This may comes as a shock to some of you (or not), but the US Intelligence Community has a history of falsely attributing cyber-attacks on various corporations, institutions and foreign governments on nation states it considers its adversaries with little or no evidence to support those claims.

Based on the recent breathless coverage in the New York Times, The Washington Post and every cable outlet imaginable, in which the CIA, FBI and all the other 17 US intelligence agencies, have definitively proven that Russia and its "associated entities" hacked into the DNC database, John Podesta's emails, and numerous federal, state and local government databases regarding election information in the United States, one would think our intelligence services are literally infallible when it comes to determining the culprits behind some of the most massive cyber attacks in history. Unfortunately that is far from true. A few examples should suffice.

US Blames Iran for Saudi Aramco Hack in 2012.

The hackers picked the one day of the year they knew they could inflict the most damage on the world’s most valuable company, Saudi Aramco. On Aug. 15, more than 55,000 Saudi Aramco employees stayed home from work to prepare for one of Islam’s holiest nights of the year — Lailat al Qadr, or the Night of Power — celebrating the revelation of the Koran to Muhammad. That morning, at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.

United States intelligence officials say the attack’s real perpetrator was Iran, although they offered no specific evidence to support that claim. But the secretary of defense, Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as “a significant escalation of the cyber threat.” In the Aramco case, hackers who called themselves the “Cutting Sword of Justice” and claimed to be activists upset about Saudi policies in the Middle East took responsibility.

However, the only evidence suggested that it was an inside job. No connection with Iran's government was ever shown to exist.

But their online message and the burning flag were probably red herrings, say independent computer researchers who have looked at the virus’s code." [...]

After analyzing the software code from the Aramco attack, security experts say that the event involved a company insider, or insiders, with privileged access to Aramco’s network. The virus could have been carried on a USB memory stick that was inserted into a PC.

Aramco’s attackers posted blocks of I.P. addresses of thousands of Aramco PCs online as proof of the attack. Researchers say that only an Aramco employee or contractor with access to the company’s internal network would have been able to grab that list from a disconnected computer inside Aramco’s network and put it online.

While the US never came forward with any assessment pointing to Iran, many experts expressed the opinion that the people behind the attack were "Hacktivists;" i.e., hackers with an activist agenda against the Saudi government or Aramco, itself, who quite likely had no connection to any state actor.

If Cutting Sword of Justice really is a band of hacktivists--as opposed to an operation sponsored by a country that has a poor relationship with Saudi Arabia, such as Israel--then the Shamoon malware represents a first on the hacktivism front, given that groups such as Anonymous and LulzSec have typically targeted known Web application vulnerabilities or used distributed-denial-of-service (DDoS) attacks. "This is the first significant use of malware in a hacktivist attack," said Imperva's Rob Rachwald, director of security strategy, and Barry Shteiman, a principal security engineer, in a blog post. "In the past ... most hacktivist attacks were primarily application or DDoS attacks."

In addition, the attack highlights how nation states aren't necessarily behind all critical infrastructure or other types of advanced attacks. "In the last couple of years, it became very popular to single out the Chinese, U.S., and Israeli governments for cyber-warfare ... [but] this time it was hacktivists working for a political and social cause," said Rachwald and Shteiman. "A group of hobbyists and hacktivists with several very strong minded developers and hackers achieved results similar to what we have allegedly seen governments accomplish. Does this mean that the power of the hacktivism has become so strong that it can compete with government cyber warfare organizations?"

US Falsely blames Russia for the JPMorgan Chase Hack in 2014

Russian hackers attacked the U.S. financial system in mid-August [2014], infiltrating and stealing data from JPMorgan Chase & Co. and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe. [...]

The sophistication of the attack and technical indicators extracted from the banks’ computers provide some evidence of a government link. Still, the trail is muddy enough that investigators are considering the possibility that it’s cyber criminals from Russia or elsewhere in Eastern Europe. Other federal agencies, including the National Security Agency, are now aiding the investigation, a third person familiar with the probe said.

Unfortunately for the US intelligence agencies, evidence soon turned up to show Russia had nothing to do with what was a multinational criminal conspiracy headed up by the masterminds based in Israel. Thus, the allegations that Russia was involved in attacking our financial infrastructure suddenly became a non-story when criminal indictments, which alleged alleged a criminal conspiracy involving multiple parties in numerous countries, were issued in 2015 by the DOJ.

Hackers and conspirators in more than a dozen countries generated hundreds of millions of dollars in illicit proceeds on pump-and-dump stock schemes and particularly lucrative online gambling, prosecutors said. [...]

The co-conspirators deceived financial institutions into processing and authorizing payments to and from the casino companies and others, prosecutors wrote in their latest indictment of Gery Shalon, Joshua Aaron and Ziv Orenstein, who they say are at the center of the scheme. Shalon and Orenstein were arrested in Israel in July. Aaron remains at large.

“They colluded with corrupt international bank officials who willfully ignored its criminal nature in order to profit from, as a co-conspirator described it to Shalon, their payment processing ‘casino/software/pharmaceutical cocktail’,” according to the indictment of the three.

I know. Hard to believe they could eff that up so badly.

And then there was the infamous Sony Hack of December 2014 blamed on North Korea and/or China by the US government.

"U.S. officials have concluded that a massive hack targeting Sony Pictures was done by hackers working for North Korea, multiple news outlets reported on Wednesday. Officials are reportedly preparing a formal announcement on Thursday, but news about the source of the hack came almost immediately after Sony announced it was canceling the release of “The Interview," a comedy depicting an assasination (sic) of North Korea's leader. The New York Times quoted unnamed senior administration officials who said that the Obama administration is still weighing how to respond to the incident."U.S. officials have concluded that a massive hack targeting Sony Pictures was done by hackers working for North Korea, multiple news outlets reported on Wednesday.

