A Pentagon agency has denied any role in attributing the 2016 hack of the Democratic National Committee to Russia after an email indicated special counsel John Durham’s team asked a computer expert who had researched Trump-Russia collusion claims about it.
Democratic cybersecurity lawyer Michael Sussmann was indicted last year for allegedly concealing his clients, including Hillary Clinton’s 2016 presidential campaign, from the FBI when he pushed since-debunked claims of a secret back channel between the Trump Organization and Russia’s Alfa Bank.
Durham revealed in February he has evidence Sussmann’s other client, known to be former Neustar executive Rodney Joffe, “exploited” domain name system internet traffic at Trump Tower, former President Donald Trump’s Central Park West apartment building, and “the Executive Office of the President of the United States.”
Dr. Manos Antonakakis, dubbed “Researcher-1” in Durham’s filings, is a professor at Georgia Tech, wrote in a July 2021 email that Durham prosecutor Andrew DeFilippis asked him about work he had done associated with the Defense Advanced Research Projects Agency, apparently also asking him about an online persona named “Guccifer 2.0,” whom U.S. intelligence officials and special counsel Robert Mueller concluded was created by Russian intelligence to assist in a hack-and-leak operation against the DNC in 2016.
The attribution of the hack to Russia has been the subject of curiosity for years, and emails first published by the Federalist prompted DARPA to deny to the Washington Examiner that it had any involvement in determining it was Russian intelligence behind the hack, despite the email from Antonakakis.
“During one of my interviews with the Special Counsel prosecutor, I was asked point blank by Mr. DeFilippis, ‘Do you believe that DARPA should be instructing you to investigate the origins of a hacker (Guccifer 2.0) that hacked a political entity (DNC)?’ Let that sync for a moment, folks,” Antonakakis wrote last summer. “Someone hacked a political party (DNC, in this case), in the middle of an election year (2016), and the lead investigator of DOJ’s special council [sic] would question whether U.S. researchers working for DARPA should conduct investigations in this matter is ‘acceptable’!”
Antonakakis added: “While I was tempted to say back to him, ‘What if this hacker hacked GOP? Would you want me to investigate him then?’, I kept my cool and told him this is a question for DARPA’s director, and not for me to answer.”
“DARPA was not involved in efforts to attribute the DNC hack. Dr. Antonakakis worked on DARPA’s Enhanced Attribution program, which did not involve analysis of the DNC hack,” Jared Adams, DARPA’s chief of communications, told the Washington Examiner. “Further, DARPA was not involved in efforts to attribute the Guccifer 2.0 persona, nor any involvement in efforts to attribute the origin of leaked emails provided to Wikileaks.”
Adams also spoke about a meeting between DARPA and Durham.
“The meeting between DARPA and special counsel Durham was to provide a high-level overview of the Enhanced Attribution program,” the DARPA spokesman said. “During the course of that meeting, DARPA did not discuss matters related to the DNC hack, Guccifer 2.0, or leaked DNC emails provided to Wikileaks.”
The DARPA spokesman said that “to the best our knowledge, no DARPA-funded researchers investigated” the DNC hack, and he added that the agency did not assist the FBI’s nor Mueller’s investigation in the matter.
Antonakakis is listed as an associate professor and a faculty member at Georgia Tech, and the school says he runs the Astrolavos Lab, which researches “attack attribution” and “data mining.” He has not been accused of breaking any laws. His lawyer did not provide a comment.
Durham’s filings reference Georgia Tech’s “Agency-1 [DARPA] Contract.” Durham’s indictment of Sussmann stated that if the FBI had been told the true origins of the Alfa Bank claims, it might have learned that Joffe “had enlisted, and was continuing to enlist, the assistance of researchers at a U.S.-based university who were receiving and analyzing Internet data in connection with a pending federal government cybersecurity research contract” through DARPA.
“Enhanced Attribution, a four-year research effort, did not start until November of 2016,” DARPA’s spokesman said. “The research associated with the Sussmann allegation, as detailed in the Durham indictment, occurred before then and was not at all affiliated with DARPA nor the EA program.”
The Sussmann indictment said Joffe “tasked” Antonakakis to “search broadly through Internet data for any information about Trump’s potential ties to Russia.” Durham said an email from Antonakakis in August 2016 was about “expressing continued doubt” about the Alfa Bank claims and “raising concerns about the researchers’ bias against Trump.”
Durham said Joffe “exploited his access to non-public and/or proprietary Internet data” and tasked researchers to mine internet data to establish “an inference” and “narrative” tying then-candidate Trump to Russia. He said Joffe indicated he was doing this to please certain “VIPs” on Clinton’s campaign.
CrowdStrike, a U.S. cybersecurity firm, examined the DNC’s systems in 2016 and concluded Russian state actors were responsible for cyber intrusions. The DNC did not provide the FBI with access to its servers, but CrowdStrike did provide the bureau with forensic copies.
Sussmann testified in 2017 that it was his recommendation that the DNC retain CrowdStrike in April 2016, and he said he was dealing with the FBI on behalf of the DNC in 2016.
Mueller’s report concluded that GRU, Russia’s Main Intelligence Directorate of the General Staff, interfered in the 2016 presidential election, in part by spear-phishing Clinton campaign chairman John Podesta’s email account and hacking the DNC’s email systems, then providing those emails to WikiLeaks. Russia denied involvement, and Wikileaks denied receiving emails from Russia.
CrowdStrike released its report in June 2016, saying it “immediately identified” two hacker groups associated with Russian intelligence.
Trump’s Justice Department defended the role played by CrowdStrike and said the FBI was able to carry out its own investigation into Russian interference. The DOJ argued in 2019 that Mueller’s investigation “gathered evidence showing that GRU officers hacked the DNC systems.”
The Office of the Director of National Intelligence released an intelligence assessment in January 2017, saying it had “high confidence that Russian military intelligence … used the Guccifer 2.0 persona and DCLeaks.com to release U.S. victim data.”
Then-Attorney General William Barr confirmed in 2020 that Durham’s inquiry into the federal Russia investigation included a deep dive into the 2017 intelligence community assessment.