Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #964 Lies, Damned Lies and Statistics

WFMU-FM is pod­cast­ing For The Record–You can sub­scribe to the pod­cast HERE.

You can sub­scribe to e‑mail alerts from Spitfirelist.com HERE.

You can sub­scribe to RSS feed from Spitfirelist.com HERE.

You can sub­scribe to the com­ments made on pro­grams and posts–an excel­lent source of infor­ma­tion in, and of, itself HERE.

This broad­cast was record­ed in one, 60-minute seg­ment.

Trump kept a copy of this by his bedside. Russia is NOT his source of inspiration.

Trump kept a copy of this by his bed­side. Rus­sia is NOT his source of inspi­ra­tion.

Waffen SS-clad World War II reenactors, in original photo used by Trump campaign. Russia is NOT the font of Trumpism.

Waf­fen SS-clad World War II reen­ac­tors, in orig­i­nal pho­to used by Trump cam­paign. Rus­sia is NOT the font of Trump­ism.

Intro­duc­tion: As we have not­ed in many pre­vi­ous broad­casts and posts, cyber attacks are eas­i­ly dis­guised. Per­pe­trat­ing a “cyber false flag” oper­a­tion is dis­turbing­ly easy to do.

This is of para­mount sig­nif­i­cance in eval­u­at­ing the increas­ing­ly neo-McCarthyite New Cold War pro­pa­gan­da about “Russ­ian inter­fer­ence” in the U.S. elec­tion.

Com­pound­ing the sit­u­a­tion are some recent dis­clo­sures and devel­op­ments:

  • We learn that the CIA’s hack­ing tools are specif­i­cal­ly craft­ed to mask CIA author­ship of the attacks. Most sig­nif­i­cant­ly, for our pur­pos­es, is the fact that the Agen­cy’s hack­ing tools are engi­neered in such a way as to per­mit the authors of the event to rep­re­sent them­selves as Russ­ian.
  • The NSA’s elite hack­ing tech­nol­o­gy has been made wide­ly avail­able to the hack­ing com­mu­ni­ty, cour­tesy of “The Shad­ow Bro­kers.”
  • Dur­ing the 2016 Pres­i­den­tial cam­paign, Michael Fly­nn was pro­fes­sion­al­ly involved with numer­ous cyber-secu­ri­ty and cyber arms man­u­fac­tur­ing firms: “ . . . . The month before Fly­nn joined the advi­so­ry board of OSY Tech­nolo­gies, NSO Group opened up a new arm called West­Bridge Tech­nolo­gies, Inc., in the D.C. region. (The com­pa­ny was orig­i­nal­ly reg­is­tered in Delaware in 2014, but formed in Mary­land in April 2016.) Led by NSO Group co-founder Lavie, West­Bridge is vying for fed­er­al gov­ern­ment con­tracts for NSO Group’s prod­ucts. Hir­ing Fly­nn would pro­vide NSO Group with a well-con­nect­ed fig­ure in Wash­ing­ton, to help get its foot in the door of the noto­ri­ous­ly insu­lar world of secret intel­li­gence bud­get­ing. . . .When you’re try­ing to build up your busi­ness, you need some­one who has con­nec­tions, some­one who is seen as an author­i­ty and a legit­i­mate pres­ence,” John­son said. Hir­ing some­one with Flynn’s back­ground in intel­li­gence would ‘open up doors that they wouldn’t have had access to,’ John­son said.Through­out 2016, Fly­nn worked for a num­ber of cyber­se­cu­ri­ty firms per­son­al­ly and through his con­sult­ing firm, Fly­nn Intel Group. In addi­tion to his advi­so­ry board seat at OSY Tech­nolo­gies, he sat on the board of Adobe Sys­tems, a large soft­ware com­pa­ny with Pen­ta­gon con­tracts, and the boards of the cyber­se­cu­ri­ty com­pa­nies Green­Zone Sys­tems and HALO Pri­va­cy. (Though Fly­nn described him­self as an Adobe advi­so­ry board mem­ber in his finan­cial dis­clo­sure paper­work, the group said in a state­ment that he pro­vid­ed only “peri­od­ic coun­sel to Adobe’s pub­lic sec­tor team.”) . . .”
  • NSO Group and OSY Tech­nolo­gies spe­cial­ize in spear-fish­ing attacks, one of the method­olo­gies used in the hacks of U.S. elec­tion com­put­ers. Is there any link between Fly­n­n’s cyber-secu­ri­ty/­cy­ber arms links and the high-pro­file hacks dur­ing the cam­paign?
  • A GOP tech data­base–Deep Root–Exposed the data of almost two hun­dred mil­lion Amer­i­can vot­ers to wide­spread scruti­ny. Is there any con­nec­tion between Deep Root, the GOP and the alleged Russ­ian hack­ing of U.S. vot­ing com­put­ers?

Fol­low­ing a Bloomberg report about wide­spread Russ­ian hack­ing of Amer­i­can elec­tions sys­tems:  “ . . . . Kay Stim­son, spokes­woman for the Nation­al Asso­ci­a­tion of Sec­re­taries of State, said the mem­bers of her group — which rep­re­sents the chief elec­tion offi­cials in 40 states — were tak­en aback by the alle­ga­tion that 39 states were hacked. ‘We can­not ver­i­fy any infor­ma­tion in that report,’ Stim­son told Ben­zin­ga. “It has some claims that have raised some red flags. I don’t know where they’re get­ting it. We’re not able to assess to the cred­i­bil­i­ty.’ She said that some cyber­se­cu­ri­ty firms were engag­ing in scare tac­tics at the state and local lev­els. ‘There are cyber­se­cu­ri­ty firms mak­ing some wild claims,’ she said. ‘It is a very aggres­sive indus­try.’ . . .”

With the high-pro­file hacks being attributed–almost cer­tain­ly falsely–to Rus­sia, there are omi­nous devel­op­ments tak­ing place that may well lead to a Third World War. Dur­ing the clos­ing days of his Pres­i­den­cy, Oba­ma autho­rized the plant­i­ng of cyber weapons on Russ­ian com­put­er net­works. Oba­ma did this after talk­ing with Putin on the Hot Line, estab­lished to pre­vent a Third World War. Putin denied inter­fer­ing in the U.S. elec­tion.

The con­clu­sion that Rus­sia hacked the U.S. elec­tion on Putin’s orders appears to have been based on a CIA source in the Krem­lin. Even when that intel­li­gence was deliv­ered, oth­er agen­cies weren’t ready to accept the CIA’s con­clu­sion and it took intel­li­gence from anoth­er nation (not named) to pro­vide the final intel­li­gence tip­ping point that led to a broad-based con­clu­sion the not only was the Russ­ian gov­ern­ment behind the cyber­at­tacks but that Vladimir Putin him­self ordered it.

That ally’s intel­li­gence is described as “the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia,” how­ev­er the NSA still wasn’t con­vinced based on what sounds like a lack of con­fi­dence in that source. Thus, it looks like a CIA Krem­lin source and an unnamed for­eign intel­li­gence agency with ques­tion­able cre­den­tials are the basis of what appears to be a like­ly future full-scale US/Russian cyber­war.

Of para­mount sig­nif­i­cance is the fact that IF, on Putin’s orders (and we are to believe such) Rus­sia con­tin­ued to hack U.S. com­put­er sys­tems to influ­ence the elec­tion, Putin would have to have gone utter­ly mad. Those hacks would have pre­clud­ed any rap­proche­ment between Rus­sia and the Unit­ed States under a Pres­i­dent Trump. There is not indi­ca­tion that Putin went off the deep end.

Also augur­ing a Third World War are two devel­op­ments in Syr­ia. Sey­mour Hersh pub­lished an arti­cle in Die Welt reveal­ing that, not only was the April 4 alleged Sarin attack NOT a chem­i­cal weapons attack but there was wide­spread knowl­edge of this in Amer­i­can mil­i­tary and intel­li­gence cir­cles.

Omi­nous­ly, the Trump White House is claim­ing they have advance knowl­edge of an impend­ing Syr­i­an chem­i­cal weapons strike and will pun­ish Syr­ia heav­i­ly, and hold Rus­sia account­able.

Pro­gram High­lights Include: The fact that the bulk of activ­i­ty detect­ed by the DHS on U.S. elec­tion sys­tems was “scanning”–standard oper­at­ing pro­ce­dure for hack­ing; a for­mer NSA hack­ing specialist–Jake Williams–said that spear-phish­ing oper­a­tion was of “medi­um sophis­ti­ca­tion” that “prac­ti­cal­ly any hack­er can pull off”; the ques­tion of whether or not GOP Sec­re­taries of State might have delib­er­ate­ly respond­ed to the spear-phish­ing e‑mails that per­mit­ted the “hit” on U.S. elec­tion sys­tems; the Russ­ian autho­riza­tion of the use by the Syr­i­an air force of a smart bomb to elim­i­nate Al-Qae­da-linked jihadists; the release of a chem­i­cal cloud as a result of that strike that was caused by sec­ondary explo­sions; Cam­bridge Ana­lyt­i­ca’s hir­ing of GOP online data-bas­ing king­pin Dar­ren Bold­ing.

1a. As we have not­ed in many pre­vi­ous broad­casts and posts, cyber attacks are eas­i­ly dis­guised. Per­pe­trat­ing a “cyber false flag” oper­a­tion is dis­turbing­ly easy to do. In a world where the ver­i­fi­ably false and phys­i­cal­ly impos­si­ble “con­trolled demolition”/Truther non­sense has gained trac­tion, cyber false flag ops are all the more threat­en­ing and sin­is­ter.

Now, we learn that the CIA’s hack­ing tools are specif­i­cal­ly craft­ed to mask CIA author­ship of the attacks. Most sig­nif­i­cant­ly, for our pur­pos­es, is the fact that the Agen­cy’s hack­ing tools are engi­neered in such a way as to per­mit the authors of the event to rep­re­sent them­selves as Russ­ian.

This is of para­mount sig­nif­i­cance in eval­u­at­ing the increas­ing­ly neo-McCarthyite New Cold War pro­pa­gan­da about “Russ­ian inter­fer­ence” in the U.S. elec­tion.

“Wik­iLeaks Vault 7 Part 3 Reveals CIA Tool Might Mask Hacks as Russ­ian, Chi­nese, Ara­bic” by Stephanie Dube Dwil­son; Heavy; 4/3/2017.

This morn­ing, Wik­iLeaks released part 3 of its Vault 7 series, called Mar­ble. Mar­ble reveals CIA source code files along with decoy lan­guages that might dis­guise virus­es, tro­jans, and hack­ing attacks. These tools could make it more dif­fi­cult for anti-virus com­pa­nies and foren­sic inves­ti­ga­tors to attribute hacks to the CIA. Could this call the source of pre­vi­ous hacks into ques­tion? It appears that yes, this might be used to dis­guise the CIA’s own hacks to appear as if they were Russ­ian, Chi­nese, or from spe­cif­ic oth­er coun­tries. These tools were in use in 2016, Wik­iLeaks report­ed.

 It’s not known exact­ly how this Mar­ble tool was actu­al­ly used. How­ev­er, accord­ing to Wik­iLeaks, the tool could make it more dif­fi­cult for inves­ti­ga­tors and anti-virus com­pa­nies to attribute virus­es and oth­er hack­ing tools to the CIA. Test exam­ples weren’t just in Eng­lish, but also Russ­ian, Chi­nese, Kore­an, Ara­bic, and Far­si. This might allow a mal­ware cre­ator to not only look like they were speak­ing in Russ­ian or Chi­nese, rather than in Eng­lish, but to also look like they tried to hide that they were not speak­ing Eng­lish, accord­ing to Wik­iLeaks. This might also hide fake error mes­sages or be used for oth­er pur­pos­es. . . .

1b. There has been a wide­ly-cir­cu­lat­ed report about how the elec­tion sys­tems of 39 US states were “hit” by ‘Russ­ian hack­ers’, most of them just a week, before the 2016 Novem­ber elec­tion? Well, the Nation­al Asso­ci­a­tion of Sec­re­taries of State, an orga­ni­za­tion that rep­re­sents the chief elec­tion offi­cials in 40 states, has a rebut­tal: They have no idea what this report was talk­ing about and believe it’s a mat­ter of cyber­se­cu­ri­ty firms being over­ly aggres­sive to earn state con­tracts to pro­tect elec­tion sys­tems.

Again, quite a rebuttal–they have no idea what the Bloomberg report was say­ing:  “ . . . . Kay Stim­son, spokes­woman for the Nation­al Asso­ci­a­tion of Sec­re­taries of State, said the mem­bers of her group — which rep­re­sents the chief elec­tion offi­cials in 40 states — were tak­en aback by the alle­ga­tion that 39 states were hacked.

‘We can­not ver­i­fy any infor­ma­tion in that report,’ Stim­son told Ben­zin­ga. “It has some claims that have raised some red flags. I don’t know where they’re get­ting it. We’re not able to assess to the cred­i­bil­i­ty.’

Ms. Stim­son also not­ed that cyber secu­ri­ty firms appeared to be ramp­ing up the hype in order to fur­ther their own com­mer­cial agen­das.

” . . . Cyber Secu­ri­ty Firms Cap­i­tal­iz­ing On Russ­ian Scare

She said that some cyber­se­cu­ri­ty firms were engag­ing in scare tac­tics at the state and local lev­els.

‘There are cyber­se­cu­ri­ty firms mak­ing some wild claims,’ she said. ‘It is a very aggres­sive indus­try.’

In addi­tion the Depart­ment of Home­land Secu­ri­ty is also down­play­ing the sig­nif­i­cance of the report:

” . . . . Bloomberg attrib­uted the num­ber of states “hit” — Stim­son ques­tioned the mean­ing of the word — to the sys­tems in 39 states. “It’s hard to say how they ‘hit’ 39 states,” she said.

Home­land Secu­ri­ty also issued a report about the Bloomberg report, say­ing: ‘While we are not going to get into specifics of activ­i­ty at the state lev­el, the vast major­i­ty of what we saw was scan­ning — not attempts to intrude — and unsuc­cess­ful attempts to steal data held in vot­er reg­is­tra­tion data­bas­es.’. . . .”

“State Elec­tion Offi­cials Baf­fled By Report 39 States ‘Hit’ By Russ­ian Hack­ers” by Mark Fritz; Ben­zin­ga; 06/15/2017

State elec­tion offi­cials are baf­fled by a Bloomberg report alleg­ing that Russ­ian hack­ers com­pro­mised the vot­ing sys­tems in 39 states, adding that cyber­se­cu­ri­ty firms were engag­ing in scare tac­tics to win state and local con­tracts to pro­tect elec­tion sys­tems.

The June 13 Bloomberg sto­ry said that hack­ers staged incur­sions last year into vot­er data­bas­es and soft­ware sys­tems in almost twice as many states as pre­vi­ous­ly report­ed.

“In Illi­nois, inves­ti­ga­tors found evi­dence that cyber intrud­ers tried to delete or alter vot­er data. The hack­ers accessed soft­ware designed to be used by poll work­ers on Elec­tion Day, and in at least one state accessed a cam­paign finance data­base,” the report said.

It cit­ed three unnamed sources with direct knowl­edge of “the U.S. inves­ti­ga­tion into the mat­ter.”

“In all, the Russ­ian hack­ers hit sys­tems in a total of 39 states, one of them said,” the report said.

The Nation­al Secu­ri­ty Agency, the FBI and the U.S. Home­land Secu­ri­ty Depart­ment all are look­ing into var­i­ous aspects of what intel­li­gence offi­cials said was Russ­ian med­dling into the U.S. elec­tion sys­tems.

Kay Stim­son, spokes­woman for the Nation­al Asso­ci­a­tion of Sec­re­taries of State, said the mem­bers of her group — which rep­re­sents the chief elec­tion offi­cials in 40 states — were tak­en aback by the alle­ga­tion that 39 states were hacked.

“We can­not ver­i­fy any infor­ma­tion in that report,” Stim­son told Ben­zin­ga. “It has some claims that have raised some red flags. I don’t know where they’re get­ting it. We’re not able to assess to the cred­i­bil­i­ty.”

Cyber Secu­ri­ty Firms Cap­i­tal­iz­ing On Russ­ian Scare

She said that some cyber­se­cu­ri­ty firms were engag­ing in scare tac­tics at the state and local lev­els.

“There are cyber­se­cu­ri­ty firms mak­ing some wild claims,” she said. “It is a very aggres­sive indus­try.”

Bloomberg attrib­uted the num­ber of states “hit” — Stim­son ques­tioned the mean­ing of the word — to the sys­tems in 39 states. “It’s hard to say how they ‘hit’ 39 states,” she said.

Home­land Secu­ri­ty also issued a report about the Bloomberg report, say­ing: “While we are not going to get into specifics of activ­i­ty at the state lev­el, the vast major­i­ty of what we saw was scan­ning — not attempts to intrude — and unsuc­cess­ful attempts to steal data held in vot­er reg­is­tra­tion data­bas­es.”

Lit­tle Doubt Russ­ian Med­dling In Elec­tion

Despite the reac­tion to the Bloomberg report, there is lit­tle doubt that Russ­ian actors attempt­ed to access U.S. elec­tion sys­tems. Spe­cial inves­ti­ga­tor Robert Mueller has been tasked with spear­head­ing the inves­ti­ga­tion into whether the Trump cam­paign col­lud­ed with Krem­lin affil­i­ates to leak dam­ag­ing emails and rig the elec­tion.

2a. The infor­ma­tion pre­sent­ed above cer­tain­ly sup­ports the notion that the “39 states were hacked by the Rus­sians” was, at a min­i­mum, an exag­ger­a­tion. And when DHS talks about the “vast major­i­ty” of what they saw was “scan­ning”, keep in mind that “scan­ning” com­put­ers con­nect­ed to the inter­net is ubiq­ui­tous and if they were using IP address­es to attribute this scan­ning to “Russ­ian hack­ers”, if the US intel­li­gence report on the evi­dence for ‘Russ­ian hack­ers’ in the DNC serv­er hack is any indi­ca­tion of the way IP address­es are being used to assess cul­pa­bil­i­ty for these state sys­tem scan­ning attempts, IP address­es aren’t the most com­pelling evi­dence in this case:

“Did the Rus­sians Real­ly Hack the DNC?” by Gre­go­ry ElichCounter Punch; 1/13/2017.

Rus­sia, we are told, breached the servers of the Demo­c­ra­t­ic Nation­al Com­mit­tee (DNC), swiped emails and oth­er doc­u­ments, and released them to the pub­lic, to alter the out­come of the U.S. pres­i­den­tial elec­tion.

How sub­stan­tial is the evi­dence back­ing these asser­tions?

Com­mand-and-con­trol servers remote­ly issue mali­cious com­mands to infect­ed machines. Odd­ly, for such a key com­po­nent of the oper­a­tion, the com­mand-and-con­trol IP address in both attacks was hard-cod­ed in the mal­ware. This seems like anoth­er inex­plic­a­ble choice, giv­en that the point of an advanced per­sis­tent threat is to oper­ate for an extend­ed peri­od with­out detec­tion. A more suit­able approach would be to use a Domain Name Sys­tem (DNS) address, which is a decen­tral­ized com­put­er nam­ing sys­tem. That would pro­vide a more covert means of iden­ti­fy­ing the com­mand-and-con­trol serv­er. [13] More­over, one would expect that address to be encrypt­ed. Using a DNS address would also allow the com­mand-and-con­trol oper­a­tion to eas­i­ly move to anoth­er serv­er if its loca­tion is detect­ed, with­out the need to mod­i­fy and rein­stall the code.

One of the IP address­es is claimed to be a “well-known APT 28” com­mand-and-con­trol address, while the sec­ond is said to be linked to Russ­ian mil­i­tary intel­li­gence. [14] The first address points to a serv­er locat­ed in San Jose, Cal­i­for­nia, and is oper­at­ed by a serv­er host­ing ser­vice. [15] The sec­ond serv­er is sit­u­at­ed in Paris, France, and owned by anoth­er serv­er host­ing ser­vice. [16] Clear­ly, these are servers that have been com­pro­mised by hack­ers. It is cus­tom­ary for hack­ers to route their attacks through vul­ner­a­ble com­put­ers. The IP address­es of com­pro­mised com­put­ers are wide­ly avail­able on the Deep Web, and typ­i­cal­ly a hacked serv­er will be used by mul­ti­ple threat actors. These two par­tic­u­lar servers may or may not have been reg­u­lar­ly uti­lized by Russ­ian Intel­li­gence, but they were not unique­ly so used. Almost cer­tain­ly, many oth­er hack­ers would have used the same machines, and it can­not be said that these IP address­es unique­ly iden­ti­fy an infil­tra­tor. Indeed, the sec­ond IP address is asso­ci­at­ed with the com­mon Tro­jan virus­es Agent-APPR and Shun­nael.[17]

“Every­one is focused on attri­bu­tion, but we may be miss­ing the big­ger truth,” says Joshua Cro­man, Direc­tor of the Cyber State­craft Ini­tia­tive at the Atlantic Coun­cil. “[T]he lev­el of sophis­ti­ca­tion required to do this hack was so low that near­ly any­one could do it.” [18] . . . 

2b. Since dig­i­tal “sig­na­tures” are eas­i­ly spoofed by hack­ers and a dec­la­ra­tion of cyber war would be an insane move by the Russ­ian gov­ern­ment, there’s the very obvi­ous pos­si­bil­i­ty that some­one else made all these hack­ing attempts.

It’s worth not­ing that in The Inter­cept report about the leaked NSA doc­u­ment show­ing the analy­sis of the hack­ing of a Flori­da vot­ing sys­tems com­pa­ny, the arti­cle fea­tures an inter­view Jake Williams – a for­mer mem­ber of NSA’s elite hack­ing Tai­lored Access Oper­a­tions team – and ask him about the spear-phish­ing cam­paign used against those 122 offi­cials in the last week of the cam­paign. Accord­ing to Williams, that spear-phish­ing oper­a­tion was of “medi­um sophis­ti­ca­tion” that “prac­ti­cal­ly any hack­er can pull off”.

The spear-phish­ing attacks used doc­u­ments from the Flori­da-based “VR Sys­tems” as the bait. That’s what the alleged Russ­ian hack­ers did in the last week of the cam­paign. And how sophis­ti­cat­ed was this spear-phish­ing attack? Almost any hack­er could have done it.

“. . . . Accord­ing to Williams, if this type of attack were suc­cess­ful, the per­pe­tra­tor would pos­sess “unlim­it­ed” capac­i­ty for siphon­ing away items of inter­est. ‘Once the user opens up that email [attach­ment],’ Williams explained, ‘the attack­er has all the same capa­bil­i­ties that the user does.’ Vikram Thakur, a senior research man­ag­er at Symantec’s Secu­ri­ty Response Team, told The Inter­cept that in cas­es like this the ‘quan­ti­ty of exfil­trat­ed data is only lim­it­ed by the con­trols put in place by net­work admin­is­tra­tors.’ Data theft of this vari­ety is typ­i­cal­ly encrypt­ed, mean­ing any­one observ­ing an infect­ed net­work wouldn’t be able to see what exact­ly was being removed but should cer­tain­ly be able to tell some­thing was afoot, Williams added. Over­all, the method is one of  ‘medi­um sophis­ti­ca­tion,’ Williams said, one that ‘prac­ti­cal­ly any hack­er can pull off.’. . . .”

So accord­ing to fed­er­al inves­ti­ga­tors, ‘the GRU’ used a spear-phish­ing tech­nique that any hack­er could have pulled off, and did it in a man­ner that left dig­i­tal “sig­na­tures”, like IP address, that appar­ent­ly led back to the GRU. The cul­prits also kept the same dig­i­tal sig­na­tures in the July 2016 hack on the Illi­nois vot­ing sys­tem that were found in the wave of spear-phish­ing attacks in the last week of the cam­paign. Even after get­ting a “cyber Red Phone” call from the White House in for the first time ever in Octo­ber, thus open­ing Rus­sia to poten­tial revenge attacks for years to come and poi­son-pilling the pos­si­ble util­i­ty of hav­ing a Russ­ian-friend­ly Pres­i­dent Trump in the White House. It’s as if the cost-ben­e­fit analy­sis didn’t fac­tor in the costs. That’s the sto­ry we’re sup­posed to accept.

And, amaz­ing­ly, based on the first report, it sounds the bulk of the 39 hacked states got hacked by this spear-phish­ing cam­paign in the last week of the cam­paign despite the intense focus around poten­tial hack­ing in the pri­or months. Those must have been some pret­ty com­pelling phish­ing emails.

It rais­es the ques­tion as to whether or not some of the those 122 tar­get­ed offi­cials were try­ing to get their sys­tems hacked. Keep in mind one of the very inter­est­ing things about a spear-phish­ing attack in a sce­nario like this: one of the hacked par­ties (the GOP) just might want to get hacked: Spear-phish­ing a great way for an insid­er to invite in a hack­er while main­tain­ing plau­si­ble deni­a­bil­i­ty. Oops! I was tricked!)

“Top-Secret NSA Report Details Russ­ian Hack­ing Effort Days Before 2016 Elec­tion” by Matthew Cole, Richard Espos­i­to, Sam Bid­dle, Ryan Grim; The Inter­cept; 06/05/2017

Russ­ian mil­i­tary intel­li­gence exe­cut­ed a cyber­at­tack on at least one U.S. vot­ing soft­ware sup­pli­er and sent spear-phish­ing emails to more than 100 local elec­tion offi­cials just days before last November’s pres­i­den­tial elec­tion, accord­ing to a high­ly clas­si­fied intel­li­gence report obtained by The Inter­cept.

The top-secret Nation­al Secu­ri­ty Agency doc­u­ment, which was pro­vid­ed anony­mous­ly to The Inter­cept and inde­pen­dent­ly authen­ti­cat­ed, ana­lyzes intel­li­gence very recent­ly acquired by the agency about a months-long Russ­ian intel­li­gence cyber effort against ele­ments of the U.S. elec­tion and vot­ing infra­struc­ture. The report, dat­ed May 5, 2017, is the most detailed U.S. gov­ern­ment account of Russ­ian inter­fer­ence in the elec­tion that has yet come to light.

While the doc­u­ment pro­vides a rare win­dow into the NSA’s under­stand­ing of the mechan­ics of Russ­ian hack­ing, it does not show the under­ly­ing “raw” intel­li­gence on which the analy­sis is based. A U.S. intel­li­gence offi­cer who declined to be iden­ti­fied cau­tioned against draw­ing too big a con­clu­sion from the doc­u­ment because a sin­gle analy­sis is not nec­es­sar­i­ly defin­i­tive.

The report indi­cates that Russ­ian hack­ing may have pen­e­trat­ed fur­ther into U.S. vot­ing sys­tems than was pre­vi­ous­ly under­stood. It states unequiv­o­cal­ly in its sum­ma­ry state­ment that it was Russ­ian mil­i­tary intel­li­gence, specif­i­cal­ly the Russ­ian Gen­er­al Staff Main Intel­li­gence Direc­torate, or GRU, that con­duct­ed the cyber attacks described in the doc­u­ment:

Russ­ian Gen­er­al Staff Main Intel­li­gence Direc­torate actors … exe­cut­ed cyber espi­onage oper­a­tions against a named U.S. com­pa­ny in August 2016, evi­dent­ly to obtain infor­ma­tion on elec­tions-relat­ed soft­ware and hard­ware solu­tions. … The actors like­ly used data obtained from that oper­a­tion to … launch a vot­er reg­is­tra­tion-themed spear-phish­ing cam­paign tar­get­ing U.S. local gov­ern­ment orga­ni­za­tions.

This NSA sum­ma­ry judg­ment is sharply at odds with Russ­ian Pres­i­dent Vladimir Putin’s denial last week that Rus­sia had inter­fered in for­eign elec­tions: “We nev­er engaged in that on a state lev­el, and have no inten­tion of doing so.” Putin, who had pre­vi­ous­ly issued blan­ket denials that any such Russ­ian med­dling occurred, for the first time float­ed the pos­si­bil­i­ty that free­lance Russ­ian hack­ers with “patri­ot­ic lean­ings” may have been respon­si­ble. The NSA report, on the con­trary, dis­plays no doubt that the cyber assault was car­ried out by the GRU.

The Spear-Phish­ing Attack

As described by the clas­si­fied NSA report, the Russ­ian plan was sim­ple: pose as an e‑voting ven­dor and trick local gov­ern­ment employ­ees into open­ing Microsoft Word doc­u­ments invis­i­bly taint­ed with potent mal­ware that could give hack­ers full con­trol over the infect­ed com­put­ers.

But in order to dupe the local offi­cials, the hack­ers need­ed access to an elec­tion soft­ware vendor’s inter­nal sys­tems to put togeth­er a con­vinc­ing dis­guise. So on August 24, 2016, the Russ­ian hack­ers sent spoofed emails pur­port­ing to be from Google to employ­ees of an unnamed U.S. elec­tion soft­ware com­pa­ny, accord­ing to the NSA report. Although the doc­u­ment does not direct­ly iden­ti­fy the com­pa­ny in ques­tion, it con­tains ref­er­ences to a prod­uct made by VR Sys­tems, a Flori­da-based ven­dor of elec­tron­ic vot­ing ser­vices and equip­ment whose prod­ucts are used in eight states.

The spear-phish­ing email con­tained a link direct­ing the employ­ees to a mali­cious, faux-Google web­site that would request their login cre­den­tials and then hand them over to the hack­ers. The NSA iden­ti­fied sev­en “poten­tial vic­tims” at the com­pa­ny. While mali­cious emails tar­get­ing three of the poten­tial vic­tims were reject­ed by an email serv­er, at least one of the employ­ee accounts was like­ly com­pro­mised, the agency con­clud­ed. The NSA notes in its report that it is “unknown whether the afore­men­tioned spear-phish­ing deploy­ment suc­cess­ful­ly com­pro­mised all the intend­ed vic­tims, and what poten­tial data from the vic­tim could have been exfil­trat­ed.”

VR Sys­tems declined to respond to a request for com­ment on the spe­cif­ic hack­ing oper­a­tion out­lined in the NSA doc­u­ment. Chief Oper­at­ing Offi­cer Ben Mar­tin replied by email to The Intercept’s request for com­ment with the fol­low­ing state­ment:

Phish­ing and spear-phish­ing are not uncom­mon in our indus­try. We reg­u­lar­ly par­tic­i­pate in cyber alliances with state offi­cials and mem­bers of the law enforce­ment com­mu­ni­ty in an effort to address these types of threats. We have poli­cies and pro­ce­dures in effect to pro­tect our cus­tomers and our com­pa­ny.

Although the NSA report indi­cates that VR Sys­tems was tar­get­ed only with login-steal­ing trick­ery, rather than com­put­er-con­trol­ling mal­ware, this isn’t nec­es­sar­i­ly a reas­sur­ing sign. Jake Williams, founder of com­put­er secu­ri­ty firm Ren­di­tion Infos­ec and for­mer­ly of the NSA’s Tai­lored Access Oper­a­tions hack­ing team, said stolen logins can be even more dan­ger­ous than an infect­ed com­put­er. “I’ll take cre­den­tials most days over mal­ware,” he said, since an employee’s login infor­ma­tion can be used to pen­e­trate “cor­po­rate VPNs, email, or cloud ser­vices,” allow­ing access to inter­nal cor­po­rate data. The risk is par­tic­u­lar­ly height­ened giv­en how com­mon it is to use the same pass­word for mul­ti­ple ser­vices. Phish­ing, as the name implies, doesn’t require every­one to take the bait in order to be a suc­cess — though Williams stressed that hack­ers “nev­er want just one” set of stolen cre­den­tials.

In any event, the hack­ers appar­ent­ly got what they need­ed. Two months lat­er, on Octo­ber 27, they set up an “oper­a­tional” Gmail account designed to appear as if it belonged to an employ­ee at VR Sys­tems, and used doc­u­ments obtained from the pre­vi­ous oper­a­tion to launch a sec­ond spear-phish­ing oper­a­tion “tar­get­ing U.S. local gov­ern­ment orga­ni­za­tions.” These emails con­tained a Microsoft Word doc­u­ment that had been “tro­janized” so that when it was opened it would send out a bea­con to the “mali­cious infra­struc­ture” set up by the hack­ers.

The NSA assessed that this phase of the spear-fish­ing oper­a­tion was like­ly launched on either Octo­ber 31 or Novem­ber 1 and sent spear-fish­ing emails to 122 email address­es “asso­ci­at­ed with named local gov­ern­ment orga­ni­za­tions,” prob­a­bly to offi­cials “involved in the man­age­ment of vot­er reg­is­tra­tion sys­tems.” The emails con­tained Microsoft Word attach­ments pur­port­ing to be benign doc­u­men­ta­tion for VR Sys­tems’ EViD vot­er data­base prod­uct line, but which were in real­i­ty mali­cious­ly embed­ded with auto­mat­ed soft­ware com­mands that are trig­gered instant­ly and invis­i­bly when the user opens the doc­u­ment. These par­tic­u­lar weaponized files used Pow­er­Shell, a Microsoft script­ing lan­guage designed for sys­tem admin­is­tra­tors and installed by default on Win­dows com­put­ers, allow­ing vast con­trol over a system’s set­tings and func­tions. If opened, the files “very like­ly” would have instruct­ed the infect­ed com­put­er to begin down­load­ing in the back­ground a sec­ond pack­age of mal­ware from a remote serv­er also con­trolled by the hack­ers, which the secret report says could have pro­vid­ed attack­ers with “per­sis­tent access” to the com­put­er or the abil­i­ty to “sur­vey the vic­tims for items of inter­est.” Essen­tial­ly, the weaponized Word doc­u­ment qui­et­ly unlocks and opens a target’s back door, allow­ing vir­tu­al­ly any cock­tail of mal­ware to be sub­se­quent­ly deliv­ered auto­mat­i­cal­ly.

Accord­ing to Williams, if this type of attack were suc­cess­ful, the per­pe­tra­tor would pos­sess “unlim­it­ed” capac­i­ty for siphon­ing away items of inter­est. “Once the user opens up that email [attach­ment],” Williams explained, “the attack­er has all the same capa­bil­i­ties that the user does.” Vikram Thakur, a senior research man­ag­er at Symantec’s Secu­ri­ty Response Team, told The Inter­cept that in cas­es like this the “quan­ti­ty of exfil­trat­ed data is only lim­it­ed by the con­trols put in place by net­work admin­is­tra­tors.” Data theft of this vari­ety is typ­i­cal­ly encrypt­ed, mean­ing any­one observ­ing an infect­ed net­work wouldn’t be able to see what exact­ly was being removed but should cer­tain­ly be able to tell some­thing was afoot, Williams added.Over­all, the method is one of “medi­um sophis­ti­ca­tion,” Williams said, one that “prac­ti­cal­ly any hack­er can pull off.”

The NSA, how­ev­er, is uncer­tain about the results of the attack, accord­ing to the report. “It is unknown,” the NSA notes, “whether the afore­men­tioned spear-phish­ing deploy­ment suc­cess­ful­ly com­pro­mised the intend­ed vic­tims, and what poten­tial data could have been accessed by the cyber actor.” . . . .

3. The con­clu­sion that Rus­sia hacked the U.S. elec­tion on Putin’s orders appears to have been based on a CIA source in the Krem­lin. Even when that intel­li­gence was deliv­ered, oth­er agen­cies weren’t ready to accept the CIA’s con­clu­sion and it took intel­li­gence from anoth­er nation (not named) to pro­vide the final intel­li­gence tip­ping point that led to a broad-based con­clu­sion the not only was the Russ­ian gov­ern­ment behind the cyber­at­tacks but that Vladimir Putin him­self ordered it.

That ally’s intel­li­gence is described as “the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia,” how­ev­er the NSA still wasn’t con­vinced based on what sounds like a lack of con­fi­dence in that source. Thus, it looks like a CIA Krem­lin source and an unnamed for­eign intel­li­gence agency with ques­tion­able cre­den­tials are the basis of what appears to be a like­ly future full-scale US/Russian cyber­war.

” . . . .Inside was an intel­li­gence bomb­shell, a report drawn from sourc­ing deep inside the Russ­ian gov­ern­ment that detailed Russ­ian Pres­i­dent Vladimir Putin’s direct involve­ment in a cyber cam­paign to dis­rupt and dis­cred­it the U.S. pres­i­den­tial race. . . .”

We are told that a CIA deep Russ­ian gov­ern­ment source is the pri­ma­ry source of the ‘Putin ordered it’ con­clu­sion. Well, at least that’s bet­ter than the bad joke tech­ni­cal evi­dence that’s been pro­vid­ed thus far. But even that source’s claims appar­ent­ly weren’t enough to con­vinced oth­er parts of the intel­li­gence com­mu­ni­ty. It took the intel­li­gence from the unnamed ally to do that:

” . . . . But it went fur­ther. The intel­li­gence cap­tured Putin’s spe­cif­ic instruc­tions on the operation’s auda­cious objec­tives — defeat or at least dam­age the Demo­c­ra­t­ic nom­i­nee, Hillary Clin­ton, and help elect her oppo­nent, Don­ald Trump.

At that point, the out­lines of the Russ­ian assault on the U.S. elec­tion were increas­ing­ly appar­ent. Hack­ers with ties to Russ­ian intel­li­gence ser­vices had been rum­mag­ing through Demo­c­ra­t­ic Par­ty com­put­er net­works, as well as some Repub­li­can sys­tems, for more than a year. In July, the FBI had opened an inves­ti­ga­tion of con­tacts between Russ­ian offi­cials and Trump asso­ciates. And on July 22, near­ly 20,000 emails stolen from the Demo­c­ra­t­ic Nation­al Com­mit­tee were dumped online by Wik­iLeaks.

But at the high­est lev­els of gov­ern­ment, among those respon­si­ble for man­ag­ing the cri­sis, the first moment of true fore­bod­ing about Russia’s inten­tions arrived with that CIA intel­li­gence.

It took time for oth­er parts of the intel­li­gence com­mu­ni­ty to endorse the CIA’s view. Only in the administration’s final weeks in office did it tell the pub­lic, in a declas­si­fied report, what offi­cials had learned from Bren­nan in August — that Putin was work­ing to elect Trump.

Despite the intel­li­gence the CIA had pro­duced, oth­er agen­cies were slow­er to endorse a con­clu­sion that Putin was per­son­al­ly direct­ing the oper­a­tion and want­ed to help Trump. “It was def­i­nite­ly com­pelling, but it was not defin­i­tive,” said one senior admin­is­tra­tion offi­cial. “We need­ed more.”

Some of the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia came from anoth­er coun­try, offi­cials said. Because of the source of the mate­r­i­al, the NSA was reluc­tant to view it with high con­fi­dence. . . .

. . . . In a sub­se­quent news con­fer­ence, Oba­ma allud­ed to the exchange and issued a veiled threat. “We’re mov­ing into a new era here where a num­ber of coun­tries have sig­nif­i­cant capac­i­ties,” he said. “Frankly, we’ve got more capac­i­ty than any­body both offen­sive­ly and defen­sive­ly.” . . . .

 

. . . . Then, on Oct. 31, the admin­is­tra­tion deliv­ered a final pre-elec­tion mes­sage via a secure chan­nel to Moscow orig­i­nal­ly cre­at­ed to avert a nuclear exchange. The mes­sage not­ed that the Unit­ed States had detect­ed mali­cious activ­i­ty, orig­i­nat­ing from servers in Rus­sia, tar­get­ing U.S. elec­tion sys­tems and warned that med­dling would be regard­ed as unac­cept­able inter­fer­ence. Rus­sia con­firmed the next day that it had received the mes­sage but replied only after the elec­tion through the same chan­nel, deny­ing the accu­sa­tion. . . . 

. . . .But Oba­ma also signed the secret find­ing, offi­cials said, autho­riz­ing a new covert pro­gram involv­ing the NSA, CIA and U.S. Cyber Com­mand. . . .

. . . . .The cyber oper­a­tion is still in its ear­ly stages and involves deploy­ing “implants” in Russ­ian net­works deemed “impor­tant to the adver­sary and that would cause them pain and dis­com­fort if they were dis­rupt­ed,” a for­mer U.S. offi­cial said.

The implants were devel­oped by the NSA and designed so that they could be trig­gered remote­ly as part of retal­ia­to­ry cyber-strike in the face of Russ­ian aggres­sion, whether an attack on a pow­er grid or inter­fer­ence in a future pres­i­den­tial race.

Offi­cials famil­iar with the mea­sures said that there was con­cern among some in the admin­is­tra­tion that the dam­age caused by the implants could be dif­fi­cult to con­tain.

As a result, the admin­is­tra­tion request­ed a legal review, which con­clud­ed that the devices could be con­trolled well enough that their deploy­ment would be con­sid­ered “pro­por­tion­al” in vary­ing sce­nar­ios of Russ­ian provo­ca­tion, a require­ment under inter­na­tion­al law.

The oper­a­tion was described as long-term, tak­ing months to posi­tion the implants and requir­ing main­te­nance there­after. Under the rules of covert action, Obama’s sig­na­ture was all that was nec­es­sary to set the oper­a­tion in motion.

U.S. intel­li­gence agen­cies do not need fur­ther approval from Trump, and offi­cials said that he would have to issue a coun­ter­mand­ing order to stop it. The offi­cials said that they have seen no indi­ca­tion that Trump has done so. . . .”

Keep in mind that such a response from the US would be entire­ly pre­dictable if the Russ­ian gov­ern­ment real­ly did order this hack. Rus­sia would be at a height­ened risk for years or decades to come if Putin real­ly did order this attack. There’s no rea­son to assume that the Russ­ian gov­ern­ment wouldn’t be well aware of this con­se­quence.

So if Putin real­ly did order this hack he would have to have gone insane. That’s how stu­pid this attack was if Putin actu­al­ly ordered it. Accord­ing to a CIA spy in the Krem­lin, along with a ques­tion­able for­eign ally, that’s exact­ly what Putin did.

He appar­ent­ly went insane and pre­emp­tive­ly launched a cyber­war know­ing full well how dev­as­tat­ing the long-term con­se­quences could be. Because he real­ly, real­ly, real­ly hates Hillary. That’s the nar­ra­tive we’re being giv­en.

And now, any future attacks on US elec­tions or the US elec­tri­cal grid that can some­how be pinned on the Rus­sians is going to trig­ger some sort of painful wave or retal­ia­to­ry cyber­bombs. Which, of course, will like­ly trig­ger a way of counter-retal­ia­to­ry cyber­bombs in the US. And a full-scale cyber­war will be born and we’ll just have to hope it stays in the cyber domain. That’s were we are now based on a CIA spy in the Krem­lin and an unnamed for­eign intel­li­gence agency

“Obama’s Secret Strug­gle to Pun­ish Rus­sia for Putin’s Elec­tion Assault” by Greg Miller, Ellen Nakashima and Adam Entous; The Wash­ing­ton Post; 06/23/2017

Ear­ly last August, an enve­lope with extra­or­di­nary han­dling restric­tions arrived at the White House. Sent by couri­er from the CIA, it car­ried “eyes only” instruc­tions that its con­tents be shown to just four peo­ple: Pres­i­dent Barack Oba­ma and three senior aides.

Inside was an intel­li­gence bomb­shell, a report drawn from sourc­ing deep inside the Russ­ian gov­ern­ment that detailed Russ­ian Pres­i­dent Vladimir Putin’s direct involve­ment in a cyber cam­paign to dis­rupt and dis­cred­it the U.S. pres­i­den­tial race.

But it went fur­ther. The intel­li­gence cap­tured Putin’s spe­cif­ic instruc­tions on the operation’s auda­cious objec­tives — defeat or at least dam­age the Demo­c­ra­t­ic nom­i­nee, Hillary Clin­ton, and help elect her oppo­nent, Don­ald Trump.

At that point, the out­lines of the Russ­ian assault on the U.S. elec­tion were increas­ing­ly appar­ent. Hack­ers with ties to Russ­ian intel­li­gence ser­vices had been rum­mag­ing through Demo­c­ra­t­ic Par­ty com­put­er net­works, as well as some Repub­li­can sys­tems, for more than a year. In July, the FBI had opened an inves­ti­ga­tion of con­tacts between Russ­ian offi­cials and Trump asso­ciates. And on July 22, near­ly 20,000 emails stolen from the Demo­c­ra­t­ic Nation­al Com­mit­tee were dumped online by Wik­iLeaks.

But at the high­est lev­els of gov­ern­ment, among those respon­si­ble for man­ag­ing the cri­sis, the first moment of true fore­bod­ing about Russia’s inten­tions arrived with that CIA intel­li­gence.

The mate­r­i­al was so sen­si­tive that CIA Direc­tor John Bren­nan kept it out of the President’s Dai­ly Brief, con­cerned that even that restrict­ed report’s dis­tri­b­u­tion was too broad. The CIA pack­age came with instruc­tions that it be returned imme­di­ate­ly after it was read. To guard against leaks, sub­se­quent meet­ings in the Sit­u­a­tion Room fol­lowed the same pro­to­cols as plan­ning ses­sions for the Osama bin Laden raid.

It took time for oth­er parts of the intel­li­gence com­mu­ni­ty to endorse the CIA’s view. Only in the administration’s final weeks in office did it tell the pub­lic, in a declas­si­fied report, what offi­cials had learned from Bren­nan in August — that Putin was work­ing to elect Trump.

Over that five-month inter­val, the Oba­ma admin­is­tra­tion secret­ly debat­ed dozens of options for deter­ring or pun­ish­ing Rus­sia, includ­ing cyber­at­tacks on Russ­ian infra­struc­ture, the release of CIA-gath­ered mate­r­i­al that might embar­rass Putin and sanc­tions that offi­cials said could “crater” the Russ­ian econ­o­my.

But in the end, in late Decem­ber, Oba­ma approveda mod­est pack­age com­bin­ing mea­sures that had been drawn up to pun­ish Rus­sia for oth­er issues — expul­sions of 35 diplo­mats and the clo­sure of two Russ­ian com­pounds — with eco­nom­ic sanc­tions so nar­row­ly tar­get­ed that even those who helped design them describe their impact as large­ly sym­bol­ic.

Oba­ma also approved a pre­vi­ous­ly undis­closed covert mea­sure that autho­rized plant­i­ng cyber weapons in Russia’s infra­struc­ture, the dig­i­tal equiv­a­lent of bombs that could be det­o­nat­ed if the Unit­ed States found itself in an esca­lat­ing exchange with Moscow. The project, which Oba­ma approved in a covert-action find­ing, was still in its plan­ning stages when Oba­ma left office. It would be up to Pres­i­dent Trump to decide whether to use the capa­bil­i­ty.

In polit­i­cal terms, Russia’s inter­fer­ence was the crime of the cen­tu­ry, an unprece­dent­ed and large­ly suc­cess­ful desta­bi­liz­ing attack on Amer­i­can democ­ra­cy. It was a case that took almost no time to solve, traced to the Krem­lin through cyber-foren­sics and intel­li­gence on Putin’s involve­ment. And yet, because of the diver­gent ways Oba­ma and Trump have han­dled the mat­ter, Moscow appears unlike­ly to face pro­por­tion­ate con­se­quences.

Those clos­est to Oba­ma defend the administration’s response to Russia’s med­dling. They note that by August it was too late to pre­vent the trans­fer to Wik­iLeaks and oth­er groups of the troves of emails that would spill out in the ensu­ing months. They believe that a series of warn­ings — includ­ing one that Oba­ma deliv­ered to Putin in Sep­tem­ber — prompt­ed Moscow to aban­don any plans of fur­ther aggres­sion, such as sab­o­tage of U.S. vot­ing sys­tems.

Denis McDo­nough, who served as Obama’s chief of staff, said that the admin­is­tra­tion regard­ed Russia’s inter­fer­ence as an attack on the “heart of our sys­tem.”

“We set out from a first-order prin­ci­ple that required us to defend the integri­ty of the vote,” McDo­nough said in an inter­view. “Impor­tant­ly, we did that. It’s also impor­tant to estab­lish what hap­pened and what they attempt­ed to do so as to ensure that we take the steps nec­es­sary to stop it from hap­pen­ing again.”

But oth­er admin­is­tra­tion offi­cials look back on the Rus­sia peri­od with remorse.

“It is the hard­est thing about my entire time in gov­ern­ment to defend,” said a for­mer senior Oba­ma admin­is­tra­tion offi­cial involved in White House delib­er­a­tions on Rus­sia. “I feel like we sort of choked.”

This account of the Oba­ma administration’s response to Russia’s inter­fer­ence is based on inter­views with more than three dozen cur­rent and for­mer U.S. offi­cials in senior posi­tions in gov­ern­ment, includ­ing at the White House, the State, Defense and Home­land Secu­ri­ty depart­ments, and U.S. intel­li­gence ser­vices. Most agreed to speak only on the con­di­tion of anonymi­ty, cit­ing the sen­si­tiv­i­ty of the issue.

The White House, the CIA, the FBI, the Nation­al Secu­ri­ty Agency and the Office of the Direc­tor of Nation­al Intel­li­gence declined to com­ment.

‘Deeply con­cerned’

The CIA break­through came at a stage of the pres­i­den­tial cam­paign when Trump had secured the GOP nom­i­na­tion but was still regard­ed as a dis­tant long shot. Clin­ton held com­fort­able leads in major polls, and Oba­ma expect­ed that he would be trans­fer­ring pow­er to some­one who had served in his Cab­i­net.

The intel­li­gence on Putin was extra­or­di­nary on mul­ti­ple lev­els, includ­ing as a feat of espi­onage.

For spy agen­cies, gain­ing insights into the inten­tions of for­eign lead­ers is among the high­est pri­or­i­ties. But Putin is a remark­ably elu­sive tar­get. A for­mer KGB offi­cer, he takes extreme pre­cau­tions to guard against sur­veil­lance, rarely com­mu­ni­cat­ing by phone or com­put­er, always run­ning sen­si­tive state busi­ness from deep with­in the con­fines of the Krem­lin.

The Wash­ing­ton Post is with­hold­ing some details of the intel­li­gence at the request of the U.S. gov­ern­ment.

In ear­ly August, Bren­nan alert­ed senior White House offi­cials to the Putin intel­li­gence, mak­ing a call to deputy nation­al secu­ri­ty advis­er Avril Haines and pulling nation­al secu­ri­ty advis­er Susan E. Rice aside after a meet­ing before brief­ing Oba­ma along with Rice, Haines and McDo­nough in the Oval Office.

Offi­cials described the president’s reac­tion as grave. Oba­ma “was deeply con­cerned and want­ed as much infor­ma­tion as fast as pos­si­ble,” a for­mer offi­cial said. “He want­ed the entire intel­li­gence com­mu­ni­ty all over this.”

Con­cerns about Russ­ian inter­fer­ence had gath­ered through­out the sum­mer.

Rus­sia experts had begun to see a trou­bling pat­tern of pro­pa­gan­da in which fic­ti­tious news sto­ries, assumed to be gen­er­at­ed by Moscow, pro­lif­er­at­ed across social-media plat­forms.

Offi­cials at the State Depart­ment and FBI became alarmed by an unusu­al spike in requests from Rus­sia for tem­po­rary visas for offi­cials with tech­ni­cal skills seek­ing per­mis­sion to enter the Unit­ed States for short-term assign­ments at Russ­ian facil­i­ties. At the FBI’s behest, the State Depart­ment delayed approv­ing the visas until after the elec­tion.

Mean­while, the FBI was track­ing a flur­ry of hack­ing activ­i­ty against U.S. polit­i­cal par­ties, think tanks and oth­er tar­gets. Rus­sia had gained entry to DNC sys­tems in the sum­mer of 2015 and spring of 2016, but the breach­es did not become pub­lic until they were dis­closed in a June 2016 report by The Post.

Even after the late-July Wik­iLeaks dump, which came on the eve of the Demo­c­ra­t­ic con­ven­tion and led to the res­ig­na­tion of Rep. Deb­bie Wasser­man Schultz (D‑Fla.) as the DNC’s chair­woman, U.S. intel­li­gence offi­cials con­tin­ued to express uncer­tain­ty about who was behind the hacks or why they were car­ried out.

At a pub­lic secu­ri­ty con­fer­ence in Aspen, Colo., in late July, Direc­tor of Nation­al Intel­li­gence James R. Clap­per Jr. not­ed that Rus­sia had a long his­to­ry of med­dling in Amer­i­can elec­tions but that U.S. spy agen­cies were not ready to “make the call on attri­bu­tion” for what was hap­pen­ing in 2016.

“We don’t know enough … to ascribe moti­va­tion,” Clap­per said. “Was this just to stir up trou­ble or was this ulti­mate­ly to try to influ­ence an elec­tion?”

Bren­nan con­vened a secret task force at CIA head­quar­ters com­posed of sev­er­al dozen ana­lysts and offi­cers from the CIA, the NSA and the FBI.

The unit func­tioned as a sealed com­part­ment, its work hid­den from the rest of the intel­li­gence com­mu­ni­ty. Those brought in signed new non-dis­clo­sure agree­ments to be grant­ed access to intel­li­gence from all three par­tic­i­pat­ing agen­cies.

They worked exclu­sive­ly for two groups of “cus­tomers,” offi­cials said. The first was Oba­ma and few­er than 14 senior offi­cials in gov­ern­ment. The sec­ond was a team of oper­a­tions spe­cial­ists at the CIA, NSA and FBI who took direc­tion from the task force on where to aim their sub­se­quent efforts to col­lect more intel­li­gence on Rus­sia.

Don’t make things worse

The secre­cy extend­ed into the White House.

Rice, Haines and White House home­land-secu­ri­ty advis­er Lisa Mona­co con­vened meet­ings in the Sit­u­a­tion Room to weigh the mount­ing evi­dence of Russ­ian inter­fer­ence and gen­er­ate options for how to respond. At first, only four senior secu­ri­ty offi­cials were allowed to attend: Bren­nan, Clap­per, Attor­ney Gen­er­al Loret­ta E. Lynch and FBI Direc­tor James B. Comey. Aides ordi­nar­i­ly allowed entry as “plus-ones” were barred.

Grad­u­al­ly, the cir­cle widened to include Vice Pres­i­dent Biden and oth­ers. Agen­das sent to Cab­i­net sec­re­taries — includ­ing John F. Ker­ry at the State Depart­ment and Ash­ton B. Carter at the Pen­ta­gon — arrived in envelopes that sub­or­di­nates were not sup­posed to open. Some­times the agen­das were with­held until par­tic­i­pants had tak­en their seats in the Sit­u­a­tion Room.

Through­out his pres­i­den­cy, Obama’s approach to nation­al secu­ri­ty chal­lenges was delib­er­ate and cau­tious. He came into office seek­ing to end wars in Iraq and Afghanistan. He was loath to act with­out sup­port from allies over­seas and firm polit­i­cal foot­ing at home. He was drawn only reluc­tant­ly into for­eign crises, such as the civ­il war in Syr­ia, that pre­sent­ed no clear exit for the Unit­ed States.

Obama’s approach often seemed reducible to a sin­gle imper­a­tive: Don’t make things worse. As brazen as the Russ­ian attacks on the elec­tion seemed, Oba­ma and his top advis­ers feared that things could get far worse.

They were con­cerned that any pre-elec­tion response could pro­voke an esca­la­tion from Putin. Moscow’s med­dling to that point was seen as deeply con­cern­ing but unlike­ly to mate­ri­al­ly affect the out­come of the elec­tion. Far more wor­ri­some to the Oba­ma team was the prospect of a cyber-assault on vot­ing sys­tems before and on Elec­tion Day.

They also wor­ried that any action they took would be per­ceived as polit­i­cal inter­fer­ence in an already volatile cam­paign. By August, Trump was pre­dict­ing that the elec­tion would be rigged. Oba­ma offi­cials feared pro­vid­ing fuel to such claims, play­ing into Russia’s efforts to dis­cred­it the out­come and poten­tial­ly con­t­a­m­i­nat­ing the expect­ed Clin­ton tri­umph.

Before depart­ing for an August vaca­tion to Martha’s Vine­yard, Oba­ma instruct­ed aides to pur­sue ways to deter Moscow and pro­ceed along three main paths: Get a high-con­fi­dence assess­ment from U.S. intel­li­gence agen­cies on Russia’s role and intent; shore up any vul­ner­a­bil­i­ties in state-run elec­tion sys­tems; and seek bipar­ti­san sup­port from con­gres­sion­al lead­ers for a state­ment con­demn­ing Moscow and urg­ing states to accept fed­er­al help.

The admin­is­tra­tion encoun­tered obsta­cles at every turn.

Despite the intel­li­gence the CIA had pro­duced, oth­er agen­cies were slow­er to endorse a con­clu­sion that Putin was per­son­al­ly direct­ing the oper­a­tion and want­ed to help Trump. “It was def­i­nite­ly com­pelling, but it was not defin­i­tive,” said one senior admin­is­tra­tion offi­cial. “We need­ed more.”

Some of the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia came from anoth­er coun­try, offi­cials said. Because of the source of the mate­r­i­al, the NSA was reluc­tant to view it with high con­fi­dence.

Bren­nan moved swift­ly to sched­ule pri­vate brief­in­gs with con­gres­sion­al lead­ers. But get­ting appoint­ments with cer­tain Repub­li­cans proved dif­fi­cult, offi­cials said, and it was not until after Labor Day that Bren­nan had reached all mem­bers of the “Gang of Eight” — the major­i­ty and minor­i­ty lead­ers of both hous­es and the chair­men and rank­ing Democ­rats on the Sen­ate and House intel­li­gence com­mit­tees.

Jeh John­son, the home­land-secu­ri­ty sec­re­tary, was respon­si­ble for find­ing out whether the gov­ern­ment could quick­ly shore up the secu­ri­ty of the nation’s archa­ic patch­work of vot­ing sys­tems. He float­ed the idea of des­ig­nat­ing state mech­a­nisms “crit­i­cal infra­struc­ture,” a label that would have enti­tled states to receive pri­or­i­ty in fed­er­al cyber­se­cu­ri­ty assis­tance, putting them on a par with U.S. defense con­trac­tors and finan­cial net­works.

On Aug. 15, John­son arranged a con­fer­ence call with dozens of state offi­cials, hop­ing to enlist their sup­port. He ran into a wall of resis­tance.

The reac­tion “ranged from neu­tral to neg­a­tive,” John­son said in con­gres­sion­al tes­ti­mo­ny Wednes­day.

Bri­an Kemp, the Repub­li­can sec­re­tary of state of Geor­gia, used the call to denounce Johnson’s pro­pos­al as an assault on state rights. “I think it was a polit­i­cal­ly cal­cu­lat­ed move by the pre­vi­ous admin­is­tra­tion,” Kemp said in a recent inter­view, adding that he remains uncon­vinced that Rus­sia waged a cam­paign to dis­rupt the 2016 race. “I don’t nec­es­sar­i­ly believe that,” he said.

Stung by the reac­tion, the White House turned to Con­gress for help, hop­ing that a bipar­ti­san appeal to states would be more effec­tive.

In ear­ly Sep­tem­ber, John­son, Comey and Mona­co arrived on Capi­tol Hill in a car­a­van of black SUVs for a meet­ing with 12 key mem­bers of Con­gress, includ­ing the lead­er­ship of both par­ties.

The meet­ing devolved into a par­ti­san squab­ble.

“The Dems were, ‘Hey, we have to tell the pub­lic,’?” recalled one par­tic­i­pant. But Repub­li­cans resist­ed, argu­ing that to warn the pub­lic that the elec­tion was under attack would fur­ther Russia’s aim of sap­ping con­fi­dence in the sys­tem.

Sen­ate Major­i­ty Leader Mitch McConnell (R‑Ky.) went fur­ther, offi­cials said, voic­ing skep­ti­cism that the under­ly­ing intel­li­gence tru­ly sup­port­ed the White House’s claims. Through a spokes­woman, McConnell declined to com­ment, cit­ing the secre­cy of that meet­ing.

Key Democ­rats were stunned by the GOP response and exas­per­at­ed that the White House seemed will­ing to let Repub­li­can oppo­si­tion block any pre-elec­tion move.

On Sept. 22, two Cal­i­for­nia Democ­rats — Sen. Dianne Fein­stein and Rep. Adam B. Schiff — did what they couldn’t get the White House to do. They issued a state­ment mak­ing clear that they had learned from intel­li­gence brief­in­gs that Rus­sia was direct­ing a cam­paign to under­mine the elec­tion, but they stopped short of say­ing to what end.

A week lat­er, McConnell and oth­er con­gres­sion­al lead­ers issued a cau­tious state­ment that encour­aged state elec­tion offi­cials to ensure their net­works were “secure from attack.” The release made no men­tion of Rus­sia and empha­sized that the law­mak­ers “would oppose any effort by the fed­er­al gov­ern­ment” to encroach on the states’ author­i­ties.

When U.S. spy agen­cies reached unan­i­mous agree­ment in late Sep­tem­ber that the inter­fer­ence was a Russ­ian oper­a­tion direct­ed by Putin, Oba­ma direct­ed spy chiefs to pre­pare a pub­lic state­ment sum­ma­riz­ing the intel­li­gence in broad strokes.

With Oba­ma still deter­mined to avoid any appear­ance of pol­i­tics, the state­ment would not car­ry his sig­na­ture.

On Oct. 7, the admin­is­tra­tion offered its first pub­lic com­ment on Russia’s “active mea­sures,” in a three-para­graph state­ment issued by John­son and Clap­per. Comey had ini­tial­ly agreed to attach his name, as well, offi­cials said, but changed his mind at the last minute, say­ing that it was too close to the elec­tion for the bureau to be involved.

“The U.S. intel­li­gence com­mu­ni­ty is con­fi­dent that the Russ­ian gov­ern­ment direct­ed the recent com­pro­mis­es of e‑mails from U.S. per­sons and insti­tu­tions, includ­ing from U.S. polit­i­cal orga­ni­za­tions,” the state­ment said. “We believe, based on the scope and sen­si­tiv­i­ty of these efforts, that only Russia’s senior-most offi­cials could have autho­rized these activ­i­ties.”

Ear­ly drafts accused Putin by name, but the ref­er­ence was removed out of con­cern that it might endan­ger intel­li­gence sources and meth­ods.

The state­ment was issued around 3:30 p.m., timed for max­i­mum media cov­er­age. Instead, it was quick­ly drowned out. At 4 p.m., The Post pub­lished a sto­ry about crude com­mentsTrump had made about women that were cap­tured on an “Access Hol­ly­wood” tape. Half an hour lat­er, Wik­iLeaks pub­lished its first batch of emails stolen from Clin­ton cam­paign chair­man John Podes­ta.

‘Ample time’ after elec­tion

The Sit­u­a­tion Room is actu­al­ly a com­plex of secure spaces in the base­ment lev­el of the West Wing. A video feed from the main room cours­es through some Nation­al Secu­ri­ty Coun­cil offices, allow­ing senior aides sit­ting at their desks to see — but not hear — when meet­ings are under­way.

As the Rus­sia-relat­ed ses­sions with Cab­i­net mem­bers began in August, the video feed was shut off. The last time that had hap­pened on a sus­tained basis, offi­cials said, was in the spring of 2011 dur­ing the run-up to the U.S. Spe­cial Oper­a­tions raid on bin Laden’s com­pound in Pak­istan.

The blacked-out screens were seen as an omi­nous sign among low­er-lev­el White House offi­cials who were large­ly kept in the dark about the Rus­sia delib­er­a­tions even as they were tasked with gen­er­at­ing options for retal­i­a­tion against Moscow.

Much of that work was led by the Cyber Response Group, an NSC unit with rep­re­sen­ta­tives from the CIA, NSA, State Depart­ment and Pen­ta­gon.

The ear­ly options they dis­cussed were ambi­tious. They looked at sec­tor­wide eco­nom­ic sanc­tions and cyber­at­tacks that would take Russ­ian net­works tem­porar­i­ly offline. One offi­cial infor­mal­ly sug­gest­ed — though nev­er for­mal­ly pro­posed — mov­ing a U.S. naval car­ri­er group into the Baltic Sea as a sym­bol of resolve.

What those low­er-lev­el offi­cials did not know was that the prin­ci­pals and their deputies had by late Sep­tem­ber all but ruled out any pre-elec­tion retal­i­a­tion against Moscow. They feared that any action would be seen as polit­i­cal and that Putin, moti­vat­ed by a seething resent­ment of Clin­ton, was pre­pared to go beyond fake news and email dumps.

The FBI had detect­ed sus­pect­ed Russ­ian attempts to pen­e­trate elec­tion sys­tems in 21 states, and at least one senior White House offi­cial assumed that Moscow would try all 50, offi­cials said. Some offi­cials believed the attempts were meant to be detect­ed to unnerve the Amer­i­cans. The patch­work nature of the Unit­ed States’ 3,000 or so vot­ing juris­dic­tions would make it hard for Rus­sia to swing the out­come, but Moscow could still sow chaos.

“We turned to oth­er sce­nar­ios” the Rus­sians might attempt, said Michael Daniel, who was cyber­se­cu­ri­ty coor­di­na­tor at the White House, “such as dis­rupt­ing the vot­er rolls, delet­ing every 10th vot­er [from reg­istries] or flip­ping two dig­its in everybody’s address.”

The White House also wor­ried that they had not yet seen the worst of Russia’s cam­paign. Wik­iLeaks and DCLeaks, a web­site set up in June 2016 by hack­ers believed to be Russ­ian oper­a­tives, already had troves of emails. But U.S. offi­cials feared that Rus­sia had more explo­sive mate­r­i­al or was will­ing to fab­ri­cate it.

“Our pri­ma­ry inter­est in August, Sep­tem­ber and Octo­ber was to pre­vent them from doing the max they could do,” said a senior admin­is­tra­tion offi­cial. “We made the judg­ment that we had ample time after the elec­tion, regard­less of out­come, for puni­tive mea­sures.”

The assump­tion that Clin­ton would win con­tributed to the lack of urgency.

Instead, the admin­is­tra­tion issued a series of warn­ings.

Bren­nan deliv­ered the first on Aug. 4 in a blunt phone call with Alexan­der Bort­nikov, the direc­tor of the FSB, Russia’s pow­er­ful secu­ri­ty ser­vice.

A month lat­er, Oba­ma con­front­ed Putin direct­ly dur­ing a meet­ing of world lead­ers in Hangzhou, Chi­na. Accom­pa­nied only by inter­preters, Oba­ma told Putin that “we knew what he was doing and [he] bet­ter stop or else,” accord­ing to a senior aide who sub­se­quent­ly spoke with Oba­ma. Putin respond­ed by demand­ing proof and accus­ing the Unit­ed States of inter­fer­ing in Russia’s inter­nal affairs.

In a sub­se­quent news con­fer­ence, Oba­ma allud­ed to the exchange and issued a veiled threat. “We’re mov­ing into a new era here where a num­ber of coun­tries have sig­nif­i­cant capac­i­ties,” he said. “Frankly, we’ve got more capac­i­ty than any­body both offen­sive­ly and defen­sive­ly.”

There were at least two oth­er warn­ings.

On Oct. 7, the day that the Clap­per-John­son state­ment was released, Rice sum­moned Russ­ian Ambas­sador Sergey Kislyak Sergey Kislyak to the White House and hand­ed him a mes­sage to relay to Putin.

Then, on Oct. 31, the admin­is­tra­tion deliv­ered a final pre-elec­tion mes­sage via a secure chan­nel to Moscow orig­i­nal­ly cre­at­ed to avert a nuclear exchange. The mes­sage not­ed that the Unit­ed States had detect­ed mali­cious activ­i­ty, orig­i­nat­ing from servers in Rus­sia, tar­get­ing U.S. elec­tion sys­tems and warned that med­dling would be regard­ed as unac­cept­able inter­fer­ence. Rus­sia con­firmed the next day that it had received the mes­sage but replied only after the elec­tion through the same chan­nel, deny­ing the accu­sa­tion.

As Elec­tion Day approached, pro­po­nents of tak­ing action against Rus­sia made final, futile appeals to Obama’s top aides: McDo­nough, Rice and Haines. Because their offices were part of a suite of spaces in the West Wing, secur­ing their sup­port on any nation­al secu­ri­ty issue came to be known as “mov­ing the suite.”

One of the last to try before the elec­tion was Ker­ry. Often per­ceived as reluc­tant to con­front Rus­sia, in part to pre­serve his attempts to nego­ti­ate a Syr­ia peace deal, Ker­ry was at crit­i­cal moments one of the lead­ing hawks.

In Octo­ber, Kerry’s top aides had pro­duced an “action memo” that includ­ed a pack­age of retal­ia­to­ry mea­sures includ­ing eco­nom­ic sanc­tions. Know­ing the White House was not will­ing to act before the elec­tion, the plan called for the mea­sures to be announced almost imme­di­ate­ly after votes had been secure­ly cast and count­ed.

Ker­ry signed the memo and urged the White House to con­vene a prin­ci­pals meet­ing to dis­cuss the plan, offi­cials said. “The response was basi­cal­ly, ‘Not now,’” one offi­cial said.

Elec­tion Day arrived with­out penal­ty for Moscow.

A U.S. cyber-weapon

The most dif­fi­cult mea­sure to eval­u­ate is one that Oba­ma allud­ed to in only the most oblique fash­ion when announc­ing the U.S. response.

“We will con­tin­ue to take a vari­ety of actions at a time and place of our choos­ing, some of which will not be pub­li­cized,” he said in a state­ment released by the White House.

He was refer­ring, in part, to a cyber oper­a­tion that was designed to be detect­ed by Moscow but not cause sig­nif­i­cant dam­age, offi­cials said. The oper­a­tion, which entailed implant­i­ng com­put­er code in sen­si­tive com­put­er sys­tems that Rus­sia was bound to find, served only as a reminder to Moscow of the Unit­ed States’ cyber reach.

But Oba­ma also signed the secret find­ing, offi­cials said, autho­riz­ing a new covert pro­gram involv­ing the NSA, CIA and U.S. Cyber Com­mand.

Oba­ma declined to com­ment for this arti­cle, but a spokesman issued a state­ment: “This sit­u­a­tion was tak­en extreme­ly seri­ous­ly, as is evi­dent by Pres­i­dent Oba­ma rais­ing this issue direct­ly with Pres­i­dent Putin; 17 intel­li­gence agen­cies issu­ing an extra­or­di­nary pub­lic state­ment; our home­land secu­ri­ty offi­cials work­ing relent­less­ly to bol­ster the cyber defens­es of vot­ing infra­struc­ture around the coun­try; the Pres­i­dent direct­ing a com­pre­hen­sive intel­li­gence review, and ulti­mate­ly issu­ing a robust response includ­ing shut­ting down two Russ­ian com­pounds, sanc­tion­ing nine Russ­ian enti­ties and indi­vid­u­als, and eject­ing 35 Russ­ian diplo­mats from the coun­try.”

The cyber oper­a­tion is still in its ear­ly stages and involves deploy­ing “implants” in Russ­ian net­works deemed “impor­tant to the adver­sary and that would cause them pain and dis­com­fort if they were dis­rupt­ed,” a for­mer U.S. offi­cial said.

The implants were devel­oped by the NSA and designed so that they could be trig­gered remote­ly as part of retal­ia­to­ry cyber-strike in the face of Russ­ian aggres­sion, whether an attack on a pow­er grid or inter­fer­ence in a future pres­i­den­tial race.

Offi­cials famil­iar with the mea­sures said that there was con­cern among some in the admin­is­tra­tion that the dam­age caused by the implants could be dif­fi­cult to con­tain.

As a result, the admin­is­tra­tion request­ed a legal review, which con­clud­ed that the devices could be con­trolled well enough that their deploy­ment would be con­sid­ered “pro­por­tion­al” in vary­ing sce­nar­ios of Russ­ian provo­ca­tion, a require­ment under inter­na­tion­al law.

The oper­a­tion was described as long-term, tak­ing months to posi­tion the implants and requir­ing main­te­nance there­after. Under the rules of covert action, Obama’s sig­na­ture was all that was nec­es­sary to set the oper­a­tion in motion.

U.S. intel­li­gence agen­cies do not need fur­ther approval from Trump, and offi­cials said that he would have to issue a coun­ter­mand­ing order to stop it. The offi­cials said that they have seen no indi­ca­tion that Trump has done so.

———-

4a. Well look at that: As inves­ti­ga­tors explore the more than three dozen com­pa­nies and indi­vid­u­als that Michael Fly­nn worked for – as a con­sul­tant, advis­er, board mem­ber, or speak­er – while advis­ing the Trump cam­paign last year. And two of those enti­ties are rais­ing some extra eye­brows. Fly­nn was an advi­so­ry board mem­ber of Lux­em­bourg-based OSY Tech­nolo­gies and con­sult­ed for the US-based pri­vate equi­ty firm Fran­cis­co Part­ners. What’s so ques­tion­able about these enti­ties? Well, Fran­cis­co Part­ners owns NSO Group – a secre­tive Israel-based cyber­weapons deal­er that sells advanced hack­ing tools to gov­ern­ments around the world – and OSY Tech­nolo­gies is an NSO Group off­shoot. Fly­nn joined OSY in May of last year Yep, Michael Fly­nn worked for both the own­er of an advanced cyber­weapons deal­er and one of its off­shoots through­out the 2016 cam­paign.

“The month before Fly­nn joined the advi­so­ry board of OSY Tech­nolo­gies, NSO Group opened up a new arm called West­Bridge Tech­nolo­gies, Inc., in the D.C. region. (The com­pa­ny was orig­i­nal­ly reg­is­tered in Delaware in 2014, but formed in Mary­land in April 2016.) Led by NSO Group co-founder Lavie, West­Bridge is vying for fed­er­al gov­ern­ment con­tracts for NSO Group’s prod­ucts. Hir­ing Fly­nn would pro­vide NSO Group with a well-con­nect­ed fig­ure in Wash­ing­ton, to help get its foot in the door of the noto­ri­ous­ly insu­lar world of secret intel­li­gence bud­get­ing.

Yep, not only was Fly­nn work­ing for NSO Group’s OSY Tech­nolo­gies and its own­ers at Fran­cis­co Part­ners, but NSO Group was also ini­ti­at­ing plans to get more US gov­ern­ment contracts…something that would pre­sum­ably be much like­li­er to hap­pen if Don­ald Trump won the White House and brought Fly­nn into the gov­ern­ment.

And note how NSO Group wasn’t the only cyber­se­cu­ri­ty firm Fly­nn was work­ing for:
“ . . . .When you’re try­ing to build up your busi­ness, you need some­one who has con­nec­tions, some­one who is seen as an author­i­ty and a legit­i­mate pres­ence,” John­son said. Hir­ing some­one with Flynn’s back­ground in intel­li­gence would “open up doors that they wouldn’t have had access to,” John­son said.

Through­out 2016, Fly­nn worked for a num­ber of cyber­se­cu­ri­ty firms per­son­al­ly and through his con­sult­ing firm, Fly­nn Intel Group. In addi­tion to his advi­so­ry board seat at OSY Tech­nolo­gies, he sat on the board of Adobe Sys­tems, a large soft­ware com­pa­ny with Pen­ta­gon con­tracts, and the boards of the cyber­se­cu­ri­ty com­pa­nies Green­Zone Sys­tems and HALO Pri­va­cy. (Though Fly­nn described him­self as an Adobe advi­so­ry board mem­ber in his finan­cial dis­clo­sure paper­work, the group said in a state­ment that he pro­vid­ed only “peri­od­ic coun­sel to Adobe’s pub­lic sec­tor team.”) . . .”

In terms of assess­ing the sig­nif­i­cance of these busi­ness rela­tion­ships, on the one hand, cyber­se­cu­ri­ty is one of the areas where one should expect the for­mer head of the US Defense Intel­li­gence Agency to go into after leav­ing gov­ern­ment. On the oth­er hand, we have just been told about the most hack-inten­sive US cam­paign in his­to­ry and all the hack­ing was done in favor of Don­ald Trump. It is dif­fi­cult to shake the notion that one or more of these firms may have been involved in one of the high-pro­file hacks.

Due to the rel­a­tive lack of sophis­ti­ca­tion required to car­ry­ing out a spear-phish­ing – the method behind both the DNC serv­er hack and Podesta’s emails and, alleged­ly, the attempts to hack 39 state elec­tion sys­tems a week before the elec­tion – it real­ly is the case that almost any­one could have pulled these hacks off if they had ade­quate hack­ing skills and want­ed to hide their tracks and make it look like ‘the Rus­sians’ did it. And the NSO Group’s soft­ware spe­cial­izes in cre­ate spear-phish­ing cam­paigns designed to trick peo­ple into click­ing on the bad links using a vari­ety of dif­fer­ent tricks and insert spy­ing mal­ware in the vic­tims’ sys­tems:

“Michael Fly­nn Worked With For­eign Cyber­weapons Group That Sold Spy­ware Used Against Polit­i­cal Dis­si­dents” by Paul Blu­men­thal, Jes­si­ca Schul­berg; The Huff­in­g­ton Post; 06/19/2017

While serv­ing as a top cam­paign aide to Don­ald Trump, for­mer nation­al secu­ri­ty advis­er Michael Fly­nn made tens of thou­sands of dol­lars on the side advis­ing a com­pa­ny that sold sur­veil­lance tech­nol­o­gy that repres­sive gov­ern­ments used to mon­i­tor activists and jour­nal­ists.

Fly­nn, who resigned in Feb­ru­ary after mis­char­ac­ter­iz­ing his con­ver­sa­tions with the Russ­ian ambas­sador to the U.S., has already come under scruti­ny for tak­ing mon­ey from for­eign out­fits. Fed­er­al inves­ti­ga­tors began prob­ing Flynn’s lob­by­ing effortson behalf of a Dutch com­pa­ny led by a busi­ness­man with ties to the Turk­ish gov­ern­ment ear­li­er this year. Flynn’s moon­light­ing wasn’t typ­i­cal: Most peo­ple at the top lev­el of major pres­i­den­tial cam­paigns do not simul­ta­ne­ous­ly lob­by for any enti­ty, espe­cial­ly not for­eign gov­ern­ments. It’s also unusu­al for for­mer U.S. intel­li­gence offi­cials to work with for­eign cyber­se­cu­ri­ty out­fits.

Nor was Flynn’s work with for­eign enti­ties while he was advis­ing Trump lim­it­ed to his Ankara deal. He earned near­ly $1.5 mil­lion last year as a con­sul­tant, advis­er, board mem­ber, or speak­er for more than three dozen com­pa­nies and indi­vid­u­als, accord­ing to finan­cial dis­clo­sure forms released ear­li­er this year.

Two of those enti­ties are direct­ly linked to NSO Group, a secre­tive Israeli cyber­weapons deal­er found­ed by Omri Lavie and Shalev Hulio, who are rumoredto have served in Unit 8200, the Israeli equiv­a­lent of the Nation­al Secu­ri­ty Agency.

Fly­nn received $40,280 last year as an advi­so­ry board mem­ber for OSY Tech­nolo­gies, an NSO Group off­shoot based in Lux­em­bourg, a favorite tax haven for major cor­po­ra­tions. OSY Tech­nolo­gies is part of a cor­po­rate struc­ture that runs from Israel, where NSO Group is locat­ed, through Lux­em­bourg, the Cay­man Islands, the British Vir­gin Islands, and the U.S.

Fly­nn also worked as a con­sul­tant last year for Fran­cis­co Part­ners, a U.S.-based pri­vate equi­ty firm that owns NSO Group, but he did not dis­close how much he was paid. At least two Fran­cis­co Part­ners exec­u­tives have sat on OSY’s board.

Flynn’s finan­cial dis­clo­sure forms do not spec­i­fy the work he did for com­pa­nies linked to NSO Group, and his lawyer did not respond to requests for com­ment. For­mer col­leagues at Flynn’s con­sult­ing firm declined to dis­cuss Flynn’s work with NSO Group. Exec­u­tives at Fran­cis­co Part­ners who also sit on the OSY Tech­nolo­gies board did not respond to emails. Lavie, the NSO Group co-founder, told Huff­Post he is “not inter­est­ed in speak­ing to the press” and referred ques­tions to a spokesman, who did not respond to queries.

Many gov­ern­ment and mil­i­tary offi­cials have moved through the revolv­ing door between gov­ern­ment agen­cies and pri­vate cyber­se­cu­ri­ty com­pa­nies. The major play­ers in the cyber­se­cu­ri­ty con­tract­ing world – SAIC, Booz Allen Hamil­ton, CACI Fed­er­al and KeyW Cor­po­ra­tion – all have for­mer top gov­ern­ment offi­cials in lead­er­ship roles or on their boards, or have for­mer top exec­u­tives work­ing in gov­ern­ment.

But it’s less com­mon for for­mer U.S. intel­li­gence offi­cials to work with for­eign cyber­se­cu­ri­ty out­fits. “There is a lot of oppor­tu­ni­ty in the U.S. to do this kind of work,” said Ben John­son, a for­mer NSA employ­ee and the co-founder of Obsid­i­an Secu­ri­ty. “It’s a lit­tle bit unex­pect­ed going over­seas, espe­cial­ly when you com­bine that with the fact that they’re doing things that might end up in hands of ene­mies of the U.S. gov­ern­ment. It does seem ques­tion­able.”

What is clear is that dur­ing the time Fly­nn was work­ing for NSO’s Lux­em­bourg affil­i­ate, one of the company’s main prod­ucts — a spy soft­ware sold exclu­sive­ly to gov­ern­ments and mar­ket­ed as a tool for law enforce­ment offi­cials to mon­i­tor sus­pect­ed crim­i­nals and ter­ror­ists — was being used to sur­veil polit­i­cal dis­si­dents, reporters, activists, and gov­ern­ment offi­cials. The soft­ware, called Pega­sus, allowed users to remote­ly break into a target’s cel­lu­lar phone if the tar­get respond­ed to a text mes­sage.

Last year, sev­er­al peo­ple tar­get­ed by the spy­ware con­tact­ed Cit­i­zen Lab, a cyber­se­cu­ri­ty research team based out of the Uni­ver­si­ty of Toron­to. With the help of experts at the com­put­er secu­ri­ty firm Look­out, Cit­i­zen Lab researchers were able to trace the spy­ware hid­den in the texts back to NSO Group spy­ware. After Cit­i­zen Lab pub­li­cized its find­ings, Apple intro­duced patch­es to fix the vul­ner­a­bil­i­ty. It is not known how many activists in oth­er coun­tries were tar­get­ed and failed to report it to experts.

NSO Group toldForbes in a state­ment last year that it com­plies with strict export con­trol laws and only sells to autho­rized gov­ern­ment agen­cies. “The com­pa­ny does NOT oper­ate any of its sys­tems; it is strict­ly a tech­nol­o­gy com­pa­ny,” NSO Group told Forbes.

But once a sale is com­plete, for­eign gov­ern­ments are free to do what they like with the tech­nol­o­gy.

“The gov­ern­ment buys [the tech­nol­o­gy] and can use it how­ev­er they want,” Bill Mar­czak, one of the Cit­i­zen Lab researchers, told Huff­Post. “They’re basi­cal­ly dig­i­tal arms mer­chants.”

The month before Fly­nn joined the advi­so­ry board of OSY Tech­nolo­gies, NSO Group opened up a new arm called West­Bridge Tech­nolo­gies, Inc., in the D.C. region. (The com­pa­ny was orig­i­nal­ly reg­is­tered in Delaware in 2014, but formed in Mary­land in April 2016.) Led by NSO Group co-founder Lavie, West­Bridge is vying for fed­er­al gov­ern­ment con­tracts for NSO Group’s prod­ucts. Hir­ing Fly­nn would pro­vide NSO Group with a well-con­nect­ed fig­ure in Wash­ing­ton, to help get its foot in the door of the noto­ri­ous­ly insu­lar world of secret intel­li­gence bud­get­ing.

“When you’re try­ing to build up your busi­ness, you need some­one who has con­nec­tions, some­one who is seen as an author­i­ty and a legit­i­mate pres­ence,” John­son said. Hir­ing some­one with Flynn’s back­ground in intel­li­gence would “open up doors that they wouldn’t have had access to,” John­son said.

Through­out 2016, Fly­nn worked for a num­ber of cyber­se­cu­ri­ty firms per­son­al­ly and through his con­sult­ing firm, Fly­nn Intel GroupIn addi­tion to his advi­so­ry board seat at OSY Tech­nolo­gies, he sat on the board of Adobe Sys­tems, a large soft­ware com­pa­ny with Pen­ta­gon con­tracts, and the boards of the cyber­se­cu­ri­ty com­pa­nies Green­Zone Sys­tems and HALO Pri­va­cy. (Though Fly­nn described him­self as an Adobe advi­so­ry board mem­ber in his finan­cial dis­clo­sure paper­work, the group said in a state­ment that he pro­vid­ed only “peri­od­ic coun­sel to Adobe’s pub­lic sec­tor team.”)

Promi­nent human rights activists and polit­i­cal dis­si­dents have report­ed being tar­get­ed by NSO’s tech­nol­o­gy. On August 10, 2016, Ahmed Man­soor, an inter­na­tion­al­ly rec­og­nized Emi­rati human rights activist, received a text mes­sage prompt­ing him to click a link to read “new secrets” about detainees abused in UAE pris­ons. He got a sim­i­lar text the next day. But Man­soor, who had already been repeat­ed­ly tar­get­ed by hack­ers, knew bet­ter than to click the links. Instead, he for­ward­ed the mes­sages to Cit­i­zen Lab.

Cit­i­zen Lab soon deter­mined that NSO Group’s mal­ware exploit­ed an undis­closed mobile phone vul­ner­a­bil­i­ty, known as a zero-day exploit, that enabled its cus­tomers – that is, for­eign gov­ern­ments – to sur­veil a target’s phone after the tar­get clicked the link includ­ed in the phish­ing text mes­sage. If Man­soor had clicked that link, his “phone would have become a dig­i­tal spy in his pock­et, capa­ble of employ­ing his phone cam­era and micro­phone to snoop on activ­i­ty in the vicin­i­ty of the device, record­ing his What­sApp and Viber calls, log­ging mes­sages sent in mobile chat apps, and track­ing his move­ments,” Cit­i­zen Lab wrote in a report.

Across the globe in Mex­i­co, where Coca-Cola and Pep­si­Co were work­ing to repeal a tax on sodas imposed in 2014, two activists and a gov­ern­ment-employed sci­en­tist, all of whom sup­port­ed the soda tax, received a series of sus­pi­cious text mes­sages. The texts, which became increas­ing­ly aggres­sive and threat­en­ing, came as the sci­en­tist and the activists were prepar­ing a pub­lic rela­tions cam­paign in sup­port of rais­ing the soda tax and pro­mot­ing aware­ness of the health risks linked to sug­ary bev­er­ages.

Dr. Simón Bar­quera, researcher at Mexico’s Nation­al Insti­tute for Pub­lic Health, received a text on July 11, 2016, invit­ing him to click a link the sender said would lead him to a detailed inves­ti­ga­tion of his clin­ic. When Bar­quera didn’t fol­low through, the texts esca­lat­ed. On the 12th, he got a text with a link to a pur­port­ed court doc­u­ment, which the sender claimed men­tioned Bar­quera by name. On the 13th, yet anoth­er text includ­ed a link that sup­pos­ed­ly con­tained infor­ma­tion about a funer­al. The day after that, the sender wrote, “You are an ass­hole Simon, while you are work­ing I’m fuc king your old lady here is a pho­to.” The final text Bar­quera received in August said that his daugh­ter was in “grave con­di­tion” after an acci­dent, and includ­ed a link that would sup­pos­ed­ly tell him where she was being treat­ed.

Ale­jan­dro Calvil­lo, direc­tor of the con­sumer rights non­prof­it El Poder del Con­sum­i­dor, received a text with a link claim­ing to be from a man who want­ed to know if Calvil­lo could attend the man’s father’s funer­al. Anoth­er text sent to Calvil­lo includ­ed a link that the sender said was a viral news sto­ry that men­tioned him. The final tar­get, Luis Encar­nación, a coor­di­na­tor for the obe­si­ty pre­ven­tion group Coa­li­cion Con­traPE­SO, also received a text with a link claim­ing that he was named in a news arti­cle.

The tar­gets quick­ly got in touch with Cit­i­zen Lab and for­ward­ed their text mes­sages to the researchers. In Feb­ru­ary 2017, Cit­i­zen Lab released a new report link­ing NSO Group’s tech­nol­o­gy to the phish­ing attempts tar­get­ing the pro-soda tax cam­paign­ers.

Cit­i­zen Lab researchers have also iden­ti­fied texts sent last sum­mer to Mex­i­can jour­nal­ist Rafael Cabr­era that they believe were an attempt to infect his phone with NSO Group’s Pega­sus spy­ware. Cabr­era, who now works for Buz­zFeed Mex­i­co, was tar­get­ed by hack­ers after he broke a sto­ry reveal­ing a poten­tial con­flict of inter­est with the Mex­i­can first fam­i­ly and a Chi­nese com­pa­ny.

Cit­i­zen Lab believes NSO Group may have also sold its mobile phone spy­ing tech­nol­o­gy to many gov­ern­ments, includ­ing those of Kenya, Mozam­bique, Yemen, Qatar, Turkey, Sau­di Ara­bia, Uzbek­istan, Thai­land, Moroc­co, Hun­gary, Nige­ria and Bahrain.

Work­ing with repres­sive regimes is stan­dard prac­tice in the cyber­weapons indus­try. The Ital­ian sur­veil­lance mal­ware firm Hack­ing Team has worked with dozens of coun­tries known to jail dis­si­dents, accord­ing to emails uploaded to Wik­iLeaks. The FBI and the Drug Enforce­ment Agencywere among the company’s cus­tomers, accord­ing to the doc­u­ments.

Despite recent scruti­ny over Mansoor’s case, NSO Group’s val­ue has explod­ed in recent years. Fran­cis­co Part­ners bought the cyber­weapons deal­er in 2014 for $120 mil­lion. It is now report­ed­ly val­ued at over $1 bil­lion. . . .

4b. Due to the rel­a­tive lack of sophis­ti­ca­tion required to car­ry­ing out a spear-phish­ing – the method behind both the DNC serv­er hack and Podesta’s emails and, alleged­ly, the attempts to hack 39 state elec­tion sys­tems a week before the elec­tion – almost any­one could have pulled these hacks off if they had ade­quate hack­ing skills, hid­ing their tracks and mak­ing appear as though “the Rus­sians” did it. The NSO Group’s soft­ware spe­cial­izes in cre­ate spear-phish­ing cam­paigns designed to trick peo­ple into click­ing on the bad links using a vari­ety of dif­fer­ent tricks and insert spy­ing mal­ware in the vic­tims’ sys­tems. Their spear-phish­ing method­ol­o­gy is sophis­ti­cat­ed.

“. . . . Increas­ing­ly, gov­ern­ments have found that the only way to mon­i­tor mobile phones is by using pri­vate busi­ness­es like the NSO Group that exploit lit­tle-known vul­ner­a­bil­i­ties in smart­phone soft­ware. The com­pa­ny has, at times, oper­at­ed its busi­ness­es under dif­fer­ent names. One of them, OSY Tech­nolo­gies, paid Michael T. Fly­nn, Pres­i­dent Trump’s for­mer nation­al secu­ri­ty advis­er, more than $40,000to be an advi­so­ry board mem­ber from May 2016 until Jan­u­ary, accord­ing to his pub­lic finan­cial dis­clo­sures. . . .”

Note how even when a phone is known to be hacked by some­one using the NSO Group mal­ware after a suc­cess­ful spear-phish­ing attempt, there’s still no way to know which NSO Group client did it. Even NSO Group claims it can’t deter­mine who did it:

“. . . .The Mex­i­can government’s deploy­ment of spy­ware has come under sus­pi­cion before, includ­ing hack­ing attempts on polit­i­cal oppo­nents and activists fight­ing cor­po­rate inter­ests in Mex­i­co.

Still, there is no iron­clad proof that the Mex­i­can gov­ern­ment is respon­si­ble. The Pega­sus soft­ware does not leave behind the hacker’s indi­vid­ual fin­ger­prints. Even the soft­ware mak­er, the NSO Group, says it can­not deter­mine who, exact­ly, is behind spe­cif­ic hack­ing attempts.

But cyber­ex­perts can ver­i­fy when the soft­ware has been used on a target’s phone, leav­ing them with few doubts that the Mex­i­can gov­ern­ment, or some rogue actor with­in it, was involved.

‘This is pret­ty much as good as it gets,’ said Bill Mar­czak, anoth­er senior researcher at Cit­i­zen Lab, who con­firmed the pres­ence of NSO code on sev­er­al phones belong­ing to Mex­i­can jour­nal­ists and activists.

More­over, it is extreme­ly unlike­ly that cyber­crim­i­nals some­how got their hands on the soft­ware, the NSO Group says, because the tech­nol­o­gy can be used only by the gov­ern­ment agency where it is installed. . . .”

Yet for the DNC/Podesta hacks, which were also spear-phish­ing cam­paigns but against tar­gets with a wide vari­ety of poten­tial ene­mies across the globe, the pri­ma­ry evi­dence we’re giv­en that the Russ­ian gov­ern­ment was real­ly behind the hacks was the amaz­ing­ly slop­py hack­er ‘mis­takes’ like Cyril­lic char­ac­ters in the hacked doc­u­ment meta-data and leav­ing the Bit­ly accounts they were using to cre­ate the links used in the spear-phish­ing emails pub­lic so Cyber-secu­ri­ty researchers could watch their entire hack­ing cam­paign list of tar­gets. In oth­er words, ‘evi­dence’ that could have eas­i­ly be left to be found.

All of this adds to the mys­tery of Michael Fly­nn and the poten­tial role he played in the Trump cam­paign: The for­mer head of the US military’s spy agency worked for a com­pa­ny that makes advanced soft­ware designed to first con­duct a suc­cess­ful spear-phish­ing cam­paign and then gives the vic­tim NSO Group’s spe­cial spy­ing mal­ware, the same kind of cam­paign that attacked the DNC, John Podes­ta, and the 39 state elec­tion sys­tems.

Yet almost no one seems to raise the ques­tion as to whether or not Fly­nn and his deep ties to the hack­ing world could have had any­thing to do with those high-pro­file hacks. Only con­sid­er­a­tion of Russ­ian hack­ers is allowed. It’s a pret­ty mys­te­ri­ous mys­tery, although per­haps not as mys­te­ri­ous as the inves­ti­ga­tion.

“Using Texts as Lures, Gov­ern­ment Spy­ware Tar­gets Mex­i­can Jour­nal­ists and Their Fam­i­lies” by Azam Ahmed and Nicole Perl­roth; The New York Times; 06/19/2017

 Mexico’s most promi­nent human rights lawyers, jour­nal­ists and anti-cor­rup­tion activists have been tar­get­ed by advanced spy­ware sold to the Mex­i­can gov­ern­ment on the con­di­tion that it be used only to inves­ti­gate crim­i­nals and ter­ror­ists.

The tar­gets include lawyers look­ing into the mass dis­ap­pear­ance of 43 stu­dents, a high­ly respect­ed aca­d­e­m­ic who helped write anti-cor­rup­tion leg­is­la­tion, two of Mexico’s most influ­en­tial jour­nal­ists and an Amer­i­can rep­re­sent­ing vic­tims of sex­u­al abuse by the police. The spy­ing even swept up fam­i­ly mem­bers, includ­ing a teenage boy.

Since 2011, at least three Mex­i­can fed­er­al agen­cies have pur­chased about $80 mil­lion worth of spy­ware cre­at­ed by an Israeli cyber­arms man­u­fac­tur­er. The soft­ware, known as Pega­sus, infil­trates smart­phones to mon­i­tor every detail of a person’s cel­lu­lar life — calls, texts, email, con­tacts and cal­en­dars. It can even use the micro­phone and cam­era on phones for sur­veil­lance, turn­ing a target’s smart­phone into a per­son­al bug.

The com­pa­ny that makes the soft­ware, the NSO Group, says it sells the tool exclu­sive­ly to gov­ern­ments, with an explic­it agree­ment that it be used only to bat­tle ter­ror­ists or the drug car­tels and crim­i­nal groups that have long kid­napped and killed Mex­i­cans.

But accord­ing to dozens of mes­sages exam­ined by The New York Times and inde­pen­dent foren­sic ana­lysts, the soft­ware has been used against some of the government’s most out­spo­ken crit­ics and their fam­i­lies, in what many view as an unprece­dent­ed effort to thwart the fight against the cor­rup­tion infect­ing every limb of Mex­i­can soci­ety.

“We are the new ene­mies of the state,” said Juan E. Par­di­nas, the gen­er­al direc­tor of the Mex­i­can Insti­tute for Com­pet­i­tive­ness, who has pushed anti-cor­rup­tion leg­is­la­tion. His iPhone, along with his wife’s, was tar­get­ed by the soft­ware, accord­ing to an inde­pen­dent analy­sis. “Ours is a soci­ety where democ­ra­cy has been erod­ed,” he said.

The deploy­ment of sophis­ti­cat­ed cyber­weapon­ry against cit­i­zens is a snap­shot of the strug­gle for Mex­i­co itself, rais­ing pro­found legal and eth­i­cal ques­tions for a gov­ern­ment already fac­ing severe crit­i­cismfor its human rights record. Under Mex­i­can law, only a fed­er­al judge can autho­rize the sur­veil­lance of pri­vate com­mu­ni­ca­tions, and only when offi­cials can demon­strate a sound basis for the request.

It is high­ly unlike­ly that the gov­ern­ment received judi­cial approval to hack the phones, accord­ing to sev­er­al for­mer Mex­i­can intel­li­gence offi­cials. Instead, they said, ille­gal sur­veil­lance is stan­dard prac­tice.

“Mex­i­can secu­ri­ty agen­cies wouldn’t ask for a court order, because they know they wouldn’t get one,” said Eduar­do Guer­rero, a for­mer ana­lyst at the Cen­ter for Inves­ti­ga­tion and Nation­al Secu­ri­ty, Mexico’s intel­li­gence agency and one of the gov­ern­ment agen­cies that use the Pega­sus spy­ware. “I mean, how could a judge autho­rize sur­veil­lance of some­one ded­i­cat­ed to the pro­tec­tion of human rights?”

“There, of course, is no basis for that inter­ven­tion, but that is besides the point,” he added. “No one in Mex­i­co ever asks for per­mis­sion to do so.”

The hack­ing attempts were high­ly per­son­al­ized, strik­ing crit­ics with mes­sages designed to inspire fear — and get them to click on a link that would pro­vide unfet­tered access to their cell­phones.

Car­men Aris­tegui, one of Mexico’s most famous jour­nal­ists, was tar­get­ed by a spy­ware oper­a­tor pos­ing as the Unit­ed States Embassy in Mex­i­co, instruct­ing her to click on a link to resolve an issue with her visa. The wife of Mr. Par­di­nas, the anti-cor­rup­tion activist, was tar­get­ed with a mes­sage claim­ing to offer proof that he was hav­ing an extra­mar­i­tal affair.

For oth­ers, immi­nent dan­ger was the entry point, like a mes­sage warn­ing that a truck filled with armed men was parked out­side Mr. Pardinas’s home.

“I think that any com­pa­ny that sells a prod­uct like this to a gov­ern­ment would be hor­ri­fied by the tar­gets, of course, which don’t seem to fall into the tra­di­tion­al role of crim­i­nal­i­ty,” said John Scott-Rail­ton, a senior researcher at Cit­i­zen Lab at the Munk School of Glob­al Affairs at the Uni­ver­si­ty of Toron­to, which exam­ined the hack­ing attempts.

The Mex­i­can gov­ern­ment acknowl­edges gath­er­ing intel­li­gence against legit­i­mate sus­pects in accor­dance with the law. “As in any demo­c­ra­t­ic gov­ern­ment, to com­bat crime and threats against nation­al secu­ri­ty the Mex­i­can gov­ern­ment car­ries out intel­li­gence oper­a­tions,” it said in a state­ment.

But the gov­ern­ment “cat­e­gor­i­cal­ly denies that any of its mem­bers engages in sur­veil­lance or com­mu­ni­ca­tions oper­a­tions against defend­ers of human rights, jour­nal­ists, anti-cor­rup­tion activists or any oth­er per­son with­out pri­or judi­cial autho­riza­tion.”

The Mex­i­can government’s deploy­ment of spy­ware has come under sus­pi­cion before, includ­ing hack­ing attempts on polit­i­cal oppo­nents and activists fight­ing cor­po­rate inter­ests in Mex­i­co.

Still, there is no iron­clad proof that the Mex­i­can gov­ern­ment is respon­si­ble. The Pega­sus soft­ware does not leave behind the hacker’s indi­vid­ual fin­ger­prints. Even the soft­ware mak­er, the NSO Group, says it can­not deter­mine who, exact­ly, is behind spe­cif­ic hack­ing attempts.

But cyber­ex­perts can ver­i­fy when the soft­ware has been used on a target’s phone, leav­ing them with few doubts that the Mex­i­can gov­ern­ment, or some rogue actor with­in it, was involved.

“This is pret­ty much as good as it gets,” said Bill Mar­czak, anoth­er senior researcher at Cit­i­zen Lab, who con­firmed the pres­ence of NSO code on sev­er­al phones belong­ing to Mex­i­can jour­nal­ists and activists.

More­over, it is extreme­ly unlike­ly that cyber­crim­i­nals some­how got their hands on the soft­ware, the NSO Group says, because the tech­nol­o­gy can be used only by the gov­ern­ment agency where it is installed.

The com­pa­ny is part of a grow­ing num­ber of dig­i­tal spy­ing busi­ness­es that oper­ate in a loose­ly reg­u­lat­ed space. The mar­ket has picked up in recent years, par­tic­u­lar­ly as com­pa­nies like Apple and Face­book start encrypt­ing their cus­tomers’ com­mu­ni­ca­tions, mak­ing it hard­er for gov­ern­ment agen­cies to con­duct sur­veil­lance.

Increas­ing­ly, gov­ern­ments have found that the only way to mon­i­tor mobile phones is by using pri­vate busi­ness­es like the NSO Group that exploit lit­tle-known vul­ner­a­bil­i­ties in smart­phone soft­ware. The com­pa­ny has, at times, oper­at­ed its busi­ness­es under dif­fer­ent names. One of them, OSY Tech­nolo­gies, paid Michael T. Fly­nn, Pres­i­dent Trump’s for­mer nation­al secu­ri­ty advis­er, more than $40,000 to be an advi­so­ry board mem­ber from May 2016 until Jan­u­ary, accord­ing to his pub­lic finan­cial dis­clo­sures.

Before sell­ing to gov­ern­ments, the NSO Group says, it vets their human rights records. But once the com­pa­ny licens­es the soft­ware and installs its hard­ware inside intel­li­gence and law enforce­ment agen­cies, the com­pa­ny says, it has no way of know­ing how its spy tools are used — or whom they are used against.

The com­pa­ny sim­ply bills gov­ern­ments based on the total num­ber of sur­veil­lance tar­gets. To spy on 10 iPhone users, for exam­ple, the com­pa­ny charges $650,000 on top of a flat $500,000 instal­la­tion fee, accord­ing to NSO mar­ket­ing pro­pos­als reviewed by The New York Times.

Even when the NSO Group learns that its soft­ware has been abused, there is only so much it can do, the com­pa­ny says, argu­ing that it can­not sim­ply march into intel­li­gence agen­cies, remove its hard­ware and take back its spy­ware.

“When you’re sell­ing AK-47s, you can’t con­trol how they’ll be used once they leave the load­ing docks,” said Kevin Mahaf­fey, chief tech­nol­o­gy offi­cer at Look­out, a mobile secu­ri­ty com­pa­ny.

Rather, the NSO Group relies on its cus­tomers to coop­er­ate in a review, then turns over the find­ings to the appro­pri­ate gov­ern­men­tal author­i­ty — in effect, leav­ing gov­ern­ments to police them­selves.

Typ­i­cal­ly, the company’s only recourse is to slow­ly cut off a government’s access to the spy tools over the course of months, or even years, by ceas­ing to pro­vide new soft­ware patch­es, fea­tures and updates. But in the case of Mex­i­co, the NSO Group has not con­demned or even acknowl­edged any abuse, despite repeat­ed evi­dence that its spy tools have been deployed against ordi­nary cit­i­zens and their fam­i­lies.

5. GOP-affil­i­at­ed data ana­lyt­ics firm Deep Root has quite a data-pri­va­cy vio­la­tion. A cyber­se­cu­ri­ty researcher dis­cov­ered a Deep Root serv­er with pub­lic access to their pro­pri­etary data­base of the vot­ing habits/political views on over 198 mil­lion Amer­i­cans on June 12th. Deep Root claims this was all due to an acci­dent.

We won­der if there might be a link between the Deep Root data bas­ing and oth­er GOP cyber tac­tics and the alleged “Russ­ian hack­ing” of U.S. elec­tion sys­tems?

” . . . . To appeal to the three cru­cial cat­e­gories, it appears that Trump’s team relied on vot­er data pro­vid­ed by Data Trust. Com­plete vot­er rolls for 2008 and 2012, as well as par­tial 2016 vot­er rolls for Flori­da and Ohio, appar­ent­ly com­piled by Data Trust are con­tained in the dataset exposed by Deep Root.

Data Trust acquires vot­er rolls from state offi­cials and then stan­dard­izes the vot­er data to cre­ate a clean, man­age­able record of all reg­is­tered US vot­ers, a source famil­iar with the firm’s oper­a­tions told Giz­mo­do. Vot­er data itself is pub­lic record and there­fore not par­tic­u­lar­ly sen­si­tive, the source added, but the tools Data Trust uses to stan­dard­ize that data are con­sid­ered pro­pri­etary. That data is then pro­vid­ed to polit­i­cal clients, includ­ing ana­lyt­ics firms like Deep Root. While Data Trust requires its clients to pro­tect the data, it has to take clients at their word that indus­try-stan­dard encryp­tion and secu­ri­ty pro­to­cols are in place.

Tar­get­Point and Cause­way, the two firms employed by the RNC in addi­tion to Deep Root, appar­ent­ly lay­ered their own ana­lyt­ics atop the infor­ma­tion pro­vid­ed by Data Trust. Tar­get­Point con­duct­ed thou­sands of sur­veys per week in 22 states, accord­ing to AdAge, gaug­ing vot­er sen­ti­ment on a vari­ety of top­ics. While Cause­way helped man­age the data, Deep Root used it to per­fect its TV adver­tis­ing targets—producing vot­er turnout esti­mates by coun­ty and using that intel­li­gence to tar­get its ad buys. . . .”

“GOP Data Firm Acci­den­tal­ly Leaks Per­son­al Details of Near­ly 200 Mil­lion Amer­i­can Vot­ers” by Dell Cameron and Kate Con­ger, Giz­mo­do; 06/19/2017

Polit­i­cal data gath­ered on more than 198 mil­lion US cit­i­zens was exposed this month after a mar­ket­ing firm con­tract­ed by the Repub­li­can Nation­al Com­mit­tee stored inter­nal doc­u­ments on a pub­licly acces­si­ble Ama­zon serv­er.

The data leak con­tains a wealth of per­son­al infor­ma­tion on rough­ly 61 per­cent of the US pop­u­la­tion. Along with home address­es, birth­dates, and phone num­bers, the records include advanced sen­ti­ment analy­ses used by polit­i­cal groups to pre­dict where indi­vid­ual vot­ers fall on hot-but­ton issues such as gun own­er­ship, stem cell research, and the right to abor­tion, as well as sus­pect­ed reli­gious affil­i­a­tion and eth­nic­i­ty. The data was amassed from a vari­ety of sources—from the banned sub­red­dit r/fatpeoplehate to Amer­i­can Cross­roads, the super PAC co-found­ed by for­mer White House strate­gist Karl Rove.

Deep Root Ana­lyt­ics, a con­ser­v­a­tive data firm that iden­ti­fies audi­ences for polit­i­cal ads, con­firmed own­er­ship of the data to Giz­mo­do on Fri­day.

UpGuard cyber risk ana­lyst Chris Vick­ery dis­cov­ered Deep Root’s data online last week. More than a ter­abyte was stored on the cloud serv­er with­out the pro­tec­tion of a pass­word and could be accessed by any­one who found the URL. Many of the files did not orig­i­nate at Deep Root, but are instead the aggre­gate of out­side data firms and Repub­li­can super PACs, shed­ding light onto the increas­ing­ly advanced data ecosys­tem that helped pro­pel Pres­i­dent Don­ald Trump’s slim mar­gins in key swing states.

Although files pos­sessed by Deep Root would be typ­i­cal in any cam­paign, Repub­li­can or Demo­c­ra­t­ic, experts say its expo­sure in a sin­gle open data­base rais­es sig­nif­i­cant pri­va­cy con­cerns. “This is valu­able for peo­ple who have nefar­i­ous pur­pos­es,” Joseph Loren­zo Hall, the chief tech­nol­o­gist at the Cen­ter for Democ­ra­cy and Tech­nol­o­gy, said of the data.

The RNC paid Deep Root $983,000 last year, accord­ing to Fed­er­al Elec­tion Com­mis­sion reports, but its serv­er con­tained records from a vari­ety of oth­er con­ser­v­a­tive sources paid mil­lions more, includ­ing The Data Trust (also known as GOP Data Trust), the Repub­li­can party’s pri­ma­ry vot­er file provider. Data Trust received over $6.7 mil­lion from the RNC dur­ing the 2016 cycle, accord­ing to OpenSecrets.org, and its pres­i­dent, John­ny DeSte­fano, now serves as Trump’s direc­tor of pres­i­den­tial per­son­nel.

The Koch broth­ers’ polit­i­cal group Amer­i­cans for Pros­per­i­ty, which had a data-swap­ping agree­ment with Data Trust dur­ing the 2016 elec­tion cycle, con­tributed heav­i­ly to the exposed files, as did the mar­ket research firm Tar­get­Point, whose co-founder pre­vi­ous­ly served as direc­tor of Mitt Romney’s strat­e­gy team. (The Koch broth­ers also sub­si­dized a data com­pa­ny known as i360, which began exchang­ing vot­er files with Data Trust in 2014.) Fur­ther­more, the files pro­vid­ed by Rove’s Amer­i­can Cross­roads con­tain strate­gic vot­er data used to tar­get, among oth­ers, dis­af­fect­ed Democ­rats and unde­cid­eds in Neva­da, New Hamp­shire, Ohio, and oth­er key bat­tle­ground states.

Deep Root fur­ther obtained hun­dreds of files (at least) from The Kan­tar Group, a lead­ing media and mar­ket research com­pa­ny with offices in New York, Bei­jing, Moscow, and more than a hun­dred oth­er cities on six con­ti­nents. Each file offers rich details about polit­i­cal ads—estimated cost, audi­ence demo­graph­ics, reach, and more—by and about fig­ures and groups span­ning the polit­i­cal spec­trum. There are files on the Demo­c­ra­t­ic Sen­a­to­r­i­al Cam­paign Com­mit­tee, Planned Par­ent­hood, and the Amer­i­can Civ­il Lib­er­ties Union, as well as files on every 2016 pres­i­den­tial can­di­date, Repub­li­cans includ­ed.

What’s more, the Kan­tar files each con­tain video links to relat­ed polit­i­cal ads stored on Kantar’s servers.

Spread­sheets acquired from Tar­get­Point, which part­nered with Deep Root and GOP Data Trust dur­ing the 2016 elec­tion, include the home address­es, birth­dates, and par­ty affil­i­a­tions of near­ly 200 mil­lion reg­is­tered vot­ers in the 2008 and 2012 pres­i­den­tial elec­tions, as well as some 2016 vot­ers. TargetPoint’s data seeks to resolve ques­tions about where indi­vid­ual vot­ers stand on dozens of polit­i­cal issues. For exam­ple: Is the vot­er eco-friend­ly? Do they favor low­er­ing tax­es? Do they believe the Democ­rats should stand up to Trump? Do they agree with Trump’s “Amer­i­ca First” eco­nom­ic stance? Phar­ma­ceu­ti­cal com­pa­nies do great dam­age: Agree or Dis­agree?

The details of vot­ers’ like­ly pref­er­ences for issues like stem cell research and gun con­trol were like­ly drawn from a vari­ety of sources accord­ing to a Demo­c­ra­t­ic strate­gist who spoke with Giz­mo­do.

“Data like that would be a com­bi­na­tion of polling data, real world data from door-knock­ing and phone-call­ing and oth­er can­vass­ing activ­i­ties, cou­pled with mod­el­ing using the data we already have to extrap­o­late what the vot­ers we don’t know about would think,” the strate­gist said. “The cam­paigns that do it right com­bine all the avail­able data togeth­er to make the most robust mod­el for every sin­gle vot­er in the tar­get uni­verse.”

Deep Root’s data was exposed after the com­pa­ny updat­ed its secu­ri­ty set­tings on June 1, Lundry said. Deep Root has retained Stroz Fried­berg, a cyber­se­cu­ri­ty and dig­i­tal foren­sics firm, to inves­ti­gate. “Based on the infor­ma­tion we have gath­ered thus far, we do not believe that our sys­tems have been hacked,” Lundry added.

So far, Deep Root doesn’t believe its pro­pri­etary data was accessed by any mali­cious third par­ties dur­ing the 12 days that the data was exposed on the open web.

Deep Root’s serv­er was dis­cov­ered by UpGuard’s Vick­ery on the night of June 12 as he was search­ing for data pub­licly acces­si­ble on Amazon’s cloud ser­vice. He used the same process last month to detect sen­si­tive files tied to a US Defense Depart­ment project and exposed by an employ­ee of a top defense con­trac­tor.

This is not the first leak of vot­er files uncov­ered by Vick­ery, who told Giz­mo­do that he was alarmed over how the data was appar­ent­ly being used—some states, for instance, pro­hib­it the com­mer­cial use of vot­er records. More­over, it was not imme­di­ate­ly clear to whom the data belonged. “It was decid­ed that law enforce­ment should be con­tact­ed before attempt­ing any con­tact with the enti­ty respon­si­ble,” said Vick­ery, who report­ed that the serv­er was secured two days lat­er on June 14.

A web of data firms fun­nel research into cam­paigns

Deep Root’s data sheds light onto the increas­ing­ly sophis­ti­cat­ed data oper­a­tion that has fed recent Repub­li­can cam­paigns and lays bare the intri­cate net­work of polit­i­cal orga­ni­za­tions, PACs, and analy­sis firms that trade in bulk vot­er data. In an email to Giz­mo­do, Deep Root said that its vot­er mod­els are used to enhance the under­stand­ing of TV view­er­ship for polit­i­cal ad buy­ers. “The data accessed was not built for or used by any spe­cif­ic client,” Lundry said. “It is our pro­pri­etary analy­sis to help inform local tele­vi­sion ad buy­ing.”

How­ev­er, the pres­ence of data on the serv­er from sev­er­al polit­i­cal orga­ni­za­tions, includ­ing Tar­get­Point and Data Trust, sug­gests that it was used for Repub­li­can polit­i­cal cam­paigns. Deep Root also works pri­mar­i­ly with GOP cus­tomers (although sim­i­lar ven­dors, such as Nation­Builder, ser­vice the Democ­rats as well).

Deep Root is one of three data firms hired by the Repub­li­can Nation­al Com­mit­tee in the run-up to the 2016 pres­i­den­tial elec­tion. Found­ed by Lundry, a data sci­en­tist on the Jeb Bush and Mitt Rom­ney cam­paigns, the firm was one of three ana­lyt­ics teams that worked on the Trump cam­paign fol­low­ing the party’s nation­al con­ven­tion in the sum­mer of 2016.

Lundry’s work brought him into Trump’s cam­paign war room, accord­ing to a post-elec­tion AdAge arti­cle that chart­ed the GOP’s 2016 data efforts. Deep Root was hand-picked by the RNC’s then-chief of staff, Katie Walsh, in Sep­tem­ber of last year and joined two oth­er data shops—TargetPoint Con­sult­ing and Cause­way Solutions—in the effort to win Trump the pres­i­den­cy.

