WFMU-FM is podcasting For The Record–You can subscribe to the podcast HERE.
You can subscribe to e‑mail alerts from Spitfirelist.com HERE.
You can subscribe to RSS feed from Spitfirelist.com HERE.
You can subscribe to the comments made on programs and posts–an excellent source of information in, and of, itself HERE.
This broadcast was recorded in one, 60-minute segment.
Introduction: Recent developments are suggestive of the ominous possibility of an imminent Third World War. We present some new information and recap and further analyze stories covered in previous programs in order to underscore and highlight the potential devastation of these events.
As the furor (“fuehrer”?) surrounding the potentially lethal political hoax known as “Russia-gate” gains momentum, it should be noted that the point man for the Trump business interests in their dealings with Russia is Felix Sater. A Russian-born immigrant, Sater is a professional criminal and a convicted felon with historical links to the Mafia. Beyond that, and more importantly, Sater is an FBI informant and a CIA contract agent:
- “. . . . There is every indication that the extraordinarily lenient treatment resulted from Sater playing a get-out-of-jail free card. Shortly before his secret guilty plea, Sater became a freelance operative of the Central Intelligence Agency. One of his fellow stock swindlers, Salvatore Lauria, wrote a book about it. The Scorpion and the Frog is described on its cover as ‘the true story of one man’s fraudulent rise and fall in the Wall Street of the nineties.’ According to Lauria–and the court files that have been unsealed–Sater helped the CIA buy small missiles before they got to terrorists. He also provided other purported national security services for a reported fee of $300,000. Stories abound as to what else Sater may or may not have done in the arena of national security. . . .”
- Sater was active on behalf of the Trumps in the fall of 2015: “. . . . Sater worked on a plan for a Trump Tower in Moscow as recently as the fall of 2015, but he said that had come to a halt because of Trump’s presidential campaign. . . .”
- Sater was initiating contact between the Russians and “Team Trump” in January of this year: “ . . . . Nevertheless, in late January, Sater and a Ukrainian lawmaker reportedly met with Trump’s personal lawyer, Michael Cohen, at a New York hotel. According to the Times, they discussed a plan that involved the U.S. lifting sanctions against Russia, and Cohen said he hand-delivered the plan in a sealed envelope to then-national security advisor Michael Flynn. Cohen later denied delivering the envelope to anyone in the White House, according to the Washington Post. . . .”
A stunning development concerns extreme reticence on the part of the U.S. intelligence community:
The Office of the Director of National Intelligence had an “interesting” response to a Freedom of Information Act lawsuit demanding the release of the classified report given to President Obama back in January purporting to show the Russian government was behind the hacks. According to the ODNI, the requested document would present a risk to human intelligence sources by revealing the comparative weight given to human vs technical evidence, risking US sources and methods. But the ODNI went further, suggesting that even releasing a fully redacted document would present similar risks!
It is NOT easy to see the ODNI’s reluctance to release even a fully-redacted copy of the report as anything but disingenuous. In the context of potentially devastating deterioration of Russian/U.S. relations over Syria, Ukraine, and the Russian “election-hacking” uproar, the ODNI’s behavior cannot be anything but disquieting:
” . . . . The intelligence official argued that a redacted version of the original report would allow a trained eye to assess ‘comparative weight’ of human intelligence and signals intelligence reporting included in the compendium. Release of some of the information the privacy-focused organization wants made public ‘could prove fatal to U.S. human intelligence sources,’ [Deputy Director of National Intelligence for Intelligence Integration Edward] Gistaro warned.
Gistaro also appears to argue that even if officials blacked out the whole report, highly classified information would be at risk.
‘I agree with the [National Intelligence Council] that a heavily or even fully redacted version of the classified report can not be publicly released without jeopardizing national security information properly classified as SECRET or TOP SECRET,’ he wrote. . . . ‘The ODNI should release the complete report to EPIC so that the public and the Congress can understand the full extent of the Russian interference with the 2016 Presidential election,’ EPIC’s Marc Rotenberg told POLITICO Tuesday. ‘It is already clear that government secrecy is frustrating meaningful oversight. The FBI, for example, will not even identify the states that were targeted by Russia.’ . . . ”
With the high-profile hacks being attributed–almost certainly falsely–to Russia, there are ominous developments taking place that may well lead to a Third World War. During the closing days of his Presidency, Obama authorized the planting of cyber weapons on Russian computer networks. Obama did this after talking with Putin on the Hot Line, established to prevent a Third World War. Putin denied interfering in the U.S. election.
The conclusion that Russia hacked the U.S. election on Putin’s orders appears to have been based on a CIA source in the Kremlin. Even when that intelligence was delivered, other agencies weren’t ready to accept the CIA’s conclusion and it took intelligence from another nation (not named) to provide the final intelligence tipping point that led to a broad-based conclusion the not only was the Russian government behind the cyberattacks but that Vladimir Putin himself ordered it.
That ally’s intelligence is described as “the most critical technical intelligence on Russia,” however the NSA still wasn’t convinced based on what sounds like a lack of confidence in that source. Thus, it looks like a CIA Kremlin source and an unnamed foreign intelligence agency with questionable credentials are the basis of what appears to be a likely future full-scale US/Russian cyberwar.
Of paramount significance is the fact that IF, on Putin’s orders (and we are to believe such) Russia continued to hack U.S. computer systems to influence the election, Putin would have to have gone utterly mad. Those hacks would have precluded any rapprochement between Russia and the United States under a President Trump. There is no indication that Putin went off the deep end.
Also auguring a possible Third World War are two developments in Syria. Seymour Hersh published an article in Die Welt revealing that, not only was the April 4 alleged Sarin attack NOT a chemical weapons attack but there was widespread knowledge of this in American military and intelligence circles.
What did the intelligence community know about the attack? The Russian and Syrian air force had informed the US in advance of that airstrike that they had intelligence that top level leaders of Ahrar al-Sham and Jabhat al-Nusra were meeting in that building and they informed of the US of the attack plan in advance of the attack and that it was on a “high-value” target. And the attack involved the unusual use of a guided bomb and Syria’s top pilots. ” . . . . Russian and Syrian intelligence officials, who coordinate operations closely with the American command posts, made it clear that the planned strike on Khan Sheikhoun was special because of the high-value target. ‘It was a red-hot change. The mission was out of the ordinary – scrub the sked,’ the senior adviser told me. ‘Every operations officer in the region’ – in the Army, Marine Corps, Air Force, CIA and NSA – ‘had to know there was something going on. The Russians gave the Syrian Air Force a guided bomb and that was a rarity. They’re skimpy with their guided bombs and rarely share them with the Syrian Air Force. And the Syrians assigned their best pilot to the mission, with the best wingman.’ The advance intelligence on the target, as supplied by the Russians, was given the highest possible score inside the American community. . . .”
Following the attack, US intelligence concluded that there was no sarin gas attack, Assad wouldn’t have been that politically suicidal. The symptoms of chemical poisoning following the bombing was likely due to a mixture of chlorine, fertilizers, and other chemicals stored in the building that was targeted by the Syrian airforce created by secondary explosions from the initial bombing. ” . . . ‘This was not a chemical weapons strike,’ the adviser said. ‘That’s a fairy tale. . . .”
The symptoms of chemical poisoning following the bombing was likely due to a mixture of chlorine, fertilizers, and other chemicals stored in the building that was targeted by the Syrian airforce created by secondary explosions from the initial bombing. ” . . . . A Bomb Damage Assessment (BDA) by the U.S. military later determined that the heat and force of the 500-pound Syrian bomb triggered a series of secondary explosions that could have generated a huge toxic cloud that began to spread over the town, formed by the release of the fertilizers, disinfectants and other goods stored in the basement, its effect magnified by the dense morning air, which trapped the fumes close to the ground. . . .”
The behavior of the Trump administration was not only in direct conflict with intelligence on the attack, but reinforced propaganda by some of the Al-Qaeda-linked jihadists the West has been using as proxy warriors in Syria and elsewhere: ” . . . . ‘The Salafists and jihadists got everything they wanted out of their hyped-up Syrian nerve gas ploy,’ the senior adviser to the U.S. intelligence community told me, referring to the flare up of tensions between Syria, Russia and America. ‘The issue is, what if there’s another false flag sarin attack credited to hated Syria? Trump has upped the ante and painted himself into a corner with his decision to bomb. And do not think these guys are not planning the next faked attack. Trump will have no choice but to bomb again, and harder. He’s incapable of saying he made a mistake.’ . . .”
Program Highlights Include:
- Review of a Trump administration warning of another supposed, impending “Syrian chemical weapons strike”–a warning that has since been retracted.
- Discussion of brilliant Nazi hacker Andrew Auerenheimer’s orchestration of an “Alt-right” online intimidation campaign against CNN employees. Auerenheimer is currently residing in Ukraine. One of the ominous possibilities concerns the activation/manipulation of the NSA cyber-weapons installed on Russian computer networks by a third party.
- Review of the observations by a German professor–opposed to Nazism/Hitler–who described the essence of what it was like, subjectively, to live through the rise of Hitler. His observation is presented in the context of the ODNI’s decision not to release even a fully-redacted version of the intelligence report on “Russian meddling” in the U.S. election. ” . . . . . . . . What happened here was the gradual habituation of the people, little by little, to being governed by surprise, to receiving decisions deliberated in secret, to believing that the situation was so complicated that the government had to act on information which the people could not understand because of nationality security, so dangerous that even if the people the people could understand it, it could not be released because of national security. . . .”
1. The Office of the Director of National Intelligence had an “interesting” response to a Freedom of Information Act lawsuit demanding the release of the classified report given to President Obama back in January purporting to show the Russian government was behind the hacks. According to the ODNI, the requested document would present a risk to human intelligence sources by revealing the comparative weight given to human vs technical evidence, risking US sources and methods. But the ODNI went further, suggesting that even releasing a fully redacted document would present similar risks!
The Trump administration is refusing to release a redacted version of a key report President Barack Obama received in January on alleged Russian interference in the 2016 presidential election, court filings show.
Then-Director of National Intelligence James Clapper made public an unclassified version of that report, but the Electronic Privacy Information Center brought a Freedom of Information Act lawsuit demanding a copy of the classified report given to Obama at the same time. EPIC said the unclassified version omitted “critical technical evidence” that could help the public assess U.S. intelligence agencies’ claims that Russia did make efforts to affect the outcome of the 2016 race.
However, a top official in the Office of the Director of National Intelligence said in a court declaration filed Monday that releasing the original report with classified information blacked out would be a field day for foreign intelligence operatives, including the very Russians the report accuses of undertaking the interference.
“Release of a redacted report would be of particular assistance to Russian intelligence, which, armed with both the declassified report and a redacted copy of the classified report, would be able to discern the volume of intelligence the U.S. currently possesses with respect to Russian attempts to influence the 2016 election,” Deputy Director of National Intelligence for Intelligence Integration Edward Gistaro wrote.
“This would reveal the maturity of the U.S. intelligence efforts and expose information about the [intelligence community’s] capabilities (including sources and methods) that could reasonably be expected to cause serious or exceptionally grave danger to U.S. national security.”
The intelligence official argued that a redacted version of the original report would allow a trained eye to assess “comparative weight” of human intelligence and signals intelligence reporting included in the compendium. Release of some of the information the privacy-focused organization wants made public “could prove fatal to U.S. human intelligence sources,” [Deputy Director of National Intelligence for Intelligence Integration Edward] Gistaro warned.
Gistaro also appears to argue that even if officials blacked out the whole report, highly classified information would be at risk.
“I agree with the [National Intelligence Council] that a heavily or even fully redacted version of the classified report can not be publicly released without jeopardizing national security information properly classified as SECRET or TOP SECRET,” he wrote.
EPIC sought the information in January, just days after officials released the public version of the report. The group filed suit in federal court in Washington in February after failing to get any records from ODNI.
“The ODNI should release the complete report to EPIC so that the public and the Congress can understand the full extent of the Russian interference with the 2016 Presidential election,” EPIC’s Marc Rotenberg told POLITICO Tuesday. “It is already clear that government secrecy is frustrating meaningful oversight. The FBI, for example, will not even identify the states that were targeted by Russia.”
…
Rotenberg said his group is pursuing two other related FOIA suits: one seeking records abou the FBI’s response to the alleged Russian meddling and another seeking Trump’s tax records from the IRS.
2. The ODNI’s response to the Freedom of Information Act Suit brings to mind an observation by a German professor who was opposed to Nazism and survived to relate what it was like subjectively to live through the rise of Hitler: “. . . . What happened here was the gradual habituation of the people, little by little, to being governed by surprise, to receiving decisions deliberated in secret, to believing that the situation was so complicated that the government had to act on information which the people could not understand because of nationality security, so dangerous that even if the people the people could understand it, it could not be released because of national security. . . .”
. . . . What happened here was the gradual habituation of the people, little by little, to being governed by surprise, to receiving decisions deliberated in secret, to believing that the situation was so complicated that the government had to act on information which the people could not understand because of nationality security, so dangerous that even if the people the people could understand it, it could not be released because of national security. . . . This separation of government from people, this widening of the gap, took place so gradually and so insensibly, each step disguised (perhaps not even intentionally) as a temporary emergency measure or associated with true patriotic allegiance or with real social purposes. . . . so occupied the people that they did not see the slow motion underneath, of the whole process of the Government growing remoter and remoter . . . .
3a. It sounds like the conclusion that Russia hacked the U.S. election on Putin’s orders was based on a CIA source in the Kremlin. Even when that intelligence was delivered, other agencies weren’t ready to accept the CIA’s conclusion and it took intelligence from another nation (not named) to provide the final intelligence tipping point that led to a broad-based conclusion the not only was the Russian government behind the cyberattacks but that Vladimir Putin himself ordered it. That ally’s intelligence is described as “the most critical technical intelligence on Russia,” however the NSA still wasn’t convinced based on what sounds like a lack of confidence in that source. Thus, it looks like a CIA Kremlin source and an unnamed foreign intelligence agency with questionable credentials are the basis of what appears to be a likely future full-scale US/Russian cyberwar.
” . . . .Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladimir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race. . . .”
We are told that a CIA deep Russian government source is the primary source of the ‘Putin ordered it’ conclusion. Well, at least that’s better than the bad joke technical evidence that’s been provided thus far. But even that source’s claims apparently weren’t enough to convinced other parts of the intelligence community. It took the intelligence from the unnamed ally to do that:
” . . . . But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.
At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent. Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks.
But at the highest levels of government, among those responsible for managing the crisis, the first moment of true foreboding about Russia’s intentions arrived with that CIA intelligence.
…
It took time for other parts of the intelligence community to endorse the CIA’s view. Only in the administration’s final weeks in office did it tell the public, in a declassified report, what officials had learned from Brennan in August — that Putin was working to elect Trump.
…
Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”
Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence. . . .
“. . . . The most difficult measure to evaluate is one that Obama alluded to in only the most oblique fashion when announcing the U.S. response.
“We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized,” he said in a statement released by the White House.
He was referring, in part, to a cyber operation that was designed to be detected by Moscow but not cause significant damage, officials said. The operation, which entailed implanting computer code in sensitive computer systems that Russia was bound to find, served only as a reminder to Moscow of the United States’ cyber reach.
But Obama also signed the secret finding, officials said, authorizing a new covert program involving the NSA, CIA and U.S. Cyber Command.
Obama declined to comment for this article, but a spokesman issued a statement: ‘This situation was taken extremely seriously, as is evident by President Obama raising this issue directly with President Putin; 17 intelligence agencies issuing an extraordinary public statement; our homeland security officials working relentlessly to bolster the cyber defenses of voting infrastructure around the country; the President directing a comprehensive intelligence review, and ultimately issuing a robust response including shutting down two Russian compounds, sanctioning nine Russian entities and individuals, and ejecting 35 Russian diplomats from the country.’
The cyber operation is still in its early stages and involves deploying ‘implants’ in Russian networks deemed ‘important to the adversary and that would cause them pain and discomfort if they were disrupted,’ a former U.S. official said.
The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race. [“ . . . developed by the NSA”–Well, at least we can be sure that the NSA’s operations are secure, invulnerable to penetration and/or manipulation by outside interests (!)–D.E.]
Officials familiar with the measures said that there was concern among some in the administration that the damage caused by the implants could be difficult to contain. . . .”
Keep in mind that such a response from the US would be entirely predictable if the Russian government really did order this hack attack. Russia would be at a heightened risk for years or decades to come if Putin really did order this attack. There’s no reason to assume that the Russian government wouldn’t be well aware of this consequence. So if Putin really did order this hack he would have to have gone insane. That’s how stupid this attack was if Putin actually ordered it. But according to a CIA spy in the Kremlin, along with a questionable foreign ally, that’s exactly what Putin did. Because he apparently went insane and preemptively launched a cyberwar knowing full well how devastating the long-term consequences could be. Because he really, really, really hates Hillary. That’s the narrative we’re being given.
And now, any future attacks on US elections or the US electrical grid that can somehow be pinned on the Russians is going to trigger some sort of painful wave or retaliatory cyberbombs. Which, of course, will likely trigger a way of counter-retaliatory cyberbombs in the US. And a full-scale cyberwar will be born and we’ll just have to hope it stays in the cyber domain. That’s were we are now based on a CIA spy in the Kremlin and an unnamed foreign intelligence agency
Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.
Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladimir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.
But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.
At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent. Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks.
But at the highest levels of government, among those responsible for managing the crisis, the first moment of true foreboding about Russia’s intentions arrived with that CIA intelligence.
The material was so sensitive that CIA Director John Brennan kept it out of the President’s Daily Brief, concerned that even that restricted report’s distribution was too broad. The CIA package came with instructions that it be returned immediately after it was read. To guard against leaks, subsequent meetings in the Situation Room followed the same protocols as planning sessions for the Osama bin Laden raid.
It took time for other parts of the intelligence community to endorse the CIA’s view. Only in the administration’s final weeks in office did it tell the public, in a declassified report, what officials had learned from Brennan in August — that Putin was working to elect Trump.
Over that five-month interval, the Obama administration secretly debated dozens of options for deterring or punishing Russia, including cyberattacks on Russian infrastructure, the release of CIA-gathered material that might embarrass Putin and sanctions that officials said could “crater” the Russian economy.
But in the end, in late December, Obama approveda modest package combining measures that had been drawn up to punish Russia for other issues — expulsions of 35 diplomats and the closure of two Russian compounds — with economic sanctions so narrowly targeted that even those who helped design them describe their impact as largely symbolic.
Obama also approved a previously undisclosed covert measure that authorized planting cyber weapons in Russia’s infrastructure, the digital equivalent of bombs that could be detonated if the United States found itself in an escalating exchange with Moscow. The project, which Obama approved in a covert-action finding, was still in its planning stages when Obama left office. It would be up to President Trump to decide whether to use the capability.
In political terms, Russia’s interference was the crime of the century, an unprecedented and largely successful destabilizing attack on American democracy. It was a case that took almost no time to solve, traced to the Kremlin through cyber-forensics and intelligence on Putin’s involvement. And yet, because of the divergent ways Obama and Trump have handled the matter, Moscow appears unlikely to face proportionate consequences.
Those closest to Obama defend the administration’s response to Russia’s meddling. They note that by August it was too late to prevent the transfer to WikiLeaks and other groups of the troves of emails that would spill out in the ensuing months. They believe that a series of warnings — including one that Obama delivered to Putin in September — prompted Moscow to abandon any plans of further aggression, such as sabotage of U.S. voting systems.
Denis McDonough, who served as Obama’s chief of staff, said that the administration regarded Russia’s interference as an attack on the “heart of our system.”
“We set out from a first-order principle that required us to defend the integrity of the vote,” McDonough said in an interview. “Importantly, we did that. It’s also important to establish what happened and what they attempted to do so as to ensure that we take the steps necessary to stop it from happening again.”
But other administration officials look back on the Russia period with remorse.
“It is the hardest thing about my entire time in government to defend,” said a former senior Obama administration official involved in White House deliberations on Russia. “I feel like we sort of choked.”
…
This account of the Obama administration’s response to Russia’s interference is based on interviews with more than three dozen current and former U.S. officials in senior positions in government, including at the White House, the State, Defense and Homeland Security departments, and U.S. intelligence services. Most agreed to speak only on the condition of anonymity, citing the sensitivity of the issue.
The White House, the CIA, the FBI, the National Security Agency and the Office of the Director of National Intelligence declined to comment.
‘Deeply concerned’
The CIA breakthrough came at a stage of the presidential campaign when Trump had secured the GOP nomination but was still regarded as a distant long shot. Clinton held comfortable leads in major polls, and Obama expected that he would be transferring power to someone who had served in his Cabinet.
The intelligence on Putin was extraordinary on multiple levels, including as a feat of espionage.
For spy agencies, gaining insights into the intentions of foreign leaders is among the highest priorities. But Putin is a remarkably elusive target. A former KGB officer, he takes extreme precautions to guard against surveillance, rarely communicating by phone or computer, always running sensitive state business from deep within the confines of the Kremlin.
The Washington Post is withholding some details of the intelligence at the request of the U.S. government.
In early August, Brennan alerted senior White House officials to the Putin intelligence, making a call to deputy national security adviser Avril Haines and pulling national security adviser Susan E. Rice aside after a meeting before briefing Obama along with Rice, Haines and McDonough in the Oval Office.
Officials described the president’s reaction as grave. Obama “was deeply concerned and wanted as much information as fast as possible,” a former official said. “He wanted the entire intelligence community all over this.”
Concerns about Russian interference had gathered throughout the summer.
Russia experts had begun to see a troubling pattern of propaganda in which fictitious news stories, assumed to be generated by Moscow, proliferated across social-media platforms.
Officials at the State Department and FBI became alarmed by an unusual spike in requests from Russia for temporary visas for officials with technical skills seeking permission to enter the United States for short-term assignments at Russian facilities. At the FBI’s behest, the State Department delayed approving the visas until after the election.
Meanwhile, the FBI was tracking a flurry of hacking activity against U.S. political parties, think tanks and other targets. Russia had gained entry to DNC systems in the summer of 2015 and spring of 2016, but the breaches did not become public until they were disclosed in a June 2016 report by The Post.
Even after the late-July WikiLeaks dump, which came on the eve of the Democratic convention and led to the resignation of Rep. Debbie Wasserman Schultz (D‑Fla.) as the DNC’s chairwoman, U.S. intelligence officials continued to express uncertainty about who was behind the hacks or why they were carried out.
At a public security conference in Aspen, Colo., in late July, Director of National Intelligence James R. Clapper Jr. noted that Russia had a long history of meddling in American elections but that U.S. spy agencies were not ready to “make the call on attribution” for what was happening in 2016.
“We don’t know enough … to ascribe motivation,” Clapper said. “Was this just to stir up trouble or was this ultimately to try to influence an election?”
Brennan convened a secret task force at CIA headquarters composed of several dozen analysts and officers from the CIA, the NSA and the FBI.
The unit functioned as a sealed compartment, its work hidden from the rest of the intelligence community. Those brought in signed new non-disclosure agreements to be granted access to intelligence from all three participating agencies.
They worked exclusively for two groups of “customers,” officials said. The first was Obama and fewer than 14 senior officials in government. The second was a team of operations specialists at the CIA, NSA and FBI who took direction from the task force on where to aim their subsequent efforts to collect more intelligence on Russia.
Don’t make things worse
The secrecy extended into the White House.
Rice, Haines and White House homeland-security adviser Lisa Monaco convened meetings in the Situation Room to weigh the mounting evidence of Russian interference and generate options for how to respond. At first, only four senior security officials were allowed to attend: Brennan, Clapper, Attorney General Loretta E. Lynch and FBI Director James B. Comey. Aides ordinarily allowed entry as “plus-ones” were barred.
Gradually, the circle widened to include Vice President Biden and others. Agendas sent to Cabinet secretaries — including John F. Kerry at the State Department and Ashton B. Carter at the Pentagon — arrived in envelopes that subordinates were not supposed to open. Sometimes the agendas were withheld until participants had taken their seats in the Situation Room.
Throughout his presidency, Obama’s approach to national security challenges was deliberate and cautious. He came into office seeking to end wars in Iraq and Afghanistan. He was loath to act without support from allies overseas and firm political footing at home. He was drawn only reluctantly into foreign crises, such as the civil war in Syria, that presented no clear exit for the United States.
Obama’s approach often seemed reducible to a single imperative: Don’t make things worse. As brazen as the Russian attacks on the election seemed, Obama and his top advisers feared that things could get far worse.
They were concerned that any pre-election response could provoke an escalation from Putin. Moscow’s meddling to that point was seen as deeply concerning but unlikely to materially affect the outcome of the election. Far more worrisome to the Obama team was the prospect of a cyber-assault on voting systems before and on Election Day.
They also worried that any action they took would be perceived as political interference in an already volatile campaign. By August, Trump was predicting that the election would be rigged. Obama officials feared providing fuel to such claims, playing into Russia’s efforts to discredit the outcome and potentially contaminating the expected Clinton triumph.
Before departing for an August vacation to Martha’s Vineyard, Obama instructed aides to pursue ways to deter Moscow and proceed along three main paths: Get a high-confidence assessment from U.S. intelligence agencies on Russia’s role and intent; shore up any vulnerabilities in state-run election systems; and seek bipartisan support from congressional leaders for a statement condemning Moscow and urging states to accept federal help.
The administration encountered obstacles at every turn.
Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”
Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.
Brennan moved swiftly to schedule private briefings with congressional leaders. But getting appointments with certain Republicans proved difficult, officials said, and it was not until after Labor Day that Brennan had reached all members of the “Gang of Eight” — the majority and minority leaders of both houses and the chairmen and ranking Democrats on the Senate and House intelligence committees.
Jeh Johnson, the homeland-security secretary, was responsible for finding out whether the government could quickly shore up the security of the nation’s archaic patchwork of voting systems. He floated the idea of designating state mechanisms “critical infrastructure,” a label that would have entitled states to receive priority in federal cybersecurity assistance, putting them on a par with U.S. defense contractors and financial networks.
On Aug. 15, Johnson arranged a conference call with dozens of state officials, hoping to enlist their support. He ran into a wall of resistance.
