Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #965 Are We Going to Have a Third World War?

WFMU-FM is pod­cast­ing For The Record–You can sub­scribe to the pod­cast HERE.

You can sub­scribe to e‑mail alerts from Spitfirelist.com HERE.

You can sub­scribe to RSS feed from Spitfirelist.com HERE.

You can sub­scribe to the com­ments made on pro­grams and posts–an excel­lent source of infor­ma­tion in, and of, itself HERE.

This broad­cast was record­ed in one, 60-minute seg­ment.

Intro­duc­tion: Recent devel­op­ments are sug­ges­tive of the omi­nous pos­si­bil­i­ty of an immi­nent Third World War. We present some new infor­ma­tion and recap and fur­ther ana­lyze sto­ries cov­ered in pre­vi­ous pro­grams in order to under­score and high­light the poten­tial dev­as­ta­tion of these events.

As the furor (“fuehrer”?) sur­round­ing the poten­tial­ly lethal polit­i­cal hoax known as “Rus­sia-gate” gains momen­tum, it should be not­ed that the point man for the Trump busi­ness inter­ests in their deal­ings with Rus­sia is Felix Sater. A Russ­ian-born immi­grant, Sater is a pro­fes­sion­al crim­i­nal and a con­vict­ed felon with his­tor­i­cal links to the Mafia. Beyond that, and more impor­tant­ly, Sater is an FBI infor­mant and a CIA con­tract agent:

  • “. . . . There is every indi­ca­tion that the extra­or­di­nar­i­ly lenient treat­ment result­ed from Sater play­ing a get-out-of-jail free card. Short­ly before his secret guilty plea, Sater became a free­lance oper­a­tive of the Cen­tral Intel­li­gence Agency. One of his fel­low stock swindlers, Sal­va­tore Lau­ria, wrote a book about it. The Scor­pi­on and the Frog is described on its cov­er as ‘the true sto­ry of one man’s fraud­u­lent rise and fall in the Wall Street of the nineties.’ Accord­ing to Lauria–and the court files that have been unsealed–Sater helped the CIA buy small mis­siles before they got to ter­ror­ists. He also pro­vid­ed oth­er pur­port­ed nation­al secu­ri­ty ser­vices for a report­ed fee of $300,000. Sto­ries abound as to what else Sater may or may not have done in the are­na of nation­al secu­ri­ty. . . .”
  •  Sater was active on behalf of the Trumps in the fall of 2015: “. . . . Sater worked on a plan for a Trump Tow­er in Moscow as recent­ly as the fall of 2015, but he said that had come to a halt because of Trump’s pres­i­den­tial cam­paign. . . .”
  • Sater was ini­ti­at­ing con­tact between the Rus­sians and “Team Trump” in Jan­u­ary of this year: “ . . . . Nev­er­the­less, in late Jan­u­ary, Sater and a Ukrain­ian law­mak­er report­ed­ly met with Trump’s per­son­al lawyer, Michael Cohen, at a New York hotel. Accord­ing to the Times, they dis­cussed a plan that involved the U.S. lift­ing sanc­tions against Rus­sia, and Cohen said he hand-deliv­ered the plan in a sealed enve­lope to then-nation­al secu­ri­ty advi­sor Michael Fly­nn. Cohen lat­er denied deliv­er­ing the enve­lope to any­one in the White House, accord­ing to the Wash­ing­ton Post. . . .”

A stun­ning devel­op­ment con­cerns extreme ret­i­cence on the part of the U.S. intel­li­gence com­mu­ni­ty:

The Office of the Direc­tor of Nation­al Intel­li­gence had an “inter­est­ing” response to a Free­dom of Infor­ma­tion Act law­suit demand­ing the release of the clas­si­fied report giv­en to Pres­i­dent Oba­ma back in Jan­u­ary pur­port­ing to show the Russ­ian gov­ern­ment was behind the hacks. Accord­ing to the ODNI, the request­ed doc­u­ment would present a risk to human intel­li­gence sources by reveal­ing the com­par­a­tive weight giv­en to human vs tech­ni­cal evi­dence, risk­ing US sources and meth­ods. But the ODNI went fur­ther, sug­gest­ing that even releas­ing a ful­ly redact­ed doc­u­ment would present sim­i­lar risks!

It is NOT easy to see the ODNI’s reluc­tance to release even a ful­ly-redact­ed copy of the report as any­thing but disin­gen­u­ous. In the con­text of poten­tial­ly dev­as­tat­ing dete­ri­o­ra­tion of Russian/U.S. rela­tions over Syr­ia, Ukraine, and the Russ­ian “elec­tion-hack­ing” uproar, the ODNI’s behav­ior can­not be any­thing but dis­qui­et­ing:

” . . . . The intel­li­gence offi­cial argued that a redact­ed ver­sion of the orig­i­nal report would allow a trained eye to assess ‘com­par­a­tive weight’ of human intel­li­gence and sig­nals intel­li­gence report­ing includ­ed in the com­pendi­um. Release of some of the infor­ma­tion the pri­va­cy-focused orga­ni­za­tion wants made pub­lic ‘could prove fatal to U.S. human intel­li­gence sources,’ [Deputy Direc­tor of Nation­al Intel­li­gence for Intel­li­gence Inte­gra­tion Edward] Gis­taro warned.

Gis­taro also appears to argue that even if offi­cials blacked out the whole report, high­ly clas­si­fied infor­ma­tion would be at risk.

‘I agree with the [Nation­al Intel­li­gence Coun­cil] that a heav­i­ly or even ful­ly redact­ed ver­sion of the clas­si­fied report can not be pub­licly released with­out jeop­ar­diz­ing nation­al secu­ri­ty infor­ma­tion prop­er­ly clas­si­fied as SECRET or TOP SECRET,’ he wrote. . . . ‘The ODNI should release the com­plete report to EPIC so that the pub­lic and the Con­gress can under­stand the full extent of the Russ­ian inter­fer­ence with the 2016 Pres­i­den­tial elec­tion,’ EPIC’s Marc Roten­berg told POLITICO Tues­day. ‘It is already clear that gov­ern­ment secre­cy is frus­trat­ing mean­ing­ful over­sight. The FBI, for exam­ple, will not even iden­ti­fy the states that were tar­get­ed by Rus­sia.’ . . . ”

With the high-pro­file hacks being attributed–almost cer­tain­ly falsely–to Rus­sia, there are omi­nous devel­op­ments tak­ing place that may well lead to a Third World War. Dur­ing the clos­ing days of his Pres­i­den­cy, Oba­ma autho­rized the plant­i­ng of cyber weapons on Russ­ian com­put­er net­works. Oba­ma did this after talk­ing with Putin on the Hot Line, estab­lished to pre­vent a Third World War. Putin denied inter­fer­ing in the U.S. elec­tion.

The con­clu­sion that Rus­sia hacked the U.S. elec­tion on Putin’s orders appears to have been based on a CIA source in the Krem­lin. Even when that intel­li­gence was deliv­ered, oth­er agen­cies weren’t ready to accept the CIA’s con­clu­sion and it took intel­li­gence from anoth­er nation (not named) to pro­vide the final intel­li­gence tip­ping point that led to a broad-based con­clu­sion the not only was the Russ­ian gov­ern­ment behind the cyber­at­tacks but that Vladimir Putin him­self ordered it.

That ally’s intel­li­gence is described as “the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia,” how­ev­er the NSA still wasn’t con­vinced based on what sounds like a lack of con­fi­dence in that source. Thus, it looks like a CIA Krem­lin source and an unnamed for­eign intel­li­gence agency with ques­tion­able cre­den­tials are the basis of what appears to be a like­ly future full-scale US/Russian cyber­war.

Of para­mount sig­nif­i­cance is the fact that IF, on Putin’s orders (and we are to believe such) Rus­sia con­tin­ued to hack U.S. com­put­er sys­tems to influ­ence the elec­tion, Putin would have to have gone utter­ly mad. Those hacks would have pre­clud­ed any rap­proche­ment between Rus­sia and the Unit­ed States under a Pres­i­dent Trump. There is no indi­ca­tion that Putin went off the deep end.

Also augur­ing a pos­si­ble Third World War are two devel­op­ments in Syr­ia. Sey­mour Hersh pub­lished an arti­cle in Die Welt reveal­ing that, not only was the April 4 alleged Sarin attack NOT a chem­i­cal weapons attack but there was wide­spread knowl­edge of this in Amer­i­can mil­i­tary and intel­li­gence cir­cles.

What did the intel­li­gence com­mu­ni­ty know about the attack? The Russ­ian and Syr­i­an air force had informed the US in advance of that airstrike that they had intel­li­gence that top lev­el lead­ers of Ahrar al-Sham and Jab­hat al-Nus­ra were meet­ing in that build­ing and they informed of the US of the attack plan in advance of the attack and that it was on a “high-val­ue” tar­get. And the attack involved the unusu­al use of a guid­ed bomb and Syria’s top pilots. ” . . . . Russ­ian and Syr­i­an intel­li­gence offi­cials, who coor­di­nate oper­a­tions close­ly with the Amer­i­can com­mand posts, made it clear that the planned strike on Khan Sheikhoun was spe­cial because of the high-val­ue tar­get. ‘It was a red-hot change. The mis­sion was out of the ordi­nary – scrub the sked,’ the senior advis­er told me. ‘Every oper­a­tions offi­cer in the region’ – in the Army, Marine Corps, Air Force, CIA and NSA – ‘had to know there was some­thing going on. The Rus­sians gave the Syr­i­an Air Force a guid­ed bomb and that was a rar­i­ty. They’re skimpy with their guid­ed bombs and rarely share them with the Syr­i­an Air Force. And the Syr­i­ans assigned their best pilot to the mis­sion, with the best wing­man.’ The advance intel­li­gence on the tar­get, as sup­plied by the Rus­sians, was giv­en the high­est pos­si­ble score inside the Amer­i­can com­mu­ni­ty. . . .”

Fol­low­ing the attack, US intel­li­gence con­clud­ed that there was no sarin gas attack, Assad wouldn’t have been that polit­i­cal­ly sui­ci­dal. The symp­toms of chem­i­cal poi­son­ing fol­low­ing the bomb­ing was like­ly due to a mix­ture of chlo­rine, fer­til­iz­ers, and oth­er chem­i­cals stored in the build­ing that was tar­get­ed by the Syr­i­an air­force cre­at­ed by sec­ondary explo­sions from the ini­tial bomb­ing” . . . ‘This was not a chem­i­cal weapons strike,’ the advis­er said. ‘That’s a fairy tale. . . .”

The symp­toms of chem­i­cal poi­son­ing fol­low­ing the bomb­ing was like­ly due to a mix­ture of chlo­rine, fer­til­iz­ers, and oth­er chem­i­cals stored in the build­ing that was tar­get­ed by the Syr­i­an air­force cre­at­ed by sec­ondary explo­sions from the ini­tial bomb­ing” . . . . A Bomb Dam­age Assess­ment (BDA) by the U.S. mil­i­tary lat­er deter­mined that the heat and force of the 500-pound Syr­i­an bomb trig­gered a series of sec­ondary explo­sions that could have gen­er­at­ed a huge tox­ic cloud that began to spread over the town, formed by the release of the fer­til­iz­ers, dis­in­fec­tants and oth­er goods stored in the base­ment, its effect mag­ni­fied by the dense morn­ing air, which trapped the fumes close to the ground. . . .”

The behav­ior of the Trump admin­is­tra­tion was not only in direct con­flict with intel­li­gence on the attack, but rein­forced pro­pa­gan­da by some of the Al-Qae­da-linked jihadists the West has been using as proxy war­riors in Syr­ia and else­where:  ” . . . . The Salafists and jihadists got every­thing they want­ed out of their hyped-up Syr­i­an nerve gas ploy,’ the senior advis­er to the U.S. intel­li­gence com­mu­ni­ty told me, refer­ring to the flare up of ten­sions between Syr­ia, Rus­sia and Amer­i­ca. ‘The issue is, what if there’s anoth­er false flag sarin attack cred­it­ed to hat­ed Syr­ia? Trump has upped the ante and paint­ed him­self into a cor­ner with his deci­sion to bomb. And do not think these guys are not plan­ning the next faked attack. Trump will have no choice but to bomb again, and hard­er. He’s inca­pable of say­ing he made a mis­take.’ . . .”

Pro­gram High­lights Include: 

  • Review of a Trump admin­is­tra­tion warn­ing of anoth­er sup­posed, impend­ing “Syr­i­an chem­i­cal weapons strike”–a warn­ing that has since been retract­ed.
  • Dis­cus­sion of bril­liant Nazi hack­er Andrew Aueren­heimer’s orches­tra­tion of an “Alt-right” online intim­i­da­tion cam­paign against CNN employ­ees. Aueren­heimer is cur­rent­ly resid­ing in Ukraine. One of the omi­nous pos­si­bil­i­ties con­cerns the activation/manipulation of the NSA cyber-weapons installed on Russ­ian com­put­er net­works by a third par­ty.
  • Review of the obser­va­tions by a Ger­man professor–opposed to Nazism/Hitler–who described the essence of what it was like, sub­jec­tive­ly, to live through the rise of Hitler. His obser­va­tion is pre­sent­ed in the con­text of the ODNI’s deci­sion not to release even a ful­ly-redact­ed ver­sion of the intel­li­gence report on “Russ­ian med­dling” in the U.S. elec­tion. ” . . . . . . . . What hap­pened here was the grad­ual habit­u­a­tion of the peo­ple, lit­tle by lit­tle, to being gov­erned by sur­prise, to receiv­ing deci­sions delib­er­at­ed in secret, to believ­ing that the sit­u­a­tion was so com­pli­cat­ed that the gov­ern­ment had to act on infor­ma­tion which the peo­ple could not under­stand because of nation­al­i­ty secu­ri­ty, so dan­ger­ous that even if the peo­ple the peo­ple could under­stand it, it could not be released because of nation­al secu­ri­ty. . . .”

1. The Office of the Direc­tor of Nation­al Intel­li­gence had an “inter­est­ing” response to a Free­dom of Infor­ma­tion Act law­suit demand­ing the release of the clas­si­fied report giv­en to Pres­i­dent Oba­ma back in Jan­u­ary pur­port­ing to show the Russ­ian gov­ern­ment was behind the hacks. Accord­ing to the ODNI, the request­ed doc­u­ment would present a risk to human intel­li­gence sources by reveal­ing the com­par­a­tive weight giv­en to human vs tech­ni­cal evi­dence, risk­ing US sources and meth­ods. But the ODNI went fur­ther, sug­gest­ing that even releas­ing a ful­ly redact­ed doc­u­ment would present sim­i­lar risks!

“Feds Won’t Release Redact­ed Intel­li­gence Report on Russ­ian Elec­tion Med­dling” by Josh Ger­stein; Politi­co; 06/27/2017

The Trump admin­is­tra­tion is refus­ing to release a redact­ed ver­sion of a key report Pres­i­dent Barack Oba­ma received in Jan­u­ary on alleged Russ­ian inter­fer­ence in the 2016 pres­i­den­tial elec­tion, court fil­ings show.

Then-Direc­tor of Nation­al Intel­li­gence James Clap­per made pub­lic an unclas­si­fied ver­sion of that report, but the Elec­tron­ic Pri­va­cy Infor­ma­tion Cen­ter brought a Free­dom of Infor­ma­tion Act law­suit demand­ing a copy of the clas­si­fied report giv­en to Oba­ma at the same time. EPIC said the unclas­si­fied ver­sion omit­ted “crit­i­cal tech­ni­cal evi­dence” that could help the pub­lic assess U.S. intel­li­gence agen­cies’ claims that Rus­sia did make efforts to affect the out­come of the 2016 race.

How­ev­er, a top offi­cial in the Office of the Direc­tor of Nation­al Intel­li­gence said in a court dec­la­ra­tion filed Mon­day that releas­ing the orig­i­nal report with clas­si­fied infor­ma­tion blacked out would be a field day for for­eign intel­li­gence oper­a­tives, includ­ing the very Rus­sians the report accus­es of under­tak­ing the inter­fer­ence.

“Release of a redact­ed report would be of par­tic­u­lar assis­tance to Russ­ian intel­li­gence, which, armed with both the declas­si­fied report and a redact­ed copy of the clas­si­fied report, would be able to dis­cern the vol­ume of intel­li­gence the U.S. cur­rent­ly pos­sess­es with respect to Russ­ian attempts to influ­ence the 2016 elec­tion,” Deputy Direc­tor of Nation­al Intel­li­gence for Intel­li­gence Inte­gra­tion Edward Gis­taro wrote.

“This would reveal the matu­ri­ty of the U.S. intel­li­gence efforts and expose infor­ma­tion about the [intel­li­gence community’s] capa­bil­i­ties (includ­ing sources and meth­ods) that could rea­son­ably be expect­ed to cause seri­ous or excep­tion­al­ly grave dan­ger to U.S. nation­al secu­ri­ty.”

The intel­li­gence offi­cial argued that a redact­ed ver­sion of the orig­i­nal report would allow a trained eye to assess “com­par­a­tive weight” of human intel­li­gence and sig­nals intel­li­gence report­ing includ­ed in the com­pendi­um. Release of some of the infor­ma­tion the pri­va­cy-focused orga­ni­za­tion wants made pub­lic “could prove fatal to U.S. human intel­li­gence sources,” [Deputy Direc­tor of Nation­al Intel­li­gence for Intel­li­gence Inte­gra­tion Edward] Gis­taro warned.

Gis­taro also appears to argue that even if offi­cials blacked out the whole report, high­ly clas­si­fied infor­ma­tion would be at risk.

“I agree with the [Nation­al Intel­li­gence Coun­cil] that a heav­i­ly or even ful­ly redact­ed ver­sion of the clas­si­fied report can not be pub­licly released with­out jeop­ar­diz­ing nation­al secu­ri­ty infor­ma­tion prop­er­ly clas­si­fied as SECRET or TOP SECRET,” he wrote.

EPIC sought the infor­ma­tion in Jan­u­ary, just days after offi­cials released the pub­lic ver­sion of the report. The group filed suit in fed­er­al court in Wash­ing­ton in Feb­ru­ary after fail­ing to get any records from ODNI.

“The ODNI should release the com­plete report to EPIC so that the pub­lic and the Con­gress can under­stand the full extent of the Russ­ian inter­fer­ence with the 2016 Pres­i­den­tial elec­tion,” EPIC’s Marc Roten­berg told POLITICO Tues­day. “It is already clear that gov­ern­ment secre­cy is frus­trat­ing mean­ing­ful over­sight. The FBI, for exam­ple, will not even iden­ti­fy the states that were tar­get­ed by Rus­sia.”

Roten­berg said his group is pur­su­ing two oth­er relat­ed FOIA suits: one seek­ing records abou the FBI’s response to the alleged Russ­ian med­dling and anoth­er seek­ing Trump’s tax records from the IRS.

2. The ODNI’s response to the Free­dom of Infor­ma­tion Act Suit brings to mind an obser­va­tion by a Ger­man pro­fes­sor who was opposed to Nazism and sur­vived to relate what it was like sub­jec­tive­ly to live through the rise of Hitler: “. . . .  What hap­pened here was the grad­ual habit­u­a­tion of the peo­ple, lit­tle by lit­tle, to being gov­erned by sur­prise, to receiv­ing deci­sions delib­er­at­ed in secret, to believ­ing that the sit­u­a­tion was so com­pli­cat­ed that the gov­ern­ment had to act on infor­ma­tion which the peo­ple could not under­stand because of nation­al­i­ty secu­ri­ty, so dan­ger­ous that even if the peo­ple the peo­ple could under­stand it, it could not be released because of nation­al secu­ri­ty. . . .”

They Thought they Were Free: The Ger­mans 1933–1945; by Mil­ton May­er; copy­right 1955 [SC]; Uni­ver­si­ty of Chica­go Press; ISBN 0–226-51190–1; pp. 166–167.

. . . .  What hap­pened here was the grad­ual habit­u­a­tion of the peo­ple, lit­tle by lit­tle, to being gov­erned by sur­prise, to receiv­ing deci­sions delib­er­at­ed in secret, to believ­ing that the sit­u­a­tion was so com­pli­cat­ed that the gov­ern­ment had to act on infor­ma­tion which the peo­ple could not under­stand because of nation­al­i­ty secu­ri­ty, so dan­ger­ous that even if the peo­ple the peo­ple could under­stand it, it could not be released because of nation­al secu­ri­ty. . . . This sep­a­ra­tion of gov­ern­ment from peo­ple, this widen­ing of the gap, took place so grad­u­al­ly and so insen­si­bly, each step dis­guised (per­haps not even inten­tion­al­ly) as a tem­po­rary emer­gency mea­sure or asso­ci­at­ed with true patri­ot­ic alle­giance or with real social pur­pos­es. . . . so occu­pied the peo­ple that they did not see the slow motion under­neath, of the whole process of the Gov­ern­ment grow­ing remot­er and remot­er . . . .

3a. It sounds like the con­clu­sion that Rus­sia hacked the U.S. elec­tion on Putin’s orders was based on a CIA source in the Krem­lin. Even when that intel­li­gence was deliv­ered, oth­er agen­cies weren’t ready to accept the CIA’s con­clu­sion and it took intel­li­gence from anoth­er nation (not named) to pro­vide the final intel­li­gence tip­ping point that led to a broad-based con­clu­sion the not only was the Russ­ian gov­ern­ment behind the cyber­at­tacks but that Vladimir Putin him­self ordered it. That ally’s intel­li­gence is described as “the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia,” how­ev­er the NSA still wasn’t con­vinced based on what sounds like a lack of con­fi­dence in that source. Thus, it looks like a CIA Krem­lin source and an unnamed for­eign intel­li­gence agency with ques­tion­able cre­den­tials are the basis of what appears to be a like­ly future full-scale US/Russian cyber­war.

” . . . .Inside was an intel­li­gence bomb­shell, a report drawn from sourc­ing deep inside the Russ­ian gov­ern­ment that detailed Russ­ian Pres­i­dent Vladimir Putin’s direct involve­ment in a cyber cam­paign to dis­rupt and dis­cred­it the U.S. pres­i­den­tial race. . . .”

We are told that a CIA deep Russ­ian gov­ern­ment source is the pri­ma­ry source of the ‘Putin ordered it’ con­clu­sion. Well, at least that’s bet­ter than the bad joke tech­ni­cal evi­dence that’s been pro­vid­ed thus far. But even that source’s claims appar­ent­ly weren’t enough to con­vinced oth­er parts of the intel­li­gence com­mu­ni­ty. It took the intel­li­gence from the unnamed ally to do that:

” . . . . But it went fur­ther. The intel­li­gence cap­tured Putin’s spe­cif­ic instruc­tions on the operation’s auda­cious objec­tives — defeat or at least dam­age the Demo­c­ra­t­ic nom­i­nee, Hillary Clin­ton, and help elect her oppo­nent, Don­ald Trump.

At that point, the out­lines of the Russ­ian assault on the U.S. elec­tion were increas­ing­ly appar­ent. Hack­ers with ties to Russ­ian intel­li­gence ser­vices had been rum­mag­ing through Demo­c­ra­t­ic Par­ty com­put­er net­works, as well as some Repub­li­can sys­tems, for more than a year. In July, the FBI had opened an inves­ti­ga­tion of con­tacts between Russ­ian offi­cials and Trump asso­ciates. And on July 22, near­ly 20,000 emails stolen from the Demo­c­ra­t­ic Nation­al Com­mit­tee were dumped online by Wik­iLeaks.

But at the high­est lev­els of gov­ern­ment, among those respon­si­ble for man­ag­ing the cri­sis, the first moment of true fore­bod­ing about Russia’s inten­tions arrived with that CIA intel­li­gence.

It took time for oth­er parts of the intel­li­gence com­mu­ni­ty to endorse the CIA’s view. Only in the administration’s final weeks in office did it tell the pub­lic, in a declas­si­fied report, what offi­cials had learned from Bren­nan in August — that Putin was work­ing to elect Trump.

Despite the intel­li­gence the CIA had pro­duced, oth­er agen­cies were slow­er to endorse a con­clu­sion that Putin was per­son­al­ly direct­ing the oper­a­tion and want­ed to help Trump. “It was def­i­nite­ly com­pelling, but it was not defin­i­tive,” said one senior admin­is­tra­tion offi­cial. “We need­ed more.”

Some of the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia came from anoth­er coun­try, offi­cials said. Because of the source of the mate­r­i­al, the NSA was reluc­tant to view it with high con­fi­dence. . . .

“. . . . The most dif­fi­cult mea­sure to eval­u­ate is one that Oba­ma allud­ed to in only the most oblique fash­ion when announc­ing the U.S. response.

“We will con­tin­ue to take a vari­ety of actions at a time and place of our choos­ing, some of which will not be pub­li­cized,” he said in a state­ment released by the White House.

He was refer­ring, in part, to a cyber oper­a­tion that was designed to be detect­ed by Moscow but not cause sig­nif­i­cant dam­age, offi­cials said. The oper­a­tion, which entailed implant­i­ng com­put­er code in sen­si­tive com­put­er sys­tems that Rus­sia was bound to find, served only as a reminder to Moscow of the Unit­ed States’ cyber reach.

But Oba­ma also signed the secret find­ing, offi­cials said, autho­riz­ing a new covert pro­gram involv­ing the NSA, CIA and U.S. Cyber Com­mand.

Oba­ma declined to com­ment for this arti­cle, but a spokesman issued a state­ment: ‘This sit­u­a­tion was tak­en extreme­ly seri­ous­ly, as is evi­dent by Pres­i­dent Oba­ma rais­ing this issue direct­ly with Pres­i­dent Putin; 17 intel­li­gence agen­cies issu­ing an extra­or­di­nary pub­lic state­ment; our home­land secu­ri­ty offi­cials work­ing relent­less­ly to bol­ster the cyber defens­es of vot­ing infra­struc­ture around the coun­try; the Pres­i­dent direct­ing a com­pre­hen­sive intel­li­gence review, and ulti­mate­ly issu­ing a robust response includ­ing shut­ting down two Russ­ian com­pounds, sanc­tion­ing nine Russ­ian enti­ties and indi­vid­u­als, and eject­ing 35 Russ­ian diplo­mats from the coun­try.’

The cyber oper­a­tion is still in its ear­ly stages and involves deploy­ing ‘implants’ in Russ­ian net­works deemed ‘impor­tant to the adver­sary and that would cause them pain and dis­com­fort if they were dis­rupt­ed,’ a for­mer U.S. offi­cial said.

The implants were devel­oped by the NSA and designed so that they could be trig­gered remote­ly as part of retal­ia­to­ry cyber-strike in the face of Russ­ian aggres­sion, whether an attack on a pow­er grid or inter­fer­ence in a future pres­i­den­tial race. [“ . . . devel­oped by the NSA”–Well, at least we can be sure that the NSA’s oper­a­tions are secure, invul­ner­a­ble to pen­e­tra­tion and/or manip­u­la­tion by out­side inter­ests (!)–D.E.]

Offi­cials famil­iar with the mea­sures said that there was con­cern among some in the admin­is­tra­tion that the dam­age caused by the implants could be dif­fi­cult to con­tain. . . .”

Keep in mind that such a response from the US would be entire­ly pre­dictable if the Russ­ian gov­ern­ment real­ly did order this hack attack. Rus­sia would be at a height­ened risk for years or decades to come if Putin real­ly did order this attack. There’s no rea­son to assume that the Russ­ian gov­ern­ment wouldn’t be well aware of this con­se­quence. So if Putin real­ly did order this hack he would have to have gone insane. That’s how stu­pid this attack was if Putin actu­al­ly ordered it. But accord­ing to a CIA spy in the Krem­lin, along with a ques­tion­able for­eign ally, that’s exact­ly what Putin did. Because he appar­ent­ly went insane and pre­emp­tive­ly launched a cyber­war know­ing full well how dev­as­tat­ing the long-term con­se­quences could be. Because he real­ly, real­ly, real­ly hates Hillary. That’s the nar­ra­tive we’re being giv­en.

And now, any future attacks on US elec­tions or the US elec­tri­cal grid that can some­how be pinned on the Rus­sians is going to trig­ger some sort of painful wave or retal­ia­to­ry cyber­bombs. Which, of course, will like­ly trig­ger a way of counter-retal­ia­to­ry cyber­bombs in the US. And a full-scale cyber­war will be born and we’ll just have to hope it stays in the cyber domain. That’s were we are now based on a CIA spy in the Krem­lin and an unnamed for­eign intel­li­gence agency

“Obama’s secret strug­gle to pun­ish Rus­sia for Putin’s elec­tion assault” by Greg Miller, Ellen Nakashima and Adam Entous; The Wash­ing­ton Post; 06/23/2017

Ear­ly last August, an enve­lope with extra­or­di­nary han­dling restric­tions arrived at the White House. Sent by couri­er from the CIA, it car­ried “eyes only” instruc­tions that its con­tents be shown to just four peo­ple: Pres­i­dent Barack Oba­ma and three senior aides.

Inside was an intel­li­gence bomb­shell, a report drawn from sourc­ing deep inside the Russ­ian gov­ern­ment that detailed Russ­ian Pres­i­dent Vladimir Putin’s direct involve­ment in a cyber cam­paign to dis­rupt and dis­cred­it the U.S. pres­i­den­tial race.

But it went fur­ther. The intel­li­gence cap­tured Putin’s spe­cif­ic instruc­tions on the operation’s auda­cious objec­tives — defeat or at least dam­age the Demo­c­ra­t­ic nom­i­nee, Hillary Clin­ton, and help elect her oppo­nent, Don­ald Trump.

At that point, the out­lines of the Russ­ian assault on the U.S. elec­tion were increas­ing­ly appar­ent. Hack­ers with ties to Russ­ian intel­li­gence ser­vices had been rum­mag­ing through Demo­c­ra­t­ic Par­ty com­put­er net­works, as well as some Repub­li­can sys­tems, for more than a year. In July, the FBI had opened an inves­ti­ga­tion of con­tacts between Russ­ian offi­cials and Trump asso­ciates. And on July 22, near­ly 20,000 emails stolen from the Demo­c­ra­t­ic Nation­al Com­mit­tee were dumped online by Wik­iLeaks.

But at the high­est lev­els of gov­ern­ment, among those respon­si­ble for man­ag­ing the cri­sis, the first moment of true fore­bod­ing about Russia’s inten­tions arrived with that CIA intel­li­gence.

The mate­r­i­al was so sen­si­tive that CIA Direc­tor John Bren­nan kept it out of the President’s Dai­ly Brief, con­cerned that even that restrict­ed report’s dis­tri­b­u­tion was too broad. The CIA pack­age came with instruc­tions that it be returned imme­di­ate­ly after it was read. To guard against leaks, sub­se­quent meet­ings in the Sit­u­a­tion Room fol­lowed the same pro­to­cols as plan­ning ses­sions for the Osama bin Laden raid.

It took time for oth­er parts of the intel­li­gence com­mu­ni­ty to endorse the CIA’s view. Only in the administration’s final weeks in office did it tell the pub­lic, in a declas­si­fied report, what offi­cials had learned from Bren­nan in August — that Putin was work­ing to elect Trump.

Over that five-month inter­val, the Oba­ma admin­is­tra­tion secret­ly debat­ed dozens of options for deter­ring or pun­ish­ing Rus­sia, includ­ing cyber­at­tacks on Russ­ian infra­struc­ture, the release of CIA-gath­ered mate­r­i­al that might embar­rass Putin and sanc­tions that offi­cials said could “crater” the Russ­ian econ­o­my.

But in the end, in late Decem­ber, Oba­ma approveda mod­est pack­age com­bin­ing mea­sures that had been drawn up to pun­ish Rus­sia for oth­er issues — expul­sions of 35 diplo­mats and the clo­sure of two Russ­ian com­pounds — with eco­nom­ic sanc­tions so nar­row­ly tar­get­ed that even those who helped design them describe their impact as large­ly sym­bol­ic.

Oba­ma also approved a pre­vi­ous­ly undis­closed covert mea­sure that autho­rized plant­i­ng cyber weapons in Russia’s infra­struc­ture, the dig­i­tal equiv­a­lent of bombs that could be det­o­nat­ed if the Unit­ed States found itself in an esca­lat­ing exchange with Moscow. The project, which Oba­ma approved in a covert-action find­ing, was still in its plan­ning stages when Oba­ma left office. It would be up to Pres­i­dent Trump to decide whether to use the capa­bil­i­ty.

In polit­i­cal terms, Russia’s inter­fer­ence was the crime of the cen­tu­ry, an unprece­dent­ed and large­ly suc­cess­ful desta­bi­liz­ing attack on Amer­i­can democ­ra­cy. It was a case that took almost no time to solve, traced to the Krem­lin through cyber-foren­sics and intel­li­gence on Putin’s involve­ment. And yet, because of the diver­gent ways Oba­ma and Trump have han­dled the mat­ter, Moscow appears unlike­ly to face pro­por­tion­ate con­se­quences.

Those clos­est to Oba­ma defend the administration’s response to Russia’s med­dling. They note that by August it was too late to pre­vent the trans­fer to Wik­iLeaks and oth­er groups of the troves of emails that would spill out in the ensu­ing months. They believe that a series of warn­ings — includ­ing one that Oba­ma deliv­ered to Putin in Sep­tem­ber — prompt­ed Moscow to aban­don any plans of fur­ther aggres­sion, such as sab­o­tage of U.S. vot­ing sys­tems.

Denis McDo­nough, who served as Obama’s chief of staff, said that the admin­is­tra­tion regard­ed Russia’s inter­fer­ence as an attack on the “heart of our sys­tem.”

“We set out from a first-order prin­ci­ple that required us to defend the integri­ty of the vote,” McDo­nough said in an inter­view. “Impor­tant­ly, we did that. It’s also impor­tant to estab­lish what hap­pened and what they attempt­ed to do so as to ensure that we take the steps nec­es­sary to stop it from hap­pen­ing again.”

But oth­er admin­is­tra­tion offi­cials look back on the Rus­sia peri­od with remorse.

“It is the hard­est thing about my entire time in gov­ern­ment to defend,” said a for­mer senior Oba­ma admin­is­tra­tion offi­cial involved in White House delib­er­a­tions on Rus­sia. “I feel like we sort of choked.”

This account of the Oba­ma administration’s response to Russia’s inter­fer­ence is based on inter­views with more than three dozen cur­rent and for­mer U.S. offi­cials in senior posi­tions in gov­ern­ment, includ­ing at the White House, the State, Defense and Home­land Secu­ri­ty depart­ments, and U.S. intel­li­gence ser­vices. Most agreed to speak only on the con­di­tion of anonymi­ty, cit­ing the sen­si­tiv­i­ty of the issue.

The White House, the CIA, the FBI, the Nation­al Secu­ri­ty Agency and the Office of the Direc­tor of Nation­al Intel­li­gence declined to com­ment.

‘Deeply con­cerned’

The CIA break­through came at a stage of the pres­i­den­tial cam­paign when Trump had secured the GOP nom­i­na­tion but was still regard­ed as a dis­tant long shot. Clin­ton held com­fort­able leads in major polls, and Oba­ma expect­ed that he would be trans­fer­ring pow­er to some­one who had served in his Cab­i­net.

The intel­li­gence on Putin was extra­or­di­nary on mul­ti­ple lev­els, includ­ing as a feat of espi­onage.

For spy agen­cies, gain­ing insights into the inten­tions of for­eign lead­ers is among the high­est pri­or­i­ties. But Putin is a remark­ably elu­sive tar­get. A for­mer KGB offi­cer, he takes extreme pre­cau­tions to guard against sur­veil­lance, rarely com­mu­ni­cat­ing by phone or com­put­er, always run­ning sen­si­tive state busi­ness from deep with­in the con­fines of the Krem­lin.

The Wash­ing­ton Post is with­hold­ing some details of the intel­li­gence at the request of the U.S. gov­ern­ment.

In ear­ly August, Bren­nan alert­ed senior White House offi­cials to the Putin intel­li­gence, mak­ing a call to deputy nation­al secu­ri­ty advis­er Avril Haines and pulling nation­al secu­ri­ty advis­er Susan E. Rice aside after a meet­ing before brief­ing Oba­ma along with Rice, Haines and McDo­nough in the Oval Office.

Offi­cials described the president’s reac­tion as grave. Oba­ma “was deeply con­cerned and want­ed as much infor­ma­tion as fast as pos­si­ble,” a for­mer offi­cial said. “He want­ed the entire intel­li­gence com­mu­ni­ty all over this.”

Con­cerns about Russ­ian inter­fer­ence had gath­ered through­out the sum­mer.

Rus­sia experts had begun to see a trou­bling pat­tern of pro­pa­gan­da in which fic­ti­tious news sto­ries, assumed to be gen­er­at­ed by Moscow, pro­lif­er­at­ed across social-media plat­forms.

Offi­cials at the State Depart­ment and FBI became alarmed by an unusu­al spike in requests from Rus­sia for tem­po­rary visas for offi­cials with tech­ni­cal skills seek­ing per­mis­sion to enter the Unit­ed States for short-term assign­ments at Russ­ian facil­i­ties. At the FBI’s behest, the State Depart­ment delayed approv­ing the visas until after the elec­tion.

Mean­while, the FBI was track­ing a flur­ry of hack­ing activ­i­ty against U.S. polit­i­cal par­ties, think tanks and oth­er tar­gets. Rus­sia had gained entry to DNC sys­tems in the sum­mer of 2015 and spring of 2016, but the breach­es did not become pub­lic until they were dis­closed in a June 2016 report by The Post.

Even after the late-July Wik­iLeaks dump, which came on the eve of the Demo­c­ra­t­ic con­ven­tion and led to the res­ig­na­tion of Rep. Deb­bie Wasser­man Schultz (D‑Fla.) as the DNC’s chair­woman, U.S. intel­li­gence offi­cials con­tin­ued to express uncer­tain­ty about who was behind the hacks or why they were car­ried out.

At a pub­lic secu­ri­ty con­fer­ence in Aspen, Colo., in late July, Direc­tor of Nation­al Intel­li­gence James R. Clap­per Jr. not­ed that Rus­sia had a long his­to­ry of med­dling in Amer­i­can elec­tions but that U.S. spy agen­cies were not ready to “make the call on attri­bu­tion” for what was hap­pen­ing in 2016.

“We don’t know enough … to ascribe moti­va­tion,” Clap­per said. “Was this just to stir up trou­ble or was this ulti­mate­ly to try to influ­ence an elec­tion?”

Bren­nan con­vened a secret task force at CIA head­quar­ters com­posed of sev­er­al dozen ana­lysts and offi­cers from the CIA, the NSA and the FBI.

The unit func­tioned as a sealed com­part­ment, its work hid­den from the rest of the intel­li­gence com­mu­ni­ty. Those brought in signed new non-dis­clo­sure agree­ments to be grant­ed access to intel­li­gence from all three par­tic­i­pat­ing agen­cies.

They worked exclu­sive­ly for two groups of “cus­tomers,” offi­cials said. The first was Oba­ma and few­er than 14 senior offi­cials in gov­ern­ment. The sec­ond was a team of oper­a­tions spe­cial­ists at the CIA, NSA and FBI who took direc­tion from the task force on where to aim their sub­se­quent efforts to col­lect more intel­li­gence on Rus­sia.

Don’t make things worse

The secre­cy extend­ed into the White House.

Rice, Haines and White House home­land-secu­ri­ty advis­er Lisa Mona­co con­vened meet­ings in the Sit­u­a­tion Room to weigh the mount­ing evi­dence of Russ­ian inter­fer­ence and gen­er­ate options for how to respond. At first, only four senior secu­ri­ty offi­cials were allowed to attend: Bren­nan, Clap­per, Attor­ney Gen­er­al Loret­ta E. Lynch and FBI Direc­tor James B. Comey. Aides ordi­nar­i­ly allowed entry as “plus-ones” were barred.

Grad­u­al­ly, the cir­cle widened to include Vice Pres­i­dent Biden and oth­ers. Agen­das sent to Cab­i­net sec­re­taries — includ­ing John F. Ker­ry at the State Depart­ment and Ash­ton B. Carter at the Pen­ta­gon — arrived in envelopes that sub­or­di­nates were not sup­posed to open. Some­times the agen­das were with­held until par­tic­i­pants had tak­en their seats in the Sit­u­a­tion Room.

Through­out his pres­i­den­cy, Obama’s approach to nation­al secu­ri­ty chal­lenges was delib­er­ate and cau­tious. He came into office seek­ing to end wars in Iraq and Afghanistan. He was loath to act with­out sup­port from allies over­seas and firm polit­i­cal foot­ing at home. He was drawn only reluc­tant­ly into for­eign crises, such as the civ­il war in Syr­ia, that pre­sent­ed no clear exit for the Unit­ed States.

Obama’s approach often seemed reducible to a sin­gle imper­a­tive: Don’t make things worse. As brazen as the Russ­ian attacks on the elec­tion seemed, Oba­ma and his top advis­ers feared that things could get far worse.

They were con­cerned that any pre-elec­tion response could pro­voke an esca­la­tion from Putin. Moscow’s med­dling to that point was seen as deeply con­cern­ing but unlike­ly to mate­ri­al­ly affect the out­come of the elec­tion. Far more wor­ri­some to the Oba­ma team was the prospect of a cyber-assault on vot­ing sys­tems before and on Elec­tion Day.

They also wor­ried that any action they took would be per­ceived as polit­i­cal inter­fer­ence in an already volatile cam­paign. By August, Trump was pre­dict­ing that the elec­tion would be rigged. Oba­ma offi­cials feared pro­vid­ing fuel to such claims, play­ing into Russia’s efforts to dis­cred­it the out­come and poten­tial­ly con­t­a­m­i­nat­ing the expect­ed Clin­ton tri­umph.

Before depart­ing for an August vaca­tion to Martha’s Vine­yard, Oba­ma instruct­ed aides to pur­sue ways to deter Moscow and pro­ceed along three main paths: Get a high-con­fi­dence assess­ment from U.S. intel­li­gence agen­cies on Russia’s role and intent; shore up any vul­ner­a­bil­i­ties in state-run elec­tion sys­tems; and seek bipar­ti­san sup­port from con­gres­sion­al lead­ers for a state­ment con­demn­ing Moscow and urg­ing states to accept fed­er­al help.

The admin­is­tra­tion encoun­tered obsta­cles at every turn.

Despite the intel­li­gence the CIA had pro­duced, oth­er agen­cies were slow­er to endorse a con­clu­sion that Putin was per­son­al­ly direct­ing the oper­a­tion and want­ed to help Trump. “It was def­i­nite­ly com­pelling, but it was not defin­i­tive,” said one senior admin­is­tra­tion offi­cial. “We need­ed more.”

Some of the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia came from anoth­er coun­try, offi­cials said. Because of the source of the mate­r­i­al, the NSA was reluc­tant to view it with high con­fi­dence.

Bren­nan moved swift­ly to sched­ule pri­vate brief­in­gs with con­gres­sion­al lead­ers. But get­ting appoint­ments with cer­tain Repub­li­cans proved dif­fi­cult, offi­cials said, and it was not until after Labor Day that Bren­nan had reached all mem­bers of the “Gang of Eight” — the major­i­ty and minor­i­ty lead­ers of both hous­es and the chair­men and rank­ing Democ­rats on the Sen­ate and House intel­li­gence com­mit­tees.

Jeh John­son, the home­land-secu­ri­ty sec­re­tary, was respon­si­ble for find­ing out whether the gov­ern­ment could quick­ly shore up the secu­ri­ty of the nation’s archa­ic patch­work of vot­ing sys­tems. He float­ed the idea of des­ig­nat­ing state mech­a­nisms “crit­i­cal infra­struc­ture,” a label that would have enti­tled states to receive pri­or­i­ty in fed­er­al cyber­se­cu­ri­ty assis­tance, putting them on a par with U.S. defense con­trac­tors and finan­cial net­works.

On Aug. 15, John­son arranged a con­fer­ence call with dozens of state offi­cials, hop­ing to enlist their sup­port. He ran into a wall of resis­tance.

The reac­tion “ranged from neu­tral to neg­a­tive,” John­son said in con­gres­sion­al tes­ti­mo­ny Wednes­day.

Bri­an Kemp, the Repub­li­can sec­re­tary of state of Geor­gia, used the call to denounce Johnson’s pro­pos­al as an assault on state rights. “I think it was a polit­i­cal­ly cal­cu­lat­ed move by the pre­vi­ous admin­is­tra­tion,” Kemp said in a recent inter­view, adding that he remains uncon­vinced that Rus­sia waged a cam­paign to dis­rupt the 2016 race. “I don’t nec­es­sar­i­ly believe that,” he said.

Stung by the reac­tion, the White House turned to Con­gress for help, hop­ing that a bipar­ti­san appeal to states would be more effec­tive.

In ear­ly Sep­tem­ber, John­son, Comey and Mona­co arrived on Capi­tol Hill in a car­a­van of black SUVs for a meet­ing with 12 key mem­bers of Con­gress, includ­ing the lead­er­ship of both par­ties.

The meet­ing devolved into a par­ti­san squab­ble.

“The Dems were, ‘Hey, we have to tell the pub­lic,’?” recalled one par­tic­i­pant. But Repub­li­cans resist­ed, argu­ing that to warn the pub­lic that the elec­tion was under attack would fur­ther Russia’s aim of sap­ping con­fi­dence in the sys­tem.

Sen­ate Major­i­ty Leader Mitch McConnell (R‑Ky.) went fur­ther, offi­cials said, voic­ing skep­ti­cism that the under­ly­ing intel­li­gence tru­ly sup­port­ed the White House’s claims. Through a spokes­woman, McConnell declined to com­ment, cit­ing the secre­cy of that meet­ing.

Key Democ­rats were stunned by the GOP response and exas­per­at­ed that the White House seemed will­ing to let Repub­li­can oppo­si­tion block any pre-elec­tion move.

