ISIS Beheaded the Priest, France

Daesh is no longer a small extremist group fighting in Syria and Iraq. It has become the most globalised Islamist terror group. Any world leaders willing to declare this including the White House or the U.S. State Department?

One of the nuns stated the Priest was forced to kneel before the terrorist.

Yesterday #Isis affiliated channels were disseminating under the hashtag #TheArmyOfLoneWolves simple, but lethal ways & methods to kill.

 

French President Hollande says attack at church outside Rouen carried out by “terrorists who claimed allegiance to ISIS.” According to French media Le Figaro, the two attackers slit the throat of a priest in the Church. Besides the slain priest, two nuns and two churchgoers had been taken hostage, CNN French affiliate BFMTV reported.

“today a church tomorrow a hospital…there are no red lines, it’s tit 4 tat 4m Isis.We deal back in kind.”

The hostage killed in the Saint Etiennedu Rouvray church attack was a priest: Rev. Jacques Hamel, age 84.

 

The attacker who spent time in French jail was under electronic bracelet surveillance after trying to go to Syria in 2015. The Pope is ‘pain and horror’ at France church hostage-taking according to a statement by the Vatican.

Anti-terrorism judges are to probe French church hostage-taking per the prosecutor, and both attackers are dead, shot by police.

There were reports the attackers shouted ‘Allahu Akbar’ as they ran outof the church while at least one of the men was dressed in Islamic clothing. It comes as it emerged that the building was one of a number of Catholic churches on a terrorist ‘hit list’ found on a suspected ISIS extremist last April.

 

Official statement by Francois Hollande:

 The most recent travel warning issued by the U.S. State Department due to recent terror attacks was for Turkey, nothing for France. As of the posting of this article, there have been no official statements from John Kerry or the White House.

 

Europe’s Training Programs the US can Use

At least this is forward thinking both in Germany and in the United Kingdom. By launching these programs, it is actually a declaration of terror problems in Europe and these are positive steps. Do you wonder if our own DHS or FEMA have a response on this? So do I.

German military training 100 Syrian migrants in pilot project

Reuters: The German military is training more than 100 Syrian migrants for civilian roles suited to helping the eventual reconstruction of their country, Defence Minister Ursula von der Leyen said in remarks released ahead of publication on Sunday.

Von der Leyen told the Frankfurter Allgemeine daily that the pilot program was focused on training migrants in a variety of areas such as technology, medicine and logistics.

It was not immediately clear if von der Leyen planned to expand the program to include more of the one million migrants who arrived in Germany last year.

“The idea is that they will go back to Syria one day and help with the reconstruction” of their war-shattered country, von der Leyen told the newspaper.

She said Germany could also play a role in training Syrian security forces once it had a responsible government.

Syrian refugees can carry out civilian tasks for the German military, but are not eligible to work as soldiers, she said.

Von der Leyen sparked controversy within her own Christian Democratic party recently when she suggested that EU citizens could in certain cases take over armed roles in the German military. The defense minister also advocates greater diversity in the German military and moves to recruit more immigrants.

*****

More than 500,000 public sector workers put through Prevent counter-terror training in bid to spot extremism

Exclusive: Training courses criticised as ‘inadequate’ while the strategy has been described as divisive

IndependentUK: More than half a million nurses, teachers, childminders and other frontline public sector workers have been put through a mass counter-terrorism training programme to help them spot and report potential extremists in their workplaces.

The Home Office has confirmed that of the 550,000 now trained in the controversial Prevent strategy, at least 150,000 are public-facing NHS staff, such as doctors and nurses.

They have all completed various online or classroom exercises to comply with a statutory Prevent duty that was forced on a wide range of public authorities by Theresa May as Home Secretary last year.

Related reading: The 14 page Prevent Duty document outline is here.

Aimed mainly at tackling Islamist extremists and far right white supremacists, it is one of the biggest counter-terror awareness programmes ever undertaken by the UK Government.

Some in the Muslim community and beyond feel Prevent is divisive; it creates a “climate of suspicion” and is an attempt to create a huge network of spies.