The reaction “ranged from neutral to negative,” Johnson said in congressional testimony Wednesday.
Brian Kemp, the Republican secretary of state of Georgia, used the call to denounce Johnson’s proposal as an assault on state rights. “I think it was a politically calculated move by the previous administration,” Kemp said in a recent interview, adding that he remains unconvinced that Russia waged a campaign to disrupt the 2016 race. “I don’t necessarily believe that,” he said.
Stung by the reaction, the White House turned to Congress for help, hoping that a bipartisan appeal to states would be more effective.
In early September, Johnson, Comey and Monaco arrived on Capitol Hill in a caravan of black SUVs for a meeting with 12 key members of Congress, including the leadership of both parties.
The meeting devolved into a partisan squabble.
“The Dems were, ‘Hey, we have to tell the public,’?” recalled one participant. But Republicans resisted, arguing that to warn the public that the election was under attack would further Russia’s aim of sapping confidence in the system.
Senate Majority Leader Mitch McConnell (R‑Ky.) went further, officials said, voicing skepticism that the underlying intelligence truly supported the White House’s claims. Through a spokeswoman, McConnell declined to comment, citing the secrecy of that meeting.
Key Democrats were stunned by the GOP response and exasperated that the White House seemed willing to let Republican opposition block any pre-election move.
On Sept. 22, two California Democrats — Sen. Dianne Feinstein and Rep. Adam B. Schiff — did what they couldn’t get the White House to do. They issued a statement making clear that they had learned from intelligence briefings that Russia was directing a campaign to undermine the election, but they stopped short of saying to what end.
A week later, McConnell and other congressional leaders issued a cautious statement that encouraged state election officials to ensure their networks were “secure from attack.” The release made no mention of Russia and emphasized that the lawmakers “would oppose any effort by the federal government” to encroach on the states’ authorities.
When U.S. spy agencies reached unanimous agreement in late September that the interference was a Russian operation directed by Putin, Obama directed spy chiefs to prepare a public statement summarizing the intelligence in broad strokes.
With Obama still determined to avoid any appearance of politics, the statement would not carry his signature.
On Oct. 7, the administration offered its first public comment on Russia’s “active measures,” in a three-paragraph statement issued by Johnson and Clapper. Comey had initially agreed to attach his name, as well, officials said, but changed his mind at the last minute, saying that it was too close to the election for the bureau to be involved.
“The U.S. intelligence community is confident that the Russian government directed the recent compromises of e‑mails from U.S. persons and institutions, including from U.S. political organizations,” the statement said. “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.”
Early drafts accused Putin by name, but the reference was removed out of concern that it might endanger intelligence sources and methods.
The statement was issued around 3:30 p.m., timed for maximum media coverage. Instead, it was quickly drowned out. At 4 p.m., The Post published a story about crude commentsTrump had made about women that were captured on an “Access Hollywood” tape. Half an hour later, WikiLeaks published its first batch of emails stolen from Clinton campaign chairman John Podesta.
…
‘Ample time’ after election
The Situation Room is actually a complex of secure spaces in the basement level of the West Wing. A video feed from the main room courses through some National Security Council offices, allowing senior aides sitting at their desks to see — but not hear — when meetings are underway.
As the Russia-related sessions with Cabinet members began in August, the video feed was shut off. The last time that had happened on a sustained basis, officials said, was in the spring of 2011 during the run-up to the U.S. Special Operations raid on bin Laden’s compound in Pakistan.
The blacked-out screens were seen as an ominous sign among lower-level White House officials who were largely kept in the dark about the Russia deliberations even as they were tasked with generating options for retaliation against Moscow.
Much of that work was led by the Cyber Response Group, an NSC unit with representatives from the CIA, NSA, State Department and Pentagon.
The early options they discussed were ambitious. They looked at sectorwide economic sanctions and cyberattacks that would take Russian networks temporarily offline. One official informally suggested — though never formally proposed — moving a U.S. naval carrier group into the Baltic Sea as a symbol of resolve.
What those lower-level officials did not know was that the principals and their deputies had by late September all but ruled out any pre-election retaliation against Moscow. They feared that any action would be seen as political and that Putin, motivated by a seething resentment of Clinton, was prepared to go beyond fake news and email dumps.
The FBI had detected suspected Russian attempts to penetrate election systems in 21 states, and at least one senior White House official assumed that Moscow would try all 50, officials said. Some officials believed the attempts were meant to be detected to unnerve the Americans. The patchwork nature of the United States’ 3,000 or so voting jurisdictions would make it hard for Russia to swing the outcome, but Moscow could still sow chaos.
“We turned to other scenarios” the Russians might attempt, said Michael Daniel, who was cybersecurity coordinator at the White House, “such as disrupting the voter rolls, deleting every 10th voter [from registries] or flipping two digits in everybody’s address.”
The White House also worried that they had not yet seen the worst of Russia’s campaign. WikiLeaks and DCLeaks, a website set up in June 2016 by hackers believed to be Russian operatives, already had troves of emails. But U.S. officials feared that Russia had more explosive material or was willing to fabricate it.
“Our primary interest in August, September and October was to prevent them from doing the max they could do,” said a senior administration official. “We made the judgment that we had ample time after the election, regardless of outcome, for punitive measures.”
The assumption that Clinton would win contributed to the lack of urgency.
Instead, the administration issued a series of warnings.
Brennan delivered the first on Aug. 4 in a blunt phone call with Alexander Bortnikov, the director of the FSB, Russia’s powerful security service.
A month later, Obama confronted Putin directly during a meeting of world leaders in Hangzhou, China. Accompanied only by interpreters, Obama told Putin that “we knew what he was doing and [he] better stop or else,” according to a senior aide who subsequently spoke with Obama. Putin responded by demanding proof and accusing the United States of interfering in Russia’s internal affairs.
In a subsequent news conference, Obama alluded to the exchange and issued a veiled threat. “We’re moving into a new era here where a number of countries have significant capacities,” he said. “Frankly, we’ve got more capacity than anybody both offensively and defensively.”
There were at least two other warnings.
On Oct. 7, the day that the Clapper-Johnson statement was released, Rice summoned Russian Ambassador Sergey Kislyak Sergey Kislyak to the White House and handed him a message to relay to Putin.
Then, on Oct. 31, the administration delivered a final pre-election message via a secure channel to Moscow originally created to avert a nuclear exchange. The message noted that the United States had detected malicious activity, originating from servers in Russia, targeting U.S. election systems and warned that meddling would be regarded as unacceptable interference. Russia confirmed the next day that it had received the message but replied only after the election through the same channel, denying the accusation.
As Election Day approached, proponents of taking action against Russia made final, futile appeals to Obama’s top aides: McDonough, Rice and Haines. Because their offices were part of a suite of spaces in the West Wing, securing their support on any national security issue came to be known as “moving the suite.”
One of the last to try before the election was Kerry. Often perceived as reluctant to confront Russia, in part to preserve his attempts to negotiate a Syria peace deal, Kerry was at critical moments one of the leading hawks.
In October, Kerry’s top aides had produced an “action memo” that included a package of retaliatory measures including economic sanctions. Knowing the White House was not willing to act before the election, the plan called for the measures to be announced almost immediately after votes had been securely cast and counted.
Kerry signed the memo and urged the White House to convene a principals meeting to discuss the plan, officials said. “The response was basically, ‘Not now,’” one official said.
Election Day arrived without penalty for Moscow.
…
A U.S. cyber-weapon
The most difficult measure to evaluate is one that Obama alluded to in only the most oblique fashion when announcing the U.S. response.
“We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized,” he said in a statement released by the White House.
He was referring, in part, to a cyber operation that was designed to be detected by Moscow but not cause significant damage, officials said. The operation, which entailed implanting computer code in sensitive computer systems that Russia was bound to find, served only as a reminder to Moscow of the United States’ cyber reach.
But Obama also signed the secret finding, officials said, authorizing a new covert program involving the NSA, CIA and U.S. Cyber Command.
Obama declined to comment for this article, but a spokesman issued a statement: “This situation was taken extremely seriously, as is evident by President Obama raising this issue directly with President Putin; 17 intelligence agencies issuing an extraordinary public statement; our homeland security officials working relentlessly to bolster the cyber defenses of voting infrastructure around the country; the President directing a comprehensive intelligence review, and ultimately issuing a robust response including shutting down two Russian compounds, sanctioning nine Russian entities and individuals, and ejecting 35 Russian diplomats from the country.”
The cyber operation is still in its early stages and involves deploying “implants” in Russian networks deemed “important to the adversary and that would cause them pain and discomfort if they were disrupted,” a former U.S. official said.
The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.
Officials familiar with the measures said that there was concern among some in the administration that the damage caused by the implants could be difficult to contain.
As a result, the administration requested a legal review, which concluded that the devices could be controlled well enough that their deployment would be considered “proportional” in varying scenarios of Russian provocation, a requirement under international law.
The operation was described as long-term, taking months to position the implants and requiring maintenance thereafter. Under the rules of covert action, Obama’s signature was all that was necessary to set the operation in motion.
U.S. intelligence agencies do not need further approval from Trump, and officials said that he would have to issue a countermanding order to stop it. The officials said that they have seen no indication that Trump has done so.
3b. The person on the Daily Stormer calling for white supremacists to threaten to kill the family members of CNN employees as part of growing right-wing hysteria over CNN and “fake news” is Andrew “the weev” Auerheimer aka “weev”–a guest at Glenn Greenwald and Laura Poitras’ party celebrating their receipt of the Polk Award.
Currently residing in Ukraine, Auerenheimer exemplifies the brilliant, altogether capable cyber-fascists who might be in a position to exploit the NSA technology placed on Russian computer networks.
Never lose sight of the fact that the New Cold War, much of it “cyber” in nature, was begun with “Eddie the Friendly Spook” Snowden–the Peach Fuzz Fascist–journeying to Russia, courtesy of WikiLeaks. This, AFTER he journeyed to Hong Kong with apposite assistance from Jacob Applebaum of the CIA.
Andrew Auernheimer, the notorious hacker and Internet troll known as ‘Weev,’ rallied the neo-Nazi Daily Stormer’s troll army for its latest campaign this morning, claiming that CNN was blackmailing a “teen shitposter.”
The events leading to this online call to arms began Sunday morning, President Trump tweeted a gif created by Reddit user HanAssholeSolodepicting a scene from Wrestlemania XXIII in which Trump body slams and pummels WWE promoter Vince McMahon. In the gif, the CNN logo is superimposed over McMahon’s face.
Auernheimer heralded the tweet as “easily the greatest tweet in the history of Twitter.”
After scouring HanAssholeSolo’s Reddit account, which contained scores of racist and xenophobic postings, CNN’s KFile was able to track down the user’s Facebook page and contact him.
Fearing public embarrassment and his safety, HanAssholeSolo published a lengthy apology on the Reddit group r/theDonald, asking that CNN not publish his identity. (The apology has since been removed.)
CNN obliged, on the condition that HanAssholeSolo remove his offending posts and cease his trolling, but that didn’t stop the self-proclaimed “real media” at the Daily Stormer from issuing an ultimatum to every staffer at CNN.
“Just like CNN tracked down this child and used media exposure as a bludgeon against him for posting (truthful and funny) things that they don’t like, we are going to begin tracking down their families as a bludgeon against them for publishing (seditiously fraudulent) things that we don’t like,” wrote Auernheimer. “CNN, this is your one singular chance to walk back this behavior of public blackmail. You have one week to fix this.”
Auernheimer’s list of demands includes the public firing of the KFile team, a denouncement of their alleged threats, a $50,000 college scholarship for HanAssholeSolo, and a public assurance that “he and his family will never be harmed by your organization.”
The only problem: HanAssholeSolo is an adult, according to CNN.
“We are going to track down your parents. We are going to track down your siblings. We are going to track down your spouses. We are going to track down your children. Because hey, that’s what you guys get to do, right? We’re going to see how you like it when our reporters are hunting down your children,” continued Auernheimer.
Auernheimer instructed CNN employees that do not want to be doxed to quit within the week and denounce the organization’s alleged blackmail.
“We didn’t make these rules – you did – and now we’re going to force you to play by them. Hope you enjoy what is coming, you filthy rat kike bastards. Kill yourselves, kike news fakers. You deserve every single bit of what you are about to get,” concluded Auernheimer.
The call to “kill the lying mass of shi t that is CNN” posted to 4chan’s politically incorrect forum, /pol/.
Within hours, personal information for multiple CNN staffers and their family members — alongside images and gifs of individuals with CNN superimposed over their faces being shot in the head — appeared in the comments of the posting.
The incident is a rare moment of unity for the far-right with members of r/theDonald, 4chan, the Daily Stormer, and the alt-lite banding together to attack CNN.
The 4chan message board /pol/, which is dedicated to politically incorrect discussion, dubbed the campaign “Operation:Autism Storm” and posted a four part plan of attack that includes banding together with other far right sites, going after CNN’s advertisers, discrediting everyone at CNN, and forming a legal strategy for HanAssholeSolo should he later be doxed.
At least nine separate hashtags trended across far-right accounts Tuesday evening – including #cnnblackmail, #cnndoxing, and #fraudnewscnn – as the controversy erupted.
….
4. Seymour Hersh has a piece in Die Welt about the intelligence that went into the Trump administration’s decision to launch a cruise missile strike against a Syrian airbase following the alleged sarin gas attack on the city of Khan Sheikhoun in Idlib.
What did the intelligence community know about the attack? The Russian and Syrian air force had informed the US in advance of that airstrike that they had intelligence that top level leaders of Ahrar al-Sham and Jabhat al-Nusra were meeting in that building and they informed of the US of the attack plan in advance of the attack and that it was on a “high-value” target. And the attack involved the unusual use of a guided bomb and Syria’s top pilots. Following the attack, US intelligence concluded that there was no sarin gas attack, Assad wouldn’t have been that politically suicidal, and the symptoms of chemical poisoning following the bombing was likely due to a mixture of chlorine, fertilizers, and other chemicals stored in the building that was targeted by the Syrian airforce created by secondary explosions from the initial bombing.
Key portions of Hersh’s story:
“. . . . The Syrian target at Khan Sheikhoun, as shared with the Americans at Doha, was depicted as a two-story cinder-block building in the northern part of town. Russian intelligence, which is shared when necessary with Syria and the U.S. as part of their joint fight against jihadist groups, had established that a high-level meeting of jihadist leaders was to take place in the building, including representatives of Ahrar al-Sham and the al-Qaida-affiliated group formerly known as Jabhat al-Nusra. The two groups had recently joined forces, and controlled the town and surrounding area. Russian intelligence depicted the cinder-block building as a command and control center that housed a grocery and other commercial premises on its ground floor with other essential shops nearby, including a fabric shop and an electronics store.
‘The rebels control the population by controlling the distribution of goods that people need to live – food, water, cooking oil, propane gas, fertilizers for growing their crops, and insecticides to protect the crops,’ a senior adviser to the American intelligence community, who has served in senior positions in the Defense Department and Central Intelligence Agency, told me. The basement was used as storage for rockets, weapons and ammunition, as well as products that could be distributed for free to the community, among them medicines and chlorine-based decontaminants for cleansing the bodies of the dead before burial. The meeting place – a regional headquarters – was on the floor above. ‘It was an established meeting place,’ the senior adviser said. ‘A long-time facility that would have had security, weapons, communications, files and a map center.’ The Russians were intent on confirming their intelligence and deployed a drone for days above the site to monitor communications and develop what is known in the intelligence community as a POL – a pattern of life. The goal was to take note of those going in and out of the building, and to track weapons being moved back and forth, including rockets and ammunition.
…
Russian and Syrian intelligence officials, who coordinate operations closely with the American command posts, made it clear that the planned strike on Khan Sheikhoun was special because of the high-value target. ‘It was a red-hot change. The mission was out of the ordinary – scrub the sked,’ the senior adviser told me. ‘Every operations officer in the region’ – in the Army, Marine Corps, Air Force, CIA and NSA – ‘had to know there was something going on. The Russians gave the Syrian Air Force a guided bomb and that was a rarity. They’re skimpy with their guided bombs and rarely share them with the Syrian Air Force. And the Syrians assigned their best pilot to the mission, with the best wingman.’ The advance intelligence on the target, as supplied by the Russians, was given the highest possible score inside the American community.
The Execute Order governing U.S. military operations in theater, which was issued by the Chairman of the Joint Chiefs of Staff, provide instructions that demarcate the relationship between the American and Russian forces operating in Syria. “It’s like an ops order – ‘Here’s what you are authorized to do,’” the adviser said. “We do not share operational control with the Russians. We don’t do combined operations with them, or activities directly in support of one of their operations. But coordination is permitted. We keep each other apprised of what’s happening and within this package is the mutual exchange of intelligence. If we get a hot tip that could help the Russians do their mission, that’s coordination; and the Russians do the same for us. When we get a hot tip about a command and control facility,” the adviser added, referring to the target in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chemical weapons strike,” the adviser said. “That’s a fairy tale. If so, everyone involved in transferring, loading and arming the weapon – you’ve got to make it appear like a regular 500-pound conventional bomb – would be wearing Hazmat protective clothing in case of a leak. There would be very little chance of survival without such gear. Military grade sarin includes additives designed to increase toxicity and lethality. Every batch that comes out is maximized for death. That is why it is made. It is odorless and invisible and death can come within a minute. No cloud. Why produce a weapon that people can run away from?”
The target was struck at 6:55 a.m. on April 4, just before midnight in Washington. A Bomb Damage Assessment (BDA) by the U.S. military later determined that the heat and force of the 500-pound Syrian bomb triggered a series of secondary explosions that could have generated a huge toxic cloud that began to spread over the town, formed by the release of the fertilizers, disinfectants and other goods stored in the basement, its effect magnified by the dense morning air, which trapped the fumes close to the ground. According to intelligence estimates, the senior adviser said, the strike itself killed up to four jihadist leaders, and an unknown number of drivers and security aides. There is no confirmed count of the number of civilians killed by the poisonous gases that were released by the secondary explosions, although opposition activists reported that there were more than 80 dead, and outlets such as CNN have put the figure as high as 92. A team from Médecins Sans Frontières, treating victims from Khan Sheikhoun at a clinic 60 miles to the north, reported that “eight patients showed symptoms – including constricted pupils, muscle spasms and involuntary defecation – which are consistent with exposure to a neurotoxic agent such as sarin gas or similar compounds.” MSF also visited other hospitals that had received victims and found that patients there “smelled of bleach, suggesting that they had been exposed to chlorine.” In other words, evidence suggested that there was more than one chemical responsible for the symptoms observed, which would not have been the case if the Syrian Air Force – as opposition activists insisted – had dropped a sarin bomb, which has no percussive or ignition power to trigger secondary explosions. The range of symptoms is, however, consistent with the release of a mixture of chemicals, including chlorine and the organophosphates used in many fertilizers, which can cause neurotoxic effects similar to those of sarin. . . .
. . . . The crisis slid into the background by the end of April, as Russia, Syria and the United States remained focused on annihilating ISIS and the militias of al-Qaida. Some of those who had worked through the crisis, however, were left with lingering concerns. ‘The Salafists and jihadists got everything they wanted out of their hyped-up Syrian nerve gas ploy,’ the senior adviser to the U.S. intelligence community told me, referring to the flare up of tensions between Syria, Russia and America. ‘The issue is, what if there’s another false flag sarin attack credited to hated Syria? Trump has upped the ante and painted himself into a corner with his decision to bomb. And do not think these guys are not planning the next faked attack. Trump will have no choice but to bomb again, and harder. He’s incapable of saying he made a mistake.’ . . .”
“Trump‘s Red Line” by Seymour M. Hersh; Welt.de; 06/25/2017
On April 6, United States President Donald Trump authorized an early morning Tomahawk missile strike on Shayrat Air Base in central Syria in retaliation for what he said was a deadly nerve agent attack carried out by the Syrian government two days earlier in the rebel-held town of Khan Sheikhoun. Trump issued the order despite having been warned by the U.S. intelligence community that it had found no evidence that the Syrians had used a chemical weapon.
The available intelligence made clear that the Syrians had targeted a jihadist meeting site on April 4 using a Russian-supplied guided bomb equipped with conventional explosives. Details of the attack, including information on its so-called high-value targets, had been provided by the Russians days in advance to American and allied military officials in Doha, whose mission is to coordinate all U.S., allied, Syrian and Russian Air Force operations in the region.
Some American military and intelligence officials were especially distressed by the president’s determination to ignore the evidence. “None of this makes any sense,” one officer told colleagues upon learning of the decision to bomb. “We KNOW that there was no chemical attack … the Russians are furious. Claiming we have the real intel and know the truth … I guess it didn’t matter whether we elected Clinton or Trump.“
Within hours of the April 4 bombing, the world’s media was saturated with photographs and videos from Khan Sheikhoun. Pictures of dead and dying victims, allegedly suffering from the symptoms of nerve gas poisoning, were uploaded to social media by local activists, including the White Helmets, a first responder group known for its close association with the Syrian opposition.
The provenance of the photos was not clear and no international observers have yet inspected the site, but the immediate popular assumption worldwide was that this was a deliberate use of the nerve agent sarin, authorized by President Bashar Assad of Syria. Trump endorsed that assumption by issuing a statement within hours of the attack, describing Assad’s “heinous actions” as being a consequence of the Obama administration’s “weakness and irresolution” in addressing what he said was Syria’s past use of chemical weapons.
To the dismay of many senior members of his national security team, Trump could not be swayed over the next 48 hours of intense briefings and decision-making. In a series of interviews, I learned of the total disconnect between the president and many of his military advisers and intelligence officials, as well as officers on the ground in the region who had an entirely different understanding of the nature of Syria’s attack on Khan Sheikhoun. I was provided with evidence of that disconnect, in the form of transcripts of real-time communications, immediately following the Syrian attack on April 4. In an important pre-strike process known as deconfliction, U.S. and Russian officers routinely supply one another with advance details of planned flight paths and target coordinates, to ensure that there is no risk of collision or accidental encounter (the Russians speak on behalf of the Syrian military). This information is supplied daily to the American AWACS surveillance planes that monitor the flights once airborne. Deconfliction’s success and importance can be measured by the fact that there has yet to be one collision, or even a near miss, among the high-powered supersonic American, Allied, Russian and Syrian fighter bombers.
Russian and Syrian Air Force officers gave details of the carefully planned flight path to and from Khan Shiekhoun on April 4 directly, in English, to the deconfliction monitors aboard the AWACS plane, which was on patrol near the Turkish border, 60 miles or more to the north.
The Syrian target at Khan Sheikhoun, as shared with the Americans at Doha, was depicted as a two-story cinder-block building in the northern part of town. Russian intelligence, which is shared when necessary with Syria and the U.S. as part of their joint fight against jihadist groups, had established that a high-level meeting of jihadist leaders was to take place in the building, including representatives of Ahrar al-Sham and the al-Qaida-affiliated group formerly known as Jabhat al-Nusra. The two groups had recently joined forces, and controlled the town and surrounding area. Russian intelligence depicted the cinder-block building as a command and control center that housed a grocery and other commercial premises on its ground floor with other essential shops nearby, including a fabric shop and an electronics store.
“The rebels control the population by controlling the distribution of goods that people need to live – food, water, cooking oil, propane gas, fertilizers for growing their crops, and insecticides to protect the crops,” a senior adviser to the American intelligence community, who has served in senior positions in the Defense Department and Central Intelligence Agency, told me. The basement was used as storage for rockets, weapons and ammunition, as well as products that could be distributed for free to the community, among them medicines and chlorine-based decontaminants for cleansing the bodies of the dead before burial. The meeting place – a regional headquarters – was on the floor above. “It was an established meeting place,” the senior adviser said. “A long-time facility that would have had security, weapons, communications, files and a map center.” The Russians were intent on confirming their intelligence and deployed a drone for days above the site to monitor communications and develop what is known in the intelligence community as a POL – a pattern of life. The goal was to take note of those going in and out of the building, and to track weapons being moved back and forth, including rockets and ammunition.
One reason for the Russian message to Washington about the intended target was to ensure that any CIA asset or informant who had managed to work his way into the jihadist leadership was forewarned not to attend the meeting.I was told that the Russians passed the warning directly to the CIA. “They were playing the game right,” the senior adviser said. The Russian guidance noted that the jihadist meeting was coming at a time of acute pressure for the insurgents: Presumably Jabhat al-Nusra and Ahrar al-Sham were desperately seeking a path forward in the new political climate. In the last few days of March, Trump and two of his key national security aides – Secretary of State Rex Tillerson and UN Ambassador Nikki Haley – had made statements acknowledging that, as the New York Times put it, the White House “has abandoned the goal” of pressuring Assad “to leave power, marking a sharp departure from the Middle East policy that guided the Obama administration for more than five years.” White House Press Secretary Sean Spicer told a press briefing on March 31 that “there is a political reality that we have to accept,” implying that Assad was there to stay.
Russian and Syrian intelligence officials, who coordinate operations closely with the American command posts, made it clear that the planned strike on Khan Sheikhoun was special because of the high-value target. “It was a red-hot change. The mission was out of the ordinary – scrub the sked,” the senior adviser told me. “Every operations officer in the region” – in the Army, Marine Corps, Air Force, CIA and NSA – “had to know there was something going on. The Russians gave the Syrian Air Force a guided bomb and that was a rarity. They’re skimpy with their guided bombs and rarely share them with the Syrian Air Force. And the Syrians assigned their best pilot to the mission, with the best wingman.” The advance intelligence on the target, as supplied by the Russians, was given the highest possible score inside the American community.
