Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #964 Lies, Damned Lies and Statistics

WFMU-FM is podcasting For The Record–You can subscribe to the podcast HERE.

You can subscribe to e-mail alerts from Spitfirelist.com HERE.

You can subscribe to RSS feed from Spitfirelist.com HERE.

You can subscribe to the comments made on programs and posts–an excellent source of information in, and of, itself HERE.

This broadcast was recorded in one, 60-minute segment.

Trump kept a copy of this by his bedside. Russia is NOT his source of inspiration.

Trump kept a copy of this by his bedside. Russia is NOT his source of inspiration.

Waffen SS-clad World War II reenactors, in original photo used by Trump campaign. Russia is NOT the font of Trumpism.

Waffen SS-clad World War II reenactors, in original photo used by Trump campaign. Russia is NOT the font of Trumpism.

Introduction: As we have noted in many previous broadcasts and posts, cyber attacks are easily disguised. Perpetrating a “cyber false flag” operation is disturbingly easy to do.

This is of paramount significance in evaluating the increasingly neo-McCarthyite New Cold War propaganda about “Russian interference” in the U.S. election.

Compounding the situation are some recent disclosures and developments:

  • We learn that the CIA’s hacking tools are specifically crafted to mask CIA authorship of the attacks. Most significantly, for our purposes, is the fact that the Agency’s hacking tools are engineered in such a way as to permit the authors of the event to represent themselves as Russian.
  • The NSA’s elite hacking technology has been made widely available to the hacking community, courtesy of “The Shadow Brokers.”
  • During the 2016 Presidential campaign, Michael Flynn was professionally involved with numerous cyber-security and cyber arms manufacturing firms: “ . . . . The month before Flynn joined the advisory board of OSY Technologies, NSO Group opened up a new arm called WestBridge Technologies, Inc., in the D.C. region. (The company was originally registered in Delaware in 2014, but formed in Maryland in April 2016.) Led by NSO Group co-founder Lavie, WestBridge is vying for federal government contracts for NSO Group’s products. Hiring Flynn would provide NSO Group with a well-connected figure in Washington, to help get its foot in the door of the notoriously insular world of secret intelligence budgeting. . . .When you’re trying to build up your business, you need someone who has connections, someone who is seen as an authority and a legitimate presence,” Johnson said. Hiring someone with Flynn’s background in intelligence would ‘open up doors that they wouldn’t have had access to,’ Johnson said.Throughout 2016, Flynn worked for a number of cybersecurity firms personally and through his consulting firm, Flynn Intel Group. In addition to his advisory board seat at OSY Technologies, he sat on the board of Adobe Systems, a large software company with Pentagon contracts, and the boards of the cybersecurity companies GreenZone Systems and HALO Privacy. (Though Flynn described himself as an Adobe advisory board member in his financial disclosure paperwork, the group said in a statement that he provided only “periodic counsel to Adobe’s public sector team.”) . . .”
  • NSO Group and OSY Technologies specialize in spear-fishing attacks, one of the methodologies used in the hacks of U.S. election computers. Is there any link between Flynn’s cyber-security/cyber arms links and the high-profile hacks during the campaign?
  • A GOP tech database–Deep Root–Exposed the data of almost two hundred million American voters to widespread scrutiny. Is there any connection between Deep Root, the GOP and the alleged Russian hacking of U.S. voting computers?

Following a Bloomberg report about widespread Russian hacking of American elections systems:  “ . . . . Kay Stimson, spokeswoman for the National Association of Secretaries of State, said the members of her group — which represents the chief election officials in 40 states — were taken aback by the allegation that 39 states were hacked. ‘We cannot verify any information in that report,’ Stimson told Benzinga. “It has some claims that have raised some red flags. I don’t know where they’re getting it. We’re not able to assess to the credibility.’ She said that some cybersecurity firms were engaging in scare tactics at the state and local levels. ‘There are cybersecurity firms making some wild claims,’ she said. ‘It is a very aggressive industry.’ . . .”

With the high-profile hacks being attributed–almost certainly falsely–to Russia, there are ominous developments taking place that may well lead to a Third World War. During the closing days of his Presidency, Obama authorized the planting of cyber weapons on Russian computer networks. Obama did this after talking with Putin on the Hot Line, established to prevent a Third World War. Putin denied interfering in the U.S. election.

The conclusion that Russia hacked the U.S. election on Putin’s orders appears to have been based on a CIA source in the Kremlin. Even when that intelligence was delivered, other agencies weren’t ready to accept the CIA’s conclusion and it took intelligence from another nation (not named) to provide the final intelligence tipping point that led to a broad-based conclusion the not only was the Russian government behind the cyberattacks but that Vladimir Putin himself ordered it.

That ally’s intelligence is described as “the most critical technical intelligence on Russia,” however the NSA still wasn’t convinced based on what sounds like a lack of confidence in that source. Thus, it looks like a CIA Kremlin source and an unnamed foreign intelligence agency with questionable credentials are the basis of what appears to be a likely future full-scale US/Russian cyberwar.

Of paramount significance is the fact that IF, on Putin’s orders (and we are to believe such) Russia continued to hack U.S. computer systems to influence the election, Putin would have to have gone utterly mad. Those hacks would have precluded any rapprochement between Russia and the United States under a President Trump. There is not indication that Putin went off the deep end.

Also auguring a Third World War are two developments in Syria. Seymour Hersh published an article in Die Welt revealing that, not only was the April 4 alleged Sarin attack NOT a chemical weapons attack but there was widespread knowledge of this in American military and intelligence circles.

Ominously, the Trump White House is claiming they have advance knowledge of an impending Syrian chemical weapons strike and will punish Syria heavily, and hold Russia accountable.

Program Highlights Include: The fact that the bulk of activity detected by the DHS on U.S. election systems was “scanning”–standard operating procedure for hacking; a former NSA hacking specialist–Jake Williams–said that spear-phishing operation was of “medium sophistication” that “practically any hacker can pull off”; the question of whether or not GOP Secretaries of State might have deliberately responded to the spear-phishing e-mails that permitted the “hit” on U.S. election systems; the Russian authorization of the use by the Syrian air force of a smart bomb to eliminate Al-Qaeda-linked jihadists; the release of a chemical cloud as a result of that strike that was caused by secondary explosions; Cambridge Analytica’s hiring of GOP online data-basing kingpin Darren Bolding.

1a. As we have noted in many previous broadcasts and posts, cyber attacks are easily disguised. Perpetrating a “cyber false flag” operation is disturbingly easy to do. In a world where the verifiably false and physically impossible “controlled demolition”/Truther nonsense has gained traction, cyber false flag ops are all the more threatening and sinister.

Now, we learn that the CIA’s hacking tools are specifically crafted to mask CIA authorship of the attacks. Most significantly, for our purposes, is the fact that the Agency’s hacking tools are engineered in such a way as to permit the authors of the event to represent themselves as Russian.

This is of paramount significance in evaluating the increasingly neo-McCarthyite New Cold War propaganda about “Russian interference” in the U.S. election.

“WikiLeaks Vault 7 Part 3 Reveals CIA Tool Might Mask Hacks as Russian, Chinese, Arabic” by Stephanie Dube Dwilson; Heavy; 4/3/2017.

This morning, WikiLeaks released part 3 of its Vault 7 series, called Marble. Marble reveals CIA source code files along with decoy languages that might disguise viruses, trojans, and hacking attacks. These tools could make it more difficult for anti-virus companies and forensic investigators to attribute hacks to the CIA. Could this call the source of previous hacks into question? It appears that yes, this might be used to disguise the CIA’s own hacks to appear as if they were Russian, Chinese, or from specific other countries. These tools were in use in 2016, WikiLeaks reported.

 It’s not known exactly how this Marble tool was actually used. However, according to WikiLeaks, the tool could make it more difficult for investigators and anti-virus companies to attribute viruses and other hacking tools to the CIA. Test examples weren’t just in English, but also Russian, Chinese, Korean, Arabic, and Farsi. This might allow a malware creator to not only look like they were speaking in Russian or Chinese, rather than in English, but to also look like they tried to hide that they were not speaking English, according to WikiLeaks. This might also hide fake error messages or be used for other purposes. . . .

1b. There has been a widely-circulated report about how the election systems of 39 US states were “hit” by ‘Russian hackers’, most of them just a week, before the 2016 November election? Well, the National Association of Secretaries of State, an organization that represents the chief election officials in 40 states, has a rebuttal: They have no idea what this report was talking about and believe it’s a matter of cybersecurity firms being overly aggressive to earn state contracts to protect election systems.

Again, quite a rebuttal–they have no idea what the Bloomberg report was saying:  “ . . . . Kay Stimson, spokeswoman for the National Association of Secretaries of State, said the members of her group — which represents the chief election officials in 40 states — were taken aback by the allegation that 39 states were hacked.

‘We cannot verify any information in that report,’ Stimson told Benzinga. “It has some claims that have raised some red flags. I don’t know where they’re getting it. We’re not able to assess to the credibility.’

Ms. Stimson also noted that cyber security firms appeared to be ramping up the hype in order to further their own commercial agendas.

” . . . Cyber Security Firms Capitalizing On Russian Scare

She said that some cybersecurity firms were engaging in scare tactics at the state and local levels.

‘There are cybersecurity firms making some wild claims,’ she said. ‘It is a very aggressive industry.’

In addition the Department of Homeland Security is also downplaying the significance of the report:

” . . . . Bloomberg attributed the number of states “hit” — Stimson questioned the meaning of the word — to the systems in 39 states. “It’s hard to say how they ‘hit’ 39 states,” she said.

Homeland Security also issued a report about the Bloomberg report, saying: ‘While we are not going to get into specifics of activity at the state level, the vast majority of what we saw was scanning — not attempts to intrude — and unsuccessful attempts to steal data held in voter registration databases.’. . . .”

“State Election Officials Baffled By Report 39 States ‘Hit’ By Russian Hackers” by Mark Fritz; Benzinga; 06/15/2017

State election officials are baffled by a Bloomberg report alleging that Russian hackers compromised the voting systems in 39 states, adding that cybersecurity firms were engaging in scare tactics to win state and local contracts to protect election systems.

The June 13 Bloomberg story said that hackers staged incursions last year into voter databases and software systems in almost twice as many states as previously reported.

“In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database,” the report said.

It cited three unnamed sources with direct knowledge of “the U.S. investigation into the matter.”

“In all, the Russian hackers hit systems in a total of 39 states, one of them said,” the report said.

The National Security Agency, the FBI and the U.S. Homeland Security Department all are looking into various aspects of what intelligence officials said was Russian meddling into the U.S. election systems.

Kay Stimson, spokeswoman for the National Association of Secretaries of State, said the members of her group — which represents the chief election officials in 40 states — were taken aback by the allegation that 39 states were hacked.

“We cannot verify any information in that report,” Stimson told Benzinga. “It has some claims that have raised some red flags. I don’t know where they’re getting it. We’re not able to assess to the credibility.”

Cyber Security Firms Capitalizing On Russian Scare

She said that some cybersecurity firms were engaging in scare tactics at the state and local levels.

“There are cybersecurity firms making some wild claims,” she said. “It is a very aggressive industry.”

Bloomberg attributed the number of states “hit” — Stimson questioned the meaning of the word — to the systems in 39 states. “It’s hard to say how they ‘hit’ 39 states,” she said.

Homeland Security also issued a report about the Bloomberg report, saying: “While we are not going to get into specifics of activity at the state level, the vast majority of what we saw was scanning — not attempts to intrude — and unsuccessful attempts to steal data held in voter registration databases.”

Little Doubt Russian Meddling In Election

Despite the reaction to the Bloomberg report, there is little doubt that Russian actors attempted to access U.S. election systems. Special investigator Robert Mueller has been tasked with spearheading the investigation into whether the Trump campaign colluded with Kremlin affiliates to leak damaging emails and rig the election.

2a. The information presented above certainly supports the notion that the “39 states were hacked by the Russians” was, at a minimum, an exaggeration. And when DHS talks about the “vast majority” of what they saw was “scanning”, keep in mind that “scanning” computers connected to the internet is ubiquitous and if they were using IP addresses to attribute this scanning to “Russian hackers”, if the US intelligence report on the evidence for ‘Russian hackers’ in the DNC server hack is any indication of the way IP addresses are being used to assess culpability for these state system scanning attempts, IP addresses aren’t the most compelling evidence in this case:

“Did the Russians Really Hack the DNC?” by Gregory ElichCounter Punch; 1/13/2017.

Russia, we are told, breached the servers of the Democratic National Committee (DNC), swiped emails and other documents, and released them to the public, to alter the outcome of the U.S. presidential election.

How substantial is the evidence backing these assertions?

Command-and-control servers remotely issue malicious commands to infected machines. Oddly, for such a key component of the operation, the command-and-control IP address in both attacks was hard-coded in the malware. This seems like another inexplicable choice, given that the point of an advanced persistent threat is to operate for an extended period without detection. A more suitable approach would be to use a Domain Name System (DNS) address, which is a decentralized computer naming system. That would provide a more covert means of identifying the command-and-control server. [13] Moreover, one would expect that address to be encrypted. Using a DNS address would also allow the command-and-control operation to easily move to another server if its location is detected, without the need to modify and reinstall the code.

One of the IP addresses is claimed to be a “well-known APT 28” command-and-control address, while the second is said to be linked to Russian military intelligence. [14] The first address points to a server located in San Jose, California, and is operated by a server hosting service. [15] The second server is situated in Paris, France, and owned by another server hosting service. [16] Clearly, these are servers that have been compromised by hackers. It is customary for hackers to route their attacks through vulnerable computers. The IP addresses of compromised computers are widely available on the Deep Web, and typically a hacked server will be used by multiple threat actors. These two particular servers may or may not have been regularly utilized by Russian Intelligence, but they were not uniquely so used. Almost certainly, many other hackers would have used the same machines, and it cannot be said that these IP addresses uniquely identify an infiltrator. Indeed, the second IP address is associated with the common Trojan viruses Agent-APPR and Shunnael.[17]

“Everyone is focused on attribution, but we may be missing the bigger truth,” says Joshua Croman, Director of the Cyber Statecraft Initiative at the Atlantic Council. “[T]he level of sophistication required to do this hack was so low that nearly anyone could do it.” [18] . . . 

2b. Since digital “signatures” are easily spoofed by hackers and a declaration of cyber war would be an insane move by the Russian government, there’s the very obvious possibility that someone else made all these hacking attempts.

It’s worth noting that in The Intercept report about the leaked NSA document showing the analysis of the hacking of a Florida voting systems company, the article features an interview Jake Williams – a former member of NSA’s elite hacking Tailored Access Operations team – and ask him about the spear-phishing campaign used against those 122 officials in the last week of the campaign. According to Williams, that spear-phishing operation was of “medium sophistication” that “practically any hacker can pull off”.

The spear-phishing attacks used documents from the Florida-based “VR Systems” as the bait. That’s what the alleged Russian hackers did in the last week of the campaign. And how sophisticated was this spear-phishing attack? Almost any hacker could have done it.

“. . . . According to Williams, if this type of attack were successful, the perpetrator would possess “unlimited” capacity for siphoning away items of interest. ‘Once the user opens up that email [attachment],’ Williams explained, ‘the attacker has all the same capabilities that the user does.’ Vikram Thakur, a senior research manager at Symantec’s Security Response Team, told The Intercept that in cases like this the ‘quantity of exfiltrated data is only limited by the controls put in place by network administrators.’ Data theft of this variety is typically encrypted, meaning anyone observing an infected network wouldn’t be able to see what exactly was being removed but should certainly be able to tell something was afoot, Williams added. Overall, the method is one of  ‘medium sophistication,’ Williams said, one that ‘practically any hacker can pull off.’. . . .”

So according to federal investigators, ‘the GRU’ used a spear-phishing technique that any hacker could have pulled off, and did it in a manner that left digital “signatures”, like IP address, that apparently led back to the GRU. The culprits also kept the same digital signatures in the July 2016 hack on the Illinois voting system that were found in the wave of spear-phishing attacks in the last week of the campaign. Even after getting a “cyber Red Phone” call from the White House in for the first time ever in October, thus opening Russia to potential revenge attacks for years to come and poison-pilling the possible utility of having a Russian-friendly President Trump in the White House. It’s as if the cost-benefit analysis didn’t factor in the costs. That’s the story we’re supposed to accept.

And, amazingly, based on the first report, it sounds the bulk of the 39 hacked states got hacked by this spear-phishing campaign in the last week of the campaign despite the intense focus around potential hacking in the prior months. Those must have been some pretty compelling phishing emails.

It raises the question as to whether or not some of the those 122 targeted officials were trying to get their systems hacked. Keep in mind one of the very interesting things about a spear-phishing attack in a scenario like this: one of the hacked parties (the GOP) just might want to get hacked: Spear-phishing a great way for an insider to invite in a hacker while maintaining plausible deniability. Oops! I was tricked!)

“Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election” by Matthew Cole, Richard Esposito, Sam Biddle, Ryan Grim; The Intercept; 06/05/2017

Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.

While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.

The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document:

Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.

This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU.

The Spear-Phishing Attack

As described by the classified NSA report, the Russian plan was simple: pose as an e-voting vendor and trick local government employees into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.

But in order to dupe the local officials, the hackers needed access to an election software vendor’s internal systems to put together a convincing disguise. So on August 24, 2016, the Russian hackers sent spoofed emails purporting to be from Google to employees of an unnamed U.S. election software company, according to the NSA report. Although the document does not directly identify the company in question, it contains references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states.

The spear-phishing email contained a link directing the employees to a malicious, faux-Google website that would request their login credentials and then hand them over to the hackers. The NSA identified seven “potential victims” at the company. While malicious emails targeting three of the potential victims were rejected by an email server, at least one of the employee accounts was likely compromised, the agency concluded. The NSA notes in its report that it is “unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data from the victim could have been exfiltrated.”

VR Systems declined to respond to a request for comment on the specific hacking operation outlined in the NSA document. Chief Operating Officer Ben Martin replied by email to The Intercept’s request for comment with the following statement:

Phishing and spear-phishing are not uncommon in our industry. We regularly participate in cyber alliances with state officials and members of the law enforcement community in an effort to address these types of threats. We have policies and procedures in effect to protect our customers and our company.

Although the NSA report indicates that VR Systems was targeted only with login-stealing trickery, rather than computer-controlling malware, this isn’t necessarily a reassuring sign. Jake Williams, founder of computer security firm Rendition Infosec and formerly of the NSA’s Tailored Access Operations hacking team, said stolen logins can be even more dangerous than an infected computer. “I’ll take credentials most days over malware,” he said, since an employee’s login information can be used to penetrate “corporate VPNs, email, or cloud services,” allowing access to internal corporate data. The risk is particularly heightened given how common it is to use the same password for multiple services. Phishing, as the name implies, doesn’t require everyone to take the bait in order to be a success — though Williams stressed that hackers “never want just one” set of stolen credentials.

In any event, the hackers apparently got what they needed. Two months later, on October 27, they set up an “operational” Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents obtained from the previous operation to launch a second spear-phishing operation “targeting U.S. local government organizations.” These emails contained a Microsoft Word document that had been “trojanized” so that when it was opened it would send out a beacon to the “malicious infrastructure” set up by the hackers.

The NSA assessed that this phase of the spear-fishing operation was likely launched on either October 31 or November 1 and sent spear-fishing emails to 122 email addresses “associated with named local government organizations,” probably to officials “involved in the management of voter registration systems.” The emails contained Microsoft Word attachments purporting to be benign documentation for VR Systems’ EViD voter database product line, but which were in reality maliciously embedded with automated software commands that are triggered instantly and invisibly when the user opens the document. These particular weaponized files used PowerShell, a Microsoft scripting language designed for system administrators and installed by default on Windows computers, allowing vast control over a system’s settings and functions. If opened, the files “very likely” would have instructed the infected computer to begin downloading in the background a second package of malware from a remote server also controlled by the hackers, which the secret report says could have provided attackers with “persistent access” to the computer or the ability to “survey the victims for items of interest.” Essentially, the weaponized Word document quietly unlocks and opens a target’s back door, allowing virtually any cocktail of malware to be subsequently delivered automatically.

According to Williams, if this type of attack were successful, the perpetrator would possess “unlimited” capacity for siphoning away items of interest. “Once the user opens up that email [attachment],” Williams explained, “the attacker has all the same capabilities that the user does.” Vikram Thakur, a senior research manager at Symantec’s Security Response Team, told The Intercept that in cases like this the “quantity of exfiltrated data is only limited by the controls put in place by network administrators.” Data theft of this variety is typically encrypted, meaning anyone observing an infected network wouldn’t be able to see what exactly was being removed but should certainly be able to tell something was afoot, Williams added.Overall, the method is one of “medium sophistication,” Williams said, one that “practically any hacker can pull off.”

The NSA, however, is uncertain about the results of the attack, according to the report. “It is unknown,” the NSA notes, “whether the aforementioned spear-phishing deployment successfully compromised the intended victims, and what potential data could have been accessed by the cyber actor.” . . . .

3. The conclusion that Russia hacked the U.S. election on Putin’s orders appears to have been based on a CIA source in the Kremlin. Even when that intelligence was delivered, other agencies weren’t ready to accept the CIA’s conclusion and it took intelligence from another nation (not named) to provide the final intelligence tipping point that led to a broad-based conclusion the not only was the Russian government behind the cyberattacks but that Vladimir Putin himself ordered it.

That ally’s intelligence is described as “the most critical technical intelligence on Russia,” however the NSA still wasn’t convinced based on what sounds like a lack of confidence in that source. Thus, it looks like a CIA Kremlin source and an unnamed foreign intelligence agency with questionable credentials are the basis of what appears to be a likely future full-scale US/Russian cyberwar.

” . . . .Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladimir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race. . . .”

We are told that a CIA deep Russian government source is the primary source of the ‘Putin ordered it’ conclusion. Well, at least that’s better than the bad joke technical evidence that’s been provided thus far. But even that source’s claims apparently weren’t enough to convinced other parts of the intelligence community. It took the intelligence from the unnamed ally to do that:

” . . . . But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.

At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent. Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks.

But at the highest levels of government, among those responsible for managing the crisis, the first moment of true foreboding about Russia’s intentions arrived with that CIA intelligence.

It took time for other parts of the intelligence community to endorse the CIA’s view. Only in the administration’s final weeks in office did it tell the public, in a declassified report, what officials had learned from Brennan in August — that Putin was working to elect Trump.

Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”

Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence. . . .

. . . . In a subsequent news conference, Obama alluded to the exchange and issued a veiled threat. “We’re moving into a new era here where a number of countries have significant capacities,” he said. “Frankly, we’ve got more capacity than anybody both offensively and defensively.” . . . .

 

. . . . Then, on Oct. 31, the administration delivered a final pre-election message via a secure channel to Moscow originally created to avert a nuclear exchange. The message noted that the United States had detected malicious activity, originating from servers in Russia, targeting U.S. election systems and warned that meddling would be regarded as unacceptable interference. Russia confirmed the next day that it had received the message but replied only after the election through the same channel, denying the accusation. . . . 

. . . .But Obama also signed the secret finding, officials said, authorizing a new covert program involving the NSA, CIA and U.S. Cyber Command. . . .

. . . . .The cyber operation is still in its early stages and involves deploying “implants” in Russian networks deemed “important to the adversary and that would cause them pain and discomfort if they were disrupted,” a former U.S. official said.

The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.

Officials familiar with the measures said that there was concern among some in the administration that the damage caused by the implants could be difficult to contain.

As a result, the administration requested a legal review, which concluded that the devices could be controlled well enough that their deployment would be considered “proportional” in varying scenarios of Russian provocation, a requirement under international law.

The operation was described as long-term, taking months to position the implants and requiring maintenance thereafter. Under the rules of covert action, Obama’s signature was all that was necessary to set the operation in motion.

U.S. intelligence agencies do not need further approval from Trump, and officials said that he would have to issue a countermanding order to stop it. The officials said that they have seen no indication that Trump has done so. . . .”

Keep in mind that such a response from the US would be entirely predictable if the Russian government really did order this hack. Russia would be at a heightened risk for years or decades to come if Putin really did order this attack. There’s no reason to assume that the Russian government wouldn’t be well aware of this consequence.

So if Putin really did order this hack he would have to have gone insane. That’s how stupid this attack was if Putin actually ordered it. According to a CIA spy in the Kremlin, along with a questionable foreign ally, that’s exactly what Putin did.

He apparently went insane and preemptively launched a cyberwar knowing full well how devastating the long-term consequences could be. Because he really, really, really hates Hillary. That’s the narrative we’re being given.

And now, any future attacks on US elections or the US electrical grid that can somehow be pinned on the Russians is going to trigger some sort of painful wave or retaliatory cyberbombs. Which, of course, will likely trigger a way of counter-retaliatory cyberbombs in the US. And a full-scale cyberwar will be born and we’ll just have to hope it stays in the cyber domain. That’s were we are now based on a CIA spy in the Kremlin and an unnamed foreign intelligence agency

“Obama’s Secret Struggle to Punish Russia for Putin’s Election Assault” by Greg Miller, Ellen Nakashima and Adam Entous; The Washington Post; 06/23/2017

Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladimir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.

At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent. Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks.

But at the highest levels of government, among those responsible for managing the crisis, the first moment of true foreboding about Russia’s intentions arrived with that CIA intelligence.

The material was so sensitive that CIA Director John Brennan kept it out of the President’s Daily Brief, concerned that even that restricted report’s distribution was too broad. The CIA package came with instructions that it be returned immediately after it was read. To guard against leaks, subsequent meetings in the Situation Room followed the same protocols as planning sessions for the Osama bin Laden raid.

It took time for other parts of the intelligence community to endorse the CIA’s view. Only in the administration’s final weeks in office did it tell the public, in a declassified report, what officials had learned from Brennan in August — that Putin was working to elect Trump.

Over that five-month interval, the Obama administration secretly debated dozens of options for deterring or punishing Russia, including cyberattacks on Russian infrastructure, the release of CIA-gathered material that might embarrass Putin and sanctions that officials said could “crater” the Russian economy.

But in the end, in late December, Obama approveda modest package combining measures that had been drawn up to punish Russia for other issues — expulsions of 35 diplomats and the closure of two Russian compounds — with economic sanctions so narrowly targeted that even those who helped design them describe their impact as largely symbolic.

Obama also approved a previously undisclosed covert measure that authorized planting cyber weapons in Russia’s infrastructure, the digital equivalent of bombs that could be detonated if the United States found itself in an escalating exchange with Moscow. The project, which Obama approved in a covert-action finding, was still in its planning stages when Obama left office. It would be up to President Trump to decide whether to use the capability.

In political terms, Russia’s interference was the crime of the century, an unprecedented and largely successful destabilizing attack on American democracy. It was a case that took almost no time to solve, traced to the Kremlin through cyber-forensics and intelligence on Putin’s involvement. And yet, because of the divergent ways Obama and Trump have handled the matter, Moscow appears unlikely to face proportionate consequences.

Those closest to Obama defend the administration’s response to Russia’s meddling. They note that by August it was too late to prevent the transfer to WikiLeaks and other groups of the troves of emails that would spill out in the ensuing months. They believe that a series of warnings — including one that Obama delivered to Putin in September — prompted Moscow to abandon any plans of further aggression, such as sabotage of U.S. voting systems.

Denis McDonough, who served as Obama’s chief of staff, said that the administration regarded Russia’s interference as an attack on the “heart of our system.”

“We set out from a first-order principle that required us to defend the integrity of the vote,” McDonough said in an interview. “Importantly, we did that. It’s also important to establish what happened and what they attempted to do so as to ensure that we take the steps necessary to stop it from happening again.”

But other administration officials look back on the Russia period with remorse.

“It is the hardest thing about my entire time in government to defend,” said a former senior Obama administration official involved in White House deliberations on Russia. “I feel like we sort of choked.”

This account of the Obama administration’s response to Russia’s interference is based on interviews with more than three dozen current and former U.S. officials in senior positions in government, including at the White House, the State, Defense and Homeland Security departments, and U.S. intelligence services. Most agreed to speak only on the condition of anonymity, citing the sensitivity of the issue.

The White House, the CIA, the FBI, the National Security Agency and the Office of the Director of National Intelligence declined to comment.

‘Deeply concerned’

The CIA breakthrough came at a stage of the presidential campaign when Trump had secured the GOP nomination but was still regarded as a distant long shot. Clinton held comfortable leads in major polls, and Obama expected that he would be transferring power to someone who had served in his Cabinet.

The intelligence on Putin was extraordinary on multiple levels, including as a feat of espionage.

For spy agencies, gaining insights into the intentions of foreign leaders is among the highest priorities. But Putin is a remarkably elusive target. A former KGB officer, he takes extreme precautions to guard against surveillance, rarely communicating by phone or computer, always running sensitive state business from deep within the confines of the Kremlin.

The Washington Post is withholding some details of the intelligence at the request of the U.S. government.

In early August, Brennan alerted senior White House officials to the Putin intelligence, making a call to deputy national security adviser Avril Haines and pulling national security adviser Susan E. Rice aside after a meeting before briefing Obama along with Rice, Haines and McDonough in the Oval Office.

Officials described the president’s reaction as grave. Obama “was deeply concerned and wanted as much information as fast as possible,” a former official said. “He wanted the entire intelligence community all over this.”

Concerns about Russian interference had gathered throughout the summer.

Russia experts had begun to see a troubling pattern of propaganda in which fictitious news stories, assumed to be generated by Moscow, proliferated across social-media platforms.

Officials at the State Department and FBI became alarmed by an unusual spike in requests from Russia for temporary visas for officials with technical skills seeking permission to enter the United States for short-term assignments at Russian facilities. At the FBI’s behest, the State Department delayed approving the visas until after the election.

Meanwhile, the FBI was tracking a flurry of hacking activity against U.S. political parties, think tanks and other targets. Russia had gained entry to DNC systems in the summer of 2015 and spring of 2016, but the breaches did not become public until they were disclosed in a June 2016 report by The Post.

Even after the late-July WikiLeaks dump, which came on the eve of the Democratic convention and led to the resignation of Rep. Debbie Wasserman Schultz (D-Fla.) as the DNC’s chairwoman, U.S. intelligence officials continued to express uncertainty about who was behind the hacks or why they were carried out.

At a public security conference in Aspen, Colo., in late July, Director of National Intelligence James R. Clapper Jr. noted that Russia had a long history of meddling in American elections but that U.S. spy agencies were not ready to “make the call on attribution” for what was happening in 2016.

“We don’t know enough … to ascribe motivation,” Clapper said. “Was this just to stir up trouble or was this ultimately to try to influence an election?”

Brennan convened a secret task force at CIA headquarters composed of several dozen analysts and officers from the CIA, the NSA and the FBI.

The unit functioned as a sealed compartment, its work hidden from the rest of the intelligence community. Those brought in signed new non-disclosure agreements to be granted access to intelligence from all three participating agencies.

They worked exclusively for two groups of “customers,” officials said. The first was Obama and fewer than 14 senior officials in government. The second was a team of operations specialists at the CIA, NSA and FBI who took direction from the task force on where to aim their subsequent efforts to collect more intelligence on Russia.

Don’t make things worse

The secrecy extended into the White House.

Rice, Haines and White House homeland-security adviser Lisa Monaco convened meetings in the Situation Room to weigh the mounting evidence of Russian interference and generate options for how to respond. At first, only four senior security officials were allowed to attend: Brennan, Clapper, Attorney General Loretta E. Lynch and FBI Director James B. Comey. Aides ordinarily allowed entry as “plus-ones” were barred.

Gradually, the circle widened to include Vice President Biden and others. Agendas sent to Cabinet secretaries — including John F. Kerry at the State Department and Ashton B. Carter at the Pentagon — arrived in envelopes that subordinates were not supposed to open. Sometimes the agendas were withheld until participants had taken their seats in the Situation Room.

Throughout his presidency, Obama’s approach to national security challenges was deliberate and cautious. He came into office seeking to end wars in Iraq and Afghanistan. He was loath to act without support from allies overseas and firm political footing at home. He was drawn only reluctantly into foreign crises, such as the civil war in Syria, that presented no clear exit for the United States.

Obama’s approach often seemed reducible to a single imperative: Don’t make things worse. As brazen as the Russian attacks on the election seemed, Obama and his top advisers feared that things could get far worse.

They were concerned that any pre-election response could provoke an escalation from Putin. Moscow’s meddling to that point was seen as deeply concerning but unlikely to materially affect the outcome of the election. Far more worrisome to the Obama team was the prospect of a cyber-assault on voting systems before and on Election Day.

They also worried that any action they took would be perceived as political interference in an already volatile campaign. By August, Trump was predicting that the election would be rigged. Obama officials feared providing fuel to such claims, playing into Russia’s efforts to discredit the outcome and potentially contaminating the expected Clinton triumph.

Before departing for an August vacation to Martha’s Vineyard, Obama instructed aides to pursue ways to deter Moscow and proceed along three main paths: Get a high-confidence assessment from U.S. intelligence agencies on Russia’s role and intent; shore up any vulnerabilities in state-run election systems; and seek bipartisan support from congressional leaders for a statement condemning Moscow and urging states to accept federal help.

The administration encountered obstacles at every turn.

Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”

Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.

Brennan moved swiftly to schedule private briefings with congressional leaders. But getting appointments with certain Republicans proved difficult, officials said, and it was not until after Labor Day that Brennan had reached all members of the “Gang of Eight” — the majority and minority leaders of both houses and the chairmen and ranking Democrats on the Senate and House intelligence committees.

Jeh Johnson, the homeland-security secretary, was responsible for finding out whether the government could quickly shore up the security of the nation’s archaic patchwork of voting systems. He floated the idea of designating state mechanisms “critical infrastructure,” a label that would have entitled states to receive priority in federal cybersecurity assistance, putting them on a par with U.S. defense contractors and financial networks.

On Aug. 15, Johnson arranged a conference call with dozens of state officials, hoping to enlist their support. He ran into a wall of resistance.

The reaction “ranged from neutral to negative,” Johnson said in congressional testimony Wednesday.

Brian Kemp, the Republican secretary of state of Georgia, used the call to denounce Johnson’s proposal as an assault on state rights. “I think it was a politically calculated move by the previous administration,” Kemp said in a recent interview, adding that he remains unconvinced that Russia waged a campaign to disrupt the 2016 race. “I don’t necessarily believe that,” he said.

Stung by the reaction, the White House turned to Congress for help, hoping that a bipartisan appeal to states would be more effective.

In early September, Johnson, Comey and Monaco arrived on Capitol Hill in a caravan of black SUVs for a meeting with 12 key members of Congress, including the leadership of both parties.

The meeting devolved into a partisan squabble.

“The Dems were, ‘Hey, we have to tell the public,’?” recalled one participant. But Republicans resisted, arguing that to warn the public that the election was under attack would further Russia’s aim of sapping confidence in the system.

Senate Majority Leader Mitch McConnell (R-Ky.) went further, officials said, voicing skepticism that the underlying intelligence truly supported the White House’s claims. Through a spokeswoman, McConnell declined to comment, citing the secrecy of that meeting.

Key Democrats were stunned by the GOP response and exasperated that the White House seemed willing to let Republican opposition block any pre-election move.

On Sept. 22, two California Democrats — Sen. Dianne Feinstein and Rep. Adam B. Schiff — did what they couldn’t get the White House to do. They issued a statement making clear that they had learned from intelligence briefings that Russia was directing a campaign to undermine the election, but they stopped short of saying to what end.

A week later, McConnell and other congressional leaders issued a cautious statement that encouraged state election officials to ensure their networks were “secure from attack.” The release made no mention of Russia and emphasized that the lawmakers “would oppose any effort by the federal government” to encroach on the states’ authorities.

When U.S. spy agencies reached unanimous agreement in late September that the interference was a Russian operation directed by Putin, Obama directed spy chiefs to prepare a public statement summarizing the intelligence in broad strokes.

With Obama still determined to avoid any appearance of politics, the statement would not carry his signature.

On Oct. 7, the administration offered its first public comment on Russia’s “active measures,” in a three-paragraph statement issued by Johnson and Clapper. Comey had initially agreed to attach his name, as well, officials said, but changed his mind at the last minute, saying that it was too close to the election for the bureau to be involved.

“The U.S. intelligence community is confident that the Russian government directed the recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations,” the statement said. “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.”

Early drafts accused Putin by name, but the reference was removed out of concern that it might endanger intelligence sources and methods.

The statement was issued around 3:30 p.m., timed for maximum media coverage. Instead, it was quickly drowned out. At 4 p.m., The Post published a story about crude commentsTrump had made about women that were captured on an “Access Hollywood” tape. Half an hour later, WikiLeaks published its first batch of emails stolen from Clinton campaign chairman John Podesta.

‘Ample time’ after election

The Situation Room is actually a complex of secure spaces in the basement level of the West Wing. A video feed from the main room courses through some National Security Council offices, allowing senior aides sitting at their desks to see — but not hear — when meetings are underway.

As the Russia-related sessions with Cabinet members began in August, the video feed was shut off. The last time that had happened on a sustained basis, officials said, was in the spring of 2011 during the run-up to the U.S. Special Operations raid on bin Laden’s compound in Pakistan.

The blacked-out screens were seen as an ominous sign among lower-level White House officials who were largely kept in the dark about the Russia deliberations even as they were tasked with generating options for retaliation against Moscow.

Much of that work was led by the Cyber Response Group, an NSC unit with representatives from the CIA, NSA, State Department and Pentagon.

The early options they discussed were ambitious. They looked at sectorwide economic sanctions and cyberattacks that would take Russian networks temporarily offline. One official informally suggested — though never formally proposed — moving a U.S. naval carrier group into the Baltic Sea as a symbol of resolve.

What those lower-level officials did not know was that the principals and their deputies had by late September all but ruled out any pre-election retaliation against Moscow. They feared that any action would be seen as political and that Putin, motivated by a seething resentment of Clinton, was prepared to go beyond fake news and email dumps.

The FBI had detected suspected Russian attempts to penetrate election systems in 21 states, and at least one senior White House official assumed that Moscow would try all 50, officials said. Some officials believed the attempts were meant to be detected to unnerve the Americans. The patchwork nature of the United States’ 3,000 or so voting jurisdictions would make it hard for Russia to swing the outcome, but Moscow could still sow chaos.

“We turned to other scenarios” the Russians might attempt, said Michael Daniel, who was cybersecurity coordinator at the White House, “such as disrupting the voter rolls, deleting every 10th voter [from registries] or flipping two digits in everybody’s address.”

The White House also worried that they had not yet seen the worst of Russia’s campaign. WikiLeaks and DCLeaks, a website set up in June 2016 by hackers believed to be Russian operatives, already had troves of emails. But U.S. officials feared that Russia had more explosive material or was willing to fabricate it.

“Our primary interest in August, September and October was to prevent them from doing the max they could do,” said a senior administration official. “We made the judgment that we had ample time after the election, regardless of outcome, for punitive measures.”

The assumption that Clinton would win contributed to the lack of urgency.

Instead, the administration issued a series of warnings.

Brennan delivered the first on Aug. 4 in a blunt phone call with Alexander Bortnikov, the director of the FSB, Russia’s powerful security service.

A month later, Obama confronted Putin directly during a meeting of world leaders in Hangzhou, China. Accompanied only by interpreters, Obama told Putin that “we knew what he was doing and [he] better stop or else,” according to a senior aide who subsequently spoke with Obama. Putin responded by demanding proof and accusing the United States of interfering in Russia’s internal affairs.

In a subsequent news conference, Obama alluded to the exchange and issued a veiled threat. “We’re moving into a new era here where a number of countries have significant capacities,” he said. “Frankly, we’ve got more capacity than anybody both offensively and defensively.”

There were at least two other warnings.

On Oct. 7, the day that the Clapper-Johnson statement was released, Rice summoned Russian Ambassador Sergey Kislyak Sergey Kislyak to the White House and handed him a message to relay to Putin.

Then, on Oct. 31, the administration delivered a final pre-election message via a secure channel to Moscow originally created to avert a nuclear exchange. The message noted that the United States had detected malicious activity, originating from servers in Russia, targeting U.S. election systems and warned that meddling would be regarded as unacceptable interference. Russia confirmed the next day that it had received the message but replied only after the election through the same channel, denying the accusation.

As Election Day approached, proponents of taking action against Russia made final, futile appeals to Obama’s top aides: McDonough, Rice and Haines. Because their offices were part of a suite of spaces in the West Wing, securing their support on any national security issue came to be known as “moving the suite.”

One of the last to try before the election was Kerry. Often perceived as reluctant to confront Russia, in part to preserve his attempts to negotiate a Syria peace deal, Kerry was at critical moments one of the leading hawks.

In October, Kerry’s top aides had produced an “action memo” that included a package of retaliatory measures including economic sanctions. Knowing the White House was not willing to act before the election, the plan called for the measures to be announced almost immediately after votes had been securely cast and counted.

Kerry signed the memo and urged the White House to convene a principals meeting to discuss the plan, officials said. “The response was basically, ‘Not now,’” one official said.

Election Day arrived without penalty for Moscow.

A U.S. cyber-weapon

The most difficult measure to evaluate is one that Obama alluded to in only the most oblique fashion when announcing the U.S. response.

“We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized,” he said in a statement released by the White House.

He was referring, in part, to a cyber operation that was designed to be detected by Moscow but not cause significant damage, officials said. The operation, which entailed implanting computer code in sensitive computer systems that Russia was bound to find, served only as a reminder to Moscow of the United States’ cyber reach.

But Obama also signed the secret finding, officials said, authorizing a new covert program involving the NSA, CIA and U.S. Cyber Command.

Obama declined to comment for this article, but a spokesman issued a statement: “This situation was taken extremely seriously, as is evident by President Obama raising this issue directly with President Putin; 17 intelligence agencies issuing an extraordinary public statement; our homeland security officials working relentlessly to bolster the cyber defenses of voting infrastructure around the country; the President directing a comprehensive intelligence review, and ultimately issuing a robust response including shutting down two Russian compounds, sanctioning nine Russian entities and individuals, and ejecting 35 Russian diplomats from the country.”

The cyber operation is still in its early stages and involves deploying “implants” in Russian networks deemed “important to the adversary and that would cause them pain and discomfort if they were disrupted,” a former U.S. official said.

The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.

Officials familiar with the measures said that there was concern among some in the administration that the damage caused by the implants could be difficult to contain.

As a result, the administration requested a legal review, which concluded that the devices could be controlled well enough that their deployment would be considered “proportional” in varying scenarios of Russian provocation, a requirement under international law.

The operation was described as long-term, taking months to position the implants and requiring maintenance thereafter. Under the rules of covert action, Obama’s signature was all that was necessary to set the operation in motion.

U.S. intelligence agencies do not need further approval from Trump, and officials said that he would have to issue a countermanding order to stop it. The officials said that they have seen no indication that Trump has done so.

———-

4a. Well look at that: As investigators explore the more than three dozen companies and individuals that Michael Flynn worked for – as a consultant, adviser, board member, or speaker – while advising the Trump campaign last year. And two of those entities are raising some extra eyebrows. Flynn was an advisory board member of Luxembourg-based OSY Technologies and consulted for the US-based private equity firm Francisco Partners. What’s so questionable about these entities? Well, Francisco Partners owns NSO Group – a secretive Israel-based cyberweapons dealer that sells advanced hacking tools to governments around the world – and OSY Technologies is an NSO Group offshoot. Flynn joined OSY in May of last year Yep, Michael Flynn worked for both the owner of an advanced cyberweapons dealer and one of its offshoots throughout the 2016 campaign.

“The month before Flynn joined the advisory board of OSY Technologies, NSO Group opened up a new arm called WestBridge Technologies, Inc., in the D.C. region. (The company was originally registered in Delaware in 2014, but formed in Maryland in April 2016.) Led by NSO Group co-founder Lavie, WestBridge is vying for federal government contracts for NSO Group’s products. Hiring Flynn would provide NSO Group with a well-connected figure in Washington, to help get its foot in the door of the notoriously insular world of secret intelligence budgeting.

Yep, not only was Flynn working for NSO Group’s OSY Technologies and its owners at Francisco Partners, but NSO Group was also initiating plans to get more US government contracts…something that would presumably be much likelier to happen if Donald Trump won the White House and brought Flynn into the government.

And note how NSO Group wasn’t the only cybersecurity firm Flynn was working for:
“ . . . .When you’re trying to build up your business, you need someone who has connections, someone who is seen as an authority and a legitimate presence,” Johnson said. Hiring someone with Flynn’s background in intelligence would “open up doors that they wouldn’t have had access to,” Johnson said.

Throughout 2016, Flynn worked for a number of cybersecurity firms personally and through his consulting firm, Flynn Intel Group. In addition to his advisory board seat at OSY Technologies, he sat on the board of Adobe Systems, a large software company with Pentagon contracts, and the boards of the cybersecurity companies GreenZone Systems and HALO Privacy. (Though Flynn described himself as an Adobe advisory board member in his financial disclosure paperwork, the group said in a statement that he provided only “periodic counsel to Adobe’s public sector team.”) . . .”

In terms of assessing the significance of these business relationships, on the one hand, cybersecurity is one of the areas where one should expect the former head of the US Defense Intelligence Agency to go into after leaving government. On the other hand, we have just been told about the most hack-intensive US campaign in history and all the hacking was done in favor of Donald Trump. It is difficult to shake the notion that one or more of these firms may have been involved in one of the high-profile hacks.

Due to the relative lack of sophistication required to carrying out a spear-phishing – the method behind both the DNC server hack and Podesta’s emails and, allegedly, the attempts to hack 39 state election systems a week before the election – it really is the case that almost anyone could have pulled these hacks off if they had adequate hacking skills and wanted to hide their tracks and make it look like ‘the Russians’ did it. And the NSO Group’s software specializes in create spear-phishing campaigns designed to trick people into clicking on the bad links using a variety of different tricks and insert spying malware in the victims’ systems:

“Michael Flynn Worked With Foreign Cyberweapons Group That Sold Spyware Used Against Political Dissidents” by Paul Blumenthal, Jessica Schulberg; The Huffington Post; 06/19/2017

While serving as a top campaign aide to Donald Trump, former national security adviser Michael Flynn made tens of thousands of dollars on the side advising a company that sold surveillance technology that repressive governments used to monitor activists and journalists.

Flynn, who resigned in February after mischaracterizing his conversations with the Russian ambassador to the U.S., has already come under scrutiny for taking money from foreign outfits. Federal investigators began probing Flynn’s lobbying effortson behalf of a Dutch company led by a businessman with ties to the Turkish government earlier this year. Flynn’s moonlighting wasn’t typical: Most people at the top level of major presidential campaigns do not simultaneously lobby for any entity, especially not foreign governments. It’s also unusual for former U.S. intelligence officials to work with foreign cybersecurity outfits.

Nor was Flynn’s work with foreign entities while he was advising Trump limited to his Ankara deal. He earned nearly $1.5 million last year as a consultant, adviser, board member, or speaker for more than three dozen companies and individuals, according to financial disclosure forms released earlier this year.

Two of those entities are directly linked to NSO Group, a secretive Israeli cyberweapons dealer founded by Omri Lavie and Shalev Hulio, who are rumoredto have served in Unit 8200, the Israeli equivalent of the National Security Agency.

Flynn received $40,280 last year as an advisory board member for OSY Technologies, an NSO Group offshoot based in Luxembourg, a favorite tax haven for major corporations. OSY Technologies is part of a corporate structure that runs from Israel, where NSO Group is located, through Luxembourg, the Cayman Islands, the British Virgin Islands, and the U.S.

Flynn also worked as a consultant last year for Francisco Partners, a U.S.-based private equity firm that owns NSO Group, but he did not disclose how much he was paid. At least two Francisco Partners executives have sat on OSY’s board.

Flynn’s financial disclosure forms do not specify the work he did for companies linked to NSO Group, and his lawyer did not respond to requests for comment. Former colleagues at Flynn’s consulting firm declined to discuss Flynn’s work with NSO Group. Executives at Francisco Partners who also sit on the OSY Technologies board did not respond to emails. Lavie, the NSO Group co-founder, told HuffPost he is “not interested in speaking to the press” and referred questions to a spokesman, who did not respond to queries.

Many government and military officials have moved through the revolving door between government agencies and private cybersecurity companies. The major players in the cybersecurity contracting world – SAIC, Booz Allen Hamilton, CACI Federal and KeyW Corporation – all have former top government officials in leadership roles or on their boards, or have former top executives working in government.

But it’s less common for former U.S. intelligence officials to work with foreign cybersecurity outfits. “There is a lot of opportunity in the U.S. to do this kind of work,” said Ben Johnson, a former NSA employee and the co-founder of Obsidian Security. “It’s a little bit unexpected going overseas, especially when you combine that with the fact that they’re doing things that might end up in hands of enemies of the U.S. government. It does seem questionable.”

What is clear is that during the time Flynn was working for NSO’s Luxembourg affiliate, one of the company’s main products — a spy software sold exclusively to governments and marketed as a tool for law enforcement officials to monitor suspected criminals and terrorists — was being used to surveil political dissidents, reporters, activists, and government officials. The software, called Pegasus, allowed users to remotely break into a target’s cellular phone if the target responded to a text message.

Last year, several people targeted by the spyware contacted Citizen Lab, a cybersecurity research team based out of the University of Toronto. With the help of experts at the computer security firm Lookout, Citizen Lab researchers were able to trace the spyware hidden in the texts back to NSO Group spyware. After Citizen Lab publicized its findings, Apple introduced patches to fix the vulnerability. It is not known how many activists in other countries were targeted and failed to report it to experts.

NSO Group toldForbes in a statement last year that it complies with strict export control laws and only sells to authorized government agencies. “The company does NOT operate any of its systems; it is strictly a technology company,” NSO Group told Forbes.

But once a sale is complete, foreign governments are free to do what they like with the technology.

“The government buys [the technology] and can use it however they want,” Bill Marczak, one of the Citizen Lab researchers, told HuffPost. “They’re basically digital arms merchants.”

The month before Flynn joined the advisory board of OSY Technologies, NSO Group opened up a new arm called WestBridge Technologies, Inc., in the D.C. region. (The company was originally registered in Delaware in 2014, but formed in Maryland in April 2016.) Led by NSO Group co-founder Lavie, WestBridge is vying for federal government contracts for NSO Group’s products. Hiring Flynn would provide NSO Group with a well-connected figure in Washington, to help get its foot in the door of the notoriously insular world of secret intelligence budgeting.

“When you’re trying to build up your business, you need someone who has connections, someone who is seen as an authority and a legitimate presence,” Johnson said. Hiring someone with Flynn’s background in intelligence would “open up doors that they wouldn’t have had access to,” Johnson said.

Throughout 2016, Flynn worked for a number of cybersecurity firms personally and through his consulting firm, Flynn Intel GroupIn addition to his advisory board seat at OSY Technologies, he sat on the board of Adobe Systems, a large software company with Pentagon contracts, and the boards of the cybersecurity companies GreenZone Systems and HALO Privacy. (Though Flynn described himself as an Adobe advisory board member in his financial disclosure paperwork, the group said in a statement that he provided only “periodic counsel to Adobe’s public sector team.”)

Prominent human rights activists and political dissidents have reported being targeted by NSO’s technology. On August 10, 2016, Ahmed Mansoor, an internationally recognized Emirati human rights activist, received a text message prompting him to click a link to read “new secrets” about detainees abused in UAE prisons. He got a similar text the next day. But Mansoor, who had already been repeatedly targeted by hackers, knew better than to click the links. Instead, he forwarded the messages to Citizen Lab.

Citizen Lab soon determined that NSO Group’s malware exploited an undisclosed mobile phone vulnerability, known as a zero-day exploit, that enabled its customers – that is, foreign governments – to surveil a target’s phone after the target clicked the link included in the phishing text message. If Mansoor had clicked that link, his “phone would have become a digital spy in his pocket, capable of employing his phone camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” Citizen Lab wrote in a report.

Across the globe in Mexico, where Coca-Cola and PepsiCo were working to repeal a tax on sodas imposed in 2014, two activists and a government-employed scientist, all of whom supported the soda tax, received a series of suspicious text messages. The texts, which became increasingly aggressive and threatening, came as the scientist and the activists were preparing a public relations campaign in support of raising the soda tax and promoting awareness of the health risks linked to sugary beverages.

Dr. Simón Barquera, researcher at Mexico’s National Institute for Public Health, received a text on July 11, 2016, inviting him to click a link the sender said would lead him to a detailed investigation of his clinic. When Barquera didn’t follow through, the texts escalated. On the 12th, he got a text with a link to a purported court document, which the sender claimed mentioned Barquera by name. On the 13th, yet another text included a link that supposedly contained information about a funeral. The day after that, the sender wrote, “You are an asshole Simon, while you are working I’m fuc king your old lady here is a photo.” The final text Barquera received in August said that his daughter was in “grave condition” after an accident, and included a link that would supposedly tell him where she was being treated.

Alejandro Calvillo, director of the consumer rights nonprofit El Poder del Consumidor, received a text with a link claiming to be from a man who wanted to know if Calvillo could attend the man’s father’s funeral. Another text sent to Calvillo included a link that the sender said was a viral news story that mentioned him. The final target, Luis Encarnación, a coordinator for the obesity prevention group Coalicion ContraPESO, also received a text with a link claiming that he was named in a news article.

The targets quickly got in touch with Citizen Lab and forwarded their text messages to the researchers. In February 2017, Citizen Lab released a new report linking NSO Group’s technology to the phishing attempts targeting the pro-soda tax campaigners.

Citizen Lab researchers have also identified texts sent last summer to Mexican journalist Rafael Cabrera that they believe were an attempt to infect his phone with NSO Group’s Pegasus spyware. Cabrera, who now works for BuzzFeed Mexico, was targeted by hackers after he broke a story revealing a potential conflict of interest with the Mexican first family and a Chinese company.

Citizen Lab believes NSO Group may have also sold its mobile phone spying technology to many governments, including those of Kenya, Mozambique, Yemen, Qatar, Turkey, Saudi Arabia, Uzbekistan, Thailand, Morocco, Hungary, Nigeria and Bahrain.

Working with repressive regimes is standard practice in the cyberweapons industry. The Italian surveillance malware firm Hacking Team has worked with dozens of countries known to jail dissidents, according to emails uploaded to WikiLeaks. The FBI and the Drug Enforcement Agencywere among the company’s customers, according to the documents.

Despite recent scrutiny over Mansoor’s case, NSO Group’s value has exploded in recent years. Francisco Partners bought the cyberweapons dealer in 2014 for $120 million. It is now reportedly valued at over $1 billion. . . .

4b. Due to the relative lack of sophistication required to carrying out a spear-phishing – the method behind both the DNC server hack and Podesta’s emails and, allegedly, the attempts to hack 39 state election systems a week before the election – almost anyone could have pulled these hacks off if they had adequate hacking skills, hiding their tracks and making appear as though “the Russians” did it. The NSO Group’s software specializes in create spear-phishing campaigns designed to trick people into clicking on the bad links using a variety of different tricks and insert spying malware in the victims’ systems. Their spear-phishing methodology is sophisticated.

“. . . . Increasingly, governments have found that the only way to monitor mobile phones is by using private businesses like the NSO Group that exploit little-known vulnerabilities in smartphone software. The company has, at times, operated its businesses under different names. One of them, OSY Technologies, paid Michael T. Flynn, President Trump’s former national security adviser, more than $40,000to be an advisory board member from May 2016 until January, according to his public financial disclosures. . . .”

Note how even when a phone is known to be hacked by someone using the NSO Group malware after a successful spear-phishing attempt, there’s still no way to know which NSO Group client did it. Even NSO Group claims it can’t determine who did it:

“. . . .The Mexican government’s deployment of spyware has come under suspicion before, including hacking attempts on political opponents and activists fighting corporate interests in Mexico.

Still, there is no ironclad proof that the Mexican government is responsible. The Pegasus software does not leave behind the hacker’s individual fingerprints. Even the software maker, the NSO Group, says it cannot determine who, exactly, is behind specific hacking attempts.

But cyberexperts can verify when the software has been used on a target’s phone, leaving them with few doubts that the Mexican government, or some rogue actor within it, was involved.

‘This is pretty much as good as it gets,’ said Bill Marczak, another senior researcher at Citizen Lab, who confirmed the presence of NSO code on several phones belonging to Mexican journalists and activists.

Moreover, it is extremely unlikely that cybercriminals somehow got their hands on the software, the NSO Group says, because the technology can be used only by the government agency where it is installed. . . .”

Yet for the DNC/Podesta hacks, which were also spear-phishing campaigns but against targets with a wide variety of potential enemies across the globe, the primary evidence we’re given that the Russian government was really behind the hacks was the amazingly sloppy hacker ‘mistakes’ like Cyrillic characters in the hacked document meta-data and leaving the Bitly accounts they were using to create the links used in the spear-phishing emails public so Cyber-security researchers could watch their entire hacking campaign list of targets. In other words, ‘evidence’ that could have easily be left to be found.

All of this adds to the mystery of Michael Flynn and the potential role he played in the Trump campaign: The former head of the US military’s spy agency worked for a company that makes advanced software designed to first conduct a successful spear-phishing campaign and then gives the victim NSO Group’s special spying malware, the same kind of campaign that attacked the DNC, John Podesta, and the 39 state election systems.

Yet almost no one seems to raise the question as to whether or not Flynn and his deep ties to the hacking world could have had anything to do with those high-profile hacks. Only consideration of Russian hackers is allowed. It’s a pretty mysterious mystery, although perhaps not as mysterious as the investigation.

“Using Texts as Lures, Government Spyware Targets Mexican Journalists and Their Families” by Azam Ahmed and Nicole Perlroth; The New York Times; 06/19/2017

 Mexico’s most prominent human rights lawyers, journalists and anti-corruption activists have been targeted by advanced spyware sold to the Mexican government on the condition that it be used only to investigate criminals and terrorists.

The targets include lawyers looking into the mass disappearance of 43 students, a highly respected academic who helped write anti-corruption legislation, two of Mexico’s most influential journalists and an American representing victims of sexual abuse by the police. The spying even swept up family members, including a teenage boy.

Since 2011, at least three Mexican federal agencies have purchased about $80 million worth of spyware created by an Israeli cyberarms manufacturer. The software, known as Pegasus, infiltrates smartphones to monitor every detail of a person’s cellular life — calls, texts, email, contacts and calendars. It can even use the microphone and camera on phones for surveillance, turning a target’s smartphone into a personal bug.

The company that makes the software, the NSO Group, says it sells the tool exclusively to governments, with an explicit agreement that it be used only to battle terrorists or the drug cartels and criminal groups that have long kidnapped and killed Mexicans.

But according to dozens of messages examined by The New York Times and independent forensic analysts, the software has been used against some of the government’s most outspoken critics and their families, in what many view as an unprecedented effort to thwart the fight against the corruption infecting every limb of Mexican society.

“We are the new enemies of the state,” said Juan E. Pardinas, the general director of the Mexican Institute for Competitiveness, who has pushed anti-corruption legislation. His iPhone, along with his wife’s, was targeted by the software, according to an independent analysis. “Ours is a society where democracy has been eroded,” he said.

The deployment of sophisticated cyberweaponry against citizens is a snapshot of the struggle for Mexico itself, raising profound legal and ethical questions for a government already facing severe criticismfor its human rights record. Under Mexican law, only a federal judge can authorize the surveillance of private communications, and only when officials can demonstrate a sound basis for the request.

It is highly unlikely that the government received judicial approval to hack the phones, according to several former Mexican intelligence officials. Instead, they said, illegal surveillance is standard practice.

“Mexican security agencies wouldn’t ask for a court order, because they know they wouldn’t get one,” said Eduardo Guerrero, a former analyst at the Center for Investigation and National Security, Mexico’s intelligence agency and one of the government agencies that use the Pegasus spyware. “I mean, how could a judge authorize surveillance of someone dedicated to the protection of human rights?”

“There, of course, is no basis for that intervention, but that is besides the point,” he added. “No one in Mexico ever asks for permission to do so.”

The hacking attempts were highly personalized, striking critics with messages designed to inspire fear — and get them to click on a link that would provide unfettered access to their cellphones.

Carmen Aristegui, one of Mexico’s most famous journalists, was targeted by a spyware operator posing as the United States Embassy in Mexico, instructing her to click on a link to resolve an issue with her visa. The wife of Mr. Pardinas, the anti-corruption activist, was targeted with a message claiming to offer proof that he was having an extramarital affair.

For others, imminent danger was the entry point, like a message warning that a truck filled with armed men was parked outside Mr. Pardinas’s home.

“I think that any company that sells a product like this to a government would be horrified by the targets, of course, which don’t seem to fall into the traditional role of criminality,” said John Scott-Railton, a senior researcher at Citizen Lab at the Munk School of Global Affairs at the University of Toronto, which examined the hacking attempts.

The Mexican government acknowledges gathering intelligence against legitimate suspects in accordance with the law. “As in any democratic government, to combat crime and threats against national security the Mexican government carries out intelligence operations,” it said in a statement.

But the government “categorically denies that any of its members engages in surveillance or communications operations against defenders of human rights, journalists, anti-corruption activists or any other person without prior judicial authorization.”

The Mexican government’s deployment of spyware has come under suspicion before, including hacking attempts on political opponents and activists fighting corporate interests in Mexico.

Still, there is no ironclad proof that the Mexican government is responsible. The Pegasus software does not leave behind the hacker’s individual fingerprints. Even the software maker, the NSO Group, says it cannot determine who, exactly, is behind specific hacking attempts.

But cyberexperts can verify when the software has been used on a target’s phone, leaving them with few doubts that the Mexican government, or some rogue actor within it, was involved.

“This is pretty much as good as it gets,” said Bill Marczak, another senior researcher at Citizen Lab, who confirmed the presence of NSO code on several phones belonging to Mexican journalists and activists.

Moreover, it is extremely unlikely that cybercriminals somehow got their hands on the software, the NSO Group says, because the technology can be used only by the government agency where it is installed.

The company is part of a growing number of digital spying businesses that operate in a loosely regulated space. The market has picked up in recent years, particularly as companies like Apple and Facebook start encrypting their customers’ communications, making it harder for government agencies to conduct surveillance.

Increasingly, governments have found that the only way to monitor mobile phones is by using private businesses like the NSO Group that exploit little-known vulnerabilities in smartphone software. The company has, at times, operated its businesses under different names. One of them, OSY Technologies, paid Michael T. Flynn, President Trump’s former national security adviser, more than $40,000 to be an advisory board member from May 2016 until January, according to his public financial disclosures.