To appeal to the three cru­cial cat­e­gories, it appears that Trump’s team relied on vot­er data pro­vid­ed by Data Trust. Com­plete vot­er rolls for 2008 and 2012, as well as par­tial 2016 vot­er rolls for Flori­da and Ohio, appar­ent­ly com­piled by Data Trust are con­tained in the dataset exposed by Deep Root.

Data Trust acquires vot­er rolls from state offi­cials and then stan­dard­izes the vot­er data to cre­ate a clean, man­age­able record of all reg­is­tered US vot­ers, a source famil­iar with the firm’s oper­a­tions told Giz­mo­do. Vot­er data itself is pub­lic record and there­fore not par­tic­u­lar­ly sen­si­tive, the source added, but the tools Data Trust uses to stan­dard­ize that data are con­sid­ered pro­pri­etary. That data is then pro­vid­ed to polit­i­cal clients, includ­ing ana­lyt­ics firms like Deep Root. While Data Trust requires its clients to pro­tect the data, it has to take clients at their word that indus­try-stan­dard encryp­tion and secu­ri­ty pro­to­cols are in place.

Tar­get­Point and Cause­way, the two firms employed by the RNC in addi­tion to Deep Root, appar­ent­ly lay­ered their own ana­lyt­ics atop the infor­ma­tion pro­vid­ed by Data Trust. Tar­get­Point con­duct­ed thou­sands of sur­veys per week in 22 states, accord­ing to AdAge, gaug­ing vot­er sen­ti­ment on a vari­ety of top­ics. While Cause­way helped man­age the data, Deep Root used it to per­fect its TV adver­tis­ing targets—producing vot­er turnout esti­mates by coun­ty and using that intel­li­gence to tar­get its ad buys.

A source with years of expe­ri­ence work­ing on polit­i­cal cam­paign data oper­a­tions told Giz­mo­do that the data exposed by Deep Root appeared to be cus­tomized for the RNC and had appar­ent­ly been used to cre­ate mod­els for turnout and vot­er pref­er­ences. Meta­da­ta in the files sug­gest­ed that the data­base wasn’t Deep Root’s work­ing copy, but rather a post-elec­tion ver­sion of its data, the source said, adding that it was some­what sur­pris­ing the files hadn’t been dis­card­ed.

Because the data from the 2008 and 2012 elec­tions is outdated—the source com­pared it to the kind of address and phone data one could find on a “lousy inter­net lookup site”—it’s not very valu­able. Even the 2016 data is quick­ly becom­ing stale. “This is a pro­pri­etary dataset based on a mix of pub­lic records, data from com­mer­cial providers, and a vari­ety of pre­dic­tive mod­els of uncer­tain prove­nance and qual­i­ty,” the source said, adding: “Undoubt­ed­ly it took mil­lions of dol­lars to pro­duce.”

Although basic vot­er infor­ma­tion is pub­lic record, Deep Root’s dataset con­tains a swirl of pro­pri­etary infor­ma­tion from the RNC’s data firms. Many of file­names indi­cate they poten­tial­ly con­tain mar­ket research on Demo­c­ra­t­ic can­di­dates and the inde­pen­dent expen­di­ture com­mit­tees that sup­port them. (Up to two ter­abytes of data con­tained on the serv­er was pro­tect­ed by per­mis­sion set­tings.)

One exposed fold­er is labeled “Exxon-Mobile” [sic] and con­tains spread­sheets appar­ent­ly used to pre­dict which vot­ers sup­port the oil and gas indus­try. Divid­ed by state, the files include the vot­ers’ names and address­es, along with a unique RNC iden­ti­fi­ca­tion num­ber assigned to every US cit­i­zen reg­is­tered to vote. Each row indi­cates where vot­ers like­ly fall on issues of inter­est to Exxon­Mo­bil, the country’s biggest nat­ur­al gas pro­duc­er.

The data eval­u­ates, for exam­ple, whether or not a spe­cif­ic vot­er believes drilling for fos­sil fuels is vital to US secu­ri­ty. It also pre­dicts if the vot­er thinks the US should be mov­ing away from fos­sil-fuel use. The Exxon­Mo­bil “nation­al score” doc­u­ment alone con­tains data on 182,746,897 Amer­i­cans spread across 19 fields.

Red­dit analy­sis

Some of the data includ­ed in Deep Root’s dataset veers into down­right bizarre ter­ri­to­ry. A fold­er titled sim­ply ‘red­dit’ hous­es 170 GBs of data appar­ent­ly scraped from sev­er­al sub­red­dits, includ­ing the con­tro­ver­sial r/fatpeoplehate that was home to a com­mu­ni­ty of peo­ple who post­ed pic­tures of peo­ple and mocked them for their weight before it was banned from Reddit’s plat­form in 2015. Oth­er sub­red­dits that appear to have been scraped by Deep Root or a part­ner orga­ni­za­tion focused on more benign top­ics, like moun­tain bik­ing and the Span­ish lan­guage.

The Red­dit data could’ve been used as train­ing data for an arti­fi­cial intel­li­gence algo­rithm focused on nat­ur­al lan­guage pro­cess­ing, or it might have been har­vest­ed as part of an effort to match up Red­dit users with their vot­er reg­is­tra­tion records. Dur­ing the 2012 elec­tion cycle, Barack Obama’s cam­paign data team relied on infor­ma­tion gleaned from Face­book pro­files and matched pro­files to vot­er records.

Dur­ing the 2016 elec­tion sea­son, Red­dit played host to a legion of Trump sup­port­ers who gath­ered in sub­red­dits like r/The_Donald to comb through leaked Demo­c­ra­t­ic Nation­al Com­mit­tee emails and craft pro-Trump memes. Trump him­self par­tic­i­pat­ed in an “Ask Me Any­thing” ses­sion on r/The_Donald dur­ing his cam­paign.

Giv­en how active some Trump sup­port­ers are on Reddit—r/The_Donald cur­rent­ly boasts more than 430,000 members—it makes sense that Trump’s data team might be inter­est­ed in ana­lyz­ing data from the site.

FiveThir­tyEight analy­sis that looked at where r/The_Donald mem­bers spend their time when they’re not talk­ing pol­i­tics might shed some light onto why Deep Root col­lect­ed r/fatpeoplehate data. FiveThir­tyEight found that, when Red­di­tors weren’t com­ment­ing in polit­i­cal sub­red­dits, they most often fre­quent­ed r/fatpeoplehate.

It’s pos­si­ble that Deep Root intend­ed to use data from r/fatpeoplehate to build a more com­pre­hen­sive pro­file of Trump vot­ers. (Lundry declined to com­ment beyond his ini­tial state­ment on any of infor­ma­tion includ­ed in the Deep Root dataset.)

How­ev­er, FiveThirtyEight’s inves­ti­ga­tion doesn’t account for Deep Root’s col­lec­tion of data from moun­tain-bik­ing and Span­ish-speak­ing sub­red­dits that weren’t as pop­u­lar with r/The_Donald members—and data from these sub­red­dits that are not so close­ly linked to Trump’s diehard sup­port­ers might be more use­ful for his campaign’s goal of pur­su­ing swing vot­ers.

“My guess is that they were scrap­ing Red­dit posts to match to the vot­er file as anoth­er input for indi­vid­ual mod­el­ing,” a source famil­iar with cam­paign data oper­a­tions told Giz­mo­do. “Giv­en the num­ber of ran­dom forums, my guess is they start­ed with a list of accounts to scrape from, rather than scrap­ing from all forums then try­ing to match from there (in which case you’d start with the polit­i­cal ones).”

Match­ing vot­er records with Red­dit user­names would be com­pli­cat­ed and any large-scale effort would like­ly result in many inac­cu­ra­cies, the source said. How­ev­er, cam­paigns have attempt­ed to match vot­er files with social media pro­files in the past. Such an effort by Deep Root wouldn’t be entire­ly sur­pris­ing, and would like­ly yield rich data on the small por­tion of users it was able to match with their vot­er pro­files, the source explained.

Data expos­es sen­si­tive vot­er info

The Deep Root inci­dent rep­re­sents the largest known leak of Amer­i­cans’ vot­er records, out­strip­ping past expo­sures by sev­er­al mil­lion records. Five vot­er-file leaks over the past 18 months exposed between 350,000 and 191 mil­lion files, some of which paired vot­er data—name, race, gen­der, birth­date, address, phone num­ber, par­ty affil­i­a­tion, etc.—with email accounts, social media pro­files, and records of gun own­er­ship.

Cam­paigns and the data analy­sis firms they employ are a par­tic­u­lar­ly weak point for data expo­sure, secu­ri­ty experts say. Cor­po­ra­tions that don’t prop­er­ly secure cus­tomer data can face sig­nif­i­cant finan­cial repercussions—just ask Tar­get or Yahoo. But because cam­paigns are short-term oper­a­tions, there’s not much incen­tive for them to take data secu­ri­ty seri­ous­ly, and valu­able data is often left out to rust after an elec­tion.

“Cam­paigns are very nar­row­ly focused. They are shoe­string oper­a­tions, even pres­i­den­tial cam­paigns. So they don’t think of this as an asset they need to pro­tect,” the Cen­ter for Democ­ra­cy and Technology’s Hall told Giz­mo­do.

Even though vot­er rolls are pub­lic record and are easy to access—Ohio, for instance, makes its vot­er rolls avail­able to down­load online—their expo­sure can still be harm­ful.

Vot­er reg­is­tra­tion records include ZIP codes, birth­dates, and oth­er per­son­al infor­ma­tion that have been cru­cial in research efforts to re-iden­ti­fy anony­mous med­ical data. Latanya Sweeney, a pro­fes­sor of gov­ern­ment and tech­nol­o­gy at Har­vard Uni­ver­si­ty, famous­ly used vot­er data to re-iden­ti­fy Mass­a­chu­setts Gov­er­nor William Weld from infor­ma­tion in anony­mous hos­pi­tal dis­charge records.

Because of the per­son­al infor­ma­tion they con­tain, vot­er reg­is­tra­tion data­bas­es can also be use­ful in iden­ti­ty theft schemes.

Even though expo­sure of Deep Root’s data has the poten­tial to harm vot­ers, it’s exact­ly the kind of data that cam­paigns lust after and will spend mil­lions of dol­lars to obtain. Cam­paigns are moti­vat­ed to accu­mu­late as much deeply per­son­al infor­ma­tion about vot­ers as pos­si­ble, so they can spend their ad dol­lars in the right swing dis­tricts where they’re like­ly to sway the great­est num­ber of vot­ers. But vot­er data rapid­ly goes stale and cam­paigns close up shop quick­ly, so data is seen as dis­pos­able and often isn’t well-pro­tect­ed.

“I can think of no avenues for pun­ish­ing polit­i­cal data breach­es or oth­er­wise prop­er­ly align­ing the incen­tives. I wor­ry that if there’s no way to pun­ish cam­paigns for leak­ing this stuff, it’s going to con­tin­ue to hap­pen until some­thing bad hap­pens,” Hall said. The data left behind by cam­paigns can pose a lin­ger­ing secu­ri­ty issue, he added. “None of these moth­er­fuck­ers were ever Boy Scouts or Girl Scouts, they don’t pack out what they pack in.”

7. Where’s Cam­bridge Ana­lyt­i­ca? Did they get access to that data too? They were Trump’s pri­ma­ry Big Data secret weapon. So as this data redun­dant for them? If not and this data real­ly is of use to Cam­bridge Ana­lyt­i­ca, then if we’re try­ing to think of a like­ly intend­ed recip­i­ent for those terrabytes of data it’s hard to think of a like­li­er recip­i­ent than Cam­bridge Ana­lyt­i­ca. Espe­cial­ly after was announced back in Jan­u­ary that the RNC’s Big Data guru was head­ing over to Cam­bridge Ana­lyt­i­ca as part of a bid to turn the firm into the RNC’s Big Data firm of choice:

“Trump’s Data Firm Snags RNC Tech Guru Dar­ren Bold­ing” by Issie Lapowsky; Wired; 01/16/17

British new­com­ers Cam­bridge Ana­lyt­i­ca earned seri­ous brag­ging rights—and more than a few ene­mies—as the data firm that helped engi­neer Don­ald Trump’s vic­to­ry in its first US pres­i­den­tial elec­tion. Now it’s poach­ing the Repub­li­can Nation­al Committee’s chief tech­nol­o­gy offi­cer, Dar­ren Bold­ing, in a quest to become the ana­lyt­ics out­fit of record for the GOP.

Bold­ing, who in Novem­ber, 2015, became the RNC’s third CTO in as many years after build­ing his career as an engi­neer in Sil­i­con Val­ley, will assume the title of CTO at Cam­bridge, where he will build prod­ucts for com­mer­cial and polit­i­cal clients. “We want to be able to scale up what we’re already doing, since there’s been quite a lot of inter­est from the com­mer­cial and polit­i­cal space,” he says.

Cambridge’s pitch is that it divides audi­ences into “psy­cho­graph­ic groups” to tar­get them with the kinds of mes­sages that, like most ads, are based on demo­graph­ic fac­tors but also are most like­ly to appeal to their emo­tion­al and psy­cho­log­i­cal pro­files. The effec­tive­ness of, and method­ol­o­gy behind, these tac­tics remain the sub­ject of great debate among the Beltway’s tra­di­tion­al data minds, who express skep­ti­cism about Cambridge’s abil­i­ty to deliv­er on its promis­es. But Trump’s vic­to­ry in Novem­ber was a blow to the firm’s detrac­tors.

Though Cam­bridge is now pur­su­ing com­mer­cial clients through its new office in New York, it’s also expand­ing its DC oper­a­tion and hopes to secure gov­ern­ment and defense con­tracts under the Trump admin­is­tra­tion. Cam­bridge already has the req­ui­site ties. Not only did it work for the Trump cam­paign, but Steve Ban­non, Trump’s chief strate­gist, serves on the firm’s board.

Cam­bridge also is fund­ed by Robert Mer­cer, the bil­lion­aire donor who gave mil­lions to Trump Super PACs and whose daugh­ter Rebekah Mer­cer serves on the Trump tran­si­tion team. She report­ed­lyis involved in shap­ing the non-prof­it orga­ni­za­tion that will serve as a fundrais­ing and mes­sag­ing vehi­cle for the Trump admin­is­tra­tion. That could give Cam­bridge an advan­tage in secur­ing its busi­ness. Cam­bridge Ana­lyt­i­ca declined to com­ment on these poten­tial deals, and the Trump tran­si­tion team has not yet respond­ed to WIRED’s request for com­ment.

Bolding’s depar­ture from the RNC comes as Repub­li­cans and Democ­rats alike grap­ple with the threat of cyber attacks in the wake of the breach, attrib­uted to Russ­ian hack­ers, of the Demo­c­ra­t­ic Nation­al Com­mit­tee dur­ing the 2016 elec­tion. Dur­ing his press con­fer­ence this week, pres­i­dent-elect Trump scold­ed the DNC for allow­ing such an attack and claimed that hack­ers were foiled in their attempt to pen­e­trate the Repub­li­can Nation­al Com­mit­tee. Bold­ing con­firms the RNC expe­ri­enced fre­quent attacks through­out the elec­tion cycle. “We were very vig­or­ous­ly attacked,” Bold­ing says. “I’ve done this for large com­mer­cial com­pa­nies that have had sig­nif­i­cant threats, but this was real­ly intense.”

While there may have been no breach­es of recent RNC data, in a hear­ing before the Sen­ate Select Com­mit­tee on Intel­li­gence Tues­day, FBI direc­tor James Comey said that “infor­ma­tion was har­vest­ed” from old RNC email domains that are no longer in use, though none of that infor­ma­tion was released.

———-

“British new­com­ers Cam­bridge Ana­lyt­i­ca earned seri­ous brag­ging rights—and more than a few ene­mies—as the data firm that helped engi­neer Don­ald Trump’s vic­to­ry in its first US pres­i­den­tial elec­tion. Now it’s poach­ing the Repub­li­can Nation­al Committee’s chief tech­nol­o­gy offi­cer, Dar­ren Bold­ing, in a quest to become the ana­lyt­ics out­fit of record for the GOP.

8. Sey­mour Hersh has a piece in Die Welt about the intel­li­gence that went into the Trump administration’s deci­sion to launch a cruise mis­sile strike against a Syr­i­an air­base fol­low­ing the alleged sarin gas attack on the city of Khan Sheikhoun in Idlib.

So what did the intel­li­gence com­mu­ni­ty know about the attack? Well, the Russ­ian and Syr­i­an air force had in fact informed the US in advance of that airstrike that they had intel­li­gence that top lev­el lead­ers of Ahrar al-Sham and Jab­hat al-Nus­ra were meet­ing in that build­ing and they informed of the US of the attack plan in advance of the attack and that it was on a “high-val­ue” tar­get. And the attack involved the unusu­al use of a guid­ed bomb and Syria’s top pilots. Fol­low­ing the attack, US intel­li­gence con­clud­ed that there was no sarin gas attack, Assad wouldn’t have been that polit­i­cal­ly sui­ci­dal, and the symp­toms of chem­i­cal poi­son­ing fol­low­ing the bomb­ing was like­ly due to a mix­ture of chlo­rine, fer­til­iz­ers, and oth­er chem­i­cals stored in the build­ing that was tar­get­ed by the Syr­i­an air­force cre­at­ed by sec­ondary explo­sions from the ini­tial bomb­ing.

Key por­tions of Her­sh’s sto­ry:

“. . . . The Syr­i­an tar­get at Khan Sheikhoun, as shared with the Amer­i­cans at Doha, was depict­ed as a two-sto­ry cin­der-block build­ing in the north­ern part of town. Russ­ian intel­li­gence, which is shared when nec­es­sary with Syr­ia and the U.S. as part of their joint fight against jihadist groups, had estab­lished that a high-lev­el meet­ing of jihadist lead­ers was to take place in the build­ing, includ­ing rep­re­sen­ta­tives of Ahrar al-Sham and the al-Qai­da-affil­i­at­ed group for­mer­ly known as Jab­hat al-Nus­ra. The two groups had recent­ly joined forces, and con­trolled the town and sur­round­ing area. Russ­ian intel­li­gence depict­ed the cin­der-block build­ing as a com­mand and con­trol cen­ter that housed a gro­cery and oth­er com­mer­cial premis­es on its ground floor with oth­er essen­tial shops near­by, includ­ing a fab­ric shop and an elec­tron­ics store.

‘The rebels con­trol the pop­u­la­tion by con­trol­ling the dis­tri­b­u­tion of goods that peo­ple need to live – food, water, cook­ing oil, propane gas, fer­til­iz­ers for grow­ing their crops, and insec­ti­cides to pro­tect the crops,’ a senior advis­er to the Amer­i­can intel­li­gence com­mu­ni­ty, who has served in senior posi­tions in the Defense Depart­ment and Cen­tral Intel­li­gence Agency, told me. The base­ment was used as stor­age for rock­ets, weapons and ammu­ni­tion, as well as prod­ucts that could be dis­trib­uted for free to the com­mu­ni­ty, among them med­i­cines and chlo­rine-based decon­t­a­m­i­nants for cleans­ing the bod­ies of the dead before bur­ial. The meet­ing place – a region­al head­quar­ters – was on the floor above. ‘It was an estab­lished meet­ing place,’ the senior advis­er said. ‘A long-time facil­i­ty that would have had secu­ri­ty, weapons, com­mu­ni­ca­tions, files and a map cen­ter.’ The Rus­sians were intent on con­firm­ing their intel­li­gence and deployed a drone for days above the site to mon­i­tor com­mu­ni­ca­tions and devel­op what is known in the intel­li­gence com­mu­ni­ty as a POL – a pat­tern of life. The goal was to take note of those going in and out of the build­ing, and to track weapons being moved back and forth, includ­ing rock­ets and ammu­ni­tion.

Russ­ian and Syr­i­an intel­li­gence offi­cials, who coor­di­nate oper­a­tions close­ly with the Amer­i­can com­mand posts, made it clear that the planned strike on Khan Sheikhoun was spe­cial because of the high-val­ue tar­get. “It was a red-hot change. The mis­sion was out of the ordi­nary – scrub the sked,” the senior advis­er told me. “Every oper­a­tions offi­cer in the region” – in the Army, Marine Corps, Air Force, CIA and NSA – “had to know there was some­thing going on. The Rus­sians gave the Syr­i­an Air Force a guid­ed bomb and that was a rar­i­ty. They’re skimpy with their guid­ed bombs and rarely share them with the Syr­i­an Air Force. And the Syr­i­ans assigned their best pilot to the mis­sion, with the best wing­man.” The advance intel­li­gence on the tar­get, as sup­plied by the Rus­sians, was giv­en the high­est pos­si­ble score inside the Amer­i­can com­mu­ni­ty.

The Exe­cute Order gov­ern­ing U.S. mil­i­tary oper­a­tions in the­ater, which was issued by the Chair­man of the Joint Chiefs of Staff, pro­vide instruc­tions that demar­cate the rela­tion­ship between the Amer­i­can and Russ­ian forces oper­at­ing in Syr­ia. “It’s like an ops order – ‘Here’s what you are autho­rized to do,’” the advis­er said. “We do not share oper­a­tional con­trol with the Rus­sians. We don’t do com­bined oper­a­tions with them, or activ­i­ties direct­ly in sup­port of one of their oper­a­tions. But coor­di­na­tion is per­mit­ted. We keep each oth­er apprised of what’s hap­pen­ing and with­in this pack­age is the mutu­al exchange of intel­li­gence. If we get a hot tip that could help the Rus­sians do their mis­sion, that’s coor­di­na­tion; and the Rus­sians do the same for us. When we get a hot tip about a com­mand and con­trol facil­i­ty,” the advis­er added, refer­ring to the tar­get in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chem­i­cal weapons strike,” the advis­er said. “That’s a fairy tale. If so, every­one involved in trans­fer­ring, load­ing and arm­ing the weapon – you’ve got to make it appear like a reg­u­lar 500-pound con­ven­tion­al bomb – would be wear­ing Haz­mat pro­tec­tive cloth­ing in case of a leak. There would be very lit­tle chance of sur­vival with­out such gear. Mil­i­tary grade sarin includes addi­tives designed to increase tox­i­c­i­ty and lethal­i­ty. Every batch that comes out is max­i­mized for death. That is why it is made. It is odor­less and invis­i­ble and death can come with­in a minute. No cloud. Why pro­duce a weapon that peo­ple can run away from?”

The tar­get was struck at 6:55 a.m. on April 4, just before mid­night in Wash­ing­ton. A Bomb Dam­age Assess­ment (BDA) by the U.S. mil­i­tary lat­er deter­mined that the heat and force of the 500-pound Syr­i­an bomb trig­gered a series of sec­ondary explo­sions that could have gen­er­at­ed a huge tox­ic cloud that began to spread over the town, formed by the release of the fer­til­iz­ers, dis­in­fec­tants and oth­er goods stored in the base­ment, its effect mag­ni­fied by the dense morn­ing air, which trapped the fumes close to the ground. Accord­ing to intel­li­gence esti­mates, the senior advis­er said, the strike itself killed up to four jihadist lead­ers, and an unknown num­ber of dri­vers and secu­ri­ty aides. There is no con­firmed count of the num­ber of civil­ians killed by the poi­so­nous gas­es that were released by the sec­ondary explo­sions, although oppo­si­tion activists report­ed that there were more than 80 dead, and out­lets such as CNN have put the fig­ure as high as 92. A team from Médecins Sans Fron­tières, treat­ing vic­tims from Khan Sheikhoun at a clin­ic 60 miles to the north, report­ed that “eight patients showed symp­toms – includ­ing con­strict­ed pupils, mus­cle spasms and invol­un­tary defe­ca­tion – which are con­sis­tent with expo­sure to a neu­ro­tox­ic agent such as sarin gas or sim­i­lar com­pounds.” MSF also vis­it­ed oth­er hos­pi­tals that had received vic­tims and found that patients there “smelled of bleach, sug­gest­ing that they had been exposed to chlo­rine.” In oth­er words, evi­dence sug­gest­ed that there was more than one chem­i­cal respon­si­ble for the symp­toms observed, which would not have been the case if the Syr­i­an Air Force – as oppo­si­tion activists insist­ed – had dropped a sarin bomb, which has no per­cus­sive or igni­tion pow­er to trig­ger sec­ondary explo­sions. The range of symp­toms is, how­ev­er, con­sis­tent with the release of a mix­ture of chem­i­cals, includ­ing chlo­rine and the organophos­phates used in many fer­til­iz­ers, which can cause neu­ro­tox­ic effects sim­i­lar to those of sarin.

A Bomb Dam­age Assess­ment (BDA) by the U.S. mil­i­tary lat­er deter­mined that the heat and force of the 500-pound Syr­i­an bomb trig­gered a series of sec­ondary explo­sions that could have gen­er­at­ed a huge tox­ic cloud that began to spread over the town, formed by the release of the fer­til­iz­ers, dis­in­fec­tants and oth­er goods stored in the base­ment, its effect mag­ni­fied by the dense morn­ing air, which trapped the fumes close to the ground. . . .

” . . . . The cri­sis slid into the back­ground by the end of April, as Rus­sia, Syr­ia and the Unit­ed States remained focused on anni­hi­lat­ing ISIS and the mili­tias of al-Qai­da. Some of those who had worked through the cri­sis, how­ev­er, were left with lin­ger­ing con­cerns. ‘The Salafists and jihadists got every­thing they want­ed out of their hyped-up Syr­i­an nerve gas ploy,’ the senior advis­er to the U.S. intel­li­gence com­mu­ni­ty told me, refer­ring to the flare up of ten­sions between Syr­ia, Rus­sia and Amer­i­ca. ‘The issue is, what if there’s anoth­er false flag sarin attack cred­it­ed to hat­ed Syr­ia? Trump has upped the ante and paint­ed him­self into a cor­ner with his deci­sion to bomb. And do not think these guys are not plan­ning the next faked attack. Trump will have no choice but to bomb again, and hard­er. He’s inca­pable of say­ing he made a mis­take.’ . . .”

“Trump‘s Red Line” by Sey­mour M. Hersh; Welt.de; 06/25/2017

On April 6, Unit­ed States Pres­i­dent Don­ald Trump autho­rized an ear­ly morn­ing Tom­a­hawk mis­sile strike on Shayrat Air Base in cen­tral Syr­ia in retal­i­a­tion for what he said was a dead­ly nerve agent attack car­ried out by the Syr­i­an gov­ern­ment two days ear­li­er in the rebel-held town of Khan Sheikhoun. Trump issued the order despite hav­ing been warned by the U.S. intel­li­gence com­mu­ni­ty that it had found no evi­dence that the Syr­i­ans had used a chem­i­cal weapon.

The avail­able intel­li­gence made clear that the Syr­i­ans had tar­get­ed a jihadist meet­ing site on April 4 using a Russ­ian-sup­plied guid­ed bomb equipped with con­ven­tion­al explo­sives. Details of the attack, includ­ing infor­ma­tion on its so-called high-val­ue tar­gets, had been pro­vid­ed by the Rus­sians days in advance to Amer­i­can and allied mil­i­tary offi­cials in Doha, whose mis­sion is to coor­di­nate all U.S., allied, Syr­i­an and Russ­ian Air Force oper­a­tions in the region.

Some Amer­i­can mil­i­tary and intel­li­gence offi­cials were espe­cial­ly dis­tressed by the president’s deter­mi­na­tion to ignore the evi­dence. “None of this makes any sense,” one offi­cer told col­leagues upon learn­ing of the deci­sion to bomb. “We KNOW that there was no chem­i­cal attack … the Rus­sians are furi­ous. Claim­ing we have the real intel and know the truth … I guess it didn’t mat­ter whether we elect­ed Clin­ton or Trump.“

With­in hours of the April 4 bomb­ing, the world’s media was sat­u­rat­ed with pho­tographs and videos from Khan Sheikhoun. Pic­tures of dead and dying vic­tims, alleged­ly suf­fer­ing from the symp­toms of nerve gas poi­son­ing, were uploaded to social media by local activists, includ­ing the White Hel­mets, a first respon­der group known for its close asso­ci­a­tion with the Syr­i­an oppo­si­tion.

The prove­nance of the pho­tos was not clear and no inter­na­tion­al observers have yet inspect­ed the site, but the imme­di­ate pop­u­lar assump­tion world­wide was that this was a delib­er­ate use of the nerve agent sarin, autho­rized by Pres­i­dent Bashar Assad of Syr­ia. Trump endorsed that assump­tion by issu­ing a state­ment with­in hours of the attack, describ­ing Assad’s “heinous actions” as being a con­se­quence of the Oba­ma administration’s “weak­ness and irres­o­lu­tion” in address­ing what he said was Syria’s past use of chem­i­cal weapons.

To the dis­may of many senior mem­bers of his nation­al secu­ri­ty team, Trump could not be swayed over the next 48 hours of intense brief­in­gs and deci­sion-mak­ing. In a series of inter­views, I learned of the total dis­con­nect between the pres­i­dent and many of his mil­i­tary advis­ers and intel­li­gence offi­cials, as well as offi­cers on the ground in the region who had an entire­ly dif­fer­ent under­stand­ing of the nature of Syria’s attack on Khan Sheikhoun. I was pro­vid­ed with evi­dence of that dis­con­nect, in the form of tran­scripts of real-time com­mu­ni­ca­tions, imme­di­ate­ly fol­low­ing the Syr­i­an attack on April 4. In an impor­tant pre-strike process known as decon­flic­tion, U.S. and Russ­ian offi­cers rou­tine­ly sup­ply one anoth­er with advance details of planned flight paths and tar­get coor­di­nates, to ensure that there is no risk of col­li­sion or acci­den­tal encounter (the Rus­sians speak on behalf of the Syr­i­an mil­i­tary). This infor­ma­tion is sup­plied dai­ly to the Amer­i­can AWACS sur­veil­lance planes that mon­i­tor the flights once air­borne. Deconfliction’s suc­cess and impor­tance can be mea­sured by the fact that there has yet to be one col­li­sion, or even a near miss, among the high-pow­ered super­son­ic Amer­i­can, Allied, Russ­ian and Syr­i­an fight­er bombers.

Russ­ian and Syr­i­an Air Force offi­cers gave details of the care­ful­ly planned flight path to and from Khan Shiekhoun on April 4 direct­ly, in Eng­lish, to the decon­flic­tion mon­i­tors aboard the AWACS plane, which was on patrol near the Turk­ish bor­der, 60 miles or more to the north.

The Syr­i­an tar­get at Khan Sheikhoun, as shared with the Amer­i­cans at Doha, was depict­ed as a two-sto­ry cin­der-block build­ing in the north­ern part of town. Russ­ian intel­li­gence, which is shared when nec­es­sary with Syr­ia and the U.S. as part of their joint fight against jihadist groups, had estab­lished that a high-lev­el meet­ing of jihadist lead­ers was to take place in the build­ing, includ­ing rep­re­sen­ta­tives of Ahrar al-Sham and the al-Qai­da-affil­i­at­ed group for­mer­ly known as Jab­hat al-Nus­ra. The two groups had recent­ly joined forces, and con­trolled the town and sur­round­ing area. Russ­ian intel­li­gence depict­ed the cin­der-block build­ing as a com­mand and con­trol cen­ter that housed a gro­cery and oth­er com­mer­cial premis­es on its ground floor with oth­er essen­tial shops near­by, includ­ing a fab­ric shop and an elec­tron­ics store.

“The rebels con­trol the pop­u­la­tion by con­trol­ling the dis­tri­b­u­tion of goods that peo­ple need to live – food, water, cook­ing oil, propane gas, fer­til­iz­ers for grow­ing their crops, and insec­ti­cides to pro­tect the crops,” a senior advis­er to the Amer­i­can intel­li­gence com­mu­ni­ty, who has served in senior posi­tions in the Defense Depart­ment and Cen­tral Intel­li­gence Agency, told me. The base­ment was used as stor­age for rock­ets, weapons and ammu­ni­tion, as well as prod­ucts that could be dis­trib­uted for free to the com­mu­ni­ty, among them med­i­cines and chlo­rine-based decon­t­a­m­i­nants for cleans­ing the bod­ies of the dead before bur­ial. The meet­ing place – a region­al head­quar­ters – was on the floor above. “It was an estab­lished meet­ing place,” the senior advis­er said. “A long-time facil­i­ty that would have had secu­ri­ty, weapons, com­mu­ni­ca­tions, files and a map cen­ter.” The Rus­sians were intent on con­firm­ing their intel­li­gence and deployed a drone for days above the site to mon­i­tor com­mu­ni­ca­tions and devel­op what is known in the intel­li­gence com­mu­ni­ty as a POL – a pat­tern of life. The goal was to take note of those going in and out of the build­ing, and to track weapons being moved back and forth, includ­ing rock­ets and ammu­ni­tion.

One rea­son for the Russ­ian mes­sage to Wash­ing­ton about the intend­ed tar­get was to ensure that any CIA asset or infor­mant who had man­aged to work his way into the jihadist lead­er­ship was fore­warned not to attend the meet­ing.I was told that the Rus­sians passed the warn­ing direct­ly to the CIA. “They were play­ing the game right,” the senior advis­er said. The Russ­ian guid­ance not­ed that the jihadist meet­ing was com­ing at a time of acute pres­sure for the insur­gents: Pre­sum­ably Jab­hat al-Nus­ra and Ahrar al-Sham were des­per­ate­ly seek­ing a path for­ward in the new polit­i­cal cli­mate. In the last few days of March, Trump and two of his key nation­al secu­ri­ty aides – Sec­re­tary of State Rex Tiller­son and UN Ambas­sador Nik­ki Haley – had made state­ments acknowl­edg­ing that, as the New York Times put it, the White House “has aban­doned the goal” of pres­sur­ing Assad “to leave pow­er, mark­ing a sharp depar­ture from the Mid­dle East pol­i­cy that guid­ed the Oba­ma admin­is­tra­tion for more than five years.” White House Press Sec­re­tary Sean Spicer told a press brief­ing on March 31 that “there is a polit­i­cal real­i­ty that we have to accept,” imply­ing that Assad was there to stay.

Russ­ian and Syr­i­an intel­li­gence offi­cials, who coor­di­nate oper­a­tions close­ly with the Amer­i­can com­mand posts, made it clear that the planned strike on Khan Sheikhoun was spe­cial because of the high-val­ue tar­get. “It was a red-hot change. The mis­sion was out of the ordi­nary – scrub the sked,” the senior advis­er told me. “Every oper­a­tions offi­cer in the region” – in the Army, Marine Corps, Air Force, CIA and NSA – “had to know there was some­thing going on. The Rus­sians gave the Syr­i­an Air Force a guid­ed bomb and that was a rar­i­ty. They’re skimpy with their guid­ed bombs and rarely share them with the Syr­i­an Air Force. And the Syr­i­ans assigned their best pilot to the mis­sion, with the best wing­man.” The advance intel­li­gence on the tar­get, as sup­plied by the Rus­sians, was giv­en the high­est pos­si­ble score inside the Amer­i­can com­mu­ni­ty.

The Exe­cute Order gov­ern­ing U.S. mil­i­tary oper­a­tions in the­ater, which was issued by the Chair­man of the Joint Chiefs of Staff, pro­vide instruc­tions that demar­cate the rela­tion­ship between the Amer­i­can and Russ­ian forces oper­at­ing in Syr­ia. “It’s like an ops order – ‘Here’s what you are autho­rized to do,’” the advis­er said. “We do not share oper­a­tional con­trol with the Rus­sians. We don’t do com­bined oper­a­tions with them, or activ­i­ties direct­ly in sup­port of one of their oper­a­tions. But coor­di­na­tion is per­mit­ted. We keep each oth­er apprised of what’s hap­pen­ing and with­in this pack­age is the mutu­al exchange of intel­li­gence. If we get a hot tip that could help the Rus­sians do their mis­sion, that’s coor­di­na­tion; and the Rus­sians do the same for us. When we get a hot tip about a com­mand and con­trol facil­i­ty,” the advis­er added, refer­ring to the tar­get in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chem­i­cal weapons strike,” the advis­er said. “That’s a fairy tale. If so, every­one involved in trans­fer­ring, load­ing and arm­ing the weapon – you’ve got to make it appear like a reg­u­lar 500-pound con­ven­tion­al bomb – would be wear­ing Haz­mat pro­tec­tive cloth­ing in case of a leak. There would be very lit­tle chance of sur­vival with­out such gear. Mil­i­tary grade sarin includes addi­tives designed to increase tox­i­c­i­ty and lethal­i­ty. Every batch that comes out is max­i­mized for death. That is why it is made. It is odor­less and invis­i­ble and death can come with­in a minute. No cloud. Why pro­duce a weapon that peo­ple can run away from?”

The tar­get was struck at 6:55 a.m. on April 4, just before mid­night in Wash­ing­ton. A Bomb Dam­age Assess­ment (BDA) by the U.S. mil­i­tary lat­er deter­mined that the heat and force of the 500-pound Syr­i­an bomb trig­gered a series of sec­ondary explo­sions that could have gen­er­at­ed a huge tox­ic cloud that began to spread over the town, formed by the release of the fer­til­iz­ers, dis­in­fec­tants and oth­er goods stored in the base­ment, its effect mag­ni­fied by the dense morn­ing air, which trapped the fumes close to the ground. Accord­ing to intel­li­gence esti­mates, the senior advis­er said, the strike itself killed up to four jihadist lead­ers, and an unknown num­ber of dri­vers and secu­ri­ty aides. There is no con­firmed count of the num­ber of civil­ians killed by the poi­so­nous gas­es that were released by the sec­ondary explo­sions, although oppo­si­tion activists report­ed that there were more than 80 dead, and out­lets such as CNN have put the fig­ure as high as 92. A team from Médecins Sans Fron­tières, treat­ing vic­tims from Khan Sheikhoun at a clin­ic 60 miles to the north, report­ed that “eight patients showed symp­toms – includ­ing con­strict­ed pupils, mus­cle spasms and invol­un­tary defe­ca­tion – which are con­sis­tent with expo­sure to a neu­ro­tox­ic agent such as sarin gas or sim­i­lar com­pounds.” MSF also vis­it­ed oth­er hos­pi­tals that had received vic­tims and found that patients there “smelled of bleach, sug­gest­ing that they had been exposed to chlo­rine.” In oth­er words, evi­dence sug­gest­ed that there was more than one chem­i­cal respon­si­ble for the symp­toms observed, which would not have been the case if the Syr­i­an Air Force – as oppo­si­tion activists insist­ed – had dropped a sarin bomb, which has no per­cus­sive or igni­tion pow­er to trig­ger sec­ondary explo­sions. The range of symp­toms is, how­ev­er, con­sis­tent with the release of a mix­ture of chem­i­cals, includ­ing chlo­rine and the organophos­phates used in many fer­til­iz­ers, which can cause neu­ro­tox­ic effects sim­i­lar to those of sarin.

The inter­net swung into action with­in hours, and grue­some pho­tographs of the vic­tims flood­ed tele­vi­sion net­works and YouTube. U.S. intel­li­gence was tasked with estab­lish­ing what had hap­pened. Among the pieces of infor­ma­tion received was an inter­cept of Syr­i­an com­mu­ni­ca­tions col­lect­ed before the attack by an allied nation. The inter­cept, which had a par­tic­u­lar­ly strong effect on some of Trump’s aides, did not men­tion nerve gas or sarin, but it did quote a Syr­i­an gen­er­al dis­cussing a “spe­cial” weapon and the need for a high­ly skilled pilot to man the attack plane. The ref­er­ence, as those in the Amer­i­can intel­li­gence com­mu­ni­ty under­stood, and many of the inex­pe­ri­enced aides and fam­i­ly mem­bers close to Trump may not have, was to a Russ­ian-sup­plied bomb with its built-in guid­ance sys­tem. “If you’ve already decid­ed it was a gas attack, you will then inevitably read the talk about a spe­cial weapon as involv­ing a sarin bomb,” the advis­er said. “Did the Syr­i­ans plan the attack on Khan Sheikhoun? Absolute­ly. Do we have inter­cepts to prove it? Absolute­ly. Did they plan to use sarin? No. But the pres­i­dent did not say: ‘We have a prob­lem and let’s look into it.’ He want­ed to bomb the shit out of Syr­ia.”

At the UN the next day, Ambas­sador Haley cre­at­ed a media sen­sa­tion when she dis­played pho­tographs of the dead and accused Rus­sia of being com­plic­it. “How many more chil­dren have to die before Rus­sia cares?” she asked. NBC News, in a typ­i­cal report that day, quot­ed Amer­i­can offi­cials as con­firm­ing that nerve gas had been used and Haley tied the attack direct­ly to Syr­i­an Pres­i­dent Assad. “We know that yesterday’s attack was a new low even for the bar­bar­ic Assad regime,” she said. There was irony in America’s rush to blame Syr­ia and crit­i­cize Rus­sia for its sup­port of Syria’s denial of any use of gas in Khan Sheikhoun, as Ambas­sador Haley and oth­ers in Wash­ing­ton did. “What doesn’t occur to most Amer­i­cans” the advis­er said, “is if there had been a Syr­i­an nerve gas attack autho­rized by Bashar, the Rus­sians would be 10 times as upset as any­one in the West. Russia’s strat­e­gy against ISIS, which involves get­ting Amer­i­can coop­er­a­tion, would have been destroyed and Bashar would be respon­si­ble for piss­ing off Rus­sia, with unknown con­se­quences for him. Bashar would do that? When he’s on the verge of win­ning the war? Are you kid­ding me?”

Trump, a con­stant watch­er of tele­vi­sion news, said, while King Abdul­lah of Jor­dan was sit­ting next to him in the Oval Office, that what had hap­pened was “hor­ri­ble, hor­ri­ble” and a “ter­ri­ble affront to human­i­ty.” Asked if his admin­is­tra­tion would change its pol­i­cy toward the Assad gov­ern­ment, he said: “You will see.” He gave a hint of the response to come at the sub­se­quent news con­fer­ence with King Abdul­lah: “When you kill inno­cent chil­dren, inno­cent babies – babies, lit­tle babies – with a chem­i­cal gas that is so lethal … that cross­es many, many lines, beyond a red line . … That attack on chil­dren yes­ter­day had a big impact on me. Big impact … It’s very, very pos­si­ble … that my atti­tude toward Syr­ia and Assad has changed very much.”

With­in hours of view­ing the pho­tos, the advis­er said, Trump instruct­ed the nation­al defense appa­ra­tus to plan for retal­i­a­tion against Syr­ia. “He did this before he talked to any­body about it. The plan­ners then asked the CIA and DIA if there was any evi­dence that Syr­ia had sarin stored at a near­by air­port or some­where in the area. Their mil­i­tary had to have it some­where in the area in order to bomb with it.” “The answer was, ‘We have no evi­dence that Syr­ia had sarin or used it,’” the advis­er said. “The CIA also told them that there was no resid­ual deliv­ery for sarin at Sheyrat [the air­field from which the Syr­i­an SU-24 bombers had tak­en off on April 4] and Assad had no motive to com­mit polit­i­cal sui­cide.”Every­one involved, except per­haps the pres­i­dent, also under­stood that a high­ly skilled Unit­ed Nations team had spent more than a year in the after­math of an alleged sarin attack in 2013 by Syr­ia, remov­ing what was said to be all chem­i­cal weapons from a dozen Syr­i­an chem­i­cal weapons depots.

At this point, the advis­er said, the president’s nation­al secu­ri­ty plan­ners were more than a lit­tle rat­tled: “No one knew the prove­nance of the pho­tographs. We didn’t know who the chil­dren were or how they got hurt. Sarin actu­al­ly is very easy to detect because it pen­e­trates paint, and all one would have to do is get a paint sam­ple. We knew there was a cloud and we knew it hurt peo­ple. But you can­not jump from there to cer­tain­ty that Assad had hid­den sarin from the UN because he want­ed to use it in Khan Sheikhoun.” The intel­li­gence made clear that a Syr­i­an Air Force SU-24 fight­er bomber had used a con­ven­tion­al weapon to hit its tar­get: There had been no chem­i­cal war­head. And yet it was impos­si­ble for the experts to per­suade the pres­i­dent of this once he had made up his mind. “The pres­i­dent saw the pho­tographs of poi­soned lit­tle girls and said it was an Assad atroc­i­ty,” the senior advis­er said. “It’s typ­i­cal of human nature. You jump to the con­clu­sion you want. Intel­li­gence ana­lysts do not argue with a pres­i­dent. They’re not going to tell the pres­i­dent, ‘if you inter­pret the data this way, I quit.’”

The nation­al secu­ri­ty advis­ers under­stood their dilem­ma: Trump want­ed to respond to the affront to human­i­ty com­mit­ted by Syr­ia and he did not want to be dis­suad­ed. They were deal­ing with a man they con­sid­ered to be not unkind and not stu­pid, but his lim­i­ta­tions when it came to nation­al secu­ri­ty deci­sions were severe. “Every­one close to him knows his pro­cliv­i­ty for act­ing pre­cip­i­tous­ly when he does not know the facts,” the advis­er said. “He doesn’t read any­thing and has no real his­tor­i­cal knowl­edge. He wants ver­bal brief­in­gs and pho­tographs. He’s a risk-tak­er. He can accept the con­se­quences of a bad deci­sion in the busi­ness world; he will just lose mon­ey. But in our world, lives will be lost and there will be long-term dam­age to our nation­al secu­ri­ty if he guess­es wrong. He was told we did not have evi­dence of Syr­i­an involve­ment and yet Trump says: ‘Do it.”’

On April 6, Trump con­vened a meet­ing of nation­al secu­ri­ty offi­cials at his Mar-a-Lago resort in Flori­da. The meet­ing was not to decide what to do, but how best to do it – or, as some want­ed, how to do the least and keep Trump hap­py. “The boss knew before the meet­ing that they didn’t have the intel­li­gence, but that was not the issue,” the advis­er said. “The meet­ing was about, ‘Here’s what I’m going to do,’ and then he gets the options.”

The avail­able intel­li­gence was not rel­e­vant. The most expe­ri­enced man at the table was Sec­re­tary of Defense James Mat­tis, a retired Marine Corps gen­er­al who had the president’s respect and under­stood, per­haps, how quick­ly that could evap­o­rate. Mike Pom­peo, the CIA direc­tor whose agency had con­sis­tent­ly report­ed that it had no evi­dence of a Syr­i­an chem­i­cal bomb, was not present. Sec­re­tary of State Tiller­son was admired on the inside for his will­ing­ness to work long hours and his avid read­ing of diplo­mat­ic cables and reports, but he knew lit­tle about wag­ing war and the man­age­ment of a bomb­ing raid. Those present were in a bind, the advis­er said. “The pres­i­dent was emo­tion­al­ly ener­gized by the dis­as­ter and he want­ed options.” He got four of them, in order of extrem­i­ty. Option one was to do noth­ing. All involved, the advis­er said, under­stood that was a non-starter. Option two was a slap on the wrist: to bomb an air­field in Syr­ia, but only after alert­ing the Rus­sians and, through them, the Syr­i­ans, to avoid too many casu­al­ties. A few of the plan­ners called this the “goril­la option”: Amer­i­ca would glow­er and beat its chest to pro­voke fear and demon­strate resolve, but cause lit­tle sig­nif­i­cant dam­age. The third option was to adopt the strike pack­age that had been pre­sent­ed to Oba­ma in 2013, and which he ulti­mate­ly chose not to pur­sue. The plan called for the mas­sive bomb­ing of the main Syr­i­an air­fields and com­mand and con­trol cen­ters using B1 and B52 air­craft launched from their bases in the U.S. Option four was “decap­i­ta­tion”: to remove Assad by bomb­ing his palace in Dam­as­cus, as well as his com­mand and con­trol net­work and all of the under­ground bunkers he could pos­si­bly retreat to in a cri­sis.

“Trump ruled out option one off the bat,” the senior advis­er said, and the assas­si­na­tion of Assad was nev­er con­sid­ered. “But he said, in essence: ‘You’re the mil­i­tary and I want mil­i­tary action.’” The pres­i­dent was also ini­tial­ly opposed to the idea of giv­ing the Rus­sians advance warn­ing before the strike, but reluc­tant­ly accept­ed it. “We gave him the Goldilocks option – not too hot, not too cold, but just right.” The dis­cus­sion had its bizarre moments. Tiller­son won­dered at the Mar-a-Lago meet­ing why the pres­i­dent could not sim­ply call in the B52 bombers and pul­ver­ize the air base. He was told that B52s were very vul­ner­a­ble to sur­face-to-air mis­siles (SAMs) in the area and using such planes would require sup­pres­sion fire that could kill some Russ­ian defend­ers. “What is that?” Tiller­son asked. Well, sir, he was told, that means we would have to destroy the upgrad­ed SAM sites along the B52 flight path, and those are manned by Rus­sians, and we pos­si­bly would be con­front­ed with a much more dif­fi­cult sit­u­a­tion. “The les­son here was: Thank God for the mil­i­tary men at the meet­ing,” the advis­er said. “They did the best they could when con­front­ed with a deci­sion that had already been made.”

Fifty-nine Tom­a­hawk mis­siles were fired from two U.S. Navy destroy­ers on duty in the Mediter­ranean, the Ross and the Porter, at Shayrat Air Base near the gov­ern­ment-con­trolled city of Homs. The strike was as suc­cess­ful as hoped, in terms of doing min­i­mal dam­age. The mis­siles have a light pay­load – rough­ly 220 pounds of HBX, the military’s mod­ern ver­sion of TNT. The airfield’s gaso­line stor­age tanks, a pri­ma­ry tar­get, were pul­ver­ized, the senior advis­er said, trig­ger­ing a huge fire and clouds of smoke that inter­fered with the guid­ance sys­tem of fol­low­ing mis­siles. As many as 24 mis­siles missed their tar­gets and only a few of the Tom­a­hawks actu­al­ly pen­e­trat­ed into hangars, destroy­ing nine Syr­i­an air­craft, many few­er than claimed by the Trump admin­is­tra­tion. I was told that none of the nine was oper­a­tional: such dam­aged air­craft are what the Air Force calls hangar queens. “They were sac­ri­fi­cial lambs,” the senior advis­er said. Most of the impor­tant per­son­nel and oper­a­tional fight­er planes had been flown to near­by bases hours before the raid began. The two run­ways and park­ing places for air­craft, which had also been tar­get­ed, were repaired and back in oper­a­tion with­in eight hours or so. All in all, it was lit­tle more than an expen­sive fire­works dis­play.

“It was a total­ly Trump show from begin­ning to end,” the senior advis­er said. “A few of the president’s senior nation­al secu­ri­ty advis­ers viewed the mis­sion as a min­i­mized bad pres­i­den­tial deci­sion, and one that they had an oblig­a­tion to car­ry out. But I don’t think our nation­al secu­ri­ty peo­ple are going to allow them­selves to be hus­tled into a bad deci­sion again. If Trump had gone for option three, there might have been some imme­di­ate res­ig­na­tions.”

After the meet­ing, with the Tom­a­hawks on their way, Trump spoke to the nation from Mar-a-Lago, and accused Assad of using nerve gas to choke out “the lives of help­less men, women and chil­dren. It was a slow and bru­tal death for so many … No child of God should ever suf­fer such hor­ror.” The next few days were his most suc­cess­ful as pres­i­dent. Amer­i­ca ral­lied around its com­man­der in chief, as it always does in times of war. Trump, who had cam­paigned as some­one who advo­cat­ed mak­ing peace with Assad, was bomb­ing Syr­ia 11 weeks after tak­ing office, and was hailed for doing so by Repub­li­cans, Democ­rats and the media alike. One promi­nent TV anchor­man, Bri­an Williams of MSNBC, used the word “beau­ti­ful” to describe the images of the Tom­a­hawks being launched at sea. Speak­ing on CNN, Fareed Zakaria said: “I think Don­ald Trump became pres­i­dent of the Unit­ed States.” A review of the top 100 Amer­i­can news­pa­pers showed that 39 of them pub­lished edi­to­ri­als sup­port­ing the bomb­ing in its after­math, includ­ing the New York TimesWash­ing­ton Post and Wall Street Jour­nal.

Five days lat­er, the Trump admin­is­tra­tion gath­ered the nation­al media for a back­ground brief­ing on the Syr­i­an oper­a­tion that was con­duct­ed by a senior White House offi­cial who was not to be iden­ti­fied. The gist of the brief­ing was that Russia’s heat­ed and per­sis­tent denial of any sarin use in the Khan Sheikhoun bomb­ing was a lie because Pres­i­dent Trump had said sarin had been used. That asser­tion, which was not chal­lenged or dis­put­ed by any of the reporters present, became the basis for a series of fur­ther crit­i­cisms:

– The con­tin­ued lying by the Trump admin­is­tra­tion about Syria’s use of sarin led to wide­spread belief in the Amer­i­can media and pub­lic that Rus­sia had cho­sen to be involved in a cor­rupt dis­in­for­ma­tion and cov­er-up cam­paign on the part of Syr­ia.

– Russia’s mil­i­tary forces had been co-locat­ed with Syria’s at the Shayrat air­field (as they are through­out Syr­ia), rais­ing the pos­si­bil­i­ty that Rus­sia had advance notice of Syria’s deter­mi­na­tion to use sarin at Khan Sheikhoun and did noth­ing to stop it.

– Syria’s use of sarin and Russia’s defense of that use strong­ly sug­gest­ed that Syr­ia with­held stocks of the nerve agent from the UN dis­ar­ma­ment team that spent much of 2014 inspect­ing and remov­ing all declared chem­i­cal war­fare agents from 12 Syr­i­an chem­i­cal weapons depots, pur­suant to the agree­ment worked out by the Oba­ma admin­is­tra­tion and Rus­sia after Syria’s alleged, but still unproven, use of sarin the year before against a rebel redoubt in a sub­urb of Dam­as­cus.

The briefer, to his cred­it, was care­ful to use the words “think,” “sug­gest” and “believe” at least 10 times dur­ing the 30-minute event. But he also said that his brief­ing was based on data that had been declas­si­fied by “our col­leagues in the intel­li­gence com­mu­ni­ty.” What the briefer did not say, and may not have known, was that much of the clas­si­fied infor­ma­tion in the com­mu­ni­ty made the point that Syr­ia had not used sarin in the April 4 bomb­ing attack.

The cri­sis slid into the back­ground by the end of April, as Rus­sia, Syr­ia and the Unit­ed States remained focused on anni­hi­lat­ing ISIS and the mili­tias of al-Qai­da. Some of those who had worked through the cri­sis, how­ev­er, were left with lin­ger­ing con­cerns. “The Salafists and jihadists got every­thing they want­ed out of their hyped-up Syr­i­an nerve gas ploy,” the senior advis­er to the U.S. intel­li­gence com­mu­ni­ty told me, refer­ring to the flare up of ten­sions between Syr­ia, Rus­sia and Amer­i­ca. “The issue is, what if there’s anoth­er false flag sarin attack cred­it­ed to hat­ed Syr­ia? Trump has upped the ante and paint­ed him­self into a cor­ner with his deci­sion to bomb. And do not think these guys are not plan­ning the next faked attack. Trump will have no choice but to bomb again, and hard­er. He’s inca­pable of say­ing he made a mis­take.”

———-

9. That’s omi­nous: So you know that poten­tial bomb­shell report by Sy Hersh in Die Welt about how Don­ald Trump’s intel­li­gence and mil­i­tary advi­sors has con­clud­ed that Bashar Assad’s regime was not in fact respon­si­ble for a sarin gas attack but instead the cloud of chem­i­cals was a con­se­quence of sec­ondary explo­sions of stored chlo­rine and fer­til­iz­er in build­ing by the Syr­i­an air force? That report has been almost entire­ly ignored by Amer­i­can news out­lets? Well, it’s going to be a lot hard­er to ignore that report now that the White House just issued an omi­nous mes­sage indi­cat­ing it has evi­dence that Assad’s forces were plan­ning a chem­i­cal attack and if that hap­pens the con­se­quences will be severe and Russ­ian and Iran will be held respon­si­ble:

“White House says Syria’s Assad prepar­ing anoth­er chem­i­cal attack, warns of ‘heavy’ penal­ty” by Abby Phillip and Dan Lamothe; The Wash­ing­ton Post; 06/26/2017

The White House issued an omi­nous warn­ing to Syr­i­an Pres­i­dent Bashar al-Assad on Mon­day night, pledg­ing that his regime would pay a “heavy price” if it car­ried out anoth­er chem­i­cal attack this year.

In a state­ment, White House press sec­re­tary Sean Spicer said that the Unit­ed States had detect­ed evi­dence of prepa­ra­tions for a chem­i­cal attack, sim­i­lar to the prepa­ra­tions that occurred before an attack in April.

“The Unit­ed States has iden­ti­fied poten­tial prepa­ra­tions for anoth­er chem­i­cal weapons attack by the Assad regime that would like­ly result in the mass mur­der of civil­ians, includ­ing inno­cent chil­dren,” Spicer said in the state­ment. “The activ­i­ties are sim­i­lar to prepa­ra­tions the regime made before its April 4, 2017 chem­i­cal weapons attack.

“As we have pre­vi­ous­ly stat­ed, the Unit­ed States is in Syr­ia to elim­i­nate the Islam­ic State of Iraq and Syr­ia,” he con­tin­ued. “If, how­ev­er, Mr. Assad con­ducts anoth­er mass mur­der attack using chem­i­cal weapons, he and his mil­i­tary will pay a heavy price.”

Fol­low­ing the April attack, Pres­i­dent Trump ordered an air strike against the Assad-con­trolled air field where the attack was believed to have been car­ried out.

At the time, Trump said that Assad’s use of chem­i­cal weapons against inno­cent women and chil­dren made action inevitable.

“When you kill inno­cent chil­dren, inno­cent babies, babies, lit­tle babies, with a chem­i­cal gas that is so lethal — peo­ple were shocked to hear what gas it was,” Trump said after the attack. “That cross­es many, many lines, beyond a red line, many, many lines.”

Fol­low­ing Spicer’s state­ment on Mon­day night, Nik­ki Haley, the U.S. Ambas­sador to the Unit­ed Nations said Assad and its allies would be square­ly blamed if such an attack occurred.

“Any fur­ther attacks done to the peo­ple of Syr­ia will be blamed on Assad, but also on Rus­sia & Iran who sup­port him killing his own peo­ple,”Haley wrote.

Any fur­ther attacks done to the peo­ple of Syr­ia will be blamed on Assad, but also on Rus­sia & Iran who sup­port him killing his own peo­ple.— Nik­ki Haley (@nikkihaley) June 27, 2017

The U.S. mil­i­tary main­tains a vari­ety of weapons in the region that could be used in the event of anoth­er strike, includ­ing manned and unmanned air­craft in sev­er­al Mid­dle East­ern coun­tries. But the most like­ly sce­nario is prob­a­bly a strike using naval assets, which can be launched with few­er diplo­mat­ic issues than using bases in allied coun­tries such as Turkey or the Unit­ed Arab Emi­rates.

The Navy launched Tom­a­hawk mis­siles at a Syr­i­an mil­i­tary air­field April 6 in response to a pre­vi­ous alleged chem­i­cal weapons attack, using two guid­ed-mis­sile destroy­ers in the east­ern Mediter­ranean Sea, the USS Ross and USS Porter, to do so.

A point of con­tention for the Pen­ta­gon after the last strike was the Syr­i­an regime’s alleged use of a nerve agent, like sarin. It is far dead­lier than some oth­er chem­i­cals that U.S. mil­i­tary and intel­li­gence offi­cials say that the regime has used, such as chlo­rine.

———-

“”The Unit­ed States has iden­ti­fied poten­tial prepa­ra­tions for anoth­er chem­i­cal weapons attack by the Assad regime that would like­ly result in the mass mur­der of civil­ians, includ­ing inno­cent chil­dren,” Spicer said in the state­ment. “The activ­i­ties are sim­i­lar to prepa­ra­tions the regime made before its April 4, 2017 chem­i­cal weapons attack.”

That was the mes­sage from Sean Spicer, fol­lowed by this warn­ing to Iran and Rus­sia from UN Ambas­sador Nik­ki Haley:


Fol­low­ing Spicer’s state­ment on Mon­day night, Nik­ki Haley, the U.S. Ambas­sador to the Unit­ed Nations said Assad and its allies would be square­ly blamed if such an attack occurred.

“Any fur­ther attacks done to the peo­ple of Syr­ia will be blamed on Assad, but also on Rus­sia & Iran who sup­port him killing his own peo­ple,” Haley wrote.

 

Discussion

34 comments for “FTR #964 Lies, Damned Lies and Statistics”

  1. The Office of the Direc­tor of Nation­al Intel­li­gence had a rather curi­ous response to a Free­dom of Infor­ma­tion Act law­suit demand­ing the release of the clas­si­fied report giv­en to Pres­i­dent Oba­ma back in Jan­u­ary pur­port­ing to show the Russ­ian gov­ern­ment was behind the hacks. That the ODNI does­n’t want to release this doc­u­ment isn’t par­tic­u­lar­ly curi­ous. That’s to be expect­ed. It’s the expla­na­tion from the ODNI for why they can’t release the doc­u­ment that’s curi­ous. Accord­ing to the ODNI, the request­ed doc­u­ment would present a risk to human intel­li­gence sources by reveal­ing the com­par­a­tive weight giv­en to human vs tech­ni­cal evi­dence, risk­ing US sources and meth­ods. But the ODNI went fur­ther, sug­gest­ing that even releas­ing a ful­ly redact­ed doc­u­ment would present sim­i­lar risks. So who knows what’s it that ODNI report, but it’s appar­ent­ly so damn sen­si­tive that the released of a ful­ly redact­ed ver­sion of it presents a nation­al secu­ri­ty risk:

    Politi­co

    Feds won’t release redact­ed intel­li­gence report on Russ­ian elec­tion med­dling

    By Josh Ger­stein

    06/27/2017 12:15 AM EDT
    Updat­ed 06/27/2017 07:51 AM EDT

    The Trump admin­is­tra­tion is refus­ing to release a redact­ed ver­sion of a key report Pres­i­dent Barack Oba­ma received in Jan­u­ary on alleged Russ­ian inter­fer­ence in the 2016 pres­i­den­tial elec­tion, court fil­ings show.

    Then-Direc­tor of Nation­al Intel­li­gence James Clap­per made pub­lic an unclas­si­fied ver­sion of that report, but the Elec­tron­ic Pri­va­cy Infor­ma­tion Cen­ter brought a Free­dom of Infor­ma­tion Act law­suit demand­ing a copy of the clas­si­fied report giv­en to Oba­ma at the same time. EPIC said the unclas­si­fied ver­sion omit­ted “crit­i­cal tech­ni­cal evi­dence” that could help the pub­lic assess U.S. intel­li­gence agen­cies’ claims that Rus­sia did make efforts to affect the out­come of the 2016 race.

    How­ev­er, a top offi­cial in the Office of the Direc­tor of Nation­al Intel­li­gence said in a court dec­la­ra­tion filed Mon­day that releas­ing the orig­i­nal report with clas­si­fied infor­ma­tion blacked out would be a field day for for­eign intel­li­gence oper­a­tives, includ­ing the very Rus­sians the report accus­es of under­tak­ing the inter­fer­ence.

    “Release of a redact­ed report would be of par­tic­u­lar assis­tance to Russ­ian intel­li­gence, which, armed with both the declas­si­fied report and a redact­ed copy of the clas­si­fied report, would be able to dis­cern the vol­ume of intel­li­gence the U.S. cur­rent­ly pos­sess­es with respect to Russ­ian attempts to influ­ence the 2016 elec­tion,” Deputy Direc­tor of Nation­al Intel­li­gence for Intel­li­gence Inte­gra­tion Edward Gis­taro wrote.

    “This would reveal the matu­ri­ty of the U.S. intel­li­gence efforts and expose infor­ma­tion about the [intel­li­gence com­mu­ni­ty’s] capa­bil­i­ties (includ­ing sources and meth­ods) that could rea­son­ably be expect­ed to cause seri­ous or excep­tion­al­ly grave dan­ger to U.S. nation­al secu­ri­ty.”

    The intel­li­gence offi­cial argued that a redact­ed ver­sion of the orig­i­nal report would allow a trained eye to assess “com­par­a­tive weight” of human intel­li­gence and sig­nals intel­li­gence report­ing includ­ed in the com­pendi­um. Release of some of the infor­ma­tion the pri­va­cy-focused orga­ni­za­tion wants made pub­lic “could prove fatal to U.S. human intel­li­gence sources,” Gis­taro warned.

    Gis­taro also appears to argue that even if offi­cials blacked out the whole report, high­ly clas­si­fied infor­ma­tion would be at risk.

    “I agree with the [Nation­al Intel­li­gence Coun­cil] that a heav­i­ly or even ful­ly redact­ed ver­sion of the clas­si­fied report can not be pub­licly released with­out jeop­ar­diz­ing nation­al secu­ri­ty infor­ma­tion prop­er­ly clas­si­fied as SECRET or TOP SECRET,” he wrote.

    EPIC sought the infor­ma­tion in Jan­u­ary, just days after offi­cials released the pub­lic ver­sion of the report. The group filed suit in fed­er­al court in Wash­ing­ton in Feb­ru­ary after fail­ing to get any records from ODNI.

    “The ODNI should release the com­plete report to EPIC so that the pub­lic and the Con­gress can under­stand the full extent of the Russ­ian inter­fer­ence with the 2016 Pres­i­den­tial elec­tion,” EPIC’s Marc Roten­berg told POLITICO Tues­day. “It is already clear that gov­ern­ment secre­cy is frus­trat­ing mean­ing­ful over­sight. The FBI, for exam­ple, will not even iden­ti­fy the states that were tar­get­ed by Rus­sia.”

    ...

    Roten­berg said his group is pur­su­ing two oth­er relat­ed FOIA suits: one seek­ing records abou the FBI’s response to the alleged Russ­ian med­dling and anoth­er seek­ing Trump’s tax records from the IRS.

    ———–

    “Feds won’t release redact­ed intel­li­gence report on Russ­ian elec­tion med­dling” by Josh Ger­stein; Politi­co; 06/27/2017

    ““Release of a redact­ed report would be of par­tic­u­lar assis­tance to Russ­ian intel­li­gence, which, armed with both the declas­si­fied report and a redact­ed copy of the clas­si­fied report, would be able to dis­cern the vol­ume of intel­li­gence the U.S. cur­rent­ly pos­sess­es with respect to Russ­ian attempts to influ­ence the 2016 elec­tion,” Deputy Direc­tor of Nation­al Intel­li­gence for Intel­li­gence Inte­gra­tion Edward Gis­taro wrote.”

    Reveal­ing the vol­ume of the report alone is appar­ent­ly prob­lem­at­ic. So request­ed report is pre­sum­ably either sur­pris­ing long or sur­pris­ing­ly short. The length of the report is reveal­ing of...some­thing. And would reveal top secret intel­li­gence and put lives at risk even if the report was ful­ly redact­ed:

    ...
    “This would reveal the matu­ri­ty of the U.S. intel­li­gence efforts and expose infor­ma­tion about the [intel­li­gence com­mu­ni­ty’s] capa­bil­i­ties (includ­ing sources and meth­ods) that could rea­son­ably be expect­ed to cause seri­ous or excep­tion­al­ly grave dan­ger to U.S. nation­al secu­ri­ty.”

    The intel­li­gence offi­cial argued that a redact­ed ver­sion of the orig­i­nal report would allow a trained eye to assess “com­par­a­tive weight” of human intel­li­gence and sig­nals intel­li­gence report­ing includ­ed in the com­pendi­um. Release of some of the infor­ma­tion the pri­va­cy-focused orga­ni­za­tion wants made pub­lic “could prove fatal to U.S. human intel­li­gence sources,” Gis­taro warned.

    Gis­taro also appears to argue that even if offi­cials blacked out the whole report, high­ly clas­si­fied infor­ma­tion would be at risk.

    “I agree with the [Nation­al Intel­li­gence Coun­cil] that a heav­i­ly or even ful­ly redact­ed ver­sion of the clas­si­fied report can not be pub­licly released with­out jeop­ar­diz­ing nation­al secu­ri­ty infor­ma­tion prop­er­ly clas­si­fied as SECRET or TOP SECRET,” he wrote.
    ...

    ““I agree with the [Nation­al Intel­li­gence Coun­cil] that a heav­i­ly or even ful­ly redact­ed ver­sion of the clas­si­fied report can not be pub­licly released with­out jeop­ar­diz­ing nation­al secu­ri­ty infor­ma­tion prop­er­ly clas­si­fied as SECRET or TOP SECRET,” he wrote.”

    What is it about this report’s vol­ume that’s so dan­ger­ous reveal­ing? We don’t get to know. But note the kind of infor­ma­tion that EPIC was try­ing to get from its law­suit and which was large­ly left out of the released unclas­si­fied ver­sion: Tech­ni­cal evi­dence:

    ...
    Then-Direc­tor of Nation­al Intel­li­gence James Clap­per made pub­lic an unclas­si­fied ver­sion of that report, but the Elec­tron­ic Pri­va­cy Infor­ma­tion Cen­ter brought a Free­dom of Infor­ma­tion Act law­suit demand­ing a copy of the clas­si­fied report giv­en to Oba­ma at the same time. EPIC said the unclas­si­fied ver­sion omit­ted “crit­i­cal tech­ni­cal evi­dence” that could help the pub­lic assess U.S. intel­li­gence agen­cies’ claims that Rus­sia did make efforts to affect the out­come of the 2016 race.
    ...

    So it’s prob­a­bly worth not­ing that the big piece in the Wash­ing­ton Post describ­ing the behind-the-scenes deci­sion-mak­ing in the Oba­ma admin­is­tra­tion over how to respond the hacks and the risk of more cyber­at­tacks men­tions the crit­i­cal sources of intel­li­gence that the US relied on in com­ing to its con­clu­sion that the Russ­ian gov­ern­ment was behind the hacks. There was crit­i­cal human intel­li­gence that appar­ent­ly came from a source deep inside the Krem­lin, and crit­i­cal tech­ni­cal evi­dence from a for­eign ally. And there was some­thing about that ally that made the NSA not trust that evi­dence ini­tial­ly. So the refusal to even release a ful­ly redact­ed ver­sion of that report over fears of reveal­ing sources and meth­ods is pret­ty odd since there’s already been some sig­nif­i­cant details revealed in the media about those sources and meth­ods. Details like a source deep inside the Krem­lin:

    The Wash­ing­ton Post

    Obama’s secret strug­gle to pun­ish Rus­sia for Putin’s elec­tion assault

    By Greg Miller, Ellen Nakashima and Adam Entous
    June 23, 2017

    Ear­ly last August, an enve­lope with extra­or­di­nary han­dling restric­tions arrived at the White House. Sent by couri­er from the CIA, it car­ried “eyes only” instruc­tions that its con­tents be shown to just four peo­ple: Pres­i­dent Barack Oba­ma and three senior aides.

    Inside was an intel­li­gence bomb­shell, a report drawn from sourc­ing deep inside the Russ­ian gov­ern­ment that detailed Russ­ian Pres­i­dent Vladimir Putin’s direct involve­ment in a cyber cam­paign to dis­rupt and dis­cred­it the U.S. pres­i­den­tial race.

    ...

    Despite the intel­li­gence the CIA had pro­duced, oth­er agen­cies were slow­er to endorse a con­clu­sion that Putin was per­son­al­ly direct­ing the oper­a­tion and want­ed to help Trump. “It was def­i­nite­ly com­pelling, but it was not defin­i­tive,” said one senior admin­is­tra­tion offi­cial. “We need­ed more.”

    Some of the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia came from anoth­er coun­try, offi­cials said. Because of the source of the mate­r­i­al, the NSA was reluc­tant to view it with high con­fi­dence.

    ...

    ———-

    “Obama’s secret strug­gle to pun­ish Rus­sia for Putin’s elec­tion assault” by Greg Miller, Ellen Nakashima and Adam Entous; The Wash­ing­ton Post; 06/23/2017

    “Some of the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia came from anoth­er coun­try, offi­cials said. Because of the source of the mate­r­i­al, the NSA was reluc­tant to view it with high con­fi­dence.”

    So based on the Wash­ing­ton Post report we’re told that some of the most crit­i­cal tech­ni­cal evi­dence come from a rather iffy source. And based on the ODNI’s expla­na­tion for why it can’t release even a ful­ly redact­ed ver­sion of that report it’s because doing so could reveal the rel­a­tive weight the US applied to human vs tech­ni­cal evi­dence in com­ing to its assess­ment. It rais­es the pos­si­bil­i­ty of the tech­ni­cal evi­dence play­ing a sur­pris­ing­ly small role, which is turn rais­es the ques­tion of just how much the final con­clu­sion was based on the Krem­lin source alone.

    And giv­en the pos­si­bil­i­ty that human intel­li­gence played an over­whelm­ing role in the US reach­ing the con­clu­sion it made, it’s increas­ing­ly impor­tant to keep in mind one of the more amaz­ing rev­e­la­tions in how this inves­ti­ga­tion unfold­ed: the dis­cov­ery that some­one was passed the FBI Russ­ian intel­li­gence doc­u­ments in March of 2016 claim­ing that the Rus­sians had the hacked DNC emails. And that alleged Russ­ian intel­li­gence doc­u­ment turned out to con­tain dis­in­for­ma­tion. The source was unable to pro­vide any of the emails the doc­u­ment claimed the Rus­sians had and the FBI was unable to cor­rob­o­rate oth­er intel­li­gence pro­vid­ed by this same source. So it’s already been report­ed that some­one, pre­sum­ably some­one with access to Russ­ian intel­li­gence, was feed­ing the US gov­ern­ment dis­in­for­ma­tion about Russ­ian involve­ment in the hack:

    The Wash­ing­ton Post

    How a dubi­ous Russ­ian doc­u­ment influ­enced the FBI’s han­dling of the Clin­ton probe

    By Karoun Demir­jian and Devlin Bar­rett
    May 24, 2017

    A secret doc­u­ment that offi­cials say played a key role in then-FBI Direc­tor James B. Comey’s han­dling of the Hillary Clin­ton email inves­ti­ga­tion has long been viewed with­in the FBI as unre­li­able and pos­si­bly a fake, accord­ing to peo­ple famil­iar with its con­tents.

    In the midst of the 2016 pres­i­den­tial pri­ma­ry sea­son, the FBI received what was described as a Russ­ian intel­li­gence doc­u­ment claim­ing a tac­it under­stand­ing between the Clin­ton cam­paign and the Jus­tice Depart­ment over the inquiry into whether she inten­tion­al­ly revealed clas­si­fied infor­ma­tion through her use of a pri­vate email serv­er.

    The Russ­ian doc­u­ment cit­ed a sup­posed email describ­ing how then-Attor­ney Gen­er­al Loret­ta E. Lynch had pri­vate­ly assured some­one in the Clin­ton cam­paign that the email inves­ti­ga­tion would not push too deeply into the mat­ter. If true, the rev­e­la­tion of such an under­stand­ing would have under­mined the integri­ty of the FBI’s inves­ti­ga­tion.

    Cur­rent and for­mer offi­cials have said that Comey relied on the doc­u­ment in mak­ing his July deci­sion to announce on his own, with­out Jus­tice Depart­ment involve­ment, that the inves­ti­ga­tion was over. That pub­lic announce­ment — in which he crit­i­cized Clin­ton and made exten­sive com­ments about the evi­dence — set in motion a chain of oth­er FBI moves that Democ­rats now say helped Trump win the pres­i­den­tial elec­tion.

    But accord­ing to the FBI’s own assess­ment, the doc­u­ment was bad intel­li­gence — and accord­ing to peo­ple famil­iar with its con­tents, pos­si­bly even a fake sent to con­fuse the bureau. The Amer­i­cans men­tioned in the Russ­ian doc­u­ment insist they do not know each oth­er, do not speak to each oth­er and nev­er had any con­ver­sa­tions remote­ly like the ones described in the doc­u­ment. Inves­ti­ga­tors have long doubt­ed its verac­i­ty, and by August the FBI had con­clud­ed it was unre­li­able.

    The doc­u­ment, obtained by the FBI, was a piece of pur­port­ed analy­sis by Russ­ian intel­li­gence, the peo­ple said. It referred to an email sup­pos­ed­ly writ­ten by the then-chair of the Demo­c­ra­t­ic Nation­al Com­mit­tee, Rep. Deb­bie Wasser­man Schultz (D‑Fla.), and sent to Leonard Benar­do, an offi­cial with the Open Soci­ety Foun­da­tions, an orga­ni­za­tion found­ed by bil­lion­aire George Soros and ded­i­cat­ed to pro­mot­ing democ­ra­cy.

    The Russ­ian doc­u­ment did not con­tain a copy of the email, but it described some of the con­tents of the pur­port­ed mes­sage.

    In the sup­posed email, Wasser­man Schultz claimed Lynch had been in pri­vate com­mu­ni­ca­tion with a senior Clin­ton cam­paign staffer named Aman­da Rente­ria dur­ing the cam­paign. The doc­u­ment indi­cat­ed Lynch had told Rente­ria that she would not let the FBI inves­ti­ga­tion into Clin­ton go too far, accord­ing to peo­ple famil­iar with it.

    Cur­rent and for­mer offi­cials have argued that the secret doc­u­ment gave Comey good rea­son to take the extra­or­di­nary step over the sum­mer of announc­ing the find­ings of the Clin­ton inves­ti­ga­tion him­self with­out Jus­tice Depart­ment involve­ment.

    Comey had lit­tle choice, these peo­ple have said, because he feared that if Lynch announced no charges against Clin­ton, and then the secret doc­u­ment leaked, the legit­i­ma­cy of the entire case would be ques­tioned.

    From the moment the bureau received the doc­u­ment from a source in ear­ly March 2016, its verac­i­ty was the sub­ject of an inter­nal debate at the FBI. Sev­er­al peo­ple famil­iar with the mat­ter said the bureau’s doubts about the doc­u­ment hard­ened in August when offi­cials became more cer­tain that there was noth­ing to sub­stan­ti­ate the claims in the Russ­ian doc­u­ment. FBI offi­cials knew the bureau nev­er had the under­ly­ing email with the explo­sive alle­ga­tion, if it ever exist­ed.

    Yet senior offi­cials at the bureau con­tin­ued to rely on the doc­u­ment before and after the elec­tion as part of their jus­ti­fi­ca­tion for how they han­dled the case.

    Wasser­man Schultz and Benar­do said in sep­a­rate inter­views with The Wash­ing­ton Post that they do not know each oth­er and have nev­er com­mu­ni­cat­ed. Rente­ria, in an inter­view, and peo­ple famil­iar with Lynch’s account said the two also do not know each oth­er and have nev­er com­mu­ni­cat­ed. Lynch declined to com­ment for this arti­cle.

    More­over, Wasser­man Schultz, Benar­do and Rente­ria said they have nev­er been inter­viewed by the FBI about the mat­ter.

    Comey’s defend­ers still insist that there is rea­son to believe the doc­u­ment is legit­i­mate and that it right­ly played a major role in the director’s think­ing.

    “It was a very pow­er­ful fac­tor in the deci­sion to go for­ward in July with the state­ment that there shouldn’t be a pros­e­cu­tion,” said a per­son famil­iar with the mat­ter. “The point is that the bureau picked up hacked mate­r­i­al that hadn’t been dumped by the bad guys [the Rus­sians] involv­ing Lynch. And that would have pulled the rug out of any author­i­ta­tive announce­ment.”

    Oth­er peo­ple famil­iar with the doc­u­ment dis­agree sharply, say­ing such claims are disin­gen­u­ous because the FBI has known for a long time that the Russ­ian intel­li­gence doc­u­ment is unre­li­able and based on mul­ti­ple lay­ers of hearsay.

    “It didn’t mean any­thing to the inves­ti­ga­tion until after [senior FBI offi­cials] had to defend them­selves,” said one per­son famil­iar with the mat­ter. “Then they decid­ed it was impor­tant. But it’s junk, and they already knew that.”

    An FBI spokesman declined to com­ment. Comey did not respond to requests for com­ment.

    The peo­ple famil­iar with the Russ­ian doc­u­ment spoke on the con­di­tion of anonymi­ty because they were not autho­rized to dis­cuss its con­tents. No one famil­iar with it asked The Post to with­hold details about its ori­gins to safe­guard the source.

    Sev­er­al of them said they were con­cerned that reveal­ing details now about the doc­u­ment could be per­ceived as an effort to jus­ti­fy Trump’s deci­sion to fire Comey, but they argued that the doc­u­ment and Comey’s fir­ing are dis­tinct issues. Most of the peo­ple famil­iar with the doc­u­ment dis­agree strong­ly with the deci­sion to fire the direc­tor, but they also crit­i­cized cur­rent and for­mer offi­cials who have pri­vate­ly cit­ed the doc­u­ment as an impor­tant fac­tor in the deci­sions made by Comey and oth­er senior FBI offi­cials. Comey told law­mak­ers he would dis­cuss it with them only in a clas­si­fied ses­sion.

    Email not obtained

    After the bureau first received the doc­u­ment, it attempt­ed to use the source to obtain the ref­er­enced email but could not do so, these peo­ple said. The source that pro­vid­ed the doc­u­ment, they said, had pre­vi­ous­ly sup­plied oth­er infor­ma­tion that the FBI was also unable to cor­rob­o­rate.

    While it was con­duct­ing the Clin­ton email inves­ti­ga­tion, the FBI did not inter­view any­one men­tioned in the Russ­ian doc­u­ment about its claims. At the time, FBI agents were prob­ing numer­ous hack­ing cas­es involv­ing Democ­rats and oth­er groups, but they nev­er found an email like the one described in the doc­u­ment, these peo­ple said.

    Then on July 5, Comey decid­ed to announce on his own — with­out telling Lynch ahead of time — that he was clos­ing the Clin­ton email case with­out rec­om­mend­ing charges against any­one. Aides to Comey said he decid­ed to act alone after Lynch met pri­vate­ly with Bill Clin­ton for near­ly a half-hour on an air­port tar­mac in Phoenix about a week ear­li­er — and have since said pri­vate­ly the Russ­ian doc­u­ment was also a fac­tor in that deci­sion.

    The appear­ance of pos­si­ble con­flict aris­ing from the Phoenix meet­ing led FBI lead­er­ship to want to show it had reached the deci­sion inde­pen­dent­ly, with­out polit­i­cal inter­fer­ence from the Jus­tice Depart­ment.

    About a month after Comey’s announce­ment, FBI offi­cials asked to meet pri­vate­ly with the attor­ney gen­er­al. At the meet­ing, they told Lynch about a for­eign source sug­gest­ing she had told Rente­ria that Clin­ton did not have to wor­ry about the email probe, because she would keep the FBI in check, accord­ing to peo­ple famil­iar with the mat­ter.

    “Just so you know, I don’t know this per­son and have nev­er com­mu­ni­cat­ed with her,’’ Lynch told the FBI offi­cials, accord­ing to a per­son famil­iar with the dis­cus­sion. The FBI offi­cials assured her the con­ver­sa­tion was not a for­mal inter­view and said the doc­u­ment “didn’t have inves­tiga­tive val­ue,’’ the per­son said.

    Nev­er­the­less, the offi­cials said, they want­ed to give the attor­ney gen­er­al what is some­times referred to as a “defen­sive brief­ing’’ — advis­ing some­one of a poten­tial intel­li­gence issue that could come up at some future point.

    The agents nev­er men­tioned Wasser­man Schultz to Lynch but told her there was some uncer­tain­ty sur­round­ing the infor­ma­tion because of “pos­si­ble trans­la­tion issues,” accord­ing to a per­son famil­iar with the dis­cus­sion.

    Lynch told them they were wel­come to speak to her staff and to con­duct a for­mal inter­view of her, the per­son said. The FBI declined both offers.

    ‘I’ve nev­er heard of him’

    Rente­ria, a Cal­i­for­nia Demo­c­rat, first heard of the Russ­ian doc­u­ment and its descrip­tion of her role when a Post reporter called her.

    “Wow, that’s kind of weird and out of left field,’’ she said. “I don’t know Loret­ta Lynch, the attor­ney gen­er­al. I haven’t spo­ken to her.’’

    Rente­ria said she did know a Cal­i­for­nia woman by the same name who spe­cial­izes in util­i­ty issues. The Loret­ta Lynch in Cal­i­for­nia is a lawyer who once did cam­paign work for the Clin­tons decades ago involv­ing the White­wa­ter inves­ti­ga­tion. Blog­gers and oth­ers have pre­vi­ous­ly con­fused the two women, includ­ing dur­ing Lynch’s nom­i­na­tion to be attor­ney gen­er­al.

    Wasser­man Schultz and Benar­do, the alleged email­ers, were also per­plexed by the Russ­ian document’s claims.

    Wasser­man Schultz said: “Not only do I not know him — I’ve nev­er heard of him. I don’t know who this is. There’s no truth to this what­so­ev­er. I have nev­er sent an email remote­ly like what you’re describ­ing.’’

    She added that she had met Lynch, the for­mer attor­ney gen­er­al, once briefly at a din­ner func­tion.

    Benar­do said of Wasser­man Schultz: “I’ve nev­er met her. I’ve only read about her.”

    “I’ve nev­er in my life­time received any cor­re­spon­dence of any vari­ety — cor­re­spon­dence, fax, tele­phone, from Deb­bie Wasser­man Schultz,’’ he said. “If such doc­u­men­ta­tion exists, it’s of course made up.’’

    As for Rente­ria, Wasser­man Schultz said she knew who she was from past polit­i­cal work but had “vir­tu­al­ly no inter­ac­tion” with her dur­ing the 2016 cam­paign. “I was def­i­nite­ly in the same room as her on more than one occa­sion, but we did not inter­act, and no email exchange dur­ing the cam­paign, or ever,’’ she said.

    When asked, the indi­vid­u­als named in the doc­u­ment strug­gled to fath­om why their iden­ti­ties would have been woven togeth­er in a doc­u­ment describ­ing com­mu­ni­ca­tions they said nev­er hap­pened. But oth­ers rec­og­nized the dim out­lines of a con­spir­a­cy the­o­ry that would be less sur­pris­ing in Rus­sia, where Soros — the founder of the orga­ni­za­tion Benar­do works for — and Clin­ton are both regard­ed as polit­i­cal ene­mies of the Krem­lin.

    “The idea that Rus­sians would tell a sto­ry in which the Clin­ton cam­paign, Soros and even an Oba­ma admin­is­tra­tion offi­cial are con­nect­ed — that Rus­sians might tell such a sto­ry, that is not at all sur­pris­ing,” said Matt Rojan­sky, a Rus­sia expert and direc­tor of the Ken­nan Insti­tute at the Wil­son Cen­ter. “Because that is part of the Krem­lin world­view.”

    ...

    ———-

    “How a dubi­ous Russ­ian doc­u­ment influ­enced the FBI’s han­dling of the Clin­ton probe” by Karoun Demir­jian and Devlin Bar­rett; The Wash­ing­ton Post; 05/24/2017

    “After the bureau first received the doc­u­ment, it attempt­ed to use the source to obtain the ref­er­enced email but could not do so, these peo­ple said. The source that pro­vid­ed the doc­u­ment, they said, had pre­vi­ous­ly sup­plied oth­er infor­ma­tion that the FBI was also unable to cor­rob­o­rate.

    That does­n’t sound like a very good source. But they def­i­nite­ly good at mak­ing an impact despite rais­ing a num­ber of doubts:

    ...
    But accord­ing to the FBI’s own assess­ment, the doc­u­ment was bad intel­li­gence — and accord­ing to peo­ple famil­iar with its con­tents, pos­si­bly even a fake sent to con­fuse the bureau. The Amer­i­cans men­tioned in the Russ­ian doc­u­ment insist they do not know each oth­er, do not speak to each oth­er and nev­er had any con­ver­sa­tions remote­ly like the ones described in the doc­u­ment. Inves­ti­ga­tors have long doubt­ed its verac­i­ty, and by August the FBI had con­clud­ed it was unre­li­able.

    The doc­u­ment, obtained by the FBI, was a piece of pur­port­ed analy­sis by Russ­ian intel­li­gence, the peo­ple said. It referred to an email sup­pos­ed­ly writ­ten by the then-chair of the Demo­c­ra­t­ic Nation­al Com­mit­tee, Rep. Deb­bie Wasser­man Schultz (D‑Fla.), and sent to Leonard Benar­do, an offi­cial with the Open Soci­ety Foun­da­tions, an orga­ni­za­tion found­ed by bil­lion­aire George Soros and ded­i­cat­ed to pro­mot­ing democ­ra­cy.

    The Russ­ian doc­u­ment did not con­tain a copy of the email, but it described some of the con­tents of the pur­port­ed mes­sage.
    ...

    Adding to the mys­tery, note the tim­ing of the FBI receiv­ing this doc­u­ment: ear­ly March of 2016:

    ...
    From the moment the bureau received the doc­u­ment from a source in ear­ly March 2016, its verac­i­ty was the sub­ject of an inter­nal debate at the FBI. Sev­er­al peo­ple famil­iar with the mat­ter said the bureau’s doubts about the doc­u­ment hard­ened in August when offi­cials became more cer­tain that there was noth­ing to sub­stan­ti­ate the claims in the Russ­ian doc­u­ment. FBI offi­cials knew the bureau nev­er had the under­ly­ing email with the explo­sive alle­ga­tion, if it ever exist­ed.
    ...

    Keep in mind that the FBI first casu­al­ly noti­fied the DNC of the detect­ed hack­ing back in the fall of 2015 and the hacks weren’t pub­licly report­ed on until mid June of 2016. So this Russ­ian intel­li­gence doc­u­ment arrived in the FBI’s hands at a time when the US gov­ern­ment, and pre­sum­ably allied gov­ern­ments, knew about the ongo­ing hack­ing of the DNC, but the pub­lic at large did­n’t know. So some­one who can claim to have access to Russ­ian intel­li­gence doc­u­ments passed along an intel­li­gence doc­u­ment that impli­cat­ed the Russ­ian gov­ern­ment in the hacks months before the pub­lic phase of the hack­ing fias­co ever got start­ed. And that intel­li­gence con­tained dis­in­for­ma­tion seem­ing­ly intend­ed to sow fears in the US gov­ern­ment of what the Rus­sians would dump this alleged email to the pub­lic, dam­ag­ing pub­lic per­cep­tion of the inves­ti­ga­tions into HIllary’s pri­vate email­by show­ing col­lu­sion between the Attor­ney Gen­er­al and Hillary. And these fears appar­ent­ly cat­alyzed James Comey’s deci­sion to give that press con­fer­ence on June 8th. A press con­fer­ence that took place a week before the ini­tial news reports that the DNC was hacked and a month and a half before the ini­tial release by Wik­ileaks of the hacked emails in late July. It’s all pret­ty puz­zling.

    So is the “deep in the Krem­lin” source who claimed Putin ordered the hack­ing the same source of this bogus Russ­ian intel­li­gence doc­u­ment? Did the doc­u­ment even come from some­one in the Russ­ian gov­ern­ment or did it come from a rival intel­li­gence ser­vice? And if it did come from a rival intel­li­gence ser­vice, is this the same for­eign ally who pro­vid­ed the crit­i­cal tech­ni­cal evi­dence that the NSA did­n’t place much faith in or was that a dif­fer­ent for­eign ally?

    There’s no short­age of ques­tions raised by all this. Too bad the ODNI won’t release that clas­si­fied report. Appar­ent­ly it would have pro­vid­ed a lot of answers. Ful­ly redact­ed or not.

    Posted by Pterrafractyl | June 28, 2017, 8:30 pm
  2. Anoth­er day, anoth­er mas­sive rev­e­la­tion in the #TrumpRus­sia sto­ry: The Wall Street Jour­nal just put out a pair of sto­ries about what appears to be an oper­a­tion involv­ing senior fig­ures in the Trump cam­paign (Steve Ban­non, Kellyanne Con­way, Sam Clo­vis, and Michael Fly­nn) to seek out and obtain what they hoped were hacked emails from Hillary Clin­ton’s email serv­er that they appar­ent­ly believed were being pro­vid­ed by Russ­ian hack­ers prob­a­bly asso­ci­at­ed with the Russ­ian gov­ern­ment. This all appar­ent­ly was arranged short­ly after Trump made his infa­mous call for Russ­ian to hack Hillary’s emails and the per­son lead­ing the oper­a­tion is the one who went to the Wall Street Jour­nal to tell every­one about it. Yep.

    So who is this gad­fly who led what was pur­port­ed­ly one of the most sen­si­tive polit­i­cal dirty tricks oper­a­tions in decades and just could help blab­bing about it to a the Wall Street Jour­nal (a Mur­doch fam­i­ly owned pub­li­ca­tion): Peter Smith, an 81 year old long-time con­ser­v­a­tive activist bet­ter known for his work in the 90’s financ­ing anti-Clin­ton con­spir­a­cy the­o­ries and scan­dals like “Troop­er­gate”. For some rea­son he decid­ed to tell all this to the Wall Street Jour­nal back in May, and then he died a week and half lat­er. Smith talks about how he was in con­tact with 5 dif­fer­ent hack­ers claim­ing to have Hillary Clin­ton’s hacked emails, two of which he believed were Russ­ian hack­ers that he assumed were work­ing for the Russ­ian gov­ern­ment, and how Smith’s team was unable to ever ver­i­fy if any of the emails pro­vid­ed by these hack­ers were real. And Smith decid­ed to tell the world about it for some real­ly mys­te­ri­ous rea­son.

    But Smith isn’t the only source in this sto­ry. Matt Tait, a for­mer GCHQ cyber ana­lysts who writes under the pseu­do­nym PwnAll­TheThings (and not the British ‘Alt-Right fig­ure of the same name) claims to have been con­tact­ed by Smith to pro­vide his exper­tise on whether or not the alleged­ly hacked emails were real. Tait claims he was con­tact­ed around the time Trump made his call for Rus­sia to hack Hillary and say he ini­tial­ly thought Smith want­ed him to pro­vide his analy­sis on the DNC email hack that Tait had already writ­ten about. It was only lat­er, after some phone inter­views with Smith and some oth­ers, that Smith dis­closed that he was putting togeth­er a group to try to track down and val­i­date Hillary’s emails that Smith believed were like­ly avail­able via hack­ers on the Dark­web. Tait says he grew uncom­fort­able with the oper­a­tion in mid Sep­tem­ber, refused to sign a non-dis­clo­sure agree­ment, and part­ed ways with Smith’s oper­a­tion.

    It’s also impor­tant to note that Tait was a fig­ure who was ini­tial­ly quite skep­ti­cal of Crowd­strike’s analy­sis that the DNC hacks were an act of the Russ­ian gov­ern­ment, but lat­er came around to that con­clu­sion. Why? Because of things like the meta-data in the leaked doc­u­ments like the “Iron Felix” name. And Tait also felt that Guc­cifer­’s behav­ior was­n’t self-aggran­diz­ing enough to be con­sis­tent with a loan hack­er. Also the com­mand and con­trol serv­er used by the hack­ers coin­cid­ed with the com­mand and con­trol serv­er used in the 2015 Bun­destag hacks(don’t for­get the IP address­es were inex­plic­a­bly hard cod­ed into the mal­ware). Based on this shod­dy “Hi! I’m a Russ­ian hack­er!” evi­dence, Tait con­clud­ed in a July 28th blog post that the DNC hacks had indeed been the work on Russ­ian gov­ern­ment agents and he made this argu­ment in a blog post a day after made his call for the Rus­sians to hack Hillary on July 27th. So when Smith’s group approached Tait, Tait had already made it pub­licly clear that he was ready and will­ing to go along with the devel­op­ing nar­ra­tive of Russ­ian gov­ern­ment hack­ers that was pred­i­cat­ed on the assump­tion that these were real­ly hor­ri­ble Russ­ian gov­ern­ment hack­ers.

    Tait respond­ed to the WSJ arti­cle with a long post on his blog were he lays out the per­son­al expe­ri­ences explain­ing why he went along with the oper­a­tions for as long as he did, why he left it, and why he was pret­ty sure Smith was­n’t just engag­ing in name-drop­ping and puffery when he claimed to be work­ing with a larg­er team that includ­ed fig­ures like Ban­non and Con­way, recount­ing the num­ber of details Smith would pro­vide to Tait about the inner work­ings of the Trump cam­paign.
    Also, crit­i­cal­ly, Tait notes that he nev­er saw any of the emails alleged­ly pro­vid­ed to Smith by the hack­ers they con­tact­ed on the dark web.

    But the rev­e­la­tions were lim­it­ed to the pair of WSJ reports or Tait’s own account. It also men­tions how US inves­ti­ga­tors are look­ing into intel­li­gence reports about appar­ent Russ­ian hack­ers were observ­er dis­cussing how they count hack Hillary’s emails and then get them to Michael Fly­nn through and inter­me­di­ary.

    So at that point it looks like a long-time GOP anti-Clin­ton dirty tricks oper­a­tive decid­ed to pro­mote a par­tic­u­lar nar­ra­tive about the Trump team’s role in the hack­ings that impli­cate Michael Fly­nn, Steven Ban­non, and Kellyanne Con­way in an oper­a­tion that involved get­ting hacked emails by but simul­ta­ne­ous­ly pro­mote the notion that it was Russ­ian gov­ern­ment hack­ers (and not, you know, peo­ple hired by the Trump team leav­ing tons of “Hi! I’m a Russ­ian hack­er!” fin­ger­prints). He decid­ed to do this almost two months ago, and it’s just com­ing out now. It’s kind of hard to take it all at face val­ue but it’s a pret­ty good attempt at a lim­it­ed hang­out intend­ed to push Trump aside and make way for a non-open­ly crazy GOP­er to replace him:

    Slate

    GOP Oper­a­tive Attempt­ed to Col­lude With Hack­ers He Thought Were Russ­ian to Get Hacked Clin­ton Emails

    By Elliot Han­non
    June 29 2017 9:52 PM

    On Thurs­day, the Wall Street Jour­nal report­ed the mak­ings of a poten­tial bomb­shell: Dur­ing the pres­i­den­tial cam­paign, a long­time GOP oper­a­tive claim­ing to work with retired Lt. Gen. Michael Fly­nn attempt­ed to col­lude with who he believed to be Russ­ian hack­ers in order to pro­cure thou­sands of emails delet­ed from Hillary Clinton’s per­son­al serv­er. The report­ing by the Jour­nal’s Shane Har­ris stops well short of con­nect­ing the dots to explic­it coor­di­na­tion between Fly­nn and the Rus­sians, but he adds a num­ber of new data points to the conversation—and none of them look good for the Trump White House.

    The GOP oper­a­tive in ques­tion is Peter W. Smith, who told the Jour­nal dur­ing an inter­view last month that he began shop­ping around for the some 33,000 delet­ed Clin­ton emails in ear­ly Sep­tem­ber 2016, two months before Elec­tion Day. Smith’s efforts came in the wake of the Wik­iLeaks release of hacked Demo­c­ra­t­ic Nation­al Com­mit­tee emails that July and a month before the organization’s release of emails hacked from Clin­ton cam­paign chair­man John Podes­ta in Octo­ber. “Mr. Smith, a pri­vate-equi­ty exec­u­tive from Chica­go active in Repub­li­can pol­i­tics, said he assem­bled a group of tech­nol­o­gy experts, lawyers and a Russ­ian-speak­ing inves­ti­ga­tor based in Europe to acquire emails the group the­o­rized might have been stolen from the pri­vate serv­er Mrs. Clin­ton used as sec­re­tary of state,” accord­ing to the WSJ.

    Smith, who died in May at the age of 81, a month after the WSJ inter­view, implied to the small cir­cle of peo­ple he con­tact­ed for help locat­ing the emails that he was work­ing with Fly­nn, who was then a senior advis­er to Don­ald Trump. “He said, ‘I’m talk­ing to Michael Fly­nn about this—if you find any­thing, can you let me know?’ ” a com­put­er-secu­ri­ty expert who helped search hack­er forums for leads told the WSJ. Emails sent by Smith—and reviewed by the WSJ—also implied Fly­nn was sup­port­ive of the effort to locate the Clin­ton emails, and went so far as to offer to arrange meet­ings with Fly­nn and his son, who worked for his dad’s com­pa­ny, and those he was try­ing to enlist to help.

    Here’s what Smith’s efforts net­ted him (via the WSJ):

    In the inter­view with the Jour­nal, Mr. Smith said he and his col­leagues found five groups of hack­ers who claimed to pos­sess Mrs. Clinton’s delet­ed emails, includ­ing two groups he deter­mined were Rus­sians.

    “We knew the peo­ple who had these were prob­a­bly around the Russ­ian gov­ern­ment,” Mr. Smith said.

    Mr. Smith said after vet­ting batch­es of emails offered to him by hack­er groups last fall, he couldn’t be sure enough of their authen­tic­i­ty to leak them him­self. “We told all the groups to give them to Wik­iLeaks,” he said. Wik­iLeaks has nev­er pub­lished those emails or claimed to have them. Mr. Smith and one of his asso­ciates said they had a line of com­mu­ni­ca­tion with Mr. Fly­nn and his con­sult­ing com­pa­ny …

    … The oper­a­tion Mr. Smith described is con­sis­tent with infor­ma­tion that has been exam­ined by U.S. inves­ti­ga­tors prob­ing Russ­ian inter­fer­ence in the elec­tions. Those inves­ti­ga­tors have exam­ined reports from intel­li­gence agen­cies that describe Russ­ian hack­ers dis­cussing how to obtain emails from Mrs. Clinton’s serv­er and then trans­mit them to Mr. Fly­nn via an inter­me­di­ary, accord­ing to U.S. offi­cials with knowl­edge of the intel­li­gence. It isn’t clear who that inter­me­di­ary might have been or whether Mr. Smith’s oper­a­tion was the one alleged­ly under dis­cus­sion by the Russ­ian hack­ers. The reports were com­piled dur­ing the same peri­od when Mr. Smith’s group was oper­at­ing, accord­ing to the offi­cials.

    Har­ris’ report­ing is pre­sum­ably the open­ing sal­vo in this line of inves­ti­ga­tion that, for the first time, implies explic­it col­lu­sion between the Trump cam­paign and Rus­sia. A Trump cam­paign offi­cial said Smith didn’t work for the cam­paign and Fly­nn, if he was involved, was par­tic­i­pat­ing in a per­son­al capac­i­ty, not as a cam­paign offi­cial. The fact that Smith didn’t offi­cial­ly work for the Trump cam­paign seems like a no-brain­er for obvi­ous rea­sons, but doesn’t mean he wasn’t act­ing at the behest of some­one on the cam­paign. Whether Fly­nn was act­ing in a per­son­al or pro­fes­sion­al capac­i­ty, at the moment, is a dis­tinc­tion with­out a dif­fer­ence. Yes, at some point it would be impor­tant if he was relay­ing orders, or act­ing on behalf of some­one high­er up on the Trump campaign—of which there weren’t many—presumably Steve Ban­non, who was lead­ing the cam­paign at that point, or even the pres­i­dent him­self.

    What the Jour­nal sto­ry does indi­cate, how­ev­er, is that a GOP oper­a­tive who pre­sent­ed him­self as work­ing with Mike Fly­nn, a top Trump advis­er with numer­ous dodgy Russ­ian ties him­self, active­ly solicit­ed Clin­ton emails from hack­ers he believed to be Russ­ian and assumed to be affil­i­at­ed with the Russ­ian gov­ern­ment. Once he obtained a stash of unver­i­fied emails pre­sent­ed as the delet­ed Clin­ton emails, this oper­a­tive then sug­gest­ed the hack­ers release the cache to Wik­iLeaks one month after the DNC Wik­iLeaks dump and a month before the Podes­ta Wik­iLeaks dump.

    ...

    ———-

    “GOP Oper­a­tive Attempt­ed to Col­lude With Hack­ers He Thought Were Russ­ian to Get Hacked Clin­ton Emails” by Elliot Han­non; Slate; 06/29/2017

    The GOP oper­a­tive in ques­tion is Peter W. Smith, who told the Jour­nal dur­ing an inter­view last month that he began shop­ping around for the some 33,000 delet­ed Clin­ton emails in ear­ly Sep­tem­ber 2016, two months before Elec­tion Day. Smith’s efforts came in the wake of the Wik­iLeaks release of hacked Demo­c­ra­t­ic Nation­al Com­mit­tee emails that July and a month before the organization’s release of emails hacked from Clin­ton cam­paign chair­man John Podes­ta in Octo­ber. “Mr. Smith, a pri­vate-equi­ty exec­u­tive from Chica­go active in Repub­li­can pol­i­tics, said he assem­bled a group of tech­nol­o­gy experts, lawyers and a Russ­ian-speak­ing inves­ti­ga­tor based in Europe to acquire emails the group the­o­rized might have been stolen from the pri­vate serv­er Mrs. Clin­ton used as sec­re­tary of state,” accord­ing to the WSJ.”

    A whole team was assem­bled to obtain hacked emails from what they say they assumed were Russ­ian hack­ers right at the height of a cam­paign that had Russ­ian gov­ern­ment hack­ing at the cen­ter of it. With Team peo­ple help­ing to coor­di­nate it. That’s the sto­ry. The sto­ry tak­en to a major news­pa­per and sat on for two months:

    ...
    Smith, who died in May at the age of 81, a month after the WSJ inter­view, implied to the small cir­cle of peo­ple he con­tact­ed for help locat­ing the emails that he was work­ing with Fly­nn, who was then a senior advis­er to Don­ald Trump. “He said, ‘I’m talk­ing to Michael Fly­nn about this—if you find any­thing, can you let me know?’ ” a com­put­er-secu­ri­ty expert who helped search hack­er forums for leads told the WSJ. Emails sent by Smith—and reviewed by the WSJ—also implied Fly­nn was sup­port­ive of the effort to locate the Clin­ton emails, and went so far as to offer to arrange meet­ings with Fly­nn and his son, who worked for his dad’s com­pa­ny, and those he was try­ing to enlist to help
    ...

    And in this sto­ry we learn that about how inves­ti­ga­tors are work­ing with intel­li­gence agen­cies describ­ing “Russ­ian hack­ers” dis­cussing how to hack Hillary’s emails and get them to Fly­nn tak­ing place dur­ing the same peri­od that Smith’s group was oper­at­ing:

    In the inter­view with the Jour­nal, Mr. Smith said he and his col­leagues found five groups of hack­ers who claimed to pos­sess Mrs. Clinton’s delet­ed emails, includ­ing two groups he deter­mined were Rus­sians.

    “We knew the peo­ple who had these were prob­a­bly around the Russ­ian gov­ern­ment,” Mr. Smith said.

    ...

    … The oper­a­tion Mr. Smith described is con­sis­tent with infor­ma­tion that has been exam­ined by U.S. inves­ti­ga­tors prob­ing Russ­ian inter­fer­ence in the elec­tions. Those inves­ti­ga­tors have exam­ined reports from intel­li­gence agen­cies that describe Russ­ian hack­ers dis­cussing how to obtain emails from Mrs. Clinton’s serv­er and then trans­mit them to Mr. Fly­nn via an inter­me­di­ary, accord­ing to U.S. offi­cials with knowl­edge of the intel­li­gence. It isn’t clear who that inter­me­di­ary might have been or whether Mr. Smith’s oper­a­tion was the one alleged­ly under dis­cus­sion by the Russ­ian hack­ers. The reports were com­piled dur­ing the same peri­od when Mr. Smith’s group was oper­at­ing, accord­ing to the offi­cials.

    So that was the first WSJ report. It did­n’t men­tion Smith’s con­nec­tion to any­one on the Trump cam­paign oth­er than Michael Fly­nn. It was the sec­ond WSJ report that drew in the rest of those senior Trump offi­cials. And for­mer GCHQ ana­lyst Matt Tait, who appears to be the source for much of this infor­ma­tion:

    Talk­ing Points Memo
    Edi­tor’s Blog

    This Is Big

    By Josh Mar­shall
    Pub­lished July 1, 2017 12:27 am

    This is big.

    As you may have heard, this evening The Wall Street Jour­nal pub­lished a major fol­low-up to its sto­ry from Thurs­day which described the work of a GOP mon­ey man and oppo research guy, the late Peter W. Smith, who was try­ing to get hacked emails from Rus­sia and held him­self out to be in con­tact with dis­graced Trump advi­sor Michael Fly­nn. On its face, the big new break in this fol­low-up sto­ry is a new doc­u­ment from Smith. The doc­u­ment is from what is described as a pack­age of recruit­ing mate­ri­als Smith was using to enlist cyber­se­cu­ri­ty tal­ent in his oper­a­tion. The doc­u­ment list­ed key offi­cials in the Trump cam­paign. These were appar­ent­ly peo­ple Smith claimed he was in touch with or work­ing with, though pre­cise­ly how or why they were men­tioned is not entire­ly clear.

    Here’s the key pas­sage from the Jour­nal arti­cle

    Offi­cials iden­ti­fied in the doc­u­ment include Steve Ban­non, now chief strate­gist for Pres­i­dent Don­ald Trump; Kellyanne Con­way, for­mer cam­paign man­ag­er and now White House coun­selor; Sam Clo­vis, a pol­i­cy advis­er to the Trump cam­paign and now a senior advis­er at the Agri­cul­ture Depart­ment; and retired Lt. Gen. Mike Fly­nn, who was a cam­paign advis­er and briefly was nation­al secu­ri­ty advis­er in the Trump admin­is­tra­tion.

    A few caveats are in order.

    From the Jour­nal report­ing at least it is not total­ly clear what Smith intend­ed by list­ing these peo­ple. It’s also pos­si­ble that Smith was free­lanc­ing. There are lots of peo­ple in the orbit of major cam­paigns puff­ing up their con­nec­tions to top play­ers. The Jour­nal arti­cle has Ban­non deny­ing any knowl­edge of Smith. Con­way says she knew Smith from GOP pol­i­tics over the years but was nev­er in con­tact with him about this.

    That’s the sto­ry as pre­sent­ed in the Jour­nal.

    What is also clear in the Jour­nal arti­cle is that the source of the new infor­ma­tion was almost cer­tain­ly a British nation­al and cyber­se­cu­ri­ty expert named Matt Tait. I would go through why this seems clear. But about an hour after the Jour­nal arti­cle was pub­lished, Tait him­self fol­lowed up with what I would say is the big piece of the night in the Law­fare blog.

    Tait pro­vides a much more detailed first-per­son account of his deal­ings with Smith. You’ll want to read it your­self. But the gist is that he’s a cyber­se­cu­ri­ty expert, he got press atten­tion with some online analy­sis he did about the DNC hack­ing. He lat­er got con­tact­ed by Smith – appar­ent­ly because Smith was look­ing for some­one to authen­ti­cate pur­port­ed, hacked Clin­ton emails he’d been offered. Tait didn’t at first know just what Smith was after or who he was. But once he got into a con­ver­sa­tion with Smith and found out some­one was offer­ing him the Clin­ton emails, he want­ed to know more.

    One crit­i­cal part of the sto­ry is that Tait nev­er saw the pur­port­ed emails, gen­uine or not. So he is not in a posi­tion to say what they were or who was offer­ing them to Smith.

    The crit­i­cal points Tait reveals are these. 1) That in his con­ver­sa­tions with Smith and his asso­ciates it was clear that they did not care if the sources of the emails were Russ­ian intel­li­gence offi­cers or if the emails had been hacked by Russ­ian intel­li­gence. They were entire­ly indif­fer­ent to this real­i­ty. They didn’t care. 2) Smith dis­cussed what seemed to be high­ly detailed and con­fi­den­tial infor­ma­tion about the inner work­ings of the Trump cam­paign, details that made Tait think that Smith wasn’t just some name drop­per free­lanc­ing but actu­al­ly had deep ties into the cam­paign and espe­cial­ly with Mike Fly­nn.

    Let me excerpt two key pas­sages …

    Over the course of our con­ver­sa­tions, one thing struck me as par­tic­u­lar­ly dis­turb­ing. Smith and I talked sev­er­al times about the DNC hack, and I expressed my view that the hack had like­ly been orches­trat­ed by Rus­sia and that the Krem­lin was using the stolen doc­u­ments as part of an influ­ence cam­paign against the Unit­ed States. I explained that if some­one had con­tact­ed him via the “Dark Web” with Clinton’s per­son­al emails, he should take very seri­ous­ly the pos­si­bil­i­ty that this may have been part of a wider Russ­ian cam­paign against the Unit­ed States. And I said he need not take my word for it, point­ing to a num­ber of occa­sions where US offi­cials had made it clear that this was the view of the U.S. intel­li­gence com­mu­ni­ty as well.

    Smith, how­ev­er, didn’t seem to care. From his per­spec­tive it didn’t mat­ter who had tak­en the emails, or their motives for doing so. He nev­er expressed to me any dis­com­fort with the pos­si­bil­i­ty that the emails he was seek­ing were poten­tial­ly from a Russ­ian front, a like­li­hood he was hap­py to acknowl­edge. If they were gen­uine, they would hurt Clinton’s chances, and there­fore help Trump.

    The sec­ond pas­sage is in regards to Smith’s knowl­edge of the inner-work­ings of the Trump cam­paign …

    Although it wasn’t ini­tial­ly clear to me how inde­pen­dent Smith’s oper­a­tion was from Fly­nn or the Trump cam­paign, it was imme­di­ate­ly appar­ent that Smith was both well con­nect­ed with­in the top ech­e­lons of the cam­paign and he seemed to know both Lt. Gen. Fly­nn and his son well. Smith rou­tine­ly talked about the goings on at the top of the Trump team, offer­ing deep insights into the bizarre world at the top of the Trump cam­paign. Smith told of Flynn’s deep dis­like of DNI Clap­per, whom Fly­nn blamed for his dis­missal by Pres­i­dent Oba­ma. Smith told of Flynn’s moves to posi­tion him­self to become CIA Direc­tor under Trump, but also that Fly­nn had been per­suad­ed that the Sen­ate con­fir­ma­tion process would be pro­hib­i­tive­ly dif­fi­cult. He would instead there­fore become Nation­al Secu­ri­ty Advi­sor should Trump win the elec­tion, Smith said. He also told of a deep sense of angst even among Trump loy­al­ists in the cam­paign, say­ing “Trump often just repeats what­ev­er he’s heard from the last per­son who spoke to him,” and express­ing the view that this was espe­cial­ly dan­ger­ous when Trump was away.

    Lat­er in the piece, Tait returns to the point when dis­cussing the afore­men­tioned doc­u­ment report­ed by the Jour­nal.

    As I men­tioned above, Smith and his asso­ciates’ knowl­edge of the inner work­ings of the cam­paign were insight­ful beyond what could be obtained by mere­ly attend­ing Repub­li­can events or watch­ing large amounts of news cov­er­age. But one thing I could not place, at least ini­tial­ly, was whether Smith was work­ing on behalf of the cam­paign, or whether he was act­ing inde­pen­dent­ly to help the cam­paign in his per­son­al capac­i­ty.

    Then, a few weeks into my inter­ac­tions with Smith, he sent me a doc­u­ment, osten­si­bly a cov­er page for a dossier of oppo­si­tion research to be com­piled by Smith’s group, and which pur­port­ed to clear up who was involved. The doc­u­ment was enti­tled “A Demon­stra­tive Ped­a­gog­i­cal Sum­ma­ry to be Devel­oped and Released Pri­or to Novem­ber 8, 2016,” and dat­ed Sep­tem­ber 7. It detailed a com­pa­ny Smith and his col­leagues had set up as a vehi­cle to con­duct the research: “KLS Research”, set up as a Delaware LLC “to avoid cam­paign report­ing,” and list­ing four groups who were involved in one way or anoth­er.