The Execute Order governing U.S. military operations in theater, which was issued by the Chairman of the Joint Chiefs of Staff, provide instructions that demarcate the relationship between the American and Russian forces operating in Syria. “It’s like an ops order – ‘Here’s what you are authorized to do,’” the adviser said. “We do not share operational control with the Russians. We don’t do combined operations with them, or activities directly in support of one of their operations. But coordination is permitted. We keep each other apprised of what’s happening and within this package is the mutual exchange of intelligence. If we get a hot tip that could help the Russians do their mission, that’s coordination; and the Russians do the same for us. When we get a hot tip about a command and control facility,” the adviser added, referring to the target in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chemical weapons strike,” the adviser said. “That’s a fairy tale. If so, everyone involved in transferring, loading and arming the weapon – you’ve got to make it appear like a regular 500-pound conventional bomb – would be wearing Hazmat protective clothing in case of a leak. There would be very little chance of survival without such gear. Military grade sarin includes additives designed to increase toxicity and lethality. Every batch that comes out is maximized for death. That is why it is made. It is odorless and invisible and death can come within a minute. No cloud. Why produce a weapon that people can run away from?”
The target was struck at 6:55 a.m. on April 4, just before midnight in Washington. A Bomb Damage Assessment (BDA) by the U.S. military later determined that the heat and force of the 500-pound Syrian bomb triggered a series of secondary explosions that could have generated a huge toxic cloud that began to spread over the town, formed by the release of the fertilizers, disinfectants and other goods stored in the basement, its effect magnified by the dense morning air, which trapped the fumes close to the ground. According to intelligence estimates, the senior adviser said, the strike itself killed up to four jihadist leaders, and an unknown number of drivers and security aides. There is no confirmed count of the number of civilians killed by the poisonous gases that were released by the secondary explosions, although opposition activists reported that there were more than 80 dead, and outlets such as CNN have put the figure as high as 92. A team from Médecins Sans Frontières, treating victims from Khan Sheikhoun at a clinic 60 miles to the north, reported that “eight patients showed symptoms – including constricted pupils, muscle spasms and involuntary defecation – which are consistent with exposure to a neurotoxic agent such as sarin gas or similar compounds.” MSF also visited other hospitals that had received victims and found that patients there “smelled of bleach, suggesting that they had been exposed to chlorine.” In other words, evidence suggested that there was more than one chemical responsible for the symptoms observed, which would not have been the case if the Syrian Air Force – as opposition activists insisted – had dropped a sarin bomb, which has no percussive or ignition power to trigger secondary explosions. The range of symptoms is, however, consistent with the release of a mixture of chemicals, including chlorine and the organophosphates used in many fertilizers, which can cause neurotoxic effects similar to those of sarin.
The internet swung into action within hours, and gruesome photographs of the victims flooded television networks and YouTube. U.S. intelligence was tasked with establishing what had happened. Among the pieces of information received was an intercept of Syrian communications collected before the attack by an allied nation. The intercept, which had a particularly strong effect on some of Trump’s aides, did not mention nerve gas or sarin, but it did quote a Syrian general discussing a “special” weapon and the need for a highly skilled pilot to man the attack plane. The reference, as those in the American intelligence community understood, and many of the inexperienced aides and family members close to Trump may not have, was to a Russian-supplied bomb with its built-in guidance system. “If you’ve already decided it was a gas attack, you will then inevitably read the talk about a special weapon as involving a sarin bomb,” the adviser said. “Did the Syrians plan the attack on Khan Sheikhoun? Absolutely. Do we have intercepts to prove it? Absolutely. Did they plan to use sarin? No. But the president did not say: ‘We have a problem and let’s look into it.’ He wanted to bomb the shit out of Syria.”
At the UN the next day, Ambassador Haley created a media sensation when she displayed photographs of the dead and accused Russia of being complicit. “How many more children have to die before Russia cares?” she asked. NBC News, in a typical report that day, quoted American officials as confirming that nerve gas had been used and Haley tied the attack directly to Syrian President Assad. “We know that yesterday’s attack was a new low even for the barbaric Assad regime,” she said. There was irony in America’s rush to blame Syria and criticize Russia for its support of Syria’s denial of any use of gas in Khan Sheikhoun, as Ambassador Haley and others in Washington did. “What doesn’t occur to most Americans” the adviser said, “is if there had been a Syrian nerve gas attack authorized by Bashar, the Russians would be 10 times as upset as anyone in the West. Russia’s strategy against ISIS, which involves getting American cooperation, would have been destroyed and Bashar would be responsible for pissing off Russia, with unknown consequences for him. Bashar would do that? When he’s on the verge of winning the war? Are you kidding me?”
Trump, a constant watcher of television news, said, while King Abdullah of Jordan was sitting next to him in the Oval Office, that what had happened was “horrible, horrible” and a “terrible affront to humanity.” Asked if his administration would change its policy toward the Assad government, he said: “You will see.” He gave a hint of the response to come at the subsequent news conference with King Abdullah: “When you kill innocent children, innocent babies – babies, little babies – with a chemical gas that is so lethal … that crosses many, many lines, beyond a red line . … That attack on children yesterday had a big impact on me. Big impact … It’s very, very possible … that my attitude toward Syria and Assad has changed very much.”
Within hours of viewing the photos, the adviser said, Trump instructed the national defense apparatus to plan for retaliation against Syria. “He did this before he talked to anybody about it. The planners then asked the CIA and DIA if there was any evidence that Syria had sarin stored at a nearby airport or somewhere in the area. Their military had to have it somewhere in the area in order to bomb with it.” “The answer was, ‘We have no evidence that Syria had sarin or used it,’” the adviser said. “The CIA also told them that there was no residual delivery for sarin at Sheyrat [the airfield from which the Syrian SU-24 bombers had taken off on April 4] and Assad had no motive to commit political suicide.”Everyone involved, except perhaps the president, also understood that a highly skilled United Nations team had spent more than a year in the aftermath of an alleged sarin attack in 2013 by Syria, removing what was said to be all chemical weapons from a dozen Syrian chemical weapons depots.
At this point, the adviser said, the president’s national security planners were more than a little rattled: “No one knew the provenance of the photographs. We didn’t know who the children were or how they got hurt. Sarin actually is very easy to detect because it penetrates paint, and all one would have to do is get a paint sample. We knew there was a cloud and we knew it hurt people. But you cannot jump from there to certainty that Assad had hidden sarin from the UN because he wanted to use it in Khan Sheikhoun.” The intelligence made clear that a Syrian Air Force SU-24 fighter bomber had used a conventional weapon to hit its target: There had been no chemical warhead. And yet it was impossible for the experts to persuade the president of this once he had made up his mind. “The president saw the photographs of poisoned little girls and said it was an Assad atrocity,” the senior adviser said. “It’s typical of human nature. You jump to the conclusion you want. Intelligence analysts do not argue with a president. They’re not going to tell the president, ‘if you interpret the data this way, I quit.’”
The national security advisers understood their dilemma: Trump wanted to respond to the affront to humanity committed by Syria and he did not want to be dissuaded. They were dealing with a man they considered to be not unkind and not stupid, but his limitations when it came to national security decisions were severe. “Everyone close to him knows his proclivity for acting precipitously when he does not know the facts,” the adviser said. “He doesn’t read anything and has no real historical knowledge. He wants verbal briefings and photographs. He’s a risk-taker. He can accept the consequences of a bad decision in the business world; he will just lose money. But in our world, lives will be lost and there will be long-term damage to our national security if he guesses wrong. He was told we did not have evidence of Syrian involvement and yet Trump says: ‘Do it.”’
On April 6, Trump convened a meeting of national security officials at his Mar-a-Lago resort in Florida. The meeting was not to decide what to do, but how best to do it – or, as some wanted, how to do the least and keep Trump happy. “The boss knew before the meeting that they didn’t have the intelligence, but that was not the issue,” the adviser said. “The meeting was about, ‘Here’s what I’m going to do,’ and then he gets the options.”
The available intelligence was not relevant. The most experienced man at the table was Secretary of Defense James Mattis, a retired Marine Corps general who had the president’s respect and understood, perhaps, how quickly that could evaporate. Mike Pompeo, the CIA director whose agency had consistently reported that it had no evidence of a Syrian chemical bomb, was not present. Secretary of State Tillerson was admired on the inside for his willingness to work long hours and his avid reading of diplomatic cables and reports, but he knew little about waging war and the management of a bombing raid. Those present were in a bind, the adviser said. “The president was emotionally energized by the disaster and he wanted options.” He got four of them, in order of extremity. Option one was to do nothing. All involved, the adviser said, understood that was a non-starter. Option two was a slap on the wrist: to bomb an airfield in Syria, but only after alerting the Russians and, through them, the Syrians, to avoid too many casualties. A few of the planners called this the “gorilla option”: America would glower and beat its chest to provoke fear and demonstrate resolve, but cause little significant damage. The third option was to adopt the strike package that had been presented to Obama in 2013, and which he ultimately chose not to pursue. The plan called for the massive bombing of the main Syrian airfields and command and control centers using B1 and B52 aircraft launched from their bases in the U.S. Option four was “decapitation”: to remove Assad by bombing his palace in Damascus, as well as his command and control network and all of the underground bunkers he could possibly retreat to in a crisis.
“Trump ruled out option one off the bat,” the senior adviser said, and the assassination of Assad was never considered. “But he said, in essence: ‘You’re the military and I want military action.’” The president was also initially opposed to the idea of giving the Russians advance warning before the strike, but reluctantly accepted it. “We gave him the Goldilocks option – not too hot, not too cold, but just right.” The discussion had its bizarre moments. Tillerson wondered at the Mar-a-Lago meeting why the president could not simply call in the B52 bombers and pulverize the air base. He was told that B52s were very vulnerable to surface-to-air missiles (SAMs) in the area and using such planes would require suppression fire that could kill some Russian defenders. “What is that?” Tillerson asked. Well, sir, he was told, that means we would have to destroy the upgraded SAM sites along the B52 flight path, and those are manned by Russians, and we possibly would be confronted with a much more difficult situation. “The lesson here was: Thank God for the military men at the meeting,” the adviser said. “They did the best they could when confronted with a decision that had already been made.”
Fifty-nine Tomahawk missiles were fired from two U.S. Navy destroyers on duty in the Mediterranean, the Ross and the Porter, at Shayrat Air Base near the government-controlled city of Homs. The strike was as successful as hoped, in terms of doing minimal damage. The missiles have a light payload – roughly 220 pounds of HBX, the military’s modern version of TNT. The airfield’s gasoline storage tanks, a primary target, were pulverized, the senior adviser said, triggering a huge fire and clouds of smoke that interfered with the guidance system of following missiles. As many as 24 missiles missed their targets and only a few of the Tomahawks actually penetrated into hangars, destroying nine Syrian aircraft, many fewer than claimed by the Trump administration. I was told that none of the nine was operational: such damaged aircraft are what the Air Force calls hangar queens. “They were sacrificial lambs,” the senior adviser said. Most of the important personnel and operational fighter planes had been flown to nearby bases hours before the raid began. The two runways and parking places for aircraft, which had also been targeted, were repaired and back in operation within eight hours or so. All in all, it was little more than an expensive fireworks display.
“It was a totally Trump show from beginning to end,” the senior adviser said. “A few of the president’s senior national security advisers viewed the mission as a minimized bad presidential decision, and one that they had an obligation to carry out. But I don’t think our national security people are going to allow themselves to be hustled into a bad decision again. If Trump had gone for option three, there might have been some immediate resignations.”
After the meeting, with the Tomahawks on their way, Trump spoke to the nation from Mar-a-Lago, and accused Assad of using nerve gas to choke out “the lives of helpless men, women and children. It was a slow and brutal death for so many … No child of God should ever suffer such horror.” The next few days were his most successful as president. America rallied around its commander in chief, as it always does in times of war. Trump, who had campaigned as someone who advocated making peace with Assad, was bombing Syria 11 weeks after taking office, and was hailed for doing so by Republicans, Democrats and the media alike. One prominent TV anchorman, Brian Williams of MSNBC, used the word “beautiful” to describe the images of the Tomahawks being launched at sea. Speaking on CNN, Fareed Zakaria said: “I think Donald Trump became president of the United States.” A review of the top 100 American newspapers showed that 39 of them published editorials supporting the bombing in its aftermath, including the New York Times, Washington Post and Wall Street Journal.
Five days later, the Trump administration gathered the national media for a background briefing on the Syrian operation that was conducted by a senior White House official who was not to be identified. The gist of the briefing was that Russia’s heated and persistent denial of any sarin use in the Khan Sheikhoun bombing was a lie because President Trump had said sarin had been used. That assertion, which was not challenged or disputed by any of the reporters present, became the basis for a series of further criticisms:
– The continued lying by the Trump administration about Syria’s use of sarin led to widespread belief in the American media and public that Russia had chosen to be involved in a corrupt disinformation and cover-up campaign on the part of Syria.
– Russia’s military forces had been co-located with Syria’s at the Shayrat airfield (as they are throughout Syria), raising the possibility that Russia had advance notice of Syria’s determination to use sarin at Khan Sheikhoun and did nothing to stop it.
– Syria’s use of sarin and Russia’s defense of that use strongly suggested that Syria withheld stocks of the nerve agent from the UN disarmament team that spent much of 2014 inspecting and removing all declared chemical warfare agents from 12 Syrian chemical weapons depots, pursuant to the agreement worked out by the Obama administration and Russia after Syria’s alleged, but still unproven, use of sarin the year before against a rebel redoubt in a suburb of Damascus.
The briefer, to his credit, was careful to use the words “think,” “suggest” and “believe” at least 10 times during the 30-minute event. But he also said that his briefing was based on data that had been declassified by “our colleagues in the intelligence community.” What the briefer did not say, and may not have known, was that much of the classified information in the community made the point that Syria had not used sarin in the April 4 bombing attack.
…
The crisis slid into the background by the end of April, as Russia, Syria and the United States remained focused on annihilating ISIS and the militias of al-Qaida. Some of those who had worked through the crisis, however, were left with lingering concerns. “The Salafists and jihadists got everything they wanted out of their hyped-up Syrian nerve gas ploy,” the senior adviser to the U.S. intelligence community told me, referring to the flare up of tensions between Syria, Russia and America. “The issue is, what if there’s another false flag sarin attack credited to hated Syria? Trump has upped the ante and painted himself into a corner with his decision to bomb. And do not think these guys are not planning the next faked attack. Trump will have no choice but to bomb again, and harder. He’s incapable of saying he made a mistake.”
The White House issued an ominous warning to Syrian President Bashar al-Assad on Monday night, pledging that his regime would pay a “heavy price” if it carried out another chemical attack this year.
In a statement, White House press secretary Sean Spicer said that the United States had detected evidence of preparations for a chemical attack, similar to the preparations that occurred before an attack in April.
“The United States has identified potential preparations for another chemical weapons attack by the Assad regime that would likely result in the mass murder of civilians, including innocent children,” Spicer said in the statement. “The activities are similar to preparations the regime made before its April 4, 2017 chemical weapons attack.
“As we have previously stated, the United States is in Syria to eliminate the Islamic State of Iraq and Syria,” he continued. “If, however, Mr. Assad conducts another mass murder attack using chemical weapons, he and his military will pay a heavy price.”
Following the April attack, President Trump ordered an air strike against the Assad-controlled air field where the attack was believed to have been carried out.
At the time, Trump said that Assad’s use of chemical weapons against innocent women and children made action inevitable.
“When you kill innocent children, innocent babies, babies, little babies, with a chemical gas that is so lethal — people were shocked to hear what gas it was,” Trump said after the attack. “That crosses many, many lines, beyond a red line, many, many lines.”
Following Spicer’s statement on Monday night, Nikki Haley, the U.S. Ambassador to the United Nations said Assad and its allies would be squarely blamed if such an attack occurred.
“Any further attacks done to the people of Syria will be blamed on Assad, but also on Russia & Iran who support him killing his own people,”Haley wrote.
Any further attacks done to the people of Syria will be blamed on Assad, but also on Russia & Iran who support him killing his own people.— Nikki Haley (@nikkihaley) June 27, 2017
The U.S. military maintains a variety of weapons in the region that could be used in the event of another strike, including manned and unmanned aircraft in several Middle Eastern countries. But the most likely scenario is probably a strike using naval assets, which can be launched with fewer diplomatic issues than using bases in allied countries such as Turkey or the United Arab Emirates.
The Navy launched Tomahawk missiles at a Syrian military airfield April 6 in response to a previous alleged chemical weapons attack, using two guided-missile destroyers in the eastern Mediterranean Sea, the USS Ross and USS Porter, to do so.
…
A point of contention for the Pentagon after the last strike was the Syrian regime’s alleged use of a nerve agent, like sarin. It is far deadlier than some other chemicals that U.S. military and intelligence officials say that the regime has used, such as chlorine.
6. Critical to the understanding of the spinning of “Russia-gate” are the actions of Felix Sater.
“ . . . . Nevertheless, in late January, Sater and a Ukrainian lawmaker reportedly met with Trump’s personal lawyer, Michael Cohen, at a New York hotel. According to the Times, they discussed a plan that involved the U.S. lifting sanctions against Russia, and Cohen said he hand-delivered the plan in a sealed envelope to then-national security advisor Michael Flynn. Cohen later denied delivering the envelope to anyone in the White House, according to the Washington Post. . . .”
7. Sater was “walking point” for the Trump business interests in their attempts at building in Moscow in the fall of 2015.
“ . . . . Sater worked on a plan for a Trump Tower in Moscow as recently as the fall of 2015, but he said that had come to a halt because of Trump’s presidential campaign. . . .”
8. Another interesting, close associate of Donald Trump was Felix Sater, who changed the spelling of his name, adding an extra “T” to avoid being recognized on internet searches. Reviewing information from FTR #936:
. . . ‘Satter’s’ name appears with just one ‘T’ in a host of places. There’s the deed to his home for example. It is also spelled with only one ‘T’ on New York State court papers from his 1991 felony conviction for stabbing a man in the face with the stem of a margarita glass. The name Sater with one ‘T’ also appears on federal court papers in a $40 million organized crime stock swindle he confessed to in 1998, a scheme that benefited him as well as the Genovese and Gambino crime families. The stock swindle involved fake stock brokerage firms using high-pressure tactics to get naive people to buy worthless shares from Sater and his mob friends. . . .
9.Trump’s close associate Felix was able to escape serious legal retribution by going to work for the CIA.
. . . . There is every indication that the extraordinarily lenient treatment resulted from Sater playing a get-out-of-jail free card. Shortly before his secret guilty plea, Sater became a freelance operative of the Central Intelligence Agency. One of his fellow stock swindlers, Salvatore Lauria, wrote a book about it. The Scorpion and the Frog is described on its cover as ‘the true story of one man’s fraudulent rise and fall in the Wall Street of the nineties.’ According to Lauria–and the court files that have been unsealed–Sater helped the CIA buy small missiles before they got to terrorists. He also provided other purported national security services for a reported fee of $300,000. Stories abound as to what else Sater may or may not have done in the arena of national security. . . .
Check out the person that appears to be emerging as the White House’s internal scapegoat for all the turmoil in recent days as a new cloud of paranoia envelops the White House staff amidst one report after another based on multiple anonymous White House sources: Reince Priebus. Yep, according to a recent report in the Washington Post reports, the Trump kids are convinced that Reince Priebus is one of the sources of all these embarrassing reports and their message to Trump is that Priebus has to go. It’s an interesting development. In part because Priebus, as one of the primary White House figures who comes from the traditional GOP ‘establishment’, really would be one of the primary suspects of any attempts to undermine the Trump administration but only if the rest of the GOP establishment gives him those orders. So you have to wonder if the Trump kids’ lobbying to get their dad to dump Priebus relfects a growing concern that the GOP establishment is getting ready to dump Trump:
“The makeup of Trump’s inner circle is the subject of internal debate, as ever. Ivanka Trump, the president’s daughter and senior adviser; Jared Kushner, her husband and another senior adviser; and first lady Melania Trump have been privately pressing the president to shake up his team — most specifically by replacing Reince Priebus as the White House chief of staff, according to two senior White House officials and one ally close to the White House.”
Melania is on the anti-Priebus bandwagon too? Ouch. But such fears and frustrations aren’t exactly outlandish given Priebus’s status as a key GOP establishment ‘outside’ inside the White House. After all, if there were other staffers the Trumps can’t trust Priebus would have been the person in charge of hiring them as the Chief of Staff. And if the broader GOP ‘establishment’ and its billionaire backers decide that Trump is becoming an obstacle to the fruition of their agenda and needs to be taken down, someone like Priebus would be very well positioned to help make that happen. It’s one of those situations where paranoia is pretty appropriate.
So while there were plenty of denials about this intra-White House conflict, it’s hard to take those denials seriously given the wave of anonymously sourced stories coming out of the White House. Especially given the reports that Congressional GOPers are blaming Trump for their own inability to pass any meaningful legislation, instead of blaming themselves for crafting legislation so horrible and unpopular that even GOPers can’t support it. If the GOP ‘establishment’ is going to scapegoat Trump, counter-scapegoating Priebus kind of makes sense:
Might Priebus finally be on his way out the door? This isn’t the first time there’s been reports of the Trump White House infighting without any eventual departures. But that lack of departures doesn’t mean those previous fights were resolved so as the tensions and paranoia in the White House continue to grow, along with the anonymous insider leaks, we probably shouldn’t be super shocked if Priebus is either shown the door or runs for the exits himself.
At the same time, given the incredibly bad optics the Trump administration is now facing following the disclosure of the meeting with the Russian lawyer — and the growing possibility that Trump is going to basically get convicted of colluding with Russia in the court of public opinion — and given the frustrations of the rest of the GOP — not to mention the GOP oligarchs — over the inability of Trump and the GOP on selling their agenda to the public, perhaps we shouldn’t be super shocked if Priebus’s time in the White House outlasts Trump. Especially now that Trump says he just learned about the June 9th, 2016 meeting days ago on the same day a GOP Senators reveals that the Senate Intelligence committee learned about this meeting back in April from Jared Kushner:
““This meeting was known because it was turned in in the background checks in April, actually, for Jared Kushner,” Lankford said on CNN. “So it was a known meeting at that point. Getting the emails and getting the details of that meeting was not known.””
The June 9th meeting was a known to the Senate Intelligence Committee since April, with Kushner being the source. And yet Donald Trump just came out and said he learned about this meeting “a couple of days ago”:
We’re basically one revelation away from getting to the point where Trump is caught in a lie. And sure, he’s caught in lies all the time, but this would be a pretty big one. And while that June 9th meeting with the Russian lawyer doesn’t at all prove that the Trump team and Russian government were colluding to execute and dissimenate the hacked Democratic emails, legally proving that case doesn’t really matter if the whole situation ends up making Trump simply look really, really guilty to the American public. And really, really sleazy.
So in addition to questions over whether or not pushing Reince Priebus out of the White House and doing a major staff overhaul is going to be one of the survival tactics the Trump team uses to try to circle the wagons and prevent insider leaks, those questions are paired with growing questions over how much more patience the GOP ‘establishment’ is going to have for Trump in general while the GOP policy agenda continues to fizzle. Because of the broader GOP establishment decides it’s time for Trump to resign it sure doesn’t look like it’s going to be very difficult for that ‘establishment’ to whip up any one of a number of potential Trump mega-scandals to force such a resignation. And someone like Reince Priebus is in just the right position to facilitate such an operation.
Just because you’re paranoid doesn’t mean they aren’t out to get you. Especially when the paranoia has been going on uninterrupted for months as the situation deteriorates and now everyone seems out to get everyone. That’s definitely an appropriate time for collective paranoia. Yuuuuuge paranoia.
And since starting a war or creating some other massive disaster to distract from the administration’s woes is one of the default tools in the Trump team’s toolbox as their situation gets more and more desperate, everyone else should probably be a little paranoid too.
Well, now we know how Peter W. Smith — the long-time financier of right-wing opposition research who talked about his efforts to put together a team that allegedly included Trump officials and was dedicated to finding hacked copies of Hillary Clinton’s emails — ended up dying just 10 days after he gave his interviews: Smith appears to have committed suicide due to health issues:
“However, the Chicago Tribune obtained a Minnesota state death record filed in Olmsted County that says Smith committed suicide in a hotel near the Mayo Clinic at 1:17 p.m. on Sunday, May 14. He was found with a bag over his head with a source of helium attached. A medical examiner’s report gives the same account, without specifying the time, and a report from Rochester police further details his suicide.”
Despite the blockbuster nature of the interviews Smith gave, the fact that he was 81 years old precluded any sort of mysteriousness about the guy’s death just days after giving those interviews to the Wall Street Journal. Death happens. And to Smith’s credit, that was one hell of a parting shot, although given the explosive nature of his story it’s still unclear who he was aiming for with that parting shot.
Fortunately, Politico just put out an article with some highly significant information about Smith’s operation that gives us a hint about why Smith chose to the interview at that point in time. The article is about the ‘Alt-Right’ network Smith’s operation teamed up with in their quest to find Hillary’s emails. Specifically, Charles C. Johnson, the far-right troll who runs the GotNews website and one of his partners. But that’s not all. Smith also reportedly reached out to “Guccifer 2.0”, the hacker persona who represents the public face of whoever did the DNC hacks, and Guccifer told Smith to contact a “White nationalist hacker in Ukraine”, which is almost certainly a reference to Andrew “the weev” Auernheimer who already is suspected of carrying out the “Macron hacks” and trying to make it look like Russia did it.
Not only that, but Johnson explicitly told Smith to contact Auerheimer too. Johnson also notes how he actually worked with Auerheimer in the past and talks about how there’s a hidden network of right-wing opposition researchers that he’s in contact with and he let them know about Smith’s efforts. Don’t forget that ne of the reasons Auernheimer is suspected of the Macron hacks is due to fact that the hacked documents first showed up anonymously on 4chan and people started leaving comments like “Weev… you’re doing the lord’s work”. So that’s a pretty big revelation.
Of course, this is all based on the accounts of people like Charles Johnson, so it has to be taken with a grain of salt. But as we’ve seen with the recent highly self-incriminating email dump by Donald Trump, Jr., as the investigations into the 2016 hackings unfolded there might be situations where the key players decide to get ahead of the news by spilling what they know. Especially if they thing the news is about to come out anyway from a different source. And that brings us to the clue left in the Politico article about why Smith may have chosen to give that interview when he did. First, note the comments from Johnathan Safron, Smith’s young assistant, in the above article where Safron states how he knew nothing about Smith’s attempts to track down Hillary’s emails:
Well, Safron is interview in the Politico article as well. As in that article Safron talks about how he wasn’t involved in Smith’s efforts but he was copied on the emails. And it was Safron’s discovery that Shane Harris, the Wall Street Journal journalist who did the interview with Smith, was view Safron’s LinkedIn profile (you can see who views your profile on LinkedIn, which seems like a horrible feature, but oh well). It was after Safron told Smith about this that Smith granted Harris the interview, suggesting the Smith was willing to talk simply to get ahead of a huge story that he was at the center of and suspected a journalist was now discovering.
