Questions arise over DARPA allegedly investigating origin of 2016 DNC hack

Following media reports on Special Counsel John Durham investigating whether the Defense Advanced Research Projects Agency (DARPA) looked into the origin of the alleged 2016 hack of the Democratic National Committee, questions have been raised by senators about the Pentagon agency's denial.

In March, The Federalist reported that Georgia Tech researcher Manos Antonakakis, who works with DOD's DARPA, was part of Durham's investigation into the investigation of the DNC hack.

Antonakakis wrote in a July 2021 email obtained through a Right-To-Know request, "During one of my interviews with the Special Counsel prosecutor, I was asked point blank by Mr. DeFilippis, 'Do you believe that DARPA should be instructing you to investigate the origins of a hacker (Guccifer_2.0) that hacked a political entity (DNC)?'

"Let that sync for a moment, folks. Someone hacked a political party (DNC, in this case), in the middle of an election year (2016), and the lead investigator of DOJ's special council [sic] would question whether U.S. researchers working for DARPA should conduct investigations in this matter is 'acceptable'! While I was tempted to say back to him, 'What if this hacker hacked GOP? Would you want me to investigate him then?', I kept my cool and told him this is a question for DARPA's director, and not for me to answer."

DARPA Chief of Communications Jared Adams told the Washington Examiner days after The Federalist article: "DARPA was not involved in efforts to attribute the DNC hack. Dr. Antonakakis worked on DARPA's Enhanced Attribution program, which did not involve analysis of the DNC hack. Further, DARPA was not involved in efforts to attribute the Guccifer 2.0 persona, nor any involvement in efforts to attribute the origin of leaked emails provided to Wikileaks."

On April 22, The Federalist reported that a July 2021 email mentioned that another Georgia Tech researcher, David Dagon, compiled "a list of documents/data sources that he thought would be response to the subpoena" served to Georgia Tech from Durham.

This was the second subpoena served to the university, and it requested "all documents, records, and information" related to "a purported secret communications channel between the Trump Organization, Spectrum Health, and the Russian Bank Alfa Bank" and "the purported presence or use of Russian-made Yotaphones by or in the vicinity of Donald Trump or individuals affiliated with Donald Trump," according to the news and commentary site. The theories regarding both the Trump Organization-Alfa Bank backchannel as well as the Yotaphone supposedly traveling with Trump have since been debunked.

The documents listed by Georgia Tech were categorized as "DARPA whitepapers" and included "Whitepaper on DNC attack attribution"; "Analysis of attacks of EOP (Executive Office of the President) networks"; "Whitepaper for DOJ on APT-29 related hackers, crypto coin transactions, and analysis that includes Yota-related domains"; and "'Mueller List'—list of domains and indicator related to APT-28."

The first and last white papers are related to the DNC hack, with the latter mentioning APT-28, the formal name for the Russian intelligence hacking group known as Fancy Bear. In Special Counsel Robert Mueller's investigation, he charged 12 Russian intelligence agents who allegedly worked as Fancy Bear with crimes in relation to the DNC hack.

Sens. Ron Johnson (R-Wisc.) and Chuck Grassley (R-Iowa) sent a letter to DARPA Director Stefanie Tompkins on April 28 requesting records from the agency concerning contracts with Georgia Tech and the four white papers listed in The Federalist article.

"The DNC hack occurred during the lead up to the 2016 presidential election, which was marked by claims of meddling by foreign actors," the senators wrote. "Some of those claims have since been confirmed to be disinformation efforts by operatives from the Democratic campaign. As details continue to emerge, the public is rightly concerned about the extent to which various federal agencies investigated, validated, dispelled or relied on these claims."

Johnson told "Just the News, Not Noise" TV show on Monday that Georgia Tech "may have been involved in determining who hacked the DNC server" at the direction of DARPA.

"Why would DARPA be involved in that?" the senator asked. "It is very puzzling, and of course, once again, a government agency is not being particularly forthright with the information."