    The first group, enti­tled “Trump Cam­paign (in coor­di­na­tion to the extent per­mit­ted as an inde­pen­dent expen­di­ture)” list­ed a num­ber of senior cam­paign offi­cials: Steve Ban­non, Kellyanne Con­way, Sam Clo­vis, Lt. Gen. Fly­nn and Lisa Nel­son.

    The largest group named a num­ber of “inde­pen­dent groups / orga­ni­za­tions / indi­vid­u­als / resources to be deployed.” My name appears on this list. At the time, I didn’t rec­og­nize most of the oth­ers; how­ev­er, sev­er­al made head­lines in the weeks imme­di­ate­ly pri­or to the elec­tion.

    My per­cep­tion then was that the inclu­sion of Trump cam­paign offi­cials on this doc­u­ment was not mere­ly a name-drop­ping exer­cise. This doc­u­ment was about estab­lish­ing a com­pa­ny to con­duct oppo­si­tion research on behalf of the cam­paign, but oper­at­ing at a dis­tance so as to avoid cam­paign report­ing. Indeed, the doc­u­ment says as much in black and white.

    The com­bi­na­tion of Smith’s deep knowl­edge of the inner work­ings of the cam­paign, this doc­u­ment nam­ing him in the “Trump cam­paign” group, and the mul­ti­ple ref­er­ences to need­ing to avoid cam­paign report­ing sug­gest­ed to me that the group was formed with the bless­ing of the Trump cam­paign. In the Journal’s sto­ry this evening, sev­er­al of the indi­vid­u­als named in the doc­u­ment denied any con­nec­tion to Smith, and it’s cer­tain­ly pos­si­ble that he was a big name-drop­per and nev­er real­ly rep­re­sent­ed any­one oth­er than him­self. If that’s the case, Smith talked a very good game.

    As you can see, a good bit of this is how Tait inter­pret­ed what Smith and Smith’s asso­ciates told him. Tait is a British nation­al. So it is not unrea­son­able to assume he may not have a per­fect grasp of all the nuances of US pol­i­tics, just as you or I wouldn’t of British pol­i­tics. But if the facts he alleges are broad­ly accu­rate – and I have no rea­son to think they are not – he at least makes a pret­ty good case that Smith had some pret­ty strong lines into the high­est ech­e­lons of the Trump cam­paign and held him­self out as oper­at­ing on the campaign’s behalf.

    What appar­ent­ly prompt­ed Tait to come for­ward was what we not­ed yes­ter­day was like­ly the biggest news in the first of the two Jour­nal pieces: the report that the US gov­ern­ment had intel­li­gence show­ing Russ­ian oper­a­tives dis­cussing pass­ing hacked emails to Michael Fly­nn via an inter­me­di­ary.

    Now what does this all mean?

    This reads to me like the kind of sto­ry that rapid­ly shakes out a lot of new infor­ma­tion. Every big press out­fit in the coun­try must be yank­ing on all the dan­gling threads even as I write. This cer­tain­ly sounds like just the kind of attempt to work with the Russ­ian sub­ver­sion cam­paign that many have long sus­pect­ed. It con­nects up with peo­ple at the high­est lev­el of the Trump cam­paign. It looks like strong evi­dence of attempt­ed col­lu­sion by peo­ple at least in the orbit of the Trump cam­paign and quite like­ly in com­mu­ni­ca­tion with peo­ple at the high­est ech­e­lons of the cam­paign.

    But did it suc­ceed? Did they make con­tact? If there was a big pic­ture quid pro quo between Rus­sia and the Trump cam­paign why were they reach­ing out to Smith by such cir­cuitous meth­ods, ones that left Smith – if we can cred­it his account – feel­ing he need­ed to authen­ti­cate the emails? One thing that is worth not­ing, though it can be hard to keep track of in all these details, is that emails pur­port­ed­ly hacked from Clinton’s per­son­al email serv­er nev­er appeared dur­ing the cam­paign or since. So at least in this spe­cif­ic regard, what Smith and his cronies were up to didn’t pan out, for what­ev­er rea­son.

    To be clear, the ques­tions I’m rais­ing here don’t mean this didn’t hap­pen or doesn’t mat­ter. Far from it. They are just basic ques­tions any­one try­ing to get to the bot­tom of this would need to ask. It is pos­si­ble that the big over­ar­ch­ing sto­ry turns out to be some­thing we’ve dis­cussed here on sev­er­al occa­sions: a sce­nario in which Trump him­self didn’t cross any lines but he knew oth­ers near him did or tried. Or maybe it’s much more. What we can say now is that the Trump/Russia col­lu­sion sto­ry just moved dra­mat­i­cal­ly clos­er to the Trump inner cir­cle.

    ...

    ———-

    “This Is Big” by Josh Mar­shall; Talk­ing Points Memo; 07/01/2017

    “Offi­cials iden­ti­fied in the doc­u­ment include Steve Ban­non, now chief strate­gist for Pres­i­dent Don­ald Trump; Kellyanne Con­way, for­mer cam­paign man­ag­er and now White House coun­selor; Sam Clo­vis, a pol­i­cy advis­er to the Trump cam­paign and now a senior advis­er at the Agri­cul­ture Depart­ment; and retired Lt. Gen. Mike Fly­nn, who was a cam­paign advis­er and briefly was nation­al secu­ri­ty advis­er in the Trump admin­is­tra­tion.”

    Yep, senior Trump offi­cials were iden­ti­fied in a doc­u­ment describ­ing a cor­po­ra­tion set up to obtain these emails. And accord­ing to Tait’s own blog post­ing, this cor­po­ra­tion was set up in Delaware to avoid cam­paign dis­clo­sure laws (it’s a reminder that this sto­ry is anoth­er rea­son to revis­it cam­paign finance laws):

    ...
    Then, a few weeks into my inter­ac­tions with Smith, he sent me a doc­u­ment, osten­si­bly a cov­er page for a dossier of oppo­si­tion research to be com­piled by Smith’s group, and which pur­port­ed to clear up who was involved. The doc­u­ment was enti­tled “A Demon­stra­tive Ped­a­gog­i­cal Sum­ma­ry to be Devel­oped and Released Pri­or to Novem­ber 8, 2016,” and dat­ed Sep­tem­ber 7. It detailed a com­pa­ny Smith and his col­leagues had set up as a vehi­cle to con­duct the research: “KLS Research”, set up as a Delaware LLC “to avoid cam­paign report­ing,” and list­ing four groups who were involved in one way or anoth­er.

    The first group, enti­tled “Trump Cam­paign (in coor­di­na­tion to the extent per­mit­ted as an inde­pen­dent expen­di­ture)” list­ed a num­ber of senior cam­paign offi­cials: Steve Ban­non, Kellyanne Con­way, Sam Clo­vis, Lt. Gen. Fly­nn and Lisa Nel­son.

    The largest group named a num­ber of “inde­pen­dent groups / orga­ni­za­tions / indi­vid­u­als / resources to be deployed.” My name appears on this list. At the time, I didn’t rec­og­nize most of the oth­ers; how­ev­er, sev­er­al made head­lines in the weeks imme­di­ate­ly pri­or to the elec­tion.

    My per­cep­tion then was that the inclu­sion of Trump cam­paign offi­cials on this doc­u­ment was not mere­ly a name-drop­ping exer­cise. This doc­u­ment was about estab­lish­ing a com­pa­ny to con­duct oppo­si­tion research on behalf of the cam­paign, but oper­at­ing at a dis­tance so as to avoid cam­paign report­ing. Indeed, the doc­u­ment says as much in black and white.
    ...

    So as Josh Mar­shall rea­son­ably con­cludes, it looks like Tait is the source for much of the infor­ma­tion in this sec­ond WSJ arti­cle. Tait’s own blog post­ing that popped up short­ly after the arti­cle cer­tain­ly sup­ports that the­o­ry:

    ...
    What is also clear in the Jour­nal arti­cle is that the source of the new infor­ma­tion was almost cer­tain­ly a British nation­al and cyber­se­cu­ri­ty expert named Matt Tait. I would go through why this seems clear. But about an hour after the Jour­nal arti­cle was pub­lished, Tait him­self fol­lowed up with what I would say is the big piece of the night in the Law­fare blog.
    ...

    And in that blog post we find Tait describ­ing an expe­ri­ence where Smith was open­ly shar­ing with him all sorts of rather amaz­ing cam­paign gos­sip, like cam­paign infight­ing, doubts about Trump from his own staff, and Michael Fly­n­n’s own ambi­tions to become head of the CIA or Nation­al Secu­ri­ty Advi­sor. And this is all hap­pen­ing :
    while Tait describes him­self as basi­cal­ly an out­sider, and not a par­tic­u­lar­ly anti-Hillary out­sider, who was invit­ed into this cabal of GOP oper­a­tives and Trump team offi­cials:

    Law­fare

    The Time I Got Recruit­ed to Col­lude with the Rus­sians

    By Matt Tait
    Fri­day, June 30, 2017, 10:50 PM

    I read the Wall Street Jour­nal’s arti­cle yes­ter­day on attempts by a GOP oper­a­tive to recov­er miss­ing Hillary Clin­ton emails with more than usu­al inter­est. I was involved in the events that reporter Shane Har­ris described, and I was an unnamed source for the ini­tial sto­ry. What’s more, I was named in, and pro­vid­ed the doc­u­ments to Har­ris that formed the basis of, this evening’s fol­low-up sto­ry, which report­ed that “A long­time Repub­li­can activist who led an oper­a­tion hop­ing to obtain Hillary Clin­ton emails from hack­ers list­ed senior mem­bers of the Trump cam­paign, includ­ing some who now serve as top aides in the White House, in a recruit­ment doc­u­ment for his effort”:

    Offi­cials iden­ti­fied in the doc­u­ment include Steve Ban­non, now chief strate­gist for Pres­i­dent Don­ald Trump; Kellyanne Con­way, for­mer cam­paign man­ag­er and now White House coun­selor; Sam Clo­vis, a pol­i­cy advis­er to the Trump cam­paign and now a senior advis­er at the Agri­cul­ture Depart­ment; and retired Lt. Gen. Mike Fly­nn, who was a cam­paign advis­er and briefly was nation­al secu­ri­ty advis­er in the Trump admin­is­tra­tion.

    I’m writ­ing this piece in the spir­it of Ben­jamin Wittes’s account of his inter­ac­tions with James Comey imme­di­ate­ly fol­low­ing the New York Times sto­ry for which he act­ed as a source. The goal is to pro­vide a fuller account­ing of expe­ri­ences which were thor­ough­ly bizarre and which I did not ful­ly under­stand until I read the Jour­nal’s account of the episode yes­ter­day. Indeed, I still do not ful­ly under­stand the events I am going to describe, both what they reflect­ed then or what they mean in ret­ro­spect. But I can lay out what hap­pened, facts from which read­ers and inves­ti­ga­tors can draw their own con­clu­sions.

    For the pur­pose of what fol­lows, I will assume read­ers are already famil­iar with the Wall Street Jour­nal’s report­ing on this mat­ter.

    My role in these events began last spring, when I spent a great deal of time study­ing the series of Free­dom of Infor­ma­tion dis­clo­sures by the State Depart­ment of Hillary Clinton’s emails, and post­ing the parts I found most interesting—especially those rel­e­vant to com­put­er security—on my pub­lic Twit­ter account. I was doing this not because I am some par­tic­u­lar foe of Clinton’s—I’m not—but because like every­one else, I assumed she was like­ly to become the next Pres­i­dent of the Unit­ed States, and I believed her emails might pro­vide some insight into key cyber­se­cu­ri­ty and nation­al secu­ri­ty issues once she was elect­ed in Novem­ber.

    A while lat­er, on June 14, the Wash­ing­ton Post report­ed on a hack of the DNC osten­si­bly by Russ­ian intel­li­gence. When mate­r­i­al from this hack began appear­ing online, cour­tesy of the “Guc­cifer 2” online per­sona, I turned my atten­tion to look­ing at these stolen doc­u­ments. This time, my pur­pose was to try and under­stand who broke into the DNC, and why.

    A few weeks lat­er, right around the time the DNC emails were dumped by Wik­ileaks—and curi­ous­ly, around the same time Trump called for the Rus­sians to get get Hillary Clinton’s miss­ing emails—I was con­tact­ed out the blue by a man named Peter Smith, who had seen my work going through these emails. Smith implied that he was a well-con­nect­ed Repub­li­can polit­i­cal oper­a­tive.

    Ini­tial­ly, I assumed the query must have been about my work on the DNC hack; after all, few peo­ple fol­lowed my account pri­or to the DNC breach, where­as my analy­sis of the break-in at the DNC had received con­sid­er­ably more cov­er­age. I assumed his query about the “Clin­ton emails” was there­fore a mis­take and that he meant instead to talk to me about the emails stolen from the DNC. So I agreed to talk to him, think­ing that, what­ev­er my views on then-can­di­date Trump, if a nation­al cam­paign want­ed an inde­pen­dent non-par­ti­san view on the facts sur­round­ing the case, I should pro­vide it to the best of my abil­i­ty.

    Yet Smith had not con­tact­ed me about the DNC hack, but rather about his con­vic­tion that Clinton’s pri­vate email serv­er had been hacked—in his view almost cer­tain­ly both by the Russ­ian gov­ern­ment and like­ly by mul­ti­ple oth­er hack­ers too—and his desire to ensure that the fruits of those hacks were exposed pri­or to the elec­tion. Over the course of a long phone call, he men­tioned that he had been con­tact­ed by some­one on the “Dark Web” who claimed to have a copy of emails from Sec­re­tary Clinton’s pri­vate serv­er, and this was why he had con­tact­ed me; he want­ed me to help val­i­date whether or not the emails were gen­uine.

    Under oth­er cir­cum­stances, I would have gone no fur­ther. After all, this was occur­ring in the final stretch of a U.S. pres­i­den­tial elec­tion, and I did not feel com­fort­able, and had no inter­est in, pro­vid­ing mate­r­i­al help to either of the cam­paigns beyond mere­ly answer­ing ques­tions on my already pub­lic analy­sis of Clinton’s emails, or of the DNC hack. (I’m not a U.S. cit­i­zen or res­i­dent, after all.) In any case, my sus­pi­cion then and now was that Hillary Clinton’s email serv­er was like­ly nev­er breached by Rus­sia, and more­over that if Rus­sia had a copy of Clinton’s emails, they would not waste them in the run-up to an elec­tion she was like­ly to win. I thus thought Smith’s search for her emails was in vain.

    But fol­low­ing the DNC hack and watch­ing the Russ­ian influ­ence cam­paign sur­round­ing it unfold in near real-time, Smith’s com­ment about hav­ing been con­tact­ed by some­one from the “Dark Web” claim­ing to have Clinton’s per­son­al emails struck me as crit­i­cal­ly impor­tant. I want­ed to find out whether this per­son was mere­ly some fraud­ster want­i­ng to take Smith for a ride or some­thing more sin­is­ter: that is, whether Smith had been con­tact­ed by a Russ­ian intel­li­gence front with intent to use Smith as part of their scheme by laun­der­ing real or forged doc­u­ments.

    I nev­er found out who Smith’s con­tact on the “Dark Web” was. It was nev­er clear to me whether this per­son was mere­ly some­one try­ing to dupe Smith out of his mon­ey, or a Russ­ian front, and it was nev­er clear to me how they rep­re­sent­ed their own cre­den­tials to Smith.

    ...

    Over the course of a few phone calls, ini­tial­ly with Smith and lat­er with Smith and one of his associates—a man named John Szobocsan—I was asked about my obser­va­tions on tech­ni­cal details buried in the State Department’s release of Sec­re­tary Clinton’s emails (such as not­ing a hack attempt in 2011, or how Clinton’s emails might have been inter­cept­ed by Rus­sia due to lack of encryp­tion). I was also asked about aspects of the DNC hack, such as why I thought the “Guc­cifer 2” per­sona real­ly was in all like­li­hood oper­at­ed by the Russ­ian gov­ern­ment, and how it wasn’t nec­es­sary to rely on CrowdStrike’s attri­bu­tion as blind faith; not­ing that I had come to the same con­clu­sion inde­pen­dent­ly based on entire­ly pub­lic evi­dence, hav­ing been ini­tial­ly doubt­ful of CrowdStrike’s con­clu­sions.

    Towards the end of one of our con­ver­sa­tions, Smith made his pitch. He said that his team had been con­tact­ed by some­one on the “dark web”; that this per­son had the emails from Hillary Clinton’s pri­vate email serv­er (which she had sub­se­quent­ly delet­ed), and that Smith want­ed to estab­lish if the emails were gen­uine. If so, he want­ed to ensure that they became pub­lic pri­or to the elec­tion. What he want­ed from me was to deter­mine if the emails were gen­uine or not.

    It is no over­state­ment to say that my con­ver­sa­tions with Smith shocked me. Giv­en the amount of media atten­tion giv­en at the time to the like­ly involve­ment of the Russ­ian gov­ern­ment in the DNC hack, it seemed mind-bog­gling for the Trump campaign—or for this off­shoot of it—to be active­ly seek­ing those emails. To me this felt real­ly wrong.

    In my con­ver­sa­tions with Smith and his col­league, I tried to stress this point: if this dark web con­tact is a front for the Russ­ian gov­ern­ment, you real­ly don’t want to play this game. But they were not dis­cour­aged. They appeared to be con­vinced of the need to obtain Clinton’s pri­vate emails and make them pub­lic, and they had a reck­less lack of inter­est in whether the emails came from a Russ­ian cut-out. Indeed, they made it quite clear to me that it made no dif­fer­ence to them who hacked the emails or why they did so, only that the emails be found and made pub­lic before the elec­tion.

    In the end, I nev­er saw the actu­al mate­ri­als they’d been giv­en, and to this day, I don’t know whether there were gen­uine emails, or whether Smith and his asso­ciates were delud­ing them­selves.

    By the mid­dle of Sep­tem­ber, all con­tact between us end­ed. By this time, I had grown extreme­ly uncom­fort­able with the sit­u­a­tion, so when Smith and his col­league asked me to sign a non-dis­clo­sure agree­ment, I declined to do so. My sus­pi­cion was that the real pur­pose of the non-dis­clo­sure agree­ment was to ret­ro­spec­tive­ly apply con­fi­den­tial­i­ty to the con­ver­sa­tions we had already had before that point. I refused to sign the non-dis­clo­sure and we went our sep­a­rate ways.

    As I men­tioned above, Smith and his asso­ciates’ knowl­edge of the inner work­ings of the cam­paign were insight­ful beyond what could be obtained by mere­ly attend­ing Repub­li­can events or watch­ing large amounts of news cov­er­age. But one thing I could not place, at least ini­tial­ly, was whether Smith was work­ing on behalf of the cam­paign, or whether he was act­ing inde­pen­dent­ly to help the cam­paign in his per­son­al capac­i­ty.

    ...

    I’m sure read­ers are won­der­ing: why did I keep qui­et at the time? Actu­al­ly, I didn’t. In the fall, pri­or to the elec­tion, I dis­cussed the events of the sto­ry first with a friend, and sec­ond­ly with a jour­nal­ist. The trou­ble was that nei­ther I nor the reporter in ques­tion knew what to make of the whole oper­a­tion. It was cer­tain­ly clear that the events were bizarre, and deeply unset­tling. But it wasn’t reportable.

    After all, Clinton’s pri­vate emails nev­er mate­ri­al­ized. We couldn’t show that Smith had been in con­tact with actu­al Rus­sians. And while I believed—as I still do—that he was oper­at­ing with some degree of coor­di­na­tion with the cam­paign, that was at least a lit­tle murky too. The sto­ry just didn’t make much sense—that is, until the Jour­nal yes­ter­day pub­lished the crit­i­cal fact that U.S. intel­li­gence has report­ed that Russ­ian hack­ers were look­ing to get emails to Fly­nn through a cut-out dur­ing the Sum­mer of 2016, and this was no idle spec­u­la­tion on my part.

    Sud­den­ly, my sto­ry seemed important—and omi­nous.

    ———-

    “The Time I Got Recruit­ed to Col­lude with the Rus­sians” by Matt Tait; Law­fare; 06/30/2017

    “By the mid­dle of Sep­tem­ber, all con­tact between us end­ed. By this time, I had grown extreme­ly uncom­fort­able with the sit­u­a­tion, so when Smith and his col­league asked me to sign a non-dis­clo­sure agree­ment, I declined to do so. My sus­pi­cion was that the real pur­pose of the non-dis­clo­sure agree­ment was to ret­ro­spec­tive­ly apply con­fi­den­tial­i­ty to the con­ver­sa­tions we had already had before that point. I refused to sign the non-dis­clo­sure and we went our sep­a­rate ways.

    So after Tait, some­one with no obvi­ous out­side con­nec­tions to the Trump cam­paign, gets invit­ed into this amaz­ing­ly scan­dalous oper­a­tion, and Peter Smith shares all these details about the Trump cam­paign’s inner work­ings with Tait but also shares with Tait how the Trump team claims to think it was deal­ing with Russ­ian gov­ern­ment hack­ers, only lat­er does Smith try to get a non-dis­clo­sure agree­ment from Tait. It’s the lat­est indi­ca­tion that, if this whole nar­ra­tive is real, this entire ‘op’ has got to be one of the worst in his­to­ry from an oper­a­tional secu­ri­ty stand­point. The hacks by the ‘Russ­ian hack­ers’ were a bad joke, and now we’re told the Trump team senior offi­cials were involved in a cor­po­ra­tion set up to obtained this hacked mate­r­i­al from peo­ple they assumed were Russ­ian gov­ern­ment hack­ers. And they shared all this with an appar­ent­ly out­side who was for­mer GCHQ. Before ask­ing him to sign a non-dis­clo­sure agree­ment.

    While it’s kind of joke oper­a­tion if they were tru­ly try­ing to get these alleged­ly hacked HIllary emails into the pub­lic domain with­out the Trump team get­ting charged with col­lud­ing with the Russ­ian gov­ern­ment, if it was an oper­a­tion set up to poten­tial­ly get dis­cov­ered lat­er for the pur­pose of rein­forc­ing the nar­ra­tive that it was def­i­nite­ly Russ­ian gov­ern­ment hack­ers behind the DNC/Podesta hacks, and def­i­nite­ly not some­one involved with the Trump team, then it kind of makes sense. Poten­tial­ly dis­cov­ered lat­er. Like, if Trump lost and there were all sorts of inves­ti­ga­tion into Trump team activ­i­ties or if Trump won and turned out to be an unhinged lunatic. A pre-plant­ed lim­it­ed hang­out. Is that pos­si­ble? Well, again, note one of the rea­sons Smith would have poten­tial­ly found Tait a use­ful per­son to bring on board with this oper­a­tion if estab­lish­ing that nar­ra­tive: Tait was more than hap­py to back up Crowd­strike’s shod­dy analy­sis:

    ...
    Over the course of a few phone calls, ini­tial­ly with Smith and lat­er with Smith and one of his associates—a man named John Szobocsan—I was asked about my obser­va­tions on tech­ni­cal details buried in the State Department’s release of Sec­re­tary Clinton’s emails (such as not­ing a hack attempt in 2011, or how Clinton’s emails might have been inter­cept­ed by Rus­sia due to lack of encryp­tion). I was also asked about aspects of the DNC hack, such as why I thought the “Guc­cifer 2” per­sona real­ly was in all like­li­hood oper­at­ed by the Russ­ian gov­ern­ment, and how it wasn’t nec­es­sary to rely on CrowdStrike’s attri­bu­tion as blind faith; not­ing that I had come to the same con­clu­sion inde­pen­dent­ly based on entire­ly pub­lic evi­dence, hav­ing been ini­tial­ly doubt­ful of CrowdStrike’s con­clu­sions.
    ...

    Tait came around to Crowd­strike’s “Russ­ian gov­ern­ment hack­ers did view” based on some pret­ty ques­tion­able analy­sis.

    Beyond that, it’s hard to ignore the fact that two of the senior Trump offi­cials, Kellyanne Con­way and Steve Ban­non, joined the Trump team from the Robert Mercer/Cambridge Ana­lyt­i­ca crew. It was a pack­age deal. And as we’ve learned now about Cam­bridge Ana­lyt­i­ca, it’s got deep ties to con­ser­v­a­tive ele­ments of the British intel­li­gence com­mu­ni­ty.

    So, first off, you have to won­der if Tait was rec­om­mend­ed to the Trump team through some­one tied to Cam­bridge Ana­lyt­i­ca. But beyond that, giv­en that this sto­ry has become pub­lic at all, you have to won­der if this isn’t part of the Mer­cer crew basi­cal­ly pulling the lever and dump­ing Trump. It’s not like Trump has­n’t been a dis­as­ter when it comes to sell­ing the Amer­i­can pub­lic on the Mercer/Koch pro-oli­garch pol­i­cy agen­da. And there’s no sign he going to get less unhinged the more time he spends in office. Could we being see­ing the first major lim­it­ed hang­out intend­ed to take down Trump while main­tain­ing the “Russ­ian gov­ern­ment hack­er” nar­ra­tive? Sure, there’s also the rev­e­la­tion of intel­li­gence reports of Russ­ian hack­ers dis­cussing how to get into Hillary’s serv­er and get the info to Fly­nn, but until we get more infor­ma­tion on the nature of that intel­li­gence it’s hard to put too much weight on it.

    So, since Peter Smith is behav­ing like a GOP­er try­ing to get Trump removed to make way for Pres­i­dent Pence (or Ryan), it’s worth not­ing that one of the best forms of revenge for Trump would be to take the rest of the GOP down with him. After all, isn’t that what’s Trump’s base vot­ed for? Burn­ing down the oli­garch-wing of the par­ty to imple­ment an agen­da for the lit­tle guy? And what bet­ter was for Trump to burn down the par­ty than to admit to know­ing his team was arrang­ing for the hacks and that the rest of the senior GOP lead­er­ship was in on it or at least knew about it and worked to cov­er it up (until they decid­ed to dump Trump). That’s assum­ing such evi­dence exists, but if it does, and Trump reveals it, he’ll prob­a­bly be one of the most pop­u­lar politi­cians in GOP his­to­ry. Hope­ful­ly some­one makes it clear to Trump that this is an option. And makes it clear to him soon. At this point, what does he have to lose?

    Sure, there’s prob­a­bly plen­ty of black­mail mate­r­i­al on him, but if Trump brings down the GOP big wigs, no one is going to care about all that black­mail mate­r­i­al. Trump might be a far-right fas­cists nut job, but he’s just one. There’s a whole glob­al net­work. And now, thanks to things like the 2016 hack attacks, Trump is in a posi­tion to do incred­i­ble dam­age to that glob­al fas­cist net­work that appears to be turn­ing on him and hang­ing him out to dry. Is he going to just take that? Isn’t he sup­posed to be a counter-punch­er? Well, it looks like he’s get­ting punched big time. By his own team. Ouch.

    Posted by Pterrafractyl | July 1, 2017, 2:57 pm
  3. The #TrumpRuss­ian sto­ry got a jolt of adren­a­line over the week­end fol­low­ing a series of sto­ries dis­cussing a meet­ing that took place on June 9th, 2016, attend­ed by Don­ald Trump Jr., Paul Man­afort, and Jared Kush­n­er after they were invit­ed to meet with an Krem­lin-linked attor­ney. What did they talk about? Well, accord­ing to the ini­tial report, it was just a meet­ing about poli­cies impact­ing child adop­tions and the a lob­by­ing effort to reverse the Mag­nit­sky Act. And the fact that this meet­ing took place is open­ly acknowl­edged by Trump Jr. and Kush­n­er:

    The New York Times

    Trump Team Met With Lawyer Linked to Krem­lin Dur­ing Cam­paign

    By JO BECKER, MATT APUZZO and ADAM GOLDMAN
    JULY 8, 2017

    Two weeks after Don­ald J. Trump clinched the Repub­li­can pres­i­den­tial nom­i­na­tion last year, his eldest son arranged a meet­ing at Trump Tow­er in Man­hat­tan with a Russ­ian lawyer who has con­nec­tions to the Krem­lin, accord­ing to con­fi­den­tial gov­ern­ment records described to The New York Times.

    The pre­vi­ous­ly unre­port­ed meet­ing was also attend­ed by Mr. Trump’s cam­paign chair­man at the time, Paul J. Man­afort, as well as the president’s son-in-law, Jared Kush­n­er, accord­ing to inter­views and the doc­u­ments, which were out­lined by peo­ple famil­iar with them.

    While Pres­i­dent Trump has been dogged by rev­e­la­tions of undis­closed meet­ings between his asso­ciates and Rus­sians, this episode at Trump Tow­er on June 9, 2016, is the first con­firmed pri­vate meet­ing between a Russ­ian nation­al and mem­bers of Mr. Trump’s inner cir­cle dur­ing the cam­paign. It is also the first time that his son Don­ald Trump Jr. is known to have been involved in such a meet­ing.

    Rep­re­sen­ta­tives of Don­ald Trump Jr. and Mr. Kush­n­er con­firmed the meet­ing after The Times approached them with infor­ma­tion about it. In a state­ment, Don­ald Jr. described the meet­ing as pri­mar­i­ly about an adop­tion pro­gram. The state­ment did not address whether the pres­i­den­tial cam­paign was dis­cussed.

    ...

    The Russ­ian lawyer invit­ed to the Trump Tow­er meet­ing, Natalia Vesel­nit­skaya, is best known for mount­ing a mul­ti­pronged attack against the Mag­nit­sky Act, an Amer­i­can law that black­lists sus­pect­ed Russ­ian human rights abusers. The law so enraged Mr. Putin that he retal­i­at­ed by halt­ing Amer­i­can adop­tions of Russ­ian chil­dren.

    The adop­tion impasse is a fre­quent­ly used talk­ing point for oppo­nents of the Mag­nit­sky Act. Ms. Veselnitskaya’s cam­paign against the law has also includ­ed attempts to dis­cred­it its name­sake, Sergei L. Mag­nit­sky, a lawyer and audi­tor who died in mys­te­ri­ous cir­cum­stances in a Russ­ian prison in 2009 after expos­ing one of the biggest cor­rup­tion scan­dals dur­ing Mr. Putin’s rule.

    Ms. Vesel­nit­skaya was for­mer­ly mar­ried to a for­mer deputy trans­porta­tion min­is­ter of the Moscow region, and her clients include state-owned busi­ness­es and a senior gov­ern­ment official’s son, whose com­pa­ny was under inves­ti­ga­tion in the Unit­ed States at the time of the meet­ing. Her activ­i­ties and asso­ci­a­tions had pre­vi­ous­ly drawn the atten­tion of the F.B.I., accord­ing to a for­mer senior law enforce­ment offi­cial.

    In his state­ment, Don­ald Trump Jr. said: “It was a short intro­duc­to­ry meet­ing. I asked Jared and Paul to stop by. We pri­mar­i­ly dis­cussed a pro­gram about the adop­tion of Russ­ian chil­dren that was active and pop­u­lar with Amer­i­can fam­i­lies years ago and was since end­ed by the Russ­ian gov­ern­ment, but it was not a cam­paign issue at the time and there was no fol­low up.”

    He added: “I was asked to attend the meet­ing by an acquain­tance, but was not told the name of the per­son I would be meet­ing with before­hand.”

    Late Sat­ur­day, Mark Coral­lo, a spokesman for the president’s lawyer, issued a state­ment imply­ing that the meet­ing was a set­up. Ms. Vesel­nit­skaya and the trans­la­tor who accom­pa­nied her to the meet­ing “mis­rep­re­sent­ed who they were,” it said.

    In an inter­view, Mr. Coral­lo explained that Ms. Vesel­nit­skaya, in her anti-Mag­nit­sky cam­paign, employs a pri­vate inves­ti­ga­tor whose firm, Fusion GPS, pro­duced an intel­li­gence dossier that con­tained unproven alle­ga­tions against the pres­i­dent. In a state­ment, the firm said, “Fusion GPS learned about this meet­ing from news reports and had no pri­or knowl­edge of it. Any claim that Fusion GPS arranged or facil­i­tat­ed this meet­ing in any way is false.”

    Don­ald Trump Jr. had denied par­tic­i­pat­ing in any cam­paign-relat­ed meet­ings with Russ­ian nation­als when he was inter­viewed by The Times in March. “Did I meet with peo­ple that were Russ­ian? I’m sure, I’m sure I did,” he said. “But none that were set up. None that I can think of at the moment. And cer­tain­ly none that I was rep­re­sent­ing the cam­paign in any way, shape or form.”

    Asked at that time whether he had ever dis­cussed gov­ern­ment poli­cies relat­ed to Rus­sia, the younger Mr. Trump replied, “A hun­dred per­cent no.”

    The Trump Tow­er meet­ing was not dis­closed to gov­ern­ment offi­cials until recent­ly, when Mr. Kush­n­er, who is also a senior White House aide, filed a revised ver­sion of a form required to obtain a secu­ri­ty clear­ance. The Times report­ed in April that he had failed to dis­close any for­eign con­tacts, includ­ing meet­ings with the Russ­ian ambas­sador to the Unit­ed States and the head of a Russ­ian state bank. Fail­ure to report such con­tacts can result in a loss of access to clas­si­fied infor­ma­tion and even, if infor­ma­tion is know­ing­ly fal­si­fied or con­cealed, in impris­on­ment.

    Mr. Kushner’s advis­ers said at the time that the omis­sions were an error, and that he had imme­di­ate­ly noti­fied the F.B.I. that he would be revis­ing the fil­ing. They also said he had met with the Rus­sians in his offi­cial tran­si­tion capac­i­ty as a main point of con­tact for for­eign offi­cials.

    In a state­ment on Sat­ur­day, Mr. Kushner’s lawyer, Jamie Gore­lick, said: “He has since sub­mit­ted this infor­ma­tion, includ­ing that dur­ing the cam­paign and tran­si­tion, he had over 100 calls or meet­ings with rep­re­sen­ta­tives of more than 20 coun­tries, most of which were dur­ing tran­si­tion. Mr. Kush­n­er has sub­mit­ted addi­tion­al updates and includ­ed, out of an abun­dance of cau­tion, this meet­ing with a Russ­ian per­son, which he briefly attend­ed at the request of his broth­er-in-law Don­ald Trump Jr. As Mr. Kush­n­er has con­sis­tent­ly stat­ed, he is eager to coop­er­ate and share what he knows.”

    Mr. Kushner’s lawyers addressed ques­tions about his dis­clo­sure but deferred to Don­ald Trump Jr. on ques­tions about the meet­ing itself.

    Mr. Man­afort, the for­mer cam­paign chair­man, also recent­ly dis­closed the meet­ing, and Don­ald Trump Jr.’s role in orga­niz­ing it, to con­gres­sion­al inves­ti­ga­tors who had ques­tions about his for­eign con­tacts, accord­ing to peo­ple famil­iar with the events.

    A spokesman for Mr. Man­afort declined to com­ment. In response to ques­tions, Ms. Vesel­nit­skaya said the meet­ing last­ed about 30 min­utes and focused on the Mag­nit­sky Act and the adop­tion issue.

    “Noth­ing at all was dis­cussed about the pres­i­den­tial cam­paign,” she said, adding, “I have nev­er act­ed on behalf of the Russ­ian gov­ern­ment and have nev­er dis­cussed any of these mat­ters with any rep­re­sen­ta­tive of the Russ­ian gov­ern­ment.”

    Because Don­ald Trump Jr. does not serve in the admin­is­tra­tion and does not have a secu­ri­ty clear­ance, he was not required to dis­close his for­eign con­tacts. Fed­er­al and con­gres­sion­al inves­ti­ga­tors have not pub­licly asked for any records that would require his dis­clo­sure of Russ­ian con­tacts. It is not clear whether the Jus­tice Depart­ment was aware of the meet­ing before Mr. Kush­n­er dis­closed it recent­ly. Nei­ther Mr. Kush­n­er nor Mr. Man­afort was required to dis­close the con­tent of the meet­ing in their gov­ern­ment fil­ings.

    Dur­ing the cam­paign, Don­ald Trump Jr. served as a close advis­er to his father, fre­quent­ly appear­ing at cam­paign events. Since the pres­i­dent took office, the younger Mr. Trump and his broth­er, who have worked for the Trump Orga­ni­za­tion for most of their adult lives, assumed day-to-day con­trol of their father’s real estate empire.

    A quick inter­net search reveals Ms. Vesel­nit­skaya as a for­mi­da­ble oper­a­tor with a his­to­ry of push­ing the Kremlin’s agen­da. Most notable is her cam­paign against the Mag­nit­sky Act, which pro­voked a Cold War-style, tit-for-tat row with the Krem­lin when Pres­i­dent Barack Oba­ma signed it into law in 2012.

    Under the law, some 44 Russ­ian cit­i­zens have been put on a list that allows the Unit­ed States to seize their Amer­i­can assets and deny them visas. The Unit­ed States asserts that many of them are con­nect­ed to fraud exposed by Mr. Mag­nit­sky, who after being jailed for more than a year was found dead in his cell. A Russ­ian human rights pan­el found that he had been assault­ed. To crit­ics of Mr. Putin, Mr. Mag­nit­sky, in death, became a sym­bol of cor­rup­tion and bru­tal­i­ty in the Russ­ian state.

    An infu­ri­at­ed Mr. Putin has called the law an “out­ra­geous act,” and, in addi­tion to ban­ning Amer­i­can adop­tions, com­piled what became known as an “anti-Mag­nit­sky” black­list of Unit­ed States cit­i­zens.

    ...

    In May, the pres­i­dent fired the F.B.I. direc­tor, James B. Comey, who days lat­er pro­vid­ed infor­ma­tion about a meet­ing with Mr. Trump at the White House. Accord­ing to Mr. Comey, the pres­i­dent asked him to end the bureau’s inves­ti­ga­tion into Mr. Fly­nn; Mr. Trump has repeat­ed­ly denied mak­ing such a request. Robert S. Mueller III, a for­mer F.B.I. direc­tor, was then appoint­ed as spe­cial coun­sel.

    The sta­tus of Mr. Mueller’s inves­ti­ga­tion is not clear, but he has assem­bled a vet­er­an team of pros­e­cu­tors and agents to dig into any pos­si­ble col­lu­sion.

    ———-

    “Trump Team Met With Lawyer Linked to Krem­lin Dur­ing Cam­paign” by JO BECKER, MATT APUZZO and ADAM GOLDMAN; The New York Times; 07/08/2017

    Rep­re­sen­ta­tives of Don­ald Trump Jr. and Mr. Kush­n­er con­firmed the meet­ing after The Times approached them with infor­ma­tion about it. In a state­ment, Don­ald Jr. described the meet­ing as pri­mar­i­ly about an adop­tion pro­gram. The state­ment did not address whether the pres­i­den­tial cam­paign was dis­cussed.”

    As we can see, the ‘fake news’ charge isn’t going to work for this sto­ry. Jared Kush­n­er and Trump Jr. both con­firmed it. And the whole meet­ing was first dis­close after Kush­n­er amend­ed his secu­ri­ty clear­ance dis­clo­sure forms:

    ...
    The Trump Tow­er meet­ing was not dis­closed to gov­ern­ment offi­cials until recent­ly, when Mr. Kush­n­er, who is also a senior White House aide, filed a revised ver­sion of a form required to obtain a secu­ri­ty clear­ance. The Times report­ed in April that he had failed to dis­close any for­eign con­tacts, includ­ing meet­ings with the Russ­ian ambas­sador to the Unit­ed States and the head of a Russ­ian state bank. Fail­ure to report such con­tacts can result in a loss of access to clas­si­fied infor­ma­tion and even, if infor­ma­tion is know­ing­ly fal­si­fied or con­cealed, in impris­on­ment.

    Mr. Kushner’s advis­ers said at the time that the omis­sions were an error, and that he had imme­di­ate­ly noti­fied the F.B.I. that he would be revis­ing the fil­ing. They also said he had met with the Rus­sians in his offi­cial tran­si­tion capac­i­ty as a main point of con­tact for for­eign offi­cials.
    ...

    But that does­n’t mean there was­n’t any­thing ‘fake’ in this report. Because as we learned the next day, the Trump team’s depic­tion of the pur­pose of this meet­ing as being focused on adop­tion poli­cies was pret­ty fake. Or at least includ­ed a a giant omis­sion: It turns out Trump Jr. was invit­ed to the meet­ing after being told that he was going to be giv­en dam­ag­ing infor­ma­tion on Hillary Clin­ton. No such infor­ma­tion was ever giv­en, we are told.

    But still, we now have reports that Trump Jr., Kush­n­er, and Man­afort attend­ed a June 9th meet­ing with a Krem­lin-linked lawyer and they showed up at this meet­ing expect­ing to receive dam­ag­ing infor­ma­tion on Hillary Clin­ton. And once again, the report is backed up by Don­ald Trump, Jr.‘s own state­ments. He’s tak­ing an ‘of course I would attend such a meet­ing! who would­n’t?!’ approach to it all and spin­ning the offer of dam­ag­ing info on Hillary as just a ruse intend­ed to get the Trump team’s ear so they could be lob­bied about child adop­tion poli­cies. And, yes, that’s an incred­i­bly absurd and cyn­i­cal way to spin it, but that’s actu­al­ly the Trump, Jr’s spin: we tried to get the dam­ag­ing Hillary info from the Rus­sians but it was all a ruse. So no harm, no foul. And any­one else would have done the same!:

    The Wash­ing­ton Post

    Don­ald Trump Jr. met with Russ­ian lawyer dur­ing pres­i­den­tial cam­paign after being promised infor­ma­tion help­ful to father’s effort

    By Ros­alind S. Hel­der­man and Tom Ham­burg­er
    July 9, 2017 at 6:36 PM

    Don­ald Trump Jr., the president’s son, said in a state­ment Sun­day that a Russ­ian lawyer with whom he met in June 2016 claimed she could pro­vide poten­tial­ly dam­ag­ing infor­ma­tion about his father’s like­ly Demo­c­ra­t­ic oppo­nent, Hillary Clin­ton.

    He said he had agreed to the meet­ing at Trump Tow­er in New York because he was offered infor­ma­tion that would be help­ful to the cam­paign of his father, then the pre­sump­tive GOP pres­i­den­tial nom­i­nee.

    At the meet­ing, which also includ­ed the candidate’s son-in-law, Jared Kush­n­er, and then-cam­paign chair­man, Paul Man­afort, the Russ­ian lawyer opened by say­ing she knew about Rus­sians fund­ing the Demo­c­ra­t­ic Nation­al Com­mit­tee and Clin­ton, the state­ment said.

    Trump Jr. said that her com­ments dur­ing the meet­ing were “vague, ambigu­ous and made no sense” and that she then changed the sub­ject to dis­cuss a pro­hi­bi­tion that the Russ­ian gov­ern­ment placed on the adop­tion of Russ­ian chil­dren as retal­i­a­tion for sanc­tions imposed by Con­gress in 2012.

    Don­ald Jr. said that his father “knew noth­ing of the meet­ing or these events” and that the cam­paign had no fur­ther con­tact with the woman after the 20- to 30-minute ses­sion.

    The president’s son did not dis­close the dis­cus­sion when the meet­ing was first made pub­lic by the New York Times on Sat­ur­day and did so only on Sun­day as the Times pre­pared to report that he had been offered infor­ma­tion on Clin­ton at the ses­sion.

    The rev­e­la­tions about the meet­ing come as fed­er­al pros­e­cu­tors and con­gres­sion­al inves­ti­ga­tors explore whether the Trump cam­paign coor­di­nat­ed and encour­aged Russ­ian efforts to inter­vene in the elec­tion to hurt Clin­ton and elect Trump. Hack­ers began leak­ing emails stolen from the Demo­c­ra­t­ic Par­ty in July 2016, and U.S. intel­li­gence agen­cies have said the effort was orches­trat­ed by Rus­sia to help elect Trump.

    The meet­ing sug­gests that some Trump aides were in the mar­ket to col­lect neg­a­tive infor­ma­tion that could be used against Clin­ton — at the same time that U.S. gov­ern­ment offi­cials have con­clud­ed Rus­sians were col­lect­ing such data.

    Trump offi­cials have vig­or­ous­ly denied they col­lud­ed with Rus­sia in any way.

    In his state­ment, Trump Jr. said he did not know the lawyer’s name, Natalia Vesel­nit­skaya, before attend­ing the meet­ing at the request of an acquain­tance. He said that after pleas­antries were exchanged, the lawyer told him that “she had infor­ma­tion that indi­vid­u­als con­nect­ed to Rus­sia were fund­ing the Demo­c­ra­t­ic Nation­al Com­mit­tee and sup­port­ing Ms. Clin­ton.”

    “No details or sup­port­ing infor­ma­tion was pro­vid­ed or even offered. It quick­ly became clear that she had no mean­ing­ful infor­ma­tion,” he said, say­ing he con­clud­ed that claims of help­ful infor­ma­tion for the cam­paign had been a “pre­text” for set­ting up the meet­ing.

    Mark Coral­lo, a spokesman for Trump’s attor­ney, said Trump was unaware of the meet­ing and did not attend it.

    Nei­ther Man­afort nor his spokesman respond­ed to requests for com­ment Sun­day evening. Attor­neys for Kush­n­er also did not respond to requests for com­ment Sun­day. On Sat­ur­day, a Kush­n­er attor­ney, Jamie Gore­lick, said her client had pre­vi­ous­ly revised required dis­clo­sure forms to note mul­ti­ple meet­ings with for­eign nation­als, includ­ing the ses­sion in June with Vesel­nit­skaya. “As Mr. Kush­n­er has con­sis­tent­ly stat­ed, he is eager to coop­er­ate and share what he knows,” Gore­lick said.

    In his state­ment, Trump Jr. said he was approached about the meet­ing by an acquain­tance he knew from the 2013 Miss Uni­verse pageant.

    He did not name the acquain­tance, but in an inter­view Sun­day, Rob Gold­stone, a music pub­li­cist who is friend­ly with Trump Jr., told The Wash­ing­ton Post that he had arranged the meet­ing at the request of a Russ­ian client and had attend­ed it along with Vesel­nit­skaya.

    Gold­stone has been active with the Miss Uni­verse pageant and works as a man­ag­er for Emin Agalarov, a Russ­ian pop star whose father is a wealthy Moscow devel­op­er who spon­sored the pageant in the Russ­ian cap­i­tal in 2013.

    Gold­stone would not name the client. He said Vesel­nit­skaya want­ed to dis­cuss ways that Trump could be help­ful about the Russ­ian government’s adop­tion issue should he be elect­ed pres­i­dent.

    “Once she pre­sent­ed what she had to say, it was like, ‘Can you keep an eye on it? Should [Trump] be in pow­er, maybe that’s a con­ver­sa­tion that he may have in the future?’” Gold­stone said.

    In the Sun­day inter­view, Gold­stone did not describe the con­ver­sa­tion about Clin­ton or indi­cate that he had told Trump Jr. that he could pro­vide infor­ma­tion help­ful to the cam­paign. He did not respond to a sec­ond request for com­ment late Sun­day. Like­wise, a spokes­woman for Don­ald Trump Jr. did not respond when asked whether Gold­stone was the acquain­tance to whom the president’s son was refer­ring.

    His role in the meet­ing has not been pre­vi­ous­ly report­ed.

    ...

    ———-

    “Don­ald Trump Jr. met with Russ­ian lawyer dur­ing pres­i­den­tial cam­paign after being promised infor­ma­tion help­ful to father’s effort” by Ros­alind S. Hel­der­man and Tom Ham­burg­er; The Wash­ing­ton Post; 07/09/2017

    ““No details or sup­port­ing infor­ma­tion was pro­vid­ed or even offered. It quick­ly became clear that she had no mean­ing­ful infor­ma­tion,” he said, say­ing he con­clud­ed that claims of help­ful infor­ma­tion for the cam­paign had been a “pre­text” for set­ting up the meet­ing

    Poor Don Jr. He thought he was going to get some ‘help­ful infor­ma­tion’ but it just turned out to be lure to set him up for a lob­by­ing pitch. Uh huh.

    So Don­ald Trump Jr. is now open­ly admit­ting this meet­ing hap­pened. But here’s what adds to the mys­tery: It’s not just Trump Jr’s admis­sions to the press that’s bring­ing us this sto­ry. There are five senior White House advi­sors who are anony­mous­ly act­ing as sources for this:

    Talk­ing Points Memo
    Edi­tor’s Blog

    Tak­ing Stock of the Times Block­buster

    By Josh Mar­shall
    Pub­lished July 9, 2017 6:56 pm

    I want to share a few ini­tial thoughts on this afternoon’s Times block­buster. If you have not seen it yet, yes­ter­day the Times report­ed that Don­ald Trump Jr., along with Jared Kush­n­er and Paul Man­afort, met last year with a Russ­ian lawyer with close ties to the Krem­lin, Natalia Vesel­nit­skaya, about some­thing called the Mag­nit­sky Act. Mag­nit­sky is a sort of mini-sanc­tions law passed in 2012 which Rus­sia has want­ed over­turned ever since. (The details of Mag­nit­sky are impor­tant but we’ll dis­cuss them lat­er.) That in itself was a major sto­ry. This after­noon they fol­lowed up with addi­tion­al details that made it a gen­uine block­buster: accord­ing to the Times, Trump took the meet­ing because he was promised that he would receive dam­ag­ing infor­ma­tion about Hillary Clin­ton.

    This is a very big sto­ry in that it gets quite close to the first evi­dence of col­lu­sion between the Russ­ian gov­ern­ment and the Trump cam­paign dur­ing the 2016 cam­paign. At a min­i­mum, Trump Jr was open to receiv­ing dam­ag­ing infor­ma­tion about Clin­ton from Russ­ian nation­als who a sim­ple Google search would iden­ti­fy as being close­ly allied with the Krem­lin.

    Let me share a few thoughts.

    1. What I sus­pect is the most impor­tant detail in this sto­ry is the sources. The Times reports that they got the infor­ma­tion from “three advis­ers to the White House briefed on the meet­ing and two oth­ers with knowl­edge of it.” They appar­ent­ly talked after the release of the first sto­ry. This is high­ly, high­ly sig­nif­i­cant. Need­less to say, advi­sors to the White House are not in the busi­ness of tak­ing high­ly dam­ag­ing sto­ries and vol­un­teer­ing new infor­ma­tion which makes them cat­a­stroph­i­cal­ly dam­ag­ing. The only rea­son a President’s allies ever do some­thing like that is either to get ahead of some­thing much more dam­ag­ing or get a first crack at shap­ing the pub­lic under­stand­ing of some­thing much more dam­ag­ing. There’s real­ly no oth­er expla­na­tion. We don’t know yet what drove them to vol­un­teer such high­ly dam­ag­ing infor­ma­tion. Five of them did it. It wasn’t a mat­ter of one per­son going rogue.

    2. The Times sto­ry doesn’t say whether any dam­ag­ing infor­ma­tion was pro­vid­ed to Trump Jr. It will be inter­est­ing to find out whether Vesel­nit­skaya did share any such infor­ma­tion.

    3. It is always reveal­ing if someone’s expla­na­tion of dam­ag­ing infor­ma­tion is both damn­ing in itself and absurd on its face. Here’s a state­ment that Don­ald Trump Jr released to mul­ti­ple news orga­ni­za­tions in response to the lat­est Times sto­ry.

    JUST IN: Don­ald Trump Jr. responds to reports that he met with Krem­lin-linked lawyer dur­ing cam­paign pic.twitter.com/5mqRX38Wio— NBC News (@NBCNews) July 9, 2017

    While Trump Jr. does not say here that he met with Vesel­nit­skaya to get dam­ag­ing infor­ma­tion about Clin­ton, he con­firms that he was there for infor­ma­tion that would help the cam­paign. Once that didn’t pan out, he con­clud­ed the meet­ing was a bust. Veselnitskaya’s claim that Rus­sia was fund­ing the Clin­ton cam­paign seems pre­pos­ter­ous. Trump Jr. him­self seems to sug­gest as much. But I’m not say­ing it is a pre­pos­ter­ous accu­sa­tion. I think it’s pre­pos­ter­ous as part of Trump Jr.’s sto­ry. It’s true that the first Wik­ileaks email release came rough­ly six weeks after this meet­ing, which occurred on June 9th. The first report that Russ­ian gov­ern­ment oper­a­tives had hacked into the DNC servers came one week lat­er on June 14th. But Trump’s dis­turbing­ly close ties to Rus­sia and affin­i­ty for Putin was already a top­ic of active dis­cus­sion. Mean­while, Putin was known to be par­tic­u­lar­ly hos­tile to Hillary Clin­ton. This whole sto­ry just doesn’t add up.

    Again, yes­ter­day Trump Jr. said he met with Vesel­nit­skaya to dis­cuss the Mag­nit­sky Act and Russ­ian adop­tions. Today he says he was lured into the meet­ing on the pre­text of get­ting cam­paign infor­ma­tion and only lat­er had the Mag­nit­sky Act sprung on him. His sto­ry changed com­plete­ly after one day.

    4. Trump Jr. says in the state­ment that his father knew noth­ing about this. They know it’s bad and want to insu­late the Pres­i­dent.

    5. May, June and July 2016 are crit­i­cal months in the Rus­sia sto­ry. A huge amount of stuff of con­se­quence hap­pened just in July. There are already sug­ges­tions, as yet unproven, that a top Trump asso­ciate was offered caches of email in the months or weeks just pri­or to the first Wik­ileaks release on July 22nd, 2016. This sto­ry sounds quite sim­i­lar, or at least the open­ing gam­bit to such an offer.

    ...

    ———-

    “Tak­ing Stock of the Times Block­buster” by Josh Mar­shall; Talk­ing Points Memo; 07/09/2017

    “What I sus­pect is the most impor­tant detail in this sto­ry is the sources. The Times reports that they got the infor­ma­tion from “three advis­ers to the White House briefed on the meet­ing and two oth­ers with knowl­edge of it.” They appar­ent­ly talked after the release of the first sto­ry. This is high­ly, high­ly sig­nif­i­cant. Need­less to say, advi­sors to the White House are not in the busi­ness of tak­ing high­ly dam­ag­ing sto­ries and vol­un­teer­ing new infor­ma­tion which makes them cat­a­stroph­i­cal­ly dam­ag­ing. The only rea­son a President’s allies ever do some­thing like that is either to get ahead of some­thing much more dam­ag­ing or get a first crack at shap­ing the pub­lic under­stand­ing of some­thing much more dam­ag­ing. There’s real­ly no oth­er expla­na­tion. We don’t know yet what drove them to vol­un­teer such high­ly dam­ag­ing infor­ma­tion. Five of them did it. It wasn’t a mat­ter of one per­son going rogue.”

    Yep, we did­n’t just see a pair of a block­buster reports come out over the week­end. We saw was appears to be a coor­di­nate high-lev­el White House pub­lic rela­tions cam­paign. Some sort of lim­it­ed hang­out that appears to be intend­ed to get ahead of some­thing. What could that some­thing be? Well, what­ev­er it is it’s some­thing worse than the sto­ry that Trump Jr. is now admit­ting to. And as Josh Mar­shall spec­u­lates, what we’re see­ing might have less to do with the White House pre­emp­tive­ly work­ing to shape the nar­ra­tive and instead have more to do with the rest of these White House advi­sors — who are, them­selves, at risk of get­ting dragged into the legal morass that Trump Jr. is now clear­ly in — pre­emp­tive­ly throw­ing Trump Jr. under the bus in the hopes of cush­ion­ing their own legal blows:

    Talk­ing Points Memo
    Edi­tor’s Blog

    The Sun­day After­noon of the Long Knives?

    By Josh Mar­shall
    Pub­lished July 10, 2017 3:44 pm

    Yes­ter­day I not­ed that the biggest thing in the Times‘ Don Jr arti­cle was the sourc­ing. The sto­ry came, appar­ent­ly unprompt­ed or vol­un­tar­i­ly, from what the Times iden­ti­fied as 5 advi­sors to the White House. Top Trump advi­sors don’t casu­al­ly drop incred­i­bly dam­ag­ing infor­ma­tion about the President’s son for no rea­son. You do that to get ahead of some­thing big­ger.

    But … remem­ber, this is Trump World. And now I real­ize there’s a quite dif­fer­ent poten­tial expla­na­tion, but in the spir­it of Trump’s Razor (per­haps Trump’s Razor by Proxy?) the stu­pid­est one pos­si­ble.

    Let’s speak entire­ly hypo­thet­i­cal­ly. We tend to think of Don­ald Trump and his top advi­sors and asso­ciates as some­thing of a group. But real­ly there are numer­ous play­ers, each with their own par­tic­u­lar and dis­tinct legal expo­sure. Many of them are dri­ven by com­i­cal but intense feuds with each oth­er. Fly­nn, Kush­n­er, Man­afort and a bunch of oth­ers are already in pro­found legal jeop­ardy. Any­one already in hot water might see advan­tage in mak­ing Don Jr the cen­ter of atten­tion in the scan­dal. Not smart or longterm think­ing but think­ing nonethe­less.

    Who else might have it in for Don Jr? Well, what about Corey Lewandows­ki? Lewandows­ki was canned on June 20th, 2016, a bit less than two weeks after Don Jr’s meet­ing with that Russ­ian lawyer. He’d be in a posi­tion to know the details of the meet­ing since he was still at least nom­i­nal­ly still the cam­paign man­ag­er. And Lewandows­ki was report­ed­ly fired after an inter­ven­tion with Trump by his kids, Ivan­ka and Don Jr and Jared Kush­n­er (my sense is at this point is that Eric is only allowed to run the win­ery). It also wouldn’t be the first time. One of the things that got Lewandows­ki fired was that he start­ed shop­ping dirt to reporters. That was reck­less and stu­pid and poor­ly exe­cut­ed. It wouldn’t be the first time.

    Fly­nn, Man­afort and per­haps Flynn’s ne’er-do-well son also look like log­i­cal cul­prits. But it’s not clear any of them could still be rea­son­able called advi­sors – though we can­not rule out at least the first two from still advis­ing from the out­side. Remem­ber, the White House Coun­sel has report­ed­ly had to warn Trump repeat­ed­ly against con­tact with Fly­nn (it’s a bit like a Mary Kay Letourneau sit­u­a­tion). But Lewandows­ki has def­i­nite­ly been back in the fold, even com­ing close to being hired a month or so ago to run a Rus­sia war room.

    These are all pure­ly hypo­thet­i­cals. It remains key that five peo­ple that the Times chose to call advi­sors to the White House talked to the Times. That’s a lot of peo­ple. But today I get the sense that the sto­ry is one I should have con­sid­ered more ful­ly yes­ter­day: one of the biggest threats to the Trump White House is the kind of ding­bat, spy v spy infight­ing and blood feuds we’ve observed already but like­ly only know the half of. In a nor­mal White House this might just lead to lots of bad press and lack of esprit de corps. Reagan’s White House was a bit noto­ri­ous for this. But when numer­ous advi­sors, in and out­side the White House, are look­ing at pro­found legal jeop­ardy, the stakes get a lot high­er.

    ...

    ———-

    “The Sun­day After­noon of the Long Knives?” by Josh Mar­shall; Talk­ing Points Memo; 07/20/2017

    “These are all pure­ly hypo­thet­i­cals. It remains key that five peo­ple that the Times chose to call advi­sors to the White House talked to the Times. That’s a lot of peo­ple. But today I get the sense that the sto­ry is one I should have con­sid­ered more ful­ly yes­ter­day: one of the biggest threats to the Trump White House is the kind of ding­bat, spy v spy infight­ing and blood feuds we’ve observed already but like­ly only know the half of. In a nor­mal White House this might just lead to lots of bad press and lack of esprit de corps. Reagan’s White House was a bit noto­ri­ous for this. But when numer­ous advi­sors, in and out­side the White House, are look­ing at pro­found legal jeop­ardy, the stakes get a lot high­er

    Don’t for­get: there could be any num­ber of peo­ple look­ing at poten­tial trea­son charges if the worst-case sce­nario real­ly does pan out and the Trump team was know­ing­ly tak­ing anti-Hillary info from the Russ­ian gov­ern­ment. And once Jared Kush­n­er revised his dis­clo­sure forms and revealed this meet­ing took place, the pub­lic dis­cov­ery of this meet­ing was sort of a tick­ing time-bomb for the Trump team. It was­n’t of a mat­ter of if it got revealed but when. And, sure enough, we have this one-two punch of major sto­ries com­ing from give White House advi­sors that’s mak­ing Don­ald Trump Jr., Jared Kush­n­er, and Paul Man­afort at the top of the list of Trump team mem­bers who know­ing­ly col­lud­ed with the Russ­ian gov­ern­ment. If these sto­ries were an attempt to shape the nar­ra­tive, it appears to be intend­ed to shape it in a man­ner that lim­its the col­lu­sion blame to those three indi­vid­u­als.

    So when we’re ask­ing cui bono about the this sto­ry, the biggest ben­e­fi­cia­ry is obvi­ous­ly Don­ald Trump him­self. But with five advi­sors act­ing as sources for this sto­ry it’s a reminder that it could be a lot more than just Trump who’s try­ing to cov­er their ass at this point.

    And there’s anoth­er inter­est­ing angle to all this: Remem­ber the mys­tery of the Alfa bank serv­er and its unex­plained com­mu­ni­ca­tions with a Trump-asso­ci­at­ed serv­er? Well, it turns out that the first big spike in traf­fic between the servers start­ed in mid-June, short­ly after the June 9th meet­ing (see the screen­shot of the traf­fic and how it spikes for the first time in Mid-June from the 10/31/2016 Slate arti­cle). So who knows if the Alfa bank serv­er mys­tery is about to get reignit­ed too.

    All we know at this point is that Don­ald Trump Jr., Jared Kush­n­er, and Paul Man­afort appear to have been thrown under the bus by a group of White House insid­ers. And Don Jr. is help­ing to throw him­self under the bus with tweets like this:

    Obvi­ous­ly I’m the first per­son on a cam­paign to ever take a meet­ing to hear info about an oppo­nent... went nowhere but had to lis­ten. https://t.co/ccUjL1KDEa— Don­ald Trump Jr. (@DonaldJTrumpJr) July 10, 2017

    So Don Jr. is look­ing rather dis­pos­able at this point. Which makes sense since he’s not offi­cial­ly part of the Trump admin­is­tra­tion at this point and can pre­sum­ably be trust­ed to deflect as much as he can away from his dad. Same with Jared. Sort of. Fill­ing his shoes in the admin­is­tra­tion will be an inter­est­ing task if he leaves. But it’s look­ing like Trump’s son and son-in-law could be the next vic­tims of #TrumpRus­si­a­Gate.

    And in oth­er news, Steve Ban­non, a top advi­sor who was­n’t yet part of Trump’s team dur­ing the June 9th meet­ing, is now report­ed­ly back in Trump’s good graces. Inter­est­ing tim­ing...

    Posted by Pterrafractyl | July 10, 2017, 3:45 pm
  4. Well, it’s look­ing like the #TrumpRus­sia inves­ti­ga­tion could be tran­si­tion from “Did the Russ­ian gov­ern­ment attempt to help to the Trump cam­paign?” to “How exact­ly did the the Russ­ian gov­ern­ment attempt to help the Trump cam­paign?”: Accord­ing to three peo­ple with knowl­edge of an email sent by Rob Gold­stone — the tal­ent agent who arranged the now noto­ri­ous June 9th, 2016 — specif­i­cal­ly stat­ed that the dam­ag­ing infor­ma­tion on Hillary Clin­ton that was to be pro­vid­ed at the meet­ing was com­ing from the Russ­ian gov­ern­ment and part of an attempt by the gov­ern­ment to help Trump’s cam­paign. That was appar­ent­ly in the open­ing email Gold­stone sent to Trump Jr. And Trump Jr. decid­ed to go to the meet­ing any­way. Along with Kush­n­er and Man­afort:

    The New York Times

    Trump Jr. Was Told in Email of Russ­ian Effort to Aid Cam­paign

    By MATT APUZZO, JO BECKER, ADAM GOLDMAN and MAGGIE HABERMAN
    JULY 10, 2017

    WASHINGTON — Before arrang­ing a meet­ing with a Krem­lin-con­nect­ed Russ­ian lawyer he believed would offer him com­pro­mis­ing infor­ma­tion about Hillary Clin­ton, Don­ald Trump Jr. was informed in an email that the mate­r­i­al was part of a Russ­ian gov­ern­ment effort to aid his father’s can­di­da­cy, accord­ing to three peo­ple with knowl­edge of the email.

    The email to the younger Mr. Trump was sent by Rob Gold­stone, a pub­li­cist and for­mer British tabloid reporter who helped bro­ker the June 2016 meet­ing. In a state­ment on Sun­day, Mr. Trump acknowl­edged that he was inter­est­ed in receiv­ing dam­ag­ing infor­ma­tion about Mrs. Clin­ton, but gave no indi­ca­tion that he thought the lawyer might have been a Krem­lin proxy.

    Mr. Goldstone’s mes­sage, as described to The New York Times by the three peo­ple, indi­cates that the Russ­ian gov­ern­ment was the source of the poten­tial­ly dam­ag­ing infor­ma­tion. It does not elab­o­rate on the wider effort by Moscow to help the Trump cam­paign.

    There is no evi­dence to sug­gest that the promised dam­ag­ing infor­ma­tion was relat­ed to Russ­ian gov­ern­ment com­put­er hack­ing that led to the release of thou­sands of Demo­c­ra­t­ic Nation­al Com­mit­tee emails. The meet­ing took place less than a week before it was wide­ly report­ed that Russ­ian hack­ers had infil­trat­ed the committee’s servers.

    But the email is like­ly to be of keen inter­est to the Jus­tice Depart­ment and con­gres­sion­al inves­ti­ga­tors, who are exam­in­ing whether any of Pres­i­dent Trump’s asso­ciates col­lud­ed with the Russ­ian gov­ern­ment to dis­rupt last year’s elec­tion. Amer­i­can intel­li­gence agen­cies have deter­mined that the Russ­ian gov­ern­ment tried to sway the elec­tion in favor of Mr. Trump.

    The Times first report­ed on the exis­tence of the meet­ing on Sat­ur­day, and a fuller pic­ture has emerged in sub­se­quent days.

    Alan Futer­fas, the lawyer for the younger Mr. Trump, said his client had done noth­ing wrong but pledged to work with inves­ti­ga­tors if con­tact­ed.

    “In my view, this is much ado about noth­ing. Dur­ing this busy peri­od, Robert Gold­stone con­tact­ed Don Jr. in an email and sug­gest­ed that peo­ple had infor­ma­tion con­cern­ing alleged wrong­do­ing by Demo­c­ra­t­ic Par­ty front-run­ner, Hillary Clin­ton, in her deal­ings with Rus­sia,” he told The Times in an email on Mon­day. “Don Jr.’s take­away from this com­mu­ni­ca­tion was that some­one had infor­ma­tion poten­tial­ly help­ful to the cam­paign and it was com­ing from some­one he knew. Don Jr. had no knowl­edge as to what spe­cif­ic infor­ma­tion, if any, would be dis­cussed.”

    It is unclear whether Mr. Gold­stone had direct knowl­edge of the ori­gin of the dam­ag­ing mate­r­i­al. One per­son who was briefed on the emails said it appeared that he was pass­ing along infor­ma­tion that had been passed through sev­er­al oth­ers.

    Jared Kush­n­er, Mr. Trump’s son-in-law, and Paul J. Man­afort, the cam­paign chair­man at the time, also attend­ed the June 2016 meet­ing in New York. Rep­re­sen­ta­tives for Mr. Kush­n­er referred requests for com­ments back to an ear­li­er state­ment, which said he had vol­un­tar­i­ly dis­closed the meet­ing to the fed­er­al gov­ern­ment. He has deferred ques­tions on the con­tent of the meet­ing to Don­ald Trump Jr.

    A spokesman for Mr. Man­afort declined to com­ment.

    But at the White House, the deputy press sec­re­tary, Sarah Huck­abee Sanders, was adamant from the brief­ing room lectern that “the president’s cam­paign did not col­lude in any way. Don Jr. did not col­lude with any­body to influ­ence the elec­tion. No one with­in the Trump cam­paign col­lud­ed in order to influ­ence the elec­tion.”

    ...

    In a series of tweets, the president’s son insist­ed he had done what any­one con­nect­ed to a polit­i­cal cam­paign would have done — hear out poten­tial­ly dam­ag­ing infor­ma­tion about an oppo­nent. He main­tained that his var­i­ous state­ments about the meet­ing were not in con­flict.

    “Obvi­ous­ly I’m the first per­son on a cam­paign to ever take a meet­ing to hear info about an oppo­nent... went nowhere but had to lis­ten,” he wrote in one tweet. In anoth­er, he added, “No incon­sis­ten­cy in state­ments, meet­ing end­ed up being pri­mar­i­ly about adop­tions. In response to fur­ther Q’s I sim­ply pro­vid­ed more details.”

    The younger Mr. Trump, who had a rep­u­ta­tion dur­ing the cam­paign for hav­ing meet­ings with a wide range of peo­ple eager to speak to him, did not join his father’s admin­is­tra­tion. He runs the fam­i­ly busi­ness, the Trump Orga­ni­za­tion, with his broth­er Eric.

    On Mon­day, after news reports that he had hired a lawyer, he indi­cat­ed in a tweet that he would be open to speak­ing to the Sen­ate Intel­li­gence Com­mit­tee, one of the con­gres­sion­al pan­els inves­ti­gat­ing Russ­ian med­dling in the elec­tion. “Hap­py to work with the com­mit­tee to pass on what I know,” the younger Mr. Trump wrote.

    Mr. Gold­stone rep­re­sents the Russ­ian pop star Emin Agalarov, whose father was Pres­i­dent Trump’s busi­ness part­ner in bring­ing the Miss Uni­verse pageant to Moscow in 2013. In an inter­view Mon­day, Mr. Gold­stone said he was asked by Mr. Agalarov to set up the meet­ing with Don­ald Trump Jr. and the Russ­ian lawyer, Natalia Vesel­nit­skaya.

    “He said, ‘I’m told she has infor­ma­tion about ille­gal cam­paign con­tri­bu­tions to the D.N.C.,’” Mr. Gold­stone recalled, refer­ring to the Demo­c­ra­t­ic Nation­al Com­mit­tee. He said he then emailed Don­ald Trump Jr., out­lin­ing what the lawyer pur­port­ed to have.

    But Mr. Gold­stone, who wrote the email over a year ago, denied any knowl­edge of involve­ment by the Russ­ian gov­ern­ment in the mat­ter, say­ing that nev­er dawned on him. “Nev­er, nev­er ever,” he said. Lat­er, after the email was described to The Times, efforts to reach him for fur­ther com­ment were unsuc­cess­ful.

    In the inter­view, he said it was his under­stand­ing that Ms. Vesel­nit­skaya was sim­ply a “pri­vate cit­i­zen” for whom Mr. Agalarov want­ed to do a favor. He also said he did not know whether Mr. Agalarov’s father, Aras Agalarov, a Moscow real estate tycoon known to be close to Pres­i­dent Vladimir V. Putin of Rus­sia, was involved. The elder Mr. Agalarov and the younger Mr. Trump worked togeth­er to bring a Trump Tow­er to Moscow, but the project nev­er got off the ground.

    Mr. Gold­stone also said his rec­ol­lec­tion of the meet­ing large­ly tracked with the account giv­en by the president’s son, as out­lined in the Sun­day state­ment Mr. Trump issued in response to a Times arti­cle on the June 2016 meet­ing. Mr. Gold­stone said the last time he had com­mu­ni­cat­ed with the younger Mr. Trump was to send him a con­grat­u­la­to­ry text after the Novem­ber elec­tion, but he added that he did speak to the Trump Orga­ni­za­tion over the past week­end, before giv­ing his account to the news media.

    Don­ald Trump Jr., who ini­tial­ly told The Times that Ms. Vesel­nit­skaya want­ed to talk about the resump­tion of adop­tion of Russ­ian chil­dren by Amer­i­can fam­i­lies, acknowl­edged in the Sun­day state­ment that one sub­ject of the meet­ing was pos­si­bly com­pro­mis­ing infor­ma­tion about Mrs. Clin­ton. His deci­sion to move ahead with such a meet­ing was unusu­al for a polit­i­cal cam­paign, but it was con­sis­tent with the hap­haz­ard approach the Trump oper­a­tion, and the White House, have tak­en in vet­ting peo­ple they deal with ahead of time.

    But he said that the Russ­ian lawyer pro­duced noth­ing of con­se­quence, and that the meet­ing end­ed after she began talk­ing about the Mag­nit­sky Act — an Amer­i­can law that black­lists Rus­sians sus­pect­ed of human rights abus­es. The 2012 law so enraged Mr. Putin that he halt­ed Amer­i­can adop­tions of Russ­ian chil­dren.

    Mr. Gold­stone said Ms. Vesel­nit­skaya offered “just a vague, gener­ic state­ment about the campaign’s fund­ing and how peo­ple, includ­ing Russ­ian peo­ple, liv­ing all over the world donate when they shouldn’t donate” before turn­ing to her anti-Mag­nit­sky Act argu­ments.

    “It was the most inane non­sense I’ve ever heard,” he said. “And I was actu­al­ly feel­ing agi­tat­ed by it. Had I, you know, actu­al­ly tak­en up what is a huge amount of their busy time with this non­sense?”

    Ms. Vesel­nit­skaya, for her part, denied that the cam­paign or com­pro­mis­ing mate­r­i­al about Mrs. Clin­ton ever came up. She said she had nev­er act­ed on behalf of the Russ­ian gov­ern­ment. A spokesper­son for Mr. Putin said on Mon­day that he did not know Ms. Vesel­nit­skaya, and that he had no knowl­edge of the June 2016 meet­ing.

    Ms. Sanders said at a news brief­ing that the Amer­i­can pres­i­dent had learned of the meet­ing recent­ly, but she declined to dis­cuss details.

    The White House press office, how­ev­er, accused Mrs. Clinton’s team of hypocrisy. The office cir­cu­lat­ed a Jan­u­ary 2017 arti­cle pub­lished in Politi­co, detail­ing how offi­cials from the Ukran­ian gov­ern­ment tried to help the Demo­c­ra­t­ic can­di­date con­duct oppo­si­tion research on Mr. Trump and some of his aides.

    ...

    The pres­i­dent learned from his aides about the 2016 meet­ing at the end of the trip, accord­ing to a White House offi­cial. But some peo­ple in the White House had known for sev­er­al days that it had occurred, because Mr. Kush­n­er had revised his for­eign con­tact dis­clo­sure doc­u­ment to include it.

    The pres­i­dent was frus­trat­ed by the news of the meet­ing, accord­ing to a per­son close to him — less over the fact that it had hap­pened, and more because it was yet anoth­er sto­ry about Rus­sia that had swamped the news cycle.

    ———-

    “Trump Jr. Was Told in Email of Russ­ian Effort to Aid Cam­paign” by MATT APUZZO, JO BECKER, ADAM GOLDMAN and MAGGIE HABERMAN; The New York Times; 07/10/2017

    Mr. Goldstone’s mes­sage, as described to The New York Times by the three peo­ple, indi­cates that the Russ­ian gov­ern­ment was the source of the poten­tial­ly dam­ag­ing infor­ma­tion. It does not elab­o­rate on the wider effort by Moscow to help the Trump cam­paign.”

    So if that’s an accu­rate recount­ing of that email it would appear, at a min­i­mum, that the Trump cam­paign was more than hap­py to know­ing­ly col­lude with the Russ­ian gov­ern­ment. Which isn’t par­tic­u­lar­ly sur­pris­ing. What is sur­pris­ing is that we now have three peo­ple, pre­sum­ably peo­ple involved with the Trump cam­paign, who are telling reporters about it.

    And per­haps even more sur­pris­ing is the idea that some­one who would appear to be work­ing on behalf of a Russ­ian intel­li­gence oper­a­tion would send an email to a Trump cam­paign offi­cial that basi­cal­ly says ‘this infor­ma­tion is from the Russ­ian gov­ern­ment because it wants to help you guys’. Is that real­ly the kind of infor­ma­tion you should put in an email? Well, when you zoom out and look at the incred­i­ble list of inex­plic­a­bly reck­less or ama­teur­ish mis­takes made across this entire affair — the inex­plic­a­bly reveal­ing hack­ing mis­takes, the inex­plic­a­bly bad cov­er for “Guc­cifer” as a ‘Roman­ian hack­er’ who can’t even speak Roman­ian, the var­i­ous clues left in the leaked doc­u­ment meta data — yes, send­ing an email say­ing “I’m work­ing for the Russ­ian gov­ern­men!” is in keep­ing with the gen­er­al lev­el of spy­craft on dis­play through­out this entire oper­a­tion.

    At the same time, notice how there’s no hint from any of these sources that this meet­ing in any way involved with hacked DNC mate­r­i­al:

    ...
    There is no evi­dence to sug­gest that the promised dam­ag­ing infor­ma­tion was relat­ed to Russ­ian gov­ern­ment com­put­er hack­ing that led to the release of thou­sands of Demo­c­ra­t­ic Nation­al Com­mit­tee emails. The meet­ing took place less than a week before it was wide­ly report­ed that Russ­ian hack­ers had infil­trat­ed the committee’s servers.

    ...

    It is unclear whether Mr. Gold­stone had direct knowl­edge of the ori­gin of the dam­ag­ing mate­r­i­al. One per­son who was briefed on the emails said it appeared that he was pass­ing along infor­ma­tion that had been passed through sev­er­al oth­ers.
    ...

    So it’s still very pos­si­ble that this meet­ing did­n’t involve DNC hacks, although tim­ing was cer­tain­ly sus­pi­cious.

    But one of the ques­tions raised by the tim­ing specif­i­cal­ly ties into one of the biggest mys­te­ri­ous of the DNC/Podesta hacks: the ques­tion of why was the release of the hacked mate­r­i­al done in a man­ner that so strong­ly point­ed the fin­ger back towards Rus­sia? Because even if you assume that the DNC hacks were indeed car­ried out by the Russ­ian gov­ern­ment, once you fac­tor in that the Trump team was appar­ent­ly hav­ing open meet­ings with Russ­ian gov­ern­ment oper­a­tives before the hacked emails were released to the pub­lic there’s a big ques­tion about who released those emails. Did the Trump team receive the emails and then release them under the guise of ‘Guc­cifer 2.0’, or was that real­ly a Russ­ian agent? And did the Trump team add all those ‘I’m a Russ­ian!’ meta-data fin­ger­prints to the doc­u­ments or was that the work of the Russ­ian hack­ers? And if it was the Russ­ian gov­ern­ment that added all these ‘I’m a Russ­ian’ clues to the release of the hack, did they do that as part of the quid pro quo with the Trump team? Sort of a “we’ll take the blame, in exchange for [insert quo here]” arrange­ment?

    In oth­er words, while there’s gen­er­al­ly been a dis­missal of all the var­i­ous ‘mis­takes’ that were made by the alleged ‘Russ­ian hack­ers’ that raise all sorts of ques­tions about the nature of the hack, it’s impor­tant to remem­ber that all these in-your-face ‘mis­takes’, if inten­tion­al­ly done and if done by actu­al Russ­ian hack­ers, point towards an even high­er ‘price’ that the Trump team would have had to pay for such a ser­vice. Because as the media cov­er­age of the 2016 hack­ings has amply demon­strat­ed, there’s been almost no sus­pi­cions that the Trump team was direct­ly involved in car­ry­ing out those hacks. It was con­clud­ed ear­ly on that it was the Rus­sians and all those inex­plic­a­ble ‘mis­takes’ were key pieces of ‘evi­dence’ that it was indeed Russ­ian hack­ers. If those ‘mis­takes’ were inten­tion­al and this real­ly was done by Russ­ian gov­ern­ment hack­ers, those ‘mis­takes’ were pret­ty valu­able to the Trump cam­paign. At least in the short run, dur­ing the cam­paign since the obvi­ous oth­er sus­pect for the hacks would have been the Trump cam­paign itself. So all those hack­er ‘mis­takes’ bought Trump some plau­si­ble deni­a­bil­i­ty, albeit at the cost of charges of Russ­ian col­lu­sion. Was that a ‘ser­vice’ being offered?

    Of course, now that Trump is pres­i­dent, all those hack­er ‘mis­takes’ point­ing towards Russ­ian hack­ers has swamped his admin­is­tra­tion in a sea of inves­ti­ga­tions that could end up con­sum­ing his admin­is­tra­tion and per­son­al empire. So if the Russ­ian gov­ern­ment real­ly did do these hacks, and real­ly did leave all these Russ­ian ‘fin­ger­prints’ inten­tion­al­ly as a kind of ser­vice to Trump, it’s hard to say that it was a ser­vice worth request­ing. And giv­en the long-term dam­age this whole affair could do to US-Russ­ian rela­tions it would be baf­fling if the Russ­ian gov­ern­ment ever con­sid­ered tak­ing the blame for such an oper­a­tion even with the pay­out of a friend­ly Trump admin­is­tra­tion being dan­gling in front of them. The cost-ben­e­fit ratio is just hor­ri­ble, espe­cial­ly if Rus­sia inten­tion­al­ly took the blame which would inevitably ham­per the abil­i­ty of a friend­ly Trump admin­is­tra­tion from doing things like eas­ing sanc­tions.

    Or did the Trump team receive a bunch of hacked emails and then them­selves decide to dis­trib­ute them in a man­ner that made it look like Russ­ian hack­ers did it? That would also explain those hack­er ‘mis­takes’.

    At this point, sim­ply try­ing to fig­ur­ing out what kind of basic ratio­nale was being employed by all of the var­i­ous actors involved with the sit­u­a­tion is become increas­ing­ly dif­fi­cult as a sto­ry of increas­ing­ly unrea­son­able peo­ple and actions unfolds. What we know for sure is that three peo­ple with a close con­nec­tion to this sto­ry are mak­ing sure this is a real­ly, real­ly big sto­ry right now. Is this all a set­up for a big dis­ap­point­ment or the begin of the end of the Trump admin­is­tra­tion? We’ll see.

    Posted by Pterrafractyl | July 10, 2017, 8:28 pm
  5. @Pterrafractyl–

    Note the role of CIA oper­a­tive, and FBI infor­mant, and con­vict­ed orga­nized fig­ure Felix Sater in brand Trumpo’s busi­ness ven­tures in Rus­sia that ulti­mate­ly led to the asso­ci­a­tion with this group. Note, also, that Sater’s name was large­ly eclipsed in the dis­cus­sion of Trump’s meet­ing with a Ukrain­ian lawyer to dis­cuss lift­ing sanc­tions against Rus­sia.

    https://www.forbes.com/sites/chasewithorn/2017/03/20/inside-trumps-russia-connections-the-felon-and-the-pop-star/#3d8afe343a47

    Best,

    Dave

    Posted by Dave Emory | July 10, 2017, 9:18 pm
  6. @Dave: Anoth­er part of what this such an amaz­ing sto­ry is that the whole thing has the feel of an intel­li­gence oper­a­tion — get­ting the Trump team to do some­thing incrim­i­nat­ing for lat­er lever­age — but specif­i­cal­ly a casu­al and rou­tine intel­li­gence oper­a­tion involv­ing putting out feel­ers to see if the Trump team would be stu­pid enough to reply to such an incrim­i­nat­ing offer. Like it’s not even seri­ous at first, but then become seri­ous after Trump, Jr. took the bait. They did­n’t need to reel him in. He jumped in the damn boat him­self!

    And the absur­di­ty of the whole sit­u­a­tion became much more trans­par­ent after a par­tic­u­lar­ly ham-fist­ed attempt at dam­age con­trol where Trump, Jr. decid­ed to release what he says was the full email exchange with Rob Gold­stone, the music pub­li­cist and acquain­tance of Trump, Jr. who orig­i­nal­ly emailed Trump, Jr. about set­ting up the meet­ing. And, sure enough, those emails do pro­vide some addi­tion­al trans­paren­cy about the sit­u­a­tion. Very unsight­ly trans­paren­cy: In the very first email to Trump Jr., Gold­stone men­tions how the “Crown pros­e­cu­tor of Rus­sia” want­ed to help Trump. The very first email! It should have been imme­di­ate­ly obvi­ous that if Trump, Jr. respond­ed to this inquiry with any­thing oth­er than “No thanks” he was enter­ing into poten­tial Kom­pro­mat ter­ri­to­ry. But he took the bait. With glee. And the per­son who set the bait was Rod Gold­stone, a Trump busi­ness partner/associate.

    So we appear to have a Trump busi­ness part­ner set­ting the Trump team up for some sort of kom­pro­mat and the Trump team, at least Don Jr., nev­er appears to have sus­pect­ed a thing! It rais­es the ques­tion of just how many sim­i­lar sit­u­a­tions Felix Sater cor­ralled the Trump team into along with ques­tions of which gov­ern­ment he was work­ing for at the time. And the same ques­tion now applies to the rest of Trump’s inter­na­tion­al busi­ness asso­ciates. Because if this is how the Trump team nor­mal­ly acts to such explo­sive inquiries from its busi­ness part­ners there must be polit­i­cal black­mail mate­r­i­al on them all over the world:

    Talk­ing Points Memo
    DC

    The Most Gob­s­mack­ing Details From Trump Jr.’s Russ­ian Meet­ing Email Chain

    By Alle­gra Kirk­land
    Pub­lished July 11, 2017 2:37 pm

    After months of incre­men­tal reports about meet­ings and busi­ness deal­ings that Pres­i­dent Don­ald Trump’s asso­ciates had with Russ­ian oper­a­tives over the course of the 2016 cam­paign, the moth­er­lode of news bomb­shells dropped on Tues­day morn­ing.

    Don­ald Trump, Jr. tweet­ed out what he said was his full email exchange with a fam­i­ly acquain­tance who want­ed to con­nect him with a “Russ­ian gov­ern­ment attor­ney” who could pro­vide him dirt on his father’s like­ly pres­i­den­tial oppo­nent, Hillary Clin­ton.

    The answers to swirling ques­tions about what Trump Jr. knew going into the June 2016 sit-down with the lawyer, Natalia Vesel­nit­skaya, came into crys­tal-clear focus. The emails revealed that the President’s eldest son, his son-in-law, Jared Kush­n­er, and his cam­paign chair­man, Paul Man­afort, attend­ed a meet­ing that had been express­ly billed to Trump Jr. as an oppor­tu­ni­ty to obtain dam­ag­ing infor­ma­tion about Clin­ton as part of a Russ­ian gov­ern­ment effort to help the Trump cam­paign.

    Here are the most arrest­ing details from Trump Jr.’s email exchange with that acquain­tance, the music pub­li­cist Rob Gold­stone.

    The promised Clin­ton dirt was part of a larg­er Russ­ian gov­ern­ment effort to help Trump

    Gold­stone unequiv­o­cal­ly says the “sen­si­tive” infor­ma­tion his con­tact has to share with Trump Jr. comes from the Russ­ian gov­ern­ment in their ini­tial email exchange on June 3.

    “Emin just called and ask­ing me to con­tact you with some­thing very inter­est­ing,” Gold­stone wrote. “The Crown pros­e­cu­tor of Rus­sia met with his father Aras this morn­ing and in their meet­ing offered to pro­vide the Trump cam­paign with some offi­cial doc­u­ments and infor­ma­tion that would incrim­i­nate Hillary and her deal­ings with Rus­sia and would be very use­ful to your father.”

    There is no “Crown pros­e­cu­tor” in Rus­sia, and Gold­stone may have been refer­ring to that country’s Pros­e­cu­tor Gen­er­al.

    “This is obvi­ous­ly very high lev­el and sen­si­tive infor­ma­tion but is part of Rus­sia and its government’s sup­port for Mr. Trump,” Gold­stone con­tin­ued.

    When news of the meet­ing first broke over the week­end, Trump Jr. said his dis­cus­sion with Vesel­nit­skaya focused pri­mar­i­ly on a pro­gram allow­ing U.S. cit­i­zens to adopt Russ­ian chil­dren before admit­ting the next day that he’d attend­ed the meet­ing because he was promised neg­a­tive infor­ma­tion about Clin­ton. Until he released these emails over Twit­ter, Trump Jr. had not acknowl­edged pub­licly that he knew ahead of time the per­son he met with was con­nect­ed to Vladimir Putin’s gov­ern­ment.

    Trump Jr. said he’d “love” the oppo, “espe­cial­ly lat­er in the sum­mer”

    If Trump’s eldest son was con­cerned about the source of the infor­ma­tion he would receive, he gave Gold­stone no indi­ca­tion.

    “If it’s what you say I love it espe­cial­ly lat­er in the sum­mer,” Trump Jr. told Gold­stone in response to his ini­tial email, express­ly not­ing that it would be more use­ful to have after the con­ven­tions were wrapped and Clin­ton was for­mal­ly named as the Demo­c­ra­t­ic nom­i­nee.

    ...

    Gold­stone made clear the meet­ing would be with a “Russ­ian gov­ern­ment attor­ney”

    Gold­stone iden­ti­fies the lawyer’s coun­try of ori­gin in two sep­a­rate emails. In one June 7 email, he calls her “The Russ­ian gov­ern­ment attor­ney who is fly­ing over from Moscow.” In an emails sent the fol­low­ing day, he refers to her as “the Russ­ian attor­ney.”

    Trump Jr. has said he did not know the name of the lawyer before the meet­ing, and Vesel­nit­skaya is not named in the emails he released. But he cer­tain­ly knew where she was from.

    Man­afort and Kush­n­er were for­ward­ed an email out­lin­ing the meeting’s pur­pose

    Man­afort and Kush­n­er were for­ward­ed the entire email chain detail­ing the pur­pose and tim­ing of the meet­ing, the New York Times report­ed Tues­day.

    Their names are vis­i­ble on one exchange that Trump Jr. tweet­ed. That email updat­ed them on the time of the gath­er­ing, with the sub­ject line “FW: Rus­sia – Clin­ton – pri­vate and con­fi­den­tial.”

    ...

    Trump Jr. also high­light­ed their expect­ed atten­dance in his exchange with Gold­stone, writ­ing, “It will like­ly be Paul Man­afort (cam­paign boss) my broth­er in law and me.”

    Gold­stone was open to shar­ing the dirt with Don­ald Trump him­self

    Gold­stone appar­ent­ly con­sid­ered rout­ing the Clin­ton dirt sourced from the Russ­ian gov­ern­ment to the pre­sump­tive Repub­li­can nom­i­nee him­self. In that same June 3 exchange, he pro­posed pass­ing the com­pro­mis­ing infor­ma­tion along to Trump through his long­time sec­re­tary, Rhona Graff.

    “I can also send this info to your father via Rhona, but it is ultra sen­si­tive so want­ed to send to you first,” Gold­stone wrote to Trump Jr.

    ———-

    “The Most Gob­s­mack­ing Details From Trump Jr.’s Russ­ian Meet­ing Email Chain” by Alle­gra Kirk­land; Talk­ing Points Memo; 07/11/2017

    ““Emin just called and ask­ing me to con­tact you with some­thing very inter­est­ing,” Gold­stone wrote. “The Crown pros­e­cu­tor of Rus­sia met with his father Aras this morn­ing and in their meet­ing offered to pro­vide the Trump cam­paign with some offi­cial doc­u­ments and infor­ma­tion that would incrim­i­nate Hillary and her deal­ings with Rus­sia and would be very use­ful to your father.””

    Yes, Gold­stone straight up tells Trump, Jr. in an email that the top pros­e­cu­tor in Rus­sia agreed to help the Trump cam­paign with dam­ag­ing infor­ma­tion on Hillary Clin­ton (or at least implies that...there is no “Crown pros­e­cu­tor of Rus­sia”). And he also makes it clear that the lawyer Trump, Jr. would be meet­ing to get this dam­ag­ing infor­ma­tion is also a Russ­ian gov­ern­ment lawyer:

    ...
    Gold­stone iden­ti­fies the lawyer’s coun­try of ori­gin in two sep­a­rate emails. In one June 7 email, he calls her “The Russ­ian gov­ern­ment attor­ney who is fly­ing over from Moscow.” In an emails sent the fol­low­ing day, he refers to her as “the Russ­ian attor­ney.”
    ...

    And Junior seems total­ly cool with all of this:

    ...
    “If it’s what you say I love it espe­cial­ly lat­er in the sum­mer,” Trump Jr. told Gold­stone in response to his ini­tial email, express­ly not­ing that it would be more use­ful to have after the con­ven­tions were wrapped and Clin­ton was for­mal­ly named as the Demo­c­ra­t­ic nom­i­nee.
    ...

    Those were just some of the gems in the emails Trump, Jr. released today. And all of this is appar­ent­ly news to the FBI and Spe­cial Coun­sel’s office.

    All in all, this whole thing almost looks more like an oper­a­tion to get dirt on Trump as opposed to giv­ing dirt to him. Although, who knows, maybe they gave Trump some dirt too. But since the form of dam­age con­trol Trump, Jr. is employ­ing at this point is to basi­cal­ly come out and say “yeah, we want­ed to get this dam­ag­ing info from the Russ­ian gov­ern­ment, but it did­n’t pan out. So what’s the big deal?”, it’s worth not­ing that one of the many big deals is that the Trump team does­n’t seem capa­ble of avoid­ing obvi­ous self-incrim­i­nat­ing sit­u­a­tions.

    Posted by Pterrafractyl | July 11, 2017, 3:09 pm
  7. @Pterrafractyl–

    http://www.seattletimes.com/nation-world/how-the-miss-universe-pageant-led-to-trumps-son-meeting-with-a-russian-lawyer/

    “. . . .Sater worked on a plan for a Trump Tow­er in Moscow as recent­ly as the fall of 2015, but he said that had come to a halt because of Trump’s pres­i­den­tial cam­paign. . . .”

    That was in the fall of 2015.

    In Jan­u­ary of this year, as indi­cat­ed in the “Forbes” arti­cle I linked in an above com­ment, Sater is also in Ukraine with Michael Cohen, work­ing with a Ukrain­ian oli­garch to lift sanc­tions against Rus­sia.

    At least that’s what we are told.

    CIA, FBI (infor­mant), Mafia–Sater touch­es all the bases.

    Best,

    Dave

    Posted by Dave Emory | July 11, 2017, 5:06 pm
  8. CNN has an arti­cle about a 2013 behind-the-scenes video tak­en dur­ing the Miss USA pageant in Las Vegas of Don­ald Trump meet­ing with three of the fig­ures involved with the now noto­ri­ous June 9th meet­ing with Don­ald Trump, Jr., Jared Kush­n­er, and Paul Man­afort. In the video, Trump, along with the lawyer Michael Cohen, are seen din­ing with Aras Agalarov, his son Emin, and Emin’s pub­li­cist Rob Gold­stone. To a large extent there’s noth­ing par­tic­u­lar­ly sur­pris­ing about the video, but it’s cer­tain­ly time­ly. Espe­cial­ly now that Aras Agalarov, the per­son who Gold­stone claimed was in con­tact with Rus­si­a’s “Crown Pros­e­cu­tor”, is deny­ing over mak­ing the offer and also deny­ing even know­ing Gold­stone (they’ve both seen togeth­er in the 2013 video). And while it’s pret­ty hard to behind that Aras does­n’t know his son’s pub­li­cist, the denials by Agalarov and his lawyer do raise a pret­ty good ques­tion that’s also raised by the 2013 video: giv­en how chum­my Trump and Agalarov appear to be (and they are quite chum­my in the videos), why on Earth would­n’t Agalarov just pick up the phone and call Trump direct­ly with the offer of dirt on Hillary Clin­ton, as opposed to have Gold­stone send a high­ly incrim­i­nat­ing email?:

    CNN

    Exclu­sive: Video shows Trump with asso­ciates tied to email con­tro­ver­sy

    By Jere­my Dia­mond
    Updat­ed 5:21 PM ET, Wed July 12, 2017

    Wash­ing­ton (CNN)Video obtained exclu­sive­ly by CNN offers a new look inside the web of rela­tion­ships now at the cen­ter of alle­ga­tions of col­lu­sion between Trump cam­paign asso­ciates and Rus­sia.

    The video shows the future Pres­i­dent Don­ald Trump attend­ing a din­ner with an Azer­bai­jani-Russ­ian fam­i­ly who became Trump’s busi­ness part­ners in Las Vegas in June 2013. It also shows their pub­li­cist, Rob Gold­stone, who would lat­er send Don­ald Trump Jr. the emails that have brought the eldest Trump son to the cen­ter of the con­tro­ver­sy over pos­si­ble col­lu­sion between Trump cam­paign asso­ciates and Rus­sia.

    Gold­stone, who is also seen in the video talk­ing with Trump, claimed in the 2016 emails that dam­ag­ing infor­ma­tion against Hillary Clin­ton sur­faced after a meet­ing between some­one Gold­stone described as “the Crown pros­e­cu­tor of Rus­sia” and Aras Agalarov, an Azer­bai­jani-Russ­ian bil­lion­aire with ties to Russ­ian Pres­i­dent Vladimir Putin. Gold­stone then offered to set up a call between the younger Trump and Emin Agalarov, the bil­lion­aire’s son and a pop star Gold­stone rep­re­sents, to dis­cuss the infor­ma­tion.

    The video, obtained by CNN in the wake of the email dis­clo­sures, offers fresh insights into the warm rela­tion­ship between Trump and the Agalarovs, which has been wide­ly report­ed because Aras Agalarov and Emin Agalarov inked a mul­ti-mil­lion dol­lar deal with Trump to bring the Miss Uni­verse pageant to Moscow in 2013.

    The video was shot on June 15, 2013 in Las Vegas on the eve of the Miss USA pageant where Trump would offi­cial­ly announce the deal to bring the Miss Uni­verse con­test to Moscow. The footage, a series of clips from the eve of the Miss USA pageant, doc­u­ments more than three min­utes of inter­ac­tions between Trump, the Agalarovs and Gold­stone.

    Don­ald Trump Jr. does not appear in the video obtained by CNN, but sev­er­al oth­er top Trump asso­ciates do — includ­ing Trump’s per­son­al attor­ney, Michael Cohen, and his long-time aide and cur­rent direc­tor of Oval Office oper­a­tions, Kei­th Schiller, who are both in the video.

    The clips show Trump engaged in ani­mat­ed con­ver­sa­tion with the Agalarov men and Gold­stone.

    Dur­ing din­ner, Trump is seat­ed across from Aras Agalarov and beside Emin Agalarov — who in turn is seat­ed next to Gold­stone. At one point in the clip, Trump and Gold­stone engage in a brief con­ver­sa­tion while the younger Agalarov leans into the table.

    ...

    The next day, Trump lav­ish­es praise on the Agalarovs at the Miss USA 2013 red car­pet, call­ing them “the most pow­er­ful peo­ple in all of Rus­sia.”

    “These are the most pow­er­ful peo­ple in all of Rus­sia, the rich­est men in Rus­sia,” Trump says dur­ing the pub­lic red car­pet cer­e­mo­ny, which was includ­ed in the clips obtained by CNN.

    In anoth­er clip from the Miss USA pageant that year, Trump dis­cuss­es the forth­com­ing Miss Uni­verse pageant in Moscow. He lav­ish­es praise on Rus­sia and says he hopes the pageant will help improve the US-Rus­sia rela­tion­ship.

    “It real­ly is a great coun­try. It’s a very pow­er­ful coun­try that we have a rela­tion­ship with, but I would say not a great rela­tion­ship, and I would say this can cer­tain­ly help that rela­tion­ship. I think it’s very impor­tant,” Trump says in response to a ques­tion.

    “I have great respect for Rus­sia. And to have the Miss Uni­verse pageant in Moscow, in the most impor­tant loca­tion, the most beau­ti­ful build­ing, in your con­ven­tion cen­ter, with such amaz­ing part­ners, I mean it’s going to be fan­tas­tic for detente, or what­ev­er you want to say,” Trump con­tin­ues. “I think it’s a great thing for both coun­tries, and hon­est­ly they real­ly want­ed it in Rus­sia — bad­ly. ... Polit­i­cal­ly they want­ed it.”

    Don­ald Trump Jr. has said that his rela­tion­ship with Gold­stone did not arise from the Miss Uni­verse pageant.

    The younger Trump instead sug­gest­ed in an inter­view Tues­day with Fox News’ Sean Han­ni­ty, an ardent Trump sup­port­er, that he met Gold­stone through a golf course tour­na­ment where Emin Agalarov per­formed.

    “I met him through the golf course. I was­n’t even at the Miss Uni­verse pageant, but I met him through out there, so I had a casu­al rela­tion­ship with him,” Trump Jr. told Han­ni­ty, describ­ing Gold­stone lat­er in the inter­view as “an acquain­tance.”

    Trump Jr. main­tained in the inter­view that he agreed to the meet­ing “as a cour­tesy” to Gold­stone.

    Trump Jr. said he had only met Emin Agalarov “once or twice and main­tained a casu­al rela­tion­ship there, talked about some poten­tial deals, and then to that — the extent of it. They real­ly did­n’t go any­where.”

    Aras Agalarov told Russ­ian radio sta­tion BFM that he does­n’t know Trump Jr. per­son­al­ly, though he acknowl­edges that they “did Miss Uni­verse” togeth­er. But Agalarov told BFM that his son Emin Agalarov does know him. Agalarov told BFM he “does­n’t real­ly know” pub­li­cist Rob Gold­stone either and he says the notion that Gold­stone asked Trump Jr. to con­tact him about some dirt on Hillary Clin­ton is a “tall tale”.

    Scott Bal­ber, an attor­ney for the Agalarovs, also did not deny the close­ness of the rela­tion­ship between the Trumps and Agalarovs, instead rais­ing a ques­tion about Gold­stone’s cred­i­bil­i­ty.

    “It’s sim­ply fic­tion that this was some effort to cre­ate a con­duit for infor­ma­tion from the Russ­ian fed­er­al pros­e­cu­tors to the Trump cam­paign,” Bal­ber said on CNN’s “New Day.” “It’s just fan­ta­sy world because the real­i­ty is if there was some­thing impor­tant that Mr. Agalarov want­ed to com­mu­ni­cate to the Trump cam­paign, I sus­pect he could have called Mr. Trump direct­ly as opposed to hav­ing his son’s pop music pub­li­cist be the inter­me­di­ary.”

    ———-

    “Exclu­sive: Video shows Trump with asso­ciates tied to email con­tro­ver­sy” by Jere­my Dia­mond, CNN; 07/12/2017

    “Aras Agalarov told Russ­ian radio sta­tion BFM that he does­n’t know Trump Jr. per­son­al­ly, though he acknowl­edges that they “did Miss Uni­verse” togeth­er. But Agalarov told BFM that his son Emin Agalarov does know him. Agalarov told BFM he “does­n’t real­ly know” pub­li­cist Rob Gold­stone either and he says the notion that Gold­stone asked Trump Jr. to con­tact him about some dirt on Hillary Clin­ton is a “tall tale”

    So Agalarov is offi­cial­ly deny­ing every­thing, even after Trump, Jr. just released the whole email chain. And those denials include even real­ly know­ing Gold­stone. And while we can’t rule out the pos­si­bil­i­ty that Gold­stone real­ly did just make up the claims about Agalarov’s offer, keep in mind that Aras’s son Emin is one of Gold­stone’s clients so Gold­stone pre­sum­ably does­n’t want to piss off the Agalarovs (and Aras pre­sum­ably knows who his son’s pub­li­cist is...especially when they’re in the same 2013 video).

    Still, the ques­tion raised by Agalarov’s lawyer is a pret­ty good one: why did­n’t Agalarov just con­tact Trump direct­ly about such a sen­si­tive mat­ter?

    ...
    Scott Bal­ber, an attor­ney for the Agalarovs, also did not deny the close­ness of the rela­tion­ship between the Trumps and Agalarovs, instead rais­ing a ques­tion about Gold­stone’s cred­i­bil­i­ty.

    “It’s sim­ply fic­tion that this was some effort to cre­ate a con­duit for infor­ma­tion from the Russ­ian fed­er­al pros­e­cu­tors to the Trump cam­paign,” Bal­ber said on CNN’s “New Day.” “It’s just fan­ta­sy world because the real­i­ty is if there was some­thing impor­tant that Mr. Agalarov want­ed to com­mu­ni­cate to the Trump cam­paign, I sus­pect he could have called Mr. Trump direct­ly as opposed to hav­ing his son’s pop music pub­li­cist be the inter­me­di­ary.”

    It’s all quite weird, even by Trump-weird­ness stan­dards.

    Also don’t for­get that the June 9th meet­ing also involved Natalia Vesel­nit­skaya — the Russ­ian lawyer at the cen­ter of the now noto­ri­ous June 9th meet­ing. So Vesel­nit­skaya would be tak­ing a pret­ty big risk if she was involved in such a scheme that impli­cat­ed both Aras and the “Crown Pros­e­cu­tor” in writ­ing with­out their knowl­edge. Sim­i­lar­ly, if she was offer­ing “Russ­ian gov­ern­ment” help to Trump with­out at least some­one rel­a­tive­ly high up in the gov­ern­ment approv­ing such an action that also seems like an incred­i­ble risk. At the same time, doing what they did — hav­ing Rob Gold­stone straight up say ‘the Russ­ian gov­ern­ment wants to help you with some dirt on Hillary’ in an email to Trump, Jr. — also seems like an incred­i­ble risk...for the Russ­ian gov­ern­ment to take. So none if this real­ly makes sense.

    But there’s a par­tic­u­lar­ly amus­ing, and sad (‘Sad!’) con­trast of project pow­er and influ­ence that emerges from a piece by Leonid Bershid­sky on how Vesel­nit­skaya gives into the Russ­ian pow­er-struc­ture. First, look how Trump describes Agalarovs in the above CNN piece: As the most pow­er­ful peo­ple in Rus­sia:

    ...
    The next day, Trump lav­ish­es praise on the Agalarovs at the Miss USA 2013 red car­pet, call­ing them “the most pow­er­ful peo­ple in all of Rus­sia.”

    “These are the most pow­er­ful peo­ple in all of Rus­sia, the rich­est men in Rus­sia,” Trump says dur­ing the pub­lic red car­pet cer­e­mo­ny, which was includ­ed in the clips obtained by CNN.
    ...

    Well, it would appear Aras Agalarov does­n’t share such a high opin­ion of Don­ald Trump. Or at least Trump’s rel­a­tive impor­tance. Because as Bershid­sky points out, there are ‘lev­els’ in the Russ­ian pow­er struc­ture and peo­ple at high­er ‘lev­els’ don’t real­ly ‘deal’ with low­er-lev­el peo­ple. And as Aras Agalarov said of Trump in recent inter­view, Trump just isn’t the kind of per­son that top-lev­el Rus­sians would even talk to, at least pri­or to becom­ing Pres­i­dent. As Agalarov put it, “it’s one thing when he com­mu­ni­cates with me. That’s, like, one lev­el. But it’s a dif­fer­ent mat­ter for him to com­mu­ni­cate with the pres­i­dent of the Russ­ian Fed­er­a­tion.” (Sad!):

    Bloomberg
    View

    Trump’s Low-Lev­el Russ­ian Con­nec­tion
    The lawyer who met Don­ald Trump Jr. was no Krem­lin pow­er bro­ker.

    by Leonid Bershid­sky
    July 11, 2017, 10:16 AM CDT July 11, 2017, 11:35 AM CDT

    In sto­ries about her meet­ing with Don­ald Trump Jr., Natalia Vesel­nit­skaya, the unlike­ly celebri­ty in the lat­est install­ment of the Trump-Rus­sia sto­ry, is often described as some­one with “con­nec­tions to the Krem­lin.” That’s mis­lead­ing, although her involve­ment still says much about how pow­er works in Rus­sia.

    The red-brick fortress at the cen­ter of Moscow is the wrong archi­tec­tur­al land­mark in which to look for the ties that made Vesel­nit­skaya a suc­cess­ful lawyer. The right build­ing is a hulk­ing, futur­is­tic glass struc­ture just out­side the Moscow city lim­its, which hous­es the gov­ern­ment of the Moscow region — the con­stituent part of the Russ­ian Fed­er­a­tion which sur­rounds but does­n’t include the city of Moscow.

    The Russ­ian sys­tem of pow­er — at least its all-impor­tant infor­mal part — has always been all about “lev­els.” Russ­ian Pres­i­dent Vladimir Putin often uses the word to dis­crim­i­nate between mat­ters that are wor­thy of his atten­tion and those that aren’t. The region­al elites are sev­er­al notch­es below the Krem­lin lev­el, which explains Putin spokesman Dmitri Peskov’s snob­bish reac­tion to news about Vesel­nit­skaya:

    No, we don’t know who that is, we can­not fol­low all the meet­ings of all the Russ­ian lawyers both inside the coun­try and over­seas.

    Dur­ing Vesel­nit­skaya’s rise, the region, run by Boris Gro­mov — the gen­er­al who presided over the Sovi­et Union’s with­draw­al from Afghanistan in 1989 — was a mess of cor­rupt schemes that ulti­mate­ly led it to de fac­to bank­rupt­cy. I know a few things about it because I was the pub­lish­er of an inves­tiga­tive book about the peri­od, writ­ten by Forbes Rus­sia jour­nal­ist Anna Sokolo­va. The book’s print run was seized by police at a ware­house locat­ed in the Moscow Region. The pub­lish­ing com­pa­ny, Eksmo, fought the seizure and suc­cess­ful­ly sold the book.

    Dur­ing the gov­er­nor’s 12-year tenure, the region set up a num­ber of qua­si state-owned cor­po­ra­tions, which issued bil­lions of dol­lars’ worth of bonds in what lat­er turned out to be Ponzi-like schemes. Alex­ei Kuznetsov, the region­al finance min­is­ter who was mar­ried to New York socialite Jan­na Bul­lock, fled Rus­sia in 2008, after the schemes start­ed com­ing apart, and was arrest­ed in France in 2013. Extra­di­tion pro­ceed­ings are still under way.

    At the same time, the Moscow region was the are­na of some of the wildest land shenani­gans in Russ­ian his­to­ry. Land, some­times enor­mous­ly valu­able because of its prox­im­i­ty to the Sovi­et elite’s tra­di­tion­al coun­try res­i­dences, still used by top gov­ern­ment offi­cials, was bought up on the cheap from col­lec­tive farm­ers, and then ruth­less raiders fought bit­ter­ly over it. Their dis­putes, often involv­ing cur­rent and for­mer region­al gov­ern­ment offi­cials, became Vesel­nit­skaya’s bread and but­ter.

    Orig­i­nal­ly, she worked at the region­al pros­e­cu­tor’s office. There, she mar­ried deputy pros­e­cu­tor Alexan­der Mitusov — one of the region’s most influ­en­tial law enforce­ment offi­cials — and set up a pri­vate prac­tice in the Moscow Region. Her suc­cess rate and rep­u­ta­tion were soon fear­some; she claimed in a recent U.S. court fil­ing that she had argued and won 300 cas­es.

    After leav­ing the pros­e­cu­tor’s office, Mitusov became deputy trans­port min­is­ter under Pyotr Kat­syv, Gro­mov’s deputy and the region­al trans­port min­is­ter. The min­is­ter ran one of the state com­pa­nies that end­ed up insol­vent, leav­ing the region­al gov­ern­ment on the hook for its debts, but kept his job, leav­ing the trans­port min­istry only after Gro­mov was removed by the Krem­lin. Kat­syv has since worked in top jobs for Rus­si­a’s rail­road monop­oly and a major hydro­car­bon trans­port com­pa­ny.

    Vesel­nit­skaya did legal work for the Kat­syv fam­i­ly. Among oth­er things, she defend­ed Pyotr in a libel suit against a local activist who accused the region­al min­is­ter of involve­ment in shady real estate deals (she won). In the U.S., Vesel­nit­skaya is known for work­ing with the Amer­i­can defense of Denis Kat­syv, Pyotr’s son, accused by for­mer Man­hat­tan U.S. Attor­ney Preet Bharara of laun­der­ing mon­ey from a Russ­ian tax scam.

    That was­n’t just any scam but the Mag­nit­sky affair, made famous by invest­ment fund man­ag­er Bill Brow­der, whose lawyer, Sergei Mag­nit­sky, many believe was tor­tured and killed in a Russ­ian prison after expos­ing a mas­sive fraud per­pe­trat­ed by Russ­ian tax offi­cials and their accom­plices. The affair inspired the Mag­nit­sky Act, sanc­tion­ing par­tic­i­pants in the scheme and any oth­er Russ­ian human rights vio­la­tors. The Russ­ian par­lia­ment retal­i­at­ed by ban­ning U.S. adop­tions of Russ­ian chil­dren, and Pres­i­dent Vladimir Putin signed the bill, denounc­ing the Mag­nit­sky Act as a domes­ti­cal­ly moti­vat­ed polit­i­cal attack on Rus­sia. (the gov­ern­ments of Cana­da and the U.K. have both backed Mag­nit­sky-inspired leg­is­la­tion this year.)

    Talk of Vesel­nit­skaya’s Krem­lin ties comes from her efforts to lob­by for the repeal of the Mag­nit­sky Act — which is what Don­ald Trump, Jr., claims she tried to do when she got her meet­ing with him, pres­i­den­tial son-in-law Jared Kush­n­er and Trump cam­paign man­ag­er Paul Man­afort. She got the meet­ing through a string of Moscow Region con­tacts. The intro­duc­tion was made by Rob Gold­stone, the for­mer U.K. tabloid jour­nal­ist who pro­mot­ed Russ­ian-Azer­bai­jani pop singer Emin Agalarov.

    Emin is the son and heir of real estate bil­lion­aire Aras Agalarov, who is also often described as close to Putin. Like many Russ­ian busi­ness­men who want to stay in the Krem­lin’s good graces, Agalarov takes on projects on gov­ern­ment orders, even at a loss, such as the con­struc­tion of a uni­ver­si­ty in the far east and two soc­cer are­nas for the 2018 World Cup. But his real pow­er base is in the Moscow Region. His enor­mous expo cen­ter, con­cert hall and shop­ping com­plex are locat­ed right next to the region­al gov­ern­ment build­ing. Agalarov even built the sub­way sta­tion, Myakini­no, that low-rank­ing region­al bureau­crats use to get to work.

    It was with the Agalarovs that Trump part­nered for the 2013 Miss Uni­verse pageant, held in Moscow. That’s how Gold­stone, who arranged the pres­ence of Trump and the con­tes­tants in an Emin Agalarov music video, knew Don­ald Jr. Emin, for his part, knew Vesel­nit­skaya, queen of the region­al court­rooms. Before he was elect­ed, Trump’s lev­el of com­mu­ni­ca­tion in Rus­sia was no high­er than that of the Moscow Region’s elite, sev­er­al notch­es below the Krem­lin. Aras Agalarov said of Trump in a recent inter­view with the Russ­ian dai­ly Kom­so­mol­skaya Prav­da:

    It’s one thing when he com­mu­ni­cates with me. That’s, like, one lev­el. But it’s a dif­fer­ent mat­ter for him to com­mu­ni­cate with the pres­i­dent of the Russ­ian Fed­er­a­tion.

    It was Rex Tiller­son, the cur­rent sec­re­tary of state, who, as chief exec­u­tive offi­cer at Exxon Mobil, enjoyed the high­est lev­el of access. Trump just was­n’t impor­tant enough. It’s entire­ly pos­si­ble that a Krem­lin effort to help Trump beat Hillary Clin­ton reached to low­er lev­els because that’s where it was eas­i­est to estab­lish con­tact with Trump’s fam­i­ly. But it’s more like­ly that Vesel­nit­skaya, the tena­cious and ambi­tious lawyer who could pull every string in the Moscow Region, did so to get her pet issue — the repeal of the Mag­nit­sky Act, which was get­ting her major client in trou­ble — in front of some impor­tant Amer­i­cans. That kind of effort would have been on the right lev­el.

    ...