Before selling to governments, the NSO Group says, it vets their human rights records. But once the company licenses the software and installs its hardware inside intelligence and law enforcement agencies, the company says, it has no way of knowing how its spy tools are used — or whom they are used against.

The company simply bills governments based on the total number of surveillance targets. To spy on 10 iPhone users, for example, the company charges $650,000 on top of a flat $500,000 installation fee, according to NSO marketing proposals reviewed by The New York Times.

Even when the NSO Group learns that its software has been abused, there is only so much it can do, the company says, arguing that it cannot simply march into intelligence agencies, remove its hardware and take back its spyware.

“When you’re selling AK-47s, you can’t control how they’ll be used once they leave the loading docks,” said Kevin Mahaffey, chief technology officer at Lookout, a mobile security company.

Rather, the NSO Group relies on its customers to cooperate in a review, then turns over the findings to the appropriate governmental authority — in effect, leaving governments to police themselves.

Typically, the company’s only recourse is to slowly cut off a government’s access to the spy tools over the course of months, or even years, by ceasing to provide new software patches, features and updates. But in the case of Mexico, the NSO Group has not condemned or even acknowledged any abuse, despite repeated evidence that its spy tools have been deployed against ordinary citizens and their families.

5. GOP-affiliated data analytics firm Deep Root has quite a data-privacy violation. A cybersecurity researcher discovered a Deep Root server with public access to their proprietary database of the voting habits/political views on over 198 million Americans on June 12th. Deep Root claims this was all due to an accident.

We wonder if there might be a link between the Deep Root data basing and other GOP cyber tactics and the alleged “Russian hacking” of U.S. election systems?

” . . . . To appeal to the three crucial categories, it appears that Trump’s team relied on voter data provided by Data Trust. Complete voter rolls for 2008 and 2012, as well as partial 2016 voter rolls for Florida and Ohio, apparently compiled by Data Trust are contained in the dataset exposed by Deep Root.

Data Trust acquires voter rolls from state officials and then standardizes the voter data to create a clean, manageable record of all registered US voters, a source familiar with the firm’s operations told Gizmodo. Voter data itself is public record and therefore not particularly sensitive, the source added, but the tools Data Trust uses to standardize that data are considered proprietary. That data is then provided to political clients, including analytics firms like Deep Root. While Data Trust requires its clients to protect the data, it has to take clients at their word that industry-standard encryption and security protocols are in place.

TargetPoint and Causeway, the two firms employed by the RNC in addition to Deep Root, apparently layered their own analytics atop the information provided by Data Trust. TargetPoint conducted thousands of surveys per week in 22 states, according to AdAge, gauging voter sentiment on a variety of topics. While Causeway helped manage the data, Deep Root used it to perfect its TV advertising targets—producing voter turnout estimates by county and using that intelligence to target its ad buys. . . .”

“GOP Data Firm Accidentally Leaks Personal Details of Nearly 200 Million American Voters” by Dell Cameron and Kate Conger, Gizmodo; 06/19/2017

Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server.

The data leak contains a wealth of personal information on roughly 61 percent of the US population. Along with home addresses, birthdates, and phone numbers, the records include advanced sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem cell research, and the right to abortion, as well as suspected religious affiliation and ethnicity. The data was amassed from a variety of sources—from the banned subreddit r/fatpeoplehate to American Crossroads, the super PAC co-founded by former White House strategist Karl Rove.

Deep Root Analytics, a conservative data firm that identifies audiences for political ads, confirmed ownership of the data to Gizmodo on Friday.

UpGuard cyber risk analyst Chris Vickery discovered Deep Root’s data online last week. More than a terabyte was stored on the cloud server without the protection of a password and could be accessed by anyone who found the URL. Many of the files did not originate at Deep Root, but are instead the aggregate of outside data firms and Republican super PACs, shedding light onto the increasingly advanced data ecosystem that helped propel President Donald Trump’s slim margins in key swing states.

Although files possessed by Deep Root would be typical in any campaign, Republican or Democratic, experts say its exposure in a single open database raises significant privacy concerns. “This is valuable for people who have nefarious purposes,” Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology, said of the data.

The RNC paid Deep Root $983,000 last year, according to Federal Election Commission reports, but its server contained records from a variety of other conservative sources paid millions more, including The Data Trust (also known as GOP Data Trust), the Republican party’s primary voter file provider. Data Trust received over $6.7 million from the RNC during the 2016 cycle, according to OpenSecrets.org, and its president, Johnny DeStefano, now serves as Trump’s director of presidential personnel.

The Koch brothers’ political group Americans for Prosperity, which had a data-swapping agreement with Data Trust during the 2016 election cycle, contributed heavily to the exposed files, as did the market research firm TargetPoint, whose co-founder previously served as director of Mitt Romney’s strategy team. (The Koch brothers also subsidized a data company known as i360, which began exchanging voter files with Data Trust in 2014.) Furthermore, the files provided by Rove’s American Crossroads contain strategic voter data used to target, among others, disaffected Democrats and undecideds in Nevada, New Hampshire, Ohio, and other key battleground states.

Deep Root further obtained hundreds of files (at least) from The Kantar Group, a leading media and market research company with offices in New York, Beijing, Moscow, and more than a hundred other cities on six continents. Each file offers rich details about political ads—estimated cost, audience demographics, reach, and more—by and about figures and groups spanning the political spectrum. There are files on the Democratic Senatorial Campaign Committee, Planned Parenthood, and the American Civil Liberties Union, as well as files on every 2016 presidential candidate, Republicans included.

What’s more, the Kantar files each contain video links to related political ads stored on Kantar’s servers.

Spreadsheets acquired from TargetPoint, which partnered with Deep Root and GOP Data Trust during the 2016 election, include the home addresses, birthdates, and party affiliations of nearly 200 million registered voters in the 2008 and 2012 presidential elections, as well as some 2016 voters. TargetPoint’s data seeks to resolve questions about where individual voters stand on dozens of political issues. For example: Is the voter eco-friendly? Do they favor lowering taxes? Do they believe the Democrats should stand up to Trump? Do they agree with Trump’s “America First” economic stance? Pharmaceutical companies do great damage: Agree or Disagree?

The details of voters’ likely preferences for issues like stem cell research and gun control were likely drawn from a variety of sources according to a Democratic strategist who spoke with Gizmodo.

“Data like that would be a combination of polling data, real world data from door-knocking and phone-calling and other canvassing activities, coupled with modeling using the data we already have to extrapolate what the voters we don’t know about would think,” the strategist said. “The campaigns that do it right combine all the available data together to make the most robust model for every single voter in the target universe.”

Deep Root’s data was exposed after the company updated its security settings on June 1, Lundry said. Deep Root has retained Stroz Friedberg, a cybersecurity and digital forensics firm, to investigate. “Based on the information we have gathered thus far, we do not believe that our systems have been hacked,” Lundry added.

So far, Deep Root doesn’t believe its proprietary data was accessed by any malicious third parties during the 12 days that the data was exposed on the open web.

Deep Root’s server was discovered by UpGuard’s Vickery on the night of June 12 as he was searching for data publicly accessible on Amazon’s cloud service. He used the same process last month to detect sensitive files tied to a US Defense Department project and exposed by an employee of a top defense contractor.

This is not the first leak of voter files uncovered by Vickery, who told Gizmodo that he was alarmed over how the data was apparently being used—some states, for instance, prohibit the commercial use of voter records. Moreover, it was not immediately clear to whom the data belonged. “It was decided that law enforcement should be contacted before attempting any contact with the entity responsible,” said Vickery, who reported that the server was secured two days later on June 14.

A web of data firms funnel research into campaigns

Deep Root’s data sheds light onto the increasingly sophisticated data operation that has fed recent Republican campaigns and lays bare the intricate network of political organizations, PACs, and analysis firms that trade in bulk voter data. In an email to Gizmodo, Deep Root said that its voter models are used to enhance the understanding of TV viewership for political ad buyers. “The data accessed was not built for or used by any specific client,” Lundry said. “It is our proprietary analysis to help inform local television ad buying.”

However, the presence of data on the server from several political organizations, including TargetPoint and Data Trust, suggests that it was used for Republican political campaigns. Deep Root also works primarily with GOP customers (although similar vendors, such as NationBuilder, service the Democrats as well).

Deep Root is one of three data firms hired by the Republican National Committee in the run-up to the 2016 presidential election. Founded by Lundry, a data scientist on the Jeb Bush and Mitt Romney campaigns, the firm was one of three analytics teams that worked on the Trump campaign following the party’s national convention in the summer of 2016.

Lundry’s work brought him into Trump’s campaign war room, according to a post-election AdAge article that charted the GOP’s 2016 data efforts. Deep Root was hand-picked by the RNC’s then-chief of staff, Katie Walsh, in September of last year and joined two other data shops—TargetPoint Consulting and Causeway Solutions—in the effort to win Trump the presidency.

To appeal to the three crucial categories, it appears that Trump’s team relied on voter data provided by Data Trust. Complete voter rolls for 2008 and 2012, as well as partial 2016 voter rolls for Florida and Ohio, apparently compiled by Data Trust are contained in the dataset exposed by Deep Root.

Data Trust acquires voter rolls from state officials and then standardizes the voter data to create a clean, manageable record of all registered US voters, a source familiar with the firm’s operations told Gizmodo. Voter data itself is public record and therefore not particularly sensitive, the source added, but the tools Data Trust uses to standardize that data are considered proprietary. That data is then provided to political clients, including analytics firms like Deep Root. While Data Trust requires its clients to protect the data, it has to take clients at their word that industry-standard encryption and security protocols are in place.

TargetPoint and Causeway, the two firms employed by the RNC in addition to Deep Root, apparently layered their own analytics atop the information provided by Data Trust. TargetPoint conducted thousands of surveys per week in 22 states, according to AdAge, gauging voter sentiment on a variety of topics. While Causeway helped manage the data, Deep Root used it to perfect its TV advertising targets—producing voter turnout estimates by county and using that intelligence to target its ad buys.

A source with years of experience working on political campaign data operations told Gizmodo that the data exposed by Deep Root appeared to be customized for the RNC and had apparently been used to create models for turnout and voter preferences. Metadata in the files suggested that the database wasn’t Deep Root’s working copy, but rather a post-election version of its data, the source said, adding that it was somewhat surprising the files hadn’t been discarded.

Because the data from the 2008 and 2012 elections is outdated—the source compared it to the kind of address and phone data one could find on a “lousy internet lookup site”—it’s not very valuable. Even the 2016 data is quickly becoming stale. “This is a proprietary dataset based on a mix of public records, data from commercial providers, and a variety of predictive models of uncertain provenance and quality,” the source said, adding: “Undoubtedly it took millions of dollars to produce.”

Although basic voter information is public record, Deep Root’s dataset contains a swirl of proprietary information from the RNC’s data firms. Many of filenames indicate they potentially contain market research on Democratic candidates and the independent expenditure committees that support them. (Up to two terabytes of data contained on the server was protected by permission settings.)

One exposed folder is labeled “Exxon-Mobile” [sic] and contains spreadsheets apparently used to predict which voters support the oil and gas industry. Divided by state, the files include the voters’ names and addresses, along with a unique RNC identification number assigned to every US citizen registered to vote. Each row indicates where voters likely fall on issues of interest to ExxonMobil, the country’s biggest natural gas producer.

The data evaluates, for example, whether or not a specific voter believes drilling for fossil fuels is vital to US security. It also predicts if the voter thinks the US should be moving away from fossil-fuel use. The ExxonMobil “national score” document alone contains data on 182,746,897 Americans spread across 19 fields.

Reddit analysis

Some of the data included in Deep Root’s dataset veers into downright bizarre territory. A folder titled simply ‘reddit’ houses 170 GBs of data apparently scraped from several subreddits, including the controversial r/fatpeoplehate that was home to a community of people who posted pictures of people and mocked them for their weight before it was banned from Reddit’s platform in 2015. Other subreddits that appear to have been scraped by Deep Root or a partner organization focused on more benign topics, like mountain biking and the Spanish language.

The Reddit data could’ve been used as training data for an artificial intelligence algorithm focused on natural language processing, or it might have been harvested as part of an effort to match up Reddit users with their voter registration records. During the 2012 election cycle, Barack Obama’s campaign data team relied on information gleaned from Facebook profiles and matched profiles to voter records.

During the 2016 election season, Reddit played host to a legion of Trump supporters who gathered in subreddits like r/The_Donald to comb through leaked Democratic National Committee emails and craft pro-Trump memes. Trump himself participated in an “Ask Me Anything” session on r/The_Donald during his campaign.

Given how active some Trump supporters are on Reddit—r/The_Donald currently boasts more than 430,000 members—it makes sense that Trump’s data team might be interested in analyzing data from the site.

FiveThirtyEight analysis that looked at where r/The_Donald members spend their time when they’re not talking politics might shed some light onto why Deep Root collected r/fatpeoplehate data. FiveThirtyEight found that, when Redditors weren’t commenting in political subreddits, they most often frequented r/fatpeoplehate.

It’s possible that Deep Root intended to use data from r/fatpeoplehate to build a more comprehensive profile of Trump voters. (Lundry declined to comment beyond his initial statement on any of information included in the Deep Root dataset.)

However, FiveThirtyEight’s investigation doesn’t account for Deep Root’s collection of data from mountain-biking and Spanish-speaking subreddits that weren’t as popular with r/The_Donald members—and data from these subreddits that are not so closely linked to Trump’s diehard supporters might be more useful for his campaign’s goal of pursuing swing voters.

“My guess is that they were scraping Reddit posts to match to the voter file as another input for individual modeling,” a source familiar with campaign data operations told Gizmodo. “Given the number of random forums, my guess is they started with a list of accounts to scrape from, rather than scraping from all forums then trying to match from there (in which case you’d start with the political ones).”

Matching voter records with Reddit usernames would be complicated and any large-scale effort would likely result in many inaccuracies, the source said. However, campaigns have attempted to match voter files with social media profiles in the past. Such an effort by Deep Root wouldn’t be entirely surprising, and would likely yield rich data on the small portion of users it was able to match with their voter profiles, the source explained.

Data exposes sensitive voter info

The Deep Root incident represents the largest known leak of Americans’ voter records, outstripping past exposures by several million records. Five voter-file leaks over the past 18 months exposed between 350,000 and 191 million files, some of which paired voter data—name, race, gender, birthdate, address, phone number, party affiliation, etc.—with email accounts, social media profiles, and records of gun ownership.

Campaigns and the data analysis firms they employ are a particularly weak point for data exposure, security experts say. Corporations that don’t properly secure customer data can face significant financial repercussions—just ask Target or Yahoo. But because campaigns are short-term operations, there’s not much incentive for them to take data security seriously, and valuable data is often left out to rust after an election.

“Campaigns are very narrowly focused. They are shoestring operations, even presidential campaigns. So they don’t think of this as an asset they need to protect,” the Center for Democracy and Technology’s Hall told Gizmodo.

Even though voter rolls are public record and are easy to access—Ohio, for instance, makes its voter rolls available to download online—their exposure can still be harmful.

Voter registration records include ZIP codes, birthdates, and other personal information that have been crucial in research efforts to re-identify anonymous medical data. Latanya Sweeney, a professor of government and technology at Harvard University, famously used voter data to re-identify Massachusetts Governor William Weld from information in anonymous hospital discharge records.

Because of the personal information they contain, voter registration databases can also be useful in identity theft schemes.

Even though exposure of Deep Root’s data has the potential to harm voters, it’s exactly the kind of data that campaigns lust after and will spend millions of dollars to obtain. Campaigns are motivated to accumulate as much deeply personal information about voters as possible, so they can spend their ad dollars in the right swing districts where they’re likely to sway the greatest number of voters. But voter data rapidly goes stale and campaigns close up shop quickly, so data is seen as disposable and often isn’t well-protected.

“I can think of no avenues for punishing political data breaches or otherwise properly aligning the incentives. I worry that if there’s no way to punish campaigns for leaking this stuff, it’s going to continue to happen until something bad happens,” Hall said. The data left behind by campaigns can pose a lingering security issue, he added. “None of these motherfuckers were ever Boy Scouts or Girl Scouts, they don’t pack out what they pack in.”

7. Where’s Cambridge Analytica? Did they get access to that data too? They were Trump’s primary Big Data secret weapon. So as this data redundant for them? If not and this data really is of use to Cambridge Analytica, then if we’re trying to think of a likely intended recipient for those terrabytes of data it’s hard to think of a likelier recipient than Cambridge Analytica. Especially after was announced back in January that the RNC’s Big Data guru was heading over to Cambridge Analytica as part of a bid to turn the firm into the RNC’s Big Data firm of choice:

“Trump’s Data Firm Snags RNC Tech Guru Darren Bolding” by Issie Lapowsky; Wired; 01/16/17

British newcomers Cambridge Analytica earned serious bragging rights—and more than a few enemies—as the data firm that helped engineer Donald Trump’s victory in its first US presidential election. Now it’s poaching the Republican National Committee’s chief technology officer, Darren Bolding, in a quest to become the analytics outfit of record for the GOP.

Bolding, who in November, 2015, became the RNC’s third CTO in as many years after building his career as an engineer in Silicon Valley, will assume the title of CTO at Cambridge, where he will build products for commercial and political clients. “We want to be able to scale up what we’re already doing, since there’s been quite a lot of interest from the commercial and political space,” he says.

Cambridge’s pitch is that it divides audiences into “psychographic groups” to target them with the kinds of messages that, like most ads, are based on demographic factors but also are most likely to appeal to their emotional and psychological profiles. The effectiveness of, and methodology behind, these tactics remain the subject of great debate among the Beltway’s traditional data minds, who express skepticism about Cambridge’s ability to deliver on its promises. But Trump’s victory in November was a blow to the firm’s detractors.

Though Cambridge is now pursuing commercial clients through its new office in New York, it’s also expanding its DC operation and hopes to secure government and defense contracts under the Trump administration. Cambridge already has the requisite ties. Not only did it work for the Trump campaign, but Steve Bannon, Trump’s chief strategist, serves on the firm’s board.

Cambridge also is funded by Robert Mercer, the billionaire donor who gave millions to Trump Super PACs and whose daughter Rebekah Mercer serves on the Trump transition team. She reportedlyis involved in shaping the non-profit organization that will serve as a fundraising and messaging vehicle for the Trump administration. That could give Cambridge an advantage in securing its business. Cambridge Analytica declined to comment on these potential deals, and the Trump transition team has not yet responded to WIRED’s request for comment.

Bolding’s departure from the RNC comes as Republicans and Democrats alike grapple with the threat of cyber attacks in the wake of the breach, attributed to Russian hackers, of the Democratic National Committee during the 2016 election. During his press conference this week, president-elect Trump scolded the DNC for allowing such an attack and claimed that hackers were foiled in their attempt to penetrate the Republican National Committee. Bolding confirms the RNC experienced frequent attacks throughout the election cycle. “We were very vigorously attacked,” Bolding says. “I’ve done this for large commercial companies that have had significant threats, but this was really intense.”

While there may have been no breaches of recent RNC data, in a hearing before the Senate Select Committee on Intelligence Tuesday, FBI director James Comey said that “information was harvested” from old RNC email domains that are no longer in use, though none of that information was released.

———-

“British newcomers Cambridge Analytica earned serious bragging rights—and more than a few enemies—as the data firm that helped engineer Donald Trump’s victory in its first US presidential election. Now it’s poaching the Republican National Committee’s chief technology officer, Darren Bolding, in a quest to become the analytics outfit of record for the GOP.

8. Seymour Hersh has a piece in Die Welt about the intelligence that went into the Trump administration’s decision to launch a cruise missile strike against a Syrian airbase following the alleged sarin gas attack on the city of Khan Sheikhoun in Idlib.

So what did the intelligence community know about the attack? Well, the Russian and Syrian air force had in fact informed the US in advance of that airstrike that they had intelligence that top level leaders of Ahrar al-Sham and Jabhat al-Nusra were meeting in that building and they informed of the US of the attack plan in advance of the attack and that it was on a “high-value” target. And the attack involved the unusual use of a guided bomb and Syria’s top pilots. Following the attack, US intelligence concluded that there was no sarin gas attack, Assad wouldn’t have been that politically suicidal, and the symptoms of chemical poisoning following the bombing was likely due to a mixture of chlorine, fertilizers, and other chemicals stored in the building that was targeted by the Syrian airforce created by secondary explosions from the initial bombing.

Key portions of Hersh’s story:

“. . . . The Syrian target at Khan Sheikhoun, as shared with the Americans at Doha, was depicted as a two-story cinder-block building in the northern part of town. Russian intelligence, which is shared when necessary with Syria and the U.S. as part of their joint fight against jihadist groups, had established that a high-level meeting of jihadist leaders was to take place in the building, including representatives of Ahrar al-Sham and the al-Qaida-affiliated group formerly known as Jabhat al-Nusra. The two groups had recently joined forces, and controlled the town and surrounding area. Russian intelligence depicted the cinder-block building as a command and control center that housed a grocery and other commercial premises on its ground floor with other essential shops nearby, including a fabric shop and an electronics store.

‘The rebels control the population by controlling the distribution of goods that people need to live – food, water, cooking oil, propane gas, fertilizers for growing their crops, and insecticides to protect the crops,’ a senior adviser to the American intelligence community, who has served in senior positions in the Defense Department and Central Intelligence Agency, told me. The basement was used as storage for rockets, weapons and ammunition, as well as products that could be distributed for free to the community, among them medicines and chlorine-based decontaminants for cleansing the bodies of the dead before burial. The meeting place – a regional headquarters – was on the floor above. ‘It was an established meeting place,’ the senior adviser said. ‘A long-time facility that would have had security, weapons, communications, files and a map center.’ The Russians were intent on confirming their intelligence and deployed a drone for days above the site to monitor communications and develop what is known in the intelligence community as a POL – a pattern of life. The goal was to take note of those going in and out of the building, and to track weapons being moved back and forth, including rockets and ammunition.

Russian and Syrian intelligence officials, who coordinate operations closely with the American command posts, made it clear that the planned strike on Khan Sheikhoun was special because of the high-value target. “It was a red-hot change. The mission was out of the ordinary – scrub the sked,” the senior adviser told me. “Every operations officer in the region” – in the Army, Marine Corps, Air Force, CIA and NSA – “had to know there was something going on. The Russians gave the Syrian Air Force a guided bomb and that was a rarity. They’re skimpy with their guided bombs and rarely share them with the Syrian Air Force. And the Syrians assigned their best pilot to the mission, with the best wingman.” The advance intelligence on the target, as supplied by the Russians, was given the highest possible score inside the American community.

The Execute Order governing U.S. military operations in theater, which was issued by the Chairman of the Joint Chiefs of Staff, provide instructions that demarcate the relationship between the American and Russian forces operating in Syria. “It’s like an ops order – ‘Here’s what you are authorized to do,’” the adviser said. “We do not share operational control with the Russians. We don’t do combined operations with them, or activities directly in support of one of their operations. But coordination is permitted. We keep each other apprised of what’s happening and within this package is the mutual exchange of intelligence. If we get a hot tip that could help the Russians do their mission, that’s coordination; and the Russians do the same for us. When we get a hot tip about a command and control facility,” the adviser added, referring to the target in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chemical weapons strike,” the adviser said. “That’s a fairy tale. If so, everyone involved in transferring, loading and arming the weapon – you’ve got to make it appear like a regular 500-pound conventional bomb – would be wearing Hazmat protective clothing in case of a leak. There would be very little chance of survival without such gear. Military grade sarin includes additives designed to increase toxicity and lethality. Every batch that comes out is maximized for death. That is why it is made. It is odorless and invisible and death can come within a minute. No cloud. Why produce a weapon that people can run away from?”

The target was struck at 6:55 a.m. on April 4, just before midnight in Washington. A Bomb Damage Assessment (BDA) by the U.S. military later determined that the heat and force of the 500-pound Syrian bomb triggered a series of secondary explosions that could have generated a huge toxic cloud that began to spread over the town, formed by the release of the fertilizers, disinfectants and other goods stored in the basement, its effect magnified by the dense morning air, which trapped the fumes close to the ground. According to intelligence estimates, the senior adviser said, the strike itself killed up to four jihadist leaders, and an unknown number of drivers and security aides. There is no confirmed count of the number of civilians killed by the poisonous gases that were released by the secondary explosions, although opposition activists reported that there were more than 80 dead, and outlets such as CNN have put the figure as high as 92. A team from Médecins Sans Frontières, treating victims from Khan Sheikhoun at a clinic 60 miles to the north, reported that “eight patients showed symptoms – including constricted pupils, muscle spasms and involuntary defecation – which are consistent with exposure to a neurotoxic agent such as sarin gas or similar compounds.” MSF also visited other hospitals that had received victims and found that patients there “smelled of bleach, suggesting that they had been exposed to chlorine.” In other words, evidence suggested that there was more than one chemical responsible for the symptoms observed, which would not have been the case if the Syrian Air Force – as opposition activists insisted – had dropped a sarin bomb, which has no percussive or ignition power to trigger secondary explosions. The range of symptoms is, however, consistent with the release of a mixture of chemicals, including chlorine and the organophosphates used in many fertilizers, which can cause neurotoxic effects similar to those of sarin.

A Bomb Damage Assessment (BDA) by the U.S. military later determined that the heat and force of the 500-pound Syrian bomb triggered a series of secondary explosions that could have generated a huge toxic cloud that began to spread over the town, formed by the release of the fertilizers, disinfectants and other goods stored in the basement, its effect magnified by the dense morning air, which trapped the fumes close to the ground. . . .

” . . . . The crisis slid into the background by the end of April, as Russia, Syria and the United States remained focused on annihilating ISIS and the militias of al-Qaida. Some of those who had worked through the crisis, however, were left with lingering concerns. ‘The Salafists and jihadists got everything they wanted out of their hyped-up Syrian nerve gas ploy,’ the senior adviser to the U.S. intelligence community told me, referring to the flare up of tensions between Syria, Russia and America. ‘The issue is, what if there’s another false flag sarin attack credited to hated Syria? Trump has upped the ante and painted himself into a corner with his decision to bomb. And do not think these guys are not planning the next faked attack. Trump will have no choice but to bomb again, and harder. He’s incapable of saying he made a mistake.’ . . .”

“Trump‘s Red Line” by Seymour M. Hersh; Welt.de; 06/25/2017

On April 6, United States President Donald Trump authorized an early morning Tomahawk missile strike on Shayrat Air Base in central Syria in retaliation for what he said was a deadly nerve agent attack carried out by the Syrian government two days earlier in the rebel-held town of Khan Sheikhoun. Trump issued the order despite having been warned by the U.S. intelligence community that it had found no evidence that the Syrians had used a chemical weapon.

The available intelligence made clear that the Syrians had targeted a jihadist meeting site on April 4 using a Russian-supplied guided bomb equipped with conventional explosives. Details of the attack, including information on its so-called high-value targets, had been provided by the Russians days in advance to American and allied military officials in Doha, whose mission is to coordinate all U.S., allied, Syrian and Russian Air Force operations in the region.

Some American military and intelligence officials were especially distressed by the president’s determination to ignore the evidence. “None of this makes any sense,” one officer told colleagues upon learning of the decision to bomb. “We KNOW that there was no chemical attack … the Russians are furious. Claiming we have the real intel and know the truth … I guess it didn’t matter whether we elected Clinton or Trump.“

Within hours of the April 4 bombing, the world’s media was saturated with photographs and videos from Khan Sheikhoun. Pictures of dead and dying victims, allegedly suffering from the symptoms of nerve gas poisoning, were uploaded to social media by local activists, including the White Helmets, a first responder group known for its close association with the Syrian opposition.

The provenance of the photos was not clear and no international observers have yet inspected the site, but the immediate popular assumption worldwide was that this was a deliberate use of the nerve agent sarin, authorized by President Bashar Assad of Syria. Trump endorsed that assumption by issuing a statement within hours of the attack, describing Assad’s “heinous actions” as being a consequence of the Obama administration’s “weakness and irresolution” in addressing what he said was Syria’s past use of chemical weapons.

To the dismay of many senior members of his national security team, Trump could not be swayed over the next 48 hours of intense briefings and decision-making. In a series of interviews, I learned of the total disconnect between the president and many of his military advisers and intelligence officials, as well as officers on the ground in the region who had an entirely different understanding of the nature of Syria’s attack on Khan Sheikhoun. I was provided with evidence of that disconnect, in the form of transcripts of real-time communications, immediately following the Syrian attack on April 4. In an important pre-strike process known as deconfliction, U.S. and Russian officers routinely supply one another with advance details of planned flight paths and target coordinates, to ensure that there is no risk of collision or accidental encounter (the Russians speak on behalf of the Syrian military). This information is supplied daily to the American AWACS surveillance planes that monitor the flights once airborne. Deconfliction’s success and importance can be measured by the fact that there has yet to be one collision, or even a near miss, among the high-powered supersonic American, Allied, Russian and Syrian fighter bombers.

Russian and Syrian Air Force officers gave details of the carefully planned flight path to and from Khan Shiekhoun on April 4 directly, in English, to the deconfliction monitors aboard the AWACS plane, which was on patrol near the Turkish border, 60 miles or more to the north.

The Syrian target at Khan Sheikhoun, as shared with the Americans at Doha, was depicted as a two-story cinder-block building in the northern part of town. Russian intelligence, which is shared when necessary with Syria and the U.S. as part of their joint fight against jihadist groups, had established that a high-level meeting of jihadist leaders was to take place in the building, including representatives of Ahrar al-Sham and the al-Qaida-affiliated group formerly known as Jabhat al-Nusra. The two groups had recently joined forces, and controlled the town and surrounding area. Russian intelligence depicted the cinder-block building as a command and control center that housed a grocery and other commercial premises on its ground floor with other essential shops nearby, including a fabric shop and an electronics store.

“The rebels control the population by controlling the distribution of goods that people need to live – food, water, cooking oil, propane gas, fertilizers for growing their crops, and insecticides to protect the crops,” a senior adviser to the American intelligence community, who has served in senior positions in the Defense Department and Central Intelligence Agency, told me. The basement was used as storage for rockets, weapons and ammunition, as well as products that could be distributed for free to the community, among them medicines and chlorine-based decontaminants for cleansing the bodies of the dead before burial. The meeting place – a regional headquarters – was on the floor above. “It was an established meeting place,” the senior adviser said. “A long-time facility that would have had security, weapons, communications, files and a map center.” The Russians were intent on confirming their intelligence and deployed a drone for days above the site to monitor communications and develop what is known in the intelligence community as a POL – a pattern of life. The goal was to take note of those going in and out of the building, and to track weapons being moved back and forth, including rockets and ammunition.

One reason for the Russian message to Washington about the intended target was to ensure that any CIA asset or informant who had managed to work his way into the jihadist leadership was forewarned not to attend the meeting.I was told that the Russians passed the warning directly to the CIA. “They were playing the game right,” the senior adviser said. The Russian guidance noted that the jihadist meeting was coming at a time of acute pressure for the insurgents: Presumably Jabhat al-Nusra and Ahrar al-Sham were desperately seeking a path forward in the new political climate. In the last few days of March, Trump and two of his key national security aides – Secretary of State Rex Tillerson and UN Ambassador Nikki Haley – had made statements acknowledging that, as the New York Times put it, the White House “has abandoned the goal” of pressuring Assad “to leave power, marking a sharp departure from the Middle East policy that guided the Obama administration for more than five years.” White House Press Secretary Sean Spicer told a press briefing on March 31 that “there is a political reality that we have to accept,” implying that Assad was there to stay.

Russian and Syrian intelligence officials, who coordinate operations closely with the American command posts, made it clear that the planned strike on Khan Sheikhoun was special because of the high-value target. “It was a red-hot change. The mission was out of the ordinary – scrub the sked,” the senior adviser told me. “Every operations officer in the region” – in the Army, Marine Corps, Air Force, CIA and NSA – “had to know there was something going on. The Russians gave the Syrian Air Force a guided bomb and that was a rarity. They’re skimpy with their guided bombs and rarely share them with the Syrian Air Force. And the Syrians assigned their best pilot to the mission, with the best wingman.” The advance intelligence on the target, as supplied by the Russians, was given the highest possible score inside the American community.

The Execute Order governing U.S. military operations in theater, which was issued by the Chairman of the Joint Chiefs of Staff, provide instructions that demarcate the relationship between the American and Russian forces operating in Syria. “It’s like an ops order – ‘Here’s what you are authorized to do,’” the adviser said. “We do not share operational control with the Russians. We don’t do combined operations with them, or activities directly in support of one of their operations. But coordination is permitted. We keep each other apprised of what’s happening and within this package is the mutual exchange of intelligence. If we get a hot tip that could help the Russians do their mission, that’s coordination; and the Russians do the same for us. When we get a hot tip about a command and control facility,” the adviser added, referring to the target in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chemical weapons strike,” the adviser said. “That’s a fairy tale. If so, everyone involved in transferring, loading and arming the weapon – you’ve got to make it appear like a regular 500-pound conventional bomb – would be wearing Hazmat protective clothing in case of a leak. There would be very little chance of survival without such gear. Military grade sarin includes additives designed to increase toxicity and lethality. Every batch that comes out is maximized for death. That is why it is made. It is odorless and invisible and death can come within a minute. No cloud. Why produce a weapon that people can run away from?”

The target was struck at 6:55 a.m. on April 4, just before midnight in Washington. A Bomb Damage Assessment (BDA) by the U.S. military later determined that the heat and force of the 500-pound Syrian bomb triggered a series of secondary explosions that could have generated a huge toxic cloud that began to spread over the town, formed by the release of the fertilizers, disinfectants and other goods stored in the basement, its effect magnified by the dense morning air, which trapped the fumes close to the ground. According to intelligence estimates, the senior adviser said, the strike itself killed up to four jihadist leaders, and an unknown number of drivers and security aides. There is no confirmed count of the number of civilians killed by the poisonous gases that were released by the secondary explosions, although opposition activists reported that there were more than 80 dead, and outlets such as CNN have put the figure as high as 92. A team from Médecins Sans Frontières, treating victims from Khan Sheikhoun at a clinic 60 miles to the north, reported that “eight patients showed symptoms – including constricted pupils, muscle spasms and involuntary defecation – which are consistent with exposure to a neurotoxic agent such as sarin gas or similar compounds.” MSF also visited other hospitals that had received victims and found that patients there “smelled of bleach, suggesting that they had been exposed to chlorine.” In other words, evidence suggested that there was more than one chemical responsible for the symptoms observed, which would not have been the case if the Syrian Air Force – as opposition activists insisted – had dropped a sarin bomb, which has no percussive or ignition power to trigger secondary explosions. The range of symptoms is, however, consistent with the release of a mixture of chemicals, including chlorine and the organophosphates used in many fertilizers, which can cause neurotoxic effects similar to those of sarin.

The internet swung into action within hours, and gruesome photographs of the victims flooded television networks and YouTube. U.S. intelligence was tasked with establishing what had happened. Among the pieces of information received was an intercept of Syrian communications collected before the attack by an allied nation. The intercept, which had a particularly strong effect on some of Trump’s aides, did not mention nerve gas or sarin, but it did quote a Syrian general discussing a “special” weapon and the need for a highly skilled pilot to man the attack plane. The reference, as those in the American intelligence community understood, and many of the inexperienced aides and family members close to Trump may not have, was to a Russian-supplied bomb with its built-in guidance system. “If you’ve already decided it was a gas attack, you will then inevitably read the talk about a special weapon as involving a sarin bomb,” the adviser said. “Did the Syrians plan the attack on Khan Sheikhoun? Absolutely. Do we have intercepts to prove it? Absolutely. Did they plan to use sarin? No. But the president did not say: ‘We have a problem and let’s look into it.’ He wanted to bomb the shit out of Syria.”

At the UN the next day, Ambassador Haley created a media sensation when she displayed photographs of the dead and accused Russia of being complicit. “How many more children have to die before Russia cares?” she asked. NBC News, in a typical report that day, quoted American officials as confirming that nerve gas had been used and Haley tied the attack directly to Syrian President Assad. “We know that yesterday’s attack was a new low even for the barbaric Assad regime,” she said. There was irony in America’s rush to blame Syria and criticize Russia for its support of Syria’s denial of any use of gas in Khan Sheikhoun, as Ambassador Haley and others in Washington did. “What doesn’t occur to most Americans” the adviser said, “is if there had been a Syrian nerve gas attack authorized by Bashar, the Russians would be 10 times as upset as anyone in the West. Russia’s strategy against ISIS, which involves getting American cooperation, would have been destroyed and Bashar would be responsible for pissing off Russia, with unknown consequences for him. Bashar would do that? When he’s on the verge of winning the war? Are you kidding me?”

Trump, a constant watcher of television news, said, while King Abdullah of Jordan was sitting next to him in the Oval Office, that what had happened was “horrible, horrible” and a “terrible affront to humanity.” Asked if his administration would change its policy toward the Assad government, he said: “You will see.” He gave a hint of the response to come at the subsequent news conference with King Abdullah: “When you kill innocent children, innocent babies – babies, little babies – with a chemical gas that is so lethal … that crosses many, many lines, beyond a red line . … That attack on children yesterday had a big impact on me. Big impact … It’s very, very possible … that my attitude toward Syria and Assad has changed very much.”

Within hours of viewing the photos, the adviser said, Trump instructed the national defense apparatus to plan for retaliation against Syria. “He did this before he talked to anybody about it. The planners then asked the CIA and DIA if there was any evidence that Syria had sarin stored at a nearby airport or somewhere in the area. Their military had to have it somewhere in the area in order to bomb with it.” “The answer was, ‘We have no evidence that Syria had sarin or used it,’” the adviser said. “The CIA also told them that there was no residual delivery for sarin at Sheyrat [the airfield from which the Syrian SU-24 bombers had taken off on April 4] and Assad had no motive to commit political suicide.”Everyone involved, except perhaps the president, also understood that a highly skilled United Nations team had spent more than a year in the aftermath of an alleged sarin attack in 2013 by Syria, removing what was said to be all chemical weapons from a dozen Syrian chemical weapons depots.

At this point, the adviser said, the president’s national security planners were more than a little rattled: “No one knew the provenance of the photographs. We didn’t know who the children were or how they got hurt. Sarin actually is very easy to detect because it penetrates paint, and all one would have to do is get a paint sample. We knew there was a cloud and we knew it hurt people. But you cannot jump from there to certainty that Assad had hidden sarin from the UN because he wanted to use it in Khan Sheikhoun.” The intelligence made clear that a Syrian Air Force SU-24 fighter bomber had used a conventional weapon to hit its target: There had been no chemical warhead. And yet it was impossible for the experts to persuade the president of this once he had made up his mind. “The president saw the photographs of poisoned little girls and said it was an Assad atrocity,” the senior adviser said. “It’s typical of human nature. You jump to the conclusion you want. Intelligence analysts do not argue with a president. They’re not going to tell the president, ‘if you interpret the data this way, I quit.’”

The national security advisers understood their dilemma: Trump wanted to respond to the affront to humanity committed by Syria and he did not want to be dissuaded. They were dealing with a man they considered to be not unkind and not stupid, but his limitations when it came to national security decisions were severe. “Everyone close to him knows his proclivity for acting precipitously when he does not know the facts,” the adviser said. “He doesn’t read anything and has no real historical knowledge. He wants verbal briefings and photographs. He’s a risk-taker. He can accept the consequences of a bad decision in the business world; he will just lose money. But in our world, lives will be lost and there will be long-term damage to our national security if he guesses wrong. He was told we did not have evidence of Syrian involvement and yet Trump says: ‘Do it.”’

On April 6, Trump convened a meeting of national security officials at his Mar-a-Lago resort in Florida. The meeting was not to decide what to do, but how best to do it – or, as some wanted, how to do the least and keep Trump happy. “The boss knew before the meeting that they didn’t have the intelligence, but that was not the issue,” the adviser said. “The meeting was about, ‘Here’s what I’m going to do,’ and then he gets the options.”

The available intelligence was not relevant. The most experienced man at the table was Secretary of Defense James Mattis, a retired Marine Corps general who had the president’s respect and understood, perhaps, how quickly that could evaporate. Mike Pompeo, the CIA director whose agency had consistently reported that it had no evidence of a Syrian chemical bomb, was not present. Secretary of State Tillerson was admired on the inside for his willingness to work long hours and his avid reading of diplomatic cables and reports, but he knew little about waging war and the management of a bombing raid. Those present were in a bind, the adviser said. “The president was emotionally energized by the disaster and he wanted options.” He got four of them, in order of extremity. Option one was to do nothing. All involved, the adviser said, understood that was a non-starter. Option two was a slap on the wrist: to bomb an airfield in Syria, but only after alerting the Russians and, through them, the Syrians, to avoid too many casualties. A few of the planners called this the “gorilla option”: America would glower and beat its chest to provoke fear and demonstrate resolve, but cause little significant damage. The third option was to adopt the strike package that had been presented to Obama in 2013, and which he ultimately chose not to pursue. The plan called for the massive bombing of the main Syrian airfields and command and control centers using B1 and B52 aircraft launched from their bases in the U.S. Option four was “decapitation”: to remove Assad by bombing his palace in Damascus, as well as his command and control network and all of the underground bunkers he could possibly retreat to in a crisis.

“Trump ruled out option one off the bat,” the senior adviser said, and the assassination of Assad was never considered. “But he said, in essence: ‘You’re the military and I want military action.’” The president was also initially opposed to the idea of giving the Russians advance warning before the strike, but reluctantly accepted it. “We gave him the Goldilocks option – not too hot, not too cold, but just right.” The discussion had its bizarre moments. Tillerson wondered at the Mar-a-Lago meeting why the president could not simply call in the B52 bombers and pulverize the air base. He was told that B52s were very vulnerable to surface-to-air missiles (SAMs) in the area and using such planes would require suppression fire that could kill some Russian defenders. “What is that?” Tillerson asked. Well, sir, he was told, that means we would have to destroy the upgraded SAM sites along the B52 flight path, and those are manned by Russians, and we possibly would be confronted with a much more difficult situation. “The lesson here was: Thank God for the military men at the meeting,” the adviser said. “They did the best they could when confronted with a decision that had already been made.”

Fifty-nine Tomahawk missiles were fired from two U.S. Navy destroyers on duty in the Mediterranean, the Ross and the Porter, at Shayrat Air Base near the government-controlled city of Homs. The strike was as successful as hoped, in terms of doing minimal damage. The missiles have a light payload – roughly 220 pounds of HBX, the military’s modern version of TNT. The airfield’s gasoline storage tanks, a primary target, were pulverized, the senior adviser said, triggering a huge fire and clouds of smoke that interfered with the guidance system of following missiles. As many as 24 missiles missed their targets and only a few of the Tomahawks actually penetrated into hangars, destroying nine Syrian aircraft, many fewer than claimed by the Trump administration. I was told that none of the nine was operational: such damaged aircraft are what the Air Force calls hangar queens. “They were sacrificial lambs,” the senior adviser said. Most of the important personnel and operational fighter planes had been flown to nearby bases hours before the raid began. The two runways and parking places for aircraft, which had also been targeted, were repaired and back in operation within eight hours or so. All in all, it was little more than an expensive fireworks display.

“It was a totally Trump show from beginning to end,” the senior adviser said. “A few of the president’s senior national security advisers viewed the mission as a minimized bad presidential decision, and one that they had an obligation to carry out. But I don’t think our national security people are going to allow themselves to be hustled into a bad decision again. If Trump had gone for option three, there might have been some immediate resignations.”

After the meeting, with the Tomahawks on their way, Trump spoke to the nation from Mar-a-Lago, and accused Assad of using nerve gas to choke out “the lives of helpless men, women and children. It was a slow and brutal death for so many … No child of God should ever suffer such horror.” The next few days were his most successful as president. America rallied around its commander in chief, as it always does in times of war. Trump, who had campaigned as someone who advocated making peace with Assad, was bombing Syria 11 weeks after taking office, and was hailed for doing so by Republicans, Democrats and the media alike. One prominent TV anchorman, Brian Williams of MSNBC, used the word “beautiful” to describe the images of the Tomahawks being launched at sea. Speaking on CNN, Fareed Zakaria said: “I think Donald Trump became president of the United States.” A review of the top 100 American newspapers showed that 39 of them published editorials supporting the bombing in its aftermath, including the New York TimesWashington Post and Wall Street Journal.

Five days later, the Trump administration gathered the national media for a background briefing on the Syrian operation that was conducted by a senior White House official who was not to be identified. The gist of the briefing was that Russia’s heated and persistent denial of any sarin use in the Khan Sheikhoun bombing was a lie because President Trump had said sarin had been used. That assertion, which was not challenged or disputed by any of the reporters present, became the basis for a series of further criticisms:

– The continued lying by the Trump administration about Syria’s use of sarin led to widespread belief in the American media and public that Russia had chosen to be involved in a corrupt disinformation and cover-up campaign on the part of Syria.

– Russia’s military forces had been co-located with Syria’s at the Shayrat airfield (as they are throughout Syria), raising the possibility that Russia had advance notice of Syria’s determination to use sarin at Khan Sheikhoun and did nothing to stop it.

– Syria’s use of sarin and Russia’s defense of that use strongly suggested that Syria withheld stocks of the nerve agent from the UN disarmament team that spent much of 2014 inspecting and removing all declared chemical warfare agents from 12 Syrian chemical weapons depots, pursuant to the agreement worked out by the Obama administration and Russia after Syria’s alleged, but still unproven, use of sarin the year before against a rebel redoubt in a suburb of Damascus.

The briefer, to his credit, was careful to use the words “think,” “suggest” and “believe” at least 10 times during the 30-minute event. But he also said that his briefing was based on data that had been declassified by “our colleagues in the intelligence community.” What the briefer did not say, and may not have known, was that much of the classified information in the community made the point that Syria had not used sarin in the April 4 bombing attack.

The crisis slid into the background by the end of April, as Russia, Syria and the United States remained focused on annihilating ISIS and the militias of al-Qaida. Some of those who had worked through the crisis, however, were left with lingering concerns. “The Salafists and jihadists got everything they wanted out of their hyped-up Syrian nerve gas ploy,” the senior adviser to the U.S. intelligence community told me, referring to the flare up of tensions between Syria, Russia and America. “The issue is, what if there’s another false flag sarin attack credited to hated Syria? Trump has upped the ante and painted himself into a corner with his decision to bomb. And do not think these guys are not planning the next faked attack. Trump will have no choice but to bomb again, and harder. He’s incapable of saying he made a mistake.”

———-

9. That’s ominous: So you know that potential bombshell report by Sy Hersh in Die Welt about how Donald Trump’s intelligence and military advisors has concluded that Bashar Assad’s regime was not in fact responsible for a sarin gas attack but instead the cloud of chemicals was a consequence of secondary explosions of stored chlorine and fertilizer in building by the Syrian air force? That report has been almost entirely ignored by American news outlets? Well, it’s going to be a lot harder to ignore that report now that the White House just issued an ominous message indicating it has evidence that Assad’s forces were planning a chemical attack and if that happens the consequences will be severe and Russian and Iran will be held responsible:

“White House says Syria’s Assad preparing another chemical attack, warns of ‘heavy’ penalty” by Abby Phillip and Dan Lamothe; The Washington Post; 06/26/2017

The White House issued an ominous warning to Syrian President Bashar al-Assad on Monday night, pledging that his regime would pay a “heavy price” if it carried out another chemical attack this year.

In a statement, White House press secretary Sean Spicer said that the United States had detected evidence of preparations for a chemical attack, similar to the preparations that occurred before an attack in April.

“The United States has identified potential preparations for another chemical weapons attack by the Assad regime that would likely result in the mass murder of civilians, including innocent children,” Spicer said in the statement. “The activities are similar to preparations the regime made before its April 4, 2017 chemical weapons attack.

“As we have previously stated, the United States is in Syria to eliminate the Islamic State of Iraq and Syria,” he continued. “If, however, Mr. Assad conducts another mass murder attack using chemical weapons, he and his military will pay a heavy price.”

Following the April attack, President Trump ordered an air strike against the Assad-controlled air field where the attack was believed to have been carried out.

At the time, Trump said that Assad’s use of chemical weapons against innocent women and children made action inevitable.

“When you kill innocent children, innocent babies, babies, little babies, with a chemical gas that is so lethal — people were shocked to hear what gas it was,” Trump said after the attack. “That crosses many, many lines, beyond a red line, many, many lines.”

Following Spicer’s statement on Monday night, Nikki Haley, the U.S. Ambassador to the United Nations said Assad and its allies would be squarely blamed if such an attack occurred.

“Any further attacks done to the people of Syria will be blamed on Assad, but also on Russia & Iran who support him killing his own people,”Haley wrote.

Any further attacks done to the people of Syria will be blamed on Assad, but also on Russia & Iran who support him killing his own people.— Nikki Haley (@nikkihaley) June 27, 2017

The U.S. military maintains a variety of weapons in the region that could be used in the event of another strike, including manned and unmanned aircraft in several Middle Eastern countries. But the most likely scenario is probably a strike using naval assets, which can be launched with fewer diplomatic issues than using bases in allied countries such as Turkey or the United Arab Emirates.

The Navy launched Tomahawk missiles at a Syrian military airfield April 6 in response to a previous alleged chemical weapons attack, using two guided-missile destroyers in the eastern Mediterranean Sea, the USS Ross and USS Porter, to do so.

A point of contention for the Pentagon after the last strike was the Syrian regime’s alleged use of a nerve agent, like sarin. It is far deadlier than some other chemicals that U.S. military and intelligence officials say that the regime has used, such as chlorine.

———-

“”The United States has identified potential preparations for another chemical weapons attack by the Assad regime that would likely result in the mass murder of civilians, including innocent children,” Spicer said in the statement. “The activities are similar to preparations the regime made before its April 4, 2017 chemical weapons attack.”

That was the message from Sean Spicer, followed by this warning to Iran and Russia from UN Ambassador Nikki Haley:


Following Spicer’s statement on Monday night, Nikki Haley, the U.S. Ambassador to the United Nations said Assad and its allies would be squarely blamed if such an attack occurred.

“Any further attacks done to the people of Syria will be blamed on Assad, but also on Russia & Iran who support him killing his own people,” Haley wrote.

 

Discussion

22 comments for “FTR #964 Lies, Damned Lies and Statistics”

  1. The Office of the Director of National Intelligence had a rather curious response to a Freedom of Information Act lawsuit demanding the release of the classified report given to President Obama back in January purporting to show the Russian government was behind the hacks. That the ODNI doesn’t want to release this document isn’t particularly curious. That’s to be expected. It’s the explanation from the ODNI for why they can’t release the document that’s curious. According to the ODNI, the requested document would present a risk to human intelligence sources by revealing the comparative weight given to human vs technical evidence, risking US sources and methods. But the ODNI went further, suggesting that even releasing a fully redacted document would present similar risks. So who knows what’s it that ODNI report, but it’s apparently so damn sensitive that the released of a fully redacted version of it presents a national security risk:

    Politico

    Feds won’t release redacted intelligence report on Russian election meddling

    By Josh Gerstein

    06/27/2017 12:15 AM EDT
    Updated 06/27/2017 07:51 AM EDT

    The Trump administration is refusing to release a redacted version of a key report President Barack Obama received in January on alleged Russian interference in the 2016 presidential election, court filings show.

    Then-Director of National Intelligence James Clapper made public an unclassified version of that report, but the Electronic Privacy Information Center brought a Freedom of Information Act lawsuit demanding a copy of the classified report given to Obama at the same time. EPIC said the unclassified version omitted “critical technical evidence” that could help the public assess U.S. intelligence agencies’ claims that Russia did make efforts to affect the outcome of the 2016 race.

    However, a top official in the Office of the Director of National Intelligence said in a court declaration filed Monday that releasing the original report with classified information blacked out would be a field day for foreign intelligence operatives, including the very Russians the report accuses of undertaking the interference.

    “Release of a redacted report would be of particular assistance to Russian intelligence, which, armed with both the declassified report and a redacted copy of the classified report, would be able to discern the volume of intelligence the U.S. currently possesses with respect to Russian attempts to influence the 2016 election,” Deputy Director of National Intelligence for Intelligence Integration Edward Gistaro wrote.

    “This would reveal the maturity of the U.S. intelligence efforts and expose information about the [intelligence community’s] capabilities (including sources and methods) that could reasonably be expected to cause serious or exceptionally grave danger to U.S. national security.”

    The intelligence official argued that a redacted version of the original report would allow a trained eye to assess “comparative weight” of human intelligence and signals intelligence reporting included in the compendium. Release of some of the information the privacy-focused organization wants made public “could prove fatal to U.S. human intelligence sources,” Gistaro warned.

    Gistaro also appears to argue that even if officials blacked out the whole report, highly classified information would be at risk.

    “I agree with the [National Intelligence Council] that a heavily or even fully redacted version of the classified report can not be publicly released without jeopardizing national security information properly classified as SECRET or TOP SECRET,” he wrote.

    EPIC sought the information in January, just days after officials released the public version of the report. The group filed suit in federal court in Washington in February after failing to get any records from ODNI.

    “The ODNI should release the complete report to EPIC so that the public and the Congress can understand the full extent of the Russian interference with the 2016 Presidential election,” EPIC’s Marc Rotenberg told POLITICO Tuesday. “It is already clear that government secrecy is frustrating meaningful oversight. The FBI, for example, will not even identify the states that were targeted by Russia.”

    Rotenberg said his group is pursuing two other related FOIA suits: one seeking records abou the FBI’s response to the alleged Russian meddling and another seeking Trump’s tax records from the IRS.

    ———–

    “Feds won’t release redacted intelligence report on Russian election meddling” by Josh Gerstein; Politico; 06/27/2017

    “”Release of a redacted report would be of particular assistance to Russian intelligence, which, armed with both the declassified report and a redacted copy of the classified report, would be able to discern the volume of intelligence the U.S. currently possesses with respect to Russian attempts to influence the 2016 election,” Deputy Director of National Intelligence for Intelligence Integration Edward Gistaro wrote.”

    Revealing the volume of the report alone is apparently problematic. So requested report is presumably either surprising long or surprisingly short. The length of the report is revealing of…something. And would reveal top secret intelligence and put lives at risk even if the report was fully redacted:


    “This would reveal the maturity of the U.S. intelligence efforts and expose information about the [intelligence community’s] capabilities (including sources and methods) that could reasonably be expected to cause serious or exceptionally grave danger to U.S. national security.”

    The intelligence official argued that a redacted version of the original report would allow a trained eye to assess “comparative weight” of human intelligence and signals intelligence reporting included in the compendium. Release of some of the information the privacy-focused organization wants made public “could prove fatal to U.S. human intelligence sources,” Gistaro warned.

    Gistaro also appears to argue that even if officials blacked out the whole report, highly classified information would be at risk.

    “I agree with the [National Intelligence Council] that a heavily or even fully redacted version of the classified report can not be publicly released without jeopardizing national security information properly classified as SECRET or TOP SECRET,” he wrote.

    “”I agree with the [National Intelligence Council] that a heavily or even fully redacted version of the classified report can not be publicly released without jeopardizing national security information properly classified as SECRET or TOP SECRET,” he wrote.”

    What is it about this report’s volume that’s so dangerous revealing? We don’t get to know. But note the kind of information that EPIC was trying to get from its lawsuit and which was largely left out of the released unclassified version: Technical evidence:


    Then-Director of National Intelligence James Clapper made public an unclassified version of that report, but the Electronic Privacy Information Center brought a Freedom of Information Act lawsuit demanding a copy of the classified report given to Obama at the same time. EPIC said the unclassified version omitted “critical technical evidence” that could help the public assess U.S. intelligence agencies’ claims that Russia did make efforts to affect the outcome of the 2016 race.

    So it’s probably worth noting that the big piece in the Washington Post describing the behind-the-scenes decision-making in the Obama administration over how to respond the hacks and the risk of more cyberattacks mentions the critical sources of intelligence that the US relied on in coming to its conclusion that the Russian government was behind the hacks. There was critical human intelligence that apparently came from a source deep inside the Kremlin, and critical technical evidence from a foreign ally. And there was something about that ally that made the NSA not trust that evidence initially. So the refusal to even release a fully redacted version of that report over fears of revealing sources and methods is pretty odd since there’s already been some significant details revealed in the media about those sources and methods. Details like a source deep inside the Kremlin:

    The Washington Post

    Obama’s secret struggle to punish Russia for Putin’s election assault

    By Greg Miller, Ellen Nakashima and Adam Entous
    June 23, 2017

    Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

    Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladimir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

    Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”

    Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.

    ———-

    “Obama’s secret struggle to punish Russia for Putin’s election assault” by Greg Miller, Ellen Nakashima and Adam Entous; The Washington Post; 06/23/2017

    “Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.”

    So based on the Washington Post report we’re told that some of the most critical technical evidence come from a rather iffy source. And based on the ODNI’s explanation for why it can’t release even a fully redacted version of that report it’s because doing so could reveal the relative weight the US applied to human vs technical evidence in coming to its assessment. It raises the possibility of the technical evidence playing a surprisingly small role, which is turn raises the question of just how much the final conclusion was based on the Kremlin source alone.

    And given the possibility that human intelligence played an overwhelming role in the US reaching the conclusion it made, it’s increasingly important to keep in mind one of the more amazing revelations in how this investigation unfolded: the discovery that someone was passed the FBI Russian intelligence documents in March of 2016 claiming that the Russians had the hacked DNC emails. And that alleged Russian intelligence document turned out to contain disinformation. The source was unable to provide any of the emails the document claimed the Russians had and the FBI was unable to corroborate other intelligence provided by this same source. So it’s already been reported that someone, presumably someone with access to Russian intelligence, was feeding the US government disinformation about Russian involvement in the hack:

    The Washington Post

    How a dubious Russian document influenced the FBI’s handling of the Clinton probe

    By Karoun Demirjian and Devlin Barrett
    May 24, 2017

    A secret document that officials say played a key role in then-FBI Director James B. Comey’s handling of the Hillary Clinton email investigation has long been viewed within the FBI as unreliable and possibly a fake, according to people familiar with its contents.

    In the midst of the 2016 presidential primary season, the FBI received what was described as a Russian intelligence document claiming a tacit understanding between the Clinton campaign and the Justice Department over the inquiry into whether she intentionally revealed classified information through her use of a private email server.

    The Russian document cited a supposed email describing how then-Attorney General Loretta E. Lynch had privately assured someone in the Clinton campaign that the email investigation would not push too deeply into the matter. If true, the revelation of such an understanding would have undermined the integrity of the FBI’s investigation.

    Current and former officials have said that Comey relied on the document in making his July decision to announce on his own, without Justice Department involvement, that the investigation was over. That public announcement — in which he criticized Clinton and made extensive comments about the evidence — set in motion a chain of other FBI moves that Democrats now say helped Trump win the presidential election.

    But according to the FBI’s own assessment, the document was bad intelligence — and according to people familiar with its contents, possibly even a fake sent to confuse the bureau. The Americans mentioned in the Russian document insist they do not know each other, do not speak to each other and never had any conversations remotely like the ones described in the document. Investigators have long doubted its veracity, and by August the FBI had concluded it was unreliable.

    The document, obtained by the FBI, was a piece of purported analysis by Russian intelligence, the people said. It referred to an email supposedly written by the then-chair of the Democratic National Committee, Rep. Debbie Wasserman Schultz (D-Fla.), and sent to Leonard Benardo, an official with the Open Society Foundations, an organization founded by billionaire George Soros and dedicated to promoting democracy.

    The Russian document did not contain a copy of the email, but it described some of the contents of the purported message.

    In the supposed email, Wasserman Schultz claimed Lynch had been in private communication with a senior Clinton campaign staffer named Amanda Renteria during the campaign. The document indicated Lynch had told Renteria that she would not let the FBI investigation into Clinton go too far, according to people familiar with it.

    Current and former officials have argued that the secret document gave Comey good reason to take the extraordinary step over the summer of announcing the findings of the Clinton investigation himself without Justice Department involvement.

    Comey had little choice, these people have said, because he feared that if Lynch announced no charges against Clinton, and then the secret document leaked, the legitimacy of the entire case would be questioned.

    From the moment the bureau received the document from a source in early March 2016, its veracity was the subject of an internal debate at the FBI. Several people familiar with the matter said the bureau’s doubts about the document hardened in August when officials became more certain that there was nothing to substantiate the claims in the Russian document. FBI officials knew the bureau never had the underlying email with the explosive allegation, if it ever existed.

    Yet senior officials at the bureau continued to rely on the document before and after the election as part of their justification for how they handled the case.

    Wasserman Schultz and Benardo said in separate interviews with The Washington Post that they do not know each other and have never communicated. Renteria, in an interview, and people familiar with Lynch’s account said the two also do not know each other and have never communicated. Lynch declined to comment for this article.

    Moreover, Wasserman Schultz, Benardo and Renteria said they have never been interviewed by the FBI about the matter.

    Comey’s defenders still insist that there is reason to believe the document is legitimate and that it rightly played a major role in the director’s thinking.

    “It was a very powerful factor in the decision to go forward in July with the statement that there shouldn’t be a prosecution,” said a person familiar with the matter. “The point is that the bureau picked up hacked material that hadn’t been dumped by the bad guys [the Russians] involving Lynch. And that would have pulled the rug out of any authoritative announcement.”

    Other people familiar with the document disagree sharply, saying such claims are disingenuous because the FBI has known for a long time that the Russian intelligence document is unreliable and based on multiple layers of hearsay.

    “It didn’t mean anything to the investigation until after [senior FBI officials] had to defend themselves,” said one person familiar with the matter. “Then they decided it was important. But it’s junk, and they already knew that.”

    An FBI spokesman declined to comment. Comey did not respond to requests for comment.

    The people familiar with the Russian document spoke on the condition of anonymity because they were not authorized to discuss its contents. No one familiar with it asked The Post to withhold details about its origins to safeguard the source.

    Several of them said they were concerned that revealing details now about the document could be perceived as an effort to justify Trump’s decision to fire Comey, but they argued that the document and Comey’s firing are distinct issues. Most of the people familiar with the document disagree strongly with the decision to fire the director, but they also criticized current and former officials who have privately cited the document as an important factor in the decisions made by Comey and other senior FBI officials. Comey told lawmakers he would discuss it with them only in a classified session.