On Sept. 22, two Cal­i­for­nia Democ­rats — Sen. Dianne Fein­stein and Rep. Adam B. Schiff — did what they couldn’t get the White House to do. They issued a state­ment mak­ing clear that they had learned from intel­li­gence brief­in­gs that Rus­sia was direct­ing a cam­paign to under­mine the elec­tion, but they stopped short of say­ing to what end.

A week lat­er, McConnell and oth­er con­gres­sion­al lead­ers issued a cau­tious state­ment that encour­aged state elec­tion offi­cials to ensure their net­works were “secure from attack.” The release made no men­tion of Rus­sia and empha­sized that the law­mak­ers “would oppose any effort by the fed­er­al gov­ern­ment” to encroach on the states’ author­i­ties.

When U.S. spy agen­cies reached unan­i­mous agree­ment in late Sep­tem­ber that the inter­fer­ence was a Russ­ian oper­a­tion direct­ed by Putin, Oba­ma direct­ed spy chiefs to pre­pare a pub­lic state­ment sum­ma­riz­ing the intel­li­gence in broad strokes.

With Oba­ma still deter­mined to avoid any appear­ance of pol­i­tics, the state­ment would not car­ry his sig­na­ture.

On Oct. 7, the admin­is­tra­tion offered its first pub­lic com­ment on Russia’s “active mea­sures,” in a three-para­graph state­ment issued by John­son and Clap­per. Comey had ini­tial­ly agreed to attach his name, as well, offi­cials said, but changed his mind at the last minute, say­ing that it was too close to the elec­tion for the bureau to be involved.

“The U.S. intel­li­gence com­mu­ni­ty is con­fi­dent that the Russ­ian gov­ern­ment direct­ed the recent com­pro­mis­es of e‑mails from U.S. per­sons and insti­tu­tions, includ­ing from U.S. polit­i­cal orga­ni­za­tions,” the state­ment said. “We believe, based on the scope and sen­si­tiv­i­ty of these efforts, that only Russia’s senior-most offi­cials could have autho­rized these activ­i­ties.”

Ear­ly drafts accused Putin by name, but the ref­er­ence was removed out of con­cern that it might endan­ger intel­li­gence sources and meth­ods.

The state­ment was issued around 3:30 p.m., timed for max­i­mum media cov­er­age. Instead, it was quick­ly drowned out. At 4 p.m., The Post pub­lished a sto­ry about crude com­mentsTrump had made about women that were cap­tured on an “Access Hol­ly­wood” tape. Half an hour lat­er, Wik­iLeaks pub­lished its first batch of emails stolen from Clin­ton cam­paign chair­man John Podes­ta.

‘Ample time’ after elec­tion

The Sit­u­a­tion Room is actu­al­ly a com­plex of secure spaces in the base­ment lev­el of the West Wing. A video feed from the main room cours­es through some Nation­al Secu­ri­ty Coun­cil offices, allow­ing senior aides sit­ting at their desks to see — but not hear — when meet­ings are under­way.

As the Rus­sia-relat­ed ses­sions with Cab­i­net mem­bers began in August, the video feed was shut off. The last time that had hap­pened on a sus­tained basis, offi­cials said, was in the spring of 2011 dur­ing the run-up to the U.S. Spe­cial Oper­a­tions raid on bin Laden’s com­pound in Pak­istan.

The blacked-out screens were seen as an omi­nous sign among low­er-lev­el White House offi­cials who were large­ly kept in the dark about the Rus­sia delib­er­a­tions even as they were tasked with gen­er­at­ing options for retal­i­a­tion against Moscow.

Much of that work was led by the Cyber Response Group, an NSC unit with rep­re­sen­ta­tives from the CIA, NSA, State Depart­ment and Pen­ta­gon.

The ear­ly options they dis­cussed were ambi­tious. They looked at sec­tor­wide eco­nom­ic sanc­tions and cyber­at­tacks that would take Russ­ian net­works tem­porar­i­ly offline. One offi­cial infor­mal­ly sug­gest­ed — though nev­er for­mal­ly pro­posed — mov­ing a U.S. naval car­ri­er group into the Baltic Sea as a sym­bol of resolve.

What those low­er-lev­el offi­cials did not know was that the prin­ci­pals and their deputies had by late Sep­tem­ber all but ruled out any pre-elec­tion retal­i­a­tion against Moscow. They feared that any action would be seen as polit­i­cal and that Putin, moti­vat­ed by a seething resent­ment of Clin­ton, was pre­pared to go beyond fake news and email dumps.

The FBI had detect­ed sus­pect­ed Russ­ian attempts to pen­e­trate elec­tion sys­tems in 21 states, and at least one senior White House offi­cial assumed that Moscow would try all 50, offi­cials said. Some offi­cials believed the attempts were meant to be detect­ed to unnerve the Amer­i­cans. The patch­work nature of the Unit­ed States’ 3,000 or so vot­ing juris­dic­tions would make it hard for Rus­sia to swing the out­come, but Moscow could still sow chaos.

“We turned to oth­er sce­nar­ios” the Rus­sians might attempt, said Michael Daniel, who was cyber­se­cu­ri­ty coor­di­na­tor at the White House, “such as dis­rupt­ing the vot­er rolls, delet­ing every 10th vot­er [from reg­istries] or flip­ping two dig­its in everybody’s address.”

The White House also wor­ried that they had not yet seen the worst of Russia’s cam­paign. Wik­iLeaks and DCLeaks, a web­site set up in June 2016 by hack­ers believed to be Russ­ian oper­a­tives, already had troves of emails. But U.S. offi­cials feared that Rus­sia had more explo­sive mate­r­i­al or was will­ing to fab­ri­cate it.

“Our pri­ma­ry inter­est in August, Sep­tem­ber and Octo­ber was to pre­vent them from doing the max they could do,” said a senior admin­is­tra­tion offi­cial. “We made the judg­ment that we had ample time after the elec­tion, regard­less of out­come, for puni­tive mea­sures.”

The assump­tion that Clin­ton would win con­tributed to the lack of urgency.

Instead, the admin­is­tra­tion issued a series of warn­ings.

Bren­nan deliv­ered the first on Aug. 4 in a blunt phone call with Alexan­der Bort­nikov, the direc­tor of the FSB, Russia’s pow­er­ful secu­ri­ty ser­vice.

A month lat­er, Oba­ma con­front­ed Putin direct­ly dur­ing a meet­ing of world lead­ers in Hangzhou, Chi­na. Accom­pa­nied only by inter­preters, Oba­ma told Putin that “we knew what he was doing and [he] bet­ter stop or else,” accord­ing to a senior aide who sub­se­quent­ly spoke with Oba­ma. Putin respond­ed by demand­ing proof and accus­ing the Unit­ed States of inter­fer­ing in Russia’s inter­nal affairs.

In a sub­se­quent news con­fer­ence, Oba­ma allud­ed to the exchange and issued a veiled threat. “We’re mov­ing into a new era here where a num­ber of coun­tries have sig­nif­i­cant capac­i­ties,” he said. “Frankly, we’ve got more capac­i­ty than any­body both offen­sive­ly and defen­sive­ly.”

There were at least two oth­er warn­ings.

On Oct. 7, the day that the Clap­per-John­son state­ment was released, Rice sum­moned Russ­ian Ambas­sador Sergey Kislyak Sergey Kislyak to the White House and hand­ed him a mes­sage to relay to Putin.

Then, on Oct. 31, the admin­is­tra­tion deliv­ered a final pre-elec­tion mes­sage via a secure chan­nel to Moscow orig­i­nal­ly cre­at­ed to avert a nuclear exchange. The mes­sage not­ed that the Unit­ed States had detect­ed mali­cious activ­i­ty, orig­i­nat­ing from servers in Rus­sia, tar­get­ing U.S. elec­tion sys­tems and warned that med­dling would be regard­ed as unac­cept­able inter­fer­ence. Rus­sia con­firmed the next day that it had received the mes­sage but replied only after the elec­tion through the same chan­nel, deny­ing the accu­sa­tion.

As Elec­tion Day approached, pro­po­nents of tak­ing action against Rus­sia made final, futile appeals to Obama’s top aides: McDo­nough, Rice and Haines. Because their offices were part of a suite of spaces in the West Wing, secur­ing their sup­port on any nation­al secu­ri­ty issue came to be known as “mov­ing the suite.”

One of the last to try before the elec­tion was Ker­ry. Often per­ceived as reluc­tant to con­front Rus­sia, in part to pre­serve his attempts to nego­ti­ate a Syr­ia peace deal, Ker­ry was at crit­i­cal moments one of the lead­ing hawks.

In Octo­ber, Kerry’s top aides had pro­duced an “action memo” that includ­ed a pack­age of retal­ia­to­ry mea­sures includ­ing eco­nom­ic sanc­tions. Know­ing the White House was not will­ing to act before the elec­tion, the plan called for the mea­sures to be announced almost imme­di­ate­ly after votes had been secure­ly cast and count­ed.

Ker­ry signed the memo and urged the White House to con­vene a prin­ci­pals meet­ing to dis­cuss the plan, offi­cials said. “The response was basi­cal­ly, ‘Not now,’” one offi­cial said.

Elec­tion Day arrived with­out penal­ty for Moscow.

A U.S. cyber-weapon

The most dif­fi­cult mea­sure to eval­u­ate is one that Oba­ma allud­ed to in only the most oblique fash­ion when announc­ing the U.S. response.

“We will con­tin­ue to take a vari­ety of actions at a time and place of our choos­ing, some of which will not be pub­li­cized,” he said in a state­ment released by the White House.

He was refer­ring, in part, to a cyber oper­a­tion that was designed to be detect­ed by Moscow but not cause sig­nif­i­cant dam­age, offi­cials said. The oper­a­tion, which entailed implant­i­ng com­put­er code in sen­si­tive com­put­er sys­tems that Rus­sia was bound to find, served only as a reminder to Moscow of the Unit­ed States’ cyber reach.

But Oba­ma also signed the secret find­ing, offi­cials said, autho­riz­ing a new covert pro­gram involv­ing the NSA, CIA and U.S. Cyber Com­mand.

Oba­ma declined to com­ment for this arti­cle, but a spokesman issued a state­ment: “This sit­u­a­tion was tak­en extreme­ly seri­ous­ly, as is evi­dent by Pres­i­dent Oba­ma rais­ing this issue direct­ly with Pres­i­dent Putin; 17 intel­li­gence agen­cies issu­ing an extra­or­di­nary pub­lic state­ment; our home­land secu­ri­ty offi­cials work­ing relent­less­ly to bol­ster the cyber defens­es of vot­ing infra­struc­ture around the coun­try; the Pres­i­dent direct­ing a com­pre­hen­sive intel­li­gence review, and ulti­mate­ly issu­ing a robust response includ­ing shut­ting down two Russ­ian com­pounds, sanc­tion­ing nine Russ­ian enti­ties and indi­vid­u­als, and eject­ing 35 Russ­ian diplo­mats from the coun­try.”

The cyber oper­a­tion is still in its ear­ly stages and involves deploy­ing “implants” in Russ­ian net­works deemed “impor­tant to the adver­sary and that would cause them pain and dis­com­fort if they were dis­rupt­ed,” a for­mer U.S. offi­cial said.

The implants were devel­oped by the NSA and designed so that they could be trig­gered remote­ly as part of retal­ia­to­ry cyber-strike in the face of Russ­ian aggres­sion, whether an attack on a pow­er grid or inter­fer­ence in a future pres­i­den­tial race.

Offi­cials famil­iar with the mea­sures said that there was con­cern among some in the admin­is­tra­tion that the dam­age caused by the implants could be dif­fi­cult to con­tain.

As a result, the admin­is­tra­tion request­ed a legal review, which con­clud­ed that the devices could be con­trolled well enough that their deploy­ment would be con­sid­ered “pro­por­tion­al” in vary­ing sce­nar­ios of Russ­ian provo­ca­tion, a require­ment under inter­na­tion­al law.

The oper­a­tion was described as long-term, tak­ing months to posi­tion the implants and requir­ing main­te­nance there­after. Under the rules of covert action, Obama’s sig­na­ture was all that was nec­es­sary to set the oper­a­tion in motion.

U.S. intel­li­gence agen­cies do not need fur­ther approval from Trump, and offi­cials said that he would have to issue a coun­ter­mand­ing order to stop it. The offi­cials said that they have seen no indi­ca­tion that Trump has done so.

3b. The per­son on the Dai­ly Stormer call­ing for white suprema­cists to threat­en to kill the fam­i­ly mem­bers of CNN employ­ees as part of grow­ing right-wing hys­te­ria over CNN and “fake news” is Andrew “the weev” Auer­heimer aka “weev”–a guest at Glenn Green­wald and Lau­ra Poitras’ par­ty cel­e­brat­ing their receipt of the Polk Award.

Cur­rent­ly resid­ing in Ukraine, Aueren­heimer exem­pli­fies the bril­liant, alto­geth­er capa­ble cyber-fas­cists who might be in a posi­tion to exploit the NSA tech­nol­o­gy placed on Russ­ian com­put­er net­works.

Nev­er lose sight of the fact that the New Cold War, much of it “cyber” in nature, was begun with “Eddie the Friend­ly Spook” Snowden–the Peach Fuzz Fascist–journeying to Rus­sia, cour­tesy of Wik­iLeaks. This, AFTER he jour­neyed to Hong Kong with appo­site assis­tance from Jacob Apple­baum of the CIA.

“Dai­ly Stormer Troll Army Threat­ens CNN Staffers Over Red­dit User Behind Trump/CNN GIF” by Kee­gan Han­kes; South­ern Pover­ty Law Cen­ter; 07/05/2017

Andrew Auern­heimer, the noto­ri­ous hack­er and Inter­net troll known as ‘Weev,’ ral­lied the neo-Nazi Dai­ly Stormer’s troll army for its lat­est cam­paign this morn­ing, claim­ing that CNN was black­mail­ing a “teen shit­poster.”

The events lead­ing to this online call to arms began Sun­day morn­ing, Pres­i­dent Trump tweet­ed a gif cre­at­ed by Red­dit user HanAss­holeSo­lodepict­ing a scene from Wrestle­ma­nia XXIII in which Trump body slams and pum­mels WWE pro­mot­er Vince McMa­hon. In the gif, the CNN logo is super­im­posed over McMahon’s face.

Auern­heimer her­ald­ed the tweet as “eas­i­ly the great­est tweet in the his­to­ry of Twit­ter.”

After scour­ing HanAssholeSolo’s Red­dit account, which con­tained scores of racist and xeno­pho­bic post­ings, CNN’s KFile was able to track down the user’s Face­book page and con­tact him.

Fear­ing pub­lic embar­rass­ment and his safe­ty, HanAss­holeSo­lo pub­lished a lengthy apol­o­gy on the Red­dit group r/theDonald, ask­ing that CNN not pub­lish his iden­ti­ty. (The apol­o­gy has since been removed.)

CNN oblig­ed, on the con­di­tion that HanAss­holeSo­lo remove his offend­ing posts and cease his trolling, but that didn’t stop the self-pro­claimed “real media” at the Dai­ly Stormer from issu­ing an ulti­ma­tum to every staffer at CNN.

“Just like CNN tracked down this child and used media expo­sure as a blud­geon against him for post­ing (truth­ful and fun­ny) things that they don’t like, we are going to begin track­ing down their fam­i­lies as a blud­geon against them for pub­lish­ing (sedi­tious­ly fraud­u­lent) things that we don’t like,” wrote Auern­heimer. “CNN, this is your one sin­gu­lar chance to walk back this behav­ior of pub­lic black­mail. You have one week to fix this.”

Auernheimer’s list of demands includes the pub­lic fir­ing of the KFile team, a denounce­ment of their alleged threats, a $50,000 col­lege schol­ar­ship for HanAss­holeSo­lo, and a pub­lic assur­ance that “he and his fam­i­ly will nev­er be harmed by your orga­ni­za­tion.”

The only prob­lem: HanAss­holeSo­lo is an adult, accord­ing to CNN.

“We are going to track down your par­ents. We are going to track down your sib­lings. We are going to track down your spous­es. We are going to track down your chil­dren. Because hey, that’s what you guys get to do, right? We’re going to see how you like it when our reporters are hunt­ing down your chil­dren,” con­tin­ued Auern­heimer.

Auern­heimer instruct­ed CNN employ­ees that do not want to be doxed to quit with­in the week and denounce the organization’s alleged black­mail.

“We didn’t make these rules – you did – and now we’re going to force you to play by them. Hope you enjoy what is com­ing, you filthy rat kike bas­tards. Kill your­selves, kike news fak­ers. You deserve every sin­gle bit of what you are about to get,” con­clud­ed Auern­heimer.

The call to “kill the lying mass of shi t that is CNN” post­ed to 4chan’s polit­i­cal­ly incor­rect forum, /pol/.

With­in hours, per­son­al infor­ma­tion for mul­ti­ple CNN staffers and their fam­i­ly mem­bers — along­side images and gifs of indi­vid­u­als with CNN super­im­posed over their faces being shot in the head — appeared in the com­ments of the post­ing.

The inci­dent is a rare moment of uni­ty for the far-right with mem­bers of r/theDonald, 4chan, the Dai­ly Stormer, and the alt-lite band­ing togeth­er to attack CNN.

The 4chan mes­sage board /pol/, which is ded­i­cat­ed to polit­i­cal­ly incor­rect dis­cus­sion, dubbed the cam­paign “Operation:Autism Storm” and post­ed a four part plan of attack that includes band­ing togeth­er with oth­er far right sites, going after CNN’s adver­tis­ers, dis­cred­it­ing every­one at CNN, and form­ing a legal strat­e­gy for HanAss­holeSo­lo should he lat­er be doxed.

At least nine sep­a­rate hash­tags trend­ed across far-right accounts Tues­day evening – includ­ing #cnnblack­mail, #cnn­dox­ing, and #fraud­newsc­nn – as the con­tro­ver­sy erupt­ed.

….

4. Sey­mour Hersh has a piece in Die Welt about the intel­li­gence that went into the Trump administration’s deci­sion to launch a cruise mis­sile strike against a Syr­i­an air­base fol­low­ing the alleged sarin gas attack on the city of Khan Sheikhoun in Idlib.

What did the intel­li­gence com­mu­ni­ty know about the attack? The Russ­ian and Syr­i­an air force had informed the US in advance of that airstrike that they had intel­li­gence that top lev­el lead­ers of Ahrar al-Sham and Jab­hat al-Nus­ra were meet­ing in that build­ing and they informed of the US of the attack plan in advance of the attack and that it was on a “high-val­ue” tar­get. And the attack involved the unusu­al use of a guid­ed bomb and Syria’s top pilots. Fol­low­ing the attack, US intel­li­gence con­clud­ed that there was no sarin gas attack, Assad wouldn’t have been that polit­i­cal­ly sui­ci­dal, and the symp­toms of chem­i­cal poi­son­ing fol­low­ing the bomb­ing was like­ly due to a mix­ture of chlo­rine, fer­til­iz­ers, and oth­er chem­i­cals stored in the build­ing that was tar­get­ed by the Syr­i­an air­force cre­at­ed by sec­ondary explo­sions from the ini­tial bomb­ing.

Key por­tions of Her­sh’s sto­ry:

“. . . . The Syr­i­an tar­get at Khan Sheikhoun, as shared with the Amer­i­cans at Doha, was depict­ed as a two-sto­ry cin­der-block build­ing in the north­ern part of town. Russ­ian intel­li­gence, which is shared when nec­es­sary with Syr­ia and the U.S. as part of their joint fight against jihadist groups, had estab­lished that a high-lev­el meet­ing of jihadist lead­ers was to take place in the build­ing, includ­ing rep­re­sen­ta­tives of Ahrar al-Sham and the al-Qai­da-affil­i­at­ed group for­mer­ly known as Jab­hat al-Nus­ra. The two groups had recent­ly joined forces, and con­trolled the town and sur­round­ing area. Russ­ian intel­li­gence depict­ed the cin­der-block build­ing as a com­mand and con­trol cen­ter that housed a gro­cery and oth­er com­mer­cial premis­es on its ground floor with oth­er essen­tial shops near­by, includ­ing a fab­ric shop and an elec­tron­ics store.

‘The rebels con­trol the pop­u­la­tion by con­trol­ling the dis­tri­b­u­tion of goods that peo­ple need to live – food, water, cook­ing oil, propane gas, fer­til­iz­ers for grow­ing their crops, and insec­ti­cides to pro­tect the crops,’ a senior advis­er to the Amer­i­can intel­li­gence com­mu­ni­ty, who has served in senior posi­tions in the Defense Depart­ment and Cen­tral Intel­li­gence Agency, told me. The base­ment was used as stor­age for rock­ets, weapons and ammu­ni­tion, as well as prod­ucts that could be dis­trib­uted for free to the com­mu­ni­ty, among them med­i­cines and chlo­rine-based decon­t­a­m­i­nants for cleans­ing the bod­ies of the dead before bur­ial. The meet­ing place – a region­al head­quar­ters – was on the floor above. ‘It was an estab­lished meet­ing place,’ the senior advis­er said. ‘A long-time facil­i­ty that would have had secu­ri­ty, weapons, com­mu­ni­ca­tions, files and a map cen­ter.’ The Rus­sians were intent on con­firm­ing their intel­li­gence and deployed a drone for days above the site to mon­i­tor com­mu­ni­ca­tions and devel­op what is known in the intel­li­gence com­mu­ni­ty as a POL – a pat­tern of life. The goal was to take note of those going in and out of the build­ing, and to track weapons being moved back and forth, includ­ing rock­ets and ammu­ni­tion.

Russ­ian and Syr­i­an intel­li­gence offi­cials, who coor­di­nate oper­a­tions close­ly with the Amer­i­can com­mand posts, made it clear that the planned strike on Khan Sheikhoun was spe­cial because of the high-val­ue tar­get. ‘It was a red-hot change. The mis­sion was out of the ordi­nary – scrub the sked,’ the senior advis­er told me. ‘Every oper­a­tions offi­cer in the region’ – in the Army, Marine Corps, Air Force, CIA and NSA – ‘had to know there was some­thing going on. The Rus­sians gave the Syr­i­an Air Force a guid­ed bomb and that was a rar­i­ty. They’re skimpy with their guid­ed bombs and rarely share them with the Syr­i­an Air Force. And the Syr­i­ans assigned their best pilot to the mis­sion, with the best wing­man.’ The advance intel­li­gence on the tar­get, as sup­plied by the Rus­sians, was giv­en the high­est pos­si­ble score inside the Amer­i­can com­mu­ni­ty.

The Exe­cute Order gov­ern­ing U.S. mil­i­tary oper­a­tions in the­ater, which was issued by the Chair­man of the Joint Chiefs of Staff, pro­vide instruc­tions that demar­cate the rela­tion­ship between the Amer­i­can and Russ­ian forces oper­at­ing in Syr­ia. “It’s like an ops order – ‘Here’s what you are autho­rized to do,’” the advis­er said. “We do not share oper­a­tional con­trol with the Rus­sians. We don’t do com­bined oper­a­tions with them, or activ­i­ties direct­ly in sup­port of one of their oper­a­tions. But coor­di­na­tion is per­mit­ted. We keep each oth­er apprised of what’s hap­pen­ing and with­in this pack­age is the mutu­al exchange of intel­li­gence. If we get a hot tip that could help the Rus­sians do their mis­sion, that’s coor­di­na­tion; and the Rus­sians do the same for us. When we get a hot tip about a com­mand and con­trol facil­i­ty,” the advis­er added, refer­ring to the tar­get in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chem­i­cal weapons strike,” the advis­er said. “That’s a fairy tale. If so, every­one involved in trans­fer­ring, load­ing and arm­ing the weapon – you’ve got to make it appear like a reg­u­lar 500-pound con­ven­tion­al bomb – would be wear­ing Haz­mat pro­tec­tive cloth­ing in case of a leak. There would be very lit­tle chance of sur­vival with­out such gear. Mil­i­tary grade sarin includes addi­tives designed to increase tox­i­c­i­ty and lethal­i­ty. Every batch that comes out is max­i­mized for death. That is why it is made. It is odor­less and invis­i­ble and death can come with­in a minute. No cloud. Why pro­duce a weapon that peo­ple can run away from?”

The tar­get was struck at 6:55 a.m. on April 4, just before mid­night in Wash­ing­ton. A Bomb Dam­age Assess­ment (BDA) by the U.S. mil­i­tary lat­er deter­mined that the heat and force of the 500-pound Syr­i­an bomb trig­gered a series of sec­ondary explo­sions that could have gen­er­at­ed a huge tox­ic cloud that began to spread over the town, formed by the release of the fer­til­iz­ers, dis­in­fec­tants and oth­er goods stored in the base­ment, its effect mag­ni­fied by the dense morn­ing air, which trapped the fumes close to the ground. Accord­ing to intel­li­gence esti­mates, the senior advis­er said, the strike itself killed up to four jihadist lead­ers, and an unknown num­ber of dri­vers and secu­ri­ty aides. There is no con­firmed count of the num­ber of civil­ians killed by the poi­so­nous gas­es that were released by the sec­ondary explo­sions, although oppo­si­tion activists report­ed that there were more than 80 dead, and out­lets such as CNN have put the fig­ure as high as 92. A team from Médecins Sans Fron­tières, treat­ing vic­tims from Khan Sheikhoun at a clin­ic 60 miles to the north, report­ed that “eight patients showed symp­toms – includ­ing con­strict­ed pupils, mus­cle spasms and invol­un­tary defe­ca­tion – which are con­sis­tent with expo­sure to a neu­ro­tox­ic agent such as sarin gas or sim­i­lar com­pounds.” MSF also vis­it­ed oth­er hos­pi­tals that had received vic­tims and found that patients there “smelled of bleach, sug­gest­ing that they had been exposed to chlo­rine.” In oth­er words, evi­dence sug­gest­ed that there was more than one chem­i­cal respon­si­ble for the symp­toms observed, which would not have been the case if the Syr­i­an Air Force – as oppo­si­tion activists insist­ed – had dropped a sarin bomb, which has no per­cus­sive or igni­tion pow­er to trig­ger sec­ondary explo­sions. The range of symp­toms is, how­ev­er, con­sis­tent with the release of a mix­ture of chem­i­cals, includ­ing chlo­rine and the organophos­phates used in many fer­til­iz­ers, which can cause neu­ro­tox­ic effects sim­i­lar to those of sarin. . . .

. . . . The cri­sis slid into the back­ground by the end of April, as Rus­sia, Syr­ia and the Unit­ed States remained focused on anni­hi­lat­ing ISIS and the mili­tias of al-Qai­da. Some of those who had worked through the cri­sis, how­ev­er, were left with lin­ger­ing con­cerns. ‘The Salafists and jihadists got every­thing they want­ed out of their hyped-up Syr­i­an nerve gas ploy,’ the senior advis­er to the U.S. intel­li­gence com­mu­ni­ty told me, refer­ring to the flare up of ten­sions between Syr­ia, Rus­sia and Amer­i­ca. ‘The issue is, what if there’s anoth­er false flag sarin attack cred­it­ed to hat­ed Syr­ia? Trump has upped the ante and paint­ed him­self into a cor­ner with his deci­sion to bomb. And do not think these guys are not plan­ning the next faked attack. Trump will have no choice but to bomb again, and hard­er. He’s inca­pable of say­ing he made a mis­take.’ . . .”

“Trump‘s Red Line” by Sey­mour M. Hersh; Welt.de; 06/25/2017

On April 6, Unit­ed States Pres­i­dent Don­ald Trump autho­rized an ear­ly morn­ing Tom­a­hawk mis­sile strike on Shayrat Air Base in cen­tral Syr­ia in retal­i­a­tion for what he said was a dead­ly nerve agent attack car­ried out by the Syr­i­an gov­ern­ment two days ear­li­er in the rebel-held town of Khan Sheikhoun. Trump issued the order despite hav­ing been warned by the U.S. intel­li­gence com­mu­ni­ty that it had found no evi­dence that the Syr­i­ans had used a chem­i­cal weapon.

The avail­able intel­li­gence made clear that the Syr­i­ans had tar­get­ed a jihadist meet­ing site on April 4 using a Russ­ian-sup­plied guid­ed bomb equipped with con­ven­tion­al explo­sives. Details of the attack, includ­ing infor­ma­tion on its so-called high-val­ue tar­gets, had been pro­vid­ed by the Rus­sians days in advance to Amer­i­can and allied mil­i­tary offi­cials in Doha, whose mis­sion is to coor­di­nate all U.S., allied, Syr­i­an and Russ­ian Air Force oper­a­tions in the region.

Some Amer­i­can mil­i­tary and intel­li­gence offi­cials were espe­cial­ly dis­tressed by the president’s deter­mi­na­tion to ignore the evi­dence. “None of this makes any sense,” one offi­cer told col­leagues upon learn­ing of the deci­sion to bomb. “We KNOW that there was no chem­i­cal attack … the Rus­sians are furi­ous. Claim­ing we have the real intel and know the truth … I guess it didn’t mat­ter whether we elect­ed Clin­ton or Trump.“

With­in hours of the April 4 bomb­ing, the world’s media was sat­u­rat­ed with pho­tographs and videos from Khan Sheikhoun. Pic­tures of dead and dying vic­tims, alleged­ly suf­fer­ing from the symp­toms of nerve gas poi­son­ing, were uploaded to social media by local activists, includ­ing the White Hel­mets, a first respon­der group known for its close asso­ci­a­tion with the Syr­i­an oppo­si­tion.

The prove­nance of the pho­tos was not clear and no inter­na­tion­al observers have yet inspect­ed the site, but the imme­di­ate pop­u­lar assump­tion world­wide was that this was a delib­er­ate use of the nerve agent sarin, autho­rized by Pres­i­dent Bashar Assad of Syr­ia. Trump endorsed that assump­tion by issu­ing a state­ment with­in hours of the attack, describ­ing Assad’s “heinous actions” as being a con­se­quence of the Oba­ma administration’s “weak­ness and irres­o­lu­tion” in address­ing what he said was Syria’s past use of chem­i­cal weapons.

To the dis­may of many senior mem­bers of his nation­al secu­ri­ty team, Trump could not be swayed over the next 48 hours of intense brief­in­gs and deci­sion-mak­ing. In a series of inter­views, I learned of the total dis­con­nect between the pres­i­dent and many of his mil­i­tary advis­ers and intel­li­gence offi­cials, as well as offi­cers on the ground in the region who had an entire­ly dif­fer­ent under­stand­ing of the nature of Syria’s attack on Khan Sheikhoun. I was pro­vid­ed with evi­dence of that dis­con­nect, in the form of tran­scripts of real-time com­mu­ni­ca­tions, imme­di­ate­ly fol­low­ing the Syr­i­an attack on April 4. In an impor­tant pre-strike process known as decon­flic­tion, U.S. and Russ­ian offi­cers rou­tine­ly sup­ply one anoth­er with advance details of planned flight paths and tar­get coor­di­nates, to ensure that there is no risk of col­li­sion or acci­den­tal encounter (the Rus­sians speak on behalf of the Syr­i­an mil­i­tary). This infor­ma­tion is sup­plied dai­ly to the Amer­i­can AWACS sur­veil­lance planes that mon­i­tor the flights once air­borne. Deconfliction’s suc­cess and impor­tance can be mea­sured by the fact that there has yet to be one col­li­sion, or even a near miss, among the high-pow­ered super­son­ic Amer­i­can, Allied, Russ­ian and Syr­i­an fight­er bombers.

Russ­ian and Syr­i­an Air Force offi­cers gave details of the care­ful­ly planned flight path to and from Khan Shiekhoun on April 4 direct­ly, in Eng­lish, to the decon­flic­tion mon­i­tors aboard the AWACS plane, which was on patrol near the Turk­ish bor­der, 60 miles or more to the north.

The Syr­i­an tar­get at Khan Sheikhoun, as shared with the Amer­i­cans at Doha, was depict­ed as a two-sto­ry cin­der-block build­ing in the north­ern part of town. Russ­ian intel­li­gence, which is shared when nec­es­sary with Syr­ia and the U.S. as part of their joint fight against jihadist groups, had estab­lished that a high-lev­el meet­ing of jihadist lead­ers was to take place in the build­ing, includ­ing rep­re­sen­ta­tives of Ahrar al-Sham and the al-Qai­da-affil­i­at­ed group for­mer­ly known as Jab­hat al-Nus­ra. The two groups had recent­ly joined forces, and con­trolled the town and sur­round­ing area. Russ­ian intel­li­gence depict­ed the cin­der-block build­ing as a com­mand and con­trol cen­ter that housed a gro­cery and oth­er com­mer­cial premis­es on its ground floor with oth­er essen­tial shops near­by, includ­ing a fab­ric shop and an elec­tron­ics store.

“The rebels con­trol the pop­u­la­tion by con­trol­ling the dis­tri­b­u­tion of goods that peo­ple need to live – food, water, cook­ing oil, propane gas, fer­til­iz­ers for grow­ing their crops, and insec­ti­cides to pro­tect the crops,” a senior advis­er to the Amer­i­can intel­li­gence com­mu­ni­ty, who has served in senior posi­tions in the Defense Depart­ment and Cen­tral Intel­li­gence Agency, told me. The base­ment was used as stor­age for rock­ets, weapons and ammu­ni­tion, as well as prod­ucts that could be dis­trib­uted for free to the com­mu­ni­ty, among them med­i­cines and chlo­rine-based decon­t­a­m­i­nants for cleans­ing the bod­ies of the dead before bur­ial. The meet­ing place – a region­al head­quar­ters – was on the floor above. “It was an estab­lished meet­ing place,” the senior advis­er said. “A long-time facil­i­ty that would have had secu­ri­ty, weapons, com­mu­ni­ca­tions, files and a map cen­ter.” The Rus­sians were intent on con­firm­ing their intel­li­gence and deployed a drone for days above the site to mon­i­tor com­mu­ni­ca­tions and devel­op what is known in the intel­li­gence com­mu­ni­ty as a POL – a pat­tern of life. The goal was to take note of those going in and out of the build­ing, and to track weapons being moved back and forth, includ­ing rock­ets and ammu­ni­tion.

One rea­son for the Russ­ian mes­sage to Wash­ing­ton about the intend­ed tar­get was to ensure that any CIA asset or infor­mant who had man­aged to work his way into the jihadist lead­er­ship was fore­warned not to attend the meet­ing.I was told that the Rus­sians passed the warn­ing direct­ly to the CIA. “They were play­ing the game right,” the senior advis­er said. The Russ­ian guid­ance not­ed that the jihadist meet­ing was com­ing at a time of acute pres­sure for the insur­gents: Pre­sum­ably Jab­hat al-Nus­ra and Ahrar al-Sham were des­per­ate­ly seek­ing a path for­ward in the new polit­i­cal cli­mate. In the last few days of March, Trump and two of his key nation­al secu­ri­ty aides – Sec­re­tary of State Rex Tiller­son and UN Ambas­sador Nik­ki Haley – had made state­ments acknowl­edg­ing that, as the New York Times put it, the White House “has aban­doned the goal” of pres­sur­ing Assad “to leave pow­er, mark­ing a sharp depar­ture from the Mid­dle East pol­i­cy that guid­ed the Oba­ma admin­is­tra­tion for more than five years.” White House Press Sec­re­tary Sean Spicer told a press brief­ing on March 31 that “there is a polit­i­cal real­i­ty that we have to accept,” imply­ing that Assad was there to stay.

Russ­ian and Syr­i­an intel­li­gence offi­cials, who coor­di­nate oper­a­tions close­ly with the Amer­i­can com­mand posts, made it clear that the planned strike on Khan Sheikhoun was spe­cial because of the high-val­ue tar­get. “It was a red-hot change. The mis­sion was out of the ordi­nary – scrub the sked,” the senior advis­er told me. “Every oper­a­tions offi­cer in the region” – in the Army, Marine Corps, Air Force, CIA and NSA – “had to know there was some­thing going on. The Rus­sians gave the Syr­i­an Air Force a guid­ed bomb and that was a rar­i­ty. They’re skimpy with their guid­ed bombs and rarely share them with the Syr­i­an Air Force. And the Syr­i­ans assigned their best pilot to the mis­sion, with the best wing­man.” The advance intel­li­gence on the tar­get, as sup­plied by the Rus­sians, was giv­en the high­est pos­si­ble score inside the Amer­i­can com­mu­ni­ty.

The Exe­cute Order gov­ern­ing U.S. mil­i­tary oper­a­tions in the­ater, which was issued by the Chair­man of the Joint Chiefs of Staff, pro­vide instruc­tions that demar­cate the rela­tion­ship between the Amer­i­can and Russ­ian forces oper­at­ing in Syr­ia. “It’s like an ops order – ‘Here’s what you are autho­rized to do,’” the advis­er said. “We do not share oper­a­tional con­trol with the Rus­sians. We don’t do com­bined oper­a­tions with them, or activ­i­ties direct­ly in sup­port of one of their oper­a­tions. But coor­di­na­tion is per­mit­ted. We keep each oth­er apprised of what’s hap­pen­ing and with­in this pack­age is the mutu­al exchange of intel­li­gence. If we get a hot tip that could help the Rus­sians do their mis­sion, that’s coor­di­na­tion; and the Rus­sians do the same for us. When we get a hot tip about a com­mand and con­trol facil­i­ty,” the advis­er added, refer­ring to the tar­get in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chem­i­cal weapons strike,” the advis­er said. “That’s a fairy tale. If so, every­one involved in trans­fer­ring, load­ing and arm­ing the weapon – you’ve got to make it appear like a reg­u­lar 500-pound con­ven­tion­al bomb – would be wear­ing Haz­mat pro­tec­tive cloth­ing in case of a leak. There would be very lit­tle chance of sur­vival with­out such gear. Mil­i­tary grade sarin includes addi­tives designed to increase tox­i­c­i­ty and lethal­i­ty. Every batch that comes out is max­i­mized for death. That is why it is made. It is odor­less and invis­i­ble and death can come with­in a minute. No cloud. Why pro­duce a weapon that peo­ple can run away from?”

The tar­get was struck at 6:55 a.m. on April 4, just before mid­night in Wash­ing­ton. A Bomb Dam­age Assess­ment (BDA) by the U.S. mil­i­tary lat­er deter­mined that the heat and force of the 500-pound Syr­i­an bomb trig­gered a series of sec­ondary explo­sions that could have gen­er­at­ed a huge tox­ic cloud that began to spread over the town, formed by the release of the fer­til­iz­ers, dis­in­fec­tants and oth­er goods stored in the base­ment, its effect mag­ni­fied by the dense morn­ing air, which trapped the fumes close to the ground. Accord­ing to intel­li­gence esti­mates, the senior advis­er said, the strike itself killed up to four jihadist lead­ers, and an unknown num­ber of dri­vers and secu­ri­ty aides. There is no con­firmed count of the num­ber of civil­ians killed by the poi­so­nous gas­es that were released by the sec­ondary explo­sions, although oppo­si­tion activists report­ed that there were more than 80 dead, and out­lets such as CNN have put the fig­ure as high as 92. A team from Médecins Sans Fron­tières, treat­ing vic­tims from Khan Sheikhoun at a clin­ic 60 miles to the north, report­ed that “eight patients showed symp­toms – includ­ing con­strict­ed pupils, mus­cle spasms and invol­un­tary defe­ca­tion – which are con­sis­tent with expo­sure to a neu­ro­tox­ic agent such as sarin gas or sim­i­lar com­pounds.” MSF also vis­it­ed oth­er hos­pi­tals that had received vic­tims and found that patients there “smelled of bleach, sug­gest­ing that they had been exposed to chlo­rine.” In oth­er words, evi­dence sug­gest­ed that there was more than one chem­i­cal respon­si­ble for the symp­toms observed, which would not have been the case if the Syr­i­an Air Force – as oppo­si­tion activists insist­ed – had dropped a sarin bomb, which has no per­cus­sive or igni­tion pow­er to trig­ger sec­ondary explo­sions. The range of symp­toms is, how­ev­er, con­sis­tent with the release of a mix­ture of chem­i­cals, includ­ing chlo­rine and the organophos­phates used in many fer­til­iz­ers, which can cause neu­ro­tox­ic effects sim­i­lar to those of sarin.

The inter­net swung into action with­in hours, and grue­some pho­tographs of the vic­tims flood­ed tele­vi­sion net­works and YouTube. U.S. intel­li­gence was tasked with estab­lish­ing what had hap­pened. Among the pieces of infor­ma­tion received was an inter­cept of Syr­i­an com­mu­ni­ca­tions col­lect­ed before the attack by an allied nation. The inter­cept, which had a par­tic­u­lar­ly strong effect on some of Trump’s aides, did not men­tion nerve gas or sarin, but it did quote a Syr­i­an gen­er­al dis­cussing a “spe­cial” weapon and the need for a high­ly skilled pilot to man the attack plane. The ref­er­ence, as those in the Amer­i­can intel­li­gence com­mu­ni­ty under­stood, and many of the inex­pe­ri­enced aides and fam­i­ly mem­bers close to Trump may not have, was to a Russ­ian-sup­plied bomb with its built-in guid­ance sys­tem. “If you’ve already decid­ed it was a gas attack, you will then inevitably read the talk about a spe­cial weapon as involv­ing a sarin bomb,” the advis­er said. “Did the Syr­i­ans plan the attack on Khan Sheikhoun? Absolute­ly. Do we have inter­cepts to prove it? Absolute­ly. Did they plan to use sarin? No. But the pres­i­dent did not say: ‘We have a prob­lem and let’s look into it.’ He want­ed to bomb the shit out of Syr­ia.”

At the UN the next day, Ambas­sador Haley cre­at­ed a media sen­sa­tion when she dis­played pho­tographs of the dead and accused Rus­sia of being com­plic­it. “How many more chil­dren have to die before Rus­sia cares?” she asked. NBC News, in a typ­i­cal report that day, quot­ed Amer­i­can offi­cials as con­firm­ing that nerve gas had been used and Haley tied the attack direct­ly to Syr­i­an Pres­i­dent Assad. “We know that yesterday’s attack was a new low even for the bar­bar­ic Assad regime,” she said. There was irony in America’s rush to blame Syr­ia and crit­i­cize Rus­sia for its sup­port of Syria’s denial of any use of gas in Khan Sheikhoun, as Ambas­sador Haley and oth­ers in Wash­ing­ton did. “What doesn’t occur to most Amer­i­cans” the advis­er said, “is if there had been a Syr­i­an nerve gas attack autho­rized by Bashar, the Rus­sians would be 10 times as upset as any­one in the West. Russia’s strat­e­gy against ISIS, which involves get­ting Amer­i­can coop­er­a­tion, would have been destroyed and Bashar would be respon­si­ble for piss­ing off Rus­sia, with unknown con­se­quences for him. Bashar would do that? When he’s on the verge of win­ning the war? Are you kid­ding me?”

Trump, a con­stant watch­er of tele­vi­sion news, said, while King Abdul­lah of Jor­dan was sit­ting next to him in the Oval Office, that what had hap­pened was “hor­ri­ble, hor­ri­ble” and a “ter­ri­ble affront to human­i­ty.” Asked if his admin­is­tra­tion would change its pol­i­cy toward the Assad gov­ern­ment, he said: “You will see.” He gave a hint of the response to come at the sub­se­quent news con­fer­ence with King Abdul­lah: “When you kill inno­cent chil­dren, inno­cent babies – babies, lit­tle babies – with a chem­i­cal gas that is so lethal … that cross­es many, many lines, beyond a red line . … That attack on chil­dren yes­ter­day had a big impact on me. Big impact … It’s very, very pos­si­ble … that my atti­tude toward Syr­ia and Assad has changed very much.”

With­in hours of view­ing the pho­tos, the advis­er said, Trump instruct­ed the nation­al defense appa­ra­tus to plan for retal­i­a­tion against Syr­ia. “He did this before he talked to any­body about it. The plan­ners then asked the CIA and DIA if there was any evi­dence that Syr­ia had sarin stored at a near­by air­port or some­where in the area. Their mil­i­tary had to have it some­where in the area in order to bomb with it.” “The answer was, ‘We have no evi­dence that Syr­ia had sarin or used it,’” the advis­er said. “The CIA also told them that there was no resid­ual deliv­ery for sarin at Sheyrat [the air­field from which the Syr­i­an SU-24 bombers had tak­en off on April 4] and Assad had no motive to com­mit polit­i­cal sui­cide.”Every­one involved, except per­haps the pres­i­dent, also under­stood that a high­ly skilled Unit­ed Nations team had spent more than a year in the after­math of an alleged sarin attack in 2013 by Syr­ia, remov­ing what was said to be all chem­i­cal weapons from a dozen Syr­i­an chem­i­cal weapons depots.

At this point, the advis­er said, the president’s nation­al secu­ri­ty plan­ners were more than a lit­tle rat­tled: “No one knew the prove­nance of the pho­tographs. We didn’t know who the chil­dren were or how they got hurt. Sarin actu­al­ly is very easy to detect because it pen­e­trates paint, and all one would have to do is get a paint sam­ple. We knew there was a cloud and we knew it hurt peo­ple. But you can­not jump from there to cer­tain­ty that Assad had hid­den sarin from the UN because he want­ed to use it in Khan Sheikhoun.” The intel­li­gence made clear that a Syr­i­an Air Force SU-24 fight­er bomber had used a con­ven­tion­al weapon to hit its tar­get: There had been no chem­i­cal war­head. And yet it was impos­si­ble for the experts to per­suade the pres­i­dent of this once he had made up his mind. “The pres­i­dent saw the pho­tographs of poi­soned lit­tle girls and said it was an Assad atroc­i­ty,” the senior advis­er said. “It’s typ­i­cal of human nature. You jump to the con­clu­sion you want. Intel­li­gence ana­lysts do not argue with a pres­i­dent. They’re not going to tell the pres­i­dent, ‘if you inter­pret the data this way, I quit.’”