The training courses themselves, particularly those online, are also being criticised as “inadequate” and an exercise in box ticking that is not being taken seriously enough by attendees.

Under the Prevent strand of the Government’s counter-terror strategy, Contest, extremism is defined as “vocal or active opposition to fundamental British values, including democracy, the rule of law, individual liberty and mutual respect and tolerance of different faiths and beliefs”.

Anyone who “calls for the death of members of our armed forces” is also an extremist, according to the policy.

The Prevent duty requires a large range of public sector workers to be trained and also includes college lecturers, youth and social workers, probation officers and childcare providers.

But many Prevent trainees have simply clicked through online tutorials recommended by a Home Office catalogue.

Although most of the online courses are free and take about an hour to complete, one provider charges up to £30 a head for a module that uses a snakes and ladders game to teach people about paths to radicalisation.

Another provider listed on the Government’s Gov.uk website charges safeguarding officers in higher education £500 a head for a two-day classroom workshop.

Another course teaches people how to spot far right extremism by training social workers and police and probation officers for signs of anti-Semitism and Islamophobia.

Under the programme, people are taught how to spot the signs that someone maybe becoming radicalised.

These might be “reports of unusual behaviour, friendships or actions and request for assistance”, according to NHS documents.

Other signs could be “patients or staff accessing extremist material online”, or “artwork or literature promoting violent extremist messages or images”.

The Government wants to teach staff to contact their authority’s designated “Prevent lead” when they have concerns about an individual, such as a student or even a patient.

The Prevent lead will alert the police whenever the risk is deemed immediate or substantiated.

Prevent was introduced by the last Labour government, but it was transformed under Ms May. She widened its scope to include non-violent extremism in 2011 when she also encouraged many authorities to start training programmes.

Between 2011 and 2015, some 300,000 public sectors had received a form of training.

But The Independent has discovered that figure has now almost doubled as a result of the Counter-Terrorism and Security Act, which Ms May drove through last year.

The Home Office says that as a result of Ms May’s work, 1,000 people have been referred to the Government’s Channel initiative which tries to de-radicalise individuals.

Earlier this month, the Government’s education watchdog Ofsted warned that some schools and colleges were being too slow in complying with the Prevent duty.

But the Muslim Council of Britain, which has long opposed Prevent, said the mass training of public sector workers risked being “counterproductive”.

A spokesman said: “We need to be vigilant given the real threat of terrorism, and we therefore support effective measures to identify and report terrorist activity.

“However, we are not convinced about the effectiveness of a programme requiring hundreds of thousands of people to look for signs of what they perceive to be behaviour that potentially leads to terrorism. We are instead likely to see many false flags in an inconsistent approach that is applied in a discriminatory way.

“This runs the risk of being –as the parliamentary Joint Committee on Human Rights said on Friday –counterproductive to our goal of a safe and secure nation.”

The campaign group Students Not Suspects, who say the Prevent strategy unfairly targets black and Muslim students, said in a YouTube video in April: “The Prevent duty under the Counter-Terrorism and Security Act forces colleges and universities to spy on students. They’ll say this is to safeguard students but in reality it is creating a climate of suspicion around students’ political and religious views.

“Prevent is silencing students, promoting a culture of surveillance and self-censorship and undermining our universities and colleges as spaces for free and rigorous debate.”

Hillary’s VP, Kaine and the Muslim Brotherhood

Clinton VP Pick Tim Kaine’s Islamist Ties

Clarion: Democratic presidential nominee Hillary Clinton’s newly-announced running mate, Virginia Senator Tim Kaine, has a history of embracing Islamists. He appointed a Hamas supporter to a state immigration commission; spoke at a dinner honoring a Muslim Brotherhood terror suspect and received donations from well-known Islamist groups.

Appointing a Muslim Brotherhood Front Leader Who Supports Hamas

In 2007, Kaine was the Governor of Virginia and, of all people chose Muslim American Society (MAS) President Esam Omeish to the state’s Immigration Commission. A Muslim organization against Islamism criticized the appointment and reckless lack of vetting.