    ———-

    “Trump’s Low-Lev­el Russ­ian Con­nec­tion” by Leonid Bershid­sky; Bloomberg; 07/11/2017

    “It was with the Agalarovs that Trump part­nered for the 2013 Miss Uni­verse pageant, held in Moscow. That’s how Gold­stone, who arranged the pres­ence of Trump and the con­tes­tants in an Emin Agalarov music video, knew Don­ald Jr. Emin, for his part, knew Vesel­nit­skaya, queen of the region­al court­rooms. Before he was elect­ed, Trump’s lev­el of com­mu­ni­ca­tion in Rus­sia was no high­er than that of the Moscow Region’s elite, sev­er­al notch­es below the Krem­lin. Aras Agalarov said of Trump in a recent inter­view with the Russ­ian dai­ly Kom­so­mol­skaya Prav­da.”

    So Aras Agalarov did sort of lend sup­port to Trump’s claims that he had nev­er pre­vi­ous­ly met Vladimir Putin. Maybe it’s true. Maybe Trump nev­er had more than a a few pass­ing inter­ac­tions with Putin...because Trump was­n’t impor­tant enough. He was too “low lev­el” for Putin’s time and pres­tige. Very Sad!

    Also note Bershid­sky’s final take on the sit­u­a­tion: that Vesel­nit­skaya real­ly did use her con­tacts to arrange for this meet­ing and real­ly did basi­cal­ly bait the Trump’s into a meet­ing promis­ing dirt on Hillary sim­ply to get a chance to lob­by the Trump cam­paign about her pet issue, the Mag­nit­sky Act:

    ...
    It was Rex Tiller­son, the cur­rent sec­re­tary of state, who, as chief exec­u­tive offi­cer at Exxon Mobil, enjoyed the high­est lev­el of access. Trump just was­n’t impor­tant enough. It’s entire­ly pos­si­ble that a Krem­lin effort to help Trump beat Hillary Clin­ton reached to low­er lev­els because that’s where it was eas­i­est to estab­lish con­tact with Trump’s fam­i­ly. But it’s more like­ly that Vesel­nit­skaya, the tena­cious and ambi­tious lawyer who could pull every string in the Moscow Region, did so to get her pet issue — the repeal of the Mag­nit­sky Act, which was get­ting her major client in trou­ble — in front of some impor­tant Amer­i­cans. That kind of effort would have been on the right lev­el.
    ...

    But for Vesel­nit­skaya to arrange all this on her own she would have need­ed to have been close to the “Crown pros­e­cu­tor” (the pros­e­cu­tor gen­er­al of Rus­sia) to get him on board with this. And Vesel­nit­skaya is report­ed­ly close to the pros­e­cu­tor gen­er­al. But if this real­ly was a “low­er-lev­el” oper­a­tion, all this would have had to have been done with­out Putin’s knowl­edge in the mid­dle of a US pres­i­den­tial cam­paign where Trump’s ties to Rus­sia was already a cam­paign issue. Would a “low­er-lev­el”, yet still rel­a­tive­ly high-pow­ered, Russ­ian attor­ney engage in such a scheme with the Russ­ian pros­e­cu­tor gen­er­al and an oli­garch like Aras Agalarov engage in such a scheme on their own? It does­n’t seem like a like­ly sce­nario. But a high-lev­el, Putin-direct­ed oper­a­tion like the one being described also does­n’t seem very like­ly sim­ply because of how stu­pid it all is to write such an incrim­i­nat­ing email and have goof­balls like Rob Gold­stone oper­at­ing as the mid­dle­man.

    But that’s where we are: every sce­nario we’re being asked to enter­tain is implau­si­bly stu­pid. It’s one of the more unpleas­ant aspects of life in Trum­p­lan­dia. We can’t even apply ‘Trump’s Razor’ any­more! Very Very Sad!

    Posted by Pterrafractyl | July 12, 2017, 3:35 pm
  9. Here’s the lat­est twist on the var­i­ous GOP efforts to search dark web for some­one who may have hacked Hillary Clin­ton’s pri­vate email serv­er. Recall how GOP financier Peter Smith was run­ning an oper­a­tion involv­ing Michael Fly­nn, Steve Ban­non, and Kellyanne Con­way to find Hillary’s emails. And recall how that oper­a­tion end­ed up with them con­sult­ing with ‘Alt Right’ troll Charles John­son and Guc­cifer 2.0, who both report­ed­ly rec­om­mend­ed they con­tact Andrew ‘weev’ Auern­heimer in their pur­suits. Also recall how John­son said he “put the word out” to a “hid­den oppo net­work” of oth­er right-wing groups who were more or less try­ing to do the same thing.

    Well, in this lat­est twist it looks like we may have stum­bled across part of that “hid­den oppo net­work”, although there’s no indi­ca­tion yet that this is actu­al­ly part of the net­work John­son was refer­ring to: It turns out Bar­bara Ledeen, wife of Michael Ledeen, appar­ent­ly decid­ed to cre­ate her own oper­a­tion back in 2015 while she was a GOP staffer for the Sen­ate judi­cia­ry com­mit­tee.

    Ledeen claims she was sole­ly moti­vat­ed out of fears that Hillary’s hacked emails might put her chil­dren serv­ing in the mil­i­tary at risk (that’s seri­ous­ly her sto­ry). Of course, as we’ve seen before, her hus­band, Michael, was Michael Fly­n­n’s co-author on their book The Field of Fight: How We Can Win the Glob­al War Against Rad­i­cal Islam, a book that argues the US is already in WWIII against rad­i­cal Islam the US needs to wage a full-scale reli­gious war in response. So in addi­tion to Fly­n­n’s alleged involve­ment in Peter Smith’s “hid­den oppo” team, we have the wife of the co-author on Fly­n­n’s book also run­ning her own oper­a­tion.

    Who else was involved with Bar­bara Ledeen email-hunt­ing team? So far, all we know is that she asked Newt Gin­grich and “an unnamed defense con­trac­tor”. Gin­grich appar­ent­ly want­ed to bring in some more peo­ple so he reached out to Judi­cial Watch who, in turn, brought in anoth­er unnamed con­trac­tor who is described as an expert on the dark web.

    So it looks like we can add Bar­bara Ledeen, Newt Gin­grich, Judi­cial Watch, and a pair of the unnamed con­trac­tors to the list of peo­ple com­pris­ing a hid­den oppo net­work, and per­haps the hid­den oppo net­work John­son was talk about.

    But if that’s the case and this is the net­work John­son was refer­ring to it’s pret­ty remark­able coin­ci­dence that both of these net­works could have been oper­at­ing with­out know­ing about each oth­er giv­en the close­ness of Fly­nn and Michael Ledeen and the fact that Fly­nn and Ledeen’s book was pub­lished in July of 2016, imply­ing that Fly­nn and Ledeen were in pret­ty close con­tact with each oth­er in the peri­od lead­ing up to this.

    At the same time, it’s impor­tant to note that we don’t know when Bar­bara Ledeen’s team stopped oper­at­ing. We just know that it appar­ent­ly start­ed in 2015 accord­ing to the arti­cle below. So it’s pos­si­ble the team end­ed its search before the Smith team start­ed up in Sep­tem­ber of 2016. It’s one of the many sig­nif­i­cant facts we have yet to learn about this par­tic­u­lar right-wing hack­er-out­reach effort:

    The Guardian

    Fly­nn ally sought help from ‘dark web’ in covert Clin­ton email inves­ti­ga­tion

    Bar­bara Ledeen, a staffer on the com­mit­tee look­ing into Trump’s Rus­sia ties and a friend of Mike Fly­nn, tried to launch her own inves­ti­ga­tion into Clinton’s emails

    Stephanie Kirch­gaess­ner

    Fri­day 13 Octo­ber 2017 05.30 EDT
    Last mod­i­fied on Fri­day 13 Octo­ber 2017 09.38 EDT

    A close asso­ciate of Don­ald Trump’s for­mer nation­al secu­ri­ty advis­er Michael Fly­nn arranged a covert inves­ti­ga­tion into Hillary Clinton’s use of a pri­vate email serv­er when she was sec­re­tary of state, and through inter­me­di­aries turned to a per­son with knowl­edge of the “dark web” for help.

    Fly­nn, a retired three-star gen­er­al who led chants of “lock her up” at last year’s Repub­li­can nation­al con­ven­tion, is a cen­tral fig­ure in the FBI’s inves­ti­ga­tion into whether the Krem­lin worked with the Trump cam­paign to sway the US elec­tion.

    Fly­nn is per­son­al­ly and ide­o­log­i­cal­ly linked to Bar­bara Ledeen, a long­time con­ser­v­a­tive activist who works for the Repub­li­can sen­a­tor Chuck Grass­ley on the Sen­ate judi­cia­ry com­mit­tee – which is now inves­ti­gat­ing alleged links between the Trump cam­paign and Rus­sia.

    Ledeen’s hus­band, Michael Ledeen, is also a con­fi­dant of Fly­nn, and co-authored a book with him last year.

    Fly­nn was forced to resign in Feb­ru­ary after just 24 days on the job as Trump’s chief intel­li­gence offi­cial in the White House, when it emerged that he had lied to Vice-Pres­i­dent Mike Pence about con­ver­sa­tions he had with the then Russ­ian ambas­sador to the US, Sergey Kislyak.

    Accord­ing to inter­view notes released by the FBI last year, Ledeen decid­ed in 2015 to launch her own inves­ti­ga­tion into Clinton’s use of the serv­er. At the time, she was a staffer on the Sen­ate judi­cia­ry com­mit­tee.

    Accord­ing to the FBI files, Ledeen want­ed to deter­mine whether the emails had been hacked by a “for­eign pow­er”, because the inci­dent angered her as a cit­i­zen and because she want­ed to know whether such a hack would put her chil­dren, who served in the mil­i­tary, in dan­ger.

    Clinton’s use of a pri­vate serv­er was steeped in con­tro­ver­sy through­out her unsuc­cess­ful pres­i­den­tial bid, but Ledeen’s con­cerns proved to be unfound­ed. A fed­er­al inves­ti­ga­tion found no evi­dence that the emails on Clinton’s pri­vate serv­er were ever com­pro­mised.

    Ledeen’s name was redact­ed on the FBI doc­u­ments describ­ing the inves­ti­ga­tion, which were released last year in response to a Free­dom of Infor­ma­tion Act request. But a per­son who reviewed the unredact­ed doc­u­ments con­firmed to the Guardian that Bar­bara Ledeen was the sub­ject. Her involve­ment was also con­firmed by the Sen­ate judi­cia­ry com­mit­tee in response to the Guardian’s ques­tions.

    Accord­ing to the FBI notes, Ledeen want­ed to pur­sue her own inves­ti­ga­tion in 2015 into whether or not Clinton’s emails had been com­pro­mised but could not finance the work.

    She sought out the help of an unnamed defense con­trac­tor and also turned to Newt Gin­grich, the for­mer Repub­li­can speak­er of the House, for help. Accord­ing to the FBI notes, Gin­grich “want­ed to speak to oth­ers about the project” and asked Judi­cial Watch, the con­ser­v­a­tive activist group, for finan­cial assis­tance.

    Judi­cial Watch alleged­ly turned to anoth­er, unnamed, con­trac­tor who was famil­iar with the “deep web and dark web”, accord­ing to the FBI files. The par­ties were con­cerned about what they would do if they came across any emails that con­tained clas­si­fied infor­ma­tion. Accord­ing to the FBI inves­ti­ga­tion, the project was lat­er halt­ed.

    The inci­dent and web of rela­tion­ships is impor­tant for two rea­sons.

    First, because Ledeen is the sec­ond per­son with ties to Fly­nn who alleged­ly sought to inves­ti­gate Clinton’s use of a pri­vate serv­er in an unof­fi­cial capac­i­ty.

    In June, a for­mer British intel­li­gence offi­cial named Matt Tait said that he had been approached by a long­time Repub­li­can oper­a­tive called Peter Smith, who had a his­to­ry of seek­ing dam­ag­ing mate­r­i­al about the Clin­ton fam­i­ly and was known for his close ties to Gin­grich.

    Smith was con­vinced that Clinton’s pri­vate serv­er had been hacked by a for­eign pow­er, prob­a­bly Rus­sians, Tait said.

    Smith, who died at the age of 81 10 days after giv­ing his own account to the Wall Street Jour­nal, told the news­pa­per he had oper­at­ed inde­pen­dent­ly of the Trump cam­paign.

    He alleged­ly told Tait that he had been approached by a per­son on the “dark web” who claimed to have a copy of emails from Clinton’s serv­er and want­ed help val­i­dat­ing their authen­tic­i­ty.

    Accord­ing to Tait’s account, Smith claimed to be work­ing with Fly­nn, who at the time was serv­ing as a for­eign pol­i­cy advis­er to Don­ald Trump’s pres­i­den­tial cam­paign.

    Ledeen’s involve­ment is also impor­tant because she works on the Sen­ate judi­cia­ry com­mit­tee, which is con­duct­ing an inves­ti­ga­tion into the Trump cam­paign. Her family’s rela­tion­ship with Fly­nn rais­es ques­tions about whether Ledeen could be wield­ing influ­ence over the inves­ti­ga­tion.

    Grassley’s spokesman said that Ledeen’s 2015 inquiry had not been autho­rised by the judi­cia­ry com­mit­tee and that the com­mit­tee had only learned of it after it had been com­plet­ed.

    “She was instruct­ed not to do any fur­ther fol­low-up once the com­mit­tee learned of her involve­ment,” the spokesman said.

    Con­gres­sion­al inves­ti­ga­tors do not have the pow­er of the FBI and fed­er­al pros­e­cu­tors to bring crim­i­nal indict­ments, but they can com­pel wit­ness­es to tes­ti­fy pub­licly and under oath, and can poten­tial­ly play an impor­tant role in set­ting the ground­work for impeach­ment pro­ceed­ings against the pres­i­dent.

    Grass­ley has sev­er­al impor­tant deci­sions to weigh in how his inves­ti­ga­tion will pro­ceed, includ­ing whether to call the president’s son, Don­ald Trump Jr, to tes­ti­fy pub­licly about a 2016 meet­ing he attend­ed with Rus­sians.

    A Grass­ley spokesman told the Guardian that Bar­bara Ledeen was a part-time staffer on the judi­cia­ry com­mit­tee judi­cial nom­i­na­tions unit. He said Ledeen was “in no way” con­nect­ed to the inves­ti­ga­tions team and “would not have access to any of its mate­ri­als”.

    “Sen­a­tor Grass­ley has no rela­tion­ship with Barbara’s hus­band and wouldn’t recog­nise him if he saw him,” the spokesman added.

    Ledeen and her hus­band have been influ­en­tial – and con­tro­ver­sial – play­ers in con­ser­v­a­tive cir­cles in Wash­ing­ton for decades.

    Michael Ledeen, Barbara’s hus­band, is a his­to­ri­an and for­mer Rea­gan admin­is­tra­tion offi­cial who helped to devel­op the secret pro­gramme to sell US arms to Iran in the late 1980s, in what is known as the Iran-Con­tra affair.

    ...

    ———-

    “Fly­nn ally sought help from ‘dark web’ in covert Clin­ton email inves­ti­ga­tion” by Stephanie Kirch­gaess­ner; The Guardian; 10/13/2017

    “Accord­ing to inter­view notes released by the FBI last year, Ledeen decid­ed in 2015 to launch her own inves­ti­ga­tion into Clinton’s use of the serv­er. At the time, she was a staffer on the Sen­ate judi­cia­ry com­mit­tee.

    So at some point in 2015, Bar­bara Ledeen decid­ed to search the dark web for Hillary’s emails. Why? Because she want­ed to see if a “for­eign pow­er” hacked them and then throw them up on the dark web which might put her chil­dren in the mil­i­tary at risk. That’s her sto­ry:

    ...
    Accord­ing to the FBI files, Ledeen want­ed to deter­mine whether the emails had been hacked by a “for­eign pow­er”, because the inci­dent angered her as a cit­i­zen and because she want­ed to know whether such a hack would put her chil­dren, who served in the mil­i­tary, in dan­ger.
    ...

    But she need­ed mon­ey so she turned to Newt Gin­grich and an unnamed defense con­trac­tor. And then Gin­grich brought in Judi­cial Watch and anoth­er con­trac­tor who was famil­iar with dark web. Then they all got con­cerned about what to do if they came across clas­si­fied infor­ma­tion and the project was lat­er halt­ed. That’s also her sto­ry:

    ...
    Accord­ing to the FBI notes, Ledeen want­ed to pur­sue her own inves­ti­ga­tion in 2015 into whether or not Clinton’s emails had been com­pro­mised but could not finance the work.

    She sought out the help of an unnamed defense con­trac­tor and also turned to Newt Gin­grich, the for­mer Repub­li­can speak­er of the House, for help. Accord­ing to the FBI notes, Gin­grich “want­ed to speak to oth­ers about the project” and asked Judi­cial Watch, the con­ser­v­a­tive activist group, for finan­cial assis­tance.

    Judi­cial Watch alleged­ly turned to anoth­er, unnamed, con­trac­tor who was famil­iar with the “deep web and dark web”, accord­ing to the FBI files. The par­ties were con­cerned about what they would do if they came across any emails that con­tained clas­si­fied infor­ma­tion. Accord­ing to the FBI inves­ti­ga­tion, the project was lat­er halt­ed.
    ...

    Part of what’s so amus­ing about the ‘con­cerns’ over find­ing clas­si­fied infor­ma­tion in these emails is that that was the big prize: find­ing clas­si­fied infor­ma­tion in the hacked emails. ‘Putting clas­si­fied infor­ma­tion at risk’ was the charge con­stant­ly lev­eled against Hillary for set­ting up that pri­vate serv­er so such con­cerns would be like going on trea­sure hunt and get­ting all con­cerned about find­ing the trea­sure. The only con­cern for them would have been con­cerns over how to best polit­i­cal­ly exploit such an amaz­ing find.

    But that’s her sto­ry. At least the sto­ry she told the FBI.

    And then there’s the sto­ry com­ing out from the office of Chuck Grass­ley, the head of the Sen­ate judi­cia­ry com­mit­tee, dis­tanc­ing his com­mit­tee from Ledeen: “Sen­a­tor Grass­ley has no rela­tion­ship with Barbara’s hus­band and wouldn’t recog­nise him if he saw him”:

    ...
    A Grass­ley spokesman told the Guardian that Bar­bara Ledeen was a part-time staffer on the judi­cia­ry com­mit­tee judi­cial nom­i­na­tions unit. He said Ledeen was “in no way” con­nect­ed to the inves­ti­ga­tions team and “would not have access to any of its mate­ri­als”.

    “Sen­a­tor Grass­ley has no rela­tion­ship with Barbara’s hus­band and wouldn’t recog­nise him if he saw him,” the spokesman added.

    Ledeen and her hus­band have been influ­en­tial – and con­tro­ver­sial – play­ers in con­ser­v­a­tive cir­cles in Wash­ing­ton for decades.

    Michael Ledeen, Barbara’s hus­band, is a his­to­ri­an and for­mer Rea­gan admin­is­tra­tion offi­cial who helped to devel­op the secret pro­gramme to sell US arms to Iran in the late 1980s, in what is known as the Iran-Con­tra affair.
    ...

    Sen­a­tor Grass­ley, some­one who has been serv­ing in the Sen­ate for decades, appar­ent­ly would­n’t rec­og­nize one of the most have been influ­en­tial – and con­tro­ver­sial – play­ers in con­ser­v­a­tive cir­cles in Wash­ing­ton for decades. You have to won­der what’s prompt­ing that kind of denial. There’s a dis­tinct “he doth protest too much” feel to it.

    So we have a Fly­nn-con­nect­ed team going on to the dark web in 2015, and then a sec­ond Fly­nn-relat­ed team team doing the same thing in Sep­tem­ber 2016. And don’t for­get that “scow­er­ing the dark web for Hillary’s hacked emails” is a great cov­er sto­ry for “going on to the dark web to hire a hack­er or coor­di­nate with a sym­pa­thet­ic one who will do the hack­ing for free”. It rais­es the obvi­ous ques­tion of whether or not these two hack­er-out­reach efforts were part of the same over­all oper­a­tion: have one team arrange for the hacks and a com­plete­ly sep­a­rate team con­tact the hack­er lat­er. A hack­er like, oh, say, Andrew ‘weev’ Auern­heimer? Maybe?

    Posted by Pterrafractyl | October 25, 2017, 3:03 pm
  10. There’s a new Buz­zFeed on the cyber foren­sic ana­lyst, Robert John­ston, who led the Crowd­strike inves­ti­ga­tion into the DNC serv­er hack that helps fill in some addi­tion­al details about both the March of 2016 hack alleged­ly car­ried out by APT28 (Fan­cy Bear) as well as the ear­li­er 2015 hack attrib­uted to APT29 (Cozy Bear).
    One detail we had­n’t known before is how the FBI ini­tial­ly iden­ti­fied that the DNC’s serv­er was hacked in Sep­tem­ber of 2015. The NSA informed the FBI of this. This is rather notable since it would sug­gest that the NSA deter­mined the DNC’s serv­er was hacked by watch­ing traf­fic flow­ing from the DNC’s servers to the same com­mand and con­trol serv­er that was used in the Pen­ta­gon hack. And that sug­gests that the FBI or NSA should have been able to see these data flows dur­ing that entire bizarre 7 month peri­od (from Sep­tem­ber 2015 through March 2016) when the DNC was ignor­ing the FBI’s half-assed attempts to inform this of this hack.

    Anoth­er impor­tant detail relates to both the APT29 and APT28 hacks. The 2015 hack pre­sumed to be the work of the Russ­ian FSB (APT29/Cozy Bear) took place some time around May 2015, the same month of the Bun­destag hack. The report does­n’t indi­cate that the APT29 hack was part of the same wave that hit the Bun­destag, but the tim­ing is quite inter­est­ing.

    Here’s where it gets extra inter­est­ing: accord­ing to John­ston, that May 2015 hack was part of a pre­sumed Russ­ian gov­ern­ment hack­ing cam­paign that was rather unusu­al for Russ­ian gov­ern­ment hack­ing in gen­er­al but not at all unusu­al for the DNC hacks. It was an extreme­ly ‘noisy’ hack. Instead of the typ­i­cal 5 or 6 care­ful­ly craft­ed phish­ing emails tar­get­ing a select set of indi­vid­ual, the May 2015 hack his 50,000–60,000 peo­ple. As John­ston put it, it was like the hack­ers did­n’t care who saw them doing it. And John­ston should know, because that same wave of phish­ing attempts also hit the Pen­ta­gon and he was work­ing for the cyber defense unit the Marine Corps had recent­ly set up that respond­ed to it.

    Of course, part of what makes the con­spic­u­ous “I’m a Russ­ian hack­er! Watch me work!” nature of that May 2015 APT 29 hack­ing cam­paign extra con­spic­u­ous is that, as we’ve seen before, a key piece if dig­i­tal evi­dence that led to the attri­bu­tion of the March 2016 hack to APT28/Fancy Bear was that the mal­ware used in that hack includ­ed a hard cod­ed IP address that was the same hard cod­ed IP address found in the May 2015 Bun­destag hack­’s mal­ware. <a href=“IP ad”>And that IP address evi­dence is rather con­spic­u­ous evi­dence, both because it includes a hard cod­ed IP address and because the serv­er that IP address leads back to was run­ning a vul­ner­a­ble ver­sion of OpenSSL that could have allowed it to be hijacked via the Heart­bleed attack. In oth­er words, we already knew that the APT28/Fancy Bear hack was filled with con­spic­u­ous “I’m a Russ­ian hack­er!” dig­i­tal evi­dence left behind. But now we know that the APT29 hack a year ear­li­er also had that same “I’m a Russ­ian hack­er! Watch me work!” atyp­i­cal char­ac­ter­is­tic:

    Buz­zFeed News

    He Solved The DNC Hack. Now He’s Telling His Sto­ry For The First Time.

    Less than a year before Marine Corps cyber­war­rior Robert John­ston dis­cov­ered that the Rus­sians had hacked the Demo­c­ra­t­ic Nation­al Com­mit­tee, he found they had launched a sim­i­lar attack at the Joint Chiefs of Staff.

    Jason Leopold
    Buz­zFeed News Reporter
    Post­ed on Novem­ber 8, 2017, at 2:38 p.m.

    One late morn­ing in May 2016, the lead­ers of the Demo­c­ra­t­ic Nation­al Com­mit­tee hud­dled around a packed con­fer­ence table and stared at Robert John­ston. The for­mer Marine Corps cap­tain gave his brief­ing with unemo­tion­al mil­i­tary pre­ci­sion, but what he said was so unnerv­ing that a high-lev­el DNC offi­cial curled up in a ball on her con­fer­ence room chair as if watch­ing a hor­ror movie.

    At 30, John­ston was already an accom­plished dig­i­tal detec­tive who had just left the military’s elite Cyber Com­mand, where he had helped stanch a Russ­ian hack on the US military’s top lead­er­ship. Now, work­ing for a pri­vate cyber­se­cu­ri­ty com­pa­ny, he had to brief the DNC — while it was in the mid­dle of a white-knuck­le pres­i­den­tial cam­paign — about what he’d found in the organization’s com­put­er net­works.

    Their reac­tion was “pure shock,” John­ston recalled. “It was their worst day.”

    Although the broad out­lines of the DNC hack are now well-known, its details have remained mys­te­ri­ous, spark­ing sharp and per­sis­tent ques­tions. How did the DNC miss the hack? Why did a pri­vate secu­ri­ty con­sul­tant, rather than the FBI, exam­ine its servers? And how did the DNC find Johnston’s firm, Crowd­Strike, in the first place?

    Johnston’s account — told here for the first time, and sub­stan­ti­at­ed in inter­views with 15 sources at the FBI, the DNC, and the Defense Depart­ment — resolves some of those ques­tions while adding new infor­ma­tion about the hack itself.

    A polit­i­cal out­sider who got the job essen­tial­ly at ran­dom — the DNC lit­er­al­ly called up CrowdStrike’s sales desk — John­ston was the lead inves­ti­ga­tor who deter­mined the nature and scope of the hack, one he described less as a stealth bur­glary than as a brazen ran­sack­ing. Despite his cen­tral role, John­ston has nev­er talked with inves­ti­ga­tors prob­ing Russ­ian inter­fer­ence, let alone with the media. But to peo­ple deal­ing with the cri­sis, “He was indis­pens­able,” as a source close to the DNC put it.

    John­ston was also large­ly on his own. The par­ty had hired Crowd­Strike essen­tial­ly in place of the FBI — to this day, the Bureau has not had access to the DNC’s servers. DNC offi­cials said they made the eye­brow-rais­ing choice to go with a pri­vate firm because they were wor­ried they’d lose con­trol of their oper­a­tions right in the mid­dle of the cam­paign. Not only that, but the FBI was inves­ti­gat­ing Hillary Clinton’s use of a pri­vate email serv­er. Bet­ter, the DNC fig­ured, to han­dle things pri­vate­ly.

    It was a deci­sion that would cast a shad­ow of doubt over the inves­ti­ga­tion, even though cyber­se­cu­ri­ty experts have wide­ly accept­ed John­ston’s main find­ings.

    In the con­fer­ence room that day, as he unveiled his find­ings to Demo­c­ra­t­ic Par­ty offi­cials and lawyers, then-chair Deb­bie Wasser­man Schultz lis­tened in via speak­er­phone. John­ston told them that their com­put­er sys­tems had been ful­ly com­pro­mised — not just by one attack, but by two. Mal­ware from the first attack had been fes­ter­ing in the DNC’s sys­tem for a whole year. The sec­ond infil­tra­tion was only a cou­ple of months old. Both sets of mal­ware were asso­ci­at­ed with Russ­ian intel­li­gence.

    Most dis­turb­ing: The hack­ers had been gath­er­ing copies of all emails and send­ing them out to some­one, some­where. Every sin­gle email that every DNC staffer typed had been spied on. Every word, every joke, every syl­la­ble.

    There was still no warn­ing that Rus­sia might try to inter­fere on Don­ald Trump’s behalf. So the DNC offi­cials ham­mered John­ston with ques­tions: What would hap­pen with all their infor­ma­tion? All that stolen data? What would the com­put­er hack­ers do with it?

    John­ston didn’t know. The FBI didn’t know.

    The answers would come when the stolen emails were pub­lished by Wik­iLeaks in a series of dev­as­tat­ing, care­ful­ly timed leaks. And the impli­ca­tions of what John­ston had found would come lat­er, too: The Russ­ian gov­ern­ment may have been active­ly work­ing against Hillary Clin­ton to help elect Don­ald Trump.

    ...

    In the spring of 2015, John­ston was a cap­tain in the Marine Corps lead­ing new­ly formed Cyber Pro­tec­tion Team 81, based near the NSA in Fort Meade, Mary­land, as part of the military’s Cyber Com­mand, or Cyber­com.

    On a Sat­ur­day around 2 a.m., John­ston received a call on his cell phone from his com­mand­ing offi­cer. “The major said, ‘How fast can your guys be back in DC?’” John­son recalled. “‘Tell them to meet at the Pen­ta­gon and you’ll find out more there.’”

    A mal­ware attack against the Pen­ta­gon had reached the unclas­si­fied com­put­ers of the Joint Chiefs of Staff, the military’s top brass who advise the pres­i­dent. The mal­ware had spread fast — in just five hours, it had com­pro­mised all five of the chairs’ lap­tops and all three of the vice chairs’ lap­tops and desk­top com­put­ers.

    Soon, John­ston and the oth­ers iden­ti­fied the mal­ware. It was asso­ci­at­ed with APT 29, for “advanced per­sis­tent threat,” a hack­er group wide­ly believed to be linked to the FSB, Russia’s fed­er­al secu­ri­ty ser­vice.

    John­ston said the phish­ing cam­paign against the Joint Chiefs stood out. Usu­al­ly, he said of Russ­ian hack­ers, “their oper­a­tions are very sur­gi­cal. They might send five phish­ing emails, but they’re very well-craft­ed and very, very tar­get­ed.” But this time it was a broad­side. “The tar­get list was, like, 50 to 60,000 peo­ple around the world. They hit them all at once.” It’s rare, he said, for “an intel ser­vice to be so noisy.”

    By “noisy,” he means that the attack­ers were draw­ing a huge amount of atten­tion, send­ing out 50,000 phish­ing emails, as if they didn’t care that any­one knew what they were doing.

    ...

    He left the Marine Corps as a cap­tain, and in Novem­ber 2015, he signed up to work for Crowd­Strike, a well-known cyber­pro­tec­tion com­pa­ny whose pres­i­dent, Shawn Hen­ry, is a for­mer head of the FBI’s Cyber Divi­sion. Crowd­Strike declined to com­ment about John­ston’s work.

    John­ston didn’t know it, but in Sep­tem­ber 2015 as he was get­ting ready to leave the Marines, the NSA informed the FBI that DNC com­put­ers had like­ly been hacked, three sources said. An FBI agent then called the DNC’s IT office and said that the organization’s servers had been com­pro­mised.

    That part of the sto­ry has been told — how lit­tle was done for sev­en months. The FBI peri­od­i­cal­ly tried to get in touch with the orga­ni­za­tion, but the DNC did not believe the threat was real.

    Final­ly, in April, the DNC IT depart­ment became con­vinced that there was a prob­lem, and top Demo­c­ra­t­ic offi­cials became wor­ried. But even then, they did­n’t call the FBI. They called the sales desk at Crowd­Strike. (Last week, lawyers for Buz­zFeed sub­poe­naed both the DNC and Crowd­Strike for infor­ma­tion about the hack and the inves­ti­ga­tion into it. The sub­poe­na was not relat­ed to this sto­ry but to a libel suit filed by a Russ­ian busi­ness­man named in the Trump dossier pub­lished by Buz­zFeed News in Jan­u­ary.)

    At Crowd­Strike, the case was assigned to John­ston, new to the com­pa­ny but with bat­tle-test­ed skills, who soon end­ed up on the phone with the DNC IT chief.

    “The FBI thinks we have a prob­lem, some­thing called ‘Dukes,’” John­ston said the IT employ­ee told him. The Dukes is anoth­er name for APT 29, the hack­ers who John­ston had bat­tled before, at the Joint Chiefs.

    John­ston sent the DNC a script to run on all its servers, and then col­lect­ed the out­put code. To an out­sider it might have looked like a tedious job to exam­ine long strings of data. But with­in an hour John­ston had it: an unmis­tak­able string of com­put­er code — sab­o­tage — that didn’t belong in the sys­tem. It was “exe­cutable file paths” — evi­dence of pro­grams — that didn’t belong there. They stood out like a shiny wrench left in a car engine.

    And in fact, John­ston had seen this par­tic­u­lar piece of code before, back when he was at the Pen­ta­gon. So it was easy to rec­og­nize this neme­sis. He knew who had sent it by the tell­tale sig­na­tures. “This was APT 29,” he said. Lat­er, when he had spent more time ana­lyz­ing the DNC hack, he would come to believe that the Democ­rats had been com­pro­mised by the same blast of 50,000 or so phish­ing emails that had breached the com­put­ers of the Joint Chiefs.

    When he briefed the DNC in that con­fer­ence room, John­ston pre­sent­ed a report that basi­cal­ly said, “They’ve balled up data and stolen it.” But the polit­i­cal offi­cials were hard­ly expe­ri­enced in the world of intel­li­gence. They were not just hor­ri­fied but puz­zled. “They’re look­ing at me,” John­ston recalled, “and they’re ask­ing, ‘What are they going to do with the data that was tak­en?’”

    Back then, no one knew. In addi­tion to APT 29, anoth­er hack­ing group had launched mal­ware into the DNC’s sys­tem. Called APT 28, it’s also asso­ci­at­ed Russ­ian intel­li­gence. Andrei Solda­tov, a Russ­ian inves­tiga­tive jour­nal­ist and secu­ri­ty expert, said it’s not crys­tal clear which Russ­ian spy ser­vice is behind each hack­er group, but like many oth­er cyber­se­cu­ri­ty inves­ti­ga­tors, he agreed that Russ­ian intel­li­gence car­ried out the attack.

    So, John­ston said, “I start think­ing back to all of these pre­vi­ous hacks by Rus­sia and oth­er adver­saries like Chi­na. I think back to the Joint Chiefs hack. What did they do with this data? Noth­ing. They took the infor­ma­tion for espi­onage pur­pos­es. They didn’t leak it to Wik­iLeaks.”

    So, John­ston recalled, that’s what he told the DNC in May 2016: Such thefts have become the norm, and the hack­ers did not plan on doing any­thing with what they had pur­loined.

    John­ston kicks him­self about that now. “I take respon­si­bil­i­ty for that piece,” he said.

    The DNC and Crowd­Strike, now work­ing with the FBI, tried to remove all remain­ing mal­ware and con­tain the prob­lem. And they decid­ed on a pub­lic rela­tions strat­e­gy. How could the DNC con­trol the mes­sage? “Noth­ing of that mag­ni­tude stays qui­et in the realm of pol­i­tics,” John­ston said. “We need­ed to get in front of it.” So, John­ston said, in a sto­ry con­firmed by DNC offi­cials, Crowd­Strike and the DNC decid­ed to give the sto­ry to the Wash­ing­ton Post, which on June 14, 2016, pub­lished the sto­ry: “Russ­ian gov­ern­ment hack­ers pen­e­trat­ed DNC, stole oppo­si­tion research on Trump.” “I thought it was a smart move,” John­ston said.

    But it may have back­fired.

    One day after the Post arti­cle, a Twit­ter user going by the name Guc­cifer 2.0 claimed respon­si­bil­i­ty for the hack and post­ed to the inter­net mate­ri­als pur­port­ed­ly stolen from the DNC’s serv­er.

    John­ston thinks the Wash­ing­ton Post sto­ry changed the tac­tics of the cyber­at­tack­ers. “We accel­er­at­ed their time­line. I believe now that they were intend­ing to release the infor­ma­tion in late Octo­ber or a week before the elec­tion,” he said. But then they real­ized that “we dis­cov­ered who they were. I don’t think the Russ­ian intel­li­gence ser­vices were expect­ing it, expect­ing a state­ment and an arti­cle that point­ed the fin­ger at them.”

    A month lat­er, in late July 2016, Wik­iLeaks began to release thou­sands of emails hacked from the DNC serv­er. Those leaks, intel­li­gence offi­cials would say, were care­ful­ly engi­neered and timed.

    ...

    John­ston has man­aged to main­tain a low pro­file for the last year and half, even as Wash­ing­ton has obsessed over Trump and Rus­sia. He hasn’t been in hid­ing, he said. Over a steak and Scotch at a DC restau­rant, he said he just hadn’t talked about it for a sim­ple rea­son: No one asked him to.

    ———-

    “He Solved The DNC Hack. Now He’s Telling His Sto­ry For The First Time.” by Jason Leopold; Buz­zFeed News; 11/08/2017

    “A polit­i­cal out­sider who got the job essen­tial­ly at ran­dom — the DNC lit­er­al­ly called up CrowdStrike’s sales desk — John­ston was the lead inves­ti­ga­tor who deter­mined the nature and scope of the hack, one he described less as a stealth bur­glary than as a brazen ran­sack­ing. Despite his cen­tral role, John­ston has nev­er talked with inves­ti­ga­tors prob­ing Russ­ian inter­fer­ence, let alone with the media. But to peo­ple deal­ing with the cri­sis, “He was indis­pens­able,” as a source close to the DNC put it.”

    Less a stealth bur­glary and more a brazen ran­sack­ing. That was how John­ston described the DNC serv­er hacks, which is con­sis­tent with how it’s been described before. Recall the char­ac­ter­i­za­tion of the DNC hack­ers as behav­ing as if “Rus­sia want­ed to get caught”. But now we learn that the ini­tial March 2015 hacks that hit tens of thou­sands of oth­er tar­gets around the world also had the ‘Rus­sia want­ed to get caught’ atyp­i­cal char­ac­ter­is­tics:

    ...
    In the spring of 2015, John­ston was a cap­tain in the Marine Corps lead­ing new­ly formed Cyber Pro­tec­tion Team 81, based near the NSA in Fort Meade, Mary­land, as part of the military’s Cyber Com­mand, or Cyber­com.

    On a Sat­ur­day around 2 a.m., John­ston received a call on his cell phone from his com­mand­ing offi­cer. “The major said, ‘How fast can your guys be back in DC?’” John­son recalled. “‘Tell them to meet at the Pen­ta­gon and you’ll find out more there.’”

    A mal­ware attack against the Pen­ta­gon had reached the unclas­si­fied com­put­ers of the Joint Chiefs of Staff, the military’s top brass who advise the pres­i­dent. The mal­ware had spread fast — in just five hours, it had com­pro­mised all five of the chairs’ lap­tops and all three of the vice chairs’ lap­tops and desk­top com­put­ers.

    Soon, John­ston and the oth­ers iden­ti­fied the mal­ware. It was asso­ci­at­ed with APT 29, for “advanced per­sis­tent threat,” a hack­er group wide­ly believed to be linked to the FSB, Russia’s fed­er­al secu­ri­ty ser­vice.

    John­ston said the phish­ing cam­paign against the Joint Chiefs stood out. Usu­al­ly, he said of Russ­ian hack­ers, “their oper­a­tions are very sur­gi­cal. They might send five phish­ing emails, but they’re very well-craft­ed and very, very tar­get­ed.” But this time it was a broad­side. “The tar­get list was, like, 50 to 60,000 peo­ple around the world. They hit them all at once.” It’s rare, he said, for “an intel ser­vice to be so noisy.”

    By “noisy,” he means that the attack­ers were draw­ing a huge amount of atten­tion, send­ing out 50,000 phish­ing emails, as if they didn’t care that any­one knew what they were doing.
    ...

    “By “noisy,” he means that the attack­ers were draw­ing a huge amount of atten­tion, send­ing out 50,000 phish­ing emails, as if they didn’t care that any­one knew what they were doing.”

    It’s the lat­est indi­ca­tion that if the Russ­ian gov­ern­ment real­ly was behind these hacks it want­ed this whole thing to blow up in a mega-scan­dal which puts a hilar­i­ous twist on the appar­ent Russ­ian gov­ern­ment courtship of the Trump cam­paign. Team Trump thought they were part­ners in crime and were instead a bunch of wannabe crim­i­nal dupes get­ting set up for a mas­sive embar­rass­ment. That’s sure how it looks if these real­ly were Russ­ian gov­ern­ment hack­ers.

    And as John­ston also notes, it was the NSA who informed the FBI of the DNC APT29 hacks in the first place:

    ...
    He left the Marine Corps as a cap­tain, and in Novem­ber 2015, he signed up to work for Crowd­Strike, a well-known cyber­pro­tec­tion com­pa­ny whose pres­i­dent, Shawn Hen­ry, is a for­mer head of the FBI’s Cyber Divi­sion. Crowd­Strike declined to com­ment about John­ston’s work.

    John­ston didn’t know it, but in Sep­tem­ber 2015 as he was get­ting ready to leave the Marines, the NSA informed the FBI that DNC com­put­ers had like­ly been hacked, three sources said. An FBI agent then called the DNC’s IT office and said that the organization’s servers had been com­pro­mised.

    That part of the sto­ry has been told — how lit­tle was done for sev­en months. The FBI peri­od­i­cal­ly tried to get in touch with the orga­ni­za­tion, but the DNC did not believe the threat was real.
    ...

    So that helps clar­i­fy the mys­tery of how the FBI deter­mined the DNC was hacked in the first place, but just adds to the mys­tery of how that hack was allowed to con­tin­ue for so long after the FBI and NSA learned this.

    And with these rev­e­la­tions of the “I’m a Russ­ian hack­er! Watch me world!” nature of the ATP29/Cozy Bear hack­ing cam­paign of May 2015, here’s anoth­er recent arti­cle that gives some more details on the March 2016 APT28/Fancy Bear hack and how secu­ri­ty ana­lysts attrib­uted it to the Russ­ian gov­ern­ment. Much of this is infor­ma­tion that’s been told before. But it also makes one thing clear about the con­spic­u­ous nature of these hacks: that con­spic­u­ous OpSec ‘oop­sie’ where the hack­ers left the pri­va­cy set­ting on their Bit.ly accounts — recall Bit.ly was used in the phish­ing emails — set to “pub­lic” so any­one in the world could see who was get­ting tar­get­ing in their wave of phish­ing attacks was crit­i­cal for estab­lish­ing that these hack­ers were pri­mar­i­ly inter­est­ed in Democ­rats. It was the kind of ‘whoops!’ move that sent the mes­sage to the world “I’m a Russ­ian hack­er and I’m specif­i­cal­ly inter­est­ed in Democ­rats!”, which, again, it rather con­spic­u­ous:

    Asso­ci­at­ed Press

    Inside sto­ry: How Rus­sians hacked the Democ­rats’ emails

    By RAPHAEL SATTER, JEFF DONN and CHAD DAY
    Nov. 04, 2017

    WASHINGTON (AP) — It was just before noon in Moscow on March 10, 2016, when the first vol­ley of mali­cious mes­sages hit the Hillary Clin­ton cam­paign.

    The first 29 phish­ing emails were almost all mis­fires. Addressed to peo­ple who worked for Clin­ton dur­ing her first pres­i­den­tial run, the mes­sages bounced back untouched.

    Except one.

    With­in nine days, some of the campaign’s most con­se­quen­tial secrets would be in the hack­ers’ hands, part of a mas­sive oper­a­tion aimed at vac­u­um­ing up mil­lions of mes­sages from thou­sands of inbox­es across the world.

    An Asso­ci­at­ed Press inves­ti­ga­tion into the dig­i­tal break-ins that dis­rupt­ed the U.S. pres­i­den­tial con­test has sketched out an anato­my of the hack that led to months of dam­ag­ing dis­clo­sures about the Demo­c­ra­t­ic Party’s nom­i­nee. It wasn’t just a few aides that the hack­ers went after; it was an all-out blitz across the Demo­c­ra­t­ic Par­ty. They tried to com­pro­mise Clinton’s inner cir­cle and more than 130 par­ty employ­ees, sup­port­ers and con­trac­tors.

    While U.S. intel­li­gence agen­cies have con­clud­ed that Rus­sia was behind the email thefts, the AP drew on foren­sic data to report Thurs­day that the hack­ers known as Fan­cy Bear were close­ly aligned with the inter­ests of the Russ­ian gov­ern­ment.

    The AP’s recon­struc­tion— based on a data­base of 19,000 mali­cious links recent­ly shared by cyber­se­cu­ri­ty firm Secure­works — shows how the hack­ers worked their way around the Clin­ton campaign’s top-of-the-line dig­i­tal secu­ri­ty to steal chair­man John Podesta’s emails in March 2016.

    It also helps explain how a Russ­ian-linked inter­me­di­ary could boast to a Trump pol­i­cy advis­er, a month lat­er, that the Krem­lin had “thou­sands of emails” worth of dirt on Clin­ton.

    ____

    PHISHING FOR VICTIMS

    The rogue mes­sages that first flew across the inter­net March 10 were dressed up to look like they came from Google, the com­pa­ny that pro­vid­ed the Clin­ton campaign’s email infra­struc­ture. The mes­sages urged users to boost their secu­ri­ty or change their pass­words while in fact steer­ing them toward decoy web­sites designed to col­lect their cre­den­tials.

    One of the first peo­ple tar­get­ed was Rahul Sreeni­vasan, who had worked as a Clin­ton orga­niz­er in Texas in 2008 — his first paid job in pol­i­tics. Sreeni­vasan, now a leg­isla­tive staffer in Austin, was dumb­found­ed when told by the AP that hack­ers had tried to break into his 2008 email — an address he said had been dead for near­ly a decade.

    “They prob­a­bly crawled the inter­net for this stuff,” he said.

    Almost every­one else tar­get­ed in the ini­tial wave was, like Sreeni­vasan, a 2008 staffer whose defunct email address had some­how lin­gered online.

    But one email made its way to the account of anoth­er staffer who’d worked for Clin­ton in 2008 and joined again in 2016, the AP found. It’s pos­si­ble the hack­ers broke in and stole her con­tacts; the data shows the phish­ing links sent to her were clicked sev­er­al times.

    Secure­works’ data reveals when phish­ing links were cre­at­ed and indi­cates whether they were clicked. But it doesn’t show whether peo­ple entered their pass­words.

    With­in hours of a sec­ond vol­ley emailed March 11, the hack­ers hit pay dirt. All of a sud­den, they were send­ing links aimed at senior Clin­ton offi­cials’ non­pub­lic 2016 address­es, includ­ing those belong­ing to long­time Clin­ton aide Robert Rus­so and cam­paign chair­man John Podes­ta.

    The Clin­ton cam­paign was no easy tar­get; sev­er­al for­mer employ­ees said the orga­ni­za­tion put par­tic­u­lar stress on dig­i­tal safe­ty.

    Work emails were pro­tect­ed by two-fac­tor authen­ti­ca­tion, a tech­nique that uses a sec­ond pass­code to keep accounts secure. Most mes­sages were delet­ed after 30 days and staff went through phish­ing drills. Secu­ri­ty aware­ness even fol­lowed the cam­paign­ers into the bath­room, where some­one put a pic­ture of a tooth­brush under the words: “You shouldn’t share your pass­words either.”

    Two-fac­tor authen­ti­ca­tion may have slowed the hack­ers, but it didn’t stop them. After repeat­ed attempts to break into var­i­ous staffers’ hillaryclinton.com accounts, the hack­ers turned to the per­son­al Gmail address­es. It was there on March 19 that they tar­get­ed top Clin­ton lieu­tenants — includ­ing cam­paign man­ag­er Rob­by Mook, senior advis­er Jake Sul­li­van and polit­i­cal fix­er Philippe Reines.

    A mali­cious link was gen­er­at­ed for Podes­ta at 11:28 a.m. Moscow time, the AP found. Doc­u­ments sub­se­quent­ly pub­lished by Wik­iLeaks show that the rogue email arrived in his inbox six min­utes lat­er. The link was clicked twice.

    Podesta’s mes­sages — at least 50,000 of them — were in the hack­ers’ hands.

    ___

    A SERIOUS BREACH

    Though the heart of the cam­paign was now com­pro­mised, the hack­ing efforts con­tin­ued. Three new vol­leys of mali­cious mes­sages were gen­er­at­ed on the 22nd, 23rd and 25th of March, tar­get­ing com­mu­ni­ca­tions direc­tor Jen­nifer Palmieri and Clin­ton con­fi­dante Huma Abe­din, among oth­ers.

    The tor­rent of phish­ing emails caught the atten­tion of the FBI, which had spent the pre­vi­ous six months urg­ing the Demo­c­ra­t­ic Nation­al Com­mit­tee in Wash­ing­ton to raise its shield against sus­pect­ed Russ­ian hack­ing. In late March, FBI agents paid a vis­it to Clinton’s Brook­lyn head­quar­ters, where they were received war­i­ly, giv­en the agency’s inves­ti­ga­tion into the candidate’s use of a pri­vate email serv­er while sec­re­tary of state.

    The phish­ing mes­sages also caught the atten­tion of Secure­works, a sub­sidiary of Dell Tech­nolo­gies, which had been fol­low­ing Fan­cy Bear, whom Secure­works code­named Iron Twi­light.

    Fan­cy Bear had made a crit­i­cal mis­take.

    It fum­bled a set­ting in the Bit­ly link-short­en­ing ser­vice that it was using to sneak its emails past Google’s spam fil­ter. The blun­der exposed whom they were tar­get­ing.

    It was late March when Secure­works dis­cov­ered the hack­ers were going after Democ­rats.

    “As soon as we start­ed see­ing some of those hillaryclinton.com email address­es com­ing through, the DNC email address­es, we real­ized it’s going to be an inter­est­ing twist to this,” said Rafe Pilling, a senior secu­ri­ty researcher with Secure­works.

    By ear­ly April Fan­cy Bear was get­ting increas­ing­ly aggres­sive, the AP found. More than 60 bogus emails were pre­pared for Clin­ton cam­paign and DNC staffers on April 6 alone, and the hack­ers began hunt­ing for Democ­rats beyond New York and Wash­ing­ton, tar­get­ing the dig­i­tal com­mu­ni­ca­tions direc­tor for Penn­syl­va­nia Gov. Tom Wolf and a deputy direc­tor in the office of Chica­go May­or Rahm Emanuel.

    The group’s hack­ers seemed par­tic­u­lar­ly inter­est­ed in Demo­c­ra­t­ic offi­cials work­ing on vot­er reg­is­tra­tion issues: Pratt Wiley, the DNC’s then-direc­tor of vot­er pro­tec­tion, had been tar­get­ed as far back as Octo­ber 2015 and the hack­ers tried to pry open his inbox as many as 15 times over six months.

    Employ­ees at sev­er­al orga­ni­za­tions con­nect­ed to the Democ­rats were tar­get­ed, includ­ing the Clin­ton Foun­da­tion, the Cen­ter for Amer­i­can Progress, tech­nol­o­gy provider NGP VAN, cam­paign strat­e­gy firm 270 Strate­gies, and par­ti­san news out­let Share­blue Media.

    As the hack­ing inten­si­fied, oth­er ele­ments swung into place. On April 12, 2016, some­one paid $37 worth of bit­coin to the Roman­ian web host­ing com­pa­ny THCServers.com, to reserve a web­site called Electionleaks.com, accord­ing to trans­ac­tion records obtained by AP. A botched reg­is­tra­tion meant the site nev­er got off the ground, but the records show THC received a near­ly iden­ti­cal pay­ment a week lat­er to cre­ate DCLeaks.com.

    ...

    ———-

    “Inside sto­ry: How Rus­sians hacked the Democ­rats’ emails” by RAPHAEL SATTER, JEFF DONN and CHAD DAY; Asso­ci­at­ed Press; 11/04/2017

    “An Asso­ci­at­ed Press inves­ti­ga­tion into the dig­i­tal break-ins that dis­rupt­ed the U.S. pres­i­den­tial con­test has sketched out an anato­my of the hack that led to months of dam­ag­ing dis­clo­sures about the Demo­c­ra­t­ic Party’s nom­i­nee. It wasn’t just a few aides that the hack­ers went after; it was an all-out blitz across the Demo­c­ra­t­ic Par­ty. They tried to com­pro­mise Clinton’s inner cir­cle and more than 130 par­ty employ­ees, sup­port­ers and con­trac­tors.”

    And note how this March 2016 APT28 phish­ing blitz against the was appar­ent­ly so out in the open that it caught the atten­tion of the FBI:

    ...
    The tor­rent of phish­ing emails caught the atten­tion of the FBI, which had spent the pre­vi­ous six months urg­ing the Demo­c­ra­t­ic Nation­al Com­mit­tee in Wash­ing­ton to raise its shield against sus­pect­ed Russ­ian hack­ing. In late March, FBI agents paid a vis­it to Clinton’s Brook­lyn head­quar­ters, where they were received war­i­ly, giv­en the agency’s inves­ti­ga­tion into the candidate’s use of a pri­vate email serv­er while sec­re­tary of state.
    ...

    But it was­n’t just the FBI watch­ing this. Secure­works, a cyber­se­cu­ri­ty sub­sidiary of Dell, was also track­ing ATP28’s hack­ing cam­paign. And it was able to see that it was heav­i­ly Democ­rats, instead of rough­ly equal attacks on Democ­rats and Repub­li­cans, who were being tar­get­ed because APT28 made the incred­i­ble OpSec error of leav­ing its Bit.ly account open to the pub­lic:

    ...
    The phish­ing mes­sages also caught the atten­tion of Secure­works, a sub­sidiary of Dell Tech­nolo­gies, which had been fol­low­ing Fan­cy Bear, whom Secure­works code­named Iron Twi­light.

    Fan­cy Bear had made a crit­i­cal mis­take.

    It fum­bled a set­ting in the Bit­ly link-short­en­ing ser­vice that it was using to sneak its emails past Google’s spam fil­ter. The blun­der exposed whom they were tar­get­ing.

    It was late March when Secure­works dis­cov­ered the hack­ers were going after Democ­rats.

    “As soon as we start­ed see­ing some of those hillaryclinton.com email address­es com­ing through, the DNC email address­es, we real­ized it’s going to be an inter­est­ing twist to this,” said Rafe Pilling, a senior secu­ri­ty researcher with Secure­works.

    By ear­ly April Fan­cy Bear was get­ting increas­ing­ly aggres­sive, the AP found. More than 60 bogus emails were pre­pared for Clin­ton cam­paign and DNC staffers on April 6 alone, and the hack­ers began hunt­ing for Democ­rats beyond New York and Wash­ing­ton, tar­get­ing the dig­i­tal com­mu­ni­ca­tions direc­tor for Penn­syl­va­nia Gov. Tom Wolf and a deputy direc­tor in the office of Chica­go May­or Rahm Emanuel.

    The group’s hack­ers seemed par­tic­u­lar­ly inter­est­ed in Demo­c­ra­t­ic offi­cials work­ing on vot­er reg­is­tra­tion issues: Pratt Wiley, the DNC’s then-direc­tor of vot­er pro­tec­tion, had been tar­get­ed as far back as Octo­ber 2015 and the hack­ers tried to pry open his inbox as many as 15 times over six months.
    ...

    The group’s hack­ers seemed par­tic­u­lar­ly inter­est­ed in Demo­c­ra­t­ic offi­cials work­ing on vot­er reg­is­tra­tion issues: Pratt Wiley, the DNC’s then-direc­tor of vot­er pro­tec­tion, had been tar­get­ed as far back as Octo­ber 2015 and the hack­ers tried to pry open his inbox as many as 15 times over six months.”

    And that, of course, is just one of the many “I’m a Russ­ian hack­er!” dig­i­tal clues left behind in this hack­ing cam­paign. But it’s also a “I’m a Russ­ian hack­er and I’m par­tic­u­lal­ry inter­est­ed in Democ­rats instead of Repub­li­cans” con­spic­u­ous­ly left dig­i­tal clue.

    But also note that Secure­works stum­bled across this appar­ent OpSec mis­take in March of 2016, the same month the mys­te­ri­ous Mal­tese pro­fes­sor and appar­ent Russ­ian gov­ern­ment proxy, Joseph Mif­sud, began his out­reach cam­paign to the Trump cam­paign. So if that dig­i­tal clue was left inten­tion­al­ly and it was left by a real Russ­ian gov­ern­ment hack­er, it’s the lat­est indi­ca­tion that these hack­ers were try­ing to make it very clear to the world that they were favor­ing the GOP over the Democ­rats, which is a remark­able clue to leave giv­en the cir­cum­stances.

    That said, let’s not for­get that Guc­cifer 2.0 did actu­al­ly release a small num­ber of Repub­li­can emails. And they all appeared to be emails run by the noto­ri­ous­ly shady GOP tech­nol­o­gy firm Smartech:

    The Smok­ing Gun

    RNC E‑Mail Was, In Fact, Hacked By Rus­sians
    Despite par­ty denials, evi­dence shows breach

    By william Bas­tone
    Decem­ber 13, 2016

    DECEMBER 13–Despite vehe­ment denials from Repub­li­can Par­ty offi­cials, there is evi­dence that the GOP’s e‑mail sys­tem was breached by the same Russ­ian hack­ers respon­si­ble for ran­sack­ing the Demo­c­ra­t­ic Nation­al Committee’s com­put­ers and the Gmail account of Hillary Clinton’s cam­paign chair­man, The Smok­ing Gun has learned.

    In inter­views this week­end, Repub­li­can Nation­al Com­mit­tee chair­man Reince Priebus and par­ty spokesper­son Sean Spicer dis­put­ed reports in The Wash­ing­ton Post and The New York Times that U.S. intel­li­gence offi­cials have con­clud­ed that the Russ­ian cyber attacks were intend­ed to help elect Don­ald Trump pres­i­dent.

    Cit­ing “senior admin­is­tra­tion offi­cials,” the Times report­ed that offi­cials believe Russ­ian agents hacked the RNC’s com­put­er sys­tems, but “did not release what­ev­er infor­ma­tion they gleaned from the Repub­li­can net­works.” The Post report­ed that “U.S. offi­cials” said that the RNC’s “com­put­er sys­tems were also probed and pos­si­bly pen­e­trat­ed by hack­ers tied to Russ­ian intel­li­gence ser­vices, but that it remains unclear how much material–if any–was tak­en from the RNC.” The news­pa­per added that, “The lack of a cor­re­spond­ing Repub­li­can trove has con­tributed to the CIA assessment...‘that Rus­sia was seek­ing to elect Trump and not mere­ly to dis­rupt last month’s pres­i­den­tial elec­tion.”

    ...

    U.S. intel­li­gence offi­cials have iden­ti­fied DC Leaks and “Guc­cifer 2.0” as dis­tri­b­u­tion meth­ods set up by the Russ­ian hack­ers. Both chan­nels have been dor­mant for near­ly two months.

    DC Leaks has post­ed e‑mails stolen from a hand­ful of Clin­ton cam­paign staffers, sev­er­al retired mil­i­tary offi­cials, for­mer Sec­re­tary of State Col­in Pow­ell, and financier George Soros’s Open Soci­ety Foun­da­tion. And, as TSG first report­ed on August 12, the site’s “Port­fo­lio” also includes a col­lec­tion titled “The Unit­ed States Repub­li­can Par­ty.”

    While the near­ly 300 Repub­li­can-relat­ed e‑mails post­ed on DC Leaks are uni­form­ly innocu­ous, the col­lec­tion is note­wor­thy for the scope of vic­tims it reveals. The mate­r­i­al includes cor­re­spon­dence lift­ed from the cam­paign com­mit­tees of var­i­ous elect­ed offi­cials, includ­ing Sen­a­tor John McCain, Sen­a­tor Lind­sey Gra­ham, and Rep­re­sen­ta­tive Robert Hurt. Sev­er­al state GOP orga­ni­za­tions, Repub­li­can PACs, and cam­paign con­sul­tants also had their e‑mail accounts com­pro­mised.

    The GOP hack­ing sam­pler on DC Leaks includes cor­re­spon­dence scat­tered across a four-month peri­od end­ing in late-Octo­ber 2015. One of those stolen e‑mails indi­cates that the Russ­ian hack­ers had access to the RNC’s e‑mail serv­er.

    An Octo­ber 13 e‑mail sent to info@gop.com is among the cor­re­spon­dence post­ed to DC Leaks. The e‑mail, sent by a Repub­li­can vot­er, was addressed to Priebus and addressed “gun con­trol rhetoric” from Demo­c­ra­t­ic can­di­dates and their oper­a­tives.

    So how did an e‑mail sent to the RNC’s pub­lic-fac­ing address end up in the hands of hack­ers? For that answer, all roads lead to Ten­nessee.

    As TSG pre­vi­ous­ly report­ed, the Repub­li­can elect­ed offi­cials and orga­ni­za­tions whose e‑mails appear on DC Leaks have all used Smartech, a Chat­tanooga-based firm, to host their web sites and e‑mail oper­a­tions. The com­pa­ny and its par­ent, Air­net Group, have done work for a Who’s Who of Repub­li­can fig­ures, includ­ing George W. Bush, Karl Rove, John Bolton, Mitt Rom­ney, Newt Gin­grich, and the Koch broth­ers.

    While Smartech offi­cials did not return TSG phone calls and e‑mails seek­ing com­ment on whether their sys­tems had been com­pro­mised, a Repub­li­can client of the com­pa­ny told TSG that the firm pri­vate­ly acknowl­edged such a breach.

    Tom Del Bec­ca­ro, ex-chair­man of the Cal­i­for­nia Repub­li­can Par­ty, told TSG that Smartech admit­ted being hacked. The firm’s dis­clo­sure came sev­er­al months ago, not long after DC Leaks pub­lished its port­fo­lio of stolen GOP e‑mails. Del Bec­ca­ro, who unsuc­cess­ful­ly ran this year for the Sen­ate seat being vacat­ed by Bar­bara Box­er, con­tract­ed with the firm to host his campaign’s web site and e‑mail serv­er.

    Since the 2008 fed­er­al elec­tion cycle, Smartech has been paid more than $11 mil­lion by the Repub­li­can Nation­al Com­mit­tee for a wide vari­ety of tech ser­vices, includ­ing web host­ing and call cen­ters. Dur­ing the final four months of the 2016 cam­paign, the RNC paid Smartech near­ly $400,000 for “data ser­vices,” Fed­er­al Elec­tion Com­mis­sion records show. In a front-page tes­ti­mo­ni­al on the Air­net web site, the GOP enthus­es that the com­pa­ny has been “an all-encom­pass­ing intel­li­gent tech­nol­o­gy provider and knowl­edge resource for the RNC.”

    The Repub­li­can Party’s main web site, gop.com, was host­ed for many years by Smartech, which was sup­plant­ed by Ama­zon in ear­ly-2014. With­in the past two months, the GOP web site has con­tract­ed with Fast­ly, a con­tent deliv­ery net­work whose clients include Buz­zFeed, Vimeo, and Kayak. Ama­zon, whose CEO Jeff Bezos owns The Wash­ing­ton Post and has a net worth dwarf­ing Trump’s, has been the fre­quent tar­get of scorn from Trump. Bezos, Trump con­tends, is a tax-avoid­ing monop­o­list with a “huge antitrust prob­lem.”

    But while Smartech has not host­ed the gop.com web site for more than two years, the com­pa­ny has con­tin­u­ous­ly pro­vid­ed the RNC with its e‑mail ser­vice, records show.

    ...

    When inter­viewed Sun­day by ABC’s George Stephanopolous, Priebus said that the RNC con­tact­ed the FBI after the DNC hack was dis­closed in mid-June. Fed­er­al agents, Priebus said, sub­se­quent­ly “reviewed all of our sys­tems” and con­clud­ed that “the RNC was not hacked.” Asser­tions to the con­trary, Priebus stat­ed, are “absolute­ly not true.”

    Per­haps the next time Priebus appears on the Sun­day TV cir­cuit some­one will ask him about the breach of “barracuda1” in Chat­tanooga, 600 miles south­west of the RNC’s Capi­tol Hill head­quar­ters. And the fact that only a sin­gle stray RNC e‑mail has been uploaded by the Russ­ian hack­ers respon­si­ble for the theft and sub­se­quent dis­tri­b­u­tion of 95,000 e‑mails swiped from the DNC and Podes­ta. (1 page)

    ———-

    “RNC E‑Mail Was, In Fact, Hacked By Rus­sians” by william Bas­tone; The Smok­ing Gun; 12/13/2016

    “While the near­ly 300 Repub­li­can-relat­ed e‑mails post­ed on DC Leaks are uni­form­ly innocu­ous, the col­lec­tion is note­wor­thy for the scope of vic­tims it reveals. The mate­r­i­al includes cor­re­spon­dence lift­ed from the cam­paign com­mit­tees of var­i­ous elect­ed offi­cials, includ­ing Sen­a­tor John McCain, Sen­a­tor Lind­sey Gra­ham, and Rep­re­sen­ta­tive Robert Hurt. Sev­er­al state GOP orga­ni­za­tions, Repub­li­can PACs, and cam­paign con­sul­tants also had their e‑mail accounts com­pro­mised.”

    300 uni­form­ly innocu­ous Repub­li­can emails. That was the extent of Guc­cifer­’s leak of GOP emails. And they all appear to be emails that were sent from or to email address host­ed by Smartech:

    ...
    The GOP hack­ing sam­pler on DC Leaks includes cor­re­spon­dence scat­tered across a four-month peri­od end­ing in late-Octo­ber 2015. One of those stolen e‑mails indi­cates that the Russ­ian hack­ers had access to the RNC’s e‑mail serv­er.

    An Octo­ber 13 e‑mail sent to info@gop.com is among the cor­re­spon­dence post­ed to DC Leaks. The e‑mail, sent by a Repub­li­can vot­er, was addressed to Priebus and addressed “gun con­trol rhetoric” from Demo­c­ra­t­ic can­di­dates and their oper­a­tives.

    So how did an e‑mail sent to the RNC’s pub­lic-fac­ing address end up in the hands of hack­ers? For that answer, all roads lead to Ten­nessee.

    As TSG pre­vi­ous­ly report­ed, the Repub­li­can elect­ed offi­cials and orga­ni­za­tions whose e‑mails appear on DC Leaks have all used Smartech, a Chat­tanooga-based firm, to host their web sites and e‑mail oper­a­tions. The com­pa­ny and its par­ent, Air­net Group, have done work for a Who’s Who of Repub­li­can fig­ures, includ­ing George W. Bush, Karl Rove, John Bolton, Mitt Rom­ney, Newt Gin­grich, and the Koch broth­ers.

    While Smartech offi­cials did not return TSG phone calls and e‑mails seek­ing com­ment on whether their sys­tems had been com­pro­mised, a Repub­li­can client of the com­pa­ny told TSG that the firm pri­vate­ly acknowl­edged such a breach.
    ...

    Was the release of a few hun­dred GOP emails an attempt by the hack­ers to seem ‘fair & bal­anced’? If so, it was­n’t much of an attempt. If any­thing, it was a con­spic­u­ous­ly half-assed attempt.

    And note the time frame of the GOP’s emails: four months end­ing in mid Octo­ber 2015. It’s a rather odd time­frame if you think about. July-Octo­ber 2015? The APT29 wave of phish­ing attacks was in May 2015. Was Smartech alleged­ly hacked in that wave or was this a dif­fer­ent hack. Per­haps some­one should ask them about that.

    But also note Smartech’s noto­ri­ous his­to­ry: That’s the firm long accused of flip­ping the results Ohio result in the 2004 Pres­i­den­tial elec­tion! Yep, it turned out Ohio Sec­re­tary of State’s office had its web­site host­ed by Smartech. All the vot­ing results were run through that site and, lo and behold, Ohio expe­ri­enced an inex­plic­a­ble shift from John Ker­ry to George W. Bush. So the 300 innocu­ous GOP emails were appar­ent­ly hacked from the GOP’s tech firm that’s a prime sus­pect for hack­ing the 2004 elec­tion. Although it was­n’t the only GOP-con­nect­ed firm involved in that inves­ti­ga­tion. Anoth­er firm, Gov­Tech, was run by Karl Rove’s IT guru Mike Con­nell. And it was Con­nell who died in the mys­te­ri­ous small plane crash that hap­pened right before he was to tes­ti­fy after Con­nell said he feared for his life. THAT’s the kind of inves­ti­ga­tion that took place involv­ing Smartech and the hack­ing of the 2004 elec­tion. It’s pret­ty notable in the cur­rent con­text:

    Ben­zin­ga

    For­get Anony­mous: Evi­dence Sug­gests GOP Hacked, Stole 2004 Elec­tion

    John Thor­pe , Ben­zin­ga Staff Writer
    July 21, 2011 1:07pm

    Three gen­er­a­tions from now, when our great-grand­chil­dren are sit­ting bare­foot in their shanties and won­der­ing how in the hell Amer­i­ca turned from the high-point of civ­i­liza­tion to a third-world banana repub­lic, they will shake their fists and mut­ter one name: George Effin’ Bush.

    Iron­i­cal­ly, it won’t be for any of the things that lib­er­als have been harp­ing on the Bush Admin­is­tra­tion, either dur­ing or after his term in office. Sure, mis­guid­ed tax cuts that destroyed the sur­plus, and lax reg­u­la­tions that doomed the econ­o­my, and two amaz­ing­ly awful wars in deserts half a world away are all ter­ri­ble, empire-sap­ping events. But they pale in com­par­i­son to what it appears the Repub­li­can Par­ty did to get Pres­i­dent Bush re-elect­ed in 2004.

    “A new fil­ing in the King Lin­coln Bronzeville v. Black­well case includes a copy of the Ohio Sec­re­tary of State elec­tion pro­duc­tion sys­tem con­fig­u­ra­tion that was in use in Ohio’s 2004 pres­i­den­tial elec­tion when there was a sud­den and unex­pect­ed shift in votes for George W. Bush,” accord­ing to Bob Fitrakis, colum­nist at http://www.freepress.org and co-coun­sel in the lit­i­ga­tion and inves­ti­ga­tion.

    If you recall, Ohio was the bat­tle­ground state that pro­vid­ed George Bush with the elec­toral votes need­ed to win re-elec­tion. Had Sen­a­tor John Ker­ry won Ohio’s elec­toral votes, he would have been elect­ed instead.

    Evi­dence from the fil­ing sug­gests that Repub­li­can oper­a­tives — includ­ing the pri­vate com­put­er firms hired to man­age the elec­tron­ic vot­ing data — were com­pro­mised.

    Fitrakis isn’t the only attor­ney involved in pur­su­ing the truth in this mat­ter. Cliff Arnebeck, the lead attor­ney in the King Lin­coln case, exchanged emails with IT secu­ri­ty expert Stephen Spoon­amore. He asked Spoon­amore whether or not SmarTech had the capa­bil­i­ty to “input data” and thus alter the results of Ohio’s 2004 elec­tion. His response sent a chill up my spine.

    “Yes. They would have had data input capac­i­ties. The sys­tem might have been set up to log which source gen­er­at­ed the data but prob­a­bly did not,” Spoon­amore said. In case that seems a bit too tech­ni­cal and “big deal” for you, con­sid­er what he was say­ing. SmarTech, a pri­vate com­pa­ny, had the abil­i­ty in the 2004 elec­tion to add or sub­tract votes with­out any­one know­ing they did so.

    The fil­ing today shows how, detail­ing the com­put­er net­work sys­tem’s design struc­ture, includ­ing a map of how the data moved from one unit to the next. Right smack in the mid­dle of that struc­ture? Inex­plic­a­bly, it was SmarTech.

    Spoon­amore (keep in mind, he is the IT expert here) con­clud­ed from the archi­tec­tur­al maps of the Ohio 2004 elec­tion report­ing sys­tem that, “SmarTech was a man in the mid­dle. In my opin­ion they were not designed as a mir­ror, they were designed specif­i­cal­ly to be a man in the mid­dle.”

    A “man in the mid­dle” is not just an acci­den­tal hap­pen­stance of com­put­ing. It is a delib­er­ate com­put­er hack­ing set­up, one where the hack­er sits, lit­er­al­ly, in the mid­dle of the com­mu­ni­ca­tion stream, inter­cept­ing and (when desired, as in this case) alter­ing the data. It’s how hack­ers swipe your cred­it card num­ber or oth­er bank­ing infor­ma­tion. This is bad.

    A mir­ror site, which SmarTech was alleged­ly sup­posed to be, is sim­ply a back­up site on the chance that the main con­fig­u­ra­tion crash­es. Mir­rors are a good thing.

    Until now, the archi­tec­tur­al maps and con­tracts from the Ohio 2004 elec­tion were nev­er made pub­lic, which may indi­cate that the entire sys­tem was designed for fraud. In a pre­vi­ous sworn affi­davit to the court, Spoon­amore declared: “The SmarTech sys­tem was set up pre­cise­ly as a King Pin com­put­er used in crim­i­nal acts against bank­ing or cred­it card process­es and had the need­ed lev­el of access to both coun­ty tab­u­la­tors and Sec­re­tary of State com­put­ers to allow who­ev­er was run­ning SmarTech com­put­ers to decide the out­put of the coun­ty tab­u­la­tors under its con­trol.”

    Spoon­amore also swore that “...the archi­tec­ture fur­ther con­firms how this elec­tion was stolen. The com­put­er sys­tem and SmarTech had the cor­rect place­ment, con­nec­tiv­i­ty, and com­put­er experts nec­es­sary to change the elec­tion in any man­ner desired by the con­trollers of the SmarTech com­put­ers.”

    SmarTech was part of three com­put­er com­pa­nies brought in to man­age the elec­tions process for Ohio Sec­re­tary of State Ken Black­well, a Repub­li­can. The oth­er two were Tri­ad and Gov­Tech Solu­tions. All three com­pa­nies have exten­sive ties to the Repub­li­can par­ty and Repub­li­can caus­es.

    In fact, Gov­Tech was run by Mike Con­nell, who was a fierce­ly reli­gious con­ser­v­a­tive who got involved in pol­i­tics to push a right-wing social agen­da. He was Karl Rove’s IT go-to guy, and was alleged to be the IT brains behind the series of stolen elec­tions between 2000 and 2004.

    Con­nell was out­ed as the one who stole the 2004 elec­tion by Spoon­amore, who, despite being a con­ser­v­a­tive Repub­li­can him­self, came for­ward to blow the whis­tle on the stolen elec­tion scan­dal. Con­nell gave a depo­si­tion on the mat­ter, but stonewalled. After the depo­si­tion, and fear­ing perjury/obstruction charges for with­hold­ing infor­ma­tion, Con­nell expressed an inter­est in tes­ti­fy­ing fur­ther as to the extent of the scan­dal.

    “He made it known to the lawyers, he made it known to reporter Lar­isa Alexan­drov­na of Raw Sto­ry, that he want­ed to talk. He was scared. He want­ed to talk. And I say that he had pret­ty good rea­son to be scared,” said Mark Crispin Miller, who wrote a book on the scan­dal.

    Con­nell was so scared for his secu­ri­ty that he asked for pro­tec­tion from the attor­ney gen­er­al, then Attor­ney Gen­er­al Michael Mukasey. Con­nell told close friends that he was expect­ing to get thrown under the bus by the Rove team, because Con­nell had evi­dence link­ing the GOP oper­a­tive to the scan­dal and the stolen elec­tion, includ­ing knowl­edge of where Rove’s miss­ing emails dis­ap­peared to.

    Before he could tes­ti­fy, Con­nell died in a plane crash.

    Har­vey Wasser­man, who wrote a book on the stolen 2004 elec­tion, explained that the com­bi­na­tion of com­put­er hack­ing, bal­lot destruc­tion, and the dis­crep­an­cy between exit polling (which showed a big Ker­ry win in Ohio) and the “real” vote tab­u­la­tion, all point to one answer: the Repub­li­cans stole the 2004 elec­tion.

    “The 2004 elec­tion was stolen. There is absolute­ly no doubt about it. A 6.7% shift in exit polls does not hap­pen by chance. And, you know, so final­ly, we have irrefutable con­fir­ma­tion that what we were say­ing was true and that every piece of the puz­zle in the Ohio 2004 elec­tion was flawed,” Wasser­man said.

    Mark Crispin Miller also wrote a book on the sub­ject of stolen elec­tions, and focused on the 2004 Ohio pres­i­den­tial elec­tion. Here is what he had to say about it.

    There were three phas­es of chi­canery. First, there was a pre-elec­tion peri­od, dur­ing which the Sec­re­tary of State in Ohio, Ken Black­well, was also co-chair of the Bush-Cheney cam­paign in Ohio, which is in itself mind-bog­gling, engaged in all sorts of bureau­crat­ic and legal tricks to cut down on the num­ber of peo­ple who could reg­is­ter, to lim­it the usabil­i­ty of pro­vi­sion­al bal­lots. It was real­ly a kind of clas­sic case of using the let­ter of the law or the seem­ing let­ter of the law just to dis­en­fran­chise as many peo­ple as pos­si­ble.

    On Elec­tion Day, there was clear­ly a sys­tem­at­ic under­sup­ply of work­ing vot­ing machines in Demo­c­ra­t­ic areas, pri­mar­i­ly inner city and stu­dent towns, you know, col­lege towns. And the Cony­ers peo­ple found that in some of the most under­sup­plied places, there were scores of per­fect­ly good vot­ing machines held back and kept in ware­hous­es, you know, and there are many sim­i­lar sto­ries to this. And oth­er things hap­pened that day.

    After Elec­tion Day, there is explic­it evi­dence that a com­pa­ny called Tri­ad, which man­u­fac­tures all of the tab­u­la­tors, the vote-count­ing tab­u­la­tors that were used in Ohio in the last elec­tion, was sys­tem­at­i­cal­ly going around from coun­ty to coun­ty in Ohio and sub­vert­ing the recount, which was court ordered and which nev­er did take place. The Repub­li­cans will say to this day, ‘There was a recount in Ohio, and we won that.’ That’s a lie, one of many, many stag­ger­ing lies. There was nev­er a recount.

    And now, it seems, there nev­er will be.

    ...

    ———-

    “For­get Anony­mous: Evi­dence Sug­gests GOP Hacked, Stole 2004 Elec­tion” by John Thor­pe, Ben­zin­ga Staff Writer; Ben­zin­ga; 06/21/2011

    “Fitrakis isn’t the only attor­ney involved in pur­su­ing the truth in this mat­ter. Cliff Arnebeck, the lead attor­ney in the King Lin­coln case, exchanged emails with IT secu­ri­ty expert Stephen Spoon­amore. He asked Spoon­amore whether or not SmarTech had the capa­bil­i­ty to “input data” and thus alter the results of Ohio’s 2004 elec­tion. His response sent a chill up my spine.”

    Yeah, the answer to the ques­tion of whether or not Smartech had the capa­bil­i­ty to alter Ohio’s elec­tion results was indeed rather chill­ing:

    ...
    “Yes. They would have had data input capac­i­ties. The sys­tem might have been set up to log which source gen­er­at­ed the data but prob­a­bly did not,” Spoon­amore said. In case that seems a bit too tech­ni­cal and “big deal” for you, con­sid­er what he was say­ing. SmarTech, a pri­vate com­pa­ny, had the abil­i­ty in the 2004 elec­tion to add or sub­tract votes with­out any­one know­ing they did so.

    The fil­ing today shows how, detail­ing the com­put­er net­work sys­tem’s design struc­ture, includ­ing a map of how the data moved from one unit to the next. Right smack in the mid­dle of that struc­ture? Inex­plic­a­bly, it was SmarTech.

    Spoon­amore (keep in mind, he is the IT expert here) con­clud­ed from the archi­tec­tur­al maps of the Ohio 2004 elec­tion report­ing sys­tem that, “SmarTech was a man in the mid­dle. In my opin­ion they were not designed as a mir­ror, they were designed specif­i­cal­ly to be a man in the mid­dle.”

    A “man in the mid­dle” is not just an acci­den­tal hap­pen­stance of com­put­ing. It is a delib­er­ate com­put­er hack­ing set­up, one where the hack­er sits, lit­er­al­ly, in the mid­dle of the com­mu­ni­ca­tion stream, inter­cept­ing and (when desired, as in this case) alter­ing the data. It’s how hack­ers swipe your cred­it card num­ber or oth­er bank­ing infor­ma­tion. This is bad.
    ...

    Smartech appeared to be the “man in the mid­dle” of a GOP vote-flip­ping oper­a­tion that real­ly could have altered the vote tab­u­la­tion.

    But it was­n’t the only GOP firm that was part of this oper­a­tion:

    ...
    SmarTech was part of three com­put­er com­pa­nies brought in to man­age the elec­tions process for Ohio Sec­re­tary of State Ken Black­well, a Repub­li­can. The oth­er two were Tri­ad and Gov­Tech Solu­tions. All three com­pa­nies have exten­sive ties to the Repub­li­can par­ty and Repub­li­can caus­es.

    In fact, Gov­Tech was run by Mike Con­nell, who was a fierce­ly reli­gious con­ser­v­a­tive who got involved in pol­i­tics to push a right-wing social agen­da. He was Karl Rove’s IT go-to guy, and was alleged to be the IT brains behind the series of stolen elec­tions between 2000 and 2004.

    Con­nell was out­ed as the one who stole the 2004 elec­tion by Spoon­amore, who, despite being a con­ser­v­a­tive Repub­li­can him­self, came for­ward to blow the whis­tle on the stolen elec­tion scan­dal. Con­nell gave a depo­si­tion on the mat­ter, but stonewalled. After the depo­si­tion, and fear­ing perjury/obstruction charges for with­hold­ing infor­ma­tion, Con­nell expressed an inter­est in tes­ti­fy­ing fur­ther as to the extent of the scan­dal.

    “He made it known to the lawyers, he made it known to reporter Lar­isa Alexan­drov­na of Raw Sto­ry, that he want­ed to talk. He was scared. He want­ed to talk. And I say that he had pret­ty good rea­son to be scared,” said Mark Crispin Miller, who wrote a book on the scan­dal.

    Con­nell was so scared for his secu­ri­ty that he asked for pro­tec­tion from the attor­ney gen­er­al, then Attor­ney Gen­er­al Michael Mukasey. Con­nell told close friends that he was expect­ing to get thrown under the bus by the Rove team, because Con­nell had evi­dence link­ing the GOP oper­a­tive to the scan­dal and the stolen elec­tion, includ­ing knowl­edge of where Rove’s miss­ing emails dis­ap­peared to.

    Before he could tes­ti­fy, Con­nell died in a plane crash.
    ...

    THAT’s the back­ground of the Smartech, the ONLY GOP firm to appar­ent­ly get hacked and have its email released. 300 innocu­ous emails.

    So let’s review:

    1. We have a shock­ing­ly “noisy” hack­ing cam­paign in May of 2015 that hits the DNC. A cam­paign seem­ing­ly designed to get the world pissed off at Rus­sia for hack­ing them.

    2. We have anoth­er shock­ing­ly “noisy” hack­ing cam­paign in March of 2016 that hits the DNC again, and this time the nois­i­ness includes leav­ing the Bit.ly accounts open to the world so every­one could see that the hack­ers were focus­ing on Democ­rats but not just Democ­rats. That Bit.ly mis­take also showed phish­ing tar­gets that were filled with Putin’s adver­saries around the globe. So it clear­ly sent the mes­sage of “I’m a Russ­ian hack­er!” but also, more sub­tly, “and I’m most­ly just focused on Democ­rats in the US polit­i­cal are­na!” That was the pair of con­spic­u­ous mes­sages sent.

    3. But emails released by Guc­cifer 2.0 did include 300 innocu­ous GOP emails. All from email accounts host­ed by Smartech, one of the key GOP firms sus­pect­ed of hack­ing the 2004 elec­tion.

    4. We know that mul­ti­ple teams of GOP oper­a­tives were search for Hillary’s emails (temas led by Peter Smith, Bar­bara Lee­den, and the yet-to-be iden­ti­fied group Charles John­son was in touch with), and we also know these are the types of peo­ple that would have been will­ing to get these emails under any cir­cum­stances which rais­es the obvi­ous pos­si­bil­i­ty that these GOP teams were will­ing to car­ry out the hacks them­selves (but would obvi­ous­ly want to redi­rect the blame else­where).

    5. We know Joseph Mif­sud, the mys­te­ri­ous Mal­tese pro­fes­sor, dan­gled the tem­npta­tion of thou­sands of Hillary’s emails to the Trump team in what appeared to be a covert out­reach attempt with the Trump cam­paign, but we also know that that the GOP felt like they nev­er real­ly got what they were look­ing for because Peter Smith’s team kept search­ing the Dark Web for ‘Russ­ian hack­ers’ with Hillary’s 33,000 delet­ed pri­vate emails will into August of 2016, after the DNC emails were already released.

    6. We know that the con­tact with Don­ald Trump, Jr. ini­ti­at­ed by Rob Gold­stone in ear­ly June that led to the Russ­ian del­e­ga­tion Trump Tow­er meet­ing on June 9th, includ­ed absurd­ly over-the-top incrim­i­nat­ing details like send­ing Trump Jr. an email say­ing ‘the Russ­ian gov­ern­ment wants to help you’ that real­ly doomed the Trump team in dur­ing the sub­se­quent inves­ti­ga­tions.

    Tak­en all together,and giv­en that we know the GOP was clear­ly very inter­est­ed in hack­ing Hillary, and we know these hack­ing cam­paigns were filled with con­pic­u­ous “I’m a Russ­ian clues” that were lead­ing to the Russ­ian gov­ern­ment get­ting blamed for all these hacks, it rais­es a rather hilar­i­ous pos­si­bil­i­ty: if the May 2015 hack­ing cam­paigns, includ­ing the high pro­file Bun­destag hack that was blamed on Rus­sia, weren’t car­ried out by the Russ­ian gov­ern­ment, the Russ­ian gov­ern­ment would sure­ly know it’s being set up. Moscow is pre­sum­ably fol­low­ing all the glob­al hack­ing cam­paigns too and attri­bu­tion too. And don’t for­get, Bar­bara Ledeen was appar­ent­ly search­ing the Dark Web for hack­ers with Hillary’s emails in 2015, and if she stum­bled across any Russ­ian agents it might have been clear what the GOP was up to. And we have no idea when Ledeen’s Dark Web search end­ed, so if she was still search­ing for Hillary’s delet­ed per­son­al emails in ear­ly 2016 and still reach­ing out to hack­ers in the Dark Web about this it could have been obvi­ous to Moscow what the GOP want­ed and thatthey still did­n’t have what they were look­ing for.

    So is it pos­si­ble that the out­landish Russ­ian out­reach cam­paign tar­get­ing the GOP was part­ly a pre­emp­tive defen­sive mea­sure designed to let the GOP impli­cate itself in a hack­ing oper­a­tion not car­ried out by Moscow but Moscow assumed was going to be blamed on it? In oth­er words, the gen­er­al assump­tion fol­low­ing the wave of rev­e­la­tions about Russ­ian con­tacts with the Trump cam­paign and promis­es of Hillary’s emails are being inter­pret­ed as mean­ing the Rus­sians must have been behind the actu­al hacks. But when you con­sid­er how the “noise” the GOP was already send­ing about its inter­est in Hillary’s emails in 2015, and con­sid­er that the only GOP emails released were from Smartech, a firm already impli­cat­ed in hack­ing the 2004 elec­tion, there’s no rea­son to exclude the pos­si­bil­i­ty of oth­er hack­ers actu­al­ly car­ried out the hacks, the Rus­sians knew this was hap­pen­ing, and decid­ed to ensure that if they were going to take the blame they would share it with the GOP.

    Is that fea­si­ble pos­si­ble giv­en all the facts at hand? Because it seems like it would be a real­ly effec­tive strat­e­gy if the Krem­lin thought it was about to be set up. At least, effec­tive against the Trump team.

    Either way, it should­n’t some­one be look­ing into whether or not Smartech was actu­al­ly hacked? As opposed to Smartech pro­vid­ing those emails to “Guc­cifer 2.0” to a ‘fair & bal­anced’ feel to the thing? That seems like an impor­tant fact that has­n’t actu­al­ly been remote­ly estab­lished in this whole mess.

    Posted by Pterrafractyl | November 11, 2017, 5:24 pm
  11. It hap­pened again. Don­ald Trump Jr. was just caught engag­ing in some rather incrim­i­nat­ing cor­re­spon­dences. This time over Twit­ter’s direct mes­sag­ing (DM) sys­tem. With Julian Assange. So we have an answer to the ques­tion of whether or not the Trump team was in direct com­mu­ni­ca­tion with Wik­ileaks: Yes they were. A lot. From Sep­tem­ber 2016 through the elec­tion and even some 2017.

    It start­ed off on Sep­tem­ber 20, 2016, when Assange informed Trump Jr. that Wik­ileaks had suc­cess­ful­ly guessed the pass­word for the web­site of a new anti-Trump polit­i­cal action com­mit­tee and want­ed to know if Don Jr. had “any com­ments”. Keep in mind that this is basi­cal­ly a con­ver­sa­tion about stolen dig­i­tal mate­r­i­al. So we have an open­ing mes­sage from Julian Assange sent via Twit­ter offer­ing stolen mate­r­i­al much like the bizarre open­ing open­ing email that Rob Gold­stone sent to Don Jr. about the Russ­ian gov­ern­ment want­i­ng to help the Trump team with ‘dirt’ on Hillary.

    And as was the case with Gold­stone’s offer, Don Jr. appeared to be more than hap­py to receive the help. Accord­ing to one source he actu­al­ly informed top Trump cam­paign staffers (Steve Ban­non, Kellyanne Con­way, and Jared Kush­n­er) that Wik­ileaks had made con­tact when it first hap­pened.

    It appears that the cor­re­spon­dence was most­ly one-sided, with Assange send­ing Trump Jr. sug­ges­tions or zany schemes (like try­ing to get Assange appoint­ed Aus­trali­a’s ambas­sador to the US). And both Trump Jr. and Trump Sr. appear to have actu­al­ly fol­low the advice Assange was send­ing them at dif­fer­ent points.

    The Trumps for­tu­nate­ly did­n’t take the last bit of advice Assange sent to them on elec­tion day when it still looked like Hillary Clin­ton was going to win. Unfor­tu­nate­ly, they did­n’t take his advice because Trump won and Julian’s advice was for Trump not to con­cede if he lost and instead say the elec­tion was rigged:

    The Atlantic

    The Secret Cor­re­spon­dence Between Don­ald Trump Jr. and Wik­iLeaks

    The trans­paren­cy orga­ni­za­tion asked the president’s son for his cooperation—in shar­ing its work, in con­test­ing the results of the elec­tion, and in arrang­ing for Julian Assange to be Australia’s ambas­sador to the Unit­ed States.

    Julia Ioffe
    Novem­ber 13, 2017 at 4:22 PM ET
    This sto­ry was updat­ed on Novem­ber 13 at 10:28 pm

    Just before the stroke of mid­night on Sep­tem­ber 20, 2016, at the height of last year’s pres­i­den­tial elec­tion, the Wik­iLeaks Twit­ter account sent a pri­vate direct mes­sage to Don­ald Trump Jr., the Repub­li­can nominee’s old­est son and cam­paign sur­ro­gate. “A PAC run anti-Trump site putintrump.org is about to launch,” Wik­iLeaks wrote. “The PAC is a recy­cled pro-Iraq war PAC. We have guessed the pass­word. It is ‘putin­trump.’ See ‘About’ for who is behind it. Any com­ments?” (The site, which has since become a joint project with Moth­er Jones, was found­ed by Rob Glaser, a tech entre­pre­neur, and was fund­ed by Progress for USA Polit­i­cal Action Com­mit­tee.)

    The next morn­ing, about 12 hours lat­er, Trump Jr. respond­ed to Wik­iLeaks. “Off the record I don’t know who that is, but I’ll ask around,” he wrote on Sep­tem­ber 21, 2016. “Thanks.”

    The mes­sages, obtained by The Atlantic, were also turned over by Trump Jr.’s lawyers to con­gres­sion­al inves­ti­ga­tors. They are part of a long—and large­ly one-sided—correspondence between Wik­iLeaks and the president’s son that con­tin­ued until at least July 2017. The mes­sages show Wik­iLeaks, a rad­i­cal trans­paren­cy orga­ni­za­tion that the Amer­i­can intel­li­gence com­mu­ni­ty believes was cho­sen by the Russ­ian gov­ern­ment to dis­sem­i­nate the infor­ma­tion it had hacked, active­ly solic­it­ing Trump Jr.’s coop­er­a­tion. Wik­iLeaks made a series of increas­ing­ly bold requests, includ­ing ask­ing for Trump’s tax returns, urg­ing the Trump cam­paign on Elec­tion Day to reject the results of the elec­tion as rigged, and request­ing that the pres­i­dent-elect tell Aus­tralia to appoint Julian Assange ambas­sador to the Unit­ed States.

    “Over the last sev­er­al months, we have worked coop­er­a­tive­ly with each of the com­mit­tees and have vol­un­tar­i­ly turned over thou­sands of doc­u­ments in response to their requests,” said Alan Futer­fas, an attor­ney for Don­ald Trump Jr. “Putting aside the ques­tion as to why or by whom such doc­u­ments, pro­vid­ed to Con­gress under promis­es of con­fi­den­tial­i­ty, have been selec­tive­ly leaked, we can say with con­fi­dence that we have no con­cerns about these doc­u­ments and any ques­tions raised about them have been eas­i­ly answered in the appro­pri­ate forum.” Wik­iLeaks did not respond to requests for com­ment.

    ...

    It’s not clear what inves­ti­ga­tors will make of the cor­re­spon­dence, which rep­re­sents a small por­tion of the thou­sands of doc­u­ments Don­ald Trump Jr.’s lawyer says he turned over to them. The stakes for the Trump fam­i­ly, how­ev­er, are high. Trump Jr.’s June 2016 meet­ing with Natalia Vesel­nit­skaya, a Russ­ian lawyer with con­nec­tions to Russia’s pow­er­ful pros­e­cu­tor gen­er­al, is already report­ed­ly a sub­ject of inter­est in Spe­cial Coun­sel Robert Mueller’s inves­ti­ga­tion, as is the White House state­ment defend­ing him. (Trump Jr. was emailed an offer of “infor­ma­tion that would incrim­i­nate Hillary,” and respond­ed in part, “If it’s what you say I love it.”) The mes­sages exchanged with Wik­iLeaks add a sec­ond instance in which Trump Jr. appears eager to obtain dam­ag­ing infor­ma­tion about Hillary Clin­ton, despite its prove­nance.

    Though Trump Jr. most­ly ignored the fre­quent mes­sages from Wik­iLeaks, he at times appears to have act­ed on its requests. When Wik­iLeaks first reached out to Trump Jr. about putintrump.org, for instance, Trump Jr. fol­lowed up on his promise to “ask around.” Accord­ing to a source famil­iar with the con­gres­sion­al inves­ti­ga­tions into Russ­ian inter­fer­ence with the 2016 cam­paign, who request­ed anonymi­ty because the inves­ti­ga­tion is ongo­ing, on the same day that Trump Jr. received the first mes­sage from Wik­iLeaks, he emailed oth­er senior offi­cials with the Trump cam­paign, includ­ing Steve Ban­non, Kellyanne Con­way, Brad Parscale, and Trump son-in-law Jared Kush­n­er, telling them Wik­iLeaks had made con­tact. Kush­n­er then for­ward­ed the email to cam­paign com­mu­ni­ca­tions staffer Hope Hicks. At no point dur­ing the 10-month cor­re­spon­dence does Trump Jr. rebuff Wik­iLeaks, which had pub­lished stolen doc­u­ments and was already observed to be releas­ing infor­ma­tion that ben­e­fit­ed Russ­ian inter­ests.

    Wik­iLeaks played a piv­otal role in the pres­i­den­tial cam­paign. In July 2016, on the first day of the Demo­c­ra­t­ic Nation­al Con­ven­tion, Wik­iLeaks released emails stolen from the Demo­c­ra­t­ic Nation­al Com­mit­tee’s servers that spring. The emails showed DNC offi­cials den­i­grat­ing Bernie Sanders, renew­ing ten­sions on the eve of Clinton’s accep­tance of the nom­i­na­tion. On Octo­ber 7, less than an hour after the Wash­ing­ton Post released the Access Hol­ly­wood tape, in which Trump bragged about sex­u­al­ly assault­ing women, Wik­ileaks released emails that hack­ers had pil­fered from the per­son­al email account of Clinton’s cam­paign man­ag­er John Podes­ta.

    On Octo­ber 3, 2016, Wik­iLeaks wrote again. “Hiya, it’d be great if you guys could com­ment on/push this sto­ry,” Wik­iLeaks sug­gest­ed, attach­ing a quote from then-Demo­c­ra­t­ic nom­i­nee Hillary Clin­ton about want­i­ng to “just drone” Wik­iLeaks founder, Julian Assange.

    “Already did that ear­li­er today,” Trump Jr. respond­ed an hour-and-a-half lat­er. “It’s amaz­ing what she can get away with.”

    Two min­utes lat­er, Trump Jr. wrote again, ask­ing, “What’s behind this Wednes­day leak I keep read­ing about?” The day before, Roger Stone, an infor­mal advi­sor to Don­ald Trump, had tweet­ed, “Wednesday@HillaryClinton is done. #Wik­iLeaks.”

    Wik­iLeaks didn’t respond to that mes­sage, but on Octo­ber 12, 2016, the account again mes­saged Trump Jr. “Hey Don­ald, great to see you and your dad talk­ing about our pub­li­ca­tions,” Wik­iLeaks wrote. (At a ral­ly on Octo­ber 10, Don­ald Trump had pro­claimed, “I love Wik­iLeaks!”)

    “Strong­ly sug­gest your dad tweets this link if he men­tions us,” Wik­iLeaks went on, point­ing Trump Jr. to the link wlsearch.tk, which it said would help Trump’s fol­low­ers dig through the trove of stolen doc­u­ments and find sto­ries. “There’s many great sto­ries the press are miss­ing and we’re sure some of your fol­lows [sic] will find it,” Wik­iLeaks went on. “Btw we just released Podes­ta Emails Part 4.”

    Trump Jr. did not respond to this mes­sage. But just 15 min­utes after it was sent, as The Wall Street Journal’s Byron Tau point­ed out, Don­ald Trump him­self tweet­ed, “Very lit­tle pick-up by the dis­hon­est media of incred­i­ble infor­ma­tion pro­vid­ed by Wik­iLeaks. So dis­hon­est! Rigged sys­tem!”

    Two days lat­er, on Octo­ber 14, 2016, Trump Jr. tweet­ed out the link Wik­iLeaks had pro­vid­ed him. “For those who have the time to read about all the cor­rup­tion and hypocrisy all the @wikileaks emails are right here: http://wlsearch.tk/,” he wrote.

    After this point, Trump Jr. ceased to respond to WikiLeaks’s direct mes­sages, but Wik­iLeaks esca­lat­ed its requests.

    “Hey Don. We have an unusu­al idea,” Wik­iLeaks wrote on Octo­ber 21, 2016. “Leak us one or more of your father’s tax returns.” Wik­iLeaks then laid out three rea­sons why this would ben­e­fit both the Trumps and Wik­iLeaks. One, The New York Times had already pub­lished a frag­ment of Trump’s tax returns on Octo­ber 1; two, the rest could come out any time “through the most biased source (e.g. NYT/MSNBC).”

    It is the third rea­son, though, Wik­iLeaks wrote, that “is the real kick­er.” “If we pub­lish them it will dra­mat­i­cal­ly improve the per­cep­tion of our impar­tial­i­ty,” Wik­iLeaks explained. “That means that the vast amount of stuff that we are pub­lish­ing on Clin­ton will have much high­er impact, because it won’t be per­ceived as com­ing from a ‘pro-Trump’ ‘pro-Rus­sia’ source.” It then pro­vid­ed an email address and link where the Trump cam­paign could send the tax returns, and adds, “The same for any oth­er neg­a­tive stuff (doc­u­ments, record­ings) that you think has a decent chance of com­ing out. Let us put it out.”

    Trump Jr. did not respond to this mes­sage.

    Wik­iLeaks didn’t write again until Elec­tion Day, Novem­ber 8, 2016. “Hi Don if your father ‘los­es’ we think it is much more inter­est­ing if he DOES NOT con­ceed [sic] and spends time CHALLENGING the media and oth­er types of rig­ging that occurred—as he has implied that he might do,” Wik­iLeaks wrote at 6:35pm, when the idea that Clin­ton would win was still the pre­vail­ing con­ven­tion­al wis­dom. (As late as 7:00pm that night, FiveThir­tyEight, a trust­ed prog­nos­ti­ca­tor of the elec­tion, gave Clin­ton a 71 per­cent chance of win­ning the pres­i­den­cy.) Wik­iLeaks insist­ed that con­test­ing the elec­tion results would be good for Trump’s rumored plans to start a media net­work should he lose the pres­i­den­cy. “The dis­cus­sion can be trans­for­ma­tive as it expos­es media cor­rup­tion, pri­ma­ry cor­rup­tion, PAC cor­rup­tion, etc.,” Wik­iLeaks wrote.

    Short­ly after mid­night that day, when it was clear that Trump had beat­en all expec­ta­tions and won the pres­i­den­cy, Wik­iLeaks sent him a sim­ple mes­sage: “Wow.”

    Trump Jr. did not respond to these mes­sages either, but Wik­iLeaks was unde­terred. “Hi Don. Hope you’re doing well!” Wik­iLeaks wrote on Decem­ber 16 to Trump Jr., who was by then the son of the pres­i­dent-elect. “In rela­tion to Mr. Assange: Obama/Clinton placed pres­sure on Swe­den, UK and Aus­tralia (his home coun­try) to illic­it­ly go after Mr. Assange. It would be real easy and help­ful for your dad to sug­gest that Aus­tralia appoint Assange ambas­sador to [Wash­ing­ton,] DC.”

    Wik­iLeaks even imag­ined how Trump might put it: “‘That’s a real smart tough guy and the most famous aus­tralian [sic] you have!’ or some­thing sim­i­lar,” Wik­iLeaks wrote. “They won’t do it but it will send the right sig­nals to Aus­tralia, UK + Swe­den to start fol­low­ing the law and stop bend­ing it to ingra­ti­ate them­selves with the Clin­tons.” (On Decem­ber 7, Assange, pro­claim­ing his inno­cence, had released his tes­ti­mo­ny in front of Lon­don inves­ti­ga­tors look­ing into accu­sa­tions that he had com­mit­ted alleged sex­u­al assault.)

    In the win­ter and spring, Wik­iLeaks went large­ly silent, only occa­sion­al­ly send­ing Trump Jr. links. But on July 11, 2017, three days after The New York Times broke the sto­ry about Trump Jr.’s June 2016 meet­ing with Natalia Vesel­nit­skaya, a Russ­ian lawyer with con­nec­tions to Russia’s pow­er­ful pros­e­cu­tor gen­er­al, Wik­iLeaks got in touch again.

    “Hi Don. Sor­ry to hear about your prob­lems,” Wik­iLeaks wrote. “We have an idea that may help a lit­tle. We are VERY inter­est­ed in con­fi­den­tial­ly obtain­ing and pub­lish­ing a copy of the email(s) cit­ed in the New York Times today,” cit­ing a ref­er­ence in the paper to emails Trump Jr had exchanged with Rob Gold­stone, a pub­li­cist who had helped set up the meet­ing. “We think this is strong­ly in your inter­est,” Wik­iLeaks went on. It then reprised many of the same argu­ments it made in try­ing to con­vince Trump Jr. to turn over his father’s tax returns, includ­ing the argu­ment that Trump’s ene­mies in the press were using the emails to spin an unfa­vor­able nar­ra­tive of the meet­ing. “Us pub­lish­ing not only deprives them of this abil­i­ty but is beau­ti­ful­ly con­found­ing.”

    The mes­sage was sent at 9:29 am on July 11. Trump Jr. did not respond, but just hours lat­er, he post­ed the emails him­self, on his own Twit­ter feed.

    ———-

    “The Secret Cor­re­spon­dence Between Don­ald Trump Jr. and Wik­iLeaks” by Julia Ioffe; The Atlantic; 11/13/2017

    “The mes­sages, obtained by The Atlantic, were also turned over by Trump Jr.’s lawyers to con­gres­sion­al inves­ti­ga­tors. They are part of a long—and large­ly one-sided—correspondence between Wik­iLeaks and the president’s son that con­tin­ued until at least July 2017. The mes­sages show Wik­iLeaks, a rad­i­cal trans­paren­cy orga­ni­za­tion that the Amer­i­can intel­li­gence com­mu­ni­ty believes was cho­sen by the Russ­ian gov­ern­ment to dis­sem­i­nate the infor­ma­tion it had hacked, active­ly solic­it­ing Trump Jr.’s coop­er­a­tion. Wik­iLeaks made a series of increas­ing­ly bold requests, includ­ing ask­ing for Trump’s tax returns, urg­ing the Trump cam­paign on Elec­tion Day to reject the results of the elec­tion as rigged, and request­ing that the pres­i­dent-elect tell Aus­tralia to appoint Julian Assange ambas­sador to the Unit­ed States

    A long, and large­ly one-sided, cor­re­spon­dence between Wik­ileaks and Trump Jr. That’s anoth­er giant ‘uh oh’ for Don Jr. An ‘uh oh’ involv­ing a dis­cus­sion about Wik­ileaks break­ing into an anti-Trump web­site (even if you guess the pass­word cor­rect­ly for a web­site that’s still con­sid­ered break into it):

    ...
    Just before the stroke of mid­night on Sep­tem­ber 20, 2016, at the height of last year’s pres­i­den­tial elec­tion, the Wik­iLeaks Twit­ter account sent a pri­vate direct mes­sage to Don­ald Trump Jr., the Repub­li­can nominee’s old­est son and cam­paign sur­ro­gate. “A PAC run anti-Trump site putintrump.org is about to launch,” Wik­iLeaks wrote. “The PAC is a recy­cled pro-Iraq war PAC. We have guessed the pass­word. It is ‘putin­trump.’ See ‘About’ for who is behind it. Any com­ments?” (The site, which has since become a joint project with Moth­er Jones, was found­ed by Rob Glaser, a tech entre­pre­neur, and was fund­ed by Progress for USA Polit­i­cal Action Com­mit­tee.)

    The next morn­ing, about 12 hours lat­er, Trump Jr. respond­ed to Wik­iLeaks. “Off the record I don’t know who that is, but I’ll ask around,” he wrote on Sep­tem­ber 21, 2016. “Thanks.”
    ...

    And not only does Don Jr. respond with “Thank” 12 hours lat­er, but he then informs senior Trump cam­paign team mem­bers about this:

    ...
    Though Trump Jr. most­ly ignored the fre­quent mes­sages from Wik­iLeaks, he at times appears to have act­ed on its requests. When Wik­iLeaks first reached out to Trump Jr. about putintrump.org, for instance, Trump Jr. fol­lowed up on his promise to “ask around.” Accord­ing to a source famil­iar with the con­gres­sion­al inves­ti­ga­tions into Russ­ian inter­fer­ence with the 2016 cam­paign, who request­ed anonymi­ty because the inves­ti­ga­tion is ongo­ing, on the same day that Trump Jr. received the first mes­sage from Wik­iLeaks, he emailed oth­er senior offi­cials with the Trump cam­paign, includ­ing Steve Ban­non, Kellyanne Con­way, Brad Parscale, and Trump son-in-law Jared Kush­n­er, telling them Wik­iLeaks had made con­tact. Kush­n­er then for­ward­ed the email to cam­paign com­mu­ni­ca­tions staffer Hope Hicks. At no point dur­ing the 10-month cor­re­spon­dence does Trump Jr. rebuff Wik­iLeaks, which had pub­lished stolen doc­u­ments and was already observed to be releas­ing infor­ma­tion that ben­e­fit­ed Russ­ian inter­ests.
    ...

    So the Assange/Don Jr. cor­re­spon­dences start Sep­tem­ber 20th. The cor­re­spon­dences con­tin­ues, with Assange send­ing links he thinks Don Jr. should be pro­mot­ing on Octo­ber 3rd and Don Jr. respond­ing “What’s behind this Wednes­day leak I keep read­ing about,” a ref­er­ence to Roger Stone’s tweet, “Wednesday@HillaryClinton is done. #Wik­iLeaks,” sent a day ear­li­er. Assange does­n’t reply, but then on Octo­ber 7th the Podes­ta emails get leaked less than an hour after the Access Hol­ly­wood tape is leaked. So we have Don Jr. ask­ing Assange about an upcom­ing leak that Roger Stone warned about and that leak occurs a few days lat­er:

    ...
    Wik­iLeaks played a piv­otal role in the pres­i­den­tial cam­paign. In July 2016, on the first day of the Demo­c­ra­t­ic Nation­al Con­ven­tion, Wik­iLeaks released emails stolen from the Demo­c­ra­t­ic Nation­al Com­mit­tee’s servers that spring. The emails showed DNC offi­cials den­i­grat­ing Bernie Sanders, renew­ing ten­sions on the eve of Clinton’s accep­tance of the nom­i­na­tion. On Octo­ber 7, less than an hour after the Wash­ing­ton Post released the Access Hol­ly­wood tape, in which Trump bragged about sex­u­al­ly assault­ing women, Wik­ileaks released emails that hack­ers had pil­fered from the per­son­al email account of Clinton’s cam­paign man­ag­er John Podes­ta.

    On Octo­ber 3, 2016, Wik­iLeaks wrote again. “Hiya, it’d be great if you guys could com­ment on/push this sto­ry,” Wik­iLeaks sug­gest­ed, attach­ing a quote from then-Demo­c­ra­t­ic nom­i­nee Hillary Clin­ton about want­i­ng to “just drone” Wik­iLeaks founder, Julian Assange.

    “Already did that ear­li­er today,” Trump Jr. respond­ed an hour-and-a-half lat­er. “It’s amaz­ing what she can get away with.”

    Two min­utes lat­er, Trump Jr. wrote again, ask­ing, “What’s behind this Wednes­day leak I keep read­ing about?” The day before, Roger Stone, an infor­mal advi­sor to Don­ald Trump, had tweet­ed, “Wednesday@HillaryClinton is done. #Wik­iLeaks.”
    ...

    And on Octo­ber 12, five days after the Podes­ta emails get released, Assange writes to Don Jr. with a rec­om­men­da­tion for Trump to pro­mote a Wik­ileaks site set up to help peo­ple sift through the stolen doc­u­ments. Don Jr. does­n’t reply, but 15 min­utes after that DM for Assange Trump tweets out that exact link:

    ...
    Wik­iLeaks didn’t respond to that mes­sage, but on Octo­ber 12, 2016, the account again mes­saged Trump Jr. “Hey Don­ald, great to see you and your dad talk­ing about our pub­li­ca­tions,” Wik­iLeaks wrote. (At a ral­ly on Octo­ber 10, Don­ald Trump had pro­claimed, “I love Wik­iLeaks!”)

    “Strong­ly sug­gest your dad tweets this link if he men­tions us,” Wik­iLeaks went on, point­ing Trump Jr. to the link wlsearch.tk, which it said would help Trump’s fol­low­ers dig through the trove of stolen doc­u­ments and find sto­ries. “There’s many great sto­ries the press are miss­ing and we’re sure some of your fol­lows [sic] will find it,” Wik­iLeaks went on. “Btw we just released Podes­ta Emails Part 4.”

    Trump Jr. did not respond to this mes­sage. But just 15 min­utes after it was sent, as The Wall Street Journal’s Byron Tau point­ed out, Don­ald Trump him­self tweet­ed, “Very lit­tle pick-up by the dis­hon­est media of incred­i­ble infor­ma­tion pro­vid­ed by Wik­iLeaks. So dis­hon­est! Rigged sys­tem!”
    ...

    15 min­utes after Assange makes a rec­om­men­da­tion and Trump Sr. tweets it out. Uh oh.

    Assange tests the waters again on Octobe 21st with his pro­pos­al for Trump to leak his own tax returns to Wik­ileaks in order to give Wik­ileaks an air of impar­tial­i­ty (recall how Trump did actu­al­ly appear to leak his own tax returns in March of this year). And then on Novem­ber 8th, he makes a tru­ly omi­nous sug­ges­tion: con­test the elec­tion if he los­es and call it all rigged:

    ...
    Wik­iLeaks didn’t write again until Elec­tion Day, Novem­ber 8, 2016. “Hi Don if your father ‘los­es’ we think it is much more inter­est­ing if he DOES NOT con­ceed [sic] and spends time CHALLENGING the media and oth­er types of rig­ging that occurred—as he has implied that he might do,” Wik­iLeaks wrote at 6:35pm, when the idea that Clin­ton would win was still the pre­vail­ing con­ven­tion­al wis­dom. (As late as 7:00pm that night, FiveThir­tyEight, a trust­ed prog­nos­ti­ca­tor of the elec­tion, gave Clin­ton a 71 per­cent chance of win­ning the pres­i­den­cy.) Wik­iLeaks insist­ed that con­test­ing the elec­tion results would be good for Trump’s rumored plans to start a media net­work should he lose the pres­i­den­cy. “The dis­cus­sion can be trans­for­ma­tive as it expos­es media cor­rup­tion, pri­ma­ry cor­rup­tion, PAC cor­rup­tion, etc.,” Wik­iLeaks wrote.

    Short­ly after mid­night that day, when it was clear that Trump had beat­en all expec­ta­tions and won the pres­i­den­cy, Wik­iLeaks sent him a sim­ple mes­sage: “Wow.”
    ...

    Assange then fol­lows up in Decem­ber with a request that Trump troll world by push­ing to have him made Aus­trali­a’s ambas­sador to the US. Then Assange large­ly goes qui­et, until July of this year after after news of Trump Jr.‘s meet­ing with Rob Gold­stone and the Russ­ian del­e­ga­tion in Trump Tow­er. It turns out it was Julian Assange who made the sug­ges­tion that Don Jr. leak all those cor­re­spon­dences to Wik­ileaks who would leak it to the world and instead Don Jr., who does­n’t respond to the DM, does the leak­ing him­self hours lat­er:

    ...
    In the win­ter and spring, Wik­iLeaks went large­ly silent, only occa­sion­al­ly send­ing Trump Jr. links. But on July 11, 2017, three days after The New York Times broke the sto­ry about Trump Jr.’s June 2016 meet­ing with Natalia Vesel­nit­skaya, a Russ­ian lawyer with con­nec­tions to Russia’s pow­er­ful pros­e­cu­tor gen­er­al, Wik­iLeaks got in touch again.

    “Hi Don. Sor­ry to hear about your prob­lems,” Wik­iLeaks wrote. “We have an idea that may help a lit­tle. We are VERY inter­est­ed in con­fi­den­tial­ly obtain­ing and pub­lish­ing a copy of the email(s) cit­ed in the New York Times today,” cit­ing a ref­er­ence in the paper to emails Trump Jr had exchanged with Rob Gold­stone, a pub­li­cist who had helped set up the meet­ing. “We think this is strong­ly in your inter­est,” Wik­iLeaks went on. It then reprised many of the same argu­ments it made in try­ing to con­vince Trump Jr. to turn over his father’s tax returns, includ­ing the argu­ment that Trump’s ene­mies in the press were using the emails to spin an unfa­vor­able nar­ra­tive of the meet­ing. “Us pub­lish­ing not only deprives them of this abil­i­ty but is beau­ti­ful­ly con­found­ing.”

    The mes­sage was sent at 9:29 am on July 11. Trump Jr. did not respond, but just hours lat­er, he post­ed the emails him­self, on his own Twit­ter feed.
    ...

