Debunking the Reality Winner leak about Russia hacking the election

The Russia-Trump story has dominated the news for months, so far producing many headlines but little evidence. Reality Winner contributed the latest chapter, leaking a secret NSA report. Here is analysis by two reliable sources about this story, insights about the story that you will not see in the major media.

Russia hacking the US election

The odd story of Reality Winner and her leak of an NSA report are the next volleys in the propaganda campaign to start a new cold war — and bring down President Trump. The story makes little sense. But we are undemanding consumers of propaganda. Like manufacturers of dog food and Hollywood blockbusters, they need not put much effort into the quality of the product.

When propaganda dominates the major media, insights are found on the fringes. Here are excerpts from two articles by informed analysts showing some of the many flaws in the story. Read them both in full!

(1) Why the excitement about the leaked NSA document?

Hey Intercept, Something is Very Wrong with Reality Winner and the NSA Leak
by retired foreign service officer Peter Van Buren, at his website.

“An NSA document purporting to show Russian military hacker attempts to access a Florida company which makes voter registration software is sent anonymously to The Intercept. A low-level NSA contractor, Reality Winner, is arrested almost immediately. What’s wrong with this picture? A lot. …

“NSA very publicly confirms the veracity of the document (unusual in itself, officially the Snowden and Manning documents remain unconfirmed) and then makes sure open-court the document filed is not sealed and includes the information on how the spooks know the leaked doc was printed inside the NSA facility. Winner went on to make a full confession to the FBI.

“The upshot? This document is not a plant. The NSA wants you to very much know it is real. The Russians certainly are messing with our election.

“But funny thing. While the leaked NSA document seems to be a big deal, at least to the general public, it sort of isn’t. It shows one piece of analysis suggesting but not confirming the GRU, Russian military intelligence, tried to steal some credentials and gain access to a private company. No U.S. sources and methods, or raw technical intel, are revealed, the crown jewel stuff.

“There is no evidence the hack accomplished anything at all, never mind anything nefarious. The hack took place months ago and ran its course, meaning the Russian operation was already dead. The Russians were running a run-of-the-mill spearfishing attack, potentially effective, but nothing especially sophisticated. You get similar stuff all the time trying to harvest your credit card information. The leaked document looks like a big deal but isn’t. …

We Meant Well: How I Helped Lose the Battle for the Hearts and Minds of the Iraqi People
Available at Amazon.

“At this very early stage I’m going to say there are too many coincidences and too many mistakes to simple shrug it all off. Too many of the benefits in this have accrued on the side of the IC than is typical when a real whistleblower shares classified documents with a journalist. …”

About the author.

Peter Van Buren (bio) is a retired US Foreign Service Officer. Based on his experience in Iraq, he wrote the important history We Meant Well: How I Helped Lose the Battle for the Hearts and Minds of the Iraqi People. The State Department began legal proceedings against him, falsely claiming the book revealed classified material.

He also wrote the WWII novel Hooper’s War and Ghosts of Tom Joad: A Story of the 99 Percent — a look at the new economy told through fiction.

(2)  More about the leaked NSA report

Leaked NSA Report Short on Facts, Proves Little in ‘Russiagate’ Case
by former UN weapons inspector Scott Ritter, at TruthDig.

This is a devastating demolition of US intel agency claims of Russian cyberattacks on the election.

“…The release of the document has invigorated the Russian hacking hysteria before former FBI Director James Comey’s much-ballyhooed testimony before Congress. The issue of Russian meddling is expected to be a prominent focus of the Comey hearing, with significant attention placed on the role of the GRU in orchestrating the events detailed in the report. But upon closer scrutiny, the NSA document allegedly leaked by Winner reinforces assertions made by President Trump that the Russia story is fake news. …

“The opening paragraph of the leaked NSA document states…

‘Russian General Staff Main Intelligence Directorate actors …executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. …The actors likely used data obtained from that operation to …launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.’

“…The strength of this assertion, however, collapses when one examines the colored chart that accompanied the text of the report detailing the “Spear-Phishing Campaign TTPs used Against U.S. and Foreign Government Entities” (TTPs are tactics, techniques and procedures). While the document, as released by The Intercept, shows only the first page of what is described as a two-page chart, the material it contains is clear and concise regarding what it is illustrating. The activity flow chart, which details the sequencing and relationships involved in the execution of the spear-phishing campaign … {He provides a detailed analysis of the chart.}

The chart from the NSA document that allegedly was leaked by Reality Winner.

