Executive Intelligence Review
Subscribe to EIR


VIPS Source: Congress Should Be Investigating CrowdStrike Firm

Dec. 29, 2017 (EIRNS)—Computer security expert Adam Carter of DisobedientMedia, who was a source for the Veteran Intelligence Professionals for Sanity (VIPS) in their memos debunking the DNC’s Russian-hacking claims, has published a call on Congressional intelligence committees to investigate CrowdStrike. CrowdStrike is a California-based computer security firm whose founder is Ukrainian Dmitri Alperovitch of the Atlantic Council. It alone examined the DNC’s computers—the FBI was denied access to them—and thus it was the ultimate source of the "Russian hacking" story.

Carter has again succeeded in examining time sequences of computer events, as he did in connection with the demonstration that the Democratic National Committee (DNC) e-mails were not hacked by Russians, but downloaded internally and leaked. He has now shown that CrowdStrike had installed its "Falcon" anti-malware, anti-hacking product on the DNC’s computer system, and been paid for it, on or before May 11, 2016; but that DNC emails were taken through at least May 25. And moreover, that Alperovitch told the Washington Post on June 14, that he and other CrowdStrike personnel had been working at the DNC, "removing hackers," on the weekend of June 10-12. That is when Julian Assange first implied Wikileaks’ possession of e-mails concerning Hillary Clinton’s campaign.

Thus minimally, by its own testimony, CrowdStrike’s anti-hacking security product failed to protect the computers from hacking, if one believes hacking took place.

More importantly, however, Carter presents the evidence that the malware which was claimed to have hacked the emails, was placed ("compiled") on the DNC computers during the five days in May when CrowdStrike was working on them. So either the Russians merely happened to start hacking the DNC just when CrowdStrike was there to prevent hacking, and it was unable to stop the hacking; or, CrowdStrike itself placed the "Russian-signature" malware on the computer system.

Carter has additional evidence against the former hypothesis: The IP server address "identified with" the so-called Fancy Bear Russian hacking group—marks of which address were found in the malware—had actually been suspended/disabled in May 2015 by an Internet policing network called CrookServers. So that "footprint" which immediately was given out as evidence of Fancy Bear’s dirty work at the DNC, was the footprint of a server which could not have been involved in any actual hacking in May 2016.

Carter concludes by asking Congress to investigate CrowdStrike’s Five Days in May. "I can’t help but continue questioning CrowdStrike’s discoveries—and continue wishing intelligence committees in both houses would start to do so too!"