As we can see, it’s a pretty important article in terms of understanding what Smith, and potentially the Trump team, was up to and why Smith may have decided to grant the interview in the first. And it’s a YUUUGE article if it’s true that “Guccifer 2.0” AND directed Smith towards “the weev”:
“The activists, the journalist-turned-entrepreneur Charles Johnson and his former business partner Pax Dickinson, agreed to help Smith’s quixotic mission, which failed to track down copies of Clinton’s emails. Johnson is a polarizing figure who was banned from Twitter in 2015 after promoting an effort to “take out” a Black Lives Matter activist but maintains ties to White House officials. Smith also reached out to “Guccifer 2.0”—an alias the U.S. intelligence community has linked to Russian state hackers—and was advised to seek the help of a white nationalist hacker who lives in Ukraine.”
“Seek the help of a white nationalist hacker who lives in Ukraine.” That’s the advice “Guccifer 2.0” apparently gave to Smith and unless there’s another prominent white nationalist hacker in Ukraine that he was referring to that was almost certainly a reference to Andrew Auernheimer. Especially since that’s the explicit advice Charles Johnson also gave to Smith:
Yep, Johnson and Auernheimer are indeed past collaborators. And it wasn’t that long ago either. Back in October 2015, Johnson and Auernheimer released on teh internet videos taken by a right-wing ‘journalist’, David Daleiden, of Planned Parenthood employees that were under a temporary court restraining order. Auernheimer claimed at the time that he was in Macedonia — an implied he was under the protection of “local militias” should US authorities try to extradite him — and also talked about what being a big fan of Charles Johnson (that’s right, Auernheimer claimes he was in Macedonia as of the fall of 2015...recall how Macedonia somehow became the epicenter of a pro-Trump ‘fake news’ operation).
So we already have very strong evidence that Auernheimer was behind the Macron hacks, which were also spear-phishing hacks like the DNC/Podesta hacks, and we know Auernheimer filled those Macron documents with “Russian” fingerprints. And now we learn that Chuck Johnson AND “Guccifer 2.0” both advised Smith to contract Auernheimer. And while Johnson’s friendship with Auernheimer would make him a a likely hacker that Johnson might recommend to Smith, keep in mind that the Macron hacks hadn’t taken place at this point so it’s not like Auernheimer would be an obvious person that “Guccifer 2.0” might recommend.
And then, finally, we learn from Johnathan Safron why Peter Smith may have chosen that particular time to give this explosive interview:
And then there’s this very strange twist at the end:
That’s some odd signaling from Safron. But overall it looks like Peter Smith may have revealed this operation for the simple reason that he was pretty sure it was going to be revealed anyway. Why not get out ahead of the story in that situation, which is exactly what he did...without ever mentioning Auernheimer, Chuck Johnson, or a lot of other highly relevant details.
All in all, while Smith’s age and failing health certainly make a health-based suicide plausible, it’s hard to ignore the possibility that maybe it wasn’t simply failing health and a last opportunity to share his rather amazing story with the world before he died. Smith may have done that interview because he had to in order to get ahead of the story that he feared was coming out anyway. And then killed himself 10 days later. So, you know, maybe Smith’s decision to do that interview and then make a ‘final exit’ wasn’t just about failing health.
With the number of figures from the Russian delegation growing by the day as we learn more about who attended the June 9th meeting between the Trump campaign and a delegation of Russian lobbyists — Rinat Russian American lobbyist , there was a piece at TPM that highlighted a potentially significance fact that could possibly explain the ‘keystone spies’ nature of that meeting: The June 3rd email from Rob Goldstone to Donald Trump Jr. came just one day after Hillary Clinton gave a notable speech charging Donald Trump with being overly cozy with Vladimir Putin. One day.
So when you consider how the comically over-the-top nature of Goldstone’s email strikes many as as Russian government casual fishing expedition to just test the waters and see if the Trump campaign would be open to Russian government help, keep in mind that one possible reason for that over-the-top language could have been to simply send a signal to the Trump campaign “Hey, the Russian government likes you...if the Clintons start making a big deal about your ties to Russia just keep in mind that we totally like you way more than her. Be nice.” And it would have been a signal sent even had the Trump campaign done what it should have done and blown off the over-the-top invitation.
Another possibility is that the Kremlin also has kompromat in Trump — seems extremely possible — and the purpose of the email was also intended to remind Trump of that, but in a very indirect way. A signal like, “hey, we got dirt on you, don’t let Hillary force you into an anti-Russian stance”. And it’s also possible that Goldstone’s email was intended to both be friendly and a warning.
In other worlds, the purpose of Goldstone’s initial email could have simply been to send a signal of “we like you guys, please be nice and don’t go all anti-Russian to fend on Hillary’s criticisms (and you’ll regret it if you do)” that was intended to be so over-the-top that the Trump campaign would have the good sense of not taking them up on their offer. That way, the Trump campaign and Russian government wouldn’t find themselves in exactly the situation they find themselves in today. But then the Trump campaign took them up on their over-the-top offer and the meeting had to happen.
Don’t forget, if we assume the Russian lobbyists really were representing the Kremlin, by arranging for this meeting and actually going through with it the Russian government was taking a pretty big risk. There was no guarantee that the meeting wouldn’t have been exposed somehow during the campaign. which could have been inflicted massive damage to Trump’s chances. And as the following TPM piece point out, the June 9th meeting took place just days before “Guccifer 2.0” started talking to the world and just a day after the DCLeaks website that Guccifer 2.0 used to disseminate the hacked materials made its first tweet to the world. So if the Russian government really was behind “Guccifer 2.0”, that June 9th meeting, it was engaging in remarkably risky behavior that was putting the chances of a Trump victory significant at risk. What if US intelligence agencies were tracking the movements of Natalia Veselnitskaya? Or Rinat Akhmetshin, the Russian American lobbyist suspected of GRU ties who we recently learned also attended the meeting? Having suspected Russian intelligence cut outs meeting with the Kremlin’s preferred candidate’s top campaign staff at Trump Tower days before your hacker persona starts talking to the world (while leaving all sort of hints of being a Russian) is some pretty cavalier spycraft. At the same time, if this whole meeting emerged from email that was intended to send a signal, but also intended to be rebuffed, the June 9th meeting sort of makes sense as something the Kremlin would have wanted to avoid but couldn’t avoid because the Trump campaign was too venal and corrupt to do the sane thing and just accept the friendly signal:
“But a close look at the timeline suggests that Donald Trump, Jr. took a meeting billed as an opportunity to learn information obtained as “part of Russia and its government’s support for Mr. Trump” at a moment when his father was taking heat from his opponent for his sunny view of Russian President Vladimir Putin, and shortly before the Kremlin’s disinformation and targeted leaking campaign against the Democrats began in earnest.”
The timing is rather remarkable:
And then, in the following days, we get Trump hinting at a big speech that will charge Hillary of having questionable ties to the Kremlin. The next day, DCLeaks makes its first tweet the world, and the next day there’s the now notorious June 9th meeting:
And keep in mind that when Trump finally that gave speech about Hillary, he didn’t have anything new. It was an actual “nothingburger”.
And, intrigingly, according to Sam Biddle, one of the first journalists Guccifer 2.0 reached out to days after that June 9th meeting, Guccifer 2.0 was pitching all sorts of different documents to Biddle from the giant cache of not-yet-released hacked emails. And none of the stories Guccifer 2.0 pitched to Biddle had anything to do with the “Hillary is getting dirty money from Russian oligarchs” information that Goldstone and Veselnitskaya were pitching to Trump, Jr.:
“This timing is interesting for two reasons. The extreme proximity of promised Hillary-related documents and the arrival of Hillary-related documents just days later suggests Guccifer 2.0 could have been part of the plan Goldstone alluded to over email. But secondly, although the documents were surely “official” in that they originated from within the Democratic Party, no one ever found anything in them that could be considered “information that would incriminate Hillary and her dealings with Russia.” It doesn’t appear that any of the documents released by Guccifer, whether in private to reporters like myself or on the web, pertained to or referenced whatsoever any “dealings” between Clinton and Russia. Guccifer was very eager to “pitch” documents to me that he believed would be particularly damaging or newsworthy (virtually none of them were), so it stands to reason that he would have pushed the Russia/DNC angle were he in possession of documents along those lines. Guccifer mentioned Russia only a couple of times, first to deny to me that he was Russian, and secondly that “maybe russians were among” those who had hacked the DNC. So there’s nothing directly tying the contents of the Guccifer emails I (and reporters at other outlets) received to the contents Trump Jr. et al. were promised in this week’s explosive email thread.”
So let’s just summarize some key facts here:
1. Rob Goldstone send the stunningly worded June 3rd email about the Russian government wanting to help the Trump campaign by handing over information on Hillary and dirty Russian money flows.
2. Donald Trump gives a June 7th speech that hints at dirty info on Hillary Clinton and Russia.
3. They have the June 9th meeting that the Goldstone emails suggest are supposed to yield information of that nature. Information that’s never come to light.
4. 6 days after that meeting, Guccifer 2.0 is reaching out to journalist, pitching all sorts of stories from the hacked emails. But nothing tying Clinton to Russia.
So given the widely held suspicions that this whole meeting was set up for the purpose of privately hammering out the details of how the Russian government and the Trump campaign were going to collude in disseminating the hacked DNC emails, if that scenario is true it would appear that the opening email Goldstone sent to Trump, Jr. has the strange juxtaposition of being extremely forthright about the Russian government wanting to help the Trump campaign by providing dirty info on Hillary but also completely mislead the Trump team about the nature of the info that being provided.
On the one hand, it makes a lot of sense that Goldstone wouldn’t divulge the nature of alleged dirty info in an email. But on the other hand, it makes very little sense that he would have been so open about “the Russian government wants to help you” if the Russian government was days away from unleashing “Guccifer 2.0” on the world. It’s just an incredible risk and one that would hand the Trump campaign. After all, whoever is behind “Guccifer 2.0” couldn’t have known in advance that all the “I’m Russian!” fingerprints would succeed in convincing most of the US public that the hacker was Russian. What if there was strong suspicion the Trump campaign was behind the hack and that become part of the media narrative that the Trump campaign had to deal with? The Russian government would have preemptively handed the Trump campaign an email that would have been incredibly useful for directing those suspicions back towards the Kremlin with Goldstone’s initial email. If the Kremlin was behind “Guccifer 2.0” and the June 9th meeting was actually a front for a Trump campaign-Kremlin meeting and the Kremlin was planning on unveiling “Guccifer 2.0” soon, that June 3rd Goldstone email is almost like a prearranged “get out of jail free” card for the Trump team in case it got any heat over the upcoming “Guccifer 2.0” campaign. But then Trump, Jr. totally screwed it up by not replying “Thanks, but no thanks! That would be wrong of us!” Of course, that’s assuming the Russian government would be totally cool about accepting the blame for such an inflammatory hacking operation. Of course, if we assume that this hacking operation was the Russian government all along and we assume that “Guccifer 2.0” and original hackers weren’t just completely incompetent operatives and left all those “I’m a Russian!” digital fingerprints by mistake, we would also have to be open to the idea that the Russian government would have intentionally handed the Trump campaign a “get out of jail free” card...that Trump, Jr. totally screwed up.
Also keep in mind that if the Trump campaign itself was being “Guccifer 2.0” or had already received the hacked documents from “Guccifer 2.0” (perhaps from “the weev?”), the question of how to disseminate the hacked materials without making the Trump team suspects would have been looming large on the minds of the Trump team’s leadership. And that email from Goldstone that may have been exactly what the Trump team would have needed in that situation: evidence that could be used to direct culpability back towards the Kremlin. It could explain both the incredible overlap in the timing of the emergence “Guccifer 2.0” as well as all the implausibly stupid “I’m a Russian” ‘mistakes’ that “Guccifer 2.0” made that pointed towards being a Kremlin hacker. ‘Mistakes’ that didn’t just include signing the hacked documents with the name of a Soviet spy chief in Cyrillic characters but also the strange way Guccifer talked. Don’t forget, while “Guccifer 2.0” claimed to be Romanian, sometimes they wrote with mistakes that seemed kind of Russian/Eastern European-ish and sometimes in perfect English. And while this has often been interpreted as being a ‘mistake’ by sophisticated Russian intelligence agencies, for some reason the idea that “Guccifer 2.0” was a native English speaker trying to seem Russian never seemed to get serious consideration:
““All I can say is: no smoking gun here,” Connolly said in an email. “The English is very East Euro web talk, which Russians and Romanians and all Eastern Europeans share but, as I’ve pointed out already, many of the traits are non-Russian.””
That was the take from at least one language specialist: “Guccifer 2.0” was showing all sort of linguistic signs. They couldn’t speak Romanian. They sometimes showed signs of Russian/Eastern European English mistakes that wouldn’t be consistent with a Romanian speaker’s English mistakes. And they sometimes spoke perfect English:
So if we are to believe that the GRU created “Guccifer 2.0” as a fake “Romanian” hacker front for the purpose of keeping suspicions away from Russia, we would have to assume the person behind this persona not only couldn’t speak Romanian correctly, but they also sometimes accidentally spoke perfect English. And had certain key phrases for expected questions that they decided to prepare in perfect English for some reason. But when this GRU persona got unexpected questions they kept botching their cover and revealing Russian/Eastern European idiosyncrasies. That’s the scenario we’re supposed to accept at face value.
But for some reason the possibility that “Guccifer 2.0” is an English speaker trying to seem like a Russian never gets seriously considered. Yet just days ago we have reports that Peter Smith’s team of opposition researchers — a team that included Trump campaign officials — contacted Guccifer 2.0 who told them to contact Andrew “the weev” Auernheimer, an American neo-Nazi hacker who is the prime suspect behind the Macron hacks that also included fake “I’m a Russian” fingerprints. And Charles Johnson, the far-right “GotNews” troll, told Smith’s team to contact “the weev” and that he was in contact with a hidden “alt-right” network of opposition researchers”. And it’s a very good bet that Charles Johnson was in regular contact with the Trump team well before Smith reached out to him.
So if “Guccifer 2.0” was either a Trump campaign operative or already working with the Trump campaign before that June 3rd email from Goldstone was ever sent, you have to wonder if that apparent overture from the Kremlin could have played a decisive role in “Guccifer 2.0” suddenly showing up and acting like a Russian pretending to be a Romanian shortly after that June 3rd email.
At the same time, it’s important to recall that the “I“m a Russian!” digital fingerprints on this whole operation didn’t first emerge with Guccifer 2.0’s strange language and the Cyrillic meta-data in the documents. The first “I“m a Russian!” digital fingerprints happened when the original hacks took place. That included malware that shockingly had the IP address of the command and control server hard coded into the malware code. And IP address was the same one used in the 2015 hack of the German Bundestag. And the command and control server was itself vulnerable to hacking because it was using the version of OpenSSL that was vulnerable to the Heartbleed attack. And that vulnerability, which would have left that command and control server (that’s assumed to be under APT28/Fancy Bear control) open to a third party attack, was disclosed to the world in June of 2015, shortly before the initial DNC hack began in the fall of 2015 (and the DNC hacker hardcoded the IP address to this server, thus ensuring suspicion would fall back on APT28/Fancy Bear):
“Interestingly, the artifact bundles a copy of OpenSSL 1.0.1e, from February 2013, which causes the unusually large size of the binary. More importantly, the Command & Control server (176.31.112.10) also appears to be using an outdated version of OpenSSL and be vulnerable to Heartbleed attacks. While unlikely, it is worth considering that the same C&C server might have been the subject of 3rd-party attacks due to this vulnerability.”
Yep, while it may have been unlikely in June of 2015 when this analysis was published that the command and control server at the 176.31.112.10 ip address was subject to a 3rd party attack (and therefore not actually being used by the Sofacy/APT28 group assumed to control it but someone else), it’s hard to say that it would have been unlikely after this vulnerability was published. Wouldn’t it be likely at that point? And the DNC hacks are presumed to have started shortly after this...with the same email address hard coded into the DNC hack malware.
It’s also important to recall that there was a later “hack” of the Bundestag that committee that was investigating the NSA/Snowden Affair that was widely attributed to the Bundestag. It was quietly acknowledge was likely an inside leaker. But there does appear to be an actual Bundestag hack that took place.
Still, even if whoever did the DNC hack really was a third party hacker who took control of that command and control server after it was revealed to the world that this was an option, it’s still the case that the world hadn’t yet officially attributed APT28/Sofacy/Fancy Bear to the Russian government. That happened in May of 2016 when the German government officially declared APT/Sofacy/Fancy Bear to be a Russian government operation:
“The Bundesamt für Verfassungsschutz (BfV), which oversees domestic security, has pointed the finger of blame at PawnStorm, an infamous APT group believed to work directly for the Russian state.”
As of May of 2016, it was “official” that APT28/Fancy Bear was a Russian government operation. Which means anyone who may have commandeered that vulnerable command and control server to carry out the DNC hack would obviously want to make it look like they were Russians if they were going to create a public persona.
While this might seem like getting deep into the weeds, these are important details to point out because if the Trump campaign, or a non-Russian government affiliate, was indeed behind the DNC hacks, you wouldn’t necessarily expect them to frame the Russian government given the Trump family’s long history with Russia. But it would make A LOT of sense to frame Russia if your hacker commandeered a server that was pinned on Russia by the German government.
On a related not, you also have to wonder if the German government is the unnamed government that provided the “critical technical evidence” the US intelligence agencies used to conclude it was Russian hackers? Being the first government to public finger Russia after ostensibly the same hackers hacked the Bundestag the year before certainly suggests it could be Germany. Given all the problems with that technical analysis it might explain why the NSA expressed reservations about their conclusions.
Anyway, that’s all part of why whoever carried out the DNC hacks had a strong incentive to make it look like it was the Russian government behind it if indeed it was carried out by non-Russian government hackers. And this was the case as of May of 2016 when the German government formally charged the Russian government, but even still before then since so many cybersecurity analysts were long-suspecting the Russian state of being behind APT28/Fancy Bear.
So when Rob Goldstone sent that amazingly conspicuous June 3rd email saying the Russian government wants to help the Trump campaign, if the Trump campaign was sitting on a bunch of hacked emails and trying to determine what they were going to do with them, you have to wonder if that was the point when they may have decided to create a ‘Romanian’ (but very Russian-seeming) “Guccifer 2.0” persona, fill the documents with more Russian “fingerprints”, and just dump everything on the internet.
@Pterrafractyl–
In the “Russia-gate” counter-intelligence deception, it is important to remember that Rob Goldstone is a Rupert Murdoch protege.
Donald Trump, Jr. is also an “Alt-right” patron, as we have seen in FTR #927. https://spitfirelist.com/for-the-record/ftr-927-the-trumpenkampfverbande-part-6-locker-room-eclipse/
Roger Stone, BTW, was guided into political waters by Roy Cohn, the Joe McCarthy protege. https://consortiumnews.com/2016/06/19/how-roy-cohn-helped-rupert-murdoch‑2/
” . . . .However, in the years before he died, Cohn gained some measure of revenge against his liberal enemies by helping to elect Ronald Reagan. Roger Stone, another Cohn associate, has asserted that at Cohn’s initiative he delivered an apparent bribe to a leader of New York’s Liberal Party in 1980 to arrange the endorsement of independent candidate John Anderson, who then siphoned off 7.5 percent of the vote and opened the way for Reagan to carry New York against President Jimmy Carter. . . .”
It was McCarthy who introduced Murdoch to Reagan and helped initiate the right-wing GOP media attack colossus. https://consortiumnews.com/2016/06/19/how-roy-cohn-helped-rupert-murdoch‑2/
Robert Parry also has an interesting piece on the “Kremlin” lawyer who figures in the DT, Jr. gambit.
https://consortiumnews.com/2017/07/13/how-russia-gate-met-the-magnitsky-myth/
All of which is to say that, when the bells and whistles stop turning, one finds the far right and intelligence service–Felix Sater, Andrew Auerenheimer and friends.
Best,
Dave
Here’s something to consider as destructive cyberbombs are being preemptively placed on networks as a form of cyber-MWDs and the US settles into a ‘Cold War’ modality with Russia: If any skilled hacker on the planet manages to hack a US nuclear power plan, that ‘cold war’ might heat up pretty fast whether Russia was behind it or not...especially if there’s a meltdown:
“The Washington Post reported Saturday that U.S. government officials have already pinned the recent nuclear cyber intrusions on Russia.”
As we should expect, the successful phishing campaign against nuclear plant employees has already been attributed to Russia. And, who knows, maybe it really was Russian government sponsored hackers, possibly in response to the reports about the US planting of ‘cyberbombs’ on Russian networks in retaliation for the 2016 US election hacks blamed on Russia. But, of course, maybe it wasn’t Russian:
Still, it’s a pretty alarming situation regardless of who was behind it, in part because it’s an example of how potentially vulnerable things like nuclear plants are to any hacker, state-backed or not:
And as we’re going to see with the very strange case of Devon Arthurs — a neo-Nazi-turned-Muslim who murdered two of his neo-Nazi roommates back in May — and Brandon Russell — Arthurs’s third roommate who was found with possessing bomb-making materials, radioactive substances and a framed picture of Timothy McVeigh after police searched their residence — if we’re looking for a group that’s likely to actually try to cause a nuclear meltdown and all the death and destruction that goes along with it, it’s probably not the Russian government we have to worry about:
“He said Russell studied how to build nuclear weapons in school and is “somebody that literally has knowledge of how to build a nuclear bomb.””
A neo-Nazi that literally has knowledge of how to build a nuclear bomb. That’s how Devon Arthurs, a neo-Nazi-turn-Muslim who killed two of his neo-Nazi roommates, characterized Brandon Russell. But Russell’s nuclear interests were limited to building bombs according to Arthur. He also wanted to fire nuclear-tipped mortars at Miami’s nuclear power plant to create a mass disaster...as part of a plan to create a Fourth Reich:
And Arthur claimed to police that it was these terrorist plots that, in part, prompted him to kill his roommates (although not Russell):
Also note that while the judge initially released Russell, saying there wasn’t evidence to back Arthurs’s claims, he reverse that ruling a day later.
So was Devon Arthurs just making stuff up to the police is or is there some truth to the claims? Well, finding explosive and radioactive materials certainly lends some credibility to them:
Well, as the following article notes, the apartment these four neo-Nazis shared included a frame picture of Timothy McVeigh, enough explosives to create a bomb, and Russell himself admitted to belonging to a group call Atomwaffen, which is German for “atomic weapon”.
On the other had, Russell, and the rest of Atomwaffen, got quite a testimony about their good character...from Andrew “the weev” Auernheimer. Yes, Auernheimer, who happens to be the kind of skilled hacker who actually might have the ability to trigger a nuclear melt down someday, wrote about the whole incident on The Daily Stormer. According to Auernheimer, the two killed roommates were “friends of friends” and the “Atomwaffen are a bunch of good dudes. They’ve posted tons of fliers with absolutely killer graphics at tons of universities over the years. They generally have a lot of fun and party”:
“In the apartment with the victims’ bodies on Friday, investigators found Nazi and white supremacist propaganda; a framed picture of Oklahoma City bomber Timothy McVeigh; and explosives and radioactive substances, according to the court documents.”
That sure sounds like the kind of stuff one would find in the apartment of someone with horrible plans. But according to neo-Nazi elite-hacker Andrew Auernheimer, the only problem in this situation was Arthurs posing “Muslim terrorist propaganda” on the Daily Stormer’s forums. Otherwise these Atomwaffen guys were great!
And don’t forget, if any neo-Nazi hacker is capable of successfully taking down a nuclear plant, perhaps as part of a larger coordinated neo-Nazi attack or or just on his own, it’s Auernheimer.
And in case it’s not obvious that Auernheimer shares in the McVeigh worship, it should be obvious now that he recently proposed crowd-funding a McVeigh monument:
“More recently, neo-Nazi Andrew ‘Weev’ Auernheimer, who writes for the racist web site “Daily Stormer,” said he was serious in proposing a crowd-funding account to raise money to build a “permanent monument” in a memorial grove honoring McVeigh.”
So, yes, while it seems very unlikely that the Russian government would resort to triggering nuclear meltdowns given the extreme retaliation that would follow, there’s no shortage of groups that just might be willing to trigger a meltdown and just might have the capacity to do so. Whether it’s a hack attack from someone like “the weev” or just a friend of the weev who happens to be a good shot with high-explosive mortars.
Is is possible that the “Command & control” server used in the DNC server hacks was not only hacked and under 3rd party control during the 2015–2016 DNC hack but also the 2015 Bundestag hack? As we’re going to see, it’s possible.
First, here’s something to keep in mind regarding the German government’s public attribution in mid-May of 2016 that APT28/Fancy Bear is a Russian government hacking group and was responsible for 2015 Bundestag hack: As security analyst Jeffrey Carr notes in the piece below, when Germany’s domestic intelligence agency, the BfV, issued a report in January of 2016 that attributed both APT28 and APT29 to the Russian government, the report didn’t appear to reference any classified information. The conclusions appeared to be based on exactly the same kind of technical ‘clues’ that were used for attribution in the 2016 DNC hacks. And as Carr also points out, relying on those technical ‘clues’ is a rather clueless way to go about attribution:
“While it’s natural to think of Sofacy as a group of individuals, it’s more like a group of technical indicators which include tools, techniques, procedures, target choices, countries of origin, and of course, people. Since most bad actors operate covertly, we are highly dependent on the forensics. Since many of the tools used are shared, and other indicators easily subverted, the forensics can be unreliable.”
Yep, when cybersecurity firms publish reports about some “APT” (Advanced Persistent Threat) group, they’re not actually reporting on a specific group. They’re reporting on similar technical indicators that suggest an attack could have been the same group that did a previous hack, but that’s largely it.
