash the front window, rage around grabbing whatever was at hand, and were unconcerned about being detected."



Believe it or not, this story is believed by over half of the population. The cause of that alone is itself a crisis that is nowhere near being resolved, but what makes people believe such nonsense could very well destroy us. There doesn't seem to be any solution on the horizon for that crisis, which should be called the "Credulity Crisis." People are too quick to believe such stories depending upon the source of the stories. No solution to the "Credulity Crisis" is on the horizon.



The final part in this series will focus on the belief that DNC Voter Outreach employee, Seth Rich, stole the DNC emails will be reviewed. Interesting new information about origin of Seth Rich story will be included.