The nation­al secu­ri­ty advis­ers under­stood their dilem­ma: Trump want­ed to respond to the affront to human­i­ty com­mit­ted by Syr­ia and he did not want to be dis­suad­ed. They were deal­ing with a man they con­sid­ered to be not unkind and not stu­pid, but his lim­i­ta­tions when it came to nation­al secu­ri­ty deci­sions were severe. “Every­one close to him knows his pro­cliv­i­ty for act­ing pre­cip­i­tous­ly when he does not know the facts,” the advis­er said. “He doesn’t read any­thing and has no real his­tor­i­cal knowl­edge. He wants ver­bal brief­in­gs and pho­tographs. He’s a risk-tak­er. He can accept the con­se­quences of a bad deci­sion in the busi­ness world; he will just lose mon­ey. But in our world, lives will be lost and there will be long-term dam­age to our nation­al secu­ri­ty if he guess­es wrong. He was told we did not have evi­dence of Syr­i­an involve­ment and yet Trump says: ‘Do it.”’

On April 6, Trump con­vened a meet­ing of nation­al secu­ri­ty offi­cials at his Mar-a-Lago resort in Flori­da. The meet­ing was not to decide what to do, but how best to do it – or, as some want­ed, how to do the least and keep Trump hap­py. “The boss knew before the meet­ing that they didn’t have the intel­li­gence, but that was not the issue,” the advis­er said. “The meet­ing was about, ‘Here’s what I’m going to do,’ and then he gets the options.”

The avail­able intel­li­gence was not rel­e­vant. The most expe­ri­enced man at the table was Sec­re­tary of Defense James Mat­tis, a retired Marine Corps gen­er­al who had the president’s respect and under­stood, per­haps, how quick­ly that could evap­o­rate. Mike Pom­peo, the CIA direc­tor whose agency had con­sis­tent­ly report­ed that it had no evi­dence of a Syr­i­an chem­i­cal bomb, was not present. Sec­re­tary of State Tiller­son was admired on the inside for his will­ing­ness to work long hours and his avid read­ing of diplo­mat­ic cables and reports, but he knew lit­tle about wag­ing war and the man­age­ment of a bomb­ing raid. Those present were in a bind, the advis­er said. “The pres­i­dent was emo­tion­al­ly ener­gized by the dis­as­ter and he want­ed options.” He got four of them, in order of extrem­i­ty. Option one was to do noth­ing. All involved, the advis­er said, under­stood that was a non-starter. Option two was a slap on the wrist: to bomb an air­field in Syr­ia, but only after alert­ing the Rus­sians and, through them, the Syr­i­ans, to avoid too many casu­al­ties. A few of the plan­ners called this the “goril­la option”: Amer­i­ca would glow­er and beat its chest to pro­voke fear and demon­strate resolve, but cause lit­tle sig­nif­i­cant dam­age. The third option was to adopt the strike pack­age that had been pre­sent­ed to Oba­ma in 2013, and which he ulti­mate­ly chose not to pur­sue. The plan called for the mas­sive bomb­ing of the main Syr­i­an air­fields and com­mand and con­trol cen­ters using B1 and B52 air­craft launched from their bases in the U.S. Option four was “decap­i­ta­tion”: to remove Assad by bomb­ing his palace in Dam­as­cus, as well as his com­mand and con­trol net­work and all of the under­ground bunkers he could pos­si­bly retreat to in a cri­sis.

“Trump ruled out option one off the bat,” the senior advis­er said, and the assas­si­na­tion of Assad was nev­er con­sid­ered. “But he said, in essence: ‘You’re the mil­i­tary and I want mil­i­tary action.’” The pres­i­dent was also ini­tial­ly opposed to the idea of giv­ing the Rus­sians advance warn­ing before the strike, but reluc­tant­ly accept­ed it. “We gave him the Goldilocks option – not too hot, not too cold, but just right.” The dis­cus­sion had its bizarre moments. Tiller­son won­dered at the Mar-a-Lago meet­ing why the pres­i­dent could not sim­ply call in the B52 bombers and pul­ver­ize the air base. He was told that B52s were very vul­ner­a­ble to sur­face-to-air mis­siles (SAMs) in the area and using such planes would require sup­pres­sion fire that could kill some Russ­ian defend­ers. “What is that?” Tiller­son asked. Well, sir, he was told, that means we would have to destroy the upgrad­ed SAM sites along the B52 flight path, and those are manned by Rus­sians, and we pos­si­bly would be con­front­ed with a much more dif­fi­cult sit­u­a­tion. “The les­son here was: Thank God for the mil­i­tary men at the meet­ing,” the advis­er said. “They did the best they could when con­front­ed with a deci­sion that had already been made.”

Fifty-nine Tom­a­hawk mis­siles were fired from two U.S. Navy destroy­ers on duty in the Mediter­ranean, the Ross and the Porter, at Shayrat Air Base near the gov­ern­ment-con­trolled city of Homs. The strike was as suc­cess­ful as hoped, in terms of doing min­i­mal dam­age. The mis­siles have a light pay­load – rough­ly 220 pounds of HBX, the military’s mod­ern ver­sion of TNT. The airfield’s gaso­line stor­age tanks, a pri­ma­ry tar­get, were pul­ver­ized, the senior advis­er said, trig­ger­ing a huge fire and clouds of smoke that inter­fered with the guid­ance sys­tem of fol­low­ing mis­siles. As many as 24 mis­siles missed their tar­gets and only a few of the Tom­a­hawks actu­al­ly pen­e­trat­ed into hangars, destroy­ing nine Syr­i­an air­craft, many few­er than claimed by the Trump admin­is­tra­tion. I was told that none of the nine was oper­a­tional: such dam­aged air­craft are what the Air Force calls hangar queens. “They were sac­ri­fi­cial lambs,” the senior advis­er said. Most of the impor­tant per­son­nel and oper­a­tional fight­er planes had been flown to near­by bases hours before the raid began. The two run­ways and park­ing places for air­craft, which had also been tar­get­ed, were repaired and back in oper­a­tion with­in eight hours or so. All in all, it was lit­tle more than an expen­sive fire­works dis­play.

“It was a total­ly Trump show from begin­ning to end,” the senior advis­er said. “A few of the president’s senior nation­al secu­ri­ty advis­ers viewed the mis­sion as a min­i­mized bad pres­i­den­tial deci­sion, and one that they had an oblig­a­tion to car­ry out. But I don’t think our nation­al secu­ri­ty peo­ple are going to allow them­selves to be hus­tled into a bad deci­sion again. If Trump had gone for option three, there might have been some imme­di­ate res­ig­na­tions.”

After the meet­ing, with the Tom­a­hawks on their way, Trump spoke to the nation from Mar-a-Lago, and accused Assad of using nerve gas to choke out “the lives of help­less men, women and chil­dren. It was a slow and bru­tal death for so many … No child of God should ever suf­fer such hor­ror.” The next few days were his most suc­cess­ful as pres­i­dent. Amer­i­ca ral­lied around its com­man­der in chief, as it always does in times of war. Trump, who had cam­paigned as some­one who advo­cat­ed mak­ing peace with Assad, was bomb­ing Syr­ia 11 weeks after tak­ing office, and was hailed for doing so by Repub­li­cans, Democ­rats and the media alike. One promi­nent TV anchor­man, Bri­an Williams of MSNBC, used the word “beau­ti­ful” to describe the images of the Tom­a­hawks being launched at sea. Speak­ing on CNN, Fareed Zakaria said: “I think Don­ald Trump became pres­i­dent of the Unit­ed States.” A review of the top 100 Amer­i­can news­pa­pers showed that 39 of them pub­lished edi­to­ri­als sup­port­ing the bomb­ing in its after­math, includ­ing the New York TimesWash­ing­ton Post and Wall Street Jour­nal.

Five days lat­er, the Trump admin­is­tra­tion gath­ered the nation­al media for a back­ground brief­ing on the Syr­i­an oper­a­tion that was con­duct­ed by a senior White House offi­cial who was not to be iden­ti­fied. The gist of the brief­ing was that Russia’s heat­ed and per­sis­tent denial of any sarin use in the Khan Sheikhoun bomb­ing was a lie because Pres­i­dent Trump had said sarin had been used. That asser­tion, which was not chal­lenged or dis­put­ed by any of the reporters present, became the basis for a series of fur­ther crit­i­cisms:

– The con­tin­ued lying by the Trump admin­is­tra­tion about Syria’s use of sarin led to wide­spread belief in the Amer­i­can media and pub­lic that Rus­sia had cho­sen to be involved in a cor­rupt dis­in­for­ma­tion and cov­er-up cam­paign on the part of Syr­ia.

– Russia’s mil­i­tary forces had been co-locat­ed with Syria’s at the Shayrat air­field (as they are through­out Syr­ia), rais­ing the pos­si­bil­i­ty that Rus­sia had advance notice of Syria’s deter­mi­na­tion to use sarin at Khan Sheikhoun and did noth­ing to stop it.

– Syria’s use of sarin and Russia’s defense of that use strong­ly sug­gest­ed that Syr­ia with­held stocks of the nerve agent from the UN dis­ar­ma­ment team that spent much of 2014 inspect­ing and remov­ing all declared chem­i­cal war­fare agents from 12 Syr­i­an chem­i­cal weapons depots, pur­suant to the agree­ment worked out by the Oba­ma admin­is­tra­tion and Rus­sia after Syria’s alleged, but still unproven, use of sarin the year before against a rebel redoubt in a sub­urb of Dam­as­cus.

The briefer, to his cred­it, was care­ful to use the words “think,” “sug­gest” and “believe” at least 10 times dur­ing the 30-minute event. But he also said that his brief­ing was based on data that had been declas­si­fied by “our col­leagues in the intel­li­gence com­mu­ni­ty.” What the briefer did not say, and may not have known, was that much of the clas­si­fied infor­ma­tion in the com­mu­ni­ty made the point that Syr­ia had not used sarin in the April 4 bomb­ing attack.

The cri­sis slid into the back­ground by the end of April, as Rus­sia, Syr­ia and the Unit­ed States remained focused on anni­hi­lat­ing ISIS and the mili­tias of al-Qai­da. Some of those who had worked through the cri­sis, how­ev­er, were left with lin­ger­ing con­cerns. “The Salafists and jihadists got every­thing they want­ed out of their hyped-up Syr­i­an nerve gas ploy,” the senior advis­er to the U.S. intel­li­gence com­mu­ni­ty told me, refer­ring to the flare up of ten­sions between Syr­ia, Rus­sia and Amer­i­ca. “The issue is, what if there’s anoth­er false flag sarin attack cred­it­ed to hat­ed Syr­ia? Trump has upped the ante and paint­ed him­self into a cor­ner with his deci­sion to bomb. And do not think these guys are not plan­ning the next faked attack. Trump will have no choice but to bomb again, and hard­er. He’s inca­pable of say­ing he made a mis­take.”

5.  The White House issued an omi­nous mes­sage indi­cat­ing it has evi­dence that Assad’s forces were plan­ning a chem­i­cal attack and if that hap­pens the con­se­quences will be severe and Russ­ian and Iran will be held respon­si­ble:

“White House says Syria’s Assad prepar­ing anoth­er chem­i­cal attack, warns of ‘heavy’ penal­ty” by Abby Phillip and Dan Lamothe; The Wash­ing­ton Post; 06/26/2017

The White House issued an omi­nous warn­ing to Syr­i­an Pres­i­dent Bashar al-Assad on Mon­day night, pledg­ing that his regime would pay a “heavy price” if it car­ried out anoth­er chem­i­cal attack this year.

In a state­ment, White House press sec­re­tary Sean Spicer said that the Unit­ed States had detect­ed evi­dence of prepa­ra­tions for a chem­i­cal attack, sim­i­lar to the prepa­ra­tions that occurred before an attack in April.

“The Unit­ed States has iden­ti­fied poten­tial prepa­ra­tions for anoth­er chem­i­cal weapons attack by the Assad regime that would like­ly result in the mass mur­der of civil­ians, includ­ing inno­cent chil­dren,” Spicer said in the state­ment. “The activ­i­ties are sim­i­lar to prepa­ra­tions the regime made before its April 4, 2017 chem­i­cal weapons attack.

“As we have pre­vi­ous­ly stat­ed, the Unit­ed States is in Syr­ia to elim­i­nate the Islam­ic State of Iraq and Syr­ia,” he con­tin­ued. “If, how­ev­er, Mr. Assad con­ducts anoth­er mass mur­der attack using chem­i­cal weapons, he and his mil­i­tary will pay a heavy price.”

Fol­low­ing the April attack, Pres­i­dent Trump ordered an air strike against the Assad-con­trolled air field where the attack was believed to have been car­ried out.

At the time, Trump said that Assad’s use of chem­i­cal weapons against inno­cent women and chil­dren made action inevitable.

“When you kill inno­cent chil­dren, inno­cent babies, babies, lit­tle babies, with a chem­i­cal gas that is so lethal — peo­ple were shocked to hear what gas it was,” Trump said after the attack. “That cross­es many, many lines, beyond a red line, many, many lines.”

Fol­low­ing Spicer’s state­ment on Mon­day night, Nik­ki Haley, the U.S. Ambas­sador to the Unit­ed Nations said Assad and its allies would be square­ly blamed if such an attack occurred.

“Any fur­ther attacks done to the peo­ple of Syr­ia will be blamed on Assad, but also on Rus­sia & Iran who sup­port him killing his own peo­ple,”Haley wrote.

Any fur­ther attacks done to the peo­ple of Syr­ia will be blamed on Assad, but also on Rus­sia & Iran who sup­port him killing his own peo­ple.— Nik­ki Haley (@nikkihaley) June 27, 2017

The U.S. mil­i­tary main­tains a vari­ety of weapons in the region that could be used in the event of anoth­er strike, includ­ing manned and unmanned air­craft in sev­er­al Mid­dle East­ern coun­tries. But the most like­ly sce­nario is prob­a­bly a strike using naval assets, which can be launched with few­er diplo­mat­ic issues than using bases in allied coun­tries such as Turkey or the Unit­ed Arab Emi­rates.

The Navy launched Tom­a­hawk mis­siles at a Syr­i­an mil­i­tary air­field April 6 in response to a pre­vi­ous alleged chem­i­cal weapons attack, using two guid­ed-mis­sile destroy­ers in the east­ern Mediter­ranean Sea, the USS Ross and USS Porter, to do so.

A point of con­tention for the Pen­ta­gon after the last strike was the Syr­i­an regime’s alleged use of a nerve agent, like sarin. It is far dead­lier than some oth­er chem­i­cals that U.S. mil­i­tary and intel­li­gence offi­cials say that the regime has used, such as chlo­rine.

6. Crit­i­cal to the under­stand­ing of the spin­ning of “Rus­sia-gate” are the actions of Felix Sater.

Inside Trump’s Rus­sia Con­nec­tions: The Felon and The Pop Star” by Chase Peter­son-With­orn; Forbes; 3/28/2017.

“ . . . . Nev­er­the­less, in late Jan­u­ary, Sater and a Ukrain­ian law­mak­er report­ed­ly met with Trump’s per­son­al lawyer, Michael Cohen, at a New York hotel. Accord­ing to the Times, they dis­cussed a plan that involved the U.S. lift­ing sanc­tions against Rus­sia, and Cohen said he hand-deliv­ered the plan in a sealed enve­lope to then-nation­al secu­ri­ty advi­sor Michael Fly­nn. Cohen lat­er denied deliv­er­ing the enve­lope to any­one in the White House, accord­ing to the Wash­ing­ton Post. . . .”

7.  Sater was “walk­ing point” for the Trump busi­ness inter­ests in their attempts at build­ing in Moscow in the fall of 2015.

“How the Miss Uni­verse Pageant Led to Trump’s Son Meet­ing with a Russ­ian Lawyer” by Steve Eder and Megan Twohey [The New York Times]; The Seat­tle Times; 7/10/2017.

“ . . . . Sater worked on a plan for a Trump Tow­er in Moscow as recent­ly as the fall of 2015, but he said that had come to a halt because of Trump’s pres­i­den­tial cam­paign. . . .”

8. Anoth­er inter­est­ing, close asso­ciate of Don­ald Trump was Felix Sater, who changed the spelling of his name, adding an extra “T” to avoid being rec­og­nized on inter­net search­es. Review­ing infor­ma­tion from FTR #936:

The Mak­ing of Don­ald Trump by David Cay John­ston; Melville House [HC]; copy­right 2016 by David Cay John­ston; ISBN 978–1‑61219–632‑9. p. 162.

 . . . ‘Sat­ter’s’ name appears with just one ‘T’ in a host of places. There’s the deed to his home for exam­ple. It is also spelled with only one ‘T’ on New York State court papers from his 1991 felony con­vic­tion for stab­bing a man in the face with the stem of a mar­gari­ta glass. The name Sater with one ‘T’ also appears on fed­er­al court papers in a $40 mil­lion orga­nized crime stock swin­dle he con­fessed to in 1998, a scheme that ben­e­fit­ed him as well as the Gen­ovese and Gam­bi­no crime fam­i­lies. The stock swin­dle involved fake stock bro­ker­age firms using high-pres­sure tac­tics to get naive peo­ple to buy worth­less shares from Sater and his mob friends. . . . 

9.Trump’s close asso­ciate Felix was able to escape seri­ous legal ret­ri­bu­tion by going to work for the CIA.

The Mak­ing of Don­ald Trump by David Cay John­ston; Melville House [HC]; copy­right 2016 by David Cay John­ston; ISBN 978–1‑61219–632‑9. p. 165.

. . . . There is every indi­ca­tion that the extra­or­di­nar­i­ly lenient treat­ment result­ed from Sater play­ing a get-out-of-jail free card. Short­ly before his secret guilty plea, Sater became a free­lance oper­a­tive of the Cen­tral Intel­li­gence Agency. One of his fel­low stock swindlers, Sal­va­tore Lau­ria, wrote a book about it. The Scor­pi­on and the Frog is described on its cov­er as ‘the true sto­ry of one man’s fraud­u­lent rise and fall in the Wall Street of the nineties.’ Accord­ing to Lauria–and the court files that have been unsealed–Sater helped the CIA buy small mis­siles before they got to ter­ror­ists. He also pro­vid­ed oth­er pur­port­ed nation­al secu­ri­ty ser­vices for a report­ed fee of $300,000. Sto­ries abound as to what else Sater may or may not have done in the are­na of nation­al secu­ri­ty. . . . 

 

Discussion

24 comments for “FTR #965 Are We Going to Have a Third World War?”

  1. Check out the per­son that appears to be emerg­ing as the White House­’s inter­nal scape­goat for all the tur­moil in recent days as a new cloud of para­noia envelops the White House staff amidst one report after anoth­er based on mul­ti­ple anony­mous White House sources: Reince Priebus. Yep, accord­ing to a recent report in the Wash­ing­ton Post reports, the Trump kids are con­vinced that Reince Priebus is one of the sources of all these embar­rass­ing reports and their mes­sage to Trump is that Priebus has to go. It’s an inter­est­ing devel­op­ment. In part because Priebus, as one of the pri­ma­ry White House fig­ures who comes from the tra­di­tion­al GOP ‘estab­lish­ment’, real­ly would be one of the pri­ma­ry sus­pects of any attempts to under­mine the Trump admin­is­tra­tion but only if the rest of the GOP estab­lish­ment gives him those orders. So you have to won­der if the Trump kids’ lob­by­ing to get their dad to dump Priebus rel­fects a grow­ing con­cern that the GOP estab­lish­ment is get­ting ready to dump Trump:

    The Wash­ing­ton Post

    ‘Cat­e­go­ry 5 hur­ri­cane’: White House under siege by Trump Jr.’s Rus­sia rev­e­la­tions

    By Philip Ruck­er and Ash­ley Park­er
    July 12, 2017 at 6:42 AM

    The White House has been thrust into chaos after days of ever-wors­en­ing rev­e­la­tions about a meet­ing between Don­ald Trump Jr. and a lawyer char­ac­ter­ized as rep­re­sent­ing the Russ­ian gov­ern­ment, as the pres­i­dent fumes against his ene­mies and senior aides cir­cle one anoth­er with sus­pi­cion, accord­ing to top White House offi­cials and out­side advis­ers.

    Pres­i­dent Trump — who has been hid­den from pub­lic view since return­ing last week­end from a divi­sive inter­na­tion­al sum­mit — is enraged that the Rus­sia cloud still hangs over his pres­i­den­cy and is exas­per­at­ed that his eldest son and name­sake has become engulfed by it, said peo­ple who have spo­ken with him this week.

    The dis­clo­sure that Trump Jr. met with a Russ­ian attor­ney, believ­ing he would receive incrim­i­nat­ing infor­ma­tion about Hillary Clin­ton as part of the Kremlin’s effort to boost his father’s can­di­da­cy, has set back the administration’s fal­ter­ing agen­da and rat­tled the senior lead­er­ship team.

    On Wednes­day, in his first Twit­ter posts since the email dis­clo­sures, Trump defend­ed his son as “open, trans­par­ent and inno­cent” and repeat­ed past claims that his admin­is­tra­tion is the sub­ject of a “witch hunt” fueled by leak­ers.

    “My son Don­ald did a good job last night,” Trump wrote, refer­ring to his son’s appear­ance on Fox News. “He was open, trans­par­ent and inno­cent. This is the great­est Witch Hunt in polit­i­cal his­to­ry. Sad!”

    Trump also took aim at anony­mous leaks from “sources” — even though Trump Jr. gave a step-by-step email chronol­o­gy of the plans for the meet­ing with the Russ­ian lawyer in 2016.

    Even sup­port­ers of Trump Jr. who believe he faces no legal reper­cus­sions pri­vate­ly acknowl­edged Tues­day that the sto­ry is a pub­lic rela­tions dis­as­ter — for him as well as for the White House. One out­side ally called it a “Cat­e­go­ry 5 hur­ri­cane,” while an out­side advis­er said a CNN graph­ic chart­ing con­nec­tions between the Trump team and Rus­sians resem­bled the plot of the fic­tion­al Net­flix series “House of Cards.”

    Vice Pres­i­dent Pence sought to dis­tance him­self from the con­tro­ver­sy, with his spokesman not­ing that Trump Jr.’s meet­ing occurred before Pence joined the tick­et.

    Inside a White House in which infight­ing often seems like a core cul­tur­al val­ue, three straight days of rev­e­la­tions in the New York Times about Trump Jr. have inspired a new round of accu­sa­tions and recrim­i­na­tions, with advis­ers pri­vate­ly spec­u­lat­ing about who inside the Trump orbit may be leak­ing dam­ag­ing infor­ma­tion about the president’s son.

    This por­trait of the Trump White House under siege is based on inter­views Tues­day with more than a dozen West Wing offi­cials, out­side advis­ers, and friends and asso­ciates of the pres­i­dent and his fam­i­ly, many of whom spoke on the con­di­tion of anonymi­ty to be can­did.

    The make­up of Trump’s inner cir­cle is the sub­ject of inter­nal debate, as ever. Ivan­ka Trump, the president’s daugh­ter and senior advis­er; Jared Kush­n­er, her hus­band and anoth­er senior advis­er; and first lady Mela­nia Trump have been pri­vate­ly press­ing the pres­i­dent to shake up his team — most specif­i­cal­ly by replac­ing Reince Priebus as the White House chief of staff, accord­ing to two senior White House offi­cials and one ally close to the White House.

    The three fam­i­ly mem­bers are espe­cial­ly con­cerned about the steady stream of unau­tho­rized leaks to jour­nal­ists that have plagued the admin­is­tra­tion over the near­ly six months that Pres­i­dent Trump has been in office, from sen­si­tive nation­al secu­ri­ty infor­ma­tion to embar­rass­ing details about the inner work­ings of the White House, the offi­cials said.

    Stephanie Grisham, the first lady’s com­mu­ni­ca­tions direc­tor, said: “Of course, the first lady is con­cerned about leaks from her husband’s admin­is­tra­tion, as all Amer­i­cans should be. And while she does offer advice and per­spec­tives on many things, Mrs. Trump does not weigh in on West Wing staff.”

    Lind­say Wal­ters, a deputy White House press sec­re­tary, dis­put­ed reports about Priebus’s stand­ing. “These sources have been con­sis­tent­ly wrong about Reince, and they’re still wrong today,” she said.

    After this sto­ry first pub­lished, Josh Raf­fel, a White House spokesman, said in a state­ment on behalf of Kush­n­er and Ivan­ka Trump: “Jared and Ivan­ka are focused on work­ing with Reince and the team to advance the President’s agen­da and not on push­ing for staff changes.”

    Trump recent­ly pub­licly praised Priebus’s work eth­ic, and the chief of staff’s allies note that Priebus has done as good a job as can be expect­ed under the unique cir­cum­stances of this admin­is­tra­tion. Defend­ers of Priebus have long said they expect him to make it to a year in the posi­tion, and Trump is said to be hes­i­tant to fire him or any oth­er senior staffer amid the esca­lat­ing Rus­sia inves­ti­ga­tion led by spe­cial coun­sel Robert S. Mueller III.

    ...

    Pence found out about Trump Jr.’s meet­ing with the Russ­ian attor­ney Fri­day evening in advance of the first Times sto­ry, said one per­son famil­iar with the dis­cus­sions. Both Pence and his team view the Rus­sia cov­er­age as a dis­trac­tion, and are work­ing to keep the vice pres­i­dent clear of it and focused on Trump’s pol­i­cy goals — such as health care, the sub­ject of his sched­uled vis­it to Ken­tucky on Wednes­day.

    “The vice pres­i­dent is work­ing every day to advance the president’s agen­da, which is what the Amer­i­can peo­ple sent us here to do. The vice pres­i­dent was not aware of the meet­ing,” Pence’s press sec­re­tary, Marc Lot­ter, said in a state­ment. “He is not focused on sto­ries about the cam­paign, par­tic­u­lar­ly sto­ries about the time before he joined the tick­et.”

    On Capi­tol Hill — where Sen­ate Major­i­ty Leader Mitch McConnell (R‑Ky.) announced Tues­day that he is delay­ing his chamber’s August recess by two weeks — Repub­li­can sen­a­tors were becom­ing increas­ing­ly frus­trat­ed with the White House, which they blame for Congress’s inabil­i­ty to pass any major leg­is­la­tion.

    A grow­ing num­ber of sen­a­tors believe that the widen­ing Rus­sia probe — as well as the Trump-fueled tumult that seems to dom­i­nate near­ly every news cycle — have stalled their leg­isla­tive agen­da, leav­ing them noth­ing to offer their con­stituents by way of achieve­ments when they head home over the break.

    ———-

    “‘Cat­e­go­ry 5 hur­ri­cane’: White House under siege by Trump Jr.’s Rus­sia rev­e­la­tions” by Philip Ruck­er and Ash­ley Park­er; The Wash­ing­ton Post; 07/12/2017

    “The make­up of Trump’s inner cir­cle is the sub­ject of inter­nal debate, as ever. Ivan­ka Trump, the president’s daugh­ter and senior advis­er; Jared Kush­n­er, her hus­band and anoth­er senior advis­er; and first lady Mela­nia Trump have been pri­vate­ly press­ing the pres­i­dent to shake up his team — most specif­i­cal­ly by replac­ing Reince Priebus as the White House chief of staff, accord­ing to two senior White House offi­cials and one ally close to the White House.”

    Mela­nia is on the anti-Priebus band­wag­on too? Ouch. But such fears and frus­tra­tions aren’t exact­ly out­landish giv­en Priebus’s sta­tus as a key GOP estab­lish­ment ‘out­side’ inside the White House. After all, if there were oth­er staffers the Trumps can’t trust Priebus would have been the per­son in charge of hir­ing them as the Chief of Staff. And if the broad­er GOP ‘estab­lish­ment’ and its bil­lion­aire back­ers decide that Trump is becom­ing an obsta­cle to the fruition of their agen­da and needs to be tak­en down, some­one like Priebus would be very well posi­tioned to help make that hap­pen. It’s one of those sit­u­a­tions where para­noia is pret­ty appro­pri­ate.

    So while there were plen­ty of denials about this intra-White House con­flict, it’s hard to take those denials seri­ous­ly giv­en the wave of anony­mous­ly sourced sto­ries com­ing out of the White House. Espe­cial­ly giv­en the reports that Con­gres­sion­al GOP­ers are blam­ing Trump for their own inabil­i­ty to pass any mean­ing­ful leg­is­la­tion, instead of blam­ing them­selves for craft­ing leg­is­la­tion so hor­ri­ble and unpop­u­lar that even GOP­ers can’t sup­port it. If the GOP ‘estab­lish­ment’ is going to scape­goat Trump, counter-scape­goat­ing Priebus kind of makes sense:

    ...
    On Capi­tol Hill — where Sen­ate Major­i­ty Leader Mitch McConnell (R‑Ky.) announced Tues­day that he is delay­ing his chamber’s August recess by two weeks — Repub­li­can sen­a­tors were becom­ing increas­ing­ly frus­trat­ed with the White House, which they blame for Congress’s inabil­i­ty to pass any major leg­is­la­tion.

    A grow­ing num­ber of sen­a­tors believe that the widen­ing Rus­sia probe — as well as the Trump-fueled tumult that seems to dom­i­nate near­ly every news cycle — have stalled their leg­isla­tive agen­da, leav­ing them noth­ing to offer their con­stituents by way of achieve­ments when they head home over the break.

    Might Priebus final­ly be on his way out the door? This isn’t the first time there’s been reports of the Trump White House infight­ing with­out any even­tu­al depar­tures. But that lack of depar­tures does­n’t mean those pre­vi­ous fights were resolved so as the ten­sions and para­noia in the White House con­tin­ue to grow, along with the anony­mous insid­er leaks, we prob­a­bly should­n’t be super shocked if Priebus is either shown the door or runs for the exits him­self.

    At the same time, giv­en the incred­i­bly bad optics the Trump admin­is­tra­tion is now fac­ing fol­low­ing the dis­clo­sure of the meet­ing with the Russ­ian lawyer — and the grow­ing pos­si­bil­i­ty that Trump is going to basi­cal­ly get con­vict­ed of col­lud­ing with Rus­sia in the court of pub­lic opin­ion — and giv­en the frus­tra­tions of the rest of the GOP — not to men­tion the GOP oli­garchs — over the inabil­i­ty of Trump and the GOP on sell­ing their agen­da to the pub­lic, per­haps we should­n’t be super shocked if Priebus’s time in the White House out­lasts Trump. Espe­cial­ly now that Trump says he just learned about the June 9th, 2016 meet­ing days ago on the same day a GOP Sen­a­tors reveals that the Sen­ate Intel­li­gence com­mit­tee learned about this meet­ing back in April from Jared Kush­n­er:

    Talk­ing Points Memo
    Livewire

    GOP Sen­a­tor: Intel Com­mit­tee Knew In April That Kush­n­er Met Russ­ian Lawyer

    By Esme Cribb
    Pub­lished July 12, 2017 6:43 pm

    Sen. James Lank­ford (R‑OK), a mem­ber of the Sen­ate Intel­li­gence Com­mit­tee, on Wednes­day said the pan­el knew about Jared Kushner’s atten­dance of a June 2016 meet­ing with a Krem­lin-con­nect­ed lawyer as ear­ly as April.

    “This meet­ing was known because it was turned in in the back­ground checks in April, actu­al­ly, for Jared Kush­n­er,” Lank­ford said on CNN. “So it was a known meet­ing at that point. Get­ting the emails and get­ting the details of that meet­ing was not known.”

    Pres­i­dent Don­ald Trump on Wednes­day told Reuters he “didn’t know” about his eldest son Don­ald Trump Jr.’s meet­ing with Russ­ian lawyer Natalia Vesel­nit­skaya “until a cou­ple of days ago.”

    ...

    ———-

    “GOP Sen­a­tor: Intel Com­mit­tee Knew In April That Kush­n­er Met Russ­ian Lawyer” by Esme Cribb; Talk­ing Points Memo; 07/12/2017

    ““This meet­ing was known because it was turned in in the back­ground checks in April, actu­al­ly, for Jared Kush­n­er,” Lank­ford said on CNN. “So it was a known meet­ing at that point. Get­ting the emails and get­ting the details of that meet­ing was not known.””

    The June 9th meet­ing was a known to the Sen­ate Intel­li­gence Com­mit­tee since April, with Kush­n­er being the source. And yet Don­ald Trump just came out and said he learned about this meet­ing “a cou­ple of days ago”:

    ...
    Pres­i­dent Don­ald Trump on Wednes­day told Reuters he “didn’t know” about his eldest son Don­ald Trump Jr.’s meet­ing with Russ­ian lawyer Natalia Vesel­nit­skaya “until a cou­ple of days ago.”
    ...

    We’re basi­cal­ly one rev­e­la­tion away from get­ting to the point where Trump is caught in a lie. And sure, he’s caught in lies all the time, but this would be a pret­ty big one. And while that June 9th meet­ing with the Russ­ian lawyer does­n’t at all prove that the Trump team and Russ­ian gov­ern­ment were col­lud­ing to exe­cute and dis­si­me­nate the hacked Demo­c­ra­t­ic emails, legal­ly prov­ing that case does­n’t real­ly mat­ter if the whole sit­u­a­tion ends up mak­ing Trump sim­ply look real­ly, real­ly guilty to the Amer­i­can pub­lic. And real­ly, real­ly sleazy.

    So in addi­tion to ques­tions over whether or not push­ing Reince Priebus out of the White House and doing a major staff over­haul is going to be one of the sur­vival tac­tics the Trump team uses to try to cir­cle the wag­ons and pre­vent insid­er leaks, those ques­tions are paired with grow­ing ques­tions over how much more patience the GOP ‘estab­lish­ment’ is going to have for Trump in gen­er­al while the GOP pol­i­cy agen­da con­tin­ues to fiz­zle. Because of the broad­er GOP estab­lish­ment decides it’s time for Trump to resign it sure does­n’t look like it’s going to be very dif­fi­cult for that ‘estab­lish­ment’ to whip up any one of a num­ber of poten­tial Trump mega-scan­dals to force such a res­ig­na­tion. And some­one like Reince Priebus is in just the right posi­tion to facil­i­tate such an oper­a­tion.

    Just because you’re para­noid does­n’t mean they aren’t out to get you. Espe­cial­ly when the para­noia has been going on unin­ter­rupt­ed for months as the sit­u­a­tion dete­ri­o­rates and now every­one seems out to get every­one. That’s def­i­nite­ly an appro­pri­ate time for col­lec­tive para­noia. Yuu­u­u­uge para­noia.

    And since start­ing a war or cre­at­ing some oth­er mas­sive dis­as­ter to dis­tract from the admin­is­tra­tion’s woes is one of the default tools in the Trump team’s tool­box as their sit­u­a­tion gets more and more des­per­ate, every­one else should prob­a­bly be a lit­tle para­noid too.

    Posted by Pterrafractyl | July 12, 2017, 11:19 pm
  2. Well, now we know how Peter W. Smith — the long-time financier of right-wing oppo­si­tion research who talked about his efforts to put togeth­er a team that alleged­ly includ­ed Trump offi­cials and was ded­i­cat­ed to find­ing hacked copies of Hillary Clin­ton’s emails — end­ed up dying just 10 days after he gave his inter­views: Smith appears to have com­mit­ted sui­cide due to health issues:

    The Chica­go Tri­bune

    Peter W. Smith, GOP oper­a­tive who sought Clin­ton’s emails from Russ­ian hack­ers, com­mit­ted sui­cide, records show

    Kather­ine Ski­ba, David Heinz­mann and Todd Lighty
    July 13, 2017, 5:34 PM

    A Repub­li­can donor and oper­a­tive from Chicago’s North Shore who said he had tried to obtain Hillary Clin­ton’s miss­ing emails from Russ­ian hack­ers killed him­self in a Min­neso­ta hotel room days after talk­ing to The Wall Street Jour­nal about his efforts, pub­lic records show.

    In a room at a Rochester hotel used almost exclu­sive­ly by Mayo Clin­ic patients and rel­a­tives, Peter W. Smith, 81, left a care­ful­ly pre­pared file of doc­u­ments, which includes a state­ment police called a sui­cide note in which he said he was in ill health and a life insur­ance pol­i­cy was expir­ing.

    Days ear­li­er, the financier from sub­ur­ban Lake For­est gave an inter­view to the Jour­nal about his quest, and it pub­lished sto­ries about his efforts begin­ning in late June. The Jour­nal also report­ed it had seen emails writ­ten by Smith show­ing his team con­sid­ered retired Lt. Gen. Michael Fly­nn, then a top advis­er to Repub­li­can Don­ald Trump’s cam­paign, as an ally. Fly­nn briefly was Pres­i­dent Trump’s nation­al secu­ri­ty advis­er and resigned after it was deter­mined he had failed to dis­close con­tacts with Rus­sia.

    At the time, the news­pa­per report­ed Smith’s May 14 death came about 10 days after he grant­ed the inter­view. Mys­tery shroud­ed how and where he had died, but the lead reporter on the sto­ries said on a pod­cast he had no rea­son to believe the death was the result of foul play and that Smith like­ly had died of nat­ur­al caus­es.

    How­ev­er, the Chica­go Tri­bune obtained a Min­neso­ta state death record filed in Olm­st­ed Coun­ty that says Smith com­mit­ted sui­cide in a hotel near the Mayo Clin­ic at 1:17 p.m. on Sun­day, May 14. He was found with a bag over his head with a source of heli­um attached. A med­ical exam­in­er’s report gives the same account, with­out spec­i­fy­ing the time, and a report from Rochester police fur­ther details his sui­cide.

    In the note recov­ered by police, Smith apol­o­gized to author­i­ties and said that “NO FOUL PLAY WHATSOEVER” was involved in his death. He wrote that he was tak­ing his own life because of a “RECENT BAD TURN IN HEALTH SINCE JANUARY, 2017” and tim­ing relat­ed “TO LIFE INSURANCE OF $5 MILLION EXPIRING.”

    One of Smith’s for­mer employ­ees told the Tri­bune he thought the elder­ly man had gone to the famed clin­ic to be treat­ed for a heart con­di­tion. Mayo spokes­woman Gin­ger Plumbo said Thurs­day she could not con­firm Smith had been a patient, cit­ing med­ical pri­va­cy laws.

    The Jour­nal sto­ries said it was on Labor Day week­end in 2016 that Smith had assem­bled a team to acquire emails the team the­o­rized might have been stolen from the pri­vate serv­er Clin­ton had used while sec­re­tary of state. Smith’s focus was the more than 30,000 emails Clin­ton said she delet­ed because they relat­ed to per­son­al mat­ters. A huge cache of oth­er Clin­ton emails were made pub­lic.

    Smith told the Jour­nal he believed the miss­ing emails might have had been obtained by Russ­ian hack­ers. He also said he thought the cor­re­spon­dence relat­ed to Clin­ton’s offi­cial duties. He told the Jour­nal he worked inde­pen­dent­ly and was not part of the Trump cam­paign. He also told the Jour­nal he and his team found five groups of hack­ers — two of them Russ­ian groups — who claimed to have Clin­ton’s miss­ing emails.

    Smith had a his­to­ry of doing oppo­si­tion research, the for­mal term for unflat­ter­ing infor­ma­tion that polit­i­cal oper­a­tives dig up about rival can­di­dates.

    For years, Demo­c­ra­t­ic Pres­i­dent Bill Clin­ton was Smith’s tar­get. The wealthy busi­ness­man had a hand in expos­ing the “Troop­er­gate” alle­ga­tions about Bill Clin­ton’s sex life. And he dis­cussed financ­ing a probe of a 1969 trip Bill Clin­ton had tak­en while in col­lege to the Sovi­et Union, accord­ing to Salon mag­a­zine.

    Inves­ti­ga­tions into any pos­si­ble links between the Russ­ian gov­ern­ment and peo­ple asso­ci­at­ed with Trump’s pres­i­den­tial cam­paign now are under­way in Con­gress and by for­mer FBI chief Robert Mueller. He is act­ing as a spe­cial coun­sel for the Depart­ment of Jus­tice. Mueller spokesman Peter Carr declined to com­ment on the Jour­nal’s sto­ries on Smith or his death. Wash­ing­ton attor­ney Robert Kel­ner, who rep­re­sents Fly­nn, had no com­ment on Thurs­day.

    Smith’s death occurred at the Aspen Suites in Rochester, records show. They list the cause of death as “asphyx­i­a­tion due to dis­place­ment of oxy­gen in con­fined space with heli­um.”

    Rochester Police Chief Roger Peter­son on Wednes­day called his man­ner of death “unusu­al,” but a funer­al home work­er said he’d seen it before.

    An employ­ee with Rochester Cre­ma­tion Ser­vices, the funer­al home that respond­ed to the hotel, said he helped remove Smith’s body from his room and recalled see­ing a tank.

    The employ­ee, who spoke on the con­di­tion he not be iden­ti­fied because of the sen­si­tive nature of Smith’s death, described the tank as being sim­i­lar in size to a propane tank on a gas grill. He did not recall see­ing a bag that Smith would have placed over his head. He said the coro­ner and police were there and that he “did­n’t do a lot of look­ing around.”

    “When I got there and saw the tank, I thought, ‘I’ve seen this before,’ and was able to put two and two togeth­er,” the employ­ee said.

    An autop­sy was con­duct­ed, accord­ing to the death record. The South­ern Min­neso­ta Region­al Med­ical Exam­in­er’s Office declined a Tri­bune request for the autop­sy report and released lim­it­ed infor­ma­tion about Smith’s death.

    The Final Exit Net­work, a Flori­da-based non­prof­it, pro­vides infor­ma­tion and sup­port to peo­ple who suf­fer from a ter­mi­nal ill­ness and want to kill them­selves.

    Fran Schindler, a vol­un­teer with the group, not­ed that the best-sell­ing book Final Exit, writ­ten by Derek Humphry in 1991 and revised sev­er­al times since, explains in detail the heli­um gas method.

    “Many peo­ple obtain that infor­ma­tion from his book,” Schindler said. “It’s a method that has been around for many years and is well known.”

    ...

    A pri­vate fam­i­ly memo­r­i­al was planned, the obit­u­ary said. Friends post­ed online trib­utes to Smith after his death. One was from his for­mer employ­ee, Jonathan Safron, 26, who lives in Chicago’s Loop and worked for Smith for about two years.

    Safron, in an inter­view, said he was work­ing for a tutor­ing firm when Smith became his client. His job entailed teach­ing Smith how to use a Mac­Book, Safron said. At the time Smith was liv­ing in a con­do­mini­um atop the Four Sea­sons Hotel Chica­go. Safron said Smith lat­er employed him at Cor­po­rate Ven­ture Alliances, a pri­vate invest­ment firm that Smith ran, first out of the same con­do and lat­er from an office in the Han­cock Build­ing.

    Safron, who said he had a low-lev­el job with the Illi­nois Repub­li­can Par­ty in 2014, said he had no knowl­edge of Smith’s bid to find hack­ers who could locate emails miss­ing from Clin­ton’s ser­vice as sec­re­tary of state. In his online trib­ute to his for­mer employ­er, he called Smith the “best boss I could ever ask for ... a men­tor, friend and mod­el human being.”

    Safron said he worked part-time for Smith, putting in about 15 hours a week. But the two grew close, often hav­ing lunch togeth­er at a favorite Smith spot: the Oak Tree Restau­rant & Bak­ery Chica­go on North Michi­gan Ave. He called Smith a seri­ous man who was “upbeat,” “cos­mopoli­tan” and “larg­er than life.” He was aware Smith was in declin­ing health, say­ing the old­er man some­times had dif­fi­cul­ty breath­ing and told work col­leagues he had heart prob­lems. Weeks before he took his life, he had become fatigued walk­ing down about four or five flights of stairs dur­ing a Han­cock Build­ing fire drill and lat­er emailed Safron say­ing he was “dizzy,” he said.

    ...

    ———-

    “Peter W. Smith, GOP oper­a­tive who sought Clin­ton’s emails from Russ­ian hack­ers, com­mit­ted sui­cide, records show” by Kather­ine Ski­ba, David Heinz­mann and Todd Lighty; The Chica­go Tri­bune; 07/13/2017

    How­ev­er, the Chica­go Tri­bune obtained a Min­neso­ta state death record filed in Olm­st­ed Coun­ty that says Smith com­mit­ted sui­cide in a hotel near the Mayo Clin­ic at 1:17 p.m. on Sun­day, May 14. He was found with a bag over his head with a source of heli­um attached. A med­ical exam­in­er’s report gives the same account, with­out spec­i­fy­ing the time, and a report from Rochester police fur­ther details his sui­cide.”

    Despite the block­buster nature of the inter­views Smith gave, the fact that he was 81 years old pre­clud­ed any sort of mys­te­ri­ous­ness about the guy’s death just days after giv­ing those inter­views to the Wall Street Jour­nal. Death hap­pens. And to Smith’s cred­it, that was one hell of a part­ing shot, although giv­en the explo­sive nature of his sto­ry it’s still unclear who he was aim­ing for with that part­ing shot.

    For­tu­nate­ly, Politi­co just put out an arti­cle with some high­ly sig­nif­i­cant infor­ma­tion about Smith’s oper­a­tion that gives us a hint about why Smith chose to the inter­view at that point in time. The arti­cle is about the ‘Alt-Right’ net­work Smith’s oper­a­tion teamed up with in their quest to find Hillary’s emails. Specif­i­cal­ly, Charles C. John­son, the far-right troll who runs the Got­News web­site and one of his part­ners. But that’s not all. Smith also report­ed­ly reached out to “Guc­cifer 2.0”, the hack­er per­sona who rep­re­sents the pub­lic face of who­ev­er did the DNC hacks, and Guc­cifer told Smith to con­tact a “White nation­al­ist hack­er in Ukraine”, which is almost cer­tain­ly a ref­er­ence to Andrew “the weev” Auern­heimer who already is sus­pect­ed of car­ry­ing out the “Macron hacks” and try­ing to make it look like Rus­sia did it.