And if those technical indicators include code that’s available to 3rd party hackers and servers that have already been hacked or show vulnerabilities to hacking, as is the case with the 176.31.112[.]10 Command & Control server used by “APT28” in both the DNC server hack and the Bundestag hack (with that IP address hard coded in both cases), those technical indicators are indicative of very little other than some group might be up to their old tricks or some other group is copying (or framing) them:
“he existence of a known security vulnerability that’s trivial to exploit opens the door to the possibility that the systems in question were used by one rogue group, and then infiltrated by a second rogue group, making the attribution process even more complicated. At the very least, the C2 server should be considered a compromised indicator.”
And yet, despite these glaring issues with the technical indicators, when Germany’s BfV issued a report in January of 2016 pinning the blame for the Bundestag hacks on the GRU and FSB is an assumption based on technical indicators alone:
So it looks like the BfV’s attribution that the Russian government was behind the “APT28” Bundestag hack wasn’t a very solid attribution.
And don’t forget that the attribution of the Bundestag hack is A LOT easier to make than the attribution of the DNC server hack. Why? Because after the Bundestag hack happen there was lots of discussion of it in the cybersecurity press, and that included discussion of how the Command & Control server at the 176.31.112[.]10 IP address was vulnerable to the Heartbleed attack.
But how to do know that the server wasn’t being used by third parties during the Bundestag hack too? After all, there’s not only was the the same 176.31.112[.]10 Command & Control server used in both hacks, but that IP addresses was hard coded into the malware used in both attacks. In other words, “APT28” was already acting rather ‘buggy’ during the Bundestag hack and hackers had been seeking out Heartbleed-vulnerable servers almost immediately after Heartbleed was disclosed:
The problem is insidious...Now it is amateur hour. Everybody is doing it.”
Everybody is doing it. That was the situation in April of 2014 after scanning tools that allowed people to scan the web for vulnerable servers. And yet the APT28 server used in both the Bundestag hacks and the DNC server hack was still apparently vulnerable to Heartbleed in 2015!
So, again, was the Bundestag hack even done by “APT28” or just some random group that hijacked a server that had been previously attributed to APT28-ish behavior? It’s a pretty crucial question. Especially when you consider the article below from June of 2015 (before the DNC server hack) that explicitly pointed out how the server at 176.31.112[.]10 inexplicably hard coded into the Bundstag hack malware was vulnerable to Heartbleed. Not only does the article point out this vulnerability, but is also notes how the use of the particular malware “XTunnel” that was communicating with that server was not at that time a known technical indicator associated with APT28. In other words, the malware with the oddly hard coded IP address to the Heartbleed vulnerable server was new behavior for APT28:
“While the evidence presented strongly suggests a connection with the Sofacy Group, the artifacts (in particular Artifact #2) are not publicly recognized to be part of the more traditional arsenal of these attackers.”
“Artifact #2” — the “Xtunnel” malware with the 176.31.112[.]10 hardcoded IP address — is “not publicly recognized to be part of the more traditional arsenal of these attackers.” It’s all rather odd.
And note that “XTunnel” was amateurish and widely available for any hacker:
“APT28 relied on XTunnel, repurposed from open source code that is available to anyone, to open network ports and siphon data. The interesting thing about the software is its failure to match the level of sophistication claimed for APT28. The strings in the code quite transparently indicate its intent, with no attempt at obfuscation. [12] It seems an odd oversight for a nation-state operation, in which plausible deniability would be essential, to overlook that glaring point during software development.”
So if “APT28” did the Bundestag hack, they suddenly changed their behavior by using unsophisticated code communicating with a server that had been open to 3rd party hijacking for well over a year. Pretty odd!
And note in the June 2015 netzpolitik.org how that same 176.31.112.10 had previously been attributed to Sofacy/APT28/Fancy Bear by the cybersecurity firm root98. And report with an abundance of flaws:
“While the report appears to contain numerous inaccuracies, some of the indicators of compromises are legitimate and appear to be correctly attributed to Sofacy.”
Yep, just weeks after the Bundestag hack, a really flawed report from root98 claimed to associated that same command & control server with Sofacy. And while the netzpolitik.org article described the report as largely correct despite the inaccuracies, other experts weren’t so impressed:
“However, according to an analysis of the domains reportedly used by the criminals in the planned attack, perhaps root9B should clarify what it means by APT. Unless the company is holding back key details about their research, their definition of APT can more accurately be described as “African Phishing Threat.””
As far as Brian Krebs can tell, root98’s attribution to Sofacy/APT28/Fancy Bear of a particular looming attack on one of their clients (a preemptive defense) was based on some shared domain name server between past hacks attributed to Sofacy and the hackers they were observing on their client’s systems. And as Kreb’s point out, that shared domain name server had plenty of other ‘badness’ associated with it. Including Nigerian phishing scammers:
Were the hackers root98 identified as ‘Sophacy’ just a bunch of Nigerian scammers? Or perhaps hackers that utilized some of the same infrastructure, like domain name servers, with Nigerian scanners? That’s the conclusion Brian Krebs and others arrived at after reading the report.
And if you download the report (available here, although be sure to only click the green “Download” button and not all the ads that are trying to get you to download freeware/spyware) you will find them referencing that same 176.31.112.10 IP address as the command & control server they attribute to Sofacy/APT28/Fance Bear. It’s just one more example of how that 176.31.112.10 server keeps getting attribute to APT28 on rather questionable grounds.
Now, it’s entirely possible that a Russian hacking group APT28 was operating the 176.31.112.10 and running all sorts of hacking campaigns from it. But the point is that technical indicators used to attribute a hack to that group aren’t exactly compelling. Especially when that server is open to the Heartbleed attack. And especially when that server’s vulnerability to the Heartbleed attack is published for the world to read about. And in the case of the DNC server hack in the fall of 2015, that vulnerability was published. It was known.
But even for the Bundestag hack, which happened before that Heartbleed vulnerability was published for that specific server, it’s not like there were hacking groups systematically scanning the internet looking for vulnerable servers. And as we saw in the netzpolitik.org article, the Bundestag hack’s use of the relatively unsophisticated “XTunnel” malware and the hardcoded IP address were not ‘artifacts’ previously associated with APT28.
Sure, it’s possible that a Russian government hacking group is intentionally using unsophisticated malware for some mysterious reason that doesn’t hide what its doing and hard codes the IP address to the command & control server that’s vulnerable to a Heartbleed attack. It’s possible. It’s just very possible that it was someone else. For both the DNC hack and the Bundestag hack, which is a pretty big deal with it comes to the business of attribution. Especially when the attribution of the DNC hack refers to the attribution of the Bundestag hack.
Uhhhh....so Donald Trump is now tweeting about his “complete power to pardon”. Seriously, he’s actually tweeting about it:
“While all agree the U. S. President has the complete power to pardon, why think of that when only crime so far is LEAKS against us.FAKE NEWS— Donald J. Trump (@realDonaldTrump) July 22, 2017″
We’ve crossed the Rubicon. Via Twitter. Maybe. We’ll see. It sort of depend on how the US collectively responds to a president acting as guilty as he possibly could.
And while this behavior is no doubt going to be seen as an admission that ALL of the suspicions related to Russian interference in the US election is true, it’s important to keep in mind what events preceded this sudden pardon talk. It wasn’t the investigation in the 2016 election hacks. It’s the talk that Special Counsel Robert Mueller is going to be looking into Trump’s long and shady business history with Russian oligarchs and mobsters. A history that appears to involve using Trump properties as money-laundering vehicles. Once Trump got wind that that whole history was going to become part of the Russian collusion probe, that’s when we started getting reports about Trump’s sudden interest in pardons.
And this is all part of why it’s so important to recognize all the variously clues that point towards the 2016 hacks being done by someone trying to leave “I’m a Russian hacker!” clues and, in the case of the APT28/Fancy Bear hacks, being done by someone using a hacked a server that had been previously identified as an APT28 server. Because while it’s entirely plausible that someone — like maybe neo-Nazi hacker Andrew Auernheimer or maybe someone Roger Stone delegated to carry out the hacks — who wanted to help the Trump campaign, but who wasn’t familiar with his extensive history dealing with shady Russian mobster characters, would have thought it was a good idea to carry out a hack and make it look like some Russians did it, it’s a lot harder to imagine that actual Russian government or Russian underworld figures would have done the same thing. Even if the Russian government and mob wanted to help Donald Trump win. Because as the following piece by Craig Unger extensively documents, if there was one area of Donald Trump’s past he really wouldn’t want to draw attention to when running for public office, that would be his history as a Russian money laundromat. And the Russians using his laundromat services presumably wouldn’t be super happy to draw attention to this either:
“But even without an investigation by Congress or a special prosecutor, there is much we already know about the president’s debt to Russia. A review of the public record reveals a clear and disturbing pattern: Trump owes much of his business success, and by extension his presidency, to a flow of highly suspicious money from Russia. Over the past three decades, at least 13 people with known or alleged links to Russian mobsters or oligarchs have owned, lived in, and even run criminal activities out of Trump Tower and other Trump properties. Many used his apartments and casinos to launder untold millions in dirty money. Some ran a worldwide high-stakes gambling ring out of Trump Tower—in a unit directly below one owned by Trump. Others provided Trump with lucrative branding deals that required no investment on his part. Taken together, the flow of money from Russia provided Trump with a crucial infusion of financing that helped rescue his empire from ruin, burnish his image, and launch his career in television and politics. “They saved his bacon,” says Kenneth McCallion, a former assistant U.S. attorney in the Reagan administration who investigated ties between organized crime and Trump’s developments in the 1980s.”
As we can see, Donald Trump’s business empire has been relying on money flows from the former Soviet Union for decades:
And despite all that Russian money throughout the 80’s and 90’s, Trump still ran into trouble. And when he did, there was more Russian money to save him:
And when he started the new TV celebrity phase of his career in 2004, there was even more Russian money. And a growing relationship with Bayrock Group LLC and the now notorious Felix Sater:
And ALL of this is part of the public record. It’s part of why it’s amazing Trump ran for president at all. This is all part of the public record. But it’s even more amazing if the Russian government pulled off a series of high profile hacks intended to become the center of the 2016 campaign using some sort of joke hacking campaign that leaves all these “I’m a Russian hacker!” clues.
It’s all one more big reason to seriously look in the direction of a pro-Trump hacker who may not have been fully aware of just how deeply intertwined Trump’s past is with Russian money — a hacker like Andrew Auernheimer — who carried out the hacks and thought they were being clever by framing the Russians but didn’t have having any idea just how incredibly risky such a scheme would be for Trump if he actually won.
It’s also all a pretty big explanation of why Trump is now openly talking about his pardoning powers and threatening Rober Mueller about not looking into his past business practices. There are decades of potential money-laundering charges and other corrupt practices that are just waiting to be unearthed. And all because of the incredible amount of attention being given towards Trump’s Russian ties. And that incredible amount of attention is primarily due to an incredibly high profile hacking campaign with ‘Russian fingerprints’ all over it.
And that’s all also part of what makes this whole situation so remarkable: Trump had to know how incredibly vulnerable he would be to investigations into his past as a Russian money laundromat, and yet he stacked his campaign with people like Paul Manafort or Carter Page who, themselves, had highly questionable histories with shady Russian money and then Trump does highly conspicuous things like asking Russia to hack Hillary Clinton’s emails in the middle of the campaign. And that’s another important behavioral pattern when assessing the suspects for the hacks: while it would make little sense for either the Russian government, the Russian mob, or the Trump campaign to draw undo attention to their long history, it’s undeniable that the Trump campaign was routinely drawing attention to exactly that history by their conspicuous staffing and behavior. The Trump team apparently didn’t realize this would be a big deal. So while it’s possible a pro-Trump hacking operation that didn’t know about Trump’s vulnerability with his past ties to Russia might conduct the hacks and frame Russia, even if the hack was done by the Trump team itself we still can’t rule out that the Trump team may have done the hacks in way to frame the Russians. Because that’s just how cavalier the Trump team has been about all this stuff from the beginning.
So one of the big questions now is just how wide spread is this pardon-o-rama going to get. Because one of the best ways to pardon himself and his family is to obscure all that in a maelstrom of pardons that could include all sorts of people. So why stop at just Trump and his family? This could becoming a new family business. Think about all the people who would love a pardon! How about the rest of the GOP leadership that may have participated in sort of Trumpian coverup. How about the hacker? Or maybe like 10 random people behind bars every day with questionable prosecutions? That could play well. Heck, he could start a TV show where people plead for a pardon. And who knows, Trump is always talking about prosecuting Hillary Clinton or Barack Obama for whatever crimes they allegedly committed. Maybe he’ll pardon them for their fantasy crimes? That would sort of sweeten the deal. Or how about all the leakers. He’ll just declared a blanket pardon for them at the same time he pardons himself. Who knows where this can go, but the pardon-o-rama won’t be able to continue without Trump pardoning himself first.
Trump the Merciful. It has a nice ring to it. Although he’d have to drop the GOP’s merciless policy agenda and have a personality transplant to really fit the role so hopefully that’s also under consideration.
Here’s a set of articles about the strange tale of the ‘peace plan’ that was apparently hatched by a Ukrainian politician (reportedly with ties to the Kremlin, although, as we’re going to see, the guy has ties to the virulently anti-Russian “Right Sector” neo-Nazi militia) and arranged by Felix Sater and the Trump attorney Michael Cohen: First off, it’s worth noting that Cohen and Sater apparently knew each other going all the way back to their teen years growing up in the same neighborhood:
“And TPM now has learned from conversations with both Sater and Cohen that the two men know each other dating back to their teenage years, when they were acquaintances from nearby towns on Long Island. Both went on to make their fortunes in real estate, eventually working with the same big-name businessman—although they insist that neither helped the other land his gig with the Trump Organization.”
Who knows how relevant this childhood tie is between Sater and Cohen but it’s certainly worth keeping in mind. Especially when we learn about the odd tale of that Ukrainiant peace proposal:
So that’s an interesting new twist about Sater and Cohen. But here’s a relatively old twist about that Ukrainian peace proposal that just hasn’t gotten much notice: Remember how that meeting was widely characterized as being an attempt to set up a back channel between Trump and the Kremlin? And still largely is suspected of that to this day? And remember how the Ukrainian politician in question, Andrey Artemenko, was widely reported as belonging to a “pro-Putin” party? Well, check out this peace on Artemenko that showed up in Foreign Policy back in April. It turns out that while Artemenko is indeed an Eastern Ukrainian politician, which was seen as an indicator that, of course, he’s a pro-Russian Ukrainian. Except he’s a member of the far-right anti-Russian “Radical Party” and has close ties to “Right Sector”, one of the most anti-Russian groups in the country:
“In the aftermath of the report, Artemenko was forced out of his political faction in Ukraine, the far-right Radical Party, and the Prosecutor General’s Office of Ukraine has opened an investigation into whether his diplomatic outreach, which was done without Kiev’s approval, constitutes treason.”
Yep, Artemenko was a member of the virulently anti-Russian Radical Party. And he has ties to one of the more violent neo-Nazi anti-Russian groups operating in the country, Right Sector/Pravy Sektor:
So while his criticisms of Petro Poroshenko helped frame him as a pro-Russian politicians, don’t forget that the Ukrainian far-right criticizes Poroshenko all the time. And threaten to “march on Kiev”.
And like Sater in the TPM interview, Artemenko confirmed that it was Sater who arranged for the meeting. And he also claimed to the New York Times he received encouragement from top aides to Putin. Claims the Kremlin denies. And yet Artemenko asserts to to Foreign Policy that he had no contacts with any Russian officials (which would obviously complicate an reception of encouragement from Putin’s top aides):
So that’s all rather interesting. And contradicting. Here’s more on what he said to the New York Times about that Kremlin encouragement for the peace plan:
““A lot of people will call me a Russian agent, a U.S. agent, a C.I.A. agent,” Mr. Artemenko said. “But how can you find a good solution between our countries if we do not talk?””
A US agent? CIA agent? Russian agent? How about Ukrainian far-right agent? How about a Ukrainian far-right agent arranging a meeting at the behest of an FBI/CIA informant Felix Sater? That seems like a more accurate characterization of Mr Artemenko.
So that all adds a rather fascinating twist to the question of what role Felix Sater is playing with the Trump team’s contacts with the former Soviet Union. He clearly has ties to Russian figures, but they also clearly aren’t limited to Russia and he appears to have set up a meeting with a far-right anti-Russian Ukrainian politician and apparently has no problem with the widespread reporting of this meeting as being on behalf of the Kremlin. Because, sure, it’s possible the Kremlin’s denials of any knowledge or “encouragement” of this peace plan meeting and panning of it as absurd is false and they really did endorsement such talks. But considering the nature of the proposal — Russia gets to “lease” Crimea for 100 years, which doesn’t seem like an offer it would want at this point it sure seems extremely possible that a politician with an intensely anti-Russian pedigree simply made up the “Putin’s top aides encouraged me” line in order to obscure the nature of a meeting that was actually a way of Ukraine’s far-right passing something along to Trump. And Felix Sater set it up.
@Pterrafractyl–
BRILLIANT! So it is actually a Pravy Sektor-linked Ukrainian pol who is the pivot man for this “op.”
Great, great work!
Keep it up!
Best,
Dave
Here’s a quick correction to the above comment that highlighted how the APT28/Fancy Bear malware pointed towards the same 76.31.112.10 command & control server IP address of the malware used the 2015 Bundestag hack and has that Bundestag hack indicated a server that was still vulnerable to the Heartbleed hack. The correction actually makes the hack by APT28/Fancy Beear more suspicious, so it’s a pretty important correction, and it’s followed by some new info.
First, the correction:The hack of the DNC server by APT28 didn’t happen in the Fall of 2015. It happened in March of 2016. The hack that happened in the fall of 2015, which the FBI casually informed the DNC about in September, was a phishing hack done by APT29/Cozy Bear/The Dukes. And that indicates that whoever was operating that 76.31.112.10 command & control server would at least have had six extra months to patch that Heartbleed vulnerability before the March 2016 hack was launched vs if they had initially launched them in the fall of 2015. It’s important to note given that March of 2016 is a lot more time to patch something like that compared to the fall of 2015 when that Heartbleed vulnerability on that server was published in teh summer of 2015 reports on the Bundestag hack.
But let’s not forget that what tied the DNC APT28 hack to the Bundestag hack was the curious hardcoding of the 76.31.112.10 IP address into the malware in both cases, which suggests that whoever carried out the Bundestag attack was also behind the March 2016 DNC hack. So, in that sense, the window of opportunity — the window for to hack into that server after that Heartbleed vulnerability was published in the various reports on the Bundestag hack — is kind of moot if other clues suggest it was the same person/group who carried out both hacks. And let’s also not forget that the 76.31.112.10 server was vulnerable to getting scanned as ‘Heartbleed vulnerable’ for over a year before the Bundestag hack took place because any server was vulnerable to the ‘Heartbleed’ attack going back to 2014 when systematic scanning for vulnerable servers across the internet was already underway.
But here’s what makes the APT28 hack extra suspicious if it happened in March of 2016 vs fall of 2015: While the German government maybe have officially declared APT28 a Russian government hacking group in May of 2016, this charge was more quietly level by Germany’s BfV in newsletter it released in January of 2016. So if the GRU was truly running that 76.31.112.10 command & control server, it apparently decided to use the same malware as it used in the Bundestag hack with the same hardcoded IP address to the same server even after the Germany government was started to officially declare APT28 a GRU-run operation, which is some really, really bad operational security:
“Problem #3: The BfV published a newsletter in January 2016 which assumes that the GRU and FSB are responsible because of technical indicators, not because of any classified finding; to wit: “Many of these attack campaigns have each other on technical similarities, such as malicious software families, and infrastructure—these are important indicators of the same authorship. It is assumed that both the Russian domestic intelligence service FSB and the military foreign intelligence service GRU run cyber operations.””
So, again, an APT28 hack in the fall of 2015 is pretty suspicious given the peculiarities with the actual malware employed like the hardcoded IP address and the Heartbleed vulnerable server. But an APT28 in March of 2016 is REALLY suspicious because those same malware digital “fingerprints” had just been attributed to a Russian government hacking operation two months earlier and the same “fingerprints” were left in the DNC hack!
Anyway, here’s a source for that timeline correction::
Only in March 2016 did Fancy Bear show up — first penetrating the computers of the Democratic Congressional Campaign Committee, and then jumping to the D.N.C., investigators believe. Fancy Bear, sometimes called A.P.T. 28 and believed to be directed by the G.R.U., Russia’s military intelligence agency, is an older outfit, tracked by Western investigators for nearly a decade. It was Fancy Bear that got hold of Mr. Podesta’s email
So that corrects the timeline: APT29, widely assumed to be the FSB, successfully “phished” it’s way into the DNC’s servers in the fall of 2015. Germany’s BfV attributes the 2015 Bundestag hack to Russia in January of 2016. And then two months later, APT28, widely assumed to be the GRU, apparently phishes its way into the DNC’s server during a wave of phishing attacks that appeared to be primarily targeting Democrats and deploys malware with the exact same digital “fingerprints” that the left in the Bundestag hack. That APT28 OPSEC sure does OPSUCK!
Still, the fact that these hacks appear to have happened via phishing attacks does make clear that the hacks really did happen. DNC employs have the suspicious emails they accidentally clicked on which is pretty strong evidence that a hack took place. And that’s a critical finding at this point. Why? Because a recent analysis of the documents allegedly taken by “Guccifer 2.0” from the DNC servers that on July 5th, 2016 suggests that those hacked documents weren’t actually hacked but instead exfiltrated directly from the DNC networks. Yep!
Except, as we’re going to see, there are some significant issues with this analysis. Still, it’s out there and getting more and more attention and now that analysis is now getting highlighted by The Veteran Intelligence Professionals for Sanity (VIPS) — a group of ex-US intelligence officer that got started back in 2003 in opposition to the intelligence findings that led up to the Iraq War and has been more recently raising questions about the 2016 election hacks. VIPS just challenged the official conclusion that the Russian government was behind that hacking campaign on some notable digital forensics analysis recently done by someone going by “The Forensicator”.
So what did The Forensicator discover? Well, by looking at the timestamps on a particular DNC document dump made available by “Guccifer 2.0”, The Forensicator made all sorts of deductions about the software and hardware used to procure the emails. The documents in question weren’t emails, but instead other DNC documents in in an archived file called “NGP-VAN” that Guccifer 2.0 leaked live during a London Cyber Security show in September of 2016. “NGP-VAN” refers to the “NGP-VAN” ‘voter activation’ database software running on the DNC’s hacked server. Guccifer 2.0 claims he used a a 0‑day (previously unknown) exploit to hack the DNC server in the summer of 2015, although it’s important to note that there are very serious big reasons to believe that the “NGP-VAN 0‑day exploit” story is not plausible. And let’s not forget that both APT29 and APT28 phished their way into the server and there appears to be pretty good evidence that that phishing really did happen and was successful (evidence in the form of people saying “oops, I clicked on this phishing email and gave them my password”).
Regardless of the issues with “NGP-VAN” hack claims, The Forensicator’s analysis doesn’t depend on whether or not the NGP-VAN exploit was used or not. Instead, the analysis focuses on when exactly all the files in the NGP-VAN document dump made in September were removed from the DNC server and how rapidly that happened.
The metadata for these “NGP-VAN” files were analyzed by “The Forensicator”, primarily the timestamp metadata on the files. The Forensicator looked at peculiarities of the timestamp data to make educated guesses about the timezone of the operating system getting copied to from the DNC server, the operating systems of that device, and, perhaps most importantly, the rate of transfer between the DNC server and the hacker. And based on those educated guesses the Forensicator concluded the following:
1. The operating system of the computer the documents were getting transferred to had an US East Coast timezone setting.
2. The operating system of the computer the documents were getting transferred to was probably a Linux (ext4) OS.
3. The rate of the data transfer was 23 MB/second, which is way too fast for a remote transfer over the internet.
Based on these clues, the Forensicator concluded that the ‘hacked’ files were likely obtained locally, probably with a USB flash drive that had Linux on it (yes, you can boot up a server with a USB drive with an OS on it)
Now, keep in mind that all of this file metadata could have been spoofed, much like the laughably in-your-face metadata ‘oopsies’ like all the Cyrillic characters and Soviet secret police names left in the documents that were immediately latched onto and treated as strong proof of Russia government hackers.
But note the key difference: the timestamp-based metadata ‘oopsies’ weren’t in-your-face. It took basically a year for these observations to be made and published on the internet. We still can’t rule out that the timestamp anomalies The Forensicator discovered were a non-in-your-face second layer of metadata obfuscation. But in terms of being the kinds of ‘mistake’ that someone might legitimately make, the non-in-your-face mistakes seem much more plausible as a real mistake. But, again, let’s not forget that we can’t rule out that professional elite hackers might utilize tactics like setting up the file timestamp data to mimic the copying times you would find with a USB flashdrive connected directly to a server, unless The Forensicator’s analysis was novel and unprecedented. And while “Guccifer 2.0” claims to have done their hacks remotely and then proceeded to distribute documents with all sorts of in-your-face “I’m a Russian hacker!” clues in the metadata, it’s entirely possible that “Guccifer 2.0” was employing multiple layers of metadata ‘clues’. In-your-face clues and less-in-your-face clues. We can’t rule that out.
But here’s another thing to keep in that that is a MAJOR potential problem with The Forensicator’s analysis: it assumes that July 5th, 2016 the timestamps on the NGP-VAN files indicate that that was when the files were copied from the DNC’s server. But by all indications the DNC server was secured by July 5th, 2016. Guccifer 2.0 was said to be kicked out in June. So that would point towards an insider directly grabbing the documents with a USB drive or something and handing them off to Guccifer. But there’s no compelling reason to assume that the July 5th timestamps are necessarily indicative of when those files were removed from the DNC server. Those timestamps could have been caused by copying the files from some local computer after they were removed or someone using a program like timestomp to change the metadata. So the evidence that any files were removed from the DNC server on July 5th isn’t exactly a slam dunk unless some of the leaked DNC documents in that NGP-VAN cache appear to be originally created on dates between late June-July 5th, 2016.