    So we have this exten­sive dig­i­tal trail of evi­dence that not only demon­strates an open line of com­mu­ni­ca­tion between Julian Assange and the Trump cam­paign but also demon­strates the Trump team tak­ing Assange’s advice. A dig­i­tal trail left on Twit­ter! Yes, two very promi­nent peo­ple deeply involved with one of the biggest polit­i­cal scan­dals in Amer­i­can his­to­ry were leav­ing exten­sive dig­i­tal evi­dence of their open lines of com­mu­ni­ca­tion with each oth­er on Twit­ter!

    It’s rather amaz­ing. Per­haps even more amaz­ing than the incrim­i­nat­ing emails between Rob Gold­stone and Don Jr. because it’s one thing for some­one like Rob Gold­stone to send an incrim­i­nat­ing email. Rob Gold­stone pre­sum­ably was­n’t under sur­veil­lance at the time he sent that email. But Assange’s com­mu­ni­ca­tions pre­sum­ably are under sur­veil­lance. Espe­cial­ly his Twit­ter com­mu­ni­ca­tions. Does Assange assume his Twit­ter DMs aren’t been mon­i­tored? He’s Julian Assange! Of course they’re being mon­i­tored if that’s a pos­si­bil­i­ty. And Twit­ter does­n’t make their DMs super-encrypt­ed and beyond law enforce­ment. So unless these DMs were sent using addi­tion­al steps to encrypt the mes­sages it’s hard to see how Assange could­n’t know full well that he was leav­ing a dig­i­tal trail tying him­self back to the Trump cam­paign by choos­ing Twit­ter as the medi­um of com­mu­ni­ca­tion.

    And don’t for­get, these mes­sages start­ed in Sep­tem­ber or 2016, months after Wik­ileaks become a cen­tral fig­ure in the cam­paign by leak­ing the DNC emails. Wik­ileaks was already guar­an­teed to be under exten­sive US sur­veil­lance for that alone. And yet Julian Assange decides to using a medi­um like Twit­ter. One thing that’s not entire­ly clear from the sto­ry is whether or not he was using his offi­cial “Julian Assange” account or some more obscure account to send the DMs. But if this we his offi­cial Julian Assange account that would have been a remark­able move because if there’s one Twit­ter account that you can assume is under sur­veil­lance by intel­li­gence agen­cies around the world its Julian Assange’s account.

    It’s almost amaz­ing it took this long for these mes­sages to come out con­sid­er­ing who was send­ing them. Although per­haps what’s most amaz­ing is that this entire Don Jr. & Julian sit­u­a­tion is not at all amaz­ing in the con­text of the entire #TrumpRus­sia inves­ti­ga­tion. Giv­en the spy-farce nature of this entire saga, the Don Jr. & Julian dra­ma should pret­ty much be expect­ed. Which is pret­ty amaz­ing.

    Posted by Pterrafractyl | November 14, 2017, 9:06 pm
  12. Here’s an inter­est­ing twist to Julian Assange’s recent­ly dis­cov­ered cor­re­spon­dences with Don­ald Trump Jr.: The ini­tial sto­ry that Assange mes­sage Trump Jr. about on Sep­tem­ber 20, 2016 — about new anti-Trump web­site that was about to launch — was a sto­ry that Charles “Chuck” John­son wrote about on his Got­News web­site just a cou­ple hours before Assange reached out to Trump Jr.

    And while it’s unclear if John­son was in con­tact with Assange at this point — John­son’s com­ments at the time sug­gest oth­er­wise — it’s still rather inter­est­ing giv­en the appar­ent rela­tions John­son has with Wik­ileaks now: Roger Stone says that he has a “lib­er­tar­i­an opin­ion jour­nal­ist” con­tact with Wik­ileaks, and that sure sounds like John­son, although has vehe­ment­ly denied it was John­son. Addi­tion­al­ly, John­son report­ed­ly helped arrange a meet­ing between Con­gress­man Dana Rohrabach­er and Assange in August of this year. So whether or not John­son and Assange had an open line of com­mu­ni­ca­tion at the time of the Sep­tem­ber 20, 2016, out­reach to Trump Jr., it’s unam­bigu­ous that they have an open line of com­mu­ni­ca­tion now. And let’s not for­get about John­son’s role in advis­ing the quest to find Hillary Clin­ton’s hacked per­son­al emails on the Dark Web, where he rec­om­mend­ed to Peter Smith’s team that they con­tact “Guc­cifer 2.0” and Andrew “weev” Auern­heimer about those hacked emails (John­son and Auern­heimer has a his­to­ry of work­ing togeth­er).

    Giv­en all those con­tacts, if John­son was­n’t in direct con­tact with Wik­ileaks as of Sep­tem­ber 20, 2016, he prob­a­bly at least knew some­one who was:

    Busi­ness Insid­er

    A noto­ri­ous far-right blog­ger may have pro­voked Wik­iLeaks’ out­reach to Don­ald Trump Jr.

    * The far-right blog­ger Charles John­son may have played a role in Wik­iLeaks’ out­reach to Don­ald Trump Jr.
    * Trump Jr.‘s exchanges with Wik­iLeaks in pri­vate Twit­ter mes­sages over 10 months have come under scruti­ny this week after an explo­sive report by The Atlantic.
    * John­son pub­lished a sto­ry in Sep­tem­ber 2016 about an anti-Trump web­site that Wik­iLeaks then sent to Trump Jr.

    Natasha Bertrand
    11/15/2017

    A far-right blog­ger may have tipped the Wik­iLeaks founder Julian Assange off to an anti-Trump web­site that Wik­iLeaks then sent to Don­ald Trump Jr. in a pri­vate Twit­ter mes­sage in Sep­tem­ber 2016.

    Charles John­son, who calls him­self an inde­pen­dent jour­nal­ist and runs a site called Got­News, pub­lished an arti­cle at about 9:30 p.m. ET on Sep­tem­ber 20, 2016, claim­ing he had “obtained a memo from a George Soros-tied PR firm that is launch­ing a web­site to spread con­spir­a­cy the­o­ries about Don­ald Trump’s con­nec­tions to Rus­sia.” Soros is the investor and busi­ness mag­nate who has become a favorite bogey­man of the far right.

    “The site, PutinTrump.org, is set to be launched tomor­row morn­ing on Wednes­day, Sep­tem­ber 21, by pub­lic rela­tions firm Rip­ple Strate­gies,” John­son wrote.

    John­son updat­ed his arti­cle again to include the pass­word for PutinTrump.org, which was still locked. He said he had obtained it from “Got­News researchers.”

    About two hours after John­son’s arti­cle was pub­lished, Wik­iLeaks shared the PutinTrump.org site and its pass­word in a tweet.

    John­son took cred­it.

    “About 2 hours after our orig­i­nal arti­cle, Julian Assange’s Wik­iLeaks repeat­ed our dis­cov­er­ies,” he wrote. “Guess which big leaks orga­ni­za­tion reads Got­News & WeSearchr on the down­low! Come on Julian, let’s work togeth­er. Wik­iLeaks & WeSearchr is a match made in heav­en. We can take down Hillary togeth­er.”

    Per­haps unbe­knownst to John­son at the time, Wik­iLeaks had also “repeat­ed” his “dis­cov­er­ies” in a pri­vate mes­sage to Trump Jr. — about 10 min­utes before tweet­ing it pub­licly.

    Trump Jr. has come under renewed scruti­ny this week amid rev­e­la­tions that he exchanged pri­vate Twit­ter mes­sages with the anti-secre­cy group dur­ing the cam­paign.

    “A PAC run anti-Trump site ‘putintrump.org’ is about to launch,” Wik­iLeaks wrote in a mes­sage to Trump Jr. just before mid­night on Sep­tem­ber 20. “The PAC is a recy­cled pro-Iraq war PAC. We have guessed the pass­word. It is ‘putin­trump.’ See ‘About’ for who is behind it. Any com­ments?”

    Trump Jr. replied, “Off the record I don’t know who that is but I’ll ask around.”

    It is unclear whether John­son’s sto­ry in Sep­tem­ber marked the begin­ning of his con­tact with Assange, who has been liv­ing in asy­lum at the Ecuado­ri­an Embassy in Lon­don since 2012.

    “I don’t dis­cuss who I com­mu­ni­cate with,” John­son told Busi­ness Insid­er in an email.

    The tim­ing of John­son’s arti­cle and Wik­iLeaks’ out­reach to Trump Jr. is sig­nif­i­cant because of some lat­er tweets by Roger Stone, a long­time advis­er to Trump, and sub­se­quent rev­e­la­tions about John­son’s role in arrang­ing a meet­ing between Assange and US Rep. Dana Rohrabach­er in August of this year.

    On Octo­ber 2, 2016, five days before Wik­iLeaks pub­lished the first set of emails stolen from the inbox of John Podes­ta, the chair­man of Demo­c­rat Hillary Clin­ton’s 2016 cam­paign, Stone tweet­ed: “Wednes­day @HillaryClinton is done. #Wik­iLeaks.”

    Two days lat­er, he tweet­ed: “I have total con­fi­dence that @wikileaks and my hero Julian Assange will edu­cate the Amer­i­can peo­ple soon #Lock­HerUp.”

    Stone told the House Intel­li­gence Com­mit­tee in Sep­tem­ber that he knew of Assange’s plans via a “jour­nal­ist” who was in touch with Assange. Stone, how­ev­er, would not reveal the jour­nal­ist’s iden­ti­ty.

    “I have referred pub­licly to this jour­nal­ist as an ‘inter­me­di­ary,’ ‘go-between,’ and ‘mutu­al friend,’ ” Stone tes­ti­fied. “All of these monikers are equal­ly true.”

    Stone denied that the jour­nal­ist in ques­tion was John­son.

    “The jour­nal­ist who con­firmed Julian Assange’s pub­lic com­ments of July 21 that he had and would pub­lish Hillary’s emails is def­i­nite­ly, pos­i­tive­ly NOT Chuck John­son, who is both a psy­chopath and a bulls— artist,” Stone said on Wednes­day night.

    About a month before Stone’s House tes­ti­mo­ny, John­son met with Assange and Rohrabach­er in Lon­don. The meet­ing, John­son told reporters at the time, stemmed from a “desire for ongo­ing com­mu­ni­ca­tions” between the con­gress­man and the Wik­iLeaks founder.

    ...

    Rohrabach­er says he has been try­ing to meet pri­vate­ly with Trump to relay Assange’s mes­sage. He told Busi­ness Insid­er last month that the White House chief of staff, John Kel­ly, was block­ing him from meet­ing with Trump.

    The Sen­ate Intel­li­gence Com­mit­tee sent John­son a let­ter on July 27 ask­ing him to turn over doc­u­ments con­tain­ing
    “any com­mu­ni­ca­tions with Russ­ian per­sons, or rep­re­sen­ta­tives of Russ­ian gov­ern­ment, busi­ness, or media inter­ests” that relat­ed to Rus­si­a’s elec­tion med­dling and the 2016 US pres­i­den­tial cam­paign more broad­ly.

    John­son told Yahoo News in August that he had no plans to coop­er­ate.

    “They’re going to have to sub­poe­na me, and then they’ll be sore­ly dis­ap­point­ed,” he said.

    ———-

    “A noto­ri­ous far-right blog­ger may have pro­voked Wik­iLeaks’ out­reach to Don­ald Trump Jr.” by Natasha Bertrand; Busi­ness Insid­er; 11/15/2017

    “Charles John­son, who calls him­self an inde­pen­dent jour­nal­ist and runs a site called Got­News, pub­lished an arti­cle at about 9:30 p.m. ET on Sep­tem­ber 20, 2016, claim­ing he had “obtained a memo from a George Soros-tied PR firm that is launch­ing a web­site to spread con­spir­a­cy the­o­ries about Don­ald Trump’s con­nec­tions to Rus­sia.” Soros is the investor and busi­ness mag­nate who has become a favorite bogey­man of the far right

    That was about two hours before Assange reached out to Trump Jr., which appears to be why John­son was so excit­ed to see Wik­ileaks pro­mot­ing the sto­ry short­ly after Assange sent that mes­sage to Trump:

    ...
    “About 2 hours after our orig­i­nal arti­cle, Julian Assange’s Wik­iLeaks repeat­ed our dis­cov­er­ies,” he wrote. “Guess which big leaks orga­ni­za­tion reads Got­News & WeSearchr on the down­low! Come on Julian, let’s work togeth­er. Wik­iLeaks & WeSearchr is a match made in heav­en. We can take down Hillary togeth­er.”
    ...

    But also note the lan­guage Assange used when reach­ing out to Trump Jr. He makes it sound like Wik­ileaks was the one who dis­cov­ered this news and fig­ured out the “putin­trump” pass­word for the anti-Trump web­site:

    ...
    “A PAC run anti-Trump site ‘putintrump.org’ is about to launch,” Wik­iLeaks wrote in a mes­sage to Trump Jr. just before mid­night on Sep­tem­ber 20. “The PAC is a recy­cled pro-Iraq war PAC. We have guessed the pass­word. It is ‘putin­trump.’ See ‘About’ for who is behind it. Any com­ments?”
    ...

    That sure sounds like Assange is assum­ing that this is a Wik­ileaks exclu­sive sto­ry he’s got on his hands, just as John­son’s Got­News sto­ry behaved as if this was exclu­sive to Got­News. And that rais­es an inter­est­ing ques­tion: did the same source send both GotNews.com and Wik­ileaks infor­ma­tion about this web­site at the same time? Did Wik­ileaks and Got­News inde­pen­dent­ly arrive at the same sto­ry that they inde­pen­dent­ly pub­lished with­in hours of each oth­er because they were both got a hot tip from the same source? Or did Wik­ileaks read the Got­News sto­ry and then decide to reach out to Trump Jr., ask­ing for a com­ment on it, and act like Wik­ileaks had this exclu­sive info?

    If it’s the lat­ter sce­nario, that would have been rather risky on Assange’s part because there’s no guar­an­tee that the Trump team would­n’t have already been aware of the Got­News sto­ry put up a cou­ple hours ear­li­er. Got­News is exact­ly the kind of site the Trump team would have been keen­ly mon­i­tor­ing.

    But if it’s the for­mer sce­nario, it rais­es anoth­er ques­tion: Since Assange says “We have guessed the pass­word”, and yet Got­News appears to have also guessed the pass­word, did Assange inad­ver­tent­ly reveal a much clos­er rela­tion­ship to Got­News than pre­vi­ous­ly acknowl­edged? In oth­er words, are they so close that Assange con­sid­ers Got­News to be part of ‘team Wik­ileaks’? It sure would explain a lot.

    Posted by Pterrafractyl | November 16, 2017, 4:58 pm
  13. The BBC has an new piece on the serv­er used by the hack­ers iden­ti­fied as APT28/Fancy Bear for the DNC serv­er hacks of March 2016 and the Bun­destag hack of 2015. Recall that the IP address of a com­mand & con­trol serv­er was found hard­cod­ed into the mal­ware found from both the Bun­destag hack and the DNC serv­er hack. The piece is about the com­pa­ny that host­ed that com­mand & con­trol sev­er.

    The piece con­tains a num­ber of inter­est­ing fun facts about how the hack­ing took place. And, as we should expect at this point, it also rais­es a num­ber of ques­tions.

    Here’s some of the fun facts:

    1. The serv­er host­ing com­pa­ny for the serv­er that was used in the APT28/Fancy Bear attacks is a UK-based com­pa­ny called Crook­servers (that’s actu­al­ly its name).

    2. Crook­servers is actu­al­ly a serv­er reseller. It leas­es servers from oth­er com­pa­nies based in France and Cana­da and then rents out access to those servers to its clients.

    3. The own­er of Crook­servers is a man named Usman Ashraf. Social media shows that Ashraf lived in Old­ham, UK, from 2010 to 2014 and now lives in Pak­istan.

    4. APT28/Fancy Bear hack­ers are believed to have rent­ed servers from Crook­serves for three years.

    5. When Ashraf was noti­fied in mid-2015 that his com­pa­ny’s servers were being used by hack­ers he claims to have prompt­ly closed down the account. Keep in mind that this would be after the Bun­destag hack (which was in May of 2015), but before the DNC serv­er hack of March 2016.

    6. The account Crook­serv­er clients believed to be the hack­ers paid using Bit­coin and a cou­ple of oth­er cryp­tocur­ren­cies

    7. The pre­sumed hack­ers demon­strat­ed “poor trade­craft” (sur­prise!) accord­ing to the cyber­se­cu­ri­ty com­pa­ny Secure­works, which was hired by the BBC to ana­lyze the infor­ma­tion avail­able about Crook­servers.

    8. One of the Crook­serv­er users pre­sumed to be an APT28/Fancy Bear hack­er used the name “Roman Bre­cesku”.

    9. On March 6, 2014, “Roman Bre­cesku” wrote to Crook­Servers say­ing “Hel­lo, my serv­er 91.121.108.153 was cracked. Please, reset the oper­at­ing sys­tem with delet­ing all data.”

    First, note that the 91.121.108.153 IP address isn’t the same com­mand & con­trol IP address found in the Bun­destag and DNC mal­ware (176.31.112.10). At the same time, it demon­strates that “Roman Bre­cesku” prob­a­bly was­n’t the best serv­er admin­is­tra­tor from a secu­ri­ty stand­point since his serv­er got hacked (you’d think a Russ­ian gov­ern­ment hack­er would be bet­ter at pre­vent­ing hacks).

    Also recall that, fol­low­ing the Bun­destag hack, the 176.31.112.10 serv­er used in the Bun­destag attack was iden­ti­fied as using an old ver­sion of OpenSSL that would have left it vul­ner­a­ble to the Heart­bleed attack. And note that the Heart­bleed attack was only pub­licly dis­closed in April of 2014. So while we don’t know if this March 2014 hack­ing of one of this group’s servers was due to the Heart­bleed attack, if it was due to Heart­bleed it would have been some pret­ty sophis­ti­cat­ed hack­ers used this exploit a month before the world learned about it.

    10. The 176.31.112.10 com­mand & con­trol serv­er was rent­ed by some­one using the name “Niko­lay Mlade­n­ov” who paid using Bit­coin and Per­fect Mon­ey.

    11. That 176.31.112.10 was used in a 2014 spear-phish­ing attack on the 2014 Farn­bor­ough Air Show, and also a UK TV sta­tion in July of 2015. The 176.31.112.10 IP address was also found in the mal­ware of those attacks (again, not exact­ly great “trade­craft”)

    12. That 176.31.112.10 serv­er was used until June 2015, at which point the serv­er was delet­ed fol­low­ing the media reports of the Bun­destag attack. And, of course, June 2015 is long before the March 2016 tim­ing of the Fan­cy Bear/APT28 DNC hack. The UK TV sta­tion hack ALSO took place after June 2015.

    13. A finan­cial account used by “Niko­lay Mlade­n­ov” was also used by “Roman Bre­cesku”, and two oth­er pre­sumed hack­er pseu­do­nyms, “Bruno Labrousse” and “Klaus Wern­er”, to hire more com­put­ers through Crook­servers.

    14. One of the servers rent­ed by this group appears to have access to “advanced mal­ware” capa­ble of sophis­ti­cat­ed attacks on iOS sys­tems. That mal­ware hap­pens to be “XAgent”. And as secu­ri­ty ana­lyst Jef­frey Carr has not­ed before, the XAgent mal­ware is already “in the wild”, as evi­denced by the fact that a cyber­se­cu­ri­ty firm was able to get its hands on the source code for the mal­ware and dis­cuss it as part of its inves­ti­ga­tion into APT28/Fancy Bear.

    So that all cer­tain­ly gives us a bet­ter idea of what is know about the serv­er used in this hack. And yet we’re left with that rather obvi­ous ques­tion: how was the 176.31.112.10 serv­er used as the com­mand & con­trol serv­er for the mal­ware deployed in the March 2016 DNC serv­er attacks when it was alleged­ly shut down in 2015 fol­low­ing the Bun­destag attacks?

    BBC Radio 4, PM

    Russ­ian Fan­cy Bear hack­ers’ UK link revealed

    By Chris Val­lance
    23 Novem­ber 2017

    When Rus­si­a’s most noto­ri­ous hack­ers hired servers from a UK-reg­is­tered com­pa­ny, they left a trove of clues behind, the BBC has dis­cov­ered.

    The hack­ers used the com­put­ers to attack the Ger­man par­lia­ment, hijack traf­fic meant for a Niger­ian gov­ern­ment web­site and tar­get Apple devices.

    The com­pa­ny, Crook­servers, had claimed to be based in Old­ham for a time.

    It says it act­ed swift­ly to eject the hack­ing team — dubbed Fan­cy Bear — as soon as it learned of the prob­lem.

    Tech­ni­cal and finan­cial records from Crook­servers seen by the BBC sug­gest Fan­cy Bear had access to sig­nif­i­cant funds and made use of online finan­cial ser­vices, some of which were lat­er closed in anti-mon­ey laun­der­ing oper­a­tions.

    Fan­cy Bear — also known as APT28, Sofa­cy, Iron Twi­light and Pawn Storm — has been linked to Russ­ian intel­li­gence.

    The group played a key role in 2016’s attack on the US’s Demo­c­ra­t­ic Nation­al Com­mit­tee (DNC), accord­ing to secu­ri­ty experts.

    Indeed an inter­net pro­to­col (IP) address that once belonged to a ded­i­cat­ed serv­er hired via Crook­servers was dis­cov­ered in mali­cious code used in the breach

    The spies who came in for milk

    Ear­ly in 2012, Crook­servers claimed to be based at the same address as a newsagen­t’s on an unas­sum­ing ter­raced road in Old­ham, accord­ing to his­tor­i­cal web­site reg­is­tra­tion records.

    But after a short peri­od, the list­ing switched to Pak­istan. The BBC has seen no evi­dence the shop or its employ­ees knew how the address was being used or that Crook­servers had any real con­nec­tion to the newsagen­t’s.

    Crook­servers was what is known as a serv­er reseller. It was an entire­ly online busi­ness. The com­put­ers it effec­tive­ly sub­let were owned by anoth­er com­pa­ny based in France and Cana­da.

    The BBC iden­ti­fied Crook­server­s’s oper­a­tor as Usman Ashraf.

    Social media and oth­er online accounts sug­gest he was present in the Old­ham area between 2010 and mid-2014. He now seems to be based in Pak­istan.

    Mr Ashraf declined to record an inter­view, but pro­vid­ed detailed answers to ques­tions via email.

    Despite his com­pa­ny’s name, he denied know­ing he had had hack­ers as cus­tomers.

    “We nev­er know how a client is using the serv­er,” he wrote.

    When in 2015 he had been alert­ed to the hack­ers, he said, he had act­ed swift­ly to close their accounts.

    He said he had also car­ried out a “ver­i­fi­ca­tion” process, culling 60–70% of the com­pa­ny’s accounts he had sus­pect­ed of being mis­used.

    “There is 0% com­pro­mise on abu­sive usage,” he said.

    Join­ing the dots

    Over three years, Fan­cy Bear rent­ed com­put­ers through Crook­servers, cov­er­ing its tracks using bogus iden­ti­ties, vir­tu­al pri­vate net­works and hard-to-trace pay­ment sys­tems.

    Researchers at cyber-threat intel­li­gence com­pa­ny Secure­works, who analysed infor­ma­tion from Crook­servers for the BBC, said it had helped them con­nect sev­er­al Fan­cy Bear oper­a­tions.

    Senior secu­ri­ty researcher Mike McLel­lan said the hack­ers had exhib­it­ed poor “trade­craft”.

    One com­mu­ni­ca­tion shows one hack­er, using the pseu­do­nym Roman Bre­cesku, had com­plained that his serv­er had been “cracked”.

    [see screen­shot of mes­sage sent on March 6, 2014 from user “Roman Bre­cesku” to Crooked­Servers say­ing “Hel­lo, my serv­er 91.121.108.153 was cracked. Please, reset the oper­at­ing sys­tem with delet­ing all data.” And this mes­sage was sent from IP Address 188.240.220.3]

    Crook­servers was pre­vi­ous­ly linked to an attack on the Ger­man par­lia­ment.

    The serv­er used to con­trol the mal­ware was hired through Crook­servers by a hack­er using the pseu­do­nym Niko­lay Mlade­n­ov who paid using Bit­coin and Per­fect Mon­ey, accord­ing to records seen by the BBC.

    The hack­er used the serv­er until June 2015, when it was delet­ed at Crook­server­s’s request fol­low­ing media reports of the attack.

    This server’s IP address also appears in mal­ware used to tar­get some atten­dees at the Farn­bor­ough air show in 2014.

    Fan­cy Bear mal­ware used to attack a UK TV sta­tion and the DNC also con­tained this IP address, although the serv­er was no longer in Fan­cy Bear’s con­trol when these attacks occurred.

    A finan­cial account used by Mlade­n­ov was also used by anoth­er hack­er, oper­at­ing under the pseu­do­nym Klaus Wern­er, to hire more com­put­ers through Crook­servers.

    One serv­er hired by Wern­er received “redi­rect­ed” traf­fic from a legit­i­mate Niger­ian gov­ern­ment web­site, accord­ing to Secure­works analy­sis.

    Apple attack

    The finan­cial account used by Mlade­n­ov and Wern­er was used by Fan­cy Bear hack­ers — includ­ing two using the names Bruno Labrousse and Roman Bre­cesku — to hire oth­er servers from Crook­servers.

    One serv­er and the email address used to hire it seem to have links to “advanced espi­onage” mal­ware used to tar­get iOS devices.

    The mal­ware was capa­ble of turn­ing on voice record­ing and steal­ing text mes­sages.

    Anoth­er email used to hire servers can be linked to an attack against Bul­gar­i­a’s State Agency for Nation­al Secu­ri­ty.

    But there are eight ded­i­cat­ed servers tied to the same finan­cial infor­ma­tion, whose use is unknown — sug­gest­ing there may be oth­er Fan­cy Bear attacks that have not been pub­licly dis­closed.

    Fol­low the mon­ey

    Fan­cy Bear spent at least $6,000 (£4,534) with Crook­servers via a vari­ety of ser­vices that offered an extra lev­el of anonymi­ty.

    They includ­ed Bit­coin, Lib­er­ty Reserve and Per­fect Mon­ey. Lib­er­ty Reserve was lat­er closed after an inter­na­tion­al mon­ey laun­der­ing inves­ti­ga­tion.

    The BBC asked a UK com­pa­ny called Ellip­tic, which spe­cialis­es in iden­ti­fy­ing Bit­coin-relat­ed “illic­it activ­i­ty”, to analyse Fan­cy Bear’s Bit­coin pay­ments.

    Lead inves­ti­ga­tor Tom Robin­son said his team had iden­ti­fied the wal­let that had been the source of these funds. He said the bit­coins it con­tained were “worth around $100,000”.

    Ellip­tic traced the source of some of the funds in that wal­let to the dig­i­tal cur­ren­cy exchange BTC‑e.

    In July, BTC‑e was closed by the US author­i­ties and its Russ­ian alleged founder arrest­ed in Greece accused of mon­ey laun­der­ing.

    Although BTC‑e is alleged to have been pop­u­lar with Russ­ian cyber-crim­i­nals, the BBC has no evi­dence its man­age­ment was aware its clients includ­ed Fan­cy Bear.

    ...

    Crook­servers closed on 10 Octo­ber. Fan­cy Bear’s oper­a­tions, how­ev­er, have not.

    ———-

    “Russ­ian Fan­cy Bear hack­ers’ UK link revealed” by Chris Val­lance; BBC Radio 4, PM; 11/23/2017

    Over three years, Fan­cy Bear rent­ed com­put­ers through Crook­servers, cov­er­ing its tracks using bogus iden­ti­ties, vir­tu­al pri­vate net­works and hard-to-trace pay­ment sys­tems.”

    So for three years the group labeled “Fan­cy Bear”/APT28 by cyber­se­cu­ri­ty com­pa­nies was using a num­ber of dif­fer­ent servers from Crook­servers. A com­pa­ny set up by a guy, Usman Ashraf, who used to be in the UK but now lives in Pak­istan. But Crook­servers did­n’t actu­al­ly own the serves them­selves. It was a serv­er reseller that leased them from a dif­fer­ent com­pa­ny based in France and Cana­da:

    ...
    Ear­ly in 2012, Crook­servers claimed to be based at the same address as a newsagen­t’s on an unas­sum­ing ter­raced road in Old­ham, accord­ing to his­tor­i­cal web­site reg­is­tra­tion records.

    But after a short peri­od, the list­ing switched to Pak­istan. The BBC has seen no evi­dence the shop or its employ­ees knew how the address was being used or that Crook­servers had any real con­nec­tion to the newsagen­t’s.

    Crook­servers was what is known as a serv­er reseller. It was an entire­ly online busi­ness. The com­put­ers it effec­tive­ly sub­let were owned by anoth­er com­pa­ny based in France and Cana­da.

    The BBC iden­ti­fied Crook­server­s’s oper­a­tor as Usman Ashraf.

    Social media and oth­er online accounts sug­gest he was present in the Old­ham area between 2010 and mid-2014. He now seems to be based in Pak­istan.
    ...

    So a serv­er reseller that was set up in 2012 using the address of an Old­ham, UK, newsagent. But the BBC could­n’t find any evi­dence that this address actu­al­ly knew it was being list­ed as the address of Crook­servers. Then address gets switched to Pak­istan. And the guy behind the Crook­servers, Usman Ashraf, appeared to be liv­ing in Old­ham from 2010 to mid-2014 before mov­ing to Pak­istan. It’s, not not shady.

    And then there’s the shady activ­i­ty by the hack­ers them­selves. Shady activ­i­ty that appears to demon­strate “poor trade­craft” accord­ing to the Secure­works cyber­se­cu­ri­ty firm. And that poor trade­craft includes the 91.121.108.153 serv­er get­ting hacked in March of 2014, as the mes­sage from pre­sumed hack­er “Roman Bre­cesku” indi­cates:

    ...
    Researchers at cyber-threat intel­li­gence com­pa­ny Secure­works, who analysed infor­ma­tion from Crook­servers for the BBC, said it had helped them con­nect sev­er­al Fan­cy Bear oper­a­tions.

    Senior secu­ri­ty researcher Mike McLel­lan said the hack­ers had exhib­it­ed poor “trade­craft”.

    One com­mu­ni­ca­tion shows one hack­er, using the pseu­do­nym Roman Bre­cesku, had com­plained that his serv­er had been “cracked”.

    [see screen­shot of mes­sage sent on March 6, 2014 from user “Roman Bre­cesku” to Crooked­Servers say­ing “Hel­lo, my serv­er 91.121.108.153 was cracked. Please, reset the oper­at­ing sys­tem with delet­ing all data.” And this mes­sage was sent from IP Address 188.240.220.3]
    ...

    So this hack­ing crew appears to have issues with their servers get­ting hacked. At least the 91.121.108.153 serv­er. Which prob­a­bly has some­thing to do with the “poor trade­craft” assess­ment.

    But the fact that 176.31.112.10 IP was found in the mal­ware for four dif­fer­ent hack­ing oper­a­tions might also have some­thing to do with that “poor trade­craft” assess­ment. The IP address was found in the DNC serv­er hack, the Bun­destag hack, a Farn­bor­ough air show attack in 2014, and the UK TV sta­tion attack, although the serv­er was appar­ent­ly not under Fan­cy Bear’s con­trol when the UK Tv sta­tion and DNC attacks took place:

    ...
    Crook­servers was pre­vi­ous­ly linked to an attack on the Ger­man par­lia­ment.

    The serv­er used to con­trol the mal­ware was hired through Crook­servers by a hack­er using the pseu­do­nym Niko­lay Mlade­n­ov who paid using Bit­coin and Per­fect Mon­ey, accord­ing to records seen by the BBC.

    The hack­er used the serv­er until June 2015, when it was delet­ed at Crook­server­s’s request fol­low­ing media reports of the attack.

    This server’s IP address also appears in mal­ware used to tar­get some atten­dees at the Farn­bor­ough air show in 2014.

    Fan­cy Bear mal­ware used to attack a UK TV sta­tion and the DNC also con­tained this IP address, although the serv­er was no longer in Fan­cy Bear’s con­trol when these attacks occurred.
    ...

    “Bear mal­ware used to attack a UK TV sta­tion and the DNC also con­tained this IP address, although the serv­er was no longer in Fan­cy Bear’s con­trol when these attacks occurred.”

    So two of the four hacks attrib­uted to the 176.31.112.10 serv­er hap­pened after APT28/Fancy Bear lost con­trol of the serv­er. Huh. You’d think this kind of dis­crep­an­cy would raise more eye­brows.

    Posted by Pterrafractyl | November 28, 2017, 4:43 pm
  14. From a trust­ed asso­ciate:

    :Saw your post, Ptera, on the servers. Impor­tant to remem­ber: at least at the time of the heart­bleed announce­ment, the Open SSL board was major­i­ty Ger­man and Swede! I found that odd as the US is usu­al­ly dis­pro­por­tion­ate­ly rep­re­sent­ed on var­i­ous stan­dards com­mit­tees or open source boards. Hell, that’s how we made the Inter­net our spy machine! But Open SSL isn’t like that, at least from my per­cep­tion. And the flaw was in the code of a Ger­man PhD stu­dent... who worked for a DeutscheTelekom sub­sidiary after leav­ing the project in 2012. I can’t find any­thing on him after 2014, which is odd in itself.

    side note: it’s amus­ing to me that the “who is Sas­toshi Nakamo­to?” mys­tery is still a thing! So many debunk­ings and frauds... yet I have not seen a debunk­ing of the Siemens the­o­ry? It’s like watch­ing peo­ple puz­zle over the Malaysian air dis­as­ter. “Hmmm... the pilot was a sup­port­er of jihad back­ing Anwar Ibrahim who just got sen­tenced that day... nah, that could­n’t have any­thing to do with it! what a mys­tery!” Some­times the answers are right in front of our faces...

    Who is Robin Seggel­mann and did his Heart­bleed break the inter­net?

    Who is Robin Seggel­mann and did his Heart­bleed break the inter­net?

    By Lia Tim­son

    Ger­man com­put­er pro­gram­mer Robin Seggel­man is the man whose cod­ing mis­take, now known as Heart­bleed, has left mi...

    Dr Seggel­man, 31, from the small town of Oelde in north-west Ger­many, is a con­trib­u­tor to the Inter­net Engi­neer­ing Task Force (IETF), a not-for-prof­it glob­al group whose mis­sion is to make the inter­net work bet­ter. He is attached to the Mun­ster Uni­ver­si­ty of Applied Sci­ences in Ger­many, where, as research asso­ciate in the net­work­ing pro­gram­ming lab in the depart­ment of elec­tri­cal engi­neer­ing and com­put­er sci­ence, he has pub­lished a num­ber of papers, includ­ing his the­sis on strate­gies to secure inter­net com­mu­ni­ca­tions in 2012. He has been writ­ing aca­d­e­m­ic papers and giv­ing talks on secu­ri­ty mat­ters since 2009, while still a PhD stu­dent.
    His aca­d­e­m­ic research influ­ence index score of two, based on the num­ber of sci­en­tif­ic cita­tions of his work, sug­gests an influ­en­tial thinker at the ear­ly stages of his sci­en­tif­ic career.
    Accord­ing to his Xing pro­file, Dr Seggel­man has worked for Deutsche Telekom IT ser­vices sub­sidiary T‑Systems, pos­si­bly the largest such con­sul­tan­cy in Ger­many, since 2012, as a solu­tions archi­tect.’

    Enjoy!

    Dave Emory

    Posted by Dave Emory | November 29, 2017, 3:57 pm
  15. @Dave & trust­ed asso­ciate:
    That’s a good catch about the Heart­bleed bug being intro­duced into OpenSSL by Deutsche Telekom employ­ee Robin Seggel­mann. And there’s an inter­est­ing fun fact about that bug that high­lights one of the aspects of the open source soft­ware move­ment: Seggel­mann intro­duced that bug for code that was part of his PhD the­sis (see sec­tion 7.2 on the “Heat­beat exten­sion” that was added to OpenSSL).

    What makes this fun fact so rel­e­vant to the open source soft­ware move­ment is the fact that if there was ever a time it would be easy to intro­duce a bug in your code and not catch it, it would be when you’re writ­ing your PhD the­sis. That’s gen­er­al­ly not a time when some­one has a lot of time on their hands. A robust and secure open source soft­ware move­ment will require A LOT of vol­un­teers with A LOT of time on their hands. It’s one exam­ple of the ben­e­fits that leisure time gives a soci­ety: the time for peo­ple to col­lec­tive do this vol­un­tar­i­ly that no one is going to pay any­one to do. Like main­tain­ing open source soft­ware, espe­cial­ly soft­ware like OpenSSL that’s used to encrypt inter­net traf­fic.

    Recall that Heart­bleed report­ed­ly exist­ed for two years before being dis­cov­ered. So that’s not just Seggel­man­n’s fault because a lot of eyes either saw the same code and missed the flaw and few oth­ers were look­ing at all. Unless Seggel­mann was asked by the BND or some­thing to implant that flaw inten­tion­al­ly, it’s hard to be mad at the guy. He’s only of those only peo­ple who was actu­al­ly try­ing to upgrade and main­tain the code and bugs are unavoid­able at some point. Espe­cial­ly sub­tle secu­ri­ty flaws.

    Also don’t for­get the reports that anony­mous sources claimed the NSA knew about Heart­bleed for two years before it was dis­closed. Which is not at all sur­pris­ing if true. What would be sur­pris­ing is if there weren’t all sorts of intel­li­gence agen­cies aware of the bug short­ly after it was intro­duced because they prob­a­bly sys­tem­at­i­cal­ly review some­thing as sig­nif­i­cant as OpenSSL updates. Along with who knows how many oth­er pri­vate inter­ests with the time and resources to pay peo­ple to qui­et­ly look for open source secu­ri­ty vul­ner­a­bil­i­ties. Which again high­lights the impor­tance of a large pool of peo­ple with cod­ing skills and lots of free time if soci­ety wants safe and secure free open source soft­ware. Leisure time pays div­i­dends in a lot of dif­fer­ent ways.

    So with all that in mind, it’s worth not­ing that Seggel­mann was also the author of a sec­ond OpenSSL secu­ri­ty flaw that was found a cou­ple months after the Heart­bleed exploit become pub­lic and lots of eyes start­ed look­ing at that OpenSSL code. And this new flaw was just one of 6 flaws in OpenSSL that was pub­licly announced at that point. It was report­ed­ly a par­tic­u­lar nasty four year old flaw that would allow “arbi­trary code exe­cu­tion”. But it was­n’t the old­est of the 6 flaws. The old­est has been around since 1998. And it was extra nasty: it also allowed for the arbi­trary exe­cu­tion of code. And man-in-the-mid­dle attacks. And, again, this extra nat­sy bug was intro­duced in 1998 and nev­er found (by any­one will­ing to tell) until 2014:

    CSO

    Crit­i­cal flaw in encryp­tion has been in OpenSSL code for over 15 years
    By Ms. Smith

    After the Heart­bleed vul­ner­a­bil­i­ty, more secu­ri­ty researchers have turned their atten­tion toward review­ing OpenSSL. Now it’s time to patch again, but the most alarming/bizarre part of the sto­ry is that one of the crit­i­cal vul­ner­a­bil­i­ties in OpenSSL has been gone unde­tect­ed since Decem­ber 1998.

    Jun 5, 2014 12:35 PM

    After the Heart­bleed vul­ner­a­bil­i­ty, more secu­ri­ty researchers have turned their atten­tion toward review­ing OpenSSL. Now it’s time to patch again, but the most alarming/bizarre part of the sto­ry is that one of the crit­i­cal vul­ner­a­bil­i­ties in OpenSSL has been gone unde­tect­ed since Decem­ber 1998.

    If you’re look­ing for a pos­i­tive slant to anoth­er crit­i­cal hole being dis­cov­ered in open source encryp­tion soft­ware, then it would have to accord­ing to be that more researchers will like­ly keep dig­ging into OpenSSL code. In the long run, that should make encryp­tion more secure. In order to Reset the Net and reclaim our pri­va­cy, we need to encrypt every­thing.

    The patch released by the OpenSSL team today will close that hole along with five oth­er flaws. “An attack­er using a care­ful­ly craft­ed hand­shake can force the use of weak key­ing mate­r­i­al in OpenSSL SSL/TLS clients and servers,” states the OpenSSL secu­ri­ty advi­so­ry in regards to CVE-2014–0224. “This can be exploit­ed by a man-in-the-mid­dle (MITM) attack where the attack­er can decrypt and mod­i­fy traf­fic from the attacked client and serv­er.”

    ...

    In a post explain­ing how he dis­cov­ered the CCS injec­tion vul­ner­a­bil­i­ty (CVE-2014–0224), secu­ri­ty researcher Masashi Kikuchi wrote that the Change­Ci­pher­Spec (CCS) bug “has exist­ed since the very first release of OpenSSL. The biggest rea­son why the bug hasn’t been found for over 16 years is that code reviews were insuf­fi­cient, espe­cial­ly from experts who had expe­ri­ences with TLS/SSL imple­men­ta­tion.”

    Google’s Adam Lan­g­ley wrote, “The good news is that these attacks need man-in-the-mid­dle posi­tion against the vic­tim and that non-OpenSSL clients (IE, Fire­fox, Chrome on Desk­top and iOS, Safari etc) aren’t affect­ed. Nonethe­less, all OpenSSL users should be updat­ing.”

    Mean­while, SANS Inter­net Storm Cen­ter clas­si­fied two of the six new­ly patched vul­ner­a­bil­i­ties as crit­i­cal, CVE-2014–0224 and CVE-2014–0195, and warned that they “may lead to arbi­trary code exe­cu­tion.”

    The lat­ter vul­ner­a­bil­i­ty in OpenSS­L’s imple­men­ta­tion of Data­gram Trans­port Lay­er Secu­ri­ty (DTLS) was cred­it to Jüri Aed­la, who “recent­ly made news by suc­cess­ful­ly com­pro­mis­ing Mozil­la Fire­fox dur­ing this year’s Pwn2Own con­test.” HP’s Tip­ping­Point Zero Day Ini­tia­tive also point­ed out:

    Accord­ing to the com­mit logs, Robin Seggel­mann intro­duced this vul­ner­a­bil­i­ty into the OpenSSL code base four years ago. Yes, Robin Seggel­mann is also respon­si­ble for intro­duc­ing the Heart­bleed vul­ner­a­bil­i­ty. Two big vul­ner­a­bil­i­ties intro­duced by the same devel­op­er. Seggel­mann is not com­plete­ly to blame, of course. OpenSSL is an open source project. The ‘many eyes’ that look at this code failed to catch this bug, but a new breed of indi­vid­u­als are look­ing at this code…especially at Seggelmann’s code. This code is now known for hav­ing vul­ner­a­bil­i­ties. There is blood in the water. For the indi­vid­u­als audit­ing his code, the Zero Day Ini­tia­tive will hap­pi­ly han­dle the work that goes into dis­clos­ing those vul­ner­a­bil­i­ties and reward you for your efforts.

    The remain­ing four flaws patched today could be used for denial-of-ser­vice: CVE-2014–0221, CVE-2014–0198, CVE-2010–5298, CVE-2014–3470.

    ———-

    “Crit­i­cal flaw in encryp­tion has been in OpenSSL code for over 15 years” by Ms. Smith; CSO; 06/05/2014

    “In a post explain­ing how he dis­cov­ered the CCS injec­tion vul­ner­a­bil­i­ty (CVE-2014–0224), secu­ri­ty researcher Masashi Kikuchi wrote that the Change­Ci­pher­Spec (CCS) bug “has exist­ed since the very first release of OpenSSL. The biggest rea­son why the bug hasn’t been found for over 16 years is that code reviews were insuf­fi­cient, espe­cial­ly from experts who had expe­ri­ences with TLS/SSL imple­men­ta­tion.”

    Find­ing bugs can be hard. Code reviews are time con­sum­ing. And it’s hard to come up with a bet­ter exam­ple these real­i­ties than a 16 year man-in-the-mid­dle secu­ri­ty flaw in some­thing OpenSSL that no one dis­cov­ered (at least no one inclined to tell every­one).

    But that 1998 man-in-the-mid­dle bug was­n’t Seggel­man­n’s bug in this batch of six found flaws. Seggel­man­n’s bug was intro­duced in 2010, the same year as Heart­bleed was intro­duced. And like the man-in-the-mid­dle attack, Seggel­man­n’s new bug allowed the “arbi­trary exe­cu­tion of code” (which is quite a secu­ri­ty flaw):

    ...
    Mean­while, SANS Inter­net Storm Cen­ter clas­si­fied two of the six new­ly patched vul­ner­a­bil­i­ties as crit­i­cal, CVE-2014–0224 and CVE-2014–0195, and warned that they “may lead to arbi­trary code exe­cu­tion.”

    The lat­ter vul­ner­a­bil­i­ty in OpenSS­L’s imple­men­ta­tion of Data­gram Trans­port Lay­er Secu­ri­ty (DTLS) was cred­it to Jüri Aed­la, who “recent­ly made news by suc­cess­ful­ly com­pro­mis­ing Mozil­la Fire­fox dur­ing this year’s Pwn2Own con­test.” HP’s Tip­ping­Point Zero Day Ini­tia­tive also point­ed out:

    Accord­ing to the com­mit logs, Robin Seggel­mann intro­duced this vul­ner­a­bil­i­ty into the OpenSSL code base four years ago. Yes, Robin Seggel­mann is also respon­si­ble for intro­duc­ing the Heart­bleed vul­ner­a­bil­i­ty. Two big vul­ner­a­bil­i­ties intro­duced by the same devel­op­er. Seggel­mann is not com­plete­ly to blame, of course. OpenSSL is an open source project. The ‘many eyes’ that look at this code failed to catch this bug, but a new breed of indi­vid­u­als are look­ing at this code…especially at Seggelmann’s code. This code is now known for hav­ing vul­ner­a­bil­i­ties. There is blood in the water. For the indi­vid­u­als audit­ing his code, the Zero Day Ini­tia­tive will hap­pi­ly han­dle the work that goes into dis­clos­ing those vul­ner­a­bil­i­ties and reward you for your efforts.

    ...

    “Seggel­mann is not com­plete­ly to blame, of course. OpenSSL is an open source project. The ‘many eyes’ that look at this code failed to catch this bug

    Yep, even if Seggel­mann is spy paid to insert bug, it’s hard to ignore the fact that the whole point the open source move­ment is the con­vic­tion that bugs will be found and fixed. Espe­cial­ly real­ly impor­tant bugs like a bug that might allow man-in-the-mid­dle attacks and the arbi­trary exe­cu­tion of code via an open source inter­net stan­dard like OpenSSL. This was a group fail­ure by a very big group.

    It also all rais­es the ques­tion of how many improve­ments have been made in recent years on open source review. On the plus side, a large num­ber of poten­tial secu­ri­ty flaws were found in open source secu­ri­ty soft­ware (264 flaws) after Google used its soft­ware test­ing tools to scan a large num­ber of open source tools. On the minus side, this points towards the real­i­ty that mega-com­pa­nies like Google are prob­a­bly going to fill in the gap for a lot of this code review, which isn’t exact­ly liv­ing up to the open source ide­al as open source becomes more and more a com­po­nent of big busi­ness.

    On anoth­er plus side, Google will have an extra incen­tive to find and pub­licly dis­close a lot of secu­ri­ty flaws it finds because it can already spy on almost every­one so eas­i­ly in so many oth­er ways. That’s a plus side that dou­bles as a minus side.

    Posted by Pterrafractyl | November 29, 2017, 11:49 pm
  16. Well that’s quite a twist. The New York Times and The Inter­cept just pub­lished a pair of sto­ries about the US efforts to recov­er the still unre­leased con­tents of the Shad­ow Bro­kers’ stolen NSA hack­ing tools. But the sto­ries go far beyond just the Shad­ow Bro­kers:

    The sto­ries detail a US intel­li­gence oper­a­tion that start­ed in Decem­ber of 2016 to track down the Shad­ow Bro­kers and obtain the still unre­leased hack­ing tools. The US worked through an Amer­i­can busi­ness­man in Ger­many as an inter­me­di­ary. That led US agents to Car­lo, a hack­er who, accord­ing to The Inter­cept, was locat­ed in Ger­many. But accord­ing to the New York Times, was locat­ed in Vien­na, Aus­tria. Car­lo had report­ed­ly pre­vi­ous­ly worked with US intel­li­gence agents. Car­lo offered to pro­vide US agents with the full set of hack­ing tools — so the US could know what was tak­en — along with the names of peo­ple in his net­work.

    Car­lo con­vinced US agents that he was indeed in pos­ses­sion of the still unre­leased hack­ing tools (or at least knew the peo­ple who were) by giv­ing advance notice of the Shad­ow Bro­kers’ sub­se­quent pub­lic releas­es of more hack­ing tools. So, on some lev­el, it appears that US agents did indeed find some­one who had the hack­ing tools, or knew who had them.

    But that’s when things got extra weird. Car­lo want­ed immu­ni­ty from US pros­e­cu­tion as the price for return­ing the unre­leased tools, which the US would­n’t pro­vide. Those nego­ti­a­tions broke down, and the US agents offered to just buy the hack­ing tools from the hack­er instead. And that’s when the nego­ti­a­tions were tak­en over by a Russ­ian in Ger­many.

    This Russ­ian is appar­ent­ly some­one known to US intel­li­gence agen­cies as a kind of ‘fix­er’ for Rus­si­a’s FSB with a direct link to for­mer FSB direc­tor Niko­lai Patru­shev. He’s also some­one who had pre­vi­ous­ly dealt with Amer­i­can intel­li­gence oper­a­tives, accord­ing to US and Euro­pean offi­cials. He’s also known to have pre­vi­ous­ly worked for a Russ­ian oli­garch to help move illic­it ship­ments of semi­precious met­als for a Russ­ian oli­garch.

    Amer­i­can intel­li­gence agen­cies report­ed­ly spent months track­ing the Russ­ian, includ­ing his flights to Berlin, his ren­dezvous with a mis­tress in Vien­na and his trips home to St. Peters­burg.

    The Russ­ian was also known to have ties to East­ern Euro­pean cyber-crim­i­nals. And a his­to­ry of mon­ey laun­der­ing with what is describe as a “thin legit­i­mate cov­er busi­ness” of a near­ly bank­rupt com­pa­ny that sold portable grills for street­side sausage sales­men that was incor­po­rat­ed in Britain. So there’s a sur­pris­ing amount of infor­ma­tion about this mys­te­ri­ous Russ­ian inter­me­di­ary pro­vid­ed. Poten­tial­ly enough infor­ma­tion to iden­ti­fy this guy. But it’s unclear how anony­mous this guy wants to be because he was will­ing to be inter­view by both The Inter­cept and The New York Times. Yep, these reports were both based on inter­view of this alleged FSB ‘fix­er.’

    So, if we’re to inter­pret this all at face val­ue, the Russ­ian gov­ern­ment was behind the Shad­ow Bro­kers hack, they ini­tial­ly had a Ger­man hack­er who was will­ing to return the hack­ing tools and expose his entire net­work in exchange for immu­ni­ty. The hack­er demon­strat­ed a degree of close­ly with the Shad­ow Bro­kers by pre­dict­ing the pub­lic releas­es. But when the US refused the immu­ni­ty deal and offered to buy the tools instead, the Rus­sians used known ‘fix­er’ who had pre­vi­ous­ly worked with US intel­li­gence agents to nego­ti­ate that sale. And this FSB ‘fix­er’ was will­ing to be inter­viewed and talk about this. Ummm....this seems like a real­ly ques­tion­able sto­ry so far.

    But it gets weird­er. Much much weird­er. The Russ­ian also claimed to have a trove of com­pro­mis­ing doc­u­ments on Don­ald Trump, includ­ing a video of Trump con­sort­ing with pros­ti­tutes in a Moscow hotel room in 2013. It’s report­ed that there’s no evi­dence that such a video exists, although the New York Times report also includes a ref­er­ence to an Amer­i­can busi­ness­man being shown a 15 sec­ond clip of a video show­ing a man in a room talk­ing to two women. There’s no audio and there was no way to ver­i­fy the man is Don­ald Trump. And the view­ing took place at the Russ­ian Embassy in Berlin, accord­ing to the busi­ness­man.
    In addi­tion to the video, the Russ­ian also tried to sell oth­er doc­u­ments on Trump, includ­ing bank records, emails, and Russ­ian intel­li­gence data. The New York Times got to look at four of these doc­u­ments that this mys­te­ri­ous Russ­ian tried to pass along to the Amer­i­cans (pre­sum­ably the Russ­ian pro­vid­ed them). One doc­u­ment fea­tured Carter Page. Anoth­er fea­tures Robert and Rebekah Mer­cer. None of the doc­u­ments could be ver­i­fied and all four were drawn almost entire­ly from news reports. The New York Times arti­cle includes a com­ment by a for­mer KGB offi­cer say­ing the pur­port­ed Russ­ian intel­li­gence doc­u­ments also con­tained styl­is­tic and gram­mat­i­cal usages not typ­i­cal­ly seen in Russ­ian intel­li­gence reports.

    Ear­ly on, the ask­ing price for the mate­r­i­al was $10 mil­lion but quick­ly dropped to a $1 mil­lion. It was a few months after nego­ti­a­tions start­ed that the Amer­i­can busi­ness­man was shown the video. The CIA report­ed­ly did­n’t actu­al­ly want to get the pur­port­ed dirt on Trump over con­cerns that this was an oper­a­tion designed to sow dis­cord between the White House and US intel­li­gence agen­cies and the CIA decid­ed they just want­ed to stick with retriev­ing the hack­ing tools. The $1 mil­lion price was agreed upon and a $100,000 cash drop intend­ed to be a down pay­ment took place in Sep­tem­ber.

    But there were a num­ber of hur­dles before that price was arrive at. By April of 2017, it appeared a deal for the sale was worked out. The Russ­ian inter­me­di­ary met with US agents and a hand off of a thumb dri­ve took place at a West Berlin bar. The thumb dri­ve was sup­posed to con­tained a sam­ple of the hack­ing tools that was to come. But there was a big prob­lem. That sam­ple only con­tained hack­ing code that had already been pub­licly released. The CIA backed out of the deal. The Russ­ian was report­ed­ly furi­ous and the nego­ti­a­tions con­tin­ued, even­tu­al­ly lead­ing up to the Sep­tem­ber $100,000 cash drop.

    Addi­tion­al­ly, accord­ing the New York Times report, at least four Rus­sians with espi­onage and under­world con­nec­tions have appeared in Cen­tral and East­er Europe offer­ing to sell to US polit­i­cal oper­a­tives, pri­vate inves­ti­ga­tors, and spies com­pro­mis­ing infor­ma­tion that would cor­rob­o­rate the Steele dossier. Cody Shear­er, an Amer­i­can polit­i­cal oper­a­tive with ties to the Demo­c­ra­t­ic Par­ty, has also report­ed­ly been trav­el­ing East­ern Europe for more than six months to secure this ‘kom­pro­mat’ from a dif­fer­ent Russ­ian.

    So in Sep­tem­ber the $100,00 cash drop takes place, and a few weeks lat­er the Russ­ian began han­dling over data. But almost every­thing he deliv­ered was the ‘kom­pro­mat’. Not the hack­ing tools. Accord­ing to The Inter­cept, this kom­pro­mat includ­ed names of spe­cif­ic indi­vid­u­als and cor­po­rate enti­ties alleged­ly tied to Russ­ian inter­fer­ence in the 2016 U.S. elec­tion (so it would be a Russ­ian gov­ern­ment admis­sion that it was involved in a US elec­tion inter­fer­ence cam­paign).

    The Amer­i­cans con­tin­ued to press for the hack­ing tools. In Decem­ber, the Russ­ian said he was hold­ing out on the hack­ing tools at the orders of senior Russ­ian intel­li­gence offi­cials. So, ear­ly this year, the Amer­i­cans issued an ulti­ma­tum: he had to start work­ing for them and name every­one in his net­work or go back to Russ­ian and nev­er return to Europe. He took the lat­ter option.

    And this entire sto­ry, a sto­ry that could be inter­pret­ed as a Russ­ian gov­ern­ment admis­sion of guilt over vir­tu­al­ly ALL of the high-pro­file hacks tar­get­ing the US in recent years, appears to be large­ly backed up by the inter­views this mys­te­ri­ous Russ­ian FSB ‘fix­er’ did with both The New York Times and The Inter­cept.

    In fact, The Inter­cept was pro­vid­ed a doc­u­ment that describes an admis­sion that the Russ­ian pro­vid­ed to the Amer­i­cans that, yes, there real­ly has been an offi­cial Russ­ian gov­ern­ment effort to tar­get US polit­i­cal activ­i­ties start­ing in late 2014 or ear­ly 2015. The Russ­ian told the Amer­i­cans that he had no knowl­edge of a “mas­ter plan” to cause major dis­rup­tion to U.S. elec­tion activ­i­ties, but the effort was gen­er­al­ly under­stood as a “green light” from Russ­ian secu­ri­ty offi­cials to enlist cyber-relat­ed groups in prob­ing and harass­ing activ­i­ties direct­ed at U.S. tar­gets. That implies this entire alleged Russ­ian gov­ern­ment oper­a­tion to sell ‘kom­pro­mat’ on Trump to the CIA appar­ent­ly includ­ed telling the US agents that, yes, the Russ­ian gov­ern­ment real­ly is behind this entire ‘Russ­ian hack­er’ cam­paign.

    So, to sum­ma­rize:

    1. The CIA set out to retrieve the stolen hack­ing tools in Decem­ber of 2016.

    2. They came across a hack­er, Car­lo, who is either locat­ed in Ger­many or Aus­tria. Car­lo offered to return all the hack­ing tools and expose his net­work in exchange for immu­ni­ty. Car­lo had pre­vi­ous­ly worked with US intel­li­gence agents. Car­lo demon­strat­ed an abil­i­ty to pre­dict the Shad­ow Bro­kers’ pub­lic releas­es.

    3. When the US refused to offer immu­ni­ty and offered cash instead, a Russ­ian in Ger­many known to be an FSB ‘fix­er’ took over the nego­ti­a­tions. This fig­ure is a known mon­ey-laun­der­er with a his­to­ry of inter­ac­tions with US and Euro­pean intel­li­gence agen­cies.

    4. The Russ­ian first asked for $10 mil­lion, then $1 mil­lion. And soon start­ed offer­ing all sorts of ‘kom­pro­mat’ on Trump.
    5. A few weeks after nego­ti­a­tions began, an Amer­i­can busi­ness­man was shown a 15 sec­ond video pur­port­ed­ly of Trump with pros­ti­tutes in a Moscow hotel in 2013, although it can’t be ver­i­fied its Trump.

    6. In August of 2017, the Russ­ian hand­ed over a thum dri­ve con­tain a sam­ple of the hack­ing tools. It was all pub­licly released con­tent.

    7. Nego­ti­a­tions stalled, then con­tin­ued, and in Sep­tem­ber a $100,000 ini­tial cash drop took place. The doc­u­ments pro­vid­ed were all ‘kom­pro­mat’, with no hack­ing tools. The mate­r­i­al includ­ed names of spe­cif­ic indi­vid­u­als and cor­po­rate enti­ties alleged­ly tied to Russ­ian inter­fer­ence in the 2016 U.S. elec­tion.
    8. When pressed about the hack­ing tools, the Russ­ian claimed senior Russ­ian intel­li­gence offi­cials stopped him from releas­ing the hack­ing tools.

    9. The Amer­i­cans even­tu­al­ly ban­ished the Russ­ian from Europe after giv­ing him a ‘work for us or go away’ offer.

    10. This Russ­ian was will­ing to be inter­view by the New York Times and The Inter­cept and even pro­vid­ed four exam­ple doc­u­ments of the ‘kom­pro­mat’ he was try­ing to pass along to the Amer­i­cans. It was all pub­licly avail­able infor­ma­tion that con­tained unusu­al syn­tax for Russ­ian intel­li­gence doc­u­ments accord­ing to a for­mer KGB offi­cer.

    11. This Russ­ian report­ed­ly told the Amer­i­cans that the Russ­ian gov­ern­ment real­ly did ‘green light’ this high-pro­file ‘I’m a Russ­ian hack­er!’ hack­ing cam­paign against US elec­tions start­ing in late 2014 or ear­ly 2015 accord­ing to a doc­u­ment pro­vid­ed to The Inter­cept.

    12. There are at least four Rus­sians with espi­onage and under­world con­nec­tions have appeared in Cen­tral and East­ern Europe, offer­ing to sell kom­pro­mat to Amer­i­can polit­i­cal oper­a­tives, pri­vate inves­ti­ga­tors and spies that would cor­rob­o­rate the Steele dossier. Cody Shear­er, a Demo­c­ra­t­ic Par­ty oper­a­tive, has been try­ing to obtain such mate­r­i­al from a dif­fer­ent Russ­ian.

    So, if we are to accept all this, then the Russ­ian gov­ern­ment just had one of its ‘fix­ers’ basi­cal­ly admit that the Russ­ian gov­ern­ment was behind the Shad­ow Bro­kers hack and sub­se­quent release of the hack­ing tools which posed a mas­sive threat to com­put­er secu­ri­ty around the globe. And the Russ­ian gov­ern­ment wants this ‘fix­er’ to open­ly ped­dle ‘kom­pro­mat’ on Don­ald Trump, but it’s either unver­i­fi­able mate­r­i­al or pub­licly avail­able. And this FSB ‘fix­er’ was will­ing to talk to two news papers about all this:

    The New York Times

    U.S. Spies, Seek­ing to Retrieve Cyber­weapons, Paid Russ­ian Ped­dling Trump Secrets

    By Matthew Rosen­berg
    Feb. 9, 2018

    BERLIN — After months of secret nego­ti­a­tions, a shad­owy Russ­ian bilked Amer­i­can spies out of $100,000 last year, promis­ing to deliv­er stolen Nation­al Secu­ri­ty Agency cyber­weapons in a deal that he insist­ed would also include com­pro­mis­ing mate­r­i­al on Pres­i­dent Trump, accord­ing to Amer­i­can and Euro­pean intel­li­gence offi­cials.

    The cash, deliv­ered in a suit­case to a Berlin hotel room in Sep­tem­ber, was intend­ed as the first install­ment of a $1 mil­lion pay­out, accord­ing to Amer­i­can offi­cials, the Russ­ian and com­mu­ni­ca­tions reviewed by The New York Times. The theft of the secret hack­ing tools had been dev­as­tat­ing to the N.S.A., and the agency was strug­gling to get a full inven­to­ry of what was miss­ing.

    Sev­er­al Amer­i­can intel­li­gence offi­cials said they made clear that they did not want the Trump mate­r­i­al from the Russ­ian, who was sus­pect­ed of hav­ing murky ties to Russ­ian intel­li­gence and to East­ern Euro­pean cyber­crim­i­nals. He claimed the infor­ma­tion would link the pres­i­dent and his asso­ciates to Rus­sia. Instead of pro­vid­ing the hack­ing tools, the Russ­ian pro­duced unver­i­fied and pos­si­bly fab­ri­cat­ed infor­ma­tion involv­ing Mr. Trump and oth­ers, includ­ing bank records, emails and pur­port­ed Russ­ian intel­li­gence data.

    The Unit­ed States intel­li­gence offi­cials said they cut off the deal because they were wary of being entan­gled in a Russ­ian oper­a­tion to cre­ate dis­cord inside the Amer­i­can gov­ern­ment. They were also fear­ful of polit­i­cal fall­out in Wash­ing­ton if they were seen to be buy­ing scur­rilous infor­ma­tion on the pres­i­dent.

    The Cen­tral Intel­li­gence Agency declined to com­ment on the nego­ti­a­tions with the Russ­ian sell­er. The N.S.A., which pro­duced the bulk of the hack­ing tools that the Amer­i­cans sought to recov­er, said only that “all N.S.A. employ­ees have a life­time oblig­a­tion to pro­tect clas­si­fied infor­ma­tion.”

    The nego­ti­a­tions in Europe last year were described by Amer­i­can and Euro­pean intel­li­gence offi­cials, who spoke on the con­di­tion of anonymi­ty to dis­cuss a clan­des­tine oper­a­tion, and the Russ­ian. The Unit­ed States offi­cials worked through an inter­me­di­ary — an Amer­i­can busi­ness­man based in Ger­many — to pre­serve deni­a­bil­i­ty. There were meet­ings in provin­cial Ger­man towns where John le Car­ré set his ear­ly spy nov­els, and data hand­offs in five-star Berlin hotels. Amer­i­can intel­li­gence agen­cies spent months track­ing the Russian’s flights to Berlin, his ren­dezvous with a mis­tress in Vien­na and his trips home to St. Peters­burg, the offi­cials said.

    The N.S.A. even used its offi­cial Twit­ter account to send cod­ed mes­sages to the Russ­ian near­ly a dozen times.

    The episode end­ed this year with Amer­i­can spies chas­ing the Russ­ian out of West­ern Europe, warn­ing him not to return if he val­ued his free­dom, the Amer­i­can busi­ness­man said. The Trump mate­r­i­al was left with the Amer­i­can, who has secured it in Europe.

    The Russ­ian claimed to have access to a stag­ger­ing col­lec­tion of secrets that includ­ed every­thing from the com­put­er code for the cyber­weapons stolen from the N.S.A. and C.I.A. to what he said was a video of Mr. Trump con­sort­ing with pros­ti­tutes in a Moscow hotel room in 2013, accord­ing to Amer­i­can and Euro­pean offi­cials and the Russ­ian, who agreed to be inter­viewed in Ger­many on the con­di­tion of anonymi­ty. There remains no evi­dence that such a video exists.

    The Russ­ian was known to Amer­i­can and Euro­pean offi­cials for his ties to Russ­ian intel­li­gence and cyber­crim­i­nals — two groups sus­pect­ed in the theft of the N.S.A. and C.I.A. hack­ing tools.

    But his appar­ent eager­ness to sell the Trump “kom­pro­mat” — a Russ­ian term for infor­ma­tion used to gain lever­age over some­one — to Amer­i­can spies raised sus­pi­cions among offi­cials that he was part of an oper­a­tion to feed the infor­ma­tion to Unit­ed States intel­li­gence agen­cies and pit them against Mr. Trump. Ear­ly in the nego­ti­a­tions, for instance, he dropped his ask­ing price from about $10 mil­lion to just over $1 mil­lion. Then, a few months lat­er, he showed the Amer­i­can busi­ness­man a 15-sec­ond clip of a video show­ing a man in a room talk­ing to two women.

    No audio could be heard on the video, and there was no way to ver­i­fy if the man was Mr. Trump, as the Russ­ian claimed. But the choice of venue for show­ing the clip height­ened Amer­i­can sus­pi­cions of a Russ­ian oper­a­tion: The view­ing took place at the Russ­ian Embassy in Berlin, the busi­ness­man said.

    There were oth­er ques­tions about the Russian’s reli­a­bil­i­ty. He had a his­to­ry of mon­ey laun­der­ing and a thin legit­i­mate cov­er busi­ness — a near­ly bank­rupt com­pa­ny that sold portable grills for street­side sausage sales­men, accord­ing to British incor­po­ra­tion papers.

    “The dis­tinc­tion between an orga­nized crim­i­nal and a Russ­ian intel­li­gence offi­cer and a Russ­ian who knows some Russ­ian intel guys — it all blurs togeth­er,” said Steven L. Hall, the for­mer chief of Rus­sia oper­a­tions at the C.I.A. “This is the dif­fi­cul­ty of try­ing to under­stand how Rus­sia and Rus­sians oper­ate from the West­ern view­point.”.

    Amer­i­can intel­li­gence offi­cials were also wary of the pur­port­ed kom­pro­mat the Russ­ian want­ed to sell. They saw the infor­ma­tion, espe­cial­ly the video, as the stuff of tabloid gos­sip pages, not intel­li­gence col­lec­tion, Amer­i­can offi­cials said.

    But the Amer­i­cans des­per­ate­ly want­ed the hack­ing tools. The cyber­weapons had built to break into the com­put­er net­works of Rus­sia, Chi­na and oth­er rival pow­ers. Instead, they end­ed up in the hands of a mys­te­ri­ous group call­ing itself the Shad­ow Bro­kers, which has since pro­vid­ed hack­ers with tools that infect­ed mil­lions of com­put­ers around the world, crip­pling hos­pi­tals, fac­to­ries and busi­ness­es.

    ...

    Amer­i­can intel­li­gence agen­cies believe that Russia’s spy ser­vices see the deep polit­i­cal divi­sions in the Unit­ed States as a fresh oppor­tu­ni­ty to inflame par­ti­san ten­sions. Russ­ian hack­ers are tar­get­ing Amer­i­can vot­ing data­bas­es ahead of the midterm elec­tion this year, they said, and using bot armies to pro­mote par­ti­san caus­es on social media. The Rus­sians are also par­tic­u­lar­ly eager to cast doubt on the fed­er­al and con­gres­sion­al inves­ti­ga­tions into the Russ­ian med­dling, Amer­i­can intel­li­gence offi­cials said.

    Part of that effort, the offi­cials said, appears to be try­ing to spread infor­ma­tion that hews close­ly to unsub­stan­ti­at­ed reports about Mr. Trump’s deal­ings in Rus­sia, includ­ing the pur­port­ed video, whose exis­tence Mr. Trump has repeat­ed­ly dis­missed.

    Rumors that Russ­ian intel­li­gence pos­sess­es the video sur­faced more than a year ago in an explo­sive and unver­i­fied dossier com­piled by a for­mer British spy and paid for by Democ­rats. Since then, at least four Rus­sians with espi­onage and under­world con­nec­tions have appeared in Cen­tral and East­ern Europe, offer­ing to sell kom­pro­mat to Amer­i­can polit­i­cal oper­a­tives, pri­vate inves­ti­ga­tors and spies that would cor­rob­o­rate the dossier, Amer­i­can and Euro­pean intel­li­gence offi­cials said.

    Amer­i­can offi­cials sus­pect that at least some of the sell­ers are work­ing for Russia’s spy ser­vices.

    The Times obtained four of the doc­u­ments that the Russ­ian in Ger­many tried to pass to Amer­i­can intel­li­gence (The Times did not pay for the mate­r­i­al). All are pur­port­ed to be Russ­ian intel­li­gence reports, and each focus­es on asso­ciates of Mr. Trump. Carter Page, the for­mer cam­paign advis­er who has been the focus of F.B.I. inves­ti­ga­tors, fea­tures in one; Robert and Rebekah Mer­cer, the bil­lion­aire Repub­li­can donors, in anoth­er.

    Yet all four appear to be drawn almost entire­ly from news reports, not secret intel­li­gence. They all also con­tain styl­is­tic and gram­mat­i­cal usages not typ­i­cal­ly seen in Russ­ian intel­li­gence reports, said Yuri Shvets, a for­mer K.G.B. offi­cer who spent years as a spy in Wash­ing­ton before immi­grat­ing to the Unit­ed States after the end of the Cold War.

    Amer­i­can spies are not the only ones who have dealt with Rus­sians claim­ing to have secrets to sell. Cody Shear­er, an Amer­i­can polit­i­cal oper­a­tive with ties to the Demo­c­ra­t­ic Par­ty, has been criss­cross­ing East­ern Europe for more than six months to secure the pur­port­ed kom­pro­mat from a dif­fer­ent Russ­ian, said peo­ple famil­iar with the efforts, speak­ing on the con­di­tion of anonymi­ty to avoid dam­ag­ing their rela­tion­ship with him.

    Reached by phone late last year, Mr. Shear­er would say only that his work was “a big deal — you know what it is, and you shouldn’t be ask­ing about it.” He then hung up.

    Mr. Shearer’s efforts grew out of work he first began dur­ing the 2016 cam­paign, when he com­piled a pair of reports that, like the dossier, also includ­ed talk of a video and Russ­ian pay­offs to Trump asso­ciates. It is not clear what, if any­thing, Mr. Shear­er has been able to pur­chase.

    Before the Amer­i­cans were nego­ti­at­ing with the Russ­ian, they were deal­ing with a hack­er in Vien­na known only to Amer­i­can intel­li­gence offi­cials as Car­lo. In ear­ly 2017, he offered to pro­vide them with a full set of hack­ing tools that were in the hands of the Shad­ow Bro­kers and the names of oth­er peo­ple in his net­work, Amer­i­can offi­cials said. In exchange, he want­ed immu­ni­ty from pros­e­cu­tion in the Unit­ed States.

    But the immu­ni­ty deal fell apart, so intel­li­gence offi­cials decid­ed to do what spies do best: They offered to buy the data. That is when the Russ­ian in Ger­many emerged, telling the Amer­i­cans he would han­dle the sale.

    Like Car­lo, he had pre­vi­ous­ly dealt with Amer­i­can intel­li­gence oper­a­tives, Amer­i­can and Euro­pean offi­cials said. He served as a fix­er, of sorts, bro­ker­ing deals for Russia’s Fed­er­al Secu­ri­ty Ser­vice, or F.S.B., which is the suc­ces­sor to the Sovi­et K.G.B. Amer­i­can intel­li­gence offi­cials said that he had a direct link to Niko­lai Patru­shev, a for­mer F.S.B. direc­tor, and that they knew of pre­vi­ous work he had done help­ing move illic­it ship­ments of semi­precious met­als for a Russ­ian oli­garch.

    By last April it appeared that a deal was immi­nent. Sev­er­al C.I.A. offi­cers even trav­eled from the agency’s head­quar­ters to help the agency’s Berlin sta­tion han­dle the oper­a­tion.

    At a small bar in the for­mer heart of West Berlin, the Russ­ian hand­ed the Amer­i­can inter­me­di­ary a thumb dri­ve with a small cache of data that was intend­ed to pro­vide a sam­ple of what was to come, Amer­i­can offi­cials said.

    With­in days, though, the deal turned sour. Amer­i­can intel­li­gence agen­cies deter­mined that the data was gen­uine­ly from the Shad­ow Bro­kers, but was mate­r­i­al the group had already made pub­lic. As a result, the C.I.A. said it would not pay for it, Amer­i­can offi­cials said.

    The Russ­ian was furi­ous. But nego­ti­a­tions limped on until Sep­tem­ber, when the two sides agreed to try again.

    Late that month, the Amer­i­can busi­ness­man deliv­ered the $100,000 pay­ment. Some offi­cials said it was Unit­ed States gov­ern­ment mon­ey but rout­ed through an indi­rect chan­nel.

    A few weeks lat­er, the Russ­ian began hand­ing over data. But in mul­ti­ple deliv­er­ies in Octo­ber and Decem­ber, almost all of what he deliv­ered was relat­ed to the 2016 elec­tion and alleged ties between Mr. Trump’s asso­ciates and Rus­sia, not the N.S.A. or C.I.A. hack­ing tools.

    In Decem­ber, the Russ­ian said he told the Amer­i­can inter­me­di­ary that he was pro­vid­ing the Trump mate­r­i­al and hold­ing out on the hack­ing tools at the orders of senior Russ­ian intel­li­gence offi­cials.

    Ear­ly this year, the Amer­i­cans gave him one last chance. The Russ­ian once again showed up with noth­ing more than excus­es.

    So the Amer­i­cans offered him a choice: Start work­ing for them and pro­vide the names of every­one in his net­work — or go back to Rus­sia and do not return.

    The Russ­ian did not give it much thought. He took a sip of the cran­ber­ry juice he was nurs­ing, picked up his bag and said, “Thank you.” Then he walked out the door.

    ———-

    “U.S. Spies, Seek­ing to Retrieve Cyber­weapons, Paid Russ­ian Ped­dling Trump Secrets” by Matthew Rosen­berg; The New York Times; 02/09/2018

    “The cash, deliv­ered in a suit­case to a Berlin hotel room in Sep­tem­ber, was intend­ed as the first install­ment of a $1 mil­lion pay­out, accord­ing to Amer­i­can offi­cials, the Russ­ian and com­mu­ni­ca­tions reviewed by The New York Times. The theft of the secret hack­ing tools had been dev­as­tat­ing to the N.S.A., and the agency was strug­gling to get a full inven­to­ry of what was miss­ing.”

    Yep, this whole sto­ry isn’t just based on inter­views with Amer­i­can intel­li­gence offi­cials. The mys­te­ri­ous Russ­ian was also will­ing to be inter­viewed. And as we can see, it’s not like he’s pro­vid­ing an alter­na­tive spin to the ver­sion of events. He appears to more or less cor­rob­o­rate every­thing.

    So who is this mys­te­ri­ous Russ­ian? Well, we’re told that he is sus­pect­ed of hav­ing murky ties to Russ­ian intel­li­gence and to East­ern Euro­pean cyber­crim­i­nals:

    ...
    Sev­er­al Amer­i­can intel­li­gence offi­cials said they made clear that they did not want the Trump mate­r­i­al from the Russ­ian, who was sus­pect­ed of hav­ing murky ties to Russ­ian intel­li­gence and to East­ern Euro­pean cyber­crim­i­nals. He claimed the infor­ma­tion would link the pres­i­dent and his asso­ciates to Rus­sia. Instead of pro­vid­ing the hack­ing tools, the Russ­ian pro­duced unver­i­fied and pos­si­bly fab­ri­cat­ed infor­ma­tion involv­ing Mr. Trump and oth­ers, includ­ing bank records, emails and pur­port­ed Russ­ian intel­li­gence data.
    ...

    We’re also told that he’s a known ‘fix­er’ for the FSB who had pre­vi­ous­ly dealt with US intel­li­gence. Along with the Ger­man hack­er Car­lo:

    ...
    Like Car­lo, he had pre­vi­ous­ly dealt with Amer­i­can intel­li­gence oper­a­tives, Amer­i­can and Euro­pean offi­cials said. He served as a fix­er, of sorts, bro­ker­ing deals for Russia’s Fed­er­al Secu­ri­ty Ser­vice, or F.S.B., which is the suc­ces­sor to the Sovi­et K.G.B. Amer­i­can intel­li­gence offi­cials said that he had a direct link to Niko­lai Patru­shev, a for­mer F.S.B. direc­tor, and that they knew of pre­vi­ous work he had done help­ing move illic­it ship­ments of semi­precious met­als for a Russ­ian oli­garch.
    ...

    And he also has a his­to­ry of mon­ey-laun­der­ing, prompt­ing the for­mer chief of Rus­sia oper­a­tions at the C.I.A. to make the point that there isn’t a clear dis­tinc­tion between orga­nized crim­i­nals and Russ­ian intel­li­gence assets (which is, of course, the case for intel­li­gence assets all over the world):

    ...
    There were oth­er ques­tions about the Russian’s reli­a­bil­i­ty. He had a his­to­ry of mon­ey laun­der­ing and a thin legit­i­mate cov­er busi­ness — a near­ly bank­rupt com­pa­ny that sold portable grills for street­side sausage sales­men, accord­ing to British incor­po­ra­tion papers.

    “The dis­tinc­tion between an orga­nized crim­i­nal and a Russ­ian intel­li­gence offi­cer and a Russ­ian who knows some Russ­ian intel guys — it all blurs togeth­er,” said Steven L. Hall, the for­mer chief of Rus­sia oper­a­tions at the C.I.A. “This is the dif­fi­cul­ty of try­ing to under­stand how Rus­sia and Rus­sians oper­ate from the West­ern view­point.”.
    ...

    “There were oth­er ques­tions about the Russian’s reli­a­bil­i­ty. He had a his­to­ry of mon­ey laun­der­ing and a thin legit­i­mate cov­er busi­ness — a near­ly bank­rupt com­pa­ny that sold portable grills for street­side sausage sales­men, accord­ing to British incor­po­ra­tion papers.”

    That sure is a lot of poten­tial­ly iden­ti­fy­ing infor­ma­tion about this guy. Any­one know a Russ­ian with a near­ly bank­rupt com­pa­ny that sold portable grills for street­side sausage sales­men, accord­ing to British incor­po­ra­tion papers? Because that just might be our mys­tery Russ­ian.

    And this mys­tery Russ­ian was tracked by US offi­cials for months trav­el­ing back and forth between Berlin, Vien­na, and St. Peters­burg:

    ...
    The nego­ti­a­tions in Europe last year were described by Amer­i­can and Euro­pean intel­li­gence offi­cials, who spoke on the con­di­tion of anonymi­ty to dis­cuss a clan­des­tine oper­a­tion, and the Russ­ian. The Unit­ed States offi­cials worked through an inter­me­di­ary — an Amer­i­can busi­ness­man based in Ger­many — to pre­serve deni­a­bil­i­ty. There were meet­ings in provin­cial Ger­man towns where John le Car­ré set his ear­ly spy nov­els, and data hand­offs in five-star Berlin hotels. Amer­i­can intel­li­gence agen­cies spent months track­ing the Russian’s flights to Berlin, his ren­dezvous with a mis­tress in Vien­na and his trips home to St. Peters­burg, the offi­cials said
    ...

    So that’s our mys­tery Russ­ian who was hap­py to talk with the New York Times and the Inter­cept on the con­di­tion of anonymi­ty.

    And then there’s Car­lo the hack­er. Car­lo was appar­ent­ly will­ing to turn over peo­ple in his net­work along with all the hack­ing tools in exchange for immu­ni­ty:

    ...
    Before the Amer­i­cans were nego­ti­at­ing with the Russ­ian, they were deal­ing with a hack­er in Vien­na known only to Amer­i­can intel­li­gence offi­cials as Car­lo. In ear­ly 2017, he offered to pro­vide them with a full set of hack­ing tools that were in the hands of the Shad­ow Bro­kers and the names of oth­er peo­ple in his net­work, Amer­i­can offi­cials said. In exchange, he want­ed immu­ni­ty from pros­e­cu­tion in the Unit­ed States.

    But the immu­ni­ty deal fell apart, so intel­li­gence offi­cials decid­ed to do what spies do best: They offered to buy the data. That is when the Russ­ian in Ger­many emerged, telling the Amer­i­cans he would han­dle the sale.
    ...

    So, if we assume that the Shad­ow Bro­kers are indeed a Russ­ian gov­ern­ment oper­a­tion, they appar­ent­ly first were using Car­lo, a Ger­man hack­er, as a front. But when the CIA turned downs Car­los demands for immu­ni­ty, the Rus­sians decid­ed to drop the mask and have the mys­tery Russ­ian direct­ly nego­ti­ate a sales price. Again, does­n’t this seem incred­i­bly odd?

    So after the mys­tery Russ­ian takes over the nego­ti­a­tions, he starts offer­ing all sorts of ‘kom­pro­mat’, includ­ing a video of Trump with pros­ti­tutes which was shown to the Amer­i­can busi­ness­man inter­me­di­ary as the Russ­ian embassy in Berlin:

    ...
    The Russ­ian claimed to have access to a stag­ger­ing col­lec­tion of secrets that includ­ed every­thing from the com­put­er code for the cyber­weapons stolen from the N.S.A. and C.I.A. to what he said was a video of Mr. Trump con­sort­ing with pros­ti­tutes in a Moscow hotel room in 2013, accord­ing to Amer­i­can and Euro­pean offi­cials and the Russ­ian, who agreed to be inter­viewed in Ger­many on the con­di­tion of anonymi­ty. There remains no evi­dence that such a video exists.

    The Russ­ian was known to Amer­i­can and Euro­pean offi­cials for his ties to Russ­ian intel­li­gence and cyber­crim­i­nals — two groups sus­pect­ed in the theft of the N.S.A. and C.I.A. hack­ing tools.

    But his appar­ent eager­ness to sell the Trump “kom­pro­mat” — a Russ­ian term for infor­ma­tion used to gain lever­age over some­one — to Amer­i­can spies raised sus­pi­cions among offi­cials that he was part of an oper­a­tion to feed the infor­ma­tion to Unit­ed States intel­li­gence agen­cies and pit them against Mr. Trump. Ear­ly in the nego­ti­a­tions, for instance, he dropped his ask­ing price from about $10 mil­lion to just over $1 mil­lion. Then, a few months lat­er, he showed the Amer­i­can busi­ness­man a 15-sec­ond clip of a video show­ing a man in a room talk­ing to two women.

    No audio could be heard on the video, and there was no way to ver­i­fy if the man was Mr. Trump, as the Russ­ian claimed. But the choice of venue for show­ing the clip height­ened Amer­i­can sus­pi­cions of a Russ­ian oper­a­tion: The view­ing took place at the Russ­ian Embassy in Berlin, the busi­ness­man said.
    ...

    But the Amer­i­cans weren’t inter­est­ed in this kom­pro­mat, osten­si­bly over fears that this could exac­er­bate ten­sions between the White House and intel­li­gence com­mu­ni­ty. In addi­tion, the rest of the kom­pro­mat appeared to be pub­licly avail­able infor­ma­tion and did­n’t match tra­di­tion­al FSB gram­mar or lan­guage:

    ...
    The Times obtained four of the doc­u­ments that the Russ­ian in Ger­many tried to pass to Amer­i­can intel­li­gence (The Times did not pay for the mate­r­i­al). All are pur­port­ed to be Russ­ian intel­li­gence reports, and each focus­es on asso­ciates of Mr. Trump. Carter Page, the for­mer cam­paign advis­er who has been the focus of F.B.I. inves­ti­ga­tors, fea­tures in one; Robert and Rebekah Mer­cer, the bil­lion­aire Repub­li­can donors, in anoth­er.

    Yet all four appear to be drawn almost entire­ly from news reports, not secret intel­li­gence. They all also con­tain styl­is­tic and gram­mat­i­cal usages not typ­i­cal­ly seen in Russ­ian intel­li­gence reports, said Yuri Shvets, a for­mer K.G.B. offi­cer who spent years as a spy in Wash­ing­ton before immi­grat­ing to the Unit­ed States after the end of the Cold War.
    ...

    So the nego­ti­a­tions keep hap­pen­ing pri­mar­i­ly over the hack­ing tools. And a $1 mil­lion price is arrived at. But when the exam­ple hack­ing tools are deliv­ered, it’s all pub­licly avail­able code:

    ...
    By last April it appeared that a deal was immi­nent. Sev­er­al C.I.A. offi­cers even trav­eled from the agency’s head­quar­ters to help the agency’s Berlin sta­tion han­dle the oper­a­tion.

    At a small bar in the for­mer heart of West Berlin, the Russ­ian hand­ed the Amer­i­can inter­me­di­ary a thumb dri­ve with a small cache of data that was intend­ed to pro­vide a sam­ple of what was to come, Amer­i­can offi­cials said.

    With­in days, though, the deal turned sour. Amer­i­can intel­li­gence agen­cies deter­mined that the data was gen­uine­ly from the Shad­ow Bro­kers, but was mate­r­i­al the group had already made pub­lic. As a result, the C.I.A. said it would not pay for it, Amer­i­can offi­cials said.
    ...

    Keep in in mind, as we’ll see in The Inter­cept piece below, Car­lo cor­rect­ly gave advance notice of Shad­ow Bro­ker releas­es. And yet, when it came to this mys­tery Russ­ian, he only pro­vid­ed hack­ing code sam­ples that were avail­able to every­one in the world.

    But the nego­ti­a­tions con­tin­ue, they come to an agree­ment in Sep­tem­ber, a $100,000 down­pay­ment is made, and but the con­tent deliv­ered is all just the kom­pro­mat. And when pressed on this, the Russ­ian claims that senior Russ­ian intel­li­gence offi­cials pre­vent­ed the return of the hack­ing tools:

    ...
    The Russ­ian was furi­ous. But nego­ti­a­tions limped on until Sep­tem­ber, when the two sides agreed to try again.

    Late that month, the Amer­i­can busi­ness­man deliv­ered the $100,000 pay­ment. Some offi­cials said it was Unit­ed States gov­ern­ment mon­ey but rout­ed through an indi­rect chan­nel.

    A few weeks lat­er, the Russ­ian began hand­ing over data. But in mul­ti­ple deliv­er­ies in Octo­ber and Decem­ber, almost all of what he deliv­ered was relat­ed to the 2016 elec­tion and alleged ties between Mr. Trump’s asso­ciates and Rus­sia, not the N.S.A. or C.I.A. hack­ing tools.

    In Decem­ber, the Russ­ian said he told the Amer­i­can inter­me­di­ary that he was pro­vid­ing the Trump mate­r­i­al and hold­ing out on the hack­ing tools at the orders of senior Russ­ian intel­li­gence offi­cials.
    ...

    “In Decem­ber, the Russ­ian said he told the Amer­i­can inter­me­di­ary that he was pro­vid­ing the Trump mate­r­i­al and hold­ing out on the hack­ing tools at the orders of senior Russ­ian intel­li­gence offi­cials.

    Note the phras­ing here because it sure sounds like it’s the mys­tery Russ­ian who is recount­ing this to the the reporter. And he’s recount­ing what amounts to an admis­sion that the Russ­ian gov­ern­ment is indeed behind the Shad­ow Bro­kers...a hack­ing team that has done immense dam­age to peo­ple and orga­ni­za­tions around the world by sud­den­ly dump­ing those tools onto the inter­net.

    And there are at least four Rus­sians run­ning around Europe try­ing to ped­dle kom­pro­mat on Trump:

    ...
    Rumors that Russ­ian intel­li­gence pos­sess­es the video sur­faced more than a year ago in an explo­sive and unver­i­fied dossier com­piled by a for­mer British spy and paid for by Democ­rats. Since then, at least four Rus­sians with espi­onage and under­world con­nec­tions have appeared in Cen­tral and East­ern Europe, offer­ing to sell kom­pro­mat to Amer­i­can polit­i­cal oper­a­tives, pri­vate inves­ti­ga­tors and spies that would cor­rob­o­rate the dossier, Amer­i­can and Euro­pean intel­li­gence offi­cials said.

    Amer­i­can offi­cials sus­pect that at least some of the sell­ers are work­ing for Russia’s spy ser­vices.

    ...

    Amer­i­can spies are not the only ones who have dealt with Rus­sians claim­ing to have secrets to sell. Cody Shear­er, an Amer­i­can polit­i­cal oper­a­tive with ties to the Demo­c­ra­t­ic Par­ty, has been criss­cross­ing East­ern Europe for more than six months to secure the pur­port­ed kom­pro­mat from a dif­fer­ent Russ­ian, said peo­ple famil­iar with the efforts, speak­ing on the con­di­tion of anonymi­ty to avoid dam­ag­ing their rela­tion­ship with him.

    Reached by phone late last year, Mr. Shear­er would say only that his work was “a big deal — you know what it is, and you shouldn’t be ask­ing about it.” He then hung up.
    ...

    So that’s what the New York Times reporter on this, which is large­ly what’s in The Inter­cep­t’s report. But there are some addi­tion­al details. Like how Car­los was locat­ed in Ger­many, not Vien­na.

    The piece also includes the crit­i­cal infor­ma­tion that Car­los cor­rect­ly gave advance notice to the Shad­ow Bro­ker releas­es. It also includes report­ing on a doc­u­ment that sum­ma­rizes some rather remark­able admis­sions by the mys­tery Russ­ian that, yes, there real­ly has been an offi­cial Russ­ian gov­ern­ment effort to tar­get US polit­i­cal activ­i­ties start­ing in late 2014 or ear­ly 2015:

    The Inter­cept

    U.S. Secret­ly Nego­ti­at­ed With Rus­sians to Buy Stolen NSA Doc­u­ments — and the Rus­sians Offered Trump-Relat­ed Mate­r­i­al, Too

    James Risen

    Feb­ru­ary 9 2018, 3:32 p.m.

    The Unit­ed States intel­li­gence com­mu­ni­ty has been con­duct­ing a top-secret oper­a­tion to recov­er stolen clas­si­fied U.S. gov­ern­ment doc­u­ments from Russ­ian oper­a­tives, accord­ing to sources famil­iar with the mat­ter. The oper­a­tion has also inad­ver­tent­ly yield­ed a cache of doc­u­ments pur­port­ing to relate to Don­ald Trump and Russ­ian med­dling in the 2016 pres­i­den­tial elec­tion.

    Over the past year, Amer­i­can intel­li­gence offi­cials have opened a secret com­mu­ni­ca­tions chan­nel with the Russ­ian oper­a­tives, who have been seek­ing to sell both Trump-relat­ed mate­ri­als and doc­u­ments stolen from the Nation­al Secu­ri­ty Agency and obtained by Russ­ian intel­li­gence, accord­ing to peo­ple involved with the mat­ter and oth­er doc­u­men­tary evi­dence. The chan­nel start­ed devel­op­ing in ear­ly 2017, when Amer­i­can and Russ­ian inter­me­di­aries began meet­ing in Ger­many. Even­tu­al­ly, a Russ­ian inter­me­di­ary, appar­ent­ly rep­re­sent­ing some ele­ments of the Russ­ian intel­li­gence com­mu­ni­ty, agreed to a deal to sell stolen NSA doc­u­ments back to the U.S. while also seek­ing to include Trump-relat­ed mate­ri­als in the pack­age.

    ...

    A Russ­ian who has been act­ing as a go-between for oth­er Rus­sians with access to Russ­ian gov­ern­ment mate­ri­als has sought pay­ment for the mate­ri­als he is offer­ing. In an exten­sive inter­view with The Inter­cept in Ger­many, the Russ­ian inter­me­di­ary pro­vid­ed detailed infor­ma­tion about the chan­nel. When con­tact­ed by The Inter­cept for this sto­ry, the Amer­i­can inter­me­di­ary declined to com­ment.

    Even many involved in the secret com­mu­ni­ca­tions chan­nel between U.S. intel­li­gence and the Rus­sians are said to be uncer­tain about what is real­ly going on with the oper­a­tion. Recent­ly, the Rus­sians have been seek­ing to pro­vide doc­u­ments said to be relat­ed to Trump offi­cials and Russ­ian med­dling in the 2016 cam­paign, includ­ing some pur­loined FBI reports and bank­ing records. It is not clear whether those doc­u­ments are in pos­ses­sion of Amer­i­can offi­cials. It is also unclear whether the secret chan­nel has helped the U.S. recov­er sig­nif­i­cant amounts of data from the NSA doc­u­ments believed to have been stolen by the Shad­ow Bro­kers.

    Fur­ther, it is not known whether the Rus­sians involved in the chan­nel are act­ing on their own or have been autho­rized by the Russ­ian gov­ern­ment to try to sell the mate­ri­als to the Unit­ed States. As a result, the Amer­i­cans are uncer­tain whether the Rus­sians involved are part of a dis­in­for­ma­tion cam­paign orches­trat­ed by Moscow, either to dis­cred­it Trump or to dis­cred­it efforts by Amer­i­can offi­cials inves­ti­gat­ing Trump’s pos­si­ble ties to Rus­sia, includ­ing Spe­cial Coun­sel Robert Mueller.

    The exis­tence of the off-the-books com­mu­ni­ca­tions chan­nel, which has been a close­ly guard­ed secret with­in the U.S. intel­li­gence com­mu­ni­ty, has been high­ly con­tro­ver­sial among those offi­cials who know about it, and has begun to cause rifts between offi­cials at the CIA and the NSA who have been involved with it at var­i­ous times over the past year.

    The CIA, which is now head­ed by a Trump loy­al­ist, CIA Direc­tor Mike Pom­peo, has at times been reluc­tant to stay involved in the oper­a­tion, appar­ent­ly for fear of obtain­ing the Trump-relat­ed mate­r­i­al offered by the Rus­sians, accord­ing to sources close to the nego­ti­a­tions. In the peri­od in which the com­mu­ni­ca­tions chan­nel has been open, CIA offi­cials are said to have repeat­ed­ly changed their views about it. They have some­times expressed inter­est, only to lat­er back away from any involve­ment with the chan­nel and the inter­me­di­aries. At some points, the CIA has been seri­ous enough about buy­ing mate­ri­als through the chan­nel that agency offi­cials said they had trans­port­ed cash to the CIA’s sta­tion in Berlin to com­plete the trans­ac­tion. But at oth­er points, agency offi­cials backed off and shut down their com­mu­ni­ca­tions. Some peo­ple involved with the chan­nel believe that the CIA has grown so heav­i­ly politi­cized under Pom­peo that offi­cials there have become fear­ful of tak­ing pos­ses­sion of any mate­ri­als that might be con­sid­ered dam­ag­ing to Trump.

    The CIA’s wari­ness shows that the real­i­ty with­in the U.S. intel­li­gence com­mu­ni­ty is a far cry from the right-wing con­spir­a­cy the­o­ry that a “deep state” is work­ing against Trump. Instead, the agency’s behav­ior seems to indi­cate that U.S. intel­li­gence offi­cials are torn about whether to con­duct any oper­a­tions at all that might aid Mueller’s ongo­ing inves­ti­ga­tion into whether Trump or his aides col­lud­ed with Rus­sia to win the 2016 pres­i­den­tial elec­tion.

    Many intel­li­gence offi­cials are reluc­tant to get involved with any­thing relat­ed to the Trump-Rus­sia case for fear of blow­back from Trump him­self, who might seek revenge by fir­ing senior offi­cials and wreak­ing hav­oc on their agen­cies. For exam­ple, Dan Coats, the direc­tor of nation­al intel­li­gence and thus the man sup­pos­ed­ly in charge of the entire U.S. intel­li­gence com­mu­ni­ty, has said he does not see it as his role to push for an aggres­sive Trump-Rus­sia inves­ti­ga­tion, accord­ing to a source famil­iar with the mat­ter.

    Because of the CIA’s reluc­tance to take an aggres­sive role, offi­cials at the NSA have tak­en the lead on the com­mu­ni­ca­tions chan­nel, with a pri­ma­ry focus on recov­er­ing their own stolen doc­u­ments. They have viewed the Trump-relat­ed mate­r­i­al as an annoy­ing side­light, even as they under­stand that it is poten­tial­ly the most explo­sive mate­r­i­al to have come through the chan­nel.

    The chan­nel has been oper­at­ing in the shad­ows even as Mueller’s inves­ti­ga­tion has been bask­ing in the spot­light. Last year, three for­mer Trump cam­paign offi­cials faced charges as part of Mueller’s inves­ti­ga­tion, and the spe­cial coun­sel con­tin­ues to inves­ti­gate both pos­si­ble col­lu­sion between the Trump cam­paign and Rus­sia and evi­dence of efforts by Trump or oth­ers close to him to obstruct jus­tice in the Mueller probe.

    ...

    Accord­ing to doc­u­ments obtained by The Inter­cept that sum­ma­rize much of the channel’s his­to­ry, a key Amer­i­can inter­me­di­ary with the Rus­sians was first approached by U.S. intel­li­gence offi­cials in late Decem­ber 2016. The offi­cials asked him to help them recov­er NSA doc­u­ments believed to have been stolen by the Shad­ow Bro­kers.

    The Amer­i­can was able to iden­ti­fy a hack­er in Ger­many who claimed to have access to some of the stolen data believed to be held by the Shad­ow Bro­kers, and who accu­rate­ly pro­vid­ed advance notice of sev­er­al Shad­ow Bro­ker data releas­es. The hacker’s coop­er­a­tion with the U.S. intel­li­gence com­mu­ni­ty broke down over his demands for full immu­ni­ty from U.S. pros­e­cu­tion for his hack­ing activ­i­ties — nego­ti­a­tions that failed large­ly because the hack­er refused to pro­vide his full per­son­al iden­ti­fi­ca­tion to the Amer­i­cans.

    Even­tu­al­ly, the rela­tion­ship with the hack­er in Ger­many led the Amer­i­cans to begin talks with a Russ­ian who became a key inter­me­di­ary in the chan­nel. The Russ­ian is believed to have ties to offi­cials in Russ­ian intel­li­gence.

    In March 2017, the Russ­ian met with the Amer­i­can inter­me­di­ary and a U.S. offi­cial in Berlin and agreed to pro­vide the stolen NSA data from the Shad­ow Bro­kers in exchange for pay­ment. The U.S. gov­ern­ment used “cer­tain mes­sag­ing tech­niques” that the Russ­ian accept­ed as proof that the U.S. gov­ern­ment was behind the nego­ti­a­tions and the pro­posed deal, accord­ing to the doc­u­ments obtained by The Inter­cept.

    Offi­cials gave the Rus­sians advance knowl­edge that on June 20, 2017, at 12:30 p.m., the offi­cial NSA Twit­ter account would tweet: “Samuel Morse patent­ed the tele­graph 177 years ago. Did you know you can still send telegrams? Faster than post & pay only if it’s deliv­ered.”

    That tweet, in exact­ly those words, was issued at that time.

    The NSA used that mes­sag­ing tech­nique repeat­ed­ly over the fol­low­ing months, each time offi­cials want­ed to com­mu­ni­cate with the Rus­sians or reas­sure them that the U.S. was still sup­port­ing the chan­nel. Each time, the Rus­sians were told the text of the tweets in advance and the exact time they would be released. Each tweet looked com­plete­ly benign but was in fact a mes­sage to the Rus­sians.

    ...

    But the chan­nel broke down sev­er­al times, often over dis­agree­ments between the U.S. and the Rus­sians about how mon­ey would be exchanged and what data was to be received. In May 2017, U.S. offi­cials were upset that the first tranche of data they received con­tained files already known to have been stolen because they had already been released by the Shad­ow Bro­kers. But the Russ­ian inter­me­di­ary con­tin­ued to insist that he could pro­vide data held by the Shad­ow Bro­kers, as well as mate­ri­als relat­ed to Trump offi­cials and Russ­ian activ­i­ty in the 2016 cam­paign. Through­out 2017, the U.S. offi­cials sought to lim­it the scope of their inves­ti­ga­tion to data stolen by the Shad­ow Bro­kers, leav­ing aside the mate­ri­als relat­ed to Trump. U.S. offi­cials also began to won­der whether the Russ­ian inter­me­di­ary was part of a so-called dan­gle oper­a­tion involv­ing Russ­ian dis­in­for­ma­tion.

    But by last fall, the Russ­ian began pass­ing infor­ma­tion to the Amer­i­can inter­me­di­ary that was unre­lat­ed to the Shad­ow Bro­kers, includ­ing the names of spe­cif­ic indi­vid­u­als and cor­po­rate enti­ties alleged­ly tied to Russ­ian inter­fer­ence in the 2016 U.S. elec­tion. The Amer­i­can inter­me­di­ary turned the infor­ma­tion over to U.S. intel­li­gence for the pur­pose of deter­min­ing the Russian’s cred­i­bil­i­ty. U.S. intel­li­gence offi­cials con­tin­ued to stress that they were only inter­est­ed in recov­er­ing stolen U.S. data. Still, it was under­stood that if the Russ­ian pro­vid­ed mate­r­i­al relat­ed to Trump, the Amer­i­can inter­me­di­ary would debrief U.S. offi­cials on its con­tent.

    In Decem­ber 2017, the Russ­ian turned over doc­u­ments and files, some of them in Russ­ian. The doc­u­ments appeared to include FBI inves­tiga­tive reports, finan­cial records, and oth­er mate­ri­als relat­ed to Trump offi­cials and the 2016 cam­paign.

    “The infor­ma­tion was vet­ted and ulti­mate­ly deter­mined that while a sig­nif­i­cant part of it was accu­rate and ver­i­fi­able, oth­er parts of the data were impos­si­ble to ver­i­fy and could be con­tro­ver­sial,” the doc­u­ments obtained by The Inter­cept state. It is not clear who vet­ted the mate­r­i­al.

    At a meet­ing last month in Spain, the Russ­ian told the Amer­i­can inter­me­di­ary of his desire to move for­ward with the deliv­ery of the Shad­ow Bro­kers data, as well as mate­r­i­al relat­ed to the 2016 elec­tion. The Amer­i­can ques­tioned him on the cred­i­bil­i­ty of his data and told him the data he was pro­vid­ing on Trump offi­cials and elec­tion activ­i­ties was “unso­licit­ed.” The Russ­ian also expressed inter­est in giv­ing the mate­r­i­al to media out­lets, which the Amer­i­can told the Russ­ian he found “dis­con­cert­ing.”

    The Russ­ian told the Amer­i­can that he had first become aware of Russ­ian efforts tar­get­ing U.S. polit­i­cal activ­i­ties in late 2014 or ear­ly 2015, accord­ing to the doc­u­ments reviewed by The Inter­cept. The Russ­ian stat­ed that he had no knowl­edge of a “mas­ter plan” to cause major dis­rup­tion to U.S. elec­tion activ­i­ties, but the effort was gen­er­al­ly under­stood as a “green light” from Russ­ian secu­ri­ty offi­cials to enlist cyber-relat­ed groups in prob­ing and harass­ing activ­i­ties direct­ed at U.S. tar­gets.

    ———–

    “U.S. Secret­ly Nego­ti­at­ed With Rus­sians to Buy Stolen NSA Doc­u­ments — and the Rus­sians Offered Trump-Relat­ed Mate­r­i­al, Too” by James Risen; The Inter­cept; 02/09/2018

    The Russ­ian told the Amer­i­can that he had first become aware of Russ­ian efforts tar­get­ing U.S. polit­i­cal activ­i­ties in late 2014 or ear­ly 2015, accord­ing to the doc­u­ments reviewed by The Inter­cept. The Russ­ian stat­ed that he had no knowl­edge of a “mas­ter plan” to cause major dis­rup­tion to U.S. elec­tion activ­i­ties, but the effort was gen­er­al­ly under­stood as a “green light” from Russ­ian secu­ri­ty offi­cials to enlist cyber-relat­ed groups in prob­ing and harass­ing activ­i­ties direct­ed at U.S. tar­gets.”

    Yep, this alleged FSB ‘fix­er’ with cyber crim­i­nal ties — who has dealt with US intel­li­gence agen­cies before — appar­ent­ly decid­ed to tell this Amer­i­can inter­me­di­ary that he was indeed aware of a Russ­ian gov­ern­ment “green light” start­ing in late 2014 or ear­ly 2015 to tar­get the US by enlist­ing cyber-relat­ed groups. It’s quite an admis­sion!

    And the kom­pro­mat he was pass­ing along was­n’t just on Trump. It also includ­ed spe­cif­ic indi­vid­u­als and cor­po­rate enti­ties involved with this inter­fer­ence cam­paign:

    ...
    But by last fall, the Russ­ian began pass­ing infor­ma­tion to the Amer­i­can inter­me­di­ary that was unre­lat­ed to the Shad­ow Bro­kers, includ­ing the names of spe­cif­ic indi­vid­u­als and cor­po­rate enti­ties alleged­ly tied to Russ­ian inter­fer­ence in the 2016 U.S. elec­tion. The Amer­i­can inter­me­di­ary turned the infor­ma­tion over to U.S. intel­li­gence for the pur­pose of deter­min­ing the Russian’s cred­i­bil­i­ty. U.S. intel­li­gence offi­cials con­tin­ued to stress that they were only inter­est­ed in recov­er­ing stolen U.S. data. Still, it was under­stood that if the Russ­ian pro­vid­ed mate­r­i­al relat­ed to Trump, the Amer­i­can inter­me­di­ary would debrief U.S. offi­cials on its con­tent.
    ...

    And this whole strange got start­ed after US intel­li­gence offi­cials approach the Amer­i­can busi­ness­man in Ger­man and asked for his help. And it was this busi­ness­man who found the hack­er in Ger­many who claimed to have the Shad­ow Bro­ker con­tent:

    ...
    Accord­ing to doc­u­ments obtained by The Inter­cept that sum­ma­rize much of the channel’s his­to­ry, a key Amer­i­can inter­me­di­ary with the Rus­sians was first approached by U.S. intel­li­gence offi­cials in late Decem­ber 2016. The offi­cials asked him to help them recov­er NSA doc­u­ments believed to have been stolen by the Shad­ow Bro­kers.

    The Amer­i­can was able to iden­ti­fy a hack­er in Ger­many who claimed to have access to some of the stolen data believed to be held by the Shad­ow Bro­kers, and who accu­rate­ly pro­vid­ed advance notice of sev­er­al Shad­ow Bro­ker data releas­es. The hacker’s coop­er­a­tion with the U.S. intel­li­gence com­mu­ni­ty broke down over his demands for full immu­ni­ty from U.S. pros­e­cu­tion for his hack­ing activ­i­ties — nego­ti­a­tions that failed large­ly because the hack­er refused to pro­vide his full per­son­al iden­ti­fi­ca­tion to the Amer­i­cans.
    ...

    “The Amer­i­can was able to iden­ti­fy a hack­er in Ger­many who claimed to have access to some of the stolen data believed to be held by the Shad­ow Bro­kers, and who accu­rate­ly pro­vid­ed advance notice of sev­er­al Shad­ow Bro­ker data releas­es.”

    And that, right there, is per­haps the only piece of infor­ma­tion in this entire sto­ry that sug­gests that any of the shad­owy fig­ures involved with this sto­ry was actu­al­ly involved with the Shad­ow Bro­kers.

    And it does­n’t nec­es­sar­i­ly indi­cate this guy real­ly was part of the Shad­ow Bro­kers. After all, if the Shad­ow Bro­kers real­ly were inter­est­ed in sell­ing their trea­sure trove, arrang­ing the sale over the Dark Web would be an obvi­ous way to nego­ti­ate it and pro­vid­ing peo­ple advance notice of releas­es would be an obvi­ous way to ver­i­fy their cred­i­bil­i­ty in these nego­ti­a­tions. So per­haps this mys­tery hack­er was mere­ly aware of some Dark Web sales pitch­es. For instance, imag­ine the Shad­ow Bro­kers were try­ing to find buy­ers on the Dark Web. Well, they might go to a Dark Web forum and say some­thing like, “hey, we’re the Shad­ow Bro­kers. Want to buy our stuff?” And then they’d have to prove who they are...potentially by giv­ing advance notice of releas­es. So if such sales pitch­es took place, any­one hack­er on that forum would have the knowl­edge they need to pre­tend that they are the Shad­ow Bro­kers by relay­ing that same advance notice. Now, there’s no evi­dence that this is what hap­pened, but it’s the kind of pos­si­bil­i­ty we should con­sid­er.

    So that’s the utter­ly bizarre sto­ry that just got released by The New York Times and The Inter­cept. A sto­ry that pur­ports to reveal a Russ­ian gov­ern­ment psy­cho­log­i­cal war­fare oper­a­tion designed to inflame par­ti­san ten­sions in the US. And to inflame these ten­sions, the Russ­ian strat­e­gy appar­ent­ly involves basi­cal­ly admit­ting (via the inter­views of the FSB ‘fix­er’) that, yes, it’s run­ning a psy­cho­log­i­cal war­fare oper­a­tion against the US designed to inflame par­ti­san ten­sion. Which is a pret­ty odd strat­e­gy since one of the most effec­tive ways to sub­due those US par­ti­san ten­sions is to have a Russ­ian gov­ern­ment oper­a­tive basi­cal­ly come out and admit that its try­ing to inflame these ten­sions. And also admit to release the NSA hack­ing toolk­it that caused all sorts of dam­age all over the world and could still poten­tial­ly lead to much, much more dam­age. But that’s the sto­ry being ped­dling to the world right now.

    Posted by Pterrafractyl | February 10, 2018, 4:23 pm
  17. Fol­low­ing up on the bizarre sto­ry about the CIA’s attempt to buy off the trove of NSA hack­ing tools pos­sessed by the “Shad­ow Bro­kers”: The White House and UK gov­ern­ment just issued near simul­ta­ne­ous state­ments for­mal­ly blam­ing the Russ­ian mil­i­tary for cre­at­ing and releas­ing the “Not­Petya” ran­somware attack. They’re pre­sum­ably blam­ing “Fan­cy Bear” for this since that’s the group attrib­uted to the GRU. Not­Petya is the attack that start­ed in Ukraine and quick­ly spread around the world, caus­ing bil­lions in dam­age.

    And while it was wide­ly assumed that this attack orig­i­nat­ed in Rus­sia giv­en the fact that it start­ed in Ukraine, there had­n’t before been any evi­dence link­ing the attack to the Russ­ian mil­i­tary. And guess what, there still isn’t any actu­al evi­dence link­ing it to the Russ­ian mil­i­tary. At least not any that’s been pub­licly released.

    But that’s not most hilar­i­ous part of this ‘for­mal charge’. The most hilar­i­ous part is that the White House state­ment charg­ing the Russ­ian mil­i­tary makes no men­tion of the fact that Not­Petya was based on Shad­ow Bro­ker code that had already been pub­licly released:

    The New York Times

    U.S. Con­demns Rus­sia for Cyber­at­tack, Show­ing Split in Stance on Putin

    By MARK LANDLER and SCOTT SHANE
    FEB. 15, 2018

    WASHINGTON — The Unit­ed States on Thurs­day joined Britain in for­mal­ly blam­ing Rus­sia for a huge cyber­at­tack last June that was aimed at Ukraine but crip­pled com­put­ers world­wide, a high­ly pub­lic nam­ing-and-sham­ing exer­cise that could fur­ther fray rela­tions with Moscow.

    The White House threat­ened unspec­i­fied “inter­na­tion­al con­se­quences” for the attack, which it said “was part of the Kremlin’s ongo­ing effort to desta­bi­lize Ukraine and demon­strates ever more clear­ly Russia’s involve­ment in the ongo­ing con­flict.”

    The state­ment, issued by the press sec­re­tary, Sarah Huck­abee Sanders, said the attack, known by the name Not­Petya, was “reck­less and indis­crim­i­nate” and spread rapid­ly, “caus­ing bil­lions of dol­lars in dam­age across Europe, Asia and the Amer­i­c­as.”

    Not­Petya, which had the char­ac­ter­is­tics of a ran­somware attack, had been wide­ly iden­ti­fied by cyber­se­cu­ri­ty experts as com­ing from Rus­sia, so the attri­bu­tion was no sur­prise. But the deci­sion of the Unit­ed States and Britain to near­ly simul­ta­ne­ous­ly con­demn the Russ­ian mil­i­tary is note­wor­thy.

    It under­scores the dichoto­my between the administration’s con­sis­tent­ly tough stance toward Rus­sia on issues involv­ing Ukraine and Pres­i­dent Trump’s con­tin­ued reluc­tance to crit­i­cize Pres­i­dent Vladimir V. Putin over any­thing else.

    In Decem­ber, the White House approved the sale of lethal defen­sive weapons to the Ukrain­ian mil­i­tary for its bat­tle against Russ­ian-backed forces in east­ern Ukraine. Yet Mr. Trump con­tin­ues to soft-ped­al alle­ga­tions that Rus­sia inter­fered in the 2016 pres­i­den­tial elec­tion, even after the nation’s intel­li­gence agen­cies con­clud­ed that it did — an assess­ment that intel­li­gence chiefs reit­er­at­ed in Sen­ate tes­ti­mo­ny this week.

    Admin­is­tra­tion offi­cials declined to say what steps the Unit­ed States would take against Rus­sia. But they could include both sanc­tions against Russ­ian offi­cials involved in the attack and covert mea­sures — any of which would be like­ly to fray an already frag­ile rela­tion­ship.

    The administration’s pub­lic state­ment echoed one in mid-Decem­ber when it pub­licly blamed North Korea for a dam­ag­ing ran­somware attack known as Wan­nacry. In that case, how­ev­er, the Unit­ed States did not fol­low up with stiff penal­ties, in part because North Korea was already under heavy sanc­tions for its nuclear and bal­lis­tic mis­sile pro­grams.

    “Pres­i­dent Trump has used just about every lever you can use, short of starv­ing the peo­ple of North Korea, to change their behav­ior,” the home­land secu­ri­ty advis­er, Thomas P. Bossert, said at the time. “So we don’t have a lot of room left here to apply pres­sure.”

    Pun­ish­ing oth­er nations for cyber­at­tacks has proven exceed­ing­ly dif­fi­cult, par­tic­u­lar­ly when the play­ers are as sophis­ti­cat­ed as North Korea and Rus­sia. The Russ­ian gov­ern­ment flat­ly denied the alle­ga­tions that it car­ried out the attack.

    “We think they have no basis and no foun­da­tion, and this is noth­ing else but the con­tin­u­a­tion of the Rus­so-pho­bic cam­paign,” the Kremlin’s spokesman, Dmit­ry Peskov, told reporters.