    Not only that, but John­son explic­it­ly told Smith to con­tact Auer­heimer too. John­son also notes how he actu­al­ly worked with Auer­heimer in the past and talks about how there’s a hid­den net­work of right-wing oppo­si­tion researchers that he’s in con­tact with and he let them know about Smith’s efforts. Don’t for­get that ne of the rea­sons Auern­heimer is sus­pect­ed of the Macron hacks is due to fact that the hacked doc­u­ments first showed up anony­mous­ly on 4chan and peo­ple start­ed leav­ing com­ments like “Weev… you’re doing the lord’s work”. So that’s a pret­ty big rev­e­la­tion.

    Of course, this is all based on the accounts of peo­ple like Charles John­son, so it has to be tak­en with a grain of salt. But as we’ve seen with the recent high­ly self-incrim­i­nat­ing email dump by Don­ald Trump, Jr., as the inves­ti­ga­tions into the 2016 hack­ings unfold­ed there might be sit­u­a­tions where the key play­ers decide to get ahead of the news by spilling what they know. Espe­cial­ly if they thing the news is about to come out any­way from a dif­fer­ent source. And that brings us to the clue left in the Politi­co arti­cle about why Smith may have cho­sen to give that inter­view when he did. First, note the com­ments from Johnathan Safron, Smith’s young assis­tant, in the above arti­cle where Safron states how he knew noth­ing about Smith’s attempts to track down Hillary’s emails:

    ...
    Safron, who said he had a low-lev­el job with the Illi­nois Repub­li­can Par­ty in 2014, said he had no knowl­edge of Smith’s bid to find hack­ers who could locate emails miss­ing from Clin­ton’s ser­vice as sec­re­tary of state. In his online trib­ute to his for­mer employ­er, he called Smith the “best boss I could ever ask for ... a men­tor, friend and mod­el human being.”
    ...

    Well, Safron is inter­view in the Politi­co arti­cle as well. As in that arti­cle Safron talks about how he was­n’t involved in Smith’s efforts but he was copied on the emails. And it was Safron’s dis­cov­ery that Shane Har­ris, the Wall Street Jour­nal jour­nal­ist who did the inter­view with Smith, was view Safron’s LinkedIn pro­file (you can see who views your pro­file on LinkedIn, which seems like a hor­ri­ble fea­ture, but oh well). It was after Safron told Smith about this that Smith grant­ed Har­ris the inter­view, sug­gest­ing the Smith was will­ing to talk sim­ply to get ahead of a huge sto­ry that he was at the cen­ter of and sus­pect­ed a jour­nal­ist was now dis­cov­er­ing.

    As we can see, it’s a pret­ty impor­tant arti­cle in terms of under­stand­ing what Smith, and poten­tial­ly the Trump team, was up to and why Smith may have decid­ed to grant the inter­view in the first. And it’s a YUUUGE arti­cle if it’s true that “Guc­cifer 2.0” AND direct­ed Smith towards “the weev”:

    Politi­co

    GOP Researcher Who Sought Clin­ton Emails Had Alt-Right Help

    Peter Smith’s quixot­ic effort to obtain Hillary Clinton’s delet­ed emails from Russ­ian hack­ers got a boost from a pro-Trump activist with White House ties.

    By Ben Schreckinger

    July 11, 2017

    The saga of Peter Smith’s quest to obtain 33,000 emails delet­ed by Hillary Clinton—an effort now at the cen­ter of intrigue swirling around the Don­ald Trump campaign’s ties to Russia—keeps get­ting weird­er.

    In his Hail Mary bid to tip the elec­tion to Trump, the Repub­li­can pri­vate equi­ty exec­u­tive enlist­ed two con­tro­ver­sial alt-right activists to help him under­stand the work­ings of the inter­net and make con­tacts in Trump’s orbit, accord­ing to inter­views with those involved and emails obtained by Politi­co.

    The activists, the jour­nal­ist-turned-entre­pre­neur Charles John­son and his for­mer busi­ness part­ner Pax Dick­in­son, agreed to help Smith’s quixot­ic mis­sion, which failed to track down copies of Clinton’s emails. John­son is a polar­iz­ing fig­ure who was banned from Twit­ter in 2015 after pro­mot­ing an effort to “take out” a Black Lives Mat­ter activist but main­tains ties to White House offi­cials. Smith also reached out to “Guc­cifer 2.0”—an alias the U.S. intel­li­gence com­mu­ni­ty has linked to Russ­ian state hackers—and was advised to seek the help of a white nation­al­ist hack­er who lives in Ukraine.

    Smith’s doomed effort, which brought him into con­tact with hack­ers he believed were tied to the Krem­lin and was first report­ed last month by the Wall Street Jour­nal, has emerged as a top­ic of intense inter­est as inves­ti­ga­tors probe ties between the Trump cam­paign and Rus­sia. Under­stand­ing Smith’s rela­tion­ships could hold the key to the ques­tion of whether or not Trump’s cam­paign col­lud­ed with the Krem­lin: Fed­er­al inves­ti­ga­tors are prob­ing an appar­ent attempt by Russ­ian gov­ern­ment hack­ers to obtain the delet­ed emails and pro­vide them to for­mer nation­al secu­ri­ty advis­er Michael Fly­nn through a third par­ty, the Jour­nal also report­ed. The paper was unable to iden­ti­fy the Rus­sians’ intend­ed inter­me­di­ary but sug­gest­ed it may have been Smith, who had boast­ed of his ties to Fly­nn.

    The new details of Smith’s oper­a­tion, which were shared with Politi­co Mag­a­zine by John­son and oth­ers, paint a pic­ture of a deter­mined but ill-equipped activist cast­ing about far and wide in a fran­tic but ulti­mate­ly futile quest to get ahold of Clinton’s delet­ed emails and pub­lish them ahead of Elec­tion Day. As the ail­ing octo­ge­nar­i­an was deal­ing with sophis­ti­cat­ed hack­ers and nav­i­gat­ing the dark­est cor­ners of the inter­net, for instance, he was being tutored in the use of basic com­put­er tech­nol­o­gy.

    The details also illus­trate the daunt­ing task before inves­ti­ga­tors should they seek to exam­ine the wide-rang­ing cast of col­or­ful con­tacts Smith enlist­ed in his effort and the some­times blur­ry lines between Trump’s lean, unortho­dox cam­paign and the out­side activists work­ing to help it.

    In a recruit­ing doc­u­ment used for the effort, Smith—who died in May at age 81—listed the names of sev­er­al senior Trump aides, includ­ing Fly­nn, for­mer Bre­it­bart chair­man Steve Ban­non, Kellyanne Con­way and cam­paign chair­man Sam Clo­vis, the Jour­nal report­ed.

    Jonathan Safron, a for­mer assis­tant to Smith in Chica­go, said that Smith also spoke to him of know­ing Clo­vis, who was a well-known con­ser­v­a­tive activist in near­by Iowa before becom­ing co-chair­man of Trump’s cam­paign, and that he had seen Smith email Clo­vis about mat­ters unre­lat­ed to Clinton’s emails. Safron said he does not know whether Clo­vis, who did not respond to requests for com­ment, ever replied.

    ***

    Smith, a for­mer chair­man of the Col­lege Repub­li­cans, had been pur­su­ing free­lance polit­i­cal adven­tures for years. In the 1990s, he was a chief pro­mot­er of sto­ries dam­ag­ing to Bill Clin­ton, work­ing in the same small cir­cle as Conway’s hus­band, George, to air alle­ga­tions of sex­u­al mis­con­duct against the then-pres­i­dent, accord­ing to a 1999 Newsweek arti­cle.

    John­son, a for­mer Bre­it­bart reporter, said he first encoun­tered the Chicagoan around 2013 when the two col­lab­o­rat­ed on oppo­si­tion research about Barack Oba­ma.

    In the fall of 2015, Smith pro­mot­ed Illi­nois Rep. Peter Roskam’s ambi­tions to suc­ceed John Boehn­er as speak­er of the House, and John­son helped to side­line one of Roskam’s poten­tial rivals for the posi­tion, Major­i­ty Leader Kevin McCarthy.

    Iron­i­cal­ly, some of Smith’s emails relat­ed to the speaker’s race were released in a dump by D.C. Leaks, an out­let that, accord­ing to cyber­se­cu­ri­ty experts, was estab­lished to pub­lish emails stolen by Russ­ian hack­ers. In one leaked email from Octo­ber 8, 2015, Smith wrote to Illi­nois’ Repub­li­can Nation­al Com­mit­tee­man Rich Porter that he had just dis­cussed the speaker’s race with Bre­it­bart reporter Matt Boyle, now the outlet’s Wash­ing­ton bureau chief.

    In anoth­er leaked email, Smith for­ward­ed a link to a sto­ry from Got­News, a web­site found­ed by John­son, accus­ing McCarthy of car­ry­ing on an affair with North Car­oli­na Rep. Renee Ellmers. The leak also includes an email in which John­son pro­vid­ed Smith with Boyle’s con­tact infor­ma­tion. Boyle and oth­ers at Bre­it­bart aggres­sive­ly cov­ered the alleged affair, and McCarthy with­drew from the speaker’s race. (Boyle referred ques­tions to Bre­it­bart spokesman Chad Wilkin­son, who declined to com­ment. Porter—who worked with Smith and George Con­way to pro­mote Clin­ton sex scan­dals back in the ’90s—did not respond to requests for com­ment.)

    John­son said he and Smith stayed in touch, dis­cussing “tac­tics and research” reg­u­lar­ly through­out the pres­i­den­tial cam­paign, and that Smith sought his help track­ing down Clinton’s emails. “He want­ed me to intro­duce to him to Ban­non, to a few oth­ers, and I sort of demurred on some of that,” John­son said. “I didn’t think his oper­a­tion was as sophis­ti­cat­ed as it need­ed to be, and I thought it was good to keep the cam­paign as insu­lat­ed as pos­si­ble.”

    Instead, John­son said, he put the word out to a “hid­den oppo net­work” of right-lean­ing oppo­si­tion researchers to noti­fy them of the effort. John­son declined to pro­vide the names of any of the mem­bers of this “net­work,” but he praised Smith’s ambi­tion.

    “The mag­ni­tude of what he was try­ing to do was kind of impres­sive,” John­son said. “He had peo­ple run­ning around Europe, had peo­ple talk­ing to Guc­cifer.” (U.S. intel­li­gence agen­cies have linked the mate­ri­als pro­vid­ed by “Guc­cifer 2.0”—an alias that has tak­en cred­it for hack­ing the Demo­c­ra­t­ic Nation­al Com­mit­tee and com­mu­ni­cat­ed with Repub­li­can oper­a­tives, includ­ing Trump con­fi­dant Roger Stone—to Russ­ian gov­ern­ment hack­ers.)

    John­son said he also sug­gest­ed that Smith get in touch with Andrew Auern­heimer, a hack­er who goes by the alias “Weev” and has col­lab­o­rat­ed with John­son in the past. Auernheimer—who was released from fed­er­al prison in 2014 after hav­ing a con­vic­tion for fraud and hack­ing offens­es vacat­ed and sub­se­quent­ly moved to Ukraine—declined to say whether Smith con­tact­ed him, cit­ing con­di­tions of his employ­ment that bar him from speak­ing to the press.

    At the same time John­son was work­ing with Smith, he was pro­mot­ing oth­er ini­tia­tives aimed at elect­ing Trump. In Octo­ber, Johnson’s crowd­fund­ing web­site, WeSearchr, raised $10,000 to send Kathy Shelton—an Arkansas woman who was raped in 1975 by a man who was rep­re­sent­ed at tri­al by a young Hillary Clinton—to the sec­ond pres­i­den­tial debate in St. Louis. In the hours before the debate, Trump host­ed a news con­fer­ence with Shel­ton and women who had accused Bill Clin­ton of sex­u­al assault, and at the debate Trump’s cam­paign attempt­ed to seat the women in the sec­tion reserved for the candidate’s fam­i­ly.

    Safron, who worked as an assis­tant to Smith at the time, said that Johnson—who met with Smith in Chica­go before Smith died—had been seek­ing invest­ment cap­i­tal from Smith for WeSearchr. John­son said he dis­cussed an invest­ment with Smith but that he “didn’t need or want his cap­i­tal.”

    Smith also reached out to Matt Tait, a cyber­se­cu­ri­ty expert and for­mer UK intel­li­gence offi­cial, who served as a source for the Jour­nal’s report­ing. Tait recount­ed his con­ver­sa­tions with the Repub­li­can activist in a recent blog post for the legal affairs web­site Law­fare, writ­ing that Smith want­ed help vet­ting a “dark web” con­tact who claimed to be in pos­ses­sion of Clinton’s miss­ing emails. Accord­ing to Tait, Smith seemed uncon­cerned about the pos­si­bil­i­ty that by help­ing pub­lish such emails, he could be aid­ing a Russ­ian intel­li­gence oper­a­tion. Tait declined to com­ment for this arti­cle, say­ing he has recent­ly been con­tact­ed “by a num­ber of con­gres­sion­al and oth­er inves­ti­ga­tors.”

    ...

    In an email chain from Octo­ber obtained by Politi­co, Smith sought the advice of a tech-savvy busi­ness asso­ciate about con­cerns that Wik­iLeaks had been attacked by hack­ers. In the email, the asso­ciate, Roy­al O’Brien, a Jack­sonville-based pro­gram­mer Smith described as a dark web expert, advised Smith about the use of PGP keys for encryp­tion and opined that any­one who launched an attack on Wik­iLeaks would like­ly face stiff blow­back from the group’s web-savvy sup­port­ers.

    Accord­ing to the Jour­nal, Smith had been advis­ing hack­ing groups claim­ing to have Clinton’s emails to turn them over to Wik­iLeaks. The next month, Smith assert­ed on his per­son­al blog that “Wik­iLeaks has report­ed that they received the Clin­ton emails nine months ago, but have not released them. These emails were wide­ly avail­able.” It is not clear what led Smith to assert that Wik­iLeaks pos­sessed the miss­ing emails.

    “Wik­iLeaks does not keep news­wor­thy infor­ma­tion from the pub­lic,” said a rep­re­sen­ta­tive of the group in response to a ques­tion about Smith’s asser­tion. “Pub­li­ca­tion tim­ing is influ­enced by work­load, research, pre­sen­ta­tion and ver­i­fi­ca­tion require­ments as well as inten­si­ty of pub­lic inter­est.” The group declined to say whether it had con­tact with Smith, cit­ing a pol­i­cy of not dis­clos­ing its sources.

    O’Brien con­firmed that Smith sought his advice on tech­ni­cal mat­ters from time to time, includ­ing on the fea­si­bil­i­ty of obtain­ing Clinton’s delet­ed emails. “I told him that if they have access to the orig­i­nal hard­ware, any­thing is acces­si­ble,” O’Brien recount­ed. “That’s basic foren­sics.”

    Also copied on the Octo­ber email chain is Dick­in­son, an alt-right activist who was Johnson’s part­ner at WeSearchr until the pair had a falling out this May. Dick­in­son said he par­tic­i­pat­ed in Smith’s efforts to obtain Clinton’s emails but declined to dis­cuss the mat­ter fur­ther, cit­ing a dis­taste for reporters and “fake news.” Instead, Dick­in­son, who lost his job as the chief tech­nol­o­gy offi­cer at Busi­ness Insid­er in 2013 over offen­sive social media posts and recent­ly launched an alt-right crowd-fund­ing plat­form called Counter.Fund that is gov­erned by a “High Coun­cil” and a “House of Lords,” said he intend­ed to share his sto­ry with the con­spir­a­cy the­o­rist Alex Jones.

    ***

    At the same time Smith was learn­ing to nav­i­gate the deep­est reach­es of the web, he was also strug­gling to over­come fail­ing health and to mas­ter more rudi­men­ta­ry tech­nol­o­gy.

    Safron, who grad­u­at­ed from col­lege in 2013 and has also done work for the Illi­nois Repub­li­can Par­ty, said he had been hired by Smith through a tutor­ing ser­vice in 2015 for help using com­put­ers. Safron said he taught Smith, who had trou­ble typ­ing, to use dic­ta­tion soft­ware, and that he helped the aging exec­u­tive make con­nec­tions on the pro­fes­sion­al net­work­ing web­site LinkedIn. Safron said that he was not active­ly involved in Smith’s elec­tion-relat­ed efforts, though he was copied on emails relat­ed to those efforts.

    John­son, O’Brien and Safron all said they have not heard from gov­ern­ment inves­ti­ga­tors about the mat­ter.

    Safron said that he noticed that Jour­nal reporter Shane Har­ris had viewed his LinkedIn pro­file this spring and that he noti­fied Smith, who grant­ed Har­ris an inter­view in May, 10 days before he died. Nei­ther his fam­i­ly nor local offi­cials have revealed the cause of Smith’s death, but Safron said he had noticed his boss’ health wan­ing in his final months.

    Safron’s social media pro­files still link to an old Twit­ter han­dle, @JSaf17. Safron said he delet­ed the account sev­er­al years ago. But in March, the han­dle was reused to cre­ate a new account, which has tweet­ed only once—in Russ­ian.

    ———-

    “GOP Researcher Who Sought Clin­ton Emails Had Alt-Right Help” by Ben Schreckinger; Politi­co; 07/11/2017

    “The activists, the jour­nal­ist-turned-entre­pre­neur Charles John­son and his for­mer busi­ness part­ner Pax Dick­in­son, agreed to help Smith’s quixot­ic mis­sion, which failed to track down copies of Clinton’s emails. John­son is a polar­iz­ing fig­ure who was banned from Twit­ter in 2015 after pro­mot­ing an effort to “take out” a Black Lives Mat­ter activist but main­tains ties to White House offi­cials. Smith also reached out to “Guc­cifer 2.0”—an alias the U.S. intel­li­gence com­mu­ni­ty has linked to Russ­ian state hackers—and was advised to seek the help of a white nation­al­ist hack­er who lives in Ukraine.”

    “Seek the help of a white nation­al­ist hack­er who lives in Ukraine.” That’s the advice “Guc­cifer 2.0” appar­ent­ly gave to Smith and unless there’s anoth­er promi­nent white nation­al­ist hack­er in Ukraine that he was refer­ring to that was almost cer­tain­ly a ref­er­ence to Andrew Auern­heimer. Espe­cial­ly since that’s the explic­it advice Charles John­son also gave to Smith:

    ...
    John­son said he and Smith stayed in touch, dis­cussing “tac­tics and research” reg­u­lar­ly through­out the pres­i­den­tial cam­paign, and that Smith sought his help track­ing down Clinton’s emails. “He want­ed me to intro­duce to him to Ban­non, to a few oth­ers, and I sort of demurred on some of that,” John­son said. “I didn’t think his oper­a­tion was as sophis­ti­cat­ed as it need­ed to be, and I thought it was good to keep the cam­paign as insu­lat­ed as pos­si­ble.”

    Instead, John­son said, he put the word out to a “hid­den oppo net­work” of right-lean­ing oppo­si­tion researchers to noti­fy them of the effort. John­son declined to pro­vide the names of any of the mem­bers of this “net­work,” but he praised Smith’s ambi­tion.

    “The mag­ni­tude of what he was try­ing to do was kind of impres­sive,” John­son said. “He had peo­ple run­ning around Europe, had peo­ple talk­ing to Guc­cifer.” (U.S. intel­li­gence agen­cies have linked the mate­ri­als pro­vid­ed by “Guc­cifer 2.0”—an alias that has tak­en cred­it for hack­ing the Demo­c­ra­t­ic Nation­al Com­mit­tee and com­mu­ni­cat­ed with Repub­li­can oper­a­tives, includ­ing Trump con­fi­dant Roger Stone—to Russ­ian gov­ern­ment hack­ers.)

    John­son said he also sug­gest­ed that Smith get in touch with Andrew Auern­heimer, a hack­er who goes by the alias “Weev” and has col­lab­o­rat­ed with John­son in the past. Auernheimer—who was released from fed­er­al prison in 2014 after hav­ing a con­vic­tion for fraud and hack­ing offens­es vacat­ed and sub­se­quent­ly moved to Ukraine—declined to say whether Smith con­tact­ed him, cit­ing con­di­tions of his employ­ment that bar him from speak­ing to the press.
    ...

    Yep, John­son and Auern­heimer are indeed past col­lab­o­ra­tors. And it was­n’t that long ago either. Back in Octo­ber 2015, John­son and Auern­heimer released on teh inter­net videos tak­en by a right-wing ‘jour­nal­ist’, David Dalei­den, of Planned Par­ent­hood employ­ees that were under a tem­po­rary court restrain­ing order. Auern­heimer claimed at the time that he was in Mace­do­nia — an implied he was under the pro­tec­tion of “local mili­tias” should US author­i­ties try to extra­dite him — and also talked about what being a big fan of Charles John­son (that’s right, Auern­heimer claimes he was in Mace­do­nia as of the fall of 2015...recall how Mace­do­nia some­how became the epi­cen­ter of a pro-Trump ‘fake news’ oper­a­tion).

    So we already have very strong evi­dence that Auern­heimer was behind the Macron hacks, which were also spear-phish­ing hacks like the DNC/Podesta hacks, and we know Auern­heimer filled those Macron doc­u­ments with “Russ­ian” fin­ger­prints. And now we learn that Chuck John­son AND “Guc­cifer 2.0” both advised Smith to con­tract Auern­heimer. And while John­son’s friend­ship with Auern­heimer would make him a a like­ly hack­er that John­son might rec­om­mend to Smith, keep in mind that the Macron hacks had­n’t tak­en place at this point so it’s not like Auern­heimer would be an obvi­ous per­son that “Guc­cifer 2.0” might rec­om­mend.

    And then, final­ly, we learn from Johnathan Safron why Peter Smith may have cho­sen that par­tic­u­lar time to give this explo­sive inter­view:

    ...
    Safron, who grad­u­at­ed from col­lege in 2013 and has also done work for the Illi­nois Repub­li­can Par­ty, said he had been hired by Smith through a tutor­ing ser­vice in 2015 for help using com­put­ers. Safron said he taught Smith, who had trou­ble typ­ing, to use dic­ta­tion soft­ware, and that he helped the aging exec­u­tive make con­nec­tions on the pro­fes­sion­al net­work­ing web­site LinkedIn. Safron said that he was not active­ly involved in Smith’s elec­tion-relat­ed efforts, though he was copied on emails relat­ed to those efforts.

    John­son, O’Brien and Safron all said they have not heard from gov­ern­ment inves­ti­ga­tors about the mat­ter.

    Safron said that he noticed that Jour­nal reporter Shane Har­ris had viewed his LinkedIn pro­file this spring and that he noti­fied Smith, who grant­ed Har­ris an inter­view in May, 10 days before he died. Nei­ther his fam­i­ly nor local offi­cials have revealed the cause of Smith’s death, but Safron said he had noticed his boss’ health wan­ing in his final months.
    ...

    And then there’s this very strange twist at the end:

    ...
    Safron’s social media pro­files still link to an old Twit­ter han­dle, @JSaf17. Safron said he delet­ed the account sev­er­al years ago. But in March, the han­dle was reused to cre­ate a new account, which has tweet­ed only once—in Russ­ian.

    That’s some odd sig­nal­ing from Safron. But over­all it looks like Peter Smith may have revealed this oper­a­tion for the sim­ple rea­son that he was pret­ty sure it was going to be revealed any­way. Why not get out ahead of the sto­ry in that sit­u­a­tion, which is exact­ly what he did...without ever men­tion­ing Auern­heimer, Chuck John­son, or a lot of oth­er high­ly rel­e­vant details.

    All in all, while Smith’s age and fail­ing health cer­tain­ly make a health-based sui­cide plau­si­ble, it’s hard to ignore the pos­si­bil­i­ty that maybe it was­n’t sim­ply fail­ing health and a last oppor­tu­ni­ty to share his rather amaz­ing sto­ry with the world before he died. Smith may have done that inter­view because he had to in order to get ahead of the sto­ry that he feared was com­ing out any­way. And then killed him­self 10 days lat­er. So, you know, maybe Smith’s deci­sion to do that inter­view and then make a ‘final exit’ was­n’t just about fail­ing health.

    Posted by Pterrafractyl | July 13, 2017, 6:46 pm
  3. With the num­ber of fig­ures from the Russ­ian del­e­ga­tion grow­ing by the day as we learn more about who attend­ed the June 9th meet­ing between the Trump cam­paign and a del­e­ga­tion of Russ­ian lob­by­ists — Rinat Russ­ian Amer­i­can lob­by­ist , there was a piece at TPM that high­light­ed a poten­tial­ly sig­nif­i­cance fact that could pos­si­bly explain the ‘key­stone spies’ nature of that meet­ing: The June 3rd email from Rob Gold­stone to Don­ald Trump Jr. came just one day after Hillary Clin­ton gave a notable speech charg­ing Don­ald Trump with being over­ly cozy with Vladimir Putin. One day.

    So when you con­sid­er how the com­i­cal­ly over-the-top nature of Gold­stone’s email strikes many as as Russ­ian gov­ern­ment casu­al fish­ing expe­di­tion to just test the waters and see if the Trump cam­paign would be open to Russ­ian gov­ern­ment help, keep in mind that one pos­si­ble rea­son for that over-the-top lan­guage could have been to sim­ply send a sig­nal to the Trump cam­paign “Hey, the Russ­ian gov­ern­ment likes you...if the Clin­tons start mak­ing a big deal about your ties to Rus­sia just keep in mind that we total­ly like you way more than her. Be nice.” And it would have been a sig­nal sent even had the Trump cam­paign done what it should have done and blown off the over-the-top invi­ta­tion.

    Anoth­er pos­si­bil­i­ty is that the Krem­lin also has kom­pro­mat in Trump — seems extreme­ly pos­si­ble — and the pur­pose of the email was also intend­ed to remind Trump of that, but in a very indi­rect way. A sig­nal like, “hey, we got dirt on you, don’t let Hillary force you into an anti-Russ­ian stance”. And it’s also pos­si­ble that Gold­stone’s email was intend­ed to both be friend­ly and a warn­ing.

    In oth­er worlds, the pur­pose of Gold­stone’s ini­tial email could have sim­ply been to send a sig­nal of “we like you guys, please be nice and don’t go all anti-Russ­ian to fend on Hillary’s crit­i­cisms (and you’ll regret it if you do)” that was intend­ed to be so over-the-top that the Trump cam­paign would have the good sense of not tak­ing them up on their offer. That way, the Trump cam­paign and Russ­ian gov­ern­ment would­n’t find them­selves in exact­ly the sit­u­a­tion they find them­selves in today. But then the Trump cam­paign took them up on their over-the-top offer and the meet­ing had to hap­pen.

    Don’t for­get, if we assume the Russ­ian lob­by­ists real­ly were rep­re­sent­ing the Krem­lin, by arrang­ing for this meet­ing and actu­al­ly going through with it the Russ­ian gov­ern­ment was tak­ing a pret­ty big risk. There was no guar­an­tee that the meet­ing would­n’t have been exposed some­how dur­ing the cam­paign. which could have been inflict­ed mas­sive dam­age to Trump’s chances. And as the fol­low­ing TPM piece point out, the June 9th meet­ing took place just days before “Guc­cifer 2.0” start­ed talk­ing to the world and just a day after the DCLeaks web­site that Guc­cifer 2.0 used to dis­sem­i­nate the hacked mate­ri­als made its first tweet to the world. So if the Russ­ian gov­ern­ment real­ly was behind “Guc­cifer 2.0”, that June 9th meet­ing, it was engag­ing in remark­ably risky behav­ior that was putting the chances of a Trump vic­to­ry sig­nif­i­cant at risk. What if US intel­li­gence agen­cies were track­ing the move­ments of Natalia Vesel­nit­skaya? Or Rinat Akhmetshin, the Russ­ian Amer­i­can lob­by­ist sus­pect­ed of GRU ties who we recent­ly learned also attend­ed the meet­ing? Hav­ing sus­pect­ed Russ­ian intel­li­gence cut outs meet­ing with the Krem­lin’s pre­ferred can­di­date’s top cam­paign staff at Trump Tow­er days before your hack­er per­sona starts talk­ing to the world (while leav­ing all sort of hints of being a Russ­ian) is some pret­ty cav­a­lier spy­craft. At the same time, if this whole meet­ing emerged from email that was intend­ed to send a sig­nal, but also intend­ed to be rebuffed, the June 9th meet­ing sort of makes sense as some­thing the Krem­lin would have want­ed to avoid but could­n’t avoid because the Trump cam­paign was too venal and cor­rupt to do the sane thing and just accept the friend­ly sig­nal:

    Talk­ing Points Memo
    Muck­rak­er

    Don Jr. Meet­ing Came At A Sem­i­nal Moment In Russ­ian Inter­fer­ence Sto­ry

    By Alle­gra Kirk­land
    Pub­lished July 14, 2017 4:43 pm

    Pres­i­dent Don­ald Trump and his team are cast­ing it as absurd­ly con­spir­a­to­r­i­al to sug­gest there was any­thing odd about his old­est son accept­ing a meet­ing with a Krem­lin-linked lawyer last June, not­ing that Rus­sia was not a major cam­paign issue at the time.

    But a close look at the time­line sug­gests that Don­ald Trump, Jr. took a meet­ing billed as an oppor­tu­ni­ty to learn infor­ma­tion obtained as “part of Rus­sia and its government’s sup­port for Mr. Trump” at a moment when his father was tak­ing heat from his oppo­nent for his sun­ny view of Russ­ian Pres­i­dent Vladimir Putin, and short­ly before the Kremlin’s dis­in­for­ma­tion and tar­get­ed leak­ing cam­paign against the Democ­rats began in earnest.

    “You have to under­stand, when that took place, this was before Rus­sia fever,” Trump told Reuters on Wednes­day. “There was no Rus­sia fever back then, that was at the begin­ning of the cam­paign, more or less.”

    Trump Jr. took a sim­i­lar tack on Tues­day when he took the sur­prise step of releas­ing the email chain lead­ing up to his June 2016 meet­ing with a woman described to him as a “Russ­ian gov­ern­ment lawyer” who was said to have “infor­ma­tion that would incrim­i­nate Hillary” Clin­ton. “To put this in con­text, this occurred before the cur­rent Russ­ian fever was in vogue,” Trump Jr. said in a state­ment accom­pa­ny­ing the email release.

    This ver­sion of events does not tell the whole sto­ry. The cam­paign had already been under­way for a year, and the news was full of arti­cles about Trump’s “bro­mance” with Putin pri­or to the Trump Tow­er meet­ing between Trump Jr., his broth­er-in-law Jared Kush­n­er, then-cam­paign chair­man Paul Man­afort, Russ­ian lawyer Natalia Vesel­nit­skaya, and lob­by­ist Rinat Akhmetshin. Head­lines declared that Putin had ordered state-owned U.S. media out­lets like RT to pro­mote Trump’s can­di­da­cy and tear down Clinton’s, and ques­tions swirled about Trump advis­ers’ busi­ness con­nec­tions in Rus­sia.

    On June 2, 2016 Clin­ton gave her first major speech on nation­al security—in effect, a speech about Trump. The pre­sump­tive Demo­c­ra­t­ic nom­i­nee repeat­ed­ly invoked Trump’s bond with Russia’s leader, accus­ing him of prais­ing “dic­ta­tors like Vladimir Putin” and hav­ing a “bizarre fas­ci­na­tion with dic­ta­tors and strong­men who have no love for Amer­i­ca.”

    “He said if he were grad­ing Vladimir Putin as a leader, he’d give him an A,” Clin­ton told the San Diego, Cal­i­for­nia crowd of Trump, warn­ing that such an unsavvy stance would allow a leader like Putin to “eat your lunch.”

    The very next day, Rob Gold­stone, a British pub­li­cist and fam­i­ly friend of the Trumps, first con­tact­ed Trump Jr. about the “very inter­est­ing” infor­ma­tion a client of his had on Clin­ton.

    ...

    While Gold­stone and Trump Jr. worked out the details of the meet­ing in a series of back-and-forth emails, then-can­di­date Trump hint­ed at a June 7 cam­paign ral­ly that he would soon give a “major speech” about Clin­ton.

    “I am going to give a major speech on prob­a­bly Mon­day of next week, and we’re going to be dis­cussing all of the things that have tak­en place with the Clin­tons,” Trump said at the time, promis­ing infor­ma­tion on their “cor­rupt deal­ings” to give “favor­able treat­ment” to “the Rus­sians” and oth­er for­eign gov­ern­ments. “I think you’re going to find it very infor­ma­tive and very, very inter­est­ing.”

    At the same time, the appa­ra­tus for pub­lish­ing stolen emails and doc­u­ments involv­ing Demo­c­ra­t­ic Par­ty lead­ers and operatives—later deter­mined to have been hacked by Russ­ian operatives—was being put into place. On June 8, DC Leaks, a site estab­lished to pub­lish some of the stolen doc­u­ments, post­ed its first tweet.

    The Trump Tow­er meet­ing between Trump Jr., the cam­paign asso­ciates and the Rus­sians came on June 9; both sides have said it was incon­se­quen­tial, with Trump Jr. insist­ing he did not receive the dam­ag­ing infor­ma­tion he came for and the Russ­ian par­tic­i­pants claim­ing the con­ver­sa­tion focused only on a defunct pro­gram enabling the adop­tion of Russ­ian chil­dren by Amer­i­cans.

    Wik­iLeaks founder Julian Assange, a long­time Clin­ton crit­ic, hint­ed in a June 12 inter­view that his site had a “very big year ahead,” promis­ing the immi­nent release of emails “relat­ed to Hillary Clin­ton.”

    Those emails wouldn’t drop until just before the Demo­c­ra­t­ic Nation­al Con­ven­tion in late July, but the pub­lic learned about the DNC breach at around this time via a June 14 Wash­ing­ton Post arti­cle that attrib­uted it to hack­ers work­ing on behalf of the Russ­ian gov­ern­ment. “Guc­cifer 2.0,” lat­er deter­mined by com­put­er experts and U.S. offi­cials to be a per­sona invent­ed by Russ­ian intel­li­gence offi­cials, began con­tact­ing U.S. news sites to claim cred­it for the hack and to offer stolen Demo­c­ra­t­ic Par­ty doc­u­ments.

    Putin praised Trump as a “bright” per­son at the Russ­ian Eco­nom­ic Forum in St. Peters­burg on June 17.

    Amid this back­ground and oth­er major news events, Trump delayed his promised “major speech” on Clin­ton. After post­pon­ing it to account for the mass shoot­ing at Pulse, a gay night­club in Orlan­do, Flori­da, Trump promised in a June 21 tweet that a “big speech” about Clin­ton would come the next day.

    From a stage in New York, Trump held forth about Clinton’s han­dling of the Beng­hazi attacks, her sup­port for free trade and her “tem­pera­ment.” None of these crit­i­cisms were new, but Trump added what would lat­er seem a pre­scient warn­ing: emails Clin­ton delet­ed from her pri­vate serv­er could make her vul­ner­a­ble to “black­mail” from coun­tries hos­tile to the Unit­ed States, he said.

    As Trump cau­tioned, “We can’t hand over our gov­ern­ment to some­one whose deep­est, dark­est secrets may be in the hands of our ene­mies.”

    ———-

    “Don Jr. Meet­ing Came At A Sem­i­nal Moment In Russ­ian Inter­fer­ence Sto­ry” by Alle­gra Kirk­land; Talk­ing Points Memo; 07/14/2017

    “But a close look at the time­line sug­gests that Don­ald Trump, Jr. took a meet­ing billed as an oppor­tu­ni­ty to learn infor­ma­tion obtained as “part of Rus­sia and its government’s sup­port for Mr. Trump” at a moment when his father was tak­ing heat from his oppo­nent for his sun­ny view of Russ­ian Pres­i­dent Vladimir Putin, and short­ly before the Kremlin’s dis­in­for­ma­tion and tar­get­ed leak­ing cam­paign against the Democ­rats began in earnest.”

    The tim­ing is rather remark­able:

    ...
    On June 2, 2016 Clin­ton gave her first major speech on nation­al security—in effect, a speech about Trump. The pre­sump­tive Demo­c­ra­t­ic nom­i­nee repeat­ed­ly invoked Trump’s bond with Russia’s leader, accus­ing him of prais­ing “dic­ta­tors like Vladimir Putin” and hav­ing a “bizarre fas­ci­na­tion with dic­ta­tors and strong­men who have no love for Amer­i­ca.”

    “He said if he were grad­ing Vladimir Putin as a leader, he’d give him an A,” Clin­ton told the San Diego, Cal­i­for­nia crowd of Trump, warn­ing that such an unsavvy stance would allow a leader like Putin to “eat your lunch.”

    The very next day, Rob Gold­stone, a British pub­li­cist and fam­i­ly friend of the Trumps, first con­tact­ed Trump Jr. about the “very inter­est­ing” infor­ma­tion a client of his had on Clin­ton.
    ...

    And then, in the fol­low­ing days, we get Trump hint­ing at a big speech that will charge Hillary of hav­ing ques­tion­able ties to the Krem­lin. The next day, DCLeaks makes its first tweet the world, and the next day there’s the now noto­ri­ous June 9th meet­ing:

    ...
    While Gold­stone and Trump Jr. worked out the details of the meet­ing in a series of back-and-forth emails, then-can­di­date Trump hint­ed at a June 7 cam­paign ral­ly that he would soon give a “major speech” about Clin­ton.

    “I am going to give a major speech on prob­a­bly Mon­day of next week, and we’re going to be dis­cussing all of the things that have tak­en place with the Clin­tons,” Trump said at the time, promis­ing infor­ma­tion on their “cor­rupt deal­ings” to give “favor­able treat­ment” to “the Rus­sians” and oth­er for­eign gov­ern­ments. “I think you’re going to find it very infor­ma­tive and very, very inter­est­ing.”

    At the same time, the appa­ra­tus for pub­lish­ing stolen emails and doc­u­ments involv­ing Demo­c­ra­t­ic Par­ty lead­ers and operatives—later deter­mined to have been hacked by Russ­ian operatives—was being put into place. On June 8, DC Leaks, a site estab­lished to pub­lish some of the stolen doc­u­ments, post­ed its first tweet.

    The Trump Tow­er meet­ing between Trump Jr., the cam­paign asso­ciates and the Rus­sians came on June 9; both sides have said it was incon­se­quen­tial, with Trump Jr. insist­ing he did not receive the dam­ag­ing infor­ma­tion he came for and the Russ­ian par­tic­i­pants claim­ing the con­ver­sa­tion focused only on a defunct pro­gram enabling the adop­tion of Russ­ian chil­dren by Amer­i­cans.
    ...

    And keep in mind that when Trump final­ly that gave speech about Hillary, he did­n’t have any­thing new. It was an actu­al “noth­ing­burg­er”.

    And, int­rig­ing­ly, accord­ing to Sam Bid­dle, one of the first jour­nal­ists Guc­cifer 2.0 reached out to days after that June 9th meet­ing, Guc­cifer 2.0 was pitch­ing all sorts of dif­fer­ent doc­u­ments to Bid­dle from the giant cache of not-yet-released hacked emails. And none of the sto­ries Guc­cifer 2.0 pitched to Bid­dle had any­thing to do with the “Hillary is get­ting dirty mon­ey from Russ­ian oli­garchs” infor­ma­tion that Gold­stone and Vesel­nit­skaya were pitch­ing to Trump, Jr.:

    The Inter­cept

    Just Six Days After Trump Jr.’s Meet­ing, Guc­cifer 2.0 Emailed Me — But There Was One Key Dif­fer­ence

    Sam Bid­dle
    July 14 2017, 12:44 p.m.

    After 39 years of oper­at­ing with­out an appar­ent con­cep­tu­al under­stand­ing of “con­se­quences,” this week Don­ald Trump Jr. tweet­ed out an email thread admit­ting to solic­it­ing the help of the Russ­ian gov­ern­ment in order to dam­age Hillary Clin­ton and aid the fam­i­ly cam­paign. The emails are astound­ing for more than a few rea­sons, par­tic­u­lar­ly because of what came next.

    On June 3, British music pub­li­cist Rob Gold­stone con­tact­ed Don­ald Jr. with an explic­it offer: “Offi­cial doc­u­ments and infor­ma­tion that would incrim­i­nate Hillary and her deal­ings with Rus­sia.” In case Don­ald Jr. was slow on the uptake, Gold­stone made sure to spell out exact­ly what was hap­pen­ing. “This is obvi­ous­ly very high lev­el and sen­si­tive infor­ma­tion but is part of Rus­sia and its government’s sup­port for Mr. Trump,” he offered, as if he were writ­ing his email to make the work of future inves­ti­ga­tors sim­pler. Thus begun an extreme­ly busy cou­ple of weeks. On June 7, as Philip Bump at the Wash­ing­ton Post points out, the elder Trump “pledged that he’d give a major speech the fol­low­ing Mon­day, June 13, ‘dis­cussing all of the things that have tak­en place with the Clin­tons.’” On June 9, a meet­ing between Don­ald Jr., two oth­er mem­bers of the Trump cam­paign, and Russ­ian attor­ney Natalia Vesel­nit­skaya took place in New York, on the basis of the afore­men­tioned “offi­cial doc­u­ments.” The AP also reports that Russ­ian-Amer­i­can lob­by­ist Rinat Akhmetshin was present at the meet­ing, and claims “Vesel­nit­skaya brought with her a plas­tic fold­er with print­ed-out doc­u­ments that detailed what she believed was the flow of illic­it funds to the Demo­c­ra­t­ic Nation­al Com­mit­tee.”

    Don­ald Jr. now says the meet­ing was a dud, and Vesel­nit­skaya didn’t have the goods, but it was inter­est­ing enough that all of the par­tic­i­pants con­ve­nient­ly for­get to men­tion it at any point since then.

    Just six days after the Trump/Veselnitskaya meet­ing, and 12 days after the ini­tial con­tact by Gold­stone, while work­ing as a reporter for Gawk­er, I received an email tip, includ­ing offi­cial strat­e­gy and finan­cial doc­u­ments from the Demo­c­ra­t­ic Par­ty:
    [see screen­shot of email Guc­cifer 2.0 sent to Bid­dle]

    ...

    This tim­ing is inter­est­ing for two rea­sons. The extreme prox­im­i­ty of promised Hillary-relat­ed doc­u­ments and the arrival of Hillary-relat­ed doc­u­ments just days lat­er sug­gests Guc­cifer 2.0 could have been part of the plan Gold­stone allud­ed to over email. But sec­ond­ly, although the doc­u­ments were sure­ly “offi­cial” in that they orig­i­nat­ed from with­in the Demo­c­ra­t­ic Par­ty, no one ever found any­thing in them that could be con­sid­ered “infor­ma­tion that would incrim­i­nate Hillary and her deal­ings with Rus­sia.” It doesn’t appear that any of the doc­u­ments released by Guc­cifer, whether in pri­vate to reporters like myself or on the web, per­tained to or ref­er­enced what­so­ev­er any “deal­ings” between Clin­ton and Rus­sia. Guc­cifer was very eager to “pitch” doc­u­ments to me that he believed would be par­tic­u­lar­ly dam­ag­ing or news­wor­thy (vir­tu­al­ly none of them were), so it stands to rea­son that he would have pushed the Russia/DNC angle were he in pos­ses­sion of doc­u­ments along those lines. Guc­cifer men­tioned Rus­sia only a cou­ple of times, first to deny to me that he was Russ­ian, and sec­ond­ly that “maybe rus­sians were among” those who had hacked the DNC. So there’s noth­ing direct­ly tying the con­tents of the Guc­cifer emails I (and reporters at oth­er out­lets) received to the con­tents Trump Jr. et al. were promised in this week’s explo­sive email thread.

    This leaves a lot of pos­si­bil­i­ties, unfor­tu­nate­ly, and chalk­ing the whole thing up to noth­ing more than giant coin­ci­dence feels strange and unwise. Of course, a cam­paign takes place in a com­pressed time frame — though, mer­ci­less­ly, not com­pressed enough — so the like­li­hood of events coin­cid­ing in time is height­ened. It’s pos­si­ble that a British music pub­li­cist wasn’t exact­ly plugged in to the alleged activ­i­ties of Russ­ian mil­i­tary intel­li­gence and got the nit­ty grit­ty wrong in his email to Trump Jr. It’s pos­si­ble the offer emailed to Trump Jr. was just a means of test­ing how recep­tive he was to the idea of state-spon­sored oppo­si­tion research (very). It’s pos­si­ble these peo­ple are all smarter than they look, and delib­er­ate­ly did not refer to the actu­al nature of the hacked doc­u­ments in writ­ing. It’s pos­si­ble Gold­stone and com­pa­ny were entire­ly sep­a­rate from Guc­cifer, a sec­ond, dis­crete branch of cam­paign dirt-dig­ging. It’s pos­si­ble these are coin­ci­dences — if so, it would behoove Trumps old and young to explain why the most noto­ri­ous hack­er per­sona of the mod­ern age start­ed shop­ping around Hillary-relat­ed doc­u­ments less than a week after sim­i­lar doc­u­ments were promised to the cam­paign.