Chart of Russia's GRU hacking the US election
Chart of Russia’s GRU hacking the US election. From The Intercept. Click to enlarge.

“Nothing in the document’s confirmed information links it to the GRU. The GRU attribution is presented for contextual purposes only. It is an inferred command relationship to a redacted cyberoperations management capability that is linked to the confirmed cyberoperators only through analysis (i.e., best guess), not fact.

“The NSA document, both in its title and text, is therefore misleading in the extreme. There is simply no fact-based information provided in the report that confirms that the events reported on were being organized and managed by the Russian GRU, despite the document’s assertions otherwise.

“This lack of confirmation of any fact-based linkage between the GRU and the cyberattacks on the 2016 election in the NSA document is striking in another regard. The NSA has always been assumed to be the agency that possessed “smoking gun” evidence when it came to Russian attribution in the cyberattacks on the American electoral process. …

“Contrary to repeated assertions by well-compensated talking heads on cable news, there is no unified consensus by “all 17 agencies” of the U.S. intelligence community on Russian “meddling” with the 2016 election. Only three agencies weighed in on the Russian assessment—the CIA, the FBI and the NSA.

“The CIA’s contribution appears to be purely speculative. It is limited to recycling a 2012 open-source assessment of Russian media-based propaganda to sustain the 2016 allegations of Russian meddling in the 2016 election.

“The FBI’s contribution to the report was supposedly more forensically based, derived from data attributed to the server used by the Democratic National Committee and as such deemed particularly damning when it came to attribution to APT 28, the GRU. The main problem with the FBI’s assertion, however, is that it was not based upon an independent forensic examination of the DNC server by FBI agents, but rather the independent assessments of a private cybersecurity company, CrowdStrike, contracted by the DNC to investigate the March 2016 cyberintrusion into its servers.

“…a similar CrowdStrike assessment linking APT 28 and the GRU to cyberactivity in the Ukraine has been discredited, significantly diluting the credibility of this company’s analysis).

“The DNC mysteriously denied the FBI direct access to its servers, leaving the agency no option but to limit its investigation to the data provided by CrowdStrike. The CrowdStrike data, however, provides no conclusive forensic link to Russia or the GRU with regard to the cyberattack on the DNC server. …

“The consequences of the dearth of fact-based intelligence linking the GRU to meddling in the 2016 election are many. It exposes the decision by President Obama to single out the GRU for sanctions last December as fraudulent in nature and politically motivated, since it sustained an attribution by CrowdStrike that was not founded in hard fact, but rather paid for by DNC dollars.

“It also reveals the CIA-FBI-NSA joint assessment as being fundamentally flawed …

“The perpetrators of the ‘Russia did it’ line of attack — including the Democratic members of the House and Senate Intelligence Committees, who are in a position to know better due to their exposure to raw NSA intelligence of the sort used to underpin the analysis in the NSA document leaked by Winner — have hidden behind a veil of secrecy when it comes to protecting the sources used to sustain their assertions that the Russian government and Russian intelligence services (in particular, the GRU) were involved in meddling in the domestic political affairs of the United States.

“These assertions have been repeated without attribution and reinforced by well-timed leaks of unverified information by anonymous sources to an unquestioning media until they have been endorsed as unquestioned fact.

“By allegedly leaking a highly classified NSA document, Winner has provided the American public with its first unvarnished look at what the true state of affairs is regarding the specific intelligence underpinning one of the foundational accusations that have been leveled against Russia today. In short, there is no quality intelligence that implicates the GRU as being behind the APT 28-“Cozy Bear” cyberattacks on the DNC and American electoral system. The Russian threat has been exposed as a phantom menace.

“It can now be clearly shown that any such attribution is purely speculative in nature, derived from the politically motivated and fundamentally flawed analysis conducted by a private company, CrowdStrike, which was subsequently adopted by the FBI before becoming a part of a national narrative that has been placed out of bounds when it comes to serious inquiry by a media that seems to have forgotten its responsibility to report fact-based truth, regardless of consequence. …

“After putting so much capital into accusing Russia and the GRU in meddling in American domestic political affairs—and, by extension, accusing the president of colluding with the Russians in this endeavor—the Democrats had better be able to back up their claims with unassailable, fact-based information. Based upon a close examination of the NSA’s latest analysis, courtesy of the document being linked to Winner, this intelligence does not exist.”


