The recent Wikileaks contains hacking tools for the CIA that are used to “avoid fingerprints implicating the CIA and the US government” in its hacking. Indeed, according to Wikileaks’ analysis, the UMBRAGE and these related projects can “misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.” Since the security company Crowdstrike, funded by the DNC, has identified “two separate Russian intelligence-affiliated adversaries present in the DNC network in May 2016,” by the name of COZY BEAR and FANCY BEAR, and the Obama-led intelligence community (or “band of leakers”) “confirmed” this in their report in the dying days of their administration, many have thought it was Russia behind the DNC attack. Since we can assume, based on the recent wikileak, that the CIA can replicate a Cozy Bear and fancy Bear attack, the question we ought to ask is, would the CIA frame Russia and hack the DNC?
Certainly, the case can be made that the CIA, at least outwardly, has been Pro-Obama and Anti-Trump. Take into account the many leaks from the Trump administration, to which President Trump tweeted on Feb. 14, asking, “The real story here is why are there so many illegal leaks coming out of Washington? President Trump went further and claimed that the CIA obtained the leak-worthy information through illegal monitoring, when he tweeted on Mar. 4 that he “just found out that Obama had my “wires tapped” in Trump Tower just before the victory.” Mr. Trump also said in a Fox News interview, regarding the leaks, that “I think that President Obama’s behind it because his people are certainly behind it.” The question remains, how can the CIA be so obviously against Trump, yet potentially have helped him so much with the DNC leaks?
The answer is that there could be rogue Pro-Trump individuals within the CIA agency doing the hacking behind the back of their Pro-Obama superiors. That would be the only way to explain the discrepancy, if it is true that the CIA framed Russia in the DNC attack. According to the Wikileaks trove of CIA files, these cover-up tools are contained in the documents entitled Development Tradecract Dos and Don’ts, use of encryption to hide CIA hacker and malware communication, describing targets & exfiltrated data as well as executing payloads and persisting in the target’s machines over time. Since the CIA has this cover-up capability, does Russia have it too?
According to John McAfee, the internationally-renowned information security pioneer and founder of global computer security software company McAfee, “Any hacker capable of breaking into something is extraordinarily capable of hiding their tracks. If I was the Chinese and I wanted to make it look like the Russians did it, I would use Russian language within the code, I would use Russian techniques of breaking into organizations. (…) He continued, “If it looks like the Russians did it, than I can guarantee you, it was not the Russians.” The question is, why would Russia leave its fingerprints in the hacking job, if it was them, since they could have deleted those tracks?
Either the Russians wanted everyone to know it was them when they hacked the DNC, or it wasn’t them at all. It could also have been another country or group that replicated Russia’s fingerprints, including rogue individuals in the CIA, or it really could have been a Romanian hacker utilizing Russian hacking tools, as Guccifer 2.0 has claimed he is Romanian all along.
More needs to be done to find if there any Pro-Trump elements in the intelligence community in the run up to the 2016 Presidential Election, if Russia has in the past covered its tracks when it uses established hacking tools, and how easy it is for another country or group to replicate a Fancy Bear or Cozy Bear attack.