    The admin­is­tra­tion had planned to issue the state­ment a day ear­li­er to coin­cide with that of the British, accord­ing to a senior offi­cial, but delayed it after the dead­ly school shoot­ing in Park­land, Fla.

    The White House state­ment made no men­tion of an embar­rass­ing relat­ed fact: The Not­Petya attacks took advan­tage of vul­ner­a­bil­i­ties iden­ti­fied by the Nation­al Secu­ri­ty Agency and then made pub­lic by a group call­ing itself the Shad­ow Bro­kers.

    The Shad­ow Bro­kers, which some offi­cials believe to be a front for Russ­ian intel­li­gence, obtained many of the N.S.A.’s most valu­able hack­ing tools, either by break­ing into the agency’s com­put­er net­works or with the help of an insid­er. The group has post­ed much of the stolen mal­ware on the web; North Korea’s hack­ers prob­a­bly used the tools in their attack.

    In a ran­somware attack, the victim’s files are encrypt­ed, lock­ing them out of their own com­put­er sys­tems, until they pay a ran­som. Cyber­se­cu­ri­ty researchers esti­mate that crim­i­nals made more than $1 bil­lion through these attacks last year, with vic­tims rang­ing from the chief exec­u­tives of major com­pa­nies to small busi­ness­es and pri­vate indi­vid­u­als.

    While the motive for many ran­somware attacks is finan­cial, Russia’s involve­ment sug­gests it was part of a broad­er strat­e­gy to desta­bi­lize Ukraine that dates back to Russia’s annex­a­tion of Crimea in 2014.

    The Not­Petya attack orig­i­nat­ed in Ukraine, accord­ing to secu­ri­ty researchers, appar­ent­ly timed to strike a day before a hol­i­day mark­ing the 1996 adop­tion of Ukraine’s first con­sti­tu­tion. It even­tu­al­ly spread to 64 coun­tries, includ­ing Poland, Ger­many, Italy, and Rus­sia itself.

    The administration’s action came as intel­li­gence agen­cies warned that Rus­sia was already med­dling in the Amer­i­can midterm elec­tions, using bots and oth­er fake accounts on social media to spread dis­in­for­ma­tion.

    “We expect Rus­sia to con­tin­ue using pro­pa­gan­da, social media, false-flag per­sonas, sym­pa­thet­ic spokes­peo­ple and oth­er means of influ­ence to try to exac­er­bate social and polit­i­cal fis­sures in the Unit­ed States,” Dan Coats, the direc­tor of nation­al intel­li­gence, told the Sen­ate Intel­li­gence Com­mit­tee at its annu­al hear­ing on world­wide threats.

    ...

    ———-

    “U.S. Con­demns Rus­sia for Cyber­at­tack, Show­ing Split in Stance on Putin” by MARK LANDLER and SCOTT SHANE; The New York Times; 02/15/2018

    “The White House state­ment made no men­tion of an embar­rass­ing relat­ed fact: The Not­Petya attacks took advan­tage of vul­ner­a­bil­i­ties iden­ti­fied by the Nation­al Secu­ri­ty Agency and then made pub­lic by a group call­ing itself the Shad­ow Bro­kers.

    Uh...yeah, that’s a pret­ty embar­rass­ing relat­ed fact. So the NSA hack­ing tools get dumped to the world, some­one uses some of those tools to cre­ate a vir­u­lent ran­somware attack, and almost a year lat­er the White House for­mal­ly charges the Russ­ian mil­i­tary for this with­out even acknowl­edg­ing that this code was pub­licly avail­able.

    Now, of course, it’s pos­si­ble that Not­Petya was cre­at­ed and released by the Russ­ian mil­i­tary, in which case the charges of reck­less­ness would be extreme­ly appro­pri­ate giv­en the poten­tial dam­age this kind of mal­ware could poten­tial­ly cause. Dam­age like lock­ing the com­put­er sys­tems in hos­pi­tals. So if actu­al evi­dence emerges that the Russ­ian mil­i­tary was behind this then the world real­ly should be pret­ty damn pissed at the GRU. It just, you know, very pos­si­ble that any oth­er hack­er or gov­ern­ment in the world could have done exact­ly the same thing after the Shad­ow Bro­kers released that code.

    But here we are, with the US for­mal­ly mak­ing this attri­bu­tion and threat­en­ing “inter­na­tion­al con­se­quences” in response. Maybe those con­se­quences will be more sanc­tions, or per­haps some sort of covert mea­sures:

    ...
    The White House threat­ened unspec­i­fied “inter­na­tion­al con­se­quences” for the attack, which it said “was part of the Kremlin’s ongo­ing effort to desta­bi­lize Ukraine and demon­strates ever more clear­ly Russia’s involve­ment in the ongo­ing con­flict.”

    ...

    Admin­is­tra­tion offi­cials declined to say what steps the Unit­ed States would take against Rus­sia. But they could include both sanc­tions against Russ­ian offi­cials involved in the attack and covert mea­sures — any of which would be like­ly to fray an already frag­ile rela­tion­ship.
    ...

    So it looks like any nation or group in the world that would like to exac­er­bate ten­sions between the US and Rus­sia has a pret­ty straight­for­ward way to do that: cre­ate mal­ware using the Shad­ow Bro­kers tools and release it in Ukraine. It’s all the evi­dence that will be required.

    Posted by Pterrafractyl | February 15, 2018, 10:13 pm
  18. It’s been an indict­ment-o-rama for the Mueller probe of late. And that now includes 13 employ­ees from the Inter­net Research Agency, a.k.a the ‘Krem­lin troll farm’.

    As we’ve already seen, the Inter­net Research Agen­cy’s activ­i­ties have pre­vi­ous­ly received quite a bit of atten­tion. Much of that atten­tion has come in the form of nar­ra­tives that depict a vast, sophis­ti­cat­ed Krem­lin-direct­ed dis­in­for­ma­tion cam­paign that was designed to both help Don­ald Trump win the 2016 elec­tion while more gen­er­al­ly try­ing to divide the US pop­u­lace and stoke con­flicts.

    But as we’ve also seen, when you look at the details about the activ­i­ty of the Inter­net Research Agency a much more hap­haz­ard pic­ture emerges. There was indeed bizarre attempts to pay US activists to start provoca­tive ral­lies. But those actions looked less like a real attempts to cause trou­ble and more like ‘proof of con­cept’ actions. And while the online trolling did have a strong­ly pro-Trump and anti-Hillary angle, it also looked more like a click-bait oper­a­tion designed to make mon­ey sell­ing ads than any seri­ous attempt to impact the US elec­tion.

    So did this new indict­ment shed new light on the troll far­m’s activ­i­ties that clear­ly estab­lish that it was indeed a Krem­lin-direct­ed dis­in­for­ma­tion cam­paign designed to get Don­ald Trump elect­ed? Well, it did shed some new light. And there were some sur­pris­es. Sur­pris­es like send­ing oper­a­tives to the US to scope out poten­tial oppor­tu­ni­ties and the the theft of US iden­ti­ties to open bank accounts. And those sur­pris­es were pret­ty much the heart of the actu­al charges in the indict­ment: “The indict­ment charges all of the defen­dants with con­spir­a­cy to defraud the Unit­ed States, three defen­dants with con­spir­a­cy to com­mit wire fraud and bank fraud, and five defen­dants with aggra­vat­ed iden­ti­ty theft”:

    Talk­ing Points Memo
    Muck­rak­er

    Mueller Indicts 13 Rus­sians For Elec­tion Med­dling To Help Trump

    By Alle­gra Kirk­land and Sam Thiel­man
    Feb­ru­ary 16, 2018 1:07 pm

    Spe­cial Coun­sel Robert Mueller on Fri­day announced that a grand jury has indict­ed 13 Russ­ian nation­als and three Russ­ian enti­ties for vio­lat­ing U.S. crim­i­nal laws in con­nec­tion with the cam­paign to inter­fere with the 2016 pres­i­den­tial elec­tion in sup­port of Don­ald Trump.

    “The indict­ment charges all of the defen­dants with con­spir­a­cy to defraud the Unit­ed States, three defen­dants with con­spir­a­cy to com­mit wire fraud and bank fraud, and five defen­dants with aggra­vat­ed iden­ti­ty theft,” a state­ment from the spe­cial counsel’s office said.

    The 37-page indict­ment lays out in exten­sive detail how, pros­e­cu­tors say, Russia’s Inter­net Research Agency in 2014 ini­ti­at­ed an effort to sys­tem­at­i­cal­ly inter­fere “with the U.S. polit­i­cal and elec­toral process­es, includ­ing the pres­i­den­tial elec­tion of 2016.”

    The elab­o­rate, mul­ti-mil­lion-dol­lar project involved stag­ing on-the-ground protests in the Unit­ed States, cre­at­ing hun­dreds of social media accounts pre­tend­ing to be Amer­i­can cit­i­zens, try­ing to sup­press minor­i­ty vot­er turnout, and even pro­mot­ing false claims that Democ­rats com­mit­ted vot­er fraud.

    Deputy Attor­ney Gen­er­al Rod Rosen­stein, who over­sees the Mueller probe, announced in a Fri­day press con­fer­ence that there was “no alle­ga­tion in this indict­ment that any Amer­i­can was a know­ing par­tic­i­pant in this activ­i­ty.”

    Accord­ing to the indict­ment, the defen­dants posed as Amer­i­cans — and in some cas­es stole the iden­ti­ties of real U.S. cit­i­zens — to oper­ate social media pages and hold polit­i­cal ral­lies intend­ed to sow dis­trust of the U.S. polit­i­cal sys­tem and influ­ence Amer­i­cans’ votes. As part of the Inter­net Research Agency’s so-called “trans­la­tor project,” the defen­dants used YouTube, Face­book, Insta­gram, Twit­ter and oth­er online plat­forms to con­duct what they referred to as “infor­ma­tion war­fare.”

    “By ear­ly to mid-2016, Defen­dants’ oper­a­tions includ­ed sup­port­ing the pres­i­den­tial cam­paign of then-can­di­date Don­ald J. Trump (“Trump cam­paign”) and dis­parag­ing Hillary Clin­ton,” the indict­ment reads.

    “They engaged in oper­a­tions pri­mar­i­ly intend­ed to com­mu­ni­cate deroga­to­ry infor­ma­tion about Hillary Clin­ton, to den­i­grate oth­er can­di­dates such as Ted Cruz and Mar­co Rubio, and to sup­port Bernie Sanders and then-can­di­date Don­ald Trump,” it adds lat­er.

    Start­ing in 2015, the defen­dants also spent “thou­sands of U.S. dol­lars every month,” on paid adver­tise­ments to pro­mote social media group pages they cre­at­ed that were devot­ed to hot-but­ton issues like immi­gra­tion and Black Lives Mat­ter, the indict­ment says. Their social media accounts achieved sig­nif­i­cant online fol­low­ings, with Don­ald Trump even respond­ing to a tweet from their account @TEN_GOP, which pre­tend­ed to be the offi­cial account for the Ten­nessee Repub­li­can Par­ty.

    The Rus­sians took elab­o­rate steps to hide their fin­ger­prints. Some vis­it­ed the U.S. under false pre­tens­es to obtain intel­li­gence, and “pro­cured and used com­put­er infra­struc­ture” that would “hide the Russ­ian ori­gin of their activ­i­ties,” accord­ing to the indict­ment.

    They also made use of a web of LLCs to con­ceal the source of their fund­ing, which was con­trolled by Yev­geniy Prigozhin, a Russ­ian oli­garch and ally of Pres­i­dent Vladimir Putin. Prigozhin’s com­pa­nies Con­cord Man­age­ment and Con­sult­ing LLC and Con­cord Cater­ing were the “pri­ma­ry source of fund­ing” for inter­fer­ence oper­a­tions, per the indict­ment.

    Pros­e­cu­tors say the Inter­net Research Agency’s bud­get requests to Con­cord amount­ed to some $1,250,000 per month as of Sep­tem­ber 2016.

    The Rus­sians also orga­nized on-the-ground ral­lies to boost Trump, accord­ing to the indict­ment, sug­gest­ing the elab­o­rate nature of the Russ­ian effort to influ­ence Amer­i­can vot­ers.

    The Kremlin’s oper­a­tion con­duct­ed out­reach to grass­roots Trump cam­paign­ers in Flori­da over the inter­net in the sum­mer and fall of 2016, say­ing they hoped to hold ral­lies for Trump across the state. On August 15, the Russ­ian oper­a­tors got an email from an unnamed Trump cam­paign work­er iden­ti­fied as the “Chair for the Trump Cam­paign” in a par­tic­u­lar Flori­da coun­ty, sug­gest­ing two more sites for ral­lies. The indict­ment does not allege that any­one on the Trump cam­paign knew they were work­ing with Rus­sians.

    Accord­ing to the indict­ment the Rus­sians wired an Amer­i­can mon­ey to build a cage for a fake Hillary Clin­ton for a Flori­da ral­ly on August 5, which made nation­al news; it also wired one group mon­ey for anoth­er event in Flori­da in Sep­tem­ber and took out adver­tis­ing for a ral­ly orga­nized for 9/11 in New York City. The group paid the same actor—an American—who had played Clin­ton in the Flori­da ral­ly to reprise the role on Sep­tem­ber 11.

    The group also reached out to a Tex­an pro-Trump grass­roots orga­ni­za­tion that was already advis­ing the Russ­ian team to focus on swing states; the Amer­i­can said he or she would pro­vide social media con­tacts for yet more out­reach. By August 24, the Russ­ian group had a list of 100 Amer­i­cans they had con­tact­ed, along with a sum­ma­ry of each person’s polit­i­cal views and what they had been asked by the Russ­ian group to do.

    As soon as Trump was elect­ed, the Rus­sians began work­ing to under­mine him and sow fur­ther dis­cord, the indict­ment says. On Nov. 12, two groups held ral­lies, one to “show your sup­port for Pres­i­dent-Elect Don­ald Trump,” anoth­er through a group called “Trump is NOT my Pres­i­dent.” The Krem­lin orga­nized both of them.

    This elab­o­rate con­spir­a­cy was made pos­si­ble in part by the theft of the social secu­ri­ty num­bers, home address­es, and birth dates of real U.S. per­sons, which allowed the defen­dants to open U.S. bank and Pay­Pal accounts.

    Once the defen­dants got wind that U.S. inves­ti­ga­tors were on to them, they began destroy­ing evi­dence, includ­ing emails and social media accounts, accord­ing to the indict­ment.

    In one Sept. 2017 email cit­ed by pros­e­cu­tors, defen­dant Iri­na Kaverz­i­na wrote to a fam­i­ly mem­ber: “We had a slight cri­sis here at work: the FBI bust­ed our activ­i­ty (not a joke). So, I got pre­oc­cu­pied with cov­er­ing tracks togeth­er with the col­leagues.”

    Kaverz­i­na added: “I cre­at­ed all these pic­tures and posts, and the Amer­i­cans believed that it was writ­ten by their peo­ple.”

    ...
    ———-

    “Mueller Indicts 13 Rus­sians For Elec­tion Med­dling To Help Trump” by Alle­gra Kirk­land and Sam Thiel­man; Talk­ing Points Memo; 02/16/2018

    ““The indict­ment charges all of the defen­dants with con­spir­a­cy to defraud the Unit­ed States, three defen­dants with con­spir­a­cy to com­mit wire fraud and bank fraud, and five defen­dants with aggra­vat­ed iden­ti­ty theft,” a state­ment from the spe­cial counsel’s office said.”

    A con­spir­a­cy to defraud the Unit­ed States. That’s the gen­er­al charge that appears to cov­er the ‘med­dling in the US elec­tion’ cam­paign. And giv­en the cir­cum­stances it’s not an unex­pect­ed charge.

    Far more sur­pris­ing were the charges issued against a sub­set of the defen­dants: Wire fraud, bank fraud, and aggra­vat­ed iden­ti­ty theft. It’s sur­pris­ing because when you look at the evi­dence of the impact this trolling cam­paign actu­al­ly had on the 2016 elec­tion there’s no evi­dence that it had a mean­ing­ful impact at all. And yet the Inter­net Research Agency appar­ent­ly sent oper­a­tives to the US while wire fraud, bank fraud, and iden­ti­ty theft was being car­ries out. That seems like a pret­ty big risk, at least for the oper­a­tives who trav­eled to the US:

    ...
    Accord­ing to the indict­ment, the defen­dants posed as Amer­i­cans — and in some cas­es stole the iden­ti­ties of real U.S. cit­i­zens — to oper­ate social media pages and hold polit­i­cal ral­lies intend­ed to sow dis­trust of the U.S. polit­i­cal sys­tem and influ­ence Amer­i­cans’ votes. As part of the Inter­net Research Agency’s so-called “trans­la­tor project,” the defen­dants used YouTube, Face­book, Insta­gram, Twit­ter and oth­er online plat­forms to con­duct what they referred to as “infor­ma­tion war­fare.”

    ...

    The Rus­sians took elab­o­rate steps to hide their fin­ger­prints. Some vis­it­ed the U.S. under false pre­tens­es to obtain intel­li­gence, and “pro­cured and used com­put­er infra­struc­ture” that would “hide the Russ­ian ori­gin of their activ­i­ties,” accord­ing to the indict­ment.

    They also made use of a web of LLCs to con­ceal the source of their fund­ing, which was con­trolled by Yev­geniy Prigozhin, a Russ­ian oli­garch and ally of Pres­i­dent Vladimir Putin. Prigozhin’s com­pa­nies Con­cord Man­age­ment and Con­sult­ing LLC and Con­cord Cater­ing were the “pri­ma­ry source of fund­ing” for inter­fer­ence oper­a­tions, per the indict­ment.

    This elab­o­rate con­spir­a­cy was made pos­si­ble in part by the theft of the social secu­ri­ty num­bers, home address­es, and birth dates of real U.S. per­sons, which allowed the defen­dants to open U.S. bank and Pay­Pal accounts.
    ...

    But per­haps what’s most sur­pris­ing is the bud­get of this oper­a­tion, which appar­ent­ly peaked at $1,250,000 per month as of Sep­tem­ber 2016:

    ...
    Pros­e­cu­tors say the Inter­net Research Agency’s bud­get requests to Con­cord amount­ed to some $1,250,000 per month as of Sep­tem­ber 2016.
    ...

    And this elab­o­rate, yet dubi­ous­ly effec­tive, psy­cho­log­i­cal war­fare oper­a­tion was appar­net­ly start­ed in 2014 accord­ing to the indict­ment:

    ...
    The 37-page indict­ment lays out in exten­sive detail how, pros­e­cu­tors say, Russia’s Inter­net Research Agency in 2014 ini­ti­at­ed an effort to sys­tem­at­i­cal­ly inter­fere “with the U.S. polit­i­cal and elec­toral process­es, includ­ing the pres­i­den­tial elec­tion of 2016.”

    The elab­o­rate, mul­ti-mil­lion-dol­lar project involved stag­ing on-the-ground protests in the Unit­ed States, cre­at­ing hun­dreds of social media accounts pre­tend­ing to be Amer­i­can cit­i­zens, try­ing to sup­press minor­i­ty vot­er turnout, and even pro­mot­ing false claims that Democ­rats com­mit­ted vot­er fraud.

    Deputy Attor­ney Gen­er­al Rod Rosen­stein, who over­sees the Mueller probe, announced in a Fri­day press con­fer­ence that there was “no alle­ga­tion in this indict­ment that any Amer­i­can was a know­ing par­tic­i­pant in this activ­i­ty.”
    ...

    And this oper­a­tion kept going well after the 2016 elec­tion, as evi­denced by the fact that the defen­dants appar­ent­ly start­ed destroy­ing evi­dence in Sep­tem­ber 2017 after the FBI ‘bust­ed their activ­i­ty’:

    ...
    Once the defen­dants got wind that U.S. inves­ti­ga­tors were on to them, they began destroy­ing evi­dence, includ­ing emails and social media accounts, accord­ing to the indict­ment.

    In one Sept. 2017 email cit­ed by pros­e­cu­tors, defen­dant Iri­na Kaverz­i­na wrote to a fam­i­ly mem­ber: “We had a slight cri­sis here at work: the FBI bust­ed our activ­i­ty (not a joke). So, I got pre­oc­cu­pied with cov­er­ing tracks togeth­er with the col­leagues.”

    Kaverz­i­na added: “I cre­at­ed all these pic­tures and posts, and the Amer­i­cans believed that it was writ­ten by their peo­ple.”
    ...

    So that’s an overview of the big indict­ment. An indict­ment that is wide­ly char­ac­ter­ized as pro­vid­ing ample proof of an elab­o­rate, awe-inspir­ing mas­sive psy­cho­log­i­cal war­fare oper­a­tion ordered by Vladimir Putin.

    And yet it’s hard to ignore the fact that it’s hard to imag­ine that this entire oper­a­tion would­n’t have been entire­ly ignored as just ran­dom noise if it was­n’t for the hack­ing of the DNC and sub­se­quent release of those hacked doc­u­ments. Because that’s how inef­fec­tu­al this mul­ti-year trolling oper­a­tion appears to have been. Unless, of course, more evi­dence comes out lat­er detail­ing a much broad­er and more impact­ful array of activ­i­ties ema­nat­ing from the troll farm. But at this point, even when you include all new details about this oper­a­tion pro­vid­ed by the indict­ment, it’s not like those new details include new details point­ing towards a pre­vi­ous­ly unrec­og­nized lev­el of effec­tive­ness of this trolling oper­a­tion. The new details are on aspects like the iden­ti­ty theft and sur­pris­ing­ly large bud­get. A sur­pris­ing­ly large bud­get that’s still almost noth­ing com­pared to the +$2 bil­lion spent over­all dur­ing the cam­paign.

    Addi­tion­al­ly, as Adrien Chen, the Amer­i­can jour­nal­ist who wrote one of the first big pieces on the Inter­net Research Agency in 2015, points out in the fol­low­ing piece respond­ing to the indict­ments, the indict­ment does­n’t actu­al­ly spec­i­fy who ordered this pro­fes­sion­al trolling cam­paign. Was it some­one high­er in the Krem­lin? Putin him­self? Or, as some sources sug­gest­ed to Chen back in 2015, was entire troll farm oper­a­tion under­tak­en inde­pen­dent­ly from the Krem­lin, but done with the pur­pose of cur­ry­ing favor with Putin?

    The New York­er

    What Mueller’s Indict­ment Reveals About Russia’s Inter­net Research Agency

    By Adri­an Chen
    Feb­ru­ary 16, 2018

    Accord­ing to U.S. intel­li­gence agen­cies, the Russ­ian effort to inter­fere in the 2016 Pres­i­den­tial elec­tion had two prongs. One was the hack­ing and leak­ing of e‑mails from the Demo­c­ra­t­ic Nation­al Com­mit­tee and Hillary Clinton’s cam­paign chair­man, John Podes­ta. The sec­ond was a cam­paign of mis­in­for­ma­tion and pro­pa­gan­da car­ried out large­ly over social media. The charges that the spe­cial coun­sel, Robert Mueller, issued on Fri­day con­cern sole­ly the sec­ond prong. The indict­ment names thir­teen Rus­sians, twelve of whom worked for a shad­owy, Krem­lin-con­nect­ed out­fit called the Inter­net Research Agency. The Agency has been linked to a cam­paign of online dis­in­for­ma­tion that includ­ed the cre­ation of hun­dreds of fake polit­i­cal pages on Face­book and accounts on Twit­ter that were pre­sent­ed as belong­ing to every­day Amer­i­cans; dur­ing the elec­tion, accord­ing to the indict­ment, this dis­in­for­ma­tion cam­paign was aimed at boost­ing Don­ald Trump, under­min­ing Hillary Clin­ton, and sow­ing gen­er­al “polit­i­cal dis­cord” in the Unit­ed States by sup­port­ing rad­i­cal caus­es on both sides. It was sort of like a cut­ting-edge social-media mar­ket­ing oper­a­tion run, as the indict­ment alleges, by a St. Peters­burg-based oli­garch named Yevge­ny Prigozhin.

    Much of the infor­ma­tion in the indict­ment isn’t new. The Agency was first noticed by Russ­ian media out­lets in 2014, when it was ded­i­cat­ed main­ly to spread­ing online pro­pa­gan­da in sup­port of pro-Russ­ian sep­a­ratists in the Ukraine con­flict. In the spring of 2015, when the idea of a Pres­i­dent Don­ald Trump was still a laugh­able fan­ta­sy, I trav­elled to St. Peters­burg to inves­ti­gate the Agency, which had recent­ly start­ed exper­i­ment­ing with tar­get­ing audi­ences out­side Rus­sia. As I con­duct­ed my report­ing, I was myself the tar­get of an elab­o­rate smear cam­paign to label me a neo-Nazi sym­pa­thiz­er and U.S. intel­li­gence agent—an ear­ly use of the kind of bizarre tac­tics that have been doc­u­ment­ed by numer­ous inves­ti­ga­tions in both the Russ­ian and West­ern media, and by the inter­nal inves­ti­ga­tions of social-media com­pa­nies.

    Yet the new indict­ment offers the most com­plete look yet at the Agency’s inter­nal work­ings. Mueller’s inves­ti­ga­tors dis­cov­ered that the Agency used a net­work of shell com­pa­nies— enti­ties with names like Medi­aS­in­tez LLC, GlavSet LLC, and Mix­In­fo LLC—to hide its activ­i­ties and fund­ing. The indict­ment alleges that the Agency employed hun­dreds of work­ers, and that by Sep­tem­ber, 2016, it had a month­ly bud­get of more than $1.25 mil­lion. The doc­u­ment details how the Agency’s “spe­cial­ists” worked in day and night shifts, and the way they were con­stant­ly try­ing to mea­sure the effect of their efforts. The employ­ees ran fake con­ser­v­a­tive Twit­ter and Face­book accounts, and even planned (sparse­ly attend­ed) real-life ral­lies.

    ...

    Back in 2016, I noticed that many of the Agency accounts I had uncov­ered in my inves­ti­ga­tion were tweet­ing pro-Trump con­tent. Accord­ing to the indict­ment, one memo dis­trib­uted by Agency man­agers instruct­ed employ­ees to “use any oppor­tu­ni­ty to crit­i­cize Hillary and the rest (except Sanders and Trump–we sup­port them.)” After an inter­nal Agency review deter­mined that a Face­book page called Secured Bor­ders was not post­ing enough con­tent crit­i­cal of Clin­ton, an order went out say­ing that “it is imper­a­tive to inten­si­fy crit­i­ciz­ing Hillary Clin­ton” in future posts.

    Yet the indict­ment does not shed light on the extent to which the Krem­lin and, specif­i­cal­ly, the Russ­ian Pres­i­dent, Vladimir Putin, were involved in the Agency’s work. Nor does the indict­ment move us any clos­er to a con­clu­sion regard­ing whether any­one in the Trump cam­paign col­lud­ed with the Russ­ian oper­a­tion. The chain of com­mand as detailed by the indict­ment stops at Prigozhin, who has long been iden­ti­fied as the chief archi­tect of the Agency. The Times has iden­ti­fied Prigozhin as Putin’s “go-to oli­garch” for “a vari­ety of sen­si­tive and often-unsa­vory mis­sions, like recruit­ing con­tract sol­diers to fight in Ukraine and Syr­ia.” Yet Mueller’s new indict­ment does not claim that Putin per­son­al­ly ordered the Agency to turn into a pro-Trump pro­pa­gan­da machine. When I was report­ing on the Agency, some sources sug­gest­ed to me that it was a project under­tak­en inde­pen­dent­ly, in order to cur­ry favor with Putin.

    None of the Rus­sians named in the indict­ment face the prospect of tes­ti­fy­ing before an Amer­i­can jury any­time soon. And, with the 2018 midterms approach­ing, one ques­tion is to what extent the Inter­net Research Agency is still oper­at­ing. Reports about the Agency, stoked by fear­mon­ger­ing “infor­ma­tion war­fare” experts, have cre­at­ed as much para­noia as the orig­i­nal dis­in­for­ma­tion cam­paign. The kind of clar­i­ty offered in Mueller’s indict­ment would be use­ful in under­stand­ing the struc­ture and scope of Russ­ian trolling activ­i­ties today.

    ———-

    “What Mueller’s Indict­ment Reveals About Russia’s Inter­net Research Agency” by Adri­an Chen; The New York­er; 02/16/2018

    Yet the indict­ment does not shed light on the extent to which the Krem­lin and, specif­i­cal­ly, the Russ­ian Pres­i­dent, Vladimir Putin, were involved in the Agency’s work. Nor does the indict­ment move us any clos­er to a con­clu­sion regard­ing whether any­one in the Trump cam­paign col­lud­ed with the Russ­ian oper­a­tion. The chain of com­mand as detailed by the indict­ment stops at Prigozhin, who has long been iden­ti­fied as the chief archi­tect of the Agency. The Times has iden­ti­fied Prigozhin as Putin’s “go-to oli­garch” for “a vari­ety of sen­si­tive and often-unsa­vory mis­sions, like recruit­ing con­tract sol­diers to fight in Ukraine and Syr­ia.” Yet Mueller’s new indict­ment does not claim that Putin per­son­al­ly ordered the Agency to turn into a pro-Trump pro­pa­gan­da machine. When I was report­ing on the Agency, some sources sug­gest­ed to me that it was a project under­tak­en inde­pen­dent­ly, in order to cur­ry favor with Putin.

    And that’s one of the most notable aspect of this indict­ment: what it did­n’t include. Like evi­dence that it real­ly was a Krem­lin-direct­ed oper­a­tion and not some­thing either inde­pen­dent­ly con­duct­ed by an oli­garch try­ing to cur­ry favor with Putin or, per­haps, just a for-prof­it oper­a­tion based on the recog­ni­tion that trolling Amer­i­cans online can be incred­i­bly prof­itable.

    But there were some oth­er rather sur­pris­ing details in the indict­ment that Josh Mar­shall not­ed in a TPM Prime piece (“Notes on Mueller’s New Indict­ments”) (behind a pay­wall, well worth the price of admis­sion) that add impor­tant con­text to not just the sto­ry of the Inter­net Research Agency but the hack­ing cam­paign too.

    For starters, as Mar­shall notes, the indict­ment hints at one or more coop­er­at­ing wit­ness who pro­vid­ed a large amount of details about the US gov­ern­ment. The indict­ment con­tains ref­er­ences to inter­nal com­pa­ny emails. And while some of the Inter­net Research Agency oper­a­tives are named, some aren’t named. That points towards some of these indi­vid­u­als coop­er­at­ing with US inves­ti­ga­tors. So it’s very pos­si­ble the Mueller probe knows a lot more than is being let on at this point.

    Also, as Mar­shall notes, it appears that the Inter­net Research Agency oper­a­tives were get­ting con­cerned about their oper­a­tions being dis­cov­ered back in 2014 and 2015 and start­ed delet­ing email accounts back then: Here’s the par­tic­u­lar pas­sage in the indict­ment he points to (page 24 of the indict­ment):

    ...
    Destruc­tion of Evi­dence

    58. In order to avoid detec­tion and impede inves­ti­ga­tion by U.S. author­i­ties of Defen­dants’ oper­a­tions, Defen­dants and their co-con­spir­a­tors delet­ed and destroyed data, includ­ing emails, social media accounts, and oth­er evi­dence of their activ­i­ties.

    a. Begin­ning in or around June 2014, and con­tin­u­ing into June 2015, pub­lic report­ing began to iden­ti­fy oper­a­tions con­duct­ed by the ORGANIZATION in the Unit­ed States. In response, Defen­dants and their co-con­spir­a­tors delet­ed email accounts used to con­duct their oper­a­tions.

    b. Begin­ning in or around Sep­tem­ber 2017, U.S. social media com­pa­nies, start­ing with Face­book, pub­licly report­ed that they had iden­ti­fied Russ­ian expen­di­tures on their plat­forms to fund polit­i­cal and social adver­tise­ments. Facebook’s ini­tial dis­clo­sure of the Russ­ian pur­chas­es occurred on or about Sep­tem­ber 6, 2017, and includ­ed a state­ment that Face­book had “shared [its] find­ings with US author­i­ties inves­ti­gat­ing these issues.”

    ...

    So US inves­ti­ga­tors appear to have the kind of infor­ma­tion that indi­cates that these Inter­net Research Agency employ­ees were tak­ing steps to cov­er their tracks going to 2014. Which, as Mar­shall point out in the piece, is rather eye­brow-rais­ing because the first piece of jour­nal­ism that exposed the Inter­net Research Agency was pub­lished by Adrien Chen in 2015. What was it that caused these indi­vid­u­als to delete email accounts over con­cerns that they were ‘dis­cov­ered’ back in 2014? It’s a pret­ty sig­nif­i­cant mys­tery tucked away in that indict­ment. But when you con­sid­er that the indict­ment appears to indi­cate that US inves­ti­ga­tors have much more undis­closed infor­ma­tion on the oper­a­tions of the Inter­net Research Agency it will be inter­est­ing to see if infor­ma­tion on what exact­ly spooked the troll farm back in 2014 and 2015 is even­tu­al­ly revealed.

    And that brings us to one of the more remark­able sto­ries about this entire #TrumpRus­sia saga. It’s a sto­ry that adds a sig­nif­i­cant con­text to both this new indict­ment of the Inter­net Research Agency that goes back to 2014 and also adds sig­nif­i­cant con­text to the pri­or reports on the ‘Cozy Bear’ of 2015. It was a sto­ry pub­lished last month in a Dutch pub­li­ca­tion about a remark­able series of hacks and cyber-bat­tles between Dutch gov­ern­ment hack­ers and....*drum roll*...Cozy Bear! Yep, Dutch gov­ern­ment hack­ers in the AIVD intel­li­gence agency report­ed­ly hacked Cozy Bear’s hack­ing head­quar­ters in 2014.

    Not only that, but they appar­ent­ly hacked a secu­ri­ty cam­era for the hall­way of the build­ing that watched who entered and exit­ed the room where the hack­ers worked and actu­al­ly watched the hack­ers come and go from work. And it all start­ed around mid-2014. The Dutch informed the NSA, and they joint­ly fought against Russ­ian And those bat­tles report­ed­ly include the ini­tial 2015 hack of the DNC’s serv­er. The Dutch hack­ers lit­er­al­ly watched the hack in real-time and the NSA was made aware of this ear­ly on. Again, it’s a pret­ty remark­able sto­ry.

    So at the same time this Inter­net Research Agency trolling team was alleged­ly get­ting up and run­ning on its US oper­a­tions in 2014 and 2015 and delet­ing email account over wor­ries of get­ting caught, there was appar­ent­ly a very active hack­ing war tak­ing place between the ‘Cozy Bear’ attack­er and NSA defend­ers on numer­ous US gov­ern­ment sys­tems. And Dutch hack­ers were watch­ing and assist­ing the NSA the whole time. Lit­er­al­ly watch­ing the hack­ers over secu­ri­ty cam­eras in some cas­es. That’s what was report­ed last month in a Dutch news­pa­per based on the accounts of six anony­mous US and Dutch indi­vid­u­als famil­iar with the sto­ry.

    But before we take a look at that arti­cle, first recall the ear­li­er report­ing about Robert John­ston who led the Crowd­Strike inves­ti­ga­tion into the DNC serv­er hack. Back in the sum­mer of 2015, John­ston was a cap­tain in the Marine Corps lead­ing the new­ly formed Cyber Pro­tec­tion Team 81 for the US mil­i­tary. And accord­ing to John­ston, the ‘Cozy Bear’ hack was done around May of 2015 and that it was part of a much large, and very ‘noisy’, hack­ing cam­paign that tar­get­ed 50,000–60,000 peo­ple. John­ston char­ac­ter­ized this as a major change in tac­tics for Russ­ian gov­ern­ment hack­ers. Accord­ing to Robert John­ston, it was as if the hack­ers did­n’t care who was watch­ing them. Also recall that when the ‘Fan­cy Bear’ hack was first report­ed on in July of 2016, US intel­li­gence offi­cials report­ed­ly sus­pect­ed that it was inten­tion­al­ly done to leave ‘Russ­ian hack­er’ fin­ger­prints all over the hack in show that Moscow is a “cyber­pow­er” that Wash­ing­ton should respect. That’s what was report­ed at the time. It’s impor­tant pieces of con­text for both the sto­ry of the Inter­net Research Agency trolling cam­paign and the Dutch hack­er intrigue.

    Also note that it was indeed report­ed in March of 2015 that the State Depart­ment did indeed expe­ri­ence its worst hack ever in the Fall of 2014. And that hack, and a 24 hour bat­tle between ‘Cozy Bear’ and the NSA to expel them from the State Depart­men­t’s servers, is at the cen­ter of the fol­low­ing report about the Dutch hack­ers.

    So, with all that in mind, behold the remark­able sto­ry of the Dutch hack­ers hack­ing ‘Cozy Bear’ and watch­ing the ini­tial DNC hack in real-time:

    de Volk­skrant

    Dutch agen­cies pro­vide cru­cial intel about Rus­si­a’s inter­fer­ence in US-elec­tions

    Hack­ers from the Dutch intel­li­gence ser­vice AIVD have pro­vid­ed the FBI with cru­cial infor­ma­tion about Russ­ian inter­fer­ence with the Amer­i­can elec­tions. For years, AIVD had access to the infa­mous Russ­ian hack­er group Cozy Bear. That’s what de Volk­skrant and Nieuw­su­ur have uncov­ered in their inves­ti­ga­tion.

    Door: Huib Mod­derkolk 25 jan­u­ari 2018, 21:00

    It’s the sum­mer of 2014. A hack­er from the Dutch intel­li­gence agency AIVD has pen­e­trat­ed the com­put­er net­work of a uni­ver­si­ty build­ing next to the Red Square in Moscow, obliv­i­ous to the impli­ca­tions. One year lat­er, from the AIVD head­quar­ters in Zoeter­meer, he and his col­leagues wit­ness Russ­ian hack­ers launch­ing an attack on the Demo­c­ra­t­ic Par­ty in the Unit­ed States. The AIVD hack­ers had not infil­trat­ed just any build­ing; they were in the com­put­er net­work of the infa­mous Russ­ian hack­er group Cozy Bear. And unbe­knownst to the Rus­sians, they could see every­thing.

    That’s how the AIVD becomes wit­ness to the Russ­ian hack­ers harass­ing and pen­e­trat­ing the lead­ers of the Demo­c­ra­t­ic Par­ty, trans­fer­ring thou­sands of emails and doc­u­ments. It won’t be the last time they alert their Amer­i­can coun­ter­parts. And yet, it will be months before the Unit­ed States real­ize what this warn­ing means: that with these hacks the Rus­sians have inter­fered with the Amer­i­can elec­tions. And the AIVD hack­ers have seen it hap­pen­ing before their very eyes.

    The Dutch access pro­vides cru­cial evi­dence of the Russ­ian involve­ment in the hack­ing of the Demo­c­ra­t­ic Par­ty, accord­ing to six Amer­i­can and Dutch sources who are famil­iar with the mate­r­i­al, but wish to remain anony­mous. It’s also grounds for the FBI to start an inves­ti­ga­tion into the influ­ence of the Russ­ian inter­fer­ence on the elec­tion race between the Demo­c­ra­t­ic can­di­date Hillary Clin­ton and the Repub­li­can can­di­date Don­ald Trump.

    ‘High con­fi­dence’

    ...

    Three Amer­i­can intel­li­gence ser­vices state with ‘high con­fi­dence’ that the Krem­lin was behind the attack on the Demo­c­ra­t­ic Par­ty. That cer­tain­ty, sources say, is derived from the AIVD hack­ers hav­ing had access to the office-like space in the cen­ter of Moscow for years. This is so excep­tion­al that the direc­tors of the fore­most Amer­i­can intel­li­gence ser­vices are all too hap­py to receive the Dutch­men. They pro­vide tech­ni­cal evi­dence for the attack on the Demo­c­ra­t­ic Par­ty, and it becomes appar­ent that they know a lot more.

    Cozy Bear

    It’s some­what of a ‘fluke’ that the AIVD hack­ers were able to acquire such use­ful infor­ma­tion in 2014. The team uses a CNA, which stands for Com­put­er Net­work Attack. These hack­ers are per­mit­ted to per­form offen­sive oper­a­tions: to pen­e­trate and attack hos­tile net­works. It’s a rel­a­tive­ly small team with­in a larg­er dig­i­tal busi­ness unit of about 80–100 peo­ple. All cyber­op­er­a­tions con­verge here. Part of the unit is focused on inter­cept­ing or man­ag­ing sources, while anoth­er team is ded­i­cat­ed to Com­put­er Net­work Defence. In turn, this team is part of the Joint Sig­int Cyber Unit, a col­lab­o­ra­tive unit of the AIVD and the Dutch Mil­i­tary Intel­li­gence and Secu­ri­ty Ser­vice MIVD, of about 300 peo­ple.

    It’s unknown what exact infor­ma­tion the hack­ers acquire about the Rus­sians, but it is clear that it con­tains a clue as to the where­abouts of one of the most well-known hack­er groups in the world: Cozy Bear, also referred to as APT29. Since 2010, this group has attacked gov­ern­ments, ener­gy cor­po­ra­tions and tele­com com­pa­nies around the world, includ­ing Dutch com­pa­nies and min­istries. Spe­cial­ists from the best intel­li­gence ser­vices, among them the British, the Israelis and the Amer­i­cans, have been hunt­ing Cozy Bear for years, as have ana­lysts from major cyber­se­cu­ri­ty com­pa­nies.

    Vital infor­ma­tion

    The Dutch hack­er team spends weeks prepar­ing itself. Then, in the sum­mer of 2014, the attack takes place, most like­ly before the trag­ic crash of flight MH17. With some effort and patience, the team man­ages to pen­e­trate the inter­nal com­put­er net­work. The AIVD can now trace the Russ­ian hack­ers’ every step. But that’s not all.

    The Cozy Bear hack­ers are in a space in a uni­ver­si­ty build­ing near the Red Square. The group’s com­po­si­tion varies, usu­al­ly about ten peo­ple are active. The entrance is in a curved hall­way. A secu­ri­ty cam­era records who enters and who exits the room. The AIVD hack­ers man­age to gain access to that cam­era. Not only can the intel­li­gence ser­vice now see what the Rus­sians are doing, they can also see who’s doing it. Pic­tures are tak­en of every vis­i­tor. In Zoeter­meer, these pic­tures are ana­lyzed and com­pared to known Russ­ian spies. Again, they’ve acquired infor­ma­tion that will lat­er prove to be vital.

    Rare bat­tle

    The Dutch access to the Russ­ian hack­ers’ net­work soon pays off. In Novem­ber, the Rus­sians pre­pare for an attack on one of their prime tar­gets: the Amer­i­can State Depart­ment. By now, they’ve obtained e‑mail address­es and the login cre­den­tials of sev­er­al civ­il ser­vants. They man­age to enter the non-clas­si­fied part of the com­put­er net­work.

    The AIVD and her mil­i­tary coun­ter­part MIVD inform the NSA-liai­son at the Amer­i­can embassy in The Hague. He imme­di­ate­ly alerts the dif­fer­ent Amer­i­can intel­li­gence ser­vices.

    What fol­lows is a rare bat­tle between the attack­ers, who are attempt­ing to fur­ther infil­trate the State Depart­ment, and its defend­ers, FBI and NSA teams — with clues and intel­li­gence pro­vid­ed by the Dutch. This bat­tle lasts 24 hours, accord­ing to Amer­i­can media.

    The Rus­sians are extreme­ly aggres­sive but do not know they’re being spied on. Thanks to the Dutch spies, the NSA and FBI are able to counter the ene­my with enor­mous speed. The Dutch intel is so cru­cial that the NSA opens a direct line with Zoeter­meer, to get the infor­ma­tion to the Unit­ed States as soon as pos­si­ble.

    Back and forth

    Using so-called com­mand and con­trol servers, dig­i­tal com­mand cen­tres, the Rus­sians attempt to estab­lish a con­nec­tion to the mal­ware in the Depart­ment, in order to request and trans­fer infor­ma­tion. The Amer­i­cans, hav­ing been told by the Dutch where the servers are, repeat­ed­ly and swift­ly cut off access to these servers, fol­lowed each time by anoth­er attempt by the Rus­sians. It goes back and forth like this for 24 hours. After­wards, sources tell CNN that this was ‘the worst hack attack ever’ on the Amer­i­can gov­ern­ment. The Depart­ment has to cut off access to the e‑mail sys­tem for a whole week­end in order to upgrade the secu­ri­ty.

    Luck­i­ly, the NSA was able to find out the means and tac­tics of their attack­ers, deputy direc­tor of the NSA Richard Led­gett states at a dis­cus­sion forum in Aspen in March 2017. ‘So we could see how they were chang­ing their meth­ods. That’s very use­ful infor­ma­tion.’ On the author­i­ty of intel­li­gence ser­vices, Amer­i­can media write that this was thanks to a ‘west­ern ally’. Even­tu­al­ly, the Amer­i­cans man­age to dis­pel the Rus­sians from the Depart­ment, but not before Russ­ian attack­ers use their access to send an e‑mail to a per­son in the White House.

    Fake e‑mail

    He thinks he’s received an e‑mail from the State Depart­ment — the e‑mail address is sim­i­lar — and clicks a link in the mes­sage. The link opens a web­site where the White House employ­ee then enters his login cre­den­tials, now obtained by the Rus­sians. And that is how the Rus­sians infil­trate the White House.

    They even gain access to the email servers con­tain­ing the sent and received emails of pres­i­dent Barack Oba­ma, but fail to pen­e­trate the servers that con­trol the mes­sage traf­fic from his per­son­al Black­Ber­ry, which holds state secrets, sources tell The New York Times. They do, how­ev­er, man­age to access e‑mail traf­fic with embassies and diplo­mats, agen­das, notes on pol­i­cy and leg­is­la­tion. And again, it’s the Dutch intel­li­gence agen­cies who alert the Amer­i­cans about this.

    Gold­mine

    Access to Cozy Bear turns out to be a gold­mine for the Dutch hack­ers. For years, it sup­plies them with valu­able intel­li­gence about tar­gets, meth­ods and the inter­ests of the high­est rank­ing offi­cials of the Russ­ian secu­ri­ty ser­vice. From the pic­tures tak­en of vis­i­tors, the AIVD deduces that the hack­er group is led by Rus­si­a’s exter­nal intel­li­gence agency SVR.

    There’s a rea­son the AIVD writes in its annu­al report about 2014 that many Russ­ian gov­ern­ment offi­cials, includ­ing pres­i­dent Putin, use secret ser­vices to obtain infor­ma­tion. Recent­ly, the head of the AIVD, Rob Bert­holee, said on the Dutch TV pro­gram Col­lege­Tour that there is ‘no ques­tion’ that the Krem­lin is behind the Russ­ian hack­ing activ­i­ties.

    Unpre­pared

    The Amer­i­cans were tak­en com­plete­ly by sur­prise by the Russ­ian aggres­sion, says Chris Painter in Wash­ing­ton. For years, Painter was respon­si­ble for Amer­i­ca’s cyber pol­i­cy. He resigned last August. ‘We’d nev­er expect­ed that the Rus­sians would do this, attack­ing our vital infra­struc­ture and under­min­ing our democ­ra­cy.’

    The Amer­i­can intel­li­gence ser­vices were unpre­pared for that, he says. That is one of the rea­sons the Dutch access is so appre­ci­at­ed. The Amer­i­cans even sent ‘cake’ and ‘flow­ers’ to Zoeter­meer, sources tell. And not just that. Intel­li­gence is a com­mod­i­ty: it can be trad­ed. In 2016, the heads of the AIVD and MIVD, Rob Bert­holee and Pieter Bindt, per­son­al­ly dis­cuss the access to the Russ­ian hack­er group with James Clap­per, then the high­est rank­ing offi­cial of the Amer­i­can intel­li­gence ser­vices, and Michael Rogers, head of the NSA.

    In return, the Dutch are giv­en knowl­edge, tech­nol­o­gy and intel­li­gence. Accord­ing to one Amer­i­can source, in late 2015, the NSA hack­ers man­age to pen­e­trate the mobile devices of sev­er­al high rank­ing Russ­ian intel­li­gence offi­cers. They learn that right before a hack­ing attack, the Rus­sians search the inter­net for any news about the oncom­ing attack. Accord­ing to the Amer­i­cans, this indi­rect­ly proves that the Russ­ian gov­ern­ment is involved in the hacks. Anoth­er source says it’s ‘high­ly like­ly’ that in return for the intel­li­gence, the Dutch were giv­en access to this spe­cif­ic Amer­i­can infor­ma­tion. Whether any intel­li­gence about MH17 was exchanged, is unknown.

    After­math

    There’s a long after­math to the Russ­ian attacks, par­tic­u­lar­ly the attack on the Demo­c­ra­t­ic Par­ty. More­over, the FBI inves­ti­ga­tion into the Russ­ian inter­fer­ence adds a polit­i­cal dimen­sion. After her defeat in Novem­ber 2016, Clin­ton will say that the con­tro­ver­sy about her leaked emails are what cost her the pres­i­den­cy. Pres­i­dent elect Don­ald Trump cat­e­gor­i­cal­ly refus­es to explic­it­ly acknowl­edge the Russ­ian inter­fer­ence. It would tar­nish the gleam of his elec­toral vic­to­ry. He has also fre­quent­ly praised Rus­sia, and pres­i­dent Putin in par­tic­u­lar. This is one of the rea­sons the Amer­i­can intel­li­gence ser­vices eager­ly leak infor­ma­tion: to prove that the Rus­sians did in fact inter­fere with the elec­tions. And that is why intel­li­gence ser­vices have told Amer­i­can media about the amaz­ing access of a ‘west­ern ally’.

    This has led to anger in Zoeter­meer and The Hague. Some Dutch­men even feel betrayed. It’s absolute­ly not done to reveal the meth­ods of a friend­ly intel­li­gence ser­vice, espe­cial­ly if you’re ben­e­fit­ing from their intel­li­gence. But no mat­ter how vehe­ment­ly the heads of the AIVD and MIVD express their dis­plea­sure, they don’t feel under­stood by the Amer­i­cans. It’s made the AIVD and MIVD a lot more cau­tious when it comes to shar­ing intel­li­gence. They’ve become increas­ing­ly sus­pi­cious since Trump was elect­ed pres­i­dent.

    The AIVD hack­ers are no longer in Cozy Bear’s com­put­er net­work. The Dutch espi­onage last­ed between 1 and 2,5 years. Hack­er groups fre­quent­ly change their meth­ods and even a dif­fer­ent fire­wall can cut off access. The AIVD declined to respond to de Volk­skran­t’s find­ings.

    ———-

    “Dutch agen­cies pro­vide cru­cial intel about Rus­si­a’s inter­fer­ence in US-elec­tions” Huib Mod­derkolk; de Volk­skrant; 01/25/2018

    “It’s the sum­mer of 2014. A hack­er from the Dutch intel­li­gence agency AIVD has pen­e­trat­ed the com­put­er net­work of a uni­ver­si­ty build­ing next to the Red Square in Moscow, obliv­i­ous to the impli­ca­tions. One year lat­er, from the AIVD head­quar­ters in Zoeter­meer, he and his col­leagues wit­ness Russ­ian hack­ers launch­ing an attack on the Demo­c­ra­t­ic Par­ty in the Unit­ed States. The AIVD hack­ers had not infil­trat­ed just any build­ing; they were in the com­put­er net­work of the infa­mous Russ­ian hack­er group Cozy Bear. And unbe­knownst to the Rus­sians, they could see every­thing.”

    And there was have it: in the sum­mer of 2014 Dutch hack­ers work­ing for the AIVD appar­ent­ly hacked into a uni­ver­si­ty build­ing next to the Red Square and in doing so just hap­pened to stum­ble upon the head­quar­ters of ‘Cozy Bear’. And this hack was­n’t dis­cov­ered by the Rus­sians for at least year, allow­ing the hack­ers to watch these Russ­ian hack­ers launch an attack at the Demo­c­ra­t­ic Par­ty. It’s worth recall­ing at this point that Robert John­ston, the Marine-turned-Crowd­strike cyber expert, said he sus­pect­ed that the 2015 hack of the Demo­c­ra­t­ic Par­ty was actu­al­ly just one part of that much larg­er “noisy” wave of phish­ing attacks that tar­get­ed 50–60 thou­sand peo­ple in the sum­mer of 2015.

    So it’s unclear what exact­ly the above report is imply­ing when they sug­gest that the Dutch hack­ers watched the attack on the Demo­c­ra­t­ic Par­ty hap­pen. But accord­ing to this report, these Dutch hack­ers warned the US that this was hap­pen­ing, pro­vid­ing “evi­dence of the Russ­ian involve­ment in the hack­ing of the Demo­c­ra­t­ic Par­ty”, accord­ing the six anony­mous sources:

    ...
    That’s how the AIVD becomes wit­ness to the Russ­ian hack­ers harass­ing and pen­e­trat­ing the lead­ers of the Demo­c­ra­t­ic Par­ty, trans­fer­ring thou­sands of emails and doc­u­ments. It won’t be the last time they alert their Amer­i­can coun­ter­parts. And yet, it will be months before the Unit­ed States real­ize what this warn­ing means: that with these hacks the Rus­sians have inter­fered with the Amer­i­can elec­tions. And the AIVD hack­ers have seen it hap­pen­ing before their very eyes.

    The Dutch access pro­vides cru­cial evi­dence of the Russ­ian involve­ment in the hack­ing of the Demo­c­ra­t­ic Par­ty, accord­ing to six Amer­i­can and Dutch sources who are famil­iar with the mate­r­i­al, but wish to remain anony­mous. It’s also grounds for the FBI to start an inves­ti­ga­tion into the influ­ence of the Russ­ian inter­fer­ence on the elec­tion race between the Demo­c­ra­t­ic can­di­date Hillary Clin­ton and the Repub­li­can can­di­date Don­ald Trump.
    ...

    And these same sources assert that the evi­dence pro­vid­ed by the Dutch is the basis for the ‘high con­fi­dence’ that Amer­i­can intel­li­gence agen­cies have that the Krem­lin was indeed behind the hack:

    ...
    Three Amer­i­can intel­li­gence ser­vices state with ‘high con­fi­dence’ that the Krem­lin was behind the attack on the Demo­c­ra­t­ic Par­ty. That cer­tain­ty, sources say, is derived from the AIVD hack­ers hav­ing had access to the office-like space in the cen­ter of Moscow for years. This is so excep­tion­al that the direc­tors of the fore­most Amer­i­can intel­li­gence ser­vices are all too hap­py to receive the Dutch­men. They pro­vide tech­ni­cal evi­dence for the attack on the Demo­c­ra­t­ic Par­ty, and it becomes appar­ent that they know a lot more.
    ...

    And part of that ‘high con­fi­dence’ comes from actu­al­ly hack­ing the secu­ri­ty cam­era of the hall­way in this build­ing that led to the room where the hack­ers worked, allow­ing the Dutch hack­ers to lit­er­al­ly watch the ‘Cozy Bear’ hack­ers come and go:

    ...
    Vital infor­ma­tion

    The Dutch hack­er team spends weeks prepar­ing itself. Then, in the sum­mer of 2014, the attack takes place, most like­ly before the trag­ic crash of flight MH17. With some effort and patience, the team man­ages to pen­e­trate the inter­nal com­put­er net­work. The AIVD can now trace the Russ­ian hack­ers’ every step. But that’s not all.

    The Cozy Bear hack­ers are in a space in a uni­ver­si­ty build­ing near the Red Square. The group’s com­po­si­tion varies, usu­al­ly about ten peo­ple are active. The entrance is in a curved hall­way. A secu­ri­ty cam­era records who enters and who exits the room. The AIVD hack­ers man­age to gain access to that cam­era. Not only can the intel­li­gence ser­vice now see what the Rus­sians are doing, they can also see who’s doing it. Pic­tures are tak­en of every vis­i­tor. In Zoeter­meer, these pic­tures are ana­lyzed and com­pared to known Russ­ian spies. Again, they’ve acquired infor­ma­tion that will lat­er prove to be vital.
    ...

    So using this inside knowl­edge, the AIVD watch the ‘Cozy Bear’ hack­ers do their work. But when it came to the hack of the US State Depart­ment in Novem­ber of 2014, they did­n’t just watch. They also informed the NSA of the hack and direct­ly coor­di­nat­ed with the NSA to help repel the hack­ers over a 24 hour peri­od that’s described as a rare cyber bat­tle:

    ...
    Rare bat­tle

    The Dutch access to the Russ­ian hack­ers’ net­work soon pays off. In Novem­ber, the Rus­sians pre­pare for an attack on one of their prime tar­gets: the Amer­i­can State Depart­ment. By now, they’ve obtained e‑mail address­es and the login cre­den­tials of sev­er­al civ­il ser­vants. They man­age to enter the non-clas­si­fied part of the com­put­er net­work.

    The AIVD and her mil­i­tary coun­ter­part MIVD inform the NSA-liai­son at the Amer­i­can embassy in The Hague. He imme­di­ate­ly alerts the dif­fer­ent Amer­i­can intel­li­gence ser­vices.

    What fol­lows is a rare bat­tle between the attack­ers, who are attempt­ing to fur­ther infil­trate the State Depart­ment, and its defend­ers, FBI and NSA teams — with clues and intel­li­gence pro­vid­ed by the Dutch. This bat­tle lasts 24 hours, accord­ing to Amer­i­can media.

    The Rus­sians are extreme­ly aggres­sive but do not know they’re being spied on. Thanks to the Dutch spies, the NSA and FBI are able to counter the ene­my with enor­mous speed. The Dutch intel is so cru­cial that the NSA opens a direct line with Zoeter­meer, to get the infor­ma­tion to the Unit­ed States as soon as pos­si­ble.

    Back and forth

    Using so-called com­mand and con­trol servers, dig­i­tal com­mand cen­tres, the Rus­sians attempt to estab­lish a con­nec­tion to the mal­ware in the Depart­ment, in order to request and trans­fer infor­ma­tion. The Amer­i­cans, hav­ing been told by the Dutch where the servers are, repeat­ed­ly and swift­ly cut off access to these servers, fol­lowed each time by anoth­er attempt by the Rus­sians. It goes back and forth like this for 24 hours. After­wards, sources tell CNN that this was ‘the worst hack attack ever’ on the Amer­i­can gov­ern­ment. The Depart­ment has to cut off access to the e‑mail sys­tem for a whole week­end in order to upgrade the secu­ri­ty.

    Luck­i­ly, the NSA was able to find out the means and tac­tics of their attack­ers, deputy direc­tor of the NSA Richard Led­gett states at a dis­cus­sion forum in Aspen in March 2017. ‘So we could see how they were chang­ing their meth­ods. That’s very use­ful infor­ma­tion.’ On the author­i­ty of intel­li­gence ser­vices, Amer­i­can media write that this was thanks to a ‘west­ern ally’. Even­tu­al­ly, the Amer­i­cans man­age to dis­pel the Rus­sians from the Depart­ment, but not before Russ­ian attack­ers use their access to send an e‑mail to a per­son in the White House.
    ...

    And not only do the Dutch hack­ers man­age to hack the ‘Cozy Bear’ secu­ri­ty cam­eras and watch the hack­ers in real-time, but they also used those images to deduce which Russ­ian intel­li­gence ser­vice the hack­ers worked for: the SVR, Rus­sian’s exter­nal intel­li­gence agency. It’s an inter­est twist because, up until now, ‘Cozy Bear’ has always been referred to as the hack­ing team for the FSB, Rus­si­a’s inter­nal intel­li­gence agency. But accord­ing to the Dutch, who alleged­ly hacked the hack­ers, ‘Cozy Bear’ is work­ing for the SVR. And this has appar­ent­ly been known for years. It’s an inter­est­ing dis­crep­an­cy in the report­ing around ‘Cozy Bear’:

    ...
    Gold­mine

    Access to Cozy Bear turns out to be a gold­mine for the Dutch hack­ers. For years, it sup­plies them with valu­able intel­li­gence about tar­gets, meth­ods and the inter­ests of the high­est rank­ing offi­cials of the Russ­ian secu­ri­ty ser­vice. From the pic­tures tak­en of vis­i­tors, the AIVD deduces that the hack­er group is led by Rus­si­a’s exter­nal intel­li­gence agency SVR.

    There’s a rea­son the AIVD writes in its annu­al report about 2014 that many Russ­ian gov­ern­ment offi­cials, includ­ing pres­i­dent Putin, use secret ser­vices to obtain infor­ma­tion. Recent­ly, the head of the AIVD, Rob Bert­holee, said on the Dutch TV pro­gram Col­lege­Tour that there is ‘no ques­tion’ that the Krem­lin is behind the Russ­ian hack­ing activ­i­ties.
    ...

    And at the end of this report we learn that the Dutch intel­li­gence agen­cies were pret­ty pissed about this being report­ed at all. We also learn that the hack of ‘Cozy Bear’ last­ed from 1 to 2.5 years. So the hack end­ed some time around the sum­mer of 2015 (around the time of the DNC serv­er hack) or the maybe as last as the Fall of 2016. We don’t get to know. But the Dutch intel­li­gence offi­cers would have pre­ferred none of this was ever known:

    ...
    After­math

    There’s a long after­math to the Russ­ian attacks, par­tic­u­lar­ly the attack on the Demo­c­ra­t­ic Par­ty. More­over, the FBI inves­ti­ga­tion into the Russ­ian inter­fer­ence adds a polit­i­cal dimen­sion. After her defeat in Novem­ber 2016, Clin­ton will say that the con­tro­ver­sy about her leaked emails are what cost her the pres­i­den­cy. Pres­i­dent elect Don­ald Trump cat­e­gor­i­cal­ly refus­es to explic­it­ly acknowl­edge the Russ­ian inter­fer­ence. It would tar­nish the gleam of his elec­toral vic­to­ry. He has also fre­quent­ly praised Rus­sia, and pres­i­dent Putin in par­tic­u­lar. This is one of the rea­sons the Amer­i­can intel­li­gence ser­vices eager­ly leak infor­ma­tion: to prove that the Rus­sians did in fact inter­fere with the elec­tions. And that is why intel­li­gence ser­vices have told Amer­i­can media about the amaz­ing access of a ‘west­ern ally’.

    This has led to anger in Zoeter­meer and The Hague. Some Dutch­men even feel betrayed. It’s absolute­ly not done to reveal the meth­ods of a friend­ly intel­li­gence ser­vice, espe­cial­ly if you’re ben­e­fit­ing from their intel­li­gence. But no mat­ter how vehe­ment­ly the heads of the AIVD and MIVD express their dis­plea­sure, they don’t feel under­stood by the Amer­i­cans. It’s made the AIVD and MIVD a lot more cau­tious when it comes to shar­ing intel­li­gence. They’ve become increas­ing­ly sus­pi­cious since Trump was elect­ed pres­i­dent.

    The AIVD hack­ers are no longer in Cozy Bear’s com­put­er net­work. The Dutch espi­onage last­ed between 1 and 2,5 years. Hack­er groups fre­quent­ly change their meth­ods and even a dif­fer­ent fire­wall can cut off access. The AIVD declined to respond to de Volk­skran­t’s find­ings.

    So that was the remark­able Dutch report on the even more remark­able alleged hack­ing of ‘Cozy Bear’. A hack so deep that there’s appar­ent­ly secu­ri­ty cam­era footage of the actu­al hack­ers. And a hack that not only allowed the Dutch to pro­vide the NSA real-time infor­ma­tion dur­ing a cyber­bat­tle over the US State Depart­ment in Novem­ber of 2014 but also allowed the Dutch team to was the Russ­ian hack­ers launch the attack against the Demo­c­ra­t­ic Par­ty in the sum­mer of 2015. That’s the sto­ry.

    And it’s a sto­ry that rais­es a num­ber of rather sig­nif­i­cant ques­tion about the ‘Russ­ian hacks’ and the evi­dence US inves­ti­ga­tors are work­ing: First off, if the NSA was informed of the hacks against the Demo­c­ra­t­ic Par­ty in May of 2015 when it hap­pened, why did the FBI wait until Sep­tem­ber of 2015 to inform the DNC that they were hacked and then do lit­tle to noth­ing about ensur­ing the DNC take that warn­ing seri­ous­ly until March of 2016? It’s not a new ques­tion, but in the con­text of the reports about the Dutch hack­ers and the Inter­net Research Agency troll cam­paign both going back to 2014 it’s a much big­ger ques­tion.

    And then there’s the ques­tion about that report from June of last year of the evi­dence the US had that the Krem­lin was indeed behind the hacks. And remem­ber how that evi­dence came down to a mole in the Krem­lin along with “crit­i­cal tech­ni­cal evi­dence” from anoth­er coun­try? And remem­ber how the report indi­cat­ed that, “because of the source of the mate­r­i­al, the NSA was reluc­tant to view it with high con­fi­dence”? Well, was that coun­try pro­vid­ing the evi­dence that the NSA viewed with reluc­tance the Nether­lands?

    The Wash­ing­ton Post

    Obama’s secret strug­gle to pun­ish Rus­sia for Putin’s elec­tion assault

    By Greg Miller, Ellen Nakashima and Adam Entous
    June 23, 2017

    Ear­ly last August, an enve­lope with extra­or­di­nary han­dling restric­tions arrived at the White House. Sent by couri­er from the CIA, it car­ried “eyes only” instruc­tions that its con­tents be shown to just four peo­ple: Pres­i­dent Barack Oba­ma and three senior aides.

    Inside was an intel­li­gence bomb­shell, a report drawn from sourc­ing deep inside the Russ­ian gov­ern­ment that detailed Russ­ian Pres­i­dent Vladi­mir Putin’s direct involve­ment in a cyber cam­paign to dis­rupt and dis­cred­it the U.S. pres­i­den­tial race.

    But it went fur­ther. The intel­li­gence cap­tured Putin’s spe­cif­ic instruc­tions on the operation’s auda­cious objec­tives — defeat or at least dam­age the Demo­c­ra­t­ic nom­i­nee, Hillary Clin­ton, and help elect her oppo­nent, Don­ald Trump.

    At that point, the out­lines of the Russ­ian assault on the U.S. elec­tion were increas­ing­ly appar­ent. Hack­ers with ties to Russ­ian intel­li­gence ser­vices had been rum­mag­ing through Demo­c­ra­t­ic Par­ty com­put­er net­works, as well as some Repub­li­can sys­tems, for more than a year. In July, the FBI had opened an inves­ti­ga­tion of con­tacts between Russ­ian offi­cials and Trump asso­ciates. And on July 22, near­ly 20,000 emails stolen from the Demo­c­ra­t­ic Nation­al Com­mit­tee were dumped online by Wik­iLeaks.

    ...

    Despite the intel­li­gence the CIA had pro­duced, oth­er agen­cies were slow­er to endorse a con­clu­sion that Putin was per­son­al­ly direct­ing the oper­a­tion and want­ed to help Trump. “It was def­i­nite­ly com­pelling, but it was not defin­i­tive,” said one senior admin­is­tra­tion offi­cial. “We need­ed more.”

    Some of the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia came from anoth­er coun­try, offi­cials said. Because of the source of the mate­r­i­al, the NSA was reluc­tant to view it with high con­fi­dence.

    ...

    ———-

    “Obama’s secret strug­gle to pun­ish Rus­sia for Putin’s elec­tion assault” by Greg Miller, Ellen Nakashima and Adam Entous; The Wash­ing­ton Post; 06/23/2017

    “Some of the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia came from anoth­er coun­try, offi­cials said. Because of the source of the mate­r­i­al, the NSA was reluc­tant to view it with high con­fi­dence.”

    And that’s all we learned about that “most crit­i­cal tech­ni­cal intel­li­gence” at the time. It was crit­i­cal, and the NSA was reluc­tant to view it with high con­fi­dence. And there’s nev­er been an indi­ca­tion of which coun­try it was that pro­vid­ed this intel­li­gence. So was it the Nether­lands? If so, that’s quite a sur­prise giv­en the the sto­ry about the NSA work­ing close­ly and enthu­si­as­ti­cal­ly with the Dutch hack­ers. Also recall that the sec­ond hack of the DNC Serv­er was alleged­ly car­ried out by a dif­fer­ent Russ­ian hack­ing team, ‘Fan­cy Bear’, and that hack did­n’t take place until March of 2016. So it’s very pos­si­ble the Dutch hack­ers would have had no infor­ma­tion about that hack even if they real­ly did hack into the ‘Cozy Bear’ team. But giv­en that we still have no idea which coun­try pro­vid­ed that “crit­i­cal tech­ni­cal intel­li­gence” it’s a ques­tion we need to ask.

    So, all in all, if you accept at face val­ue these twin sto­ries of the troll farm activ­i­ties and an aggres­sive hack­ing cam­paign both start­ing back in 2014, it might be easy to con­clude that this is sub­stan­tial cir­cum­stan­tial evi­dence that the 2016 ‘Fan­cy Bear’ hack of the DNC that actu­al­ly led to the release of those hacked doc­u­ments real­ly was just an exten­sion of some sort of Krem­lin-direct­ed hack­ing cam­paign.

    But that’s con­clu­sion leaves out some rather impor­tant details. And one of those details is high­light­ed by these twin sto­ries: that there was exten­sive aware­ness with­in the US gov­ern­ment of an appar­ent Russ­ian hacking/trolling cam­paign start­ing 2014 and 2015. And that aware­ness would have includ­ed knowl­edge that the DNC had already been hacked in 2015. So if you were look­ing for a rea­sons why the GOP or its right-wing allies, for instance, might decide to try and hack the DNC in 2016 them­selves and leave all sorts of ‘fin­ger­prints’ mak­ing it look like ‘the Rus­sians’ did it, you could hard­ly come up with a bet­ter back­drop than the sit­u­a­tion that had emerged in 2014 and 2015.

    Don’t for­get that Newt Gin­grich, Judi­cial Watch, and Bar­bara Ledeen — wife of Michael Ledeen who coau­thored a book with Michael Fly­nn — put togeth­er a team in 2015 to seek out Russ­ian hack­ers with Hillary’s emails.. In oth­er words, the idea of ‘Russ­ian hack­ers’ hack­ing the Democ­rats was already well on the GOP’s mind in 2015.

    Also don’t for­get that the May 2015 hack of the Ger­man Bun­destag which was for­mal­ly blamed on the Krem­lin in Jan­u­ary of 2016 had tech­ni­cal details about the hack pub­lished in 2015, and those same tech­ni­cal details inex­plic­a­bly showed up in the mal­ware found from the sec­ond 2016 ‘Fan­cy Bear’ hack.
    So how much aware­ness was there in 2015 with­in the US polit­i­cal estab­lish­ment, and specif­i­cal­ly the GOP, that there was an aggres­sive hack­ing cam­paign attrib­uted to ‘Cozy Bear’ and an aggres­sive (if inef­fec­tu­al) trolling cam­paign being car­ried out by the Inter­net Research Agency? We know the NSA knew about the ‘Cozy Bear’ hack­ing cam­paign. And the FBI clear­ly found out at some point in 2015. So who else in the US gov­ern­ment knew about this? Did GOP­ers in con­gress know? Because if the infor­ma­tion revealed in this Mueller indict­ment and the sto­ry of the Dutch hack­ers was some­thing more wide­ly, if qui­et­ly, known with­in the US polit­i­cal estab­lish­ment, then it would also have been wide­ly, if qui­et­ly, known that hack­ing the Democ­rats and mak­ing it look like ‘the Rus­sians’ did it was very much an option. Again, don’t for­get that, as atyp­i­cal­ly ‘noisy’ as the ‘Cozy Bear’ hacks of 2015 was for a Russ­ian gov­ern­ment hack­ing cam­paign, that’s noth­ing com­pared to how atyp­i­cal­ly ‘noisy’ the ‘Fan­cy Bear’ hack of 2016 was. Was that ‘nois­i­ness’ of the 2016 ‘Fan­cy Bear’ hack real­ly the Krem­lin decid­ing to promi­nent­ly inject itself into the US 2016 elec­tion, thus ensur­ing a sub­se­quent hys­te­ria about ‘Russ­ian med­dling’ and a mas­sive ele­va­tion of ten­sions? Or was it a crime of oppor­tu­ni­ty car­ried out by a polit­i­cal oppo­nent of the Democ­rats made to look like ‘the Rus­sians’ by tak­ing advan­tage of the knowl­edge that there was already US gov­ern­ment con­cerns over Russ­ian trolls and hack­ers?

    As the Mueller indict­ment indi­cat­ed, those Russ­ian trolls did­n’t appear to want to get caught. And we’re told they were under Krem­lin direc­tion. So why did the hack­ers we’re told were under Krem­lin direc­tion so des­per­ate­ly want to get caught? It’s a cen­tral ques­tion raised by this entire #TrumpRus­sia saga that has yet to be mean­ing­ful­ly answered.

    Posted by Pterrafractyl | February 22, 2018, 11:36 pm
  19. Cyber­se­cu­ri­ty researcher John Bam­benek just revealed some­thing rather note­wor­thy about Guc­cifer 2.0: Bam­benek appar­ent­ly had a two month long back and forth with Guc­cifer 2.0 from mid August 2016 to mid-Octo­ber. And he got a num­ber of Demo­c­ra­t­ic par­ty doc­u­ments sent to him by Guc­cifer 2.0 dur­ing this peri­od.

    Here’s the real­ly inter­est­ing part: all he had to do was reach out to Guc­cifer 2.0 using Twit­ter’s “Direct Mes­sages” (DMs). He point­ed out that he’s a Repub­li­can — he’s a for­mer Illi­nois state sen­ate can­di­date and cur­rent­ly serves on the state’s board of high­er edu­ca­tion as well as its com­mu­ni­ty col­lege board — and asked Guc­cifer 2.0 for doc­u­ments that would make a big impact. That was appar­ent­ly all that was required for him to actu­al­ly receive some doc­u­ments.

    Keep in mind that this isn’t the first time we’ve heard reports about peo­ple sim­ply reach­ing out to Guc­cifer 2.0 and get­ting a response. Or even doc­u­ments. Recall how the oper­a­tion by GOP oper­a­tive Peter Smith that set out to find Hillary Clin­ton’s hacked emails on the dark web end­ed up reach­ing out to “Guc­cifer 2.0”, who told Smith’s team that they should con­tact neo-Nazi hack­er Andrew “weev” Auern­heimer. And then the was the Flori­da GOP oper­a­tive Aaron Nevins got 2.5 GB of Demo­c­ra­t­ic Par­ty doc­u­ments from Guc­cifer 2.0 sim­ply by ask­ing for them. And, of course, there was Roger Stone’s mes­sages to Guc­cifer 2.0 over Twit­ter DM too.

    So it’s not a new rev­e­la­tion to learn that ran­dom GOP­ers peo­ple could sim­ply reach out to Guc­cifer 2.0 and end up with doc­u­ments. But this is one more exam­ple of that so it rais­es the obvi­ous ques­tion: Just how many GOP­ers oth­er sim­ply asked Guc­cifer 2.0 for doc­u­ments and received them? Was this an open secret?:

    Dark Read­ing

    How Guc­cifer 2.0 Got ‘Punk’d’ by a Secu­ri­ty Researcher
    Secu­ri­ty expert and for­mer Illi­nois state sen­ate can­di­date John Bam­benek details his two months of online inter­ac­tion with the ‘unsu­per­vised cutout’ who shared with him more stolen DCCC doc­u­ments.

    Kel­ly Jack­son Hig­gins
    3/8/2018 08:10 AM
    [Updat­ed at 2:50pmET with link to Bam­benek’s blog post on the research]

    KASPERSKY SECURITY ANALYST SUMMIT 2018 – Can­cun, Mex­i­co – Vet­er­an secu­ri­ty researcher John Bam­benek pur­pose­ly broke one of the first rules of OPSEC when he decid­ed to reach out to Guc­cifer 2.0 in order to gath­er intel on the 2016 pres­i­den­tial cam­paign hacks: nev­er expose your true iden­ti­ty to the adver­sary.

    For a two month peri­od in late 2016 — not long after the infa­mous Guc­cifer 2.0 online per­sona first appeared online and began leak­ing data to the media and via Twit­ter from stolen doc­u­ments from the Russ­ian hacks of the Demo­c­ra­t­ic Nation­al Com­mit­tee (DNC) and Demo­c­ra­t­ic Con­gres­sion­al Cam­paign Com­mit­tee (DCCC) — Bam­benek reached out to Guc­cifer 2.0 via a Twit­ter direct mes­sage (DM), using his real name and actu­al par­ty affil­i­a­tion as an Illi­nois Repub­li­can.

    “I did­n’t think it would work,” says Bam­benek, who con­tact­ed the mys­te­ri­ous online per­sona with the premise of request­ing access to oth­er stolen DCCC doc­u­ments Guc­cifer 2.0 had in his pos­ses­sion. Bam­benek at the time was work­ing for Fidelis Cyber­se­cu­ri­ty and inves­ti­gat­ing the Russ­ian hacks of the DNC and the DCCC, and had hoped to gath­er more intel­li­gence and insight on the Russ­ian state hack­ing and elec­tion influ­ence oper­a­tion via inter­ac­tions with Guc­cifer 2.0. He is also a for­mer Illi­nois state sen­ate can­di­date and cur­rent­ly serves on the state’s board of high­er edu­ca­tion as well as its com­mu­ni­ty col­lege board.

    Using his real name was a cal­cu­lat­ed risk that Bam­benek knew at worst could halt his com­mu­ni­ca­tions with Guc­cifer 2.0 if the Krem­lin were to dis­cov­er that he was a secu­ri­ty researcher, but at best the ruse would pro­vide him quick­er online access to Guc­cifer 2.0. Sur­pris­ing­ly, it appar­ent­ly took Guc­cifer 2.0 near­ly two months to real­ize he had been duped even though Bam­benek’s job infor­ma­tion was includ­ed in his Twit­ter pro­file, accord­ing to the researcher.

    Whether Guc­cifer 2.0 was tru­ly fooled or play­ing along with the ruse remains unclear, but Bam­benek observed that he most­ly appeared to be eager to share with and show off the stolen data he request­ed. “It would be odd that he played dumb that long, but decep­tion is the pri­ma­ry tool in the intel tool belt,” Bam­benek notes.

    From Aug. 12 to mid-Oct. 2016, Guc­cifer 2.0 fed Bam­benek stolen DCCC doc­u­ments that includ­ed back­ground on the 17th Dis­trict and 8th Dis­trict races in Illi­nois, call logs from the DCCC chair, “path to vic­to­ry” doc­u­ments, and oth­er data points about var­i­ous races in the state. One such stolen file was a call sheet addressed to then vice-pres­i­dent Joe Biden from the DCCC chair about con­tact­ing a pos­si­ble Demo­c­ra­t­ic can­di­date for the Illi­nois 10th Dis­trict race. Bam­benek in turn hand­ed each mes­sage and doc­u­ment he obtained to the FBI.

    But it was obvi­ous to Bam­benek that Guc­cifer 2.0 did­n’t under­stand or have any knowl­edge of the rel­e­vance of the stolen data, which includ­ed unre­mark­able doc­u­ments on unop­posed pri­maries, for exam­ple. “He nev­er had any­thing over­ly use­ful,” he says. “They prob­a­bly had some stuff and did­n’t know how to make hay with it.”

    Guc­cifer 2.0 in online blog posts and leaks dur­ing the cam­paign took cred­it for the DNC hack and denied any link to Rus­sia. In an inter­view with Moth­er­board in June of 2016, Guc­cifer claimed to be a hack­er from Roma­nia who had exploit­ed a secu­ri­ty flaw in a soft­ware-as-a-ser­vice provider plat­form that the DNC uses that ulti­mate­ly gave him access to its servers. Secu­ri­ty experts at the time, includ­ing Fidelis and Crowd­Strike, had iden­ti­fied Russ­ian nation-state groups Cozy Bear and Fan­cy Bear as the attack­ers.

    No ‘Adult Super­vi­sion’

    In his ini­tial DM to Guc­cifer on Aug. 12 of last year, Bam­benek, said: “I am inter­est­ed in any oth­er docs you may have” and, not­ing that he was a “Repub­li­can oper­a­tive,” asked for “emails that can affect an elec­tion, well, they’d be used for max­i­mum impact.”

    Bam­banek, now vice pres­i­dent of secu­ri­ty research at Threat­STOP, says his inter­ac­tions with Guc­cifer 2.0 over Twit­ter DMs and email revealed that this was a low-lev­el oper­a­tive not close­ly super­vised by the Russ­ian gov­ern­ment. “He was an unso­phis­ti­cat­ed cutout with­out adult super­vi­sion and any media savvy,” he says. Guc­cifer 2.0’s main goal was to leak to media and Repub­li­can offi­cials.

    “If we were to pick him up at the air­port, we would not be excit­ed about the intel we would get” from him, Bam­benek says.

    Bam­benek could­n’t deter­mine defin­i­tive­ly just who Guc­cifer 2.0 was, nor if the online per­sona was actu­al­ly mul­ti­ple peo­ple pos­ing as one indi­vid­ual. He lacked insight and knowl­edge of the con­tent of the DCCC doc­u­ments and nev­er actu­al­ly pro­vid­ed the leaks in any “nar­ra­tive form” indi­cat­ing their use­ful­ness: it was up to researchers and reporters to con­nect any dots, Bam­benek observed.

    Most like­ly, Bam­benek says, Guc­cifer 2.0 is a young per­son (or per­sons) who does­n’t speak flu­ent Eng­lish, based on some lin­guis­tic clues he culled. “It looked like the same per­son [the whole time], but I don’t know if I can make a strong con­clu­sion one way or the oth­er,” he says, adding that Guc­cifer 2.0’s errors in the verb “to be” are indica­tive of a non-native speak­er. He was not able to deter­mine a phys­i­cal loca­tion for Guc­cifer 2.0, but believes he oper­at­ed on behalf of Russ­ian state actors.

    Guc­cifer 2.0 was basi­cal­ly giv­en the doc­u­ments to dump “and go forth and troll,” he says.

    But Guc­cifer 2.0 did remain well-masked dur­ing Bam­benek’s inter­ac­tions with him. He used Pro­ton email, a pri­va­cy-con­cious email pro­to­col, for exam­ple. “One of the things we were doing as researchers was giv­ing him real-time feed­back on his trade­craft mis­takes ... then he stopped mak­ing meta­da­ta mis­takes” in his doc­u­ment dumps, Bam­benek says.

    On Oct. 4, 2016, Guc­cifer 2.0 DM’ed Bam­benek with a mes­sage that indi­cat­ed he was on to the ruse: “r ur com­pa­ny gonna make a sto­ry about me?”

    “He had real­ized I was play­ing him,” says Bam­benek.

    Guc­cifer 2.0 for the most part appeared to be under pres­sure to gen­er­ate online con­tro­ver­sy and news arti­cles about the dumped doc­u­ments. At one point, Bam­benek asked if he had any Demo­c­ra­t­ic Gov­er­nors Asso­ci­a­tion doc­u­ments or doc­u­ments on Demo­c­ra­t­ic sen­a­tors. “Either he did­n’t take the bait, or he did­n’t have it,” he says.

    “For the most part, the influ­ence oper­a­tion by the Rus­sians was more lucky than smart. They had a lot of infor­ma­tion that they did­n’t know how to pack­age or what to do with,” he says. “My take­away is that [in] 2016 they were not ful­ly invest­ed. They threw out cutouts and told them to go and have fun.”

    ...

    Mean­while, Bam­benek reached out to Guc­cifer 2.0 via email to give him (or them) a heads up about today’s talk at SAS. “Just to see if he’d click a link and show signs of life and to see if he’s pay­ing atten­tion,” Bam­benek says. As of this post­ing, no response from Guc­cifer 2.0.

    Bam­benek has now post­ed a blog with screen­shots of some of his DMs with Guc­cifer 2.0.

    ———-

    “How Guc­cifer 2.0 Got ‘Punk’d’ by a Secu­ri­ty Researcher” by Kel­ly Jack­son Hig­gins; Dark Read­ing; 03/08/2018

    “For a two month peri­od in late 2016 — not long after the infa­mous Guc­cifer 2.0 online per­sona first appeared online and began leak­ing data to the media and via Twit­ter from stolen doc­u­ments from the Russ­ian hacks of the Demo­c­ra­t­ic Nation­al Com­mit­tee (DNC) and Demo­c­ra­t­ic Con­gres­sion­al Cam­paign Com­mit­tee (DCCC) — Bam­benek reached out to Guc­cifer 2.0 via a Twit­ter direct mes­sage (DM), using his real name and actu­al par­ty affil­i­a­tion as an Illi­nois Repub­li­can.”

    A mes­sage to Guc­cifer 2.0 over Twit­ter was all it took. So any­one in the world could have done what Bam­benek did. Espe­cial­ly since it appears that Guc­cifer 2.0 did­n’t even both to look into who Bam­benek was and dis­cov­er that he was a cyber­se­cu­ri­ty research with Fidelis Cyber­se­cu­ri­ty:

    ...
    “I did­n’t think it would work,” says Bam­benek, who con­tact­ed the mys­te­ri­ous online per­sona with the premise of request­ing access to oth­er stolen DCCC doc­u­ments Guc­cifer 2.0 had in his pos­ses­sion. Bam­benek at the time was work­ing for Fidelis Cyber­se­cu­ri­ty and inves­ti­gat­ing the Russ­ian hacks of the DNC and the DCCC, and had hoped to gath­er more intel­li­gence and insight on the Russ­ian state hack­ing and elec­tion influ­ence oper­a­tion via inter­ac­tions with Guc­cifer 2.0. He is also a for­mer Illi­nois state sen­ate can­di­date and cur­rent­ly serves on the state’s board of high­er edu­ca­tion as well as its com­mu­ni­ty col­lege board.

    Using his real name was a cal­cu­lat­ed risk that Bam­benek knew at worst could halt his com­mu­ni­ca­tions with Guc­cifer 2.0 if the Krem­lin were to dis­cov­er that he was a secu­ri­ty researcher, but at best the ruse would pro­vide him quick­er online access to Guc­cifer 2.0. Sur­pris­ing­ly, it appar­ent­ly took Guc­cifer 2.0 near­ly two months to real­ize he had been duped even though Bam­benek’s job infor­ma­tion was includ­ed in his Twit­ter pro­file, accord­ing to the researcher.

    Whether Guc­cifer 2.0 was tru­ly fooled or play­ing along with the ruse remains unclear, but Bam­benek observed that he most­ly appeared to be eager to share with and show off the stolen data he request­ed. “It would be odd that he played dumb that long, but decep­tion is the pri­ma­ry tool in the intel tool belt,” Bam­benek notes.

    ...

    In his ini­tial DM to Guc­cifer on Aug. 12 of last year, Bam­benek, said: “I am inter­est­ed in any oth­er docs you may have” and, not­ing that he was a “Repub­li­can oper­a­tive,” asked for “emails that can affect an elec­tion, well, they’d be used for max­i­mum impact.”
    ...

    It’s worth not­ing that Fidelis Cyber­se­cu­ri­ty was one of the firms that quick­ly backed up Crowd Strike’s ear­ly con­clu­sion that the DNC hack was a Russ­ian oper­a­tion back in June of 2016. So while it’s pos­si­ble Guc­cifer 2.0 did­n’t see all the clear signs that Bam­benek was a Fidelis employ­ee, it’s also pos­si­ble Guc­cifer 2.0 saw this ear­ly on and saw it as an oppor­tu­ni­ty to fur­ther the ‘Russ­ian hack­er’ nar­ra­tive by direct­ly inter­act­ing with some­one from the cyber­se­cu­ri­ty indus­try.

    Although based on Bam­benek’s recount­ing of their inter­ac­tions, if Guc­cifer 2.0 was inten­tion­al­ly push­ing a nar­ra­tive through Bam­benek, that nar­ra­tive appears to be that they were some­one who lacked any mean­ing­ful polit­i­cal sophis­ti­ca­tion or knowl­edge of which doc­u­ments might prove polit­i­cal­ly impact­ful. and that’s why it’s entire­ly unclear what it was about Bam­benek’s inter­ac­tions with Guc­cifer 2.0 that led him to his con­clu­sion that Guc­cifer 2.0 was a Russ­ian gov­ern­ment oper­a­tive:

    ...
    Bam­banek, now vice pres­i­dent of secu­ri­ty research at Threat­STOP, says his inter­ac­tions with Guc­cifer 2.0 over Twit­ter DMs and email revealed that this was a low-lev­el oper­a­tive not close­ly super­vised by the Russ­ian gov­ern­ment. “He was an unso­phis­ti­cat­ed cutout with­out adult super­vi­sion and any media savvy,” he says. Guc­cifer 2.0’s main goal was to leak to media and Repub­li­can offi­cials.

    “If we were to pick him up at the air­port, we would not be excit­ed about the intel we would get” from him, Bam­benek says.

    Bam­benek could­n’t deter­mine defin­i­tive­ly just who Guc­cifer 2.0 was, nor if the online per­sona was actu­al­ly mul­ti­ple peo­ple pos­ing as one indi­vid­ual. He lacked insight and knowl­edge of the con­tent of the DCCC doc­u­ments and nev­er actu­al­ly pro­vid­ed the leaks in any “nar­ra­tive form” indi­cat­ing their use­ful­ness: it was up to researchers and reporters to con­nect any dots, Bam­benek observed.

    Most like­ly, Bam­benek says, Guc­cifer 2.0 is a young per­son (or per­sons) who does­n’t speak flu­ent Eng­lish, based on some lin­guis­tic clues he culled. “It looked like the same per­son [the whole time], but I don’t know if I can make a strong con­clu­sion one way or the oth­er,” he says, adding that Guc­cifer 2.0’s errors in the verb “to be” are indica­tive of a non-native speak­er. He was not able to deter­mine a phys­i­cal loca­tion for Guc­cifer 2.0, but believes he oper­at­ed on behalf of Russ­ian state actors.

    Guc­cifer 2.0 was basi­cal­ly giv­en the doc­u­ments to dump “and go forth and troll,” he says.
    ...

    So what did Bam­benek do with the doc­u­ments he received? Appar­ent­ly he hand­ed them over to the FBI:

    ...
    From Aug. 12 to mid-Oct. 2016, Guc­cifer 2.0 fed Bam­benek stolen DCCC doc­u­ments that includ­ed back­ground on the 17th Dis­trict and 8th Dis­trict races in Illi­nois, call logs from the DCCC chair, “path to vic­to­ry” doc­u­ments, and oth­er data points about var­i­ous races in the state. One such stolen file was a call sheet addressed to then vice-pres­i­dent Joe Biden from the DCCC chair about con­tact­ing a pos­si­ble Demo­c­ra­t­ic can­di­date for the Illi­nois 10th Dis­trict race. Bam­benek in turn hand­ed each mes­sage and doc­u­ment he obtained to the FBI.
    ...

    “Bam­benek in turn hand­ed each mes­sage and doc­u­ment he obtained to the FBI.”

    So it seems like the FBI had to be aware of Guc­cifer 2.0 try­ing to hand doc­u­ments direct­ly to Repub­li­can oper­a­tives at some point between mid-August and mid-Octo­ber of 2016. That seems like a sig­nif­i­cant rev­e­la­tion just in terms of who knew what when.

    And you have to won­der what this was all about when Bam­benek says, “One of the things we were doing as researchers was giv­ing him real-time feed­back on his trade­craft mis­takes ... then he stopped mak­ing meta­da­ta mis­takes” in his doc­u­ment dumps:

    ...
    But Guc­cifer 2.0 did remain well-masked dur­ing Bam­benek’s inter­ac­tions with him. He used Pro­ton email, a pri­va­cy-con­cious email pro­to­col, for exam­ple. “One of the things we were doing as researchers was giv­ing him real-time feed­back on his trade­craft mis­takes ... then he stopped mak­ing meta­da­ta mis­takes” in his doc­u­ment dumps, Bam­benek says.
    ...

    So was Bam­benek refer­ring to the cyber­se­cu­ri­ty com­mu­ni­ty’s ear­ly dis­cov­ery of things like Cyril­lic text in the meta-data, which was dis­cov­ered a day after the ini­tial June 15th, 2016, doc­u­ment dump? Or was Bam­benek refer­ring to some oth­er form of real-time feed­back? It’s unclear.

    So, all in all, the Russ­ian gov­ern­ment decid­ed to hand off the cru­cial pub­lic rela­tions work a high-stakes for­eign inter­fer­ence oper­a­tion to a “low-lev­el oper­a­tive not close­ly super­vised by the Russ­ian gov­ern­ment.” That’s accord­ing to John Bam­benek from Fidelis Cyber­se­cu­ri­ty, one of the first firms to ‘con­firm’ Crowd Strike’s ini­tial attri­bu­tion.

    And Bam­benek bases this con­clu­sion, in part, on his direct inter­ac­tions with Guc­cifer 2.0. Direct inter­ac­tions that ANY ran­dom per­son could have poten­tial­ly had with Guc­cifer 2.0. And, again, that rais­es the ques­tion: how many oth­er GOP­ers were in con­tact with Guc­cifer 2.0 over this peri­od? Because it’s not like there was a lot stop­ping them.

    Posted by Pterrafractyl | March 8, 2018, 4:25 pm
  20. Here’s an arti­cle about how the Oba­ma admin­is­tra­tion ordered the var­i­ous peo­ple the US gov­ern­ment who were devel­op­ing counter-mea­sures against the ‘Russ­ian hack­ers’ to stand down in favor or a dif­fer­ent approach. And the arti­cle con­tains some inter­est­ing new data points worth keep­ing in mind regard­ing the bizarre time­line of the US gov­ern­men­t’s response to the DNC hacks.

    First, recall how the US report­ed­ly detect­ed the (ini­tial) hack­ing of the DNC servers in May of 2015. It was sur­pris­ing­ly ‘noisy’ accord­ing to US cyber­se­cu­ri­ty offi­cials, mean­ing it did­n’t seem like the hack­ers were try­ing to hide what they were doing at all. And recall how the FBI did­n’t inform the DNC of this ini­tial hack until Sep­tem­ber of 2015, but the out­reach to the DNC was so unusu­al (just a phone call to a DNC IT per­son) that the DNC did­n’t think it was a real tip and did­n’t know it was actu­al­ly hacked until March of 2016 when the FBI agents phys­i­cal­ly showed up at the DNC.

    So there’s a remark­able peri­od, from around May of 2015 to March of 2016, where the US gov­ern­ment knew about these hacks, but the DNC effec­tive­ly did­n’t. Well, accord­ing to the fol­low­ing arti­cle, there’s anoth­er set up peo­ple who were informed about the hacks in late 2015. It’s not a sur­pris­ing set of offi­cials to be informed about the hacks, but still note­wor­thy giv­en the num­ber of Democ­rats or peo­ple with ties to the Demo­c­ra­t­ic par­ty that would have known about this: State Depart­ment offi­cials, includ­ing Vic­to­ria Nuland, were informed about the DNC hacks in Decem­ber of 2015 and tasked with devel­op­ing a US response:

    Yahoo News

    Oba­ma cyber chief con­firms ‘stand down’ order against Russ­ian cyber­at­tacks in sum­mer 2016

    Michael Isikoff, Chief Inves­tiga­tive Cor­re­spon­dent
    •June 20, 2018

    WASHINGTON — The Oba­ma White House’s chief cyber offi­cial tes­ti­fied Wednes­day that pro­pos­als he was devel­op­ing to counter Russia’s attack on the U.S. pres­i­den­tial elec­tion were put on a “back burn­er” after he was ordered to “stand down” his efforts in the sum­mer of 2016.

    The com­ments by Michael Daniel, who served as White House “cyber secu­ri­ty coor­di­na­tor” between 2012 and Jan­u­ary of last year, pro­vid­ed his first pub­lic con­fir­ma­tion of a much-dis­cussed pas­sage in the book, ““Russ­ian Roulette: The Inside Sto­ry of Putin’s War on Amer­i­ca and the Elec­tion of Don­ald Trump,” co-writ­ten by this reporter and David Corn, that detailed his thwart­ed efforts to respond to the Russ­ian attack.

    They came dur­ing a Sen­ate Intel­li­gence Com­mit­tee hear­ing into how the Oba­ma admin­is­tra­tion dealt with Russ­ian cyber and infor­ma­tion war­fare attacks in 2016, an issue that has become one of the more polit­i­cal­ly sen­si­tive sub­jects in the panel’s ongo­ing inves­ti­ga­tion into Russia’s inter­fer­ence in the U.S. elec­tion and any links to the Trump cam­paign.

    The view that the Oba­ma admin­is­tra­tion failed to ade­quate­ly piece togeth­er intel­li­gence about the Russ­ian cam­paign and devel­op a force­ful response has clear­ly gained trac­tion with the intel­li­gence com­mit­tee. Sen. Mark Warn­er, D‑Va., the rank­ing Demo­c­rat on the pan­el, said in an open­ing state­ment that “we were caught flat-foot­ed at the out­set and our col­lec­tive response was inad­e­quate to meet Russia’s esca­la­tion.”

    That con­clu­sion was rein­forced Wednes­day by anoth­er wit­ness, Vic­to­ria Nuland, who served as assis­tant sec­re­tary of state for Europe dur­ing the Oba­ma admin­is­tra­tion. She told the pan­el that she had been briefed as ear­ly as Decem­ber 2015 about the hack­ing of the Demo­c­ra­t­ic Nation­al Com­mit­tee — long before senior DNC offi­cials were aware of it — and that the intru­sion had all the hall­marks of a Russ­ian oper­a­tion.

    As she and oth­er State Depart­ment offi­cials became “more alarmed” about what the Rus­sians were up to in the spring of 2016, they were autho­rized by then Sec­re­tary of State John Ker­ry to devel­op pro­pos­als for ways to deter the Rus­sians. But most of those steps were nev­er tak­en — in part because offi­cials assumed they would be tak­en up by the next admin­is­tra­tion.

    “I believe there were deter­rence mea­sures we could have tak­en and should have tak­en,” Nuland tes­ti­fied.

    As intel­li­gence came in dur­ing the late spring and ear­ly sum­mer of that year about the Russ­ian attack, Daniel instruct­ed his staff on the Nation­al Secu­ri­ty Coun­cil to begin devel­op­ing options for aggres­sive coun­ter­mea­sures to deter the Kremlin’s efforts, includ­ing mount­ing U.S. “denial of ser­vice” attacks on Russ­ian news sites and oth­er actions tar­get­ing Russ­ian cyber actors.

    Daniel declined to dis­cuss the details of those options dur­ing Wednesday’s open hear­ing, say­ing he would share them with the pan­el dur­ing a clas­si­fied ses­sion lat­er in the day. But he described his pro­pos­als as “the full range of poten­tial actions” that the U.S. gov­ern­ment could use in the cyber are­na “to impose costs on the Rus­sians — both open­ly to demon­strate that we could do it as a deter­rent and also clan­des­tine­ly to dis­rupt their oper­a­tions as well.”

    Sen. James Risch, R‑Idaho, asked about a “Russ­ian Roulette” pas­sage in which one of Daniel’s staff mem­bers, Daniel Pri­eto, recount­ed a staff meet­ing short­ly after the cyber coor­di­na­tor was ordered by Susan Rice, Pres­i­dent Obama’s nation­al secu­ri­ty advis­er, to stop his efforts and “stand down.” This order was in part because Rice feared the options would leak and “box the pres­i­dent in.”

    “I was incred­u­lous and in dis­be­lief,” Pri­eto is quot­ed as say­ing in the book. “It took me a moment to process. In my head, I was like, did I hear that cor­rect­ly?” Pri­eto told the authors he then spoke up, ask­ing Daniel: “Why the hell are we stand­ing down? Michael, can you help us under­stand?”

    Daniel has con­firmed that the account was “an accu­rate ren­der­ing of what hap­pened” in his staff meet­ing. He said his boss­es at the NSC — he did not specif­i­cal­ly men­tion Rice in his tes­ti­mo­ny — had con­cerns about “how many peo­ple were work­ing on the options” so the “deci­sion” from his supe­ri­ors at the Oba­ma White House was to “neck down the num­ber of peo­ple that were involved in devel­op­ing our ongo­ing response options.”

    Daniel added that “it’s not accu­rate to say that all activ­i­ty ceased at that point.” He and his staff “shift­ed our focus” to assist­ing state gov­ern­ments to pro­tect against Russ­ian cyber­at­tacks against state and local elec­tion sys­tems.

    But as for his work on devel­op­ing cyber deter­rence mea­sures, “those actions were put on a back burn­er and that was not the focus of our activ­i­ty dur­ing that time peri­od.”

    Instead, Oba­ma offi­cials chose anoth­er course of action after becom­ing frus­trat­ed that Repub­li­can lead­ers on Capi­tol Hill would not endorse a bipar­ti­san state­ment con­demn­ing Russ­ian inter­fer­ence and fear­ful that any uni­lat­er­al action by them would feed then can­di­date Don­ald Trump’s claims that the elec­tion was rigged. They chose a pri­vate “stern” warn­ing by Oba­ma to Russ­ian Pres­i­dent Vladimir Putin at a sum­mit in Chi­na in ear­ly Sep­tem­ber 2016 to stop his country’s cam­paign to dis­rupt the U.S. elec­tion.

    Oba­ma offi­cials were also wor­ried that a vig­or­ous cyber response along the lines Daniel had pro­posed could esca­late into a full scale cyber war. And, they have since argued, they believed that the president’s warn­ing had some impact, not­ing — as Daniel did in his tes­ti­mo­ny — that they saw some tamp­ing down in Russ­ian prob­ing of state elec­tion data sys­tems after Obama’s pri­vate talk with Putin.

    But Nuland tes­ti­fied that while the Rus­sians were “a lit­tle less active” in Sep­tem­ber after the Oba­ma warn­ing, Russ­ian activ­i­ty picked up again in Octo­ber when the Rus­sians accel­er­at­ed their social media cam­paign using pho­ny Face­book ads and Twit­ter bots.

    “We saw an increase in what they were doing in social media,” Daniel agreed. “They shift­ed their focus.”

    Nuland also revealed, in response to ques­tions by Sen. Susan Collins, R‑Maine, anoth­er pre­vi­ous­ly unpub­li­cized dimen­sion to the Russ­ian attack. That sum­mer, Collins said, FBI offi­cials advised the com­mit­tee that Russ­ian diplo­mats were trav­el­ing around the coun­try in areas they were not — under diplo­mat­ic pro­to­cols — per­mit­ted to vis­it , appar­ent­ly to col­lect intel­li­gence. Asked by Collins if she believed this was part of the Russ­ian so-called active mea­sures attack on the elec­tion, Nuland respond­ed, “I do.”

    After the Novem­ber 2016 elec­tion, in which Trump defeat­ed Hillary Clin­ton, Oba­ma did impose new sanc­tions on Russia’s intel­li­gence ser­vices and expelled diplo­mats. But Nuland tes­ti­fied that most in the admin­is­tra­tion saw that as only a begin­ning of what need­ed to be done. “It’s fair to say that all of us in the process assumed what was done in Decem­ber and Jan­u­ary would be a start­ing point for what the incom­ing admin­is­tra­tion would then build on.”

    The Wednes­day hear­ing by the intel­li­gence pan­el did not touch steps the Trump admin­is­tra­tion has tak­en — or in many cas­es, failed to take — to respond to the Russ­ian elec­tion attack. But both wit­ness­es empha­sized that there is new urgency to the issue to devel­op­ing pro­pos­als to do so. Daniel not­ed that a mali­cious new Russ­ian bot­net – known as a “VPN fil­ter” — has been dis­cov­ered infect­ing home office routers and allow­ing hack­ers to inter­cept inter­net com­mu­ni­ca­tions. He said this was a “type of mal­ware we haven’t seen before” and shows “the intent of the Rus­sians to con­tin­ue their cyber activ­i­ties.”

    ...

    ———-

    “Oba­ma cyber chief con­firms ‘stand down’ order against Russ­ian cyber­at­tacks in sum­mer 2016” by Michael Isikoff; Yahoo News; 06/20/2018

    “The view that the Oba­ma admin­is­tra­tion failed to ade­quate­ly piece togeth­er intel­li­gence about the Russ­ian cam­paign and devel­op a force­ful response has clear­ly gained trac­tion with the intel­li­gence com­mit­tee. Sen. Mark Warn­er, D‑Va., the rank­ing Demo­c­rat on the pan­el, said in an open­ing state­ment that “we were caught flat-foot­ed at the out­set and our col­lec­tive response was inad­e­quate to meet Russia’s esca­la­tion.””

    A force­ful cyber-response against Rus­sia by the US in 2016 was nec­es­sary: That appears to be the con­sen­sus at the Sen­ate intel­li­gence com­mit­tee.

    And Vic­to­ria Nuland, the assis­tant sec­re­tary of state for Europe dur­ing the Oba­ma admin­stra­tion (and some­one who appeared to play an active role pro­mot­ing the Maid­an protests in Ukraine in 2014), not only agrees with that assess­ment but was help­ing to for­mu­late a US response back in 2016. Accord­ing to Nuland, she was briefed on the ‘Russ­ian hack­ing’ as ear­ly as Decem­ber 2015, long before senior DNC offi­cials were even aware of it (due to the FBI’s inex­plic­a­bly poor job of inform­ing the DNC):

    ...
    That con­clu­sion was rein­forced Wednes­day by anoth­er wit­ness, Vic­to­ria Nuland, who served as assis­tant sec­re­tary of state for Europe dur­ing the Oba­ma admin­is­tra­tion. She told the pan­el that she had been briefed as ear­ly as Decem­ber 2015 about the hack­ing of the Demo­c­ra­t­ic Nation­al Com­mit­tee — long before senior DNC offi­cials were aware of it — and that the intru­sion had all the hall­marks of a Russ­ian oper­a­tion.
    ...

    But Nuland was­n’t just informed about the hacks. She and oth­er State Depart­ment offi­cials were also autho­rized by then Sec­re­tary of State John Ker­ry to devel­op pro­pos­als to deter the Russ­ian hack­ers:

    ...
    As she and oth­er State Depart­ment offi­cials became “more alarmed” about what the Rus­sians were up to in the spring of 2016, they were autho­rized by then Sec­re­tary of State John Ker­ry to devel­op pro­pos­als for ways to deter the Rus­sians. But most of those steps were nev­er tak­en — in part because offi­cials assumed they would be tak­en up by the next admin­is­tra­tion.

    “I believe there were deter­rence mea­sures we could have tak­en and should have tak­en,” Nuland tes­ti­fied.
    ...

    And some of those pro­posed cyber-respons­es includ­ed actions like denial of ser­vice attacks on Russ­ian news sites (pre­sum­ably RT). For some rea­son this was deemed to be a form of deter­rence, even though it would­n’t actu­al­ly be a deter­rence unless the US made it clear it was behind the attack and would have prob­a­bly become a pro­pa­gan­da bonan­za for the Krem­lin:

    ...
    As intel­li­gence came in dur­ing the late spring and ear­ly sum­mer of that year about the Russ­ian attack, Daniel instruct­ed his staff on the Nation­al Secu­ri­ty Coun­cil to begin devel­op­ing options for aggres­sive coun­ter­mea­sures to deter the Kremlin’s efforts, includ­ing mount­ing U.S. “denial of ser­vice” attacks on Russ­ian news sites and oth­er actions tar­get­ing Russ­ian cyber actors.

    Daniel declined to dis­cuss the details of those options dur­ing Wednesday’s open hear­ing, say­ing he would share them with the pan­el dur­ing a clas­si­fied ses­sion lat­er in the day. But he described his pro­pos­als as “the full range of poten­tial actions” that the U.S. gov­ern­ment could use in the cyber are­na “to impose costs on the Rus­sians — both open­ly to demon­strate that we could do it as a deter­rent and also clan­des­tine­ly to dis­rupt their oper­a­tions as well.”
    ...

    But those response plans were ulti­mate­ly put on hold. This was in part over con­cerns that it could pro­voke a full scale cyber war but also due the GOP con­gres­sion­al lead­er­ship refus­ing to sign on for a bipar­ti­san US gov­ern­ment response:

    ...
    Sen. James Risch, R‑Idaho, asked about a “Russ­ian Roulette” pas­sage in which one of Daniel’s staff mem­bers, Daniel Pri­eto, recount­ed a staff meet­ing short­ly after the cyber coor­di­na­tor was ordered by Susan Rice, Pres­i­dent Obama’s nation­al secu­ri­ty advis­er, to stop his efforts and “stand down.” This order was in part because Rice feared the options would leak and “box the pres­i­dent in.”

    “I was incred­u­lous and in dis­be­lief,” Pri­eto is quot­ed as say­ing in the book. “It took me a moment to process. In my head, I was like, did I hear that cor­rect­ly?” Pri­eto told the authors he then spoke up, ask­ing Daniel: “Why the hell are we stand­ing down? Michael, can you help us under­stand?”

    Daniel has con­firmed that the account was “an accu­rate ren­der­ing of what hap­pened” in his staff meet­ing. He said his boss­es at the NSC — he did not specif­i­cal­ly men­tion Rice in his tes­ti­mo­ny — had con­cerns about “how many peo­ple were work­ing on the options” so the “deci­sion” from his supe­ri­ors at the Oba­ma White House was to “neck down the num­ber of peo­ple that were involved in devel­op­ing our ongo­ing response options.”

    Daniel added that “it’s not accu­rate to say that all activ­i­ty ceased at that point.” He and his staff “shift­ed our focus” to assist­ing state gov­ern­ments to pro­tect against Russ­ian cyber­at­tacks against state and local elec­tion sys­tems.

    But as for his work on devel­op­ing cyber deter­rence mea­sures, “those actions were put on a back burn­er and that was not the focus of our activ­i­ty dur­ing that time peri­od.”

    Instead, Oba­ma offi­cials chose anoth­er course of action after becom­ing frus­trat­ed that Repub­li­can lead­ers on Capi­tol Hill would not endorse a bipar­ti­san state­ment con­demn­ing Russ­ian inter­fer­ence and fear­ful that any uni­lat­er­al action by them would feed then can­di­date Don­ald Trump’s claims that the elec­tion was rigged. They chose a pri­vate “stern” warn­ing by Oba­ma to Russ­ian Pres­i­dent Vladimir Putin at a sum­mit in Chi­na in ear­ly Sep­tem­ber 2016 to stop his country’s cam­paign to dis­rupt the U.S. elec­tion.

    Oba­ma offi­cials were also wor­ried that a vig­or­ous cyber response along the lines Daniel had pro­posed could esca­late into a full scale cyber war. And, they have since argued, they believed that the president’s warn­ing had some impact, not­ing — as Daniel did in his tes­ti­mo­ny — that they saw some tamp­ing down in Russ­ian prob­ing of state elec­tion data sys­tems after Obama’s pri­vate talk with Putin.
    ...

    Nuland and Sen­a­tor Collins also dis­cussed anoth­er pre­vi­ous­ly undis­closed alleged Russ­ian gov­ern­ment covert action that dur­ing her Sen­ate tes­ti­mo­ny: Collins brought up how FBI offi­cials advised the Sen­ate intel­li­gence com­mit­tee in the sum­mer of 2016 tha­tR uss­ian diplo­mats were trav­el­ing around the coun­try in areas they were not per­mit­ted to vis­it under diplo­mat­ic pro­to­cols. Collins was told at the time that this was appar­ent­ly to col­lect intel­li­gence. Nuland agreed. There’s no infor­ma­tion on what kind of places these diplo­mats vis­it­ed or what kind of intel­li­gence they are sus­pect­ed of col­lect­ing, but all par­ties involved have appar­ent­ly con­clud­ed that this must have been a Krem­lin cov­er action:

    ...
    But Nuland tes­ti­fied that while the Rus­sians were “a lit­tle less active” in Sep­tem­ber after the Oba­ma warn­ing, Russ­ian activ­i­ty picked up again in Octo­ber when the Rus­sians accel­er­at­ed their social media cam­paign using pho­ny Face­book ads and Twit­ter bots.

    “We saw an increase in what they were doing in social media,” Daniel agreed. “They shift­ed their focus.”

    Nuland also revealed, in response to ques­tions by Sen. Susan Collins, R‑Maine, anoth­er pre­vi­ous­ly unpub­li­cized dimen­sion to the Russ­ian attack. That sum­mer, Collins said, FBI offi­cials advised the com­mit­tee that Russ­ian diplo­mats were trav­el­ing around the coun­try in areas they were not — under diplo­mat­ic pro­to­cols — per­mit­ted to vis­it , appar­ent­ly to col­lect intel­li­gence. Asked by Collins if she believed this was part of the Russ­ian so-called active mea­sures attack on the elec­tion, Nuland respond­ed, “I do.”

    After the Novem­ber 2016 elec­tion, in which Trump defeat­ed Hillary Clin­ton, Oba­ma did impose new sanc­tions on Russia’s intel­li­gence ser­vices and expelled diplo­mats. But Nuland tes­ti­fied that most in the admin­is­tra­tion saw that as only a begin­ning of what need­ed to be done. “It’s fair to say that all of us in the process assumed what was done in Decem­ber and Jan­u­ary would be a start­ing point for what the incom­ing admin­is­tra­tion would then build on.”
    ...

    So now you know: Vic­to­ria Nuland, wife of Project for the New Amer­i­can Cen­tu­ry co-founder Robert Kagan, was help­ing to devel­op the US response to the hacks along with a num­ber of oth­er State Depart­ment offi­cials and she learned about the hacks in Decem­ber of 2015, months before the DNC itself belat­ed learned about it.

    Posted by Pterrafractyl | June 21, 2018, 3:17 pm
  21. Here’s an inter­est fol­lowup on the mys­tery behind the oper­a­tion set up by GOP financier Peter Smith to find and obtain Hillary Clin­ton’s hacked emails on the “dark web”. Recall how this oper­a­tion appears to have involved a num­ber of Trump cam­paign mem­bers ‑Michael Fly­nn, Steve Ban­non, Kellyanne Con­way, and Sam Clo­vis — accord­ing to the doc­u­ments incor­po­rat­ing one of the com­pa­nies set up for this oper­a­tion. Also recall how they reached out to Alt Right troll Charles John­son, who referred to oth­er Alt Right oper­a­tions with the same goal. John­son report­ed­ly advised Smith to con­tact Andrew ‘weev’ Auern­heimer about find­ing the emails.

    Such an oper­a­tion pre­sum­ably cost mon­ey to run espe­cial­ly if the hacked emails are dis­cov­ered and hack­ers are ask­ing for mon­ey. So it’s inter­est­ing to learn that the FBI and con­gres­sion­al inves­ti­ga­tors were look­ing into a num­ber of sus­pi­cious finan­cial trans­ac­tions done by Smith dur­ing this peri­od. Specif­i­cal­ly, it sounds like the inves­ti­ga­tors looked over the doc­u­ments pro­vid­ed by Smith’s bank, North­ern Trust, show­ing 88 sus­pi­cious cash with­drawals total­ing about $140,000 between Jan­u­ary 2016 and April 2017. The with­drawals were labeled “sus­pi­cious” when the pur­pose could­n’t be deter­mined.

    Keep in mind that Smith had sig­nif­i­cant enough health prob­lems that he he end­ed up com­mit­ting sui­cide last May, so there were prob­a­bly quite a few rea­sons for the guy to be with­draw­ing mon­ey once it was clear he was dying. But also recall that the sui­cide note he left indi­cat­ed that his health became prob­lem­at­ic in Jan­u­ary of 2017. So all those unex­plained cash with­drawals through­out 2016 can’t be eas­i­ly explained away by Smith’s ter­mi­nal ill­ness.