But despite all the evidence that there really were remote hacks that hit the DNC server (like the phishing emails people clicked on), we also can’t rule out the possibility that there may have been an inside leaker who decided to grab a bunch of emails on July 5th and hand them over to Guccifer 2.0 too. We can’t rule it out, although that does seem like an incredibly pointless risk for an insider to do given that there were already reports about the DNC before July 5th and Guccifer 2.0 was already talking to reporters and dropping documents by then. But we definitely can’t rule it out, just as we can’t rule out the possibility that people were intentionally infiltrating the DNC for the purpose of stealing documents.
Additionally, regarding The Forensicator’s conclusion that the download speeds were only consistent with local copying, don’t rule out the possibility that there was a remove hack of the DNC’s servers, but the files were transferred to a very close location, speeding up the transfer times.
So there are a number of outstanding issues with The Forensicator’s analysis that need to be addressed. And since The Forensicator’s analysis is gaining steam and getting more and more attention let’s hope those issues are eventually addressed, along with the rest of the questions raised by the Veteran Intelligence Professionals for Sanity about the hack:
“Key among the findings of the independent forensic investigations is the conclusion that the DNC data was copied onto a storage device at a speed that far exceeds an Internet capability for a remote hack. Of equal importance, the forensics show that the copying and doctoring were performed on the East coast of the U.S. Thus far, mainstream media have ignored the findings of these independent studies [see here and here].”
So that’s all part of why the VIPS is challenging the official investigations in the hack: if you assume the timestamp metadata can be taken at face value and wasn’t manipulated and the timezone setting also wasn’t manipulated, then, yes, it strongly suggests that someone had to of directly transferred to a flash drive hacked files that were released in the NGP-VAN archive. For at least some of the files. But, again, there’s no compelling reason to assume these timestamps weren’t manipulated, especially given all the other metadata manipulation found in the documents released by Guccifer 2.0. It’s not as if Guccifer 2.0 was interested in providing seemingly pristine documents.
But here’s something else to keep in mind that ties back to the original correction about when APT28 and APT29 hacked the DNC servers: somehow the FBI suspected that “The Dukes” (APT29) hacked the DNC’s server without anyone at the DNC telling them. That call tha the DNC IT staff got in September of 2015 apparently came out of the blue. And one clear possibility is that US agencies detected data transfers from the DNC’s server to some server associated with APT 29. Presumably this wouldn’t be the same 76.31.112.10 command & control server used by APT28 but some other server. If that’s the case, that would be pretty strong proof that someone was indeed removing files remotely. Similarly, if the APT28 hack happened as we’re told, there definitely should be evidence of data moving form the DNC server to the 76.31.112.10 IP address. And that’s the kind of data that multiple parties, beyond just Crowdstrike, might have access to. Does the NSA have evidence of data exfiltration from the DNC servers to suspect servers? That’s another question the VIPS should probably add to their challenge.
All in all, one of the most fascinating aspects of the story of the DNC hacks is that all the different theories are possible. Simultaneously:
1. It’s possible Russian hackers did indeed hack the DNC’s server. It doesn’t mean they were the ones that handed over the data, but they still might have hacked it as just routine intelligence collection. Who knows, maybe APT29 really was a Russian government hacker.
2. It’s extremely possible a non-Russian government hacker did indeed hack the DNC and decided to make it look like the Russians. Especially in the case of the APT28 hack in the March of 2016 with all its “I’m a Russian hacker!” anomalies and ties to the Bundestag hack using a server that, itself, could have easily been hacked.
3. It’s also possible an insider working at the DNC grabbed a bunch of documents directly too.
There were enough distinct hacking incidents and data dumps that an overall scenario where all three sub-scenarios are true is entirely possible. All we can say for certain is that it looks a lot like “Guccifer 2.0” and whoever was behind the APT28 hacks really, really, really wanted Russia to be the culprit.
Isn’t cyber attribution fun?
@Dave: Talking Points Memo has a new piece on that ‘peace plan’ that adds some important background to it: The ‘peace plan’ that Felix Sater and Andrii Artemenko hatched was apparently developed back in October of 2016 when the two were having discussions over a business proposal to rehab Ukraine’s nuclear power plants as part of a move to break the “Russian monopoly” on Ukraine’s energy and then sell the electricity to neighboring countries.
An energy expert cited in the piece asserts that the plan would have benefited from the fruition of that ‘peace plan’, which is true in the sense of that an ongoing civil war probably doesn’t help with business deals involving nuclear plants. But they also point out how it was the conflict with Russia that was actually creating demand in Ukraine for creating alternative sources of energy for Ukraine and increasing regional demand for non-Russian energy sources. So if that ‘peace plan’ happened, it might be easier to cut an international deal to get someone to upgrade and/or build nuclear power plants. But it would also make it a lot easier for Russia to export its own energy to the same countries Ukraine wants to export to.
In addition, as the piece points out, Lithuania, Latvia, and Estonia already have plans to break of the old Soviet-era electrical grid that connects the electrical systems of the former-Soviet nations and instead join them up through the EU’s grids. By 2025. And Sater says in the piece that he’s hoping to help that process along. And yet it’s hard to think of something that would derail such plans more effectively that a peace plan that normalizes relations with Russia.
So that’s quite a twist on the mystery of the ‘peace plan’ meeting: it came about during negotiations between Sater and Artemenko back in October over plans to develop Ukraine’s nuclear energy sector as a means of breaking the Russian grip on Ukraine’s energy, which doesn’t seem like the kind of plan the Kremlin would be very enthusiastic about:
“Felix Sater, who worked obtaining financing for Trump projects including the Trump SoHo, told TPM that the “peace plan” came up in the course of his attempts to broker an agreement to sell energy abroad from Ukraine’s nuclear power plants with Andrii Artemenko, at the time a Ukrainian parliamentarian. The plan was to refurbish dilapidated nuclear power plants in that country and then sell the power generated by them into Eastern Europe, using established commodities trading companies as a means of retroactively financing the deal, Sater said.”
That was apparently the seed of the ‘peace plan’: a deal for rehabbing Ukraine’s nuke plants and exporting energy. And according to Chi Kong Chyong, director of the Energy Policy Forum at Cambridge University’s Energy Policy Research Group, such a plan would indeed be easier if there was peace. But as Chyong also points out, it’s the conflict itself that of course is what’s driving Ukraine to think about non-Russian energy sources:
A nuclear plan designed to make Ukraine much less dependent on Russian energy, doesn’t exactly sound like the kind of thing a ‘pro-Russian’ Ukrainian politician would be working on. And neither does the plan to break up the Soviet bloc electrical grid that Felix Sater wants to help along:
So that’s the latest strange twist on the mystery of Felix Sater’s Ukrainian ‘peace plan’. But note that word of this nuclear plan was actually report back in May in The National Memo. And in that piece that point out one other person who Sater and Artemenko was apparently trying to get involved with these negotiations: Robert Armao, a rather colorful figure who had some ties to Ukraine. Including, according to Armao, his work advised individuals who were working with former Ukrainian president Viktor Yushchenko during the Orange Revolution protests of 2004–2005 (it’s not exactly a pro-Kremlin background):
“Evidently Sater and Artemenko were seeking the assistance of a third person who attended the breakfast, Robert Armao — a well-connected international businessman who served as labor counsel to the late Vice President Nelson Rockefeller in the early 1970s. Armao says that Sater, whom he’d never met or spoken with prior to last fall, reached out to him through a mutual friend.”
So Robert Armao enters into the mix. An individual who says he once advised people working with Viktor Yushchenko during the anti-Russian Orange Revolution protests of 2004–2005:
So we have Mr. Artemenko, a guy from the virulently anti-Russian Radical Party and ties to Pravy Sektor, teaming up with Felix Sater to enlist the help of Robert Armao, someone who advised the figures behind the Orange Revolution Again, to help them with their scheme to free Ukraine from its dependence on Russian energy. And it was during those meetings that the ‘peace plan’ idea emerged.
And who knows, maybe Artemenko and Sater really did want to push this ‘peace plan’. But regardless, we have Felix Sater working with people who were clearly not ‘Kremlin-friendly’, and yet when this story breaks it’s all about how it was a pro-Putin peace plan and Sater apparently had no problem with that media spin on the story. He was interviewed about it many, many times, after all.
Oh, and here’s a fun look at one of the more interesting business partnerships from Mr. Armao’s past: Armao was an advisor to the Shah of Iran, and both Armao and Marc Rich business partners with Francesco Pazienza, the Italian intelligence officer and aide to Roberto Calvi during a period when Francesco Pazienza was helping the US with the renewal of the lease for a United States intelligence tracking station in the Seychelles. It’s a relationship that came up during the investigation of the of the implosion of Banco Ambrosiano:
“The prisoner, Dr. Francesco Pazienza, a 39-year-old nonpracticing physician, has long been a subject of keen interest in Italy, where his name has also cropped up in investigations of the shooting of Pope John Paul II and of the purported plottings of a rightist underground.”
Sounds like a great guy: an alleged P‑2 lodge member with ties to the assassination attempt on Pope John Paul II. And who were his oil venture business partners? Robert Armao and Marc Rich:
So that’s a taste of Mr. Armao’s past dealings. And now we can add Felix Sater’s schemes to export Ukrainian nuclear energy in partnership with a Radical Party/Pravy Sektor Ukrainian politician to the list.
Scott Ritter, the former UN weapons inspector who warned the world in the lead up to the Iraq war that it was unlikely that Iraq possessed weapons of mass destruction, has a post on the recent memorandum put out by the Veterans for Intelligence Sanity (VIPS). That’s the memorandum that endorses the findings of “The Forensicator” based on timestamp metadata from a Sept 13th, 2016 DNC document dump by “Guccifer 2.0” that concluded that the dumped documents must have been removed from the DNC via a flash drive, thus strongly suggesting a DNC insider or infiltrator was the source of the documents. As noted above, those findings are suspect because there is no reason whatsoever to conclude the timestamps of the dumped documents in any way reflects the timestamps of the initial removal of those files and yet The Forensicator’s analysis never even mentions that possibility and behaves as if their analysis is rock solid proof of something. Ritter’s piece makes those same critiques. And as Ritter notes, he himself is a member of the Veterans for Intelligence Sanity, but chose not to sign on to this particular memorandum. But as he also notes, the mistaken endorsement of this analysis by The Forensicator is by no means a reason to discount the myriad of major problems with the official DNC 2016 hacks investigation that have been raised by the VIPS and others:
“The analysis contained in the VIPS memorandum contradicts such an assertion. Unfortunately, this conclusion is not supported by the data. I reached out to the forensic analysts who conducted the analysis of the metadata in question. They have stated that there is no way to use the available metadata to determine where the copying of the data was done. In short, one cannot state that this data proves Guccifer 2.0 had direct access to the DNC server or that the data was located in the DNC when it was copied on July 5, 2016. These same analysts also note that the July 5 date that is pervasive on the metadata probably overwrote all prior modification times, meaning it is impossible to ascertain if there were any prior copy operations”
Yep, The Forensicator’s analysis is indeed one possible interpretation of the available data. But it is only one of many possibilities that fit the data. And yet it is being treated as some sort of rock solid proof that that one possible scenario — that a USB flash drive was used on July 5th to remove those DNC documents (which are separate from the dumped emails) — is that only scenario reasonably supported by the available evidence. Don’t forget that Wikileaks was heavily pushing the “Seth Rich may have been our source and was murdered by the DNC” meme well before the September 13, 2016, dump of those DNC documents, so that alone could have been incentive enough to modify the dump document timestamps to July 5th, five days before Rich’s murder. Again, the key problem with The Forensicator’s analysis is that timestamp metadata can be set to anything and there’s no way to no now many times its been modified. Thus, it tells us nothing about when the dump documents were initially removed from the DNC server.
And as Ritter goes on to critique The Forensicator’s findings, he notes that the mistaken endorsement by the VIPS should in no way downplay the many other issues with the widely accepted conclusions about what actually happened:
“Such attention to detail, normally the signature of solid intelligence analysis, is not needed in this case. The VIPS memorandum serves a larger purpose here: It questions a premise that has become de rigueur in the national narrative—that Guccifer 2.0 was a Russian actor. “Guccifer 2.0 is known to be the Russians,” Brian Fallon, the press secretary for Hillary Clinton, opined in September 2016. Democratic operatives made similar statements throughout the summer and fall of 2016.”
So that’s where we are: despite the fact that the analysis by The Forensicator endorsed by VIPS has some glaring holes, at this point simply having a group like the VIPS raise questions off the official findings is net helpful in this situation, especially since the memorandum included other critiques beyond just the findings of The Forensicator. Although sending out a memorandum that noted the Forensicator’s analysis and the problems with it would have been more helpful.
Following on the reports about the plans of Felix Sater and Andrey(Andreii/Andrii) Artemenko — the Ukrainian ‘pro-Russian’ politician behind the alleged ‘pro-Russian’ peace plan that Felix Sater had Michael Cohen hand deliver to Michael Flynn — to build up Ukraine’s nuclear energy sector as a means of freeing Ukraine from its dependence on Russian energy, here’s some more background info on Artemenko’s politics and business in an article in the Kyiv Post. And note the date of the article: February 20, 2017, which is one day after this ‘peace plan’ was initially reported in the New York Times. It highlights the fact that Ukrainian press was making it very clear very early on after this story broke that this guy’s political pedigree was anti-Russian in the extreme, with close ties to Right Sector/Pravy Sektor.
The article also notes another interesting aspect of Artemenko’s business background: from 2007–2013, he founded several companies that provided military logistics services into the Middle Eastern conflict zones and traveled to Saudi Arabia, Syria, and Qatar for business trips.
So a guy with a conflict-zone military supply business and ties to the virulently anti-Russian Right Sector and who was also working on breaking Ukraine’s dependence on Russian energy is the guy behind the ‘pro-Russian’ peace plan:
“The lawmaker took an active part in EuroMaidan Revolution in 2013–2014 that deposed President Viktor Yanukovych.
In 2014 he joined the Right Sector political party and was rumored to be one of the sponsors of its leader, Dmytro Yarosh, during his presidential election campaign in 2014.”
Rumored to have sponsored Dmytro Yarosh’s presidential run! That’s quite a rumor, and even if there’s no truth to it, it’s hard to ignore things like photos of Artemenko seated among the Right Sector Party founders at the first party meeting. That sure sounds like he’s a founder. Even if Right Sector doesn’t want to acknowledge this:
And there’s his interesting business background: starting several military logistics services companies that operates in conflict zones in the Middle East. And a private aviation company registered in Miami, Florida:
And then there’s this interesting bit of background on Artemenko’s work in the Ukrainian parliament: he was the the deputy head of the European Integration Committee and responsible for diplomatic connections with Saudi Arabia, Qatar, United States, Kuwait, Lithuania and Belarus:
So Artemenko is the deputy head of the European Integration Committee and is responsible for diplomatic connections with Saudi Arabia, Qatar, United States, Kuwait, Lithuania and Belarus? European Integration and US diplomacy. That’s doesn’t sound like the assignments for a politician the rest of Ukraine’s politicians would consider ‘pro-Russian’.
And regarding Artemenko’s responsibility for diplomatic connections with the US, note how, in the original New York Times article that broke the story about this whole secret ‘peace plan’ scheme, Artemenko talked on Facebook about he was peddling his peace plan to American lawmakers and even attended Trump’s inauguration. He also traveled to Cleveland last year for the GOP’s National Convention and met with members of the Trump team. So it would appear that Mr. Artemenko had quite a bit of contact with the Trump team long before reports about this ‘secret peace plan’:
“Mr. Artemenko, tall and burly, arrived at the Manhattan hotel between visits to Washington. (His wife, he said, met the first lady, Melania Trump, years ago during their modeling careers, but he did not try to meet Mr. Trump.) He had attended the inauguration and visited Congress, posting on Facebook his admiration for Mr. Trump and talking up his peace plan in meetings with American lawmakers.”
And before Mr. Artmenko traveled to DC for Trump’s inauguration, he was at the GOP national convention to meet with Trump’s team:
And note how the peace plan Artemenko was advocating, a plan widely characterized as obviously pro-Russian, didn’t even include that Crimea would be leased to Russia for 100 years. It was a plan for a public referendum on the question of whether or not Crimea would be leased to Russia for 100 years:
A referendum that would almost certainly be rejected by Ukrainian voters. It’s not exactly the kind of plan the Kremlin is going to get excited about.
And yet Artemenko kept pushing this plan, along with the kompromat on Poroshenko. Because it wasn’t just a peace plan. It was a peace plan characterized as one that only a different future Ukrainian government could endorse, hence the komopromat:
“Only a new government, presumably one less hostile to Russia, might take up his plan.”
Yes, this ‘peace plan’ will first require getting rid of Poroshenko using the kompromat and ushering in a new government. And we’re supposed to believe a more ‘pro-Russian’ government would follow and that’s all part of Artemenko’s plan. The plan being offered by a far-right associate of virulently anti-Russian forces who have long wanted to see Poroshenko replaced with someone even more far-right and more virulently anti-Russian.
So it’s looking a lot like that whole peace plan scheme was actually a ‘dump Poroshenko’ scheme by Urkaine’s far-right. Considering the rumblings coming from groups like the Azov Battalion about how Ukraine should get its own nuclear weapons, you have to wonder if the plans for building up Ukraine’s nuclear plants that Artemenko and Felix Sater involved the generation of something more explosive than electricity. After all, when Svoboda, Right Sector, and the Avoz Battalion’s new “National Corps” parties signed a joint manifesto in March, their manifesto called for getting nukes for Ukraine:
“Ukraine should have the right to arm itself again with nuclear weapons, according to a joint manifesto signed by three of the country’s nationalist parties on March 16 in Kyiv.”
And in addition to calling for nukes, they want Russian capital frozen out of the country, “traditional values” (i.e. far-right cultural norms) actively promoted by the mass media, and the formation of “a new EU with the Baltic States”. And they also slammed the current leadership (the leadership targeted by Artemenko’s kompromat on Poroshenko) but not doing enough to protest Ukraine’s interests:
And how do these groups intend to obtain the political power required to achieve these manifesto objectives? Well, note the rather ominous warning from the Right Sector spokesperson:
Elections aren’t the goal. That’s the word from the Right Sector’s spokeperson to a Kyiv Post reporter reporting on this new ‘nationalist’/fascist manifesto. Although if there’s a bunch of scandalous kompromat that suddenly scandalizes Poroshenko, and presumably most non-far-right political parties too, and creates an opening for a far-right electoral surge, Right Sector and the rest of its allies will presumably be fine with obtaining power through elections.
Here’s a potentially significant new twist to Robert Mueller’s special council investigation: Investigators are now investigating whether or not Michael Flynn was secretly paid by a foreign government in the final months of the 2016 campaign. But it’s not the Russian government. It’s an investigation into whether or not the Turkish government was secretly behind the payments for Flynn’s anti-Fethullah Gulen work. Work that the article describes as suspcious slapdash for a $530,000 contract:
Part of what the investigators are reportedly interested in is whether or certain refunds by the Flynn Intel Group back to the Turkish business who paid for his services constituted an illegal kickback.
But here’s where it starts getting extra interesting: Flynn also recently amended his disclosure forms to include work for Cambridge Analytica’s parent SCL Group. And, intriguingly, investigators are now looking to the work of the White Canvas Group (actually, its spinoff VizSense), a data-mining company that was paid $200,000 by the Trump campaign for unspecified services. And as we’re going to see, White Canvas Group/VizSense appears to specialize in “military grade” social media campaigns (something similar to SCL’s military grade psy-op services) and the services it offered the Trump team involved creating social media targeting millenials. And as we’ll also see, it’s services include dark web search, which is extra interesting when you consider how right-wing operative Peter Smith’s team was not just working with Flynn (and Steve Bannon and Kellyanne Conway), but it was also searching the darkweb for signs of hackers who might have hacked Hillary Clinton’s personal email server. A quest that led them to Chuck Johnson and “Guccifer 2.0”, who both told them to contact Andrew Auernheimer.
So, yeah, the Mueller investigation just started heading down a very interesting path:
“They have also asked about the White Canvas Group, a data-mining company that was reportedly paid $200,000 by the Trump campaign for unspecified services. The Flynn Intel Group shared office space with the White Canvas Group, which was founded by a former Special Operations officer who was a friend of Mr. Flynn’s.”
Note that it’s not quite accurate that documents show that $200,000 was paid by the Trump team to White Canvas Group last year. As we’ll see below, the $200,000 was paid to Colt Ventures, a Dallas-based venture-capital firm owned by a figure close to Bannon and who reportedly met with Bannon frequently during the campaign. Colt Venture is also an investor in VizSense And VizSense was spun off from White Canvas Group.
So while the potential kickbacks and secret payments from the Turkish government are indeed quite interesting, when it comes to the investigation into the 2016 hacks it’s the Colt Ventures/White Canvas Group/VizSense that is the far more interest aspect of the investigation. Especially in light of the Trump campaign’s use of the military-grade psy-op services offered by the SCL Group, which we now learn briefly contracted Flynn too (which isn’t particularly shocking in this context, but still worth noting):
So what exactly did VizSense do in service of the Trump campaign? Well, that’s unspecified. The Trump team goes as far as acknowledging it involved a social-media project that involved video-content creation and “millennial engagement” in the campaign’s final month and the founder reportedly frequently met with Steve Bannon. But as the following article shows, VizSense is described as a “DARPA” and has received numerous Pentagon contracts, including “deep and dark web capability and gap analysis.”
So in light of the Peter Smith group efforts and their attempts to scour the dark web in search of ‘Russian hackers’ (recall they were advised by “Guccifer 2.0” to contact neo-Nazi hacker Andrew Auernheimer), and the work that Smith did with Flynn and Bannon, we now learn that White Canvas Group and VizSense are on the investigators’ radar:
“The project Iadonisi was engaged in for Trump’s campaign focused on social media, according to a person with knowledge of the arrangement. What that work consisted of — and why his company was not disclosed as a vendor in campaign finance reports — remains a mystery.”
And not only is the work done by VizSense for the Trump Team largely a mystery, but the fact that Colt Ventures was an investor in VizSense was itself a secret until reporters started asking them about it:
And when you look at the services VizSense offer and look at the work Flynn apparently did with Peter Smith’s operation to scour the dark web for ‘Russian hackers’ with Hillary’s emails, it’s not hard to imagine why they might have wanted to keep that VizSense investment a secret:
So that was a pretty big new development in Mueller’s investigation. Let’s hope it keeps going down this particular path. Who knows where it might lead.
Following up on the flawed analysis by “The Forensicator” that purports to use timestamp metadata from a batch of DNC documents dumped by “Guccifer 2.0” on September 13th, 2016, to conclusively prove that the files had to have been removed directly from the DNC’s server — flawed because the timestamp metadata in uploaded files tells us nothing when those files were initially copied from the DNC’s server and how many times they may have been copied after that — it looks like The Forensicator is acknowledging these problems in their analysis after someone directly asked them about this in the comments section of The Forensicator’s blog.
First, here’s the question posed on July:
And here’s The Forensicator’s reply:
“Some reviewers have noted that the July 5, 2016 dates present in the metadata overwrote any previously recorded dates/times, which of course is true. They further note that prior intermediate copy operations may have been performed, which is also true. Some have opined that if Guccifer 2 pulled data from his previously claimed hack and simply copied that data to say his local hard drive on July 5, 2016 that the pattern present in the metadata might result; also true”
So that pretty thoroughly undercuts the narrative based on The Forensicator’s blog that’s been building for weeks now. Which is what the person asking the initial question more or less says in their response:
And that ends the back and forth between that person and The Forensicator and remains the only admission by The Forensicator of these critical details. so there’s that.
At the same time, it’s worth keeping in mind that there is still some value in The Forensicator’s analysis since it does describe one of the many possible scenarios that fit the available evidence. Plus, the finding that the computer that the files were copied from on July 5, 2015, appeared to have an US East Coast timezone setting is notable even if we assume that July 5th event had nothing to do with the initial removal of the files from the DNC server. Especially considering the very real possibility that the stolen documents were being quietly passed around to all sorts of individuals, including people who may not have had been particular tech savvy and didn’t have the situational awareness to even think about something like leaving a possible clue in the timestamp metadata, it’s entirely possible the East Coast timestamp data really does reflect the location of the computer where those files were packaged. Yes, there’s no compelling reason to assume this is true since timezone settings could be changed on the computer or the metadata could have been set to anything on the files. But, who knows, maybe that timestamp signature really was indicative of the DNC documents passing through an East Coast-based computer at some point before their release. It’s a possibility worth keeping in mind. As long as we don’t exclusively keep it in mind.
Oh great: It looks like The Forensicator’s analysis that purports to prove that at least some of the leaked DNC documents couldn’t have been remotely hacked and instead must have been removed via a USB drive — deeply flawed analysis that even the Forensicator has quietly and inadvertently debunked — is continue to get more press in the media. Both The Nation and Bloomberg put out pieces about the Veteran Intelligence Professionals for Sanity (VIPS) and their endorsement of the Forensicator’s analysis. The Bloomberg piece does a much better job in that it at least acknowledges the possible problems and links to Scott Ritter’s piece that points out the problems with it. The Nation piece, on the other hand, treats it as a slam dunk case and proof that the DNC files must have been extracted locally. And, again, in addition to Ritter’s critique, which the VIPS members almost surely have seen since he himself is a VIPS member, The Forensicator himself/herself debunked their own findings when pressed with questions about it on their own blog. So now this easily debunked analysis is increasingly becoming the most prominent attempt to question the ‘Russian hackers’ narrative.:
“But this article is neither conclusive proof nor strong evidence. It’s the extremely long-winded product of a crank, and it’s been getting attention only because it appears in a respected left-wing publication like The Nation. Anyone hoping to read it for careful reporting and clear explanation is going to come away disappointed, however.”
Yep, much like how the official evidence for ‘Russian hackers’ lacks a clear explanation and relies on long-winded narratives that never actually provide meaningful evidence, the same is true with the narratives the VIPS folks are now pushing.