Federal prosecutors said in a 2008 court filing that MAS was “founded as the overt arm of the Muslim Brotherhood in America.” A Chicago Tribune investigation in 2004 confirmed this, as well as MAS’ crafty use of deceptive semantics to appear moderate. Convicted terrorist and admitted U.S. Muslim Brotherhood member Abdurrahman Alamoudi testified in 2012, “Everyone knows that MAS is the Muslim Brotherhood.”

Read our fully-documented profile of MAS here.

According to Omeish’s website, he was also president of the National Muslim Students Association (click there to read our profile about its Muslim Brotherhood origins) and served for two years on the national board of the Islamic Society of North America (ISNA), which the Justice Department also labeled as a U.S. Muslim Brotherhood entity and unindicted co-conspirator in a Hamas-financing trial.

His website says he was the vice president of Dar al-Hijrah Islamic Center, a radical mosque known for its history of terror ties, including having future Al-Qaeda operative Anwar Al-Awlaki as its imam and being frequented by two of the 9/11 hijackers and Nidal Hasan, the perpetrator of the Fort Hood shooting. Omeish’s website says he remains a board member.

Omeish’s website also says he was chairman of the board of Islamic American University, which had Hamas financier and Muslim Brotherhood spiritual leader Yousef Al-Qaradawi chairman of its board until at least 2006.

Omeish was also chairman of the board for the Islamic Center of Passaic County, a New Jersey mosque with heavy terrorist ties and an imam that the Department of Homeland Security wants to deport for having links to Hamas.

Omeish directly expressed extremism before Kaine appointed him. He claimed the Brotherhood is “moderate” and admitted that he and MAS are influenced by the Islamist movement.

In 2004, Omeish praised the Hamas spiritual leader as “our beloved Sheikh Ahmed Yassin.” Videotape from 2000 also surfaced where Omeish pledged to help Palestinians who understand “the jihad way is the way to liberate your land” (he denied this was an endorsement of violence).

A holy war waged against non-Muslims on behalf of Islam considered to be a religious duty; also, a personal struggle in devotion to Islam.

  When a state delegate wrote a letter to then-Governor Kaine warning him that the MAS has “questionable origins,” a Kaine spokesperson said the charge was bigotry.

Kaine obviously failed to do any kind of basic background checking in Omeish.

Omeish resigned under heavy pressure, and Kaine acknowledged that his statements “concerned” him. But, apparently, they didn’t concern him enough to actually learn about the Muslim Brotherhood network in his state and to take greater precautions in the future.

 

Speaking at a Dinner Honoring Muslim Brotherhood Terror Suspect

In September 2011, Kaine spoke at a “Candidates Night” dinner organized by the New Dominion PAC that presented a Lifetime Achievement Award for Jamal Barzinji, who the Global Muslim Brotherhood Watch describes as a “founding father of the U.S. Muslim Brotherhood.”

He first came on to the FBI’s radar in 1987-1988 when an informant inside the Brotherhood identified Barzinji and his associated groups as being part of a network of Brotherhood fronts to “institute the Islamic Revolution in the United States.” The source said Barzinji and his colleagues were “organizing political support which involves influencing both public opinion in the United States as well as the United States Government” using “political action front groups with no traceable ties.”

Barzinji had his home searched as part of a terrorism investigation in 2003. U.S. Customs Service Senior Special Agent David Kane said in a sworn affidavit that Barzinji and the network of entities he led were investigated because he “is not only closed associated with PIJ [Palestinian Islamic Jihad]…but also with Hamas.”  Counter-terrorism reporter Patrick Poole broke the story that Barzinji was nearly prosecuted but the Obama Justice Department dropped plans for indictment.

Barzinji played a major role in nearly every Brotherhood front in the U.S. and was vice president of the International Institute of Islamic Thought (IIIT), which came under terrorism investigation also. Barzinji’s group was so close to Palestinian Islamic Jihad operative Sami Al-Arian that IIIT’s President considered his group and Al-Arian’s to be essentially one entity.