    Email not obtained

    After the bureau first received the document, it attempted to use the source to obtain the referenced email but could not do so, these people said. The source that provided the document, they said, had previously supplied other information that the FBI was also unable to corroborate.

    While it was conducting the Clinton email investigation, the FBI did not interview anyone mentioned in the Russian document about its claims. At the time, FBI agents were probing numerous hacking cases involving Democrats and other groups, but they never found an email like the one described in the document, these people said.

    Then on July 5, Comey decided to announce on his own — without telling Lynch ahead of time — that he was closing the Clinton email case without recommending charges against anyone. Aides to Comey said he decided to act alone after Lynch met privately with Bill Clinton for nearly a half-hour on an airport tarmac in Phoenix about a week earlier — and have since said privately the Russian document was also a factor in that decision.

    The appearance of possible conflict arising from the Phoenix meeting led FBI leadership to want to show it had reached the decision independently, without political interference from the Justice Department.

    About a month after Comey’s announcement, FBI officials asked to meet privately with the attorney general. At the meeting, they told Lynch about a foreign source suggesting she had told Renteria that Clinton did not have to worry about the email probe, because she would keep the FBI in check, according to people familiar with the matter.

    “Just so you know, I don’t know this person and have never communicated with her,’’ Lynch told the FBI officials, according to a person familiar with the discussion. The FBI officials assured her the conversation was not a formal interview and said the document “didn’t have investigative value,’’ the person said.

    Nevertheless, the officials said, they wanted to give the attorney general what is sometimes referred to as a “defensive briefing’’ — advising someone of a potential intelligence issue that could come up at some future point.

    The agents never mentioned Wasserman Schultz to Lynch but told her there was some uncertainty surrounding the information because of “possible translation issues,” according to a person familiar with the discussion.

    Lynch told them they were welcome to speak to her staff and to conduct a formal interview of her, the person said. The FBI declined both offers.

    ‘I’ve never heard of him’

    Renteria, a California Democrat, first heard of the Russian document and its description of her role when a Post reporter called her.

    “Wow, that’s kind of weird and out of left field,’’ she said. “I don’t know Loretta Lynch, the attorney general. I haven’t spoken to her.’’

    Renteria said she did know a California woman by the same name who specializes in utility issues. The Loretta Lynch in California is a lawyer who once did campaign work for the Clintons decades ago involving the Whitewater investigation. Bloggers and others have previously confused the two women, including during Lynch’s nomination to be attorney general.

    Wasserman Schultz and Benardo, the alleged emailers, were also perplexed by the Russian document’s claims.

    Wasserman Schultz said: “Not only do I not know him — I’ve never heard of him. I don’t know who this is. There’s no truth to this whatsoever. I have never sent an email remotely like what you’re describing.’’

    She added that she had met Lynch, the former attorney general, once briefly at a dinner function.

    Benardo said of Wasserman Schultz: “I’ve never met her. I’ve only read about her.”

    “I’ve never in my lifetime received any correspondence of any variety — correspondence, fax, telephone, from Debbie Wasserman Schultz,’’ he said. “If such documentation exists, it’s of course made up.’’

    As for Renteria, Wasserman Schultz said she knew who she was from past political work but had “virtually no interaction” with her during the 2016 campaign. “I was definitely in the same room as her on more than one occasion, but we did not interact, and no email exchange during the campaign, or ever,’’ she said.

    When asked, the individuals named in the document struggled to fathom why their identities would have been woven together in a document describing communications they said never happened. But others recognized the dim outlines of a conspiracy theory that would be less surprising in Russia, where Soros — the founder of the organization Benardo works for — and Clinton are both regarded as political enemies of the Kremlin.

    “The idea that Russians would tell a story in which the Clinton campaign, Soros and even an Obama administration official are connected — that Russians might tell such a story, that is not at all surprising,” said Matt Rojansky, a Russia expert and director of the Kennan Institute at the Wilson Center. “Because that is part of the Kremlin worldview.”

    ———-

    “How a dubious Russian document influenced the FBI’s handling of the Clinton probe” by Karoun Demirjian and Devlin Barrett; The Washington Post; 05/24/2017

    “After the bureau first received the document, it attempted to use the source to obtain the referenced email but could not do so, these people said. The source that provided the document, they said, had previously supplied other information that the FBI was also unable to corroborate.

    That doesn’t sound like a very good source. But they definitely good at making an impact despite raising a number of doubts:


    But according to the FBI’s own assessment, the document was bad intelligence — and according to people familiar with its contents, possibly even a fake sent to confuse the bureau. The Americans mentioned in the Russian document insist they do not know each other, do not speak to each other and never had any conversations remotely like the ones described in the document. Investigators have long doubted its veracity, and by August the FBI had concluded it was unreliable.

    The document, obtained by the FBI, was a piece of purported analysis by Russian intelligence, the people said. It referred to an email supposedly written by the then-chair of the Democratic National Committee, Rep. Debbie Wasserman Schultz (D-Fla.), and sent to Leonard Benardo, an official with the Open Society Foundations, an organization founded by billionaire George Soros and dedicated to promoting democracy.

    The Russian document did not contain a copy of the email, but it described some of the contents of the purported message.

    Adding to the mystery, note the timing of the FBI receiving this document: early March of 2016:


    From the moment the bureau received the document from a source in early March 2016, its veracity was the subject of an internal debate at the FBI. Several people familiar with the matter said the bureau’s doubts about the document hardened in August when officials became more certain that there was nothing to substantiate the claims in the Russian document. FBI officials knew the bureau never had the underlying email with the explosive allegation, if it ever existed.

    Keep in mind that the FBI first casually notified the DNC of the detected hacking back in the fall of 2015 and the hacks weren’t publicly reported on until mid June of 2016. So this Russian intelligence document arrived in the FBI’s hands at a time when the US government, and presumably allied governments, knew about the ongoing hacking of the DNC, but the public at large didn’t know. So someone who can claim to have access to Russian intelligence documents passed along an intelligence document that implicated the Russian government in the hacks months before the public phase of the hacking fiasco ever got started. And that intelligence contained disinformation seemingly intended to sow fears in the US government of what the Russians would dump this alleged email to the public, damaging public perception of the investigations into HIllary’s private emailby showing collusion between the Attorney General and Hillary. And these fears apparently catalyzed James Comey’s decision to give that press conference on June 8th. A press conference that took place a week before the initial news reports that the DNC was hacked and a month and a half before the initial release by Wikileaks of the hacked emails in late July. It’s all pretty puzzling.

    So is the “deep in the Kremlin” source who claimed Putin ordered the hacking the same source of this bogus Russian intelligence document? Did the document even come from someone in the Russian government or did it come from a rival intelligence service? And if it did come from a rival intelligence service, is this the same foreign ally who provided the critical technical evidence that the NSA didn’t place much faith in or was that a different foreign ally?

    There’s no shortage of questions raised by all this. Too bad the ODNI won’t release that classified report. Apparently it would have provided a lot of answers. Fully redacted or not.

    Posted by Pterrafractyl | June 28, 2017, 8:30 pm
  2. Another day, another massive revelation in the #TrumpRussia story: The Wall Street Journal just put out a pair of stories about what appears to be an operation involving senior figures in the Trump campaign (Steve Bannon, Kellyanne Conway, Sam Clovis, and Michael Flynn) to seek out and obtain what they hoped were hacked emails from Hillary Clinton’s email server that they apparently believed were being provided by Russian hackers probably associated with the Russian government. This all apparently was arranged shortly after Trump made his infamous call for Russian to hack Hillary’s emails and the person leading the operation is the one who went to the Wall Street Journal to tell everyone about it. Yep.

    So who is this gadfly who led what was purportedly one of the most sensitive political dirty tricks operations in decades and just could help blabbing about it to a the Wall Street Journal (a Murdoch family owned publication): Peter Smith, an 81 year old long-time conservative activist better known for his work in the 90’s financing anti-Clinton conspiracy theories and scandals like “Troopergate”. For some reason he decided to tell all this to the Wall Street Journal back in May, and then he died a week and half later. Smith talks about how he was in contact with 5 different hackers claiming to have Hillary Clinton’s hacked emails, two of which he believed were Russian hackers that he assumed were working for the Russian government, and how Smith’s team was unable to ever verify if any of the emails provided by these hackers were real. And Smith decided to tell the world about it for some really mysterious reason.

    But Smith isn’t the only source in this story. Matt Tait, a former GCHQ cyber analysts who writes under the pseudonym PwnAllTheThings (and not the British ‘Alt-Right figure of the same name) claims to have been contacted by Smith to provide his expertise on whether or not the allegedly hacked emails were real. Tait claims he was contacted around the time Trump made his call for Russia to hack Hillary and say he initially thought Smith wanted him to provide his analysis on the DNC email hack that Tait had already written about. It was only later, after some phone interviews with Smith and some others, that Smith disclosed that he was putting together a group to try to track down and validate Hillary’s emails that Smith believed were likely available via hackers on the Darkweb. Tait says he grew uncomfortable with the operation in mid September, refused to sign a non-disclosure agreement, and parted ways with Smith’s operation.

    It’s also important to note that Tait was a figure who was initially quite skeptical of Crowdstrike’s analysis that the DNC hacks were an act of the Russian government, but later came around to that conclusion. Why? Because of things like the meta-data in the leaked documents like the “Iron Felix” name. And Tait also felt that Guccifer’s behavior wasn’t self-aggrandizing enough to be consistent with a loan hacker. Also the command and control server used by the hackers coincided with the command and control server used in the 2015 Bundestag hacks(don’t forget the IP addresses were inexplicably hard coded into the malware). Based on this shoddy “Hi! I’m a Russian hacker!” evidence, Tait concluded in a July 28th blog post that the DNC hacks had indeed been the work on Russian government agents and he made this argument in a blog post a day after made his call for the Russians to hack Hillary on July 27th. So when Smith’s group approached Tait, Tait had already made it publicly clear that he was ready and willing to go along with the developing narrative of Russian government hackers that was predicated on the assumption that these were really horrible Russian government hackers.

    Tait responded to the WSJ article with a long post on his blog were he lays out the personal experiences explaining why he went along with the operations for as long as he did, why he left it, and why he was pretty sure Smith wasn’t just engaging in name-dropping and puffery when he claimed to be working with a larger team that included figures like Bannon and Conway, recounting the number of details Smith would provide to Tait about the inner workings of the Trump campaign.
    Also, critically, Tait notes that he never saw any of the emails allegedly provided to Smith by the hackers they contacted on the dark web.

    But the revelations were limited to the pair of WSJ reports or Tait’s own account. It also mentions how US investigators are looking into intelligence reports about apparent Russian hackers were observer discussing how they count hack Hillary’s emails and then get them to Michael Flynn through and intermediary.

    So at that point it looks like a long-time GOP anti-Clinton dirty tricks operative decided to promote a particular narrative about the Trump team’s role in the hackings that implicate Michael Flynn, Steven Bannon, and Kellyanne Conway in an operation that involved getting hacked emails by but simultaneously promote the notion that it was Russian government hackers (and not, you know, people hired by the Trump team leaving tons of “Hi! I’m a Russian hacker!” fingerprints). He decided to do this almost two months ago, and it’s just coming out now. It’s kind of hard to take it all at face value but it’s a pretty good attempt at a limited hangout intended to push Trump aside and make way for a non-openly crazy GOPer to replace him:

    Slate

    GOP Operative Attempted to Collude With Hackers He Thought Were Russian to Get Hacked Clinton Emails

    By Elliot Hannon
    June 29 2017 9:52 PM

    On Thursday, the Wall Street Journal reported the makings of a potential bombshell: During the presidential campaign, a longtime GOP operative claiming to work with retired Lt. Gen. Michael Flynn attempted to collude with who he believed to be Russian hackers in order to procure thousands of emails deleted from Hillary Clinton’s personal server. The reporting by the Journal’s Shane Harris stops well short of connecting the dots to explicit coordination between Flynn and the Russians, but he adds a number of new data points to the conversation—and none of them look good for the Trump White House.

    The GOP operative in question is Peter W. Smith, who told the Journal during an interview last month that he began shopping around for the some 33,000 deleted Clinton emails in early September 2016, two months before Election Day. Smith’s efforts came in the wake of the WikiLeaks release of hacked Democratic National Committee emails that July and a month before the organization’s release of emails hacked from Clinton campaign chairman John Podesta in October. “Mr. Smith, a private-equity executive from Chicago active in Republican politics, said he assembled a group of technology experts, lawyers and a Russian-speaking investigator based in Europe to acquire emails the group theorized might have been stolen from the private server Mrs. Clinton used as secretary of state,” according to the WSJ.

    Smith, who died in May at the age of 81, a month after the WSJ interview, implied to the small circle of people he contacted for help locating the emails that he was working with Flynn, who was then a senior adviser to Donald Trump. “He said, ‘I’m talking to Michael Flynn about this—if you find anything, can you let me know?’ ” a computer-security expert who helped search hacker forums for leads told the WSJ. Emails sent by Smith—and reviewed by the WSJ—also implied Flynn was supportive of the effort to locate the Clinton emails, and went so far as to offer to arrange meetings with Flynn and his son, who worked for his dad’s company, and those he was trying to enlist to help.

    Here’s what Smith’s efforts netted him (via the WSJ):

    In the interview with the Journal, Mr. Smith said he and his colleagues found five groups of hackers who claimed to possess Mrs. Clinton’s deleted emails, including two groups he determined were Russians.

    “We knew the people who had these were probably around the Russian government,” Mr. Smith said.

    Mr. Smith said after vetting batches of emails offered to him by hacker groups last fall, he couldn’t be sure enough of their authenticity to leak them himself. “We told all the groups to give them to WikiLeaks,” he said. WikiLeaks has never published those emails or claimed to have them. Mr. Smith and one of his associates said they had a line of communication with Mr. Flynn and his consulting company …

    … The operation Mr. Smith described is consistent with information that has been examined by U.S. investigators probing Russian interference in the elections. Those investigators have examined reports from intelligence agencies that describe Russian hackers discussing how to obtain emails from Mrs. Clinton’s server and then transmit them to Mr. Flynn via an intermediary, according to U.S. officials with knowledge of the intelligence. It isn’t clear who that intermediary might have been or whether Mr. Smith’s operation was the one allegedly under discussion by the Russian hackers. The reports were compiled during the same period when Mr. Smith’s group was operating, according to the officials.

    Harris’ reporting is presumably the opening salvo in this line of investigation that, for the first time, implies explicit collusion between the Trump campaign and Russia. A Trump campaign official said Smith didn’t work for the campaign and Flynn, if he was involved, was participating in a personal capacity, not as a campaign official. The fact that Smith didn’t officially work for the Trump campaign seems like a no-brainer for obvious reasons, but doesn’t mean he wasn’t acting at the behest of someone on the campaign. Whether Flynn was acting in a personal or professional capacity, at the moment, is a distinction without a difference. Yes, at some point it would be important if he was relaying orders, or acting on behalf of someone higher up on the Trump campaign—of which there weren’t many—presumably Steve Bannon, who was leading the campaign at that point, or even the president himself.

    What the Journal story does indicate, however, is that a GOP operative who presented himself as working with Mike Flynn, a top Trump adviser with numerous dodgy Russian ties himself, actively solicited Clinton emails from hackers he believed to be Russian and assumed to be affiliated with the Russian government. Once he obtained a stash of unverified emails presented as the deleted Clinton emails, this operative then suggested the hackers release the cache to WikiLeaks one month after the DNC WikiLeaks dump and a month before the Podesta WikiLeaks dump.

    ———-

    “GOP Operative Attempted to Collude With Hackers He Thought Were Russian to Get Hacked Clinton Emails” by Elliot Hannon; Slate; 06/29/2017

    The GOP operative in question is Peter W. Smith, who told the Journal during an interview last month that he began shopping around for the some 33,000 deleted Clinton emails in early September 2016, two months before Election Day. Smith’s efforts came in the wake of the WikiLeaks release of hacked Democratic National Committee emails that July and a month before the organization’s release of emails hacked from Clinton campaign chairman John Podesta in October. “Mr. Smith, a private-equity executive from Chicago active in Republican politics, said he assembled a group of technology experts, lawyers and a Russian-speaking investigator based in Europe to acquire emails the group theorized might have been stolen from the private server Mrs. Clinton used as secretary of state,” according to the WSJ.”

    A whole team was assembled to obtain hacked emails from what they say they assumed were Russian hackers right at the height of a campaign that had Russian government hacking at the center of it. With Team people helping to coordinate it. That’s the story. The story taken to a major newspaper and sat on for two months:


    Smith, who died in May at the age of 81, a month after the WSJ interview, implied to the small circle of people he contacted for help locating the emails that he was working with Flynn, who was then a senior adviser to Donald Trump. “He said, ‘I’m talking to Michael Flynn about this—if you find anything, can you let me know?’ ” a computer-security expert who helped search hacker forums for leads told the WSJ. Emails sent by Smith—and reviewed by the WSJ—also implied Flynn was supportive of the effort to locate the Clinton emails, and went so far as to offer to arrange meetings with Flynn and his son, who worked for his dad’s company, and those he was trying to enlist to help

    And in this story we learn that about how investigators are working with intelligence agencies describing “Russian hackers” discussing how to hack Hillary’s emails and get them to Flynn taking place during the same period that Smith’s group was operating:

    In the interview with the Journal, Mr. Smith said he and his colleagues found five groups of hackers who claimed to possess Mrs. Clinton’s deleted emails, including two groups he determined were Russians.

    “We knew the people who had these were probably around the Russian government,” Mr. Smith said.

    … The operation Mr. Smith described is consistent with information that has been examined by U.S. investigators probing Russian interference in the elections. Those investigators have examined reports from intelligence agencies that describe Russian hackers discussing how to obtain emails from Mrs. Clinton’s server and then transmit them to Mr. Flynn via an intermediary, according to U.S. officials with knowledge of the intelligence. It isn’t clear who that intermediary might have been or whether Mr. Smith’s operation was the one allegedly under discussion by the Russian hackers. The reports were compiled during the same period when Mr. Smith’s group was operating, according to the officials.

    So that was the first WSJ report. It didn’t mention Smith’s connection to anyone on the Trump campaign other than Michael Flynn. It was the second WSJ report that drew in the rest of those senior Trump officials. And former GCHQ analyst Matt Tait, who appears to be the source for much of this information:

    Talking Points Memo
    Editor’s Blog

    This Is Big

    By Josh Marshall
    Published July 1, 2017 12:27 am

    This is big.

    As you may have heard, this evening The Wall Street Journal published a major follow-up to its story from Thursday which described the work of a GOP money man and oppo research guy, the late Peter W. Smith, who was trying to get hacked emails from Russia and held himself out to be in contact with disgraced Trump advisor Michael Flynn. On its face, the big new break in this follow-up story is a new document from Smith. The document is from what is described as a package of recruiting materials Smith was using to enlist cybersecurity talent in his operation. The document listed key officials in the Trump campaign. These were apparently people Smith claimed he was in touch with or working with, though precisely how or why they were mentioned is not entirely clear.

    Here’s the key passage from the Journal article

    Officials identified in the document include Steve Bannon, now chief strategist for President Donald Trump; Kellyanne Conway, former campaign manager and now White House counselor; Sam Clovis, a policy adviser to the Trump campaign and now a senior adviser at the Agriculture Department; and retired Lt. Gen. Mike Flynn, who was a campaign adviser and briefly was national security adviser in the Trump administration.

    A few caveats are in order.

    From the Journal reporting at least it is not totally clear what Smith intended by listing these people. It’s also possible that Smith was freelancing. There are lots of people in the orbit of major campaigns puffing up their connections to top players. The Journal article has Bannon denying any knowledge of Smith. Conway says she knew Smith from GOP politics over the years but was never in contact with him about this.

    That’s the story as presented in the Journal.

    What is also clear in the Journal article is that the source of the new information was almost certainly a British national and cybersecurity expert named Matt Tait. I would go through why this seems clear. But about an hour after the Journal article was published, Tait himself followed up with what I would say is the big piece of the night in the Lawfare blog.

    Tait provides a much more detailed first-person account of his dealings with Smith. You’ll want to read it yourself. But the gist is that he’s a cybersecurity expert, he got press attention with some online analysis he did about the DNC hacking. He later got contacted by Smith – apparently because Smith was looking for someone to authenticate purported, hacked Clinton emails he’d been offered. Tait didn’t at first know just what Smith was after or who he was. But once he got into a conversation with Smith and found out someone was offering him the Clinton emails, he wanted to know more.

    One critical part of the story is that Tait never saw the purported emails, genuine or not. So he is not in a position to say what they were or who was offering them to Smith.

    The critical points Tait reveals are these. 1) That in his conversations with Smith and his associates it was clear that they did not care if the sources of the emails were Russian intelligence officers or if the emails had been hacked by Russian intelligence. They were entirely indifferent to this reality. They didn’t care. 2) Smith discussed what seemed to be highly detailed and confidential information about the inner workings of the Trump campaign, details that made Tait think that Smith wasn’t just some name dropper freelancing but actually had deep ties into the campaign and especially with Mike Flynn.

    Let me excerpt two key passages …

    Over the course of our conversations, one thing struck me as particularly disturbing. Smith and I talked several times about the DNC hack, and I expressed my view that the hack had likely been orchestrated by Russia and that the Kremlin was using the stolen documents as part of an influence campaign against the United States. I explained that if someone had contacted him via the “Dark Web” with Clinton’s personal emails, he should take very seriously the possibility that this may have been part of a wider Russian campaign against the United States. And I said he need not take my word for it, pointing to a number of occasions where US officials had made it clear that this was the view of the U.S. intelligence community as well.

    Smith, however, didn’t seem to care. From his perspective it didn’t matter who had taken the emails, or their motives for doing so. He never expressed to me any discomfort with the possibility that the emails he was seeking were potentially from a Russian front, a likelihood he was happy to acknowledge. If they were genuine, they would hurt Clinton’s chances, and therefore help Trump.

    The second passage is in regards to Smith’s knowledge of the inner-workings of the Trump campaign …

    Although it wasn’t initially clear to me how independent Smith’s operation was from Flynn or the Trump campaign, it was immediately apparent that Smith was both well connected within the top echelons of the campaign and he seemed to know both Lt. Gen. Flynn and his son well. Smith routinely talked about the goings on at the top of the Trump team, offering deep insights into the bizarre world at the top of the Trump campaign. Smith told of Flynn’s deep dislike of DNI Clapper, whom Flynn blamed for his dismissal by President Obama. Smith told of Flynn’s moves to position himself to become CIA Director under Trump, but also that Flynn had been persuaded that the Senate confirmation process would be prohibitively difficult. He would instead therefore become National Security Advisor should Trump win the election, Smith said. He also told of a deep sense of angst even among Trump loyalists in the campaign, saying “Trump often just repeats whatever he’s heard from the last person who spoke to him,” and expressing the view that this was especially dangerous when Trump was away.

    Later in the piece, Tait returns to the point when discussing the aforementioned document reported by the Journal.

    As I mentioned above, Smith and his associates’ knowledge of the inner workings of the campaign were insightful beyond what could be obtained by merely attending Republican events or watching large amounts of news coverage. But one thing I could not place, at least initially, was whether Smith was working on behalf of the campaign, or whether he was acting independently to help the campaign in his personal capacity.

    Then, a few weeks into my interactions with Smith, he sent me a document, ostensibly a cover page for a dossier of opposition research to be compiled by Smith’s group, and which purported to clear up who was involved. The document was entitled “A Demonstrative Pedagogical Summary to be Developed and Released Prior to November 8, 2016,” and dated September 7. It detailed a company Smith and his colleagues had set up as a vehicle to conduct the research: “KLS Research”, set up as a Delaware LLC “to avoid campaign reporting,” and listing four groups who were involved in one way or another.

    The first group, entitled “Trump Campaign (in coordination to the extent permitted as an independent expenditure)” listed a number of senior campaign officials: Steve Bannon, Kellyanne Conway, Sam Clovis, Lt. Gen. Flynn and Lisa Nelson.

    The largest group named a number of “independent groups / organizations / individuals / resources to be deployed.” My name appears on this list. At the time, I didn’t recognize most of the others; however, several made headlines in the weeks immediately prior to the election.

    My perception then was that the inclusion of Trump campaign officials on this document was not merely a name-dropping exercise. This document was about establishing a company to conduct opposition research on behalf of the campaign, but operating at a distance so as to avoid campaign reporting. Indeed, the document says as much in black and white.

    The combination of Smith’s deep knowledge of the inner workings of the campaign, this document naming him in the “Trump campaign” group, and the multiple references to needing to avoid campaign reporting suggested to me that the group was formed with the blessing of the Trump campaign. In the Journal’s story this evening, several of the individuals named in the document denied any connection to Smith, and it’s certainly possible that he was a big name-dropper and never really represented anyone other than himself. If that’s the case, Smith talked a very good game.

    As you can see, a good bit of this is how Tait interpreted what Smith and Smith’s associates told him. Tait is a British national. So it is not unreasonable to assume he may not have a perfect grasp of all the nuances of US politics, just as you or I wouldn’t of British politics. But if the facts he alleges are broadly accurate – and I have no reason to think they are not – he at least makes a pretty good case that Smith had some pretty strong lines into the highest echelons of the Trump campaign and held himself out as operating on the campaign’s behalf.

    What apparently prompted Tait to come forward was what we noted yesterday was likely the biggest news in the first of the two Journal pieces: the report that the US government had intelligence showing Russian operatives discussing passing hacked emails to Michael Flynn via an intermediary.

    Now what does this all mean?

    This reads to me like the kind of story that rapidly shakes out a lot of new information. Every big press outfit in the country must be yanking on all the dangling threads even as I write. This certainly sounds like just the kind of attempt to work with the Russian subversion campaign that many have long suspected. It connects up with people at the highest level of the Trump campaign. It looks like strong evidence of attempted collusion by people at least in the orbit of the Trump campaign and quite likely in communication with people at the highest echelons of the campaign.

    But did it succeed? Did they make contact? If there was a big picture quid pro quo between Russia and the Trump campaign why were they reaching out to Smith by such circuitous methods, ones that left Smith – if we can credit his account – feeling he needed to authenticate the emails? One thing that is worth noting, though it can be hard to keep track of in all these details, is that emails purportedly hacked from Clinton’s personal email server never appeared during the campaign or since. So at least in this specific regard, what Smith and his cronies were up to didn’t pan out, for whatever reason.

    To be clear, the questions I’m raising here don’t mean this didn’t happen or doesn’t matter. Far from it. They are just basic questions anyone trying to get to the bottom of this would need to ask. It is possible that the big overarching story turns out to be something we’ve discussed here on several occasions: a scenario in which Trump himself didn’t cross any lines but he knew others near him did or tried. Or maybe it’s much more. What we can say now is that the Trump/Russia collusion story just moved dramatically closer to the Trump inner circle.

    ———-

    “This Is Big” by Josh Marshall; Talking Points Memo; 07/01/2017

    “Officials identified in the document include Steve Bannon, now chief strategist for President Donald Trump; Kellyanne Conway, former campaign manager and now White House counselor; Sam Clovis, a policy adviser to the Trump campaign and now a senior adviser at the Agriculture Department; and retired Lt. Gen. Mike Flynn, who was a campaign adviser and briefly was national security adviser in the Trump administration.”

    Yep, senior Trump officials were identified in a document describing a corporation set up to obtain these emails. And according to Tait’s own blog posting, this corporation was set up in Delaware to avoid campaign disclosure laws (it’s a reminder that this story is another reason to revisit campaign finance laws):


    Then, a few weeks into my interactions with Smith, he sent me a document, ostensibly a cover page for a dossier of opposition research to be compiled by Smith’s group, and which purported to clear up who was involved. The document was entitled “A Demonstrative Pedagogical Summary to be Developed and Released Prior to November 8, 2016,” and dated September 7. It detailed a company Smith and his colleagues had set up as a vehicle to conduct the research: “KLS Research”, set up as a Delaware LLC “to avoid campaign reporting,” and listing four groups who were involved in one way or another.

    The first group, entitled “Trump Campaign (in coordination to the extent permitted as an independent expenditure)” listed a number of senior campaign officials: Steve Bannon, Kellyanne Conway, Sam Clovis, Lt. Gen. Flynn and Lisa Nelson.

    The largest group named a number of “independent groups / organizations / individuals / resources to be deployed.” My name appears on this list. At the time, I didn’t recognize most of the others; however, several made headlines in the weeks immediately prior to the election.

    My perception then was that the inclusion of Trump campaign officials on this document was not merely a name-dropping exercise. This document was about establishing a company to conduct opposition research on behalf of the campaign, but operating at a distance so as to avoid campaign reporting. Indeed, the document says as much in black and white.

    So as Josh Marshall reasonably concludes, it looks like Tait is the source for much of the information in this second WSJ article. Tait’s own blog posting that popped up shortly after the article certainly supports that theory:


    What is also clear in the Journal article is that the source of the new information was almost certainly a British national and cybersecurity expert named Matt Tait. I would go through why this seems clear. But about an hour after the Journal article was published, Tait himself followed up with what I would say is the big piece of the night in the Lawfare blog.

    And in that blog post we find Tait describing an experience where Smith was openly sharing with him all sorts of rather amazing campaign gossip, like campaign infighting, doubts about Trump from his own staff, and Michael Flynn’s own ambitions to become head of the CIA or National Security Advisor. And this is all happening :
    while Tait describes himself as basically an outsider, and not a particularly anti-Hillary outsider, who was invited into this cabal of GOP operatives and Trump team officials:

    Lawfare

    The Time I Got Recruited to Collude with the Russians

    By Matt Tait
    Friday, June 30, 2017, 10:50 PM

    I read the Wall Street Journal’s article yesterday on attempts by a GOP operative to recover missing Hillary Clinton emails with more than usual interest. I was involved in the events that reporter Shane Harris described, and I was an unnamed source for the initial story. What’s more, I was named in, and provided the documents to Harris that formed the basis of, this evening’s follow-up story, which reported that “A longtime Republican activist who led an operation hoping to obtain Hillary Clinton emails from hackers listed senior members of the Trump campaign, including some who now serve as top aides in the White House, in a recruitment document for his effort”:

    Officials identified in the document include Steve Bannon, now chief strategist for President Donald Trump; Kellyanne Conway, former campaign manager and now White House counselor; Sam Clovis, a policy adviser to the Trump campaign and now a senior adviser at the Agriculture Department; and retired Lt. Gen. Mike Flynn, who was a campaign adviser and briefly was national security adviser in the Trump administration.

    I’m writing this piece in the spirit of Benjamin Wittes’s account of his interactions with James Comey immediately following the New York Times story for which he acted as a source. The goal is to provide a fuller accounting of experiences which were thoroughly bizarre and which I did not fully understand until I read the Journal’s account of the episode yesterday. Indeed, I still do not fully understand the events I am going to describe, both what they reflected then or what they mean in retrospect. But I can lay out what happened, facts from which readers and investigators can draw their own conclusions.

    For the purpose of what follows, I will assume readers are already familiar with the Wall Street Journal’s reporting on this matter.

    My role in these events began last spring, when I spent a great deal of time studying the series of Freedom of Information disclosures by the State Department of Hillary Clinton’s emails, and posting the parts I found most interesting—especially those relevant to computer security—on my public Twitter account. I was doing this not because I am some particular foe of Clinton’s—I’m not—but because like everyone else, I assumed she was likely to become the next President of the United States, and I believed her emails might provide some insight into key cybersecurity and national security issues once she was elected in November.

    A while later, on June 14, the Washington Post reported on a hack of the DNC ostensibly by Russian intelligence. When material from this hack began appearing online, courtesy of the “Guccifer 2” online persona, I turned my attention to looking at these stolen documents. This time, my purpose was to try and understand who broke into the DNC, and why.

    A few weeks later, right around the time the DNC emails were dumped by Wikileaks—and curiously, around the same time Trump called for the Russians to get get Hillary Clinton’s missing emails—I was contacted out the blue by a man named Peter Smith, who had seen my work going through these emails. Smith implied that he was a well-connected Republican political operative.

    Initially, I assumed the query must have been about my work on the DNC hack; after all, few people followed my account prior to the DNC breach, whereas my analysis of the break-in at the DNC had received considerably more coverage. I assumed his query about the “Clinton emails” was therefore a mistake and that he meant instead to talk to me about the emails stolen from the DNC. So I agreed to talk to him, thinking that, whatever my views on then-candidate Trump, if a national campaign wanted an independent non-partisan view on the facts surrounding the case, I should provide it to the best of my ability.

    Yet Smith had not contacted me about the DNC hack, but rather about his conviction that Clinton’s private email server had been hacked—in his view almost certainly both by the Russian government and likely by multiple other hackers too—and his desire to ensure that the fruits of those hacks were exposed prior to the election. Over the course of a long phone call, he mentioned that he had been contacted by someone on the “Dark Web” who claimed to have a copy of emails from Secretary Clinton’s private server, and this was why he had contacted me; he wanted me to help validate whether or not the emails were genuine.

    Under other circumstances, I would have gone no further. After all, this was occurring in the final stretch of a U.S. presidential election, and I did not feel comfortable, and had no interest in, providing material help to either of the campaigns beyond merely answering questions on my already public analysis of Clinton’s emails, or of the DNC hack. (I’m not a U.S. citizen or resident, after all.) In any case, my suspicion then and now was that Hillary Clinton’s email server was likely never breached by Russia, and moreover that if Russia had a copy of Clinton’s emails, they would not waste them in the run-up to an election she was likely to win. I thus thought Smith’s search for her emails was in vain.

    But following the DNC hack and watching the Russian influence campaign surrounding it unfold in near real-time, Smith’s comment about having been contacted by someone from the “Dark Web” claiming to have Clinton’s personal emails struck me as critically important. I wanted to find out whether this person was merely some fraudster wanting to take Smith for a ride or something more sinister: that is, whether Smith had been contacted by a Russian intelligence front with intent to use Smith as part of their scheme by laundering real or forged documents.

    I never found out who Smith’s contact on the “Dark Web” was. It was never clear to me whether this person was merely someone trying to dupe Smith out of his money, or a Russian front, and it was never clear to me how they represented their own credentials to Smith.

    Over the course of a few phone calls, initially with Smith and later with Smith and one of his associates—a man named John Szobocsan—I was asked about my observations on technical details buried in the State Department’s release of Secretary Clinton’s emails (such as noting a hack attempt in 2011, or how Clinton’s emails might have been intercepted by Russia due to lack of encryption). I was also asked about aspects of the DNC hack, such as why I thought the “Guccifer 2” persona really was in all likelihood operated by the Russian government, and how it wasn’t necessary to rely on CrowdStrike’s attribution as blind faith; noting that I had come to the same conclusion independently based on entirely public evidence, having been initially doubtful of CrowdStrike’s conclusions.

    Towards the end of one of our conversations, Smith made his pitch. He said that his team had been contacted by someone on the “dark web”; that this person had the emails from Hillary Clinton’s private email server (which she had subsequently deleted), and that Smith wanted to establish if the emails were genuine. If so, he wanted to ensure that they became public prior to the election. What he wanted from me was to determine if the emails were genuine or not.

    It is no overstatement to say that my conversations with Smith shocked me. Given the amount of media attention given at the time to the likely involvement of the Russian government in the DNC hack, it seemed mind-boggling for the Trump campaign—or for this offshoot of it—to be actively seeking those emails. To me this felt really wrong.

    In my conversations with Smith and his colleague, I tried to stress this point: if this dark web contact is a front for the Russian government, you really don’t want to play this game. But they were not discouraged. They appeared to be convinced of the need to obtain Clinton’s private emails and make them public, and they had a reckless lack of interest in whether the emails came from a Russian cut-out. Indeed, they made it quite clear to me that it made no difference to them who hacked the emails or why they did so, only that the emails be found and made public before the election.

    In the end, I never saw the actual materials they’d been given, and to this day, I don’t know whether there were genuine emails, or whether Smith and his associates were deluding themselves.

    By the middle of September, all contact between us ended. By this time, I had grown extremely uncomfortable with the situation, so when Smith and his colleague asked me to sign a non-disclosure agreement, I declined to do so. My suspicion was that the real purpose of the non-disclosure agreement was to retrospectively apply confidentiality to the conversations we had already had before that point. I refused to sign the non-disclosure and we went our separate ways.

    As I mentioned above, Smith and his associates’ knowledge of the inner workings of the campaign were insightful beyond what could be obtained by merely attending Republican events or watching large amounts of news coverage. But one thing I could not place, at least initially, was whether Smith was working on behalf of the campaign, or whether he was acting independently to help the campaign in his personal capacity.

    I’m sure readers are wondering: why did I keep quiet at the time? Actually, I didn’t. In the fall, prior to the election, I discussed the events of the story first with a friend, and secondly with a journalist. The trouble was that neither I nor the reporter in question knew what to make of the whole operation. It was certainly clear that the events were bizarre, and deeply unsettling. But it wasn’t reportable.

    After all, Clinton’s private emails never materialized. We couldn’t show that Smith had been in contact with actual Russians. And while I believed—as I still do—that he was operating with some degree of coordination with the campaign, that was at least a little murky too. The story just didn’t make much sense—that is, until the Journal yesterday published the critical fact that U.S. intelligence has reported that Russian hackers were looking to get emails to Flynn through a cut-out during the Summer of 2016, and this was no idle speculation on my part.

    Suddenly, my story seemed important—and ominous.

    ———-

    “The Time I Got Recruited to Collude with the Russians” by Matt Tait; Lawfare; 06/30/2017

    “By the middle of September, all contact between us ended. By this time, I had grown extremely uncomfortable with the situation, so when Smith and his colleague asked me to sign a non-disclosure agreement, I declined to do so. My suspicion was that the real purpose of the non-disclosure agreement was to retrospectively apply confidentiality to the conversations we had already had before that point. I refused to sign the non-disclosure and we went our separate ways.

    So after Tait, someone with no obvious outside connections to the Trump campaign, gets invited into this amazingly scandalous operation, and Peter Smith shares all these details about the Trump campaign’s inner workings with Tait but also shares with Tait how the Trump team claims to think it was dealing with Russian government hackers, only later does Smith try to get a non-disclosure agreement from Tait. It’s the latest indication that, if this whole narrative is real, this entire ‘op’ has got to be one of the worst in history from an operational security standpoint. The hacks by the ‘Russian hackers’ were a bad joke, and now we’re told the Trump team senior officials were involved in a corporation set up to obtained this hacked material from people they assumed were Russian government hackers. And they shared all this with an apparently outside who was former GCHQ. Before asking him to sign a non-disclosure agreement.

    While it’s kind of joke operation if they were truly trying to get these allegedly hacked HIllary emails into the public domain without the Trump team getting charged with colluding with the Russian government, if it was an operation set up to potentially get discovered later for the purpose of reinforcing the narrative that it was definitely Russian government hackers behind the DNC/Podesta hacks, and definitely not someone involved with the Trump team, then it kind of makes sense. Potentially discovered later. Like, if Trump lost and there were all sorts of investigation into Trump team activities or if Trump won and turned out to be an unhinged lunatic. A pre-planted limited hangout. Is that possible? Well, again, note one of the reasons Smith would have potentially found Tait a useful person to bring on board with this operation if establishing that narrative: Tait was more than happy to back up Crowdstrike’s shoddy analysis:


    Over the course of a few phone calls, initially with Smith and later with Smith and one of his associates—a man named John Szobocsan—I was asked about my observations on technical details buried in the State Department’s release of Secretary Clinton’s emails (such as noting a hack attempt in 2011, or how Clinton’s emails might have been intercepted by Russia due to lack of encryption). I was also asked about aspects of the DNC hack, such as why I thought the “Guccifer 2” persona really was in all likelihood operated by the Russian government, and how it wasn’t necessary to rely on CrowdStrike’s attribution as blind faith; noting that I had come to the same conclusion independently based on entirely public evidence, having been initially doubtful of CrowdStrike’s conclusions.

    Tait came around to Crowdstrike’s “Russian government hackers did view” based on some pretty questionable analysis.

    Beyond that, it’s hard to ignore the fact that two of the senior Trump officials, Kellyanne Conway and Steve Bannon, joined the Trump team from the Robert Mercer/Cambridge Analytica crew. It was a package deal. And as we’ve learned now about Cambridge Analytica, it’s got deep ties to conservative elements of the British intelligence community.

    So, first off, you have to wonder if Tait was recommended to the Trump team through someone tied to Cambridge Analytica. But beyond that, given that this story has become public at all, you have to wonder if this isn’t part of the Mercer crew basically pulling the lever and dumping Trump. It’s not like Trump hasn’t been a disaster when it comes to selling the American public on the Mercer/Koch pro-oligarch policy agenda. And there’s no sign he going to get less unhinged the more time he spends in office. Could we being seeing the first major limited hangout intended to take down Trump while maintaining the “Russian government hacker” narrative? Sure, there’s also the revelation of intelligence reports of Russian hackers discussing how to get into Hillary’s server and get the info to Flynn, but until we get more information on the nature of that intelligence it’s hard to put too much weight on it.

    So, since Peter Smith is behaving like a GOPer trying to get Trump removed to make way for President Pence (or Ryan), it’s worth noting that one of the best forms of revenge for Trump would be to take the rest of the GOP down with him. After all, isn’t that what’s Trump’s base voted for? Burning down the oligarch-wing of the party to implement an agenda for the little guy? And what better was for Trump to burn down the party than to admit to knowing his team was arranging for the hacks and that the rest of the senior GOP leadership was in on it or at least knew about it and worked to cover it up (until they decided to dump Trump). That’s assuming such evidence exists, but if it does, and Trump reveals it, he’ll probably be one of the most popular politicians in GOP history. Hopefully someone makes it clear to Trump that this is an option. And makes it clear to him soon. At this point, what does he have to lose?

    Sure, there’s probably plenty of blackmail material on him, but if Trump brings down the GOP big wigs, no one is going to care about all that blackmail material. Trump might be a far-right fascists nut job, but he’s just one. There’s a whole global network. And now, thanks to things like the 2016 hack attacks, Trump is in a position to do incredible damage to that global fascist network that appears to be turning on him and hanging him out to dry. Is he going to just take that? Isn’t he supposed to be a counter-puncher? Well, it looks like he’s getting punched big time. By his own team. Ouch.

    Posted by Pterrafractyl | July 1, 2017, 2:57 pm
  3. The #TrumpRussian story got a jolt of adrenaline over the weekend following a series of stories discussing a meeting that took place on June 9th, 2016, attended by Donald Trump Jr., Paul Manafort, and Jared Kushner after they were invited to meet with an Kremlin-linked attorney. What did they talk about? Well, according to the initial report, it was just a meeting about policies impacting child adoptions and the a lobbying effort to reverse the Magnitsky Act. And the fact that this meeting took place is openly acknowledged by Trump Jr. and Kushner:

    The New York Times

    Trump Team Met With Lawyer Linked to Kremlin During Campaign

    By JO BECKER, MATT APUZZO and ADAM GOLDMAN
    JULY 8, 2017

    Two weeks after Donald J. Trump clinched the Republican presidential nomination last year, his eldest son arranged a meeting at Trump Tower in Manhattan with a Russian lawyer who has connections to the Kremlin, according to confidential government records described to The New York Times.

    The previously unreported meeting was also attended by Mr. Trump’s campaign chairman at the time, Paul J. Manafort, as well as the president’s son-in-law, Jared Kushner, according to interviews and the documents, which were outlined by people familiar with them.

    While President Trump has been dogged by revelations of undisclosed meetings between his associates and Russians, this episode at Trump Tower on June 9, 2016, is the first confirmed private meeting between a Russian national and members of Mr. Trump’s inner circle during the campaign. It is also the first time that his son Donald Trump Jr. is known to have been involved in such a meeting.

    Representatives of Donald Trump Jr. and Mr. Kushner confirmed the meeting after The Times approached them with information about it. In a statement, Donald Jr. described the meeting as primarily about an adoption program. The statement did not address whether the presidential campaign was discussed.

    The Russian lawyer invited to the Trump Tower meeting, Natalia Veselnitskaya, is best known for mounting a multipronged attack against the Magnitsky Act, an American law that blacklists suspected Russian human rights abusers. The law so enraged Mr. Putin that he retaliated by halting American adoptions of Russian children.

    The adoption impasse is a frequently used talking point for opponents of the Magnitsky Act. Ms. Veselnitskaya’s campaign against the law has also included attempts to discredit its namesake, Sergei L. Magnitsky, a lawyer and auditor who died in mysterious circumstances in a Russian prison in 2009 after exposing one of the biggest corruption scandals during Mr. Putin’s rule.

    Ms. Veselnitskaya was formerly married to a former deputy transportation minister of the Moscow region, and her clients include state-owned businesses and a senior government official’s son, whose company was under investigation in the United States at the time of the meeting. Her activities and associations had previously drawn the attention of the F.B.I., according to a former senior law enforcement official.

    In his statement, Donald Trump Jr. said: “It was a short introductory meeting. I asked Jared and Paul to stop by. We primarily discussed a program about the adoption of Russian children that was active and popular with American families years ago and was since ended by the Russian government, but it was not a campaign issue at the time and there was no follow up.”

    He added: “I was asked to attend the meeting by an acquaintance, but was not told the name of the person I would be meeting with beforehand.”

    Late Saturday, Mark Corallo, a spokesman for the president’s lawyer, issued a statement implying that the meeting was a setup. Ms. Veselnitskaya and the translator who accompanied her to the meeting “misrepresented who they were,” it said.

    In an interview, Mr. Corallo explained that Ms. Veselnitskaya, in her anti-Magnitsky campaign, employs a private investigator whose firm, Fusion GPS, produced an intelligence dossier that contained unproven allegations against the president. In a statement, the firm said, “Fusion GPS learned about this meeting from news reports and had no prior knowledge of it. Any claim that Fusion GPS arranged or facilitated this meeting in any way is false.”

    Donald Trump Jr. had denied participating in any campaign-related meetings with Russian nationals when he was interviewed by The Times in March. “Did I meet with people that were Russian? I’m sure, I’m sure I did,” he said. “But none that were set up. None that I can think of at the moment. And certainly none that I was representing the campaign in any way, shape or form.”

    Asked at that time whether he had ever discussed government policies related to Russia, the younger Mr. Trump replied, “A hundred percent no.”

    The Trump Tower meeting was not disclosed to government officials until recently, when Mr. Kushner, who is also a senior White House aide, filed a revised version of a form required to obtain a security clearance. The Times reported in April that he had failed to disclose any foreign contacts, including meetings with the Russian ambassador to the United States and the head of a Russian state bank. Failure to report such contacts can result in a loss of access to classified information and even, if information is knowingly falsified or concealed, in imprisonment.

    Mr. Kushner’s advisers said at the time that the omissions were an error, and that he had immediately notified the F.B.I. that he would be revising the filing. They also said he had met with the Russians in his official transition capacity as a main point of contact for foreign officials.

    In a statement on Saturday, Mr. Kushner’s lawyer, Jamie Gorelick, said: “He has since submitted this information, including that during the campaign and transition, he had over 100 calls or meetings with representatives of more than 20 countries, most of which were during transition. Mr. Kushner has submitted additional updates and included, out of an abundance of caution, this meeting with a Russian person, which he briefly attended at the request of his brother-in-law Donald Trump Jr. As Mr. Kushner has consistently stated, he is eager to cooperate and share what he knows.”

    Mr. Kushner’s lawyers addressed questions about his disclosure but deferred to Donald Trump Jr. on questions about the meeting itself.

    Mr. Manafort, the former campaign chairman, also recently disclosed the meeting, and Donald Trump Jr.’s role in organizing it, to congressional investigators who had questions about his foreign contacts, according to people familiar with the events.

    A spokesman for Mr. Manafort declined to comment. In response to questions, Ms. Veselnitskaya said the meeting lasted about 30 minutes and focused on the Magnitsky Act and the adoption issue.

    “Nothing at all was discussed about the presidential campaign,” she said, adding, “I have never acted on behalf of the Russian government and have never discussed any of these matters with any representative of the Russian government.”

    Because Donald Trump Jr. does not serve in the administration and does not have a security clearance, he was not required to disclose his foreign contacts. Federal and congressional investigators have not publicly asked for any records that would require his disclosure of Russian contacts. It is not clear whether the Justice Department was aware of the meeting before Mr. Kushner disclosed it recently. Neither Mr. Kushner nor Mr. Manafort was required to disclose the content of the meeting in their government filings.

    During the campaign, Donald Trump Jr. served as a close adviser to his father, frequently appearing at campaign events. Since the president took office, the younger Mr. Trump and his brother, who have worked for the Trump Organization for most of their adult lives, assumed day-to-day control of their father’s real estate empire.

    A quick internet search reveals Ms. Veselnitskaya as a formidable operator with a history of pushing the Kremlin’s agenda. Most notable is her campaign against the Magnitsky Act, which provoked a Cold War-style, tit-for-tat row with the Kremlin when President Barack Obama signed it into law in 2012.

    Under the law, some 44 Russian citizens have been put on a list that allows the United States to seize their American assets and deny them visas. The United States asserts that many of them are connected to fraud exposed by Mr. Magnitsky, who after being jailed for more than a year was found dead in his cell. A Russian human rights panel found that he had been assaulted. To critics of Mr. Putin, Mr. Magnitsky, in death, became a symbol of corruption and brutality in the Russian state.

    An infuriated Mr. Putin has called the law an “outrageous act,” and, in addition to banning American adoptions, compiled what became known as an “anti-Magnitsky” blacklist of United States citizens.

    In May, the president fired the F.B.I. director, James B. Comey, who days later provided information about a meeting with Mr. Trump at the White House. According to Mr. Comey, the president asked him to end the bureau’s investigation into Mr. Flynn; Mr. Trump has repeatedly denied making such a request. Robert S. Mueller III, a former F.B.I. director, was then appointed as special counsel.

    The status of Mr. Mueller’s investigation is not clear, but he has assembled a veteran team of prosecutors and agents to dig into any possible collusion.

    ———-

    “Trump Team Met With Lawyer Linked to Kremlin During Campaign” by JO BECKER, MATT APUZZO and ADAM GOLDMAN; The New York Times; 07/08/2017

    Representatives of Donald Trump Jr. and Mr. Kushner confirmed the meeting after The Times approached them with information about it. In a statement, Donald Jr. described the meeting as primarily about an adoption program. The statement did not address whether the presidential campaign was discussed.”

    As we can see, the ‘fake news’ charge isn’t going to work for this story. Jared Kushner and Trump Jr. both confirmed it. And the whole meeting was first disclose after Kushner amended his security clearance disclosure forms:


    The Trump Tower meeting was not disclosed to government officials until recently, when Mr. Kushner, who is also a senior White House aide, filed a revised version of a form required to obtain a security clearance. The Times reported in April that he had failed to disclose any foreign contacts, including meetings with the Russian ambassador to the United States and the head of a Russian state bank. Failure to report such contacts can result in a loss of access to classified information and even, if information is knowingly falsified or concealed, in imprisonment.

    Mr. Kushner’s advisers said at the time that the omissions were an error, and that he had immediately notified the F.B.I. that he would be revising the filing. They also said he had met with the Russians in his official transition capacity as a main point of contact for foreign officials.

    But that doesn’t mean there wasn’t anything ‘fake’ in this report. Because as we learned the next day, the Trump team’s depiction of the purpose of this meeting as being focused on adoption policies was pretty fake. Or at least included a a giant omission: It turns out Trump Jr. was invited to the meeting after being told that he was going to be given damaging information on Hillary Clinton. No such information was ever given, we are told.

    But still, we now have reports that Trump Jr., Kushner, and Manafort attended a June 9th meeting with a Kremlin-linked lawyer and they showed up at this meeting expecting to receive damaging information on Hillary Clinton. And once again, the report is backed up by Donald Trump, Jr.’s own statements. He’s taking an ‘of course I would attend such a meeting! who wouldn’t?!’ approach to it all and spinning the offer of damaging info on Hillary as just a ruse intended to get the Trump team’s ear so they could be lobbied about child adoption policies. And, yes, that’s an incredibly absurd and cynical way to spin it, but that’s actually the Trump, Jr’s spin: we tried to get the damaging Hillary info from the Russians but it was all a ruse. So no harm, no foul. And anyone else would have done the same!:

    The Washington Post

    Donald Trump Jr. met with Russian lawyer during presidential campaign after being promised information helpful to father’s effort

    By Rosalind S. Helderman and Tom Hamburger
    July 9, 2017 at 6:36 PM

    Donald Trump Jr., the president’s son, said in a statement Sunday that a Russian lawyer with whom he met in June 2016 claimed she could provide potentially damaging information about his father’s likely Democratic opponent, Hillary Clinton.

    He said he had agreed to the meeting at Trump Tower in New York because he was offered information that would be helpful to the campaign of his father, then the presumptive GOP presidential nominee.

    At the meeting, which also included the candidate’s son-in-law, Jared Kushner, and then-campaign chairman, Paul Manafort, the Russian lawyer opened by saying she knew about Russians funding the Democratic National Committee and Clinton, the statement said.

    Trump Jr. said that her comments during the meeting were “vague, ambiguous and made no sense” and that she then changed the subject to discuss a prohibition that the Russian government placed on the adoption of Russian children as retaliation for sanctions imposed by Congress in 2012.

    Donald Jr. said that his father “knew nothing of the meeting or these events” and that the campaign had no further contact with the woman after the 20- to 30-minute session.

    The president’s son did not disclose the discussion when the meeting was first made public by the New York Times on Saturday and did so only on Sunday as the Times prepared to report that he had been offered information on Clinton at the session.

    The revelations about the meeting come as federal prosecutors and congressional investigators explore whether the Trump campaign coordinated and encouraged Russian efforts to intervene in the election to hurt Clinton and elect Trump. Hackers began leaking emails stolen from the Democratic Party in July 2016, and U.S. intelligence agencies have said the effort was orchestrated by Russia to help elect Trump.

    The meeting suggests that some Trump aides were in the market to collect negative information that could be used against Clinton — at the same time that U.S. government officials have concluded Russians were collecting such data.

    Trump officials have vigorously denied they colluded with Russia in any way.

    In his statement, Trump Jr. said he did not know the lawyer’s name, Natalia Veselnitskaya, before attending the meeting at the request of an acquaintance. He said that after pleasantries were exchanged, the lawyer told him that “she had information that individuals connected to Russia were funding the Democratic National Committee and supporting Ms. Clinton.”

    “No details or supporting information was provided or even offered. It quickly became clear that she had no meaningful information,” he said, saying he concluded that claims of helpful information for the campaign had been a “pretext” for setting up the meeting.

    Mark Corallo, a spokesman for Trump’s attorney, said Trump was unaware of the meeting and did not attend it.

    Neither Manafort nor his spokesman responded to requests for comment Sunday evening. Attorneys for Kushner also did not respond to requests for comment Sunday. On Saturday, a Kushner attorney, Jamie Gorelick, said her client had previously revised required disclosure forms to note multiple meetings with foreign nationals, including the session in June with Veselnitskaya. “As Mr. Kushner has consistently stated, he is eager to cooperate and share what he knows,” Gorelick said.

    In his statement, Trump Jr. said he was approached about the meeting by an acquaintance he knew from the 2013 Miss Universe pageant.

    He did not name the acquaintance, but in an interview Sunday, Rob Goldstone, a music publicist who is friendly with Trump Jr., told The Washington Post that he had arranged the meeting at the request of a Russian client and had attended it along with Veselnitskaya.

    Goldstone has been active with the Miss Universe pageant and works as a manager for Emin Agalarov, a Russian pop star whose father is a wealthy Moscow developer who sponsored the pageant in the Russian capital in 2013.

    Goldstone would not name the client. He said Veselnitskaya wanted to discuss ways that Trump could be helpful about the Russian government’s adoption issue should he be elected president.

    “Once she presented what she had to say, it was like, ‘Can you keep an eye on it? Should [Trump] be in power, maybe that’s a conversation that he may have in the future?’” Goldstone said.

    In the Sunday interview, Goldstone did not describe the conversation about Clinton or indicate that he had told Trump Jr. that he could provide information helpful to the campaign. He did not respond to a second request for comment late Sunday. Likewise, a spokeswoman for Donald Trump Jr. did not respond when asked whether Goldstone was the acquaintance to whom the president’s son was referring.

    His role in the meeting has not been previously reported.

    ———-

    “Donald Trump Jr. met with Russian lawyer during presidential campaign after being promised information helpful to father’s effort” by Rosalind S. Helderman and Tom Hamburger; The Washington Post; 07/09/2017

    ““No details or supporting information was provided or even offered. It quickly became clear that she had no meaningful information,” he said, saying he concluded that claims of helpful information for the campaign had been a “pretext” for setting up the meeting

    Poor Don Jr. He thought he was going to get some ‘helpful information’ but it just turned out to be lure to set him up for a lobbying pitch. Uh huh.

    So Donald Trump Jr. is now openly admitting this meeting happened. But here’s what adds to the mystery: It’s not just Trump Jr’s admissions to the press that’s bringing us this story. There are five senior White House advisors who are anonymously acting as sources for this:

    Talking Points Memo
    Editor’s Blog

    Taking Stock of the Times Blockbuster

    By Josh Marshall
    Published July 9, 2017 6:56 pm

    I want to share a few initial thoughts on this afternoon’s Times blockbuster. If you have not seen it yet, yesterday the Times reported that Donald Trump Jr., along with Jared Kushner and Paul Manafort, met last year with a Russian lawyer with close ties to the Kremlin, Natalia Veselnitskaya, about something called the Magnitsky Act. Magnitsky is a sort of mini-sanctions law passed in 2012 which Russia has wanted overturned ever since. (The details of Magnitsky are important but we’ll discuss them later.) That in itself was a major story. This afternoon they followed up with additional details that made it a genuine blockbuster: according to the Times, Trump took the meeting because he was promised that he would receive damaging information about Hillary Clinton.

    This is a very big story in that it gets quite close to the first evidence of collusion between the Russian government and the Trump campaign during the 2016 campaign. At a minimum, Trump Jr was open to receiving damaging information about Clinton from Russian nationals who a simple Google search would identify as being closely allied with the Kremlin.

    Let me share a few thoughts.

    1. What I suspect is the most important detail in this story is the sources. The Times reports that they got the information from “three advisers to the White House briefed on the meeting and two others with knowledge of it.” They apparently talked after the release of the first story. This is highly, highly significant. Needless to say, advisors to the White House are not in the business of taking highly damaging stories and volunteering new information which makes them catastrophically damaging. The only reason a President’s allies ever do something like that is either to get ahead of something much more damaging or get a first crack at shaping the public understanding of something much more damaging. There’s really no other explanation. We don’t know yet what drove them to volunteer such highly damaging information. Five of them did it. It wasn’t a matter of one person going rogue.

    2. The Times story doesn’t say whether any damaging information was provided to Trump Jr. It will be interesting to find out whether Veselnitskaya did share any such information.

    3. It is always revealing if someone’s explanation of damaging information is both damning in itself and absurd on its face. Here’s a statement that Donald Trump Jr released to multiple news organizations in response to the latest Times story.

    JUST IN: Donald Trump Jr. responds to reports that he met with Kremlin-linked lawyer during campaign pic.twitter.com/5mqRX38Wio— NBC News (@NBCNews) July 9, 2017

    While Trump Jr. does not say here that he met with Veselnitskaya to get damaging information about Clinton, he confirms that he was there for information that would help the campaign. Once that didn’t pan out, he concluded the meeting was a bust. Veselnitskaya’s claim that Russia was funding the Clinton campaign seems preposterous. Trump Jr. himself seems to suggest as much. But I’m not saying it is a preposterous accusation. I think it’s preposterous as part of Trump Jr.’s story. It’s true that the first Wikileaks email release came roughly six weeks after this meeting, which occurred on June 9th. The first report that Russian government operatives had hacked into the DNC servers came one week later on June 14th. But Trump’s disturbingly close ties to Russia and affinity for Putin was already a topic of active discussion. Meanwhile, Putin was known to be particularly hostile to Hillary Clinton. This whole story just doesn’t add up.

    Again, yesterday Trump Jr. said he met with Veselnitskaya to discuss the Magnitsky Act and Russian adoptions. Today he says he was lured into the meeting on the pretext of getting campaign information and only later had the Magnitsky Act sprung on him. His story changed completely after one day.

    4. Trump Jr. says in the statement that his father knew nothing about this. They know it’s bad and want to insulate the President.

    5. May, June and July 2016 are critical months in the Russia story. A huge amount of stuff of consequence happened just in July. There are already suggestions, as yet unproven, that a top Trump associate was offered caches of email in the months or weeks just prior to the first Wikileaks release on July 22nd, 2016. This story sounds quite similar, or at least the opening gambit to such an offer.

    ———-

    “Taking Stock of the Times Blockbuster” by Josh Marshall; Talking Points Memo; 07/09/2017

    “What I suspect is the most important detail in this story is the sources. The Times reports that they got the information from “three advisers to the White House briefed on the meeting and two others with knowledge of it.” They apparently talked after the release of the first story. This is highly, highly significant. Needless to say, advisors to the White House are not in the business of taking highly damaging stories and volunteering new information which makes them catastrophically damaging. The only reason a President’s allies ever do something like that is either to get ahead of something much more damaging or get a first crack at shaping the public understanding of something much more damaging. There’s really no other explanation. We don’t know yet what drove them to volunteer such highly damaging information. Five of them did it. It wasn’t a matter of one person going rogue.”

    Yep, we didn’t just see a pair of a blockbuster reports come out over the weekend. We saw was appears to be a coordinate high-level White House public relations campaign. Some sort of limited hangout that appears to be intended to get ahead of something. What could that something be? Well, whatever it is it’s something worse than the story that Trump Jr. is now admitting to. And as Josh Marshall speculates, what we’re seeing might have less to do with the White House preemptively working to shape the narrative and instead have more to do with the rest of these White House advisors – who are, themselves, at risk of getting dragged into the legal morass that Trump Jr. is now clearly in – preemptively throwing Trump Jr. under the bus in the hopes of cushioning their own legal blows:

    Talking Points Memo
    Editor’s Blog

    The Sunday Afternoon of the Long Knives?

    By Josh Marshall
    Published July 10, 2017 3:44 pm

    Yesterday I noted that the biggest thing in the Times‘ Don Jr article was the sourcing. The story came, apparently unprompted or voluntarily, from what the Times identified as 5 advisors to the White House. Top Trump advisors don’t casually drop incredibly damaging information about the President’s son for no reason. You do that to get ahead of something bigger.