See the next post in this series: The verdict on stories of Russian hacking in the 2016 election.

For More Information

See Bowman’s devastating analysis of the major news media’s coverage of Reality Winner’s story. This is why only 20% of Americans have much confidence in newspapers — a record low (going back to 1973).

If you liked this post, like us on Facebook and follow us on Twitter. See all posts about cyberattacks and cybersecurity, about Campaign 2016, about the Trump years in America, about ways to reform America, and especially these…

  1. Is Trump a tool of Putin? See the story & the debunking.
  2. Here are the facts so far about the Trump-Russia file.
  3. Deciphering the scandalous rumors about Trump in Russia.
  4. Exposing the farcical claims about Russian hacking of the election.
  5. What Trump told Russia, why it matters, and why journalists ignore the smartest man in Washington.
  6. ImportantThe GOP might impeach Trump, changing our politics forever – for the better.
  7. Trump and the Democrats stumble into a ‘Wilderness of Mirrors’.

Books about impeachment in America – and the case against Trump.

The Case for Impeachment
The Case for Impeachment

One of the best introductions to impeachment in modern American politics is The Age of Impeachment: American Constitutional Culture since 1960 (2008) by the historian David E. Kyvig (deceased). For more background see these five books about the process and history of impeachment in America.

The latest and most provocative book on this subject is Allan Lichtman’s The Case for Impeachment, released in April. He is a professor of history at American University. From the publisher…

“In the fall of 2016, Lichtman made headlines when he predicted that Trump would defeat the heavily favored Democrat, Hillary Clinton. Now, in clear, nonpartisan terms, Lichtman lays out the reasons Congress could remove Trump from the Oval Office: his ties to Russia before and after the election, the complicated financial conflicts of interest at home and abroad, and his abuse of executive authority.

The Case for Impeachment also offers a fascinating look at presidential impeachments throughout American history, including the often-overlooked story of Andrew Johnson’s impeachment, details about Richard Nixon’s resignation, and Bill Clinton’s hearings. Lichtman shows how Trump exhibits many of the flaws (and more) that have doomed past presidents. As the Nixon Administration dismissed the reporting of Bob Woodward and Carl Bernstein as “character assassination” and “a vicious abuse of the journalistic process,” Trump has attacked the “dishonest media,” claiming, “the press should be ashamed of themselves.”

“Historians, legal scholars, and politicians alike agree: we are in politically uncharted waters—the durability of our institutions is being undermined and the public’s confidence in them is eroding, threatening American democracy itself. Most citizens—politics aside—want to know where the country is headed. Lichtman argues, with clarity and power, that for Donald Trump’s presidency, smoke has become fire.”

Read the first chapter here.


14 thoughts on “Debunking the Reality Winner leak about Russia hacking the election”

  1. Two things we should remember are well within the realm of possibility:

    1. Reality Winner might have acted exactly as expected — possibly as instructed — by her superiors. The idea that this was a planned leak seems to me far more plausible than the idea that a former member of the Air Force, now working for an NSA contractor, with a top security clearance, just happened to be extremely careless about what she posted to social media (and no one noticed), extremely careless about how she went about leaking a document (despite being trained in security protocols), and… chose to leak a document that doesn’t prove a damn thing. If she really is that stupid (which I doubt), there is no way her employers didn’t know about it, in which case she was almost certainly intentionally allowed to access and leak this document, and probably steered into doing it.

    2. Just because the intelligence agencies seem to be working against Donald Trump doesn’t mean they are. Manipulating the appearance of reality is one of their core competencies. If Donald Trump and the intelligence agencies know for a fact that the Russia investigations will lead nowhere… then the whole affair burns a lot of attention, effort and credibility of the opposition, while distracting everyone from what goes on day to day. That is a plausible goal.

    1. Coises,

      For good reason the great James Angleton called the intel world a “wilderness of mirrors.” Who can say you are wrong, with only the slivers of information we have so far? My personal guess is that those scenarios are unlikely.

      (1) Reality Winner is probably going to jail for a long time (I doubt her “I’m pretty, white and cute” defense will work). Getting people to do that is difficult.

      (2) The evidence that the intel agencies don’t like Trump is large.