The indictment of Al-Arian and his colleagues says that they “would and did seek to obtain support from influential individuals, in the United States under the guise of promoting and protecting Arab rights (emphasis mine).”

The quotes about Brotherhood operative Barzinji’s aspirations to use civil rights advocacy as a means to influence politicians are especially relevant when you consider that video from the event honoring Barzinji shows Kaine saying that it was his fourth time at the annual dinner and thanked his “friends” that organized it for helping him in his campaign for lieutenant-governor and governor and asked them to help his Senate campaign.

 

Islamist Financial Support

Barzinji’s organization, IIIT, donated $10,000 in 2011 to the New Dominion PAC, the organization that held the event honoring Barzinji that Kaine spoke at. The Barzinji-tied New Dominion PAC donated $43,050 to Kaine’s gubernatorial campaign between 2003 and 2005. That figure doesn’t even include other political recipients that assisted Kaine’s campaign.

The PAC has very strong ties to the Democratic Party in Virginia, with the Virginia Public Access Project tallying almost $257,000 in donations. This likely explains why Barzinji’s grandson served in Governor McAuliffe’s administration and then became the Obama Administration’s liaison to the Muslim-American community.

The Middle East Forum’s Islamist Money in Politics database shows another $4,300 donated to Kaine’s Senate campaign in 2011-2012 by officials from U.S. Muslim Brotherhood entities Islamic Society of North America (ISNA) and the Council on American-Islamic Relations (CAIR). Another $3,500 came from Hisham Al-Talib, a leader from Barzinji’s IIIT organization.

It’s worth noting that Barzinji’s IIIT donated $3,500 to Esam Omeish’s 2009 campaign delegate campaign, tying together the cadre of Muslim Brotherhood-linked leaders who got into Kaine’s orbit.

 

Conclusion

Kaine has no excuse. If he has an Internet connection, then he and his staff should have known about their backgrounds. They were either extremely careless (something Kaine would have in common with the top of the ticket) or knew and looked the other way in the hopes of earning donations and votes.

Clinton’s choice of Kaine is widely seen as a way of strengthening her campaign’s national security credentials. Yet, Clinton is asking us to trust a candidate on national security who appoints a Hamas supporter to an immigration commission and speaks at a dinner honoring a Muslim Brotherhood terror suspect.

 

Saudi Arabia Plotting to Overthrow the Iranian Regime?

This has been building for sometime but is the White House listening?

President Obama’s readiness to negotiate with the Iranians met with considerable alarm in Riyadh. Though less openly vocal than the Israeli government, WikiLeaks documents and other sources indicated that Saudis were exceedingly frustrated by the Obama imitative. To the Saudi elite, the JCPOA was an indication of Washington’s willingness to tolerate Iran’s expansionism at the cost of its historical alliance with the Arab states in the Middle East. To make their feelings known, some officials in the royal circle urged the kingdom to match Iran’s nuclear advances. For example, Prince Turki al-Faisal, the former Saudi intelligence chief and an influential member of the elite, declared that Riyadh will not live in the shadow of a nuclear-armed Iran. In 2011, he stated that should Iran cross the nuclear threshold, Saudi Arabia may react by building its own nuclear enrichment capabilities.

In fact, Saudi Arabia has already laid down the foundation for its own nuclear infrastructure. Admittedly, the nuclear energy program could provide the infrastructure for a clandestine weapons program, especially if Riyadh decides to enrich its own uranium. But observers have argued that purchasing enrichment technology or, better still, nuclear weapons from Pakistan is a more plausible scenario. Saudi Arabia has a long history of collaboration with Pakistan and, by all accounts, financed Abdul Qadeer Khan, the “father” of its nuclear weapons. In 2013, Mark Urban, the BBC defense correspondent, claimed that, as part of the finance deal, the Pakistanis fabricated a number of warheads to be transferred to Riyadh in an emergency. Other journalists have supported the “off-the-shelf” Pakistani arsenal theory as well. However, it is hard to assess the veracity of these reports. The Saudis have a vested interest in demonstrating that the nuclear deal with Iran would spur proliferation. Having objected to the impending JCPOA, Saudis found it useful to disclose information strengthening the proliferation scenario. More comprehensive important details here.