    But … remember, this is Trump World. And now I realize there’s a quite different potential explanation, but in the spirit of Trump’s Razor (perhaps Trump’s Razor by Proxy?) the stupidest one possible.

    Let’s speak entirely hypothetically. We tend to think of Donald Trump and his top advisors and associates as something of a group. But really there are numerous players, each with their own particular and distinct legal exposure. Many of them are driven by comical but intense feuds with each other. Flynn, Kushner, Manafort and a bunch of others are already in profound legal jeopardy. Anyone already in hot water might see advantage in making Don Jr the center of attention in the scandal. Not smart or longterm thinking but thinking nonetheless.

    Who else might have it in for Don Jr? Well, what about Corey Lewandowski? Lewandowski was canned on June 20th, 2016, a bit less than two weeks after Don Jr’s meeting with that Russian lawyer. He’d be in a position to know the details of the meeting since he was still at least nominally still the campaign manager. And Lewandowski was reportedly fired after an intervention with Trump by his kids, Ivanka and Don Jr and Jared Kushner (my sense is at this point is that Eric is only allowed to run the winery). It also wouldn’t be the first time. One of the things that got Lewandowski fired was that he started shopping dirt to reporters. That was reckless and stupid and poorly executed. It wouldn’t be the first time.

    Flynn, Manafort and perhaps Flynn’s ne’er-do-well son also look like logical culprits. But it’s not clear any of them could still be reasonable called advisors – though we cannot rule out at least the first two from still advising from the outside. Remember, the White House Counsel has reportedly had to warn Trump repeatedly against contact with Flynn (it’s a bit like a Mary Kay Letourneau situation). But Lewandowski has definitely been back in the fold, even coming close to being hired a month or so ago to run a Russia war room.

    These are all purely hypotheticals. It remains key that five people that the Times chose to call advisors to the White House talked to the Times. That’s a lot of people. But today I get the sense that the story is one I should have considered more fully yesterday: one of the biggest threats to the Trump White House is the kind of dingbat, spy v spy infighting and blood feuds we’ve observed already but likely only know the half of. In a normal White House this might just lead to lots of bad press and lack of esprit de corps. Reagan’s White House was a bit notorious for this. But when numerous advisors, in and outside the White House, are looking at profound legal jeopardy, the stakes get a lot higher.

    ———-

    “The Sunday Afternoon of the Long Knives?” by Josh Marshall; Talking Points Memo; 07/20/2017

    “These are all purely hypotheticals. It remains key that five people that the Times chose to call advisors to the White House talked to the Times. That’s a lot of people. But today I get the sense that the story is one I should have considered more fully yesterday: one of the biggest threats to the Trump White House is the kind of dingbat, spy v spy infighting and blood feuds we’ve observed already but likely only know the half of. In a normal White House this might just lead to lots of bad press and lack of esprit de corps. Reagan’s White House was a bit notorious for this. But when numerous advisors, in and outside the White House, are looking at profound legal jeopardy, the stakes get a lot higher

    Don’t forget: there could be any number of people looking at potential treason charges if the worst-case scenario really does pan out and the Trump team was knowingly taking anti-Hillary info from the Russian government. And once Jared Kushner revised his disclosure forms and revealed this meeting took place, the public discovery of this meeting was sort of a ticking time-bomb for the Trump team. It wasn’t of a matter of if it got revealed but when. And, sure enough, we have this one-two punch of major stories coming from give White House advisors that’s making Donald Trump Jr., Jared Kushner, and Paul Manafort at the top of the list of Trump team members who knowingly colluded with the Russian government. If these stories were an attempt to shape the narrative, it appears to be intended to shape it in a manner that limits the collusion blame to those three individuals.

    So when we’re asking cui bono about the this story, the biggest beneficiary is obviously Donald Trump himself. But with five advisors acting as sources for this story it’s a reminder that it could be a lot more than just Trump who’s trying to cover their ass at this point.

    And there’s another interesting angle to all this: Remember the mystery of the Alfa bank server and its unexplained communications with a Trump-associated server? Well, it turns out that the first big spike in traffic between the servers started in mid-June, shortly after the June 9th meeting (see the screenshot of the traffic and how it spikes for the first time in Mid-June from the 10/31/2016 Slate article). So who knows if the Alfa bank server mystery is about to get reignited too.

    All we know at this point is that Donald Trump Jr., Jared Kushner, and Paul Manafort appear to have been thrown under the bus by a group of White House insiders. And Don Jr. is helping to throw himself under the bus with tweets like this:

    Obviously I'm the first person on a campaign to ever take a meeting to hear info about an opponent… went nowhere but had to listen. https://t.co/ccUjL1KDEa— Donald Trump Jr. (@DonaldJTrumpJr) July 10, 2017

    So Don Jr. is looking rather disposable at this point. Which makes sense since he’s not officially part of the Trump administration at this point and can presumably be trusted to deflect as much as he can away from his dad. Same with Jared. Sort of. Filling his shoes in the administration will be an interesting task if he leaves. But it’s looking like Trump’s son and son-in-law could be the next victims of #TrumpRussiaGate.

    And in other news, Steve Bannon, a top advisor who wasn’t yet part of Trump’s team during the June 9th meeting, is now reportedly back in Trump’s good graces. Interesting timing…

    Posted by Pterrafractyl | July 10, 2017, 3:45 pm
  4. Well, it’s looking like the #TrumpRussia investigation could be transition from “Did the Russian government attempt to help to the Trump campaign?” to “How exactly did the the Russian government attempt to help the Trump campaign?”: According to three people with knowledge of an email sent by Rob Goldstone – the talent agent who arranged the now notorious June 9th, 2016 – specifically stated that the damaging information on Hillary Clinton that was to be provided at the meeting was coming from the Russian government and part of an attempt by the government to help Trump’s campaign. That was apparently in the opening email Goldstone sent to Trump Jr. And Trump Jr. decided to go to the meeting anyway. Along with Kushner and Manafort:

    The New York Times

    Trump Jr. Was Told in Email of Russian Effort to Aid Campaign

    By MATT APUZZO, JO BECKER, ADAM GOLDMAN and MAGGIE HABERMAN
    JULY 10, 2017

    WASHINGTON — Before arranging a meeting with a Kremlin-connected Russian lawyer he believed would offer him compromising information about Hillary Clinton, Donald Trump Jr. was informed in an email that the material was part of a Russian government effort to aid his father’s candidacy, according to three people with knowledge of the email.

    The email to the younger Mr. Trump was sent by Rob Goldstone, a publicist and former British tabloid reporter who helped broker the June 2016 meeting. In a statement on Sunday, Mr. Trump acknowledged that he was interested in receiving damaging information about Mrs. Clinton, but gave no indication that he thought the lawyer might have been a Kremlin proxy.

    Mr. Goldstone’s message, as described to The New York Times by the three people, indicates that the Russian government was the source of the potentially damaging information. It does not elaborate on the wider effort by Moscow to help the Trump campaign.

    There is no evidence to suggest that the promised damaging information was related to Russian government computer hacking that led to the release of thousands of Democratic National Committee emails. The meeting took place less than a week before it was widely reported that Russian hackers had infiltrated the committee’s servers.

    But the email is likely to be of keen interest to the Justice Department and congressional investigators, who are examining whether any of President Trump’s associates colluded with the Russian government to disrupt last year’s election. American intelligence agencies have determined that the Russian government tried to sway the election in favor of Mr. Trump.

    The Times first reported on the existence of the meeting on Saturday, and a fuller picture has emerged in subsequent days.

    Alan Futerfas, the lawyer for the younger Mr. Trump, said his client had done nothing wrong but pledged to work with investigators if contacted.

    “In my view, this is much ado about nothing. During this busy period, Robert Goldstone contacted Don Jr. in an email and suggested that people had information concerning alleged wrongdoing by Democratic Party front-runner, Hillary Clinton, in her dealings with Russia,” he told The Times in an email on Monday. “Don Jr.’s takeaway from this communication was that someone had information potentially helpful to the campaign and it was coming from someone he knew. Don Jr. had no knowledge as to what specific information, if any, would be discussed.”

    It is unclear whether Mr. Goldstone had direct knowledge of the origin of the damaging material. One person who was briefed on the emails said it appeared that he was passing along information that had been passed through several others.

    Jared Kushner, Mr. Trump’s son-in-law, and Paul J. Manafort, the campaign chairman at the time, also attended the June 2016 meeting in New York. Representatives for Mr. Kushner referred requests for comments back to an earlier statement, which said he had voluntarily disclosed the meeting to the federal government. He has deferred questions on the content of the meeting to Donald Trump Jr.

    A spokesman for Mr. Manafort declined to comment.

    But at the White House, the deputy press secretary, Sarah Huckabee Sanders, was adamant from the briefing room lectern that “the president’s campaign did not collude in any way. Don Jr. did not collude with anybody to influence the election. No one within the Trump campaign colluded in order to influence the election.”

    In a series of tweets, the president’s son insisted he had done what anyone connected to a political campaign would have done — hear out potentially damaging information about an opponent. He maintained that his various statements about the meeting were not in conflict.

    “Obviously I’m the first person on a campaign to ever take a meeting to hear info about an opponent… went nowhere but had to listen,” he wrote in one tweet. In another, he added, “No inconsistency in statements, meeting ended up being primarily about adoptions. In response to further Q’s I simply provided more details.”

    The younger Mr. Trump, who had a reputation during the campaign for having meetings with a wide range of people eager to speak to him, did not join his father’s administration. He runs the family business, the Trump Organization, with his brother Eric.

    On Monday, after news reports that he had hired a lawyer, he indicated in a tweet that he would be open to speaking to the Senate Intelligence Committee, one of the congressional panels investigating Russian meddling in the election. “Happy to work with the committee to pass on what I know,” the younger Mr. Trump wrote.

    Mr. Goldstone represents the Russian pop star Emin Agalarov, whose father was President Trump’s business partner in bringing the Miss Universe pageant to Moscow in 2013. In an interview Monday, Mr. Goldstone said he was asked by Mr. Agalarov to set up the meeting with Donald Trump Jr. and the Russian lawyer, Natalia Veselnitskaya.

    “He said, ‘I’m told she has information about illegal campaign contributions to the D.N.C.,’” Mr. Goldstone recalled, referring to the Democratic National Committee. He said he then emailed Donald Trump Jr., outlining what the lawyer purported to have.

    But Mr. Goldstone, who wrote the email over a year ago, denied any knowledge of involvement by the Russian government in the matter, saying that never dawned on him. “Never, never ever,” he said. Later, after the email was described to The Times, efforts to reach him for further comment were unsuccessful.

    In the interview, he said it was his understanding that Ms. Veselnitskaya was simply a “private citizen” for whom Mr. Agalarov wanted to do a favor. He also said he did not know whether Mr. Agalarov’s father, Aras Agalarov, a Moscow real estate tycoon known to be close to President Vladimir V. Putin of Russia, was involved. The elder Mr. Agalarov and the younger Mr. Trump worked together to bring a Trump Tower to Moscow, but the project never got off the ground.

    Mr. Goldstone also said his recollection of the meeting largely tracked with the account given by the president’s son, as outlined in the Sunday statement Mr. Trump issued in response to a Times article on the June 2016 meeting. Mr. Goldstone said the last time he had communicated with the younger Mr. Trump was to send him a congratulatory text after the November election, but he added that he did speak to the Trump Organization over the past weekend, before giving his account to the news media.

    Donald Trump Jr., who initially told The Times that Ms. Veselnitskaya wanted to talk about the resumption of adoption of Russian children by American families, acknowledged in the Sunday statement that one subject of the meeting was possibly compromising information about Mrs. Clinton. His decision to move ahead with such a meeting was unusual for a political campaign, but it was consistent with the haphazard approach the Trump operation, and the White House, have taken in vetting people they deal with ahead of time.

    But he said that the Russian lawyer produced nothing of consequence, and that the meeting ended after she began talking about the Magnitsky Act — an American law that blacklists Russians suspected of human rights abuses. The 2012 law so enraged Mr. Putin that he halted American adoptions of Russian children.

    Mr. Goldstone said Ms. Veselnitskaya offered “just a vague, generic statement about the campaign’s funding and how people, including Russian people, living all over the world donate when they shouldn’t donate” before turning to her anti-Magnitsky Act arguments.

    “It was the most inane nonsense I’ve ever heard,” he said. “And I was actually feeling agitated by it. Had I, you know, actually taken up what is a huge amount of their busy time with this nonsense?”

    Ms. Veselnitskaya, for her part, denied that the campaign or compromising material about Mrs. Clinton ever came up. She said she had never acted on behalf of the Russian government. A spokesperson for Mr. Putin said on Monday that he did not know Ms. Veselnitskaya, and that he had no knowledge of the June 2016 meeting.

    Ms. Sanders said at a news briefing that the American president had learned of the meeting recently, but she declined to discuss details.

    The White House press office, however, accused Mrs. Clinton’s team of hypocrisy. The office circulated a January 2017 article published in Politico, detailing how officials from the Ukranian government tried to help the Democratic candidate conduct opposition research on Mr. Trump and some of his aides.

    The president learned from his aides about the 2016 meeting at the end of the trip, according to a White House official. But some people in the White House had known for several days that it had occurred, because Mr. Kushner had revised his foreign contact disclosure document to include it.

    The president was frustrated by the news of the meeting, according to a person close to him — less over the fact that it had happened, and more because it was yet another story about Russia that had swamped the news cycle.

    ———-

    “Trump Jr. Was Told in Email of Russian Effort to Aid Campaign” by MATT APUZZO, JO BECKER, ADAM GOLDMAN and MAGGIE HABERMAN; The New York Times; 07/10/2017

    Mr. Goldstone’s message, as described to The New York Times by the three people, indicates that the Russian government was the source of the potentially damaging information. It does not elaborate on the wider effort by Moscow to help the Trump campaign.”

    So if that’s an accurate recounting of that email it would appear, at a minimum, that the Trump campaign was more than happy to knowingly collude with the Russian government. Which isn’t particularly surprising. What is surprising is that we now have three people, presumably people involved with the Trump campaign, who are telling reporters about it.

    And perhaps even more surprising is the idea that someone who would appear to be working on behalf of a Russian intelligence operation would send an email to a Trump campaign official that basically says ‘this information is from the Russian government because it wants to help you guys’. Is that really the kind of information you should put in an email? Well, when you zoom out and look at the incredible list of inexplicably reckless or amateurish mistakes made across this entire affair – the inexplicably revealing hacking mistakes, the inexplicably bad cover for “Guccifer” as a ‘Romanian hacker’ who can’t even speak Romanian, the various clues left in the leaked document meta data – yes, sending an email saying “I’m working for the Russian governmen!” is in keeping with the general level of spycraft on display throughout this entire operation.

    At the same time, notice how there’s no hint from any of these sources that this meeting in any way involved with hacked DNC material:


    There is no evidence to suggest that the promised damaging information was related to Russian government computer hacking that led to the release of thousands of Democratic National Committee emails. The meeting took place less than a week before it was widely reported that Russian hackers had infiltrated the committee’s servers.

    It is unclear whether Mr. Goldstone had direct knowledge of the origin of the damaging material. One person who was briefed on the emails said it appeared that he was passing along information that had been passed through several others.

    So it’s still very possible that this meeting didn’t involve DNC hacks, although timing was certainly suspicious.

    But one of the questions raised by the timing specifically ties into one of the biggest mysterious of the DNC/Podesta hacks: the question of why was the release of the hacked material done in a manner that so strongly pointed the finger back towards Russia? Because even if you assume that the DNC hacks were indeed carried out by the Russian government, once you factor in that the Trump team was apparently having open meetings with Russian government operatives before the hacked emails were released to the public there’s a big question about who released those emails. Did the Trump team receive the emails and then release them under the guise of ‘Guccifer 2.0’, or was that really a Russian agent? And did the Trump team add all those ‘I’m a Russian!’ meta-data fingerprints to the documents or was that the work of the Russian hackers? And if it was the Russian government that added all these ‘I’m a Russian’ clues to the release of the hack, did they do that as part of the quid pro quo with the Trump team? Sort of a “we’ll take the blame, in exchange for [insert quo here]” arrangement?

    In other words, while there’s generally been a dismissal of all the various ‘mistakes’ that were made by the alleged ‘Russian hackers’ that raise all sorts of questions about the nature of the hack, it’s important to remember that all these in-your-face ‘mistakes’, if intentionally done and if done by actual Russian hackers, point towards an even higher ‘price’ that the Trump team would have had to pay for such a service. Because as the media coverage of the 2016 hackings has amply demonstrated, there’s been almost no suspicions that the Trump team was directly involved in carrying out those hacks. It was concluded early on that it was the Russians and all those inexplicable ‘mistakes’ were key pieces of ‘evidence’ that it was indeed Russian hackers. If those ‘mistakes’ were intentional and this really was done by Russian government hackers, those ‘mistakes’ were pretty valuable to the Trump campaign. At least in the short run, during the campaign since the obvious other suspect for the hacks would have been the Trump campaign itself. So all those hacker ‘mistakes’ bought Trump some plausible deniability, albeit at the cost of charges of Russian collusion. Was that a ‘service’ being offered?

    Of course, now that Trump is president, all those hacker ‘mistakes’ pointing towards Russian hackers has swamped his administration in a sea of investigations that could end up consuming his administration and personal empire. So if the Russian government really did do these hacks, and really did leave all these Russian ‘fingerprints’ intentionally as a kind of service to Trump, it’s hard to say that it was a service worth requesting. And given the long-term damage this whole affair could do to US-Russian relations it would be baffling if the Russian government ever considered taking the blame for such an operation even with the payout of a friendly Trump administration being dangling in front of them. The cost-benefit ratio is just horrible, especially if Russia intentionally took the blame which would inevitably hamper the ability of a friendly Trump administration from doing things like easing sanctions.

    Or did the Trump team receive a bunch of hacked emails and then themselves decide to distribute them in a manner that made it look like Russian hackers did it? That would also explain those hacker ‘mistakes’.

    At this point, simply trying to figuring out what kind of basic rationale was being employed by all of the various actors involved with the situation is become increasingly difficult as a story of increasingly unreasonable people and actions unfolds. What we know for sure is that three people with a close connection to this story are making sure this is a really, really big story right now. Is this all a setup for a big disappointment or the begin of the end of the Trump administration? We’ll see.

    Posted by Pterrafractyl | July 10, 2017, 8:28 pm
  5. @Pterrafractyl–

    Note the role of CIA operative, and FBI informant, and convicted organized figure Felix Sater in brand Trumpo’s business ventures in Russia that ultimately led to the association with this group. Note, also, that Sater’s name was largely eclipsed in the discussion of Trump’s meeting with a Ukrainian lawyer to discuss lifting sanctions against Russia.

    https://www.forbes.com/sites/chasewithorn/2017/03/20/inside-trumps-russia-connections-the-felon-and-the-pop-star/#3d8afe343a47

    Best,

    Dave

    Posted by Dave Emory | July 10, 2017, 9:18 pm
  6. @Dave: Another part of what this such an amazing story is that the whole thing has the feel of an intelligence operation – getting the Trump team to do something incriminating for later leverage – but specifically a casual and routine intelligence operation involving putting out feelers to see if the Trump team would be stupid enough to reply to such an incriminating offer. Like it’s not even serious at first, but then become serious after Trump, Jr. took the bait. They didn’t need to reel him in. He jumped in the damn boat himself!

    And the absurdity of the whole situation became much more transparent after a particularly ham-fisted attempt at damage control where Trump, Jr. decided to release what he says was the full email exchange with Rob Goldstone, the music publicist and acquaintance of Trump, Jr. who originally emailed Trump, Jr. about setting up the meeting. And, sure enough, those emails do provide some additional transparency about the situation. Very unsightly transparency: In the very first email to Trump Jr., Goldstone mentions how the “Crown prosecutor of Russia” wanted to help Trump. The very first email! It should have been immediately obvious that if Trump, Jr. responded to this inquiry with anything other than “No thanks” he was entering into potential Kompromat territory. But he took the bait. With glee. And the person who set the bait was Rod Goldstone, a Trump business partner/associate.

    So we appear to have a Trump business partner setting the Trump team up for some sort of kompromat and the Trump team, at least Don Jr., never appears to have suspected a thing! It raises the question of just how many similar situations Felix Sater corralled the Trump team into along with questions of which government he was working for at the time. And the same question now applies to the rest of Trump’s international business associates. Because if this is how the Trump team normally acts to such explosive inquiries from its business partners there must be political blackmail material on them all over the world:

    Talking Points Memo
    DC

    The Most Gobsmacking Details From Trump Jr.’s Russian Meeting Email Chain

    By Allegra Kirkland
    Published July 11, 2017 2:37 pm

    After months of incremental reports about meetings and business dealings that President Donald Trump’s associates had with Russian operatives over the course of the 2016 campaign, the motherlode of news bombshells dropped on Tuesday morning.

    Donald Trump, Jr. tweeted out what he said was his full email exchange with a family acquaintance who wanted to connect him with a “Russian government attorney” who could provide him dirt on his father’s likely presidential opponent, Hillary Clinton.

    The answers to swirling questions about what Trump Jr. knew going into the June 2016 sit-down with the lawyer, Natalia Veselnitskaya, came into crystal-clear focus. The emails revealed that the President’s eldest son, his son-in-law, Jared Kushner, and his campaign chairman, Paul Manafort, attended a meeting that had been expressly billed to Trump Jr. as an opportunity to obtain damaging information about Clinton as part of a Russian government effort to help the Trump campaign.

    Here are the most arresting details from Trump Jr.’s email exchange with that acquaintance, the music publicist Rob Goldstone.

    The promised Clinton dirt was part of a larger Russian government effort to help Trump

    Goldstone unequivocally says the “sensitive” information his contact has to share with Trump Jr. comes from the Russian government in their initial email exchange on June 3.

    “Emin just called and asking me to contact you with something very interesting,” Goldstone wrote. “The Crown prosecutor of Russia met with his father Aras this morning and in their meeting offered to provide the Trump campaign with some official documents and information that would incriminate Hillary and her dealings with Russia and would be very useful to your father.”

    There is no “Crown prosecutor” in Russia, and Goldstone may have been referring to that country’s Prosecutor General.

    “This is obviously very high level and sensitive information but is part of Russia and its government’s support for Mr. Trump,” Goldstone continued.

    When news of the meeting first broke over the weekend, Trump Jr. said his discussion with Veselnitskaya focused primarily on a program allowing U.S. citizens to adopt Russian children before admitting the next day that he’d attended the meeting because he was promised negative information about Clinton. Until he released these emails over Twitter, Trump Jr. had not acknowledged publicly that he knew ahead of time the person he met with was connected to Vladimir Putin’s government.

    Trump Jr. said he’d “love” the oppo, “especially later in the summer”

    If Trump’s eldest son was concerned about the source of the information he would receive, he gave Goldstone no indication.

    “If it’s what you say I love it especially later in the summer,” Trump Jr. told Goldstone in response to his initial email, expressly noting that it would be more useful to have after the conventions were wrapped and Clinton was formally named as the Democratic nominee.

    Goldstone made clear the meeting would be with a “Russian government attorney”

    Goldstone identifies the lawyer’s country of origin in two separate emails. In one June 7 email, he calls her “The Russian government attorney who is flying over from Moscow.” In an emails sent the following day, he refers to her as “the Russian attorney.”

    Trump Jr. has said he did not know the name of the lawyer before the meeting, and Veselnitskaya is not named in the emails he released. But he certainly knew where she was from.

    Manafort and Kushner were forwarded an email outlining the meeting’s purpose

    Manafort and Kushner were forwarded the entire email chain detailing the purpose and timing of the meeting, the New York Times reported Tuesday.

    Their names are visible on one exchange that Trump Jr. tweeted. That email updated them on the time of the gathering, with the subject line “FW: Russia – Clinton – private and confidential.”

    Trump Jr. also highlighted their expected attendance in his exchange with Goldstone, writing, “It will likely be Paul Manafort (campaign boss) my brother in law and me.”

    Goldstone was open to sharing the dirt with Donald Trump himself

    Goldstone apparently considered routing the Clinton dirt sourced from the Russian government to the presumptive Republican nominee himself. In that same June 3 exchange, he proposed passing the compromising information along to Trump through his longtime secretary, Rhona Graff.

    “I can also send this info to your father via Rhona, but it is ultra sensitive so wanted to send to you first,” Goldstone wrote to Trump Jr.

    ———-

    “The Most Gobsmacking Details From Trump Jr.’s Russian Meeting Email Chain” by Allegra Kirkland; Talking Points Memo; 07/11/2017

    ““Emin just called and asking me to contact you with something very interesting,” Goldstone wrote. “The Crown prosecutor of Russia met with his father Aras this morning and in their meeting offered to provide the Trump campaign with some official documents and information that would incriminate Hillary and her dealings with Russia and would be very useful to your father.””

    Yes, Goldstone straight up tells Trump, Jr. in an email that the top prosecutor in Russia agreed to help the Trump campaign with damaging information on Hillary Clinton (or at least implies that…there is no “Crown prosecutor of Russia”). And he also makes it clear that the lawyer Trump, Jr. would be meeting to get this damaging information is also a Russian government lawyer:


    Goldstone identifies the lawyer’s country of origin in two separate emails. In one June 7 email, he calls her “The Russian government attorney who is flying over from Moscow.” In an emails sent the following day, he refers to her as “the Russian attorney.”

    And Junior seems totally cool with all of this:


    “If it’s what you say I love it especially later in the summer,” Trump Jr. told Goldstone in response to his initial email, expressly noting that it would be more useful to have after the conventions were wrapped and Clinton was formally named as the Democratic nominee.

    Those were just some of the gems in the emails Trump, Jr. released today. And all of this is apparently news to the FBI and Special Counsel’s office.

    All in all, this whole thing almost looks more like an operation to get dirt on Trump as opposed to giving dirt to him. Although, who knows, maybe they gave Trump some dirt too. But since the form of damage control Trump, Jr. is employing at this point is to basically come out and say “yeah, we wanted to get this damaging info from the Russian government, but it didn’t pan out. So what’s the big deal?”, it’s worth noting that one of the many big deals is that the Trump team doesn’t seem capable of avoiding obvious self-incriminating situations.

    Posted by Pterrafractyl | July 11, 2017, 3:09 pm
  7. @Pterrafractyl–

    http://www.seattletimes.com/nation-world/how-the-miss-universe-pageant-led-to-trumps-son-meeting-with-a-russian-lawyer/

    “. . . .Sater worked on a plan for a Trump Tower in Moscow as recently as the fall of 2015, but he said that had come to a halt because of Trump’s presidential campaign. . . .”

    That was in the fall of 2015.

    In January of this year, as indicated in the “Forbes” article I linked in an above comment, Sater is also in Ukraine with Michael Cohen, working with a Ukrainian oligarch to lift sanctions against Russia.

    At least that’s what we are told.

    CIA, FBI (informant), Mafia–Sater touches all the bases.

    Best,

    Dave

    Posted by Dave Emory | July 11, 2017, 5:06 pm
  8. CNN has an article about a 2013 behind-the-scenes video taken during the Miss USA pageant in Las Vegas of Donald Trump meeting with three of the figures involved with the now notorious June 9th meeting with Donald Trump, Jr., Jared Kushner, and Paul Manafort. In the video, Trump, along with the lawyer Michael Cohen, are seen dining with Aras Agalarov, his son Emin, and Emin’s publicist Rob Goldstone. To a large extent there’s nothing particularly surprising about the video, but it’s certainly timely. Especially now that Aras Agalarov, the person who Goldstone claimed was in contact with Russia’s “Crown Prosecutor”, is denying over making the offer and also denying even knowing Goldstone (they’ve both seen together in the 2013 video). And while it’s pretty hard to behind that Aras doesn’t know his son’s publicist, the denials by Agalarov and his lawyer do raise a pretty good question that’s also raised by the 2013 video: given how chummy Trump and Agalarov appear to be (and they are quite chummy in the videos), why on Earth wouldn’t Agalarov just pick up the phone and call Trump directly with the offer of dirt on Hillary Clinton, as opposed to have Goldstone send a highly incriminating email?:

    CNN

    Exclusive: Video shows Trump with associates tied to email controversy

    By Jeremy Diamond
    Updated 5:21 PM ET, Wed July 12, 2017

    Washington (CNN)Video obtained exclusively by CNN offers a new look inside the web of relationships now at the center of allegations of collusion between Trump campaign associates and Russia.

    The video shows the future President Donald Trump attending a dinner with an Azerbaijani-Russian family who became Trump’s business partners in Las Vegas in June 2013. It also shows their publicist, Rob Goldstone, who would later send Donald Trump Jr. the emails that have brought the eldest Trump son to the center of the controversy over possible collusion between Trump campaign associates and Russia.

    Goldstone, who is also seen in the video talking with Trump, claimed in the 2016 emails that damaging information against Hillary Clinton surfaced after a meeting between someone Goldstone described as “the Crown prosecutor of Russia” and Aras Agalarov, an Azerbaijani-Russian billionaire with ties to Russian President Vladimir Putin. Goldstone then offered to set up a call between the younger Trump and Emin Agalarov, the billionaire’s son and a pop star Goldstone represents, to discuss the information.

    The video, obtained by CNN in the wake of the email disclosures, offers fresh insights into the warm relationship between Trump and the Agalarovs, which has been widely reported because Aras Agalarov and Emin Agalarov inked a multi-million dollar deal with Trump to bring the Miss Universe pageant to Moscow in 2013.

    The video was shot on June 15, 2013 in Las Vegas on the eve of the Miss USA pageant where Trump would officially announce the deal to bring the Miss Universe contest to Moscow. The footage, a series of clips from the eve of the Miss USA pageant, documents more than three minutes of interactions between Trump, the Agalarovs and Goldstone.

    Donald Trump Jr. does not appear in the video obtained by CNN, but several other top Trump associates do — including Trump’s personal attorney, Michael Cohen, and his long-time aide and current director of Oval Office operations, Keith Schiller, who are both in the video.

    The clips show Trump engaged in animated conversation with the Agalarov men and Goldstone.

    During dinner, Trump is seated across from Aras Agalarov and beside Emin Agalarov — who in turn is seated next to Goldstone. At one point in the clip, Trump and Goldstone engage in a brief conversation while the younger Agalarov leans into the table.

    The next day, Trump lavishes praise on the Agalarovs at the Miss USA 2013 red carpet, calling them “the most powerful people in all of Russia.”

    “These are the most powerful people in all of Russia, the richest men in Russia,” Trump says during the public red carpet ceremony, which was included in the clips obtained by CNN.

    In another clip from the Miss USA pageant that year, Trump discusses the forthcoming Miss Universe pageant in Moscow. He lavishes praise on Russia and says he hopes the pageant will help improve the US-Russia relationship.

    “It really is a great country. It’s a very powerful country that we have a relationship with, but I would say not a great relationship, and I would say this can certainly help that relationship. I think it’s very important,” Trump says in response to a question.

    “I have great respect for Russia. And to have the Miss Universe pageant in Moscow, in the most important location, the most beautiful building, in your convention center, with such amazing partners, I mean it’s going to be fantastic for detente, or whatever you want to say,” Trump continues. “I think it’s a great thing for both countries, and honestly they really wanted it in Russia — badly. … Politically they wanted it.”

    Donald Trump Jr. has said that his relationship with Goldstone did not arise from the Miss Universe pageant.

    The younger Trump instead suggested in an interview Tuesday with Fox News’ Sean Hannity, an ardent Trump supporter, that he met Goldstone through a golf course tournament where Emin Agalarov performed.

    “I met him through the golf course. I wasn’t even at the Miss Universe pageant, but I met him through out there, so I had a casual relationship with him,” Trump Jr. told Hannity, describing Goldstone later in the interview as “an acquaintance.”

    Trump Jr. maintained in the interview that he agreed to the meeting “as a courtesy” to Goldstone.

    Trump Jr. said he had only met Emin Agalarov “once or twice and maintained a casual relationship there, talked about some potential deals, and then to that — the extent of it. They really didn’t go anywhere.”

    Aras Agalarov told Russian radio station BFM that he doesn’t know Trump Jr. personally, though he acknowledges that they “did Miss Universe” together. But Agalarov told BFM that his son Emin Agalarov does know him. Agalarov told BFM he “doesn’t really know” publicist Rob Goldstone either and he says the notion that Goldstone asked Trump Jr. to contact him about some dirt on Hillary Clinton is a “tall tale”.

    Scott Balber, an attorney for the Agalarovs, also did not deny the closeness of the relationship between the Trumps and Agalarovs, instead raising a question about Goldstone’s credibility.

    “It’s simply fiction that this was some effort to create a conduit for information from the Russian federal prosecutors to the Trump campaign,” Balber said on CNN’s “New Day.” “It’s just fantasy world because the reality is if there was something important that Mr. Agalarov wanted to communicate to the Trump campaign, I suspect he could have called Mr. Trump directly as opposed to having his son’s pop music publicist be the intermediary.”

    ———-

    “Exclusive: Video shows Trump with associates tied to email controversy” by Jeremy Diamond, CNN; 07/12/2017

    “Aras Agalarov told Russian radio station BFM that he doesn’t know Trump Jr. personally, though he acknowledges that they “did Miss Universe” together. But Agalarov told BFM that his son Emin Agalarov does know him. Agalarov told BFM he “doesn’t really know” publicist Rob Goldstone either and he says the notion that Goldstone asked Trump Jr. to contact him about some dirt on Hillary Clinton is a “tall tale”

    So Agalarov is officially denying everything, even after Trump, Jr. just released the whole email chain. And those denials include even really knowing Goldstone. And while we can’t rule out the possibility that Goldstone really did just make up the claims about Agalarov’s offer, keep in mind that Aras’s son Emin is one of Goldstone’s clients so Goldstone presumably doesn’t want to piss off the Agalarovs (and Aras presumably knows who his son’s publicist is…especially when they’re in the same 2013 video).

    Still, the question raised by Agalarov’s lawyer is a pretty good one: why didn’t Agalarov just contact Trump directly about such a sensitive matter?


    Scott Balber, an attorney for the Agalarovs, also did not deny the closeness of the relationship between the Trumps and Agalarovs, instead raising a question about Goldstone’s credibility.

    “It’s simply fiction that this was some effort to create a conduit for information from the Russian federal prosecutors to the Trump campaign,” Balber said on CNN’s “New Day.” “It’s just fantasy world because the reality is if there was something important that Mr. Agalarov wanted to communicate to the Trump campaign, I suspect he could have called Mr. Trump directly as opposed to having his son’s pop music publicist be the intermediary.”

    It’s all quite weird, even by Trump-weirdness standards.

    Also don’t forget that the June 9th meeting also involved Natalia Veselnitskaya – the Russian lawyer at the center of the now notorious June 9th meeting. So Veselnitskaya would be taking a pretty big risk if she was involved in such a scheme that implicated both Aras and the “Crown Prosecutor” in writing without their knowledge. Similarly, if she was offering “Russian government” help to Trump without at least someone relatively high up in the government approving such an action that also seems like an incredible risk. At the same time, doing what they did – having Rob Goldstone straight up say ‘the Russian government wants to help you with some dirt on Hillary’ in an email to Trump, Jr. – also seems like an incredible risk…for the Russian government to take. So none if this really makes sense.

    But there’s a particularly amusing, and sad (‘Sad!’) contrast of project power and influence that emerges from a piece by Leonid Bershidsky on how Veselnitskaya gives into the Russian power-structure. First, look how Trump describes Agalarovs in the above CNN piece: As the most powerful people in Russia:


    The next day, Trump lavishes praise on the Agalarovs at the Miss USA 2013 red carpet, calling them “the most powerful people in all of Russia.”

    “These are the most powerful people in all of Russia, the richest men in Russia,” Trump says during the public red carpet ceremony, which was included in the clips obtained by CNN.

    Well, it would appear Aras Agalarov doesn’t share such a high opinion of Donald Trump. Or at least Trump’s relative importance. Because as Bershidsky points out, there are ‘levels’ in the Russian power structure and people at higher ‘levels’ don’t really ‘deal’ with lower-level people. And as Aras Agalarov said of Trump in recent interview, Trump just isn’t the kind of person that top-level Russians would even talk to, at least prior to becoming President. As Agalarov put it, “it’s one thing when he communicates with me. That’s, like, one level. But it’s a different matter for him to communicate with the president of the Russian Federation.” (Sad!):

    Bloomberg
    View

    Trump’s Low-Level Russian Connection
    The lawyer who met Donald Trump Jr. was no Kremlin power broker.

    by Leonid Bershidsky
    July 11, 2017, 10:16 AM CDT July 11, 2017, 11:35 AM CDT

    In stories about her meeting with Donald Trump Jr., Natalia Veselnitskaya, the unlikely celebrity in the latest installment of the Trump-Russia story, is often described as someone with “connections to the Kremlin.” That’s misleading, although her involvement still says much about how power works in Russia.

    The red-brick fortress at the center of Moscow is the wrong architectural landmark in which to look for the ties that made Veselnitskaya a successful lawyer. The right building is a hulking, futuristic glass structure just outside the Moscow city limits, which houses the government of the Moscow region — the constituent part of the Russian Federation which surrounds but doesn’t include the city of Moscow.

    The Russian system of power — at least its all-important informal part — has always been all about “levels.” Russian President Vladimir Putin often uses the word to discriminate between matters that are worthy of his attention and those that aren’t. The regional elites are several notches below the Kremlin level, which explains Putin spokesman Dmitri Peskov’s snobbish reaction to news about Veselnitskaya:

    No, we don’t know who that is, we cannot follow all the meetings of all the Russian lawyers both inside the country and overseas.

    During Veselnitskaya’s rise, the region, run by Boris Gromov — the general who presided over the Soviet Union’s withdrawal from Afghanistan in 1989 — was a mess of corrupt schemes that ultimately led it to de facto bankruptcy. I know a few things about it because I was the publisher of an investigative book about the period, written by Forbes Russia journalist Anna Sokolova. The book’s print run was seized by police at a warehouse located in the Moscow Region. The publishing company, Eksmo, fought the seizure and successfully sold the book.

    During the governor’s 12-year tenure, the region set up a number of quasi state-owned corporations, which issued billions of dollars’ worth of bonds in what later turned out to be Ponzi-like schemes. Alexei Kuznetsov, the regional finance minister who was married to New York socialite Janna Bullock, fled Russia in 2008, after the schemes started coming apart, and was arrested in France in 2013. Extradition proceedings are still under way.

    At the same time, the Moscow region was the arena of some of the wildest land shenanigans in Russian history. Land, sometimes enormously valuable because of its proximity to the Soviet elite’s traditional country residences, still used by top government officials, was bought up on the cheap from collective farmers, and then ruthless raiders fought bitterly over it. Their disputes, often involving current and former regional government officials, became Veselnitskaya’s bread and butter.

    Originally, she worked at the regional prosecutor’s office. There, she married deputy prosecutor Alexander Mitusov — one of the region’s most influential law enforcement officials — and set up a private practice in the Moscow Region. Her success rate and reputation were soon fearsome; she claimed in a recent U.S. court filing that she had argued and won 300 cases.

    After leaving the prosecutor’s office, Mitusov became deputy transport minister under Pyotr Katsyv, Gromov’s deputy and the regional transport minister. The minister ran one of the state companies that ended up insolvent, leaving the regional government on the hook for its debts, but kept his job, leaving the transport ministry only after Gromov was removed by the Kremlin. Katsyv has since worked in top jobs for Russia’s railroad monopoly and a major hydrocarbon transport company.

    Veselnitskaya did legal work for the Katsyv family. Among other things, she defended Pyotr in a libel suit against a local activist who accused the regional minister of involvement in shady real estate deals (she won). In the U.S., Veselnitskaya is known for working with the American defense of Denis Katsyv, Pyotr’s son, accused by former Manhattan U.S. Attorney Preet Bharara of laundering money from a Russian tax scam.

    That wasn’t just any scam but the Magnitsky affair, made famous by investment fund manager Bill Browder, whose lawyer, Sergei Magnitsky, many believe was tortured and killed in a Russian prison after exposing a massive fraud perpetrated by Russian tax officials and their accomplices. The affair inspired the Magnitsky Act, sanctioning participants in the scheme and any other Russian human rights violators. The Russian parliament retaliated by banning U.S. adoptions of Russian children, and President Vladimir Putin signed the bill, denouncing the Magnitsky Act as a domestically motivated political attack on Russia. (the governments of Canada and the U.K. have both backed Magnitsky-inspired legislation this year.)

    Talk of Veselnitskaya’s Kremlin ties comes from her efforts to lobby for the repeal of the Magnitsky Act — which is what Donald Trump, Jr., claims she tried to do when she got her meeting with him, presidential son-in-law Jared Kushner and Trump campaign manager Paul Manafort. She got the meeting through a string of Moscow Region contacts. The introduction was made by Rob Goldstone, the former U.K. tabloid journalist who promoted Russian-Azerbaijani pop singer Emin Agalarov.

    Emin is the son and heir of real estate billionaire Aras Agalarov, who is also often described as close to Putin. Like many Russian businessmen who want to stay in the Kremlin’s good graces, Agalarov takes on projects on government orders, even at a loss, such as the construction of a university in the far east and two soccer arenas for the 2018 World Cup. But his real power base is in the Moscow Region. His enormous expo center, concert hall and shopping complex are located right next to the regional government building. Agalarov even built the subway station, Myakinino, that low-ranking regional bureaucrats use to get to work.

    It was with the Agalarovs that Trump partnered for the 2013 Miss Universe pageant, held in Moscow. That’s how Goldstone, who arranged the presence of Trump and the contestants in an Emin Agalarov music video, knew Donald Jr. Emin, for his part, knew Veselnitskaya, queen of the regional courtrooms. Before he was elected, Trump’s level of communication in Russia was no higher than that of the Moscow Region’s elite, several notches below the Kremlin. Aras Agalarov said of Trump in a recent interview with the Russian daily Komsomolskaya Pravda:

    It’s one thing when he communicates with me. That’s, like, one level. But it’s a different matter for him to communicate with the president of the Russian Federation.

    It was Rex Tillerson, the current secretary of state, who, as chief executive officer at Exxon Mobil, enjoyed the highest level of access. Trump just wasn’t important enough. It’s entirely possible that a Kremlin effort to help Trump beat Hillary Clinton reached to lower levels because that’s where it was easiest to establish contact with Trump’s family. But it’s more likely that Veselnitskaya, the tenacious and ambitious lawyer who could pull every string in the Moscow Region, did so to get her pet issue — the repeal of the Magnitsky Act, which was getting her major client in trouble — in front of some important Americans. That kind of effort would have been on the right level.

    ———-

    “Trump’s Low-Level Russian Connection” by Leonid Bershidsky; Bloomberg; 07/11/2017

    “It was with the Agalarovs that Trump partnered for the 2013 Miss Universe pageant, held in Moscow. That’s how Goldstone, who arranged the presence of Trump and the contestants in an Emin Agalarov music video, knew Donald Jr. Emin, for his part, knew Veselnitskaya, queen of the regional courtrooms. Before he was elected, Trump’s level of communication in Russia was no higher than that of the Moscow Region’s elite, several notches below the Kremlin. Aras Agalarov said of Trump in a recent interview with the Russian daily Komsomolskaya Pravda.”

    So Aras Agalarov did sort of lend support to Trump’s claims that he had never previously met Vladimir Putin. Maybe it’s true. Maybe Trump never had more than a a few passing interactions with Putin…because Trump wasn’t important enough. He was too “low level” for Putin’s time and prestige. Very Sad!

    Also note Bershidsky’s final take on the situation: that Veselnitskaya really did use her contacts to arrange for this meeting and really did basically bait the Trump’s into a meeting promising dirt on Hillary simply to get a chance to lobby the Trump campaign about her pet issue, the Magnitsky Act:


    It was Rex Tillerson, the current secretary of state, who, as chief executive officer at Exxon Mobil, enjoyed the highest level of access. Trump just wasn’t important enough. It’s entirely possible that a Kremlin effort to help Trump beat Hillary Clinton reached to lower levels because that’s where it was easiest to establish contact with Trump’s family. But it’s more likely that Veselnitskaya, the tenacious and ambitious lawyer who could pull every string in the Moscow Region, did so to get her pet issue — the repeal of the Magnitsky Act, which was getting her major client in trouble — in front of some important Americans. That kind of effort would have been on the right level.

    But for Veselnitskaya to arrange all this on her own she would have needed to have been close to the “Crown prosecutor” (the prosecutor general of Russia) to get him on board with this. And Veselnitskaya is reportedly close to the prosecutor general. But if this really was a “lower-level” operation, all this would have had to have been done without Putin’s knowledge in the middle of a US presidential campaign where Trump’s ties to Russia was already a campaign issue. Would a “lower-level”, yet still relatively high-powered, Russian attorney engage in such a scheme with the Russian prosecutor general and an oligarch like Aras Agalarov engage in such a scheme on their own? It doesn’t seem like a likely scenario. But a high-level, Putin-directed operation like the one being described also doesn’t seem very likely simply because of how stupid it all is to write such an incriminating email and have goofballs like Rob Goldstone operating as the middleman.

    But that’s where we are: every scenario we’re being asked to entertain is implausibly stupid. It’s one of the more unpleasant aspects of life in Trumplandia. We can’t even apply ‘Trump’s Razor’ anymore! Very Very Sad!

    Posted by Pterrafractyl | July 12, 2017, 3:35 pm
  9. Here’s the latest twist on the various GOP efforts to search dark web for someone who may have hacked Hillary Clinton’s private email server. Recall how GOP financier Peter Smith was running an operation involving Michael Flynn, Steve Bannon, and Kellyanne Conway to find Hillary’s emails. And recall how that operation ended up with them consulting with ‘Alt Right’ troll Charles Johnson and Guccifer 2.0, who both reportedly recommended they contact Andrew ‘weev’ Auernheimer in their pursuits. Also recall how Johnson said he “put the word out” to a “hidden oppo network” of other right-wing groups who were more or less trying to do the same thing.

    Well, in this latest twist it looks like we may have stumbled across part of that “hidden oppo network”, although there’s no indication yet that this is actually part of the network Johnson was referring to: It turns out Barbara Ledeen, wife of Michael Ledeen, apparently decided to create her own operation back in 2015 while she was a GOP staffer for the Senate judiciary committee.

    Ledeen claims she was solely motivated out of fears that Hillary’s hacked emails might put her children serving in the military at risk (that’s seriously her story). Of course, as we’ve seen before, her husband, Michael, was Michael Flynn’s co-author on their book The Field of Fight: How We Can Win the Global War Against Radical Islam, a book that argues the US is already in WWIII against radical Islam the US needs to wage a full-scale religious war in response. So in addition to Flynn’s alleged involvement in Peter Smith’s “hidden oppo” team, we have the wife of the co-author on Flynn’s book also running her own operation.

    Who else was involved with Barbara Ledeen email-hunting team? So far, all we know is that she asked Newt Gingrich and “an unnamed defense contractor”. Gingrich apparently wanted to bring in some more people so he reached out to Judicial Watch who, in turn, brought in another unnamed contractor who is described as an expert on the dark web.

    So it looks like we can add Barbara Ledeen, Newt Gingrich, Judicial Watch, and a pair of the unnamed contractors to the list of people comprising a hidden oppo network, and perhaps the hidden oppo network Johnson was talk about.

    But if that’s the case and this is the network Johnson was referring to it’s pretty remarkable coincidence that both of these networks could have been operating without knowing about each other given the closeness of Flynn and Michael Ledeen and the fact that Flynn and Ledeen’s book was published in July of 2016, implying that Flynn and Ledeen were in pretty close contact with each other in the period leading up to this.

    At the same time, it’s important to note that we don’t know when Barbara Ledeen’s team stopped operating. We just know that it apparently started in 2015 according to the article below. So it’s possible the team ended its search before the Smith team started up in September of 2016. It’s one of the many significant facts we have yet to learn about this particular right-wing hacker-outreach effort:

    The Guardian

    Flynn ally sought help from ‘dark web’ in covert Clinton email investigation

    Barbara Ledeen, a staffer on the committee looking into Trump’s Russia ties and a friend of Mike Flynn, tried to launch her own investigation into Clinton’s emails

    Stephanie Kirchgaessner

    Friday 13 October 2017 05.30 EDT
    Last modified on Friday 13 October 2017 09.38 EDT

    A close associate of Donald Trump’s former national security adviser Michael Flynn arranged a covert investigation into Hillary Clinton’s use of a private email server when she was secretary of state, and through intermediaries turned to a person with knowledge of the “dark web” for help.

    Flynn, a retired three-star general who led chants of “lock her up” at last year’s Republican national convention, is a central figure in the FBI’s investigation into whether the Kremlin worked with the Trump campaign to sway the US election.

    Flynn is personally and ideologically linked to Barbara Ledeen, a longtime conservative activist who works for the Republican senator Chuck Grassley on the Senate judiciary committee – which is now investigating alleged links between the Trump campaign and Russia.

    Ledeen’s husband, Michael Ledeen, is also a confidant of Flynn, and co-authored a book with him last year.

    Flynn was forced to resign in February after just 24 days on the job as Trump’s chief intelligence official in the White House, when it emerged that he had lied to Vice-President Mike Pence about conversations he had with the then Russian ambassador to the US, Sergey Kislyak.

    According to interview notes released by the FBI last year, Ledeen decided in 2015 to launch her own investigation into Clinton’s use of the server. At the time, she was a staffer on the Senate judiciary committee.

    According to the FBI files, Ledeen wanted to determine whether the emails had been hacked by a “foreign power”, because the incident angered her as a citizen and because she wanted to know whether such a hack would put her children, who served in the military, in danger.

    Clinton’s use of a private server was steeped in controversy throughout her unsuccessful presidential bid, but Ledeen’s concerns proved to be unfounded. A federal investigation found no evidence that the emails on Clinton’s private server were ever compromised.

    Ledeen’s name was redacted on the FBI documents describing the investigation, which were released last year in response to a Freedom of Information Act request. But a person who reviewed the unredacted documents confirmed to the Guardian that Barbara Ledeen was the subject. Her involvement was also confirmed by the Senate judiciary committee in response to the Guardian’s questions.

    According to the FBI notes, Ledeen wanted to pursue her own investigation in 2015 into whether or not Clinton’s emails had been compromised but could not finance the work.

    She sought out the help of an unnamed defense contractor and also turned to Newt Gingrich, the former Republican speaker of the House, for help. According to the FBI notes, Gingrich “wanted to speak to others about the project” and asked Judicial Watch, the conservative activist group, for financial assistance.

    Judicial Watch allegedly turned to another, unnamed, contractor who was familiar with the “deep web and dark web”, according to the FBI files. The parties were concerned about what they would do if they came across any emails that contained classified information. According to the FBI investigation, the project was later halted.

    The incident and web of relationships is important for two reasons.

    First, because Ledeen is the second person with ties to Flynn who allegedly sought to investigate Clinton’s use of a private server in an unofficial capacity.

    In June, a former British intelligence official named Matt Tait said that he had been approached by a longtime Republican operative called Peter Smith, who had a history of seeking damaging material about the Clinton family and was known for his close ties to Gingrich.

    Smith was convinced that Clinton’s private server had been hacked by a foreign power, probably Russians, Tait said.

    Smith, who died at the age of 81 10 days after giving his own account to the Wall Street Journal, told the newspaper he had operated independently of the Trump campaign.

    He allegedly told Tait that he had been approached by a person on the “dark web” who claimed to have a copy of emails from Clinton’s server and wanted help validating their authenticity.

    According to Tait’s account, Smith claimed to be working with Flynn, who at the time was serving as a foreign policy adviser to Donald Trump’s presidential campaign.

    Ledeen’s involvement is also important because she works on the Senate judiciary committee, which is conducting an investigation into the Trump campaign. Her family’s relationship with Flynn raises questions about whether Ledeen could be wielding influence over the investigation.

    Grassley’s spokesman said that Ledeen’s 2015 inquiry had not been authorised by the judiciary committee and that the committee had only learned of it after it had been completed.

    “She was instructed not to do any further follow-up once the committee learned of her involvement,” the spokesman said.

    Congressional investigators do not have the power of the FBI and federal prosecutors to bring criminal indictments, but they can compel witnesses to testify publicly and under oath, and can potentially play an important role in setting the groundwork for impeachment proceedings against the president.

    Grassley has several important decisions to weigh in how his investigation will proceed, including whether to call the president’s son, Donald Trump Jr, to testify publicly about a 2016 meeting he attended with Russians.

    A Grassley spokesman told the Guardian that Barbara Ledeen was a part-time staffer on the judiciary committee judicial nominations unit. He said Ledeen was “in no way” connected to the investigations team and “would not have access to any of its materials”.

    “Senator Grassley has no relationship with Barbara’s husband and wouldn’t recognise him if he saw him,” the spokesman added.

    Ledeen and her husband have been influential – and controversial – players in conservative circles in Washington for decades.

    Michael Ledeen, Barbara’s husband, is a historian and former Reagan administration official who helped to develop the secret programme to sell US arms to Iran in the late 1980s, in what is known as the Iran-Contra affair.

    ———-

    “Flynn ally sought help from ‘dark web’ in covert Clinton email investigation” by Stephanie Kirchgaessner; The Guardian; 10/13/2017

    “According to interview notes released by the FBI last year, Ledeen decided in 2015 to launch her own investigation into Clinton’s use of the server. At the time, she was a staffer on the Senate judiciary committee.

    So at some point in 2015, Barbara Ledeen decided to search the dark web for Hillary’s emails. Why? Because she wanted to see if a “foreign power” hacked them and then throw them up on the dark web which might put her children in the military at risk. That’s her story:


    According to the FBI files, Ledeen wanted to determine whether the emails had been hacked by a “foreign power”, because the incident angered her as a citizen and because she wanted to know whether such a hack would put her children, who served in the military, in danger.

    But she needed money so she turned to Newt Gingrich and an unnamed defense contractor. And then Gingrich brought in Judicial Watch and another contractor who was familiar with dark web. Then they all got concerned about what to do if they came across classified information and the project was later halted. That’s also her story:


    According to the FBI notes, Ledeen wanted to pursue her own investigation in 2015 into whether or not Clinton’s emails had been compromised but could not finance the work.

    She sought out the help of an unnamed defense contractor and also turned to Newt Gingrich, the former Republican speaker of the House, for help. According to the FBI notes, Gingrich “wanted to speak to others about the project” and asked Judicial Watch, the conservative activist group, for financial assistance.

    Judicial Watch allegedly turned to another, unnamed, contractor who was familiar with the “deep web and dark web”, according to the FBI files. The parties were concerned about what they would do if they came across any emails that contained classified information. According to the FBI investigation, the project was later halted.

    Part of what’s so amusing about the ‘concerns’ over finding classified information in these emails is that that was the big prize: finding classified information in the hacked emails. ‘Putting classified information at risk’ was the charge constantly leveled against Hillary for setting up that private server so such concerns would be like going on treasure hunt and getting all concerned about finding the treasure. The only concern for them would have been concerns over how to best politically exploit such an amazing find.

    But that’s her story. At least the story she told the FBI.

    And then there’s the story coming out from the office of Chuck Grassley, the head of the Senate judiciary committee, distancing his committee from Ledeen: “Senator Grassley has no relationship with Barbara’s husband and wouldn’t recognise him if he saw him”:


    A Grassley spokesman told the Guardian that Barbara Ledeen was a part-time staffer on the judiciary committee judicial nominations unit. He said Ledeen was “in no way” connected to the investigations team and “would not have access to any of its materials”.

    “Senator Grassley has no relationship with Barbara’s husband and wouldn’t recognise him if he saw him,” the spokesman added.

    Ledeen and her husband have been influential – and controversial – players in conservative circles in Washington for decades.

    Michael Ledeen, Barbara’s husband, is a historian and former Reagan administration official who helped to develop the secret programme to sell US arms to Iran in the late 1980s, in what is known as the Iran-Contra affair.

    Senator Grassley, someone who has been serving in the Senate for decades, apparently wouldn’t recognize one of the most have been influential – and controversial – players in conservative circles in Washington for decades. You have to wonder what’s prompting that kind of denial. There’s a distinct “he doth protest too much” feel to it.

    So we have a Flynn-connected team going on to the dark web in 2015, and then a second Flynn-related team team doing the same thing in September 2016. And don’t forget that “scowering the dark web for Hillary’s hacked emails” is a great cover story for “going on to the dark web to hire a hacker or coordinate with a sympathetic one who will do the hacking for free“. It raises the obvious question of whether or not these two hacker-outreach efforts were part of the same overall operation: have one team arrange for the hacks and a completely separate team contact the hacker later. A hacker like, oh, say, Andrew ‘weev’ Auernheimer? Maybe?

    Posted by Pterrafractyl | October 25, 2017, 3:03 pm
  10. There’s a new BuzzFeed on the cyber forensic analyst, Robert Johnston, who led the Crowdstrike investigation into the DNC server hack that helps fill in some additional details about both the March of 2016 hack allegedly carried out by APT28 (Fancy Bear) as well as the earlier 2015 hack attributed to APT29 (Cozy Bear).
    One detail we hadn’t known before is how the FBI initially identified that the DNC’s server was hacked in September of 2015. The NSA informed the FBI of this. This is rather notable since it would suggest that the NSA determined the DNC’s server was hacked by watching traffic flowing from the DNC’s servers to the same command and control server that was used in the Pentagon hack. And that suggests that the FBI or NSA should have been able to see these data flows during that entire bizarre 7 month period (from September 2015 through March 2016) when the DNC was ignoring the FBI’s half-assed attempts to inform this of this hack.

    Another important detail relates to both the APT29 and APT28 hacks. The 2015 hack presumed to be the work of the Russian FSB (APT29/Cozy Bear) took place some time around May 2015, the same month of the Bundestag hack. The report doesn’t indicate that the APT29 hack was part of the same wave that hit the Bundestag, but the timing is quite interesting.

    Here’s where it gets extra interesting: according to Johnston, that May 2015 hack was part of a presumed Russian government hacking campaign that was rather unusual for Russian government hacking in general but not at all unusual for the DNC hacks. It was an extremely ‘noisy’ hack. Instead of the typical 5 or 6 carefully crafted phishing emails targeting a select set of individual, the May 2015 hack his 50,000-60,000 people. As Johnston put it, it was like the hackers didn’t care who saw them doing it. And Johnston should know, because that same wave of phishing attempts also hit the Pentagon and he was working for the cyber defense unit the Marine Corps had recently set up that responded to it.

    Of course, part of what makes the conspicuous “I’m a Russian hacker! Watch me work!” nature of that May 2015 APT 29 hacking campaign extra conspicuous is that, as we’ve seen before, a key piece if digital evidence that led to the attribution of the March 2016 hack to APT28/Fancy Bear was that the malware used in that hack included a hard coded IP address that was the same hard coded IP address found in the May 2015 Bundestag hack’s malware. <a href="IP ad“>And that IP address evidence is rather conspicuous evidence, both because it includes a hard coded IP address and because the server that IP address leads back to was running a vulnerable version of OpenSSL that could have allowed it to be hijacked via the Heartbleed attack. In other words, we already knew that the APT28/Fancy Bear hack was filled with conspicuous “I’m a Russian hacker!” digital evidence left behind. But now we know that the APT29 hack a year earlier also had that same “I’m a Russian hacker! Watch me work!” atypical characteristic:

    BuzzFeed News

    He Solved The DNC Hack. Now He’s Telling His Story For The First Time.

    Less than a year before Marine Corps cyberwarrior Robert Johnston discovered that the Russians had hacked the Democratic National Committee, he found they had launched a similar attack at the Joint Chiefs of Staff.

    Jason Leopold
    BuzzFeed News Reporter
    Posted on November 8, 2017, at 2:38 p.m.

    One late morning in May 2016, the leaders of the Democratic National Committee huddled around a packed conference table and stared at Robert Johnston. The former Marine Corps captain gave his briefing with unemotional military precision, but what he said was so unnerving that a high-level DNC official curled up in a ball on her conference room chair as if watching a horror movie.

    At 30, Johnston was already an accomplished digital detective who had just left the military’s elite Cyber Command, where he had helped stanch a Russian hack on the US military’s top leadership. Now, working for a private cybersecurity company, he had to brief the DNC — while it was in the middle of a white-knuckle presidential campaign — about what he’d found in the organization’s computer networks.

    Their reaction was “pure shock,” Johnston recalled. “It was their worst day.”

    Although the broad outlines of the DNC hack are now well-known, its details have remained mysterious, sparking sharp and persistent questions. How did the DNC miss the hack? Why did a private security consultant, rather than the FBI, examine its servers? And how did the DNC find Johnston’s firm, CrowdStrike, in the first place?

    Johnston’s account — told here for the first time, and substantiated in interviews with 15 sources at the FBI, the DNC, and the Defense Department — resolves some of those questions while adding new information about the hack itself.

    A political outsider who got the job essentially at random — the DNC literally called up CrowdStrike’s sales desk — Johnston was the lead investigator who determined the nature and scope of the hack, one he described less as a stealth burglary than as a brazen ransacking. Despite his central role, Johnston has never talked with investigators probing Russian interference, let alone with the media. But to people dealing with the crisis, “He was indispensable,” as a source close to the DNC put it.

    Johnston was also largely on his own. The party had hired CrowdStrike essentially in place of the FBI — to this day, the Bureau has not had access to the DNC’s servers. DNC officials said they made the eyebrow-raising choice to go with a private firm because they were worried they’d lose control of their operations right in the middle of the campaign. Not only that, but the FBI was investigating Hillary Clinton’s use of a private email server. Better, the DNC figured, to handle things privately.

    It was a decision that would cast a shadow of doubt over the investigation, even though cybersecurity experts have widely accepted Johnston’s main findings.

    In the conference room that day, as he unveiled his findings to Democratic Party officials and lawyers, then-chair Debbie Wasserman Schultz listened in via speakerphone. Johnston told them that their computer systems had been fully compromised — not just by one attack, but by two. Malware from the first attack had been festering in the DNC’s system for a whole year. The second infiltration was only a couple of months old. Both sets of malware were associated with Russian intelligence.

    Most disturbing: The hackers had been gathering copies of all emails and sending them out to someone, somewhere. Every single email that every DNC staffer typed had been spied on. Every word, every joke, every syllable.