But notice this curious part: In The Nation piece, the various IT professionals working with the VIPS note that The Forensicator wasn’t simply basing their analysis on the data Guccifer 2.0 public dump on September 13, 2016. Instead, The Forensicator apparently unlocked password protected directories. And it appears that ONLY The Forensicator had the password, or has somehow broken it:
Also note that the Forensicato’s blog describes, step by step, how others can repeat their analysis and link to a September 13th, 2016 at 5:13 PM CST posting on Pastebin where people can download the files and that posting includes a password. But that appears to just be the password to open open up the zipped documents. But The Forensicator apparently somehow access directories in that zipped file that also had their own passwords. So either The Forensicator is adept at cracking those passwords (which no one else has publicly done) or The Forensicator got the password from Guccifer 2.0. Or perhaps is Guccifer 2.0.
And it gets even more mysterious when The Nation piece indicates that one of the IT experts working with the VIPS folks is acting as a liaison with The Forensicator:
“Qualified experts working independently of one another began to examine the DNC case immediately after the July 2016 events. Prominent among these is a group comprising former intelligence officers, almost all of whom previously occupied senior positions. Veteran Intelligence Professionals for Sanity (VIPS), founded in 2003, now has 30 members, including a few associates with backgrounds in national-security fields other than intelligence. The chief researchers active on the DNC case are four: William Binney, formerly the NSA’s technical director for world geopolitical and military analysis and designer of many agency programs now in use; Kirk Wiebe, formerly a senior analyst at the NSA’s SIGINT Automation Research Center; Edward Loomis, formerly technical director in the NSA’s Office of Signal Processing; and Ray McGovern, an intelligence analyst for nearly three decades and formerly chief of the CIA’s Soviet Foreign Policy Branch. Most of these men have decades of experience in matters concerning Russian intelligence and the related technologies. This article reflects numerous interviews with all of them conducted in person, via Skype, or by telephone.”
That’s who is providing the strong VIPS endorsement of The Forensicator’s analysis: William Binney, formerly the NSA’s technical director for world geopolitical and military analysis and designer of many agency programs now in use; Kirk Wiebe, formerly a senior analyst at the NSA’s SIGINT Automation Research Center; Edward Loomis, formerly technical director in the NSA’s Office of Signal Processing; and Ray McGovern, an intelligence analyst for nearly three decades and formerly chief of the CIA’s Soviet Foreign Policy Branch.
And they appear to have coordinating with Skip Folden, someone acting as a liaison with The Forensicator and “Adam Carter”, the pseudonym of another person that’s done quite a bit of work looking into the “Guccifer 2.0” persona (and there doesn’t appear to be anything suspect of Adam Carter’s work):
And according to Folden, The Forensicator somehow obtained an “access key” to get inside “locked” documents that no one else could get:
“These data did not come to him via any clandestine means. Forensicator simply has access to them that others did not have. It is this access that prompts Kirk Wiebe and others to suggest that Forensicator may be someone with exceptional talent and training inside an agency such as the FBI. “Forensicator unlocked and then analyzed what had been the locked files Guccifer supposedly took from the DNC server,” Skip Folden explained in an interview. “To do this he would have to have ‘access privilege,’ meaning a key.””
So did The Forensicator really need to use a special password to access some of the directories in that DNC document dump? Well, they aren’t at all explicit about it, but yes, they do indicate that they accessed password protected documents while never saying what password is or if they instead somehow broke the encryption:
“The times shown above are in Pacific Daylight Savings Time (PDT). The embedded .rar files are highlighted in yellow. The “*” after each file indicates that the file is password encrypted. This display of the file entries is shown when the .7z file is opened. A password is required to extract the constituent files. This aspect of the .7z file likely motivated zipping the sub-directories (e.g. CNBC and DNC) into .rar files; this effectively hides the structure of the sub-directories, unless the password is provided and the sub-directories are then extracted. The last modification dates indicate that the .rar files were built on 9/1/2016 and all the other files were copied on 7/5/2016. Note that all the times are even (accurate only to the nearest 2 seconds); the significance of this property will be discussed near the end of this analysis. The files copied on 7/5/2016 have last modified times that are closely clustered around 3:50 PM (PDT); the significance of those times will be described below.”
So let’s review:
1. The Forensicator puts out this analysis in early July purporting to demonstrate conclusively that the DNC documents MUST have been removed locally.
2. Their analysis indicates a password was required to view some of the files, but they never indicate how they got past this password and barely address it at all.
3. Their analysis is also deeply flawed since it in no way addresses the very real possibility that all of the metadata analysis they based their conclusions on was the metadata generated by subsequent copying of the data, something they quietly acknowledge much later (and subsequently ignore) when pressed on the issue by a commenter on their blog.
4. A team of VIPS folks that includes former NSA analysts whole heartedly endorse their ‘slam dunk’ findings.
5. Scott Ritter, also a VIPS member, slams his fellow VIPS members for putting out such a report given the flaws. And is apparently ignored.
6. More articles continue to come out from the VIPS crew touting this as unassailable proof that the documents must have been removed locally.
7. And now we learn that the VIPS team has been working with Skip Folden, an IT executive at IBM for 33 years who also consulted for Pentagon officials, the FBI, and the Justice Department. And Folden is apparently the VIPS group’s liaison to Forensicator, Adam Carter, and other investigators.
8. Finally, Kirk Wiebe, one of the VIPS team members working on this, suggests that The Forensicator is probably “someone with exceptional talent and training inside an agency such as the FBI”. And according to Feldon, “Forensicator unlocked and then analyzed what had been the locked files Guccifer supposedly took from the DNC server...To do this he would have to have ‘access privilege,’ meaning a key.”
So a group of IT experts has concluded that the Forensicator somehow has elite training on these matters and somehow got “access privilege” to those password-protected documents. And this team is doubling down on the assertion that The Forensicator’s analysis is strong evidence of the scenario that the DNC documents files were removed locally. And, again, even The Forensicator has admitted that their analysis is not evidence of that, although it appeared to be a grudging admission that they subsequently ignore along with almost everyone else pushing this theory.
It raises the question: is there a group out there trying to put forth deeply analysis in order to eventually discredit inquiries into the ‘Russian hackers’ narrative? Or are they just trying to overwhelm the public with a bunch of technical analysis that almost no one even bothers closely critique? Considering the US government appeared to use the latter approach when pushing the ‘Russian hackers’ narrative, the answer isn’t obvious, although none of the available feasible answers are good.
(I’m not 100% sure of where to place this, so forgive me.)
In the North Korea mess, it seems that there’s a “puppet show” being put on for us with a cast of characters:
* “Crazy” egotistical president who appears to be placing the country at risk with hazardous comments toward the “crazy” N Koreans (equipped thru Ukraine?)
* “Rational” military men whose only chance to “save the country” may be thru a military coup, and since hatred of Trump has been well-cultivated over the months, might actually be welcomed by (too?) many Americans.
What do you think?
http://freebeacon.com/national-security/trump-talking-not-answer-north-korea/
Just a quick follow-up on the problematic analysis done by “the Forensicator” — claiming to prove that at least one DNC server hack had to be done locally based on an examination of the metadata of one of the batches of released files — and the critique of that analysis in New York Magazine that included a very unexpected assertion that the Forensicator used a password that only the Forensicator possessed to unlock hidden files in the leaked batch of DNC files for use in their analysis.
Well, “Adam Carter” — the pseudonym for another person (or persons) whose analysis on the timeline of “Guccifer 2.0” and the various “fingerprints” left in the leaked DNC documents has been closely associated with the Forensicator’s analysis — jumped into the fray to address that and according to Carter there is absolutely no secret password that was required to open the files and the New York Magazine article was simply wrong on that account:
“THE FACTS: Forensicator did NOT have a “key” to unlock anything that was “locked” in any literal sense and nothing was “cracked”. The NGP-VAN archive he analyzed was publicly available and it’s password publicly known in September of 2016.”
As Carter points out, if you go to the Pastebin site where the DNC documents were originally released to the world you’ll find a password to unlock the files (which happens to be “GuCCif3r_2.0”). And that appears to be the only password involved at all to replicate the Forensicator’s analysis.
Hopefully that clears that plot twist up because it was a rather stunning claim in the New York Magazine article, in part because there was no indication anywhere else that a secret password was used and the steps Forensicator when to to arrive at their conclusion was written to be reproducible by others. But more importantly, the claim of a non-public password suggested that the Forensicator either had access to significant decryption resources or somehow came across such a password from whoever created that leaked batch of DNC documents. And that, in turn, suggested the possibility that the Forensicator was either someone with access to superior decryption resources (suggesting someone working for an intelligence agency) or access to a secret password from whoever created it (suggesting ties to the hackers).
And with that flaw in the New York Magazine’s analysis of the Forensicator’s flawed analysis in mind, it’s worth noting that the Forensicator did create a new “Corrections and Clarifications” page recently and include one of the most significant flaws in their conclusion: The assumption that the DNC document data wasn’t copied one or more times before the July 5th “last modified” date that most of the files in the leaked document have. There was simply no reason to conclude that the metadata in the leaked DNC documents the Forensicator based their analysis on was metadata created during the initial event when the files were removed from the DNC server because copying events could have overwritten the “last modified” metadata that the Forensicator’s conclusions were based on.
And that basically destroys the whole argument that local exfiltration of the DNC data was somehow proven by the metadata. And yet that was the conclusion the VIPS team backed and was promoted in the article in The Nation. But now the Forensicator has acknowledged that prior copy operations could have taken place, agreeing with dissenting VIPS member Scott Ritter who wrote a scathing critique of the VIPS endorsement of the Forensicator’s conclusions. And not only does the Forensicator state their agreement with Ritter on that point but they go on to criticize the VIPS people that back their analysis for being overly conclusive. So even the Forensicator appears to be critique the VIPS report now:
“When the Forensicator first read the published VIPS report, he noticed issues like those above and his reaction was that their report was their own interpretation of the Forensicator’s findings; it seemed to be based on assumptions that should be more clearly stated. Still, the Forensicator recognized that it was their prerogative to make their own interpretation.”
So the VIPS support for the Forensicator is not mutual. Ouch.
And, again, the Forensicator explicitly cites the part in Ritter’s critique about how there’s no way to tell how many prior copy operations may have taken place, rewriting the “last modified” metadata each time:
Yes, not only does the Forensicator no longer endorse the VIPS memo endorsing the Forensicator, but the Forensicator might not even endorse the Forensicator anymore. Although if you read the Forensicator’s website they clearly sticking to their broader narrative (that the DNC files were likely stolen locally with a USB stick) even though that narrative is strongly undermined by the observation about possible prior copy operations.
It’s progress. Sort of.
There were a couple of rather notable events recently in the giant AT&T $85 billion bid for Time Warner that’s awaiting government approval.
The most recent notable event might not seem big on the surface: AT&T’s CEO made a number of public comments quite supportive of CNN’s chief Jeff Zucker, saying he’s doing a “terrific job.”
Why is this notable? Because as the following article from back in July describes, President Trump has made numerous threats to block the merger and he really seems to hate Jeff Zucker over CNN’s coverage of him. They used to be close since Zucker helped launch Trump’s reality TV career. Back in October of 2016, candidate Trump said the merger was bad because it made the media too concentrated. It was one of those moments when he was doing his “I care about the little guy” shtick and said something that wasn’t somehow horrible. And then in July of this year — around the time Trump tweeted out that gif of himself beating up CNN that was created by a white supremacist (and the whole thing turned into a death threat campaign against CNN employees waged by Andrew Auernheimer) — Trump made numerous threats to block the merger, while hinting that Jeff Zucker’s departure might be the price he extracts. And that threat obviously includes replacing Zucker with someone more like Roger Ailes because he was making these threats in the context of his complaints about CNN’s coverage of him.
So Trump’s stance on the proposed mega-merger appears to be that the concentration of media power from the mega-merger would be bad for consumers, unless Jeff Zucker gets replaced with someone who turns CNN into Fox News in which case it’s fine:
“There’s growing concern that Trump’s war with CNN could escalate beyond insults and Twitter posts, with sources close to the president musing about opening a new front aimed at CNN’s parent company, Time Warner — and Trump himself speculating about CNN President Jeff Zucker losing his job in a shake-up.”
Trump has leverage, of sorts, over the chief of CNN and there’s exactly the kind of mind worm that’s will take deep root in Trump’s mind:
It’s a rather remarkable shift from his stance as a candidate back in October of 2016:
So when the time comes for the government to make a final decision on the merger, which version of Trump’s opposition to the deal will he embrace, assuming he continues to threaten to block it? Will it be a principled opposition based on opposition to a concentration of media power or whining about CNN’s mean coverage?
Well, that brings us to the second notable event related to the merger in recent days. On October 28th, the day news came out about the first charges in the Mueller investigation: right when that news started coming out Roger Stone went on twitter and issued the following threat:
So if Stone was giving us an idea of what Trump has in mind, it would appear Trump might demand CNN get rid of a whole bunch of hosts if this merger goes through:
“AT&T needs the Justice Department’s approval for that deal. Normally, that decision would be housed off at the Antitrust Division at the Justice Department. But no one thinks that’s how it works in the Trump Administration. AT&T needs Donald Trump’s sign off, possibly mediated through the hand of Jeff Sessions but maybe not. Indeed, there has already been quite a bit of concern on Capitol Hill that Trump would try to hold up the AT&T deal as a way to exert pressure on Time Warner?”
Yep, Trump is almost certainly going to find a way to directly intervene on a merger involving his favorite media punching bag. It would be highly uncharacteristic. Plus he’s already threatened to do so.
So is Roger Stone’s expanded threat, one that include CNN’s hosts critical of Turmp, an example of Stone acting as a Trump proxy? As Josh Marshall reminds us, it’s a pretty good bet that, yes, this is exactly the case:
No, it just doesn’t seem that plausible that Trump would pass up this opportunity.
So that’s one more reason to be very wary of the AT&T/Time Warner merger: turning CNN into Fox News might be part of the deal too.
Remember all those threats Donald Trump and Roger Stone were issuing over the AT&T/Time Warner mega-merger and the Trump/Stone implicit demands that CNN (owned by Time Warner) be reigned in about its criticism of Trump? Well, it looks like the DOJ has come with a new demand if this merger is going to be allowed to go through: if Time Warner sells CNN the deal will get approved.
And while that wouldn’t be an outrageous demand from an antitrust standpoint if this was the approach the Trump administration was taking to antitrust issues in general, as Josh Marshall noted following reports of this DOJ, it is actually pretty outrageous if it’s an instance of selective enforcement of antitrust laws for political ends, which is what it appears to be in this case:
“As I’ve noted in other contexts, I believe that as a general matter antitrust enforcement should be much more expansive and aggressive than it’s been in recent decades. But that’s a separate point. The key here is selective enforcement to advance political ends. We don’t know that that is what’s happening here. But given the players involved we have good reason to be highly suspicious.”
So are these DOJ demands that Time Warner sell off CNN politically driven? Well, considering that CNN appears to be the only sticking point the Trump administration can find with this proposal that sure looks political.
The easiest way to answer that question is to find other examples of the Trump administration’s antitrust behavior to see if there’s some consistency or inconsistency in how these rules are enforced. And while the Trump administration is still too new for there to be much time for a track record to be established on antitrust issues at this point, we do have one other very notable media proposed merger with major antitrust issues that Trump administration has also been grappling with this year: Sinclair Broadcasting and its attempt to buy up a massive number of local broadcaster and turn their local news content into far-right disinfotainment garbage:
“While regulatory and antitrust officials still need to approve the deal, it is far more likely to get the go-ahead under the Trump administration’s Federal Communications Commission. FCC chairman Ajit Pai, a Republican Trump appointee, voted in April to change the way the commission counts the audiences of stations, making it easier for big broadcasting companies to grow even larger.”
Huh. So Trump’s FCC is so unconcerned about a consolidation of ownership in the media markets that it changed the rules to make it easier for companies to meet the current 39% national market share cap and even talked about raising that 39% cap:
And this, of course, is being done for Sinclair Broadcasting, a far-right media outfit that forces its local affiliates to show conservative content every evening. It’s like Fox News for your local news except the audience has no idea about the ‘Foxy’ nature of what they’re watching:
So unless Trump’s DOJ suddenly issues a bunch of concerns over Sinclair it’s pretty obvious that we are looking at an issue of selective enforcement to advance a political end. And that political end appears to be putting an end any criticism of Trump on the network he loves to hate.
But let’s not forget: there probably are pretty decent reason for having serious concerns about the AT&T/Time Warner merger from an antitrust perspective, which is why the proper response isn’t to demand that AT&T and Time Warner get to merge with no strings attached. The proper response is to demand an end to Sinclair’s stealth far-right takeover of local news and to stop allow mega-media mergers where antitrust concerns are settled with promise by the companies not to abuse their market power. That should help take care of the selective enforcement issue. And a lot of other issues.
This probably should have been seen as inevitable: Guess who made a trip to visit Bill Binney and the “Veteran Intelligence Professionals for Sanity” (VIPS) memo about “the Forensicator” that Binney continues to champion along with theories that Seth Rich was the real source of the DNC hacks: CIA director Mike Pompeo. That’s who just met with Binney. Under Trump’s orders:
“Pompeo met with William Binney, the former National Security Agency official who co-wrote the memo with several other alleged intelligence veterans, on October 24 at the president’s urging. According to Binney, Pompeo said Trump told him that if he “want[ed] to know the facts, he should talk to me,” referring to Binney.”
Yep, Trump himself is a fan of the Forensicator’s pet theory that purported to somehow prove that the DNC documents Guccifer released in September were lifted from the DNC’s servers directly via USB stick or something by a DNC insider and the larger narrative pushed by Binney that this is all part of Seth Rich’s murder. Trump is such a big fan that he apparently ordered the CIA director to talk to Binney.
And now Pompeo is having the agency that handles the Counterintelligence Mission Center report directly to him:
We have Trump involving himself in the CIA’s investigation of the hacks (isn’t that kind of obstruction of justice-ish?) at the same time Pompeo is taking more control of the CIA agency that’s going to be taking the lead on future CIA investigations into the Kremlin’s influence on the 2016 election. Things could start getting extra weird with #TrumpRussia when something like is reported.
So it’s probably worth keeping in mind that the Forensicator already quietly acknowledged the mass hole in the theory’s logic in the “Clarifications and Corrections” section of their blog. Despite that, Binney and others continue to push this theory on the public and President Trump is clearly listening.
It’s also worth noting that when the anonymous CIA officer compares the evidence that Russia was behind the hacks to the evidence the Japanese attacked Pearl Harbor that’s the kind of gross misrepresentation of the actual hacking evidence that is only going to feed into the Seth Rich/DNC insider theories by drawing attention to how weak the publicly available technical evidence that Russia was behind the hacks actually is:
““This is crazy. You’ve got all these intelligence agencies saying the Russians did the hack. To deny that is like coming out with the theory that the Japanese didn’t bomb Pearl Harbor,” the officer told the Intercept.”
Unless other world powers during WWII had the capacity to fake a Japanese aircraft carrier attack in the Pacific it’s nothing like denying the Japanese bombed Pearl Harbor to deny that Russia was behind those hacks. Yes, there’s a steadily growing collection of facts pointing at some sort of Russian and Trump campaign agreement/collusion of some sort at this point and it’s entirely possible that involved agreements related to the hacked material hacking , but it’s still important to keep in mind that the detailed technical evidence that the US used to conclude Russia was behind the hacks has never actually been made public. It’s based on inferences around the constellation of fact that the Trump campaign and apparent Russian operatives were engaged in some sort of intense game of footsie for months culminating the June 9th Trump Tower meeting, and the hackers left a myriad of conspicuous “I’m a Russian hacker!” digital clues in the hacked documents and malware.
That said, it’s also worth noting that we could end up seeing much more technical evidence that Russia was behind the hack made public if such evidence exists for a pretty significant reason: US prosecutors are reportedly considering charges against Russian intelligence officials over the hacks, and that presumably means there’s going to be some compelling technical evidence made public at some point:
“If filed, the case would provide the clearest picture yet of the actors behind the DNC intrusion. U.S. intelligence agencies have attributed the attack to Russian intelligence services, but haven’t provided detailed information about how they concluded those services were responsible, or any details about the individuals allegedly involved.”
This could be a pretty dramatic case. Or a really sad one that replaces evidence with bluster. We’ll see. But if it those hacks can be conclusively tied to particular Russian military and intelligence hackers that will be quite an accomplishment. And it would be nice to at least have a degree of resolution to the mystery of who exactly did the hacks. But as the article notes, that would be the goal of this case. Naming names and making it more difficult for the named people to travel:
So given that arrest of these individuals is unlikely it’s unclear what kind of defense case they’ll be mustering. And that’s too bad because it would have been fascinating to see a real legal battle over this topic. Fascinating and pretty useful now that we’re learning about the CIA director’s visit with Bill Binney to learn more about the Forensicator and the Seth Rich narratives under Trump’s orders.
#ReleaseTheMemo!...*memo gets released*...#Sad!
That was more or less the sequence of events around the now infamous “Nunes Memo”, the recently released memo written by the House Intelligence Committee chairman Devin Nunes that purportedly demonstrated an egregious weaponization of the intelligence community by the Obama administration against then-candidate Donald Trump.
The memo was supposed to show that Trump campaign foreign advisor Carter Page had a FISA warrant issued against him based on the contents of the Steele Dossier and, based the GOP’s assertions that the Steele Dossier was actually produced in a conspiracy between the Kremlin and the Democratic National Committee, this would indicate that the Obama administration was consciously using fake intelligence provided by the Kremlin as a justification for spying on the Trump campaign. That’s literally the argument Devin Nunes put forward during an interview on Fox News when he said, “So, there is clear evidence of collusion with the Russians, it just happens to be with the Hillary Clinton campaign and the Democratic National Committee, that the news media fails to talk about or fails to even investigate.”
But, of course, the whole narrative — that the Steel Dossier was central to the counter-intelligence investigation into Trump — fell apart upon even casual scrutiny since the memo didn’t include all of the prior suspicions going back to 2013 that Carter Page had been recruited by Russian agents. Plus, the memo ends with a sentence about how the FBI’s counter-intelligence investigation into the Trump campaign began when the FBI received information from the Australian government about Trump campaign operative George Papadopoulos bragging to Australia’s top diplomat in the UK, Alexander Downer, about an alleged Kremlin operative — Joseph Mifsud the mysterious Maltese professor — telling Papadopoulos that the Kremlin had thousands of Hillary Clinton’s emails.
It’s a reminder that, while there are serious problems with the investigation into the actual DNC hacks that pin the blame on the Kremlin, it’s pretty indisputable that the Trump campaign was behaving as if it was colluding with the Kremlin throughout the campaign. Whether it was hiring people like Carter Page, Trump’s own history of facilitate money-laundering with Russian oligarchs and other shady characters from around the world, or Trump’s open call for Russia to find Hillary’s emails, it’s pretty obvious that the Trump campaign was almost begging for a counter-intelligence investigation with Trump’s behavior and personnel (which, intentionally or not, set up the situation perfectly for a ‘Russian’ hack). And now that there’s a full-blown investigation into Trump-Kremlin collusion, it’s hard to ignore the fact that the whole Trump administration and GOP in general has behaved as guilty as possible. What precisely they are worried about being discovered is a fascinating question that needs answering, but they certainly are all behaving like people with A LOT to hide. Hence this sad Nunes memo, a sign of incredible desperation.
So given that the Trump White House, and GOP in general, appears to be increasingly desperate to halt the ongoing investigations — investigation into both the Trump campaign and Trump’s own personal and business history that undoubtedly includes a great deal of criminality — the question of “what’s next?” looms large.
And that “what’s next” question brings us to the following incredibly disturbing story: The candidate to be the next US ambassador to South Korea, Victor Cha, recently withdrew his nomination. And on the same day that was announced, Cha published an op-ed piece in the Washington Post decrying what he saw as a US plans for “bloody nose” strategy against the North Korean regime that entails a high-risk limited military strike against North Korea’s nuclear facilities that gambles that this doesn’t result in a retaliatory strike on Seoul:
“When I was under consideration for a position in this administration, I shared some of these views. ”
So that’s the thrust of Cha’s op-ed: while he was under consideration to be ambassador he shared these views about the extreme danger in the “bloody nose” strategy. And he apparently felt so strongly about this that he wrote an op-ed about it right after withdrawing from consideration. And that op-ed notes how “Some have argued the risks are still worth taking because it’s better that people die “over there” than “over here”,” so he’s presumably echoing views he’s heard in these discussions:
Now, how does this “bloody nose” strategy relate to the “what’s next?” question about the GOP’s/Trump’s increasingly evidence desperation from something, anything, that can shift the attention away from the #TrumpRussia investigations? Well, according to a South Korean news outlet, White House National Security Council senior director for Asian affairs Matthew Pottinger allegedly said in a recent closed-door meeting with US Korean Peninsula experts that a limited strike on the North “might help in the midterm elections.” (note that Pottinger was brought into the the NSC via his close ties to Michael Flynn)
Now, as Josh Marshall notes in the piece below, it turns out that the English translation of this piece was flubbed a bit and translated in a way that makes it sound like Pottinger definitely made these statements when, in fact, a more accurate translation would merely suggest that it’s rumored that Pottinger made these statements. Still, given the overall madness of Trump and the GOP and their growing desperate and clear lack of a moral core, the possibility that they might be considering a “bloody-nose” strike just in time for the US mid-terms this Fall is the kind of possibility that can’t be discounted. At all:
“Indeed, White House National Security Council senior director for Asian affairs Matthew Pottinger was reported as saying in a recent closed-door meeting with US experts on Korean Peninsula issues that a limited strike on the North “might help in the midterm elections.””
That was what just got reported in South Korea’s news, albeit with more ambiguity about whether or not these statements will definitely made by Pottinger or if it’s just a rumor. But that ambiguity is no excuse to dismiss this report so, as Marshall points out, we really need answers on this and need them soon. The more desperate the GOP gets the more seriously these kinds of reports need to be taken.