Officials are reportedly preparing a formal announcement on Thursday, but news about the source of the hack came almost immediately after Sony announced it was canceling the release of “The Interview," a comedy depicting an assasination (sic) of North Korea's leader.

The New York Times quoted unnamed senior administration officials who said that the Obama administration is still weighing how to respond to the incident.

Starting to see a pattern here? Unnamed sources in the intelligence services or the Obama administration blaming a foreign government. No offer of any evidence other than bare assertions of certainty that a nation state/foreign government actor is involved. The attack is seen as incredibly unsophisticated - hardly the sign that a state actor was behind the infiltration of the Sony databases. The demand that terrorist attacks would occur if the film was not pulled from distribution by the group claiming responsibility looked liked an attempt at pure blackmail. Damage to Sony's files seemed to indicate a motive based on revenge. And then ...

Security experts investigating the devastating hack against Sony Pictures appear to be moving away from the theory that the attack was carried out by North Korea, focusing instead on disgruntled former employees of the firm.

Researchers at Norse cybersecurity claim that six former employees could have compromised the company’s networks, arguing that accessing and navigating selective information would take a detailed knowledge of Sony’s systems.

... Norse senior vice president Kurt Stammberger told the Security Ledger that nine researchers had begun to explore the theory that an insider with motive against Sony would be best placed to execute a hack.

The team had started by examining a leaked database of employees made redundant during a a restructuring in May. [...]

Working with pro-piracy activists in the US, Asia and Europe, she may have used secretive discussion forums and IRC (chat) to coordinate the attack, researchers claim.

“We see evidence for those two groups of people getting together,” Stammberger said.

Oh and by the way, the claim that computer code written in a specific language provides a clear identifier of who is behind any alleged hacking incident is complete and utter BS, at least according to Jaime Blasco, Director of the Labs at the security firm, Alien Vault, who examined samples of the malware used in the Sony hack.

All four of the files Blasco examined appear to have been compiled on a machine that was using the Korean language—which is one of the reasons people have pointed a finger at North Korea as the culprit behind the Sony attack. Essentially this refers to what’s called the encoding language on a computer—computer users can set the encoding language on their system to the language they speak so content renders in their language. The fact that the encoding language on the computer used to compile the malicious files appears to be Korean, however, is not a true indication of its source since an attacker can set the language to anything he wants and, as Blasco points out, can even manipulate information about the encoded language after a file is compiled.

“I don’t have any data that can tell me if North Korea is behind it … the only thing is the language but … it’s really easy to fake this data,” Blasco says.

So much for the claim that the use of Cyrillic text in the code proves the Russian government or its agents and contractors were responsible for an alleged hack of the DNC and Podesta emails.

It's no surprise that any database of any large institution can be hacked, as the electronic intrusions of databases of major financial institutions, other multinational corporations and even the highest officials of the German government (most likely by the NSA on behalf of the US government) can and does occur on a regular basis. However, evidence that any particular nation state was responsible for the "alleged hacks" of the DNC and the Podesta emails set forth in the meager declassified intelligence assessment released by the Office of the Director of National Intelligence, dated January 6, 2017, can be tied to the Russian government is sketchy, at best, and possibly a deliberate disinformation campaign by the US intelligence community, at worst.

Wikileaks has repeatedly denied its source was Russian agents of any kind, and former US intelligence officers say that all signs point to a "leak" by insiders with respect to the DNC material and not a hack. The Podesta emails were likely obtains by one of the most primitive unsophisticated techniques available to any hacker - spearfishing - a well known scam technique to which John Podesta fell victim.

Even media outlets that support the "Russia did it!" narrative have found plenty of flaws and obvious mistakes in what the US intelligence community has released as proof of Russian involvement.

Rather than focusing on the Russian intelligence services, the U.S. seemingly opted to gather all Russia-sourced hacking under a single rubric, code named “Grizzly Steppe,” putting everything from online bank heists to identity theft in the same bucket as the Kremlin-linked intrusions into the White House, State Department, and the DNC.

Though the written report is confusing, it’s the raw data released along with it that truly exasperates security professionals. [...]

Lists of IP addresses used by hackers can be useful “indicators of compromise” in network security—admins can check the list against access logs, or program an intrusion detection system to sound the alarm when it sees traffic from a suspect address. But that assumes that the list is good

The DHS list is none of these things, as Lee, founder of the cyber security firm Dragos, discovered when he ran the list against a stored cache of known clean traffic his company keeps around for testing. The results stunned him. “We had thousands of hits,” he says. “We had an extraordinary high amount of false positives on this dataset… Six of them were Yahoo e-mail servers.”

It turns out that some, perhaps most, of the watchlisted addresses have a decidedly weak connection to the Kremlin, if any. In addition to the Yahoo servers, about 44 percent of the addresses are exit nodes in the Tor anonymity network, The Intercept’s Micah Lee reported Wednesday. Tor is free software used primarily for anonymous web browsing. Russian hackers use Tor, but so do plenty of other people.

Just as has been the case so often in the past, the US intelligence community is acting as if we are all idiots who should just shut up and accept everything they say as the truth, despite their past record of shoddy work on investigating cyber attacks, if not outright disingenuous and misleading sourcing offered as proof. So, again, the question remains: Why should we trust the Obama administration and our government's intelligence community in this instance when they have failed so miserably in the past when attempting to assign blame to foreign governments for cyber attacks/hacks that had nothing to do with the governments they previously misidentified as the culprits? Especially when it is in their interest, the interest of the MIC, and the interest of neoconservatives of both parties, to de-legitimize the Trump election while advancing an agenda to promote a widening diplomatic ( and potentially military) conflict with Russia in Eastern Europe and the Middle East?