    ———-

    “Just Six Days After Trump Jr.’s Meet­ing, Guc­cifer 2.0 Emailed Me — But There Was One Key Dif­fer­ence” by Sam Bid­dle; The Inter­cept; 07/14/2017

    “This tim­ing is inter­est­ing for two rea­sons. The extreme prox­im­i­ty of promised Hillary-relat­ed doc­u­ments and the arrival of Hillary-relat­ed doc­u­ments just days lat­er sug­gests Guc­cifer 2.0 could have been part of the plan Gold­stone allud­ed to over email. But sec­ond­ly, although the doc­u­ments were sure­ly “offi­cial” in that they orig­i­nat­ed from with­in the Demo­c­ra­t­ic Par­ty, no one ever found any­thing in them that could be con­sid­ered “infor­ma­tion that would incrim­i­nate Hillary and her deal­ings with Rus­sia.” It doesn’t appear that any of the doc­u­ments released by Guc­cifer, whether in pri­vate to reporters like myself or on the web, per­tained to or ref­er­enced what­so­ev­er any “deal­ings” between Clin­ton and Rus­sia. Guc­cifer was very eager to “pitch” doc­u­ments to me that he believed would be par­tic­u­lar­ly dam­ag­ing or news­wor­thy (vir­tu­al­ly none of them were), so it stands to rea­son that he would have pushed the Russia/DNC angle were he in pos­ses­sion of doc­u­ments along those lines. Guc­cifer men­tioned Rus­sia only a cou­ple of times, first to deny to me that he was Russ­ian, and sec­ond­ly that “maybe rus­sians were among” those who had hacked the DNC. So there’s noth­ing direct­ly tying the con­tents of the Guc­cifer emails I (and reporters at oth­er out­lets) received to the con­tents Trump Jr. et al. were promised in this week’s explo­sive email thread.”

    So let’s just sum­ma­rize some key facts here:
    1. Rob Gold­stone send the stun­ning­ly word­ed June 3rd email about the Russ­ian gov­ern­ment want­i­ng to help the Trump cam­paign by hand­ing over infor­ma­tion on Hillary and dirty Russ­ian mon­ey flows.
    2. Don­ald Trump gives a June 7th speech that hints at dirty info on Hillary Clin­ton and Rus­sia.
    3. They have the June 9th meet­ing that the Gold­stone emails sug­gest are sup­posed to yield infor­ma­tion of that nature. Infor­ma­tion that’s nev­er come to light.
    4. 6 days after that meet­ing, Guc­cifer 2.0 is reach­ing out to jour­nal­ist, pitch­ing all sorts of sto­ries from the hacked emails. But noth­ing tying Clin­ton to Rus­sia.

    So giv­en the wide­ly held sus­pi­cions that this whole meet­ing was set up for the pur­pose of pri­vate­ly ham­mer­ing out the details of how the Russ­ian gov­ern­ment and the Trump cam­paign were going to col­lude in dis­sem­i­nat­ing the hacked DNC emails, if that sce­nario is true it would appear that the open­ing email Gold­stone sent to Trump, Jr. has the strange jux­ta­po­si­tion of being extreme­ly forth­right about the Russ­ian gov­ern­ment want­i­ng to help the Trump cam­paign by pro­vid­ing dirty info on Hillary but also com­plete­ly mis­lead the Trump team about the nature of the info that being pro­vid­ed.

    On the one hand, it makes a lot of sense that Gold­stone would­n’t divulge the nature of alleged dirty info in an email. But on the oth­er hand, it makes very lit­tle sense that he would have been so open about “the Russ­ian gov­ern­ment wants to help you” if the Russ­ian gov­ern­ment was days away from unleash­ing “Guc­cifer 2.0” on the world. It’s just an incred­i­ble risk and one that would hand the Trump cam­paign. After all, who­ev­er is behind “Guc­cifer 2.0” could­n’t have known in advance that all the “I’m Russ­ian!” fin­ger­prints would suc­ceed in con­vinc­ing most of the US pub­lic that the hack­er was Russ­ian. What if there was strong sus­pi­cion the Trump cam­paign was behind the hack and that become part of the media nar­ra­tive that the Trump cam­paign had to deal with? The Russ­ian gov­ern­ment would have pre­emp­tive­ly hand­ed the Trump cam­paign an email that would have been incred­i­bly use­ful for direct­ing those sus­pi­cions back towards the Krem­lin with Gold­stone’s ini­tial email. If the Krem­lin was behind “Guc­cifer 2.0” and the June 9th meet­ing was actu­al­ly a front for a Trump cam­paign-Krem­lin meet­ing and the Krem­lin was plan­ning on unveil­ing “Guc­cifer 2.0” soon, that June 3rd Gold­stone email is almost like a pre­arranged “get out of jail free” card for the Trump team in case it got any heat over the upcom­ing “Guc­cifer 2.0” cam­paign. But then Trump, Jr. total­ly screwed it up by not reply­ing “Thanks, but no thanks! That would be wrong of us!” Of course, that’s assum­ing the Russ­ian gov­ern­ment would be total­ly cool about accept­ing the blame for such an inflam­ma­to­ry hack­ing oper­a­tion. Of course, if we assume that this hack­ing oper­a­tion was the Russ­ian gov­ern­ment all along and we assume that “Guc­cifer 2.0” and orig­i­nal hack­ers weren’t just com­plete­ly incom­pe­tent oper­a­tives and left all those “I’m a Russ­ian!” dig­i­tal fin­ger­prints by mis­take, we would also have to be open to the idea that the Russ­ian gov­ern­ment would have inten­tion­al­ly hand­ed the Trump cam­paign a “get out of jail free” card...that Trump, Jr. total­ly screwed up.

    Also keep in mind that if the Trump cam­paign itself was being “Guc­cifer 2.0” or had already received the hacked doc­u­ments from “Guc­cifer 2.0” (per­haps from “the weev?”), the ques­tion of how to dis­sem­i­nate the hacked mate­ri­als with­out mak­ing the Trump team sus­pects would have been loom­ing large on the minds of the Trump team’s lead­er­ship. And that email from Gold­stone that may have been exact­ly what the Trump team would have need­ed in that sit­u­a­tion: evi­dence that could be used to direct cul­pa­bil­i­ty back towards the Krem­lin. It could explain both the incred­i­ble over­lap in the tim­ing of the emer­gence “Guc­cifer 2.0” as well as all the implau­si­bly stu­pid “I’m a Russ­ian” ‘mis­takes’ that “Guc­cifer 2.0” made that point­ed towards being a Krem­lin hack­er. ‘Mis­takes’ that did­n’t just include sign­ing the hacked doc­u­ments with the name of a Sovi­et spy chief in Cyril­lic char­ac­ters but also the strange way Guc­cifer talked. Don’t for­get, while “Guc­cifer 2.0” claimed to be Roman­ian, some­times they wrote with mis­takes that seemed kind of Russian/Eastern Euro­pean-ish and some­times in per­fect Eng­lish. And while this has often been inter­pret­ed as being a ‘mis­take’ by sophis­ti­cat­ed Russ­ian intel­li­gence agen­cies, for some rea­son the idea that “Guc­cifer 2.0” was a native Eng­lish speak­er try­ing to seem Russ­ian nev­er seemed to get seri­ous con­sid­er­a­tion:

    Vice Moth­er­board

    Why Does DNC Hack­er ‘Guc­cifer 2.0’ Talk Like This?

    Loren­zo Franceschi-Bic­chierai
    Jun 23 2016, 12:10pm

    Despite the hack­er’s con­fus­ing claims and denials about his ori­gin, his own words might have betrayed his real ori­gins.

    A week after a hack­er going by the name of ‘Guc­cifer 2.0’ claimed respon­si­bil­i­ty for the hack on the Demo­c­ra­t­ic Nation­al Com­mit­tee, the mys­te­ri­ous indi­vid­ual spoke pub­licly for the first time. Guc­cifer 2.0 called him­self a “hack­er, man­ag­er, philoso­pher, women lover.” And of course, some­one who likes Guc­ci.

    “I bring the light to peo­ple,” he added in an online chat with Moth­er­board. “I’m a free­dom fight­er!”

    More impor­tant­ly, the hack­er also denied being Russ­ian and work­ing for the Russ­ian gov­ern­ment, as many sus­pect he is. Just like the orig­i­nal Guc­cifer, whose han­dle and fame inspired his, Guc­cifer 2.0 claimed to be Roman­ian. But a lin­guis­tic analy­sis of his mes­sages in Roman­ian, as well as his often­times bro­ken Eng­lish, might reveal more about his real ori­gins than his claims.

    When he first appeared online last week, Guc­cifer 2.0 derid­ed secu­ri­ty firm Crowd­Strike for point­ing the fin­ger at Rus­sia, accus­ing two intel­li­gence agen­cies of being behind the cyber­at­tack.

    “I’m very pleased the com­pa­ny appre­ci­at­ed my skills so high­ly))) But in fact, it was easy, very easy,” the hack­er wrote in a blog post, defin­ing him­self as a “lone hack­er.”

    Sev­er­al secu­ri­ty experts, judg­ing from exten­sive cir­cum­stan­tial evi­dence, the poten­tial motives behind the hack, the sub­se­quent pub­lic respon­si­bil­i­ty claim, as well as the time­line of the events, said that the Guc­cifer 2.0 per­sona was like­ly part of a Russ­ian gov­ern­men­t’s effort to cov­er up its own hack and spread dis­in­for­ma­tion.

    Whether Guc­cifer 2.0 is Russ­ian and, most impor­tant­ly, part of a Russ­ian gov­ern­ment-orches­trat­ed attack on a US polit­i­cal insti­tu­tion is cru­cial here. While it’s nor­mal and expect­ed for spies to spy on their own ene­mies, it’s unusu­al, and way more dan­ger­ous, if those spies dis­sem­i­nate the intel­li­gence they gath­er with the inten­tion of influ­enc­ing the inter­nal pol­i­tics of their biggest ene­my. For some, that cross­es a red line, so the who­dun­nit in this case is a nec­es­sary ques­tion to answer.

    Is Guc­cifer 2.0 Real­ly Roman­ian?

    Despite claim­ing to be Roman­ian, Guc­cifer 2.0 did­n’t seem to be a native Roman­ian speak­er, accord­ing to sev­er­al Roma­ni­ans who reviewed the tran­script of our con­ver­sa­tion with him, which was in part car­ried out in Roman­ian. (Dis­clo­sure: For my part, I used Google Trans­late).

    For exam­ple, he used the word “fil­igran” for “water­mark,” which the Roman­ian speak­ers who reviewed our chat logs with Guc­cifer 2.0 said is an unusu­al trans­la­tion. More­over, after a short exchange in Roman­ian, the hack­er refused to answer longer ques­tions, say­ing he did­n’t want me to “waste” his time.

    [see image of chart show­ing exam­ples of dis­crep­an­cies in Guc­cifer 2.0’s Roman­ian lan­guage usage]

    The Roma­ni­ans who reviewed the logs also point­ed out instances in which Guc­cifer 2.0’s sen­tence con­struc­tion was off, and that while chat­ting, native speak­ers usu­al­ly don’t both­er to use dia­crit­ics, or let­ters such as “â” “a” or “?.”

    What About His Eng­lish Skills?

    The hack­er’s Eng­lish is also clear­ly not native, and was at times excel­lent, and at times awful. In one par­tic­u­lar exchange, he dis­played this con­tra­dic­tion:

    Q: Do you work with Rus­sia or the Russ­ian gov­ern­ment?
    A: No because I don’t like Rus­sians and their for­eign pol­i­cy. I hate being attrib­uted to Rus­sia.
    Q: Why?

    A: I’ve already told! Also I made a big deal, why you glo­ri­fy them?

    The first answer is per­fect Eng­lish. The sec­ond one, how­ev­er, is far less elo­quent. Also, the “I’ve already told” phrase could be a sign of a Russ­ian, or at least Slav­ic, speak­er, giv­en the absence of the object, “you”, accord­ing to Maria Doubrovska­ia, a Russ­ian lan­guage instruc­tor at Colum­bia Uni­ver­si­ty.

    This might sug­gest the hack­er had some answers in prop­er Eng­lish pre­pared in advance (per­haps to pre­dictable ques­tions such as “Are you Russ­ian?” or “How did you hack the DNC?”), while for oth­ers he had to impro­vise and did­n’t have time to proof­read dur­ing our live chat. This seems to be con­firmed by the fact that Guc­cifer 2.0 gave me and my col­league Joseph Cox the same, word-for-word answer to a ques­tion about how he hacked the DNC.

    It’s also entire­ly pos­si­ble that the per­son, or peo­ple, behind Guc­cifer 2.0 are pur­pose­ly mak­ing these sorts of mis­takes and being incon­sis­tent to throw peo­ple off.

    Guc­cifer 2.0 also some­times did not use def­i­nite and indef­i­nite (“the” and “a/an”) arti­cles when writ­ing in Eng­lish. That could be a sign that his native lan­guage does­n’t use them, accord­ing to an Amer­i­can uni­ver­si­ty pro­fes­sor who spe­cial­izes in Slav­ic syn­tax and asked to remain anony­mous.

    “Russ­ian cer­tain­ly lacks such articles…but so do all oth­er East and West Slav­ic lan­guages,” she wrote in an email. “As for Roman­ian, the lan­guage DOES have both indef­i­nite and def­i­nite arti­cles, so I would­n’t nec­es­sar­i­ly expect such mis­takes in Eng­lish from a native speak­er of Roman­ian.”

    #Guccifer2 Dossier on #HillaryClin­tonhttps://t.co/LGcRb1spRN pic.twitter.com/qweBMKR1Qg— GUCCIFER 2.0 (@GUCCIFER_2) June 21, 2016

    A Moth­er­board read­er, who con­tact­ed me via email said he taught Eng­lish to sev­er­al Russ­ian speak­ers, said Guc­cifer 2.0 “has very strong Russ­ian-Eng­lish syn­tax (word order) and in some cas­es unnec­es­sary for­mal­i­ty in vocab­u­lary choic­es that say to me either edu­cat­ed in Rus­sia, or a lot of time in Rus­sia learn­ing Russ­ian-Eng­lish.”

    But not every­one is that sure. M.J. Con­nol­ly, a pro­fes­sor of Slav­ic and East­ern Euro­pean lin­guis­tics at Boston Col­lege, said that Rus­sians tend not to car­ry the con­struc­tion using the word “lan­guage” after the lan­guage name (such as “Russ­ian lan­guage,” or “Roman­ian lan­guage”) when they speak Eng­lish.

    Con­nol­ly added that Guc­cifer 2.0’s Eng­lish actu­al­ly does­n’t show some Russ­ian traces he would have expect­ed, such as how at times the hack­er does use some indef­i­nite arti­cles, and does­n’t sub­sti­tute present tens­es for past tens­es.

    “All I can say is: no smok­ing gun here,” Con­nol­ly said in an email. “The Eng­lish is very East Euro web talk, which Rus­sians and Roma­ni­ans and all East­ern Euro­peans share but, as I’ve point­ed out already, many of the traits are non-Russ­ian.”

    For Con­nol­ly, the hack­er could also be Moldovan, giv­en that the coun­try is a mixed Roman­ian-Russ­ian envi­ron­ment and many Moldovans, espe­cial­ly the anti-Russ­ian ones, “will iden­ti­fy as Roman­ian.”

    What Does Guc­cifer 2.0 Say?

    After I pressed him to speak more Roman­ian on Tues­day, Guc­cifer 2.0 stopped answer­ing my ques­tions via Twit­ter.

    “Man, I’m not a pupil at school,” he said in one of his last answers, in Eng­lish. “If u have seri­ous ques­tions u can ask. Don’t waste my time.”

    But on Wednes­day, a day lat­er, he got back to me, say­ing he would pro­vide more answers on his blog post, after col­lect­ing more inquiries from oth­er reporters and choos­ing the most pop­u­lar ones. He also announced this upcom­ing FAQ on his blog, adding that any­one can now send him ques­tions via Twit­ter. As of Thurs­day morn­ing, he has not yet post­ed any­thing, and he has­n’t respond­ed to a series of detailed ques­tions we sent him in Roman­ian.

    The hack­er’s words, and lan­guage skills, have cer­tain­ly raised even more ques­tions about his real iden­ti­ty and motives.

    It’s pos­si­ble that who­ev­er is behind Guc­cifer 2.0 real­ly is being del­uged with ques­tions. Or, per­haps, after he exposed him­self in our inter­view, he’s decid­ed that it’s safer to pick and choose the ques­tions he wants to answer, and take more time to answer them in prop­er Eng­lish.

    ...

    ———-

    “Why Does DNC Hack­er ‘Guc­cifer 2.0’ Talk Like This?”
    by Loren­zo Franceschi-Bic­chierai; Vice Moth­er­board; 06/23/2016

    ““All I can say is: no smok­ing gun here,” Con­nol­ly said in an email. “The Eng­lish is very East Euro web talk, which Rus­sians and Roma­ni­ans and all East­ern Euro­peans share but, as I’ve point­ed out already, many of the traits are non-Russ­ian.””

    That was the take from at least one lan­guage spe­cial­ist: “Guc­cifer 2.0” was show­ing all sort of lin­guis­tic signs. They could­n’t speak Roman­ian. They some­times showed signs of Russian/Eastern Euro­pean Eng­lish mis­takes that would­n’t be con­sis­tent with a Roman­ian speak­er’s Eng­lish mis­takes. And they some­times spoke per­fect Eng­lish:

    ...
    The hack­er’s Eng­lish is also clear­ly not native, and was at times excel­lent, and at times awful. In one par­tic­u­lar exchange, he dis­played this con­tra­dic­tion:

    Q: Do you work with Rus­sia or the Russ­ian gov­ern­ment?
    A: No because I don’t like Rus­sians and their for­eign pol­i­cy. I hate being attrib­uted to Rus­sia.
    Q: Why?

    A: I’ve already told! Also I made a big deal, why you glo­ri­fy them?

    The first answer is per­fect Eng­lish. The sec­ond one, how­ev­er, is far less elo­quent. Also, the “I’ve already told” phrase could be a sign of a Russ­ian, or at least Slav­ic, speak­er, giv­en the absence of the object, “you”, accord­ing to Maria Doubrovska­ia, a Russ­ian lan­guage instruc­tor at Colum­bia Uni­ver­si­ty.

    This might sug­gest the hack­er had some answers in prop­er Eng­lish pre­pared in advance (per­haps to pre­dictable ques­tions such as “Are you Russ­ian?” or “How did you hack the DNC?”), while for oth­ers he had to impro­vise and did­n’t have time to proof­read dur­ing our live chat. This seems to be con­firmed by the fact that Guc­cifer 2.0 gave me and my col­league Joseph Cox the same, word-for-word answer to a ques­tion about how he hacked the DNC.
    ...

    So if we are to believe that the GRU cre­at­ed “Guc­cifer 2.0” as a fake “Roman­ian” hack­er front for the pur­pose of keep­ing sus­pi­cions away from Rus­sia, we would have to assume the per­son behind this per­sona not only could­n’t speak Roman­ian cor­rect­ly, but they also some­times acci­den­tal­ly spoke per­fect Eng­lish. And had cer­tain key phras­es for expect­ed ques­tions that they decid­ed to pre­pare in per­fect Eng­lish for some rea­son. But when this GRU per­sona got unex­pect­ed ques­tions they kept botch­ing their cov­er and reveal­ing Russian/Eastern Euro­pean idio­syn­crasies. That’s the sce­nario we’re sup­posed to accept at face val­ue.

    But for some rea­son the pos­si­bil­i­ty that “Guc­cifer 2.0” is an Eng­lish speak­er try­ing to seem like a Russ­ian nev­er gets seri­ous­ly con­sid­ered. Yet just days ago we have reports that Peter Smith’s team of oppo­si­tion researchers — a team that includ­ed Trump cam­paign offi­cials — con­tact­ed Guc­cifer 2.0 who told them to con­tact Andrew “the weev” Auern­heimer, an Amer­i­can neo-Nazi hack­er who is the prime sus­pect behind the Macron hacks that also includ­ed fake “I’m a Russ­ian” fin­ger­prints. And Charles John­son, the far-right “Got­News” troll, told Smith’s team to con­tact “the weev” and that he was in con­tact with a hid­den “alt-right” net­work of oppo­si­tion researchers”. And it’s a very good bet that Charles John­son was in reg­u­lar con­tact with the Trump team well before Smith reached out to him.

    So if “Guc­cifer 2.0” was either a Trump cam­paign oper­a­tive or already work­ing with the Trump cam­paign before that June 3rd email from Gold­stone was ever sent, you have to won­der if that appar­ent over­ture from the Krem­lin could have played a deci­sive role in “Guc­cifer 2.0” sud­den­ly show­ing up and act­ing like a Russ­ian pre­tend­ing to be a Roman­ian short­ly after that June 3rd email.

    At the same time, it’s impor­tant to recall that the “I“m a Russ­ian!” dig­i­tal fin­ger­prints on this whole oper­a­tion did­n’t first emerge with Guc­cifer 2.0’s strange lan­guage and the Cyril­lic meta-data in the doc­u­ments. The first “I“m a Russ­ian!” dig­i­tal fin­ger­prints hap­pened when the orig­i­nal hacks took place. That includ­ed mal­ware that shock­ing­ly had the IP address of the com­mand and con­trol serv­er hard cod­ed into the mal­ware code. And IP address was the same one used in the 2015 hack of the Ger­man Bun­destag. And the com­mand and con­trol serv­er was itself vul­ner­a­ble to hack­ing because it was using the ver­sion of OpenSSL that was vul­ner­a­ble to the Heart­bleed attack. And that vul­ner­a­bil­i­ty, which would have left that com­mand and con­trol serv­er (that’s assumed to be under APT28/Fancy Bear con­trol) open to a third par­ty attack, was dis­closed to the world in June of 2015, short­ly before the ini­tial DNC hack began in the fall of 2015 (and the DNC hack­er hard­cod­ed the IP address to this serv­er, thus ensur­ing sus­pi­cion would fall back on APT28/Fancy Bear):

    Netzpolitik.org

    Dig­i­tal Attack on Ger­man Par­lia­ment: Inves­tiga­tive Report on the Hack of the Left Par­ty Infra­struc­ture in Bun­destag

    am 19.06.2015 Gast­beitrag

    Servers of The Left in Ger­man Bun­destag have been infect­ed with mal­ware, appar­ent­ly by a state-spon­sored group of Russ­ian ori­gin. This is the sum­ma­ry of an analy­sis by an IT secu­ri­ty researcher, which we pub­lish in full. The in-depth report pro­vides an analy­sis of tech­nol­o­gy, impact, pos­si­ble attri­bu­tion – and a sig­na­ture to detect the mal­ware.

    This analy­sis of secu­ri­ty researcher Clau­dio Guarnieri was orig­i­nal­ly writ­ten for The Left in Ger­man Bun­destag. We’re pub­lish­ing it here with per­mis­sion from The Left.

    Von diesem Bericht existiert auch eine deutsche Über­set­zung.

    Sum­ma­ry of Find­ings

    Two sus­pi­cious arti­facts have been retrieved from two sep­a­rate servers with­in the Die Linke infra­struc­ture. One is an open source util­i­ty used to remote­ly issue com­mands on a Win­dows host from a Lin­ux host. The oth­er is a cus­tom util­i­ty which, despite its large size, has lim­it­ed func­tion­al­i­ty and acts as a tun­nel, pos­si­bly used by the attack­ers to main­tain per­sis­tence with­in the com­pro­mised net­work.

    The com­bi­na­tion of the two util­i­ties seems to be enough for the attack­ers to main­tain a foothold inside the net­work, har­vest data, and exfil­trate all the infor­ma­tion they deemed inter­est­ing. It is, how­ev­er, pos­si­ble that there are addi­tion­al mali­cious arti­facts which have not yet been dis­cov­ered.

    Attrib­ut­es of one of the arti­facts and intel­li­gence gath­ered on the infra­struc­ture oper­at­ed by the attack­ers sug­gest that the attack was per­pe­trat­ed by a state-spon­sored group known as Sofa­cy (or APT28). Pre­vi­ous work pub­lished by secu­ri­ty ven­dor Fire­Eye in Octo­ber 2014 sug­gests the group might be of Russ­ian ori­gin.

    Arti­facts

    The first arti­fact – iden­ti­fied across this report as Arti­fact #1 – has the fol­low­ing attrib­ut­es:

    Name winexesvc.exe
    Size 23552
    MD5 77e7fb6b56c3ece4ef4e93b6dc608be0
    SHA1 f46f84e53263a33e266aae520cb2c1bd0a73354e
    SHA256 5130f600cd9a9cdc82d4bad938b20cbd2f699aadb76e7f3f1a93602330d9997d

    The sec­ond arti­fact – iden­ti­fied across this report as Arti­fact #2 – ‑has the fol­low­ing attrib­ut­es:

    Name svchost.exe.exe
    Size 1062912
    MD5 5e70a5c47c6b59dae7faf0f2d62b28b3
    SHA1 cdeea936331fcdd8158c876e9d23539f8976c305
    SHA256 730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a
    Com­pile Time 2015-04-22 10:49:54

    Analy­sis of Arti­fact #1

    Arti­fact #1 was retrieved from a File Serv­er oper­at­ed by Die Linke. The file is a 64bit-com­pat­i­ble com­piled bina­ry of the open source util­i­ty Winexe. Winexe is soft­ware sim­i­lar to the more pop­u­lar PSEx­ec and is designed to allow sys­tem admin­is­tra­tors to exe­cute com­mands on remote servers. While com­mer­cial solu­tions like Syman­tec pcAnywhere pro­vide a larg­er fea­ture-set, Winexe is light­weight, and doesn’t require any instal­la­tion or con­fig­u­ra­tion. One of the rea­sons Winexe is pre­ferred over PSEx­ec, is that it pro­vides a Lin­ux client, while PSEx­ec doesn’t.

    Attack­ers are mak­ing grow­ing use of util­i­ties like Winexe and PSEx­ec to per­form lat­er­al move­ment across com­pro­mised net­works. Besides pro­vid­ing the abil­i­ty to exe­cute arbi­trary com­mands on the tar­get sys­tem, these util­i­ties nor­mal­ly don’t raise sus­pi­cion as they are com­mon­ly whitelist­ed by Antivirus and oth­er com­mer­cial secu­ri­ty soft­ware.

    Winexe acts as a Win­dows ser­vice that can be con­fig­ured to auto­mat­i­cal­ly start at boot and silent­ly wait for incom­ing com­mands over a named pipe. Named pipes are a Win­dows inter-process com­mu­ni­ca­tion method. Through named pipes, process­es are able to com­mu­ni­cate and exchange data even over a net­work. In the case of Arti­fact #1, the name of the pipe is „ahex­ec“, com­put­ers over the net­work could access the pipe serv­er by sim­ply open­ing a file han­dle on „\Server­Namepi­pea­hex­ec“.

    Once con­nect­ed to the pipe, a user or a pro­gram can eas­i­ly pro­vide infor­ma­tion required to exe­cute com­mand (just as they would nor­mal­ly through a com­mand-line). The pro­vid­ed infor­ma­tion is then passed to a „Cre­ateProces­sAs­UserA“ call and the spec­i­fied com­mand is exe­cut­ed.

    Once inside the net­work, Arti­fact #1 can be enough for the attack­er to down­load or cre­ate addi­tion­al scripts, exe­cute com­mands and exfil­trate data (for exam­ple, sim­ply through ftp). It is plau­si­ble that Arti­fact #1 could be present on oth­er servers under dif­fer­ent names, although it is also like­ly that the attack­er only left it on servers to which they required main­taine­nance of per­sis­tent access.

    It is impor­tant that all the deploy­ments of this util­i­ty are iden­ti­fied and removed, as they are self-suf­fi­cient and they pro­vide easy and open access to exe­cute com­mands on the host, poten­tial­ly with admin­is­tra­tor priv­i­leges.

    Analy­sis of Arti­fact #2

    Arti­fact #2 was recov­ered from the Admin Con­troller oper­at­ed by Die Linke. This is cus­tom mal­ware, which despite large file size (1,1 MB), pro­vides lim­it­ed func­tion­al­i­ty. Arti­fact #2 oper­ates as a backchan­nel for the attack­er to main­tain a foothold inside the com­pro­mised net­work. The prop­er­ties of the arti­fact show that the same authors of the mal­ware seem to have called it „Xtun­nel“. As the same name sug­gests, the arti­fact appears in fact to act as a tun­nel for the attack­er to remote­ly access the inter­nal net­work and main­tain per­sis­tence.

    ...

    After ini­tial­iza­tion, the arti­fact will attempt to estab­lish a con­nec­tion by cre­at­ing a sock­et. In case of fail­ure, it will sleep for three sec­onds and try again. The authors of the mal­ware didn’t appear to have spent any effort in con­ceal­ing indi­ca­tors or obfus­cat­ing code – the IP address with which it tries to com­mu­ni­cate is hard­cod­ed in clear-text inside the bina­ry. We can observe below, the pro­ce­dure through which the arti­fact attempts to estab­lish a con­nec­tion with the IP address „176.31.112.10“:

    This spe­cif­ic IP address is a crit­i­cal piece of infor­ma­tion that enables us to con­nect this attack to a spree of pre­vi­ous tar­get­ed cam­paigns. The details of this attri­bu­tion is explained in a ded­i­cat­ed sec­tion below. We will refer to this IP address as „Com­mand & Con­trol“ (or „C&C“).

    The arti­fact is able of receiv­ing mul­ti­ple argu­ments, includ­ing ‑Si, ‑Sp, ‑Up, ‑Pp, ‑Pi and ‑SSL. Fol­low­ing are the bea­con­ing pack­ets the arti­fact will send to Com­mand & Con­trol:

    ‑Si
    00000000 2a 00 00 00 *…
    00000004 b2 23 16 85 ee 59 52 a6 79 3a 2a e2 da 11 c0 1b .#…YR. y:*…..
    00000014 de 77 ea 47 35 11 de 8a 76 1a ee 16 d9 fd 28 0d .w.G5… v…..(.

    -Sp
    00000000 22 00 00 00 „…
    00000004 90 ac c6 39 09 b6 23 72 9d 36 a6 3b 2e b7 02 ce …9..#r .6.;….
    00000014 dd 09 d4 e4 d3 e6 01 5f 6a 37 b2 39 01 b4 0a af ……._ j7.9….

    -Up
    00000000 07 00 00 00 ….
    00000004 7e e2 82 05 74 be 3f 9b 8e 6a dc 5c d1 fe 85 f7 ~…t.?. .j…..
    00000014 5f 33 26 6e 5e 62 c1 0e c0 da a3 b3 6c f9 ca 88 _3&n^b.. ….l…

    If the argu­ment ‑SSL is giv­en through com­mand-line to the arti­fact, these bea­cons will be encap­su­lat­ed in an SSL con­nec­tion and a prop­er TLS hand­shake will be ini­ti­at­ed with the C&C.

    Inter­est­ing­ly, the arti­fact bun­dles a copy of OpenSSL 1.0.1e, from Feb­ru­ary 2013, which caus­es the unusu­al­ly large size of the bina­ry. More impor­tant­ly, the Com­mand & Con­trol serv­er (176.31.112.10) also appears to be using an out­dat­ed ver­sion of OpenSSL and be vul­ner­a­ble to Heart­bleed attacks. While unlike­ly, it is worth con­sid­er­ing that the same C&C serv­er might have been the sub­ject of 3rd-par­ty attacks due to this vul­ner­a­bil­i­ty.

    ...

    Attri­bu­tion

    While attri­bu­tion of mal­ware attacks is rarely sim­ple or con­clu­sive, dur­ing the course of this inves­ti­ga­tion I uncov­ered evi­dence that sug­gests the attack­er might be affil­i­at­ed with the state-spon­sored group known as Sofa­cy Group (also known as APT28 or Oper­a­tion Pawn Storm). Although we are unable to pro­vide details in sup­port of such attri­bu­tion, pre­vi­ous work by secu­ri­ty ven­dor Fire­Eye sug­gests the group might be of Russ­ian ori­gin, how­ev­er no evi­dence allows to tie the attacks to gov­ern­ments of any par­tic­u­lar coun­try.

    ...

    ———-

    “Dig­i­tal Attack on Ger­man Par­lia­ment: Inves­tiga­tive Report on the Hack of the Left Par­ty Infra­struc­ture in Bun­destag” by Gast­beitrag; Netzpolitik.org; 06/19/2015

    “Inter­est­ing­ly, the arti­fact bun­dles a copy of OpenSSL 1.0.1e, from Feb­ru­ary 2013, which caus­es the unusu­al­ly large size of the bina­ry. More impor­tant­ly, the Com­mand & Con­trol serv­er (176.31.112.10) also appears to be using an out­dat­ed ver­sion of OpenSSL and be vul­ner­a­ble to Heart­bleed attacks. While unlike­ly, it is worth con­sid­er­ing that the same C&C serv­er might have been the sub­ject of 3rd-par­ty attacks due to this vul­ner­a­bil­i­ty.

    Yep, while it may have been unlike­ly in June of 2015 when this analy­sis was pub­lished that the com­mand and con­trol serv­er at the 176.31.112.10 ip address was sub­ject to a 3rd par­ty attack (and there­fore not actu­al­ly being used by the Sofacy/APT28 group assumed to con­trol it but some­one else), it’s hard to say that it would have been unlike­ly after this vul­ner­a­bil­i­ty was pub­lished. Would­n’t it be like­ly at that point? And the DNC hacks are pre­sumed to have start­ed short­ly after this...with the same email address hard cod­ed into the DNC hack mal­ware.

    It’s also impor­tant to recall that there was a lat­er “hack” of the Bun­destag that com­mit­tee that was inves­ti­gat­ing the NSA/Snowden Affair that was wide­ly attrib­uted to the Bun­destag. It was qui­et­ly acknowl­edge was like­ly an inside leak­er. But there does appear to be an actu­al Bun­destag hack that took place.

    Still, even if who­ev­er did the DNC hack real­ly was a third par­ty hack­er who took con­trol of that com­mand and con­trol serv­er after it was revealed to the world that this was an option, it’s still the case that the world had­n’t yet offi­cial­ly attrib­uted APT28/Sofacy/Fancy Bear to the Russ­ian gov­ern­ment. That hap­pened in May of 2016 when the Ger­man gov­ern­ment offi­cial­ly declared APT/Sofacy/Fancy Bear to be a Russ­ian gov­ern­ment oper­a­tion:

    SCMagazineUK.com

    Ger­man Intel­li­gence blames Rus­sia for Par­lia­ment hack

    Ger­many’s domes­tic intel­li­gence agency has point­ed the offi­cial fin­ger at the Russ­ian state for the 2015 attacks on the Bun­destag, the Ger­man Par­lia­ment

    by Max Met­zger
    May 16, 2016

    Ger­many’s chief inter­nal intel­li­gence agency has blamed the Russ­ian state for an attack on the Ger­man par­lia­ment.

    The Bun­de­samt für Ver­fas­sungss­chutz (BfV), which over­sees domes­tic secu­ri­ty, has point­ed the fin­ger of blame at Pawn­Storm, an infa­mous APT group believed to work direct­ly for the Russ­ian state.

    The accu­sa­tions were laid out by Hans Georg Massen, direc­tor of the BfV who said that Pawn­Storm is direct­ed by the Russ­ian state. The 2015 hacks on the Ger­man par­lia­ment and oth­er Ger­man insti­tu­tions, added Massen, were car­ried out in order to gath­er intel­li­gence.

    How­ev­er, he also told the press agency AFP that “Russ­ian secret ser­vices have also shown a readi­ness to car­ry out sab­o­tage.”

    The group’s six month assault on the Ger­man par­lia­ment is one of its most famous. Revealed in May last year, Pawn­Storm attempt­ed to deploy mal­ware on gov­ern­ment servers that would have giv­en the attack­ers a per­ma­nent back­door into the par­lia­ment. All 20,000 accounts that resided on the sys­tem were believed to be com­pro­mised, includ­ing those of Ger­many’s fore­most law­mak­ers.

    Pawn­Storm has been engaged in attacks against a vari­ety of Ger­man insti­tu­tions includ­ing crit­i­cal infra­struc­ture and, as was revealed ear­li­er this month, the rul­ing Chris­t­ian Demo­c­ra­t­ic Union par­ty.

    Open accu­sa­tions are rare when it comes to cyber-secu­ri­ty, even more so when it comes to espi­onage and intel­li­gence. This rare moment of can­dour may con­firm the sus­pi­cions of many in the cyber-secu­ri­ty and intel­li­gence com­mu­ni­ty who believe that Rus­sia uses pow­er­ful hack­er prox­ies to fur­ther its geopo­lit­i­cal objec­tives.

    Cyber-secu­ri­ty com­pa­ny Bit­de­fend­er made sim­i­lar sounds late last year. The com­pa­ny released a report which all but labelled the Russ­ian gov­ern­ment the spon­sors of Pawn­Storm.

    The pro­lif­ic APT group is known by many names. In oth­er instances it’s been called Sofa­cy, Fan­cy Bear or APT 28. Pawn­Storm, one of its more pop­u­lar monikers, comes from the chess strat­e­gy where­in pawns are rapid­ly deployed against an oppo­nent.

    Believed to be formed in 2004, the group’s fin­ger­prints have been seen in the elec­tron­ic crime scenes of plen­ty of high-lev­el attacks. Late last year, the group attacked NATO and the White House while pre­tend­ing to be the pri­va­cy advo­ca­cy group the Elec­tron­ic Fron­tier Foun­da­tion.

    False flag tac­tics seem to be a favourite for this group, per­haps because Pawn Storm is so wide­ly believed to be a proxy of the Russ­ian state, attack­ing the ene­mies of Putin such as the embat­tled Syr­i­an oppo­si­tion.

    Much like the his­tor­i­cal rela­tion­ship Britain has had with pirates or pri­va­teers, the Russ­ian state may want to strike at its ene­mies, but with­out the reper­cus­sions of an open oper­a­tion said Ewan Law­son, a fel­low at the Roy­al Unit­ed Ser­vices Insti­tute and expert in cyber-war­fare.

    Ger­many’s response, Law­son told SCMagazineUK.com, shows “the Ger­mans are clear­ly los­ing patience”.

    How­ev­er, added Law­son, “Arguably the whole point of this approach is prov­ing the link between ATP 28 and the Russ­ian state and even fur­ther with Putin’s inner cir­cle. As such, I think the Rus­sians will smile know­ing­ly but it won’t lead to any esca­la­tion at this stage. The big­ger sig­nif­i­cance is the grow­ing pub­lic con­ver­sa­tion about the state/non-state nexus.”

    ...

    ———-

    “Ger­man Intel­li­gence blames Rus­sia for Par­lia­ment hack” by Max Met­zger; SCMagazineUK.com; 05/16/2017

    “The Bun­de­samt für Ver­fas­sungss­chutz (BfV), which over­sees domes­tic secu­ri­ty, has point­ed the fin­ger of blame at Pawn­Storm, an infa­mous APT group believed to work direct­ly for the Russ­ian state.”

    As of May of 2016, it was “offi­cial” that APT28/Fancy Bear was a Russ­ian gov­ern­ment oper­a­tion. Which means any­one who may have com­man­deered that vul­ner­a­ble com­mand and con­trol serv­er to car­ry out the DNC hack would obvi­ous­ly want to make it look like they were Rus­sians if they were going to cre­ate a pub­lic per­sona.

    While this might seem like get­ting deep into the weeds, these are impor­tant details to point out because if the Trump cam­paign, or a non-Russ­ian gov­ern­ment affil­i­ate, was indeed behind the DNC hacks, you would­n’t nec­es­sar­i­ly expect them to frame the Russ­ian gov­ern­ment giv­en the Trump fam­i­ly’s long his­to­ry with Rus­sia. But it would make A LOT of sense to frame Rus­sia if your hack­er com­man­deered a serv­er that was pinned on Rus­sia by the Ger­man gov­ern­ment.

    On a relat­ed not, you also have to won­der if the Ger­man gov­ern­ment is the unnamed gov­ern­ment that pro­vid­ed the “crit­i­cal tech­ni­cal evi­dence” the US intel­li­gence agen­cies used to con­clude it was Russ­ian hack­ers? Being the first gov­ern­ment to pub­lic fin­ger Rus­sia after osten­si­bly the same hack­ers hacked the Bun­destag the year before cer­tain­ly sug­gests it could be Ger­many. Giv­en all the prob­lems with that tech­ni­cal analy­sis it might explain why the NSA expressed reser­va­tions about their con­clu­sions.

    Any­way, that’s all part of why who­ev­er car­ried out the DNC hacks had a strong incen­tive to make it look like it was the Russ­ian gov­ern­ment behind it if indeed it was car­ried out by non-Russ­ian gov­ern­ment hack­ers. And this was the case as of May of 2016 when the Ger­man gov­ern­ment for­mal­ly charged the Russ­ian gov­ern­ment, but even still before then since so many cyber­se­cu­ri­ty ana­lysts were long-sus­pect­ing the Russ­ian state of being behind APT28/Fancy Bear.

    So when Rob Gold­stone sent that amaz­ing­ly con­spic­u­ous June 3rd email say­ing the Russ­ian gov­ern­ment wants to help the Trump cam­paign, if the Trump cam­paign was sit­ting on a bunch of hacked emails and try­ing to deter­mine what they were going to do with them, you have to won­der if that was the point when they may have decid­ed to cre­ate a ‘Roman­ian’ (but very Russ­ian-seem­ing) “Guc­cifer 2.0” per­sona, fill the doc­u­ments with more Russ­ian “fin­ger­prints”, and just dump every­thing on the inter­net.

    Posted by Pterrafractyl | July 15, 2017, 6:11 pm
  4. @Pterrafractyl–

    In the “Rus­sia-gate” counter-intel­li­gence decep­tion, it is impor­tant to remem­ber that Rob Gold­stone is a Rupert Mur­doch pro­tege.

    Don­ald Trump, Jr. is also an “Alt-right” patron, as we have seen in FTR #927. https://spitfirelist.com/for-the-record/ftr-927-the-trumpenkampfverbande-part-6-locker-room-eclipse/

    Roger Stone, BTW, was guid­ed into polit­i­cal waters by Roy Cohn, the Joe McCarthy pro­tege. https://consortiumnews.com/2016/06/19/how-roy-cohn-helped-rupert-murdoch‑2/

    ” . . . .How­ev­er, in the years before he died, Cohn gained some mea­sure of revenge against his lib­er­al ene­mies by help­ing to elect Ronald Rea­gan. Roger Stone, anoth­er Cohn asso­ciate, has assert­ed that at Cohn’s ini­tia­tive he deliv­ered an appar­ent bribe to a leader of New York’s Lib­er­al Par­ty in 1980 to arrange the endorse­ment of inde­pen­dent can­di­date John Ander­son, who then siphoned off 7.5 per­cent of the vote and opened the way for Rea­gan to car­ry New York against Pres­i­dent Jim­my Carter. . . .”

    It was McCarthy who intro­duced Mur­doch to Rea­gan and helped ini­ti­ate the right-wing GOP media attack colos­sus. https://consortiumnews.com/2016/06/19/how-roy-cohn-helped-rupert-murdoch‑2/

    Robert Par­ry also has an inter­est­ing piece on the “Krem­lin” lawyer who fig­ures in the DT, Jr. gam­bit.

    https://consortiumnews.com/2017/07/13/how-russia-gate-met-the-magnitsky-myth/

    All of which is to say that, when the bells and whis­tles stop turn­ing, one finds the far right and intel­li­gence service–Felix Sater, Andrew Aueren­heimer and friends.

    Best,

    Dave

    Posted by Dave Emory | July 17, 2017, 4:52 pm
  5. Here’s some­thing to con­sid­er as destruc­tive cyber­bombs are being pre­emp­tive­ly placed on net­works as a form of cyber-MWDs and the US set­tles into a ‘Cold War’ modal­i­ty with Rus­sia: If any skilled hack­er on the plan­et man­ages to hack a US nuclear pow­er plan, that ‘cold war’ might heat up pret­ty fast whether Rus­sia was behind it or not...especially if there’s a melt­down:

    E&E News

    ‘Who did it?’ zeroes in on Russ­ian hack­ing

    Blake Sobczak,
    Ener­gy­wire: Mon­day, July 10, 2017

    A sophis­ti­cat­ed group of hack­ers has tar­get­ed U.S. nuclear plants in a wide-rang­ing hack­ing cam­paign since at least May, accord­ing to mul­ti­ple U.S. author­i­ties.

    The hack­ers tried to steal user­names and pass­words in the hope of bur­row­ing deep into nuclear pow­er net­works, in addi­tion to oth­er util­i­ty and man­u­fac­tur­ing tar­gets.

    But the Depart­ment of Home­land Secu­ri­ty, the FBI, sources famil­iar with the ongo­ing inves­ti­ga­tion and non­pub­lic gov­ern­ment alerts told E&E News that heav­i­ly guard­ed nuclear safe­ty sys­tems were left unscathed by any recent cyber intru­sions. Experts say the evi­dence so far points to a remote threat that, while advanced, like­ly could not have leaped from cor­po­rate busi­ness net­works to the crit­i­cal but iso­lat­ed com­put­er net­works keep­ing nuclear reac­tors oper­at­ing safe­ly.

    Still, the ques­tion that lingers is, who did it?

    Sus­pi­cion has fall­en on hack­ers with ties to Rus­sia, in part because of past intru­sions into U.S. com­pa­nies and for Rus­sia-linked attacks on Ukraine’s pow­er grid in 2015 and 2016.

    Ukrain­ian secu­ri­ty ser­vices laid the blame for the grid hacks at Russ­ian Pres­i­dent Vladimir Putin’s feet. Sev­er­al pri­vate U.S. cyber­se­cu­ri­ty com­pa­nies have also drawn links between ener­gy indus­try-focused hack­ing cam­paigns with names like “Ener­getic Bear” back to Russ­ian intel­li­gence ser­vices.

    The Wash­ing­ton Post report­ed Sat­ur­day that U.S. gov­ern­ment offi­cials have already pinned the recent nuclear cyber intru­sions on Rus­sia.

    Ana­lysts remain quick to tamp down asser­tions that Rus­si­a’s fin­ger­print on the lat­est attack is a sure thing.

    With­out men­tion­ing any nation-state by name, for­mer Ener­gy Sec­re­tary Ernest Moniz not­ed on Twit­ter that “these ‘advanced per­sis­tent threats’ have long wor­ried U.S. intel­li­gence offi­cials — and recent events prove they are very real.”

    Ref­er­enc­ing reports of the recent nuclear cyber inci­dents, he added, “These breach­es make plain that for­eign actors are look­ing for ways to exploit US grid vul­ner­a­bil­i­ties. We saw this com­ing.”

