Whistleblower Ties Clinton Campaign To Fake Russia Hack: Sperry

Authored by Paul Sperry via RealClearInvestigations,

A whistleblower report declassified last week suggests that Hillary Clinton’s campaign efforts to manufacture evidence tying Donald Trump to alleged Russian hacking in 2016 were deeper than previously known – as were Obama administration efforts to conceal them.

According to the report, a former senior U.S. intelligence analyst who investigated alleged Russian attempts to breach state voting systems during the 2016 election suspected the breaches may have been “related to activities” of the computer contractors involved in the Alfa Bank hoax, who were accused of manipulating Internet traffic data. 

In that well-publicized case, a Clinton campaign lawyer worked with federal computer contractors and the FBI to create suspicions that Russia was communicating with Donald Trump through a secret server shared by Alfa Bank of Russia and Trump Tower in Manhattan. 

The anonymous whistleblower – who served as the deputy national intelligence officer for cyber issues in the Office of the Director of National Intelligence from 2015 to 2020 – told Special Counsel John Durham he stumbled onto “enigmatic” data while leading the investigation of alleged Russian cyber activity for the Intelligence Community Assessment on Russian meddling in the 2016 election. He said that his discovery took place in December 2016 when President Obama ordered the ICA. 

After examining state-reported breaches of election networks, the whistleblower said, “It seemed only brief interaction was occurring – in some cases, no unauthorized access, or even attempted access, was detected on ‘victim’ systems.” Though the suspicious activity initially was attributed to Russian actors, further analysis raised doubts. 

But when he brought his findings to his boss, ODNI’s national intelligence officer for cyber issues, he was ordered to stop investigating and not include his findings in the final ICA draft. 

“After being directed to conduct analysis of Russian-attributed cyber activity for the ICA, I had been abruptly directed to abandon further investigation,” the whistleblower analyst said.

He added that his boss, whose name was blacked out in the whistleblower statement, “directed me to abandon analysis of these events, stating reports of Russia-attributed cyber activity were ‘something else.'” 

While the names of the whistleblower and his boss are blacked out in the report, a RealClearInvestigations search of federal records shows Vinh Nguyen was the national intelligence officer for cyber issues at the time. The whistleblower would have been Nguyen’s deputy.

Nguyen did not respond to RCI’s request for comment.

Pressured To Change View

The whistleblower’s 2023 complaint, declassified last week by Director of National Intelligence Tulsi Gabbard, also seems to contradict the recent claims of Obama’s director of national intelligence, James Clapper, and his CIA Director, John Brennan, among others that the ICA was a neutral document prepared according to the highest standards whose conclusions were widely supported by the intelligence community. The whistleblower said his supervisor also “pressured me to accept the ICA’s judgment of a decisive Russian preference for then President-elect Trump, and stated to me that he sought my concurrence as means to sway the position of” another intelligence agency.

“I was pressured to alter my views on the key judgment,” he said.

But, he added, “I could not concur in good conscience based on information available, and my professional analytic judgment.” 

What’s more, he said his boss “intentionally deceived and excluded me from things I was cleared for and had need to know” during the ICA’s drafting. This included the fact that Clinton campaign opposition research – the now-debunked Steele dossier – was used as supporting evidence in the highly restricted, classified version of the ICA. 

“I had been led to believe that Clapper viewed the ‘Steele dossier’ material as untrustworthy, and I had believed it played no role in the ICA,” he said. 

His boss told him there was other evidence that supported the key Trump-Russia judgment, which he was “not allowed to see,” but “if you saw it, you would agree.” Pressed to share the alleged additional evidence, his superior said, “You need to TRUST ME on this.” (Emphasis in original.) “I need you to agree with these judgments,” he said his boss demanded. 

The whistleblower alleged his superior committed “potential malfeasance” during the crafting of the ICA, which was used as the foundation for several investigations of Trump and his advisers during his first term in office. 

Still, the whistleblower said that back in 2016, he did not view the omission of the suspicious Internet data from the ICA report as “nefarious.” “However, I later began to consider it possible that some of the reporting might reflect Domain Name Service (DNS) record manipulation by parties other than Russian,” he said. 

After conducting further research, “I came to view some of the reported cyber activity as possibly related to activities of USPERSONS under federal investigation” by special prosecutor Durham, who was probing the Alfa Bank hoax. 

Suspected Manipulation

He said he subsequently provided a data report detailing his suspicions of “manipulation” to Durham’s investigators, which remains classified. But they never interviewed him, even though “I likely had information relevant to ongoing criminal investigations.” (Durham’s final report makes no mention of the incident and does not even focus on the ICA. The whistleblower report is separate from the Durham report. Attempts to reach the now-retired special prosecutor were unsuccessful.) 

The whistleblower’s reference to U.S. individuals under investigation ostensibly refers to computer scientists led by tech executive and FBI informant Rodney Joffe, who collaborated with Clinton campaign lawyer Michael Sussmann to create documents and data files tying Trump to the Russian-based Alfa Bank in the summer of 2016. Sussmann, in turn, gave the materials to a friend at the FBI to investigate.

By September 2016, Sussmann had convinced the FBI to open an investigation into an alleged secret backchannel between Trump and Putin based on Domain Name Server records that Durham suspected had been manipulated by the contractors. DNS records are numeric addresses that computers, smartphones, and other devices use to communicate with websites and email servers. 

After Joffe and his contractors obtained DNS Internet data related to Trump Tower, emails cited by Durham reveal they created an “inference” of Russian contacts and even suggested “faking” DNS traffic to show communications that didn’t actually exist. 

According to an Aug. 20, 2016, email prosecutors uncovered, one contractor offered, “I could fill out a sales form on two websites, faking the other company’s email address in each form, and cause them to appear to communicate with each other in DNS. (And other ways I can think of).” 