    There was still no warning that Russia might try to interfere on Donald Trump’s behalf. So the DNC officials hammered Johnston with questions: What would happen with all their information? All that stolen data? What would the computer hackers do with it?

    Johnston didn’t know. The FBI didn’t know.

    The answers would come when the stolen emails were published by WikiLeaks in a series of devastating, carefully timed leaks. And the implications of what Johnston had found would come later, too: The Russian government may have been actively working against Hillary Clinton to help elect Donald Trump.

    In the spring of 2015, Johnston was a captain in the Marine Corps leading newly formed Cyber Protection Team 81, based near the NSA in Fort Meade, Maryland, as part of the military’s Cyber Command, or Cybercom.

    On a Saturday around 2 a.m., Johnston received a call on his cell phone from his commanding officer. “The major said, ‘How fast can your guys be back in DC?’” Johnson recalled. “‘Tell them to meet at the Pentagon and you’ll find out more there.’”

    A malware attack against the Pentagon had reached the unclassified computers of the Joint Chiefs of Staff, the military’s top brass who advise the president. The malware had spread fast — in just five hours, it had compromised all five of the chairs’ laptops and all three of the vice chairs’ laptops and desktop computers.

    Soon, Johnston and the others identified the malware. It was associated with APT 29, for “advanced persistent threat,” a hacker group widely believed to be linked to the FSB, Russia’s federal security service.

    Johnston said the phishing campaign against the Joint Chiefs stood out. Usually, he said of Russian hackers, “their operations are very surgical. They might send five phishing emails, but they’re very well-crafted and very, very targeted.” But this time it was a broadside. “The target list was, like, 50 to 60,000 people around the world. They hit them all at once.” It’s rare, he said, for “an intel service to be so noisy.”

    By “noisy,” he means that the attackers were drawing a huge amount of attention, sending out 50,000 phishing emails, as if they didn’t care that anyone knew what they were doing.

    He left the Marine Corps as a captain, and in November 2015, he signed up to work for CrowdStrike, a well-known cyberprotection company whose president, Shawn Henry, is a former head of the FBI’s Cyber Division. CrowdStrike declined to comment about Johnston’s work.

    Johnston didn’t know it, but in September 2015 as he was getting ready to leave the Marines, the NSA informed the FBI that DNC computers had likely been hacked, three sources said. An FBI agent then called the DNC’s IT office and said that the organization’s servers had been compromised.

    That part of the story has been told — how little was done for seven months. The FBI periodically tried to get in touch with the organization, but the DNC did not believe the threat was real.

    Finally, in April, the DNC IT department became convinced that there was a problem, and top Democratic officials became worried. But even then, they didn’t call the FBI. They called the sales desk at CrowdStrike. (Last week, lawyers for BuzzFeed subpoenaed both the DNC and CrowdStrike for information about the hack and the investigation into it. The subpoena was not related to this story but to a libel suit filed by a Russian businessman named in the Trump dossier published by BuzzFeed News in January.)

    At CrowdStrike, the case was assigned to Johnston, new to the company but with battle-tested skills, who soon ended up on the phone with the DNC IT chief.

    “The FBI thinks we have a problem, something called ‘Dukes,’” Johnston said the IT employee told him. The Dukes is another name for APT 29, the hackers who Johnston had battled before, at the Joint Chiefs.

    Johnston sent the DNC a script to run on all its servers, and then collected the output code. To an outsider it might have looked like a tedious job to examine long strings of data. But within an hour Johnston had it: an unmistakable string of computer code — sabotage — that didn’t belong in the system. It was “executable file paths” — evidence of programs — that didn’t belong there. They stood out like a shiny wrench left in a car engine.

    And in fact, Johnston had seen this particular piece of code before, back when he was at the Pentagon. So it was easy to recognize this nemesis. He knew who had sent it by the telltale signatures. “This was APT 29,” he said. Later, when he had spent more time analyzing the DNC hack, he would come to believe that the Democrats had been compromised by the same blast of 50,000 or so phishing emails that had breached the computers of the Joint Chiefs.

    When he briefed the DNC in that conference room, Johnston presented a report that basically said, “They’ve balled up data and stolen it.” But the political officials were hardly experienced in the world of intelligence. They were not just horrified but puzzled. “They’re looking at me,” Johnston recalled, “and they’re asking, ‘What are they going to do with the data that was taken?’”

    Back then, no one knew. In addition to APT 29, another hacking group had launched malware into the DNC’s system. Called APT 28, it’s also associated Russian intelligence. Andrei Soldatov, a Russian investigative journalist and security expert, said it’s not crystal clear which Russian spy service is behind each hacker group, but like many other cybersecurity investigators, he agreed that Russian intelligence carried out the attack.

    So, Johnston said, “I start thinking back to all of these previous hacks by Russia and other adversaries like China. I think back to the Joint Chiefs hack. What did they do with this data? Nothing. They took the information for espionage purposes. They didn’t leak it to WikiLeaks.”

    So, Johnston recalled, that’s what he told the DNC in May 2016: Such thefts have become the norm, and the hackers did not plan on doing anything with what they had purloined.

    Johnston kicks himself about that now. “I take responsibility for that piece,” he said.

    The DNC and CrowdStrike, now working with the FBI, tried to remove all remaining malware and contain the problem. And they decided on a public relations strategy. How could the DNC control the message? “Nothing of that magnitude stays quiet in the realm of politics,” Johnston said. “We needed to get in front of it.” So, Johnston said, in a story confirmed by DNC officials, CrowdStrike and the DNC decided to give the story to the Washington Post, which on June 14, 2016, published the story: “Russian government hackers penetrated DNC, stole opposition research on Trump.” “I thought it was a smart move,” Johnston said.

    But it may have backfired.

    One day after the Post article, a Twitter user going by the name Guccifer 2.0 claimed responsibility for the hack and posted to the internet materials purportedly stolen from the DNC’s server.

    Johnston thinks the Washington Post story changed the tactics of the cyberattackers. “We accelerated their timeline. I believe now that they were intending to release the information in late October or a week before the election,” he said. But then they realized that “we discovered who they were. I don’t think the Russian intelligence services were expecting it, expecting a statement and an article that pointed the finger at them.”

    A month later, in late July 2016, WikiLeaks began to release thousands of emails hacked from the DNC server. Those leaks, intelligence officials would say, were carefully engineered and timed.

    Johnston has managed to maintain a low profile for the last year and half, even as Washington has obsessed over Trump and Russia. He hasn’t been in hiding, he said. Over a steak and Scotch at a DC restaurant, he said he just hadn’t talked about it for a simple reason: No one asked him to.

    ———-

    “He Solved The DNC Hack. Now He’s Telling His Story For The First Time.” by Jason Leopold; BuzzFeed News; 11/08/2017

    “A political outsider who got the job essentially at random — the DNC literally called up CrowdStrike’s sales desk — Johnston was the lead investigator who determined the nature and scope of the hack, one he described less as a stealth burglary than as a brazen ransacking. Despite his central role, Johnston has never talked with investigators probing Russian interference, let alone with the media. But to people dealing with the crisis, “He was indispensable,” as a source close to the DNC put it.”

    Less a stealth burglary and more a brazen ransacking. That was how Johnston described the DNC server hacks, which is consistent with how it’s been described before. Recall the characterization of the DNC hackers as behaving as if “Russia wanted to get caught”. But now we learn that the initial March 2015 hacks that hit tens of thousands of other targets around the world also had the ‘Russia wanted to get caught’ atypical characteristics:


    In the spring of 2015, Johnston was a captain in the Marine Corps leading newly formed Cyber Protection Team 81, based near the NSA in Fort Meade, Maryland, as part of the military’s Cyber Command, or Cybercom.

    On a Saturday around 2 a.m., Johnston received a call on his cell phone from his commanding officer. “The major said, ‘How fast can your guys be back in DC?’” Johnson recalled. “‘Tell them to meet at the Pentagon and you’ll find out more there.’”

    A malware attack against the Pentagon had reached the unclassified computers of the Joint Chiefs of Staff, the military’s top brass who advise the president. The malware had spread fast — in just five hours, it had compromised all five of the chairs’ laptops and all three of the vice chairs’ laptops and desktop computers.

    Soon, Johnston and the others identified the malware. It was associated with APT 29, for “advanced persistent threat,” a hacker group widely believed to be linked to the FSB, Russia’s federal security service.

    Johnston said the phishing campaign against the Joint Chiefs stood out. Usually, he said of Russian hackers, “their operations are very surgical. They might send five phishing emails, but they’re very well-crafted and very, very targeted.” But this time it was a broadside. “The target list was, like, 50 to 60,000 people around the world. They hit them all at once.” It’s rare, he said, for “an intel service to be so noisy.”

    By “noisy,” he means that the attackers were drawing a huge amount of attention, sending out 50,000 phishing emails, as if they didn’t care that anyone knew what they were doing.

    “By “noisy,” he means that the attackers were drawing a huge amount of attention, sending out 50,000 phishing emails, as if they didn’t care that anyone knew what they were doing.”

    It’s the latest indication that if the Russian government really was behind these hacks it wanted this whole thing to blow up in a mega-scandal which puts a hilarious twist on the apparent Russian government courtship of the Trump campaign. Team Trump thought they were partners in crime and were instead a bunch of wannabe criminal dupes getting set up for a massive embarrassment. That’s sure how it looks if these really were Russian government hackers.

    And as Johnston also notes, it was the NSA who informed the FBI of the DNC APT29 hacks in the first place:


    He left the Marine Corps as a captain, and in November 2015, he signed up to work for CrowdStrike, a well-known cyberprotection company whose president, Shawn Henry, is a former head of the FBI’s Cyber Division. CrowdStrike declined to comment about Johnston’s work.

    Johnston didn’t know it, but in September 2015 as he was getting ready to leave the Marines, the NSA informed the FBI that DNC computers had likely been hacked, three sources said. An FBI agent then called the DNC’s IT office and said that the organization’s servers had been compromised.

    That part of the story has been told — how little was done for seven months. The FBI periodically tried to get in touch with the organization, but the DNC did not believe the threat was real.

    So that helps clarify the mystery of how the FBI determined the DNC was hacked in the first place, but just adds to the mystery of how that hack was allowed to continue for so long after the FBI and NSA learned this.

    And with these revelations of the “I’m a Russian hacker! Watch me world!” nature of the ATP29/Cozy Bear hacking campaign of May 2015, here’s another recent article that gives some more details on the March 2016 APT28/Fancy Bear hack and how security analysts attributed it to the Russian government. Much of this is information that’s been told before. But it also makes one thing clear about the conspicuous nature of these hacks: that conspicuous OpSec ‘oopsie’ where the hackers left the privacy setting on their Bit.ly accounts – recall Bit.ly was used in the phishing emails – set to “public” so anyone in the world could see who was getting targeting in their wave of phishing attacks was critical for establishing that these hackers were primarily interested in Democrats. It was the kind of ‘whoops!’ move that sent the message to the world “I’m a Russian hacker and I’m specifically interested in Democrats!”, which, again, it rather conspicuous:

    Associated Press

    Inside story: How Russians hacked the Democrats’ emails

    By RAPHAEL SATTER, JEFF DONN and CHAD DAY
    Nov. 04, 2017

    WASHINGTON (AP) — It was just before noon in Moscow on March 10, 2016, when the first volley of malicious messages hit the Hillary Clinton campaign.

    The first 29 phishing emails were almost all misfires. Addressed to people who worked for Clinton during her first presidential run, the messages bounced back untouched.

    Except one.

    Within nine days, some of the campaign’s most consequential secrets would be in the hackers’ hands, part of a massive operation aimed at vacuuming up millions of messages from thousands of inboxes across the world.

    An Associated Press investigation into the digital break-ins that disrupted the U.S. presidential contest has sketched out an anatomy of the hack that led to months of damaging disclosures about the Democratic Party’s nominee. It wasn’t just a few aides that the hackers went after; it was an all-out blitz across the Democratic Party. They tried to compromise Clinton’s inner circle and more than 130 party employees, supporters and contractors.

    While U.S. intelligence agencies have concluded that Russia was behind the email thefts, the AP drew on forensic data to report Thursday that the hackers known as Fancy Bear were closely aligned with the interests of the Russian government.

    The AP’s reconstruction— based on a database of 19,000 malicious links recently shared by cybersecurity firm Secureworks — shows how the hackers worked their way around the Clinton campaign’s top-of-the-line digital security to steal chairman John Podesta’s emails in March 2016.

    It also helps explain how a Russian-linked intermediary could boast to a Trump policy adviser, a month later, that the Kremlin had “thousands of emails” worth of dirt on Clinton.

    ____

    PHISHING FOR VICTIMS

    The rogue messages that first flew across the internet March 10 were dressed up to look like they came from Google, the company that provided the Clinton campaign’s email infrastructure. The messages urged users to boost their security or change their passwords while in fact steering them toward decoy websites designed to collect their credentials.

    One of the first people targeted was Rahul Sreenivasan, who had worked as a Clinton organizer in Texas in 2008 — his first paid job in politics. Sreenivasan, now a legislative staffer in Austin, was dumbfounded when told by the AP that hackers had tried to break into his 2008 email — an address he said had been dead for nearly a decade.

    “They probably crawled the internet for this stuff,” he said.

    Almost everyone else targeted in the initial wave was, like Sreenivasan, a 2008 staffer whose defunct email address had somehow lingered online.

    But one email made its way to the account of another staffer who’d worked for Clinton in 2008 and joined again in 2016, the AP found. It’s possible the hackers broke in and stole her contacts; the data shows the phishing links sent to her were clicked several times.

    Secureworks’ data reveals when phishing links were created and indicates whether they were clicked. But it doesn’t show whether people entered their passwords.

    Within hours of a second volley emailed March 11, the hackers hit pay dirt. All of a sudden, they were sending links aimed at senior Clinton officials’ nonpublic 2016 addresses, including those belonging to longtime Clinton aide Robert Russo and campaign chairman John Podesta.

    The Clinton campaign was no easy target; several former employees said the organization put particular stress on digital safety.

    Work emails were protected by two-factor authentication, a technique that uses a second passcode to keep accounts secure. Most messages were deleted after 30 days and staff went through phishing drills. Security awareness even followed the campaigners into the bathroom, where someone put a picture of a toothbrush under the words: “You shouldn’t share your passwords either.”

    Two-factor authentication may have slowed the hackers, but it didn’t stop them. After repeated attempts to break into various staffers’ hillaryclinton.com accounts, the hackers turned to the personal Gmail addresses. It was there on March 19 that they targeted top Clinton lieutenants — including campaign manager Robby Mook, senior adviser Jake Sullivan and political fixer Philippe Reines.

    A malicious link was generated for Podesta at 11:28 a.m. Moscow time, the AP found. Documents subsequently published by WikiLeaks show that the rogue email arrived in his inbox six minutes later. The link was clicked twice.

    Podesta’s messages — at least 50,000 of them — were in the hackers’ hands.

    ___

    A SERIOUS BREACH

    Though the heart of the campaign was now compromised, the hacking efforts continued. Three new volleys of malicious messages were generated on the 22nd, 23rd and 25th of March, targeting communications director Jennifer Palmieri and Clinton confidante Huma Abedin, among others.

    The torrent of phishing emails caught the attention of the FBI, which had spent the previous six months urging the Democratic National Committee in Washington to raise its shield against suspected Russian hacking. In late March, FBI agents paid a visit to Clinton’s Brooklyn headquarters, where they were received warily, given the agency’s investigation into the candidate’s use of a private email server while secretary of state.

    The phishing messages also caught the attention of Secureworks, a subsidiary of Dell Technologies, which had been following Fancy Bear, whom Secureworks codenamed Iron Twilight.

    Fancy Bear had made a critical mistake.

    It fumbled a setting in the Bitly link-shortening service that it was using to sneak its emails past Google’s spam filter. The blunder exposed whom they were targeting.

    It was late March when Secureworks discovered the hackers were going after Democrats.

    “As soon as we started seeing some of those hillaryclinton.com email addresses coming through, the DNC email addresses, we realized it’s going to be an interesting twist to this,” said Rafe Pilling, a senior security researcher with Secureworks.

    By early April Fancy Bear was getting increasingly aggressive, the AP found. More than 60 bogus emails were prepared for Clinton campaign and DNC staffers on April 6 alone, and the hackers began hunting for Democrats beyond New York and Washington, targeting the digital communications director for Pennsylvania Gov. Tom Wolf and a deputy director in the office of Chicago Mayor Rahm Emanuel.

    The group’s hackers seemed particularly interested in Democratic officials working on voter registration issues: Pratt Wiley, the DNC’s then-director of voter protection, had been targeted as far back as October 2015 and the hackers tried to pry open his inbox as many as 15 times over six months.

    Employees at several organizations connected to the Democrats were targeted, including the Clinton Foundation, the Center for American Progress, technology provider NGP VAN, campaign strategy firm 270 Strategies, and partisan news outlet Shareblue Media.

    As the hacking intensified, other elements swung into place. On April 12, 2016, someone paid $37 worth of bitcoin to the Romanian web hosting company THCServers.com, to reserve a website called Electionleaks.com, according to transaction records obtained by AP. A botched registration meant the site never got off the ground, but the records show THC received a nearly identical payment a week later to create DCLeaks.com.

    ———-

    “Inside story: How Russians hacked the Democrats’ emails” by RAPHAEL SATTER, JEFF DONN and CHAD DAY; Associated Press; 11/04/2017

    “An Associated Press investigation into the digital break-ins that disrupted the U.S. presidential contest has sketched out an anatomy of the hack that led to months of damaging disclosures about the Democratic Party’s nominee. It wasn’t just a few aides that the hackers went after; it was an all-out blitz across the Democratic Party. They tried to compromise Clinton’s inner circle and more than 130 party employees, supporters and contractors.”

    And note how this March 2016 APT28 phishing blitz against the was apparently so out in the open that it caught the attention of the FBI:


    The torrent of phishing emails caught the attention of the FBI, which had spent the previous six months urging the Democratic National Committee in Washington to raise its shield against suspected Russian hacking. In late March, FBI agents paid a visit to Clinton’s Brooklyn headquarters, where they were received warily, given the agency’s investigation into the candidate’s use of a private email server while secretary of state.

    But it wasn’t just the FBI watching this. Secureworks, a cybersecurity subsidiary of Dell, was also tracking ATP28’s hacking campaign. And it was able to see that it was heavily Democrats, instead of roughly equal attacks on Democrats and Republicans, who were being targeted because APT28 made the incredible OpSec error of leaving its Bit.ly account open to the public:


    The phishing messages also caught the attention of Secureworks, a subsidiary of Dell Technologies, which had been following Fancy Bear, whom Secureworks codenamed Iron Twilight.

    Fancy Bear had made a critical mistake.

    It fumbled a setting in the Bitly link-shortening service that it was using to sneak its emails past Google’s spam filter. The blunder exposed whom they were targeting.

    It was late March when Secureworks discovered the hackers were going after Democrats.

    “As soon as we started seeing some of those hillaryclinton.com email addresses coming through, the DNC email addresses, we realized it’s going to be an interesting twist to this,” said Rafe Pilling, a senior security researcher with Secureworks.

    By early April Fancy Bear was getting increasingly aggressive, the AP found. More than 60 bogus emails were prepared for Clinton campaign and DNC staffers on April 6 alone, and the hackers began hunting for Democrats beyond New York and Washington, targeting the digital communications director for Pennsylvania Gov. Tom Wolf and a deputy director in the office of Chicago Mayor Rahm Emanuel.

    The group’s hackers seemed particularly interested in Democratic officials working on voter registration issues: Pratt Wiley, the DNC’s then-director of voter protection, had been targeted as far back as October 2015 and the hackers tried to pry open his inbox as many as 15 times over six months.

    The group’s hackers seemed particularly interested in Democratic officials working on voter registration issues: Pratt Wiley, the DNC’s then-director of voter protection, had been targeted as far back as October 2015 and the hackers tried to pry open his inbox as many as 15 times over six months.”

    And that, of course, is just one of the many “I’m a Russian hacker!” digital clues left behind in this hacking campaign. But it’s also a “I’m a Russian hacker and I’m particulalry interested in Democrats instead of Republicans” conspicuously left digital clue.

    But also note that Secureworks stumbled across this apparent OpSec mistake in March of 2016, the same month the mysterious Maltese professor and apparent Russian government proxy, Joseph Mifsud, began his outreach campaign to the Trump campaign. So if that digital clue was left intentionally and it was left by a real Russian government hacker, it’s the latest indication that these hackers were trying to make it very clear to the world that they were favoring the GOP over the Democrats, which is a remarkable clue to leave given the circumstances.

    That said, let’s not forget that Guccifer 2.0 did actually release a small number of Republican emails. And they all appeared to be emails run by the notoriously shady GOP technology firm Smartech:

    The Smoking Gun

    RNC E-Mail Was, In Fact, Hacked By Russians
    Despite party denials, evidence shows breach

    By william Bastone
    December 13, 2016

    DECEMBER 13–Despite vehement denials from Republican Party officials, there is evidence that the GOP’s e-mail system was breached by the same Russian hackers responsible for ransacking the Democratic National Committee’s computers and the Gmail account of Hillary Clinton’s campaign chairman, The Smoking Gun has learned.

    In interviews this weekend, Republican National Committee chairman Reince Priebus and party spokesperson Sean Spicer disputed reports in The Washington Post and The New York Times that U.S. intelligence officials have concluded that the Russian cyber attacks were intended to help elect Donald Trump president.

    Citing “senior administration officials,” the Times reported that officials believe Russian agents hacked the RNC’s computer systems, but “did not release whatever information they gleaned from the Republican networks.” The Post reported that “U.S. officials” said that the RNC’s “computer systems were also probed and possibly penetrated by hackers tied to Russian intelligence services, but that it remains unclear how much material–if any–was taken from the RNC.” The newspaper added that, “The lack of a corresponding Republican trove has contributed to the CIA assessment…`that Russia was seeking to elect Trump and not merely to disrupt last month’s presidential election.”

    U.S. intelligence officials have identified DC Leaks and “Guccifer 2.0” as distribution methods set up by the Russian hackers. Both channels have been dormant for nearly two months.

    DC Leaks has posted e-mails stolen from a handful of Clinton campaign staffers, several retired military officials, former Secretary of State Colin Powell, and financier George Soros’s Open Society Foundation. And, as TSG first reported on August 12, the site’s “Portfolio” also includes a collection titled “The United States Republican Party.”

    While the nearly 300 Republican-related e-mails posted on DC Leaks are uniformly innocuous, the collection is noteworthy for the scope of victims it reveals. The material includes correspondence lifted from the campaign committees of various elected officials, including Senator John McCain, Senator Lindsey Graham, and Representative Robert Hurt. Several state GOP organizations, Republican PACs, and campaign consultants also had their e-mail accounts compromised.

    The GOP hacking sampler on DC Leaks includes correspondence scattered across a four-month period ending in late-October 2015. One of those stolen e-mails indicates that the Russian hackers had access to the RNC’s e-mail server.

    An October 13 e-mail sent to info@gop.com is among the correspondence posted to DC Leaks. The e-mail, sent by a Republican voter, was addressed to Priebus and addressed “gun control rhetoric” from Democratic candidates and their operatives.

    So how did an e-mail sent to the RNC’s public-facing address end up in the hands of hackers? For that answer, all roads lead to Tennessee.

    As TSG previously reported, the Republican elected officials and organizations whose e-mails appear on DC Leaks have all used Smartech, a Chattanooga-based firm, to host their web sites and e-mail operations. The company and its parent, Airnet Group, have done work for a Who’s Who of Republican figures, including George W. Bush, Karl Rove, John Bolton, Mitt Romney, Newt Gingrich, and the Koch brothers.

    While Smartech officials did not return TSG phone calls and e-mails seeking comment on whether their systems had been compromised, a Republican client of the company told TSG that the firm privately acknowledged such a breach.

    Tom Del Beccaro, ex-chairman of the California Republican Party, told TSG that Smartech admitted being hacked. The firm’s disclosure came several months ago, not long after DC Leaks published its portfolio of stolen GOP e-mails. Del Beccaro, who unsuccessfully ran this year for the Senate seat being vacated by Barbara Boxer, contracted with the firm to host his campaign’s web site and e-mail server.

    Since the 2008 federal election cycle, Smartech has been paid more than $11 million by the Republican National Committee for a wide variety of tech services, including web hosting and call centers. During the final four months of the 2016 campaign, the RNC paid Smartech nearly $400,000 for “data services,” Federal Election Commission records show. In a front-page testimonial on the Airnet web site, the GOP enthuses that the company has been “an all-encompassing intelligent technology provider and knowledge resource for the RNC.”

    The Republican Party’s main web site, gop.com, was hosted for many years by Smartech, which was supplanted by Amazon in early-2014. Within the past two months, the GOP web site has contracted with Fastly, a content delivery network whose clients include BuzzFeed, Vimeo, and Kayak. Amazon, whose CEO Jeff Bezos owns The Washington Post and has a net worth dwarfing Trump’s, has been the frequent target of scorn from Trump. Bezos, Trump contends, is a tax-avoiding monopolist with a “huge antitrust problem.”

    But while Smartech has not hosted the gop.com web site for more than two years, the company has continuously provided the RNC with its e-mail service, records show.

    When interviewed Sunday by ABC’s George Stephanopolous, Priebus said that the RNC contacted the FBI after the DNC hack was disclosed in mid-June. Federal agents, Priebus said, subsequently “reviewed all of our systems” and concluded that “the RNC was not hacked.” Assertions to the contrary, Priebus stated, are “absolutely not true.”

    Perhaps the next time Priebus appears on the Sunday TV circuit someone will ask him about the breach of “barracuda1” in Chattanooga, 600 miles southwest of the RNC’s Capitol Hill headquarters. And the fact that only a single stray RNC e-mail has been uploaded by the Russian hackers responsible for the theft and subsequent distribution of 95,000 e-mails swiped from the DNC and Podesta. (1 page)

    ———-

    “RNC E-Mail Was, In Fact, Hacked By Russians” by william Bastone; The Smoking Gun; 12/13/2016

    “While the nearly 300 Republican-related e-mails posted on DC Leaks are uniformly innocuous, the collection is noteworthy for the scope of victims it reveals. The material includes correspondence lifted from the campaign committees of various elected officials, including Senator John McCain, Senator Lindsey Graham, and Representative Robert Hurt. Several state GOP organizations, Republican PACs, and campaign consultants also had their e-mail accounts compromised.”

    300 uniformly innocuous Republican emails. That was the extent of Guccifer’s leak of GOP emails. And they all appear to be emails that were sent from or to email address hosted by Smartech:


    The GOP hacking sampler on DC Leaks includes correspondence scattered across a four-month period ending in late-October 2015. One of those stolen e-mails indicates that the Russian hackers had access to the RNC’s e-mail server.

    An October 13 e-mail sent to info@gop.com is among the correspondence posted to DC Leaks. The e-mail, sent by a Republican voter, was addressed to Priebus and addressed “gun control rhetoric” from Democratic candidates and their operatives.

    So how did an e-mail sent to the RNC’s public-facing address end up in the hands of hackers? For that answer, all roads lead to Tennessee.

    As TSG previously reported, the Republican elected officials and organizations whose e-mails appear on DC Leaks have all used Smartech, a Chattanooga-based firm, to host their web sites and e-mail operations. The company and its parent, Airnet Group, have done work for a Who’s Who of Republican figures, including George W. Bush, Karl Rove, John Bolton, Mitt Romney, Newt Gingrich, and the Koch brothers.

    While Smartech officials did not return TSG phone calls and e-mails seeking comment on whether their systems had been compromised, a Republican client of the company told TSG that the firm privately acknowledged such a breach.

    Was the release of a few hundred GOP emails an attempt by the hackers to seem ‘fair & balanced’? If so, it wasn’t much of an attempt. If anything, it was a conspicuously half-assed attempt.

    And note the time frame of the GOP’s emails: four months ending in mid October 2015. It’s a rather odd timeframe if you think about. July-October 2015? The APT29 wave of phishing attacks was in May 2015. Was Smartech allegedly hacked in that wave or was this a different hack. Perhaps someone should ask them about that.

    But also note Smartech’s notorious history: That’s the firm long accused of flipping the results Ohio result in the 2004 Presidential election! Yep, it turned out Ohio Secretary of State’s office had its website hosted by Smartech. All the voting results were run through that site and, lo and behold, Ohio experienced an inexplicable shift from John Kerry to George W. Bush. So the 300 innocuous GOP emails were apparently hacked from the GOP’s tech firm that’s a prime suspect for hacking the 2004 election. Although it wasn’t the only GOP-connected firm involved in that investigation. Another firm, GovTech, was run by Karl Rove’s IT guru Mike Connell. And it was Connell who died in the mysterious small plane crash that happened right before he was to testify after Connell said he feared for his life. THAT’s the kind of investigation that took place involving Smartech and the hacking of the 2004 election. It’s pretty notable in the current context:

    Benzinga

    Forget Anonymous: Evidence Suggests GOP Hacked, Stole 2004 Election

    John Thorpe , Benzinga Staff Writer
    July 21, 2011 1:07pm

    Three generations from now, when our great-grandchildren are sitting barefoot in their shanties and wondering how in the hell America turned from the high-point of civilization to a third-world banana republic, they will shake their fists and mutter one name: George Effin’ Bush.

    Ironically, it won’t be for any of the things that liberals have been harping on the Bush Administration, either during or after his term in office. Sure, misguided tax cuts that destroyed the surplus, and lax regulations that doomed the economy, and two amazingly awful wars in deserts half a world away are all terrible, empire-sapping events. But they pale in comparison to what it appears the Republican Party did to get President Bush re-elected in 2004.

    “A new filing in the King Lincoln Bronzeville v. Blackwell case includes a copy of the Ohio Secretary of State election production system configuration that was in use in Ohio’s 2004 presidential election when there was a sudden and unexpected shift in votes for George W. Bush,” according to Bob Fitrakis, columnist at http://www.freepress.org and co-counsel in the litigation and investigation.

    If you recall, Ohio was the battleground state that provided George Bush with the electoral votes needed to win re-election. Had Senator John Kerry won Ohio’s electoral votes, he would have been elected instead.

    Evidence from the filing suggests that Republican operatives — including the private computer firms hired to manage the electronic voting data — were compromised.

    Fitrakis isn’t the only attorney involved in pursuing the truth in this matter. Cliff Arnebeck, the lead attorney in the King Lincoln case, exchanged emails with IT security expert Stephen Spoonamore. He asked Spoonamore whether or not SmarTech had the capability to “input data” and thus alter the results of Ohio’s 2004 election. His response sent a chill up my spine.

    “Yes. They would have had data input capacities. The system might have been set up to log which source generated the data but probably did not,” Spoonamore said. In case that seems a bit too technical and “big deal” for you, consider what he was saying. SmarTech, a private company, had the ability in the 2004 election to add or subtract votes without anyone knowing they did so.

    The filing today shows how, detailing the computer network system’s design structure, including a map of how the data moved from one unit to the next. Right smack in the middle of that structure? Inexplicably, it was SmarTech.

    Spoonamore (keep in mind, he is the IT expert here) concluded from the architectural maps of the Ohio 2004 election reporting system that, “SmarTech was a man in the middle. In my opinion they were not designed as a mirror, they were designed specifically to be a man in the middle.”

    A “man in the middle” is not just an accidental happenstance of computing. It is a deliberate computer hacking setup, one where the hacker sits, literally, in the middle of the communication stream, intercepting and (when desired, as in this case) altering the data. It’s how hackers swipe your credit card number or other banking information. This is bad.

    A mirror site, which SmarTech was allegedly supposed to be, is simply a backup site on the chance that the main configuration crashes. Mirrors are a good thing.

    Until now, the architectural maps and contracts from the Ohio 2004 election were never made public, which may indicate that the entire system was designed for fraud. In a previous sworn affidavit to the court, Spoonamore declared: “The SmarTech system was set up precisely as a King Pin computer used in criminal acts against banking or credit card processes and had the needed level of access to both county tabulators and Secretary of State computers to allow whoever was running SmarTech computers to decide the output of the county tabulators under its control.”

    Spoonamore also swore that “…the architecture further confirms how this election was stolen. The computer system and SmarTech had the correct placement, connectivity, and computer experts necessary to change the election in any manner desired by the controllers of the SmarTech computers.”

    SmarTech was part of three computer companies brought in to manage the elections process for Ohio Secretary of State Ken Blackwell, a Republican. The other two were Triad and GovTech Solutions. All three companies have extensive ties to the Republican party and Republican causes.

    In fact, GovTech was run by Mike Connell, who was a fiercely religious conservative who got involved in politics to push a right-wing social agenda. He was Karl Rove’s IT go-to guy, and was alleged to be the IT brains behind the series of stolen elections between 2000 and 2004.

    Connell was outed as the one who stole the 2004 election by Spoonamore, who, despite being a conservative Republican himself, came forward to blow the whistle on the stolen election scandal. Connell gave a deposition on the matter, but stonewalled. After the deposition, and fearing perjury/obstruction charges for withholding information, Connell expressed an interest in testifying further as to the extent of the scandal.

    “He made it known to the lawyers, he made it known to reporter Larisa Alexandrovna of Raw Story, that he wanted to talk. He was scared. He wanted to talk. And I say that he had pretty good reason to be scared,” said Mark Crispin Miller, who wrote a book on the scandal.

    Connell was so scared for his security that he asked for protection from the attorney general, then Attorney General Michael Mukasey. Connell told close friends that he was expecting to get thrown under the bus by the Rove team, because Connell had evidence linking the GOP operative to the scandal and the stolen election, including knowledge of where Rove’s missing emails disappeared to.

    Before he could testify, Connell died in a plane crash.

    Harvey Wasserman, who wrote a book on the stolen 2004 election, explained that the combination of computer hacking, ballot destruction, and the discrepancy between exit polling (which showed a big Kerry win in Ohio) and the “real” vote tabulation, all point to one answer: the Republicans stole the 2004 election.

    “The 2004 election was stolen. There is absolutely no doubt about it. A 6.7% shift in exit polls does not happen by chance. And, you know, so finally, we have irrefutable confirmation that what we were saying was true and that every piece of the puzzle in the Ohio 2004 election was flawed,” Wasserman said.

    Mark Crispin Miller also wrote a book on the subject of stolen elections, and focused on the 2004 Ohio presidential election. Here is what he had to say about it.

    There were three phases of chicanery. First, there was a pre-election period, during which the Secretary of State in Ohio, Ken Blackwell, was also co-chair of the Bush-Cheney campaign in Ohio, which is in itself mind-boggling, engaged in all sorts of bureaucratic and legal tricks to cut down on the number of people who could register, to limit the usability of provisional ballots. It was really a kind of classic case of using the letter of the law or the seeming letter of the law just to disenfranchise as many people as possible.

    On Election Day, there was clearly a systematic undersupply of working voting machines in Democratic areas, primarily inner city and student towns, you know, college towns. And the Conyers people found that in some of the most undersupplied places, there were scores of perfectly good voting machines held back and kept in warehouses, you know, and there are many similar stories to this. And other things happened that day.

    After Election Day, there is explicit evidence that a company called Triad, which manufactures all of the tabulators, the vote-counting tabulators that were used in Ohio in the last election, was systematically going around from county to county in Ohio and subverting the recount, which was court ordered and which never did take place. The Republicans will say to this day, ‘There was a recount in Ohio, and we won that.’ That’s a lie, one of many, many staggering lies. There was never a recount.

    And now, it seems, there never will be.

    ———-

    “Forget Anonymous: Evidence Suggests GOP Hacked, Stole 2004 Election” by John Thorpe, Benzinga Staff Writer; Benzinga; 06/21/2011

    “Fitrakis isn’t the only attorney involved in pursuing the truth in this matter. Cliff Arnebeck, the lead attorney in the King Lincoln case, exchanged emails with IT security expert Stephen Spoonamore. He asked Spoonamore whether or not SmarTech had the capability to “input data” and thus alter the results of Ohio’s 2004 election. His response sent a chill up my spine.”

    Yeah, the answer to the question of whether or not Smartech had the capability to alter Ohio’s election results was indeed rather chilling:


    “Yes. They would have had data input capacities. The system might have been set up to log which source generated the data but probably did not,” Spoonamore said. In case that seems a bit too technical and “big deal” for you, consider what he was saying. SmarTech, a private company, had the ability in the 2004 election to add or subtract votes without anyone knowing they did so.

    The filing today shows how, detailing the computer network system’s design structure, including a map of how the data moved from one unit to the next. Right smack in the middle of that structure? Inexplicably, it was SmarTech.

    Spoonamore (keep in mind, he is the IT expert here) concluded from the architectural maps of the Ohio 2004 election reporting system that, “SmarTech was a man in the middle. In my opinion they were not designed as a mirror, they were designed specifically to be a man in the middle.”

    A “man in the middle” is not just an accidental happenstance of computing. It is a deliberate computer hacking setup, one where the hacker sits, literally, in the middle of the communication stream, intercepting and (when desired, as in this case) altering the data. It’s how hackers swipe your credit card number or other banking information. This is bad.

    Smartech appeared to be the “man in the middle” of a GOP vote-flipping operation that really could have altered the vote tabulation.

    But it wasn’t the only GOP firm that was part of this operation:


    SmarTech was part of three computer companies brought in to manage the elections process for Ohio Secretary of State Ken Blackwell, a Republican. The other two were Triad and GovTech Solutions. All three companies have extensive ties to the Republican party and Republican causes.

    In fact, GovTech was run by Mike Connell, who was a fiercely religious conservative who got involved in politics to push a right-wing social agenda. He was Karl Rove’s IT go-to guy, and was alleged to be the IT brains behind the series of stolen elections between 2000 and 2004.

    Connell was outed as the one who stole the 2004 election by Spoonamore, who, despite being a conservative Republican himself, came forward to blow the whistle on the stolen election scandal. Connell gave a deposition on the matter, but stonewalled. After the deposition, and fearing perjury/obstruction charges for withholding information, Connell expressed an interest in testifying further as to the extent of the scandal.

    “He made it known to the lawyers, he made it known to reporter Larisa Alexandrovna of Raw Story, that he wanted to talk. He was scared. He wanted to talk. And I say that he had pretty good reason to be scared,” said Mark Crispin Miller, who wrote a book on the scandal.

    Connell was so scared for his security that he asked for protection from the attorney general, then Attorney General Michael Mukasey. Connell told close friends that he was expecting to get thrown under the bus by the Rove team, because Connell had evidence linking the GOP operative to the scandal and the stolen election, including knowledge of where Rove’s missing emails disappeared to.

    Before he could testify, Connell died in a plane crash.

    THAT’s the background of the Smartech, the ONLY GOP firm to apparently get hacked and have its email released. 300 innocuous emails.

    So let’s review:

    1. We have a shockingly “noisy” hacking campaign in May of 2015 that hits the DNC. A campaign seemingly designed to get the world pissed off at Russia for hacking them.

    2. We have another shockingly “noisy” hacking campaign in March of 2016 that hits the DNC again, and this time the noisiness includes leaving the Bit.ly accounts open to the world so everyone could see that the hackers were focusing on Democrats but not just Democrats. That Bit.ly mistake also showed phishing targets that were filled with Putin’s adversaries around the globe. So it clearly sent the message of “I’m a Russian hacker!” but also, more subtly, “and I’m mostly just focused on Democrats in the US political arena!” That was the pair of conspicuous messages sent.

    3. But emails released by Guccifer 2.0 did include 300 innocuous GOP emails. All from email accounts hosted by Smartech, one of the key GOP firms suspected of hacking the 2004 election.

    4. We know that multiple teams of GOP operatives were search for Hillary’s emails (temas led by Peter Smith, Barbara Leeden, and the yet-to-be identified group Charles Johnson was in touch with), and we also know these are the types of people that would have been willing to get these emails under any circumstances which raises the obvious possibility that these GOP teams were willing to carry out the hacks themselves (but would obviously want to redirect the blame elsewhere).

    5. We know Joseph Mifsud, the mysterious Maltese professor, dangled the temnptation of thousands of Hillary’s emails to the Trump team in what appeared to be a covert outreach attempt with the Trump campaign, but we also know that that the GOP felt like they never really got what they were looking for because Peter Smith’s team kept searching the Dark Web for ‘Russian hackers’ with Hillary’s 33,000 deleted private emails will into August of 2016, after the DNC emails were already released.

    6. We know that the contact with Donald Trump, Jr. initiated by Rob Goldstone in early June that led to the Russian delegation Trump Tower meeting on June 9th, included absurdly over-the-top incriminating details like sending Trump Jr. an email saying ‘the Russian government wants to help you’ that really doomed the Trump team in during the subsequent investigations.

    Taken all together,and given that we know the GOP was clearly very interested in hacking Hillary, and we know these hacking campaigns were filled with conpicuous “I’m a Russian clues” that were leading to the Russian government getting blamed for all these hacks, it raises a rather hilarious possibility: if the May 2015 hacking campaigns, including the high profile Bundestag hack that was blamed on Russia, weren’t carried out by the Russian government, the Russian government would surely know it’s being set up. Moscow is presumably following all the global hacking campaigns too and attribution too. And don’t forget, Barbara Ledeen was apparently searching the Dark Web for hackers with Hillary’s emails in 2015, and if she stumbled across any Russian agents it might have been clear what the GOP was up to. And we have no idea when Ledeen’s Dark Web search ended, so if she was still searching for Hillary’s deleted personal emails in early 2016 and still reaching out to hackers in the Dark Web about this it could have been obvious to Moscow what the GOP wanted and thatthey still didn’t have what they were looking for.

    So is it possible that the outlandish Russian outreach campaign targeting the GOP was partly a preemptive defensive measure designed to let the GOP implicate itself in a hacking operation not carried out by Moscow but Moscow assumed was going to be blamed on it? In other words, the general assumption following the wave of revelations about Russian contacts with the Trump campaign and promises of Hillary’s emails are being interpreted as meaning the Russians must have been behind the actual hacks. But when you consider how the “noise” the GOP was already sending about its interest in Hillary’s emails in 2015, and consider that the only GOP emails released were from Smartech, a firm already implicated in hacking the 2004 election, there’s no reason to exclude the possibility of other hackers actually carried out the hacks, the Russians knew this was happening, and decided to ensure that if they were going to take the blame they would share it with the GOP.

    Is that feasible possible given all the facts at hand? Because it seems like it would be a really effective strategy if the Kremlin thought it was about to be set up. At least, effective against the Trump team.

    Either way, it shouldn’t someone be looking into whether or not Smartech was actually hacked? As opposed to Smartech providing those emails to “Guccifer 2.0” to a ‘fair & balanced’ feel to the thing? That seems like an important fact that hasn’t actually been remotely established in this whole mess.

    Posted by Pterrafractyl | November 11, 2017, 5:24 pm
  11. It happened again. Donald Trump Jr. was just caught engaging in some rather incriminating correspondences. This time over Twitter’s direct messaging (DM) system. With Julian Assange. So we have an answer to the question of whether or not the Trump team was in direct communication with Wikileaks: Yes they were. A lot. From September 2016 through the election and even some 2017.

    It started off on September 20, 2016, when Assange informed Trump Jr. that Wikileaks had successfully guessed the password for the website of a new anti-Trump political action committee and wanted to know if Don Jr. had “any comments”. Keep in mind that this is basically a conversation about stolen digital material. So we have an opening message from Julian Assange sent via Twitter offering stolen material much like the bizarre opening opening email that Rob Goldstone sent to Don Jr. about the Russian government wanting to help the Trump team with ‘dirt’ on Hillary.

    And as was the case with Goldstone’s offer, Don Jr. appeared to be more than happy to receive the help. According to one source he actually informed top Trump campaign staffers (Steve Bannon, Kellyanne Conway, and Jared Kushner) that Wikileaks had made contact when it first happened.

    It appears that the correspondence was mostly one-sided, with Assange sending Trump Jr. suggestions or zany schemes (like trying to get Assange appointed Australia’s ambassador to the US). And both Trump Jr. and Trump Sr. appear to have actually follow the advice Assange was sending them at different points.

    The Trumps fortunately didn’t take the last bit of advice Assange sent to them on election day when it still looked like Hillary Clinton was going to win. Unfortunately, they didn’t take his advice because Trump won and Julian’s advice was for Trump not to concede if he lost and instead say the election was rigged:

    The Atlantic

    The Secret Correspondence Between Donald Trump Jr. and WikiLeaks

    The transparency organization asked the president’s son for his cooperation—in sharing its work, in contesting the results of the election, and in arranging for Julian Assange to be Australia’s ambassador to the United States.

    Julia Ioffe
    November 13, 2017 at 4:22 PM ET
    This story was updated on November 13 at 10:28 pm

    Just before the stroke of midnight on September 20, 2016, at the height of last year’s presidential election, the WikiLeaks Twitter account sent a private direct message to Donald Trump Jr., the Republican nominee’s oldest son and campaign surrogate. “A PAC run anti-Trump site putintrump.org is about to launch,” WikiLeaks wrote. “The PAC is a recycled pro-Iraq war PAC. We have guessed the password. It is ‘putintrump.’ See ‘About’ for who is behind it. Any comments?” (The site, which has since become a joint project with Mother Jones, was founded by Rob Glaser, a tech entrepreneur, and was funded by Progress for USA Political Action Committee.)

    The next morning, about 12 hours later, Trump Jr. responded to WikiLeaks. “Off the record I don’t know who that is, but I’ll ask around,” he wrote on September 21, 2016. “Thanks.”

    The messages, obtained by The Atlantic, were also turned over by Trump Jr.’s lawyers to congressional investigators. They are part of a long—and largely one-sided—correspondence between WikiLeaks and the president’s son that continued until at least July 2017. The messages show WikiLeaks, a radical transparency organization that the American intelligence community believes was chosen by the Russian government to disseminate the information it had hacked, actively soliciting Trump Jr.’s cooperation. WikiLeaks made a series of increasingly bold requests, including asking for Trump’s tax returns, urging the Trump campaign on Election Day to reject the results of the election as rigged, and requesting that the president-elect tell Australia to appoint Julian Assange ambassador to the United States.

    “Over the last several months, we have worked cooperatively with each of the committees and have voluntarily turned over thousands of documents in response to their requests,” said Alan Futerfas, an attorney for Donald Trump Jr. “Putting aside the question as to why or by whom such documents, provided to Congress under promises of confidentiality, have been selectively leaked, we can say with confidence that we have no concerns about these documents and any questions raised about them have been easily answered in the appropriate forum.” WikiLeaks did not respond to requests for comment.

    It’s not clear what investigators will make of the correspondence, which represents a small portion of the thousands of documents Donald Trump Jr.’s lawyer says he turned over to them. The stakes for the Trump family, however, are high. Trump Jr.’s June 2016 meeting with Natalia Veselnitskaya, a Russian lawyer with connections to Russia’s powerful prosecutor general, is already reportedly a subject of interest in Special Counsel Robert Mueller’s investigation, as is the White House statement defending him. (Trump Jr. was emailed an offer of “information that would incriminate Hillary,” and responded in part, “If it’s what you say I love it.”) The messages exchanged with WikiLeaks add a second instance in which Trump Jr. appears eager to obtain damaging information about Hillary Clinton, despite its provenance.

    Though Trump Jr. mostly ignored the frequent messages from WikiLeaks, he at times appears to have acted on its requests. When WikiLeaks first reached out to Trump Jr. about putintrump.org, for instance, Trump Jr. followed up on his promise to “ask around.” According to a source familiar with the congressional investigations into Russian interference with the 2016 campaign, who requested anonymity because the investigation is ongoing, on the same day that Trump Jr. received the first message from WikiLeaks, he emailed other senior officials with the Trump campaign, including Steve Bannon, Kellyanne Conway, Brad Parscale, and Trump son-in-law Jared Kushner, telling them WikiLeaks had made contact. Kushner then forwarded the email to campaign communications staffer Hope Hicks. At no point during the 10-month correspondence does Trump Jr. rebuff WikiLeaks, which had published stolen documents and was already observed to be releasing information that benefited Russian interests.

    WikiLeaks played a pivotal role in the presidential campaign. In July 2016, on the first day of the Democratic National Convention, WikiLeaks released emails stolen from the Democratic National Committee’s servers that spring. The emails showed DNC officials denigrating Bernie Sanders, renewing tensions on the eve of Clinton’s acceptance of the nomination. On October 7, less than an hour after the Washington Post released the Access Hollywood tape, in which Trump bragged about sexually assaulting women, Wikileaks released emails that hackers had pilfered from the personal email account of Clinton’s campaign manager John Podesta.

    On October 3, 2016, WikiLeaks wrote again. “Hiya, it’d be great if you guys could comment on/push this story,” WikiLeaks suggested, attaching a quote from then-Democratic nominee Hillary Clinton about wanting to “just drone” WikiLeaks founder, Julian Assange.

    “Already did that earlier today,” Trump Jr. responded an hour-and-a-half later. “It’s amazing what she can get away with.”

    Two minutes later, Trump Jr. wrote again, asking, “What’s behind this Wednesday leak I keep reading about?” The day before, Roger Stone, an informal advisor to Donald Trump, had tweeted, “Wednesday@HillaryClinton is done. #WikiLeaks.”

    WikiLeaks didn’t respond to that message, but on October 12, 2016, the account again messaged Trump Jr. “Hey Donald, great to see you and your dad talking about our publications,” WikiLeaks wrote. (At a rally on October 10, Donald Trump had proclaimed, “I love WikiLeaks!”)

    “Strongly suggest your dad tweets this link if he mentions us,” WikiLeaks went on, pointing Trump Jr. to the link wlsearch.tk, which it said would help Trump’s followers dig through the trove of stolen documents and find stories. “There’s many great stories the press are missing and we’re sure some of your follows [sic] will find it,” WikiLeaks went on. “Btw we just released Podesta Emails Part 4.”

    Trump Jr. did not respond to this message. But just 15 minutes after it was sent, as The Wall Street Journal’s Byron Tau pointed out, Donald Trump himself tweeted, “Very little pick-up by the dishonest media of incredible information provided by WikiLeaks. So dishonest! Rigged system!”

    Two days later, on October 14, 2016, Trump Jr. tweeted out the link WikiLeaks had provided him. “For those who have the time to read about all the corruption and hypocrisy all the @wikileaks emails are right here: http://wlsearch.tk/,” he wrote.

    After this point, Trump Jr. ceased to respond to WikiLeaks’s direct messages, but WikiLeaks escalated its requests.

    “Hey Don. We have an unusual idea,” WikiLeaks wrote on October 21, 2016. “Leak us one or more of your father’s tax returns.” WikiLeaks then laid out three reasons why this would benefit both the Trumps and WikiLeaks. One, The New York Times had already published a fragment of Trump’s tax returns on October 1; two, the rest could come out any time “through the most biased source (e.g. NYT/MSNBC).”

    It is the third reason, though, WikiLeaks wrote, that “is the real kicker.” “If we publish them it will dramatically improve the perception of our impartiality,” WikiLeaks explained. “That means that the vast amount of stuff that we are publishing on Clinton will have much higher impact, because it won’t be perceived as coming from a ‘pro-Trump’ ‘pro-Russia’ source.” It then provided an email address and link where the Trump campaign could send the tax returns, and adds, “The same for any other negative stuff (documents, recordings) that you think has a decent chance of coming out. Let us put it out.”

    Trump Jr. did not respond to this message.

    WikiLeaks didn’t write again until Election Day, November 8, 2016. “Hi Don if your father ‘loses’ we think it is much more interesting if he DOES NOT conceed [sic] and spends time CHALLENGING the media and other types of rigging that occurred—as he has implied that he might do,” WikiLeaks wrote at 6:35pm, when the idea that Clinton would win was still the prevailing conventional wisdom. (As late as 7:00pm that night, FiveThirtyEight, a trusted prognosticator of the election, gave Clinton a 71 percent chance of winning the presidency.) WikiLeaks insisted that contesting the election results would be good for Trump’s rumored plans to start a media network should he lose the presidency. “The discussion can be transformative as it exposes media corruption, primary corruption, PAC corruption, etc.,” WikiLeaks wrote.

    Shortly after midnight that day, when it was clear that Trump had beaten all expectations and won the presidency, WikiLeaks sent him a simple message: “Wow.”

    Trump Jr. did not respond to these messages either, but WikiLeaks was undeterred. “Hi Don. Hope you’re doing well!” WikiLeaks wrote on December 16 to Trump Jr., who was by then the son of the president-elect. “In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to [Washington,] DC.”

    WikiLeaks even imagined how Trump might put it: “‘That’s a real smart tough guy and the most famous australian [sic] you have!’ or something similar,” WikiLeaks wrote. “They won’t do it but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons.” (On December 7, Assange, proclaiming his innocence, had released his testimony in front of London investigators looking into accusations that he had committed alleged sexual assault.)

    In the winter and spring, WikiLeaks went largely silent, only occasionally sending Trump Jr. links. But on July 11, 2017, three days after The New York Times broke the story about Trump Jr.’s June 2016 meeting with Natalia Veselnitskaya, a Russian lawyer with connections to Russia’s powerful prosecutor general, WikiLeaks got in touch again.

    “Hi Don. Sorry to hear about your problems,” WikiLeaks wrote. “We have an idea that may help a little. We are VERY interested in confidentially obtaining and publishing a copy of the email(s) cited in the New York Times today,” citing a reference in the paper to emails Trump Jr had exchanged with Rob Goldstone, a publicist who had helped set up the meeting. “We think this is strongly in your interest,” WikiLeaks went on. It then reprised many of the same arguments it made in trying to convince Trump Jr. to turn over his father’s tax returns, including the argument that Trump’s enemies in the press were using the emails to spin an unfavorable narrative of the meeting. “Us publishing not only deprives them of this ability but is beautifully confounding.”

    The message was sent at 9:29 am on July 11. Trump Jr. did not respond, but just hours later, he posted the emails himself, on his own Twitter feed.

    ———-

    “The Secret Correspondence Between Donald Trump Jr. and WikiLeaks” by Julia Ioffe; The Atlantic; 11/13/2017

    “The messages, obtained by The Atlantic, were also turned over by Trump Jr.’s lawyers to congressional investigators. They are part of a long—and largely one-sided—correspondence between WikiLeaks and the president’s son that continued until at least July 2017. The messages show WikiLeaks, a radical transparency organization that the American intelligence community believes was chosen by the Russian government to disseminate the information it had hacked, actively soliciting Trump Jr.’s cooperation. WikiLeaks made a series of increasingly bold requests, including asking for Trump’s tax returns, urging the Trump campaign on Election Day to reject the results of the election as rigged, and requesting that the president-elect tell Australia to appoint Julian Assange ambassador to the United States

    A long, and largely one-sided, correspondence between Wikileaks and Trump Jr. That’s another giant ‘uh oh’ for Don Jr. An ‘uh oh’ involving a discussion about Wikileaks breaking into an anti-Trump website (even if you guess the password correctly for a website that’s still considered break into it):


    Just before the stroke of midnight on September 20, 2016, at the height of last year’s presidential election, the WikiLeaks Twitter account sent a private direct message to Donald Trump Jr., the Republican nominee’s oldest son and campaign surrogate. “A PAC run anti-Trump site putintrump.org is about to launch,” WikiLeaks wrote. “The PAC is a recycled pro-Iraq war PAC. We have guessed the password. It is ‘putintrump.’ See ‘About’ for who is behind it. Any comments?” (The site, which has since become a joint project with Mother Jones, was founded by Rob Glaser, a tech entrepreneur, and was funded by Progress for USA Political Action Committee.)

    The next morning, about 12 hours later, Trump Jr. responded to WikiLeaks. “Off the record I don’t know who that is, but I’ll ask around,” he wrote on September 21, 2016. “Thanks.”

    And not only does Don Jr. respond with “Thank” 12 hours later, but he then informs senior Trump campaign team members about this:


    Though Trump Jr. mostly ignored the frequent messages from WikiLeaks, he at times appears to have acted on its requests. When WikiLeaks first reached out to Trump Jr. about putintrump.org, for instance, Trump Jr. followed up on his promise to “ask around.” According to a source familiar with the congressional investigations into Russian interference with the 2016 campaign, who requested anonymity because the investigation is ongoing, on the same day that Trump Jr. received the first message from WikiLeaks, he emailed other senior officials with the Trump campaign, including Steve Bannon, Kellyanne Conway, Brad Parscale, and Trump son-in-law Jared Kushner, telling them WikiLeaks had made contact. Kushner then forwarded the email to campaign communications staffer Hope Hicks. At no point during the 10-month correspondence does Trump Jr. rebuff WikiLeaks, which had published stolen documents and was already observed to be releasing information that benefited Russian interests.

    So the Assange/Don Jr. correspondences start September 20th. The correspondences continues, with Assange sending links he thinks Don Jr. should be promoting on October 3rd and Don Jr. responding “What’s behind this Wednesday leak I keep reading about,” a reference to Roger Stone’s tweet, “Wednesday@HillaryClinton is done. #WikiLeaks,” sent a day earlier. Assange doesn’t reply, but then on October 7th the Podesta emails get leaked less than an hour after the Access Hollywood tape is leaked. So we have Don Jr. asking Assange about an upcoming leak that Roger Stone warned about and that leak occurs a few days later:


    WikiLeaks played a pivotal role in the presidential campaign. In July 2016, on the first day of the Democratic National Convention, WikiLeaks released emails stolen from the Democratic National Committee’s servers that spring. The emails showed DNC officials denigrating Bernie Sanders, renewing tensions on the eve of Clinton’s acceptance of the nomination. On October 7, less than an hour after the Washington Post released the Access Hollywood tape, in which Trump bragged about sexually assaulting women, Wikileaks released emails that hackers had pilfered from the personal email account of Clinton’s campaign manager John Podesta.

    On October 3, 2016, WikiLeaks wrote again. “Hiya, it’d be great if you guys could comment on/push this story,” WikiLeaks suggested, attaching a quote from then-Democratic nominee Hillary Clinton about wanting to “just drone” WikiLeaks founder, Julian Assange.

    “Already did that earlier today,” Trump Jr. responded an hour-and-a-half later. “It’s amazing what she can get away with.”

    Two minutes later, Trump Jr. wrote again, asking, “What’s behind this Wednesday leak I keep reading about?” The day before, Roger Stone, an informal advisor to Donald Trump, had tweeted, “Wednesday@HillaryClinton is done. #WikiLeaks.”

    And on October 12, five days after the Podesta emails get released, Assange writes to Don Jr. with a recommendation for Trump to promote a Wikileaks site set up to help people sift through the stolen documents. Don Jr. doesn’t reply, but 15 minutes after that DM for Assange Trump tweets out that exact link:


    WikiLeaks didn’t respond to that message, but on October 12, 2016, the account again messaged Trump Jr. “Hey Donald, great to see you and your dad talking about our publications,” WikiLeaks wrote. (At a rally on October 10, Donald Trump had proclaimed, “I love WikiLeaks!”)

    “Strongly suggest your dad tweets this link if he mentions us,” WikiLeaks went on, pointing Trump Jr. to the link wlsearch.tk, which it said would help Trump’s followers dig through the trove of stolen documents and find stories. “There’s many great stories the press are missing and we’re sure some of your follows [sic] will find it,” WikiLeaks went on. “Btw we just released Podesta Emails Part 4.”

    Trump Jr. did not respond to this message. But just 15 minutes after it was sent, as The Wall Street Journal’s Byron Tau pointed out, Donald Trump himself tweeted, “Very little pick-up by the dishonest media of incredible information provided by WikiLeaks. So dishonest! Rigged system!”

    15 minutes after Assange makes a recommendation and Trump Sr. tweets it out. Uh oh.

    Assange tests the waters again on Octobe 21st with his proposal for Trump to leak his own tax returns to Wikileaks in order to give Wikileaks an air of impartiality (recall how Trump did actually appear to leak his own tax returns in March of this year). And then on November 8th, he makes a truly ominous suggestion: contest the election if he loses and call it all rigged:


    WikiLeaks didn’t write again until Election Day, November 8, 2016. “Hi Don if your father ‘loses’ we think it is much more interesting if he DOES NOT conceed [sic] and spends time CHALLENGING the media and other types of rigging that occurred—as he has implied that he might do,” WikiLeaks wrote at 6:35pm, when the idea that Clinton would win was still the prevailing conventional wisdom. (As late as 7:00pm that night, FiveThirtyEight, a trusted prognosticator of the election, gave Clinton a 71 percent chance of winning the presidency.) WikiLeaks insisted that contesting the election results would be good for Trump’s rumored plans to start a media network should he lose the presidency. “The discussion can be transformative as it exposes media corruption, primary corruption, PAC corruption, etc.,” WikiLeaks wrote.

    Shortly after midnight that day, when it was clear that Trump had beaten all expectations and won the presidency, WikiLeaks sent him a simple message: “Wow.”

    Assange then follows up in December with a request that Trump troll world by pushing to have him made Australia’s ambassador to the US. Then Assange largely goes quiet, until July of this year after after news of Trump Jr.’s meeting with Rob Goldstone and the Russian delegation in Trump Tower. It turns out it was Julian Assange who made the suggestion that Don Jr. leak all those correspondences to Wikileaks who would leak it to the world and instead Don Jr., who doesn’t respond to the DM, does the leaking himself hours later:


    In the winter and spring, WikiLeaks went largely silent, only occasionally sending Trump Jr. links. But on July 11, 2017, three days after The New York Times broke the story about Trump Jr.’s June 2016 meeting with Natalia Veselnitskaya, a Russian lawyer with connections to Russia’s powerful prosecutor general, WikiLeaks got in touch again.

    “Hi Don. Sorry to hear about your problems,” WikiLeaks wrote. “We have an idea that may help a little. We are VERY interested in confidentially obtaining and publishing a copy of the email(s) cited in the New York Times today,” citing a reference in the paper to emails Trump Jr had exchanged with Rob Goldstone, a publicist who had helped set up the meeting. “We think this is strongly in your interest,” WikiLeaks went on. It then reprised many of the same arguments it made in trying to convince Trump Jr. to turn over his father’s tax returns, including the argument that Trump’s enemies in the press were using the emails to spin an unfavorable narrative of the meeting. “Us publishing not only deprives them of this ability but is beautifully confounding.”

    The message was sent at 9:29 am on July 11. Trump Jr. did not respond, but just hours later, he posted the emails himself, on his own Twitter feed.