      But both of these articles suggest that this might have been, as you said, a planned leak. For example, there is some evidence — not much — that The Intercept was involved in this beyond journalism.

    2. I seriously doubt Reality Winner was a willing patsy. She was lower-enlisted Air Force MI analyst…this in absolutely no way guarantees she had any tradecraft knowledge to be able to leak without getting caught. If the NSA had really wanted to leak this doc to the press, there are much simpler ways to do it.
      Occam’s Razor (and maybe a little of Hanlon’s Razor too).

      Much more likely is that the NSA continues to have rather poor internal security controls and has only learned a little from the Manning and Snowden links. It appears they’re still giving analysts too much access outside of their need-to-know, are rather poorly monitoring outgoing emails to non-gov/DoD addresses, etc. Also, as noted at the end of van Buren’s article, one of The Intercept journalists (Matt Cole) was also involved in outing a CIA leaker, so there’s the distinct possibility that he and/or others at The Intercept are acting as informants.

      I would expect an outlet that publishes a lot of classified leaks like The Intercept to know better tradecraft (like not exposing the tracking dots on a printed document) than a lower-enlisted MI analyst and contractor.

      1. ch1kpee,

        Nicely said! I agree on all points.

        “It appears they’re still giving analysts too much access outside of their need-to-know, are rather poorly monitoring outgoing emails to non-gov/DoD addresses, etc”

        Not just their own analysts, but contractors’ staff! Again. They learned nothing from the leaks by Snowden andHarold Thomas Martin III (both working for Booz Allen at the NSA) — and others. The Guardian has a gentle article looking at the for-profit national security intel industry.

        Neoliberalism strikes again, seeing privatization of national security as an opportunity to generate profits at our expense.

  2. Reality Winner might be a traitor and weirdo, but she is not stupid. Her defense:

    “I’m pretty, white and cute,” she allegedly told her sister. Prosecutors said Winner told her sister she would braid her hair and cry in court.

    From WSB-TV Atlanta. This quote has circulated on conservative media, but (oddly) on the major news media.

  3. Even if you take the DNC’s story on Hillary’s loss being due to Moscow’s influence (along with misogyny-of course) at total face value, it still speaks to how utterly bad of a politician you are when foreign governments know to campaign in the Rust Belt, but you don’t.

    I personally don’t have a hard time buying the idea that Trump has shady connections to the burgeoning Russian criminal underground from his NYC real estate dealings, and in Russia, the line between the Mafia and the government can get pretty blurry.

    But that’s a completely different thing from what he’s being accused of. No halfway sane/competent intelligence service would try to recruit Donald J. Trump, of all people, for a plan of this kind of sophistication, for too many reasons to list here.

    I wonder what Vladimir Putin genuinely *does* think about all of this brouhaha from an outside observer’s perspective, at any rate? As a former officer of a national security service that regularly meddled in and shaped the internal politics of the 1970s and 1980s USSR, maybe it all brings a rather wry smile to his face…

    1. The indications seem to be that the Russians were just as surprised at Trump’s win as everyone else. Their conducting IO (information operations) against a US election is nothing new in the spy world. We do it all the time to other countries. But the Russians seemed rather stunned by their own success and I don’t think they’re even sure how exactly they pulled it off. One example is their rather ham-fisted attempt to repeat the formula in France (early efforts to tie Macron to Clinton, lots of 4chan-style social media trolling for Le Pen, the last-minute email dumps, etc.).

      A great writer on this subject is Grugq, who used to broker deals between intel agencies and computer exploit writers, and is an expert on cyberwarfare. I highly recommend his articles:

      1. ch1kpee,

        I looked at Gugg’s articles. They are a lengthy exercise in making stuff up. The right-wing mil-blogs overflow with this stuff. During the first ten years of running the FM website I waste hundreds of hours running down such stories, almost all of which proved to be trash.

        I suggest not relying on reputed insiders — again, they’re a dime a dozen on the net — but stick to those who provide some sort of supporting factual basis for their inspired guessing. I glanced at those three and saw little or nothing like that.

      2. I meant they’re apparent success in influencing the elections in Trump’s direction (Wikileaks, DNC hack, Podesta, etc.). There is ample evidence for those hacks and leaks being Russian intel. The evidence of direct collision between Trump and GRU/FSB/whoever is still pretty thin, as you note.