    Was all that $140,000 spent on this project to get Hillary’s emails? That’s unclear. Was some of the mon­ey used to pay hack­ers for infor­ma­tion? Well, accord­ing to a per­son with direct knowl­edge of Smith’s project, Smith stat­ed that he was pre­pared to pay hack­ers “many thou­sands of dol­lars” for Clinton’s emails — and ulti­mate­ly did so. So while we don’t know how much of that $140,000 was spent on this email project and we don’t know what it was spent on, it sure sounds like Smith’s oper­a­tion was spend­ing thou­sands of dol­lars to pay some­one for some­thing:

    Buz­zFeed News

    GOP Oper­a­tive Made “Sus­pi­cious” Cash With­drawals Dur­ing Pur­suit Of Clin­ton Emails
    Peter W. Smith with­drew $4,900 in cash the day after he final­ized a plan to work with “dark web” hack­ers.

    Jason Leopold
    Buz­zFeed News Reporter

    Antho­ny Cormi­er
    Buz­zFeed News Reporter

    Post­ed on August 10, 2018, at 5:22 p.m. ET

    In one of the most intrigu­ing episodes of the 2016 pres­i­den­tial cam­paign, Repub­li­can activist Peter W. Smith launched an inde­pen­dent effort to obtain Hillary Clinton’s emails to help defeat her and elect Don­ald Trump. His quest, which report­ed­ly brought him into con­tact with at least two sets of hack­ers that he him­self believed were Russ­ian, remains a key focus of inves­ti­ga­tions into whether the Trump cam­paign col­lud­ed with the Krem­lin.

    Now, Buz­zFeed News has reviewed doc­u­ments show­ing that FBI agents and con­gres­sion­al inves­ti­ga­tors have zeroed in on trans­ac­tions Smith made right as his effort to pro­cure Clinton’s emails heat­ed up. Just a day after he fin­ished a report sug­gest­ing he was work­ing with Trump cam­paign offi­cials, for exam­ple, he trans­ferred $9,500 from an account he had set up to fund the email project to his per­son­al account, lat­er tak­ing out more than $4,900 in cash. Accord­ing to a per­son with direct knowl­edge of Smith’s project, the Repub­li­can oper­a­tive stat­ed that he was pre­pared to pay hack­ers “many thou­sands of dol­lars” for Clinton’s emails — and ulti­mate­ly did so.

    Smith is dead, and his lawyer, for­mer busi­ness part­ner, and wife did not respond to numer­ous requests for an inter­view. The White House did not imme­di­ate­ly return a mes­sage seek­ing com­ment, but the pres­i­dent has fre­quent­ly denied col­lud­ing with Rus­sia and denounced spe­cial coun­sel Robert Mueller’s probe as a par­ti­san witch hunt. Smith said in a press inter­view that he was not part of the Trump cam­paign and was work­ing inde­pen­dent­ly.

    The mon­ey trail, made pub­lic here for the first time, sheds new light on Smith’s effort, in which he told peo­ple he was in touch with both Rus­sians on the dark web and Trump cam­paign offi­cials — par­tic­u­lar­ly Michael Fly­nn, who was then a top advis­er to the Trump cam­paign and lat­er served as nation­al secu­ri­ty advis­er before hav­ing to resign after mis­lead­ing White House offi­cials about his meet­ings with the Russ­ian ambas­sador to the Unit­ed States.

    Intel­li­gence agen­cies have giv­en the FBI infor­ma­tion that Russ­ian hack­ers talked about pass­ing Clinton’s emails to Fly­nn through a cutout, accord­ing to two law enforce­ment offi­cials with direct knowl­edge of the mat­ter. It is not known if that cutout was in any way con­nect­ed to Smith.

    The Wall Street Jour­nal, which spoke with Smith about 10 days before he killed him­self last year, broke the sto­ry about his oper­a­tion to obtain Clinton’s emails and his alleged con­nec­tions to Fly­nn. Smith’s obses­sion with the Clin­tons dates back at least to the 1990s, when he spent tens of thou­sands of dol­lars try­ing to expose Bill Clinton’s extra­mar­i­tal affairs. His attempt to pro­cure Hillary Clinton’s emails appar­ent­ly began in the sum­mer of 2016, around the time Trump secured the Repub­li­can nom­i­na­tion.

    Smith reached out to var­i­ous peo­ple he thought could help track down or authen­ti­cate the emails Clin­ton had rout­ed through a pri­vate serv­er in her home. One of those peo­ple was Matt Tait, a for­mer infor­ma­tion secu­ri­ty spe­cial­ist in Britain’s spy agency GCHQ, who was writ­ing pub­licly about a dif­fer­ent email hack, that of the Demo­c­ra­t­ic Nation­al Com­mit­tee.

    In a phone call in August, Smith told Tait that he believed Clinton’s pri­vate serv­er had been hacked by the Russ­ian gov­ern­ment and oth­ers, and that a per­son from the dark web had con­tact­ed him, claim­ing to have some of Clinton’s emails. Smith want­ed Tait to help ver­i­fy the emails, some­thing Tait said he refused to do.

    As Labor Day approached, Smith assem­bled a group of peo­ple includ­ing experts in tech­nol­o­gy, lawyers, and even a Russ­ian-speak­ing inves­ti­ga­tor to fig­ure out how to obtain Clinton’s emails, accord­ing to the Jour­nal. On the Fri­day before the Labor Day week­end, Smith incor­po­rat­ed a com­pa­ny called KLS Research. In a pro­pos­al Smith put togeth­er describ­ing the effort to obtain the emails, he named the com­pa­ny as the “pre­ferred vehi­cle” for the research into Clinton’s email, and Smith would tell Tait that KLS Research would also help “avoid cam­paign report­ing.”

    Smith and his long­time busi­ness part­ner, John Szoboc­san, were the two sign­ers for a bank account linked to KLS Research. The men were part­ners in oth­er pri­vate equi­ty ven­tures, and had known one anoth­er for decades. Tait wrote that Szoboc­san joined at least one of the calls with Smith. Nei­ther Szoboc­san nor his lawyer returned detailed mes­sages seek­ing com­ment.

    Soon after Labor Day, Smith appears to have fin­ished an oper­a­tional plan, which includ­ed the names of top Trump cam­paign offi­cials, some of whom have denied speak­ing with Smith any­time dur­ing the cam­paign. Smith’s report is dat­ed Sept. 7.

    The next day, Smith with­drew $9,500 from the KLS Research account and deposit­ed it into his per­son­al bank account, both held at North­ern Trust. From there, Smith took out a lit­tle more than $4,900 in cash and sent checks to an accoun­tant and an LLC con­trolled by a pri­vate real estate com­pa­ny. Lat­er in Sep­tem­ber, Smith made with­drawals of $500 and $700 from KLS Research.

    These trans­ac­tions came to light after North­ern Trust received a sub­poe­na from the FBI for Smith’s records last Decem­ber. The sub­poe­na specif­i­cal­ly sought infor­ma­tion about the $9,500 with­draw­al from KLS Research’s account.

    After scour­ing nine accounts that Smith con­trolled, North­ern Trust turned over doc­u­ments show­ing 88 sus­pi­cious cash with­drawals total­ing about $140,000 between Jan­u­ary 2016 and April 2017, includ­ing a $3,000 with­draw­al six days after the elec­tion. North­ern Trust found these trans­ac­tions sus­pi­cious because offi­cials could not deter­mine the pur­pose of the with­drawals and because some of them took place over the time Smith was engaged in his project to obtain Clinton’s emails. Many of the cash trans­ac­tions, the bank not­ed, were less than $10,000, small enough not to trig­ger an auto­mat­ic alert to the gov­ern­ment. After receiv­ing the sub­poe­na, the bank sent a report to Treasury’s finan­cial crimes unit, which shared its find­ings with the FBI, spe­cial coun­sel Robert Mueller, and Sen­ate Intel­li­gence Com­mit­tee inves­ti­ga­tors.

    By law, bankers must alert Trea­sury to trans­ac­tions that bear hall­marks of mon­ey laun­der­ing or oth­er finan­cial mis­con­duct. Such sus­pi­cious activ­i­ty reports can sup­port inves­ti­ga­tions and intel­li­gence gath­er­ing — but by them­selves they are not evi­dence of a crime, and many sus­pi­cious activ­i­ty reports are filed on trans­ac­tions that are per­fect­ly legal.

    A spokesper­son for North­ern Trust declined to com­ment.

    Now, accord­ing to the three US law enforce­ment offi­cials, Smith remains an impor­tant fig­ure in the gov­ern­men­t’s inves­ti­ga­tion. FBI and Sen­ate Intel­li­gence Com­mit­tee inves­ti­ga­tors are try­ing to fol­low the mon­ey to learn whether Smith paid any­one con­nect­ed with the Russ­ian gov­ern­ment. The FBI sus­pects Smith used some of the cash to fund his oper­a­tion and paid hack­ers who pro­vid­ed him emails, accord­ing to two bureau sources who told Buz­zFeed News that view is based on a close review of his bank­ing activ­i­ty and inter­views with oth­er peo­ple.

    Sep­a­rate­ly, inves­ti­ga­tors work­ing for spe­cial coun­sel Mueller have also inter­viewed peo­ple who Smith tried to recruit and oth­ers who worked on his oper­a­tion to obtain Clinton’s emails, accord­ing to the three law enforce­ment sources and a fourth per­son with direct knowl­edge of the inter­views. Mueller’s team has also tried to deter­mine if Fly­nn assist­ed Smith in his oper­a­tion, accord­ing to two FBI agents. They added that Smith’s sus­pi­cious finan­cial trans­ac­tions are key to that effort.

    Fly­nn and his attor­ney did not return phone calls or emails seek­ing com­ment. Kelsey Pietran­ton, an FBI spokesper­son, declined to com­ment, not­ing that it’s the bureau’s pol­i­cy to nei­ther con­firm nor deny the exis­tence of an inves­ti­ga­tion. A spokesper­son for Mueller’s office did not respond to a request for com­ment.

    In a first-per­son account pub­lished on the web­site Law­fare last year, Tait, the for­mer GCHQ infor­ma­tion secu­ri­ty offi­cer, said he warned Smith about the Clin­ton email oper­a­tion.

    “If this dark web con­tact is a front for the Russ­ian gov­ern­ment, you real­ly don’t want to play this game. But [Smith and Szoboc­san] were not dis­cour­aged. They appeared to be con­vinced of the need to obtain Clinton’s pri­vate emails and make them pub­lic, and they had a reck­less lack of inter­est in whether the emails came from a Russ­ian cut-out,” he wrote. “I nev­er found out who Smith’s con­tact on the ‘Dark Web’ was. It was nev­er clear to me whether this per­son was mere­ly some­one try­ing to dupe Smith out of his mon­ey, or a Russ­ian front, and it was nev­er clear to me how they rep­re­sent­ed their own cre­den­tials to Smith.”

    Smith, in his only press inter­view before he died, told the Jour­nal that he and his team found five groups of hack­ers who claimed to have Clinton’s emails, includ­ing two groups he said were Rus­sians.

    Smith also told the news­pa­per that he nev­er intend­ed to pay for emails obtained by hack­ers — a con­tention the per­son with direct knowl­edge of Smith’s plan dis­put­ed, say­ing Smith did pay for what he was told were Clinton’s emails. This source also said that Smith pur­pose­ly omit­ted any men­tion of pay­ing hack­ers from his writ­ten plan for the oper­a­tion.

    Smith’s quest to find Clinton’s emails appears to have fiz­zled. He nev­er released any of the email sam­ples he report­ed­ly received, because he could not ver­i­fy them. About 10 days after being inter­viewed by the Jour­nal, Smith went to a Min­neso­ta hotel room and killed him­self.

    ...

    ———-
    “GOP Oper­a­tive Made “Sus­pi­cious” Cash With­drawals Dur­ing Pur­suit Of Clin­ton Emails” by Jason Leopold and Antho­ny Cormi­er; Buz­zFeed News; 08/10/2018

    “In one of the most intrigu­ing episodes of the 2016 pres­i­den­tial cam­paign, Repub­li­can activist Peter W. Smith launched an inde­pen­dent effort to obtain Hillary Clinton’s emails to help defeat her and elect Don­ald Trump. His quest, which report­ed­ly brought him into con­tact with at least two sets of hack­ers that he him­self believed were Russ­ian, remains a key focus of inves­ti­ga­tions into whether the Trump cam­paign col­lud­ed with the Krem­lin.”

    Well that’s kind of good to year if true: Smith’s ques­tion for Hillary’s emails remain a “key focus of inves­ti­ga­tions.” Giv­en all the Trump-affil­i­at­ed peo­ple involved it would have been rather obscene if this was­n’t a key focus, as is also the case giv­en the sus­pi­cious tim­ing of some of these finan­cial trans­ac­tions. Espe­cial­ly giv­en that one of the peo­ple involved with the project is say­ing that Smith state he was pre­pared to pay the hack­ers “many thou­sands of dol­lars” for Hillary’s emails, and ulti­mate­ly did so:

    ...
    Now, Buz­zFeed News has reviewed doc­u­ments show­ing that FBI agents and con­gres­sion­al inves­ti­ga­tors have zeroed in on trans­ac­tions Smith made right as his effort to pro­cure Clinton’s emails heat­ed up. Just a day after he fin­ished a report sug­gest­ing he was work­ing with Trump cam­paign offi­cials, for exam­ple, he trans­ferred $9,500 from an account he had set up to fund the email project to his per­son­al account, lat­er tak­ing out more than $4,900 in cash. Accord­ing to a per­son with direct knowl­edge of Smith’s project, the Repub­li­can oper­a­tive stat­ed that he was pre­pared to pay hack­ers “many thou­sands of dol­lars” for Clinton’s emails — and ulti­mate­ly did so.

    ...

    Smith also told the news­pa­per that he nev­er intend­ed to pay for emails obtained by hack­ers — a con­tention the per­son with direct knowl­edge of Smith’s plan dis­put­ed, say­ing Smith did pay for what he was told were Clinton’s emails. This source also said that Smith pur­pose­ly omit­ted any men­tion of pay­ing hack­ers from his writ­ten plan for the oper­a­tion.
    ...

    One oth­er source of pos­si­ble expens­es that Smith would have had to spend mon­ey on is set­ting up the com­pa­ny to actu­al­ly car­ry out this work, KLS Research:

    ...
    Smith reached out to var­i­ous peo­ple he thought could help track down or authen­ti­cate the emails Clin­ton had rout­ed through a pri­vate serv­er in her home. One of those peo­ple was Matt Tait, a for­mer infor­ma­tion secu­ri­ty spe­cial­ist in Britain’s spy agency GCHQ, who was writ­ing pub­licly about a dif­fer­ent email hack, that of the Demo­c­ra­t­ic Nation­al Com­mit­tee.

    In a phone call in August, Smith told Tait that he believed Clinton’s pri­vate serv­er had been hacked by the Russ­ian gov­ern­ment and oth­ers, and that a per­son from the dark web had con­tact­ed him, claim­ing to have some of Clinton’s emails. Smith want­ed Tait to help ver­i­fy the emails, some­thing Tait said he refused to do.

    As Labor Day approached, Smith assem­bled a group of peo­ple includ­ing experts in tech­nol­o­gy, lawyers, and even a Russ­ian-speak­ing inves­ti­ga­tor to fig­ure out how to obtain Clinton’s emails, accord­ing to the Jour­nal. On the Fri­day before the Labor Day week­end, Smith incor­po­rat­ed a com­pa­ny called KLS Research. In a pro­pos­al Smith put togeth­er describ­ing the effort to obtain the emails, he named the com­pa­ny as the “pre­ferred vehi­cle” for the research into Clinton’s email, and Smith would tell Tait that KLS Research would also help “avoid cam­paign report­ing.”

    Smith and his long­time busi­ness part­ner, John Szoboc­san, were the two sign­ers for a bank account linked to KLS Research. The men were part­ners in oth­er pri­vate equi­ty ven­tures, and had known one anoth­er for decades. Tait wrote that Szoboc­san joined at least one of the calls with Smith. Nei­ther Szoboc­san nor his lawyer returned detailed mes­sages seek­ing com­ment.
    ...

    And it was mon­ey moved from KLS Research accounts to Smith’s per­son­al accounts that appear to have caught inves­ti­ga­tors’ atten­tion. Soon after Labor Day in 2016, Smith appar­ent­ly had an oper­a­tional plan for vet­ting and acquir­ing the emails he claimed were offered to him over the Dark Web by peo­ple he believed to be Rus­sians. That includ­ed a lit­tle more man than $4,900 sent to an LLC con­trolled by a pri­vate real estate com­pa­ny. So it would be inter­est­ing to learn the name of that com­pa­ny:

    ...
    Soon after Labor Day, Smith appears to have fin­ished an oper­a­tional plan, which includ­ed the names of top Trump cam­paign offi­cials, some of whom have denied speak­ing with Smith any­time dur­ing the cam­paign. Smith’s report is dat­ed Sept. 7.

    The next day, Smith with­drew $9,500 from the KLS Research account and deposit­ed it into his per­son­al bank account, both held at North­ern Trust. From there, Smith took out a lit­tle more than $4,900 in cash and sent checks to an accoun­tant and an LLC con­trolled by a pri­vate real estate com­pa­ny. Lat­er in Sep­tem­ber, Smith made with­drawals of $500 and $700 from KLS Research.
    ...

    And when Smith’s bank was sub­poe­naed, inves­ti­ga­tors learn about 88 sus­pi­cious trans­ac­tions, worth about $140,000, that Smith’s bank could­n’t find an rea­son for from Jan­u­ary 1 2016 to April 2017:

    ...
    These trans­ac­tions came to light after North­ern Trust received a sub­poe­na from the FBI for Smith’s records last Decem­ber. The sub­poe­na specif­i­cal­ly sought infor­ma­tion about the $9,500 with­draw­al from KLS Research’s account.

    After scour­ing nine accounts that Smith con­trolled, North­ern Trust turned over doc­u­ments show­ing 88 sus­pi­cious cash with­drawals total­ing about $140,000 between Jan­u­ary 2016 and April 2017, includ­ing a $3,000 with­draw­al six days after the elec­tion. North­ern Trust found these trans­ac­tions sus­pi­cious because offi­cials could not deter­mine the pur­pose of the with­drawals and because some of them took place over the time Smith was engaged in his project to obtain Clinton’s emails. Many of the cash trans­ac­tions, the bank not­ed, were less than $10,000, small enough not to trig­ger an auto­mat­ic alert to the gov­ern­ment. After receiv­ing the sub­poe­na, the bank sent a report to Treasury’s finan­cial crimes unit, which shared its find­ings with the FBI, spe­cial coun­sel Robert Mueller, and Sen­ate Intel­li­gence Com­mit­tee inves­ti­ga­tors.

    By law, bankers must alert Trea­sury to trans­ac­tions that bear hall­marks of mon­ey laun­der­ing or oth­er finan­cial mis­con­duct. Such sus­pi­cious activ­i­ty reports can sup­port inves­ti­ga­tions and intel­li­gence gath­er­ing — but by them­selves they are not evi­dence of a crime, and many sus­pi­cious activ­i­ty reports are filed on trans­ac­tions that are per­fect­ly legal.

    A spokesper­son for North­ern Trust declined to com­ment.
    ...

    And this is all why Smith is appar­ent­ly still an impor­tant fig­ure for inves­ti­ga­tors. We have all the ele­ments of the crime — claims of con­tact with hack­ers that alleged­ly had Hillary’s emails, shady finan­cial trans­ac­tions, and con­tacts with the Trump cam­paign — so it would be pret­ty amaz­ing if he was­n’t seen as an impor­tant fig­ure:

    ...
    Now, accord­ing to the three US law enforce­ment offi­cials, Smith remains an impor­tant fig­ure in the gov­ern­men­t’s inves­ti­ga­tion. FBI and Sen­ate Intel­li­gence Com­mit­tee inves­ti­ga­tors are try­ing to fol­low the mon­ey to learn whether Smith paid any­one con­nect­ed with the Russ­ian gov­ern­ment. The FBI sus­pects Smith used some of the cash to fund his oper­a­tion and paid hack­ers who pro­vid­ed him emails, accord­ing to two bureau sources who told Buz­zFeed News that view is based on a close review of his bank­ing activ­i­ty and inter­views with oth­er peo­ple.
    ...

    Unfor­tu­nate­ly, Smith com­mit­ted sui­cide and won’t be answer­ing any more ques­tion. But it sounds like Mueller’s team did inter­view oth­er peo­ple involved with Smith’s oper­a­tion, with an eye on deter­min­ing whether or not Michael Fly­nn was involved:

    ...
    Sep­a­rate­ly, inves­ti­ga­tors work­ing for spe­cial coun­sel Mueller have also inter­viewed peo­ple who Smith tried to recruit and oth­ers who worked on his oper­a­tion to obtain Clinton’s emails, accord­ing to the three law enforce­ment sources and a fourth per­son with direct knowl­edge of the inter­views. Mueller’s team has also tried to deter­mine if Fly­nn assist­ed Smith in his oper­a­tion, accord­ing to two FBI agents. They added that Smith’s sus­pi­cious finan­cial trans­ac­tions are key to that effort.

    Fly­nn and his attor­ney did not return phone calls or emails seek­ing com­ment. Kelsey Pietran­ton, an FBI spokesper­son, declined to com­ment, not­ing that it’s the bureau’s pol­i­cy to nei­ther con­firm nor deny the exis­tence of an inves­ti­ga­tion. A spokesper­son for Mueller’s office did not respond to a request for com­ment.

    In a first-per­son account pub­lished on the web­site Law­fare last year, Tait, the for­mer GCHQ infor­ma­tion secu­ri­ty offi­cer, said he warned Smith about the Clin­ton email oper­a­tion.

    “If this dark web con­tact is a front for the Russ­ian gov­ern­ment, you real­ly don’t want to play this game. But [Smith and Szoboc­san] were not dis­cour­aged. They appeared to be con­vinced of the need to obtain Clinton’s pri­vate emails and make them pub­lic, and they had a reck­less lack of inter­est in whether the emails came from a Russ­ian cut-out,” he wrote. “I nev­er found out who Smith’s con­tact on the ‘Dark Web’ was. It was nev­er clear to me whether this per­son was mere­ly some­one try­ing to dupe Smith out of his mon­ey, or a Russ­ian front, and it was nev­er clear to me how they rep­re­sent­ed their own cre­den­tials to Smith.”

    Smith, in his only press inter­view before he died, told the Jour­nal that he and his team found five groups of hack­ers who claimed to have Clinton’s emails, includ­ing two groups he said were Rus­sians.
    ...

    Con­sid­er­ing that Fly­nn has been a coop­er­at­ing wit­ness for the Mueller inves­ti­ga­tion, it’s going to be inter­est­ing to see what hap­pens if evi­dence that Fly­nn worked direct­ly on this oper­a­tion comes out while Fly­nn denies any involve­ment.

    Any­way, that all appears to indi­cate that Peter Smith’s oper­a­tion is still very much a top­ic of inter­est to inves­ti­ga­tors and those inves­ti­ga­tors have a num­ber of finan­cial trans­ac­tions to assist in that inves­ti­ga­tion.

    Of course, it would be absurd if inves­ti­ga­tors weren’t still look­ing into this. Along those lines, we still have no indi­ca­tion that the oth­er GOP oper­a­tion to obtain Hillary Clin­ton’s hacked emails on the dark web — the oper­a­tion involv­ing Bar­bara Ledeen, Newt Gin­grich, and Judi­cial Watch — is also still being looked into by inves­ti­ga­tors.

    Posted by Pterrafractyl | August 14, 2018, 3:08 pm
  22. There’s no short­age of spec­u­la­tion about the legal threat Michael Cohen presents to Pres­i­dent Trump fol­low­ing his recent deci­sion to ‘flip’ and offer to assist the Mueller inves­ti­ga­tion. And it’s well found­ed spec­u­la­tion. Cohen was appar­ent­ly deeply involved with every­thing from the Trump Tow­er Moscow ini­tia­tive led by Felix Sater to the Ukrain­ian ‘peace plan’ pro­pos­al (also led by Felix Sater).

    Then there’s Cohen’s famil­ial con­nec­tions. Like how his Ukrain­ian wife is the daugh­ter of some mob con­nect­ed Ukraini­ans. Cohen’s Uncle owned a club that was patron­ized by lead­ing Russ­ian and Ukrain­ian mafia fig­ures from the 70’s — 90’s. Cohen’s father-in-law, Felix Shus­ter­man, is a Ukrain­ian immi­grant to the US who was involved with the mafia and the Trump orga­ni­za­tion (Trump’s hir­ing of Cohen was seen as a favor to Shus­ter­man). And Cohen’s broth­er’s father-in-law was Alexan­der Oronov, the recent­ly deceased Ukrain­ian oli­garch with a num­ber of con­nec­tions to Ukrain­ian fig­ures includ­ing Andrii Artemeneko. Cohen clear­ly knows A LOT that could be of inter­est to any­one inves­ti­gat­ing #TrumpRus­sia.

    And as the fol­low­ing arti­cle notes, there’s one key area of the #TrumpRus­sia inves­ti­ga­tion that Cohen alleged­ly was inti­mate­ly involved with accord­ing to the Steele Dossier that would put Cohen at the cen­ter of the alleged con­spir­a­cy between the Trump cam­paign and the Krem­lin to col­lude over the hacks of the Democ­rats: The dossier alleged that Cohen took over the role of nego­ti­at­ing with the Krem­lin after Paul Man­afort left the Trump cam­paign in August of 2016, and that Cohen trav­eled to Prague in August or Sep­tem­ber of 2016 and met with Krem­lin rep­re­sen­ta­tives where they hashed out a deal to pay off the ‘Roman­ian hack­ers’ for the hacks.

    The arti­cle notes that there was a report back in April that the Mueller team had uncov­ered evi­dence of such a vis­it, but the arti­cle also notes that there’s been no fol­low­ing report­ing indi­cat­ing whether or not this report was true.

    So the ques­tion of whether or not Michael Cohen was in Prague in 2016 remains an open ques­tion. And as the fol­low arti­cle points out, Cohen’s attor­ney Lan­ny Davis recent­ly explic­it­ly denied that Cohen has ever trav­eled to Prague. So while Cohen appears to have had a sig­nif­i­cant change of heart in terms of his will­ing­ness to work with inves­ti­ga­tors, the ques­tion of whether or not Cohen will end up val­i­dat­ing or con­tra­dict­ing the Steele dossier alle­ga­tions about him appears to be at least some­what answered: he’s going to con­tra­dict the dossier’s claims. At least some of them.

    It’s also worth not­ing that, if the dossier’s claims about a meet­ing in Prague to work out the pay­ment to the hack­ers is true, that would be one of exam­ple of how this has to be one of the the stu­pid­est intel­li­gence oper­a­tions in his­to­ry. Think about it: the Krem­lin and the Trump team are engaged in a high stakes secret nego­ti­a­tion involv­ing the high pro­file hack­ing of the Democ­rats, and for some rea­son they decid­ed that these Russ­ian gov­ern­ment hack­ers need­ed to be paid off by the Trump team in order to exe­cute this extreme­ly risky oper­a­tion. Real­ly?! Why?! Why could­n’t the Russ­ian hack­er team get paid off by the Krem­lin like they are pre­sum­ably already being paid if they are Russ­ian gov­ern­ment hack­ers?

    Also recall how Mueller’s recent indict­ment of 12 GRU offi­cers over the hacks specif­i­cal­ly detailed how these offi­cers planned and exe­cut­ed the phish­ing cam­paigns and deploy­ment of the mal­ware (albeit, with scant claims of evi­dence to back up those detailed alle­ga­tions). There were no third-par­ty cut-out hack­ers ref­er­enced in the indict­ment. So if the Steele dossiers claims about Cohen going to Prague to nego­ti­ate a pay­out to the hack­ers is true, and those hack­ers were actu­al­ly GRU agents, that would defy log­ic unless the Krem­lin was actu­al­ly try­ing to goad the Trump team into cre­at­ing an evi­den­tiary trail to be fol­lowed lat­er. Which would be an odd thing to do of they were col­lud­ing with the Trump team in order to see a change in US pol­i­cy towards Rus­sia.

    So it’s going to be inter­est­ing to see what, if any, hack­ing relat­ed rev­e­la­tions emerge from Michael Cohen ‘flip­ping’. But giv­en that even the Mueller indict­ment itself con­tra­dicts the Steele dossier, we prob­a­bly should­n’t expect the new­ly coop­er­a­tive Cohen to con­firm many of that dossier’s alle­ga­tions:

    The Wash­ing­ton Post

    What might Michael Cohen tell Robert Mueller?

    By Philip Bump
    Nation­al cor­re­spon­dent
    August 22, 2018

    This arti­cle has been updat­ed.

    In the hours after Don­ald Trump’s for­mer attor­ney Michael Cohen plead­ed guilty to var­i­ous crimes on Tues­day, his attor­ney Lan­ny Davis appeared on a num­ber of tele­vi­sion shows and grant­ed oth­er inter­views cen­tered on a com­mon theme: Cohen has infor­ma­tion that could be of inter­est to spe­cial coun­sel Robert S. Mueller III.

    This isn’t by itself sur­pris­ing, of course. Cohen served the Trump Orga­ni­za­tion for years and Trump direct­ly dur­ing the cam­paign and for some months after­ward. Cohen has already impli­cat­ed Trump in efforts to vio­late cam­paign finance laws to cov­er up affairs in which Trump alleged­ly par­tic­i­pat­ed. That he might be will­ing and able to impli­cate him in oth­er ways comes as lit­tle shock.

    The ques­tion, though, is how. What infor­ma­tion might Cohen pos­sess that could help Mueller bet­ter under­stand how the Trump cam­paign might have inter­act­ed with Russ­ian inter­fer­ence efforts in 2016?

    The hints from Cohen and his allies

    Dur­ing his media blitz, Davis made one con­sis­tent claim. On MSNBC’s “Rachel Mad­dow Show,” Davis said Cohen had “knowl­edge about the com­put­er crime of hack­ing and whether or not Mr. Trump knew ahead of time about that crime and even cheered it on.” To The Wash­ing­ton Post, Davis elab­o­rat­ed some­what: “If there is a con­ver­sa­tion and a plan for there to be dirt on Hillary Clin­ton, and then some­one knows the way you’re will­ing to get the dirt is a Russ­ian agent called Wik­iLeaks ... and then Wik­iLeaks hacks into an email account, which is a crime, then you have com­mit­ted a crime of con­spir­a­cy.”

    This is all vague, which could be (as Davis claims) to pro­tect attor­ney-client priv­i­lege and could be (as skep­tics might claim) because Davis — a Demo­c­rat and Clin­ton ally — wants Mueller to give Cohen a deal in which the threat of prison time is removed. The asser­tion to Mad­dow could sim­ply result in a state­ment like, “No, Trump didn’t know about the hack­ing, though he did pub­licly cheer it on in a news con­fer­ence.” The claim Davis made to our Isaac Stan­ley-Beck­er about Wik­iLeaks includes an alle­ga­tion about pos­si­ble hack­ing by Wik­iLeaks, which comes from way out of the blue.

    Regard­less, maybe Cohen knows that Trump knew more about hack­ing efforts ear­li­er than he has claimed. Hard to say from Davis’s com­ments — but it’s also not hard to believe that he might have.

    We know, too, that Cohen has alleged (through inter­me­di­aries) that he has infor­ma­tion about Trump being aware of the June 2016 meet­ing at Trump Tow­er in advance. That alle­ga­tion emerged late last month and would be impor­tant for rea­sons that extend beyond reveal­ing Trump as hav­ing lied about his aware­ness of the meet­ing. Experts who’ve spo­ken with The Post note that it’s ille­gal for a cam­paign to accept things of val­ue from a for­eign actor, includ­ing neg­a­tive infor­ma­tion about a polit­i­cal oppo­nent. It’s ille­gal, too, to solic­it any such valu­able thing, a pro­hi­bi­tion that includes being aware of and encour­ag­ing a con­tri­bu­tion. If Trump knew about the meet­ing, he could be accused of hav­ing par­tic­i­pat­ed in a crim­i­nal con­spir­a­cy.

    It’s very unlike­ly Trump would be indict­ed on such a charge, espe­cial­ly giv­en how spec­u­la­tive it is. It’s worth not­ing that Cohen’s pre­sen­ta­tion of what hap­pened dur­ing the cam­paign falls into the same cat­e­go­ry: His reveal­ing that Trump was inti­mate­ly involved in deci­sions to pay hush mon­ey to the president’s alleged mis­tress­es almost cer­tain­ly wouldn’t result in crim­i­nal charges.

    We can spec­u­late in all sorts of ways about what Cohen might be able to offer. He was cen­tral­ly involved in many deci­sion made by Trump before and after the cam­paign. Real estate deals, busi­ness arrange­ments, pos­si­bly oth­er agree­ments with oth­er indi­vid­u­als over the years. Cohen may be more knowl­edge­able about cer­tain parts of Trump’s finances than Trump’s accoun­tants or than is revealed in Trump’s tax returns. It’s hard to know.

    Remem­ber, too, that Cohen’s tes­ti­mo­ny to Mueller would be impor­tant for anoth­er rea­son: It would add a new lay­er of under­stand­ing to a lot of what has been assert­ed by oth­er wit­ness­es. Cohen could describe his inter­ac­tions with Trump before the Trump Tow­er meet­ing in a way that makes clear that oth­er wit­ness­es had lied to inves­ti­ga­tors from the FBI, giv­ing them new lever­age over those wit­ness­es to try to get to the truth about what the cam­paign was up to.

    Or maybe Cohen knows some­thing even more square­ly in Mueller’s purview.

    What the dossier alleges

    Cohen is a promi­nent fig­ure in the dossier of reports writ­ten by for­mer British intel­li­gence offi­cer Christo­pher Steele, which was first pub­lished by Buz­zFeed last year. This dossier has become a focal point of ques­tions about Russ­ian inter­fer­ence and any coop­er­a­tion the Trump cam­paign may have pro­vid­ed. Trump’s defend­ers jus­ti­fi­ably point out that the dossier is full of alle­ga­tions for which there’s no out­side evi­dence. It is, in short, a col­lec­tion of things Steele heard from his sources meant to spur fur­ther inves­ti­ga­tion.

    ...

    Cohen, the reports claim, played “a key role in the secret TRUMP campaign/Kremlin rela­tion­ship.” The doc­u­ments allege that Cohen stepped into the role of pri­ma­ry liai­son with Rus­sia in August 2016 after Paul Man­afort resigned from the cam­paign fol­low­ing new reports about his rela­tion­ship with a pro-Russ­ian politi­cian in Ukraine. Cohen, a report from Octo­ber reads, “was heav­i­ly engaged in a cov­er up and dam­age lim­i­ta­tion oper­a­tion in the attempt to pre­vent the full details of [Trump’s] rela­tion­ship with Rus­sia being exposed.”

    Per “a Krem­lin insid­er” who spoke with Steele, Cohen met with “Krem­lin rep­re­sen­ta­tives” in August or Sep­tem­ber of that year in Prague. That alleged meet­ing may have tak­en place at Rossotrud­nich­est­vo, a Russ­ian cen­ter for sci­ence and cul­ture in the city. Atten­dees may have includ­ed Kon­stan­tin Kosachev, a mem­ber of the upper cham­ber of Russia’s leg­is­la­ture, and Oleg Solo­dukhin, who works for Rossotrud­nich­est­vo. Steele’s reports indi­cate that the meet­ing was orig­i­nal­ly sup­posed to be in Moscow, but that was judged too risky.

    Anoth­er report indi­cates that Cohen was accom­pa­nied by “3 col­leagues” to the meet­ing. The agen­da includ­ed ques­tions about how “deni­able cash pay­ments were to be made to hack­ers who had worked in Europe under Krem­lin direc­tion against the [Hillary Clin­ton] cam­paign and var­i­ous con­tin­gen­cies for cov­er­ing up these oper­a­tions and Moscow’s secret liai­son with the [Trump] team more gen­er­al­ly.” The dossier alleges that Cohen was aware of a com­pa­ny that had tar­get­ed Demo­c­ra­t­ic lead­ers by plant­i­ng bugs and steal­ing data. In the meet­ing, the two sides alleged­ly agreed to pro­tect that oper­a­tion and to have “Roman­ian hack­ers” be paid off and cease their work.

    We can over­lay any num­ber of the­o­ries onto this pre­sen­ta­tion of what might have hap­pened. The ini­tial release of files stolen from the Demo­c­ra­t­ic Nation­al Com­mit­tee involved a Russ­ian intel­li­gence offi­cer claim­ing to be Roman­ian, for exam­ple, though that was pub­licly known at the time of Steele’s report. The government’s descrip­tion of Cohen’s crimes released in con­junc­tion with his plea deal on Tues­day includes a reim­burse­ment to Cohen of $50,000 for “?’tech ser­vices,’ which in fact relat­ed to work COHEN had solicit­ed from a tech­nol­o­gy com­pa­ny dur­ing and in con­nec­tion with the cam­paign.” It’s not clear what that was.

    All of it, though, stems from Cohen hav­ing trav­eled to Prague in the late sum­mer of 2016. In April, McClatchy report­ed that Mueller’s team uncov­ered evi­dence of such a vis­it, but that hasn’t been oth­er­wise con­firmed.

    Obvi­ous­ly, Cohen might be able to do so.

    Update: That just got a lot more unlike­ly. In an inter­view with Bloomberg, Davis stat­ed flat­ly that Cohen “has nev­er been to Prague in his life.”

    The fairest assump­tion is that the dossier’s alle­ga­tions are more like­ly untrue than true. Cohen may not have any infor­ma­tion about any link between the Trump cam­paign and Rus­sia that’s more seri­ous than what’s known pub­licly. He may have infor­ma­tion that adds a lit­tle shad­ing to the pic­ture of what hap­pened but doesn’t offer any­thing earth-shat­ter­ing.

    On Tues­day, though, Cohen did make an unex­pect­ed asser­tion of remark­able sig­nif­i­cance: that Trump told him to take actions that vio­lat­ed cam­paign finance laws. It’s not out­side the realm of pos­si­bil­i­ty that he could offer some­thing sig­nif­i­cant to Mueller, too.

    ———-

    “What might Michael Cohen tell Robert Mueller?” by Philip Bump; The Wash­ing­ton Post; 08/22/2018

    “In the hours after Don­ald Trump’s for­mer attor­ney Michael Cohen plead­ed guilty to var­i­ous crimes on Tues­day, his attor­ney Lan­ny Davis appeared on a num­ber of tele­vi­sion shows and grant­ed oth­er inter­views cen­tered on a com­mon theme: Cohen has infor­ma­tion that could be of inter­est to spe­cial coun­sel Robert S. Mueller III.

    It was quite a tease: Lan­ny Davis goes on TV promis­ing that Michael Cohen has infor­ma­tion that could be of inter­est to Robert Mueller. Because of course he would. He’s Michael Cohen.

    One of the areas that Cohen could pro­vide some dev­as­tat­ing tes­ti­mo­ny against Trump is whether or not Trump per­son­al­ly knew about the noto­ri­ous June 9th, 2016, meet­ing involv­ing the Russ­ian del­e­ga­tion offer­ing ‘dirt’ on Hillary Clin­ton. And he alleged­ly does indeed have infor­ma­tion about whether or not Trump knew in advance:

    ...
    Regard­less, maybe Cohen knows that Trump knew more about hack­ing efforts ear­li­er than he has claimed. Hard to say from Davis’s com­ments — but it’s also not hard to believe that he might have.

    We know, too, that Cohen has alleged (through inter­me­di­aries) that he has infor­ma­tion about Trump being aware of the June 2016 meet­ing at Trump Tow­er in advance. That alle­ga­tion emerged late last month and would be impor­tant for rea­sons that extend beyond reveal­ing Trump as hav­ing lied about his aware­ness of the meet­ing. Experts who’ve spo­ken with The Post note that it’s ille­gal for a cam­paign to accept things of val­ue from a for­eign actor, includ­ing neg­a­tive infor­ma­tion about a polit­i­cal oppo­nent. It’s ille­gal, too, to solic­it any such valu­able thing, a pro­hi­bi­tion that includes being aware of and encour­ag­ing a con­tri­bu­tion. If Trump knew about the meet­ing, he could be accused of hav­ing par­tic­i­pat­ed in a crim­i­nal con­spir­a­cy.
    ...

    Keep in mind that the ques­tion of whether or not Trump knew in advance of this meet­ing was more or less answered by Trump him­self two days before the meet­ing. Recall how Trump gave a speech on June 7th, 2016, where he talked about how all sorts of new dirt on Hillary Clin­ton would be com­ing out soon. This was just two days before the June 9th meet­ing, and the orig­i­nal emails to Don­ald Trump, Jr. that set up the meet­ing explic­it­ly said the Russ­ian gov­ern­ment want­ed to hand over dirt on Hillary Clin­ton. So the cir­cum­stan­tial evi­dence that Trump at least thought this meet­ing was was going to involve the Russ­ian gov­ern­ment hand­ing over dirt on Hillary is pret­ty over­whelm­ing. The big ques­tion is what actu­al­ly tran­spired at that meet­ing and whether or not it involved the hacks.

    And then there’s the alle­ga­tions from the Steele dossier. Alle­ga­tions that Michael Cohen trav­eled to Prague in order to have a secret meet­ing with Krem­lin rep­re­sen­ta­tives where they dis­cussed hav­ing the Trump team pay off the “Roman­ian hack­ers”:

    ...
    What the dossier alleges

    Cohen is a promi­nent fig­ure in the dossier of reports writ­ten by for­mer British intel­li­gence offi­cer Christo­pher Steele, which was first pub­lished by Buz­zFeed last year. This dossier has become a focal point of ques­tions about Russ­ian inter­fer­ence and any coop­er­a­tion the Trump cam­paign may have pro­vid­ed. Trump’s defend­ers jus­ti­fi­ably point out that the dossier is full of alle­ga­tions for which there’s no out­side evi­dence. It is, in short, a col­lec­tion of things Steele heard from his sources meant to spur fur­ther inves­ti­ga­tion.

    ...

    Cohen, the reports claim, played “a key role in the secret TRUMP campaign/Kremlin rela­tion­ship.” The doc­u­ments allege that Cohen stepped into the role of pri­ma­ry liai­son with Rus­sia in August 2016 after Paul Man­afort resigned from the cam­paign fol­low­ing new reports about his rela­tion­ship with a pro-Russ­ian politi­cian in Ukraine. Cohen, a report from Octo­ber reads, “was heav­i­ly engaged in a cov­er up and dam­age lim­i­ta­tion oper­a­tion in the attempt to pre­vent the full details of [Trump’s] rela­tion­ship with Rus­sia being exposed.”

    Per “a Krem­lin insid­er” who spoke with Steele, Cohen met with “Krem­lin rep­re­sen­ta­tives” in August or Sep­tem­ber of that year in Prague. That alleged meet­ing may have tak­en place at Rossotrud­nich­est­vo, a Russ­ian cen­ter for sci­ence and cul­ture in the city. Atten­dees may have includ­ed Kon­stan­tin Kosachev, a mem­ber of the upper cham­ber of Russia’s leg­is­la­ture, and Oleg Solo­dukhin, who works for Rossotrud­nich­est­vo. Steele’s reports indi­cate that the meet­ing was orig­i­nal­ly sup­posed to be in Moscow, but that was judged too risky.

    Anoth­er report indi­cates that Cohen was accom­pa­nied by “3 col­leagues” to the meet­ing. The agen­da includ­ed ques­tions about how “deni­able cash pay­ments were to be made to hack­ers who had worked in Europe under Krem­lin direc­tion against the [Hillary Clin­ton] cam­paign and var­i­ous con­tin­gen­cies for cov­er­ing up these oper­a­tions and Moscow’s secret liai­son with the [Trump] team more gen­er­al­ly.” The dossier alleges that Cohen was aware of a com­pa­ny that had tar­get­ed Demo­c­ra­t­ic lead­ers by plant­i­ng bugs and steal­ing data. In the meet­ing, the two sides alleged­ly agreed to pro­tect that oper­a­tion and to have “Roman­ian hack­ers” be paid off and cease their work.

    We can over­lay any num­ber of the­o­ries onto this pre­sen­ta­tion of what might have hap­pened. The ini­tial release of files stolen from the Demo­c­ra­t­ic Nation­al Com­mit­tee involved a Russ­ian intel­li­gence offi­cer claim­ing to be Roman­ian, for exam­ple, though that was pub­licly known at the time of Steele’s report. The government’s descrip­tion of Cohen’s crimes released in con­junc­tion with his plea deal on Tues­day includes a reim­burse­ment to Cohen of $50,000 for “?’tech ser­vices,’ which in fact relat­ed to work COHEN had solicit­ed from a tech­nol­o­gy com­pa­ny dur­ing and in con­nec­tion with the cam­paign.” It’s not clear what that was.
    ...

    It’s also worth ask­ing why this dis­cus­sion of how to pay off the hack­ers (as absurd as that is) did­n’t come up dur­ing the June 9th meet­ing if that meet­ing was indeed about the hacked doc­u­ments. We can add far­ci­cal lev­els of inef­fi­cien­cy to the many far­ci­cal aspects of this alleged Krem­lin intel­li­gence oper­a­tion.

    And yet there was indeed a report from back in April say­ing that the Mueller team did indeed have evi­dence of Cohen mak­ing a trip to Prague. The only prob­lem is there’s been no fol­lowup on that report and Lan­ny Davis flat­ly denied it:

    ...
    All of it, though, stems from Cohen hav­ing trav­eled to Prague in the late sum­mer of 2016. In April, McClatchy report­ed that Mueller’s team uncov­ered evi­dence of such a vis­it, but that hasn’t been oth­er­wise con­firmed.

    Obvi­ous­ly, Cohen might be able to do so.

    Update: That just got a lot more unlike­ly. In an inter­view with Bloomberg, Davis stat­ed flat­ly that Cohen “has nev­er been to Prague in his life.”

    The fairest assump­tion is that the dossier’s alle­ga­tions are more like­ly untrue than true. Cohen may not have any infor­ma­tion about any link between the Trump cam­paign and Rus­sia that’s more seri­ous than what’s known pub­licly. He may have infor­ma­tion that adds a lit­tle shad­ing to the pic­ture of what hap­pened but doesn’t offer any­thing earth-shat­ter­ing.
    ...

    So if Cohen does end up becom­ing a sig­nif­i­cant wit­ness in this inves­ti­ga­tion, while con­tin­u­ing to con­tra­dict key claims about him in the Steele dossier, it’s going to be inter­est­ing to see how that affects that how the rest of the claims in that dossier are inter­pret­ed.

    It’s also going to be inter­est­ing to see how the inevitable future movies por­tray­ing the alleged events of the #TrumpRus­sia con­spir­a­cy depict this alleged­ly intel­li­gence oper­a­tion giv­en all the far­ci­cal aspects of it. Will it be por­trayed as far­ci­cal spy com­e­dy or a seri­ous spy movie that hap­pens to include one mas­sive intel­li­gence mis­take after anoth­er? We’ll see, but the spy farce scripts sort of writes them­selves at this point.

    Posted by Pterrafractyl | August 25, 2018, 3:21 pm
  23. Well that’s inter­est­ing: the US Sen­ate Intel­li­gence Com­mit­tee recent­ly released a report on its assess­ment of the role social media oper­a­tions alleged­ly direct­ed by the Krem­lin played in the 2016. The report was writ­ten by a small cyber secu­ri­ty firm, New Knowl­edge. New Knowl­edge’s co-founder, Ryan Fox, pre­vi­ous­ly worked the NSA and its oth­er co-founder, Jonathan Mor­gan, pre­vi­ous­ly served as a Spe­cial Advi­sor to the State Depart­ment.

    And now, just a few days after the release of this report, we learn about a dif­fer­ent report involv­ing New Knowl­edge. That’s the report of a secret effort to ‘study’ the impact of Russ­ian social media bots dur­ing the 2017 Sen­ate spe­cial elec­tion in Alaba­ma that saw Demo­c­rat Doug Jones eek out a vic­to­ry of Roy Moore after the wave of rev­e­la­tions about Moore’s his­to­ry of dat­ing young teenage girls as an adult. The ‘study’ alleged­ly focused on the under­stand­ing how the tac­tics used by Russ­ian social media manip­u­la­tion cam­paigns oper­at­ed.

    But what we’re learn­ing is that New Knowl­edge group may have actu­al­ly cre­at­ed a large num­ber of fake Russ­ian bot accounts and had them fol­low Roy Moore for the pur­pose of a cre­ate a ‘Russ­ian bots are help Moore’ meme to ener­gize Democ­rats and depress Repub­li­cans. Accord­ing to the report, “We orches­trat­ed an elab­o­rate ‘false flag’ oper­a­tion that plant­ed the idea that the Moore cam­paign was ampli­fied on social media by a Russ­ian bot­net.” In addi­tion, the report takes cred­it for “rad­i­cal­iz­ing Democ­rats with a Russ­ian bot scan­dal”. And it was indeed the case that Roy Moore’s cam­paign sud­den­ly expe­ri­ence a big spike on Twit­ter accounts seem­ing­ly orig­i­nat­ing from Rus­sia. Moore’s cam­paign blamed it on a dirty trick by Jones at the time.

    And while the report does­n’t admit to cre­at­ing those ‘Russ­ian bot’ twit­ter accounts in the report, there is evi­dence that the project had the capac­i­ty to direct thou­sands of fake twit­ter accounts. The evi­dence comes from anoth­er aspect of this project: the project cre­at­ed a fake Face­book page that posed as con­ser­v­a­tive Alabami­ans and use that page to endorse a third-par­ty con­ser­v­a­tive can­di­date. The par­tic­u­lar can­di­date the fake group endorsed was Mac Wat­son. Wat­son appar­ent­ly con­tact­ed the fake Face­book group and the group respond­ed by say­ing it would be inclined to sup­port Wat­son and agreed to “boost” his can­di­da­cy and was “treat­ed as an advi­sor and the go-to media con­tact for the write-in can­di­date.” The project claims it was what got inter­views in The Mont­gomery Adver­tis­er and the Wash­ing­ton Post for Wat­son’s cam­paign, so it sounds like it real­ly was work­ing to help the Wat­son cam­paign.

    Here’s the part that makes it appear that this group was cre­at­ing fake ‘Russ­ian bot’ accounts: short­ly after Wat­son agreed to work with this fake Face­book group, Wat­son’s twit­ter fol­low­ers jumped from about 100 to about 10,000. So it would appear that this group was in con­trol of thou­sands of fake twit­ter accounts.

    The project appears to have been financed by Reid Hoff­man, the bil­lion­aire co-founder of LinkedIn who tends to sup­port Democ­rats. Hoff­man was part of the “Pay Pal Mafia” of wealthy tech investors who were ini­tial­ly involved with Pay Pal (the com­pa­ny that earned fig­ures like Elon Musk and Peter Thiel their ini­tial wealth) The over­all bud­get for the project was around $100,000. It’s worth not­ing that, while Hoff­man sup­ports the Democ­rats, he’s the type of bil­lion­aire sup­port­er of the Democ­rats with a track record of scoff­ing at things like the New Deal and gov­ern­ment reg­u­la­tion.

    There’s no indi­ca­tion so far that that Jones’s cam­paign was involved in this and Jones is now call­ing for an inves­ti­ga­tion what New Knowl­edge was up to.

    So, to sum­ma­rize, the cyber­se­cu­ri­ty firm that wrote the Sen­ate Intel­li­gence Com­mit­tee’s recent report on the role Krem­lin dis­in­for­ma­tion oper­a­tions played in the 2016 elec­tion appears to have waged a dis­in­for­ma­tion oper­a­tion of its own pre­tend­ing to be a Krem­lin oper­a­tion. And that dis­in­for­ma­tion cam­paign may have involved the cre­ation of thou­sands of fake ‘Russ­ian bots’:

    The New York Times

    Secret Exper­i­ment in Alaba­ma Sen­ate Race Imi­tat­ed Russ­ian Tac­tics

    By Scott Shane and Alan Blind­er
    Dec. 19, 2018

    As Russia’s online elec­tion machi­na­tions came to light last year, a group of Demo­c­ra­t­ic tech experts decid­ed to try out sim­i­lar­ly decep­tive tac­tics in the fierce­ly con­test­ed Alaba­ma Sen­ate race, accord­ing to peo­ple famil­iar with the effort and a report on its results.

    The secret project, car­ried out on Face­book and Twit­ter, was like­ly too small to have a sig­nif­i­cant effect on the race, in which the Demo­c­ra­t­ic can­di­date it was designed to help, Doug Jones, edged out the Repub­li­can, Roy S. Moore. But it was a sign that Amer­i­can polit­i­cal oper­a­tives of both par­ties have paid close atten­tion to the Russ­ian meth­ods, which some fear may come to taint elec­tions in the Unit­ed States.

    One par­tic­i­pant in the Alaba­ma project, Jonathon Mor­gan, is the chief exec­u­tive of New Knowl­edge, a small cyber secu­ri­ty firm that wrote a scathing account of Russia’s social media oper­a­tions in the 2016 elec­tion that was released this week by the Sen­ate Intel­li­gence Com­mit­tee.

    An inter­nal report on the Alaba­ma effort, obtained by The New York Times, says explic­it­ly that it “exper­i­ment­ed with many of the tac­tics now under­stood to have influ­enced the 2016 elec­tions.”

    The project’s oper­a­tors cre­at­ed a Face­book page on which they posed as con­ser­v­a­tive Alabami­ans, using it to try to divide Repub­li­cans and even to endorse a write-in can­di­date to draw votes from Mr. Moore. It involved a scheme to link the Moore cam­paign to thou­sands of Russ­ian accounts that sud­den­ly began fol­low­ing the Repub­li­can can­di­date on Twit­ter, a devel­op­ment that drew nation­al media atten­tion.

    “We orches­trat­ed an elab­o­rate ‘false flag’ oper­a­tion that plant­ed the idea that the Moore cam­paign was ampli­fied on social media by a Russ­ian bot­net,” the report says.

    Mr. Mor­gan said in an inter­view that the Russ­ian bot­net ruse “does not ring a bell,” adding that oth­ers had worked on the effort and had writ­ten the report. He said he saw the project as “a small exper­i­ment” designed to explore how cer­tain online tac­tics worked, not to affect the elec­tion.

    Mr. Mor­gan said he could not account for the claims in the report that the project sought to “enrage and ener­gize Democ­rats” and “depress turnout” among Repub­li­cans, part­ly by empha­siz­ing accu­sa­tions that Mr. Moore had pur­sued teenage girls when he was a pros­e­cu­tor in his 30s.

    “The research project was intend­ed to help us under­stand how these kind of cam­paigns oper­at­ed,” said Mr. Mor­gan. “We thought it was use­ful to work in the con­text of a real elec­tion but design it to have almost no impact.”

    The project had a bud­get of just $100,000, in a race that cost approx­i­mate­ly $51 mil­lion, includ­ing the pri­maries, accord­ing to Fed­er­al Elec­tion Com­mis­sion records.

    But how­ev­er mod­est, the influ­ence effort in Alaba­ma may be a sign of things to come. Cam­paign vet­er­ans in both par­ties fear the Russ­ian exam­ple may set off a race to the bot­tom, in which can­di­dates choose social media manip­u­la­tion because they fear their oppo­nents will.

    “Some will do what­ev­er it takes to win,” said Dan Bayens, a Ken­tucky-based Repub­li­can con­sul­tant. “You’ve got Rus­sia, which showed folks how to do it, you’ve got con­sul­tants will­ing to engage in this type of behav­ior and polit­i­cal lead­ers who appar­ent­ly find it futile to stop it.”

    There is no evi­dence that Mr. Jones sanc­tioned or was even aware of the social media project. Joe Trip­pi, a sea­soned Demo­c­ra­t­ic oper­a­tive who served as a top advis­er to the Jones cam­paign, said he had noticed the Russ­ian bot swarm sud­den­ly fol­low­ing Mr. Moore on Twit­ter. But he said it was impos­si­ble that a $100,000 oper­a­tion had an impact on the race.

    Mr. Trip­pi said he was nonethe­less dis­turbed by the stealth oper­a­tion. “I think the big dan­ger is some­body in this cycle uses the dark arts of bots and social net­works and it works,” he said. “Then we’re in real trou­ble.”

    Despite its small size, the Alaba­ma project brought togeth­er some promi­nent names in the world of polit­i­cal tech­nol­o­gy. The fund­ing came from Reid Hoff­man, the bil­lion­aire co-founder of LinkedIn, who has sought to help Democ­rats catch up with Repub­li­cans in their use of online tech­nol­o­gy.

    The mon­ey passed through Amer­i­can Engage­ment Tech­nolo­gies, run by Mikey Dick­er­son, the found­ing direc­tor of the Unit­ed States Dig­i­tal Ser­vice, which was cre­at­ed dur­ing the Oba­ma admin­is­tra­tion to try to upgrade the fed­er­al government’s use of tech­nol­o­gy. Sara K. Hud­son, a for­mer Jus­tice Depart­ment fel­low now with Invest­ing in Us, a tech finance com­pa­ny part­ly fund­ed by Mr. Hoff­man, worked on the project, along with Mr. Mor­gan.

    A close col­lab­o­ra­tor of Mr. Hoff­man, Dmitri Mehlhorn, the founder of Invest­ing in Us, said in a state­ment that “our pur­pose in invest­ing in pol­i­tics and civic engage­ment is to strength­en Amer­i­can democ­ra­cy” and that while they do not “micro­man­age” the projects they fund, they are not aware of hav­ing financed projects that have used decep­tion. Mr. Dick­er­son declined to com­ment and Ms. Hud­son did not respond to queries.

    The Alaba­ma project got start­ed as Democ­rats were com­ing to grips with the Rus­sians’ weaponiz­ing of social media to under­mine the pres­i­den­tial cam­paign of Hillary Clin­ton and pro­mote Don­ald J. Trump.

    Mr. Mor­gan reached out at the time to Renée DiRes­ta, who would lat­er join New Knowl­edge and was lead author of the report on Russ­ian social media oper­a­tions released this week.

    “I know there were peo­ple who believed the Democ­rats need­ed to fight fire with fire,” Ms. DiRes­ta said, adding that she dis­agreed. “It was absolute­ly chat­ter going around the par­ty.”

    But she said Mr. Mor­gan sim­ply asked her for sug­ges­tions of online tac­tics worth test­ing. “My under­stand­ing was that they were going to inves­ti­gate to what extent they could grow audi­ences for Face­book pages using sen­sa­tion­al news,” she said.

    Mr. Mor­gan con­firmed that the project cre­at­ed a gener­ic page to draw con­ser­v­a­tive Alabami­ans — he said he couldn’t remem­ber its name — and that Mac Wat­son, one of mul­ti­ple write-in can­di­dates, con­tact­ed the page. “But we didn’t do any­thing on his behalf,” he said.

    The report, how­ev­er, says the Face­book page agreed to “boost” Mr. Watson’s cam­paign and stayed in reg­u­lar touch with him, and was “treat­ed as an advi­sor and the go-to media con­tact for the write-in can­di­date.’’ The report claims the page got him inter­views with The Mont­gomery Adver­tis­er and The Wash­ing­ton Post.

    Mr. Wat­son, who runs a patio sup­ply com­pa­ny in Auburn, Ala., con­firmed that he got some assis­tance from a Face­book page whose oper­a­tors seemed deter­mined to stay in the shad­ows.

    Of dozens of con­ser­v­a­tive Alabami­an-ori­ent­ed pages on Face­book that he wrote to, only one replied. “You are in a par­tic­u­lar­ly inter­est­ing posi­tion and from what we have read of your pol­i­tics, we would be inclined to endorse you,” the unnamed oper­a­tor of the page wrote. After Mr. Wat­son answered a sin­gle ques­tion about abor­tion rights as a sort of test, the page offered an endorse­ment, though no mon­ey.

    “They nev­er spent one red dime as far as I know on any­thing I did — they just kind of told their 400 fol­low­ers, ‘Hey, vote for this guy,’” Mr. Wat­son said.

    Mr. Wat­son nev­er spoke with the page’s author or authors by phone, and they declined a request for meet­ing. But he did notice some­thing unusu­al: his Twit­ter fol­low­ers sud­den­ly bal­looned from about 100 to about 10,000. The Face­book page’s oper­a­tors asked Mr. Wat­son whether he trust­ed any­one to set up a super PAC that could receive fund­ing and offered advice on how to sharp­en his appeal to dis­en­chant­ed Repub­li­can vot­ers.

    Short­ly before the elec­tion, the page sent him a mes­sage, wish­ing him luck.

    The report does not say whether the project pur­chased the Russ­ian bot Twit­ter accounts that sud­den­ly began to fol­low Mr. Moore. But it takes cred­it for “rad­i­cal­iz­ing Democ­rats with a Russ­ian bot scan­dal” and points to sto­ries on the phe­nom­e­non in the main­stream media. “Roy Moore flood­ed with fake Russ­ian Twit­ter fol­low­ers,” report­ed The New York Post.

    Inside the Moore cam­paign, offi­cials began to wor­ry about online inter­fer­ence.

    “We did have sus­pi­cions that some­thing odd was going on,” said Rich Hob­son, Mr. Moore’s cam­paign man­ag­er. Mr. Hob­son said that although he did not recall any hard evi­dence of inter­fer­ence, the cam­paign com­plained to Face­book about poten­tial chi­canery.

    ...

    When Elec­tion Day came, Mr. Jones became the first Alaba­ma Demo­c­rat elect­ed to the Sen­ate in a quar­ter of a cen­tu­ry, defeat­ing Mr. Moore by 21,924 votes in a race that drew more than 22,800 write-in votes. More than 1.3 mil­lion bal­lots were cast over all.

    Many of the write-in votes went to then-Attor­ney Gen­er­al Jeff Ses­sions, Con­doleez­za Rice — an Alaba­ma native and for­mer sec­re­tary of state — cer­tain pop­u­lar foot­ball coach­es and Jesus Christ. Mr. Wat­son drew just a few hun­dred votes.

    Mr. Wat­son noticed one oth­er odd­i­ty. The day after the vote, the Face­book page that had tak­en such an inter­est in him had van­ished.

    “It was a group that, like, hon­est to God, next day was gone,” said Mr. Wat­son.

    “It was weird,” he said. “The whole thing was weird.”

    ———-

    “Secret Exper­i­ment in Alaba­ma Sen­ate Race Imi­tat­ed Russ­ian Tac­tics” by Scott Shane and Alan Blind­er; The New York Times; 12/19/2018

    “An inter­nal report on the Alaba­ma effort, obtained by The New York Times, says explic­it­ly that it “exper­i­ment­ed with many of the tac­tics now under­stood to have influ­enced the 2016 elec­tions.””

    So the New York Times gets its hands on an inter­nal report by ‘the Alaba­ma project’, and we learn that it involved Jonathon Mor­gan, the CEO of New Knowl­edge, the same com­pa­ny that just wrote the Sen­ate Intel­li­gence Com­mit­tee’s report on Russ­ian social media med­dling. And Mor­gan reached out to Renée DiRes­ta, who would lat­er join New Knowl­edge and who was the lead author on the Sen­ate report:

    ...
    One par­tic­i­pant in the Alaba­ma project, Jonathon Mor­gan, is the chief exec­u­tive of New Knowl­edge, a small cyber secu­ri­ty firm that wrote a scathing account of Russia’s social media oper­a­tions in the 2016 elec­tion that was released this week by the Sen­ate Intel­li­gence Com­mit­tee.

    ...

    Mr. Mor­gan reached out at the time to Renée DiRes­ta, who would lat­er join New Knowl­edge and was lead author of the report on Russ­ian social media oper­a­tions released this week.

    “I know there were peo­ple who believed the Democ­rats need­ed to fight fire with fire,” Ms. DiRes­ta said, adding that she dis­agreed. “It was absolute­ly chat­ter going around the par­ty.”

    But she said Mr. Mor­gan sim­ply asked her for sug­ges­tions of online tac­tics worth test­ing. “My under­stand­ing was that they were going to inves­ti­gate to what extent they could grow audi­ences for Face­book pages using sen­sa­tion­al news,” she said.
    ...

    And in this project report, they explic­it­ly brag about orches­trat­ing “an elab­o­rate ‘false flag’ oper­a­tion that plant­ed the idea that the Moore cam­paign was ampli­fied on social media by a Russ­ian bot­net.” And yet Mor­gan is act­ing like he has no rec­ol­lec­tion of this and assures us that “The research project was intend­ed to help us under­stand how these kind of cam­paigns oper­at­ed.” So it appears that the spin for this false-flag Russ­ian oper­a­tion is to por­tray it as a research effort to under­stand how Russ­ian oper­a­tions work:

    ...

    The project’s oper­a­tors cre­at­ed a Face­book page on which they posed as con­ser­v­a­tive Alabami­ans, using it to try to divide Repub­li­cans and even to endorse a write-in can­di­date to draw votes from Mr. Moore. It involved a scheme to link the Moore cam­paign to thou­sands of Russ­ian accounts that sud­den­ly began fol­low­ing the Repub­li­can can­di­date on Twit­ter, a devel­op­ment that drew nation­al media atten­tion.

    “We orches­trat­ed an elab­o­rate ‘false flag’ oper­a­tion that plant­ed the idea that the Moore cam­paign was ampli­fied on social media by a Russ­ian bot­net,” the report says.

    Mr. Mor­gan said in an inter­view that the Russ­ian bot­net ruse “does not ring a bell,” adding that oth­ers had worked on the effort and had writ­ten the report. He said he saw the project as “a small exper­i­ment” designed to explore how cer­tain online tac­tics worked, not to affect the elec­tion.

    Mr. Mor­gan said he could not account for the claims in the report that the project sought to “enrage and ener­gize Democ­rats” and “depress turnout” among Repub­li­cans, part­ly by empha­siz­ing accu­sa­tions that Mr. Moore had pur­sued teenage girls when he was a pros­e­cu­tor in his 30s.

    “The research project was intend­ed to help us under­stand how these kind of cam­paigns oper­at­ed,” said Mr. Mor­gan. “We thought it was use­ful to work in the con­text of a real elec­tion but design it to have almost no impact.”

    The project had a bud­get of just $100,000, in a race that cost approx­i­mate­ly $51 mil­lion, includ­ing the pri­maries, accord­ing to Fed­er­al Elec­tion Com­mis­sion records.

    But how­ev­er mod­est, the influ­ence effort in Alaba­ma may be a sign of things to come. Cam­paign vet­er­ans in both par­ties fear the Russ­ian exam­ple may set off a race to the bot­tom, in which can­di­dates choose social media manip­u­la­tion because they fear their oppo­nents will.

    “Some will do what­ev­er it takes to win,” said Dan Bayens, a Ken­tucky-based Repub­li­can con­sul­tant. “You’ve got Rus­sia, which showed folks how to do it, you’ve got con­sul­tants will­ing to engage in this type of behav­ior and polit­i­cal lead­ers who appar­ent­ly find it futile to stop it.”
    ...

    But it does­n’t look like the project was lim­it­ed to “an elab­o­rate ‘false flag’ oper­a­tion that plant­ed the idea that the Moore cam­paign was ampli­fied on social media by a Russ­ian bot­net.” They also set up a face Face­book group of Alaba­ma con­ser­v­a­tives and tried to use it to pro­mote a third-par­ty con­ser­v­a­tive can­di­date. And when they found a can­di­date to back, Mac Wat­son, that can­di­date sud­den­ly saw his twit­ter fol­low­ing jump from 100 to 10,000 fol­low­ers. So the Alaba­ma project was clear­ly work­ing with thou­sands of fake Twit­ter accounts:

    ...
    Mr. Mor­gan con­firmed that the project cre­at­ed a gener­ic page to draw con­ser­v­a­tive Alabami­ans — he said he couldn’t remem­ber its name — and that Mac Wat­son, one of mul­ti­ple write-in can­di­dates, con­tact­ed the page. “But we didn’t do any­thing on his behalf,” he said.

    The report, how­ev­er, says the Face­book page agreed to “boost” Mr. Watson’s cam­paign and stayed in reg­u­lar touch with him, and was “treat­ed as an advi­sor and the go-to media con­tact for the write-in can­di­date.’’ The report claims the page got him inter­views with The Mont­gomery Adver­tis­er and The Wash­ing­ton Post.

    ...

    Mr. Wat­son nev­er spoke with the page’s author or authors by phone, and they declined a request for meet­ing. But he did notice some­thing unusu­al: his Twit­ter fol­low­ers sud­den­ly bal­looned from about 100 to about 10,000. The Face­book page’s oper­a­tors asked Mr. Wat­son whether he trust­ed any­one to set up a super PAC that could receive fund­ing and offered advice on how to sharp­en his appeal to dis­en­chant­ed Repub­li­can vot­ers.

    Short­ly before the elec­tion, the page sent him a mes­sage, wish­ing him luck.
    ...

    The report does­n’t indi­cate that the project was actu­al­ly behind the alleged Russ­ian bot accounts that sud­den­ly start­ed fol­low­ing Roy Moore. And we do know that the sto­ry of Russ­ian bots fol­low­ing Moore was indeed a new sto­ry at the time. But it’s hard to think of any oth­er mean­ing being the report’s boast­ing of exe­cut­ing “an elab­o­rate ‘false flag’ oper­a­tion that plant­ed the idea that the Moore cam­paign was ampli­fied on social media by a Russ­ian bot­net” than to inter­pret that as an admis­sion that those ‘Russ­ian bot’ accounts were actu­al­ly under the con­trol of New Knowl­edge:

    ...
    The report does not say whether the project pur­chased the Russ­ian bot Twit­ter accounts that sud­den­ly began to fol­low Mr. Moore. But it takes cred­it for “rad­i­cal­iz­ing Democ­rats with a Russ­ian bot scan­dal” and points to sto­ries on the phe­nom­e­non in the main­stream media. “Roy Moore flood­ed with fake Russ­ian Twit­ter fol­low­ers,” report­ed The New York Post.

    Inside the Moore cam­paign, offi­cials began to wor­ry about online inter­fer­ence.

    “We did have sus­pi­cions that some­thing odd was going on,” said Rich Hob­son, Mr. Moore’s cam­paign man­ag­er. Mr. Hob­son said that although he did not recall any hard evi­dence of inter­fer­ence, the cam­paign com­plained to Face­book about poten­tial chi­canery.
    ...

    Impor­tant­ly, it also appears that this oper­a­tion was being run inde­pen­dent­ly of the Jones cam­paign and the Demo­c­ra­t­ic par­ty. Instead, it was financed by Sil­i­con Val­ley bil­lion­aire Reid Hoff­man:

    ...
    There is no evi­dence that Mr. Jones sanc­tioned or was even aware of the social media project. Joe Trip­pi, a sea­soned Demo­c­ra­t­ic oper­a­tive who served as a top advis­er to the Jones cam­paign, said he had noticed the Russ­ian bot swarm sud­den­ly fol­low­ing Mr. Moore on Twit­ter. But he said it was impos­si­ble that a $100,000 oper­a­tion had an impact on the race.

    Mr. Trip­pi said he was nonethe­less dis­turbed by the stealth oper­a­tion. “I think the big dan­ger is some­body in this cycle uses the dark arts of bots and social net­works and it works,” he said. “Then we’re in real trou­ble.”

    Despite its small size, the Alaba­ma project brought togeth­er some promi­nent names in the world of polit­i­cal tech­nol­o­gy. The fund­ing came from Reid Hoff­man, the bil­lion­aire co-founder of LinkedIn, who has sought to help Democ­rats catch up with Repub­li­cans in their use of online tech­nol­o­gy.

    The mon­ey passed through Amer­i­can Engage­ment Tech­nolo­gies, run by Mikey Dick­er­son, the found­ing direc­tor of the Unit­ed States Dig­i­tal Ser­vice, which was cre­at­ed dur­ing the Oba­ma admin­is­tra­tion to try to upgrade the fed­er­al government’s use of tech­nol­o­gy. Sara K. Hud­son, a for­mer Jus­tice Depart­ment fel­low now with Invest­ing in Us, a tech finance com­pa­ny part­ly fund­ed by Mr. Hoff­man, worked on the project, along with Mr. Mor­gan.

    A close col­lab­o­ra­tor of Mr. Hoff­man, Dmitri Mehlhorn, the founder of Invest­ing in Us, said in a state­ment that “our pur­pose in invest­ing in pol­i­tics and civic engage­ment is to strength­en Amer­i­can democ­ra­cy” and that while they do not “micro­man­age” the projects they fund, they are not aware of hav­ing financed projects that have used decep­tion. Mr. Dick­er­son declined to com­ment and Ms. Hud­son did not respond to queries.

    The Alaba­ma project got start­ed as Democ­rats were com­ing to grips with the Rus­sians’ weaponiz­ing of social media to under­mine the pres­i­den­tial cam­paign of Hillary Clin­ton and pro­mote Don­ald J. Trump.
    ...

    It’s also worth not­ing that, despite spend­ing $100,000 on the project, their cho­sen third par­ty can­di­date only got a few hun­dred votes. So it does­n’t look like their face Russ­ian bot activ­i­ty was very suc­cess­ful:

    ...
    When Elec­tion Day came, Mr. Jones became the first Alaba­ma Demo­c­rat elect­ed to the Sen­ate in a quar­ter of a cen­tu­ry, defeat­ing Mr. Moore by 21,924 votes in a race that drew more than 22,800 write-in votes. More than 1.3 mil­lion bal­lots were cast over all.

    Many of the write-in votes went to then-Attor­ney Gen­er­al Jeff Ses­sions, Con­doleez­za Rice — an Alaba­ma native and for­mer sec­re­tary of state — cer­tain pop­u­lar foot­ball coach­es and Jesus Christ. Mr. Wat­son drew just a few hun­dred votes.

    Mr. Wat­son noticed one oth­er odd­i­ty. The day after the vote, the Face­book page that had tak­en such an inter­est in him had van­ished.
    ...

    Also recall that $100,000 was the pre­sumed bud­get of the Inter­net Research Agen­cy’s bud­get for pur­chas­ing Face­book ads in 2016.

    So it would appear there’s a much more to learn about what exact­ly New Knowl­edge was up to with its Alaba­ma Project dis­in­for­ma­tion cam­paign. After all, if it turns out the Russ­ian bots that sud­den­ly start­ed fol­low­ing Roy Moore were actu­al­ly under the con­trol of New Knowl­edge, that would raise the obvi­ous ques­tion of how many oth­er reports of Russ­ian bot activ­i­ty are actu­al­ly some oth­er group. Not that we did­n’t already know that spoof­ing ‘Russ­ian bots’ is a triv­ial exer­cise, but con­fir­ma­tion that such activ­i­ty is tak­ing place would still be new.

    It would also appear that the Sen­ate Intel­li­gence Com­mit­tee’s report on Russ­ian dis­in­for­ma­tion oper­a­tions in 2016 could prob­a­bly use a dis­in­for­ma­tion audit of its own.

    Posted by Pterrafractyl | December 20, 2018, 3:43 pm
  24. @Pterrafractyl–

    Bril­liant analy­sis, and couched very intel­li­gent­ly.

    The whole Russian/bot/twitter/Facebook/Instragam sup­posed IRA effort is sus­pect.

    Beyond that–I am going into the depth on the sub­ject of “Des­tiny Betrayed” to give peo­ple a real hands-on feel for the depth of lying that the Pow­ers That Be rou­tine­ly man­i­fest.

    Keep up the great work!

    Dave Emory

    Posted by Dave Emory | December 20, 2018, 3:55 pm
  25. Was Michael Cohen real­ly in Prague in 2016 for a clan­des­tine meet­ing with Krem­lin oper­a­tives, as was alleged in the Steele dossier? That’s the asser­tion of a recent McClatchy report. Specif­i­cal­ly, there are four sep­a­rate anony­mous sources telling McClatchy that Mueller’s probe does indeed have evi­dence that Michael Cohen was in Prague in August or Sep­tem­ber of 2016. All four sources inde­pen­dent­ly claim that evi­dence exists that Cohen’s cell­phone ‘pinged’ a cell tow­er in the Prague area dur­ing that time.

    In addi­tion, two of the sources claim that an unnamed East­ern Euro­pean intel­li­gence agency eaves­dropped on Russ­ian offi­cials talk­ing to each oth­er, where one Russ­ian offi­cial informed the oth­er that Cohen was in Prague.

    It’s a pret­ty explo­sive report. And if turns out it’s an accu­rate report it would go a long way towards estab­lish­ing the verac­i­ty of the Steele dossier, espe­cial­ly since the claims about Cohen’s alleged trip to Prague were among the first to be dis­put­ed.

    But as we’re going to see, this sto­ry and its explo­sive claims are already being met with skep­ti­cism. And we’re also going to see, the sources for this report appear to have been trust­ed sources that these reporters have been rely­ing on for a lot of oth­er #TrumpRus­sia reports. Plus, it does­n’t appear that the jour­nal­ists for this report have first hand knowl­edge of the evi­dence. Instead, they’ve talked to peo­ple who claim to have knowl­edge of the evi­dence. And no infor­ma­tion about when this cell phone tow­er ping event or the eaves­dropped con­ver­sa­tions took place. Although we are told that the cell phone evi­dence was only dis­cov­ered “some­time after Cohen appar­ent­ly made his way to the Czech Repub­lic”.

    If the alle­ga­tions are true it’s explo­sive for obvi­ous rea­sons. But if it turns out that this is anoth­er instance where “anony­mous sources” with intel­li­gence con­nec­tions are feed­ing what appears to be BS sto­ries to the press — like the sto­ry of Paul Man­afort mak­ing secret trips to the Lon­don embassy to vis­it with Julian Assange — that’s pret­ty explo­sive too because it rais­es the ques­tion of what oth­er sto­ries have relied on these same sources. So it’s a pret­ty explo­sive sto­ry whether or not it’s true:

    McClatchy

    Cell sig­nal puts Cohen out­side Prague around time of pur­port­ed Russ­ian meet­ing

    By Peter Stone and Greg Gor­don
    Decem­ber 27, 2018 10:36 AM, Updat­ed

    WASHINGTON

    A mobile phone traced to Pres­i­dent Don­ald Trump’s for­mer lawyer and “fix­er” Michael Cohen briefly sent sig­nals ric­o­chet­ing off cell tow­ers in the Prague area in late sum­mer 2016, at the height of the pres­i­den­tial cam­paign, leav­ing an elec­tron­ic record to sup­port claims that Cohen met secret­ly there with Russ­ian offi­cials, four peo­ple with knowl­edge of the mat­ter say.

    Dur­ing the same peri­od of late August or ear­ly Sep­tem­ber, elec­tron­ic eaves­drop­ping by an East­ern Euro­pean intel­li­gence agency picked up a con­ver­sa­tion among Rus­sians, one of whom remarked that Cohen was in Prague, two peo­ple famil­iar with the inci­dent said.

    The phone and sur­veil­lance data, which have not pre­vi­ous­ly been dis­closed, lend new cre­dence to a key part of a for­mer British spy’s dossier of Krem­lin intel­li­gence describ­ing pur­port­ed coor­di­na­tion between Trump’s cam­paign and Russia’s elec­tion med­dling oper­a­tion.

    The dossier, which Trump has dis­missed as “a pile of garbage,” said Cohen and one or more Krem­lin offi­cials hud­dled in or around the Czech cap­i­tal to plot ways to lim­it dis­cov­ery of the close “liai­son” between the Trump cam­paign and Rus­sia.

    The new infor­ma­tion regard­ing the recov­ery of Cohen’s cell phone loca­tion doesn’t explain why he was appar­ent­ly there or who he was meet­ing with, if any­one. But it adds to evi­dence that Cohen was in or near Prague around the time of the sup­posed meet­ing.

    Both of the new­ly sur­faced for­eign elec­tron­ic intel­li­gence inter­cepts were shared with Spe­cial Coun­sel Robert Mueller, peo­ple famil­iar with the mat­ter said. Mueller is inves­ti­gat­ing Russia’s 2016 elec­tion inter­fer­ence and whether Trump’s cam­paign col­lud­ed in the scheme. Mueller also is exam­in­ing whether Trump has obstruct­ed the sweep­ing inquiry.

    McClatchy report­ed in April 2018 that Mueller had obtained evi­dence Cohen trav­eled to Prague from Ger­many in late August or ear­ly Sep­tem­ber of 2016, but it could not be learned how that infor­ma­tion was gleaned.

    Cohen has been coop­er­at­ing with Mueller’s inves­ti­ga­tion since he plead­ed guilty on Aug. 21 to charges of bank fraud, tax fraud and cam­paign finance law vio­la­tions. He lat­er plead­ed guilty to one count of lying to Con­gress, and was sen­tenced in ear­ly Decem­ber to three years in prison.

    If the for­eign intel­li­gence inter­cepts are accu­rate, the big ques­tions now are whether Cohen has acknowl­edged to inves­ti­ga­tors that a meet­ing in Prague occurred, informed them what tran­spired and revealed what, if any­thing, he told Trump about it.

    Four peo­ple spoke with McClatchy on con­di­tion of anonymi­ty due to the sen­si­tiv­i­ty of infor­ma­tion shared by their for­eign intel­li­gence con­nec­tions. Each obtained their infor­ma­tion inde­pen­dent­ly from for­eign intel­li­gence con­nec­tions.

    Peter Carr, a spokesman for Mueller’s office, declined to com­ment about the elec­tron­ic evi­dence.

    Cohen gained a rep­u­ta­tion as Trump’s “fix­er” dur­ing more than a decade work­ing as a lawyer for the bil­lion­aire real estate devel­op­er. He has vehe­ment­ly denied that he ever trav­eled to Prague, but it’s unknown what he has told Mueller’s team.

    More recent­ly, Cohen has avoid­ed dis­cussing Mueller’s inquiry, say­ing he does not “want to jeop­ar­dize the inves­ti­ga­tion.”

    Cohen’s spokesman, Lan­ny Davis, reit­er­at­ed his client’s denials about Prague in a phone inter­view this week.

    Cohen “has said one mil­lion times he was nev­er in Prague,” Davis said. “One mil­lion and one times. He’s nev­er been to Prague. … He’s nev­er been to the Czech Repub­lic.”

    Davis, a long­time Demo­c­ra­t­ic polit­i­cal oper­a­tive, declined to com­ment about the new for­eign intel­li­gence.

    Davis, how­ev­er, is no longer part of Cohen’s legal team. He acknowl­edged that he has not been ful­ly briefed on what Cohen has told Mueller’s inves­tiga­tive staff in some 70 hours of inter­views dat­ing to last August, when Cohen plead­ed guilty. Ear­li­er this month, Mueller advised Cohen’s sen­tenc­ing judge that Cohen has pro­vid­ed sub­stan­tial assis­tance in four areas, includ­ing in “core” areas of the Rus­sia inquiry. Mueller did not elab­o­rate.

    Mueller has already secured indict­ments accus­ing 25 Rus­sians of unleash­ing a cyber broad­side at the Unit­ed States, includ­ing the hack­ing and pub­lic release of top Democ­rats’ emails and cir­cu­la­tion of a flood of pho­ny and harsh­ly crit­i­cal social media mes­sages about Trump’s oppo­nent, Demo­c­rat Hillary Clin­ton. The spe­cial coun­sel has yet to charge any Trump sur­ro­gates or allies with col­lud­ing in the Russ­ian offen­sive, though sev­er­al top cam­paign aides have also cut plea deals for unre­lat­ed crimes in return for their coop­er­a­tion in the inquiry.

    For­mer Water­gate pros­e­cu­tor Jill Wine-Banks said that if dis­clo­sures of the for­eign intel­li­gence inter­cepts are true, “This is a very sig­nif­i­cant break, because it looks like a direct link between Don­ald Trump’s per­son­al fix­er and Rus­sians most like­ly involved in the dis­rup­tion of our elec­tion.”

    “It would prove that lying was going on, not only about being in Prague, but much beyond the Prague episode,” she said.

    Steele’s dossier, a com­pi­la­tion of intel­li­gence from his net­work of Krem­lin sources, is full of uncor­rob­o­rat­ed details about the pur­port­ed meet­ing.

    It said Kon­stan­tin Kosachev, a long­time mem­ber of the Russ­ian Sen­ate and chair­man of the Fed­er­a­tion Council’s For­eign Affairs Com­mit­tee, “facil­i­tat­ed” the gath­er­ing.

    Steele report­ed that Kosachev may well have rep­re­sent­ed the Rus­sians in Prague, where he had exten­sive ties. But Mike Car­pen­ter, a for­mer Rus­sia spe­cial­ist at the Pen­ta­gon under Pres­i­dent Barack Oba­ma, said that seems unlike­ly – about “as dis­creet as send­ing (Sec­re­tary of State) Mike Pom­peo to meet with an infor­mant on a sen­si­tive issue.”

    Kosachev has pub­licly denied trav­el­ing to Prague in 2016.

    Among the goals of the meet­ing, the dossier said, was to lim­it neg­a­tive news reports about the Rus­sia-friend­ly rela­tion­ships of two Trump cam­paign aides— for­eign pol­i­cy advis­er Carter Page and just-oust­ed cam­paign Chair­man Paul Man­afort — and to ensure that Euro­pean hack­ers were paid and told to “lie low.”

    While the for­eign intel­li­gence about Cohen does not con­firm a meet­ing even occurred, it pro­vides evi­dence that he trav­eled to the Czech Repub­lic, where the sources said his phone was momen­tar­i­ly acti­vat­ed to down­load emails or oth­er data.

    Cohen’s denials about Prague stand in the face of court admis­sions that have dam­aged his cred­i­bil­i­ty.

    In his sec­ond guilty plea in late Novem­ber, he con­fessed to a sin­gle count of lying to Con­gress in deny­ing that he had con­tact after Jan­u­ary 2016 with Rus­sians in pur­suit of a long-sought Trump-brand­ed hotel in Moscow. Cohen now acknowl­edges his con­tacts with Rus­sians about the hotel con­tin­ued for near­ly six more months while Trump wrapped up the Repub­li­can pres­i­den­tial nom­i­na­tion.

    The most pub­li­cized charges in his ear­li­er guilty plea in New York last August relat­ed to hush mon­ey pay­ments he arranged days before the elec­tion for two women who were about to pub­licly allege they had sex with Trump. Cohen kept the pay­ments secret for more than a year after the elec­tion.

    ...

    Davis said he hopes that, after Mueller has com­plet­ed his inves­ti­ga­tion, Cohen “will be able to tell his sto­ry about Don­ald Trump and what caused him to change his mind about work­ing for Trump and telling the truth about Trump … Then he’ll be able to talk about all the rea­sons why he believes Trump is a dan­ger­ous man to be pres­i­dent.”

    Anoth­er for­mer Water­gate pros­e­cu­tor, Nick Aker­man, said Davis’ denials about a Prague trip can’t be tak­en too seri­ous­ly because it would be “stan­dard for Mueller to tell Cohen and his lawyers not to dis­cuss pub­licly the details” of the inves­ti­ga­tion.

    Cohen and Trump grad­u­al­ly became estranged after Trump’s elec­tion vic­to­ry, and they sev­ered ties entire­ly last May, as mul­ti­ple inves­ti­ga­tions into Cohen’s activ­i­ties heat­ed up.

    The cell phone evi­dence, the sources said, was dis­cov­ered some­time after Cohen appar­ent­ly made his way to the Czech Repub­lic.

    The records show that the brief acti­va­tion from Cohen’s phone near Prague sent bea­cons that left a trace­able elec­tron­ic sig­na­ture, said the four sources.

    Mueller’s inves­ti­ga­tors, some of whom have met with Steele, like­ly also pur­sued Cohen’s cell phone records. It would be a com­mon ear­ly step in such an inves­ti­ga­tion for a pros­e­cu­tor to obtain a court war­rant for all U.S. and for­eign phone com­pa­ny records of key sub­jects, even those dat­ing back more than 18 months.

    Such data might enable inves­ti­ga­tors to track Cohen’s where­abouts when­ev­er the phone was in his pos­ses­sion, even if it was turned off, said sev­er­al experts, includ­ing a for­mer senior Jus­tice Depart­ment offi­cial who declined to be iden­ti­fied.

    These offi­cials said intel­li­gence agen­cies and fed­er­al inves­ti­ga­tors often can exam­ine elec­tron­ic records to trace the loca­tion of a cell phone or any oth­er device send­ing sig­nals over phone lines or the Inter­net, so long as the data was still stored by phone car­ri­ers or cell phone man­u­fac­tur­ers that offer loca­tion-track­ing ser­vices, such as Apple and Google.

    Jan Neu­mann, the assumed name of a for­mer Russ­ian intel­li­gence offi­cer who defect­ed to the Unit­ed States years ago, said that Cohen’s elec­tron­ic cell tow­er trail appears to reflect slop­py “trade­craft.”

    “You can mon­i­tor and con­trol cell phones in Europe same as you do it here in US,” Neu­mann told McClatchy. “As long as the bat­tery is phys­i­cal­ly locat­ed in the phone, even when it’s turned off, the mobile phone’s approx­i­mate loca­tion can be detect­ed and tracked. Any attempt to use an app, to get mail, send texts, con­nect to a Wifi net­work, your phone and your loca­tion will be detect­ed.”

    “It would not be very pro­fes­sion­al to take your phone to a secret meet­ing,” said Neu­mann, who has con­sult­ed for the U.S. intel­li­gence com­mu­ni­ty. In this case, he said, “it would be more log­i­cal to leave it turned on and con­nect­ed to a WIFI net­work in a hotel in Ger­many.”

    It was dur­ing the same late August-ear­ly Sep­tem­ber time span in 2016 that an East­ern Euro­pean intel­li­gence agency eaves­dropped on a con­ver­sa­tion in which a Russ­ian offi­cial advised anoth­er that Cohen was in Prague, two of the sources said.

    The sources could not defin­i­tive­ly pin down the date or dates that the intel­li­gence indi­cat­ed Cohen was in the vicin­i­ty of Prague. Cohen has insist­ed that he was in South­ern Cal­i­for­nia with his son from Aug. 23–29, 2016, but his pub­lic ali­bis have not been so air­tight as to pre­clude flights to and from Europe dur­ing the rel­e­vant peri­od.

    Even if Cohen has told inves­ti­ga­tors about a furtive meet­ing in Prague, it could be dif­fi­cult for Mueller to cor­rob­o­rate his sto­ry. Any Rus­sians with whom he met are like­ly out of the reach of U.S. law enforce­ment offi­cials, because the Unit­ed States has no extra­di­tion treaty with Moscow.

    If Cohen indeed made the jour­ney to the Czech Repub­lic, one lin­ger­ing mys­tery is how he entered Europe’s visa-free, 29-nation Schen­gen area with­out detec­tion. While those coun­tries’ open-bor­der arrange­ments would have spared Cohen from hav­ing to pro­duce a visa to trav­el between Ger­many and Prague, U.S. and Euro­pean author­i­ties should have a record if he took a trip to Europe. Those records are not pub­lic.

    ...

    ———-

    “Cell sig­nal puts Cohen out­side Prague around time of pur­port­ed Russ­ian meet­ing” by Peter Stone and Greg Gor­don; McClatchy; 12/27/2018

    “A mobile phone traced to Pres­i­dent Don­ald Trump’s for­mer lawyer and “fix­er” Michael Cohen briefly sent sig­nals ric­o­chet­ing off cell tow­ers in the Prague area in late sum­mer 2016, at the height of the pres­i­den­tial cam­paign, leav­ing an elec­tron­ic record to sup­port claims that Cohen met secret­ly there with Russ­ian offi­cials, four peo­ple with knowl­edge of the mat­ter say.”

    So this report is based on four anony­mous sources “with knowl­edge of the mat­ter”. And each of those four sources “obtained their infor­ma­tion inde­pen­dent­ly from for­eign intel­li­gence con­nec­tions”:

    ...
    Four peo­ple spoke with McClatchy on con­di­tion of anonymi­ty due to the sen­si­tiv­i­ty of infor­ma­tion shared by their for­eign intel­li­gence con­nec­tions. Each obtained their infor­ma­tion inde­pen­dent­ly from for­eign intel­li­gence con­nec­tions.
    ...

    And while we are giv­en no infor­ma­tion about which for­eign intel­li­gence agen­cies informed these sources about these alle­ga­tions, we are told from two sources that the eaves­drop­ping that picked up the con­ver­sa­tions between Russ­ian offi­cials that men­tioned Cohen being in Prague was East­ern Euro­pean:

    ...
    Dur­ing the same peri­od of late August or ear­ly Sep­tem­ber, elec­tron­ic eaves­drop­ping by an East­ern Euro­pean intel­li­gence agency picked up a con­ver­sa­tion among Rus­sians, one of whom remarked that Cohen was in Prague, two peo­ple famil­iar with the inci­dent said.
    ...

    Might this be a Ukrain­ian intel­li­gence agency that claims to have this eaves­dropped con­ver­sa­tion? That seems like a pret­ty big ques­tion that needs answer­ing.

    So all four of these anony­mous sources back up the claim about the cell phone tow­er ping­ing, and two of them back up the claim about the eaves­dropped Russ­ian con­ver­sa­tion which comes from an East­ern Euro­pean intel­li­gence agency. Might this East­ern Euro­pean intel­li­gence agency be the same source for the claims about the cell phone tow­er ping­ing? Might that also be Ukraine?

    The cell phone evi­dence was only dis­cov­ered after the fact, so it was pre­sum­ably some­how stored in the logs of either the phone car­ri­er Cohen used or from the cell phone man­u­fac­tur­er. And as the arti­cle notes, that kind of infor­ma­tion is exact­ly the kind of infor­ma­tion the Mueller probe would have like­ly already request­ed a long time ago. So if it turns out that this cell phone data is that kind of thing that Mueller’s team could have the­o­ret­i­cal­ly obtained, the fact that we’re only hear­ing about these alle­ga­tions at this late point rais­es more ques­tions about the accu­ra­cy of these alle­ga­tions:

    ...
    While the for­eign intel­li­gence about Cohen does not con­firm a meet­ing even occurred, it pro­vides evi­dence that he trav­eled to the Czech Repub­lic, where the sources said his phone was momen­tar­i­ly acti­vat­ed to down­load emails or oth­er data.

    ...

    The cell phone evi­dence, the sources said, was dis­cov­ered some­time after Cohen appar­ent­ly made his way to the Czech Repub­lic.

    The records show that the brief acti­va­tion from Cohen’s phone near Prague sent bea­cons that left a trace­able elec­tron­ic sig­na­ture, said the four sources.

    Mueller’s inves­ti­ga­tors, some of whom have met with Steele, like­ly also pur­sued Cohen’s cell phone records. It would be a com­mon ear­ly step in such an inves­ti­ga­tion for a pros­e­cu­tor to obtain a court war­rant for all U.S. and for­eign phone com­pa­ny records of key sub­jects, even those dat­ing back more than 18 months.

    Such data might enable inves­ti­ga­tors to track Cohen’s where­abouts when­ev­er the phone was in his pos­ses­sion, even if it was turned off, said sev­er­al experts, includ­ing a for­mer senior Jus­tice Depart­ment offi­cial who declined to be iden­ti­fied.

    These offi­cials said intel­li­gence agen­cies and fed­er­al inves­ti­ga­tors often can exam­ine elec­tron­ic records to trace the loca­tion of a cell phone or any oth­er device send­ing sig­nals over phone lines or the Inter­net, so long as the data was still stored by phone car­ri­ers or cell phone man­u­fac­tur­ers that offer loca­tion-track­ing ser­vices, such as Apple and Google.
    ...

    Then there’s a ques­tion of why there are no flight records for Cohen dur­ing that peri­od. McClatchy had anoth­er report back in April of 2018, also based on anony­mous sources, claim­ing that Mueller’s team already had evi­dence that Cohen specif­i­cal­ly trav­eled from Ger­many to Prague dur­ing this time. As the arti­cle notes, US and Euro­pean author­i­ties should have a record if Cohen flew to Europe dur­ing this time. And yet flight records indi­cat­ing Cohen flew into Ger­many dur­ing this time have yet to emerge and the sources for this report can’t give a set of spe­cif­ic dates when Cohen was sup­pos­ed­ly in Prague:

    ...
    McClatchy report­ed in April 2018 that Mueller had obtained evi­dence Cohen trav­eled to Prague from Ger­many in late August or ear­ly Sep­tem­ber of 2016, but it could not be learned how that infor­ma­tion was gleaned.

    ...

    The sources could not defin­i­tive­ly pin down the date or dates that the intel­li­gence indi­cat­ed Cohen was in the vicin­i­ty of Prague. Cohen has insist­ed that he was in South­ern Cal­i­for­nia with his son from Aug. 23–29, 2016, but his pub­lic ali­bis have not been so air­tight as to pre­clude flights to and from Europe dur­ing the rel­e­vant peri­od.

    Even if Cohen has told inves­ti­ga­tors about a furtive meet­ing in Prague, it could be dif­fi­cult for Mueller to cor­rob­o­rate his sto­ry. Any Rus­sians with whom he met are like­ly out of the reach of U.S. law enforce­ment offi­cials, because the Unit­ed States has no extra­di­tion treaty with Moscow.

    If Cohen indeed made the jour­ney to the Czech Repub­lic, one lin­ger­ing mys­tery is how he entered Europe’s visa-free, 29-nation Schen­gen area with­out detec­tion. While those coun­tries’ open-bor­der arrange­ments would have spared Cohen from hav­ing to pro­duce a visa to trav­el between Ger­many and Prague, U.S. and Euro­pean author­i­ties should have a record if he took a trip to Europe. Those records are not pub­lic.
    ...

    So sig­nif­i­cant gaps remain in the evi­dence we are told inves­ti­ga­tors have.

    Then there’s the fact that if Cohen did in fact make this trip, it would have been remark­ably slop­py trade­craft to take your per­son­al phone to a secret meet­ing. After all, based on what we are told, Cohen only very briefly had his phone on in Prague, sug­gest­ing an aware­ness that he need­ed to avoid hav­ing his phone tracked. sim­ply car­ry­ing that phone with its bat­tery installed could have allowed him to be tracked whether the phone is turned on or not. And yet the cell phone tow­er data was lim­it­ed to a sin­gle short ping. So did Cohen have some­thing to urgent on his phone that he decid­ed to put his bat­tery in his phone and do some­thing with it while in Prague dur­ing his super secret meet­ing with the Rus­sians?

    ...
    Jan Neu­mann, the assumed name of a for­mer Russ­ian intel­li­gence offi­cer who defect­ed to the Unit­ed States years ago, said that Cohen’s elec­tron­ic cell tow­er trail appears to reflect slop­py “trade­craft.”

    “You can mon­i­tor and con­trol cell phones in Europe same as you do it here in US,” Neu­mann told McClatchy. “As long as the bat­tery is phys­i­cal­ly locat­ed in the phone, even when it’s turned off, the mobile phone’s approx­i­mate loca­tion can be detect­ed and tracked. Any attempt to use an app, to get mail, send texts, con­nect to a Wifi net­work, your phone and your loca­tion will be detect­ed.”

    “It would not be very pro­fes­sion­al to take your phone to a secret meet­ing,” said Neu­mann, who has con­sult­ed for the U.S. intel­li­gence com­mu­ni­ty. In this case, he said, “it would be more log­i­cal to leave it turned on and con­nect­ed to a WIFI net­work in a hotel in Ger­many.”
    ...

    And we can’t ignore the fact that the Steele dossier alleges that a pur­pose of this secret meet­ing was so Cohen and the Krem­lin could plot ways to lim­it dis­cov­ery of the close “liai­son” between the Trump cam­paign and Rus­sia. Of course, hav­ing a secret meet­ing in Prague involv­ing Michael Cohen, Trump’s long-time ‘fix­er’, and a series of Krem­lin rep­re­sen­ta­tives is quite pos­si­bly one of the worst ways one could imag­ine to lim­it the dis­cov­ery of that liai­son. After all, the hacks of the Democ­rats were already very pub­lic and open­ly blamed on Rus­sia by August/September of 2016. So the idea that Michael Cohen could make a secret trip to Prague to meet with Rus­sians at that point and not be spot­ted by any­one would have been a wild risk for both the Trump team and the Krem­lin to take even if Cohen did­n’t take his per­son­al phone with and turn it on while he was there:

    ...
    The phone and sur­veil­lance data, which have not pre­vi­ous­ly been dis­closed, lend new cre­dence to a key part of a for­mer British spy’s dossier of Krem­lin intel­li­gence describ­ing pur­port­ed coor­di­na­tion between Trump’s cam­paign and Russia’s elec­tion med­dling oper­a­tion.

    The dossier, which Trump has dis­missed as “a pile of garbage,” said Cohen and one or more Krem­lin offi­cials hud­dled in or around the Czech cap­i­tal to plot ways to lim­it dis­cov­ery of the close “liai­son” between the Trump cam­paign and Rus­sia.
    ...

    Sim­i­lar­ly, the Steele dossier also alleges that Kon­stan­tin Kosachev, a long­time mem­ber of the Russ­ian Sen­ate and chair­man of the Fed­er­a­tion Council’s For­eign Affairs Com­mit­tee, “facil­i­tat­ed” the meet­ing in Prague and may even have been at the meet­ing. But as Mike Car­pen­ter, a for­mer Rus­sia spe­cial­ist at the Pen­ta­gon under Pres­i­dent Barack Oba­ma, puts it, the idea that some­one as promi­nent as Kosachev would meet with Cohen for such a meet­ing seems unlike­ly – about “as dis­creet as send­ing (Sec­re­tary of State) Mike Pom­peo to meet with an infor­mant on a sen­si­tive issue.”:

    ...
    Steele’s dossier, a com­pi­la­tion of intel­li­gence from his net­work of Krem­lin sources, is full of uncor­rob­o­rat­ed details about the pur­port­ed meet­ing.

    It said Kon­stan­tin Kosachev, a long­time mem­ber of the Russ­ian Sen­ate and chair­man of the Fed­er­a­tion Council’s For­eign Affairs Com­mit­tee, “facil­i­tat­ed” the gath­er­ing.

    Steele report­ed that Kosachev may well have rep­re­sent­ed the Rus­sians in Prague, where he had exten­sive ties. But Mike Car­pen­ter, a for­mer Rus­sia spe­cial­ist at the Pen­ta­gon under Pres­i­dent Barack Oba­ma, said that seems unlike­ly – about “as dis­creet as send­ing (Sec­re­tary of State) Mike Pom­peo to meet with an infor­mant on a sen­si­tive issue.”

    Kosachev has pub­licly denied trav­el­ing to Prague in 2016.
    ...

    Then there’s the oth­er absurd alleged goal of the meet­ing: ensur­ing that the Euro­pean hack­ers who did the actu­al hack got paid and were told to “lie low” (because covert­ly pay­ing off its hack­ers is appar­ent­ly some­thing the Krem­lin would­n’t already know how to do):

    ...
    Among the goals of the meet­ing, the dossier said, was to lim­it neg­a­tive news reports about the Rus­sia-friend­ly rela­tion­ships of two Trump cam­paign aides— for­eign pol­i­cy advis­er Carter Page and just-oust­ed cam­paign Chair­man Paul Man­afort — and to ensure that Euro­pean hack­ers were paid and told to “lie low.”
    ...

    Just think about that idea: The Krem­lin alleged­ly direct­ed this team of hack­ers to hack the Democ­rats. But the Krem­lin was also very con­cerned about get­ting caught and get­ting all sorts of neg­a­tive news relat­ed to the hack. But despite all of these con­cerns and the high­ly sen­si­tive nature of this oper­a­tion, the ques­tion of how these hack­ers would be paid was some­thing that came up in this secret meet­ing with Michael Cohen accord­ing to this sce­nario. That seems like an incred­i­bly slop­py trade­craft.

    And then there’s the fact that Mueller already indict­ed the GRU with the hack­ings and that indict­ment charges those GRU offi­cers with the full spec­trum of the hack, from the spearphish­ing oper­a­tion, to the devel­op­ment and dis­tri­b­u­tion of the mal­ware, to the cre­ation of the fake online per­sonas and web­sites like dcleaks.com. So the idea that ‘Euro­pean hack­ers’ car­ried out this hack and need­ed to be paid off and told to ‘lie low’ is some­thing that does­n’t appear to align with Mueller’s own indict­ment:

    ...
    Mueller has already secured indict­ments accus­ing 25 Rus­sians of unleash­ing a cyber broad­side at the Unit­ed States, includ­ing the hack­ing and pub­lic release of top Democ­rats’ emails and cir­cu­la­tion of a flood of pho­ny and harsh­ly crit­i­cal social media mes­sages about Trump’s oppo­nent, Demo­c­rat Hillary Clin­ton. The spe­cial coun­sel has yet to charge any Trump sur­ro­gates or allies with col­lud­ing in the Russ­ian offen­sive, though sev­er­al top cam­paign aides have also cut plea deals for unre­lat­ed crimes in return for their coop­er­a­tion in the inquiry.
    ...

    So that’s the new alle­ga­tion about Michael Cohen in Prague. Alle­ga­tions of a brief cell phone tow­er ping based on four anony­mous sources and an eaves­dropped Russ­ian con­ver­sion based on two of those sources. And if these alle­ga­tions are true, it would appear to cor­rob­o­rate the Steele dossier’s remark­able claims that Cohen met with mul­ti­ple Rus­sians in Prague to dis­cuss things like how to avoid hav­ing this secret liai­son dis­cov­ered and how to pay off the hack­ers.

    But as the fol­low­ing arti­cle describes, when pressed about the nature of this sourc­ing, the reporters admit that they nev­er saw the pri­ma­ry evi­dence that these alle­ga­tions were based on. Instead, it’s based on the word of these four sources. And as part of the jus­ti­fi­ca­tion for why we should trust these sources, the reporters point out that they’ve used them many times in the past. And that means that if there’s a prob­lem with the source this report, it’s a prob­lem with the source for past reports too:

    Medi­aite

    McClatchy Reporter Says Report on Cohen’s Prague Trip Cit­ed Third-Hand Evi­dence

    by Caleb Ecar­ma | Dec 28th, 2018, 1:02 pm

    McClatchy’s Greg Gor­don, one of the jour­nal­ists behind the explo­sive report on the president’s ex-lawyer Michael Cohen vis­it­ing Prague amid the 2016 elec­tion, admit­ted that he did not see first-hand some of the pri­ma­ry evi­dence used in the piece.

    ...

    While on MSNBC last night, Joy Reid asked Gor­don if he and his col­league Peter Stone cit­ed “any­thing that you were able to phys­i­cal­ly see for your­selves?”

    “I wish we had. We held out for a while for that, and it came a time when we thought we had a crit­i­cal mass. It is a com­pet­i­tive busi­ness,” he replied.

    Gor­dan con­tin­ued: “Some of the sources have gov­ern­ment sources, and some of the sources are peo­ple who have told us that they have trust­ed intel­li­gence-type sources that they get infor­ma­tion from. We don’t know the specifics, but we have used these sources on many sub­jects, and they have been very accu­rate.

    Pre­vi­ous­ly in the seg­ment, Gor­dan was asked to respond to Cohen deny­ing the McClatchy report and stat­ing he nev­er vis­it­ed the Czech Repub­lic dur­ing the 2016 cam­paign.

    “All I can say to that we’re just gonna have to see how this sorts out because Michael Cohen as we all know has been con­vict­ed of lying about his deal­ings with the Trump hotel in Rus­sia, he’s been con­vict­ed being deceit­ful in a num­ber of ways, so his cred­i­bil­i­ty is not high,” Gor­dan remarked. “We have to fol­low what our sources who we trust and have devel­oped over this two-year peri­od tell us.”

    ...
    ———-
    “McClatchy Reporter Says Report on Cohen’s Prague Trip Cit­ed Third-Hand Evi­dence” by Caleb Ecar­ma; Medi­aite; 12/28/2018

    “McClatchy’s Greg Gor­don, one of the jour­nal­ists behind the explo­sive report on the president’s ex-lawyer Michael Cohen vis­it­ing Prague amid the 2016 elec­tion, admit­ted that he did not see first-hand some of the pri­ma­ry evi­dence used in the piece.

    Yep, this entire Cohen report is entire­ly based on the cred­i­bil­i­ty of these four anony­mous sources. But we are assured these are indeed cred­i­ble sources because these reporters used these same sources for many dif­fer­ent sub­jects. We’re also told they’ve been very accu­rate sources. But we aren’t told what those pre­vi­ous­ly accu­rate sto­ries have been based on these sources, so it’s still a mat­ter of tak­ing the word of these reporters that the word of their sources should be trust­ed:

    ...
    Gor­dan con­tin­ued: “Some of the sources have gov­ern­ment sources, and some of the sources are peo­ple who have told us that they have trust­ed intel­li­gence-type sources that they get infor­ma­tion from. We don’t know the specifics, but we have used these sources on many sub­jects, and they have been very accu­rate.

    Pre­vi­ous­ly in the seg­ment, Gor­dan was asked to respond to Cohen deny­ing the McClatchy report and stat­ing he nev­er vis­it­ed the Czech Repub­lic dur­ing the 2016 cam­paign.

    “All I can say to that we’re just gonna have to see how this sorts out because Michael Cohen as we all know has been con­vict­ed of lying about his deal­ings with the Trump hotel in Rus­sia, he’s been con­vict­ed being deceit­ful in a num­ber of ways, so his cred­i­bil­i­ty is not high,” Gor­dan remarked. “We have to fol­low what our sources who we trust and have devel­oped over this two-year peri­od tell us.”
    ...

    Recall that one of the odd aspects of this most recent report is how there’s no infor­ma­tion about spe­cif­ic dates. Like the date of the cell phone tow­er ping, the dates of the clan­des­tine meet­ing, or the date of the eaves­dropped con­ver­sa­tion. So the fact that these four sources not only could­n’t pro­vide phys­i­cal evi­dence of their claims but could­n’t even pro­vide dates sug­gests that the sources prob­a­bly haven’t seen any phys­i­cal doc­u­ments either. In oth­er words, it’s quite pos­si­ble that this sto­ry is pret­ty much hearsay. Assum­ing it’s not pure dis­in­for­ma­tion.

    And since this sto­ry is being used to but­tress the claims that this Prague meet­ing actu­al­ly took place, and Cohen and the Rus­sians real­ly did have a secret meet­ing where they dis­cussed how to keep the Trump/Kremlin col­lu­sion a secret and min­i­mize the blow­back and also dis­cussed how to pay off the hack­ers, it’s worth not­ing that the Steele dossier actu­al­ly alleged that at least some of the hack­ers were at the meet­ing. That fun fact was tucked away in the April 2018 report by the same McClatchy reporters as the above report. This was the report where they first claim that inves­ti­ga­tors had indeed come across evi­dence that Cohen vis­it­ed Prague, arriv­ing there from Ger­many. This report was also attrib­uted to anony­mous sources, which rais­es the ques­tion of whether or not its the same sources as in the above recent report. So lit­er­al­ly invit­ing hack­ers to the secret meet­ing with Cohen and the Rus­sians was appar­ent­ly on the agen­da at the meet­ing where they were try­ing to avoid expo­sure of the Trump/Kremlin col­lu­sion and blow­back. It’s not the most impres­sive trade­craft:

    McClatchy

    Sources: Mueller has evi­dence Cohen was in Prague in 2016, con­firm­ing part of dossier

    By Peter Stone and

    Greg Gor­don

    April 13, 2018 06:08 PM,

    Updat­ed April 13, 2018 06:31 PM

    WASHINGTON

    The Jus­tice Depart­ment spe­cial coun­sel has evi­dence that Don­ald Trump’s per­son­al lawyer and con­fi­dant, Michael Cohen, secret­ly made a late-sum­mer trip to Prague dur­ing the 2016 pres­i­den­tial cam­paign, accord­ing to two sources famil­iar with the mat­ter.

    Con­fir­ma­tion of the trip would lend cre­dence to a retired British spy’s report that Cohen strate­gized there with a pow­er­ful Krem­lin fig­ure about Russ­ian med­dling in the U.S. elec­tion.

    ...

    It’s unclear whether Mueller’s inves­ti­ga­tors also have evi­dence that Cohen actu­al­ly met with a promi­nent Russ­ian – pur­port­ed­ly Kon­stan­tin Kosachev, an ally of Russ­ian Pres­i­dent Vladimir Putin — in the Czech cap­i­tal. Kosachev, who chairs the For­eign Affairs Com­mit­tee of a body of the Russ­ian leg­is­la­ture, the Fed­er­a­tion Coun­cil, also has denied vis­it­ing Prague dur­ing 2016. Ear­li­er this month, Kosachev was among 24 high-pro­file Rus­sians hit with stiff U.S. sanc­tions in retal­i­a­tion for Russia’s med­dling.

    But inves­ti­ga­tors have traced evi­dence that Cohen entered the Czech Repub­lic through Ger­many, appar­ent­ly dur­ing August or ear­ly Sep­tem­ber of 2016 as the ex-spy report­ed, said the sources, who spoke on con­di­tion of anonymi­ty because the inves­ti­ga­tion is con­fi­den­tial. He wouldn’t have need­ed a pass­port for such a trip, because both coun­tries are in the so-called Schen­gen Area in which 26 nations oper­ate with open bor­ders. The dis­clo­sure still left a puz­zle: The sources did not say whether Cohen took a com­mer­cial flight or pri­vate jet to Europe, and gave no expla­na­tion as to why no record of such a trip has sur­faced.

    ...

    Last August, an attor­ney for Cohen, Stephen Ryan, deliv­ered to Con­gress a point-by-point rebut­tal of the dossier’s alle­ga­tions, stat­ing: “Mr. Cohen is not aware of any ‘secret TRUMP campaign/Kremlin rela­tion­ship.’”

    How­ev­er, Demo­c­ra­t­ic inves­ti­ga­tors for the House and Sen­ate Intel­li­gence Com­mit­tees, which are con­duct­ing par­al­lel inquiries into Russia’s elec­tion inter­fer­ence, also are skep­ti­cal about whether Cohen was truth­ful about his 2016 trav­els to Europe when he was inter­viewed by the pan­els last Octo­ber, two peo­ple famil­iar with those probes told McClatchy this week. Cohen has pub­licly acknowl­edged mak­ing three trips to Europe that year – to Italy in July, Eng­land in ear­ly Octo­ber and a third after Trump’s Novem­ber elec­tion. The inves­ti­ga­tors intend to press Cohen for more infor­ma­tion, said the sources, who lacked autho­riza­tion to speak for the record

    One of the sources said con­gres­sion­al inves­ti­ga­tors have “a high lev­el of inter­est” in Cohen’s Euro­pean trav­el, with their doubts fueled by what they deem to be weak doc­u­men­ta­tion Cohen has pro­vid­ed about his where­abouts around the time the Prague meet­ing was sup­posed to have occurred.

    Cohen has said he was only in New York and briefly in Los Ange­les dur­ing August, when the meet­ing may have occurred, though the sources said it also could have been held in ear­ly Sep­tem­ber.

    ...

    The dossier alleges that Cohen, two Rus­sians and sev­er­al East­ern Euro­pean hack­ers met at the Prague office of a Russ­ian gov­ern­ment-backed social and cul­tur­al orga­ni­za­tion, Rossotrud­nich­est­vo. The loca­tion was select­ed to pro­vide an alter­na­tive expla­na­tion in case the ren­dezvous was exposed, accord­ing to Steele’s Krem­lin sources, cul­ti­vat­ed dur­ing 20 years of spy­ing on Rus­sia. It said that Oleg Solo­dukhin, the deputy chief of Rossotrudnichestvo’s oper­a­tion in the Czech Repub­lic, attend­ed the meet­ing, too.

    Fur­ther, it alleges that Cohen, Kosachev and oth­er atten­dees dis­cussed “how deni­able cash pay­ments were to be made to hack­ers in Europe who had worked under Krem­lin direc­tion against the Clin­ton cam­paign.”