    If U.S. intel­li­gence agen­cies con­firm Russ­ian secu­ri­ty ser­vices were involved in the attack on nuclear plants, ten­sions with Moscow could esca­late. In a Twit­ter com­ment that attract­ed bipar­ti­san ridicule, Pres­i­dent Trump yes­ter­day morn­ing said that he and Putin had agreed to cre­ate an “impen­e­tra­ble Cyber Secu­ri­ty unit” to guard against hack­ing, only to appar­ent­ly reverse his posi­tion hours lat­er and sug­gest such an arrange­ment “can’t” hap­pen.

    ...

    Sen. Maria Cantwell (D‑Wash.), rank­ing mem­ber of the Sen­ate Ener­gy and Nat­ur­al Resources Com­mit­tee, reit­er­at­ed her calls for the White House to assess ener­gy-sec­tor cyber vul­ner­a­bil­i­ties and aban­don pro­posed bud­get cuts at the Depart­ment of Ener­gy. “The dis­turb­ing reports of the past 24 hours indi­cate that our adver­saries are try­ing to take advan­tage of the very real vul­ner­a­bil­i­ties of our ener­gy infra­struc­ture’s cyber defens­es,” she said Fri­day.

    Draw­ing from the Ukraine play­book

    In 2015, a group of hack­ers set sights on sev­er­al Ukrain­ian elec­tric dis­tri­b­u­tion com­pa­nies. The intrud­ers broke into the util­i­ties’ busi­ness net­works with “phish­ing” emails designed to lure employ­ees into click­ing on a doc­u­ment laced with mal­ware.

    From there, the attack­ers mapped out their vic­tims’ com­put­er sys­tems, even gain­ing access to the vir­tu­al pri­vate net­work util­i­ty work­ers used to remote­ly oper­ate parts of Ukraine’s elec­tric grid.

    On Dec. 23, 2015, after months of wait­ing and spy­ing, the hack­ers struck, log­ging onto the oper­a­tional net­work and flip­ping cir­cuit break­ers at elec­tric sub­sta­tions. They suc­ceed­ed in cut­ting pow­er to sev­er­al hun­dred thou­sand Ukrain­ian cit­i­zens for a few hours in what became the first known cyber­at­tack on a pow­er grid in the world.

    At first glance, the lat­est nuclear hack­ers appear to have drawn from the same play­book.

    They used a “fair­ly cre­ative” phish­ing email to gain a foothold on tar­get­ed net­works, accord­ing to Craig Williams, senior tech­ni­cal leader and glob­al out­reach man­ag­er for Cis­co Talos, a cyber­se­cu­ri­ty research divi­sion of Cis­co Sys­tems Inc.

    Instead of stow­ing mal­ware in the Word doc­u­ment itself, the hack­ers tweaked a con­trol engi­neer’s résumé into bea­con­ing out to a mali­cious serv­er via a Microsoft com­mu­ni­ca­tions pro­to­col called Serv­er Mes­sage Block. The cyber intrud­ers could then swipe frag­ments of SMB traf­fic con­tain­ing the vic­tims’ login infor­ma­tion to set up an autho­rized con­nec­tion to the tar­get­ed net­work and move on from there, Williams explained.

    The tech­nique points to “attack­ers who are ded­i­cat­ed and who’ve done their research,” he not­ed.

    While Williams said Cis­co had detect­ed a vari­ety of ener­gy com­pa­nies hit by the phish­ing emails, he point­ed out that “the nuclear sec­tor is extreme­ly hard­ened.”

    Get­ting blocked

    Nuclear pow­er plant oper­a­tors have to abide by their own set of cyber­se­cu­ri­ty rules estab­lished by the Nuclear Reg­u­la­to­ry Com­mis­sion. Fol­low­ing its most recent cyber­se­cu­ri­ty audits in 2015, the NRC report­ed “sev­er­al very low secu­ri­ty sig­nif­i­cance vio­la­tions of cyber secu­ri­ty plan require­ments.”

    None of those vio­la­tions could have result­ed in an immi­nent threat to nuclear safe­ty, the reg­u­la­tor said.

    The NRC plans to ramp up cyber­se­cu­ri­ty inspec­tions lat­er this year. The agency has declined to com­ment on reports of the recent cyber breach­es at nuclear pow­er gen­er­a­tion sites.

    Nuclear pow­er com­pa­nies have had to account for the pos­si­bil­i­ty of a cyber­at­tack on their safe­ty sys­tems since 2002, accord­ing to NRC guid­ance.

    Elec­tric util­i­ties typ­i­cal­ly adhere to a three-step mod­el for pro­tect­ing their most sen­si­tive sys­tems from hack­ers. At a basic lev­el, this set­up involves an infor­ma­tion tech­nol­o­gy net­work — such as a util­i­ty’s inter­net-con­nect­ed cor­po­rate head­quar­ters — and an oper­a­tional net­work that includes grid con­trol sys­tems. Com­pa­nies typ­i­cal­ly add a third lay­er or “demil­i­ta­rized zone” bridg­ing those two sides of the busi­ness, replete with fire­walls, cyber­se­cu­ri­ty tech­nolo­gies and oth­er safe­guards.

    Nuclear oper­a­tors add at least two more lay­ers to that mod­el, draw­ing lines among the pub­lic inter­net, the cor­po­rate net­work, onsite local area net­works, indus­tri­al “data acqui­si­tion” net­works and, final­ly, the core safe­ty sys­tem over­see­ing radioac­tive mate­ri­als, based on gov­ern­ment guide­lines.

    In the U.S., safe­ty sys­tems are often still “ana­logue,” hav­ing orig­i­nal­ly been built in the 1980s or ear­li­er, before the recent spread of web-con­nect­ed tech­nolo­gies.

    With­in that last, crit­i­cal zone — Lev­el 4 in nuclear indus­try par­lance — tight phys­i­cal con­trols pre­vent phones and USB dri­ves from get­ting in; and oper­a­tional data is designed to flow only out­ward through “data diodes,” with no poten­tial for online com­mands to enter from the pub­lic inter­net or even the site’s own local area net­work.

    “Any­body ever reports that some­body got a con­nec­tion from the inter­net direct­ly or indi­rect­ly into the heart of a nuclear con­trol sys­tem is either full of crap, or is reveal­ing a mas­sive prob­lem with some par­tic­u­lar site, because there should be phys­i­cal­ly no way for that to actu­al­ly be pos­si­ble,” said Andrew Gin­ter, vice pres­i­dent of Water­fall Secu­ri­ty Solu­tions, which mar­kets one such “uni­di­rec­tion­al gate­way” or data diode to the U.S. nuclear sec­tor. “To me, it’s almost incon­ceiv­able.”

    Mar­ty Edwards, man­ag­ing direc­tor of the Automa­tion Fed­er­a­tion, who until last month head­ed a team of indus­tri­al con­trol secu­ri­ty spe­cial­ists at DHS, gen­er­al­ly agreed that a remote con­nec­tion would be near­ly impos­si­ble to achieve. “When we test­ed those kinds of [one-way] devices in the lab, we found that you could­n’t cir­cum­vent any of them, basi­cal­ly, because they’re physics-based,” he said. “There’s no way to manip­u­late that stream.”

    One source famil­iar with nuclear infor­ma­tion tech­nol­o­gy prac­tices, who agreed to speak about secu­ri­ty mat­ters on con­di­tion of anonymi­ty, said that “in order to have a cat­a­stroph­ic impact, you have to get by the human in the con­trol room” — no easy feat. “You’re talk­ing work­ers who are reg­u­lar­ly screened for insid­er [threat] indi­ca­tors and psy­cho­log­i­cal sta­bil­i­ty.”

    Still, the source said a well-resourced attack­er could try sneak­ing in thumb dri­ves, plant­i­ng an insid­er or even land­ing a drone equipped with wire­less attack tech­nol­o­gy into a nuclear gen­er­a­tion site. Reports indi­cate that the infa­mous Stuxnet worm, which dam­aged Iran­ian nuclear cen­trifuges in the late 2000s, prob­a­bly snuck in on remov­able media. Once inside the “air gapped” tar­get net­work, Stuxnet relied on its own hard-cod­ed instruc­tions, rather than any remote com­mands sent in through the inter­net, to cause cost­ly and sen­si­tive nuclear equip­ment to spin out of con­trol.

    But the source, who had reviewed recent DHS and FBI warn­ings about recent nuclear cyberthreats, added that there was no indi­ca­tion the actor behind it got close to nuclear oper­a­tors’ crown jew­els.

    “To get around the data diodes and all the oth­er defens­es, it’d be unprece­dent­ed at this point,” at least from a U.S. per­spec­tive, said the source.

    Would it even be pos­si­ble?

    “Maybe if you’re Vladimir Putin,” the source said.

    ———-

    “ ‘Who did it?’ zeroes in on Russ­ian hack­ing” by Blake Sobczak; E&E News; 07/10/2017

    The Wash­ing­ton Post report­ed Sat­ur­day that U.S. gov­ern­ment offi­cials have already pinned the recent nuclear cyber intru­sions on Rus­sia.”

    As we should expect, the suc­cess­ful phish­ing cam­paign against nuclear plant employ­ees has already been attrib­uted to Rus­sia. And, who knows, maybe it real­ly was Russ­ian gov­ern­ment spon­sored hack­ers, pos­si­bly in response to the reports about the US plant­i­ng of ‘cyber­bombs’ on Russ­ian net­works in retal­i­a­tion for the 2016 US elec­tion hacks blamed on Rus­sia. But, of course, maybe it was­n’t Russ­ian:

    ...
    Ana­lysts remain quick to tamp down asser­tions that Rus­si­a’s fin­ger­print on the lat­est attack is a sure thing.
    ...

    Still, it’s a pret­ty alarm­ing sit­u­a­tion regard­less of who was behind it, in part because it’s an exam­ple of how poten­tial­ly vul­ner­a­ble things like nuclear plants are to any hack­er, state-backed or not:

    ...
    Still, the source said a well-resourced attack­er could try sneak­ing in thumb dri­ves, plant­i­ng an insid­er or even land­ing a drone equipped with wire­less attack tech­nol­o­gy into a nuclear gen­er­a­tion site. Reports indi­cate that the infa­mous Stuxnet worm, which dam­aged Iran­ian nuclear cen­trifuges in the late 2000s, prob­a­bly snuck in on remov­able media. Once inside the “air gapped” tar­get net­work, Stuxnet relied on its own hard-cod­ed instruc­tions, rather than any remote com­mands sent in through the inter­net, to cause cost­ly and sen­si­tive nuclear equip­ment to spin out of con­trol.
    ...

    And as we’re going to see with the very strange case of Devon Arthurs — a neo-Nazi-turned-Mus­lim who mur­dered two of his neo-Nazi room­mates back in May — and Bran­don Rus­sell — Arthurs’s third room­mate who was found with pos­sess­ing bomb-mak­ing mate­ri­als, radioac­tive sub­stances and a framed pic­ture of Tim­o­thy McVeigh after police searched their res­i­dence — if we’re look­ing for a group that’s like­ly to actu­al­ly try to cause a nuclear melt­down and all the death and destruc­tion that goes along with it, it’s prob­a­bly not the Russ­ian gov­ern­ment we have to wor­ry about:

    Tam­pa Bay Times

    Nation­al Guard ‘neo-Nazi’ aimed to hit Mia­mi nuclear plant, room­mate says

    Dan Sul­li­van, Times Staff Writer
    Tues­day, June 13, 2017 4:20pm

    TAMPA — Bran­don Rus­sell, a Nation­al Guards­man and self-described neo-Nazi, had plans to blow up pow­er lines in the Flori­da Ever­glades and launch explo­sives into a nuclear pow­er plant near Mia­mi, his room­mate Devon Arthurs told police.

    Pros­e­cu­tors on Tues­day played por­tions of a record­ed inter­ro­ga­tion Arthurs gave in the hours imme­di­ate­ly after he was arrest­ed in the killings of Jere­my Him­mel­man and Andrew Oneschuk. In the video, Arthurs offers a jus­ti­fi­ca­tion for the killings, claim­ing that Rus­sell, the sur­viv­ing room­mate, was prepar­ing to com­mit acts of ter­ror­ism.

    “The things they were plan­ning were hor­ri­ble,” Arthurs said. “These peo­ple were not good peo­ple.”

    The U.S. Attor­ney’s Office pre­sent­ed the video excerpts in an effort to get U.S. Mag­is­trate Judge Thomas B. McCoun III to revoke an order grant­i­ng Rus­sell bail, argu­ing that he pos­es a dan­ger to the com­mu­ni­ty.

    Late Tues­day, the judge stayed the order. Rus­sell will remain jailed while the judge recon­sid­ers the issue.

    Rus­sell, 21, faces explo­sives charges after bomb­mak­ing mate­ri­als were found at his Tam­pa Palms apart­ment May 19 dur­ing the mur­der inves­ti­ga­tion. Arthurs, sep­a­rate­ly, has been charged with two counts of first-degree mur­der in state court.

    In the video, Arthurs sits beside a table in a white-walled inter­ro­ga­tion room, his right leg rest­ing over his left knee. He ges­tures with both hands as he casu­al­ly describes Rus­sel­l’s neo-Nazi beliefs and sup­posed plans to com­mit ter­ror­ist acts.

    He said Rus­sell stud­ied how to build nuclear weapons in school and is “some­body that lit­er­al­ly has knowl­edge of how to build a nuclear bomb.”

    When a Tam­pa police detec­tive asked Arthurs if his friends had any spe­cif­ic ter­ror­ist inten­tions, he said they had a plan to blow up pow­er lines along Alli­ga­tor Alley, the stretch of Inter­state 75 link­ing Naples with Fort Laud­erdale.

    He also said they had a plan to fire mor­tars loaded with nuclear mate­r­i­al into the cool­ing units of a nuclear pow­er plant near Mia­mi.

    He said the dam­age would cause “a mas­sive reac­tor fail­ure” and spread “irra­di­at­ed water” through­out the ocean.

    “Think about a BP oil spill, except it wipes out parts of the east­ern seaboard,” Arthurs said.

    The detec­tive asked why they want­ed to do these things.

    “Because they want­ed to build a Fourth Reich,” Arthurs said. He said Rus­sell idol­ized Okla­homa City bomber Tim­o­thy McVeigh.

    “He said the only thing McVeigh did wrong was he did­n’t put enough mate­r­i­al into the truck to bring the whole build­ing down.”

    Assis­tant U.S. Attor­ney Josephine Thomas not­ed dur­ing the hear­ing that the Turkey Point Nuclear Gen­er­at­ing Sta­tion is near Mia­mi. She also not­ed that when bomb squad mem­bers arrived at Rus­sel­l’s apart­ment, their pagers alert­ed them to the pres­ence of “two radi­a­tion sources.” The crim­i­nal com­plaint says those were tho­ri­um and ameri­ci­um, both radioac­tive met­als.

    Rus­sel­l’s defense attor­ney, Ian Gold­stein, not­ed that author­i­ties have not charged him with pos­ses­sion of nuclear mate­ri­als.

    ...

    Gold­stein ques­tioned Arthurs’ cred­i­bil­i­ty.

    “Devon Arthurs is a per­son who just mur­dered two indi­vid­u­als, who is des­per­ate to save him­self, and, quite frankly, I think he is a few cards short of a full deck,” Gold­stein said. “I hope the gov­ern­ment brings Mr. Arthurs to the tri­al as their prime wit­ness. He’s insane.”

    Arthurs, accord­ing to court records, admit­ted to the killings, say­ing Him­mel­man and Oneschuk had dis­re­spect­ed his con­ver­sion to Islam.

    “I was like, ‘How could I have done this?’ ” he said in the video played Tues­day. “If I had­n’t done that, there would be a lot more peo­ple dead than just these two guys in this orga­ni­za­tion.”

    ———-

    “Nation­al Guard ‘neo-Nazi’ aimed to hit Mia­mi nuclear plant, room­mate says” by Dan Sul­li­van; Tam­pa Bay Times; 06/13/2017

    “He said Rus­sell stud­ied how to build nuclear weapons in school and is “some­body that lit­er­al­ly has knowl­edge of how to build a nuclear bomb.””

    A neo-Nazi that lit­er­al­ly has knowl­edge of how to build a nuclear bomb. That’s how Devon Arthurs, a neo-Nazi-turn-Mus­lim who killed two of his neo-Nazi room­mates, char­ac­ter­ized Bran­don Rus­sell. But Rus­sel­l’s nuclear inter­ests were lim­it­ed to build­ing bombs accord­ing to Arthur. He also want­ed to fire nuclear-tipped mor­tars at Miami’s nuclear pow­er plant to cre­ate a mass disaster...as part of a plan to cre­ate a Fourth Reich:

    ...
    When a Tam­pa police detec­tive asked Arthurs if his friends had any spe­cif­ic ter­ror­ist inten­tions, he said they had a plan to blow up pow­er lines along Alli­ga­tor Alley, the stretch of Inter­state 75 link­ing Naples with Fort Laud­erdale.

    He also said they had a plan to fire mor­tars loaded with nuclear mate­r­i­al into the cool­ing units of a nuclear pow­er plant near Mia­mi.

    He said the dam­age would cause “a mas­sive reac­tor fail­ure” and spread “irra­di­at­ed water” through­out the ocean.

    “Think about a BP oil spill, except it wipes out parts of the east­ern seaboard,” Arthurs said.

    The detec­tive asked why they want­ed to do these things.

    “Because they want­ed to build a Fourth Reich,” Arthurs said. He said Rus­sell idol­ized Okla­homa City bomber Tim­o­thy McVeigh.
    ...

    And Arthur claimed to police that it was these ter­ror­ist plots that, in part, prompt­ed him to kill his room­mates (although not Rus­sell):

    ...
    Arthurs, accord­ing to court records, admit­ted to the killings, say­ing Him­mel­man and Oneschuk had dis­re­spect­ed his con­ver­sion to Islam.

    “I was like, ‘How could I have done this?’ ” he said in the video played Tues­day. “If I had­n’t done that, there would be a lot more peo­ple dead than just these two guys in this orga­ni­za­tion.”

    Also note that while the judge ini­tial­ly released Rus­sell, say­ing there was­n’t evi­dence to back Arthurs’s claims, he reverse that rul­ing a day lat­er.

    So was Devon Arthurs just mak­ing stuff up to the police is or is there some truth to the claims? Well, find­ing explo­sive and radioac­tive mate­ri­als cer­tain­ly lends some cred­i­bil­i­ty to them:

    ...
    Assis­tant U.S. Attor­ney Josephine Thomas not­ed dur­ing the hear­ing that the Turkey Point Nuclear Gen­er­at­ing Sta­tion is near Mia­mi. She also not­ed that when bomb squad mem­bers arrived at Rus­sel­l’s apart­ment, their pagers alert­ed them to the pres­ence of “two radi­a­tion sources.” The crim­i­nal com­plaint says those were tho­ri­um and ameri­ci­um, both radioac­tive met­als.
    ...

    Well, as the fol­low­ing arti­cle notes, the apart­ment these four neo-Nazis shared includ­ed a frame pic­ture of Tim­o­thy McVeigh, enough explo­sives to cre­ate a bomb, and Rus­sell him­self admit­ted to belong­ing to a group call Atom­waf­fen, which is Ger­man for “atom­ic weapon”.

    On the oth­er had, Rus­sell, and the rest of Atom­waf­fen, got quite a tes­ti­mo­ny about their good character...from Andrew “the weev” Auern­heimer. Yes, Auern­heimer, who hap­pens to be the kind of skilled hack­er who actu­al­ly might have the abil­i­ty to trig­ger a nuclear melt down some­day, wrote about the whole inci­dent on The Dai­ly Stormer. Accord­ing to Auern­heimer, the two killed room­mates were “friends of friends” and the “Atom­waf­fen are a bunch of good dudes. They’ve post­ed tons of fliers with absolute­ly killer graph­ics at tons of uni­ver­si­ties over the years. They gen­er­al­ly have a lot of fun and par­ty”:

    Asso­ci­at­ed Press

    Neo-Nazi-turned-Mus­lim kills room­mates over ‘dis­re­spect,’ police say

    By JASON DEAREN and MICHAEL KUNZELMAN
    May 22, 2017 at 6:43 pm

    A man told police he killed his two room­mates because they were neo-Nazis who dis­re­spect­ed his recent con­ver­sion to Islam, and inves­ti­ga­tors found bomb-mak­ing mate­ri­als and Nazi pro­pa­gan­da after he led them to the bod­ies.

    Devon Arthurs, 18, told police he had until recent­ly shared his room­mates’ neo-Nazi beliefs, but that he con­vert­ed to Islam, accord­ing to court doc­u­ments and a state­ment the Tam­pa Police Depart­ment released Mon­day.

    ...

    In the apart­ment with the vic­tims’ bod­ies on Fri­day, inves­ti­ga­tors found Nazi and white suprema­cist pro­pa­gan­da; a framed pic­ture of Okla­homa City bomber Tim­o­thy McVeigh; and explo­sives and radioac­tive sub­stances, accord­ing to the court doc­u­ments.

    They also found a fourth room­mate, Bran­don Rus­sell, cry­ing and stand­ing out­side the apartment’s front door in his U.S. Army uni­form.

    “That’s my room­mate (Rus­sell). He doesn’t know what’s going on and just found them like you guys did,” Arthurs told the police offi­cers, accord­ing to the report.

    Fed­er­al agents arrest­ed Rus­sell, 21, on Sat­ur­day on charges relat­ed to the explo­sives.

    The FBI said Rus­sell “admit­ted to his neo-Nazi beliefs” and said he was a mem­ber of a group called Atom­waf­fen, which is Ger­man for “atom­ic weapon.”

    Major Caitlin Brown, spokes­woman for the Flori­da Nation­al Guard, con­firmed Rus­sell was a cur­rent mem­ber of the Flori­da Nation­al Guard. But she couldn’t imme­di­ate­ly pro­vide any oth­er infor­ma­tion.

    Arthurs start­ed the chain of events on Fri­day when he held two cus­tomers and an employ­ee hostage at gun­point at a Tam­pa smoke shop, police said. He was com­plain­ing about the treat­ment of Mus­lims.

    “He fur­ther informed all three vic­tims that he was upset due to Amer­i­ca bomb­ing his Mus­lim coun­tries,” police Detec­tive Ken­neth Nightlinger wrote in his report.

    Offi­cers talked Arthurs into let­ting the hostages go and drop­ping his weapon, and took him into cus­tody.

    While in cus­tody, police said Arthurs start­ed talk­ing about killing two peo­ple, and then he direct­ed them to a con­do­mini­um com­plex where the four room­mates shared an apart­ment.

    “I had to do it,” Arthurs told police. “This wouldn’t have had to hap­pen if your coun­try didn’t bomb my coun­try.”

    Inside the apart­ment, the offi­cers found the bod­ies of 22-year-old Jere­my Him­mel­man and 18-year-old Andrew Oneschuk. Both had been shot.

    Police called in the FBI and a bomb squad, which found enough explo­sives to con­sti­tute a bomb, accord­ing to fed­er­al agents.

    At first, Rus­sell told agents he kept the explo­sives from his days in an engi­neer­ing club at the Uni­ver­si­ty of South Flori­da in 2013, and that he used the sub­stances to boost home­made rock­ets. The agents wrote that the sub­stance found was “too ener­getic and volatile for these types of uses.”

    Rus­sell has been charged with pos­ses­sion of an unreg­is­tered destruc­tive device and unlaw­ful stor­age of explo­sive mate­r­i­al. Court records did not list an attor­ney for him.

    Andrew Auern­heimer, a noto­ri­ous com­put­er hack­er and inter­net troll, wrote a post about the killings for The Dai­ly Stormer, a lead­ing neo-Nazi web­site.

    Auern­heimer, known online as “weev,” said in Sunday’s post that he knew the shoot­ing sus­pect and both of the shoot­ing vic­tims. He said he banned Arthurs from The Dai­ly Stormer’s Dis­cord serv­er, an online forum, for post­ing “Mus­lim ter­ror­ist pro­pa­gan­da” ear­li­er this year.

    “He came in to con­vert peo­ple to Islam,” Auern­heimer said dur­ing a tele­phone inter­view Mon­day. “It didn’t work out very well for him.”

    Auern­heimer described Him­mel­man and Oneschuk as “friends of friends” and said they belonged to the Atom­waf­fen group.

    “Atom­waf­fen are a bunch of good dudes. They’ve post­ed tons of fliers with absolute­ly killer graph­ics at tons of uni­ver­si­ties over the years. They gen­er­al­ly have a lot of fun and par­ty,” he wrote.

    ———-

    “Neo-Nazi-turned-Mus­lim kills room­mates over ‘dis­re­spect,’ police say” by JASON DEAREN and MICHAEL KUNZELMAN; Asso­ci­at­ed Press; 05/22/2017

    “In the apart­ment with the vic­tims’ bod­ies on Fri­day, inves­ti­ga­tors found Nazi and white suprema­cist pro­pa­gan­da; a framed pic­ture of Okla­homa City bomber Tim­o­thy McVeigh; and explo­sives and radioac­tive sub­stances, accord­ing to the court doc­u­ments.”

    That sure sounds like the kind of stuff one would find in the apart­ment of some­one with hor­ri­ble plans. But accord­ing to neo-Nazi elite-hack­er Andrew Auern­heimer, the only prob­lem in this sit­u­a­tion was Arthurs pos­ing “Mus­lim ter­ror­ist pro­pa­gan­da” on the Dai­ly Stormer’s forums. Oth­er­wise these Atom­waf­fen guys were great!

    ...
    Andrew Auern­heimer, a noto­ri­ous com­put­er hack­er and inter­net troll, wrote a post about the killings for The Dai­ly Stormer, a lead­ing neo-Nazi web­site.

    Auern­heimer, known online as “weev,” said in Sunday’s post that he knew the shoot­ing sus­pect and both of the shoot­ing vic­tims. He said he banned Arthurs from The Dai­ly Stormer’s Dis­cord serv­er, an online forum, for post­ing “Mus­lim ter­ror­ist pro­pa­gan­da” ear­li­er this year.

    “He came in to con­vert peo­ple to Islam,” Auern­heimer said dur­ing a tele­phone inter­view Mon­day. “It didn’t work out very well for him.”

    Auern­heimer described Him­mel­man and Oneschuk as “friends of friends” and said they belonged to the Atom­waf­fen group.

    “Atom­waf­fen are a bunch of good dudes. They’ve post­ed tons of fliers with absolute­ly killer graph­ics at tons of uni­ver­si­ties over the years. They gen­er­al­ly have a lot of fun and par­ty,” he wrote.

    And don’t for­get, if any neo-Nazi hack­er is capa­ble of suc­cess­ful­ly tak­ing down a nuclear plant, per­haps as part of a larg­er coor­di­nat­ed neo-Nazi attack or or just on his own, it’s Auern­heimer.

    And in case it’s not obvi­ous that Auern­heimer shares in the McVeigh wor­ship, it should be obvi­ous now that he recent­ly pro­posed crowd-fund­ing a McVeigh mon­u­ment:

    The South­ern Pover­ty Law Cen­ter

    McVeigh Wor­ship: The New Extrem­ist Trend

    Bill Mor­lin
    June 27, 2017

    In extrem­ist cir­cles, there appears to be a bump of inter­est in Tim­o­thy James McVeigh.

    Yes, that Tim­o­thy McVeigh. The guy who used a Ryder truck to bomb the Alfred P. Mur­rah Fed­er­al Build­ing in Okla­homa City on April 19, 1995, killing 168 inno­cent chil­dren and adults and wound­ing more than 600 oth­ers.

    His act 22 years ago, for those who may have for­got­ten, was the dead­liest ter­ror­ist attack in the Unit­ed States before the attacks of Sept. 11, 2001.

    McVeigh was con­vict­ed of ter­ror­ism and exe­cut­ed just three months before those attacks.

    His name and heinous crime are not for­got­ten, nor should they be, while there seems to be a grow­ing admi­ra­tion for McVeigh in some extrem­ist cir­cles. One mili­tia hon­cho even likened McVeigh to Jesus Christ.

    Check out these recent men­tions of McVeigh:

    In mid-May, police in Tam­pa, Flori­da, respond­ed to the scene of a dou­ble-mur­der involv­ing young, self-described neo-Nazis.

    Bran­don Rus­sell, who shared the apart­ment with the mur­der sus­pect, was charged with pos­ses­sion of bomb-mak­ing mate­ri­als and chem­i­cals, includ­ing ammo­ni­um nitrate – the same kind of mate­r­i­al used by McVeigh.

    In Russell’s bed­room at the apart­ment he shared with the mur­der sus­pect and the two slain neo-Nazis, police found a framed pho­to­graph of Tim­o­thy McVeigh. Rus­sell, who’s in cus­tody, hasn’t pub­licly explained that fas­ci­na­tion.

    ...

    More recent­ly, neo-Nazi Andrew ‘Weev’ Auern­heimer, who writes for the racist web site “Dai­ly Stormer,” said he was seri­ous in propos­ing a crowd-fund­ing account to raise mon­ey to build a “per­ma­nent mon­u­ment” in a memo­r­i­al grove hon­or­ing McVeigh.

    “Think of it, a gigan­tic bronze stat­ue of Tim­o­thy McVeigh poised tri­umphant­ly atop a Ryder truck, arms raised as if to form an Algiz rune from his body, with a plaque that states the hon­est truth,” Auern­heimer wrote. “Noth­ing would be a greater insult to these piz­za-par­ty guard­ing fed­er­al swine than a per­ma­nent mon­u­ment hon­or­ing [McVeigh’s] jour­ney to Val­hal­la or Fólk­van­gr atop the piles of their corpses.”

    “I am not jok­ing,” Auern­heimer wrote. “This should be done. Imag­ine how angry it would make peo­ple.”

    ...

    ———-

    “McVeigh Wor­ship: The New Extrem­ist Trend” by Bill Mor­lin; The South­ern Pover­ty Law Cen­ter; 06/27/2017

    “More recent­ly, neo-Nazi Andrew ‘Weev’ Auern­heimer, who writes for the racist web site “Dai­ly Stormer,” said he was seri­ous in propos­ing a crowd-fund­ing account to raise mon­ey to build a “per­ma­nent mon­u­ment” in a memo­r­i­al grove hon­or­ing McVeigh.

    So, yes, while it seems very unlike­ly that the Russ­ian gov­ern­ment would resort to trig­ger­ing nuclear melt­downs giv­en the extreme retal­i­a­tion that would fol­low, there’s no short­age of groups that just might be will­ing to trig­ger a melt­down and just might have the capac­i­ty to do so. Whether it’s a hack attack from some­one like “the weev” or just a friend of the weev who hap­pens to be a good shot with high-explo­sive mor­tars.

    Posted by Pterrafractyl | July 18, 2017, 4:14 pm
  6. Is is pos­si­ble that the “Com­mand & con­trol” serv­er used in the DNC serv­er hacks was not only hacked and under 3rd par­ty con­trol dur­ing the 2015–2016 DNC hack but also the 2015 Bun­destag hack? As we’re going to see, it’s pos­si­ble.

    First, here’s some­thing to keep in mind regard­ing the Ger­man gov­ern­men­t’s pub­lic attri­bu­tion in mid-May of 2016 that APT28/Fancy Bear is a Russ­ian gov­ern­ment hack­ing group and was respon­si­ble for 2015 Bun­destag hack: As secu­ri­ty ana­lyst Jef­frey Carr notes in the piece below, when Ger­many’s domes­tic intel­li­gence agency, the BfV, issued a report in Jan­u­ary of 2016 that attrib­uted both APT28 and APT29 to the Russ­ian gov­ern­ment, the report did­n’t appear to ref­er­ence any clas­si­fied infor­ma­tion. The con­clu­sions appeared to be based on exact­ly the same kind of tech­ni­cal ‘clues’ that were used for attri­bu­tion in the 2016 DNC hacks. And as Carr also points out, rely­ing on those tech­ni­cal ‘clues’ is a rather clue­less way to go about attri­bu­tion:

    Medi­um

    Prin­ci­pal con­sul­tant at 20KLeague.com; Founder of Suits and Spooks; Author of “Inside Cyber War­fare (O’Reilly Media, 2009, 2011)

    Jef­frey Carr
    Jul 27, 2016

    Yes­ter­day, Pro­fes­sor Thomas Rid (Kings Col­lege Lon­don) pub­lished his nar­ra­tive of the DNC breach and strong­ly con­demned the lack of action by the U.S. gov­ern­ment against Rus­sia.

    Susan Hen­nessey, a Har­vard-edu­cat­ed lawyer who used to work at the Office of the Gen­er­al Coun­sel at NSA called the evi­dence “about as close to a smok­ing gun as can be expect­ed where a sophis­ti­cat­ed nation state is involved.”

    Then late Mon­day evening, the New York Times report­ed that “Amer­i­can intel­li­gence agen­cies have “high con­fi­dence” that the Russ­ian gov­ern­ment was behind the DNC breach.

    It’s hard to beat a good nar­ra­tive “when expla­na­tions take such a dread­ful time” as Lewis Car­roll point­ed out. And the odds are that noth­ing that I write will change the momen­tum that’s rapid­ly build­ing against the Russ­ian gov­ern­ment.

    Still, my goal for this arti­cle is to address some of the fac­tu­al errors in Thomas Rid’s Vice piece, pro­vide some new infor­ma­tion about the capa­bil­i­ties of inde­pen­dent Russ­ian hack­ers, and explain why the chaos at GRU makes it such an unlike­ly home for an APT group.

    Fact-Check­ing The Evi­dence

    Thomas Rid wrote:

    One of the strongest pieces of evi­dence link­ing GRU to the DNC hack is the equiv­a­lent of iden­ti­cal fin­ger­prints found in two bur­glar­ized build­ings: a reused com­mand-and-con­trol address?—?176.31.112[.]10?—?that was hard cod­ed in a piece of mal­ware found both in the Ger­man par­lia­ment as well as on the DNC’s servers. Russ­ian mil­i­tary intel­li­gence was iden­ti­fied by the Ger­man domes­tic secu­ri­ty agency BfV as the actor respon­si­ble for the Bun­destag breach. The infra­struc­ture behind the fake MIS Depart­ment domain was also linked to the Berlin intru­sion through at least one oth­er ele­ment, a shared SSL cer­tifi­cate.

    This para­graph sounds quite damn­ing if you take it at face val­ue, but if you invest a lit­tle time into check­ing the source mate­r­i­al, its care­ful­ly con­struct­ed nar­ra­tive falls apart.

    Prob­lem #1: The IP address 176.31.112[.]10 used in the Bun­destag breach as a Com­mand and Con­trol serv­er has nev­er been con­nect­ed to the Russ­ian intel­li­gence ser­vices. In fact, Clau­dio Guarnieri, a high­ly regard­ed secu­ri­ty researcher, whose tech­ni­cal analy­sis was ref­er­enced by Rid, stat­ed that “no evi­dence allows to tie the attacks to gov­ern­ments of any par­tic­u­lar coun­try.”

    Prob­lem #2: The Com­mand & Con­trol serv­er (176.31.112.10) was using an out­dat­ed ver­sion of OpenSSL vul­ner­a­ble to Heart­bleed attacks. Heart­bleed allows attack­ers to exfil­trate data includ­ing pri­vate keys, user­names, pass­words and oth­er sen­si­tive infor­ma­tion.

    The exis­tence of a known secu­ri­ty vul­ner­a­bil­i­ty that’s triv­ial to exploit opens the door to the pos­si­bil­i­ty that the sys­tems in ques­tion were used by one rogue group, and then infil­trat­ed by a sec­ond rogue group, mak­ing the attri­bu­tion process even more com­pli­cat­ed. At the very least, the C2 serv­er should be con­sid­ered a com­pro­mised indi­ca­tor.

    Prob­lem #3: The BfV pub­lished a newslet­ter in Jan­u­ary 2016 which assumes that the GRU and FSB are respon­si­ble because of tech­ni­cal indi­ca­tors, not because of any clas­si­fied find­ing; to wit: “Many of these attack cam­paigns have each oth­er on tech­ni­cal sim­i­lar­i­ties, such as mali­cious soft­ware fam­i­lies, and infrastructure—these are impor­tant indi­ca­tors of the same author­ship. It is assumed that both the Russ­ian domes­tic intel­li­gence ser­vice FSB and the mil­i­tary for­eign intel­li­gence ser­vice GRU run cyber oper­a­tions.”

    Pro­fes­sor Rid’s argu­ment depend­ed heav­i­ly on con­vey­ing hard attri­bu­tion by the BfV even though the Pres­i­dent of the BfV didn’t dis­guise the fact that their attri­bu­tion was based on an assump­tion and not hard evi­dence.

    Per­son­al­ly, I don’t want to have my gov­ern­ment cre­ate more ten­sion in Russian‑U.S. rela­tions because the head of Germany’s BfV made an assump­tion.

    In intel­li­gence, as in oth­er call­ings, esti­mat­ing is what you do when you do not know. (Sher­man Kent)

    When it came to attribut­ing Fan­cy Bear to the GRU, Dmit­ry Alper­ovich used a type of esti­ma­tive lan­guage because there was no hard proof: “Exten­sive tar­get­ing of defense min­istries and oth­er mil­i­tary vic­tims has been observed, the pro­file of which close­ly mir­rors the strate­gic inter­ests of the Russ­ian gov­ern­ment, and may indi­cate affil­i­a­tion with ??????? ???????????????? ?????????? (Main Intel­li­gence Depart­ment) or GRU, Russia’s pre­mier mil­i­tary intel­li­gence ser­vice.”

    For Cozy Bear’s attri­bu­tion to the FSB, Dmit­ry sim­ply observed that there were two threat actor groups oper­at­ing at the same time while unaware of each other’s pres­ence. He not­ed that the Russ­ian intel­li­gence ser­vices also com­pete with each oth­er, there­fore Cozy Bear is prob­a­bly either the FSB or the SVR: “we observed the two Russ­ian espi­onage groups com­pro­mise the same sys­tems and engage sep­a­rate­ly in the theft of iden­ti­cal cre­den­tials. While you would vir­tu­al­ly nev­er see West­ern intel­li­gence agen­cies going after the same tar­get with­out de-con­flic­tion for fear of com­pro­mis­ing each other’s oper­a­tions, in Rus­sia this is not an uncom­mon sce­nario.”

    The Fidelis report on the mal­ware didn’t men­tion the GRU or FSB at all. Their tech­ni­cal analy­sis only con­firmed the APT groups involved: “Based on our com­par­a­tive analy­sis we agree with Crowd­Strike and believe that the COZY BEAR and FANCY BEAR APT groups were involved in suc­cess­ful intru­sions at the DNC.”

    When it came to attribut­ing the attack to the Russ­ian intel­li­gence ser­vices, Fidelis’ Mike Bura­tows­ki told reporter Michael Heller: “In a sit­u­a­tion like this, we can’t say 100% that it was this per­son in this unit, but what you can say is it’s more prob­a­ble than not that it was this group of peo­ple or this actor set.”

    As Mark Twain said, good judg­ment comes from expe­ri­ence, and expe­ri­ence comes from bad judg­ment. The prob­lem with judg­ment calls and attri­bu­tion is that since there’s no way to be proven right or wrong, there’s no way to dis­cern if one’s judg­ment call is good or bad.

    The meta­da­ta in the leaked doc­u­ments are per­haps most reveal­ing: one dumped doc­u­ment was mod­i­fied using Russ­ian lan­guage set­tings, by a user named “?????? ??????????,” a code name refer­ring to the founder of the Sovi­et Secret Police

    OK. Raise your hand if you think that a GRU or FSB offi­cer would add Iron Felix’s name to the meta­da­ta of a stolen doc­u­ment before he released it to the world while pre­tend­ing to be a Roman­ian hack­er. Some­one clear­ly had a wicked sense of humor.

    ...

    APT Groups Aren’t Peo­ple. They‘re’ Indi­ca­tors.

    [see image of dif­fer­ent names for the APT groups assumed to be Russ­ian]

    This is a par­tial spread­sheet for Russ­ian APT threat groups. The one for Chi­na is about four times as big. If it looks con­fus­ing, that’s because it is. There is no for­mal process for iden­ti­fy­ing a threat group. Cyber­se­cu­ri­ty com­pa­nies like to assign their own nam­ing con­ven­tions so you wind up hav­ing mul­ti­ple names for the same group. For exam­ple, CrowdStrike’s Fan­cy Bear group has the pri­ma­ry name of Sofa­cy, and alter­na­tive names of APT28, Sed­nit, Pawn Storm, and Group 74.

    While it’s nat­ur­al to think of Sofa­cy as a group of indi­vid­u­als, it’s more like a group of tech­ni­cal indi­ca­tors which include tools, tech­niques, pro­ce­dures, tar­get choic­es, coun­tries of ori­gin, and of course, peo­ple. Since most bad actors oper­ate covert­ly, we are high­ly depen­dent on the foren­sics. Since many of the tools used are shared, and oth­er indi­ca­tors eas­i­ly sub­vert­ed, the foren­sics can be unre­li­able.

    Non-Gov­ern­ment Russ­ian Hack­er Groups

    Russia’s Min­istry of Com­mu­ni­ca­tion report­ed that Russ­ian cyber­crim­i­nals are re-invest­ing 40% of the mil­lions of dol­lars that they earn each year in improv­ing their tech­nol­o­gy and tech­niques as they con­tin­ue to tar­get the world’s bank­ing sys­tem. Kasper­sky Lab esti­mat­ed earn­ings for one 20 mem­ber group at $1 bil­lion over a three year peri­od.

    A com­mon (and erro­neous) ratio­nale for plac­ing the blame of a net­work breach on a nation state is that inde­pen­dent hack­er groups either don’t have the resources or that stolen data doesn’t have finan­cial val­ue. These recent reports by Kasper­sky Lab and Russ­ian Min­istry of Com­mu­ni­ca­tion make it clear that mon­ey is no object when it comes to these inde­pen­dent groups, and that sophis­ti­cat­ed tools and encryp­tion meth­ods are con­stant­ly improved upon, just as they would be at any suc­cess­ful com­mer­cial enter­prise or gov­ern­ment agency.

    That, plus the occa­sion­al cross-over between inde­pen­dent Russ­ian hack­ers and Russia’s secu­ri­ty ser­vices makes dif­fer­en­ti­a­tion between a State and non-State threat actor almost impos­si­ble. For that rea­son alone, it should be incum­bent upon pol­i­cy­mak­ers and jour­nal­ists to ques­tion their sources about how they know that the indi­vid­u­als involved are part of a State-run oper­a­tion.

    A Night­mare Sce­nario

    “Indeed, there will be some pol­i­cy­mak­ers who could not pass a rudi­men­ta­ry test on the “facts of the mat­ter” but who have the strongest views on what the pol­i­cy should be and how to put it into effect.” (Sher­man Kent)

    ...

    Here’s my night­mare. Every time a claim of attri­bu­tion is made—right or wrong—it becomes part of a per­ma­nent record; an un-ver­i­fi­able prove­nance that is built upon by the next secu­ri­ty researcher or start­up who wants to grab a head­line, and by the one after him, and the one after her. The most sen­sa­tion­al of those claims are almost assured of inter­na­tion­al media atten­tion, and if they align with U.S. pol­i­cy inter­ests, they rapid­ly move from unver­i­fied the­o­ry to fact.

    Because each head­line is informed by a report, and because indi­ca­tors of com­pro­mise and oth­er tech­ni­cal details are shared between ven­dors world­wide, any State or non-State actor in the world will soon have the abil­i­ty to imi­tate an APT group with State attri­bu­tion, launch an attack against anoth­er State, and gen­er­ate suf­fi­cient harm­ful effects to trig­ger an inter­na­tion­al inci­dent. All because some com­mer­cial cyber­se­cu­ri­ty com­pa­nies are com­pelled to chase head­lines with sen­sa­tion­al claims of attri­bu­tion that can­not be ver­i­fied.

    I encour­age my col­leagues to leave attri­bu­tion to the FBI and the agen­cies of the Intel­li­gence Com­mu­ni­ty, and I implore every­one else to ask for proof, even from the U.S. gov­ern­ment, when­ev­er you read a head­line that places blame on a for­eign gov­ern­ment for an attack in cyber­space.

    ———–

    “Prin­ci­pal con­sul­tant at 20KLeague.com; Founder of Suits and Spooks; Author of “Inside Cyber War­fare (O’Reilly Media, 2009, 2011)” by Jef­frey Carr; Medi­um; 07/27/2017

    “While it’s nat­ur­al to think of Sofa­cy as a group of indi­vid­u­als, it’s more like a group of tech­ni­cal indi­ca­tors which include tools, tech­niques, pro­ce­dures, tar­get choic­es, coun­tries of ori­gin, and of course, peo­ple. Since most bad actors oper­ate covert­ly, we are high­ly depen­dent on the foren­sics. Since many of the tools used are shared, and oth­er indi­ca­tors eas­i­ly sub­vert­ed, the foren­sics can be unre­li­able.”

    Yep, when cyber­se­cu­ri­ty firms pub­lish reports about some “APT” (Advanced Per­sis­tent Threat) group, they’re not actu­al­ly report­ing on a spe­cif­ic group. They’re report­ing on sim­i­lar tech­ni­cal indi­ca­tors that sug­gest an attack could have been the same group that did a pre­vi­ous hack, but that’s large­ly it.

    And if those tech­ni­cal indi­ca­tors include code that’s avail­able to 3rd par­ty hack­ers and servers that have already been hacked or show vul­ner­a­bil­i­ties to hack­ing, as is the case with the 176.31.112[.]10 Com­mand & Con­trol serv­er used by “APT28” in both the DNC serv­er hack and the Bun­destag hack (with that IP address hard cod­ed in both cas­es), those tech­ni­cal indi­ca­tors are indica­tive of very lit­tle oth­er than some group might be up to their old tricks or some oth­er group is copy­ing (or fram­ing) them:

    ...
    Prob­lem #1: The IP address 176.31.112[.]10 used in the Bun­destag breach as a Com­mand and Con­trol serv­er has nev­er been con­nect­ed to the Russ­ian intel­li­gence ser­vices. In fact, Clau­dio Guarnieri, a high­ly regard­ed secu­ri­ty researcher, whose tech­ni­cal analy­sis was ref­er­enced by Rid, stat­ed that “no evi­dence allows to tie the attacks to gov­ern­ments of any par­tic­u­lar coun­try.”

