Insider Threats & My Theory About #SethRich

Insider threats are the problem every organization has problems solving.

An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems. An insider attack is a malicious attack perpetrated on a network or computer system by a person with authorized system access.

By now, we should know the gist of the Seth Rich story so I’m not going to get into the background all that much. I’m going to limit my focus on insider threats and how I think Seth Rich was one based on my experience working in the information technology field and my education. I’m going to give you examples in the most basic terms and how it relates to what could've happened at the DNC. Keep in mind, we still have no verifiable facts that directly links Seth Rich to being the leaker. Only tiny hints here and there but nothing of substance. @KimDotcom has laid out the case Seth Rich was involved and was the source but has given us zero information that confirms it. He’s supposed to give us some facts Monday but I’m not holding my breath.

We learned that after the DNC “hacking” that the RNC was also attacked. No systems were broken into and no data was stolen. This is what they said but we don’t have information as to who. For the sake of argument, let’s just assume they are right and the “Russians” were behind it. I wanted to bring this up because I believe the DNC was also hit by this same attack and nothing was broken into or stolen. This same attack, which may have come from Russia, was what the DNC used to justify who broke into their systems and stole thousands of email records. My own conjecture here, but if what I say is correct, it makes perfect sense because if you blame the stolen emails on an insider threat, the Russian narrative dissolves and the democrats are all but over due to lying about what happened with trying to bring down a democratically elected president (sedition).

Rather than trust me, I want you to watch this clip that is less than 5 minutes in length from John McAfee about the bogus claim that the Russian government was responsible. You will want to know this for the my theory that I lay out. You need to keep an open mind about this and if you already are set in stone about the Russian narrative, this article is not for you. If you want to look to the credibility of CrowdStrike, check out this article.

So, why do I think Seth Rich could have been an insider threat? There are a few things I take into account. One, the DNC was completely unaware they were “hacked.” When someone is attacking you, there are alarms that go off on the systems, you get notified, log files show the attacks, etc. It’s not something you just happen to miss. When the FBI contacted the DNC that they had been attacked, they had no idea. Meaning, they literally had no idea because no systems were breached and the firewall just outright blocked it, they knew about the attack and didn’t admit it, or they had someone on the inside hide that the attack happened to sweep it under the rug. Maybe they wanted to play it down so they could later use it as the reason for the stolen emails.

The second aspect is we don’t know how the “Russians” broke into the DNC servers, got around the firewalls, and were able to obtain access to the email servers to get the information they needed without anyone noticing and stopping it. We actually don’t know this information and this is very important. Instead, we have a very outdated piece of malware (virus) that was found which the entire report is based on.

Someone like Seth Rich, who was a Bernie supporter, may have gotten to the point where he was fed up with the DNC and decided to expose them (insider threat). He may have gone on the internet (specifically, the deep web) and obtained an outdated piece of malware that was free and used this malware to copy the emails stored on the server and sent them to an outside location. This location could be a thumb drive, uploaded to the cloud somewhere, etc. Seth could have been the source or just a third party who gave access to the information.

Seth also wouldn’t need physical access to the server. Back in 2004, when I worked as a help desk analyst, one of my accounts was a small cable/internet company down south. I was in Michigan. We had the same login information for the DHCP server and the RADIUS server. RADIUS being a big Microsoft Access Database of their dial-up accounts and the DHCP server would be what gives an address to your cable modem so you can get online. Trying to keep it simple. I had full access to the server and I was 19 at the time. Everyone knew the account information as it never changed. I use this example as Seth Rich would of had a similar kind of access to the email server from his workstation. He could have easily planted the malware on the email server to gather all the emails to send out to a third party or himself. It would be way too time consuming to get all the emails manually. You would have some type of malware gather up all the information and send it somewhere so you didn’t need to be the one doing it. Again, trying to keep is simple with explanations.

The reason why I stick with him using a piece of malware is because I have no reason to believe there wasn’t malware on the system. That part of the CrowdStrike report I do find credible. The rest in how they attribute it to Russia, I do not believe. If you want something to look like it came from somewhere else, you can absolutely do that and it’s very easy. We also have no reason to suspect that information was not already in the piece of malware and Seth did not alter it. He may have noticed that information in the malware and decided to leave it in place or maybe he altered the info to have everything point back to Russia. At the end of the day though, if it’s too good to be true, it probably is. The fact that our intelligence agencies have fallen for this is just pathetic in a way. They’ve all based their reporting on a single CrowdStrike report and have not had physical access to any of this information nor the servers.

He could be the one who physically delivered the encrypted material over to someone associated with Wikileaks or he could have just been the guy on the inside or he could have nothing to do with this entire situation. Since I have no way of knowing, I just wanted to offer my theory if he was the leaker. I could be right or completely wrong. I’m hoping I will be able to get some clarity come Monday from KimDotcom. I don’t want to be someone who speculates and says beyond a reasonable doubt he was the source without being able to provide concrete evidence to back that up. That is why what I’ve said here is just my conjecture. Thanks for reading!