    U.S. intel­li­gence agen­cies and cyber experts say Krem­lin-backed hack­ers pirat­ed copies of thou­sands of emails from the Demo­c­ra­t­ic Nation­al Com­mit­tee and Clin­ton cam­paign chief John Podes­ta dur­ing 2015 and 2016, some polit­i­cal­ly dam­ag­ing, includ­ing mes­sages show­ing that the DNC was biased toward Clin­ton in the party’s nom­i­na­tion bat­tle pit­ting her against Ver­mont Sen. Bernie Sanders. Mueller’s inves­ti­ga­tors have sought to learn who passed the emails to Wik­iLeaks, a Lon­don-based trans­paren­cy group, which pub­lished them in July and Octo­ber, caus­ing embar­rass­ment to Clin­ton and her back­ers.

    Cit­ing infor­ma­tion from an unnamed “Krem­lin insid­er,” Steele’s dossier says the Prague meet­ing agen­da also includ­ed dis­cus­sion “in cryp­tic lan­guage for secu­ri­ty rea­sons,” of ways to “sweep it all under the car­pet and make sure no con­nec­tion could be ful­ly estab­lished or proven.” Roma­ni­ans were among the hack­ers present, it says, and the dis­cus­sion touched on using Bul­gar­ia as a loca­tion where they could “lie low.”

    It is a felony for any­one to hack email accounts. Oth­er laws for­bid for­eign­ers from con­tribut­ing cash or in-kind ser­vices to U.S. polit­i­cal cam­paigns.

    If Cohen met with Rus­sians and hack­ers in Prague as described in the dossier, it would pro­vide per­haps the most com­pelling evi­dence to date that the Rus­sians and Trump cam­paign aides were col­lab­o­rat­ing. Mueller’s office also has focused on two meet­ings in the spring of 2016 when Rus­sians offered to pro­vide Trump cam­paign aides with “dirt” on Clin­ton – thou­sands of emails in one of the offers.

    ...

    The dossier cit­ed mul­ti­ple sources as report­ing that Krem­lin offi­cials also had grown edgy about the pos­si­ble expo­sure of their secret “active mea­sures” effort to defeat Clin­ton and help Trump. Accord­ing to the dossier, Russ­ian diplo­mat Mikhail Kalu­g­in was brought home from Russia’s embassy in Wash­ing­ton last August because he had played a key role in coor­di­nat­ing the cyber offen­sive. McClatchy quot­ed sev­er­al Rus­sia experts on Feb. 15 as say­ing they sus­pect­ed Kalu­g­in was an intel­li­gence oper­a­tive. Kalu­g­in has denied any espi­onage activ­i­ties.

    Cohen’s atten­dance at a Prague meet­ing like the one described in the dossier would have been a log­i­cal assign­ment for him; Trump had long used him to solve busi­ness and legal headaches, three Repub­li­can oper­a­tives who were close to the cam­paign said.

    One source with close ties to the cam­paign said Cohen “want­ed a big­ger and more for­mal role [in the cam­paign], but there were a lot of long knives out for him with­in the cam­paign and the larg­er GOP infra­struc­ture in part because he was a Demo­c­rat and treat­ed peo­ple hor­ri­bly.”

    ...

    ———-

    “Sources: Mueller has evi­dence Cohen was in Prague in 2016, con­firm­ing part of dossier” by Peter Stone and Greg Gor­don; McClatchy; 04/13/2018

    But inves­ti­ga­tors have traced evi­dence that Cohen entered the Czech Repub­lic through Ger­many, appar­ent­ly dur­ing August or ear­ly Sep­tem­ber of 2016 as the ex-spy report­ed, said the sources, who spoke on con­di­tion of anonymi­ty because the inves­ti­ga­tion is con­fi­den­tial. He wouldn’t have need­ed a pass­port for such a trip, because both coun­tries are in the so-called Schen­gen Area in which 26 nations oper­ate with open bor­ders. The dis­clo­sure still left a puz­zle: The sources did not say whether Cohen took a com­mer­cial flight or pri­vate jet to Europe, and gave no expla­na­tion as to why no record of such a trip has sur­faced.”

    So, back in April of 2018, this same team of McClatchy reporters wrote an arti­cle based on anony­mous sources that inves­ti­ga­tors had indeed deter­mined that Cohen real­ly did go to Prague through Ger­many. Might these anony­mous sources by the same anony­mous sources behind the recent Cohen rev­e­la­tion? It sure seems like­ly. But note that these sources appear to be giv­en updates on the inner work­ings of the Mueller inves­ti­ga­tion (assum­ing “inves­ti­ga­tors” refers to Mueller’s team), so that gives us an idea of whether or not these anony­mous sources are US-based or not.

    And as the arti­cle not­ed at the time, the Steele dossier does­n’t just allege that Cohen met with Rus­sians in Prague. There were sev­er­al East­ern Euro­pean hack­ers there, includ­ing Roma­ni­ans. Recall how the per­sona of ‘Guc­cifer 2.0’ was ini­tial­ly sup­posed to be a lone Roman­ian hack­er but that per­sona did­n’t speak like a native Roman­ian speak­er, using per­fect Eng­lish at times. Also recall that Mueller’s indict­ment of the GRU for the hack includ­ed charges that a GRU team was behind the cre­ation and exe­cu­tion of the Guc­cifer 2.0 per­sona. So if the Krem­lin was super con­cerned about get­ting caught being behind these hacks, as the Steele dossier alleges, the fact that GRU was appar­ent­ly unable to imper­son­ate a native Roman­ian speak­er is anoth­er exam­ple of remark­ably shod­dy trade­craft, espe­cial­ly if there was lit­er­al­ly a Roman­ian hack­er work­ing on this oper­a­tion. After all, it’s not like this alleged Roman­ian hack­er need­ed to be kept out of the loop about this being a Krem­lin oper­a­tion col­lud­ing with Trump since the hack­er was appar­ent­ly at the Prague meet­ing:

    ...
    The dossier alleges that Cohen, two Rus­sians and sev­er­al East­ern Euro­pean hack­ers met at the Prague office of a Russ­ian gov­ern­ment-backed social and cul­tur­al orga­ni­za­tion, Rossotrud­nich­est­vo. The loca­tion was select­ed to pro­vide an alter­na­tive expla­na­tion in case the ren­dezvous was exposed, accord­ing to Steele’s Krem­lin sources, cul­ti­vat­ed dur­ing 20 years of spy­ing on Rus­sia. It said that Oleg Solo­dukhin, the deputy chief of Rossotrudnichestvo’s oper­a­tion in the Czech Repub­lic, attend­ed the meet­ing, too.

    Fur­ther, it alleges that Cohen, Kosachev and oth­er atten­dees dis­cussed “how deni­able cash pay­ments were to be made to hack­ers in Europe who had worked under Krem­lin direc­tion against the Clin­ton cam­paign.”

    ...

    Cit­ing infor­ma­tion from an unnamed “Krem­lin insid­er,” Steele’s dossier says the Prague meet­ing agen­da also includ­ed dis­cus­sion “in cryp­tic lan­guage for secu­ri­ty rea­sons,” of ways to “sweep it all under the car­pet and make sure no con­nec­tion could be ful­ly estab­lished or proven.” Roma­ni­ans were among the hack­ers present, it says, and the dis­cus­sion touched on using Bul­gar­ia as a loca­tion where they could “lie low.”
    ...

    And then the arti­cle reminds us that the Steele dossier actu­al­ly alleges that Russ­ian diplo­mat Mikhail Kalu­g­in played a role in coor­di­nat­ing the cyber offen­sive. Note that Kalug­in’s name does­n’t appear in Mueller’s indict­ment of the GRU. So that would be anoth­er area where the Mueller GRU indict­ment does­n’t appear to be align­ing with the accu­sa­tions in the Steele dossier:

    ...
    The dossier cit­ed mul­ti­ple sources as report­ing that Krem­lin offi­cials also had grown edgy about the pos­si­ble expo­sure of their secret “active mea­sures” effort to defeat Clin­ton and help Trump. Accord­ing to the dossier, Russ­ian diplo­mat Mikhail Kalu­g­in was brought home from Russia’s embassy in Wash­ing­ton last August because he had played a key role in coor­di­nat­ing the cyber offen­sive. McClatchy quot­ed sev­er­al Rus­sia experts on Feb. 15 as say­ing they sus­pect­ed Kalu­g­in was an intel­li­gence oper­a­tive. Kalu­g­in has denied any espi­onage activ­i­ties.
    ...

    Final­ly, let’s take a quick look at that Feb­ru­ary 2017 McCatchy report about the alle­ga­tions against Kalu­g­in and the role he played in the alleged Krem­lin cyber oper­a­tion. As we’re going to see, two of the reporters for the arti­cle are the same two reporters for the above two McClatchy arti­cles, Peter Stone and Greg Gor­don. The report also relies entire­ly on anony­mous sources. Might these be the very same anony­mous sources for the above reports? Don’t for­get what Greg Gor­don told us in the sec­ond arti­cle: that these anony­mous sources have been the sources for many pre­vi­ous reports. Does that include the fol­low­ing report?

    The arti­cle also notes that the Steele dossier charges Kalu­g­in with coor­di­nat­ing the pay­off of the hack­ers. Accord­ing to a Steele report on Sep­tem­ber 16, 2016, tens of thou­sands of dol­lars were get­ting sent the hack­ers and oth­er oper­a­tives using the Russ­ian pen­sion sys­tem for Rus­sians liv­ing in the US. So that would sug­gest the hack­ers, at least some of them, were Rus­sians liv­ing in Amer­i­ca.

    Also recall that the reporters defend­ed their sources by argu­ing that they’ve been accu­rate in the past. And in this case it’s very pos­si­ble these anony­mous sources were accu­rate since they sim­ply allege that inves­ti­ga­tors were look­ing into what­ev­er role Kalu­g­in may have pos­si­bly played in the hack. Also note that, again, if it turns out these are the same anony­mous sources that McClatchy used in the recent report on Michael Cohen and Prague, it would sug­gest that these anony­mous sources are indeed quite close to the Mueller inves­ti­ga­tion or at least aware of its inner work­ings:

    McClatchy

    Russ­ian diplo­mat under U.S. scruti­ny in elec­tion med­dling speaks

    By Kevin G. Hall, Peter Stone, Greg Gor­don and David Gold­stein

    McClatchy Wash­ing­ton Bureau

    Feb­ru­ary 15, 2017 06:00 AM,

    Updat­ed Feb­ru­ary 15, 2017 07:36 PM

    WASHINGTON

    A Russ­ian diplo­mat who worked in the Wash­ing­ton embassy left the coun­try last August while fed­er­al inves­ti­ga­tors exam­ined whether he played a key covert role in the alleged Krem­lin-direct­ed plot to influ­ence last fall’s U.S. elec­tions.

    Two peo­ple with knowl­edge of a mul­ti-agency inves­ti­ga­tion into the Kremlin’s med­dling have told McClatchy that Mikhail Kalu­g­in was under scruti­ny when he depart­ed. He has been an impor­tant fig­ure in the inquiry into how Rus­sia bankrolled the email hack­ing of top Democ­rats and took oth­er mea­sures to defeat Hillary Clin­ton and help Don­ald Trump cap­ture the White House, said the sources, who spoke on the con­di­tion of anonymi­ty because of the sen­si­tiv­i­ty of the inves­ti­ga­tion.

    Kalugin’s name – albeit mis­spelled — first sur­faced pub­licly in Jan­u­ary in a for­mer British spy’s jar­ring but large­ly uncor­rob­o­rat­ed dossier of intel­li­gence col­lect­ed for Trump’s U.S. polit­i­cal oppo­nents. The 35 pages of oppo­si­tion research quot­ed Russ­ian sources claim­ing that Trump cam­paign asso­ciates had col­lud­ed with the Krem­lin, includ­ing in the pub­lic release of Democ­rats’ emails that proved embar­rass­ing to Clin­ton at a time when polls found her lead­ing Trump.

    Kalu­g­in was “with­drawn from Wash­ing­ton at short notice because Moscow feared his heavy involve­ment in the US pres­i­den­tial elec­tion oper­a­tion . . . would be exposed in the media,” the for­mer British MI6 offi­cer Christo­pher Steele report­ed. “ . . . His replace­ment, Andrei Bon­darev how­ev­er was clean.”

    ...

    A Steele report, dat­ed Sept. 14, 2016, said Kalu­g­in was involved in mov­ing “tens of thou­sands of dol­lars” to cyber hack­ers and oth­er oper­a­tives through a sys­tem that dis­trib­utes pen­sion ben­e­fits to Russ­ian mil­i­tary vet­er­ans liv­ing in the Unit­ed States.

    One of the sources famil­iar with the fed­er­al inves­ti­ga­tion gave cre­dence to parts of that state­ment, say­ing: “The Russ­ian embassy was known to fun­nel pay­ments and make con­tacts with cur­rent Russ­ian cit­i­zens, for­mer Russ­ian cit­i­zens who are now Amer­i­can cit­i­zens, and Amer­i­can cit­i­zens.”

    Steele quot­ed his sources as say­ing Rus­sia had used its con­sulates in New York, Wash­ing­ton and Mia­mi as con­duits to dis­guise mon­ey flow­ing to its oper­a­tives as pen­sion pay­ments. Rus­sia, how­ev­er, doesn’t have a con­sulate in Mia­mi.

    The pos­si­bil­i­ty of such an arrange­ment didn’t sur­prise Louise Shel­ley, direc­tor of the Ter­ror­ism, Transna­tion­al Crime and Cor­rup­tion Cen­ter at George Mason Uni­ver­si­ty in Vir­ginia.

    “Russ­ian pen­sion funds his­tor­i­cal­ly are poor­ly mon­i­tored, and vul­ner­a­ble to manip­u­la­tions by indi­vid­u­als who have been asso­ci­at­ed with the gov­ern­ment,” said Shel­ley, who has writ­ten exten­sive­ly about Russ­ian cor­rup­tion and mon­ey laun­der­ing.

    Spokes­peo­ple for the FBI and the CIA declined to com­ment about Kalu­g­in.

    ...

    ———–
    “Russ­ian diplo­mat under U.S. scruti­ny in elec­tion med­dling speaks” by Kevin G. Hall, Peter Stone, Greg Gor­don and David Gold­stein; McClatchy; 02/15/2017

    “Two peo­ple with knowl­edge of a mul­ti-agency inves­ti­ga­tion into the Kremlin’s med­dling have told McClatchy that Mikhail Kalu­g­in was under scruti­ny when he depart­ed. He has been an impor­tant fig­ure in the inquiry into how Rus­sia bankrolled the email hack­ing of top Democ­rats and took oth­er mea­sures to defeat Hillary Clin­ton and help Don­ald Trump cap­ture the White House, said the sources, who spoke on the con­di­tion of anonymi­ty because of the sen­si­tiv­i­ty of the inves­ti­ga­tion.”

    In Feb­ru­ary of 2017, a team of McClatchy reporters, includ­ing Peter Stone and Greg Gor­don, has two anony­mous sources that reveal the that Mueller team was look­ing into the role Mikhail Kalu­g­in may have played in pay­ing off the hack­ers. And as we saw above, in April of 2018, Stone and Gor­don have anoth­er report cit­ing anony­mous sources assur­ing us that Mueller has seen evi­dence that Cohen trav­eled to Prague from Ger­many, seem­ing­ly back­ing up the Steele dossier. And then, just days ago, we get a new report by Stone and Gor­don about how there’s been cell phone tow­er evi­dence and eaves­dropped con­fir­ma­tions fur­ther back­ing up the Prague meet­ing also based on anony­mous sources. And we are told by Gor­don that the anony­mous sources for this most recent report have been used for mul­ti­ple sto­ries in the past.

    So while we don’t know if the anony­mous sources for this Feb­ru­ary 2017 report are the same ones used in the April 2018 and Decem­ber 2018 reports about the Prague trip, it sure seems like a good bet. And if that’s the case, it would appear that these anony­mous sources have an inter­est in get­ting sto­ries pub­lished that appear to back up the var­i­ous alle­ga­tions made in the Steele dossier that would back up the idea that the Krem­lin was direct­ly coor­di­nat­ing with the Trump cam­paign over the hack­ings. Alle­ga­tions that include the alle­ga­tion that Kalu­g­in was mov­ing tens of thou­sands of dol­lars to the hack­ers using the Russ­ian gov­ern­ment sys­tem for pay­ing the pen­sions of Russ­ian mil­i­tary vet­er­ans liv­ing in the US:

    ...
    A Steele report, dat­ed Sept. 14, 2016, said Kalu­g­in was involved in mov­ing “tens of thou­sands of dol­lars” to cyber hack­ers and oth­er oper­a­tives through a sys­tem that dis­trib­utes pen­sion ben­e­fits to Russ­ian mil­i­tary vet­er­ans liv­ing in the Unit­ed States.

    One of the sources famil­iar with the fed­er­al inves­ti­ga­tion gave cre­dence to parts of that state­ment, say­ing: “The Russ­ian embassy was known to fun­nel pay­ments and make con­tacts with cur­rent Russ­ian cit­i­zens, for­mer Russ­ian cit­i­zens who are now Amer­i­can cit­i­zens, and Amer­i­can cit­i­zens.”

    Steele quot­ed his sources as say­ing Rus­sia had used its con­sulates in New York, Wash­ing­ton and Mia­mi as con­duits to dis­guise mon­ey flow­ing to its oper­a­tives as pen­sion pay­ments. Rus­sia, how­ev­er, doesn’t have a con­sulate in Mia­mi.
    ...

    And note that this Steele report is from Sep­tem­ber 14, 2016, which is pre­sum­ably short­ly after when the Prague meet­ing alleged­ly took place in late August/early Sep­tem­ber 2016. If this report by Steele was accu­rate that would sug­gest Steele’s con­tacts in the Krem­lin were very up to date on the work­ings of this cyber oper­a­tion at the time.

    So we have anony­mous sources who are basi­cal­ly try­ing to con­vince the Amer­i­can pub­lic that the Steele dossier sourc­ing is cor­rect regard­ing the Prague meet­ing and the var­i­ous Krem­lin efforts to coor­di­nate the cyber oper­a­tion. They haven’t actu­al­ly shown the McClatchy reporters evi­dence of this, but we are sup­posed to take them at their word. And if that’s the case, we are sup­posed to believe that Michael Cohen secret­ly trav­eled to Prague in the mid­dle of the 2016 cam­paign to secret­ly meet­ing with some Krem­lin rep­re­sen­ta­tives and some of the non-Russ­ian hack­ers where they could all coor­di­nate on how to min­i­mize the chances of get­ting caught and also coor­di­nate how to pay off the hack­ers with­out get­ting caught. And one of the meth­ods for pay­ing off the hack­ers involved a Russ­ian diplo­mat work­ing in DC using the Russ­ian pen­sion sys­tem for Russ­ian mil­i­tary vet­er­ans liv­ing in the US. Also, Michael Cohen brought his per­son­al cell phone to this secret Prague meet­ing and some­how made a high­ly ill-advised ping of a cell phone tow­er and Russ­ian offi­cials were dis­cussing this meet­ing on a phone that was wire­tapped. It’s all a reminder that, if it turns out that the Steele dossier real­ly is large­ly true and there was actu­al­ly a mas­sive Krem­lin cyber oper­a­tion that the Krem­lin did­n’t want to be dis­cov­ered, this whole thing has got to be some sort of world record of shod­dy trade­craft.

    And if it, instead, turns out that these anony­mous sources are run­ning a dis­in­for­ma­tion cam­paign that also points towards some prob­lem­at­ic trade­craft.

    Posted by Pterrafractyl | January 2, 2019, 2:39 am
  26. The Wash­ing­ton Post got its hands on a doc­u­ment giv­ing new details on the false flag ‘Russ­ian bot’ oper­a­tion that was being run in the 2017 Alaba­ma spe­cial Sen­ate race. That’s the psy­op that was being run by New Knowl­edge, the cyber­se­cu­ri­ty firm that recent­ly, and iron­i­cal­ly, co-authored the Sen­ate Intel­li­gence Com­mit­tee’s report on Russ­ian dis­in­for­ma­tion oper­a­tions. We know have an inter­nal name for that psy­op: Project Birm­ing­ham.

    The new doc­u­ment appears to be a gen­er­al sum­ma­ry of the results of Project Birm­ing­ham. It sounds like Project Birm­ing­ham was fund­ed with $750,000 from Reid Hoff­man and run by a Amer­i­can Engage­ment Tech­nolo­gies (AET), a tech­nol­o­gy start-up found­ed by Mikey Dick­er­son, a for­mer Oba­ma admin­is­tra­tion offi­cials. Dick­er­son­’s claim to fame includes fix­ing the bug­gy Oba­macare web­site that led to the pub­lic rela­tions night­mare for the Afford­able Care Act. So while Dick­er­son may have helped fixed a pub­lic rela­tions night­mare in that case, he appears to have led the cre­ation of a new pub­lic rela­tions night­mare with Project Birm­ing­ham.

    Hoffman’s rela­tion­ship with AET was report­ed­ly bro­kered by his polit­i­cal advis­er, Dmitri Mehlorn. Mehlorn heads a group called Invest­ing in US that helps direct Sil­i­con Val­ley mon­ey into left-lean­ing polit­i­cal caus­es. So this whole thing appears to be pri­mar­i­ly a cre­ation of Sil­i­con Val­ley mil­lion­aires and bil­lion­aires.

    Both Dick­er­son and Hoff­man claim to have had no knowl­edge of these kinds of ‘Russ­ian bot’ false flag tac­tics at the time. Dick­er­son is also dis­as­so­ci­at­ing him­self from the inter­nal report, sug­gest­ing that it was cre­at­ed by New Knowl­edge. New Knowl­edge’s Johnathon Mor­gan, on the oth­er hand, claims his form had noth­ing to do with the doc­u­ment and down­plays the scale of the New Knowl­edge project as mere­ly a small exper­i­ment. Impor­tant­ly, Mor­gan goes on to spec­u­late that the Project Birm­ing­ham doc­u­ment was actu­al­ly a sum­ma­ry of New Knowl­edge’s work and the work of oth­er sim­i­lar projects run by oth­er groups under the Project Birm­ing­ham umbrel­la.

    And based on the mon­ey involved, it does appear to be the case that more projects were going on, because only $100,000 was report­ed­ly spent on New Knowl­edge’s work but $750,000 went to the entire project. So it sounds like there are a bunch of oth­er sim­i­lar oper­a­tions man­aged by AET yet to be dis­cov­ered:

    The Wash­ing­ton Post

    Secret cam­paign to use Russ­ian-inspired tac­tics in 2017 Ala. elec­tion stirs anx­i­ety for Democ­rats

    By Craig Tim­berg, Tony Romm, Aaron C. Davis and Eliz­a­beth Dwoskin
    Jan­u­ary 6, 2019 at 2:25 PM

    A secret effort to influ­ence the 2017 Sen­ate elec­tion in Alaba­ma used tac­tics inspired by Russ­ian dis­in­for­ma­tion teams, includ­ing the cre­ation of fake accounts to deliv­er mis­lead­ing mes­sages on Face­book to hun­dreds of thou­sands of vot­ers to help elect Demo­c­rat Doug Jones in the deeply red state, accord­ing to a doc­u­ment obtained by The Wash­ing­ton Post.

    But unlike the 2016 pres­i­den­tial cam­paign when Rus­sians worked to help elect Don­ald Trump, the peo­ple behind the Alaba­ma effort — dubbed Project Birm­ing­ham — were Amer­i­cans. Now Demo­c­ra­t­ic oper­a­tives and a research firm known to have had roles in Project Birm­ing­ham are dis­tanc­ing them­selves from its most con­tro­ver­sial tac­tics.

    Jones’s nar­row, upset vic­to­ry over Repub­li­can Roy Moore in all like­li­hood result­ed from oth­er fac­tors, polit­i­cal ana­lysts say. Moore spent much of the spe­cial-elec­tion cam­paign bat­tling reports in The Post that he had decades ear­li­er made unwant­ed sex­u­al advances toward teenage girls.

    Recent rev­e­la­tions about Project Birm­ing­ham, how­ev­er, have shocked Democ­rats in Alaba­ma and Wash­ing­ton. And news of the effort has under­scored the warn­ings of dis­in­for­ma­tion experts who long have said that threats to hon­est, trans­par­ent polit­i­cal dis­course in the age of social media are as like­ly to be domes­tic as for­eign.

    As the scan­dal has expand­ed, with calls for fed­er­al and state inves­ti­ga­tions and Face­book also con­duct­ing a review, the tac­tics described in the Project Birm­ing­ham doc­u­ment have come under intense scruti­ny. Those includ­ed a “false flag” effort that gen­er­at­ed pho­ny evi­dence that auto­mat­ed Russ­ian accounts called bots had sup­port­ed Moore on Twit­ter and the cre­ation of a mis­lead­ing Face­book page, aimed at Alaba­ma con­ser­v­a­tives, that sought to under­mine Moore by encour­ag­ing them to vote for a rival Repub­li­can through a write-in cam­paign.

    But all those who have acknowl­edged play­ing a role in Project Birm­ing­ham have denied know­ing the full extent of the activ­i­ties described in the doc­u­ment.

    Project Birm­ing­ham got its fund­ing from Inter­net bil­lion­aire Reid Hoff­man, who emerged as a lead­ing under­writer of Demo­c­ra­t­ic caus­es after the 2016 elec­tion. While acknowl­edg­ing his mon­ey end­ed up pay­ing for Project Birm­ing­ham, Hoff­man said he did not know how his funds were used until details began to emerge in the New York Times and The Post.

    Hoff­man gave $750,000 to a pro­gres­sive tech­nol­o­gy start-up called Amer­i­can Engage­ment Tech­nolo­gies — found­ed by Mikey Dick­er­son, a for­mer Oba­ma admin­is­tra­tion offi­cial — that aimed to help Democ­rats, accord­ing to a per­son famil­iar with the finances who spoke on the con­di­tion of anonymi­ty. This per­son said Dick­er­son used $100,000 of that to hire New Knowl­edge, a Texas-based social media research firm, to work in Alaba­ma in sup­port of Jones dur­ing the spe­cial elec­tion in Decem­ber 2017.

    Dick­er­son — who is best known for lead­ing the effort to fix HealthCare.gov, the glitchy por­tal for Pres­i­dent Barack Obama’s sig­na­ture health-care ini­tia­tive — said in a state­ment to The Post that he learned of the extent of Project Birm­ing­ham only months after it was com­plete, when he received a report on the oper­a­tion.

    “I received the report in ear­ly 2018, which is when I first learned about the false flag and write-in tac­tics,” Dick­er­son said in his state­ment, his first pub­lic com­ment on the con­tro­ver­sy.

    That report, he said, came from New Knowl­edge, a com­pa­ny known main­ly for its efforts to inves­ti­gate online dis­in­for­ma­tion. More recent­ly, it co-authored a report last month on Russ­ian dis­in­for­ma­tion for the Sen­ate Intel­li­gence Com­mit­tee.

    Jonathon Mor­gan, the chief exec­u­tive of New Knowl­edge, has denied knowl­edge of most of the activ­i­ties described in the Project Birm­ing­ham doc­u­ment and dis­put­ed Dickerson’s claim that New Knowl­edge authored it.

    ‘Influ­ence the out­come’

    What is known about Project Birm­ing­ham comes main­ly from the 12-page doc­u­ment labeled “Project Birm­ing­ham Debrief,” which was obtained by The Post. It is dat­ed Dec. 15, 2017, three days after the Alaba­ma vote.

    The doc­u­ment describes the effort as “a dig­i­tal mes­sag­ing oper­a­tion to influ­ence the out­come of the AL sen­ate race” by tar­get­ing 650,000 like­ly vot­ers with mes­sages on social media plat­forms such as Face­book, while obscur­ing the fact that the mes­sages were com­ing from an effort back­ing Jones. Jones has said he had no knowl­edge of Project Birm­ing­ham and has called for a fed­er­al inves­ti­ga­tion.

    The goal of the effort was to “rad­i­cal­ize Democ­rats, sup­press unper­suad­able Repub­li­cans (“hard Rs”) and fac­tion mod­er­ate Repub­li­cans by advo­cat­ing for write-in can­di­dates,” the doc­u­ment states.

    The doc­u­ment also makes bold but unver­i­fied claims about the effects of the oper­a­tion, say­ing that it pro­vid­ed the deci­sive mar­gin in an elec­tion decid­ed by few­er than 22,000 vot­ers — mov­ing “enough votes to ensure a Doug Jones vic­to­ry.”

    Polit­i­cal ana­lysts expressed skep­ti­cism that any of these tac­tics affect­ed the elec­tion.

    “My ini­tial gut says that the alleged dis­in­for­ma­tion cam­paign I’ve read about would not have been enough to affect this race. Roy Moore is so well known in Alaba­ma that peo­ple had very set­tled opin­ions about whether they want­ed them as their sen­a­tor before the race even start­ed,” said Uni­ver­si­ty of Alaba­ma polit­i­cal sci­en­tist Joseph L. Smith.

    Last Sep­tem­ber, Dick­er­son pre­sent­ed what he said was a trun­cat­ed ver­sion of the Project Birm­ing­ham debrief at a meet­ing of tech­nol­o­gy experts — sev­er­al of them alum­ni of the Oba­ma admin­is­tra­tion — in down­town Wash­ing­ton. The 13 atten­dees of that meet­ing were required to sign nondis­clo­sure agree­ments.

    In the ver­sion of the doc­u­ment dis­trib­uted at the meet­ing, a black rec­tan­gle obscured part of a sen­tence that would have made clear the name of the enti­ty that con­duct­ed Project Birm­ing­ham. After weeks of declin­ing to com­ment, Dick­er­son told The Post that the redac­tion was “NK” — for New Knowl­edge.

    “Pri­or to pre­sent­ing the report in Sep­tem­ber, I edit­ed New Knowledge’s report for length and to redact iden­ti­fy­ing infor­ma­tion,” Dick­er­son wrote in his state­ment to The Post. “This was the only first­hand account of this kind of oper­a­tion that I knew of, so I pre­sent­ed it to the group to ana­lyze and dis­cuss.”

    Dick­er­son declined to answer numer­ous oth­er ques­tions about the cam­paign, includ­ing what he knew of Hoffman’s role.

    Some ‘exper­i­ments’

    Before Dick­er­son had sent his state­ment to The Post, Mor­gan, the New Knowl­edge chief, had pub­licly denied writ­ing the Project Birm­ing­ham report or know­ing about most of what it describes.

    Mor­gan, in com­ments to The Post and in a blog post on the self-pub­lish­ing site Medi­um, acknowl­edged con­duct­ing some “exper­i­ments” with dis­in­for­ma­tion tac­tics dur­ing the Alaba­ma elec­tion. Those includ­ed cre­at­ing a Face­book page called “Alaba­ma Con­ser­v­a­tive Pol­i­tics” that shared news links with its fol­low­ers. He also said that New Knowl­edge spent about $30,000 on tar­get­ed Face­book adver­tis­ing dur­ing the Alaba­ma elec­tion sea­son and that he bought some retweets to test his abil­i­ty to “lift” social media mes­sages.

    Mor­gan char­ac­ter­ized the work as a “small, lim­it­ed research project on Face­book” while spec­u­lat­ing that Project Birm­ing­ham as described in the debrief doc­u­ment was a com­bi­na­tion of his efforts and those that might have been con­duct­ed by oth­ers. He described the Project Birm­ing­ham doc­u­ment as “AET’s report” — sug­gest­ing it had been a prod­uct of Dickerson’s start-up, Amer­i­can Engage­ment Tech­nolo­gies, also known as AET.

    “I acknowl­edge work­ing with AET, but I don’t rec­og­nize the claims they’re mak­ing now,” Mor­gan said on Medi­um. “We did not write the leaked report and we could not have because it didn’t reflect our research. The leaked ver­sion of the report made a num­ber of claims that did not orig­i­nate with us.”

    Hoff­man also has denied know­ing about the oper­a­tion in Alaba­ma, though he has acknowl­edged pro­vid­ing the mon­ey to AET and apol­o­gized for his role in how it was even­tu­al­ly used.

    “I find the tac­tics that have been recent­ly report­ed high­ly dis­turb­ing,” Hoff­man said in a state­ment. “For that rea­son, I am embar­rassed by my fail­ure to track AET — the orga­ni­za­tion I did sup­port — more dili­gent­ly as it made its own deci­sions to per­haps fund projects that I would reject.”

    Hoffman’s finan­cial rela­tion­ship with AET was bro­kered by his polit­i­cal advis­er, Dmitri Mehlhorn, who heads a group called Invest­ing in US that helps direct Sil­i­con Val­ley mon­ey into left-lean­ing polit­i­cal caus­es.

    Mehlhorn said he too was unaware of key details about Project Birm­ing­ham, but he defend­ed the idea of learn­ing from the Russ­ian dis­in­for­ma­tion oper­a­tives at the Inter­net Research Agency, who backed Trump in the 2016 elec­tion and in his first year in the White House, accord­ing to U.S. offi­cials.

    “The Inter­net Research Agency engaged in many, many tac­tics, some of which I think it is appro­pri­ate for us to mir­ror and some of which I think we should dis­avow. The tac­tics they engaged in [that] we need to dis­avow [include] mis­in­for­ma­tion and pro­mot­ing racial hatred,” Mehlhorn said. “The tac­tics we need to mir­ror are real­ly good social micro­tar­get­ing.”

    Anger after los­ing in 2016

    Project Birm­ing­ham had its roots in the anger and frus­tra­tion Democ­rats felt after los­ing the White House and Con­gress in 2016 — with the assis­tance, many were con­vinced, of online dis­in­for­ma­tion ped­dled by Rus­sians and also U.S. con­ser­v­a­tives active on social media, who pushed dam­ag­ing but false infor­ma­tion about Demo­c­rat Hillary Clinton’s health, hon­esty and suit­abil­i­ty for office.

    One per­son who expressed a desire to fight back was Dick­er­son, accord­ing to social media researcher Renee DiRes­ta, who met him at a con­fer­ence in Chica­go in the same month that Trump was inau­gu­rat­ed. Dick­er­son told her at the time about his desire to cre­ate a start-up to bat­tle polit­i­cal dis­in­for­ma­tion, she said.

    “There was a feel­ing after the Trump elec­tion that Democ­rats hadn’t pri­or­i­tized tech, that Repub­li­cans had built this amaz­ing jug­ger­naut machine,” said DiRes­ta. “The right wing was run­ning a meme war, and there were these crazy dirty tricks. Peo­ple want­ed to build coun­ter­mea­sures.”

    DiRes­ta briefly advised AET, offer­ing tech­ni­cal guid­ance and help­ing them meet poten­tial sup­port­ers in the months before Hoff­man agreed to fund the com­pa­ny.

    DiRes­ta, who also accept­ed a sin­gle share in AET and a seat on its board, said she became con­cerned with the opaque­ness of the project, and sev­ered ties with the com­pa­ny a few months after join­ing. She became research direc­tor at New Knowl­edge in Jan­u­ary 2018 but said that, while she had heard of an exper­i­ment in Alaba­ma, she did not know about the tac­tics.

    ‘The shift­ing of votes’

    While debate con­tin­ues over who did what in Project Birm­ing­ham, The Post was able to find some evi­dence for sev­er­al of the claims in the explana­to­ry doc­u­ment.

    The doc­u­ment, for exam­ple, says it “plant­ed the idea that the Moore cam­paign was ampli­fied on social media by a Russ­ian bot­net. We then tied that bot­net to the Moore cam­paign dig­i­tal direc­tor, mak­ing it appear as if he had pur­chased the accounts.” Mor­gan denied any knowl­edge of the inci­dent involv­ing Russ­ian bots.

    Dur­ing the cam­paign, jour­nal­ists wrote sto­ries about Twit­ter accounts that appeared to be Russ­ian fol­low­ers of Moore.

    Those accounts were lat­er sus­pend­ed by Twit­ter. The Post found an archived ver­sion of a mis­lead­ing tweet and also sev­er­al news reports and tweets by jour­nal­ists dur­ing the Alaba­ma elec­tion describ­ing evi­dence that Russ­ian bots were sup­port­ing Moore. The Project Birm­ing­ham doc­u­ment cit­ed an arti­cle in the New York Post with the head­line “Roy Moore flood­ed with fake Russ­ian Twit­ter fol­low­ers.”

    Oth­er jour­nal­ists, how­ev­er, expressed skep­ti­cism at the time, not­ing that the sup­posed Russ­ian bots made obvi­ous mis­takes, leav­ing pro­file infor­ma­tion in some tweets in Cyril­lic, the Russ­ian-lan­guage alpha­bet.

    Evi­dence also sup­ports the document’s claims about cre­at­ing a con­ser­v­a­tive Face­book page to siphon sup­port away from Moore. In a sec­tion head­ed “Split­ting Repub­li­can votes,” the doc­u­ment says that a Face­book page cre­at­ed by Project Birm­ing­ham had con­tact with a Repub­li­can write-in can­di­date begin­ning on Nov. 18, 2017, and lat­er endorsed this can­di­date, who was not named.

    The descrip­tion and tim­ing fits the expe­ri­ence of Mac Wat­son, the own­er of a patio sup­ply store who ran a Repub­li­can write-in cam­paign and said he had com­mu­ni­ca­tions with a Face­book page begin­ning on that date.

    The doc­u­ment also describes Project Birm­ing­ham help­ing the unnamed write-in can­di­date gain new Twit­ter fol­low­ers — some­thing Wat­son recalls as well, with 10,000 sud­den­ly appear­ing on his account. He also gained some expo­sure with the help of the oper­a­tor of the Face­book page, which the doc­u­ment claims act­ed as a “media advi­sor” help­ing to arrange inter­views with news orga­ni­za­tions. The doc­u­ment includ­ed an image of a Dec. 5 Wash­ing­ton Post sto­ry on Wat­son. The author of that piece, David Weigel, said he does not recall any­one arrang­ing inter­views for his sto­ry.

    ...

    ———-

    “Secret cam­paign to use Russ­ian-inspired tac­tics in 2017 Ala. elec­tion stirs anx­i­ety for Democ­rats” by Craig Tim­berg, Tony Romm, Aaron C. Davis and Eliz­a­beth Dwoskin; The Wash­ing­ton Post; 01/06/2019

    “As the scan­dal has expand­ed, with calls for fed­er­al and state inves­ti­ga­tions and Face­book also con­duct­ing a review, the tac­tics described in the Project Birm­ing­ham doc­u­ment have come under intense scruti­ny. Those includ­ed a “false flag” effort that gen­er­at­ed pho­ny evi­dence that auto­mat­ed Russ­ian accounts called bots had sup­port­ed Moore on Twit­ter and the cre­ation of a mis­lead­ing Face­book page, aimed at Alaba­ma con­ser­v­a­tives, that sought to under­mine Moore by encour­ag­ing them to vote for a rival Repub­li­can through a write-in cam­paign.”

    So at least some of the doc­u­ments behind this false flag effort are avail­able to jour­nal­ists. In this case, the 12 page doc­u­ment is from three days after the Decem­ber 15, 2017, Alaba­ma vote and was pre­sent­ed to a group of 13 tech­nol­o­gy experts last Sep­tem­ber. And while New Knowl­edge’s name was redact­ed out of the doc­u­ment, Dick­er­son did even­tu­al­ly admit to reporters that the redact­ed name of the com­pa­ny behind the report was indeed New Knowl­edge:

    ...
    ‘Influ­ence the out­come’

    What is known about Project Birm­ing­ham comes main­ly from the 12-page doc­u­ment labeled “Project Birm­ing­ham Debrief,” which was obtained by The Post. It is dat­ed Dec. 15, 2017, three days after the Alaba­ma vote.

    The doc­u­ment describes the effort as “a dig­i­tal mes­sag­ing oper­a­tion to influ­ence the out­come of the AL sen­ate race” by tar­get­ing 650,000 like­ly vot­ers with mes­sages on social media plat­forms such as Face­book, while obscur­ing the fact that the mes­sages were com­ing from an effort back­ing Jones. Jones has said he had no knowl­edge of Project Birm­ing­ham and has called for a fed­er­al inves­ti­ga­tion.

    ...

    Last Sep­tem­ber, Dick­er­son pre­sent­ed what he said was a trun­cat­ed ver­sion of the Project Birm­ing­ham debrief at a meet­ing of tech­nol­o­gy experts — sev­er­al of them alum­ni of the Oba­ma admin­is­tra­tion — in down­town Wash­ing­ton. The 13 atten­dees of that meet­ing were required to sign nondis­clo­sure agree­ments.

    In the ver­sion of the doc­u­ment dis­trib­uted at the meet­ing, a black rec­tan­gle obscured part of a sen­tence that would have made clear the name of the enti­ty that con­duct­ed Project Birm­ing­ham. After weeks of declin­ing to com­ment, Dick­er­son told The Post that the redac­tion was “NK” — for New Knowl­edge.

    “Pri­or to pre­sent­ing the report in Sep­tem­ber, I edit­ed New Knowledge’s report for length and to redact iden­ti­fy­ing infor­ma­tion,” Dick­er­son wrote in his state­ment to The Post. “This was the only first­hand account of this kind of oper­a­tion that I knew of, so I pre­sent­ed it to the group to ana­lyze and dis­cuss.”
    ...

    And note how some of the fake Russ­ian bot twit­ter accounts had things like Cyril­lic in the pro­file infor­ma­tion, lead­ing to some reporters to ques­tion whether or not they were actu­al­ly Russ­ian at the time. Keep in mind that New Knowl­edge helped write the Sen­ate Intel­li­gence Com­mit­tee’s report on Russ­ian dis­in­for­ma­tion. So if the fake accounts that New Knowl­edge was try­ing to pass off as Russ­ian includ­ed bla­tant ‘clues’ like Cyril­lic, that gives us an idea of the kind of stan­dards New Knowl­edge was like­ly using for iden­ti­fy­ing true ‘Russ­ian bot’ accounts for the Sen­ate report:

    ...
    ‘The shift­ing of votes’

    While debate con­tin­ues over who did what in Project Birm­ing­ham, The Post was able to find some evi­dence for sev­er­al of the claims in the explana­to­ry doc­u­ment.

    The doc­u­ment, for exam­ple, says it “plant­ed the idea that the Moore cam­paign was ampli­fied on social media by a Russ­ian bot­net. We then tied that bot­net to the Moore cam­paign dig­i­tal direc­tor, mak­ing it appear as if he had pur­chased the accounts.” Mor­gan denied any knowl­edge of the inci­dent involv­ing Russ­ian bots.

    Dur­ing the cam­paign, jour­nal­ists wrote sto­ries about Twit­ter accounts that appeared to be Russ­ian fol­low­ers of Moore.

    Those accounts were lat­er sus­pend­ed by Twit­ter. The Post found an archived ver­sion of a mis­lead­ing tweet and also sev­er­al news reports and tweets by jour­nal­ists dur­ing the Alaba­ma elec­tion describ­ing evi­dence that Russ­ian bots were sup­port­ing Moore. The Project Birm­ing­ham doc­u­ment cit­ed an arti­cle in the New York Post with the head­line “Roy Moore flood­ed with fake Russ­ian Twit­ter fol­low­ers.”

    Oth­er jour­nal­ists, how­ev­er, expressed skep­ti­cism at the time, not­ing that the sup­posed Russ­ian bots made obvi­ous mis­takes, leav­ing pro­file infor­ma­tion in some tweets in Cyril­lic, the Russ­ian-lan­guage alpha­bet.
    ...

    Not sur­pris­ing­ly, every­one involved with this report is deny­ing aware­ness of Project Birm­ing­ham when it was hap­pen­ing. Hoff­man gave $750,000 to Mikey Dick­er­son­’s Amer­i­can Engage­ment Tech­nolo­gies (AET). Dick­er­son claims it came from New Knowl­edge and that he had only learned about the false flag tac­tics in ear­ly 2018:

    ...
    But all those who have acknowl­edged play­ing a role in Project Birm­ing­ham have denied know­ing the full extent of the activ­i­ties described in the doc­u­ment.

    Project Birm­ing­ham got its fund­ing from Inter­net bil­lion­aire Reid Hoff­man, who emerged as a lead­ing under­writer of Demo­c­ra­t­ic caus­es after the 2016 elec­tion. While acknowl­edg­ing his mon­ey end­ed up pay­ing for Project Birm­ing­ham, Hoff­man said he did not know how his funds were used until details began to emerge in the New York Times and The Post.

    Hoff­man gave $750,000 to a pro­gres­sive tech­nol­o­gy start-up called Amer­i­can Engage­ment Tech­nolo­gies — found­ed by Mikey Dick­er­son, a for­mer Oba­ma admin­is­tra­tion offi­cial — that aimed to help Democ­rats, accord­ing to a per­son famil­iar with the finances who spoke on the con­di­tion of anonymi­ty. This per­son said Dick­er­son used $100,000 of that to hire New Knowl­edge, a Texas-based social media research firm, to work in Alaba­ma in sup­port of Jones dur­ing the spe­cial elec­tion in Decem­ber 2017.

    Dick­er­son — who is best known for lead­ing the effort to fix HealthCare.gov, the glitchy por­tal for Pres­i­dent Barack Obama’s sig­na­ture health-care ini­tia­tive — said in a state­ment to The Post that he learned of the extent of Project Birm­ing­ham only months after it was com­plete, when he received a report on the oper­a­tion.

    “I received the report in ear­ly 2018, which is when I first learned about the false flag and write-in tac­tics,” Dick­er­son said in his state­ment, his first pub­lic com­ment on the con­tro­ver­sy.

    That report, he said, came from New Knowl­edge, a com­pa­ny known main­ly for its efforts to inves­ti­gate online dis­in­for­ma­tion. More recent­ly, it co-authored a report last month on Russ­ian dis­in­for­ma­tion for the Sen­ate Intel­li­gence Com­mit­tee.
    ...

    Hoff­man, who was fun­nel­ing his mon­ey into AET through his polit­i­cal advis­er, Dmitri Mehlorn’s Invest­ing in US, is also claim­ing to have had no knowl­edge of this oper­a­tion (that he paid $750,000 for). Mehlorn also claims igno­rance of the key details of the project:

    ...
    Hoff­man also has denied know­ing about the oper­a­tion in Alaba­ma, though he has acknowl­edged pro­vid­ing the mon­ey to AET and apol­o­gized for his role in how it was even­tu­al­ly used.

    “I find the tac­tics that have been recent­ly report­ed high­ly dis­turb­ing,” Hoff­man said in a state­ment. “For that rea­son, I am embar­rassed by my fail­ure to track AET — the orga­ni­za­tion I did sup­port — more dili­gent­ly as it made its own deci­sions to per­haps fund projects that I would reject.”

    Hoffman’s finan­cial rela­tion­ship with AET was bro­kered by his polit­i­cal advis­er, Dmitri Mehlhorn, who heads a group called Invest­ing in US that helps direct Sil­i­con Val­ley mon­ey into left-lean­ing polit­i­cal caus­es.

    Mehlhorn said he too was unaware of key details about Project Birm­ing­ham, but he defend­ed the idea of learn­ing from the Russ­ian dis­in­for­ma­tion oper­a­tives at the Inter­net Research Agency, who backed Trump in the 2016 elec­tion and in his first year in the White House, accord­ing to U.S. offi­cials.
    ...

    Renee DiRes­ta, who went to work for New Knowl­edge and who was the lead author of the Sen­ate Intel­li­gence Com­mit­tee report on Russ­ian dis­in­for­ma­tion, is claim­ing that she knew noth­ing of tac­tics New Knowl­edge was using:

    ...
    Anger after los­ing in 2016

    Project Birm­ing­ham had its roots in the anger and frus­tra­tion Democ­rats felt after los­ing the White House and Con­gress in 2016 — with the assis­tance, many were con­vinced, of online dis­in­for­ma­tion ped­dled by Rus­sians and also U.S. con­ser­v­a­tives active on social media, who pushed dam­ag­ing but false infor­ma­tion about Demo­c­rat Hillary Clinton’s health, hon­esty and suit­abil­i­ty for office.

    One per­son who expressed a desire to fight back was Dick­er­son, accord­ing to social media researcher Renee DiRes­ta, who met him at a con­fer­ence in Chica­go in the same month that Trump was inau­gu­rat­ed. Dick­er­son told her at the time about his desire to cre­ate a start-up to bat­tle polit­i­cal dis­in­for­ma­tion, she said.

    “There was a feel­ing after the Trump elec­tion that Democ­rats hadn’t pri­or­i­tized tech, that Repub­li­cans had built this amaz­ing jug­ger­naut machine,” said DiRes­ta. “The right wing was run­ning a meme war, and there were these crazy dirty tricks. Peo­ple want­ed to build coun­ter­mea­sures.”

    DiRes­ta briefly advised AET, offer­ing tech­ni­cal guid­ance and help­ing them meet poten­tial sup­port­ers in the months before Hoff­man agreed to fund the com­pa­ny.

    DiRes­ta, who also accept­ed a sin­gle share in AET and a seat on its board, said she became con­cerned with the opaque­ness of the project, and sev­ered ties with the com­pa­ny a few months after join­ing. She became research direc­tor at New Knowl­edge in Jan­u­ary 2018 but said that, while she had heard of an exper­i­ment in Alaba­ma, she did not know about the tac­tics.
    ...

    And New Knowl­edge’s Jonathon Mor­gan pub­licly denied writ­ing the Project Birm­ing­ham report and spec­u­lat­ed that Project Birm­ing­ham is actu­al­ly the name from an umbrel­la project that includ­ed New Knowl­edge’s work but also the work of oth­er groups:

    ...
    Some ‘exper­i­ments’

    Before Dick­er­son had sent his state­ment to The Post, Mor­gan, the New Knowl­edge chief, had pub­licly denied writ­ing the Project Birm­ing­ham report or know­ing about most of what it describes.

    Mor­gan, in com­ments to The Post and in a blog post on the self-pub­lish­ing site Medi­um, acknowl­edged con­duct­ing some “exper­i­ments” with dis­in­for­ma­tion tac­tics dur­ing the Alaba­ma elec­tion. Those includ­ed cre­at­ing a Face­book page called “Alaba­ma Con­ser­v­a­tive Pol­i­tics” that shared news links with its fol­low­ers. He also said that New Knowl­edge spent about $30,000 on tar­get­ed Face­book adver­tis­ing dur­ing the Alaba­ma elec­tion sea­son and that he bought some retweets to test his abil­i­ty to “lift” social media mes­sages.

    Mor­gan char­ac­ter­ized the work as a “small, lim­it­ed research project on Face­book” while spec­u­lat­ing that Project Birm­ing­ham as described in the debrief doc­u­ment was a com­bi­na­tion of his efforts and those that might have been con­duct­ed by oth­ers. He described the Project Birm­ing­ham doc­u­ment as “AET’s report” — sug­gest­ing it had been a prod­uct of Dickerson’s start-up, Amer­i­can Engage­ment Tech­nolo­gies, also known as AET.

    “I acknowl­edge work­ing with AET, but I don’t rec­og­nize the claims they’re mak­ing now,” Mor­gan said on Medi­um. “We did not write the leaked report and we could not have because it didn’t reflect our research. The leaked ver­sion of the report made a num­ber of claims that did not orig­i­nate with us.”
    ...

    And giv­en that only $100,000 of the $750,000 Hoff­man gave to the project was spent by New Knowl­edge, Mor­gan’s spec­u­la­tion seems pret­ty rea­son­able. Espe­cial­ly after the fol­low­ing report about a new dis­in­for­ma­tion oper­a­tion in the 2017 Alaba­ma Sen­ate race. And while this new one does­n’t appear to involve fake ‘Russ­ian bot’ false flag oper­a­tions, it does appear to be relat­ed to Project Birm­ing­ham: This time it was a psy­op designed to look like a group of pro-alco­hol pro­hi­bi­tion Bap­tist tee­to­talers, “Dry Alaba­ma”, run­ning a “Pray for Roy Moore” Twit­ter and Face­book cam­paign. The idea was that if a group like that open­ly sup­port­ed Moore this would hurt his broad­er sup­port. Both the New Knowl­edge project and this new project received each received $100,000, fun­neled through the same orga­ni­za­tion: Invest­ing in Us, run by Reid Hoff­man’s polit­i­cal advi­sor Dmitri Mehlorn to fun­nel Sil­i­con Val­ley mon­ey into pol­i­tics:

    The New York Times

    Democ­rats Faked Online Push to Out­law Alco­hol in Alaba­ma Race

    By Scott Shane and Alan Blind­er

    Jan. 7, 2019

    The “Dry Alaba­ma” Face­book page, illus­trat­ed with stark images of car wrecks and videos of fam­i­lies ruined by drink, had a blunt mes­sage: Alco­hol is the devil’s work, and the state should ban it entire­ly.

    Along with a com­pan­ion Twit­ter feed, the Face­book page appeared to be the work of Bap­tist tee­to­talers who sup­port­ed the Repub­li­can, Roy S. Moore, in the 2017 Alaba­ma Sen­ate race. “Pray for Roy Moore,” one tweet exhort­ed.

    In fact, the Dry Alaba­ma cam­paign, not pre­vi­ous­ly report­ed, was the stealth cre­ation of pro­gres­sive Democ­rats who were out to defeat Mr. Moore — the sec­ond such secret effort to be unmasked. In a polit­i­cal bank shot made in the last two weeks of the cam­paign, they thought asso­ci­at­ing Mr. Moore with calls for a statewide alco­hol ban would hurt him with mod­er­ate, busi­ness-ori­ent­ed Repub­li­cans and assist the Demo­c­rat, Doug Jones, who won the spe­cial elec­tion by a hair-thin mar­gin.

    Matt Osborne, a vet­er­an pro­gres­sive activist who worked on the project, said he hoped that such decep­tive tac­tics would some­day be banned from Amer­i­can pol­i­tics. But in the mean­time, he said, he believes that Repub­li­cans are using such trick­ery and that Democ­rats can­not uni­lat­er­al­ly give it up.

    “If you don’t do it, you’re fight­ing with one hand tied behind your back,” said Mr. Osborne, a writer and con­sul­tant who lives out­side Flo­rence, Ala. “You have a moral imper­a­tive to do this — to do what­ev­er it takes.”

    The dis­cov­ery of Dry Alaba­ma, the sec­ond so-called false flag oper­a­tion by Democ­rats in the fierce­ly con­test­ed Alaba­ma race, under­scores how dirty tricks on social media are creep­ing into Amer­i­can pol­i­tics. The New York Times report­ed last month on a sep­a­rate project that used its own bogus con­ser­v­a­tive Face­book page and sent a horde of Russ­ian-look­ing Twit­ter accounts to fol­low Mr. Moore’s to make it appear as if he enjoyed Russ­ian sup­port.

    The rev­e­la­tions about the first project, run in part by a cyber­se­cu­ri­ty com­pa­ny called New Knowl­edge, led Face­book to shut down five accounts that it said had vio­lat­ed its rules, and prompt­ed Sen­a­tor Jones to call for a fed­er­al inves­ti­ga­tion. There is no evi­dence that Mr. Jones encour­aged or knew of either of the decep­tive social media projects. His spokes­woman, Heather Fluit, said his legal advis­ers were prepar­ing to file a for­mal com­plaint with the Fed­er­al Elec­tion Com­mis­sion.

    Both Alaba­ma projects were devised short­ly after the expo­sure of the full dimen­sions of Russia’s fraud­u­lent use of social media in the 2016 pres­i­den­tial race, when thou­sands of Face­book and Twit­ter accounts posed as Amer­i­cans. Because the Russ­ian oper­a­tion attacked Hillary Clin­ton and helped Don­ald J. Trump, Democ­rats have spo­ken out most vehe­ment­ly against it.

    So some Democ­rats were dis­com­fit­ed by the rev­e­la­tion that the first of the Alaba­ma efforts was explic­it­ly devised to try out the tac­tics of the Russ­ian oper­a­tion, accord­ing to an inter­nal report on the project obtained by The Times. Rather than Rus­sians work­ing in St. Peters­burg pos­ing as Amer­i­cans, this time Democ­rats — most of them far from Alaba­ma — pre­tend­ed to be con­ser­v­a­tive state res­i­dents.

    The first of the Alaba­ma efforts was fund­ed by Reid Hoff­man, the bil­lion­aire co-founder of LinkedIn, who apol­o­gized and said he had been unaware of the project and did not approve of the under­hand­ed meth­ods. The sec­ond was fund­ed by two Vir­ginia donors who want­ed to defeat Mr. Moore — a for­mer judge accused of pur­su­ing sex­u­al rela­tion­ships with under­age girls — accord­ing to a par­tic­i­pant who would speak about the secret project only on the con­di­tion of anonymi­ty and who declined to name the fun­ders.

    The two projects each received $100,000, fun­neled in both cas­es through the same orga­ni­za­tion: Invest­ing in Us, which finances polit­i­cal oper­a­tions in sup­port of pro­gres­sive caus­es. Dmitri Mehlhorn, the group’s man­ag­ing part­ner, declined to com­ment on whether he approved of the tac­tics he had helped pay for. But after the Times report in Decem­ber, he acknowl­edged, in a post on the online forum Medi­um, a “con­cern that our tac­tics might cause us to become like those we are fight­ing.” He declared that “some tac­tics are beyond the pale.”

    Anoth­er orga­niz­er of the project, accord­ing to two par­tic­i­pants, was Evan Coren, a pro­gres­sive activist who works for the Nation­al Archives unit that han­dles clas­si­fied doc­u­ments. He did not respond to requests for com­ment. Beth Beck­er, a social media train­er and con­sul­tant in Wash­ing­ton who han­dled Face­book ad spend­ing for the Dry Alaba­ma page and the project’s oth­er Face­book page, called South­ern Caller, said in an inter­view that a nondis­clo­sure agree­ment pro­hib­it­ed her from say­ing much about the project.

    But, she added, “I don’t think any­thing this group did crossed any lines.”

    That may be true in the sense that nei­ther law nor reg­u­la­tions set any clear lim­its on social media activ­i­ty in elec­tions. “The law has clear­ly not caught up with social media,” Ms. Beck­er said.

    But there is no doubt that the pro­gres­sive Democ­rats who cre­at­ed the now-defunct Face­book pages — and the relat­ed Twit­ter feeds, seem­ing after­thoughts with neg­li­gi­ble reach — were try­ing to deceive vot­ers about their iden­ti­ties and real views. “Re-enact Pro­hi­bi­tion and make Alaba­ma dry again!” said one post. “Democ­rats con­tin­ue to put par­ty before coun­try,” said anoth­er.

    Facebook’s com­mu­ni­ty stan­dards, which were tight­ened in 2018, empha­size “authen­tic­i­ty” and pro­hib­it “mis­rep­re­sen­ta­tion,”includ­ing coor­di­nat­ed efforts to “mis­lead peo­ple about the ori­gin of con­tent.”

    Polit­i­cal social media trick­ery of this sort is usu­al­ly well hid­den and hard to detect with­out help from an insid­er, so it’s dif­fi­cult to say how com­mon it has become. Some polit­i­cal vet­er­ans warn that with­out new laws or reg­u­la­tions explic­it­ly out­law­ing fraud­u­lent social media tac­tics, both par­ties may feel pres­sure to use them sim­ply to stay com­pet­i­tive.

    There were at least two more social media oper­a­tions intend­ed to help Mr. Jones’s cam­paign, run by small com­pa­nies called Tovo Labs and Dialec­ti­ca. Nei­ther respond­ed to queries about their tac­tics. A pub­lic account by Tovo Labs of its effort described set­ting up web­sites for Chris­t­ian con­ser­v­a­tives and mod­er­ate con­ser­v­a­tives but claimed all the con­tent was “legit­i­mate mate­r­i­al” and its meth­ods “eth­i­cal.” A pitch to poten­tial cus­tomers from Dialec­ti­ca offers “a new gen­er­a­tion of infor­ma­tion weapons” to bat­tle “fake news,” and a mar­ket­ing email shared with The Times says the com­pa­ny worked in the Alaba­ma race’s “meme war” for at least three months.

    Mr. Osborne, who said he helped con­ceive the Dry Alaba­ma project and wrote for the South­ern Caller page, said the effort began in con­ver­sa­tions with acquain­tances from his years at the annu­al Net­roots Nation pro­gres­sive gath­er­ings. They dis­cussed what tac­tics might help Mr. Jones’s chances and zeroed in on ten­sions with­in the Repub­li­can Par­ty over whether drink­ing should be per­mit­ted in Alaba­ma, where the num­ber of dry coun­ties had dwin­dled.

    “Busi­ness con­ser­v­a­tives favor wet; cul­ture-war con­ser­v­a­tives favor dry,” he said. “That gave us an idea.”

    Essen­tial­ly, the aim was to fright­en the busi­ness con­ser­v­a­tives — who could be tar­get­ed with ads using Facebook’s tools — with the poten­tial impli­ca­tions of a Moore vic­to­ry. Some ideas were nixed by orga­niz­ers: A raf­fle of an AR-15 assault rifle was out, Mr. Osborne was told, as was out­right homo­pho­bic lan­guage.

    “I learned that if you’re doing a false-flag con­ser­v­a­tive page for a lib­er­al donor, there are lim­its,” he said. But he said he enjoyed mim­ic­k­ing the voic­es of his con­ser­v­a­tive oppo­nents who dom­i­nate in the state.

    By the time the project got fund­ing, there were only two weeks left in the race. With salaries need­ed only briefly, about 80 per­cent of the $100,000 went toward Face­book ads.

    Eliz­a­beth BeShears, a Repub­li­can com­mu­ni­ca­tions con­sul­tant from Birm­ing­ham, was amused when she spot­ted a Dry Alaba­ma ad on Face­book demand­ing that can­di­dates pledge to try to ban drink­ing, because her husband’s fam­i­ly had strong­ly sup­port­ed a recent effort to turn a coun­ty “wet.”

    She assumed the Dry Alaba­ma ads were aimed at anti-alco­hol con­ser­v­a­tives, and post­ed on Twit­ter a screen­shot of the Face­book ad with the remark, “Y’all’s tar­get­ing is so wrong.” In fact, Mr. Osborne said, Ms. BeShears was the per­fect tar­get for the ads. She vot­ed for Mr. Jones out of dis­gust for Mr. Moore, though she didn’t need the Dry Alaba­ma ad to per­suade her, she said.

    Mr. Osborne said the stats he was giv­en on the reach of the brief Face­book oper­a­tion were impres­sive: 4.6 mil­lion views of the Face­book posts, and 97,000 engage­ments — for instance, “lik­ing” or shar­ing posts. Sim­ple videos push­ing the Dry Alaba­ma mes­sage were watched 430,000 times, he said.

    Giv­en Mr. Jones’s slen­der mar­gin of vic­to­ry — about 22,000 votes, out of more than 1.3 mil­lion — it is hard to say for sure that Dry Alaba­ma had no impact. But many oth­er inde­pen­dent efforts were at play on both sides, and the amount spent on the two false flag projects was rel­a­tive­ly tiny in a race that cost at least $51 mil­lion, includ­ing the pri­maries.

    ...

    ———-

    “Democ­rats Faked Online Push to Out­law Alco­hol in Alaba­ma Race” by Scott Shane and Alan Blind­er; The New York Times; 01/07/2019

    Polit­i­cal social media trick­ery of this sort is usu­al­ly well hid­den and hard to detect with­out help from an insid­er, so it’s dif­fi­cult to say how com­mon it has become. Some polit­i­cal vet­er­ans warn that with­out new laws or reg­u­la­tions explic­it­ly out­law­ing fraud­u­lent social media tac­tics, both par­ties may feel pres­sure to use them sim­ply to stay com­pet­i­tive.”

    Yep, it’s dif­fi­cult to say how com­mon social media trick­ery has become. Espe­cial­ly since the groups like New Knowl­edge that are get­ting tasked to study social media trick­ery are run­ning their own dis­in­for­ma­tion oper­a­tions and have deep con­flicts of inter­est. It’s a reminder that we real­ly have no idea who is behind the wave ‘Russ­ian troll’ activ­i­ty. How much of it is the Repub­li­can par­ty or inde­pen­dent right-wing oper­a­tions? How much is fund­ed by dark mon­ey? How about oth­er nations? Or far right groups around the world want­i­ng to influ­ence US elec­tions? We sim­ply have no idea.

    And both “Dry Alaba­ma” and New Knowl­edge received $100,000 from the same group: Invest­ing in US, the out­fit run by Dmitri Mehlorn:

    ...
    Matt Osborne, a vet­er­an pro­gres­sive activist who worked on the project, said he hoped that such decep­tive tac­tics would some­day be banned from Amer­i­can pol­i­tics. But in the mean­time, he said, he believes that Repub­li­cans are using such trick­ery and that Democ­rats can­not uni­lat­er­al­ly give it up.

    “If you don’t do it, you’re fight­ing with one hand tied behind your back,” said Mr. Osborne, a writer and con­sul­tant who lives out­side Flo­rence, Ala. “You have a moral imper­a­tive to do this — to do what­ev­er it takes.”

    ...

    The first of the Alaba­ma efforts was fund­ed by Reid Hoff­man, the bil­lion­aire co-founder of LinkedIn, who apol­o­gized and said he had been unaware of the project and did not approve of the under­hand­ed meth­ods. The sec­ond was fund­ed by two Vir­ginia donors who want­ed to defeat Mr. Moore — a for­mer judge accused of pur­su­ing sex­u­al rela­tion­ships with under­age girls — accord­ing to a par­tic­i­pant who would speak about the secret project only on the con­di­tion of anonymi­ty and who declined to name the fun­ders.

    The two projects each received $100,000, fun­neled in both cas­es through the same orga­ni­za­tion: Invest­ing in Us, which finances polit­i­cal oper­a­tions in sup­port of pro­gres­sive caus­es. Dmitri Mehlhorn, the group’s man­ag­ing part­ner, declined to com­ment on whether he approved of the tac­tics he had helped pay for. But after the Times report in Decem­ber, he acknowl­edged, in a post on the online forum Medi­um, a “con­cern that our tac­tics might cause us to become like those we are fight­ing.” He declared that “some tac­tics are beyond the pale.”

    Anoth­er orga­niz­er of the project, accord­ing to two par­tic­i­pants, was Evan Coren, a pro­gres­sive activist who works for the Nation­al Archives unit that han­dles clas­si­fied doc­u­ments. He did not respond to requests for com­ment. Beth Beck­er, a social media train­er and con­sul­tant in Wash­ing­ton who han­dled Face­book ad spend­ing for the Dry Alaba­ma page and the project’s oth­er Face­book page, called South­ern Caller, said in an inter­view that a nondis­clo­sure agree­ment pro­hib­it­ed her from say­ing much about the project.

    ...

    By the time the project got fund­ing, there were only two weeks left in the race. With salaries need­ed only briefly, about 80 per­cent of the $100,000 went toward Face­book ads.
    ...

    And there’s at least two oth­er social media false flag oper­a­tions that appear to be part of this effort run by Tovo Labs and Dialec­ti­ca. Tovo Lab set up web­sites tar­get­ing Chris­t­ian con­ser­v­a­tives. We don’t know what Dialec­ti­ca did, but they offer “a new gen­er­a­tion of infor­ma­tion weapons”:

    ...
    There were at least two more social media oper­a­tions intend­ed to help Mr. Jones’s cam­paign, run by small com­pa­nies called Tovo Labs and Dialec­ti­ca. Nei­ther respond­ed to queries about their tac­tics. A pub­lic account by Tovo Labs of its effort described set­ting up web­sites for Chris­t­ian con­ser­v­a­tives and mod­er­ate con­ser­v­a­tives but claimed all the con­tent was “legit­i­mate mate­r­i­al” and its meth­ods “eth­i­cal.” A pitch to poten­tial cus­tomers from Dialec­ti­ca offers “a new gen­er­a­tion of infor­ma­tion weapons” to bat­tle “fake news,” and a mar­ket­ing email shared with The Times says the com­pa­ny worked in the Alaba­ma race’s “meme war” for at least three months.
    ...

    So based on this dis­cov­ery, it would appear that Jonathon Mor­gan of New Knowl­edge was prob­a­bly cor­rect when he sug­gest­ed that the Project Birm­ing­ham report cov­ers the work of oth­er groups in addi­tion to New Knowl­edge. We know about four so far. How many more go? We’ll see. Or maybe we won’t. That’s how social media trick­ery works: you know that you don’t know how much of it is out there and will like­ly nev­er know. But at least now we know that when you see things like Cyril­lic char­ac­ters left in the pro­files ‘Russ­ian bot’ twit­ter accounts, those prob­a­bly aren’t actu­al­ly Russ­ian bots. Which we should have already known.

    Posted by Pterrafractyl | January 7, 2019, 12:32 pm
  27. Fol­low­ing up on the sto­ry of New Knowl­edge, the cyber­se­cu­ri­ty firm that cre­at­ed fake “Russ­ian bots” dur­ing the 2017 Alaba­ma spe­cial elec­tion and also wrote the Sen­ate Intel­li­gence Com­mit­tee’s report on the Krem­lin’s cyber actions dur­ing the 2016 elec­tion, here’s a sto­ry about new analy­sis that arrives at the con­clu­sion that the Krem­lin is already back­ing Tul­si Gab­bard’s 2020 pres­i­den­tial cam­paign that answers the ques­tion of whether or not get­ting caught run­ning a false flag Russ­ian bot cam­paign would harm New Knowl­edge’s cred­i­bil­i­ty in this area: Nope, it will be as if we have no knowl­edge of what New Knowl­edge did:

    NBC News

    Rus­si­a’s pro­pa­gan­da machine dis­cov­ers 2020 Demo­c­ra­t­ic can­di­date Tul­si Gab­bard
    Experts who track web­sites and social media linked to Rus­sia have seen stir­rings of a pos­si­ble cam­paign of sup­port for Hawaii Demo­c­rat Tul­si Gab­bard.

    Feb. 2, 2019, 6:03 AM CST
    By Robert Win­drem and Ben Pop­ken

    The Russ­ian pro­pa­gan­da machine that tried to influ­ence the 2016 U.S. elec­tion is now pro­mot­ing the pres­i­den­tial aspi­ra­tions of a con­tro­ver­sial Hawaii Demo­c­rat who ear­li­er this month declared her inten­tion to run for pres­i­dent in 2020.

    An NBC News analy­sis of the main Eng­lish-lan­guage news sites employed by Rus­sia in its 2016 elec­tion med­dling shows Rep. Tul­si Gab­bard of Hawaii, who is set to make her for­mal announce­ment Sat­ur­day, has become a favorite of the sites Moscow used when it inter­fered in 2016.

    Sev­er­al experts who track web­sites and social media linked to the Krem­lin have also seen what they believe may be the first stir­rings of an upcom­ing Russ­ian cam­paign of sup­port for Gab­bard.

    Since Gab­bard announced her inten­tion to run on Jan. 11, there have been at least 20 Gab­bard sto­ries on three major Moscow-based Eng­lish-lan­guage web­sites affil­i­at­ed with or sup­port­ive of the Russ­ian gov­ern­ment: RT, the Russ­ian-owned TV out­let; Sput­nik News, a radio out­let; and Rus­sia Insid­er, a blog that experts say close­ly fol­lows the Krem­lin line. The CIA has called RT and Sput­nik part of “Rus­si­a’s state-run pro­pa­gan­da machine.”

    All three sites cel­e­brat­ed Gab­bard’s announce­ment, defend­ed her posi­tions on Rus­sia and her 2017 meet­ing with Syr­i­an Pres­i­dent Bashar Al-Assad, and attacked those who have sug­gest­ed she is a pawn for Moscow. The cov­er­age devot­ed to Gab­bard, both in news and com­men­tary, exceeds that afford­ed to any of the declared or rumored Demo­c­ra­t­ic can­di­dates despite Gab­bard’s lack of vot­er recog­ni­tion.

    Gab­bard was men­tioned on the three sites about twice as often as two of the best known Demo­c­ra­t­ic pos­si­bil­i­ties for 2020, Joe Biden and Bernie Sanders, each with 10 sto­ries. Kamala Har­ris and Eliz­a­beth War­ren had few­er. In each case, the oth­er con­tenders were treat­ed more crit­i­cal­ly than Gab­bard, with head­lines like “’Don’t Run’: Ver­mont Paper Begs Bernie Sanders Not to Seek US Pres­i­den­cy in 2020” and “Sex­ist much? Biden blames ‘con­ser­v­a­tive blonde woman’ for shut­down, ‘for­gets’ Ann Coul­ter’s name.”

    “Her pro­mul­ga­tion of posi­tions com­pat­i­ble with Russ­ian geo strate­gic inter­ests can help them main­stream such dis­cus­sion in the [Demo­c­ra­t­ic] par­ty,” said Alex Sta­mos, for­mer chief secu­ri­ty offi­cer at Face­book and now an NBC News ana­lyst. Gab­bard, said Sta­mos, helps them with all their “lines of attack.”

    A major in the Hawaii Army Nation­al Guard who served two tours in Iraq, Gab­bard was first elect­ed to Con­gress in 2012 and rep­re­sents the out islands and north­ern Oahu. She attract­ed atten­tion as a mav­er­ick when she resigned as Demo­c­ra­t­ic Nation­al Com­mit­tee vice chair in ear­ly 2016 and endorsed Bernie Sanders. She gave his nom­i­nat­ing speech at that sum­mer’s par­ty con­ven­tion.

    While some of her stances appeal to the left, she has also angered the par­ty’s lib­er­al base with her past posi­tions on same sex mar­riage, abor­tion and guns. Just weeks after Don­ald Trump’s upset vic­to­ry over Hillary Clin­ton, she met with the pres­i­dent-elect at Trump Tow­er.

    But Gab­bard’s most con­tro­ver­sial posi­tion and the one where she’s most in line with Russ­ian inter­ests is on Syr­ia. She’s accused the U.S. of push­ing a pol­i­cy of “regime change” wars and in Jan­u­ary 2017, sshe met with Syr­i­an Pres­i­dent Bashar Al-Assad in Syr­ia on what she called a “fact-find­ing mis­sion.”

    RT began defend­ing Gab­bard as soon as she announced. A behav­ioral sci­ence expert who stud­ies social media tweet­ed out a vow on Jan. 11 to start a GoFundMe cam­paign to finance a report­ing trip to Gab­bard’s Hawaii dis­trict. Reporters for RT’s tele­vi­sion net­work pounced, call­ing it “an inves­tiga­tive vaca­tion” and a “beach­side inves­ti­ga­tion” by an “estab­lish­ment Demo­c­rat.”

    On Jan. 12, the day after Gab­bard announced, RT head­lined her deci­sion this way: “ ‘Putin pup­pet’ vs ‘Assad shill’: Dems & Reps unite in pan­ic over Gab­bard chal­leng­ing Trump in 2020.”

    The unsigned arti­cle claimed, “With Rep­re­sen­ta­tive Tul­si Gab­bard (D‑Hawaii) enter­ing the 2020 pres­i­den­tial fray, estab­lish­ment fig­ures on both Right and Left are scram­bling to smear the anti-war con­gress­woman with impec­ca­ble iden­ti­ty-pol­i­tics bona fides. Ever since her 2017 vis­it to Syr­ia, Gab­bard has been con­demned for dar­ing to seek first­hand accounts rather than blind­ly trust­ing the MSM nar­ra­tive, so on Fri­day the pun­dits were again off to the races, with fresh accu­sa­tions of Assad-sym­pa­thiz­ing.”

    On Jan. 16, Lee Strana­han, one of the co-hosts on “Fault Line,” a Wash­ing­ton-based pro­gram on Sput­nik News, admit­ted that the debates should be the focus for Gab­bard.

    “The sig­nif­i­cant thing about her being in the race is because one of her main issues is peace and specif­i­cal­ly on Syr­ia, where she is telling the truth on Syr­ia,” said Strana­han, who joined Sput­nik after stints at Bre­it­bart News, the right-wing news site. “I think she is going to change the debate. If she can get through the first few months, and make it to actu­al debates, is there a big mil­lion­aire or bil­lion­aire that will sup­port Tul­si Gab­bard.”

    The same day, con­ser­v­a­tive writer Hunter Deren­sis not­ed on Rus­sia Insid­er, “In line with her think­ing on Syr­ia, she lacks the anti-Russ­ian stance of oth­er Demo­c­ra­t­ic politi­cians. ‘How does going to war with Rus­sia over Syr­ia serve the inter­est of the Amer­i­can peo­ple?’ she men­tioned in a tweet. Gab­bard has also sup­port­ed Trump’s diplo­mat­ic sum­mit with North Kore­an leader Kim Jong-un in one of her mul­ti­ple appear­ances with Tuck­er Carl­son.”

    That sto­ry was head­lined, “Hero­ic Tul­si Gab­bard Will Run on Her Sen­si­ble For­eign Pol­i­cy. Expect Democ­rats, Faux Pro­gres­sives to Squeal.”

    In arti­cles on the Russ­ian sites, Gab­bard is described as a “rebel,” who is “straight-talk­ing” and a “hero­ic” can­di­date who will “shake up” the estab­lish­ment.

    Cov­er­age of oth­er Demo­c­ra­t­ic pres­i­den­tial hope­fuls in pro-Krem­lin media has been for the most part per­func­to­ry, lim­it­ed to can­di­dates’ announce­ments or sum­maries of their rel­a­tive prospects. In recent weeks, Sput­nik has poked fun at Eliz­a­beth War­ren’s beer com­mer­cial and a wide­ly cir­cu­lat­ed pho­to of Beto O’Rourke’s in a den­tist chair.

    Eri­ka Tsu­ji, a spokes­woman for Gab­bard, said it as “ridicu­lous” to sug­gest the Rus­sians sup­port­ed her can­di­da­cy.

    “Rus­sia would nev­er overt­ly sup­port a can­di­date they want­ed to help, because it would just hurt their can­di­da­cy,” said Tsu­ji. “It’s com­mon sense.”

    Tsu­ji also said that “From the start, Con­gress­woman Tul­si Gab­bard has denounced Rus­si­a’s attempts to mud­dle (sic) in our elec­tions and will con­tin­ue to do so.” She not­ed that Gab­bard had cospon­sored leg­is­la­tion call­ing for an inde­pen­dent inves­ti­ga­tion of Russ­ian inter­fer­ence in the 2016 elec­tion, cospon­sored a bill pro­hibit­ing for­eign influ­ence in the elec­tion process, and spon­sored a bill to pro­tect elec­tion infra­struc­ture from hack­ers.

    The race for 2020

    Experts in Russ­ian on-line pro­pa­gan­da say Gab­bard appeals to pro-Russ­ian sites because her posi­tions —and her appeal as an out­sider in her own par­ty — can be used to cre­ate divi­sion among Democ­rats.

    For­mer FBI agent Clint Watts, author of “Mess­ing with the Ene­my: Sur­viv­ing in a Social Media World of Hack­ers, Ter­ror­ists, Rus­sians, and Fake News,” said Gab­bard has past or present posi­tions on sev­er­al issues that would be attrac­tive to the Russ­ian pro­pa­gan­da machine, and she is already pop­u­lar with the U.S. “alt-left.” Besides her views on Syr­ia, she respond­ed to reports of Russ­ian inter­fer­ence in the 2016 elec­tion by say­ing the U.S. had inter­fered in for­eign elec­tions too.

    The lan­guage used to laud Gab­bard is rem­i­nis­cent of Russ­ian media pro­mo­tion of Jill Stein, the U.S. Green Par­ty can­di­date for pres­i­dent in 2012 and 2016. Stein received favor­able cov­er­age from the same out­lets and also ben­e­fit­ed from Russ­ian troll accounts.

    Watts notes the dif­fer­ence between Stein and Gab­bard is that Gab­bard is mem­ber of Con­gress and part of the Demo­c­ra­t­ic Par­ty while Stein is more of a fringe fig­ure. Watts and Sta­mos think the Rus­sians may be grav­i­tat­ing to Gab­bard not because they think she can win, but because her posi­tions, often in line with those of the Krem­lin, will become part of the Demo­c­ra­t­ic pri­ma­ry debates.

    “They prob­a­bly just spot­ted her and fig­ured this is some­one to pro­mote,” said Watts, who is also an NBC News ana­lyst. “You can just see it com­ing. They’re telegraph­ing what com­ing the next two years, which is play­ing in the left.”

    “They want some­one like Gab­bard to voice a Russ­ian posi­tion. They are not telling her what to say but they want her pro-Russ­ian posi­tions play into the debate.”

    Sta­mos agrees that Gab­bard could be used to inject pro-Russ­ian posi­tions into the Demo­c­ra­t­ic Par­ty’s dis­cus­sions and debates dur­ing pri­ma­ry sea­son.

    “We should expect the Russ­ian intel ser­vices and troll farms to be active in the Demo­c­ra­t­ic pri­ma­ry process,” said Sta­mos, “as this pro­vides them with the best oppor­tu­ni­ty to cre­ate the most divi­sion in Amer­i­can soci­ety in 2020.”

    The first Demo­c­ra­t­ic pri­ma­ry is a year away, and the Russ­ian dis­in­for­ma­tion machine has not yet ini­ti­at­ed a full 2016-style cam­paign of sup­port for any of the 2020 aspi­rants. In 2016, neg­a­tive cov­er­age and fab­ri­cat­ed sto­ries about Hillary Clin­ton were ampli­fied by a huge net­work of fake social media accounts and bots.

    Experts who track inau­then­tic social media accounts, how­ev­er, have already found some extolling Gab­bard’s posi­tions since she declared.

    With­in a few days of Gab­bard announc­ing her pres­i­den­tial bid, Dis­In­fo 2018, part of the cyber­se­cu­ri­ty firm New Knowl­edge, found that three of the top 15 URLs shared by the 800 social media accounts affil­i­at­ed with known and sus­pect­ed Russ­ian pro­pa­gan­da oper­a­tions direct­ed at U.S. cit­i­zens were about Gab­bard.

    Ana­lysts at New Knowl­edge, the com­pa­ny the Sen­ate Intel­li­gence Com­mit­tee used to track Russ­ian activ­i­ties in the 2016 elec­tion, told NBC News they’ve spot­ted “chat­ter” relat­ed to Gab­bard in anony­mous online mes­sage boards, includ­ing those known for foment­ing right-wing troll cam­paigns. The chat­ter dis­cussed Gab­bard’s use­ful­ness.

    “A few of our ana­lysts saw some chat­ter on 8chan say­ing she was a good ‘divider’ can­di­date to ampli­fy,” said Renee DiRes­ta, direc­tor of research at New Knowl­edge.

    Josh Rus­sell, a researcher and “troll hunter” known for iden­ti­fy­ing fake accounts, sim­i­lar­ly told NBC News he recent­ly spot­ted a few clus­ters of sus­pi­cious accounts that retweet­ed the same exact text about Gab­bard, most­ly neu­tral or slight­ly pos­i­tive head­lines.

    “They usu­al­ly spam links to web­sites, but also retweet spe­cif­ic tweets or accounts in an effort to boost a web­site or accounts search results,” he said.

    ...

    ———-

    “Rus­si­a’s pro­pa­gan­da machine dis­cov­ers 2020 Demo­c­ra­t­ic can­di­date Tul­si Gab­bard” by Robert Win­drem and Ben Pop­ken; NBC News; 02/02/2019

    “An NBC News analy­sis of the main Eng­lish-lan­guage news sites employed by Rus­sia in its 2016 elec­tion med­dling shows Rep. Tul­si Gab­bard of Hawaii, who is set to make her for­mal announce­ment Sat­ur­day, has become a favorite of the sites Moscow used when it inter­fered in 2016.”

    Russ­ian Eng­lish-lan­guage sites like RT or Sput­nik give Gab­bard pret­ty pos­i­tive cov­er­age, some­thing com­plete­ly to be expect­ed giv­en her for­eign pol­i­cy posi­tions, and that appar­ent­ly qual­i­fies as the sign of a loom­ing Russ­ian dis­in­for­ma­tion oper­a­tion.

    And while the cov­er­age of Krem­lin-con­trolled out­lets is indeed a legit­i­mate top­ic to be stud­ied, this analy­sis isn’t lim­it­ed to known Krem­lin-con­trolled enti­ties. Accord­ing to New Knowl­edge, we should also treat chat­ter on troll sites like 8chan as signs of Krem­lin influ­ence. New Knowl­edge’s direc­tor of research, Renee DiRes­ta — who, we’ll recall, was also the lead author of the Sen­ate Intel­li­gence Com­mit­tee report — informs us that “A few of our ana­lysts saw some chat­ter on 8chan say­ing she was a good ‘divider’ can­di­date to ampli­fy”. And that 8chan chat­ter appears to qual­i­fy as evi­dence of a Krem­lin activ­i­ty and intent. New Knowl­edge also found that that three of the top 15 URLs shared by the 800 social media accounts affil­i­at­ed with known and “sus­pect­ed Russ­ian pro­pa­gan­da oper­a­tions” direct­ed at U.S. cit­i­zens were about Gab­bard:

    ...
    The first Demo­c­ra­t­ic pri­ma­ry is a year away, and the Russ­ian dis­in­for­ma­tion machine has not yet ini­ti­at­ed a full 2016-style cam­paign of sup­port for any of the 2020 aspi­rants. In 2016, neg­a­tive cov­er­age and fab­ri­cat­ed sto­ries about Hillary Clin­ton were ampli­fied by a huge net­work of fake social media accounts and bots.

    Experts who track inau­then­tic social media accounts, how­ev­er, have already found some extolling Gab­bard’s posi­tions since she declared.

    With­in a few days of Gab­bard announc­ing her pres­i­den­tial bid, Dis­In­fo 2018, part of the cyber­se­cu­ri­ty firm New Knowl­edge, found that three of the top 15 URLs shared by the 800 social media accounts affil­i­at­ed with known and sus­pect­ed Russ­ian pro­pa­gan­da oper­a­tions direct­ed at U.S. cit­i­zens were about Gab­bard.

    Ana­lysts at New Knowl­edge, the com­pa­ny the Sen­ate Intel­li­gence Com­mit­tee used to track Russ­ian activ­i­ties in the 2016 elec­tion, told NBC News they’ve spot­ted “chat­ter” relat­ed to Gab­bard in anony­mous online mes­sage boards, includ­ing those known for foment­ing right-wing troll cam­paigns. The chat­ter dis­cussed Gab­bard’s use­ful­ness.

    “A few of our ana­lysts saw some chat­ter on 8chan say­ing she was a good ‘divider’ can­di­date to ampli­fy,” said Renee DiRes­ta, direc­tor of research at New Knowl­edge.
    ...

    And recall how it was 4chan — the sis­ter troll site of 8chan — where some­one post­ed that the hacked emails of Emmanuel Macron were about to be leaked two days before those emails went pub­lic. This was the hack that was con­clu­sive­ly blamed on Rus­sia by the US gov­ern­ment even though the head of French cyber­se­cu­ri­ty said it could have been any­one any the NSA refused to pro­vide evi­dence it was Rus­sia. Evi­dence sub­se­quent­ly point­ed towards neo-Nazi hack­er Andrew Auern­heimer being behind the web­site that actu­al­ly leaked of the hacked doc­u­ments. It’s all a reminder that pre­tend­ing to be Krem­lin trolls is exact­ly the kind of thing the Alt Right trolls at 8chan would LOVE to do, for the LULz if noth­ing else.

    So might the chat­ter on 8chan or the oth­er “sus­pect­ed Russ­ian pro­pa­gan­da oper­a­tions” that the New Knowl­edge ana­lysts observed actu­al­ly have been Alt Right trolls pre­tend­ing to be Krem­lin trolls? Or was it New Knowl­ege’s ana­lysts who sim­ply assumed that the 8chan trolls must be Krem­lin trolls with­out those trolls even try­ing to pre­tend to be Krem­lin trolls? Or are the 8chan trolls just anoth­er New Knowl­ege false flag oper­a­tion? We have no idea at this point. But we do have a pret­ty good idea as to whether or not New Knowl­edge might just com­plete­ly make up fake accounts and then pub­licly declare them to be ‘Russ­ian bots’.

    Posted by Pterrafractyl | February 6, 2019, 11:11 am
  28. It’s arrived! Some­what. The Mueller report is out, albeit in redact­ed form. There’s no short­age of inter­est­ing find­ings in the report and one of the most intrigu­ing find­ings has to do with the inter­ac­tions between the Trump cam­paign and the hacked email hunt­ing oper­a­tion run by Peter Smith and the par­al­lel email hunt­ing oper­a­tion run by Bar­bara Ledeen.

    It has long been clear that Michael Fly­nn was in con­tact with the Smith and Ledeen oper­a­tions but one of the unan­swered ques­tions swirling around these sto­ries was whether or not Trump him­self was involved or even knew about them. And the com­pa­ny cre­at­ed by Smith for this endeav­or includ­ed mul­ti­ple Trump cam­paign asso­ciates. In doc­u­ments cre­at­ed by Smith describ­ing the effort (which he used to attempt to recruit experts to work on it), Steve Ban­non, Kellyanne Con­way, and Sam Clo­vis were all list­ed by Smith as being part of it, in addi­tion to Fly­nn. But what about Trump?

    And now we’re learn­ing in the Mueller report that, yes, Trump was active­ly encour­ag­ing these efforts. Accord­ing to the report, Michael Fly­nn told Mueller’s team that Trump repeat­ed­ly asked Fly­nn dur­ing the cam­paign to find Hillary Clin­ton’s emails. It was assumed that her pri­vate serv­er had already been hacked years ear­li­er and that they might be avail­able for sale on the Dark Web. Fly­nn, in turn, “con­tact­ed mul­ti­ple peo­ple in an effort to obtain the emails,” includ­ing Peter Smith and Bar­bara Ledeen, accord­ing to the report.

    Note that this word­ing sug­gests that Fly­nn may have con­tact­ed oth­er indi­vid­u­als or groups too. Recall how Smith had recount­ed his con­ver­sa­tions with Charles John­son about find­ing the emails and John­son told Smith he would inform a “hid­den oppo net­work” of right-lean­ing oppo­si­tion researchers that were also hunt­ing for the emails about Smith’s efforts. John­son also referred Smith to Andrew “weev” Auern­heimer for more expert hack­ing advice. So we know that there were more efforts than just the Smith and Ledeen oper­a­tions to find Hillary’s hacked emails. Was Fly­nn and the Trump team in con­tact with those oth­er groups? That remains unclear.

    And there was anoth­er per­son pre­vi­ous­ly unknown to be involved in this effort: Erik Prince. In August of 2016, Smith informed the Trump cam­paign of his efforts. Lat­er, although we don’t know when exact­ly, Bar­bara Ledeen told Smith she thinks she came across a trove of emails that might be Hillary’s. Smith want­ed them authen­ti­cat­ed and it was Erik Prince report­ed­ly pro­vid­ed the funds to hire an expert to val­i­date whether or the emails were real. The expert con­clud­ed they were not real. Recall that it was also in ear­ly August of 2016 that Prince and George Nad­er made a secret trip to Trump Tow­er with the CEO of Psy Group to inform Trump that the crown princes of the UAE and Sau­di Ara­bia want­ed to help him win and had a social media manip­u­la­tion cam­paign all ready to go. Also recall how the ser­vices Psy Group offered clients includ­ed obtain­ing hacked mate­ri­als and polit­i­cal dirty tricks. So in August of 2016 Prince was pitch­ing the ser­vices of a com­pa­ny with hack­ing exper­tise on behalf of the UAE and Sau­di Ara­bia, and at some point after that he’s also financ­ing an expert to look over emails Peter Smith acquired on the Dark Web. So it would appear that Erik Prince was also part of the GOP’s covert email-hunt­ing effort:

    The Wash­ing­ton Post

    Trump cam­paign attempt­ed to obtain Hillary Clinton’s pri­vate email

    By Shane Har­ris
    April 18, 2019 at 12:14 PM

    Pres­i­dent Trump pushed for obtain­ing Demo­c­ra­t­ic rival Hillary Clinton’s pri­vate emails, and his cam­paign was in touch with allies who were pur­su­ing them, accord­ing to the redact­ed spe­cial counsel’s report released Thurs­day.

    On July 27, 2016, Trump famous­ly said at a cam­paign ral­ly, “Rus­sia, if you’re lis­ten­ing, I hope you’re able to find the 30,000 emails that are miss­ing,” refer­ring to emails that Clin­ton said she had delet­ed from her pri­vate serv­er. She had used a pri­vate account dur­ing her tenure as sec­re­tary of state.

    Trump also “made this request repeat­ed­ly” dur­ing the cam­paign, for­mer nation­al secu­ri­ty advis­er Michael Fly­nn told spe­cial coun­sel Robert S. Mueller III’s inves­ti­ga­tion. Fly­nn “con­tact­ed mul­ti­ple peo­ple in an effort to obtain the emails,” includ­ing Peter Smith, a long­time Repub­li­can oper­a­tive, and Bar­bara Ledeen, a Repub­li­can Sen­ate staffer who her­self had pre­vi­ous­ly tried to find the emails. Ledeen, at the time, worked for Sen. Charles E. Grass­ley on the Sen­ate Judi­cia­ry Com­mit­tee.

    Months ear­li­er, Ledeen had writ­ten to Smith that Clinton’s serv­er had like­ly been breached long ago and that “the Chi­nese, Russ­ian, and Iran­ian intel­li­gence ser­vices could ‘reassem­ble the server’s email con­tent.’”

    After Trump’s July com­ments about Rus­sia, Smith launched his own effort to find the miss­ing emails.

    “He cre­at­ed a com­pa­ny, raised tens of thou­sands of dol­lars, and recruit­ed secu­ri­ty experts and busi­ness asso­ciates,” the inves­ti­ga­tion found. Smith also claimed “he was in con­tact with hack­ers ‘with ties and affil­i­a­tions to Rus­sia’ who had access to the emails, and that his efforts were coor­di­nat­ed with the Trump cam­paign,” but the spe­cial coun­sel could not estab­lish if that was true.

    In August, Smith wrote to Trump cam­paign co-chair­man Sam Clo­vis, among oth­ers, about his efforts. “Par­ties with vary­ing inter­ests, are cir­cling to release [the emails] ahead of the elec­tion,” Smith said. And as Smith raised thou­sands of dol­lars for his efforts, he told poten­tial donors he was doing his work “in coor­di­na­tion” with the Trump cam­paign, the spe­cial coun­sel found. The inves­ti­ga­tion only found that Smith com­mu­ni­cat­ed direct­ly with Fly­nn and Clo­vis.

    Ledeen lat­er told Smith she believed she had obtained a trove of emails that might be Clinton’s. Smith want­ed to authen­ti­cate them, and Erik Prince, the pri­vate mil­i­tary con­trac­tor, Trump sup­port­er and broth­er of cur­rent Edu­ca­tion Sec­re­tary Bet­sy DeVos, “pro­vid­ed fund­ing to hire a tech advis­er to ascer­tain the authen­tic­i­ty of the emails.”

    Accord­ing to Prince, the tech advis­er deter­mined that the emails were not authen­tic, the report found. Ulti­mate­ly, the inves­ti­ga­tion did not estab­lish that Smith, Ledeen, or oth­ers in touch with the Trump cam­paign obtained the Clin­ton emails.

    ...

    ———–

    “Trump cam­paign attempt­ed to obtain Hillary Clinton’s pri­vate email” by Shane Har­ris; The Wash­ing­ton Post; 04/18/2019

    “Pres­i­dent Trump pushed for obtain­ing Demo­c­ra­t­ic rival Hillary Clinton’s pri­vate emails, and his cam­paign was in touch with allies who were pur­su­ing them, accord­ing to the redact­ed spe­cial counsel’s report released Thurs­day.”

    It’s a pret­ty big rev­e­la­tion. Except it’s not entire­ly a rev­e­la­tion since he pub­licly pushed for Rus­sia to obtain those emails. But that was always brushed off as a joke. Learn­ing that Fly­nn claimed that Trump “made this request repeat­ed­ly” to Fly­nn dur­ing the cam­paign is indeed new. And note how the report indi­cates that Fly­nn reached out to more peo­ple than just Smith and Ledeen in this effort:

    ...
    On July 27, 2016, Trump famous­ly said at a cam­paign ral­ly, “Rus­sia, if you’re lis­ten­ing, I hope you’re able to find the 30,000 emails that are miss­ing,” refer­ring to emails that Clin­ton said she had delet­ed from her pri­vate serv­er. She had used a pri­vate account dur­ing her tenure as sec­re­tary of state.

    Trump also “made this request repeat­ed­ly” dur­ing the cam­paign, for­mer nation­al secu­ri­ty advis­er Michael Fly­nn told spe­cial coun­sel Robert S. Mueller III’s inves­ti­ga­tion. Fly­nn “con­tact­ed mul­ti­ple peo­ple in an effort to obtain the emails,” includ­ing Peter Smith, a long­time Repub­li­can oper­a­tive, and Bar­bara Ledeen, a Repub­li­can Sen­ate staffer who her­self had pre­vi­ous­ly tried to find the emails. Ledeen, at the time, worked for Sen. Charles E. Grass­ley on the Sen­ate Judi­cia­ry Com­mit­tee.

    Months ear­li­er, Ledeen had writ­ten to Smith that Clinton’s serv­er had like­ly been breached long ago and that “the Chi­nese, Russ­ian, and Iran­ian intel­li­gence ser­vices could ‘reassem­ble the server’s email con­tent.’”
    ...

    Then, in August, Smith writes to Sam Clo­vis to let the Trump team know about his work. At some point after that, Bar­bara Ledeen tells Smith she thinks she might have Hillary’s hacked emails and it’s none of than Erik Prince who pays for an expert to authen­ti­cate them:

    ...
    After Trump’s July com­ments about Rus­sia, Smith launched his own effort to find the miss­ing emails.

    “He cre­at­ed a com­pa­ny, raised tens of thou­sands of dol­lars, and recruit­ed secu­ri­ty experts and busi­ness asso­ciates,” the inves­ti­ga­tion found. Smith also claimed “he was in con­tact with hack­ers ‘with ties and affil­i­a­tions to Rus­sia’ who had access to the emails, and that his efforts were coor­di­nat­ed with the Trump cam­paign,” but the spe­cial coun­sel could not estab­lish if that was true.

    In August, Smith wrote to Trump cam­paign co-chair­man Sam Clo­vis, among oth­ers, about his efforts. “Par­ties with vary­ing inter­ests, are cir­cling to release [the emails] ahead of the elec­tion,” Smith said. And as Smith raised thou­sands of dol­lars for his efforts, he told poten­tial donors he was doing his work “in coor­di­na­tion” with the Trump cam­paign, the spe­cial coun­sel found. The inves­ti­ga­tion only found that Smith com­mu­ni­cat­ed direct­ly with Fly­nn and Clo­vis.

    Ledeen lat­er told Smith she believed she had obtained a trove of emails that might be Clinton’s. Smith want­ed to authen­ti­cate them, and Erik Prince, the pri­vate mil­i­tary con­trac­tor, Trump sup­port­er and broth­er of cur­rent Edu­ca­tion Sec­re­tary Bet­sy DeVos, “pro­vid­ed fund­ing to hire a tech advis­er to ascer­tain the authen­tic­i­ty of the emails.”

    Accord­ing to Prince, the tech advis­er deter­mined that the emails were not authen­tic, the report found. Ulti­mate­ly, the inves­ti­ga­tion did not estab­lish that Smith, Ledeen, or oth­ers in touch with the Trump cam­paign obtained the Clin­ton emails.
    ...

    Might that tech advis­er hired by Prince have been asso­ci­at­ed with Psy Group? At this point we don’t know but that would be a remark­able twist. Either way, the fact that Prince was direct­ly involved in mul­ti­ple Saudi/UAE efforts dur­ing this peri­od (don’t for­get the entire ‘Sey­chelles backchan­nel’ episode that also appeared to be a UAE-dri­ven enter­prise imme­di­ate­ly after the elec­tion) and he was also involved with the Trump team’s hack­ing-relat­ed activ­i­ties rais­es a whole lot of new ques­tions.

    And that’s per­haps one of the key take­aways from the release of the Mueller report regard­ing the Trump cam­paigns hack­ing efforts: The report end­ed up rais­ing a whole lot of new hack­ing-relat­ed ques­tions. Ques­tions that will pre­sum­ably remain unan­swered.

    Posted by Pterrafractyl | April 18, 2019, 2:16 pm
  29. Ever since Pres­i­dent Trump told Lester Holt in a tele­vised inter­view that he was think­ing of “this Rus­sia thing” when he fired for­mer FBI direc­tor James Comey, the ques­tion of whether or not Pres­i­dent Trump should get impeached for obstruc­tion of jus­tice alone has been one of the biggest ques­tions loom­ing over his pres­i­den­cy. After all, once Trump start­ed pub­licly engag­ing in what appears to be bla­tant obstruc­tion of jus­tice, the ques­tion of whether or not he col­lud­ed with Rus­sia becomes some­what moot when it comes to whether or not he should be impeached.

    Flash for­ward to today, and we’re find­ing that there’s lit­er­al­ly an entire sec­tion of Mueller report ded­i­cat­ed to Trump’s obstruc­tion of jus­tice and it makes a com­pelling case. It turns out that a pres­i­dent that admits to obstruct­ing jus­tice in pub­licly might also be try­ing like hell to obstruct jus­tice in pri­vate. Go fig­ure.

    Since obstruc­tion of jus­tice is arguably one of the worst crimes a pres­i­dent can com­mit because it’s such a direct attack on the legal prin­ci­ple that no one is above the law, the ques­tion of whether or not the coun­try can afford to not impeach Trump and leave that kind of prece­dent is now going to be one of the cen­tral ques­tions head­ing into the 2020 elec­tion cycle. At the same time, there’s no indi­ca­tion at all that Trump’s sup­port­ers are moved by these obstruc­tion of jus­tice charges and any attempts to impeach Trump will inevitably become a hyper-par­ti­san affair with reper­cus­sions that are dif­fi­cult to pre­dict.

    So the doc­u­ment­ed exten­sive obstruc­tion of jus­tice as recount­ed by Trump’s staff in the Mueller report and in Trump’s own pub­lic state­ments real­ly does rep­re­sent a kind of exis­ten­tial cri­sis for the US: Trump real­ly did repeat­ed­ly cross lines that pres­i­dents should nev­er cross because it’s so dan­ger­ous to the rule of law but that does­n’t change the fact that the US is polit­i­cal­ly bro­ken in all sorts of oth­er ways that make impeach­ment a par­tic­u­lar­ly per­ilous endeav­or. It’s guar­an­teed there’s going to be a com­plete far right melt down and no guar­an­tee that the melt down won’t end up dam­ag­ing the coun­try even more. Impeach­ment is both com­pelling and per­ilous.

    And that’s all why it’s going to be crit­i­cal for those back­ing impeach­ment to rec­og­nize that when it comes to the oth­er half of the Mueller report — the half detail­ing the alle­ga­tions sur­round­ing the Russ­ian ‘active mea­sures’ in the US cam­paign and hacks of the Democ­rats — the evi­dence laid out in the report was basi­cal­ly a sum­ma­ry of the same evi­dence we saw in the Mueller team’s pre­vi­ous indict­ments. And as we’ve seen over and over, that evi­dence was far from com­pelling.

    What has changed with the issu­ing of the report, how­ev­er, is a strength­en­ing of the cir­cum­stan­tial evi­dence point­ing towards the Trump team hav­ing a role in the hacks. And that’s part of what makes poten­tial impeach­ment pro­ceed­ings against Trump so fas­ci­nat­ing: one of the obvi­ous poten­tial defens­es the Trump team could have against Russ­ian col­lu­sion is to point out how weak the actu­al evi­dence that the Krem­lin real­ly did car­ry­out out a vast social media manip­u­la­tion cam­paign and real­ly was behind the ‘Fan­cy Bear’ hacks against the Democ­rats. But that defense simul­ta­ne­ous­ly invites spec­u­la­tion about who else may have been involved in those hacks and grow­ing amounts of evi­dence point back towards the Trump team and its affil­i­ates. So while the issu­ing of the Mueller report might have a ‘case closed’ feel to it, the fact that the report invites impeach­ment and impeach­ment, in turn, invites a thor­ough reex­am­i­na­tion of the evi­dence under­ly­ing the report sug­gests we could actu­al­ly be look­ing at a ‘case reopen­ing’ peri­od for #TrumpRus­sia and that could get real­ly awk­ward for Trump in entire­ly new ways.

    One of the defin­ing fea­tures of the Rus­si­a­Gate scan­dal has been the fact that the evi­dence of what the Krem­lin did has always been high­ly dubi­ous. The Russ­ian social media manip­u­la­tion cam­paign as described by Mueller’s inves­ti­ga­tors appears to be an insignif­i­cant joke in the scheme of things. And the hacks, while unde­ni­ably impact­ful, look like some sort of false flag set up by a third par­ty unless the Krem­lin was try­ing to frame itself, with the indict­ment against the GRU cit­ing almost no evi­dence and the evi­dence it did cite was high­ly ambigu­ous. None of those prob­lems with the evi­dence changed with the final report.

    But the report did inform us that Michael Fly­nn told Mueller’s team that Trump repeat­ed­ly made requests to asso­ciates to find Hillary Clin­ton’s delet­ed emails. We’ve also learned that Erik Prince — who offered the ser­vices of Psy Group to the Trump cam­paign on behalf of Sau­di Ara­bia and the UAE — paid for a tech­ni­cal expert who worked with Peter Smith’s and Bar­bara Ledeen’s email-hunt­ing teams. So Trump him­self was active­ly push­ing for the recov­ery of Hillary’s delet­ed emails and there were mul­ti­ple teams we know about with the motive and the means to not just scour the Dark Web for hack­ers who they assumed might have Hillary’s emails but also car­ry out hack­ing attempts of their own. Both Psy Group and Cam­bridge Ana­lyt­i­ca would have like­ly had the tech­ni­cal abil­i­ty to car­ry out hack­ing attempts them­selves that are made to look like ‘Russ­ian’ hacks.

    Here’s a key exam­ple of how the cir­cum­stan­tial evi­dence increas­ing­ly sug­gests that the Trump team or its asso­ciates could have been involved in the hacks and hack­ing attempts: Also high­light­ed in the report as evi­dence of appar­ent Trump cam­paign col­lu­sion with Rus­sia is the fact that there was a hack­ing attempt against Hillary Clin­ton’s per­son­al office just 5 hours after Trump made his infa­mous pub­lic plea dur­ing a cam­paign event on July 27, 2016, for Rus­sia to find Hillary’s delet­ed emails from her pri­vate serv­er. And this was the first known attack against that serv­er that inves­ti­ga­tors could detect. This coin­ci­dence is por­trayed as com­pelling cir­cum­stan­tial evi­dence of how the Krem­lin and the Trump team were effec­tive­ly work­ing in a coor­di­nat­ed man­ner whether or not there was an explic­it agree­ment of col­lu­sion.

    But there are a num­ber of dif­fer­ent way to inter­pret that coin­ci­dence of Trump’s call for a Rus­sia hack fol­lowed by the first attempt on Hillary’s pri­vate office. For exam­ple, now that we know Trump start­ed ask­ing his own teams to find Hillary’s delet­ed emails — which is an implic­it request to poten­tial­ly hack some­thing like Hillary’s per­son­al office in the hopes of find­ing them there — why is there no spec­u­la­tion that Trump’s pub­lic call for Rus­sia to do the hack­ing was­n’t rhetor­i­cal cov­er for his own hack­ing teams?

    Keep in mind that July 27, 2016, was days after Wik­ileaks made its first pub­lic dump of hacked Demo­c­rat emails and doc­u­ments on July 22, so it was only at that point that the Trump cam­paign would have been aware that the delet­ed emails from Hillary Clin­ton’s pri­vate serv­er were not like­ly in the antic­i­pat­ed trove Wik­ileaks had for releas­ing.

    And there’s anoth­er new fun facts in the Mueller report about Bar­bara Ledeen’s email-hunt­ing team: When Ledeen wrote a pro­pos­al to Peter Smith in Decem­ber 2015 for the email hunt­ing project, Ledeen was con­vinced that specif­i­cal­ly find­ing evi­dence that Hillary’s pri­vate email serv­er had been hacked was seen as cru­cial for the elec­tion. The hack­ing of the DNC and DCCC may have been embar­rass­ing. But the Repub­li­cans had been spend­ing years mak­ing the case that Hillary’s pri­vate email serv­er was a unique nation­al secu­ri­ty risk because it could be hacked.

    In addi­tion, Ledeen’s pro­pos­al to Smith includes a plan to check with cer­tain intel­li­gence sources “that have access through liai­son work with var­i­ous for­eign ser­vices” to deter­mine if any of those ser­vices had got­ten to the serv­er. So the Ledeen team appar­ent­ly had a for­eign intel­li­gence tie of some sort. From pages 62–63 in the Mueller Report...:

    b. Cam­paign Efforts to Obtain Delet­ed Clin­ton Emails

    After can­di­date Trump stat­ed on July 27, 2016, that he hoped Rus­sia would “find the 30,000 emails that are miss­ing,” Trump asked indi­vid­u­als affil­i­at­ed with his Cam­paign to find the delet­ed Clin­ton emails.264 Michael Fly­nn-who would lat­er serve as Nation­al Secu­ri­ty Advi­sor in the Trump Admin­is­tra­tion — recalled that Trump made this request repeat­ed­ly, and Fly­nn sub­se­quent­ly con­tact­ed mul­ti­ple peo­ple in an effort to obtain the emails. 265

    Bar­bara Ledeen and Peter Smith were among the peo­ple con­tact­ed by Fly­nn. Ledeen, a long-time Sen­ate staffer who had pre­vi­ous­ly sought the Clin­ton emails, pro­vid­ed updates to Fly­nn about her efforts through­out the sum­mer of 2016.266 Smith, an invest­ment advi­sor who was active in Repub­li­can pol­i­tics, also attempt­ed to locate and obtain the delet­ed Clin­ton emails. 267

    Ledeen began her efforts to obtain the Clin­ton emails before Fly­n­n’s request , as ear­ly as Decem­ber 2015. 268 On Decem­ber 3, 2015, she emailed Smith a pro­pos­al to obtain the emails, stat­ing, “Here is the pro­pos­al I briefly men­tioned to you. The per­son I described to you would be hap­py to talk with you either in per­son or over the phone. The per­son can get the emails which 1. Were clas­si­fied and 2. Were pur­loined by our ene­mies. That would demon­strate what needs to be
    demon­strat­ed. “269

    Attached to the email was a 25-page pro­pos­al stat­ing that the “Clin­ton email serv­er was, in all like­li­hood , breached long ago,” and that the Chi­nese, Russ­ian, and Iran­ian intel­li­gence ser­vices could “re-assem­ble the server’s email con­tent.” 270 The pro­pos­al called for a three-phase approach. The first two phas­es con­sist­ed of open-source analy­sis. The third phase con­sist­ed of check­ing with cer­tain intel­li­gence sources “that have access through liai­son work with var­i­ous for­eign ser­vices” to deter­mine if any of those ser­vices had got­ten to the serv­er. The pro­pos­al not­ed , “Even if a sin­gle email was recov­ered and the prov­i­dence [sic] of that email was a for­eign ser­vice, it would be cat­a­stroph­ic to the Clin­ton cam­paign[.]” Smith for­ward­ed the email to two col­leagues and wrote, “we can dis­cuss to whom it should be referred. “27 1 On Decem­ber 16, 2015, Smith informed Ledeen that he declined to par­tic­i­pate in her “ini­tia­tive.” Accord­ing to one of Smith’s busi­ness asso­ciates, Smith believed Ledeen’s ini­tia­tive was not viable at that time. 272
    ...

    So Ledeen’s email hunt­ing team had some sort of for­eign intel­li­gence tie con­nec­tion and was deter­mined to specif­i­cal­ly find emails from Hillary’s pri­vate serv­er. Then, five days after the Wik­ileaks dump that did­n’t include any emails from her serv­er, we have Trump make a pub­lic call for Rus­sia to find the delet­ed emails form the serv­er and mul­ti­ple pri­vate calls for the mul­ti­ple email-hunt­ing teams already work­ing with the Trump cam­paign to find the emails. Does­n’t that all make the Trump team a prime sus­pect for that hack­ing attempt against Hillary’s pri­vate office just hours after Trump’s pub­lic call? Might Trump have inten­tion­al­ly made that made pub­lic shout out to Rus­sia as inten­tion­al cov­er for a planned hack­ing attempt by his team? Now that we know Trump was active­ly involved in push­ing for obtain­ing those delet­ed emails right at this time, the pos­si­bil­i­ty that he was con­scious­ly putting out the call to Rus­sia as cov­er for his own teams start look­ing like a much more plau­si­ble sce­nario.

    That’s an exam­ple of the the kind of evi­den­tiary mines lay­ing in wait for the US if there’s a big reex­am­i­na­tion of the evi­dence behind this report dur­ing any upcom­ing impeach­ment hear­ings. And keep in mind that if it is the case that the Trump team was indeed involved with the hack­ing attempts and cov­ered that up that should also count as obstruc­tion of jus­tice.

    Posted by Pterrafractyl | April 20, 2019, 4:09 pm
  30. There was a notable update on the offi­cial sto­ry of how the US gov­ern­ment arrived at the con­clu­sion that Vladimir Putin per­son­al­ly ordered the hack­ing of the Demo­c­ra­t­ic Nation­al Com­mit­tee in 2016. First, recall the reports from June of 2017 about how it was a source deep inside the Krem­lin that was the basis for the con­clu­sion that Putin per­son­al­ly ordered a hack­ing cam­paign intend­ed to harm Hillary Clin­ton and help Don­ald Trump. Well, we’re now learn­ing that this deep Krem­lin source has since been exfil­trat­ed from Rus­sia and is liv­ing some­where in the DC area now.

    We’re told that this source was­n’t a direct part of Putin’s inner cir­cle but saw him reg­u­lar­ly and had access to high-lev­el Krem­lin deci­sion-mak­ing. The source was recruit­ed decades ago while they were a midlev­el Russ­ian offi­cial. The source rose through the ranks and even­tu­al­ly land­ed a posi­tion that gave them access to the high­est lev­els of the Krem­lin.

    Inter­est­ing­ly, the exfil­tra­tion process­es report­ed­ly led to some con­cerns about the trust­wor­thi­ness of this source. The CIA ini­tial­ly sug­gest­ed remov­ing this source from Rus­sia in late 2016 over con­cerns about their safe­ty. But the source ini­tial­ly reject­ed the exfil­tra­tion offer, cit­ing fam­i­ly con­cerns. It was this rejec­tion that cre­at­ed con­cerns with­in the CIA about the trust­wor­thi­ness of this source and fears that the source was a dou­ble agent. It was the news cov­er­age about the #TrumpRus­sia scan­dal in the spring and sum­mer of 2017 that con­vinced CIA offi­cials to once again offer to exfil­trate this source. This time the source agreed, help­ing to put to rest some of the fears about their trust­wor­thi­ness. We’re told that some CIA offi­cials had oth­er rea­sons to fear the source was a dou­ble agent but we aren’t giv­en details about the nature of those fears. So over­all, it sounds like this source became a cru­cial linch­pin for the CIA’s assess­ment about DNC hack around the same time there were con­cerns about the sources trust­wor­thi­ness. Con­cerns that were put aside once the source even­tu­al­ly agreed to be exfil­trat­ed at some point after the sum­mer of 2017:

    The New York Times

    C.I.A. Infor­mant Extract­ed From Rus­sia Had Sent Secrets to U.S. for Decades

    By Julian E. Barnes, Adam Gold­man and David E. Sanger
    Sept. 9, 2019, 7:40 p.m. ET

    WASHINGTON — Decades ago, the C.I.A. recruit­ed and care­ful­ly cul­ti­vat­ed a midlev­el Russ­ian offi­cial who began rapid­ly advanc­ing through the gov­ern­men­tal ranks. Even­tu­al­ly, Amer­i­can spies struck gold: The long­time source land­ed an influ­en­tial posi­tion that came with access to the high­est lev­el of the Krem­lin.

    As Amer­i­can of