Joffe replied that the ability to “provide evidence of *anything* that shows an attempt to behave badly” [by Trump] would make “the VIPs … happy.” According to Joffe, the Clinton campaign “VIPs” were looking for a “true story that could be used as the basis for a closer examination” by the FBI, and any interactions between Trump and Alfa Bank “would be jackpot.” 

But in an Aug. 22, 2016, email, one of the researchers expressed skepticism the scheme would “fly,” complaining to Joffe that: 

“Lets [sic] for a moment think of the best case scenario, where we are able to show (somehow) that DNS communication exists between Trump and R[ussia]. How do we plan to defend against the criticism that this is not spoofed traffic we are observing? There is no answer to that. Lets [sic] assume again that they are not smart enough to refute our “best case” scenario. Rodney, you do realize that we will have to expose every trick we have in our bag to even make a very weak association? Lets [sic] all reflect upon that for a moment. [S]orry folks, but unless we get combine netflow and DNS traffic collected at critical points between suspect organizations, we cannot technically make any claims that would fly public scrutiny. … Sorry to say this, we are nowhere close coming [sic] with a plan to attack this problem that will fly in the public domain. The only thing that drive [sic] us at this point is that we just do not like [Trump].”

Nevertheless, in materials they provided the FBI, Joffe’s group contended “odd” Internet traffic on the server reflected hidden communications between the Trump Organization and Alfa Bank. 

Durham found the Clinton associates conspired to gin up an FBI investigation into Trump based on knowingly false information. He also suggested they manipulated that Internet data. 

Alfa Bank, which also operates in the U.S., commissioned two studies that found the DNS data compiled by Joffe and his computer operatives was formatted differently than the bank server’s DNS logs, and one study posited that the DNS activity may have been “artificially created.” 

In his 2023 affidavit, the ODNI whistleblower implied that anti-Trump computer contractors working with the Clinton campaign may have been involved in a similar false flag operation targeting state election networks. He suspected they may have been the source of suspicious connection attempts using “IP [address] ranges historically used by Russian state cyber actors.” 

These “concerns” did not make it into the ICA,  he said, because his supervisor excluded them, among other intelligence that did not conform with the narrative he pushed. 

McCain Connection

Although the supervisor’s name is redacted from the whistleblower’s report, records show that the national intelligence officer (NIO) for cyber issues at the time was Vinh Nguyen. He was new to the job in 2016 but received DNI’s Exceptional Accomplishment Award the following year. 

Before the 2016 election, Nguyen worked with  Democratic National Committee cybersecurity contractor CrowdStrike to gather intelligence on the alleged Russian hacking of the DNC computer system. Even though the company had publicly blamed Russia during the heated presidential campaign for stealing and then sharing the emails, many of which were published by WikiLeaks, its president, Shawn Henry, later testified in a closed-door congressional hearing that there was no proof that Russian intelligence had exfiltrated emails from the DNC.

Nguyen is said to have also overseen election security analysis for the 2018 mid-term elections and 2020 presidential election. He is now the top AI officer at the National Security Agency. 

Federal Election Commission records show that Nguyen has contributed at least $500 to the late GOP Sen. John McCain, his only political donations. Nguyen made the donations while serving as “senior national advance representative” for McCain’s 2008 presidential campaign. 

He is listed as a member of the McCain Alumni Club, according to the McCain Institute. In 2020, Nguyen was listed among 100 McCain Alumni who endorsed Joe Biden for president. McCain and Biden served in the Senate together and maintained a friendship despite being from different political parties. 

Following Trump’s surprise victory in 2016, McCain played a role in the attempts to link Trump with Russia. On directions from McCain, one of his top staffers from the McCain Institute sought out Christopher Steele and FusionGPS and began working directly with them to distribute their Clinton-funded dossier. 

The Clinton campaign had hired FusionGPS, which in turn hired Steele to produce the dossier. The now-debunked collection of hearsay and inventions was used by the FBI to obtain a wiretap to spy on the Trump campaign, and later by Clapper and CIA chief John Brennan to buttress the findings of the ICA. 

On Dec. 9, 2016, the same day Obama convened a meeting to refocus the ICA on Trump, McCain personally provided 16 Steele reports to then-FBI Director James Comey, including five that Steele had not given the agency previously. 

Then on Dec. 17, Comey discussed the new dossier material with Nguyen’s boss, Clapper, over the phone. A few weeks later, in early January 2017, the same McCain Institute aide, David Kramer, gave copies of all of the Steele reports to Buzzfeed, which published them in full under the headline, “These Reports Allege Trump Has Deep Ties to Russia.” 

On Jan. 5, 2017, McCain, as chairman of the Senate Armed Services Committee, held hearings with Clapper as his lead witness and forcefully reaffirmed the findings of the ICA. 

The following month, despite the FBI debunking the Alfa Bank hoax and closing its case, the Senate Armed Services Committee “leadership” commissioned a report on the alleged links to Trump. The report was written by Daniel Jones, a FusionGPS and Steele crony, who said the committee put him in touch with Sussmann and Joffe, who provided him with a “dataset of DNS look-ups.” Joffe knew McCain from his days working in Arizona. 

Jones’ 687-page report concluded “there was likely human interaction and coordination between personnel working on behalf of Alfa Bank and the Trump Organization,” even though his own research team “found no evidence of a secret channel of communications.” 

Turns out the Trump Organization had no access to the email server or any of the systems involved, according to the Durham report. 

Paul Sperry is an investigative reporter for RealClearInvestigations. He is also a longtime media fellow at Stanford’s Hoover Institution. Sperry was previously the Washington bureau chief for Investor’s Business Daily, and his work has appeared in the New York Post, Wall Street Journal, New York Times, and Houston Chronicle, among other major publications.