GRIZZLY STEPPE: The lack of evidence behind the US claims of Russian hacking

“US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware”,
This entry was posted in General Security, Miscellaneous, Research, WordPress Security on December 30, 2016 
The United States government officially accused Russia of interfering with the US elections during the run up to the election season. This report conflated the bogus and totally unproven claim of Russian hacking of the electoral system itself, (considered impossible because of its distributed and mixed systems, both electronic and manual) and the hacking of the Clinton and Podestra e-Mails. On October 7th, the Department of Homeland Security and the Office of the Director of National Intelligence released a joint statement that began:

“The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.”  <>


In the DHS report the US government quietly backed away from the outrageous claim that the Electoral System itself had been attacked, but persisted in its claim that the Russian government hacked into both the insecure private servers of Clinton and Podestra, that contained classified government files as well as highly embarrassing information and conspiracies involving the DNC, Clinton and Podestra. Information that has neither been refuted nor challenged by the media nor the users of these e-Mail systems. One may assume that these hacked e-Mails hold, at the very least, a strong probability of truth and could be considered a political balance of sorts to the dearth of information available from the partisan Main Stream Media.

The Obama administration has announced that they would expel 35 Russian diplomats and close two Russian facilities in the United States, among other measures, as punishment for so called ‘interference’ with the US 2016 election.

In addition, yesterday the Department of Homeland Security (DHS) and the Office of the Director of National Intelligence (DNI) released a Joint Analysis Report, or JAR, Operation ‘GRIZZLY STEPPE’, <>  which they say attributes the election security compromises to Russian intelligence operatives. Again a conflation of two very separate issues. There has been a total lack of any evidence to even suggest that the election security was in any way prejudiced by anyone let alone the Russian Government.

For a comprehensive analysis of the alleged hack we have used the independent and highly reliable WORDFENCE to run a complete analysis of what has been offered as evidence of Russian complicity. It does nothing of the sort, and shows logic holes aplenty and false and misleading assumptions to arrive at what looks to all intents and purposes a contrived report.

The DHS and DNI release’s first paragraph states: “This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The report contains specific indicators of compromise, including IP addresses and a PHP malware sample.”

In covering this analysis WORDFENCE states its veracity as an expert in systems associated with WordPress. “At Wordfence our focus is WordPress security. Our security analysts spend a lot of time analyzing PHP malware, because WordPress is powered by PHP.”

WORDFENCE went on to report, “As an interesting side-project, we performed analysis on the PHP malware sample and the IP addresses that the US government has provided as “…technical details regarding the tools and infrastructure used by Russian civilian and military intelligence services (RIS). We used the PHP malware indicator of compromise (IOC) that DHS provided to analyze the attack data that we aggregate to try to find the full malware sample. We discovered that attackers use it to try to infect WordPress websites. We found it in the attacks that we block.”

There is NO EVIDENCE whatsoever of Russian interference in the US Electoral System itself and US based experts have stated unequivocally that such manipulations are impossible due to the diverse and  its distributed and diverse electronic and manual systems, both electronic and manual.

As far as the hacks of the private non-government DNC website, and the Clinton and Podestra e-Mails are concerned, there is obvious evidence of hacks, manifest in the wealth of shocking evidence of alleged felonious information that appeared in WikiLeaks. No one has challenged those releases and one must assume that they hold substantive truth not to be questioned by the MSM.

Many commentators are coming to the conclusion based on the available evidence that WikiLeaks actually provided an alternate source to truthful but embarrassing information about the DNC, Candidate Clinton and Podestra. A service that the highly partisan main stream media, was ‘missing in action’.

The complete analysis of the so called Russian hack is presented at


There is no evidence of Russian interference in the electoral process at all, and only speculation backed up by no evidence of Russian government complicity in the DNC, Clinton and Podestra e-Mail hacks that later appeared in WikiLeaks, much to the chagrin of the Obama Administration.

This eleventh hour ‘witch hunt’ has the hallmarks of a campaign to delegitimise the incoming Trump Administration. A partisan and cynical  ‘bureaucratic wrecking ball’ by the outgoing Obama presidency that makes the smooth transition of power impossible, and attempts to limit Trump’s options once he assumes power on January 20, 2017. Shades of the ‘banana republic attitude’ within the Democrat party hierarchy.