    Prob­lem #2: The Com­mand & Con­trol serv­er (176.31.112.10) was using an out­dat­ed ver­sion of OpenSSL vul­ner­a­ble to Heart­bleed attacks. Heart­bleed allows attack­ers to exfil­trate data includ­ing pri­vate keys, user­names, pass­words and oth­er sen­si­tive infor­ma­tion.

    The exis­tence of a known secu­ri­ty vul­ner­a­bil­i­ty that’s triv­ial to exploit opens the door to the pos­si­bil­i­ty that the sys­tems in ques­tion were used by one rogue group, and then infil­trat­ed by a sec­ond rogue group, mak­ing the attri­bu­tion process even more com­pli­cat­ed. At the very least, the C2 serv­er should be con­sid­ered a com­pro­mised indi­ca­tor.
    ...

    “he exis­tence of a known secu­ri­ty vul­ner­a­bil­i­ty that’s triv­ial to exploit opens the door to the pos­si­bil­i­ty that the sys­tems in ques­tion were used by one rogue group, and then infil­trat­ed by a sec­ond rogue group, mak­ing the attri­bu­tion process even more com­pli­cat­ed. At the very least, the C2 serv­er should be con­sid­ered a com­pro­mised indi­ca­tor.”

    And yet, despite these glar­ing issues with the tech­ni­cal indi­ca­tors, when Ger­many’s BfV issued a report in Jan­u­ary of 2016 pin­ning the blame for the Bun­destag hacks on the GRU and FSB is an assump­tion based on tech­ni­cal indi­ca­tors alone:

    ..
    Prob­lem #3: The BfV pub­lished a newslet­ter in Jan­u­ary 2016 which assumes that the GRU and FSB are respon­si­ble because of tech­ni­cal indi­ca­tors, not because of any clas­si­fied find­ing; to wit: “Many of these attack cam­paigns have each oth­er on tech­ni­cal sim­i­lar­i­ties, such as mali­cious soft­ware fam­i­lies, and infrastructure—these are impor­tant indi­ca­tors of the same author­ship. It is assumed that both the Russ­ian domes­tic intel­li­gence ser­vice FSB and the mil­i­tary for­eign intel­li­gence ser­vice GRU run cyber oper­a­tions.”
    ...

    So it looks like the BfV’s attri­bu­tion that the Russ­ian gov­ern­ment was behind the “APT28” Bun­destag hack was­n’t a very sol­id attri­bu­tion.

    And don’t for­get that the attri­bu­tion of the Bun­destag hack is A LOT eas­i­er to make than the attri­bu­tion of the DNC serv­er hack. Why? Because after the Bun­destag hack hap­pen there was lots of dis­cus­sion of it in the cyber­se­cu­ri­ty press, and that includ­ed dis­cus­sion of how the Com­mand & Con­trol serv­er at the 176.31.112[.]10 IP address was vul­ner­a­ble to the Heart­bleed attack.

    But how to do know that the serv­er was­n’t being used by third par­ties dur­ing the Bun­destag hack too? After all, there’s not only was the the same 176.31.112[.]10 Com­mand & Con­trol serv­er used in both hacks, but that IP address­es was hard cod­ed into the mal­ware used in both attacks. In oth­er words, “APT28” was already act­ing rather ‘bug­gy’ dur­ing the Bun­destag hack and hack­ers had been seek­ing out Heart­bleed-vul­ner­a­ble servers almost imme­di­ate­ly after Heart­bleed was dis­closed:

    Thom­son Reuters

    Heart­bleed bug-affect­ed servers being sought by hack­ers
    ‘Now it is ama­teur hour. Every­body is doing it.’

    Post­ed: Apr 10, 2014 11:19 AM ET Last Updat­ed: Apr 10, 2014 7:03 PM ET

    Researchers have observed sophis­ti­cat­ed hack­ing groups con­duct­ing auto­mat­ed scans of the inter­net in search of web servers vul­ner­a­ble to the theft of data, includ­ing pass­words, con­fi­den­tial com­mu­ni­ca­tions and cred­it card num­bers, due to the Heart­bleed bug.

    Servers may be vul­ner­a­ble to the bug if they run pop­u­lar ver­sions of a web encryp­tion pro­gram known as OpenSSL used on about two-thirds of all web servers. The issue has gone unde­tect­ed for about two years.

    Kurt Baum­gart­ner, a researcher with secu­ri­ty soft­ware mak­er Kasper­sky Lab, said his firm uncov­ered evi­dence on Mon­day that a few hack­ing groups believed to be involved in state-spon­sored cyber espi­onage were run­ning such scans short­ly after news of the bug first sur­faced the same day.

    That num­ber had increased on Wednes­day after secu­ri­ty soft­ware com­pa­ny Rapid7 released a free tool for con­duct­ing such scans.

    “The prob­lem is insid­i­ous,” Baum­gart­ner said. “Now it is ama­teur hour. Every­body is doing it.”

    It isn’t known whether any data has actu­al­ly been stolen by hack­ers or cyber­crim­i­nals mak­ing use of the bug in the past cou­ple of years, as such thefts would nor­mal­ly be unde­tectable.

    How­ev­er, at least one tech­nol­o­gy spe­cial­ist has report­ed signs that the Heart­bleed bug may have already been exploit­ed. Ter­rence Koe­man, chief tech­nol­o­gy offi­cer for the dig­i­tal pro­duc­tion agency Medi­a­Monks, told the tech­nol­o­gy news site Ars Tech­ni­ca that he had detect­ed scans for the vul­ner­a­bil­i­ty dat­ing back to Novem­ber 2013. And he said the scans came from a net­work sus­pect­ed of har­bour­ing “bot” servers — zom­bie com­put­ers con­trolled over the inter­net by cyber­crim­i­nals using mal­ware.

    OpenSSL soft­ware is used on servers that host web­sites but not PCs or mobile devices, so even though the bug expos­es pass­words and oth­er data entered on those devices to hack­ers, it must be fixed by web­site oper­a­tors.

    “There is noth­ing users can do to fix their com­put­ers,” said Mikko Hyp­po­nen, chief research offi­cer with secu­ri­ty soft­ware mak­er F‑Secure.

    A scan of the inter­net Tues­day night sug­gest­ed that about a third of servers with the vul­ner­a­bil­i­ty had been patched at that time, report­ed Robert David Gra­ham of Atlanta-based Erra­ta Secu­ri­ty on his blog. Still, the scan detect­ed rough­ly 600,000 servers that were still vul­ner­a­ble.

    ...

    ———-

    “Heart­bleed bug-affect­ed servers being sought by hack­ers”; Thom­son Reuters; 04/10/2014

    The prob­lem is insidious...Now it is ama­teur hour. Every­body is doing it.”

    Every­body is doing it. That was the sit­u­a­tion in April of 2014 after scan­ning tools that allowed peo­ple to scan the web for vul­ner­a­ble servers. And yet the APT28 serv­er used in both the Bun­destag hacks and the DNC serv­er hack was still appar­ent­ly vul­ner­a­ble to Heart­bleed in 2015!

    So, again, was the Bun­destag hack even done by “APT28” or just some ran­dom group that hijacked a serv­er that had been pre­vi­ous­ly attrib­uted to APT28-ish behav­ior? It’s a pret­ty cru­cial ques­tion. Espe­cial­ly when you con­sid­er the arti­cle below from June of 2015 (before the DNC serv­er hack) that explic­it­ly point­ed out how the serv­er at 176.31.112[.]10 inex­plic­a­bly hard cod­ed into the Bund­stag hack mal­ware was vul­ner­a­ble to Heart­bleed. Not only does the arti­cle point out this vul­ner­a­bil­i­ty, but is also notes how the use of the par­tic­u­lar mal­ware “XTun­nel” that was com­mu­ni­cat­ing with that serv­er was not at that time a known tech­ni­cal indi­ca­tor asso­ci­at­ed with APT28. In oth­er words, the mal­ware with the odd­ly hard cod­ed IP address to the Heart­bleed vul­ner­a­ble serv­er was new behav­ior for APT28:

    Netzpolitik.org

    Dig­i­tal Attack on Ger­man Par­lia­ment: Inves­tiga­tive Report on the Hack of the Left Par­ty Infra­struc­ture in Bun­destag

    am 19.06.2015 Gast­beitrag

    Servers of The Left in Ger­man Bun­destag have been infect­ed with mal­ware, appar­ent­ly by a state-spon­sored group of Russ­ian ori­gin. This is the sum­ma­ry of an analy­sis by an IT secu­ri­ty researcher, which we pub­lish in full. The in-depth report pro­vides an analy­sis of tech­nol­o­gy, impact, pos­si­ble attri­bu­tion – and a sig­na­ture to detect the mal­ware.

    This analy­sis of secu­ri­ty researcher Clau­dio Guarnieri was orig­i­nal­ly writ­ten for The Left in Ger­man Bun­destag. We’re pub­lish­ing it here with per­mis­sion from The Left.

    Von diesem Bericht existiert auch eine deutsche Über­set­zung.

    Sum­ma­ry of Find­ings

    Two sus­pi­cious arti­facts have been retrieved from two sep­a­rate servers with­in the Die Linke infra­struc­ture. One is an open source util­i­ty used to remote­ly issue com­mands on a Win­dows host from a Lin­ux host. The oth­er is a cus­tom util­i­ty which, despite its large size, has lim­it­ed func­tion­al­i­ty and acts as a tun­nel, pos­si­bly used by the attack­ers to main­tain per­sis­tence with­in the com­pro­mised net­work.

    The com­bi­na­tion of the two util­i­ties seems to be enough for the attack­ers to main­tain a foothold inside the net­work, har­vest data, and exfil­trate all the infor­ma­tion they deemed inter­est­ing. It is, how­ev­er, pos­si­ble that there are addi­tion­al mali­cious arti­facts which have not yet been dis­cov­ered.

    Attrib­ut­es of one of the arti­facts and intel­li­gence gath­ered on the infra­struc­ture oper­at­ed by the attack­ers sug­gest that the attack was per­pe­trat­ed by a state-spon­sored group known as Sofa­cy (or APT28). Pre­vi­ous work pub­lished by secu­ri­ty ven­dor Fire­Eye in Octo­ber 2014 sug­gests the group might be of Russ­ian ori­gin.

    Arti­facts

    The first arti­fact – iden­ti­fied across this report as Arti­fact #1 – has the fol­low­ing attrib­ut­es:

    Name winexesvc.exe
    Size 23552
    MD5 77e7fb6b56c3ece4ef4e93b6dc608be0
    SHA1 f46f84e53263a33e266aae520cb2c1bd0a73354e
    SHA256 5130f600cd9a9cdc82d4bad938b20cbd2f699aadb76e7f3f1a93602330d9997d

    The sec­ond arti­fact – iden­ti­fied across this report as Arti­fact #2 – ‑has the fol­low­ing attrib­ut­es:

    Name svchost.exe.exe
    Size 1062912
    MD5 5e70a5c47c6b59dae7faf0f2d62b28b3
    SHA1 cdeea936331fcdd8158c876e9d23539f8976c305
    SHA256 730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a
    Com­pile Time 2015-04-22 10:49:54

    Analy­sis of Arti­fact #1

    Arti­fact #1 was retrieved from a File Serv­er oper­at­ed by Die Linke. The file is a 64bit-com­pat­i­ble com­piled bina­ry of the open source util­i­ty Winexe. Winexe is soft­ware sim­i­lar to the more pop­u­lar PSEx­ec and is designed to allow sys­tem admin­is­tra­tors to exe­cute com­mands on remote servers. While com­mer­cial solu­tions like Syman­tec pcAnywhere pro­vide a larg­er fea­ture-set, Winexe is light­weight, and doesn’t require any instal­la­tion or con­fig­u­ra­tion. One of the rea­sons Winexe is pre­ferred over PSEx­ec, is that it pro­vides a Lin­ux client, while PSEx­ec doesn’t.

    Attack­ers are mak­ing grow­ing use of util­i­ties like Winexe and PSEx­ec to per­form lat­er­al move­ment across com­pro­mised net­works. Besides pro­vid­ing the abil­i­ty to exe­cute arbi­trary com­mands on the tar­get sys­tem, these util­i­ties nor­mal­ly don’t raise sus­pi­cion as they are com­mon­ly whitelist­ed by Antivirus and oth­er com­mer­cial secu­ri­ty soft­ware.

    Winexe acts as a Win­dows ser­vice that can be con­fig­ured to auto­mat­i­cal­ly start at boot and silent­ly wait for incom­ing com­mands over a named pipe. Named pipes are a Win­dows inter-process com­mu­ni­ca­tion method. Through named pipes, process­es are able to com­mu­ni­cate and exchange data even over a net­work. In the case of Arti­fact #1, the name of the pipe is „ahex­ec“, com­put­ers over the net­work could access the pipe serv­er by sim­ply open­ing a file han­dle on „\Server­Namepi­pea­hex­ec“.

    Once con­nect­ed to the pipe, a user or a pro­gram can eas­i­ly pro­vide infor­ma­tion required to exe­cute com­mand (just as they would nor­mal­ly through a com­mand-line). The pro­vid­ed infor­ma­tion is then passed to a „Cre­ateProces­sAs­UserA“ call and the spec­i­fied com­mand is exe­cut­ed.

    Once inside the net­work, Arti­fact #1 can be enough for the attack­er to down­load or cre­ate addi­tion­al scripts, exe­cute com­mands and exfil­trate data (for exam­ple, sim­ply through ftp). It is plau­si­ble that Arti­fact #1 could be present on oth­er servers under dif­fer­ent names, although it is also like­ly that the attack­er only left it on servers to which they required main­taine­nance of per­sis­tent access.

    It is impor­tant that all the deploy­ments of this util­i­ty are iden­ti­fied and removed, as they are self-suf­fi­cient and they pro­vide easy and open access to exe­cute com­mands on the host, poten­tial­ly with admin­is­tra­tor priv­i­leges.

    Analy­sis of Arti­fact #2

    Arti­fact #2 was recov­ered from the Admin Con­troller oper­at­ed by Die Linke. This is cus­tom mal­ware, which despite large file size (1,1 MB), pro­vides lim­it­ed func­tion­al­i­ty. Arti­fact #2 oper­ates as a backchan­nel for the attack­er to main­tain a foothold inside the com­pro­mised net­work. The prop­er­ties of the arti­fact show that the same authors of the mal­ware seem to have called it „Xtun­nel“. As the same name sug­gests, the arti­fact appears in fact to act as a tun­nel for the attack­er to remote­ly access the inter­nal net­work and main­tain per­sis­tence.

    ...

    After ini­tial­iza­tion, the arti­fact will attempt to estab­lish a con­nec­tion by cre­at­ing a sock­et. In case of fail­ure, it will sleep for three sec­onds and try again. The authors of the mal­ware didn’t appear to have spent any effort in con­ceal­ing indi­ca­tors or obfus­cat­ing code – the IP address with which it tries to com­mu­ni­cate is hard­cod­ed in clear-text inside the bina­ry. We can observe below, the pro­ce­dure through which the arti­fact attempts to estab­lish a con­nec­tion with the IP address „176.31.112.10“:
    [see screen­shot of how “Arti­fact 2” con­nects to the IP address 176.21.112.10]
    This spe­cif­ic IP address is a crit­i­cal piece of infor­ma­tion that enables us to con­nect this attack to a spree of pre­vi­ous tar­get­ed cam­paigns. The details of this attri­bu­tion is explained in a ded­i­cat­ed sec­tion below. We will refer to this IP address as „Com­mand & Con­trol“ (or „C&C“).

    The arti­fact is able of receiv­ing mul­ti­ple argu­ments, includ­ing ‑Si, ‑Sp, ‑Up, ‑Pp, ‑Pi and ‑SSL. Fol­low­ing are the bea­con­ing pack­ets the arti­fact will send to Com­mand & Con­trol:

    ‑Si
    00000000 2a 00 00 00 *…
    00000004 b2 23 16 85 ee 59 52 a6 79 3a 2a e2 da 11 c0 1b .#…YR. y:*…..
    00000014 de 77 ea 47 35 11 de 8a 76 1a ee 16 d9 fd 28 0d .w.G5… v…..(.

    -Sp
    00000000 22 00 00 00 „…
    00000004 90 ac c6 39 09 b6 23 72 9d 36 a6 3b 2e b7 02 ce …9..#r .6.;….
    00000014 dd 09 d4 e4 d3 e6 01 5f 6a 37 b2 39 01 b4 0a af ……._ j7.9….

    -Up
    00000000 07 00 00 00 ….
    00000004 7e e2 82 05 74 be 3f 9b 8e 6a dc 5c d1 fe 85 f7 ~…t.?. .j…..
    00000014 5f 33 26 6e 5e 62 c1 0e c0 da a3 b3 6c f9 ca 88 _3&n^b.. ….l…

    If the argu­ment ‑SSL is giv­en through com­mand-line to the arti­fact, these bea­cons will be encap­su­lat­ed in an SSL con­nec­tion and a prop­er TLS hand­shake will be ini­ti­at­ed with the C&C.

    Inter­est­ing­ly, the arti­fact bun­dles a copy of OpenSSL 1.0.1e, from Feb­ru­ary 2013, which caus­es the unusu­al­ly large size of the bina­ry. More impor­tant­ly, the Com­mand & Con­trol serv­er (176.31.112.10) also appears to be using an out­dat­ed ver­sion of OpenSSL and be vul­ner­a­ble to Heart­bleed attacks. While unlike­ly, it is worth con­sid­er­ing that the same C&C serv­er might have been the sub­ject of 3rd-par­ty attacks due to this vul­ner­a­bil­i­ty.

    ...

    Attri­bu­tion

    While attri­bu­tion of mal­ware attacks is rarely sim­ple or con­clu­sive, dur­ing the course of this inves­ti­ga­tion I uncov­ered evi­dence that sug­gests the attack­er might be affil­i­at­ed with the state-spon­sored group known as Sofa­cy Group (also known as APT28 or Oper­a­tion Pawn Storm). Although we are unable to pro­vide details in sup­port of such attri­bu­tion, pre­vi­ous work by secu­ri­ty ven­dor Fire­Eye sug­gests the group might be of Russ­ian ori­gin, how­ev­er no evi­dence allows to tie the attacks to gov­ern­ments of any par­tic­u­lar coun­try.

    Sofa­cy is a group ded­i­cat­ed to the com­pro­mise of high-pro­file tar­gets and the theft of con­fi­den­tial infor­ma­tion. They appear to have been active since 2006. They are believed to have suc­cess­ful­ly attacked the Min­istries of Inter­nal and For­eign Affairs of sev­er­al ex-Sovi­et coun­tries, as well as East­ern Euro­pean gov­ern­ments and mil­i­tary insti­tu­tions, and NATO and the White House.

    Sofa­cy is known for mak­ing exten­sive use of phish­ing attacks to lure tar­gets into reveal­ing their cre­den­tials via real­is­tic recon­struc­tion of inter­nal sys­tems, such as web­mails, as employed against the Geor­gian Min­istry of Inter­nal Affairs in the infa­mous attacks that pre­ced­ed the Geor­gian inva­sion of 2008:

    [see screen­shot of fake web­site site used against the Geor­gian Min­istry of INter­nal Affairs]

    In order to make the phish­ing attempts more cred­i­ble, Sofa­cy Group has made use of „type­squat­ting“, inten­tion­al­ly using spelling mis­takes (for exam­ple, replac­ing let­ters „i“ with „l“ and „g“ with „q“, or by adding punc­tu­a­tion) to reg­is­ter domains very sim­i­lar to the orig­i­nal legit­i­mate ones:

    While Sofa­cy is also known to use of cus­tom exploit frame­works and spear-phish­ing attacks, it is pos­si­ble in this case that they man­aged to obtain priv­i­leged cre­den­tials of net­work admin­is­tra­tors with­in the Bun­destag through the use of a phish­ing attack, which then allowed them to nav­i­gate through the net­work and gain access to more data. It is worth not­ing that short­ly before the attack, secu­ri­ty ven­dors report­ed the use of 0‑day exploits in Flash Play­er and Microsoft Win­dows by the same threat actor.

    Shared Com­mand & Con­trol infra­struc­ture

    While the arti­facts don’t appear to show attrib­ut­es use­ful for attri­bu­tion, the net­work infra­struc­ture used dur­ing the attack led instead to inter­est­ing results. Dur­ing inves­ti­ga­tion of the Com­mand & Con­trol serv­er (with IP „176.31.112.10“ hard­cod­ed in Arti­fact #2), we man­aged to iden­ti­fy some oper­a­tional mis­takes made by the attack­ers, allow­ing us to con­nect the inci­dent with attacks pre­vi­ous­ly asso­ci­at­ed with the Sofa­cy Group.

    The address, 176.31.112.10, is a ded­i­cat­ed serv­er pro­vid­ed by the French OVH host­ing com­pa­ny, but is appar­ent­ly oper­at­ed by an off­shore secure host­ing com­pa­ny called CrookServers.com and seem­ing­ly locat­ed in Pak­istan:

    Com­pa­ny Address:
    MUAnet­works
    U ashraf
    Vil­lage Kakra Town
    Mir­pur AJK
    Pak­istan

    It is com­mon for attack­ers to make use of off­shore host­ing facil­i­ties which are less like­ly to coop­er­ate with law enforce­ment on take­down requests or requests of dis­clo­sure of their cus­tomers‘ iden­ti­ty.

    Crook­Servers appears to have servers scat­tered in a num­ber of dat­a­cen­ters and ded­i­cat­ed serv­er host­ing providers around the world.

    By research­ing his­tor­i­cal data rel­e­vant to C&C 176.31.112.10, we dis­cov­ered that on Feb­ru­ary 16th 2015, the serv­er was shar­ing an SSL cer­tifi­cate with anoth­er IP address allo­cat­ed to Crook­Servers and also host­ed at OVH: „213.251.187.145“.

    The recov­ered shared SSL cer­tifi­cate, obtained by a pub­lic inter­net-wide scan­ning ini­tia­tive, at the time had the fol­low­ing attrib­ut­es:

    MD5 b84b66bcdecd4b4529014619ed649d76
    SHA1 fef1725ad72e4ef0432f8cb0cb73bf7ead339a7c
    Algo­rithm sha1WithRSAEncryption
    Self-Signed No
    Sub­ject C: GB
    L: Sal­ford
    ST: Greater Man­ches­ter
    CN: mail.mfa.gov.ua
    O: COMODO CA Lim­it­ed
    all: C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
    Limited/CN=mail.mfa.gov.ua
    Ser­i­al 16474505314457171426
    Not before 20140414083521Z
    Not after 20410830083521Z

    As shown, the cer­tifi­cate uses „mail.mfa.gov.ua“ as a Com­mon Name. This sug­gests that this cer­tifi­cate might have been pre­vi­ous­ly used for a sim­i­lar attack against the Ukrain­ian Min­istry of For­eign Affairs, or asso­ci­at­ed tar­gets, although there is no doc­u­men­ta­tion of such attack avail­able to the pub­lic.

    More impor­tant­ly, the IP address this cer­tifi­cate was shared with – 213.251.187.145 – was pre­vi­ous­ly iden­ti­fied as used by Sofa­cy Group for phish­ing attacks against Alban­ian gov­ern­ment insti­tu­tions by reg­is­ter­ing the domain „qov.al“ (notice, the let­ter „q“ instead of „g“) and cre­at­ing real­is­tic sub­do­mains to lure vic­tims into vis­it­ing. The domain was active on the IP 213.251.187.145 from July 2014 up until March 2015.

    These attacks against Alban­ian gov­ern­ment insti­tu­tions by the Sofa­cy Group were doc­u­ment­ed and report­ed by con­sul­tan­cy cor­po­rate PwC in Decem­ber 2014. It is worth not­ing that this serv­er also seems to be oper­at­ed by Crook­Servers, since among oth­er domains, 454-reverse.crookservers.net resolved to the same IP address.

    Sim­i­lar Arti­facts and root9B report

    While the evi­dence pre­sent­ed strong­ly sug­gests a con­nec­tion with the Sofa­cy Group, the arti­facts (in par­tic­u­lar Arti­fact #2) are not pub­licly rec­og­nized to be part of the more tra­di­tion­al arse­nal of these attack­ers.

    Nev­er­the­less, on May 12th 2015 (a few weeks after the attack against Bun­destag appears to have start­ed) the Amer­i­can secu­ri­ty firm root9B released a report con­tain­ing details on mal­ware sam­ples very sim­i­lar to Arti­fact #2. The report also includes a men­tion of the same IP address used as Com­mand & Con­trol serv­er in the attack against Bun­destag (176.31.112.10).

    While the report appears to con­tain numer­ous inac­cu­ra­cies, some of the indi­ca­tors of com­pro­mis­es are legit­i­mate and appear to be cor­rect­ly attrib­uted to Sofa­cy.

    Fol­low­ing are hash­es for mal­ware arti­facts show­ing very sim­i­lar attrib­ut­es to Arti­fact #2:

    566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092

    ...

    ———-

    “Dig­i­tal Attack on Ger­man Par­lia­ment: Inves­tiga­tive Report on the Hack of the Left Par­ty Infra­struc­ture in Bun­destag” by Gast­beitrag; Netzpolitik.org; 06/19/2015

    “While the evi­dence pre­sent­ed strong­ly sug­gests a con­nec­tion with the Sofa­cy Group, the arti­facts (in par­tic­u­lar Arti­fact #2) are not pub­licly rec­og­nized to be part of the more tra­di­tion­al arse­nal of these attack­ers.”

    “Arti­fact #2” — the “Xtun­nel” mal­ware with the 176.31.112[.]10 hard­cod­ed IP address — is “not pub­licly rec­og­nized to be part of the more tra­di­tion­al arse­nal of these attack­ers.” It’s all rather odd.

    And note that “XTun­nel” was ama­teur­ish and wide­ly avail­able for any hack­er:

    Counter Punch

    Did the Rus­sians Real­ly Hack the DNC?

    by Gre­go­ry Elich
    Jan­u­ary 13, 2017

    Rus­sia, we are told, breached the servers of the Demo­c­ra­t­ic Nation­al Com­mit­tee (DNC), swiped emails and oth­er doc­u­ments, and released them to the pub­lic, to alter the out­come of the U.S. pres­i­den­tial elec­tion.

    How sub­stan­tial is the evi­dence back­ing these asser­tions?

    ...

    APT28 relied on XTun­nel, repur­posed from open source code that is avail­able to any­one, to open net­work ports and siphon data. The inter­est­ing thing about the soft­ware is its fail­ure to match the lev­el of sophis­ti­ca­tion claimed for APT28. The strings in the code quite trans­par­ent­ly indi­cate its intent, with no attempt at obfus­ca­tion. [12] It seems an odd over­sight for a nation-state oper­a­tion, in which plau­si­ble deni­a­bil­i­ty would be essen­tial, to over­look that glar­ing point dur­ing soft­ware devel­op­ment.

    Com­mand-and-con­trol servers remote­ly issue mali­cious com­mands to infect­ed machines. Odd­ly, for such a key com­po­nent of the oper­a­tion, the com­mand-and-con­trol IP address in both attacks was hard-cod­ed in the mal­ware. This seems like anoth­er inex­plic­a­ble choice, giv­en that the point of an advanced per­sis­tent threat is to oper­ate for an extend­ed peri­od with­out detec­tion. A more suit­able approach would be to use a Domain Name Sys­tem (DNS) address, which is a decen­tral­ized com­put­er nam­ing sys­tem. That would pro­vide a more covert means of iden­ti­fy­ing the com­mand-and-con­trol serv­er. [13] More­over, one would expect that address to be encrypt­ed. Using a DNS address would also allow the com­mand-and-con­trol oper­a­tion to eas­i­ly move to anoth­er serv­er if its loca­tion is detect­ed, with­out the need to mod­i­fy and rein­stall the code.

    One of the IP address­es is claimed to be a “well-known APT 28” com­mand-and-con­trol address, while the sec­ond is said to be linked to Russ­ian mil­i­tary intel­li­gence. [14] The first address points to a serv­er locat­ed in San Jose, Cal­i­for­nia, and is oper­at­ed by a serv­er host­ing ser­vice. [15] The sec­ond serv­er is sit­u­at­ed in Paris, France, and owned by anoth­er serv­er host­ing ser­vice. [16] Clear­ly, these are servers that have been com­pro­mised by hack­ers. It is cus­tom­ary for hack­ers to route their attacks through vul­ner­a­ble com­put­ers. The IP address­es of com­pro­mised com­put­ers are wide­ly avail­able on the Deep Web, and typ­i­cal­ly a hacked serv­er will be used by mul­ti­ple threat actors. These two par­tic­u­lar servers may or may not have been reg­u­lar­ly uti­lized by Russ­ian Intel­li­gence, but they were not unique­ly so used. Almost cer­tain­ly, many oth­er hack­ers would have used the same machines, and it can­not be said that these IP address­es unique­ly iden­ti­fy an infil­tra­tor. Indeed, the sec­ond IP address is asso­ci­at­ed with the com­mon Tro­jan virus­es Agent-APPR and Shun­nael. [17]

    “Every­one is focused on attri­bu­tion, but we may be miss­ing the big­ger truth,” says Joshua Cro­man, Direc­tor of the Cyber State­craft Ini­tia­tive at the Atlantic Coun­cil. “[T]he lev­el of sophis­ti­ca­tion required to do this hack was so low that near­ly any­one could do it.” [18]

    ...

    ———-

    “Did the Rus­sians Real­ly Hack the DNC?” by Gre­go­ry Elich; Counter Punch; 01/13/2017

    APT28 relied on XTun­nel, repur­posed from open source code that is avail­able to any­one, to open net­work ports and siphon data. The inter­est­ing thing about the soft­ware is its fail­ure to match the lev­el of sophis­ti­ca­tion claimed for APT28. The strings in the code quite trans­par­ent­ly indi­cate its intent, with no attempt at obfus­ca­tion. [12] It seems an odd over­sight for a nation-state oper­a­tion, in which plau­si­ble deni­a­bil­i­ty would be essen­tial, to over­look that glar­ing point dur­ing soft­ware devel­op­ment.”

    So if “APT28” did the Bun­destag hack, they sud­den­ly changed their behav­ior by using unso­phis­ti­cat­ed code com­mu­ni­cat­ing with a serv­er that had been open to 3rd par­ty hijack­ing for well over a year. Pret­ty odd!

    And note in the June 2015 netzpolitik.org how that same 176.31.112.10 had pre­vi­ous­ly been attrib­uted to Sofacy/APT28/Fancy Bear by the cyber­se­cu­ri­ty firm root98. And report with an abun­dance of flaws:

    ...
    Sim­i­lar Arti­facts and root9B report

    While the evi­dence pre­sent­ed strong­ly sug­gests a con­nec­tion with the Sofa­cy Group, the arti­facts (in par­tic­u­lar Arti­fact #2) are not pub­licly rec­og­nized to be part of the more tra­di­tion­al arse­nal of these attack­ers.

    Nev­er­the­less, on May 12th 2015 (a few weeks after the attack against Bun­destag appears to have start­ed) the Amer­i­can secu­ri­ty firm root9B released a report con­tain­ing details on mal­ware sam­ples very sim­i­lar to Arti­fact #2. The report also includes a men­tion of the same IP address used as Com­mand & Con­trol serv­er in the attack against Bun­destag (176.31.112.10).

    While the report appears to con­tain numer­ous inac­cu­ra­cies, some of the indi­ca­tors of com­pro­mis­es are legit­i­mate and appear to be cor­rect­ly attrib­uted to Sofa­cy.
    ...

    While the report appears to con­tain numer­ous inac­cu­ra­cies, some of the indi­ca­tors of com­pro­mis­es are legit­i­mate and appear to be cor­rect­ly attrib­uted to Sofa­cy.”

    Yep, just weeks after the Bun­destag hack, a real­ly flawed report from root98 claimed to asso­ci­at­ed that same com­mand & con­trol serv­er with Sofa­cy. And while the netzpolitik.org arti­cle described the report as large­ly cor­rect despite the inac­cu­ra­cies, oth­er experts weren’t so impressed:

    Krebs on Secu­ri­ty

    Secu­ri­ty Firm Rede­fines APT: African Phish­ing Threat

    Bri­an Krebs
    May 20, 2015

    A secu­ri­ty firm made head­lines ear­li­er this month when it boast­ed it had thwart­ed plans by orga­nized Russ­ian cyber crim­i­nals to launch an attack against mul­ti­ple US-based banks. But a clos­er look at the details behind that report sug­gests the actors in ques­tion were rel­a­tive­ly unso­phis­ti­cat­ed Niger­ian phish­ers who’d sim­ply reg­is­tered a bunch of new fake bank Web sites.

    The report was released by Col­orado Springs, Colo.-based secu­ri­ty ven­dor root9B, which touts a num­ber of for­mer Nation­al Secu­ri­ty Agency (NSA) and Depart­ment of Defense cyber­se­cu­ri­ty experts among its ranks. The report attract­ed cov­er­age by mul­ti­ple media out­lets, includ­ing, Fox News, Politi­co, SC Mag­a­zine and The Hill. root9B said it had unearthed plans by a Russ­ian hack­ing gang known var­i­ous­ly as the Sofa­cy Group and APT28. APT is short for “advanced per­sis­tent threat,” and it’s a term much used among com­pa­nies that sell cyber­se­cu­ri­ty ser­vices in response to breach­es from state-fund­ed adver­saries in Chi­na and Rus­sia that are bent on steal­ing trade secrets via extreme­ly stealthy attacks.

    “While per­form­ing sur­veil­lance for a root9B client, the com­pa­ny dis­cov­ered mal­ware gen­er­al­ly asso­ci­at­ed with nation state attacks,” root9B CEO Eric Hip­kins wrote of the scheme, which he said was tar­get­ed finan­cial insti­tu­tions such as Bank of Amer­i­ca, Regions Bank and TD Bank, among oth­ers.

    “It is the first instance of a Sofa­cy or oth­er attack being dis­cov­ered, iden­ti­fied and report­ed before an attack occurred,” Hip­kins said. “Our team did an amaz­ing job of uncov­er­ing what could have been a sig­nif­i­cant event for the inter­na­tion­al bank­ing com­mu­ni­ty. We’ve spent the past three days inform­ing the prop­er author­i­ties in Wash­ing­ton and the UAE, as well as the CISOs at the finan­cial orga­ni­za­tions.”

    How­ev­er, accord­ing to an analy­sis of the domains report­ed­ly used by the crim­i­nals in the planned attack, per­haps root9B should clar­i­fy what it means by APT. Unless the com­pa­ny is hold­ing back key details about their research, their def­i­n­i­tion of APT can more accu­rate­ly be described as “African Phish­ing Threat.”

    The report cor­rect­ly iden­ti­fies sev­er­al key email address­es and phys­i­cal address­es that the fraud­sters used in com­mon across all of the fake bank domains. But root9B appears to have scant evi­dence con­nect­ing the individual(s) who reg­is­tered those domains to the Sofa­cy APT gang. Indeed, a read­ing of their analy­sis sug­gests their sole con­nec­tion is that some of the fake bank domains used a domain name serv­er pre­vi­ous­ly asso­ci­at­ed with Sofa­cy activ­i­ty: carbon2u[dot]com (warn­ing: mali­cious host that will like­ly set off antivirus alerts).

    The prob­lem with that link­age is although carbon2u[dot]com was in fact at one time asso­ci­at­ed with activ­i­ty ema­nat­ing from the Sofa­cy APT group, Sofa­cy is hard­ly the only bad actor using that dodgy name serv­er. There is plen­ty of oth­er bad­ness unre­lat­ed to Sofa­cy that calls Carbon2u home for their DNS oper­a­tions, includ­ing these clowns.

    From what I can tell, the vast major­i­ty of the report doc­u­ments activ­i­ty stem­ming from Niger­ian scam­mers who have been con­duct­ing run-of-the-mill bank phish­ing scams for almost a decade now and have left quite a trail.

    For exam­ple, most of the wordage in this report from root9B dis­cuss­es fake domains reg­is­tered to a hand­ful of email address­es, includ­ing “adeweb2001@yahoo.com,” adeweb2007@yahoo.com,” and “rolexzad@yahoo.com”.

    Each of these emails have long been asso­ci­at­ed with phish­ing sites erect­ed by appar­ent Niger­ian scam­mers. They are tied to this Face­book pro­file for a Showun­mi Oluwase­un, who lists his job as CEO of a rather fishy-sound­ing orga­ni­za­tion called Rolexzad Fish­ery Nig. Ltd.

    The domain rolexad[dot]com was flagged as ear­ly as 2008 by aa419.org, a vol­un­teer group that seeks to shut down phish­ing sites — par­tic­u­lar­ly those ema­nat­ing from Niger­ian scam­mers (hence the ref­er­ence to the Niger­ian crim­i­nal code 419, which out­laws var­i­ous con­fi­dence scams and frauds). That domain also ref­er­ences the above-men­tioned email address­es. Here’s anoth­er phishy bank domain reg­is­tered by this same scam­mer, dat­ing all the way back to 2005!

    ...

    I want­ed to know if I was alone in find­ing fault with the root9B report, so I reached out to Jaime Blas­co, vice pres­i­dent and chief sci­en­tist at Alien­Vault — one of the secu­ri­ty firms that first pub­lished the ini­tial find­ings on the Sofacy/APT28 group back in Octo­ber 2014. Blas­co called the root9B research “very poor” (full dis­clo­sure: Alien­Vault is one of sev­er­al adver­tis­ers on this blog).

    “Actu­al­ly, there isn’t a link between what root9B pub­lished and Sofa­cy activ­i­ty,” he said. “The only link is there was a DNS serv­er that was used by a Sofa­cy domain and the bank­ing stuff root9B pub­lished. It doesn’t mean they are relat­ed by any means. I’m real­ly sur­prised that it got a lot of media atten­tion due to the poor research they did, and [their use] of [terms] like ‘zero­day hash­es’ in the report real­ly blew my mind. Apart from that it real­ly looks like a ‘mar­ket­ing report/we want media cov­er­age asap,’ since days after that report they pub­lished their Q1 finan­cial results and prob­a­bly that increased the val­ue of their pen­ny stocks.”

    Blasco’s com­ments may sound harsh, but it is true that root9B Chair­man Joe Gra­no bought large quan­ti­ties of the firm’s stock rough­ly a week before issu­ing this report. On May 14, 2015, root9B issued its first quar­ter 2015 finan­cial results.

    There is an old adage: If the only tool you have is a ham­mer, you tend to treat every­thing as if it were a nail. In this case, if all you do is APT research, then you’ll like­ly see APT actors every­where you look.

    ———-

    “Secu­ri­ty Firm Rede­fines APT: African Phish­ing Threat” by Bri­an Krebs; Krebs on Secu­ri­ty; 05/20/2015

    “How­ev­er, accord­ing to an analy­sis of the domains report­ed­ly used by the crim­i­nals in the planned attack, per­haps root9B should clar­i­fy what it means by APT. Unless the com­pa­ny is hold­ing back key details about their research, their def­i­n­i­tion of APT can more accu­rate­ly be described as “African Phish­ing Threat.”

    As far as Bri­an Krebs can tell, root98’s attri­bu­tion to Sofacy/APT28/Fancy Bear of a par­tic­u­lar loom­ing attack on one of their clients (a pre­emp­tive defense) was based on some shared domain name serv­er between past hacks attrib­uted to Sofa­cy and the hack­ers they were observ­ing on their clien­t’s sys­tems. And as Kre­b’s point out, that shared domain name serv­er had plen­ty of oth­er ‘bad­ness’ asso­ci­at­ed with it. Includ­ing Niger­ian phish­ing scam­mers:

    ...
    The report cor­rect­ly iden­ti­fies sev­er­al key email address­es and phys­i­cal address­es that the fraud­sters used in com­mon across all of the fake bank domains. But root9B appears to have scant evi­dence con­nect­ing the individual(s) who reg­is­tered those domains to the Sofa­cy APT gang. Indeed, a read­ing of their analy­sis sug­gests their sole con­nec­tion is that some of the fake bank domains used a domain name serv­er pre­vi­ous­ly asso­ci­at­ed with Sofa­cy activ­i­ty: carbon2u[dot]com (warn­ing: mali­cious host that will like­ly set off antivirus alerts).

    The prob­lem with that link­age is although carbon2u[dot]com was in fact at one time asso­ci­at­ed with activ­i­ty ema­nat­ing from the Sofa­cy APT group, Sofa­cy is hard­ly the only bad actor using that dodgy name serv­er. There is plen­ty of oth­er bad­ness unre­lat­ed to Sofa­cy that calls Carbon2u home for their DNS oper­a­tions, includ­ing these clowns.

    From what I can tell, the vast major­i­ty of the report doc­u­ments activ­i­ty stem­ming from Niger­ian scam­mers who have been con­duct­ing run-of-the-mill bank phish­ing scams for almost a decade now and have left quite a trail.
    ...

    Were the hack­ers root98 iden­ti­fied as ‘Sopha­cy’ just a bunch of Niger­ian scam­mers? Or per­haps hack­ers that uti­lized some of the same infra­struc­ture, like domain name servers, with Niger­ian scan­ners? That’s the con­clu­sion Bri­an Krebs and oth­ers arrived at after read­ing the report.

    And if you down­load the report (avail­able here, although be sure to only click the green “Down­load” but­ton and not all the ads that are try­ing to get you to down­load freeware/spyware) you will find them ref­er­enc­ing that same 176.31.112.10 IP address as the com­mand & con­trol serv­er they attribute to Sofacy/APT28/Fance Bear. It’s just one more exam­ple of how that 176.31.112.10 serv­er keeps get­ting attribute to APT28 on rather ques­tion­able grounds.

    Now, it’s entire­ly pos­si­ble that a Russ­ian hack­ing group APT28 was oper­at­ing the 176.31.112.10 and run­ning all sorts of hack­ing cam­paigns from it. But the point is that tech­ni­cal indi­ca­tors used to attribute a hack to that group aren’t exact­ly com­pelling. Espe­cial­ly when that serv­er is open to the Heart­bleed attack. And espe­cial­ly when that server’s vul­ner­a­bil­i­ty to the Heart­bleed attack is pub­lished for the world to read about. And in the case of the DNC serv­er hack in the fall of 2015, that vul­ner­a­bil­i­ty was pub­lished. It was known.

    But even for the Bun­destag hack, which hap­pened before that Heart­bleed vul­ner­a­bil­i­ty was pub­lished for that spe­cif­ic serv­er, it’s not like there were hack­ing groups sys­tem­at­i­cal­ly scan­ning the inter­net look­ing for vul­ner­a­ble servers. And as we saw in the netzpolitik.org arti­cle, the Bun­destag hack­’s use of the rel­a­tive­ly unso­phis­ti­cat­ed “XTun­nel” mal­ware and the hard­cod­ed IP address were not ‘arti­facts’ pre­vi­ous­ly asso­ci­at­ed with APT28.

    Sure, it’s pos­si­ble that a Russ­ian gov­ern­ment hack­ing group is inten­tion­al­ly using unso­phis­ti­cat­ed mal­ware for some mys­te­ri­ous rea­son that does­n’t hide what its doing and hard codes the IP address to the com­mand & con­trol serv­er that’s vul­ner­a­ble to a Heart­bleed attack. It’s pos­si­ble. It’s just very pos­si­ble that it was some­one else. For both the DNC hack and the Bun­destag hack, which is a pret­ty big deal with it comes to the busi­ness of attri­bu­tion. Espe­cial­ly when the attri­bu­tion of the DNC hack refers to the attri­bu­tion of the Bun­destag hack.

    Posted by Pterrafractyl | July 18, 2017, 8:24 pm
  7. Uhhhh....so Don­ald Trump is now tweet­ing about his “com­plete pow­er to par­don”. Seri­ous­ly, he’s actu­al­ly tweet­ing about it:

    Talk­ing Points Memo
    Livewire

    Trump Asserts His ‘Com­plete Pow­er’ To Par­don

    By Cristi­na Cabr­era Pub­lished July 22, 2017 11:07 am

    Pres­i­dent Don­ald Trump fired up his Twit­ter on Sat­ur­day morn­ing to claim his “com­plete pow­er to par­don” fol­low­ing reports that he had been ask­ing about being able to par­don his friends, fam­i­ly, and him­self in con­nec­tion to the Rus­sia probe.

    ...

    While all agree the U. S. Pres­i­dent has the com­plete pow­er to par­don, why think of that when only crime so far is LEAKS against us.FAKE NEWS— Don­ald J. Trump (@realDonaldTrump) July 22, 2017

    Talks of par­dons arose with addi­tion­al reports of Trump’s legal team try­ing to find ways to under­mine spe­cial coun­sel Robert Mueller’s inves­ti­ga­tion into pos­si­ble col­lu­sion between Rus­sia and the Trump cam­paign.

    Trump’s lack of con­trol over the probe has report­ed­ly prompt­ed him and his legal team to dig up rea­sons to dis­cred­it or pos­si­bly even fire Mueller.

    ——–

    “Trump Asserts His ‘Com­plete Pow­er’ To Par­don” by Cristi­na Cabr­era; Talk­ing Points Memo; 07/22/2017

    “While all agree the U. S. Pres­i­dent has the com­plete pow­er to par­don, why think of that when only crime so far is LEAKS against us.FAKE NEWS— Don­ald J. Trump (@realDonaldTrump) July 22, 2017

    We’ve crossed the Rubi­con. Via Twit­ter. Maybe. We’ll see. It sort of depend on how the US col­lec­tive­ly responds to a pres­i­dent act­ing as guilty as he pos­si­bly could.