    So we have this extensive digital trail of evidence that not only demonstrates an open line of communication between Julian Assange and the Trump campaign but also demonstrates the Trump team taking Assange’s advice. A digital trail left on Twitter! Yes, two very prominent people deeply involved with one of the biggest political scandals in American history were leaving extensive digital evidence of their open lines of communication with each other on Twitter!

    It’s rather amazing. Perhaps even more amazing than the incriminating emails between Rob Goldstone and Don Jr. because it’s one thing for someone like Rob Goldstone to send an incriminating email. Rob Goldstone presumably wasn’t under surveillance at the time he sent that email. But Assange’s communications presumably are under surveillance. Especially his Twitter communications. Does Assange assume his Twitter DMs aren’t been monitored? He’s Julian Assange! Of course they’re being monitored if that’s a possibility. And Twitter doesn’t make their DMs super-encrypted and beyond law enforcement. So unless these DMs were sent using additional steps to encrypt the messages it’s hard to see how Assange couldn’t know full well that he was leaving a digital trail tying himself back to the Trump campaign by choosing Twitter as the medium of communication.

    And don’t forget, these messages started in September or 2016, months after Wikileaks become a central figure in the campaign by leaking the DNC emails. Wikileaks was already guaranteed to be under extensive US surveillance for that alone. And yet Julian Assange decides to using a medium like Twitter. One thing that’s not entirely clear from the story is whether or not he was using his official “Julian Assange” account or some more obscure account to send the DMs. But if this we his official Julian Assange account that would have been a remarkable move because if there’s one Twitter account that you can assume is under surveillance by intelligence agencies around the world its Julian Assange’s account.

    It’s almost amazing it took this long for these messages to come out considering who was sending them. Although perhaps what’s most amazing is that this entire Don Jr. & Julian situation is not at all amazing in the context of the entire #TrumpRussia investigation. Given the spy-farce nature of this entire saga, the Don Jr. & Julian drama should pretty much be expected. Which is pretty amazing.

    Posted by Pterrafractyl | November 14, 2017, 9:06 pm
  12. Here’s an interesting twist to Julian Assange’s recently discovered correspondences with Donald Trump Jr.: The initial story that Assange message Trump Jr. about on September 20, 2016 – about new anti-Trump website that was about to launch – was a story that Charles “Chuck” Johnson wrote about on his GotNews website just a couple hours before Assange reached out to Trump Jr.

    And while it’s unclear if Johnson was in contact with Assange at this point – Johnson’s comments at the time suggest otherwise – it’s still rather interesting given the apparent relations Johnson has with Wikileaks now: Roger Stone says that he has a “libertarian opinion journalist” contact with Wikileaks, and that sure sounds like Johnson, although has vehemently denied it was Johnson. Additionally, Johnson reportedly helped arrange a meeting between Congressman Dana Rohrabacher and Assange in August of this year. So whether or not Johnson and Assange had an open line of communication at the time of the September 20, 2016, outreach to Trump Jr., it’s unambiguous that they have an open line of communication now. And let’s not forget about Johnson’s role in advising the quest to find Hillary Clinton’s hacked personal emails on the Dark Web, where he recommended to Peter Smith’s team that they contact “Guccifer 2.0” and Andrew “weev” Auernheimer about those hacked emails (Johnson and Auernheimer has a history of working together).

    Given all those contacts, if Johnson wasn’t in direct contact with Wikileaks as of September 20, 2016, he probably at least knew someone who was:

    Business Insider

    A notorious far-right blogger may have provoked WikiLeaks’ outreach to Donald Trump Jr.

    * The far-right blogger Charles Johnson may have played a role in WikiLeaks’ outreach to Donald Trump Jr.
    * Trump Jr.’s exchanges with WikiLeaks in private Twitter messages over 10 months have come under scrutiny this week after an explosive report by The Atlantic.
    * Johnson published a story in September 2016 about an anti-Trump website that WikiLeaks then sent to Trump Jr.

    Natasha Bertrand
    11/15/2017

    A far-right blogger may have tipped the WikiLeaks founder Julian Assange off to an anti-Trump website that WikiLeaks then sent to Donald Trump Jr. in a private Twitter message in September 2016.

    Charles Johnson, who calls himself an independent journalist and runs a site called GotNews, published an article at about 9:30 p.m. ET on September 20, 2016, claiming he had “obtained a memo from a George Soros-tied PR firm that is launching a website to spread conspiracy theories about Donald Trump’s connections to Russia.” Soros is the investor and business magnate who has become a favorite bogeyman of the far right.

    “The site, PutinTrump.org, is set to be launched tomorrow morning on Wednesday, September 21, by public relations firm Ripple Strategies,” Johnson wrote.

    Johnson updated his article again to include the password for PutinTrump.org, which was still locked. He said he had obtained it from “GotNews researchers.”

    About two hours after Johnson’s article was published, WikiLeaks shared the PutinTrump.org site and its password in a tweet.

    Johnson took credit.

    “About 2 hours after our original article, Julian Assange’s WikiLeaks repeated our discoveries,” he wrote. “Guess which big leaks organization reads GotNews & WeSearchr on the downlow! Come on Julian, let’s work together. WikiLeaks & WeSearchr is a match made in heaven. We can take down Hillary together.”

    Perhaps unbeknownst to Johnson at the time, WikiLeaks had also “repeated” his “discoveries” in a private message to Trump Jr. — about 10 minutes before tweeting it publicly.

    Trump Jr. has come under renewed scrutiny this week amid revelations that he exchanged private Twitter messages with the anti-secrecy group during the campaign.

    “A PAC run anti-Trump site ‘putintrump.org’ is about to launch,” WikiLeaks wrote in a message to Trump Jr. just before midnight on September 20. “The PAC is a recycled pro-Iraq war PAC. We have guessed the password. It is ‘putintrump.’ See ‘About’ for who is behind it. Any comments?”

    Trump Jr. replied, “Off the record I don’t know who that is but I’ll ask around.”

    It is unclear whether Johnson’s story in September marked the beginning of his contact with Assange, who has been living in asylum at the Ecuadorian Embassy in London since 2012.

    “I don’t discuss who I communicate with,” Johnson told Business Insider in an email.

    The timing of Johnson’s article and WikiLeaks’ outreach to Trump Jr. is significant because of some later tweets by Roger Stone, a longtime adviser to Trump, and subsequent revelations about Johnson’s role in arranging a meeting between Assange and US Rep. Dana Rohrabacher in August of this year.

    On October 2, 2016, five days before WikiLeaks published the first set of emails stolen from the inbox of John Podesta, the chairman of Democrat Hillary Clinton’s 2016 campaign, Stone tweeted: “Wednesday @HillaryClinton is done. #WikiLeaks.”

    Two days later, he tweeted: “I have total confidence that @wikileaks and my hero Julian Assange will educate the American people soon #LockHerUp.”

    Stone told the House Intelligence Committee in September that he knew of Assange’s plans via a “journalist” who was in touch with Assange. Stone, however, would not reveal the journalist’s identity.

    “I have referred publicly to this journalist as an ‘intermediary,’ ‘go-between,’ and ‘mutual friend,'” Stone testified. “All of these monikers are equally true.”

    Stone denied that the journalist in question was Johnson.

    “The journalist who confirmed Julian Assange’s public comments of July 21 that he had and would publish Hillary’s emails is definitely, positively NOT Chuck Johnson, who is both a psychopath and a bulls— artist,” Stone said on Wednesday night.

    About a month before Stone’s House testimony, Johnson met with Assange and Rohrabacher in London. The meeting, Johnson told reporters at the time, stemmed from a “desire for ongoing communications” between the congressman and the WikiLeaks founder.

    Rohrabacher says he has been trying to meet privately with Trump to relay Assange’s message. He told Business Insider last month that the White House chief of staff, John Kelly, was blocking him from meeting with Trump.

    The Senate Intelligence Committee sent Johnson a letter on July 27 asking him to turn over documents containing
    “any communications with Russian persons, or representatives of Russian government, business, or media interests” that related to Russia’s election meddling and the 2016 US presidential campaign more broadly.

    Johnson told Yahoo News in August that he had no plans to cooperate.

    “They’re going to have to subpoena me, and then they’ll be sorely disappointed,” he said.

    ———-

    “A notorious far-right blogger may have provoked WikiLeaks’ outreach to Donald Trump Jr.” by Natasha Bertrand; Business Insider; 11/15/2017

    “Charles Johnson, who calls himself an independent journalist and runs a site called GotNews, published an article at about 9:30 p.m. ET on September 20, 2016, claiming he had “obtained a memo from a George Soros-tied PR firm that is launching a website to spread conspiracy theories about Donald Trump’s connections to Russia.” Soros is the investor and business magnate who has become a favorite bogeyman of the far right

    That was about two hours before Assange reached out to Trump Jr., which appears to be why Johnson was so excited to see Wikileaks promoting the story shortly after Assange sent that message to Trump:


    “About 2 hours after our original article, Julian Assange’s WikiLeaks repeated our discoveries,” he wrote. “Guess which big leaks organization reads GotNews & WeSearchr on the downlow! Come on Julian, let’s work together. WikiLeaks & WeSearchr is a match made in heaven. We can take down Hillary together.”

    But also note the language Assange used when reaching out to Trump Jr. He makes it sound like Wikileaks was the one who discovered this news and figured out the “putintrump” password for the anti-Trump website:


    “A PAC run anti-Trump site ‘putintrump.org’ is about to launch,” WikiLeaks wrote in a message to Trump Jr. just before midnight on September 20. “The PAC is a recycled pro-Iraq war PAC. We have guessed the password. It is ‘putintrump.’ See ‘About’ for who is behind it. Any comments?”

    That sure sounds like Assange is assuming that this is a Wikileaks exclusive story he’s got on his hands, just as Johnson’s GotNews story behaved as if this was exclusive to GotNews. And that raises an interesting question: did the same source send both GotNews.com and Wikileaks information about this website at the same time? Did Wikileaks and GotNews independently arrive at the same story that they independently published within hours of each other because they were both got a hot tip from the same source? Or did Wikileaks read the GotNews story and then decide to reach out to Trump Jr., asking for a comment on it, and act like Wikileaks had this exclusive info?

    If it’s the latter scenario, that would have been rather risky on Assange’s part because there’s no guarantee that the Trump team wouldn’t have already been aware of the GotNews story put up a couple hours earlier. GotNews is exactly the kind of site the Trump team would have been keenly monitoring.

    But if it’s the former scenario, it raises another question: Since Assange says “We have guessed the password”, and yet GotNews appears to have also guessed the password, did Assange inadvertently reveal a much closer relationship to GotNews than previously acknowledged? In other words, are they so close that Assange considers GotNews to be part of ‘team Wikileaks’? It sure would explain a lot.

    Posted by Pterrafractyl | November 16, 2017, 4:58 pm
  13. The BBC has an new piece on the server used by the hackers identified as APT28/Fancy Bear for the DNC server hacks of March 2016 and the Bundestag hack of 2015. Recall that the IP address of a command & control server was found hardcoded into the malware found from both the Bundestag hack and the DNC server hack. The piece is about the company that hosted that command & control sever.

    The piece contains a number of interesting fun facts about how the hacking took place. And, as we should expect at this point, it also raises a number of questions.

    Here’s some of the fun facts:

    1. The server hosting company for the server that was used in the APT28/Fancy Bear attacks is a UK-based company called Crookservers (that’s actually its name).

    2. Crookservers is actually a server reseller. It leases servers from other companies based in France and Canada and then rents out access to those servers to its clients.

    3. The owner of Crookservers is a man named Usman Ashraf. Social media shows that Ashraf lived in Oldham, UK, from 2010 to 2014 and now lives in Pakistan.

    4. APT28/Fancy Bear hackers are believed to have rented servers from Crookserves for three years.

    5. When Ashraf was notified in mid-2015 that his company’s servers were being used by hackers he claims to have promptly closed down the account. Keep in mind that this would be after the Bundestag hack (which was in May of 2015), but before the DNC server hack of March 2016.

    6. The account Crookserver clients believed to be the hackers paid using Bitcoin and a couple of other cryptocurrencies

    7. The presumed hackers demonstrated “poor tradecraft” (surprise!) according to the cybersecurity company Secureworks, which was hired by the BBC to analyze the information available about Crookservers.

    8. One of the Crookserver users presumed to be an APT28/Fancy Bear hacker used the name “Roman Brecesku”.

    9. On March 6, 2014, “Roman Brecesku” wrote to CrookServers saying “Hello, my server 91.121.108.153 was cracked. Please, reset the operating system with deleting all data.”

    First, note that the 91.121.108.153 IP address isn’t the same command & control IP address found in the Bundestag and DNC malware (176.31.112.10). At the same time, it demonstrates that “Roman Brecesku” probably wasn’t the best server administrator from a security standpoint since his server got hacked (you’d think a Russian government hacker would be better at preventing hacks).

    Also recall that, following the Bundestag hack, the 176.31.112.10 server used in the Bundestag attack was identified as using an old version of OpenSSL that would have left it vulnerable to the Heartbleed attack. And note that the Heartbleed attack was only publicly disclosed in April of 2014. So while we don’t know if this March 2014 hacking of one of this group’s servers was due to the Heartbleed attack, if it was due to Heartbleed it would have been some pretty sophisticated hackers used this exploit a month before the world learned about it.

    10. The 176.31.112.10 command & control server was rented by someone using the name “Nikolay Mladenov” who paid using Bitcoin and Perfect Money.

    11. That 176.31.112.10 was used in a 2014 spear-phishing attack on the 2014 Farnborough Air Show, and also a UK TV station in July of 2015. The 176.31.112.10 IP address was also found in the malware of those attacks (again, not exactly great “tradecraft”)

    12. That 176.31.112.10 server was used until June 2015, at which point the server was deleted following the media reports of the Bundestag attack. And, of course, June 2015 is long before the March 2016 timing of the Fancy Bear/APT28 DNC hack. The UK TV station hack ALSO took place after June 2015.

    13. A financial account used by “Nikolay Mladenov” was also used by “Roman Brecesku”, and two other presumed hacker pseudonyms, “Bruno Labrousse” and “Klaus Werner”, to hire more computers through Crookservers.

    14. One of the servers rented by this group appears to have access to “advanced malware” capable of sophisticated attacks on iOS systems. That malware happens to be “XAgent”. And as security analyst Jeffrey Carr has noted before, the XAgent malware is already “in the wild”, as evidenced by the fact that a cybersecurity firm was able to get its hands on the source code for the malware and discuss it as part of its investigation into APT28/Fancy Bear.

    So that all certainly gives us a better idea of what is know about the server used in this hack. And yet we’re left with that rather obvious question: how was the 176.31.112.10 server used as the command & control server for the malware deployed in the March 2016 DNC server attacks when it was allegedly shut down in 2015 following the Bundestag attacks?

    BBC Radio 4, PM

    Russian Fancy Bear hackers’ UK link revealed

    By Chris Vallance
    23 November 2017

    When Russia’s most notorious hackers hired servers from a UK-registered company, they left a trove of clues behind, the BBC has discovered.

    The hackers used the computers to attack the German parliament, hijack traffic meant for a Nigerian government website and target Apple devices.

    The company, Crookservers, had claimed to be based in Oldham for a time.

    It says it acted swiftly to eject the hacking team – dubbed Fancy Bear – as soon as it learned of the problem.

    Technical and financial records from Crookservers seen by the BBC suggest Fancy Bear had access to significant funds and made use of online financial services, some of which were later closed in anti-money laundering operations.

    Fancy Bear – also known as APT28, Sofacy, Iron Twilight and Pawn Storm – has been linked to Russian intelligence.

    The group played a key role in 2016’s attack on the US’s Democratic National Committee (DNC), according to security experts.

    Indeed an internet protocol (IP) address that once belonged to a dedicated server hired via Crookservers was discovered in malicious code used in the breach

    The spies who came in for milk

    Early in 2012, Crookservers claimed to be based at the same address as a newsagent’s on an unassuming terraced road in Oldham, according to historical website registration records.

    But after a short period, the listing switched to Pakistan. The BBC has seen no evidence the shop or its employees knew how the address was being used or that Crookservers had any real connection to the newsagent’s.

    Crookservers was what is known as a server reseller. It was an entirely online business. The computers it effectively sublet were owned by another company based in France and Canada.

    The BBC identified Crookservers’s operator as Usman Ashraf.

    Social media and other online accounts suggest he was present in the Oldham area between 2010 and mid-2014. He now seems to be based in Pakistan.

    Mr Ashraf declined to record an interview, but provided detailed answers to questions via email.

    Despite his company’s name, he denied knowing he had had hackers as customers.

    “We never know how a client is using the server,” he wrote.

    When in 2015 he had been alerted to the hackers, he said, he had acted swiftly to close their accounts.

    He said he had also carried out a “verification” process, culling 60-70% of the company’s accounts he had suspected of being misused.

    “There is 0% compromise on abusive usage,” he said.

    Joining the dots

    Over three years, Fancy Bear rented computers through Crookservers, covering its tracks using bogus identities, virtual private networks and hard-to-trace payment systems.

    Researchers at cyber-threat intelligence company Secureworks, who analysed information from Crookservers for the BBC, said it had helped them connect several Fancy Bear operations.

    Senior security researcher Mike McLellan said the hackers had exhibited poor “tradecraft”.

    One communication shows one hacker, using the pseudonym Roman Brecesku, had complained that his server had been “cracked”.

    [see screenshot of message sent on March 6, 2014 from user “Roman Brecesku” to CrookedServers saying “Hello, my server 91.121.108.153 was cracked. Please, reset the operating system with deleting all data.” And this message was sent from IP Address 188.240.220.3]

    Crookservers was previously linked to an attack on the German parliament.

    The server used to control the malware was hired through Crookservers by a hacker using the pseudonym Nikolay Mladenov who paid using Bitcoin and Perfect Money, according to records seen by the BBC.

    The hacker used the server until June 2015, when it was deleted at Crookservers’s request following media reports of the attack.

    This server’s IP address also appears in malware used to target some attendees at the Farnborough air show in 2014.

    Fancy Bear malware used to attack a UK TV station and the DNC also contained this IP address, although the server was no longer in Fancy Bear’s control when these attacks occurred.

    A financial account used by Mladenov was also used by another hacker, operating under the pseudonym Klaus Werner, to hire more computers through Crookservers.

    One server hired by Werner received “redirected” traffic from a legitimate Nigerian government website, according to Secureworks analysis.

    Apple attack

    The financial account used by Mladenov and Werner was used by Fancy Bear hackers – including two using the names Bruno Labrousse and Roman Brecesku – to hire other servers from Crookservers.

    One server and the email address used to hire it seem to have links to “advanced espionage” malware used to target iOS devices.

    The malware was capable of turning on voice recording and stealing text messages.

    Another email used to hire servers can be linked to an attack against Bulgaria’s State Agency for National Security.

    But there are eight dedicated servers tied to the same financial information, whose use is unknown – suggesting there may be other Fancy Bear attacks that have not been publicly disclosed.

    Follow the money

    Fancy Bear spent at least $6,000 (£4,534) with Crookservers via a variety of services that offered an extra level of anonymity.

    They included Bitcoin, Liberty Reserve and Perfect Money. Liberty Reserve was later closed after an international money laundering investigation.

    The BBC asked a UK company called Elliptic, which specialises in identifying Bitcoin-related “illicit activity”, to analyse Fancy Bear’s Bitcoin payments.

    Lead investigator Tom Robinson said his team had identified the wallet that had been the source of these funds. He said the bitcoins it contained were “worth around $100,000”.

    Elliptic traced the source of some of the funds in that wallet to the digital currency exchange BTC-e.

    In July, BTC-e was closed by the US authorities and its Russian alleged founder arrested in Greece accused of money laundering.

    Although BTC-e is alleged to have been popular with Russian cyber-criminals, the BBC has no evidence its management was aware its clients included Fancy Bear.

    Crookservers closed on 10 October. Fancy Bear’s operations, however, have not.

    ———-

    “Russian Fancy Bear hackers’ UK link revealed” by Chris Vallance; BBC Radio 4, PM; 11/23/2017

    Over three years, Fancy Bear rented computers through Crookservers, covering its tracks using bogus identities, virtual private networks and hard-to-trace payment systems.”

    So for three years the group labeled “Fancy Bear”/APT28 by cybersecurity companies was using a number of different servers from Crookservers. A company set up by a guy, Usman Ashraf, who used to be in the UK but now lives in Pakistan. But Crookservers didn’t actually own the serves themselves. It was a server reseller that leased them from a different company based in France and Canada:


    Early in 2012, Crookservers claimed to be based at the same address as a newsagent’s on an unassuming terraced road in Oldham, according to historical website registration records.

    But after a short period, the listing switched to Pakistan. The BBC has seen no evidence the shop or its employees knew how the address was being used or that Crookservers had any real connection to the newsagent’s.

    Crookservers was what is known as a server reseller. It was an entirely online business. The computers it effectively sublet were owned by another company based in France and Canada.

    The BBC identified Crookservers’s operator as Usman Ashraf.

    Social media and other online accounts suggest he was present in the Oldham area between 2010 and mid-2014. He now seems to be based in Pakistan.

    So a server reseller that was set up in 2012 using the address of an Oldham, UK, newsagent. But the BBC couldn’t find any evidence that this address actually knew it was being listed as the address of Crookservers. Then address gets switched to Pakistan. And the guy behind the Crookservers, Usman Ashraf, appeared to be living in Oldham from 2010 to mid-2014 before moving to Pakistan. It’s, not not shady.

    And then there’s the shady activity by the hackers themselves. Shady activity that appears to demonstrate “poor tradecraft” according to the Secureworks cybersecurity firm. And that poor tradecraft includes the 91.121.108.153 server getting hacked in March of 2014, as the message from presumed hacker “Roman Brecesku” indicates:


    Researchers at cyber-threat intelligence company Secureworks, who analysed information from Crookservers for the BBC, said it had helped them connect several Fancy Bear operations.

    Senior security researcher Mike McLellan said the hackers had exhibited poor “tradecraft”.

    One communication shows one hacker, using the pseudonym Roman Brecesku, had complained that his server had been “cracked”.

    [see screenshot of message sent on March 6, 2014 from user “Roman Brecesku” to CrookedServers saying “Hello, my server 91.121.108.153 was cracked. Please, reset the operating system with deleting all data.” And this message was sent from IP Address 188.240.220.3]

    So this hacking crew appears to have issues with their servers getting hacked. At least the 91.121.108.153 server. Which probably has something to do with the “poor tradecraft” assessment.

    But the fact that 176.31.112.10 IP was found in the malware for four different hacking operations might also have something to do with that “poor tradecraft” assessment. The IP address was found in the DNC server hack, the Bundestag hack, a Farnborough air show attack in 2014, and the UK TV station attack, although the server was apparently not under Fancy Bear’s control when the UK Tv station and DNC attacks took place:


    Crookservers was previously linked to an attack on the German parliament.

    The server used to control the malware was hired through Crookservers by a hacker using the pseudonym Nikolay Mladenov who paid using Bitcoin and Perfect Money, according to records seen by the BBC.

    The hacker used the server until June 2015, when it was deleted at Crookservers’s request following media reports of the attack.

    This server’s IP address also appears in malware used to target some attendees at the Farnborough air show in 2014.

    Fancy Bear malware used to attack a UK TV station and the DNC also contained this IP address, although the server was no longer in Fancy Bear’s control when these attacks occurred.

    “Bear malware used to attack a UK TV station and the DNC also contained this IP address, although the server was no longer in Fancy Bear’s control when these attacks occurred.”

    So two of the four hacks attributed to the 176.31.112.10 server happened after APT28/Fancy Bear lost control of the server. Huh. You’d think this kind of discrepancy would raise more eyebrows.

    Posted by Pterrafractyl | November 28, 2017, 4:43 pm
  14. From a trusted associate:

    :Saw your post, Ptera, on the servers. Important to remember: at least at the time of the heartbleed announcement, the Open SSL board was majority German and Swede! I found that odd as the US is usually disproportionately represented on various standards committees or open source boards. Hell, that’s how we made the Internet our spy machine! But Open SSL isn’t like that, at least from my perception. And the flaw was in the code of a German PhD student… who worked for a DeutscheTelekom subsidiary after leaving the project in 2012. I can’t find anything on him after 2014, which is odd in itself.

    side note: it’s amusing to me that the “who is Sastoshi Nakamoto?” mystery is still a thing! So many debunkings and frauds… yet I have not seen a debunking of the Siemens theory? It’s like watching people puzzle over the Malaysian air disaster. “Hmmm… the pilot was a supporter of jihad backing Anwar Ibrahim who just got sentenced that day… nah, that couldn’t have anything to do with it! what a mystery!” Sometimes the answers are right in front of our faces…

    Who is Robin Seggelmann and did his Heartbleed break the internet?

    Who is Robin Seggelmann and did his Heartbleed break the internet?

    By Lia Timson

    German computer programmer Robin Seggelman is the man whose coding mistake, now known as Heartbleed, has left mi…

    Dr Seggelman, 31, from the small town of Oelde in north-west Germany, is a contributor to the Internet Engineering Task Force (IETF), a not-for-profit global group whose mission is to make the internet work better. He is attached to the Munster University of Applied Sciences in Germany, where, as research associate in the networking programming lab in the department of electrical engineering and computer science, he has published a number of papers, including his thesis on strategies to secure internet communications in 2012. He has been writing academic papers and giving talks on security matters since 2009, while still a PhD student.
    His academic research influence index score of two, based on the number of scientific citations of his work, suggests an influential thinker at the early stages of his scientific career.
    According to his Xing profile, Dr Seggelman has worked for Deutsche Telekom IT services subsidiary T-Systems, possibly the largest such consultancy in Germany, since 2012, as a solutions architect.’

    Enjoy!

    Dave Emory

    Posted by Dave Emory | November 29, 2017, 3:57 pm
  15. @Dave & trusted associate:
    That’s a good catch about the Heartbleed bug being introduced into OpenSSL by Deutsche Telekom employee Robin Seggelmann. And there’s an interesting fun fact about that bug that highlights one of the aspects of the open source software movement: Seggelmann introduced that bug for code that was part of his PhD thesis (see section 7.2 on the “Heatbeat extension” that was added to OpenSSL).

    What makes this fun fact so relevant to the open source software movement is the fact that if there was ever a time it would be easy to introduce a bug in your code and not catch it, it would be when you’re writing your PhD thesis. That’s generally not a time when someone has a lot of time on their hands. A robust and secure open source software movement will require A LOT of volunteers with A LOT of time on their hands. It’s one example of the benefits that leisure time gives a society: the time for people to collective do this voluntarily that no one is going to pay anyone to do. Like maintaining open source software, especially software like OpenSSL that’s used to encrypt internet traffic.

    Recall that Heartbleed reportedly existed for two years before being discovered. So that’s not just Seggelmann’s fault because a lot of eyes either saw the same code and missed the flaw and few others were looking at all. Unless Seggelmann was asked by the BND or something to implant that flaw intentionally, it’s hard to be mad at the guy. He’s only of those only people who was actually trying to upgrade and maintain the code and bugs are unavoidable at some point. Especially subtle security flaws.

    Also don’t forget the reports that anonymous sources claimed the NSA knew about Heartbleed for two years before it was disclosed. Which is not at all surprising if true. What would be surprising is if there weren’t all sorts of intelligence agencies aware of the bug shortly after it was introduced because they probably systematically review something as significant as OpenSSL updates. Along with who knows how many other private interests with the time and resources to pay people to quietly look for open source security vulnerabilities. Which again highlights the importance of a large pool of people with coding skills and lots of free time if society wants safe and secure free open source software. Leisure time pays dividends in a lot of different ways.

    So with all that in mind, it’s worth noting that Seggelmann was also the author of a second OpenSSL security flaw that was found a couple months after the Heartbleed exploit become public and lots of eyes started looking at that OpenSSL code. And this new flaw was just one of 6 flaws in OpenSSL that was publicly announced at that point. It was reportedly a particular nasty four year old flaw that would allow “arbitrary code execution”. But it wasn’t the oldest of the 6 flaws. The oldest has been around since 1998. And it was extra nasty: it also allowed for the arbitrary execution of code. And man-in-the-middle attacks. And, again, this extra natsy bug was introduced in 1998 and never found (by anyone willing to tell) until 2014:

    CSO

    Critical flaw in encryption has been in OpenSSL code for over 15 years
    By Ms. Smith

    After the Heartbleed vulnerability, more security researchers have turned their attention toward reviewing OpenSSL. Now it’s time to patch again, but the most alarming/bizarre part of the story is that one of the critical vulnerabilities in OpenSSL has been gone undetected since December 1998.

    Jun 5, 2014 12:35 PM

    After the Heartbleed vulnerability, more security researchers have turned their attention toward reviewing OpenSSL. Now it’s time to patch again, but the most alarming/bizarre part of the story is that one of the critical vulnerabilities in OpenSSL has been gone undetected since December 1998.

    If you’re looking for a positive slant to another critical hole being discovered in open source encryption software, then it would have to according to be that more researchers will likely keep digging into OpenSSL code. In the long run, that should make encryption more secure. In order to Reset the Net and reclaim our privacy, we need to encrypt everything.

    The patch released by the OpenSSL team today will close that hole along with five other flaws. “An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers,” states the OpenSSL security advisory in regards to CVE-2014-0224. “This can be exploited by a man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.”

    In a post explaining how he discovered the CCS injection vulnerability (CVE-2014-0224), security researcher Masashi Kikuchi wrote that the ChangeCipherSpec (CCS) bug “has existed since the very first release of OpenSSL. The biggest reason why the bug hasn’t been found for over 16 years is that code reviews were insufficient, especially from experts who had experiences with TLS/SSL implementation.”

    Google’s Adam Langley wrote, “The good news is that these attacks need man-in-the-middle position against the victim and that non-OpenSSL clients (IE, Firefox, Chrome on Desktop and iOS, Safari etc) aren’t affected. Nonetheless, all OpenSSL users should be updating.”

    Meanwhile, SANS Internet Storm Center classified two of the six newly patched vulnerabilities as critical, CVE-2014-0224 and CVE-2014-0195, and warned that they “may lead to arbitrary code execution.”

    The latter vulnerability in OpenSSL’s implementation of Datagram Transport Layer Security (DTLS) was credit to Jüri Aedla, who “recently made news by successfully compromising Mozilla Firefox during this year’s Pwn2Own contest.” HP’s TippingPoint Zero Day Initiative also pointed out:

    According to the commit logs, Robin Seggelmann introduced this vulnerability into the OpenSSL code base four years ago. Yes, Robin Seggelmann is also responsible for introducing the Heartbleed vulnerability. Two big vulnerabilities introduced by the same developer. Seggelmann is not completely to blame, of course. OpenSSL is an open source project. The ‘many eyes’ that look at this code failed to catch this bug, but a new breed of individuals are looking at this code…especially at Seggelmann’s code. This code is now known for having vulnerabilities. There is blood in the water. For the individuals auditing his code, the Zero Day Initiative will happily handle the work that goes into disclosing those vulnerabilities and reward you for your efforts.

    The remaining four flaws patched today could be used for denial-of-service: CVE-2014-0221, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470.

    ———-

    “Critical flaw in encryption has been in OpenSSL code for over 15 years” by Ms. Smith; CSO; 06/05/2014

    “In a post explaining how he discovered the CCS injection vulnerability (CVE-2014-0224), security researcher Masashi Kikuchi wrote that the ChangeCipherSpec (CCS) bug “has existed since the very first release of OpenSSL. The biggest reason why the bug hasn’t been found for over 16 years is that code reviews were insufficient, especially from experts who had experiences with TLS/SSL implementation.”

    Finding bugs can be hard. Code reviews are time consuming. And it’s hard to come up with a better example these realities than a 16 year man-in-the-middle security flaw in something OpenSSL that no one discovered (at least no one inclined to tell everyone).

    But that 1998 man-in-the-middle bug wasn’t Seggelmann’s bug in this batch of six found flaws. Seggelmann’s bug was introduced in 2010, the same year as Heartbleed was introduced. And like the man-in-the-middle attack, Seggelmann’s new bug allowed the “arbitrary execution of code” (which is quite a security flaw):


    Meanwhile, SANS Internet Storm Center classified two of the six newly patched vulnerabilities as critical, CVE-2014-0224 and CVE-2014-0195, and warned that they “may lead to arbitrary code execution.”

    The latter vulnerability in OpenSSL’s implementation of Datagram Transport Layer Security (DTLS) was credit to Jüri Aedla, who “recently made news by successfully compromising Mozilla Firefox during this year’s Pwn2Own contest.” HP’s TippingPoint Zero Day Initiative also pointed out:

    According to the commit logs, Robin Seggelmann introduced this vulnerability into the OpenSSL code base four years ago. Yes, Robin Seggelmann is also responsible for introducing the Heartbleed vulnerability. Two big vulnerabilities introduced by the same developer. Seggelmann is not completely to blame, of course. OpenSSL is an open source project. The ‘many eyes’ that look at this code failed to catch this bug, but a new breed of individuals are looking at this code…especially at Seggelmann’s code. This code is now known for having vulnerabilities. There is blood in the water. For the individuals auditing his code, the Zero Day Initiative will happily handle the work that goes into disclosing those vulnerabilities and reward you for your efforts.

    “Seggelmann is not completely to blame, of course. OpenSSL is an open source project. The ‘many eyes’ that look at this code failed to catch this bug

    Yep, even if Seggelmann is spy paid to insert bug, it’s hard to ignore the fact that the whole point the open source movement is the conviction that bugs will be found and fixed. Especially really important bugs like a bug that might allow man-in-the-middle attacks and the arbitrary execution of code via an open source internet standard like OpenSSL. This was a group failure by a very big group.

    It also all raises the question of how many improvements have been made in recent years on open source review. On the plus side, a large number of potential security flaws were found in open source security software (264 flaws) after Google used its software testing tools to scan a large number of open source tools. On the minus side, this points towards the reality that mega-companies like Google are probably going to fill in the gap for a lot of this code review, which isn’t exactly living up to the open source ideal as open source becomes more and more a component of big business.

    On another plus side, Google will have an extra incentive to find and publicly disclose a lot of security flaws it finds because it can already spy on almost everyone so easily in so many other ways. That’s a plus side that doubles as a minus side.

    Posted by Pterrafractyl | November 29, 2017, 11:49 pm
  16. Well that’s quite a twist. The New York Times and The Intercept just published a pair of stories about the US efforts to recover the still unreleased contents of the Shadow Brokers’ stolen NSA hacking tools. But the stories go far beyond just the Shadow Brokers:

    The stories detail a US intelligence operation that started in December of 2016 to track down the Shadow Brokers and obtain the still unreleased hacking tools. The US worked through an American businessman in Germany as an intermediary. That led US agents to Carlo, a hacker who, according to The Intercept, was located in Germany. But according to the New York Times, was located in Vienna, Austria. Carlo had reportedly previously worked with US intelligence agents. Carlo offered to provide US agents with the full set of hacking tools – so the US could know what was taken – along with the names of people in his network.

    Carlo convinced US agents that he was indeed in possession of the still unreleased hacking tools (or at least knew the people who were) by giving advance notice of the Shadow Brokers’ subsequent public releases of more hacking tools. So, on some level, it appears that US agents did indeed find someone who had the hacking tools, or knew who had them.

    But that’s when things got extra weird. Carlo wanted immunity from US prosecution as the price for returning the unreleased tools, which the US wouldn’t provide. Those negotiations broke down, and the US agents offered to just buy the hacking tools from the hacker instead. And that’s when the negotiations were taken over by a Russian in Germany.

    This Russian is apparently someone known to US intelligence agencies as a kind of ‘fixer’ for Russia’s FSB with a direct link to former FSB director Nikolai Patrushev. He’s also someone who had previously dealt with American intelligence operatives, according to US and European officials. He’s also known to have previously worked for a Russian oligarch to help move illicit shipments of semiprecious metals for a Russian oligarch.

    American intelligence agencies reportedly spent months tracking the Russian, including his flights to Berlin, his rendezvous with a mistress in Vienna and his trips home to St. Petersburg.

    The Russian was also known to have ties to Eastern European cyber-criminals. And a history of money laundering with what is describe as a “thin legitimate cover business” of a nearly bankrupt company that sold portable grills for streetside sausage salesmen that was incorporated in Britain. So there’s a surprising amount of information about this mysterious Russian intermediary provided. Potentially enough information to identify this guy. But it’s unclear how anonymous this guy wants to be because he was willing to be interview by both The Intercept and The New York Times. Yep, these reports were both based on interview of this alleged FSB ‘fixer.’

    So, if we’re to interpret this all at face value, the Russian government was behind the Shadow Brokers hack, they initially had a German hacker who was willing to return the hacking tools and expose his entire network in exchange for immunity. The hacker demonstrated a degree of closely with the Shadow Brokers by predicting the public releases. But when the US refused the immunity deal and offered to buy the tools instead, the Russians used known ‘fixer’ who had previously worked with US intelligence agents to negotiate that sale. And this FSB ‘fixer’ was willing to be interviewed and talk about this. Ummm….this seems like a really questionable story so far.

    But it gets weirder. Much much weirder. The Russian also claimed to have a trove of compromising documents on Donald Trump, including a video of Trump consorting with prostitutes in a Moscow hotel room in 2013. It’s reported that there’s no evidence that such a video exists, although the New York Times report also includes a reference to an American businessman being shown a 15 second clip of a video showing a man in a room talking to two women. There’s no audio and there was no way to verify the man is Donald Trump. And the viewing took place at the Russian Embassy in Berlin, according to the businessman.
    In addition to the video, the Russian also tried to sell other documents on Trump, including bank records, emails, and Russian intelligence data. The New York Times got to look at four of these documents that this mysterious Russian tried to pass along to the Americans (presumably the Russian provided them). One document featured Carter Page. Another features Robert and Rebekah Mercer. None of the documents could be verified and all four were drawn almost entirely from news reports. The New York Times article includes a comment by a former KGB officer saying the purported Russian intelligence documents also contained stylistic and grammatical usages not typically seen in Russian intelligence reports.

    Early on, the asking price for the material was $10 million but quickly dropped to a $1 million. It was a few months after negotiations started that the American businessman was shown the video. The CIA reportedly didn’t actually want to get the purported dirt on Trump over concerns that this was an operation designed to sow discord between the White House and US intelligence agencies and the CIA decided they just wanted to stick with retrieving the hacking tools. The $1 million price was agreed upon and a $100,000 cash drop intended to be a down payment took place in September.

    But there were a number of hurdles before that price was arrive at. By April of 2017, it appeared a deal for the sale was worked out. The Russian intermediary met with US agents and a hand off of a thumb drive took place at a West Berlin bar. The thumb drive was supposed to contained a sample of the hacking tools that was to come. But there was a big problem. That sample only contained hacking code that had already been publicly released. The CIA backed out of the deal. The Russian was reportedly furious and the negotiations continued, eventually leading up to the September $100,000 cash drop.

    Additionally, according the New York Times report, at least four Russians with espionage and underworld connections have appeared in Central and Easter Europe offering to sell to US political operatives, private investigators, and spies compromising information that would corroborate the Steele dossier. Cody Shearer, an American political operative with ties to the Democratic Party, has also reportedly been traveling Eastern Europe for more than six months to secure this ‘kompromat’ from a different Russian.

    So in September the $100,00 cash drop takes place, and a few weeks later the Russian began handling over data. But almost everything he delivered was the ‘kompromat’. Not the hacking tools. According to The Intercept, this kompromat included names of specific individuals and corporate entities allegedly tied to Russian interference in the 2016 U.S. election (so it would be a Russian government admission that it was involved in a US election interference campaign).

    The Americans continued to press for the hacking tools. In December, the Russian said he was holding out on the hacking tools at the orders of senior Russian intelligence officials. So, early this year, the Americans issued an ultimatum: he had to start working for them and name everyone in his network or go back to Russian and never return to Europe. He took the latter option.

    And this entire story, a story that could be interpreted as a Russian government admission of guilt over virtually ALL of the high-profile hacks targeting the US in recent years, appears to be largely backed up by the interviews this mysterious Russian FSB ‘fixer’ did with both The New York Times and The Intercept.

    In fact, The Intercept was provided a document that describes an admission that the Russian provided to the Americans that, yes, there really has been an official Russian government effort to target US political activities starting in late 2014 or early 2015. The Russian told the Americans that he had no knowledge of a “master plan” to cause major disruption to U.S. election activities, but the effort was generally understood as a “green light” from Russian security officials to enlist cyber-related groups in probing and harassing activities directed at U.S. targets. That implies this entire alleged Russian government operation to sell ‘kompromat’ on Trump to the CIA apparently included telling the US agents that, yes, the Russian government really is behind this entire ‘Russian hacker’ campaign.

    So, to summarize:

    1. The CIA set out to retrieve the stolen hacking tools in December of 2016.

    2. They came across a hacker, Carlo, who is either located in Germany or Austria. Carlo offered to return all the hacking tools and expose his network in exchange for immunity. Carlo had previously worked with US intelligence agents. Carlo demonstrated an ability to predict the Shadow Brokers’ public releases.

    3. When the US refused to offer immunity and offered cash instead, a Russian in Germany known to be an FSB ‘fixer’ took over the negotiations. This figure is a known money-launderer with a history of interactions with US and European intelligence agencies.

    4. The Russian first asked for $10 million, then $1 million. And soon started offering all sorts of ‘kompromat’ on Trump.
    5. A few weeks after negotiations began, an American businessman was shown a 15 second video purportedly of Trump with prostitutes in a Moscow hotel in 2013, although it can’t be verified its Trump.

    6. In August of 2017, the Russian handed over a thum drive contain a sample of the hacking tools. It was all publicly released content.

    7. Negotiations stalled, then continued, and in September a $100,000 initial cash drop took place. The documents provided were all ‘kompromat’, with no hacking tools. The material included names of specific individuals and corporate entities allegedly tied to Russian interference in the 2016 U.S. election.
    8. When pressed about the hacking tools, the Russian claimed senior Russian intelligence officials stopped him from releasing the hacking tools.

    9. The Americans eventually banished the Russian from Europe after giving him a ‘work for us or go away’ offer.

    10. This Russian was willing to be interview by the New York Times and The Intercept and even provided four example documents of the ‘kompromat’ he was trying to pass along to the Americans. It was all publicly available information that contained unusual syntax for Russian intelligence documents according to a former KGB officer.

    11. This Russian reportedly told the Americans that the Russian government really did ‘green light’ this high-profile ‘I’m a Russian hacker!’ hacking campaign against US elections starting in late 2014 or early 2015 according to a document provided to The Intercept.

    12. There are at least four Russians with espionage and underworld connections have appeared in Central and Eastern Europe, offering to sell kompromat to American political operatives, private investigators and spies that would corroborate the Steele dossier. Cody Shearer, a Democratic Party operative, has been trying to obtain such material from a different Russian.

    So, if we are to accept all this, then the Russian government just had one of its ‘fixers’ basically admit that the Russian government was behind the Shadow Brokers hack and subsequent release of the hacking tools which posed a massive threat to computer security around the globe. And the Russian government wants this ‘fixer’ to openly peddle ‘kompromat’ on Donald Trump, but it’s either unverifiable material or publicly available. And this FSB ‘fixer’ was willing to talk to two news papers about all this:

    The New York Times

    U.S. Spies, Seeking to Retrieve Cyberweapons, Paid Russian Peddling Trump Secrets

    By Matthew Rosenberg
    Feb. 9, 2018

    BERLIN — After months of secret negotiations, a shadowy Russian bilked American spies out of $100,000 last year, promising to deliver stolen National Security Agency cyberweapons in a deal that he insisted would also include compromising material on President Trump, according to American and European intelligence officials.

    The cash, delivered in a suitcase to a Berlin hotel room in September, was intended as the first installment of a $1 million payout, according to American officials, the Russian and communications reviewed by The New York Times. The theft of the secret hacking tools had been devastating to the N.S.A., and the agency was struggling to get a full inventory of what was missing.

    Several American intelligence officials said they made clear that they did not want the Trump material from the Russian, who was suspected of having murky ties to Russian intelligence and to Eastern European cybercriminals. He claimed the information would link the president and his associates to Russia. Instead of providing the hacking tools, the Russian produced unverified and possibly fabricated information involving Mr. Trump and others, including bank records, emails and purported Russian intelligence data.

    The United States intelligence officials said they cut off the deal because they were wary of being entangled in a Russian operation to create discord inside the American government. They were also fearful of political fallout in Washington if they were seen to be buying scurrilous information on the president.

    The Central Intelligence Agency declined to comment on the negotiations with the Russian seller. The N.S.A., which produced the bulk of the hacking tools that the Americans sought to recover, said only that “all N.S.A. employees have a lifetime obligation to protect classified information.”

    The negotiations in Europe last year were described by American and European intelligence officials, who spoke on the condition of anonymity to discuss a clandestine operation, and the Russian. The United States officials worked through an intermediary — an American businessman based in Germany — to preserve deniability. There were meetings in provincial German towns where John le Carré set his early spy novels, and data handoffs in five-star Berlin hotels. American intelligence agencies spent months tracking the Russian’s flights to Berlin, his rendezvous with a mistress in Vienna and his trips home to St. Petersburg, the officials said.

    The N.S.A. even used its official Twitter account to send coded messages to the Russian nearly a dozen times.

    The episode ended this year with American spies chasing the Russian out of Western Europe, warning him not to return if he valued his freedom, the American businessman said. The Trump material was left with the American, who has secured it in Europe.

    The Russian claimed to have access to a staggering collection of secrets that included everything from the computer code for the cyberweapons stolen from the N.S.A. and C.I.A. to what he said was a video of Mr. Trump consorting with prostitutes in a Moscow hotel room in 2013, according to American and European officials and the Russian, who agreed to be interviewed in Germany on the condition of anonymity. There remains no evidence that such a video exists.

    The Russian was known to American and European officials for his ties to Russian intelligence and cybercriminals — two groups suspected in the theft of the N.S.A. and C.I.A. hacking tools.

    But his apparent eagerness to sell the Trump “kompromat” — a Russian term for information used to gain leverage over someone — to American spies raised suspicions among officials that he was part of an operation to feed the information to United States intelligence agencies and pit them against Mr. Trump. Early in the negotiations, for instance, he dropped his asking price from about $10 million to just over $1 million. Then, a few months later, he showed the American businessman a 15-second clip of a video showing a man in a room talking to two women.

    No audio could be heard on the video, and there was no way to verify if the man was Mr. Trump, as the Russian claimed. But the choice of venue for showing the clip heightened American suspicions of a Russian operation: The viewing took place at the Russian Embassy in Berlin, the businessman said.

    There were other questions about the Russian’s reliability. He had a history of money laundering and a thin legitimate cover business — a nearly bankrupt company that sold portable grills for streetside sausage salesmen, according to British incorporation papers.

    “The distinction between an organized criminal and a Russian intelligence officer and a Russian who knows some Russian intel guys — it all blurs together,” said Steven L. Hall, the former chief of Russia operations at the C.I.A. “This is the difficulty of trying to understand how Russia and Russians operate from the Western viewpoint.”.

    American intelligence officials were also wary of the purported kompromat the Russian wanted to sell. They saw the information, especially the video, as the stuff of tabloid gossip pages, not intelligence collection, American officials said.

    But the Americans desperately wanted the hacking tools. The cyberweapons had built to break into the computer networks of Russia, China and other rival powers. Instead, they ended up in the hands of a mysterious group calling itself the Shadow Brokers, which has since provided hackers with tools that infected millions of computers around the world, crippling hospitals, factories and businesses.

    American intelligence agencies believe that Russia’s spy services see the deep political divisions in the United States as a fresh opportunity to inflame partisan tensions. Russian hackers are targeting American voting databases ahead of the midterm election this year, they said, and using bot armies to promote partisan causes on social media. The Russians are also particularly eager to cast doubt on the federal and congressional investigations into the Russian meddling, American intelligence officials said.

    Part of that effort, the officials said, appears to be trying to spread information that hews closely to unsubstantiated reports about Mr. Trump’s dealings in Russia, including the purported video, whose existence Mr. Trump has repeatedly dismissed.

    Rumors that Russian intelligence possesses the video surfaced more than a year ago in an explosive and unverified dossier compiled by a former British spy and paid for by Democrats. Since then, at least four Russians with espionage and underworld connections have appeared in Central and Eastern Europe, offering to sell kompromat to American political operatives, private investigators and spies that would corroborate the dossier, American and European intelligence officials said.

    American officials suspect that at least some of the sellers are working for Russia’s spy services.

    The Times obtained four of the documents that the Russian in Germany tried to pass to American intelligence (The Times did not pay for the material). All are purported to be Russian intelligence reports, and each focuses on associates of Mr. Trump. Carter Page, the former campaign adviser who has been the focus of F.B.I. investigators, features in one; Robert and Rebekah Mercer, the billionaire Republican donors, in another.

    Yet all four appear to be drawn almost entirely from news reports, not secret intelligence. They all also contain stylistic and grammatical usages not typically seen in Russian intelligence reports, said Yuri Shvets, a former K.G.B. officer who spent years as a spy in Washington before immigrating to the United States after the end of the Cold War.

    American spies are not the only ones who have dealt with Russians claiming to have secrets to sell. Cody Shearer, an American political operative with ties to the Democratic Party, has been crisscrossing Eastern Europe for more than six months to secure the purported kompromat from a different Russian, said people familiar with the efforts, speaking on the condition of anonymity to avoid damaging their relationship with him.

    Reached by phone late last year, Mr. Shearer would say only that his work was “a big deal — you know what it is, and you shouldn’t be asking about it.” He then hung up.

    Mr. Shearer’s efforts grew out of work he first began during the 2016 campaign, when he compiled a pair of reports that, like the dossier, also included talk of a video and Russian payoffs to Trump associates. It is not clear what, if anything, Mr. Shearer has been able to purchase.

    Before the Americans were negotiating with the Russian, they were dealing with a hacker in Vienna known only to American intelligence officials as Carlo. In early 2017, he offered to provide them with a full set of hacking tools that were in the hands of the Shadow Brokers and the names of other people in his network, American officials said. In exchange, he wanted immunity from prosecution in the United States.

    But the immunity deal fell apart, so intelligence officials decided to do what spies do best: They offered to buy the data. That is when the Russian in Germany emerged, telling the Americans he would handle the sale.

    Like Carlo, he had previously dealt with American intelligence operatives, American and European officials said. He served as a fixer, of sorts, brokering deals for Russia’s Federal Security Service, or F.S.B., which is the successor to the Soviet K.G.B. American intelligence officials said that he had a direct link to Nikolai Patrushev, a former F.S.B. director, and that they knew of previous work he had done helping move illicit shipments of semiprecious metals for a Russian oligarch.

    By last April it appeared that a deal was imminent. Several C.I.A. officers even traveled from the agency’s headquarters to help the agency’s Berlin station handle the operation.

    At a small bar in the former heart of West Berlin, the Russian handed the American intermediary a thumb drive with a small cache of data that was intended to provide a sample of what was to come, American officials said.

    Within days, though, the deal turned sour. American intelligence agencies determined that the data was genuinely from the Shadow Brokers, but was material the group had already made public. As a result, the C.I.A. said it would not pay for it, American officials said.

    The Russian was furious. But negotiations limped on until September, when the two sides agreed to try again.

    Late that month, the American businessman delivered the $100,000 payment. Some officials said it was United States government money but routed through an indirect channel.

    A few weeks later, the Russian began handing over data. But in multiple deliveries in October and December, almost all of what he delivered was related to the 2016 election and alleged ties between Mr. Trump’s associates and Russia, not the N.S.A. or C.I.A. hacking tools.

    In December, the Russian said he told the American intermediary that he was providing the Trump material and holding out on the hacking tools at the orders of senior Russian intelligence officials.

    Early this year, the Americans gave him one last chance. The Russian once again showed up with nothing more than excuses.

    So the Americans offered him a choice: Start working for them and provide the names of everyone in his network — or go back to Russia and do not return.

    The Russian did not give it much thought. He took a sip of the cranberry juice he was nursing, picked up his bag and said, “Thank you.” Then he walked out the door.

    ———-

    “U.S. Spies, Seeking to Retrieve Cyberweapons, Paid Russian Peddling Trump Secrets” by Matthew Rosenberg; The New York Times; 02/09/2018

    “The cash, delivered in a suitcase to a Berlin hotel room in September, was intended as the first installment of a $1 million payout, according to American officials, the Russian and communications reviewed by The New York Times. The theft of the secret hacking tools had been devastating to the N.S.A., and the agency was struggling to get a full inventory of what was missing.”

    Yep, this whole story isn’t just based on interviews with American intelligence officials. The mysterious Russian was also willing to be interviewed. And as we can see, it’s not like he’s providing an alternative spin to the version of events. He appears to more or less corroborate everything.

    So who is this mysterious Russian? Well, we’re told that he is suspected of having murky ties to Russian intelligence and to Eastern European cybercriminals:


    Several American intelligence officials said they made clear that they did not want the Trump material from the Russian, who was suspected of having murky ties to Russian intelligence and to Eastern European cybercriminals. He claimed the information would link the president and his associates to Russia. Instead of providing the hacking tools, the Russian produced unverified and possibly fabricated information involving Mr. Trump and others, including bank records, emails and purported Russian intelligence data.

    We’re also told that he’s a known ‘fixer’ for the FSB who had previously dealt with US intelligence. Along with the German hacker Carlo:


    Like Carlo, he had previously dealt with American intelligence operatives, American and European officials said. He served as a fixer, of sorts, brokering deals for Russia’s Federal Security Service, or F.S.B., which is the successor to the Soviet K.G.B. American intelligence officials said that he had a direct link to Nikolai Patrushev, a former F.S.B. director, and that they knew of previous work he had done helping move illicit shipments of semiprecious metals for a Russian oligarch.

    And he also has a history of money-laundering, prompting the former chief of Russia operations at the C.I.A. to make the point that there isn’t a clear distinction between organized criminals and Russian intelligence assets (which is, of course, the case for intelligence assets all over the world):


    There were other questions about the Russian’s reliability. He had a history of money laundering and a thin legitimate cover business — a nearly bankrupt company that sold portable grills for streetside sausage salesmen, according to British incorporation papers.

    “The distinction between an organized criminal and a Russian intelligence officer and a Russian who knows some Russian intel guys — it all blurs together,” said Steven L. Hall, the former chief of Russia operations at the C.I.A. “This is the difficulty of trying to understand how Russia and Russians operate from the Western viewpoint.”.

    “There were other questions about the Russian’s reliability. He had a history of money laundering and a thin legitimate cover business — a nearly bankrupt company that sold portable grills for streetside sausage salesmen, according to British incorporation papers.”

    That sure is a lot of potentially identifying information about this guy. Anyone know a Russian with a nearly bankrupt company that sold portable grills for streetside sausage salesmen, according to British incorporation papers? Because that just might be our mystery Russian.

    And this mystery Russian was tracked by US officials for months traveling back and forth between Berlin, Vienna, and St. Petersburg:


    The negotiations in Europe last year were described by American and European intelligence officials, who spoke on the condition of anonymity to discuss a clandestine operation, and the Russian. The United States officials worked through an intermediary — an American businessman based in Germany — to preserve deniability. There were meetings in provincial German towns where John le Carré set his early spy novels, and data handoffs in five-star Berlin hotels. American intelligence agencies spent months tracking the Russian’s flights to Berlin, his rendezvous with a mistress in Vienna and his trips home to St. Petersburg, the officials said

    So that’s our mystery Russian who was happy to talk with the New York Times and the Intercept on the condition of anonymity.

    And then there’s Carlo the hacker. Carlo was apparently willing to turn over people in his network along with all the hacking tools in exchange for immunity:


    Before the Americans were negotiating with the Russian, they were dealing with a hacker in Vienna known only to American intelligence officials as Carlo. In early 2017, he offered to provide them with a full set of hacking tools that were in the hands of the Shadow Brokers and the names of other people in his network, American officials said. In exchange, he wanted immunity from prosecution in the United States.

    But the immunity deal fell apart, so intelligence officials decided to do what spies do best: They offered to buy the data. That is when the Russian in Germany emerged, telling the Americans he would handle the sale.

    So, if we assume that the Shadow Brokers are indeed a Russian government operation, they apparently first were using Carlo, a German hacker, as a front. But when the CIA turned downs Carlos demands for immunity, the Russians decided to drop the mask and have the mystery Russian directly negotiate a sales price. Again, doesn’t this seem incredibly odd?

    So after the mystery Russian takes over the negotiations, he starts offering all sorts of ‘kompromat’, including a video of Trump with prostitutes which was shown to the American businessman intermediary as the Russian embassy in Berlin:


    The Russian claimed to have access to a staggering collection of secrets that included everything from the computer code for the cyberweapons stolen from the N.S.A. and C.I.A. to what he said was a video of Mr. Trump consorting with prostitutes in a Moscow hotel room in 2013, according to American and European officials and the Russian, who agreed to be interviewed in Germany on the condition of anonymity. There remains no evidence that such a video exists.

    The Russian was known to American and European officials for his ties to Russian intelligence and cybercriminals — two groups suspected in the theft of the N.S.A. and C.I.A. hacking tools.

    But his apparent eagerness to sell the Trump “kompromat” — a Russian term for information used to gain leverage over someone — to American spies raised suspicions among officials that he was part of an operation to feed the information to United States intelligence agencies and pit them against Mr. Trump. Early in the negotiations, for instance, he dropped his asking price from about $10 million to just over $1 million. Then, a few months later, he showed the American businessman a 15-second clip of a video showing a man in a room talking to two women.

    No audio could be heard on the video, and there was no way to verify if the man was Mr. Trump, as the Russian claimed. But the choice of venue for showing the clip heightened American suspicions of a Russian operation: The viewing took place at the Russian Embassy in Berlin, the businessman said.

    But the Americans weren’t interested in this kompromat, ostensibly over fears that this could exacerbate tensions between the White House and intelligence community. In addition, the rest of the kompromat appeared to be publicly available information and didn’t match traditional FSB grammar or language:


    The Times obtained four of the documents that the Russian in Germany tried to pass to American intelligence (The Times did not pay for the material). All are purported to be Russian intelligence reports, and each focuses on associates of Mr. Trump. Carter Page, the former campaign adviser who has been the focus of F.B.I. investigators, features in one; Robert and Rebekah Mercer, the billionaire Republican donors, in another.

    Yet all four appear to be drawn almost entirely from news reports, not secret intelligence. They all also contain stylistic and grammatical usages not typically seen in Russian intelligence reports, said Yuri Shvets, a former K.G.B. officer who spent years as a spy in Washington before immigrating to the United States after the end of the Cold War.

    So the negotiations keep happening primarily over the hacking tools. And a $1 million price is arrived at. But when the example hacking tools are delivered, it’s all publicly available code:


    By last April it appeared that a deal was imminent. Several C.I.A. officers even traveled from the agency’s headquarters to help the agency’s Berlin station handle the operation.

    At a small bar in the former heart of West Berlin, the Russian handed the American intermediary a thumb drive with a small cache of data that was intended to provide a sample of what was to come, American officials said.

    Within days, though, the deal turned sour. American intelligence agencies determined that the data was genuinely from the Shadow Brokers, but was material the group had already made public. As a result, the C.I.A. said it would not pay for it, American officials said.

    Keep in in mind, as we’ll see in The Intercept piece below, Carlo correctly gave advance notice of Shadow Broker releases. And yet, when it came to this mystery Russian, he only provided hacking code samples that were available to everyone in the world.

    But the negotiations continue, they come to an agreement in September, a $100,000 downpayment is made, and but the content delivered is all just the kompromat. And when pressed on this, the Russian claims that senior Russian intelligence officials prevented the return of the hacking tools:


    The Russian was furious. But negotiations limped on until September, when the two sides agreed to try again.

    Late that month, the American businessman delivered the $100,000 payment. Some officials said it was United States government money but routed through an indirect channel.

    A few weeks later, the Russian began handing over data. But in multiple deliveries in October and December, almost all of what he delivered was related to the 2016 election and alleged ties between Mr. Trump’s associates and Russia, not the N.S.A. or C.I.A. hacking tools.

    In December, the Russian said he told the American intermediary that he was providing the Trump material and holding out on the hacking tools at the orders of senior Russian intelligence officials.

    “In December, the Russian said he told the American intermediary that he was providing the Trump material and holding out on the hacking tools at the orders of senior Russian intelligence officials.

    Note the phrasing here because it sure sounds like it’s the mystery Russian who is recounting this to the the reporter. And he’s recounting what amounts to an admission that the Russian government is indeed behind the Shadow Brokers…a hacking team that has done immense damage to people and organizations around the world by suddenly dumping those tools onto the internet.

    And there are at least four Russians running around Europe trying to peddle kompromat on Trump:


    Rumors that Russian intelligence possesses the video surfaced more than a year ago in an explosive and unverified dossier compiled by a former British spy and paid for by Democrats. Since then, at least four Russians with espionage and underworld connections have appeared in Central and Eastern Europe, offering to sell kompromat to American political operatives, private investigators and spies that would corroborate the dossier, American and European intelligence officials said.

    American officials suspect that at least some of the sellers are working for Russia’s spy services.

    American spies are not the only ones who have dealt with Russians claiming to have secrets to sell. Cody Shearer, an American political operative with ties to the Democratic Party, has been crisscrossing Eastern Europe for more than six months to secure the purported kompromat from a different Russian, said people familiar with the efforts, speaking on the condition of anonymity to avoid damaging their relationship with him.

    Reached by phone late last year, Mr. Shearer would say only that his work was “a big deal — you know what it is, and you shouldn’t be asking about it.” He then hung up.

    So that’s what the New York Times reporter on this, which is largely what’s in The Intercept’s report. But there are some additional details. Like how Carlos was located in Germany, not Vienna.

    The piece also includes the critical information that Carlos correctly gave advance notice to the Shadow Broker releases. It also includes reporting on a document that summarizes some rather remarkable admissions by the mystery Russian that, yes, there really has been an official Russian government effort to target US political activities starting in late 2014 or early 2015:

    The Intercept

    U.S. Secretly Negotiated With Russians to Buy Stolen NSA Documents — and the Russians Offered Trump-Related Material, Too

    James Risen

    February 9 2018, 3:32 p.m.

    The United States intelligence community has been conducting a top-secret operation to recover stolen classified U.S. government documents from Russian operatives, according to sources familiar with the matter. The operation has also inadvertently yielded a cache of documents purporting to relate to Donald Trump and Russian meddling in the 2016 presidential election.