        Of course, it’s questionable if Russian info ops really tipped the scale or whether Hillary would’ve lost it all on her own due to decades of scandal and baggage plus an inept campaign. Obviously, the Russians didn’t make Whitewater or Benghazi happen and didn’t make her neglect to campaign in the Midwest.

      3. ch1kpee,

        “There is ample evidence for those hacks and leaks being Russian intel.”

        As a thousand cybersecurity experts have said, attribution of professionals’ cyberattacks is almost impossible — except by non-cyber methods (e.g., hunint – when his girlfriends drops a dime on him). I’ve run a dozen posts citing cyber experts debunking the silly “ample evidence” you find so credible.

        The flood of stories about cyberattacks over the past few years have a common theme: blaming the cyber-attack on a useful foe. Note the almost total lack of follow-up evidence in the following months or years. Remember how China would reap fantastic benefits from their (alleged) hack of the OPM personnel files? To pick one of the outrageous examples in your list: there are kids in high school who use the methods that Podesta fell for, sending emails with poisonous links.

        That we eagerly believe these stories (and the other propaganda that increasingly dominates the news) illustrates another great truth: we are among the most gullible people that have ever walked the face of the Earth (slight exaggeration for emphasis). Click here to see why we are this way.

    2. Yeah, I’ve seen your postings on it and read many of them myself, both pro and con. I will concede: having gone back and read more carefully, I can fully understand the skeptic side.

      The initial Crowdstrike report was garbage, and while there has since been some much better analysis of the leaks’ metadata, the infrastructure built out to hack Podesta and others, etc. that would strongly suggest an Eastern European nation-state. Nothing put forward yet has been a slam dunk and certainly none of it is beyond the skillset of a particularly skilled cybercrime group.

      I thought there was more consensus among the intel agencies, but going back over the news, it’s all been “anonymous sources inside the administration” and the typical cowardly behavior of beltway bureaucrats who don’t want to have to stand by their word. If there even is any “smoking gun” that Russian intel did it, the NSA, CIA, etc aren’t declassifying it yet. It’s wise to be skeptical of cyber attribution, as you note.

      1. ch1kpee,

        I will state it more strongly — the attributions to Russia resemble the 1980’s stories about recovered memories as evidence of child abuse (e.g, in underground tunnels, by adults dressed as clowns, and satanic cults). Those too were considered strong evidence both by journalists and law enforcement, with many long reports by outside experts providing authoritative evidence. Now everybody involved has amnesia.

        The news stories dressing this up for the public are filled with red flags for careful reader. Like this October 6 article from Motherboard: “How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts” by Lorenzo Franceschi-Bicchierai — “New evidence proves Russian hackers were behind the hack on Podesta, connecting the dots on different parts of the complex hacking campaign.”.

        Much of this is nonsense. I’ll give two examples. First, look at this line.

        “It’s unclear why the hackers used the encoded strings, which effectively reveal their targets to anyone.”

        Let’s rephrase that line. It’s unclear why a superpower having some of the best programmers & most effective intel agencies in the world would stage an attack on the political system of the other superpower using cybertools that easily reveal their fingerprints. Very authoritative!

        Following a thousand words of chained guesses, it leads to this astonishingly weak link: “pointing toward Fancy Bear, a notorious hacking group that’s widely believed to be connected with the Russian government.” No evidence given for the leap of faith, more akin to transubstantiation at a Mass than journalism.

        There are two larger reasons to be skeptical. First, look at the Big List of Lies by US government officials since 1960 (a big list, not remotely a complete list). How many times must they lie to you before you become skeptical?

        Second, “extraordinary claims require extraordinary proof”. Saying that Russia has been conducting so many and such poorly constructed cyberattacks on the US — attacks in which they have little or nothing to gain — certainly qualifies as an “extraordinary claim”.

        This is a relative small matter, but indicative of the larger problem: I strongly believe such as gullible people as those modern America cannot effective reform itself. The best we can do is change masters. Hence all the posts listed in section four on the How to Reform American Politics page.

        A note about that page: for years people complained that I posted about our problems but not solutions. I said “diagnosis must precede treatment”, but eventually was persuaded that I was wrong. People read the posts with horror. No denunciations of the bad guys, and declarations that the white hats should save us! They were filled with harsh words, like “responsibility” and “work”. They are among the least popular posts of the four thousand here. That too is evidence, of something.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top
%d bloggers like this: