Let me make this very simple–if the NSA or CIA or FBI had actual evidence that the Government of Russia was involved in “cyber warfare” by stealing emails from the DNC and Hillary’s campaign Chief, John Podesta, then we should not have had to wait until 6 January 2017 to be told that we had a problem. Even more troubling is the fact that Barack Obama dismissed Russian hacking as a serious concern in October 2016 (Tuesday, 18 October to be precise). If we look at the evidence of what was reported in the press and what was said in public by DNI Jim Clapper and President Obama then there are only two possible conclusions–1) The Intel Community had no real evidence of an organized Russian Government cyber attack, or 2) They had such evidence but did not brief the President and the Congress and did not follow normal Community protocols in producing a coordinated warning memo.

For those of you who have never worked in the bowels of an intelligence organization, I will take you inside the daily life of your average CIA analyst tasked with keeping tabs on what the dastardly Rooskies are up to. Why is this important? Once you understand how analysts are supposed to identify and track potential threats then you will share my puzzlement on why the Intel Community did not take any proactive steps to warn not just the President but the Senate and House Intel Committees. In other words, if you have actual indicators that the Russian Government is trying to interfere in our national election then it is the duty of an analyst and those up his or her chain of command to raise the alarm.

Although I am a bit dated, the process remains the same. There are analysts at the CIA, NSA, FBI, INR and DIA that have the specific job of looking for evidence that Russia is preparing or executing a cyber attack on us. So let’s pretend that you are the CIA analyst in the division responsible for all things Russia and that you have the “cyber warfare” account. That means all message traffic (e.g., State Department cables, NSA traffic, CIA humint reporting, open source material and finished intel from other agencies) must be reviewed every morning before you have your Branch meeting.

When I was an analyst the job was easier–I only had to go through around 500 messages (most of it was in paper form) in an hour before going into the Branch Meeting. My job was to identify any issues, threats or developments that had occurred since I left work the night before. Based on this review I would be in a position to tell my Branch Chief if there was some news that we needed to report to the President. Once the Branch meeting concluded I would go back to my desk and start crafting the piece.

While I started working on the draft for the National Intelligence Daily and/or the Presidential Daily Brief, my Branch Chief went to the Division Meeting where he or she briefed on our proposed piece. This process of briefing your “upline” in the chain of command continued all the way up to the Deputy Director for Intelligence (we called him the DDI), where final approval and guidance was given to proceed with writing the piece.

Once the piece had been edited by Branch Chief, I then sent it off to my counterparts at the DIA, at State INR and at NSA. If it involved FBI material then I would send it there. It is important for you to understand that this process is followed on a daily basis. It is a system for identifying threats and ensuring that the President and his Cabinet are properly briefed.

Today’s analysts face a greater challenge. Where I had to cull thru 500 separate messages, their computer screens are flooded with 1000 to 2000 messages each day. One of the downsides of the computer era is that it is easier to gather and disseminate information. Analysts face a real problem in coping with information overload (but that’s a topic for another day).

With this as background, let’s take a look at one of the so-called judgments in that pathetic assessment issued by the DNI on Friday:

We assess Russian intelligence services collected against the US primary campaigns, think tanks, and lobbying groups they viewed as likely to shape future US policies.

Very curious language–“We assess.” This strongly indicates that there is no evidence. What would constitute evidence? We should have sigint, e.g. an interception of a written message from President Putin to the head of Russia’s Cyber Command to carry out such collection or a conversation between two senior officers in the Cyber Command discussing the activity. Or, there could be a humint report (i.e., human intelligence). In other words, we have a human source in somewhere in the Russian Government, Military or Intel community reporting on such activity. If such information existed, this assessment should have been written as follows:

According to multiple sources with direct access, Russian intelligence services are collecting against the US primary campaigns, think tanks, and lobbying groups.

If you write it in that way you are protecting the source or sources. You can put the actual sources into the classified version, especially the one briefed to the President. Once the analyst drafting the assessment establishes the facts about what is going on and who is doing it, you can then provide your JUDGMENT about their motive or intent.

Another indicator that the Intel Community has no hard intel on this is what is written regarding timing:

In July 2015, Russian intelligence gained access to Democratic National Committee (DNC) networks and maintained that access until at least June 2016.

 The General Staff Main Intelligence Directorate (GRU) probably began cyber operations aimed at the US election by March 2016. We assess that the GRU operations resulted in the compromise of the personal e-mail accounts of Democratic Party officials and political figures. By May, the GRU had exfiltrated large volumes of data from the DNC.

So, if Russian intelligence “gained access” in July 2015 to DNC networks, why wasn’t that attack identified or shut down? When specifically in July did the attack start? Since it went on until “at least June 2016” are we to believe that it was only detected by the DNC who, with the help of CrowdStrike, claimed it was a Russian hack?

Equally bizarre is the weasel mouthed sentence suggesting that the “GRU probably began cyber operations at the US election by March 2016.” Probably? Either you have a source or sources showing when they started or you don’t. When an intelligence analysts uses the word, “probably,” that means they do not know. It is what secular folks call an educated guess.

We know from the timeline that the DNC emails had been compromised in mid June 2016. The Washington Post reported on 14 June 2016:

Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.

The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts.

For some strange reason, the FBI did not accept this as a criminal case and we have now learned that the DNC did not allow the FBI to examine its servers. You tell me. If you really thought that the Russian Government was attacking you wouldn’t you want the U.S. Government to come down on them like a ton of bricks?

One month later, on 22 July 2016, Wikileaks dumped the DNC emails on the eve of the Democrat Convention:

As Hillary Clinton prepares to accept her party’s nomination for president, the anti-secrecy group WikiLeaks has released nearly 20,000 hacked emails that offer an embarrassing look inside the workings of the Democratic Party as it prepares for its convention in Philadelphia.

Some of the emails from the Democratic National Committee include discussions about how to undermine Clinton’s chief rival for the presidential nomination, Sen. Bernie Sanders (D-Vt.); details of perks provided to party donors attending the convention; and email exchanges among party officials, journalists and others.

The emails were released Friday on Twitter by WikiLeaks, which linked readers to a rectWeb page inviting them to search the DNC email database.

Nothing was said about Russia until a Monday article in the Washington Post:

On Monday, the FBI formally acknowledged that it is looking into the DNC hack. The agency has been probing the matter for months and on Monday said publicly that it will “investigate and hold accountable those who pose a threat in cyberspace.” The FBI announcement followed the stunning allegation by the Clinton campaign Sunday that the Russian government was behind the release of damaging documents on the WikiLeaks website as part of a ploy to help Republican nominee Donald Trump.

Important to note that it was the Clinton campaign, not the U.S. Government, that insisted these “hacks” were done to help Donald Trump. What Trump and his team ought to review once they are in office is whether or not the the President was briefed in June or July on the question of Russia hacking and interference in our elections.

I am assuming that the answer to the question regarding having intel that fingered the Russians is “NO!.” Why do I say that? Because Barack Obama insisted on the 18th of October that  nobody was rigging the election. That would exclude the Russians as suspects:

“Democracy survives because we recognize that there is something more important than any individual campaign, and that is making sure the integrity and trust in our institutions sustains itself. Becasue Democracy works by consent, not by force,” he said.

“I have never seen in my lifetime or in modern political history, any presidential candidate trying to discredit the elections and the election process before votes have even taken place. It is unprecedented. It happens to be based on no fact. Every expert regardless of political party… who has ever examined these issues in a serious way will tell you that instances of significant voter fraud are not to be found. Keep in mind elections are run by state and local officials.”

“That is both irresponsible and, by the way, doesn’t really show the kind of leadership and toughness you’d want from a president,” he also said. “You start whining before the game is even over? If whenever things are going badly for you and you lose, you start blaming somebody else. Than you don’t have what it takes to be in this job.”

“There is no serious person out there who would suggest that you could even rig America’s elections, in part because they are so decentralized. There is no evidence that that has happened in the past, or that there are instances that that could happen this time,” he said.

“So I’d advise Mr. Trump to stop whining, and go make his case to get votes,” the president added.

Is Obama a liar? Was he not briefed by the Intelligence Community on Russian activities? Or is the sudden discovery of alleged Russian malfeasance a “trumped” up charade? To paraphrase the U.S. Intelligence Community, I assess that there is a high probability that Obama and Clapper have conspired to try to discredit the Trump election by suggesting that the Russians tipped the scales in favor of Trump.

Previous articleThe Big Lie on Assessing Russian Activities and Intentions in Recent US Elections
Next articleAlso Worth Your While on the Russia Hacking Lie–UPDATE
Larry C. Johnson is a former analyst at the U.S. Central Intelligence Agency, who moved subsequently in 1989 to the U.S. Department of State, where he served four years as the deputy director for transportation security, antiterrorism assistance training, and special operations in the State Department's Office of Counterterrorism. He left government service in October 1993 and set up a consulting business. He currently is the co-owner and CEO of BERG Associates, LLC (Business Exposure Reduction Group) and is an expert in the fields of terrorism, aviation security, and crisis and risk management, and money laundering investigations. Johnson is the founder and main author of No Quarter, a weblog that addresses issues of terrorism and intelligence and politics. NoQuarterUSA was nominated as Best Political Blog of 2008.