So what exactly did that Korean piece argue? Basically that the climate of reconciliation between North and South Korea prompted by the upcoming South Korean Winter Olympic games has strengthened the influence of exactly the kinds of voiced advocating a “bloody-nose” strategy Cha was warning about and that this is insanely dangerous for South Korea:
“The reason hardline voices have gotten so much louder in the White House lately has much to do with the discussions occurring between South and North Korea for the Pyeongchang Olympics. It appears to be an attempt to stop a climate of reconciliation from forming on the peninsula. Given their lack of faith in denuclearization, they seem to believe the North Korean nuclear program will become irreversible if reconciliation occurs at a time of intensifying sanctions.”
Peace and reconciliation represent and existential threat that must be stopped with a “bloody-nose” strike on North Korea. That’s the view of US hardliners according to this piece. And given the ominous nature of Cha’s op-ed it’s hard to disregard this analysis.
Also note that the US is officially denying that Cha’s withdrawal for consideration as ambassador had anything to do with differences in policy, although US diplomatic sources refuse to say why exactly Cha withdrew:
““As far as I have ascertained, the reason for the withdrawal was not differences on North Korea policies involving a military clash, and various other factors were responsible,” the source explained.”
That’s the US diplomatic line on Cha: no, it definitely wasn’t policy differences that prompted his withdrawal. It was “variously other factors”. What factors? Uhh...they can’t say other than that they are “personnel-related”:
And what about Cha’s warnings about the “bloody-nose” strike being under serious consideration? Well, the dipomatic source says not to worry since it’s not feasible “not very feasible at the current stage”:
It’s not exactly reassuring.
So how concerned should we be that Trump and the GOP are seriously planning on attacking North Korea in part for political gain in the lead up to the mid-terms? Well, beyond the obvious and growing desperation of the Trump and the GOP and their willingness to engage in high-risk ill-conceived gambits, there’s another very big reason to be very concerned: Recall the recent report about how President Trump isn’t so concerned about the mid-terms. Why wasn’t he concerned? Because he apparently has been telling people in the White House that he doesn’t think the 2018 election has to be as bad as others are predicting. And then he referenced how the GOP did better in the 2002 midterms following the the Sept. 11 terrorist attacks:
“In private conversations, Trump has told advisers that he doesn’t think the 2018 election has to be as bad as others are predicting. He has referenced the 2002 midterms, when George W. Bush and Republicans fared better after the Sept. 11 terrorist attacks, these people said.”
Yep, it’s not just Pottinger on the NSC reportedly murmuring about war for political gain. It’s Trump too. And that is why it is probably very appropriate to be very concerned that we are about to see a nuclear ‘wag-the-dog’ scenario this year. Well, that and the fact that, again, Trump and the GOP appear to be so desperate to change the conversation about Trump that they’re losing their minds.
It’s also a reminder that, for all the legitimate concerns about the #TrumpRussia investigation and the GOP’s response leading to a constitutional crisis or a US/Russia showdown over Ukraine spiraling into a WWIII situation (all it potentially takes is one nasty hack blamed on Russia), we shouldn’t limit the possible repercussions from this crisis to things directly involving Russia in this situation. The madness and desperation animating Trump and the GOP can lash out in all sorts of different horrible directions.
And the twists keep coming: There’s a new figure involved in the Felix Sater/Michael Cohen/Andrii Artementko ‘peace plan’ scheme. Former GOP congressman Curt Weldon appears to be in the middle it all too. And if Weldon’s alleged comments are too, Russian oligarch Viktor Vekselberg might also be involved.
It turns out Weldon and Artemenko have known each other for over a decade. Weldon is also know for enduring Russia-related scandals, adding to the intrigue. And while it’s unclear at this point how exactly they got to know each other, it’s worth recalling that one of Artemenko’s areas of interest is defense contracting in the Middle East. And it turns out that one of the Russia-related scandals Curt Weldon has had to deal with was a 2008 scandal involving a Pennsylvania-based defense contractor, Defense Solution, which employed Weldon. And in addition to partnering with Russia’s state weapons agency at a time when it was on the US government blacklist, Defense Solution was also trying to corner the market on Ukrainian-supplied armored personnel carriers to Iraq. So you have to wonder if that’s how Weldon and Artemenko met over a decade ago.
Now, regarding Weldon’s role the ‘peace plan’, this is based on two sources. One named and one unnamed. The named source, Tommy Allen, the founder of Allen Tactical Security Consultants, claims that Weldon actually ask him to vet Artemenko’s plan.
But it’s the unnamed source that has the most explosive claims: according to this source, he was having a meeting with Weldon in March of 2017. It was a meeting of around 4–5 people to discuss Weldon’s business. And when the topic of Russia came up Weldon apparently spontaneously started talking about how upset he was that the ‘peace plan’ had been exposed in the news just a couple of weeks earlier. And it was during this outburst that Weldon lamented that they were so close to getting the deal done and that Viktor Vekselberg had even agreed to finance the promotion of this.
There are two recent stories that add credibility to this claim: the first is that Vekselberg and Cohen met 11 days before Trump’s inauguration. And then second is the recent revelation that Columbus Nova, a New York based investment management firm owned by Viktor Vekselberg’s cousin, paid Michael Cohen over $500,000 over from January to August of 2017 for Cohen’s consulting services. Cohen, it turns out, basically started selling access to Trump as part of a consulting service after Trump won. He even took $400,000 from the government of Ukraine to secure a meeting between Trump and Petro Poroshenko.
And now we learn that Viktor Vekselberg’s cousin paid Cohen over $500,000 on consulting fees starting in January 2017 and Curt Weldon blurted out that Vekselberg agreed to finance the promotion of the ‘peace plan’. It’s why Weldon is now being seeing as possible missing piece in the Russia probe:
“Curt Weldon, a Republican and former Pennsylvania congressman, lost his reelection campaign more than a decade ago following an FBI probe into his ties to two Russian companies. He has “connections to both Russia and the Trump campaign” that are raising suspicions among senators, a spokeswoman for Democratic Senator Dianne Feinstein said. Feinstein is the committee’s ranking member, and wants to interview Weldon, the spokeswoman said.”
Yes, Curt Weldon has ties to both the Trump campaign and Russia, but as we’re going to see, his primary contact in this particular story is to Andrii Artemenko, the Ukrainian politicians with close ties to far right Right Sector/Pravy Sector neo-Nazi organization with a virulently anti-Russian platform:
Yep, it turns out Weldon has known Artemenko for more than a decade.
So how does Weldon tie into the Artemenko/Sater/Cohen ‘peace plan’? Well, that’s according two sources, Tommy Allen, the founder of Allen Tactical Security Consultants, and one unnamed source.
And it’s the unnamed source who claims that Weldon told him explicitly that Russian oligarch Viktor Vekselberg had already agreed to finance the promotion of the plan:
Note how Weldon allegedly made this claim about Vekselberg to this unnamed source two weeks after the story of this ‘peace plan’ scheme was reported on in the media, creating a giant scandal. So Weldon apparently not only admitted to being part of this plan but also asserted that the Russian government (or at least top oligarch) was already behind it. It’s one helluva an admission given the context and the kind of admission you would expect Weldon to only make to someone he really trusts if he wanted it to remain a secret. So he either made this admission to the wrong person (since they are talking to the press about it) or this was an admission that was intended to eventually get out.
But adding to the credibility of this unnamed source is that the recent reporting about Columbus Nova, a New York-based investment management firm owned by a cousin of Viktor Vekselberg, paying Michael Cohen over $500,000 in 2017 for Cohen’s consulting services after Cohen basically made himself ‘open for business’ to anyone wanting to pay for access to Trump:
Additionally, it’s been reported that Cohen and Vekselberg met 11 days before Trump’s inauguration:
But note how even the Urkainian government paid Cohen $400,000 to get Petro Poroshenko a meeting with Trump last year too, so Cohen appeared to be ‘open for business’ to just about anyone at that point:
For what it’s worth (which isn’t much), Felix Sater also denies both Vekselberg and Columbus Nova played any role in the scheme:
So what does Curt Weldon say about all this? Not surprisingly, he denies any knowledge of this peace plan:
But Tommy Allen, the founder of Allen Tactical Security Consultants, claims that Weldon asked him to vet Artemenko’s ‘peace plan’:
So that sure sounds like Weldon was indeed involved with this plan. And it seems like a safe assumption that Weldon asked Allen to vet the plan before it became a new story.
Also, regarding that February 2016 event that both Cohen and Artemenko spoke at, note how Artemenko makes some rather interesting admissions in his brief talk (it’s about 10 minutes). He talks about how he was among the first to take up armed resistance against the Yanukovych government and helped form the volunteer battalions (~33:50–34:00 in the video), which is consistent with the reports that he was involved with the found of Right Sector. He then goes on to discuss how these actions made him a target of Russian propaganda and how his relatives living in Russia no longer speak to him as a result (~34:00–35:00 in the video). It’s a reminder that, while Artemenko certainly has no shortage of ties to Russia, it’s hard to find much in his biography that makes him the ‘pro-Russian’ politicians he’s virtually always characterized as in Western media.
But note how Allen says the funding for the plan would all come from US entities, “The individuals I know of who were providing funding were all U.S. entities.” That’s part of what makes Weldon’s alleged admission that Viktor Vekselberg agreed to finance the promotion of the plan so interesting: He made this claim to this unnamed source during a gathering of Weldon and three or four other people during a meeting that apparently just had to do with Weldon’s businesses (so it was probably Weldon’s business partners). But this meeting took place after it was a big story in the news to a group of people that apparently were meeting with him over business, raising the question of whether or not Weldon was basically trying to give his partners a heads up that he was involved in these story, but also raising the question of whether or not he was trying to put out misinformation intended to protect those US entities who agreed to finance the push for the plan:
At the same time, keep in mind that while Columbus Nova, which was paying Michael Cohen last year, was owned by Vekselberg’s cousin, it’s also an American firm. So it’s possible Columbus Nova was one of the American funding sources Allen was talking about.
At the same time, keep in mind that Columbus Nova’s +$500,000 payments to Cohen in 2017 spanned from January to August, and this ‘peace plan’ was exposed in late February 2017. So it seems pretty unlikely that the payments to Cohen through Columbus Nova were part of a plan to indirectly finance the promotion of that peace plan.
So we’ll see what more emerges for this revelation of Curt Weldon’s claim that Viktor Vekselberg was on board with the ‘peace plan’. But given the possibility that the Russian government essentially agreed to promote this plan, it’s worth keeping in mind one of the main components of the ‘peace plan’: overthrowing the Poroshenko government in a wave of scandalous information with Artemenko replacing him as Ukraine’s new president. So while the ‘peace plan’ itself doesn’t sound like something the Kremlin would be interested in, seeing Poroshenko go down in scandalous flames just might be. As we saw when the story of this plan first broke, Artemenko claimed to have evidence — “names of companies, wire transfer” — showing corruption for Poroshenko that could help oust him.
Also, regarding the misgivings the Kremlin would probably have about someone with Artementko’s far right political pedigree becoming president of Ukraine, keep in mind that there is no guarantee Artemenko would actually become Ukraine’s new president if the scandalous information he claimed to possess became public. In other words, about the only thing guaranteed by this ‘peace plan’ is the exposure of scandalous materials about Poroshenko that could lead to new, possibly far right, government in Ukraine.
And there’s another reason the Kremlin might not mind of the far right took power in Ukraine: it would both discredit the Ukrainian government and make it much less likely that Ukraine ends up joining NATO and moving closer to the West.
And that all points towards a fascinating possibility that really would be quite scandalous: While the ostensible focus of this Sater/Cohen/Artemenko scheme was some sort of ‘peace plan’, it’s possible that the peace plan angle of this is really just a fig leaf for something very different: regime change in Ukraine. Again. But this time with the far right taking power resulting in Ukraine, possibly resulting in Ukraine losing the support of the West? Because, while a neo-Nazi Ukrainian government with the full backing of the West is a Russian nightmare, a neo-Nazi Ukrainian government without the backing of the West could be a very different story from the Kremlin’s perspective.
A win for the global far right, and an indirect win for the Kremlin given how unlikable the Ukrainian government would suddenly become. Might that have been the real plan? If so, you could definitely see why the Kremlin could have been onboard.
The situation in Middle East took another turn for the worse following news of the Israeli assassination of two top Hamas leaders in recent days: one killed in Beirut and the other in Tehran. It was the kind of highly provocative act that had many observers wondering of the Netanyahu government was taking active steps to drag in United States into much broader regional war. Adding to the ominous feel is the fact that these strikes came just days after Benjamin Netanyahu made an appearance before Congress where he vowed “total victory” against Hamas.
And, of course, this is all months before the US presidential election that was just turned on its head less than two weeks ago with the great Biden/Harris swap out. Donald Trump’s reelection prospects were looking a lot better a month ago.
So with the prospects of some sort of Israel-related event transforming the final months of the US presidential campaign and potentially swinging the momentum back towards Donald Trump, it’s worth recall one of the biggest revelations we got in modern US politics that’s been almost entirely forgotten: It was Netanyahu’s close trusted associate, Isaac Molho, who was forwarding information about upcoming Wikileak dumps to Roger Stone during the 2016 election. A revelation that put Netanyahu in the center of the whole ‘Trump Russia’ fiasco and strongly suggested an Israel role in the Democratic hacks. Almost entirely ignored and forgotten.
And don’t forget, if Netanyahu really was directly involved with orchestrating the whole 2016 ‘Russia hack’ on behalf of Donald Trump, he got away with it. Entirely. Even after the story of his involvement was revealed everyone ignored it anyway. It was a wild success. So with Donald Trump again running and again in need of some ‘campaign assistance’, it seems like we should probably be on guard for another round of ‘Russian hacks’. Or maybe it will be ‘Iranian hacks’ this time. ‘Hamas hacks’, perhaps? There’s a range of narratives to choose from.
And that all brings us to an interesting look back at the investigation that resulted in the ‘Russia did it’ conclusion in the first place. Rolling Stone has a new interview of the individual who led that investigation: CIA analyst Michael Van Landingham, the individual eventually tasked with authoring the first draft of the of the intelligence community’s 2017 assessment about Russian election meddling. It’s Van Landingham’s first interview describing the experience.
And while we might hope that some big new investigative revelation was revealed in the interview, it was more or less a rehashing of what we’ve already heard. A lack of new details that leaves the impression that Van Landingham’s conclusion was more or less based on the same ‘public clues’ everyone else was looking at. Major ‘public clues’ left behind thanks to the incredible ‘mistake’ made by the hackers. Mistakes like keeping their Bitly account public so ANYONE who stumbles across one of their spearphishing emails can potentially trace it back to that account and monitoring all the other Bitly links generated for the hacking operation.
And then there was ‘mistake’ the hackers made in including in emails of each of their targets encode in each of the link-shortened URLs. In other words, once someone discovered their publicly available Bitly account, not only could they track which shortened links were being created but who was being targeted with the link too. And it was that information on the identities of the spearphishing victims that allowed researchers to conclude that the hackers were heavily targeting individuals and institutions across the former soviet union but also government officials in the West, in particular people with a professional interest in Russia. And that was more or less the information Van Landingham relied on in arriving at his assessment that it was a Russian hacking operation. If there was more definitive information the US government based that conclusion on, we have yet to hear about it.
Interestingly, the security firm that did this initial analysis of the hackers’s public Bitly account, SecureWorks, claimed back in October of 2016 that they had been tracking Fancy Bear for a year at that point and watching “in real time” the creation of these Bitly accounts. They even watched how the links were clicked by the victims since that’s a feature of the account control panel the hackers left public. They saw 4 victims at the DNC click on their links. So the hacking of the DNC was effectively watching in real time by SecureWorks back in March of 2016. That’s kind of fascinating.
One somewhat new revelation we get from Van Landingham is just how disgusted he was with the quality of the intelligence found in the Steele Dossier. “This is garbage,” Van Landingham recounts thinking at the time. And yet, the FBI was requesting that the dossier be included as evidence to support the team’s conclusions. In fact, he claims he threatened to quit the team at one point over the FBI’s insistence on incorporating the Dossier into the report. In the end, they arrive at a compromise where the dossier would not be used in the final report but it would be put in the an annex. This isn’t the first time we’ve heard about the concerns over the quality of the information in that dossier but it’s interesting to learn it was seen as so shoddy that Van Landingham threatened to quit at the same time the FBI was insisting it be used as evidence.
So just days after Benjamin Netanyahu’s defiant speech before Congress, we get this big ‘update’ on what actually led to the US government’s assessment that, yes, it was definitely Russia behind the 2016 hacks. An update that completely ignores the revelations about Netanyahu’s role and tells us almost nothing we didn’t already know. The kind of update that could only serve to reaffirm to someone like Netanyahu just how easy it is to meddle in a US election and get away with it. As long as your hacking teams leaves enough ‘public clues’ that point towards a preferred culprit, the rest of the cover up takes care of itself:
“The 2017 Intelligence Community Assessment (ICA), dubbed “Assessing Russian Activities and Intentions in Recent U.S. Elections,” was one of the most consequential documents in modern American history. It helped trigger investigations by the House and Senate intelligence committees and a special counsel investigation, and it fueled an eight-year-long grudge that Trump has nursed against the intelligence community. A Trump aide would later testify that the then-president-elect viewed the report as his “Achilles heel,” because it threatened to diminish his surprise electoral victory over Hillary Clinton.”
Yeah, “one of the most consequential documents in modern American history” seems like a fair way to characterize the 2017 Intelligence Community Assessment (ICA). And with the peril of a second Trump term looming over the ICA’s authors, we’re now seeing the lead author, Michael van Landingham, come forward to talk about it for the first time. But the threat of Trump’s vengeance isn’t the thing that made the timing of this report notable. It also came just days after Benjamin Netanhayu’s speech before Congress. As we’ve seen, it was Netanyahu’s close trusted associate, Isaac Molho, who was forwarding information about upcoming Wikileak dumps to Roger Stone during the 2016 election. And while US investigators may have preferred the “Israel was spying on the Russian hackers” explanation for this surprise twist that we didn’t learn until last year, it was the kind of revelation that obviously raises major questions about whether or not the DNC hacking operating was ultimately an Israeli op. There was, of course, zero mention of any of this history during Netanyahu’s recent trip to Congress. But you have to wonder if the timing of this new account by Van Landingham — an account that serves to shore up the ‘Russia did it’ conclusion — is just a coincidence:
Starting off, Van Landingham acknowledges how his team apparently had major knowledge gaps about who carried out the attacks. “There wasn’t that much known about what was the political role of the [Russian hacking] units, not just the military or the operational role. But what do they do? Who are these people?” Keep in mind that ‘Russian hackers’ were blamed almost immediately upon the release of this story:
And as Van Landingham also describes, part of what made the work for his team difficult was how extremely compartmentalized and secretive they were. Keep in mind that we saw this compartmentalization reflected in the admission by then-CIA director John Brennan during a congressional testimony that it was only four US intelligence agencies — the CIA, FBI, NSA, under the direction of ODNI — and NOT all seventeen agencies as widely touted that participated in that investigation. So when we see Van Landingham describe how he almost quit the team in protest over the low quality of the FBI’s Steele Dossier, keep in mind the FBI was a MAJOR piece of this investigative team. It was really just some people from the CIA, NSA, and FBI. That was it. And the CIA guys apparently felt the FBI was peddling “garbage” but were forced to take it seriously anyway:
Interestingly, despite being the guy in charge of coming to the conclusion that Russian hackers were behind the DNC hack, even Van Landingham goes on to lament how claims of ‘Russian influence’ ended getting wildly over hyped and blown out of proportion:
So what was it that led Van Landingham’s team to arrive at the conclusion that Russian hackers were responsible for the 2016 Democratic Party data dumps? Well, we told that the publication of a Wikileaks tranche in late October 2016 provided the conclusive evidence. In that tranche was the original spearphishing email that tricked John Podesta into revealing his password. How did that spearphishing email lead to that conclusion? As we’ve seen, the link to the corrupt website that looked like a Google password-changing site used to capture Podesta’s password was generated using the Bitly link-shortening service. And the hackers apparently made the incredible mistake of leaving their Bitly account publicly available and open to security researchers to examine the targets of nearly 4,000 different emails targeted by this hacking group. And as that public Bitly account revealed, the targets went far beyond Democrats and included journalists and former government and military officials across the US and Europe. It was an incredible ‘mistake’ on the part of the hackers that seemingly left investigators the powerful trail of public clues that whoever hacked the Democrats was interested in hacking the kind of broad array of national security-related targets in the West that we might expect Russian government hackers to be target. Which isn’t actually direct evidence. It’s inference based on a trail of ‘public clues’ incredibly left behind by these otherwise sophisticated hackers:
Now, given the evidence that it was Netanyahu’s close personal associate who was feeding Roger Stone information about the upcoming Democratic leaks, we have to ask: wouldn’t making incredible ‘mistakes’ like leaving that Bitly account public and handing all these ‘public clues’ over to investigators exactly the kind of thing Israeli hackers — maybe not government hackers but private hackers affiliated with Netanyahu — would have been inclined to do in order to leave a false trail?
And then there’s the obvious follow up question: if it really was Isreali hackers associated with Netanyahu, why not do it again since it worked out so well the first time? And given Netanyahu’s own political peril it’s not hard to imagine he’ll be even more inclined to take risks than he was in 2016. If Netanyahu got away with it in 2016, what’s in store for 2024? Especially now that Trump’s election prospects are looking far less promising following the Biden/Harris swap out. Time will tell, but it’s hard to be assured there isn’t going to be a new round of hacks in store for the final weeks of the 2024 campaign given that precedent. Again, Netanyahu got away with it in 2016 and he’s far more desperate in 2024. It’s a recipe for something big enough to reset the presidential race in Donald Trump’s direction.
So with that growing prospect of some sort of renewed round of false flag foreign election meddling in mind, it’s worth taking another look back at the October 2016 Vice Motherboard article where we learned about the incredible mistakes seemingly made by the hackers that revealed all the ‘public clues’ about the broad nature of the military and political individuals and institutions targeted by the hackers. Because it wasn’t just that they left their Bitly account public, allowing researchers to view thousands of Bitly links — each one tailored for a different target — but they also had those Bitly links point to longer URLs that included the target’s email address. That’s what allowed investigators to rapidly assess the nature of the thousands of people targeted in this hacking campaign. The hackers left the Bitly account public and used non-shortened links that included the target’s email address. And thanks to those ‘mistakes’, the hackers handed investigators around the world ‘public clues’ screaming ‘we are hackers who really don’t like the West and probably work for a government’:
“All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that’s tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear.”
Fancy Bear was apparently operating in a manner that just allowed security researchers to openly monitor their hacking campaign targets. And in the case of SecureWorks, which claimed at the time to have been tracking Fancy Bear for a year at that point. But it wasn’t just leaving the Bitly account public. That ‘mistake’ alone wouldn’t have revealed the identities of their hacking targets. The hackers also chose to encode that identity information in easily decoded character strings that were part of shorten-links Bitly was obscuring. So it sounds like once investigators found the public Bitly account they could track in real time who was being targeted, which itself is a remarkable admission. Also note that it wasn’t one Bitly account that the hackers forgot to set to private. It was two Bitly accounts:
So what’s the explanation for these incredible ‘mistakes’? Well, we’re just told that leaving the Bitly account public was just a pure mistake. But one researcher suggested the decision to use encoded strings revealing the identities of the targets “might help them keep track of or better organize their operations, tailor credential harvesting pages to specific victims, monitor the effectiveness of their operations, or diffuse their operations against various targets across several URLs to facilitate continuity should one of the URLs be discovered.” In other words, the hackers were apparently super lazy. Keep in mind that there was absolutely nothing preventing these hackers from using randomly generated strings tied to an internal database of contact information on the targets. But they decided to use the strings that directly encoded their targets’ names and emails. But also keep in mind that this ‘mistake’ was massively compounded by the ‘mistake’ of leaving the Bitly account public. Each mistake, alone, was damaging to the operation but not a disaster. Taken together, and it was enough ‘public evidence’ to allow researchers and reporters to confidently tout ‘it was Russia!’:
And yet, note this admission we also get in the article: none of the evidence revealed by the public Bitly account serves as a clear smoking gun it was a Russian government operation. Instead, we are told how it’s fair to assume that the US intelligence community’s conclusion that it was Russia was based on evidence that can’t be revealed. And yet, as we just saw in the about interview of Michael van Landingham, it was these ‘public clues’ that Van Landingham kept referring to in making his case. The secret evidence everyone assumed exists doesn’t appear to actually exist. Or at least we have yet to hear about it:
Now, regarding that claim by SecureWorks that they had been monitoring Fancy Bear for a year at that point and were observing Fancy Bear’s Bitly accounts, keep in mind that SecureWorks also claimed they were monitoring Fancy Bear’s Bitly account over that period and watched the creation of these links “in real time”. Beyond that, they could see how often those links were click, observing how at least 4 people at the DNC clicked on these spearphishing links at the time. So there was apparently a security firm watching not just the creation of these spearphishing links targeting the DNC in real time but also watched how those links were being clicked:
““We were monitoring bit.ly and saw the accounts being created in real time,” said Phil Burdette, a senior security researcher at SecureWorks, explaining how they stumbled upon the URLs set up by Fancy Bear. Bitly also keeps data on when a link is clicked, which allowed Burdette to determine that of the 108 email addresses targeted at the Clinton campaign, 20 people clicked on the links (at least four people clicked the link more than once). At the DNC, 16 email addresses were targeted, and 4 people clicked on them.”
SecureWorks was watching the creation of the Bitly accounts “in real time” and could presumably watch all the links they were creating in real time too. And then they got to watch as the ‘hit counters’ on the links started racking up clicks. Include four people at the DNC and four people on the Clinton campaign. This is also a good time to recall how the FBI reportedly warned the DNC back in September of 2015 that they had been hacked, but those warnings were apparently ignored until March of 2016. A whole lot of people were watching these hacks play out in real time, it would seem.
We’ll see if there are any major digital disruptions to impact the 2024 race. There’s plenty of time left. So try not to be surprised when ‘Russia/China/Iran/North Korea’ decides to stage a major disruption and the culprits gets caught by investigators from all the public evidence left behind thanks to an incredible series of highly revealing mistakes that just happened to public point to a one of these preferred culprits.