Prince Turki bin Faisal Al-Saud Drops Bombshell at Iranian Opposition Rally

At the annual gathering of Iranians outside of Paris, France on 9 July 2016, where some 100,000 showed up to express support for regime change in Tehran, one of the guest speakers dropped a bombshell announcement. Even before he took the podium, Prince Turki bin Faisal Al-Saud, appearing in the distinctive gold-edged dark cloak and white keffiyeh headdress of the Saudi royal family, of which he is a senior member, drew commentary and lots of second looks. The Prince is the founder of the King Faisal Foundation, and chairman of the King Faisal Center for Research and Islamic Studies, and served from 1977-2001 as director general of Al-Mukhabarat Al-A’amah, Saudi Arabia’s intelligence agency, resigning the position on 1 September 2001, some ten days before the attacks of 9/11.

He took the podium late in the afternoon program on 9 July and, after a discourse on the shared Islamic history of the Middle East, launched into an attack on Ayatollah Ruhollah Khomeini, whose 1979 revolution changed the course of history not just in Iran, but throughout the world. His next statement sent a shock wave through the assembly: Bin Faisal pledged support to the Iranian NCRI opposition and to its President-elect Maryam Rajavi personally. Given bin Faisal’s senior position in the Saudi royal family and his long career in positions of key responsibility in the Kingdom, it can only be understood that he spoke for the Riyadh government. The hall erupted in cheers and thunderous applause.

Iranians and others who packed the convention center in Bourget, Paris came for a day-long program attended by representatives from around the world. Organized by the National Council of Resistance of Iran (NCRI), the event featured a day filled with speeches and musical performances. A senior-level U.S. delegation included Linda Chavez, Chairwoman of the U.S. Center for Equal Opportunity; former Speaker of the House Newt Gingrich; former Governor of Pennsylvania and Secretary of Homeland Security Tom Ridge; Judge Michael Mukasey; former Governor of Vermont and Presidential candidate Howard Dean; and former national security advisor to President George W. Bush, Fran Townsend.

The NCRI and its key affiliate, the Mujahedeen-e Kahlq (MEK), were on the U.S. Foreign Terrorist Organizations (FTO) list until 2012, having been placed there at the express request of Iranian president Khatami. Iranian university students formed the MEK in the 1960s to oppose the Shah’s rule. The MEK participated in the Khomeini Revolution but then was forced into exile when Khomeini turned on his own allies and obliterated any hopes for democratic reform. Granted protection by the U.S. under the 4th Geneva Convention in 2004, remnants of the MEK opposition have been stranded in Iraq, first at Camp Ashraf and now in Camp Liberty near Baghdad since U.S. forces left Iraq. Completely disarmed and defenseless, the 2,000 or so remaining residents of Camp Liberty, who are desperately seeking resettlement, come under periodic deadly attack by Iraqi forces under Iranian Qods Force direction. The most recent rocket attack on July 4th, 2016 set much of the camp ablaze and devastated the Iranians’ unprotected mobile homes. The MEK/NCRI fought their terrorist designations in the courts in both Europe and the U.S., finally winning removal in 2012. The NCRI’s national headquarters are now located in downtown Washington, DC, from where they work intensively with Congress, the media, and U.S. society to urge regime change and a genuinely liberal democratic platform for Iran.

Given the Obama administration’s close alignment with the Tehran regime, it is perhaps not surprising that the NCRI and Riyadh (both feeling marginalized by the U.S.) should find common cause to oppose the mullahs’ unceasing quest for deliverable nuclear weapons, aggressively expansionist regional agenda, and destabilizing involvement in multiple area conflicts, especially its extensive support for the murderous rule of Bashar al-Assad. Nevertheless, the implications of official Riyadh government support for the largest, most dedicated, and best-organized Iranian opposition movement will reverberate through the Middle East.