    Over the past year, American intelligence officials have opened a secret communications channel with the Russian operatives, who have been seeking to sell both Trump-related materials and documents stolen from the National Security Agency and obtained by Russian intelligence, according to people involved with the matter and other documentary evidence. The channel started developing in early 2017, when American and Russian intermediaries began meeting in Germany. Eventually, a Russian intermediary, apparently representing some elements of the Russian intelligence community, agreed to a deal to sell stolen NSA documents back to the U.S. while also seeking to include Trump-related materials in the package.

    A Russian who has been acting as a go-between for other Russians with access to Russian government materials has sought payment for the materials he is offering. In an extensive interview with The Intercept in Germany, the Russian intermediary provided detailed information about the channel. When contacted by The Intercept for this story, the American intermediary declined to comment.

    Even many involved in the secret communications channel between U.S. intelligence and the Russians are said to be uncertain about what is really going on with the operation. Recently, the Russians have been seeking to provide documents said to be related to Trump officials and Russian meddling in the 2016 campaign, including some purloined FBI reports and banking records. It is not clear whether those documents are in possession of American officials. It is also unclear whether the secret channel has helped the U.S. recover significant amounts of data from the NSA documents believed to have been stolen by the Shadow Brokers.

    Further, it is not known whether the Russians involved in the channel are acting on their own or have been authorized by the Russian government to try to sell the materials to the United States. As a result, the Americans are uncertain whether the Russians involved are part of a disinformation campaign orchestrated by Moscow, either to discredit Trump or to discredit efforts by American officials investigating Trump’s possible ties to Russia, including Special Counsel Robert Mueller.

    The existence of the off-the-books communications channel, which has been a closely guarded secret within the U.S. intelligence community, has been highly controversial among those officials who know about it, and has begun to cause rifts between officials at the CIA and the NSA who have been involved with it at various times over the past year.

    The CIA, which is now headed by a Trump loyalist, CIA Director Mike Pompeo, has at times been reluctant to stay involved in the operation, apparently for fear of obtaining the Trump-related material offered by the Russians, according to sources close to the negotiations. In the period in which the communications channel has been open, CIA officials are said to have repeatedly changed their views about it. They have sometimes expressed interest, only to later back away from any involvement with the channel and the intermediaries. At some points, the CIA has been serious enough about buying materials through the channel that agency officials said they had transported cash to the CIA’s station in Berlin to complete the transaction. But at other points, agency officials backed off and shut down their communications. Some people involved with the channel believe that the CIA has grown so heavily politicized under Pompeo that officials there have become fearful of taking possession of any materials that might be considered damaging to Trump.

    The CIA’s wariness shows that the reality within the U.S. intelligence community is a far cry from the right-wing conspiracy theory that a “deep state” is working against Trump. Instead, the agency’s behavior seems to indicate that U.S. intelligence officials are torn about whether to conduct any operations at all that might aid Mueller’s ongoing investigation into whether Trump or his aides colluded with Russia to win the 2016 presidential election.

    Many intelligence officials are reluctant to get involved with anything related to the Trump-Russia case for fear of blowback from Trump himself, who might seek revenge by firing senior officials and wreaking havoc on their agencies. For example, Dan Coats, the director of national intelligence and thus the man supposedly in charge of the entire U.S. intelligence community, has said he does not see it as his role to push for an aggressive Trump-Russia investigation, according to a source familiar with the matter.

    Because of the CIA’s reluctance to take an aggressive role, officials at the NSA have taken the lead on the communications channel, with a primary focus on recovering their own stolen documents. They have viewed the Trump-related material as an annoying sidelight, even as they understand that it is potentially the most explosive material to have come through the channel.

    The channel has been operating in the shadows even as Mueller’s investigation has been basking in the spotlight. Last year, three former Trump campaign officials faced charges as part of Mueller’s investigation, and the special counsel continues to investigate both possible collusion between the Trump campaign and Russia and evidence of efforts by Trump or others close to him to obstruct justice in the Mueller probe.

    According to documents obtained by The Intercept that summarize much of the channel’s history, a key American intermediary with the Russians was first approached by U.S. intelligence officials in late December 2016. The officials asked him to help them recover NSA documents believed to have been stolen by the Shadow Brokers.

    The American was able to identify a hacker in Germany who claimed to have access to some of the stolen data believed to be held by the Shadow Brokers, and who accurately provided advance notice of several Shadow Broker data releases. The hacker’s cooperation with the U.S. intelligence community broke down over his demands for full immunity from U.S. prosecution for his hacking activities — negotiations that failed largely because the hacker refused to provide his full personal identification to the Americans.

    Eventually, the relationship with the hacker in Germany led the Americans to begin talks with a Russian who became a key intermediary in the channel. The Russian is believed to have ties to officials in Russian intelligence.

    In March 2017, the Russian met with the American intermediary and a U.S. official in Berlin and agreed to provide the stolen NSA data from the Shadow Brokers in exchange for payment. The U.S. government used “certain messaging techniques” that the Russian accepted as proof that the U.S. government was behind the negotiations and the proposed deal, according to the documents obtained by The Intercept.

    Officials gave the Russians advance knowledge that on June 20, 2017, at 12:30 p.m., the official NSA Twitter account would tweet: “Samuel Morse patented the telegraph 177 years ago. Did you know you can still send telegrams? Faster than post & pay only if it’s delivered.”

    That tweet, in exactly those words, was issued at that time.

    The NSA used that messaging technique repeatedly over the following months, each time officials wanted to communicate with the Russians or reassure them that the U.S. was still supporting the channel. Each time, the Russians were told the text of the tweets in advance and the exact time they would be released. Each tweet looked completely benign but was in fact a message to the Russians.

    But the channel broke down several times, often over disagreements between the U.S. and the Russians about how money would be exchanged and what data was to be received. In May 2017, U.S. officials were upset that the first tranche of data they received contained files already known to have been stolen because they had already been released by the Shadow Brokers. But the Russian intermediary continued to insist that he could provide data held by the Shadow Brokers, as well as materials related to Trump officials and Russian activity in the 2016 campaign. Throughout 2017, the U.S. officials sought to limit the scope of their investigation to data stolen by the Shadow Brokers, leaving aside the materials related to Trump. U.S. officials also began to wonder whether the Russian intermediary was part of a so-called dangle operation involving Russian disinformation.

    But by last fall, the Russian began passing information to the American intermediary that was unrelated to the Shadow Brokers, including the names of specific individuals and corporate entities allegedly tied to Russian interference in the 2016 U.S. election. The American intermediary turned the information over to U.S. intelligence for the purpose of determining the Russian’s credibility. U.S. intelligence officials continued to stress that they were only interested in recovering stolen U.S. data. Still, it was understood that if the Russian provided material related to Trump, the American intermediary would debrief U.S. officials on its content.

    In December 2017, the Russian turned over documents and files, some of them in Russian. The documents appeared to include FBI investigative reports, financial records, and other materials related to Trump officials and the 2016 campaign.

    “The information was vetted and ultimately determined that while a significant part of it was accurate and verifiable, other parts of the data were impossible to verify and could be controversial,” the documents obtained by The Intercept state. It is not clear who vetted the material.

    At a meeting last month in Spain, the Russian told the American intermediary of his desire to move forward with the delivery of the Shadow Brokers data, as well as material related to the 2016 election. The American questioned him on the credibility of his data and told him the data he was providing on Trump officials and election activities was “unsolicited.” The Russian also expressed interest in giving the material to media outlets, which the American told the Russian he found “disconcerting.”

    The Russian told the American that he had first become aware of Russian efforts targeting U.S. political activities in late 2014 or early 2015, according to the documents reviewed by The Intercept. The Russian stated that he had no knowledge of a “master plan” to cause major disruption to U.S. election activities, but the effort was generally understood as a “green light” from Russian security officials to enlist cyber-related groups in probing and harassing activities directed at U.S. targets.

    ———–

    “U.S. Secretly Negotiated With Russians to Buy Stolen NSA Documents — and the Russians Offered Trump-Related Material, Too” by James Risen; The Intercept; 02/09/2018

    The Russian told the American that he had first become aware of Russian efforts targeting U.S. political activities in late 2014 or early 2015, according to the documents reviewed by The Intercept. The Russian stated that he had no knowledge of a “master plan” to cause major disruption to U.S. election activities, but the effort was generally understood as a “green light” from Russian security officials to enlist cyber-related groups in probing and harassing activities directed at U.S. targets.”

    Yep, this alleged FSB ‘fixer’ with cyber criminal ties – who has dealt with US intelligence agencies before – apparently decided to tell this American intermediary that he was indeed aware of a Russian government “green light” starting in late 2014 or early 2015 to target the US by enlisting cyber-related groups. It’s quite an admission!

    And the kompromat he was passing along wasn’t just on Trump. It also included specific individuals and corporate entities involved with this interference campaign:


    But by last fall, the Russian began passing information to the American intermediary that was unrelated to the Shadow Brokers, including the names of specific individuals and corporate entities allegedly tied to Russian interference in the 2016 U.S. election. The American intermediary turned the information over to U.S. intelligence for the purpose of determining the Russian’s credibility. U.S. intelligence officials continued to stress that they were only interested in recovering stolen U.S. data. Still, it was understood that if the Russian provided material related to Trump, the American intermediary would debrief U.S. officials on its content.

    And this whole strange got started after US intelligence officials approach the American businessman in German and asked for his help. And it was this businessman who found the hacker in Germany who claimed to have the Shadow Broker content:


    According to documents obtained by The Intercept that summarize much of the channel’s history, a key American intermediary with the Russians was first approached by U.S. intelligence officials in late December 2016. The officials asked him to help them recover NSA documents believed to have been stolen by the Shadow Brokers.

    The American was able to identify a hacker in Germany who claimed to have access to some of the stolen data believed to be held by the Shadow Brokers, and who accurately provided advance notice of several Shadow Broker data releases. The hacker’s cooperation with the U.S. intelligence community broke down over his demands for full immunity from U.S. prosecution for his hacking activities — negotiations that failed largely because the hacker refused to provide his full personal identification to the Americans.

    “The American was able to identify a hacker in Germany who claimed to have access to some of the stolen data believed to be held by the Shadow Brokers, and who accurately provided advance notice of several Shadow Broker data releases.”

    And that, right there, is perhaps the only piece of information in this entire story that suggests that any of the shadowy figures involved with this story was actually involved with the Shadow Brokers.

    And it doesn’t necessarily indicate this guy really was part of the Shadow Brokers. After all, if the Shadow Brokers really were interested in selling their treasure trove, arranging the sale over the Dark Web would be an obvious way to negotiate it and providing people advance notice of releases would be an obvious way to verify their credibility in these negotiations. So perhaps this mystery hacker was merely aware of some Dark Web sales pitches. For instance, imagine the Shadow Brokers were trying to find buyers on the Dark Web. Well, they might go to a Dark Web forum and say something like, “hey, we’re the Shadow Brokers. Want to buy our stuff?” And then they’d have to prove who they are…potentially by giving advance notice of releases. So if such sales pitches took place, anyone hacker on that forum would have the knowledge they need to pretend that they are the Shadow Brokers by relaying that same advance notice. Now, there’s no evidence that this is what happened, but it’s the kind of possibility we should consider.

    So that’s the utterly bizarre story that just got released by The New York Times and The Intercept. A story that purports to reveal a Russian government psychological warfare operation designed to inflame partisan tensions in the US. And to inflame these tensions, the Russian strategy apparently involves basically admitting (via the interviews of the FSB ‘fixer’) that, yes, it’s running a psychological warfare operation against the US designed to inflame partisan tension. Which is a pretty odd strategy since one of the most effective ways to subdue those US partisan tensions is to have a Russian government operative basically come out and admit that its trying to inflame these tensions. And also admit to release the NSA hacking toolkit that caused all sorts of damage all over the world and could still potentially lead to much, much more damage. But that’s the story being peddling to the world right now.

    Posted by Pterrafractyl | February 10, 2018, 4:23 pm
  17. Following up on the bizarre story about the CIA’s attempt to buy off the trove of NSA hacking tools possessed by the “Shadow Brokers”: The White House and UK government just issued near simultaneous statements formally blaming the Russian military for creating and releasing the “NotPetya” ransomware attack. They’re presumably blaming “Fancy Bear” for this since that’s the group attributed to the GRU. NotPetya is the attack that started in Ukraine and quickly spread around the world, causing billions in damage.

    And while it was widely assumed that this attack originated in Russia given the fact that it started in Ukraine, there hadn’t before been any evidence linking the attack to the Russian military. And guess what, there still isn’t any actual evidence linking it to the Russian military. At least not any that’s been publicly released.

    But that’s not most hilarious part of this ‘formal charge’. The most hilarious part is that the White House statement charging the Russian military makes no mention of the fact that NotPetya was based on Shadow Broker code that had already been publicly released:

    The New York Times

    U.S. Condemns Russia for Cyberattack, Showing Split in Stance on Putin

    By MARK LANDLER and SCOTT SHANE
    FEB. 15, 2018

    WASHINGTON — The United States on Thursday joined Britain in formally blaming Russia for a huge cyberattack last June that was aimed at Ukraine but crippled computers worldwide, a highly public naming-and-shaming exercise that could further fray relations with Moscow.

    The White House threatened unspecified “international consequences” for the attack, which it said “was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict.”

    The statement, issued by the press secretary, Sarah Huckabee Sanders, said the attack, known by the name NotPetya, was “reckless and indiscriminate” and spread rapidly, “causing billions of dollars in damage across Europe, Asia and the Americas.”

    NotPetya, which had the characteristics of a ransomware attack, had been widely identified by cybersecurity experts as coming from Russia, so the attribution was no surprise. But the decision of the United States and Britain to nearly simultaneously condemn the Russian military is noteworthy.

    It underscores the dichotomy between the administration’s consistently tough stance toward Russia on issues involving Ukraine and President Trump’s continued reluctance to criticize President Vladimir V. Putin over anything else.

    In December, the White House approved the sale of lethal defensive weapons to the Ukrainian military for its battle against Russian-backed forces in eastern Ukraine. Yet Mr. Trump continues to soft-pedal allegations that Russia interfered in the 2016 presidential election, even after the nation’s intelligence agencies concluded that it did — an assessment that intelligence chiefs reiterated in Senate testimony this week.

    Administration officials declined to say what steps the United States would take against Russia. But they could include both sanctions against Russian officials involved in the attack and covert measures — any of which would be likely to fray an already fragile relationship.

    The administration’s public statement echoed one in mid-December when it publicly blamed North Korea for a damaging ransomware attack known as Wannacry. In that case, however, the United States did not follow up with stiff penalties, in part because North Korea was already under heavy sanctions for its nuclear and ballistic missile programs.

    “President Trump has used just about every lever you can use, short of starving the people of North Korea, to change their behavior,” the homeland security adviser, Thomas P. Bossert, said at the time. “So we don’t have a lot of room left here to apply pressure.”

    Punishing other nations for cyberattacks has proven exceedingly difficult, particularly when the players are as sophisticated as North Korea and Russia. The Russian government flatly denied the allegations that it carried out the attack.

    “We think they have no basis and no foundation, and this is nothing else but the continuation of the Russo-phobic campaign,” the Kremlin’s spokesman, Dmitry Peskov, told reporters.

    The administration had planned to issue the statement a day earlier to coincide with that of the British, according to a senior official, but delayed it after the deadly school shooting in Parkland, Fla.

    The White House statement made no mention of an embarrassing related fact: The NotPetya attacks took advantage of vulnerabilities identified by the National Security Agency and then made public by a group calling itself the Shadow Brokers.

    The Shadow Brokers, which some officials believe to be a front for Russian intelligence, obtained many of the N.S.A.’s most valuable hacking tools, either by breaking into the agency’s computer networks or with the help of an insider. The group has posted much of the stolen malware on the web; North Korea’s hackers probably used the tools in their attack.

    In a ransomware attack, the victim’s files are encrypted, locking them out of their own computer systems, until they pay a ransom. Cybersecurity researchers estimate that criminals made more than $1 billion through these attacks last year, with victims ranging from the chief executives of major companies to small businesses and private individuals.

    While the motive for many ransomware attacks is financial, Russia’s involvement suggests it was part of a broader strategy to destabilize Ukraine that dates back to Russia’s annexation of Crimea in 2014.

    The NotPetya attack originated in Ukraine, according to security researchers, apparently timed to strike a day before a holiday marking the 1996 adoption of Ukraine’s first constitution. It eventually spread to 64 countries, including Poland, Germany, Italy, and Russia itself.

    The administration’s action came as intelligence agencies warned that Russia was already meddling in the American midterm elections, using bots and other fake accounts on social media to spread disinformation.

    “We expect Russia to continue using propaganda, social media, false-flag personas, sympathetic spokespeople and other means of influence to try to exacerbate social and political fissures in the United States,” Dan Coats, the director of national intelligence, told the Senate Intelligence Committee at its annual hearing on worldwide threats.

    ———-

    “U.S. Condemns Russia for Cyberattack, Showing Split in Stance on Putin” by MARK LANDLER and SCOTT SHANE; The New York Times; 02/15/2018

    “The White House statement made no mention of an embarrassing related fact: The NotPetya attacks took advantage of vulnerabilities identified by the National Security Agency and then made public by a group calling itself the Shadow Brokers.

    Uh…yeah, that’s a pretty embarrassing related fact. So the NSA hacking tools get dumped to the world, someone uses some of those tools to create a virulent ransomware attack, and almost a year later the White House formally charges the Russian military for this without even acknowledging that this code was publicly available.

    Now, of course, it’s possible that NotPetya was created and released by the Russian military, in which case the charges of recklessness would be extremely appropriate given the potential damage this kind of malware could potentially cause. Damage like locking the computer systems in hospitals. So if actual evidence emerges that the Russian military was behind this then the world really should be pretty damn pissed at the GRU. It just, you know, very possible that any other hacker or government in the world could have done exactly the same thing after the Shadow Brokers released that code.

    But here we are, with the US formally making this attribution and threatening “international consequences” in response. Maybe those consequences will be more sanctions, or perhaps some sort of covert measures:


    The White House threatened unspecified “international consequences” for the attack, which it said “was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict.”

    Administration officials declined to say what steps the United States would take against Russia. But they could include both sanctions against Russian officials involved in the attack and covert measures — any of which would be likely to fray an already fragile relationship.

    So it looks like any nation or group in the world that would like to exacerbate tensions between the US and Russia has a pretty straightforward way to do that: create malware using the Shadow Brokers tools and release it in Ukraine. It’s all the evidence that will be required.

    Posted by Pterrafractyl | February 15, 2018, 10:13 pm
  18. It’s been an indictment-o-rama for the Mueller probe of late. And that now includes 13 employees from the Internet Research Agency, a.k.a the ‘Kremlin troll farm’.

    As we’ve already seen, the Internet Research Agency’s activities have previously received quite a bit of attention. Much of that attention has come in the form of narratives that depict a vast, sophisticated Kremlin-directed disinformation campaign that was designed to both help Donald Trump win the 2016 election while more generally trying to divide the US populace and stoke conflicts.

    But as we’ve also seen, when you look at the details about the activity of the Internet Research Agency a much more haphazard picture emerges. There was indeed bizarre attempts to pay US activists to start provocative rallies. But those actions looked less like a real attempts to cause trouble and more like ‘proof of concept’ actions. And while the online trolling did have a strongly pro-Trump and anti-Hillary angle, it also looked more like a click-bait operation designed to make money selling ads than any serious attempt to impact the US election.

    So did this new indictment shed new light on the troll farm’s activities that clearly establish that it was indeed a Kremlin-directed disinformation campaign designed to get Donald Trump elected? Well, it did shed some new light. And there were some surprises. Surprises like sending operatives to the US to scope out potential opportunities and the the theft of US identities to open bank accounts. And those surprises were pretty much the heart of the actual charges in the indictment: “The indictment charges all of the defendants with conspiracy to defraud the United States, three defendants with conspiracy to commit wire fraud and bank fraud, and five defendants with aggravated identity theft”:

    Talking Points Memo
    Muckraker

    Mueller Indicts 13 Russians For Election Meddling To Help Trump

    By Allegra Kirkland and Sam Thielman
    February 16, 2018 1:07 pm

    Special Counsel Robert Mueller on Friday announced that a grand jury has indicted 13 Russian nationals and three Russian entities for violating U.S. criminal laws in connection with the campaign to interfere with the 2016 presidential election in support of Donald Trump.

    “The indictment charges all of the defendants with conspiracy to defraud the United States, three defendants with conspiracy to commit wire fraud and bank fraud, and five defendants with aggravated identity theft,” a statement from the special counsel’s office said.

    The 37-page indictment lays out in extensive detail how, prosecutors say, Russia’s Internet Research Agency in 2014 initiated an effort to systematically interfere “with the U.S. political and electoral processes, including the presidential election of 2016.”

    The elaborate, multi-million-dollar project involved staging on-the-ground protests in the United States, creating hundreds of social media accounts pretending to be American citizens, trying to suppress minority voter turnout, and even promoting false claims that Democrats committed voter fraud.

    Deputy Attorney General Rod Rosenstein, who oversees the Mueller probe, announced in a Friday press conference that there was “no allegation in this indictment that any American was a knowing participant in this activity.”

    According to the indictment, the defendants posed as Americans — and in some cases stole the identities of real U.S. citizens — to operate social media pages and hold political rallies intended to sow distrust of the U.S. political system and influence Americans’ votes. As part of the Internet Research Agency’s so-called “translator project,” the defendants used YouTube, Facebook, Instagram, Twitter and other online platforms to conduct what they referred to as “information warfare.”

    “By early to mid-2016, Defendants’ operations included supporting the presidential campaign of then-candidate Donald J. Trump (“Trump campaign”) and disparaging Hillary Clinton,” the indictment reads.

    “They engaged in operations primarily intended to communicate derogatory information about Hillary Clinton, to denigrate other candidates such as Ted Cruz and Marco Rubio, and to support Bernie Sanders and then-candidate Donald Trump,” it adds later.

    Starting in 2015, the defendants also spent “thousands of U.S. dollars every month,” on paid advertisements to promote social media group pages they created that were devoted to hot-button issues like immigration and Black Lives Matter, the indictment says. Their social media accounts achieved significant online followings, with Donald Trump even responding to a tweet from their account @TEN_GOP, which pretended to be the official account for the Tennessee Republican Party.

    The Russians took elaborate steps to hide their fingerprints. Some visited the U.S. under false pretenses to obtain intelligence, and “procured and used computer infrastructure” that would “hide the Russian origin of their activities,” according to the indictment.

    They also made use of a web of LLCs to conceal the source of their funding, which was controlled by Yevgeniy Prigozhin, a Russian oligarch and ally of President Vladimir Putin. Prigozhin’s companies Concord Management and Consulting LLC and Concord Catering were the “primary source of funding” for interference operations, per the indictment.

    Prosecutors say the Internet Research Agency’s budget requests to Concord amounted to some $1,250,000 per month as of September 2016.

    The Russians also organized on-the-ground rallies to boost Trump, according to the indictment, suggesting the elaborate nature of the Russian effort to influence American voters.

    The Kremlin’s operation conducted outreach to grassroots Trump campaigners in Florida over the internet in the summer and fall of 2016, saying they hoped to hold rallies for Trump across the state. On August 15, the Russian operators got an email from an unnamed Trump campaign worker identified as the “Chair for the Trump Campaign” in a particular Florida county, suggesting two more sites for rallies. The indictment does not allege that anyone on the Trump campaign knew they were working with Russians.

    According to the indictment the Russians wired an American money to build a cage for a fake Hillary Clinton for a Florida rally on August 5, which made national news; it also wired one group money for another event in Florida in September and took out advertising for a rally organized for 9/11 in New York City. The group paid the same actor—an American—who had played Clinton in the Florida rally to reprise the role on September 11.

    The group also reached out to a Texan pro-Trump grassroots organization that was already advising the Russian team to focus on swing states; the American said he or she would provide social media contacts for yet more outreach. By August 24, the Russian group had a list of 100 Americans they had contacted, along with a summary of each person’s political views and what they had been asked by the Russian group to do.

    As soon as Trump was elected, the Russians began working to undermine him and sow further discord, the indictment says. On Nov. 12, two groups held rallies, one to “show your support for President-Elect Donald Trump,” another through a group called “Trump is NOT my President.” The Kremlin organized both of them.

    This elaborate conspiracy was made possible in part by the theft of the social security numbers, home addresses, and birth dates of real U.S. persons, which allowed the defendants to open U.S. bank and PayPal accounts.

    Once the defendants got wind that U.S. investigators were on to them, they began destroying evidence, including emails and social media accounts, according to the indictment.

    In one Sept. 2017 email cited by prosecutors, defendant Irina Kaverzina wrote to a family member: “We had a slight crisis here at work: the FBI busted our activity (not a joke). So, I got preoccupied with covering tracks together with the colleagues.”

    Kaverzina added: “I created all these pictures and posts, and the Americans believed that it was written by their people.”


    ———-

    “Mueller Indicts 13 Russians For Election Meddling To Help Trump” by Allegra Kirkland and Sam Thielman; Talking Points Memo; 02/16/2018

    ““The indictment charges all of the defendants with conspiracy to defraud the United States, three defendants with conspiracy to commit wire fraud and bank fraud, and five defendants with aggravated identity theft,” a statement from the special counsel’s office said.”

    A conspiracy to defraud the United States. That’s the general charge that appears to cover the ‘meddling in the US election’ campaign. And given the circumstances it’s not an unexpected charge.

    Far more surprising were the charges issued against a subset of the defendants: Wire fraud, bank fraud, and aggravated identity theft. It’s surprising because when you look at the evidence of the impact this trolling campaign actually had on the 2016 election there’s no evidence that it had a meaningful impact at all. And yet the Internet Research Agency apparently sent operatives to the US while wire fraud, bank fraud, and identity theft was being carries out. That seems like a pretty big risk, at least for the operatives who traveled to the US:


    According to the indictment, the defendants posed as Americans — and in some cases stole the identities of real U.S. citizens — to operate social media pages and hold political rallies intended to sow distrust of the U.S. political system and influence Americans’ votes. As part of the Internet Research Agency’s so-called “translator project,” the defendants used YouTube, Facebook, Instagram, Twitter and other online platforms to conduct what they referred to as “information warfare.”

    The Russians took elaborate steps to hide their fingerprints. Some visited the U.S. under false pretenses to obtain intelligence, and “procured and used computer infrastructure” that would “hide the Russian origin of their activities,” according to the indictment.

    They also made use of a web of LLCs to conceal the source of their funding, which was controlled by Yevgeniy Prigozhin, a Russian oligarch and ally of President Vladimir Putin. Prigozhin’s companies Concord Management and Consulting LLC and Concord Catering were the “primary source of funding” for interference operations, per the indictment.

    This elaborate conspiracy was made possible in part by the theft of the social security numbers, home addresses, and birth dates of real U.S. persons, which allowed the defendants to open U.S. bank and PayPal accounts.

    But perhaps what’s most surprising is the budget of this operation, which apparently peaked at $1,250,000 per month as of September 2016:


    Prosecutors say the Internet Research Agency’s budget requests to Concord amounted to some $1,250,000 per month as of September 2016.

    And this elaborate, yet dubiously effective, psychological warfare operation was apparnetly started in 2014 according to the indictment:


    The 37-page indictment lays out in extensive detail how, prosecutors say, Russia’s Internet Research Agency in 2014 initiated an effort to systematically interfere “with the U.S. political and electoral processes, including the presidential election of 2016.”

    The elaborate, multi-million-dollar project involved staging on-the-ground protests in the United States, creating hundreds of social media accounts pretending to be American citizens, trying to suppress minority voter turnout, and even promoting false claims that Democrats committed voter fraud.

    Deputy Attorney General Rod Rosenstein, who oversees the Mueller probe, announced in a Friday press conference that there was “no allegation in this indictment that any American was a knowing participant in this activity.”

    And this operation kept going well after the 2016 election, as evidenced by the fact that the defendants apparently started destroying evidence in September 2017 after the FBI ‘busted their activity’:


    Once the defendants got wind that U.S. investigators were on to them, they began destroying evidence, including emails and social media accounts, according to the indictment.

    In one Sept. 2017 email cited by prosecutors, defendant Irina Kaverzina wrote to a family member: “We had a slight crisis here at work: the FBI busted our activity (not a joke). So, I got preoccupied with covering tracks together with the colleagues.”

    Kaverzina added: “I created all these pictures and posts, and the Americans believed that it was written by their people.”

    So that’s an overview of the big indictment. An indictment that is widely characterized as providing ample proof of an elaborate, awe-inspiring massive psychological warfare operation ordered by Vladimir Putin.

    And yet it’s hard to ignore the fact that it’s hard to imagine that this entire operation wouldn’t have been entirely ignored as just random noise if it wasn’t for the hacking of the DNC and subsequent release of those hacked documents. Because that’s how ineffectual this multi-year trolling operation appears to have been. Unless, of course, more evidence comes out later detailing a much broader and more impactful array of activities emanating from the troll farm. But at this point, even when you include all new details about this operation provided by the indictment, it’s not like those new details include new details pointing towards a previously unrecognized level of effectiveness of this trolling operation. The new details are on aspects like the identity theft and surprisingly large budget. A surprisingly large budget that’s still almost nothing compared to the +$2 billion spent overall during the campaign.

    Additionally, as Adrien Chen, the American journalist who wrote one of the first big pieces on the Internet Research Agency in 2015, points out in the following piece responding to the indictments, the indictment doesn’t actually specify who ordered this professional trolling campaign. Was it someone higher in the Kremlin? Putin himself? Or, as some sources suggested to Chen back in 2015, was entire troll farm operation undertaken independently from the Kremlin, but done with the purpose of currying favor with Putin?

    The New Yorker

    What Mueller’s Indictment Reveals About Russia’s Internet Research Agency

    By Adrian Chen
    February 16, 2018

    According to U.S. intelligence agencies, the Russian effort to interfere in the 2016 Presidential election had two prongs. One was the hacking and leaking of e-mails from the Democratic National Committee and Hillary Clinton’s campaign chairman, John Podesta. The second was a campaign of misinformation and propaganda carried out largely over social media. The charges that the special counsel, Robert Mueller, issued on Friday concern solely the second prong. The indictment names thirteen Russians, twelve of whom worked for a shadowy, Kremlin-connected outfit called the Internet Research Agency. The Agency has been linked to a campaign of online disinformation that included the creation of hundreds of fake political pages on Facebook and accounts on Twitter that were presented as belonging to everyday Americans; during the election, according to the indictment, this disinformation campaign was aimed at boosting Donald Trump, undermining Hillary Clinton, and sowing general “political discord” in the United States by supporting radical causes on both sides. It was sort of like a cutting-edge social-media marketing operation run, as the indictment alleges, by a St. Petersburg-based oligarch named Yevgeny Prigozhin.

    Much of the information in the indictment isn’t new. The Agency was first noticed by Russian media outlets in 2014, when it was dedicated mainly to spreading online propaganda in support of pro-Russian separatists in the Ukraine conflict. In the spring of 2015, when the idea of a President Donald Trump was still a laughable fantasy, I travelled to St. Petersburg to investigate the Agency, which had recently started experimenting with targeting audiences outside Russia. As I conducted my reporting, I was myself the target of an elaborate smear campaign to label me a neo-Nazi sympathizer and U.S. intelligence agent—an early use of the kind of bizarre tactics that have been documented by numerous investigations in both the Russian and Western media, and by the internal investigations of social-media companies.

    Yet the new indictment offers the most complete look yet at the Agency’s internal workings. Mueller’s investigators discovered that the Agency used a network of shell companies— entities with names like MediaSintez LLC, GlavSet LLC, and MixInfo LLC—to hide its activities and funding. The indictment alleges that the Agency employed hundreds of workers, and that by September, 2016, it had a monthly budget of more than $1.25 million. The document details how the Agency’s “specialists” worked in day and night shifts, and the way they were constantly trying to measure the effect of their efforts. The employees ran fake conservative Twitter and Facebook accounts, and even planned (sparsely attended) real-life rallies.

    Back in 2016, I noticed that many of the Agency accounts I had uncovered in my investigation were tweeting pro-Trump content. According to the indictment, one memo distributed by Agency managers instructed employees to “use any opportunity to criticize Hillary and the rest (except Sanders and Trump–we support them.)” After an internal Agency review determined that a Facebook page called Secured Borders was not posting enough content critical of Clinton, an order went out saying that “it is imperative to intensify criticizing Hillary Clinton” in future posts.

    Yet the indictment does not shed light on the extent to which the Kremlin and, specifically, the Russian President, Vladimir Putin, were involved in the Agency’s work. Nor does the indictment move us any closer to a conclusion regarding whether anyone in the Trump campaign colluded with the Russian operation. The chain of command as detailed by the indictment stops at Prigozhin, who has long been identified as the chief architect of the Agency. The Times has identified Prigozhin as Putin’s “go-to oligarch” for “a variety of sensitive and often-unsavory missions, like recruiting contract soldiers to fight in Ukraine and Syria.” Yet Mueller’s new indictment does not claim that Putin personally ordered the Agency to turn into a pro-Trump propaganda machine. When I was reporting on the Agency, some sources suggested to me that it was a project undertaken independently, in order to curry favor with Putin.

    None of the Russians named in the indictment face the prospect of testifying before an American jury anytime soon. And, with the 2018 midterms approaching, one question is to what extent the Internet Research Agency is still operating. Reports about the Agency, stoked by fearmongering “information warfare” experts, have created as much paranoia as the original disinformation campaign. The kind of clarity offered in Mueller’s indictment would be useful in understanding the structure and scope of Russian trolling activities today.

    ———-

    “What Mueller’s Indictment Reveals About Russia’s Internet Research Agency” by Adrian Chen; The New Yorker; 02/16/2018

    Yet the indictment does not shed light on the extent to which the Kremlin and, specifically, the Russian President, Vladimir Putin, were involved in the Agency’s work. Nor does the indictment move us any closer to a conclusion regarding whether anyone in the Trump campaign colluded with the Russian operation. The chain of command as detailed by the indictment stops at Prigozhin, who has long been identified as the chief architect of the Agency. The Times has identified Prigozhin as Putin’s “go-to oligarch” for “a variety of sensitive and often-unsavory missions, like recruiting contract soldiers to fight in Ukraine and Syria.” Yet Mueller’s new indictment does not claim that Putin personally ordered the Agency to turn into a pro-Trump propaganda machine. When I was reporting on the Agency, some sources suggested to me that it was a project undertaken independently, in order to curry favor with Putin.

    And that’s one of the most notable aspect of this indictment: what it didn’t include. Like evidence that it really was a Kremlin-directed operation and not something either independently conducted by an oligarch trying to curry favor with Putin or, perhaps, just a for-profit operation based on the recognition that trolling Americans online can be incredibly profitable.

    But there were some other rather surprising details in the indictment that Josh Marshall noted in a TPM Prime piece (“Notes on Mueller’s New Indictments”) (behind a paywall, well worth the price of admission) that add important context to not just the story of the Internet Research Agency but the hacking campaign too.

    For starters, as Marshall notes, the indictment hints at one or more cooperating witness who provided a large amount of details about the US government. The indictment contains references to internal company emails. And while some of the Internet Research Agency operatives are named, some aren’t named. That points towards some of these individuals cooperating with US investigators. So it’s very possible the Mueller probe knows a lot more than is being let on at this point.

    Also, as Marshall notes, it appears that the Internet Research Agency operatives were getting concerned about their operations being discovered back in 2014 and 2015 and started deleting email accounts back then: Here’s the particular passage in the indictment he points to (page 24 of the indictment):


    Destruction of Evidence

    58. In order to avoid detection and impede investigation by U.S. authorities of Defendants’ operations, Defendants and their co-conspirators deleted and destroyed data, including emails, social media accounts, and other evidence of their activities.

    a. Beginning in or around June 2014, and continuing into June 2015, public reporting began to identify operations conducted by the ORGANIZATION in the United States. In response, Defendants and their co-conspirators deleted email accounts used to conduct their operations.

    b. Beginning in or around September 2017, U.S. social media companies, starting with Facebook, publicly reported that they had identified Russian expenditures on their platforms to fund political and social advertisements. Facebook’s initial disclosure of the Russian purchases occurred on or about September 6, 2017, and included a statement that Facebook had “shared [its] findings with US authorities investigating these issues.”

    So US investigators appear to have the kind of information that indicates that these Internet Research Agency employees were taking steps to cover their tracks going to 2014. Which, as Marshall point out in the piece, is rather eyebrow-raising because the first piece of journalism that exposed the Internet Research Agency was published by Adrien Chen in 2015. What was it that caused these individuals to delete email accounts over concerns that they were ‘discovered’ back in 2014? It’s a pretty significant mystery tucked away in that indictment. But when you consider that the indictment appears to indicate that US investigators have much more undisclosed information on the operations of the Internet Research Agency it will be interesting to see if information on what exactly spooked the troll farm back in 2014 and 2015 is eventually revealed.

    And that brings us to one of the more remarkable stories about this entire #TrumpRussia saga. It’s a story that adds a significant context to both this new indictment of the Internet Research Agency that goes back to 2014 and also adds significant context to the prior reports on the ‘Cozy Bear’ of 2015. It was a story published last month in a Dutch publication about a remarkable series of hacks and cyber-battles between Dutch government hackers and….*drum roll*…Cozy Bear! Yep, Dutch government hackers in the AIVD intelligence agency reportedly hacked Cozy Bear’s hacking headquarters in 2014.

    Not only that, but they apparently hacked a security camera for the hallway of the building that watched who entered and exited the room where the hackers worked and actually watched the hackers come and go from work. And it all started around mid-2014. The Dutch informed the NSA, and they jointly fought against Russian And those battles reportedly include the initial 2015 hack of the DNC’s server. The Dutch hackers literally watched the hack in real-time and the NSA was made aware of this early on. Again, it’s a pretty remarkable story.

    So at the same time this Internet Research Agency trolling team was allegedly getting up and running on its US operations in 2014 and 2015 and deleting email account over worries of getting caught, there was apparently a very active hacking war taking place between the ‘Cozy Bear’ attacker and NSA defenders on numerous US government systems. And Dutch hackers were watching and assisting the NSA the whole time. Literally watching the hackers over security cameras in some cases. That’s what was reported last month in a Dutch newspaper based on the accounts of six anonymous US and Dutch individuals familiar with the story.

    But before we take a look at that article, first recall the earlier reporting about Robert Johnston who led the CrowdStrike investigation into the DNC server hack. Back in the summer of 2015, Johnston was a captain in the Marine Corps leading the newly formed Cyber Protection Team 81 for the US military. And according to Johnston, the ‘Cozy Bear’ hack was done around May of 2015 and that it was part of a much large, and very ‘noisy’, hacking campaign that targeted 50,000-60,000 people. Johnston characterized this as a major change in tactics for Russian government hackers. According to Robert Johnston, it was as if the hackers didn’t care who was watching them. Also recall that when the ‘Fancy Bear’ hack was first reported on in July of 2016, US intelligence officials reportedly suspected that it was intentionally done to leave ‘Russian hacker’ fingerprints all over the hack in show that Moscow is a “cyberpower” that Washington should respect. That’s what was reported at the time. It’s important pieces of context for both the story of the Internet Research Agency trolling campaign and the Dutch hacker intrigue.

    Also note that it was indeed reported in March of 2015 that the State Department did indeed experience its worst hack ever in the Fall of 2014. And that hack, and a 24 hour battle between ‘Cozy Bear’ and the NSA to expel them from the State Department’s servers, is at the center of the following report about the Dutch hackers.

    So, with all that in mind, behold the remarkable story of the Dutch hackers hacking ‘Cozy Bear’ and watching the initial DNC hack in real-time:

    de Volkskrant

    Dutch agencies provide crucial intel about Russia’s interference in US-elections

    Hackers from the Dutch intelligence service AIVD have provided the FBI with crucial information about Russian interference with the American elections. For years, AIVD had access to the infamous Russian hacker group Cozy Bear. That’s what de Volkskrant and Nieuwsuur have uncovered in their investigation.

    Door: Huib Modderkolk 25 januari 2018, 21:00

    It’s the summer of 2014. A hacker from the Dutch intelligence agency AIVD has penetrated the computer network of a university building next to the Red Square in Moscow, oblivious to the implications. One year later, from the AIVD headquarters in Zoetermeer, he and his colleagues witness Russian hackers launching an attack on the Democratic Party in the United States. The AIVD hackers had not infiltrated just any building; they were in the computer network of the infamous Russian hacker group Cozy Bear. And unbeknownst to the Russians, they could see everything.

    That’s how the AIVD becomes witness to the Russian hackers harassing and penetrating the leaders of the Democratic Party, transferring thousands of emails and documents. It won’t be the last time they alert their American counterparts. And yet, it will be months before the United States realize what this warning means: that with these hacks the Russians have interfered with the American elections. And the AIVD hackers have seen it happening before their very eyes.

    The Dutch access provides crucial evidence of the Russian involvement in the hacking of the Democratic Party, according to six American and Dutch sources who are familiar with the material, but wish to remain anonymous. It’s also grounds for the FBI to start an investigation into the influence of the Russian interference on the election race between the Democratic candidate Hillary Clinton and the Republican candidate Donald Trump.

    ‘High confidence’

    Three American intelligence services state with ‘high confidence’ that the Kremlin was behind the attack on the Democratic Party. That certainty, sources say, is derived from the AIVD hackers having had access to the office-like space in the center of Moscow for years. This is so exceptional that the directors of the foremost American intelligence services are all too happy to receive the Dutchmen. They provide technical evidence for the attack on the Democratic Party, and it becomes apparent that they know a lot more.

    Cozy Bear

    It’s somewhat of a ‘fluke’ that the AIVD hackers were able to acquire such useful information in 2014. The team uses a CNA, which stands for Computer Network Attack. These hackers are permitted to perform offensive operations: to penetrate and attack hostile networks. It’s a relatively small team within a larger digital business unit of about 80-100 people. All cyberoperations converge here. Part of the unit is focused on intercepting or managing sources, while another team is dedicated to Computer Network Defence. In turn, this team is part of the Joint Sigint Cyber Unit, a collaborative unit of the AIVD and the Dutch Military Intelligence and Security Service MIVD, of about 300 people.

    It’s unknown what exact information the hackers acquire about the Russians, but it is clear that it contains a clue as to the whereabouts of one of the most well-known hacker groups in the world: Cozy Bear, also referred to as APT29. Since 2010, this group has attacked governments, energy corporations and telecom companies around the world, including Dutch companies and ministries. Specialists from the best intelligence services, among them the British, the Israelis and the Americans, have been hunting Cozy Bear for years, as have analysts from major cybersecurity companies.

    Vital information

    The Dutch hacker team spends weeks preparing itself. Then, in the summer of 2014, the attack takes place, most likely before the tragic crash of flight MH17. With some effort and patience, the team manages to penetrate the internal computer network. The AIVD can now trace the Russian hackers’ every step. But that’s not all.

    The Cozy Bear hackers are in a space in a university building near the Red Square. The group’s composition varies, usually about ten people are active. The entrance is in a curved hallway. A security camera records who enters and who exits the room. The AIVD hackers manage to gain access to that camera. Not only can the intelligence service now see what the Russians are doing, they can also see who’s doing it. Pictures are taken of every visitor. In Zoetermeer, these pictures are analyzed and compared to known Russian spies. Again, they’ve acquired information that will later prove to be vital.

    Rare battle

    The Dutch access to the Russian hackers’ network soon pays off. In November, the Russians prepare for an attack on one of their prime targets: the American State Department. By now, they’ve obtained e-mail addresses and the login credentials of several civil servants. They manage to enter the non-classified part of the computer network.

    The AIVD and her military counterpart MIVD inform the NSA-liaison at the American embassy in The Hague. He immediately alerts the different American intelligence services.

    What follows is a rare battle between the attackers, who are attempting to further infiltrate the State Department, and its defenders, FBI and NSA teams – with clues and intelligence provided by the Dutch. This battle lasts 24 hours, according to American media.

    The Russians are extremely aggressive but do not know they’re being spied on. Thanks to the Dutch spies, the NSA and FBI are able to counter the enemy with enormous speed. The Dutch intel is so crucial that the NSA opens a direct line with Zoetermeer, to get the information to the United States as soon as possible.

    Back and forth

    Using so-called command and control servers, digital command centres, the Russians attempt to establish a connection to the malware in the Department, in order to request and transfer information. The Americans, having been told by the Dutch where the servers are, repeatedly and swiftly cut off access to these servers, followed each time by another attempt by the Russians. It goes back and forth like this for 24 hours. Afterwards, sources tell CNN that this was ‘the worst hack attack ever’ on the American government. The Department has to cut off access to the e-mail system for a whole weekend in order to upgrade the security.

    Luckily, the NSA was able to find out the means and tactics of their attackers, deputy director of the NSA Richard Ledgett states at a discussion forum in Aspen in March 2017. ‘So we could see how they were changing their methods. That’s very useful information.’ On the authority of intelligence services, American media write that this was thanks to a ‘western ally’. Eventually, the Americans manage to dispel the Russians from the Department, but not before Russian attackers use their access to send an e-mail to a person in the White House.

    Fake e-mail

    He thinks he’s received an e-mail from the State Department – the e-mail address is similar – and clicks a link in the message. The link opens a website where the White House employee then enters his login credentials, now obtained by the Russians. And that is how the Russians infiltrate the White House.

    They even gain access to the email servers containing the sent and received emails of president Barack Obama, but fail to penetrate the servers that control the message traffic from his personal BlackBerry, which holds state secrets, sources tell The New York Times. They do, however, manage to access e-mail traffic with embassies and diplomats, agendas, notes on policy and legislation. And again, it’s the Dutch intelligence agencies who alert the Americans about this.

    Goldmine

    Access to Cozy Bear turns out to be a goldmine for the Dutch hackers. For years, it supplies them with valuable intelligence about targets, methods and the interests of the highest ranking officials of the Russian security service. From the pictures taken of visitors, the AIVD deduces that the hacker group is led by Russia’s external intelligence agency SVR.

    There’s a reason the AIVD writes in its annual report about 2014 that many Russian government officials, including president Putin, use secret services to obtain information. Recently, the head of the AIVD, Rob Bertholee, said on the Dutch TV program CollegeTour that there is ‘no question’ that the Kremlin is behind the Russian hacking activities.

    Unprepared

    The Americans were taken completely by surprise by the Russian aggression, says Chris Painter in Washington. For years, Painter was responsible for America’s cyber policy. He resigned last August. ‘We’d never expected that the Russians would do this, attacking our vital infrastructure and undermining our democracy.’

    The American intelligence services were unprepared for that, he says. That is one of the reasons the Dutch access is so appreciated. The Americans even sent ‘cake’ and ‘flowers’ to Zoetermeer, sources tell. And not just that. Intelligence is a commodity: it can be traded. In 2016, the heads of the AIVD and MIVD, Rob Bertholee and Pieter Bindt, personally discuss the access to the Russian hacker group with James Clapper, then the highest ranking official of the American intelligence services, and Michael Rogers, head of the NSA.

    In return, the Dutch are given knowledge, technology and intelligence. According to one American source, in late 2015, the NSA hackers manage to penetrate the mobile devices of several high ranking Russian intelligence officers. They learn that right before a hacking attack, the Russians search the internet for any news about the oncoming attack. According to the Americans, this indirectly proves that the Russian government is involved in the hacks. Another source says it’s ‘highly likely’ that in return for the intelligence, the Dutch were given access to this specific American information. Whether any intelligence about MH17 was exchanged, is unknown.

    Aftermath

    There’s a long aftermath to the Russian attacks, particularly the attack on the Democratic Party. Moreover, the FBI investigation into the Russian interference adds a political dimension. After her defeat in November 2016, Clinton will say that the controversy about her leaked emails are what cost her the presidency. President elect Donald Trump categorically refuses to explicitly acknowledge the Russian interference. It would tarnish the gleam of his electoral victory. He has also frequently praised Russia, and president Putin in particular. This is one of the reasons the American intelligence services eagerly leak information: to prove that the Russians did in fact interfere with the elections. And that is why intelligence services have told American media about the amazing access of a ‘western ally’.

    This has led to anger in Zoetermeer and The Hague. Some Dutchmen even feel betrayed. It’s absolutely not done to reveal the methods of a friendly intelligence service, especially if you’re benefiting from their intelligence. But no matter how vehemently the heads of the AIVD and MIVD express their displeasure, they don’t feel understood by the Americans. It’s made the AIVD and MIVD a lot more cautious when it comes to sharing intelligence. They’ve become increasingly suspicious since Trump was elected president.

    The AIVD hackers are no longer in Cozy Bear’s computer network. The Dutch espionage lasted between 1 and 2,5 years. Hacker groups frequently change their methods and even a different firewall can cut off access. The AIVD declined to respond to de Volkskrant’s findings.

    ———-

    “Dutch agencies provide crucial intel about Russia’s interference in US-elections” Huib Modderkolk; de Volkskrant; 01/25/2018

    “It’s the summer of 2014. A hacker from the Dutch intelligence agency AIVD has penetrated the computer network of a university building next to the Red Square in Moscow, oblivious to the implications. One year later, from the AIVD headquarters in Zoetermeer, he and his colleagues witness Russian hackers launching an attack on the Democratic Party in the United States. The AIVD hackers had not infiltrated just any building; they were in the computer network of the infamous Russian hacker group Cozy Bear. And unbeknownst to the Russians, they could see everything.”

    And there was have it: in the summer of 2014 Dutch hackers working for the AIVD apparently hacked into a university building next to the Red Square and in doing so just happened to stumble upon the headquarters of ‘Cozy Bear’. And this hack wasn’t discovered by the Russians for at least year, allowing the hackers to watch these Russian hackers launch an attack at the Democratic Party. It’s worth recalling at this point that Robert Johnston, the Marine-turned-Crowdstrike cyber expert, said he suspected that the 2015 hack of the Democratic Party was actually just one part of that much larger “noisy” wave of phishing attacks that targeted 50-60 thousand people in the summer of 2015.

    So it’s unclear what exactly the above report is implying when they suggest that the Dutch hackers watched the attack on the Democratic Party happen. But according to this report, these Dutch hackers warned the US that this was happening, providing “evidence of the Russian involvement in the hacking of the Democratic Party”, according the six anonymous sources:


    That’s how the AIVD becomes witness to the Russian hackers harassing and penetrating the leaders of the Democratic Party, transferring thousands of emails and documents. It won’t be the last time they alert their American counterparts. And yet, it will be months before the United States realize what this warning means: that with these hacks the Russians have interfered with the American elections. And the AIVD hackers have seen it happening before their very eyes.

    The Dutch access provides crucial evidence of the Russian involvement in the hacking of the Democratic Party, according to six American and Dutch sources who are familiar with the material, but wish to remain anonymous. It’s also grounds for the FBI to start an investigation into the influence of the Russian interference on the election race between the Democratic candidate Hillary Clinton and the Republican candidate Donald Trump.

    And these same sources assert that the evidence provided by the Dutch is the basis for the ‘high confidence’ that American intelligence agencies have that the Kremlin was indeed behind the hack:


    Three American intelligence services state with ‘high confidence’ that the Kremlin was behind the attack on the Democratic Party. That certainty, sources say, is derived from the AIVD hackers having had access to the office-like space in the center of Moscow for years. This is so exceptional that the directors of the foremost American intelligence services are all too happy to receive the Dutchmen. They provide technical evidence for the attack on the Democratic Party, and it becomes apparent that they know a lot more.

    And part of that ‘high confidence’ comes from actually hacking the security camera of the hallway in this building that led to the room where the hackers worked, allowing the Dutch hackers to literally watch the ‘Cozy Bear’ hackers come and go:


    Vital information

    The Dutch hacker team spends weeks preparing itself. Then, in the summer of 2014, the attack takes place, most likely before the tragic crash of flight MH17. With some effort and patience, the team manages to penetrate the internal computer network. The AIVD can now trace the Russian hackers’ every step. But that’s not all.

    The Cozy Bear hackers are in a space in a university building near the Red Square. The group’s composition varies, usually about ten people are active. The entrance is in a curved hallway. A security camera records who enters and who exits the room. The AIVD hackers manage to gain access to that camera. Not only can the intelligence service now see what the Russians are doing, they can also see who’s doing it. Pictures are taken of every visitor. In Zoetermeer, these pictures are analyzed and compared to known Russian spies. Again, they’ve acquired information that will later prove to be vital.

    So using this inside knowledge, the AIVD watch the ‘Cozy Bear’ hackers do their work. But when it came to the hack of the US State Department in November of 2014, they didn’t just watch. They also informed the NSA of the hack and directly coordinated with the NSA to help repel the hackers over a 24 hour period that’s described as a rare cyber battle:


    Rare battle

    The Dutch access to the Russian hackers’ network soon pays off. In November, the Russians prepare for an attack on one of their prime targets: the American State Department. By now, they’ve obtained e-mail addresses and the login credentials of several civil servants. They manage to enter the non-classified part of the computer network.

    The AIVD and her military counterpart MIVD inform the NSA-liaison at the American embassy in The Hague. He immediately alerts the different American intelligence services.

    What follows is a rare battle between the attackers, who are attempting to further infiltrate the State Department, and its defenders, FBI and NSA teams – with clues and intelligence provided by the Dutch. This battle lasts 24 hours, according to American media.

    The Russians are extremely aggressive but do not know they’re being spied on. Thanks to the Dutch spies, the NSA and FBI are able to counter the enemy with enormous speed. The Dutch intel is so crucial that the NSA opens a direct line with Zoetermeer, to get the information to the United States as soon as possible.

    Back and forth

    Using so-called command and control servers, digital command centres, the Russians attempt to establish a connection to the malware in the Department, in order to request and transfer information. The Americans, having been told by the Dutch where the servers are, repeatedly and swiftly cut off access to these servers, followed each time by another attempt by the Russians. It goes back and forth like this for 24 hours. Afterwards, sources tell CNN that this was ‘the worst hack attack ever’ on the American government. The Department has to cut off access to the e-mail system for a whole weekend in order to upgrade the security.

    Luckily, the NSA was able to find out the means and tactics of their attackers, deputy director of the NSA Richard Ledgett states at a discussion forum in Aspen in March 2017. ‘So we could see how they were changing their methods. That’s very useful information.’ On the authority of intelligence services, American media write that this was thanks to a ‘western ally’. Eventually, the Americans manage to dispel the Russians from the Department, but not before Russian attackers use their access to send an e-mail to a person in the White House.

    And not only do the Dutch hackers manage to hack the ‘Cozy Bear’ security cameras and watch the hackers in real-time, but they also used those images to deduce which Russian intelligence service the hackers worked for: the SVR, Russian’s external intelligence agency. It’s an interest twist because, up until now, ‘Cozy Bear’ has always been referred to as the hacking team for the FSB, Russia’s internal intelligence agency. But according to the Dutch, who allegedly hacked the hackers, ‘Cozy Bear’ is working for the SVR. And this has apparently been known for years. It’s an interesting discrepancy in the reporting around ‘Cozy Bear’:


    Goldmine

    Access to Cozy Bear turns out to be a goldmine for the Dutch hackers. For years, it supplies them with valuable intelligence about targets, methods and the interests of the highest ranking officials of the Russian security service. From the pictures taken of visitors, the AIVD deduces that the hacker group is led by Russia’s external intelligence agency SVR.

    There’s a reason the AIVD writes in its annual report about 2014 that many Russian government officials, including president Putin, use secret services to obtain information. Recently, the head of the AIVD, Rob Bertholee, said on the Dutch TV program CollegeTour that there is ‘no question’ that the Kremlin is behind the Russian hacking activities.

    And at the end of this report we learn that the Dutch intelligence agencies were pretty pissed about this being reported at all. We also learn that the hack of ‘Cozy Bear’ lasted from 1 to 2.5 years. So the hack ended some time around the summer of 2015 (around the time of the DNC server hack) or the maybe as last as the Fall of 2016. We don’t get to know. But the Dutch intelligence officers would have preferred none of this was ever known:


    Aftermath

    There’s a long aftermath to the Russian attacks, particularly the attack on the Democratic Party. Moreover, the FBI investigation into the Russian interference adds a political dimension. After her defeat in November 2016, Clinton will say that the controversy about her leaked emails are what cost her the presidency. President elect Donald Trump categorically refuses to explicitly acknowledge the Russian interference. It would tarnish the gleam of his electoral victory. He has also frequently praised Russia, and president Putin in particular. This is one of the reasons the American intelligence services eagerly leak information: to prove that the Russians did in fact interfere with the elections. And that is why intelligence services have told American media about the amazing access of a ‘western ally’.

    This has led to anger in Zoetermeer and The Hague. Some Dutchmen even feel betrayed. It’s absolutely not done to reveal the methods of a friendly intelligence service, especially if you’re benefiting from their intelligence. But no matter how vehemently the heads of the AIVD and MIVD express their displeasure, they don’t feel understood by the Americans. It’s made the AIVD and MIVD a lot more cautious when it comes to sharing intelligence. They’ve become increasingly suspicious since Trump was elected president.

    The AIVD hackers are no longer in Cozy Bear’s computer network. The Dutch espionage lasted between 1 and 2,5 years. Hacker groups frequently change their methods and even a different firewall can cut off access. The AIVD declined to respond to de Volkskrant’s findings.

    So that was the remarkable Dutch report on the even more remarkable alleged hacking of ‘Cozy Bear’. A hack so deep that there’s apparently security camera footage of the actual hackers. And a hack that not only allowed the Dutch to provide the NSA real-time information during a cyberbattle over the US State Department in November of 2014 but also allowed the Dutch team to was the Russian hackers launch the attack against the Democratic Party in the summer of 2015. That’s the story.

    And it’s a story that raises a number of rather significant question about the ‘Russian hacks’ and the evidence US investigators are working: First off, if the NSA was informed of the hacks against the Democratic Party in May of 2015 when it happened, why did the FBI wait until September of 2015 to inform the DNC that they were hacked and then do little to nothing about ensuring the DNC take that warning seriously until March of 2016? It’s not a new question, but in the context of the reports about the Dutch hackers and the Internet Research Agency troll campaign both going back to 2014 it’s a much bigger question.

    And then there’s the question about that report from June of last year of the evidence the US had that the Kremlin was indeed behind the hacks. And remember how that evidence came down to a mole in the Kremlin along with “critical technical evidence” from another country? And remember how the report indicated that, “because of the source of the material, the NSA was reluctant to view it with high confidence”? Well, was that country providing the evidence that the NSA viewed with reluctance the Netherlands?

    The Washington Post

    Obama’s secret struggle to punish Russia for Putin’s election assault

    By Greg Miller, Ellen Nakashima and Adam Entous
    June 23, 2017

    Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

    Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladi­mir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

    But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.

    At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent. Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks.

    Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”

    Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.

    ———-

    “Obama’s secret struggle to punish Russia for Putin’s election assault” by Greg Miller, Ellen Nakashima and Adam Entous; The Washington Post; 06/23/2017

    “Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.”

    And that’s all we learned about that “most critical technical intelligence” at the time. It was critical, and the NSA was reluctant to view it with high confidence. And there’s never been an indication of which country it was that provided this intelligence. So was it the Netherlands? If so, that’s quite a surprise given the the story about the NSA working closely and enthusiastically with the Dutch hackers. Also recall that the second hack of the DNC Server was allegedly carried out by a different Russian hacking team, ‘Fancy Bear’, and that hack didn’t take place until March of 2016. So it’s very possible the Dutch hackers would have had no information about that hack even if they really did hack into the ‘Cozy Bear’ team. But given that we still have no idea which country provided that “critical technical intelligence” it’s a question we need to ask.

    So, all in all, if you accept at face value these twin stories of the troll farm activities and an aggressive hacking campaign both starting back in 2014, it might be easy to conclude that this is substantial circumstantial evidence that the 2016 ‘Fancy Bear’ hack of the DNC that actually led to the release of those hacked documents really was just an extension of some sort of Kremlin-directed hacking campaign.

    But that’s conclusion leaves out some rather important details. And one of those details is highlighted by these twin stories: that there was extensive awareness within the US government of an apparent Russian hacking/trolling campaign starting 2014 and 2015. And that awareness would have included knowledge that the DNC had already been hacked in 2015. So if you were looking for a reasons why the GOP or its right-wing allies, for instance, might decide to try and hack the DNC in 2016 themselves and leave all sorts of ‘fingerprints’ making it look like ‘the Russians’ did it, you could hardly come up with a better backdrop than the situation that had emerged in 2014 and 2015.

    Don’t forget that Newt Gingrich, Judicial Watch, and Barbara Ledeen – wife of Michael Ledeen who coauthored a book with Michael Flynn – put together a team in 2015 to seek out Russian hackers with Hillary’s emails.. In other words, the idea of ‘Russian hackers’ hacking the Democrats was already well on the GOP’s mind in 2015.

    Also don’t forget that the May 2015 hack of the German Bundestag which was formally blamed on the Kremlin in January of 2016 had technical details about the hack published in 2015, and those same technical details inexplicably showed up in the malware found from the second 2016 ‘Fancy Bear’ hack.
    So how much awareness was there in 2015 within the US political establishment, and specifically the GOP, that there was an aggressive hacking campaign attributed to ‘Cozy Bear’ and an aggressive (if ineffectual) trolling campaign being carried out by the Internet Research Agency? We know the NSA knew about the ‘Cozy Bear’ hacking campaign. And the FBI clearly found out at some point in 2015. So who else in the US government knew about this? Did GOPers in congress know? Because if the information revealed in this Mueller indictment and the story of the Dutch hackers was something more widely, if quietly, known within the US political establishment, then it would also have been widely, if quietly, known that hacking the Democrats and making it look like ‘the Russians’ did it was very much an option. Again, don’t forget that, as atypically ‘noisy’ as the ‘Cozy Bear’ hacks of 2015 was for a Russian government hacking campaign, that’s nothing compared to how atypically ‘noisy’ the ‘Fancy Bear’ hack of 2016 was. Was that ‘noisiness’ of the 2016 ‘Fancy Bear’ hack really the Kremlin deciding to prominently inject itself into the US 2016 election, thus ensuring a subsequent hysteria about ‘Russian meddling’ and a massive elevation of tensions? Or was it a crime of opportunity carried out by a political opponent of the Democrats made to look like ‘the Russians’ by taking advantage of the knowledge that there was already US government concerns over Russian trolls and hackers?

