This is my copy from the larger paper "A Leak or a Hack? A Forum on the VIPS Memo", by Various Contributors, SEPTEMBER 1, 2017

=============================================================================================

BY THOMAS DRAKE, SCOTT RITTER, LISA LING, CIAN WESTMORELAND, PHILIP M. GIRALDI, AND JESSELYN RADACK

The recent article published on August 9, 2017, in The Nation by Patrick Lawrence leans heavily on a July 24, 2017, Veteran Intelligence Professionals for Sanity (VIPS) memo published by Consortiumnews.com and then picked up by several media outlets.

However, a number of VIPS members did not sign this problematic memo because of troubling questions about its conclusions, and others who did sign it have raised key concerns since its publication.

The heart of the VIPS memo centers on two statements that relate to an alleged “Guccifer 2.0” cyber-attack against the Democratic National Committee (DNC):

“After examining metadata from the ‘Guccifer 2.0’ July 5, 2016 intrusion into the DNC server, independent cyber investigators have concluded that an insider copied DNC data onto an external storage device.”
“Key among the findings of the independent forensic investigations is the conclusion that the DNC data was copied onto a storage device at a speed that far exceeds an Internet capability for a remote hack. Of equal importance, the forensics show that the copying was performed on the East coast of the U.S.”

Two critical analytic issues emerge from these statements. First, the intelligence-community assessment from January 6, 2017, which reflects the judgment of the CIA, the FBI, and the NSA, asserts as fact (absent categorical proof or evidence) that “Guccifer 2.0” accessed data from the DNC through a “cyber operation.” This could mean via the network, the cloud, computers, remote hacking, or direct data removal. However, “Guccifer 2.0” claimed access to the DNC server through remote hacking.

The third-party analysis of the “Guccifer 2.0” claims (including from Adam Carter and the Forensicator) analyzed in the VIPS memo directly contradict these conclusions (while raising legitimate questions), but the VIPS memo asserts as a “slam dunk” fact the categorical conclusion of a local leak that is not supported by the third-party analysis either. There is also no evidence from the available metadata that can definitively state when the transfer or copying of the data took place, nor does the data prove that “Guccifer 2.0” had direct access to the DNC server or that the data was located on the DNC system when it was allegedly copied on July 5, 2016.

The implications of this leap-to-conclusions analysis of the VIPS memo—which centers on claiming as an unassailable and immutable fact that the DNC “hack” was committed by an insider with direct access to the DNC server, who then deliberately doctored data and documents to look like a Russian or Russia-affiliated actor was involved, and therefore no hack occurred (consequently, ipso facto, the Russians did not do it)—are contingent on a fallacy.

Data-transfer speeds across networks and the Internet measured in megabits per second (or megabytes per second) can easily achieve rates that greatly exceed the cited reference in the VIPS memo of 1,976 megabytes in 87 seconds (∼22.71 megabytes per second or ∼181.7 megabits per second), and well beyond 50 megabytes, depending on the capacity of the network and the method of access to that network. Speeds across the network vary greatly, and sustained write speeds copied out to local devices are often quite a bit slower.

The environment around Trump, Russia, et al. is hyperpolarized right now, and much disinformation is floating around, feeding confirmation bias, mirroring and even producing conspiracy theories.

However, this VIPS memo could have easily raised the necessary and critical questions without resorting to law-of-physics conclusions that claim to prove beyond any shadow of a doubt that it was an inside-network copy only and then asserting the “fact” that the Russians (or anybody else for that matter) did not hack the DNC.

In addition, no qualifiers, disclaimers, or dissenting views are provided in the VIPS memo, nor is any alternative theory presented.

It is important to note that it’s equally plausible that the cited July 5, 2016, event was carried out on a server separate from the DNC or elsewhere, and with data previously copied, transferred, or even exfiltrated from the DNC.

However, independent of transfer/copy speeds, if the data was not on the DNC server on July 5, 2016, then none of this VIPS analysis matters (including the categorically stated fact that the local copy was acquired by an insider) and simply undermines the credibility of any and all analysis in the VIPS memo when joined with this flawed predicate.

In addition, a subsequent post by the “Forensicator” actually backs away from the VIPS memo and provides additional caveats, including the following statements:

“The Guccifer 2.0 NGP/VAN Metadata Analysis describes a copy operation that (based on the metadata) occurred in the early evening on July 5, 2016. No claim is made in the report that the data might not have been copied earlier nor whether it might have been copied or leaked.”
“No claim was made in the Forensicator’s analysis that this computer was connected to a DNC server.”
“There may be other over-ambitious extrapolations made by the VIPS in their report.”

Furthermore, a recent article in the New York Post raises the specter of yet other alternative paths for one or more DNC data breaches. Scott Ritter, a VIPS member, also wrote an article in Truthdig that takes issue with the centerpiece claims of the VIPS memo.

The bottom line: This VIPS memo was hastily written based on a flawed analysis of third-party analyses and then thrown against the wall, waiting to see if it would stick. This memo could have cited the critical questions raised in the third-party analyses of “Guccifer 2.0” while also asking why the three US intelligence agencies have yet to provide any actual hard proof following their January 6, 2017, assessment.

The VIPS memo is now increasingly politicized because the analysis itself was politicized. It deals only with alleged “Guccifer 2.0” hacking and makes the classic apples-versus-oranges mistake. In an ideal world, VIPS would at least retract its assertion of certainty. Absent real facts regarding proof of leaks or hacks (or both), how many hypotheses can one copy onto the head of a digital pin?

Signed,

Thomas Drake is a former senior executive at the National Security Agency. Previously, he worked in industry as a principal and consultant in information management and technology, was a naval intelligence officer, served at the CIA as an analyst, and in the Air Force as a crypto-linguist and signals intelligence aircrew member.

Scott Ritter spent 10 years as a Marine Corps intelligence officer, with service in the former Soviet Union and under Gen. H. Norman Schwarzkopf during the first Gulf War. From 1991 to 1998, he served as a chief weapons inspector with the United Nations in Iraq. Today, he consults on energy-intelligence issues.

Lisa Ling (@ARetVet) served in the US military as a technical sergeant on drone surveillance systems before leaving with an honorable discharge in 2012. She appears in the 2016 documentary on drone warfare, National Bird.

Cian Westmoreland is an unmanned aircraft systems (UAS) whistle-blower. He is a former transmissions-systems technician who served in a unit establishing battlefield command, control, communication, computing, and intelligence (C4I) capabilities for Reapers, Predators, and other networked aircraft over the 253,000 square miles of Afghanistan in 2009, in the 73rd Expeditionary Air Control Squadron, before speaking out about the drone program.

Philip M. Giraldi is a former counterterrorism specialist who served for 19 years with the CIA and Army intelligence in Europe and the Middle East. He is executive director of the Council for the National Interest, a Washington-based advocacy group that promotes a foreign policy based on actual US interests. In 2008 and 2012, he was a foreign-policy adviser for presidential candidate Ron Paul. Giraldi is a contributing editor for The American Conservative and The Unz Review, where he writes about terrorism, intelligence, and national-security issues.

Jesselyn Radack is director of the Whistleblower and Source Protection Program (WHISPeR) at ExposeFacts. Previously, she was a legal adviser with the Justice Department.