Although not openly stated by bin Faisal, the new NCRI-Riyadh alliance may be expected to involve funding, intelligence sharing, and possible collaboration in operations aimed at the shared goal of overthrowing the current Tehran regime. The alignment doubtless will change the course of events in the Middle East, and while Saudi Arabia can hardly be counted among the liberal democracies of the world, the woman-led NCRI movement declares a 10-point plan for Iran that does embrace the ideals of Western Civilization. The impact of the Saudi initiative will not be limited to Iran or the surrounding region but at least as importantly, surely will be felt internally as well, among a young and restless Saudi population that looks hopefully to the rule of King Salman and his 30-something son, Deputy Crown Prince Mohammad bin Salman al-Saud.

DNC Email Hacks: GRU, Russian Military Intelligence

In part from Motherboard: In the wee hours of June 14, the Washington Postrevealed that “Russian government hackers” had penetrated the computer network of the Democratic National Committee. Foreign spies, the Post claimed, had gained access to the DNC’s entire database of opposition research on the presumptive Republican nominee, Donald Trump, just weeks before the Republican Convention. Hillary Clinton said the attack was “troubling.”

It began ominously. Nearly two months earlier, in April, the Democrats had noticed that something was wrong in their networks. Then, in early May, the DNC called in CrowdStrike, a security firm that specializes in countering advanced network threats. After deploying their tools on the DNC’s machines, and after about two hours of work, CrowdStrike found“two sophisticated adversaries” on the Committee’s network. The two groups were well-known in the security industry as “APT 28” and “APT 29.” APT stands for Advanced Persistent Threat—usually jargon for spies.

CrowdStrike linked both groups to “the Russian government’s powerful and highly capable intelligence services.” APT 29, suspected to be the FSB, had been on the DNC’s network since at least summer 2015. APT 28, identified as Russia’s military intelligence agency GRU, had breached the Democrats only in April 2016, and probably tipped off the investigation. CrowdStrike found no evidence of collaboration between the two intelligence agencies inside the DNC’s networks, “or even an awareness of one by the other,” the firm wrote.

Related reading: Remarkable work here including Julian Assange, Edward Snowden, Israel Shamir and Putin, FSB loyalties

This was big. Democratic political operatives suspected that not one but two teams of Putin’s spies were trying to help Trump and harm Clinton. The Trump campaign, after all, was gettingfriendly with Russia. The Democrats decided to go public.

Digitally exfiltrating and then publishing possibly manipulated documents disguised as freewheeling hacktivism is crossing a big red line and setting a dangerous precedent

The DNC knew that this wild claim would have to be backed up by solid evidence. A Post story wouldn’t provide enough detail, so CrowdStrike had prepared a technical report to go online later that morning. The security firm carefully outlined some of the allegedly “superb” tradecraft of both intrusions: the Russian software implants were stealthy, they could sense locally-installed virus scanners and other defenses, the tools were customizable through encrypted configuration files, they were persistent, and the intruders used an elaborate command-and-control infrastructure. So the security firm claimed to have outed two intelligence operations.

Then, the next day, the story exploded.

On June 15 a WordPress blog popped up out of nowhere. And, soon, a Twitter account, @GUCCIFER_2. The first post and tweet were clumsily titled: “DNC’s servers hacked by a lone hacker.” The message: that it was not hacked by Russian intelligence. The mysterious online persona claimed to have given “thousands of files and mails” to Wikileaks, while mocking the firm investigating the case: “I guess CrowdStrike customers should think twice about company’s competence,” the post said, adding “Fuck CrowdStrike!!!!!!!!!”

Along with the abuse, the Guccifer 2.0 account started publishing stolen DNC documents on the WordPress blog, on file sharing sites, and by giving“a few docs from many thousands” to at least two US publications, The Smoking Gun and Gawker. Mainstream media outlets quickly picked up the story and covered the Clinton campaign’s opposition research on Trump in hundreds of news items that revealed pre-rehearsed arguments against the presumptive Republican nominee: that “Trump has no core”; that he is a “bad businessman;” and that he should be branded “misogynist in chief.” Donor lists were leaked along with personal contact details and juicy dollar amounts.