    As the Mueller indictment indicated, those Russian trolls didn’t appear to want to get caught. And we’re told they were under Kremlin direction. So why did the hackers we’re told were under Kremlin direction so desperately want to get caught? It’s a central question raised by this entire #TrumpRussia saga that has yet to be meaningfully answered.

    Posted by Pterrafractyl | February 22, 2018, 11:36 pm
  19. Cybersecurity researcher John Bambenek just revealed something rather noteworthy about Guccifer 2.0: Bambenek apparently had a two month long back and forth with Guccifer 2.0 from mid August 2016 to mid-October. And he got a number of Democratic party documents sent to him by Guccifer 2.0 during this period.

    Here’s the really interesting part: all he had to do was reach out to Guccifer 2.0 using Twitter’s “Direct Messages” (DMs). He pointed out that he’s a Republican – he’s a former Illinois state senate candidate and currently serves on the state’s board of higher education as well as its community college board – and asked Guccifer 2.0 for documents that would make a big impact. That was apparently all that was required for him to actually receive some documents.

    Keep in mind that this isn’t the first time we’ve heard reports about people simply reaching out to Guccifer 2.0 and getting a response. Or even documents. Recall how the operation by GOP operative Peter Smith that set out to find Hillary Clinton’s hacked emails on the dark web ended up reaching out to “Guccifer 2.0”, who told Smith’s team that they should contact neo-Nazi hacker Andrew “weev” Auernheimer. And then the was the Florida GOP operative Aaron Nevins got 2.5 GB of Democratic Party documents from Guccifer 2.0 simply by asking for them. And, of course, there was Roger Stone’s messages to Guccifer 2.0 over Twitter DM too.

    So it’s not a new revelation to learn that random GOPers people could simply reach out to Guccifer 2.0 and end up with documents. But this is one more example of that so it raises the obvious question: Just how many GOPers other simply asked Guccifer 2.0 for documents and received them? Was this an open secret?:

    Dark Reading

    How Guccifer 2.0 Got ‘Punk’d’ by a Security Researcher
    Security expert and former Illinois state senate candidate John Bambenek details his two months of online interaction with the ‘unsupervised cutout’ who shared with him more stolen DCCC documents.

    Kelly Jackson Higgins
    3/8/2018 08:10 AM
    [Updated at 2:50pmET with link to Bambenek’s blog post on the research]

    KASPERSKY SECURITY ANALYST SUMMIT 2018 – Cancun, Mexico – Veteran security researcher John Bambenek purposely broke one of the first rules of OPSEC when he decided to reach out to Guccifer 2.0 in order to gather intel on the 2016 presidential campaign hacks: never expose your true identity to the adversary.

    For a two month period in late 2016 – not long after the infamous Guccifer 2.0 online persona first appeared online and began leaking data to the media and via Twitter from stolen documents from the Russian hacks of the Democratic National Committee (DNC) and Democratic Congressional Campaign Committee (DCCC) – Bambenek reached out to Guccifer 2.0 via a Twitter direct message (DM), using his real name and actual party affiliation as an Illinois Republican.

    “I didn’t think it would work,” says Bambenek, who contacted the mysterious online persona with the premise of requesting access to other stolen DCCC documents Guccifer 2.0 had in his possession. Bambenek at the time was working for Fidelis Cybersecurity and investigating the Russian hacks of the DNC and the DCCC, and had hoped to gather more intelligence and insight on the Russian state hacking and election influence operation via interactions with Guccifer 2.0. He is also a former Illinois state senate candidate and currently serves on the state’s board of higher education as well as its community college board.

    Using his real name was a calculated risk that Bambenek knew at worst could halt his communications with Guccifer 2.0 if the Kremlin were to discover that he was a security researcher, but at best the ruse would provide him quicker online access to Guccifer 2.0. Surprisingly, it apparently took Guccifer 2.0 nearly two months to realize he had been duped even though Bambenek’s job information was included in his Twitter profile, according to the researcher.

    Whether Guccifer 2.0 was truly fooled or playing along with the ruse remains unclear, but Bambenek observed that he mostly appeared to be eager to share with and show off the stolen data he requested. “It would be odd that he played dumb that long, but deception is the primary tool in the intel tool belt,” Bambenek notes.

    From Aug. 12 to mid-Oct. 2016, Guccifer 2.0 fed Bambenek stolen DCCC documents that included background on the 17th District and 8th District races in Illinois, call logs from the DCCC chair, “path to victory” documents, and other data points about various races in the state. One such stolen file was a call sheet addressed to then vice-president Joe Biden from the DCCC chair about contacting a possible Democratic candidate for the Illinois 10th District race. Bambenek in turn handed each message and document he obtained to the FBI.

    But it was obvious to Bambenek that Guccifer 2.0 didn’t understand or have any knowledge of the relevance of the stolen data, which included unremarkable documents on unopposed primaries, for example. “He never had anything overly useful,” he says. “They probably had some stuff and didn’t know how to make hay with it.”

    Guccifer 2.0 in online blog posts and leaks during the campaign took credit for the DNC hack and denied any link to Russia. In an interview with Motherboard in June of 2016, Guccifer claimed to be a hacker from Romania who had exploited a security flaw in a software-as-a-service provider platform that the DNC uses that ultimately gave him access to its servers. Security experts at the time, including Fidelis and CrowdStrike, had identified Russian nation-state groups Cozy Bear and Fancy Bear as the attackers.

    No ‘Adult Supervision’

    In his initial DM to Guccifer on Aug. 12 of last year, Bambenek, said: “I am interested in any other docs you may have” and, noting that he was a “Republican operative,” asked for “emails that can affect an election, well, they’d be used for maximum impact.”

    Bambanek, now vice president of security research at ThreatSTOP, says his interactions with Guccifer 2.0 over Twitter DMs and email revealed that this was a low-level operative not closely supervised by the Russian government. “He was an unsophisticated cutout without adult supervision and any media savvy,” he says. Guccifer 2.0’s main goal was to leak to media and Republican officials.

    “If we were to pick him up at the airport, we would not be excited about the intel we would get” from him, Bambenek says.

    Bambenek couldn’t determine definitively just who Guccifer 2.0 was, nor if the online persona was actually multiple people posing as one individual. He lacked insight and knowledge of the content of the DCCC documents and never actually provided the leaks in any “narrative form” indicating their usefulness: it was up to researchers and reporters to connect any dots, Bambenek observed.

    Most likely, Bambenek says, Guccifer 2.0 is a young person (or persons) who doesn’t speak fluent English, based on some linguistic clues he culled. “It looked like the same person [the whole time], but I don’t know if I can make a strong conclusion one way or the other,” he says, adding that Guccifer 2.0’s errors in the verb “to be” are indicative of a non-native speaker. He was not able to determine a physical location for Guccifer 2.0, but believes he operated on behalf of Russian state actors.

    Guccifer 2.0 was basically given the documents to dump “and go forth and troll,” he says.

    But Guccifer 2.0 did remain well-masked during Bambenek’s interactions with him. He used Proton email, a privacy-concious email protocol, for example. “One of the things we were doing as researchers was giving him real-time feedback on his tradecraft mistakes … then he stopped making metadata mistakes” in his document dumps, Bambenek says.

    On Oct. 4, 2016, Guccifer 2.0 DM’ed Bambenek with a message that indicated he was on to the ruse: “r ur company gonna make a story about me?”

    “He had realized I was playing him,” says Bambenek.

    Guccifer 2.0 for the most part appeared to be under pressure to generate online controversy and news articles about the dumped documents. At one point, Bambenek asked if he had any Democratic Governors Association documents or documents on Democratic senators. “Either he didn’t take the bait, or he didn’t have it,” he says.

    “For the most part, the influence operation by the Russians was more lucky than smart. They had a lot of information that they didn’t know how to package or what to do with,” he says. “My takeaway is that [in] 2016 they were not fully invested. They threw out cutouts and told them to go and have fun.”

    Meanwhile, Bambenek reached out to Guccifer 2.0 via email to give him (or them) a heads up about today’s talk at SAS. “Just to see if he’d click a link and show signs of life and to see if he’s paying attention,” Bambenek says. As of this posting, no response from Guccifer 2.0.

    Bambenek has now posted a blog with screenshots of some of his DMs with Guccifer 2.0.

    ———-

    “How Guccifer 2.0 Got ‘Punk’d’ by a Security Researcher” by Kelly Jackson Higgins; Dark Reading; 03/08/2018

    “For a two month period in late 2016 – not long after the infamous Guccifer 2.0 online persona first appeared online and began leaking data to the media and via Twitter from stolen documents from the Russian hacks of the Democratic National Committee (DNC) and Democratic Congressional Campaign Committee (DCCC) – Bambenek reached out to Guccifer 2.0 via a Twitter direct message (DM), using his real name and actual party affiliation as an Illinois Republican.”

    A message to Guccifer 2.0 over Twitter was all it took. So anyone in the world could have done what Bambenek did. Especially since it appears that Guccifer 2.0 didn’t even both to look into who Bambenek was and discover that he was a cybersecurity research with Fidelis Cybersecurity:


    “I didn’t think it would work,” says Bambenek, who contacted the mysterious online persona with the premise of requesting access to other stolen DCCC documents Guccifer 2.0 had in his possession. Bambenek at the time was working for Fidelis Cybersecurity and investigating the Russian hacks of the DNC and the DCCC, and had hoped to gather more intelligence and insight on the Russian state hacking and election influence operation via interactions with Guccifer 2.0. He is also a former Illinois state senate candidate and currently serves on the state’s board of higher education as well as its community college board.

    Using his real name was a calculated risk that Bambenek knew at worst could halt his communications with Guccifer 2.0 if the Kremlin were to discover that he was a security researcher, but at best the ruse would provide him quicker online access to Guccifer 2.0. Surprisingly, it apparently took Guccifer 2.0 nearly two months to realize he had been duped even though Bambenek’s job information was included in his Twitter profile, according to the researcher.

    Whether Guccifer 2.0 was truly fooled or playing along with the ruse remains unclear, but Bambenek observed that he mostly appeared to be eager to share with and show off the stolen data he requested. “It would be odd that he played dumb that long, but deception is the primary tool in the intel tool belt,” Bambenek notes.

    In his initial DM to Guccifer on Aug. 12 of last year, Bambenek, said: “I am interested in any other docs you may have” and, noting that he was a “Republican operative,” asked for “emails that can affect an election, well, they’d be used for maximum impact.”

    It’s worth noting that Fidelis Cybersecurity was one of the firms that quickly backed up Crowd Strike’s early conclusion that the DNC hack was a Russian operation back in June of 2016. So while it’s possible Guccifer 2.0 didn’t see all the clear signs that Bambenek was a Fidelis employee, it’s also possible Guccifer 2.0 saw this early on and saw it as an opportunity to further the ‘Russian hacker’ narrative by directly interacting with someone from the cybersecurity industry.

    Although based on Bambenek’s recounting of their interactions, if Guccifer 2.0 was intentionally pushing a narrative through Bambenek, that narrative appears to be that they were someone who lacked any meaningful political sophistication or knowledge of which documents might prove politically impactful. and that’s why it’s entirely unclear what it was about Bambenek’s interactions with Guccifer 2.0 that led him to his conclusion that Guccifer 2.0 was a Russian government operative:


    Bambanek, now vice president of security research at ThreatSTOP, says his interactions with Guccifer 2.0 over Twitter DMs and email revealed that this was a low-level operative not closely supervised by the Russian government. “He was an unsophisticated cutout without adult supervision and any media savvy,” he says. Guccifer 2.0’s main goal was to leak to media and Republican officials.

    “If we were to pick him up at the airport, we would not be excited about the intel we would get” from him, Bambenek says.

    Bambenek couldn’t determine definitively just who Guccifer 2.0 was, nor if the online persona was actually multiple people posing as one individual. He lacked insight and knowledge of the content of the DCCC documents and never actually provided the leaks in any “narrative form” indicating their usefulness: it was up to researchers and reporters to connect any dots, Bambenek observed.

    Most likely, Bambenek says, Guccifer 2.0 is a young person (or persons) who doesn’t speak fluent English, based on some linguistic clues he culled. “It looked like the same person [the whole time], but I don’t know if I can make a strong conclusion one way or the other,” he says, adding that Guccifer 2.0’s errors in the verb “to be” are indicative of a non-native speaker. He was not able to determine a physical location for Guccifer 2.0, but believes he operated on behalf of Russian state actors.

    Guccifer 2.0 was basically given the documents to dump “and go forth and troll,” he says.

    So what did Bambenek do with the documents he received? Apparently he handed them over to the FBI:


    From Aug. 12 to mid-Oct. 2016, Guccifer 2.0 fed Bambenek stolen DCCC documents that included background on the 17th District and 8th District races in Illinois, call logs from the DCCC chair, “path to victory” documents, and other data points about various races in the state. One such stolen file was a call sheet addressed to then vice-president Joe Biden from the DCCC chair about contacting a possible Democratic candidate for the Illinois 10th District race. Bambenek in turn handed each message and document he obtained to the FBI.

    “Bambenek in turn handed each message and document he obtained to the FBI.”

    So it seems like the FBI had to be aware of Guccifer 2.0 trying to hand documents directly to Republican operatives at some point between mid-August and mid-October of 2016. That seems like a significant revelation just in terms of who knew what when.

    And you have to wonder what this was all about when Bambenek says, “One of the things we were doing as researchers was giving him real-time feedback on his tradecraft mistakes … then he stopped making metadata mistakes” in his document dumps:


    But Guccifer 2.0 did remain well-masked during Bambenek’s interactions with him. He used Proton email, a privacy-concious email protocol, for example. “One of the things we were doing as researchers was giving him real-time feedback on his tradecraft mistakes … then he stopped making metadata mistakes” in his document dumps, Bambenek says.

    So was Bambenek referring to the cybersecurity community’s early discovery of things like Cyrillic text in the meta-data, which was discovered a day after the initial June 15th, 2016, document dump? Or was Bambenek referring to some other form of real-time feedback? It’s unclear.

    So, all in all, the Russian government decided to hand off the crucial public relations work a high-stakes foreign interference operation to a “low-level operative not closely supervised by the Russian government.” That’s according to John Bambenek from Fidelis Cybersecurity, one of the first firms to ‘confirm’ Crowd Strike’s initial attribution.

    And Bambenek bases this conclusion, in part, on his direct interactions with Guccifer 2.0. Direct interactions that ANY random person could have potentially had with Guccifer 2.0. And, again, that raises the question: how many other GOPers were in contact with Guccifer 2.0 over this period? Because it’s not like there was a lot stopping them.

    Posted by Pterrafractyl | March 8, 2018, 4:25 pm
  20. Here’s an article about how the Obama administration ordered the various people the US government who were developing counter-measures against the ‘Russian hackers’ to stand down in favor or a different approach. And the article contains some interesting new data points worth keeping in mind regarding the bizarre timeline of the US government’s response to the DNC hacks.

    First, recall how the US reportedly detected the (initial) hacking of the DNC servers in May of 2015. It was surprisingly ‘noisy’ according to US cybersecurity officials, meaning it didn’t seem like the hackers were trying to hide what they were doing at all. And recall how the FBI didn’t inform the DNC of this initial hack until September of 2015, but the outreach to the DNC was so unusual (just a phone call to a DNC IT person) that the DNC didn’t think it was a real tip and didn’t know it was actually hacked until March of 2016 when the FBI agents physically showed up at the DNC.

    So there’s a remarkable period, from around May of 2015 to March of 2016, where the US government knew about these hacks, but the DNC effectively didn’t. Well, according to the following article, there’s another set up people who were informed about the hacks in late 2015. It’s not a surprising set of officials to be informed about the hacks, but still noteworthy given the number of Democrats or people with ties to the Democratic party that would have known about this: State Department officials, including Victoria Nuland, were informed about the DNC hacks in December of 2015 and tasked with developing a US response:

    Yahoo News

    Obama cyber chief confirms ‘stand down’ order against Russian cyberattacks in summer 2016

    Michael Isikoff, Chief Investigative Correspondent
    •June 20, 2018

    WASHINGTON — The Obama White House’s chief cyber official testified Wednesday that proposals he was developing to counter Russia’s attack on the U.S. presidential election were put on a “back burner” after he was ordered to “stand down” his efforts in the summer of 2016.

    The comments by Michael Daniel, who served as White House “cyber security coordinator” between 2012 and January of last year, provided his first public confirmation of a much-discussed passage in the book, ““Russian Roulette: The Inside Story of Putin’s War on America and the Election of Donald Trump,” co-written by this reporter and David Corn, that detailed his thwarted efforts to respond to the Russian attack.

    They came during a Senate Intelligence Committee hearing into how the Obama administration dealt with Russian cyber and information warfare attacks in 2016, an issue that has become one of the more politically sensitive subjects in the panel’s ongoing investigation into Russia’s interference in the U.S. election and any links to the Trump campaign.

    The view that the Obama administration failed to adequately piece together intelligence about the Russian campaign and develop a forceful response has clearly gained traction with the intelligence committee. Sen. Mark Warner, D-Va., the ranking Democrat on the panel, said in an opening statement that “we were caught flat-footed at the outset and our collective response was inadequate to meet Russia’s escalation.”

    That conclusion was reinforced Wednesday by another witness, Victoria Nuland, who served as assistant secretary of state for Europe during the Obama administration. She told the panel that she had been briefed as early as December 2015 about the hacking of the Democratic National Committee — long before senior DNC officials were aware of it — and that the intrusion had all the hallmarks of a Russian operation.

    As she and other State Department officials became “more alarmed” about what the Russians were up to in the spring of 2016, they were authorized by then Secretary of State John Kerry to develop proposals for ways to deter the Russians. But most of those steps were never taken — in part because officials assumed they would be taken up by the next administration.

    “I believe there were deterrence measures we could have taken and should have taken,” Nuland testified.

    As intelligence came in during the late spring and early summer of that year about the Russian attack, Daniel instructed his staff on the National Security Council to begin developing options for aggressive countermeasures to deter the Kremlin’s efforts, including mounting U.S. “denial of service” attacks on Russian news sites and other actions targeting Russian cyber actors.

    Daniel declined to discuss the details of those options during Wednesday’s open hearing, saying he would share them with the panel during a classified session later in the day. But he described his proposals as “the full range of potential actions” that the U.S. government could use in the cyber arena “to impose costs on the Russians — both openly to demonstrate that we could do it as a deterrent and also clandestinely to disrupt their operations as well.”

    Sen. James Risch, R-Idaho, asked about a “Russian Roulette” passage in which one of Daniel’s staff members, Daniel Prieto, recounted a staff meeting shortly after the cyber coordinator was ordered by Susan Rice, President Obama’s national security adviser, to stop his efforts and “stand down.” This order was in part because Rice feared the options would leak and “box the president in.”

    “I was incredulous and in disbelief,” Prieto is quoted as saying in the book. “It took me a moment to process. In my head, I was like, did I hear that correctly?” Prieto told the authors he then spoke up, asking Daniel: “Why the hell are we standing down? Michael, can you help us understand?”

    Daniel has confirmed that the account was “an accurate rendering of what happened” in his staff meeting. He said his bosses at the NSC — he did not specifically mention Rice in his testimony — had concerns about “how many people were working on the options” so the “decision” from his superiors at the Obama White House was to “neck down the number of people that were involved in developing our ongoing response options.”

    Daniel added that “it’s not accurate to say that all activity ceased at that point.” He and his staff “shifted our focus” to assisting state governments to protect against Russian cyberattacks against state and local election systems.

    But as for his work on developing cyber deterrence measures, “those actions were put on a back burner and that was not the focus of our activity during that time period.”

    Instead, Obama officials chose another course of action after becoming frustrated that Republican leaders on Capitol Hill would not endorse a bipartisan statement condemning Russian interference and fearful that any unilateral action by them would feed then candidate Donald Trump’s claims that the election was rigged. They chose a private “stern” warning by Obama to Russian President Vladimir Putin at a summit in China in early September 2016 to stop his country’s campaign to disrupt the U.S. election.

    Obama officials were also worried that a vigorous cyber response along the lines Daniel had proposed could escalate into a full scale cyber war. And, they have since argued, they believed that the president’s warning had some impact, noting — as Daniel did in his testimony — that they saw some tamping down in Russian probing of state election data systems after Obama’s private talk with Putin.

    But Nuland testified that while the Russians were “a little less active” in September after the Obama warning, Russian activity picked up again in October when the Russians accelerated their social media campaign using phony Facebook ads and Twitter bots.

    “We saw an increase in what they were doing in social media,” Daniel agreed. “They shifted their focus.”

    Nuland also revealed, in response to questions by Sen. Susan Collins, R-Maine, another previously unpublicized dimension to the Russian attack. That summer, Collins said, FBI officials advised the committee that Russian diplomats were traveling around the country in areas they were not — under diplomatic protocols — permitted to visit , apparently to collect intelligence. Asked by Collins if she believed this was part of the Russian so-called active measures attack on the election, Nuland responded, “I do.”

    After the November 2016 election, in which Trump defeated Hillary Clinton, Obama did impose new sanctions on Russia’s intelligence services and expelled diplomats. But Nuland testified that most in the administration saw that as only a beginning of what needed to be done. “It’s fair to say that all of us in the process assumed what was done in December and January would be a starting point for what the incoming administration would then build on.”

    The Wednesday hearing by the intelligence panel did not touch steps the Trump administration has taken — or in many cases, failed to take — to respond to the Russian election attack. But both witnesses emphasized that there is new urgency to the issue to developing proposals to do so. Daniel noted that a malicious new Russian botnet – known as a “VPN filter” — has been discovered infecting home office routers and allowing hackers to intercept internet communications. He said this was a “type of malware we haven’t seen before” and shows “the intent of the Russians to continue their cyber activities.”

    ———-

    “Obama cyber chief confirms ‘stand down’ order against Russian cyberattacks in summer 2016” by Michael Isikoff; Yahoo News; 06/20/2018

    “The view that the Obama administration failed to adequately piece together intelligence about the Russian campaign and develop a forceful response has clearly gained traction with the intelligence committee. Sen. Mark Warner, D-Va., the ranking Democrat on the panel, said in an opening statement that “we were caught flat-footed at the outset and our collective response was inadequate to meet Russia’s escalation.””

    A forceful cyber-response against Russia by the US in 2016 was necessary: That appears to be the consensus at the Senate intelligence committee.

    And Victoria Nuland, the assistant secretary of state for Europe during the Obama adminstration (and someone who appeared to play an active role promoting the Maidan protests in Ukraine in 2014), not only agrees with that assessment but was helping to formulate a US response back in 2016. According to Nuland, she was briefed on the ‘Russian hacking’ as early as December 2015, long before senior DNC officials were even aware of it (due to the FBI’s inexplicably poor job of informing the DNC):


    That conclusion was reinforced Wednesday by another witness, Victoria Nuland, who served as assistant secretary of state for Europe during the Obama administration. She told the panel that she had been briefed as early as December 2015 about the hacking of the Democratic National Committee — long before senior DNC officials were aware of it — and that the intrusion had all the hallmarks of a Russian operation.

    But Nuland wasn’t just informed about the hacks. She and other State Department officials were also authorized by then Secretary of State John Kerry to develop proposals to deter the Russian hackers:


    As she and other State Department officials became “more alarmed” about what the Russians were up to in the spring of 2016, they were authorized by then Secretary of State John Kerry to develop proposals for ways to deter the Russians. But most of those steps were never taken — in part because officials assumed they would be taken up by the next administration.

    “I believe there were deterrence measures we could have taken and should have taken,” Nuland testified.

    And some of those proposed cyber-responses included actions like denial of service attacks on Russian news sites (presumably RT). For some reason this was deemed to be a form of deterrence, even though it wouldn’t actually be a deterrence unless the US made it clear it was behind the attack and would have probably become a propaganda bonanza for the Kremlin:


    As intelligence came in during the late spring and early summer of that year about the Russian attack, Daniel instructed his staff on the National Security Council to begin developing options for aggressive countermeasures to deter the Kremlin’s efforts, including mounting U.S. “denial of service” attacks on Russian news sites and other actions targeting Russian cyber actors.

    Daniel declined to discuss the details of those options during Wednesday’s open hearing, saying he would share them with the panel during a classified session later in the day. But he described his proposals as “the full range of potential actions” that the U.S. government could use in the cyber arena “to impose costs on the Russians — both openly to demonstrate that we could do it as a deterrent and also clandestinely to disrupt their operations as well.”

    But those response plans were ultimately put on hold. This was in part over concerns that it could provoke a full scale cyber war but also due the GOP congressional leadership refusing to sign on for a bipartisan US government response:


    Sen. James Risch, R-Idaho, asked about a “Russian Roulette” passage in which one of Daniel’s staff members, Daniel Prieto, recounted a staff meeting shortly after the cyber coordinator was ordered by Susan Rice, President Obama’s national security adviser, to stop his efforts and “stand down.” This order was in part because Rice feared the options would leak and “box the president in.”

    “I was incredulous and in disbelief,” Prieto is quoted as saying in the book. “It took me a moment to process. In my head, I was like, did I hear that correctly?” Prieto told the authors he then spoke up, asking Daniel: “Why the hell are we standing down? Michael, can you help us understand?”

    Daniel has confirmed that the account was “an accurate rendering of what happened” in his staff meeting. He said his bosses at the NSC — he did not specifically mention Rice in his testimony — had concerns about “how many people were working on the options” so the “decision” from his superiors at the Obama White House was to “neck down the number of people that were involved in developing our ongoing response options.”

    Daniel added that “it’s not accurate to say that all activity ceased at that point.” He and his staff “shifted our focus” to assisting state governments to protect against Russian cyberattacks against state and local election systems.

    But as for his work on developing cyber deterrence measures, “those actions were put on a back burner and that was not the focus of our activity during that time period.”

    Instead, Obama officials chose another course of action after becoming frustrated that Republican leaders on Capitol Hill would not endorse a bipartisan statement condemning Russian interference and fearful that any unilateral action by them would feed then candidate Donald Trump’s claims that the election was rigged. They chose a private “stern” warning by Obama to Russian President Vladimir Putin at a summit in China in early September 2016 to stop his country’s campaign to disrupt the U.S. election.

    Obama officials were also worried that a vigorous cyber response along the lines Daniel had proposed could escalate into a full scale cyber war. And, they have since argued, they believed that the president’s warning had some impact, noting — as Daniel did in his testimony — that they saw some tamping down in Russian probing of state election data systems after Obama’s private talk with Putin.

    Nuland and Senator Collins also discussed another previously undisclosed alleged Russian government covert action that during her Senate testimony: Collins brought up how FBI officials advised the Senate intelligence committee in the summer of 2016 thatR ussian diplomats were traveling around the country in areas they were not permitted to visit under diplomatic protocols. Collins was told at the time that this was apparently to collect intelligence. Nuland agreed. There’s no information on what kind of places these diplomats visited or what kind of intelligence they are suspected of collecting, but all parties involved have apparently concluded that this must have been a Kremlin cover action:


    But Nuland testified that while the Russians were “a little less active” in September after the Obama warning, Russian activity picked up again in October when the Russians accelerated their social media campaign using phony Facebook ads and Twitter bots.

    “We saw an increase in what they were doing in social media,” Daniel agreed. “They shifted their focus.”

    Nuland also revealed, in response to questions by Sen. Susan Collins, R-Maine, another previously unpublicized dimension to the Russian attack. That summer, Collins said, FBI officials advised the committee that Russian diplomats were traveling around the country in areas they were not — under diplomatic protocols — permitted to visit , apparently to collect intelligence. Asked by Collins if she believed this was part of the Russian so-called active measures attack on the election, Nuland responded, “I do.”

    After the November 2016 election, in which Trump defeated Hillary Clinton, Obama did impose new sanctions on Russia’s intelligence services and expelled diplomats. But Nuland testified that most in the administration saw that as only a beginning of what needed to be done. “It’s fair to say that all of us in the process assumed what was done in December and January would be a starting point for what the incoming administration would then build on.”

    So now you know: Victoria Nuland, wife of Project for the New American Century co-founder Robert Kagan, was helping to develop the US response to the hacks along with a number of other State Department officials and she learned about the hacks in December of 2015, months before the DNC itself belated learned about it.

    Posted by Pterrafractyl | June 21, 2018, 3:17 pm
  21. Here’s an interest followup on the mystery behind the operation set up by GOP financier Peter Smith to find and obtain Hillary Clinton’s hacked emails on the “dark web”. Recall how this operation appears to have involved a number of Trump campaign members -Michael Flynn, Steve Bannon, Kellyanne Conway, and Sam Clovis – according to the documents incorporating one of the companies set up for this operation. Also recall how they reached out to Alt Right troll Charles Johnson, who referred to other Alt Right operations with the same goal. Johnson reportedly advised Smith to contact Andrew ‘weev’ Auernheimer about finding the emails.

    Such an operation presumably cost money to run especially if the hacked emails are discovered and hackers are asking for money. So it’s interesting to learn that the FBI and congressional investigators were looking into a number of suspicious financial transactions done by Smith during this period. Specifically, it sounds like the investigators looked over the documents provided by Smith’s bank, Northern Trust, showing 88 suspicious cash withdrawals totaling about $140,000 between January 2016 and April 2017. The withdrawals were labeled “suspicious” when the purpose couldn’t be determined.

    Keep in mind that Smith had significant enough health problems that he he ended up committing suicide last May, so there were probably quite a few reasons for the guy to be withdrawing money once it was clear he was dying. But also recall that the suicide note he left indicated that his health became problematic in January of 2017. So all those unexplained cash withdrawals throughout 2016 can’t be easily explained away by Smith’s terminal illness.

    Was all that $140,000 spent on this project to get Hillary’s emails? That’s unclear. Was some of the money used to pay hackers for information? Well, according to a person with direct knowledge of Smith’s project, Smith stated that he was prepared to pay hackers “many thousands of dollars” for Clinton’s emails — and ultimately did so. So while we don’t know how much of that $140,000 was spent on this email project and we don’t know what it was spent on, it sure sounds like Smith’s operation was spending thousands of dollars to pay someone for something:

    BuzzFeed News

    GOP Operative Made “Suspicious” Cash Withdrawals During Pursuit Of Clinton Emails
    Peter W. Smith withdrew $4,900 in cash the day after he finalized a plan to work with “dark web” hackers.

    Jason Leopold
    BuzzFeed News Reporter

    Anthony Cormier
    BuzzFeed News Reporter

    Posted on August 10, 2018, at 5:22 p.m. ET

    In one of the most intriguing episodes of the 2016 presidential campaign, Republican activist Peter W. Smith launched an independent effort to obtain Hillary Clinton’s emails to help defeat her and elect Donald Trump. His quest, which reportedly brought him into contact with at least two sets of hackers that he himself believed were Russian, remains a key focus of investigations into whether the Trump campaign colluded with the Kremlin.

    Now, BuzzFeed News has reviewed documents showing that FBI agents and congressional investigators have zeroed in on transactions Smith made right as his effort to procure Clinton’s emails heated up. Just a day after he finished a report suggesting he was working with Trump campaign officials, for example, he transferred $9,500 from an account he had set up to fund the email project to his personal account, later taking out more than $4,900 in cash. According to a person with direct knowledge of Smith’s project, the Republican operative stated that he was prepared to pay hackers “many thousands of dollars” for Clinton’s emails — and ultimately did so.

    Smith is dead, and his lawyer, former business partner, and wife did not respond to numerous requests for an interview. The White House did not immediately return a message seeking comment, but the president has frequently denied colluding with Russia and denounced special counsel Robert Mueller’s probe as a partisan witch hunt. Smith said in a press interview that he was not part of the Trump campaign and was working independently.

    The money trail, made public here for the first time, sheds new light on Smith’s effort, in which he told people he was in touch with both Russians on the dark web and Trump campaign officials — particularly Michael Flynn, who was then a top adviser to the Trump campaign and later served as national security adviser before having to resign after misleading White House officials about his meetings with the Russian ambassador to the United States.

    Intelligence agencies have given the FBI information that Russian hackers talked about passing Clinton’s emails to Flynn through a cutout, according to two law enforcement officials with direct knowledge of the matter. It is not known if that cutout was in any way connected to Smith.

    The Wall Street Journal, which spoke with Smith about 10 days before he killed himself last year, broke the story about his operation to obtain Clinton’s emails and his alleged connections to Flynn. Smith’s obsession with the Clintons dates back at least to the 1990s, when he spent tens of thousands of dollars trying to expose Bill Clinton’s extramarital affairs. His attempt to procure Hillary Clinton’s emails apparently began in the summer of 2016, around the time Trump secured the Republican nomination.

    Smith reached out to various people he thought could help track down or authenticate the emails Clinton had routed through a private server in her home. One of those people was Matt Tait, a former information security specialist in Britain’s spy agency GCHQ, who was writing publicly about a different email hack, that of the Democratic National Committee.

    In a phone call in August, Smith told Tait that he believed Clinton’s private server had been hacked by the Russian government and others, and that a person from the dark web had contacted him, claiming to have some of Clinton’s emails. Smith wanted Tait to help verify the emails, something Tait said he refused to do.

    As Labor Day approached, Smith assembled a group of people including experts in technology, lawyers, and even a Russian-speaking investigator to figure out how to obtain Clinton’s emails, according to the Journal. On the Friday before the Labor Day weekend, Smith incorporated a company called KLS Research. In a proposal Smith put together describing the effort to obtain the emails, he named the company as the “preferred vehicle” for the research into Clinton’s email, and Smith would tell Tait that KLS Research would also help “avoid campaign reporting.”

    Smith and his longtime business partner, John Szobocsan, were the two signers for a bank account linked to KLS Research. The men were partners in other private equity ventures, and had known one another for decades. Tait wrote that Szobocsan joined at least one of the calls with Smith. Neither Szobocsan nor his lawyer returned detailed messages seeking comment.

    Soon after Labor Day, Smith appears to have finished an operational plan, which included the names of top Trump campaign officials, some of whom have denied speaking with Smith anytime during the campaign. Smith’s report is dated Sept. 7.

    The next day, Smith withdrew $9,500 from the KLS Research account and deposited it into his personal bank account, both held at Northern Trust. From there, Smith took out a little more than $4,900 in cash and sent checks to an accountant and an LLC controlled by a private real estate company. Later in September, Smith made withdrawals of $500 and $700 from KLS Research.

    These transactions came to light after Northern Trust received a subpoena from the FBI for Smith’s records last December. The subpoena specifically sought information about the $9,500 withdrawal from KLS Research’s account.

    After scouring nine accounts that Smith controlled, Northern Trust turned over documents showing 88 suspicious cash withdrawals totaling about $140,000 between January 2016 and April 2017, including a $3,000 withdrawal six days after the election. Northern Trust found these transactions suspicious because officials could not determine the purpose of the withdrawals and because some of them took place over the time Smith was engaged in his project to obtain Clinton’s emails. Many of the cash transactions, the bank noted, were less than $10,000, small enough not to trigger an automatic alert to the government. After receiving the subpoena, the bank sent a report to Treasury’s financial crimes unit, which shared its findings with the FBI, special counsel Robert Mueller, and Senate Intelligence Committee investigators.

    By law, bankers must alert Treasury to transactions that bear hallmarks of money laundering or other financial misconduct. Such suspicious activity reports can support investigations and intelligence gathering — but by themselves they are not evidence of a crime, and many suspicious activity reports are filed on transactions that are perfectly legal.

    A spokesperson for Northern Trust declined to comment.

    Now, according to the three US law enforcement officials, Smith remains an important figure in the government’s investigation. FBI and Senate Intelligence Committee investigators are trying to follow the money to learn whether Smith paid anyone connected with the Russian government. The FBI suspects Smith used some of the cash to fund his operation and paid hackers who provided him emails, according to two bureau sources who told BuzzFeed News that view is based on a close review of his banking activity and interviews with other people.

    Separately, investigators working for special counsel Mueller have also interviewed people who Smith tried to recruit and others who worked on his operation to obtain Clinton’s emails, according to the three law enforcement sources and a fourth person with direct knowledge of the interviews. Mueller’s team has also tried to determine if Flynn assisted Smith in his operation, according to two FBI agents. They added that Smith’s suspicious financial transactions are key to that effort.

    Flynn and his attorney did not return phone calls or emails seeking comment. Kelsey Pietranton, an FBI spokesperson, declined to comment, noting that it’s the bureau’s policy to neither confirm nor deny the existence of an investigation. A spokesperson for Mueller’s office did not respond to a request for comment.

    In a first-person account published on the website Lawfare last year, Tait, the former GCHQ information security officer, said he warned Smith about the Clinton email operation.

    “If this dark web contact is a front for the Russian government, you really don’t want to play this game. But [Smith and Szobocsan] were not discouraged. They appeared to be convinced of the need to obtain Clinton’s private emails and make them public, and they had a reckless lack of interest in whether the emails came from a Russian cut-out,” he wrote. “I never found out who Smith’s contact on the ‘Dark Web’ was. It was never clear to me whether this person was merely someone trying to dupe Smith out of his money, or a Russian front, and it was never clear to me how they represented their own credentials to Smith.”

    Smith, in his only press interview before he died, told the Journal that he and his team found five groups of hackers who claimed to have Clinton’s emails, including two groups he said were Russians.

    Smith also told the newspaper that he never intended to pay for emails obtained by hackers — a contention the person with direct knowledge of Smith’s plan disputed, saying Smith did pay for what he was told were Clinton’s emails. This source also said that Smith purposely omitted any mention of paying hackers from his written plan for the operation.

    Smith’s quest to find Clinton’s emails appears to have fizzled. He never released any of the email samples he reportedly received, because he could not verify them. About 10 days after being interviewed by the Journal, Smith went to a Minnesota hotel room and killed himself.

    ———-
    “GOP Operative Made “Suspicious” Cash Withdrawals During Pursuit Of Clinton Emails” by Jason Leopold and Anthony Cormier; BuzzFeed News; 08/10/2018

    “In one of the most intriguing episodes of the 2016 presidential campaign, Republican activist Peter W. Smith launched an independent effort to obtain Hillary Clinton’s emails to help defeat her and elect Donald Trump. His quest, which reportedly brought him into contact with at least two sets of hackers that he himself believed were Russian, remains a key focus of investigations into whether the Trump campaign colluded with the Kremlin.”

    Well that’s kind of good to year if true: Smith’s question for Hillary’s emails remain a “key focus of investigations.” Given all the Trump-affiliated people involved it would have been rather obscene if this wasn’t a key focus, as is also the case given the suspicious timing of some of these financial transactions. Especially given that one of the people involved with the project is saying that Smith state he was prepared to pay the hackers “many thousands of dollars” for Hillary’s emails, and ultimately did so:


    Now, BuzzFeed News has reviewed documents showing that FBI agents and congressional investigators have zeroed in on transactions Smith made right as his effort to procure Clinton’s emails heated up. Just a day after he finished a report suggesting he was working with Trump campaign officials, for example, he transferred $9,500 from an account he had set up to fund the email project to his personal account, later taking out more than $4,900 in cash. According to a person with direct knowledge of Smith’s project, the Republican operative stated that he was prepared to pay hackers “many thousands of dollars” for Clinton’s emails — and ultimately did so.

    Smith also told the newspaper that he never intended to pay for emails obtained by hackers — a contention the person with direct knowledge of Smith’s plan disputed, saying Smith did pay for what he was told were Clinton’s emails. This source also said that Smith purposely omitted any mention of paying hackers from his written plan for the operation.

    One other source of possible expenses that Smith would have had to spend money on is setting up the company to actually carry out this work, KLS Research:


    Smith reached out to various people he thought could help track down or authenticate the emails Clinton had routed through a private server in her home. One of those people was Matt Tait, a former information security specialist in Britain’s spy agency GCHQ, who was writing publicly about a different email hack, that of the Democratic National Committee.

    In a phone call in August, Smith told Tait that he believed Clinton’s private server had been hacked by the Russian government and others, and that a person from the dark web had contacted him, claiming to have some of Clinton’s emails. Smith wanted Tait to help verify the emails, something Tait said he refused to do.

    As Labor Day approached, Smith assembled a group of people including experts in technology, lawyers, and even a Russian-speaking investigator to figure out how to obtain Clinton’s emails, according to the Journal. On the Friday before the Labor Day weekend, Smith incorporated a company called KLS Research. In a proposal Smith put together describing the effort to obtain the emails, he named the company as the “preferred vehicle” for the research into Clinton’s email, and Smith would tell Tait that KLS Research would also help “avoid campaign reporting.”

    Smith and his longtime business partner, John Szobocsan, were the two signers for a bank account linked to KLS Research. The men were partners in other private equity ventures, and had known one another for decades. Tait wrote that Szobocsan joined at least one of the calls with Smith. Neither Szobocsan nor his lawyer returned detailed messages seeking comment.

    And it was money moved from KLS Research accounts to Smith’s personal accounts that appear to have caught investigators’ attention. Soon after Labor Day in 2016, Smith apparently had an operational plan for vetting and acquiring the emails he claimed were offered to him over the Dark Web by people he believed to be Russians. That included a little more man than $4,900 sent to an LLC controlled by a private real estate company. So it would be interesting to learn the name of that company:


    Soon after Labor Day, Smith appears to have finished an operational plan, which included the names of top Trump campaign officials, some of whom have denied speaking with Smith anytime during the campaign. Smith’s report is dated Sept. 7.

    The next day, Smith withdrew $9,500 from the KLS Research account and deposited it into his personal bank account, both held at Northern Trust. From there, Smith took out a little more than $4,900 in cash and sent checks to an accountant and an LLC controlled by a private real estate company. Later in September, Smith made withdrawals of $500 and $700 from KLS Research.

    And when Smith’s bank was subpoenaed, investigators learn about 88 suspicious transactions, worth about $140,000, that Smith’s bank couldn’t find an reason for from January 1 2016 to April 2017:


    These transactions came to light after Northern Trust received a subpoena from the FBI for Smith’s records last December. The subpoena specifically sought information about the $9,500 withdrawal from KLS Research’s account.

    After scouring nine accounts that Smith controlled, Northern Trust turned over documents showing 88 suspicious cash withdrawals totaling about $140,000 between January 2016 and April 2017, including a $3,000 withdrawal six days after the election. Northern Trust found these transactions suspicious because officials could not determine the purpose of the withdrawals and because some of them took place over the time Smith was engaged in his project to obtain Clinton’s emails. Many of the cash transactions, the bank noted, were less than $10,000, small enough not to trigger an automatic alert to the government. After receiving the subpoena, the bank sent a report to Treasury’s financial crimes unit, which shared its findings with the FBI, special counsel Robert Mueller, and Senate Intelligence Committee investigators.

    By law, bankers must alert Treasury to transactions that bear hallmarks of money laundering or other financial misconduct. Such suspicious activity reports can support investigations and intelligence gathering — but by themselves they are not evidence of a crime, and many suspicious activity reports are filed on transactions that are perfectly legal.

    A spokesperson for Northern Trust declined to comment.

    And this is all why Smith is apparently still an important figure for investigators. We have all the elements of the crime – claims of contact with hackers that allegedly had Hillary’s emails, shady financial transactions, and contacts with the Trump campaign – so it would be pretty amazing if he wasn’t seen as an important figure:


    Now, according to the three US law enforcement officials, Smith remains an important figure in the government’s investigation. FBI and Senate Intelligence Committee investigators are trying to follow the money to learn whether Smith paid anyone connected with the Russian government. The FBI suspects Smith used some of the cash to fund his operation and paid hackers who provided him emails, according to two bureau sources who told BuzzFeed News that view is based on a close review of his banking activity and interviews with other people.

    Unfortunately, Smith committed suicide and won’t be answering any more question. But it sounds like Mueller’s team did interview other people involved with Smith’s operation, with an eye on determining whether or not Michael Flynn was involved:


    Separately, investigators working for special counsel Mueller have also interviewed people who Smith tried to recruit and others who worked on his operation to obtain Clinton’s emails, according to the three law enforcement sources and a fourth person with direct knowledge of the interviews. Mueller’s team has also tried to determine if Flynn assisted Smith in his operation, according to two FBI agents. They added that Smith’s suspicious financial transactions are key to that effort.

    Flynn and his attorney did not return phone calls or emails seeking comment. Kelsey Pietranton, an FBI spokesperson, declined to comment, noting that it’s the bureau’s policy to neither confirm nor deny the existence of an investigation. A spokesperson for Mueller’s office did not respond to a request for comment.

    In a first-person account published on the website Lawfare last year, Tait, the former GCHQ information security officer, said he warned Smith about the Clinton email operation.

    “If this dark web contact is a front for the Russian government, you really don’t want to play this game. But [Smith and Szobocsan] were not discouraged. They appeared to be convinced of the need to obtain Clinton’s private emails and make them public, and they had a reckless lack of interest in whether the emails came from a Russian cut-out,” he wrote. “I never found out who Smith’s contact on the ‘Dark Web’ was. It was never clear to me whether this person was merely someone trying to dupe Smith out of his money, or a Russian front, and it was never clear to me how they represented their own credentials to Smith.”

    Smith, in his only press interview before he died, told the Journal that he and his team found five groups of hackers who claimed to have Clinton’s emails, including two groups he said were Russians.

    Considering that Flynn has been a cooperating witness for the Mueller investigation, it’s going to be interesting to see what happens if evidence that Flynn worked directly on this operation comes out while Flynn denies any involvement.

    Anyway, that all appears to indicate that Peter Smith’s operation is still very much a topic of interest to investigators and those investigators have a number of financial transactions to assist in that investigation.

    Of course, it would be absurd if investigators weren’t still looking into this. Along those lines, we still have no indication that the other GOP operation to obtain Hillary Clinton’s hacked emails on the dark web – the operation involving Barbara Ledeen, Newt Gingrich, and Judicial Watch – is also still being looked into by investigators.

    Posted by Pterrafractyl | August 14, 2018, 3:08 pm
  22. There’s no shortage of speculation about the legal threat Michael Cohen presents to President Trump following his recent decision to ‘flip’ and offer to assist the Mueller investigation. And it’s well founded speculation. Cohen was apparently deeply involved with everything from the Trump Tower Moscow initiative led by Felix Sater to the Ukrainian ‘peace plan’ proposal (also led by Felix Sater).

    Then there’s Cohen’s familial connections. Like how his Ukrainian wife is the daughter of some mob connected Ukrainians. Cohen’s Uncle owned a club that was patronized by leading Russian and Ukrainian mafia figures from the 70’s – 90’s. Cohen’s father-in-law, Felix Shusterman, is a Ukrainian immigrant to the US who was involved with the mafia and the Trump organization (Trump’s hiring of Cohen was seen as a favor to Shusterman). And Cohen’s brother’s father-in-law was Alexander Oronov, the recently deceased Ukrainian oligarch with a number of connections to Ukrainian figures including Andrii Artemeneko. Cohen clearly knows A LOT that could be of interest to anyone investigating #TrumpRussia.

    And as the following article notes, there’s one key area of the #TrumpRussia investigation that Cohen allegedly was intimately involved with according to the Steele Dossier that would put Cohen at the center of the alleged conspiracy between the Trump campaign and the Kremlin to collude over the hacks of the Democrats: The dossier alleged that Cohen took over the role of negotiating with the Kremlin after Paul Manafort left the Trump campaign in August of 2016, and that Cohen traveled to Prague in August or September of 2016 and met with Kremlin representatives where they hashed out a deal to pay off the ‘Romanian hackers’ for the hacks.

    The article notes that there was a report back in April that the Mueller team had uncovered evidence of such a visit, but the article also notes that there’s been no following reporting indicating whether or not this report was true.

    So the question of whether or not Michael Cohen was in Prague in 2016 remains an open question. And as the follow article points out, Cohen’s attorney Lanny Davis recently explicitly denied that Cohen has ever traveled to Prague. So while Cohen appears to have had a significant change of heart in terms of his willingness to work with investigators, the question of whether or not Cohen will end up validating or contradicting the Steele dossier allegations about him appears to be at least somewhat answered: he’s going to contradict the dossier’s claims. At least some of them.

    It’s also worth noting that, if the dossier’s claims about a meeting in Prague to work out the payment to the hackers is true, that would be one of example of how this has to be one of the the stupidest intelligence operations in history. Think about it: the Kremlin and the Trump team are engaged in a high stakes secret negotiation involving the high profile hacking of the Democrats, and for some reason they decided that these Russian government hackers needed to be paid off by the Trump team in order to execute this extremely risky operation. Really?! Why?! Why couldn’t the Russian hacker team get paid off by the Kremlin like they are presumably already being paid if they are Russian government hackers?

    Also recall how Mueller’s recent indictment of 12 GRU officers over the hacks specifically detailed how these officers planned and executed the phishing campaigns and deployment of the malware (albeit, with scant claims of evidence to back up those detailed allegations). There were no third-party cut-out hackers referenced in the indictment. So if the Steele dossiers claims about Cohen going to Prague to negotiate a payout to the hackers is true, and those hackers were actually GRU agents, that would defy logic unless the Kremlin was actually trying to goad the Trump team into creating an evidentiary trail to be followed later. Which would be an odd thing to do of they were colluding with the Trump team in order to see a change in US policy towards Russia.

    So it’s going to be interesting to see what, if any, hacking related revelations emerge from Michael Cohen ‘flipping’. But given that even the Mueller indictment itself contradicts the Steele dossier, we probably shouldn’t expect the newly cooperative Cohen to confirm many of that dossier’s allegations:

    The Washington Post

    What might Michael Cohen tell Robert Mueller?

    By Philip Bump
    National correspondent
    August 22, 2018

    This article has been updated.

    In the hours after Donald Trump’s former attorney Michael Cohen pleaded guilty to various crimes on Tuesday, his attorney Lanny Davis appeared on a number of television shows and granted other interviews centered on a common theme: Cohen has information that could be of interest to special counsel Robert S. Mueller III.

    This isn’t by itself surprising, of course. Cohen served the Trump Organization for years and Trump directly during the campaign and for some months afterward. Cohen has already implicated Trump in efforts to violate campaign finance laws to cover up affairs in which Trump allegedly participated. That he might be willing and able to implicate him in other ways comes as little shock.

    The question, though, is how. What information might Cohen possess that could help Mueller better understand how the Trump campaign might have interacted with Russian interference efforts in 2016?

    The hints from Cohen and his allies

    During his media blitz, Davis made one consistent claim. On MSNBC’s “Rachel Maddow Show,” Davis said Cohen had “knowledge about the computer crime of hacking and whether or not Mr. Trump knew ahead of time about that crime and even cheered it on.” To The Washington Post, Davis elaborated somewhat: “If there is a conversation and a plan for there to be dirt on Hillary Clinton, and then someone knows the way you’re willing to get the dirt is a Russian agent called WikiLeaks … and then WikiLeaks hacks into an email account, which is a crime, then you have committed a crime of conspiracy.”

    This is all vague, which could be (as Davis claims) to protect attorney-client privilege and could be (as skeptics might claim) because Davis — a Democrat and Clinton ally — wants Mueller to give Cohen a deal in which the threat of prison time is removed. The assertion to Maddow could simply result in a statement like, “No, Trump didn’t know about the hacking, though he did publicly cheer it on in a news conference.” The claim Davis made to our Isaac Stanley-Becker about WikiLeaks includes an allegation about possible hacking by WikiLeaks, which comes from way out of the blue.

    Regardless, maybe Cohen knows that Trump knew more about hacking efforts earlier than he has claimed. Hard to say from Davis’s comments — but it’s also not hard to believe that he might have.

    We know, too, that Cohen has alleged (through intermediaries) that he has information about Trump being aware of the June 2016 meeting at Trump Tower in advance. That allegation emerged late last month and would be important for reasons that extend beyond revealing Trump as having lied about his awareness of the meeting. Experts who’ve spoken with The Post note that it’s illegal for a campaign to accept things of value from a foreign actor, including negative information about a political opponent. It’s illegal, too, to solicit any such valuable thing, a prohibition that includes being aware of and encouraging a contribution. If Trump knew about the meeting, he could be accused of having participated in a criminal conspiracy.

    It’s very unlikely Trump would be indicted on such a charge, especially given how speculative it is. It’s worth noting that Cohen’s presentation of what happened during the campaign falls into the same category: His revealing that Trump was intimately involved in decisions to pay hush money to the president’s alleged mistresses almost certainly wouldn’t result in criminal charges.

    We can speculate in all sorts of ways about what Cohen might be able to offer. He was centrally involved in many decision made by Trump before and after the campaign. Real estate deals, business arrangements, possibly other agreements with other individuals over the years. Cohen may be more knowledgeable about certain parts of Trump’s finances than Trump’s accountants or than is revealed in Trump’s tax returns. It’s hard to know.

    Remember, too, that Cohen’s testimony to Mueller would be important for another reason: It would add a new layer of understanding to a lot of what has been asserted by other witnesses. Cohen could describe his interactions with Trump before the Trump Tower meeting in a way that makes clear that other witnesses had lied to investigators from the FBI, giving them new leverage over those witnesses to try to get to the truth about what the campaign was up to.

    Or maybe Cohen knows something even more squarely in Mueller’s purview.

    What the dossier alleges

    Cohen is a prominent figure in the dossier of reports written by former British intelligence officer Christopher Steele, which was first published by BuzzFeed last year. This dossier has become a focal point of questions about Russian interference and any cooperation the Trump campaign may have provided. Trump’s defenders justifiably point out that the dossier is full of allegations for which there’s no outside evidence. It is, in short, a collection of things Steele heard from his sources meant to spur further investigation.

    Cohen, the reports claim, played “a key role in the secret TRUMP campaign/Kremlin relationship.” The documents allege that Cohen stepped into the role of primary liaison with Russia in August 2016 after Paul Manafort resigned from the campaign following new reports about his relationship with a pro-Russian politician in Ukraine. Cohen, a report from October reads, “was heavily engaged in a cover up and damage limitation operation in the attempt to prevent the full details of [Trump’s] relationship with Russia being exposed.”

    Per “a Kremlin insider” who spoke with Steele, Cohen met with “Kremlin representatives” in August or September of that year in Prague. That alleged meeting may have taken place at Rossotrudnichestvo, a Russian center for science and culture in the city. Attendees may have included Konstantin Kosachev, a member of the upper chamber of Russia’s legislature, and Oleg Solodukhin, who works for Rossotrudnichestvo. Steele’s reports indicate that the meeting was originally supposed to be in Moscow, but that was judged too risky.

    Another report indicates that Cohen was accompanied by “3 colleagues” to the meeting. The agenda included questions about how “deniable cash payments were to be made to hackers who had worked in Europe under Kremlin direction against the [Hillary Clinton] campaign and various contingencies for covering up these operations and Moscow’s secret liaison with the [Trump] team more generally.” The dossier alleges that Cohen was aware of a company that had targeted Democratic leaders by planting bugs and stealing data. In the meeting, the two sides allegedly agreed to protect that operation and to have “Romanian hackers” be paid off and cease their work.

    We can overlay any number of theories onto this presentation of what might have happened. The initial release of files stolen from the Democratic National Committee involved a Russian intelligence officer claiming to be Romanian, for example, though that was publicly known at the time of Steele’s report. The government’s description of Cohen’s crimes released in conjunction with his plea deal on Tuesday includes a reimbursement to Cohen of $50,000 for “?’tech services,’ which in fact related to work COHEN had solicited from a technology company during and in connection with the campaign.” It’s not clear what that was.

    All of it, though, stems from Cohen having traveled to Prague in the late summer of 2016. In April, McClatchy reported that Mueller’s team uncovered evidence of such a visit, but that hasn’t been otherwise confirmed.

    Obviously, Cohen might be able to do so.

    Update: That just got a lot more unlikely. In an interview with Bloomberg, Davis stated flatly that Cohen “has never been to Prague in his life.”

    The fairest assumption is that the dossier’s allegations are more likely untrue than true. Cohen may not have any information about any link between the Trump campaign and Russia that’s more serious than what’s known publicly. He may have information that adds a little shading to the picture of what happened but doesn’t offer anything earth-shattering.

    On Tuesday, though, Cohen did make an unexpected assertion of remarkable significance: that Trump told him to take actions that violated campaign finance laws. It’s not outside the realm of possibility that he could offer something significant to Mueller, too.

    ———-

    “What might Michael Cohen tell Robert Mueller?” by Philip Bump; The Washington Post; 08/22/2018

    “In the hours after Donald Trump’s former attorney Michael Cohen pleaded guilty to various crimes on Tuesday, his attorney Lanny Davis appeared on a number of television shows and granted other interviews centered on a common theme: Cohen has information that could be of interest to special counsel Robert S. Mueller III.

    It was quite a tease: Lanny Davis goes on TV promising that Michael Cohen has information that could be of interest to Robert Mueller. Because of course he would. He’s Michael Cohen.

    One of the areas that Cohen could provide some devastating testimony against Trump is whether or not Trump personally knew about the notorious June 9th, 2016, meeting involving the Russian delegation offering ‘dirt’ on Hillary Clinton. And he allegedly does indeed have information about whether or not Trump knew in advance:


    Regardless, maybe Cohen knows that Trump knew more about hacking efforts earlier than he has claimed. Hard to say from Davis’s comments — but it’s also not hard to believe that he might have.

    We know, too, that Cohen has alleged (through intermediaries) that he has information about Trump being aware of the June 2016 meeting at Trump Tower in advance. That allegation emerged late last month and would be important for reasons that extend beyond revealing Trump as having lied about his awareness of the meeting. Experts who’ve spoken with The Post note that it’s illegal for a campaign to accept things of value from a foreign actor, including negative information about a political opponent. It’s illegal, too, to solicit any such valuable thing, a prohibition that includes being aware of and encouraging a contribution. If Trump knew about the meeting, he could be accused of having participated in a criminal conspiracy.

    Keep in mind that the question of whether or not Trump knew in advance of this meeting was more or less answered by Trump himself two days before the meeting. Recall how Trump gave a speech on June 7th, 2016, where he talked about how all sorts of new dirt on Hillary Clinton would be coming out soon. This was just two days before the June 9th meeting, and the original emails to Donald Trump, Jr. that set up the meeting explicitly said the Russian government wanted to hand over dirt on Hillary Clinton. So the circumstantial evidence that Trump at least thought this meeting was was going to involve the Russian government handing over dirt on Hillary is pretty overwhelming. The big question is what actually transpired at that meeting and whether or not it involved the hacks.

    And then there’s the allegations from the Steele dossier. Allegations that Michael Cohen traveled to Prague in order to have a secret meeting with Kremlin representatives where they discussed having the Trump team pay off the “Romanian hackers”:


    What the dossier alleges

    Cohen is a prominent figure in the dossier of reports written by former British intelligence officer Christopher Steele, which was first published by BuzzFeed last year. This dossier has become a focal point of questions about Russian interference and any cooperation the Trump campaign may have provided. Trump’s defenders justifiably point out that the dossier is full of allegations for which there’s no outside evidence. It is, in short, a collection of things Steele heard from his sources meant to spur further investigation.

    Cohen, the reports claim, played “a key role in the secret TRUMP campaign/Kremlin relationship.” The documents allege that Cohen stepped into the role of primary liaison with Russia in August 2016 after Paul Manafort resigned from the campaign following new reports about his relationship with a pro-Russian politician in Ukraine. Cohen, a report from October reads, “was heavily engaged in a cover up and damage limitation operation in the attempt to prevent the full details of [Trump’s] relationship with Russia being exposed.”

    Per “a Kremlin insider” who spoke with Steele, Cohen met with “Kremlin representatives” in August or September of that year in Prague. That alleged meeting may have taken place at Rossotrudnichestvo, a Russian center for science and culture in the city. Attendees may have included Konstantin Kosachev, a member of the upper chamber of Russia’s legislature, and Oleg Solodukhin, who works for Rossotrudnichestvo. Steele’s reports indicate that the meeting was originally supposed to be in Moscow, but that was judged too risky.

    Another report indicates that Cohen was accompanied by “3 colleagues” to the meeting. The agenda included questions about how “deniable cash payments were to be made to hackers who had worked in Europe under Kremlin direction against the [Hillary Clinton] campaign and various contingencies for covering up these operations and Moscow’s secret liaison with the [Trump] team more generally.” The dossier alleges that Cohen was aware of a company that had targeted Democratic leaders by planting bugs and stealing data. In the meeting, the two sides allegedly agreed to protect that operation and to have “Romanian hackers” be paid off and cease their work.

    We can overlay any number of theories onto this presentation of what might have happened. The initial release of files stolen from the Democratic National Committee involved a Russian intelligence officer claiming to be Romanian, for example, though that was publicly known at the time of Steele’s report. The government’s description of Cohen’s crimes released in conjunction with his plea deal on Tuesday includes a reimbursement to Cohen of $50,000 for “?’tech services,’ which in fact related to work COHEN had solicited from a technology company during and in connection with the campaign.” It’s not clear what that was.

    It’s also worth asking why this discussion of how to pay off the hackers (as absurd as that is) didn’t come up during the June 9th meeting if that meeting was indeed about the hacked documents. We can add farcical levels of inefficiency to the many farcical aspects of this alleged Kremlin intelligence operation.

    And yet there was indeed a report from back in April saying that the Mueller team did indeed have evidence of Cohen making a trip to Prague. The only problem is there’s been no followup on that report and Lanny Davis flatly denied it:


    All of it, though, stems from Cohen having traveled to Prague in the late summer of 2016. In April, McClatchy reported that Mueller’s team uncovered evidence of such a visit, but that hasn’t been otherwise confirmed.

    Obviously, Cohen might be able to do so.

    Update: That just got a lot more unlikely. In an interview with Bloomberg, Davis stated flatly that Cohen “has never been to Prague in his life.”

    The fairest assumption is that the dossier’s allegations are more likely untrue than true. Cohen may not have any information about any link between the Trump campaign and Russia that’s more serious than what’s known publicly. He may have information that adds a little shading to the picture of what happened but doesn’t offer anything earth-shattering.

    So if Cohen does end up becoming a significant witness in this investigation, while continuing to contradict key claims about him in the Steele dossier, it’s going to be interesting to see how that affects that how the rest of the claims in that dossier are interpreted.

    It’s also going to be interesting to see how the inevitable future movies portraying the alleged events of the #TrumpRussia conspiracy depict this allegedly intelligence operation given all the farcical aspects of it. Will it be portrayed as farcical spy comedy or a serious spy movie that happens to include one massive intelligence mistake after another? We’ll see, but the spy farce scripts sort of writes themselves at this point.

    Posted by Pterrafractyl | August 25, 2018, 3:21 pm

Post a comment