The Guccifer 2.0 account also claimed that it had given an unknown number of documents containing “election programs, strategies, plans against Reps, financial reports, etc” to Wikileaks. Two days later, Wikileaks published a massive 88 gigabyte encrypted file as “insurance.” This file, which Julian Assange could unlock by simply tweeting a key, is widely suspected to contain the DNC cache. On 13 July, almost a month after the hack became public, the intruders leaked selected files exclusively to The Hill, a Washington outlet for Congressional and political news, and then made the original files available later.

Nine days later, on July 22, just after Trump was officially nominated and before the Democratic National Convention got under way, Wikileaks published more than 19,000 DNC emails with more than 8,000 attachments—“i sent them emails, i posted some files in my blog,” Guccifer confirmed by DM, when asked if he shared all files with Julian Assange. Two days later, on July 24, Debbie Wasserman Schultz, chair of Democratic National Committee, announced her resignation—the extraordinary hack and leak had helped force out the head of one of America’s political parties and threatened to disrupt Hillary Clinton’s nominating convention.

This tactic and its remarkable success is a game-changer: exfiltrating documents from political organisations is a legitimate form of intelligence work. The US and European countries do it as well. But digitally exfiltrating and thenpublishing possibly manipulated documents disguised as freewheeling hacktivism is crossing a big red line and setting a dangerous precedent: an authoritarian country directly yet covertly trying to sabotage an American election.

***

So how good is the evidence? And what does all this mean?

The forensic evidence linking the DNC breach to known Russian operations is very strong. On June 20, two competing cybersecurity companies, Mandiant (part of FireEye) and Fidelis, confirmed CrowdStrike’s initial findings that Russian intelligence indeed hacked Clinton’s campaign. The forensic evidence that links network breaches to known groups is solid: used and reused tools, methods, infrastructure, even unique encryption keys. For example: in late March the attackers registered a domain with a typo—misdepatrment[.]com—to look suspiciously like the company hired by the DNC to manage its network, MIS Department. They then linked this deceptive domain to a long-known APT 28 so-called X-Tunnel command-and-control IP address, 45.32.129[.]185.

One of the strongest pieces of evidence linking GRU to the DNC hack is the equivalent of identical fingerprints found in two burglarized buildings: a reused command-and-control address—176.31.112[.]10—that was hard coded in a piece of malware found both in the German parliament as well as on the DNC’s servers. Russian military intelligence was identified by the German domestic security agency BfV as the actor responsible for the Bundestag breach. The infrastructure behind the fake MIS Department domain was also linked to the Berlin intrusion through at least one other element, a shared SSL certificate.

The evidence linking the Guccifer 2.0 account to the same Russian operators is not as solid, yet a deception operation—a GRU false flag, in technical jargon—is still highly likely. Intelligence operatives and cybersecurity professionals long knew that such false flags were becoming more common. One noteworthy example was the sabotage of France’s TV5 Monde station on 9/10 April 2015, initially claimed by the mysterious “CyberCaliphate,” a group allegedly linked to ISIS. Then, in June, the French authorities suspected the same infamous APT 28 group behind the TV5 Monde breach, in preparation since January of that year. But the DNC deception is the most detailed and most significant case study so far. The technical details are as remarkable as its strategic context.

The metadata in the leaked documents are perhaps most revealing: one dumped document was modified using Russian language settings, by a user named“Феликс Эдмундович,” a code name referring to the founder of the Soviet Secret Police, the Cheka, memorialised in a 15-ton iron statue in front of the old KGB headquarters during Soviet times. The original intruders made other errors: one leaked document included hyperlink error messages in Cyrillic, the result of editing the file on a computer with Russian language settings. After this mistake became public, the intruders removed the Cyrillic information from the metadata in the next dump and carefully used made-up user names from different world regions, thereby confirming they had made a mistake in the first round.  More comprehensive details here from Motherboard.