    And while this behav­ior is no doubt going to be seen as an admis­sion that ALL of the sus­pi­cions relat­ed to Russ­ian inter­fer­ence in the US elec­tion is true, it’s impor­tant to keep in mind what events pre­ced­ed this sud­den par­don talk. It was­n’t the inves­ti­ga­tion in the 2016 elec­tion hacks. It’s the talk that Spe­cial Coun­sel Robert Mueller is going to be look­ing into Trump’s long and shady busi­ness his­to­ry with Russ­ian oli­garchs and mob­sters. A his­to­ry that appears to involve using Trump prop­er­ties as mon­ey-laun­der­ing vehi­cles. Once Trump got wind that that whole his­to­ry was going to become part of the Russ­ian col­lu­sion probe, that’s when we start­ed get­ting reports about Trump’s sud­den inter­est in par­dons.

    And this is all part of why it’s so impor­tant to rec­og­nize all the var­i­ous­ly clues that point towards the 2016 hacks being done by some­one try­ing to leave “I’m a Russ­ian hack­er!” clues and, in the case of the APT28/Fancy Bear hacks, being done by some­one using a hacked a serv­er that had been pre­vi­ous­ly iden­ti­fied as an APT28 serv­er. Because while it’s entire­ly plau­si­ble that some­one — like maybe neo-Nazi hack­er Andrew Auern­heimer or maybe some­one Roger Stone del­e­gat­ed to car­ry out the hacks — who want­ed to help the Trump cam­paign, but who was­n’t famil­iar with his exten­sive his­to­ry deal­ing with shady Russ­ian mob­ster char­ac­ters, would have thought it was a good idea to car­ry out a hack and make it look like some Rus­sians did it, it’s a lot hard­er to imag­ine that actu­al Russ­ian gov­ern­ment or Russ­ian under­world fig­ures would have done the same thing. Even if the Russ­ian gov­ern­ment and mob want­ed to help Don­ald Trump win. Because as the fol­low­ing piece by Craig Unger exten­sive­ly doc­u­ments, if there was one area of Don­ald Trump’s past he real­ly would­n’t want to draw atten­tion to when run­ning for pub­lic office, that would be his his­to­ry as a Russ­ian mon­ey laun­dro­mat. And the Rus­sians using his laun­dro­mat ser­vices pre­sum­ably would­n’t be super hap­py to draw atten­tion to this either:

    The New Repub­lic

    Trump’s Russ­ian Laun­dro­mat
    How to use Trump Tow­er and oth­er lux­u­ry high-ris­es to clean dirty mon­ey, run an inter­na­tion­al crime syn­di­cate, and pro­pel a failed real estate devel­op­er into the White House.

    By Craig Unger
    July 13, 2017

    In 1984, a Russ­ian émi­gré named David Bogatin went shop­ping for apart­ments in New York City. The 38-year-old had arrived in Amer­i­ca sev­en years before, with just $3 in his pock­et. But for a for­mer pilot in the Sovi­et Army—his spe­cial­ty had been shoot­ing down Amer­i­cans over North Vietnam—he had clear­ly done quite well for him­self. Bogatin wasn’t hunt­ing for a place in Brighton Beach, the Brook­lyn enclave known as “Lit­tle Odessa” for its large pop­u­la­tion of immi­grants from the Sovi­et Union. Instead, he was fix­at­ed on the glitzi­est apart­ment build­ing on Fifth Avenue, a gaudy, 58-sto­ry edi­fice with gold-plat­ed fix­tures and a pink-mar­ble atri­um: Trump Tow­er.

    A mon­u­ment to celebri­ty and con­spic­u­ous con­sump­tion, the tow­er was home to the likes of John­ny Car­son, Steven Spiel­berg, and Sophia Loren. Its brash, 38-year-old devel­op­er was some­thing of a tabloid celebri­ty him­self. Don­ald Trump was just com­ing into his own as a seri­ous play­er in Man­hat­tan real estate, and Trump Tow­er was the crown jew­el of his grow­ing empire. From the day it opened, the build­ing was a hit—all but a few dozen of its 263 units had sold in the first few months. But Bogatin wasn’t deterred by the lim­it­ed avail­abil­i­ty or the sky-high prices. The Russ­ian plunked down $6 mil­lion to buy not one or two, but five lux­u­ry con­dos. The big check appar­ent­ly caught the atten­tion of the own­er. Accord­ing to Wayne Bar­rett, who inves­ti­gat­ed the deal for the Vil­lage Voice, Trump per­son­al­ly attend­ed the clos­ing, along with Bogatin.

    If the trans­ac­tion seemed suspicious—multiple apart­ments for a sin­gle buy­er who appeared to have no legit­i­mate way to put his hands on that much money—there may have been a rea­son. At the time, Russ­ian mob­sters were begin­ning to invest in high-end real estate, which offered an ide­al vehi­cle to laun­der mon­ey from their crim­i­nal enter­pris­es. “Dur­ing the ’80s and ’90s, we in the U.S. gov­ern­ment repeat­ed­ly saw a pat­tern by which crim­i­nals would use con­dos and high-ris­es to laun­der mon­ey,” says Jonathan Win­er, a deputy assis­tant sec­re­tary of state for inter­na­tion­al law enforce­ment in the Clin­ton admin­is­tra­tion. “It didn’t mat­ter that you paid too much, because the real estate val­ues would rise, and it was a way of turn­ing dirty mon­ey into clean mon­ey. It was done very sys­tem­at­i­cal­ly, and it explained why there are so many high-ris­es where the units were sold but no one is liv­ing in them.”When Trump Tow­er was built, as David Cay John­ston reports in The Mak­ing of Don­ald Trump, it was only the sec­ond high-rise in New York that accept­ed anony­mous buy­ers.

    In 1987, just three years after he attend­ed the clos­ing with Trump, Bogatin plead­ed guilty to tak­ing part in a mas­sive gaso­line-boot­leg­ging scheme with Russ­ian mob­sters. After he fled the coun­try, the gov­ern­ment seized his five con­dos at Trump Tow­er, say­ing that he had pur­chased them to “laun­der mon­ey, to shel­ter and hide assets.” A Sen­ate inves­ti­ga­tion into orga­nized crime lat­er revealed that Bogatin was a lead­ing fig­ure in the Russ­ian mob in New York. His fam­i­ly ties, in fact, led straight to the top: His broth­er ran a $150 mil­lion stock scam with none oth­er than Semi­on Mogile­vich, whom the FBI con­sid­ers the “boss of boss­es” of the Russ­ian mafia. At the time, Mogilevich—feared even by his fel­low gang­sters as “the most pow­er­ful mob­ster in the world”—was expand­ing his multi­bil­lion-dol­lar inter­na­tion­al crim­i­nal syn­di­cate into Amer­i­ca.

    Since Trump’s elec­tion as pres­i­dent, his ties to Rus­sia have become the focus of intense scruti­ny, most of which has cen­tered on whether his inner cir­cle col­lud­ed with Rus­sia to sub­vert the U.S. elec­tion. A grow­ing cho­rus in Con­gress is also ask­ing point­ed ques­tions about how the pres­i­dent built his busi­ness empire. Rep. Adam Schiff, the rank­ing Demo­c­rat on the House Intel­li­gence Com­mit­tee, has called for a deep­er inquiry into “Russ­ian invest­ment in Trump’s busi­ness­es and prop­er­ties.”

    The very nature of Trump’s businesses—all of which are pri­vate­ly held, with few report­ing requirements—makes it dif­fi­cult to root out the truth about his finan­cial deals. And the world of Russ­ian oli­garchs and orga­nized crime, by design, is shad­owy and labyrinthine. For the past three decades, state and fed­er­al inves­ti­ga­tors, as well as some of America’s best inves­tiga­tive jour­nal­ists, have sift­ed through moun­tains of real estate records, tax fil­ings, civ­il law­suits, crim­i­nal cas­es, and FBI and Inter­pol reports, unearthing ties between Trump and Russ­ian mob­sters like Mogile­vich. To date, no one has doc­u­ment­ed that Trump was even aware of any sus­pi­cious entan­gle­ments in his far-flung busi­ness­es, let alone that he was direct­ly com­pro­mised by the Russ­ian mafia or the cor­rupt oli­garchs who are close­ly allied with the Krem­lin. So far, when it comes to Trump’s ties to Rus­sia, there is no smok­ing gun.

    But even with­out an inves­ti­ga­tion by Con­gress or a spe­cial pros­e­cu­tor, there is much we already know about the president’s debt to Rus­sia. A review of the pub­lic record reveals a clear and dis­turb­ing pat­tern: Trump owes much of his busi­ness suc­cess, and by exten­sion his pres­i­den­cy, to a flow of high­ly sus­pi­cious mon­ey from Rus­sia. Over the past three decades, at least 13 peo­ple with known or alleged links to Russ­ian mob­sters or oli­garchs have owned, lived in, and even run crim­i­nal activ­i­ties out of Trump Tow­er and oth­er Trump prop­er­ties. Many used his apart­ments and casi­nos to laun­der untold mil­lions in dirty mon­ey. Some ran a world­wide high-stakes gam­bling ring out of Trump Tower—in a unit direct­ly below one owned by Trump. Oth­ers pro­vid­ed Trump with lucra­tive brand­ing deals that required no invest­ment on his part. Tak­en togeth­er, the flow of mon­ey from Rus­sia pro­vid­ed Trump with a cru­cial infu­sion of financ­ing that helped res­cue his empire from ruin, bur­nish his image, and launch his career in tele­vi­sion and pol­i­tics. “They saved his bacon,” says Ken­neth McCal­lion, a for­mer assis­tant U.S. attor­ney in the Rea­gan admin­is­tra­tion who inves­ti­gat­ed ties between orga­nized crime and Trump’s devel­op­ments in the 1980s.

    It’s entire­ly pos­si­ble that Trump was nev­er more than a con­ve­nient pat­sy for Russ­ian oli­garchs and mob­sters, with his casi­nos and con­dos pro­vid­ing easy pass-throughs for their illic­it rich­es. At the very least, with his con­stant need for new infu­sions of cash and his well-doc­u­ment­ed trou­bles with cred­i­tors, Trump made an easy “mark” for any­one look­ing to laun­der mon­ey. But what­ev­er his knowl­edge about the source of his wealth, the pub­lic record makes clear that Trump built his busi­ness empire in no small part with a lot of dirty mon­ey from a lot of dirty Russians—including the dirt­i­est and most feared of them all.

    Trump made his first trip to Rus­sia in 1987, only a few years before the col­lapse of the Sovi­et Union. Invit­ed by Sovi­et Ambas­sador Yuri Dubinin, Trump was flown to Moscow and Leningrad—all expens­es paid—to talk busi­ness with high-ups in the Sovi­et com­mand. In The Art of the Deal, Trump recount­ed the lunch meet­ing with Dubinin that led to the trip. “One thing led to anoth­er,” he wrote, “and now I’m talk­ing about build­ing a large lux­u­ry hotel, across the street from the Krem­lin, in part­ner­ship with the Sovi­et gov­ern­ment.”

    Over the years, Trump and his sons would try and fail five times to build a new Trump Tow­er in Moscow. But for Trump, what mat­tered most were the lucra­tive con­nec­tions he had begun to make with the Kremlin—and with the wealthy Rus­sians who would buy so many of his prop­er­ties in the years to come. “Rus­sians make up a pret­ty dis­pro­por­tion­ate cross sec­tion of a lot of our assets,” Don­ald Trump Jr. boast­ed at a real estate con­fer­ence in 2008. “We see a lot of mon­ey pour­ing in from Rus­sia.”

    The mon­ey, illic­it and oth­er­wise, began to rain in earnest after the Sovi­et Union fell in 1991. Pres­i­dent Boris Yeltsin’s shift to a mar­ket econ­o­my was so abrupt that cash-rich gang­sters and cor­rupt gov­ern­ment offi­cials were able to pri­va­tize and loot state-held assets in oil, coal, min­er­als, and bank­ing. Yeltsin him­self, in fact, would lat­er describe Rus­sia as “the biggest mafia state in the world.” After Vladimir Putin suc­ceed­ed Yeltsin as pres­i­dent, Russ­ian intel­li­gence effec­tive­ly joined forces with the country’s mob­sters and oli­garchs, allow­ing them to oper­ate freely as long as they strength­en Putin’s pow­er and serve his per­son­al finan­cial inter­ests. Accord­ing to James Hen­ry, a for­mer chief econ­o­mist at McK­in­sey & Com­pa­ny who con­sult­ed on the Pana­ma Papers, some $1.3 tril­lion in illic­it cap­i­tal has poured out of Rus­sia since the 1990s.

    At the top of the sprawl­ing crim­i­nal enter­prise was Semi­on Mogile­vich. Begin­ning in the ear­ly 1980s, accord­ing to the FBI, the short, squat Ukrain­ian was the key mon­ey-laun­der­ing con­tact for the Sol­nt­sevskaya Brat­va, or Broth­er­hood, one of the rich­est crim­i­nal syn­di­cates in the world. Before long, he was run­ning a multi­bil­lion-dol­lar world­wide rack­et of his own. Mogile­vich wasn’t feared because he was the most vio­lent gang­ster, but because he was reput­ed­ly the smartest. The FBI has cred­it­ed the “brainy don,” who holds a degree in eco­nom­ics from Lviv Uni­ver­si­ty, with a stag­ger­ing range of crimes. He ran drug traf­fick­ing and pros­ti­tu­tion rings on an inter­na­tion­al scale; in one char­ac­ter­is­tic deal, he bought a bank­rupt air­line to ship hero­in from South­east Asia into Europe. He used a jew­el­ry busi­ness in Moscow and Budapest as a front for art that Russ­ian gang­sters stole from muse­ums, church­es, and syn­a­gogues all over Europe. He has also been accused of sell­ing some $20 mil­lion in stolen weapons, includ­ing ground-to-air mis­siles and armored troop car­ri­ers, to Iran. “He uses this wealth and pow­er to not only fur­ther his crim­i­nal enter­pris­es,” the FBI says, “but to influ­ence gov­ern­ments and their economies.”

    ...

    Mogilevich’s great­est tal­ent, the one that places him at the top of the Russ­ian mob, is find­ing cre­ative ways to cleanse dirty cash. Accord­ing to the FBI, he has laun­dered mon­ey through more than 100 front com­pa­nies around the world, and held bank accounts in at least 27 coun­tries. And in 1991, he made a move that led direct­ly to Trump Tow­er. That year, the FBI says, Mogile­vich paid a Russ­ian judge to spring a fel­low mob boss, Vyachel­sav Kir­illovich Ivankov, from a Siber­ian gulag. If Mogile­vich was the brains, Ivankov was the enforcer—a vor v zakone, or “made man,” infa­mous for tor­tur­ing his vic­tims and boast­ing about the mur­ders he had arranged. Sprung by Mogile­vich, Ivankov made the most of his free­dom. In 1992, a year after he was released from prison, he head­ed to New York on an ille­gal busi­ness visa and pro­ceed­ed to set up shop in Brighton Beach.

    In Red Mafiya, his book about the rise of the Russ­ian mob in Amer­i­ca, inves­tiga­tive reporter Robert I. Fried­man doc­u­ment­ed how Ivankov orga­nized a lurid and vio­lent under­world of tat­tooed gang­sters. When Ivankov touched down at JFK, Fried­man report­ed, he was met by a fel­low vor, who hand­ed him a suit­case with $1.5 mil­lion in cash. Over the next three years, Ivankov over­saw the mob’s growth from a local extor­tion rack­et to a multi­bil­lion-dol­lar crim­i­nal enter­prise. Accord­ing to the FBI, he recruit­ed two “com­bat brigades” of Spe­cial Forces vet­er­ans from the Sovi­et war in Afghanistan to run the mafia’s pro­tec­tion rack­et and kill his ene­mies.

    Like Mogile­vich, Ivankov had a lot of dirty mon­ey he need­ed to clean up. He bought a Rolls-Royce deal­er­ship that was used, accord­ing to The New York Times, “as a front to laun­der crim­i­nal pro­ceeds.” The FBI con­clud­ed that one of Ivankov’s part­ners in the oper­a­tion was Felix Komarov, an upscale art deal­er who lived in Trump Plaza on Third Avenue. Komarov, who was not charged in the case, called the alle­ga­tions base­less. He acknowl­edged that he had fre­quent phone con­ver­sa­tions with Ivankov, but insist­ed the exchanges were inno­cent. “I had no rea­son not to call him,” Komarov told a reporter.

    The feds want­ed to arrest Ivankov, but he kept van­ish­ing. “He was like a ghost to the FBI,” one agent recalls. Agents spot­ted him meet­ing with oth­er Russ­ian crime fig­ures in Mia­mi, Los Ange­les, Boston, and Toron­to. They also found he made fre­quent vis­its to Trump Taj Mahal in Atlantic City, which mob­sters rou­tine­ly used to laun­der huge sums of mon­ey. In 2015, the Taj Mahal was fined $10 million—the high­est penal­ty ever levied by the feds against a casino—and admit­ted to hav­ing “will­ful­ly vio­lat­ed” anti-mon­ey-laun­der­ing reg­u­la­tions for years.

    The FBI also strug­gled to fig­ure out where Ivankov lived. “We were look­ing around, look­ing around, look­ing around,” James Moody, chief of the bureau’s orga­nized crime sec­tion, told Fried­man. “We had to go out and real­ly beat the bush­es. And then we found out that he was liv­ing in a lux­u­ry con­do in Trump Tow­er.”

    There is no evi­dence that Trump knew Ivankov per­son­al­ly, even if they were neigh­bors. But the fact that a top Russ­ian mafia boss lived and worked in Trump’s own build­ing indi­cates just how much high-lev­el Russ­ian mob­sters came to view the future president’s prop­er­ties as a home away from home. In 2009, after being extra­dit­ed to Rus­sia to face mur­der charges, Ivankov was gunned down in a sniper attack on the streets of Moscow. Accord­ing to The Moscow Times, his funer­al was a media spec­ta­cle in Rus­sia, attract­ing “1,000 peo­ple wear­ing black leather jack­ets, sun­glass­es, and gold chains,” along with dozens of giant wreaths from the var­i­ous broth­er­hoods.

    Through­out the 1990s, untold mil­lions from the for­mer Sovi­et Union flowed into Trump’s lux­u­ry devel­op­ments and Atlantic City casi­nos. But all the mon­ey wasn’t enough to save Trump from his own fail­ings as a busi­ness­man. He owed $4 bil­lion to more than 70 banks, with a mind-bog­gling $800 mil­lion of it per­son­al­ly guar­an­teed. He spent much of the decade mired in lit­i­ga­tion, fil­ing for mul­ti­ple bank­rupt­cies and scram­bling to sur­vive. For most devel­op­ers, the sit­u­a­tion would have spelled finan­cial ruin. But for­tu­nate­ly for Trump, his own eco­nom­ic cri­sis coin­cid­ed with one in Rus­sia.

    In 1998, Rus­sia default­ed on $40 bil­lion in debt, caus­ing the ruble to plum­met and Russ­ian banks to close. The ensu­ing finan­cial pan­ic sent the country’s oli­garchs and mob­sters scram­bling to find a safe place to put their mon­ey. That Octo­ber, just two months after the Russ­ian econ­o­my went into a tail­spin, Trump broke ground on his biggest project yet. Ris­ing to 72 sto­ries in mid­town Man­hat­tan, Trump World Tow­er would be the tallest res­i­den­tial build­ing on the plan­et. Con­struc­tion got under­way in 1999—just as Trump was prepar­ing his first run for the pres­i­den­cy on the Reform Par­ty tick­et— and con­clud­ed in 2001. As Bloomberg Busi­ness­week report­ed ear­li­er this year, it wasn’t long before one-third of the units on the tower’s prici­est floors had been snatched up—either by indi­vid­ual buy­ers from the for­mer Sovi­et Union, or by lim­it­ed lia­bil­i­ty com­pa­nies con­nect­ed to Rus­sia. “We had big buy­ers from Rus­sia and Ukraine and Kaza­khstan,” sales agent Debra Stotts told Bloomberg.

    Among the new ten­ants was Eduard Nek­talov, a dia­mond deal­er from Uzbek­istan. Nek­talov, who was being inves­ti­gat­ed by a Trea­sury Depart­ment task force for mob-con­nect­ed mon­ey laun­der­ing, bought a con­do on the sev­en­ty-ninth floor, direct­ly below Trump’s future cam­paign man­ag­er, Kellyanne Con­way. A month lat­er he sold his unit for a $500,000 prof­it. The fol­low­ing year, after rumors cir­cu­lat­ed that Nek­talov was coop­er­at­ing with fed­er­al inves­ti­ga­tors, he was shot down on Sixth Avenue.

    Trump had found his mar­ket. After Trump World Tow­er opened, Sotheby’s Inter­na­tion­al Real­ty teamed up with a Russ­ian real estate com­pa­ny to make a big sales push for the prop­er­ty in Rus­sia. The “tow­er full of oli­garchs,” as Bloomberg called it, became a mod­el for Trump’s projects going for­ward. All he need­ed to do, it seemed, was slap the Trump name on a big build­ing, and high-dol­lar cus­tomers from Rus­sia and the for­mer Sovi­et republics were guar­an­teed to come rush­ing in. Dol­ly Lenz, a New York real estate bro­ker, told USA Today that she sold some 65 units in Trump World Tow­er to Rus­sians. “I had con­tacts in Moscow look­ing to invest in the Unit­ed States,” Lenz said. “They all want­ed to meet Don­ald.”

    To cap­i­tal­ize on his new busi­ness mod­el, Trump struck a deal with a Flori­da devel­op­er to attach his name to six high-ris­es in Sun­ny Isles, just out­side Mia­mi. With­out hav­ing to put up a dime of his own mon­ey, Trump would receive a cut of the prof­its. “Rus­sians love the Trump brand,” Gil Dez­er, the Sun­ny Isles devel­op­er, told Bloomberg. A local bro­ker told The Wash­ing­ton Post that one-third of the 500 apart­ments he’d sold went to “Russ­ian-speak­ers.” So many bought the Trump-brand­ed apart­ments, in fact, that the area became known as “Lit­tle Moscow.”

    Many of the units were sold by a native of Uzbek­istan who had immi­grat­ed from the Sovi­et Union in the 1980s; her busi­ness was so brisk that she soon began bring­ing Russ­ian tour groups to Sun­ny Isles to view the prop­er­ties. Accord­ing to a Reuters inves­ti­ga­tion in March, at least 63 buy­ers with Russ­ian address­es or pass­ports spent $98 mil­lion on Trump’s prop­er­ties in south Flori­da. What’s more, anoth­er one-third of the units—more than 700 in all—were bought by shad­owy shell com­pa­nies that con­cealed the true own­ers.

    ...

    The influx of Russ­ian mon­ey did more than save Trump’s busi­ness from ruin—it set the stage for the next phase of his career. By 2004, to the out­side world, it appeared that Trump was back on top after his fail­ures in Atlantic City. That Jan­u­ary, flush with the appear­ance of suc­cess, Trump launched his new­ly bur­nished brand into anoth­er medi­um.

    “My name’s Don­ald Trump,” he declared in his open­ing nar­ra­tion for The Appren­tice, “the largest real estate devel­op­er in New York. I own build­ings all over the place. Mod­el agen­cies. The Miss Uni­verse pageant. Jet­lin­ers, golf cours­es, casi­nos, and pri­vate resorts like Mar-a-Lago, one of the most spec­tac­u­lar estates any­where in the world.”

    But it wouldn’t be Trump with­out a bet­ter sto­ry than that. “It wasn’t always so easy,” he con­fessed, over images of him cruis­ing around New York in a stretch limo. “About 13 years ago, I was seri­ous­ly in trou­ble. I was bil­lions of dol­lars in debt. But I fought back, and I won. Big league. I used my brain. I used my nego­ti­at­ing skills. And I worked it all out. Now my company’s big­ger than it ever was and stronger than it ever was.… I’ve mas­tered the art of the deal.”

    The show, which report­ed­ly paid Trump up to $3 mil­lion per episode, instant­ly revived his career. “The Appren­tice turned Trump from a blowhard Richie Rich who had just gone through his most dif­fi­cult decade into an unlike­ly sym­bol of straight talk, an evan­ge­list for the Amer­i­can gospel of suc­cess, a decider who insist­ed on stan­dards in a coun­try that had some­how slipped into hand­ing out tro­phies for just show­ing up,” jour­nal­ists Michael Kran­ish and Marc Fish­er observe in their book Trump Revealed. “Above all, Appren­tice sold an image of the host-boss as supreme­ly com­pe­tent and con­fi­dent, dis­pens­ing his author­i­ty and get­ting imme­di­ate results. The anal­o­gy to pol­i­tics was pal­pa­ble.”

    But the sto­ry of Don­ald Trump, self-made busi­ness genius, left out any men­tion of the shady Russ­ian investors who had done so much to make his come­back nar­ra­tive pos­si­ble. And Trump’s busi­ness, despite the hype, was hard­ly “stronger than it ever was”—his cred­it was still lousy, and two more of his prized prop­er­ties in Atlantic City would soon fall into bank­rupt­cy, even as his rat­ings soared.

    To fur­ther enhance his brand, Trump used his prime-time perch to unveil anoth­er big project. On the 2006 sea­son finale of The Appren­tice, as 11 mil­lion view­ers wait­ed to learn which of the two final­ists was going to be fired, Trump pro­longed the sus­pense by cut­ting to a pro­mo­tion­al video for his lat­est ven­ture. “Locat­ed in the cen­ter of Manhattan’s chic artist enclave, the Trump Inter­na­tion­al Hotel and Tow­er in SoHo is the site of my lat­est devel­op­ment,” he nar­rat­ed over swoop­ing heli­copter footage of low­er Man­hat­tan. The new build­ing, he added, would be noth­ing less than a “$370 mil­lion work of art … an awe-inspir­ing mas­ter­piece.”

    Trump SoHo was the brain­child of two devel­op­ment com­pa­nies—Bay­rock Group LLC and the Sapir Organization—run by a pair of wealthy émi­grés from the for­mer Sovi­et Union who had done busi­ness with some of Russia’s rich­est and most noto­ri­ous oli­garchs. Togeth­er, their firms made Trump an offer he couldn’t refuse: The devel­op­ers would finance and build Trump SoHo them­selves. In return for lend­ing his name to the project, Trump would get 18 per­cent of the profits—without putting up any of his own mon­ey.

    One of the devel­op­ers, Tamir Sapir, had fol­lowed an unlike­ly path to rich­es. After emi­grat­ing from the Sovi­et Union in the 1970s, he had start­ed out dri­ving a cab in New York City and end­ed up a bil­lion­aire liv­ing in Trump Tow­er. His big break came when he co-found­ed a com­pa­ny that sold high-tech elec­tron­ics. Accord­ing to the FBI, Sapir’s part­ner in the firm was a “mem­ber or asso­ciate” of Ivankov’s mob in Brighton Beach. No charges were ever filed, and Sapir denied hav­ing any mob ties. “It didn’t hap­pen,” he told The New York Times. “Every­thing was done in the most legit­i­mate way.”

    Trump, who described Sapir as a “great friend,” bought 200 tele­vi­sions from his elec­tron­ics com­pa­ny. In 2007, he host­ed the wed­ding of Sapir’s daugh­ter at Mar-a-Lago, and lat­er attend­ed her infant son’s bris.

    Sapir also intro­duced Trump to Tev­fik Arif, his part­ner in the Trump SoHo deal. On paper, at least, Arif was anoth­er heart­warm­ing immi­grant suc­cess sto­ry. He had grad­u­at­ed from the Moscow Insti­tute of Trade and Eco­nom­ics and worked as a Sovi­et trade and com­merce offi­cial for 17 years before mov­ing to New York and found­ing Bay­rock. Prac­ti­cal­ly overnight, Arif became a wild­ly suc­cess­ful devel­op­er in Brook­lyn. In 2002, after meet­ing Trump, he moved Bayrock’s offices to Trump Tow­er, where he and his staff of Russ­ian émi­grés set up shop on the twen­ty-fourth floor.

    Trump worked close­ly with Bay­rock on real estate ven­tures in Rus­sia, Ukraine, and Poland. “Bay­rock knew the investors,” he lat­er tes­ti­fied. Arif “brought the peo­ple up from Moscow to meet with me.” He boast­ed about the deal he was get­ting: Arif was offer­ing him a 20 to 25 per­cent cut on his over­seas projects, he said, not to men­tion man­age­ment fees. “It was almost like mass pro­duc­tion of a car,” Trump tes­ti­fied.

    But Bay­rock and its deals quick­ly became mired in con­tro­ver­sy. Forbes and oth­er pub­li­ca­tions report­ed that the com­pa­ny was financed by a noto­ri­ous­ly cor­rupt group of oli­garchs known as The Trio. In 2010, Arif was arrest­ed by Turk­ish pros­e­cu­tors and charged with set­ting up a pros­ti­tu­tion ring after he was found aboard a boat—chartered by one of The Trio—with nine young women, two of whom were 16 years old. The women report­ed­ly refused to talk, and Arif was acquit­ted. Accord­ing to a law­suit filed that same year by two for­mer Bay­rock exec­u­tives, Arif start­ed the firm “backed by oli­garchs and mon­ey they stole from the Russ­ian peo­ple.” In addi­tion, the suit alleges, Bay­rock “was sub­stan­tial­ly and covert­ly mob-owned and oper­at­ed.” The company’s real pur­pose, the exec­u­tives claim, was to devel­op huge­ly expen­sive prop­er­ties bear­ing the Trump brand—and then use the projects to laun­der mon­ey and evade tax­es.

    The law­suit, which is ongo­ing, does not claim that Trump was com­plic­it in the alleged scam. Bay­rock dis­missed the alle­ga­tions as “legal con­clu­sions to which no response is required.” But last year, after exam­in­ing title deeds, bank records, and court doc­u­ments, the Finan­cial Times con­clud­ed that Trump SoHo had “mul­ti­ple ties to an alleged inter­na­tion­al mon­ey-laun­der­ing net­work.” In one case, the paper report­ed, a for­mer Kaza­kh ener­gy min­is­ter is being sued in fed­er­al court for con­spir­ing to “sys­tem­at­i­cal­ly loot hun­dreds of mil­lions of dol­lars of pub­lic assets” and then pur­chas­ing three con­dos in Trump SoHo to laun­der his “ill-got­ten funds.”

    Dur­ing his col­lab­o­ra­tion with Bay­rock, Trump also became close to the man who ran the firm’s dai­ly operations—a twice-con­vict­ed felon with fam­i­ly ties to Semi­on Mogile­vich. In 1974, when he was eight years old, Felix Sater and his fam­i­ly emi­grat­ed from Moscow to Brighton Beach. Accord­ing to the FBI, his father—who was con­vict­ed for extort­ing local restau­rants, gro­cery stores, and a med­ical clin­ic—was a Mogile­vich boss. Sater tried mak­ing it as a stock­bro­ker, but his career came to an abrupt end in 1991, after he stabbed a Wall Street foe in the face with a bro­ken mar­gari­ta glass dur­ing a bar fight, open­ing wounds that required 110 stitch­es. (Years lat­er, in a depo­si­tion, Trump down­played the inci­dent, insist­ing that Sater “got into a bar­room fight, which a lot of peo­ple do.”) Sater lost his trad­ing license over the attack, and served a year in prison.

    In 1998, Sater plead­ed guilty to racketeering—operating a “pump and dump” stock fraud in part­ner­ship with alleged Russ­ian mob­sters that bilked investors of at least $40 mil­lion. To avoid prison time, Sater turned informer. But accord­ing to the law­suit against Bay­rock, he also resumed “his old tricks.” By 2003, the suit alleges, Sater con­trolled the major­i­ty of Bayrock’s shares—and pro­ceed­ed to use the firm to laun­der hun­dreds of mil­lions of dol­lars, while skim­ming and extort­ing mil­lions more. The suit also claims that Sater com­mit­ted fraud by con­ceal­ing his rack­e­teer­ing con­vic­tion from banks that invest­ed hun­dreds of mil­lions in Bay­rock, and that he threat­ened “to kill any­one at the firm he thought knew of the crimes com­mit­ted there and might report it.” In court, Bay­rock has denied the alle­ga­tions, which Sater’s attor­ney char­ac­ter­izes as “false, fab­ri­cat­ed, and pure garbage.”

    By Sater’s account, in sworn tes­ti­mo­ny, he was very tight with Trump. He flew to Col­orado with him, accom­pa­nied Don­ald Jr. and Ivan­ka on a trip to Moscow at Trump’s invi­ta­tion, and met with Trump’s inner cir­cle “con­stant­ly.” In Trump Tow­er, he often dropped by Trump’s office to pitch busi­ness ideas—“just me and him.”

    Trump seems unable to recall any of this. “Felix Sater, boy, I have to even think about it,” he told the Asso­ci­at­ed Press in 2015. Two years ear­li­er, tes­ti­fy­ing in a video depo­si­tion, Trump took the same line. If Sater “were sit­ting in the room right now,” he swore under oath, “I real­ly wouldn’t know what he looked like.” He added: “I don’t know him very well, but I don’t think he was con­nect­ed to the mafia.”

    Trump and his lawyers say that he was unaware of Sater’s crim­i­nal past when he signed on to do busi­ness with Bay­rock. That’s plau­si­ble, since Sater’s plea deal in the stock fraud was kept secret because of his role as an infor­mant. But even after The New York Times revealed Sater’s crim­i­nal record in 2007, he con­tin­ued to use office space pro­vid­ed by the Trump Orga­ni­za­tion. In 2010, he was even giv­en an offi­cial Trump Orga­ni­za­tion busi­ness card that read: FELIX H. SATER, SENIOR ADVISOR TO DONALD TRUMP.

    Sater appar­ent­ly remains close to Trump’s inner cir­cle. Ear­li­er this year, one week before Nation­al Secu­ri­ty Advi­sor Michael Fly­nn was fired for fail­ing to report meet­ings with Russ­ian offi­cials, Trump’s per­son­al attor­ney report­ed­ly hand-deliv­ered to Flynn’s office a “back-chan­nel plan” for lift­ing sanc­tions on Rus­sia. The co-author of the plan, accord­ing to the Times: Felix Sater.

    In the end, Trump’s deals with Bay­rock, like so much of his busi­ness empire, proved to be more glit­ter than gold. The inter­na­tion­al projects in Rus­sia and Poland nev­er mate­ri­al­ized. A Trump tow­er being built in Fort Laud­erdale ran out of mon­ey before it was com­plet­ed, leav­ing behind a mas­sive con­crete shell. Trump SoHo ulti­mate­ly had to be fore­closed and resold But his Russ­ian investors had left Trump with a high-pro­file prop­er­ty he could lever­age. The new own­ers con­tract­ed with Trump to run the tow­er; as of April, the pres­i­dent and his daugh­ter Ivan­ka were still list­ed as man­agers of the prop­er­ty. In 2015, accord­ing to the fed­er­al finan­cial dis­clo­sure reports, Trump made $3 mil­lion from Trump SoHo.

    In April 2013, a lit­tle more than two years before Trump rode the esca­la­tor to the ground floor of Trump Tow­er to kick off his pres­i­den­tial cam­paign, police burst into Unit 63A of the high-rise and round­ed up 29 sus­pects in two gam­bling rings. The oper­a­tion, which pros­e­cu­tors called “the world’s largest sports book,” was run out of con­dos in Trump Tower—including the entire fifty-first floor of the build­ing. In addi­tion, unit 63A—a con­do direct­ly below one owned by Trump—served as the head­quar­ters for a “sophis­ti­cat­ed mon­ey-laun­der­ing scheme” that moved an esti­mat­ed $100 mil­lion out of the for­mer Sovi­et Union, through shell com­pa­nies in Cyprus, and into invest­ments in the Unit­ed States. The entire oper­a­tion, pros­e­cu­tors say, was work­ing under the pro­tec­tion of Alimzhan Tokhtakhounov, whom the FBI iden­ti­fied as a top Russ­ian vor close­ly allied with Semi­on Mogile­vich. In a sin­gle two-month stretch, accord­ing to the fed­er­al indict­ment, the mon­ey laun­der­ers paid Tokhtakhounov $10 mil­lion.

    Tokhtakhounov, who had been indict­ed a decade ear­li­er for con­spir­ing to fix the ice-skat­ing com­pe­ti­tion at the 2002 Win­ter Olympics, was the only sus­pect to elude arrest. For the next sev­en months, the Russ­ian crime boss fell off the radar of Inter­pol, which had issued a red alert. Then, in Novem­ber 2013, he sud­den­ly appeared live on inter­na­tion­al television—sitting in the audi­ence at the Miss Uni­verse pageant in Moscow. Tokhtakhounov was in the VIP sec­tion, just a few seats away from the pageant own­er, Don­ald Trump.

    After the pageant, Trump bragged about all the pow­er­ful Rus­sians who had turned out that night, just to see him. “Almost all of the oli­garchs were in the room,” he told Real Estate Week­ly. Con­tact­ed by Moth­er Jones, Tokhtakhounov insist­ed that he had bought his own tick­et and was not a VIP. He also denied being a mob­ster, telling The New York Times that he had been indict­ed in the gam­bling ring because FBI agents “mis­in­ter­pret­ed his Russ­ian slang” on their Trump Tow­er wire­taps, when he was mere­ly plac­ing $20,000 bets on soc­cer games.

    Both the White House and the Trump Orga­ni­za­tion declined to respond to ques­tions for this sto­ry. On the few occa­sions he has been ques­tioned about his busi­ness entan­gle­ments with Rus­sians, how­ev­er, Trump has offered broad denials. “I tweet­ed out that I have no deal­ings with Rus­sia,” he said at a press con­fer­ence in Jan­u­ary, when asked if Rus­sia has any “lever­age” over him, finan­cial or oth­er­wise. “I have no deals that could hap­pen in Rus­sia, because we’ve stayed away. And I have no loans with Rus­sia. I have no loans with Rus­sia at all.” In May, when he was inter­viewed by NBC’s Lester Holt, Trump seemed hard-pressed to think of a sin­gle con­nec­tion he had with Rus­sia. “I have had deal­ings over the years where I sold a house to a very wealthy Russ­ian many years ago,” he said. “I had the Miss Uni­verse pageant—which I owned for quite a while—I had it in Moscow a long time ago. But oth­er than that, I have noth­ing to do with Rus­sia.”

    But even if Trump has no mem­o­ry of the many deals that he and his busi­ness made with Russ­ian investors, he cer­tain­ly did not “stay away” from Rus­sia. For decades, he and his orga­ni­za­tion have aggres­sive­ly pro­mot­ed his busi­ness there, seek­ing to entice investors and buy­ers for some of his most high-pro­file devel­op­ments. Whether Trump knew it or not, Russ­ian mob­sters and cor­rupt oli­garchs used his prop­er­ties not only to laun­der vast sums of mon­ey from extor­tion, drugs, gam­bling, and rack­e­teer­ing, but even as a base of oper­a­tions for their crim­i­nal activ­i­ties. In the process, they propped up Trump’s busi­ness and enabled him to rein­vent his image. With­out the Russ­ian mafia, it is fair to say, Don­ald Trump would not be pres­i­dent of the Unit­ed States.

    Semi­on Mogile­vich, the Russ­ian mob’s “boss of boss­es,” also declined to respond to ques­tions from the New Repub­lic. “My ideas are not impor­tant to any­body,” Mogile­vich said in a state­ment pro­vid­ed by his attor­ney. “What­ev­er I know, I am a pri­vate per­son.” Mogile­vich, the attor­ney added, “has noth­ing to do with Pres­i­dent Trump. He doesn’t believe that any­body asso­ci­at­ed with him lives in Trump Tow­er. He has no ties to Amer­i­ca or Amer­i­can cit­i­zens.”

    Back in 1999, the year before Trump staged his first run for pres­i­dent, Mogile­vich gave a rare inter­view to the BBC. Liv­ing up to his rep­u­ta­tion for clev­er­ness, the mafia boss most­ly joked and dou­ble-spoke his way around his crim­i­nal activ­i­ties. (Q: “Why did you set up com­pa­nies in the Chan­nel Islands?” A: “The prob­lem was that I didn’t know any oth­er islands. When they taught us geog­ra­phy at school, I was sick that day.”) But when the exas­per­at­ed inter­view­er asked, “Do you believe there is any Russ­ian orga­nized crime?” the “brainy don” turned half-seri­ous.

    “How can you say that there is a Russ­ian mafia in Amer­i­ca?” he demand­ed. “The word mafia, as far as I under­stand the word, means a crim­i­nal group that is con­nect­ed with the polit­i­cal organs, the police and the admin­is­tra­tion. I don’t know of a sin­gle Russ­ian in the U.S. Sen­ate, a sin­gle Russ­ian in the U.S. Con­gress, a sin­gle Russ­ian in the U.S. gov­ern­ment. Where are the con­nec­tions with the Rus­sians? How can there be a Russ­ian mafia in Amer­i­ca? Where are their con­nec­tions?”

    Two decades lat­er, we final­ly have an answer to Mogilevich’s ques­tion.

    ———-

    “Trump’s Russ­ian Laun­dro­mat” by Craig Unger; The New Repub­lic; 07/13/2017

    “But even with­out an inves­ti­ga­tion by Con­gress or a spe­cial pros­e­cu­tor, there is much we already know about the president’s debt to Rus­sia. A review of the pub­lic record reveals a clear and dis­turb­ing pat­tern: Trump owes much of his busi­ness suc­cess, and by exten­sion his pres­i­den­cy, to a flow of high­ly sus­pi­cious mon­ey from Rus­sia. Over the past three decades, at least 13 peo­ple with known or alleged links to Russ­ian mob­sters or oli­garchs have owned, lived in, and even run crim­i­nal activ­i­ties out of Trump Tow­er and oth­er Trump prop­er­ties. Many used his apart­ments and casi­nos to laun­der untold mil­lions in dirty mon­ey. Some ran a world­wide high-stakes gam­bling ring out of Trump Tower—in a unit direct­ly below one owned by Trump. Oth­ers pro­vid­ed Trump with lucra­tive brand­ing deals that required no invest­ment on his part. Tak­en togeth­er, the flow of mon­ey from Rus­sia pro­vid­ed Trump with a cru­cial infu­sion of financ­ing that helped res­cue his empire from ruin, bur­nish his image, and launch his career in tele­vi­sion and pol­i­tics. “They saved his bacon,” says Ken­neth McCal­lion, a for­mer assis­tant U.S. attor­ney in the Rea­gan admin­is­tra­tion who inves­ti­gat­ed ties between orga­nized crime and Trump’s devel­op­ments in the 1980s.”

    As we can see, Don­ald Trump’s busi­ness empire has been rely­ing on mon­ey flows from the for­mer Sovi­et Union for decades:

    ...
    Trump made his first trip to Rus­sia in 1987, only a few years before the col­lapse of the Sovi­et Union. Invit­ed by Sovi­et Ambas­sador Yuri Dubinin, Trump was flown to Moscow and Leningrad—all expens­es paid—to talk busi­ness with high-ups in the Sovi­et com­mand. In The Art of the Deal, Trump recount­ed the lunch meet­ing with Dubinin that led to the trip. “One thing led to anoth­er,” he wrote, “and now I’m talk­ing about build­ing a large lux­u­ry hotel, across the street from the Krem­lin, in part­ner­ship with the Sovi­et gov­ern­ment.”

    Over the years, Trump and his sons would try and fail five times to build a new Trump Tow­er in Moscow. But for Trump, what mat­tered most were the lucra­tive con­nec­tions he had begun to make with the Kremlin—and with the wealthy Rus­sians who would buy so many of his prop­er­ties in the years to come. “Rus­sians make up a pret­ty dis­pro­por­tion­ate cross sec­tion of a lot of our assets,” Don­ald Trump Jr. boast­ed at a real estate con­fer­ence in 2008. “We see a lot of mon­ey pour­ing in from Rus­sia.”
    ...

    And despite all that Russ­ian mon­ey through­out the 80’s and 90’s, Trump still ran into trou­ble. And when he did, there was more Russ­ian mon­ey to save him:

    ...
    Through­out the 1990s, untold mil­lions from the for­mer Sovi­et Union flowed into Trump’s lux­u­ry devel­op­ments and Atlantic City casi­nos. But all the mon­ey wasn’t enough to save Trump from his own fail­ings as a busi­ness­man. He owed $4 bil­lion to more than 70 banks, with a mind-bog­gling $800 mil­lion of it per­son­al­ly guar­an­teed. He spent much of the decade mired in lit­i­ga­tion, fil­ing for mul­ti­ple bank­rupt­cies and scram­bling to sur­vive. For most devel­op­ers, the sit­u­a­tion would have spelled finan­cial ruin. But for­tu­nate­ly for Trump, his own eco­nom­ic cri­sis coin­cid­ed with one in Rus­sia.

    In 1998, Rus­sia default­ed on $40 bil­lion in debt, caus­ing the ruble to plum­met and Russ­ian banks to close. The ensu­ing finan­cial pan­ic sent the country’s oli­garchs and mob­sters scram­bling to find a safe place to put their mon­ey. That Octo­ber, just two months after the Russ­ian econ­o­my went into a tail­spin, Trump broke ground on his biggest project yet. Ris­ing to 72 sto­ries in mid­town Man­hat­tan, Trump World Tow­er would be the tallest res­i­den­tial build­ing on the plan­et. Con­struc­tion got under­way in 1999—just as Trump was prepar­ing his first run for the pres­i­den­cy on the Reform Par­ty tick­et— and con­clud­ed in 2001. As Bloomberg Busi­ness­week report­ed ear­li­er this year, it wasn’t long before one-third of the units on the tower’s prici­est floors had been snatched up—either by indi­vid­ual buy­ers from the for­mer Sovi­et Union, or by lim­it­ed lia­bil­i­ty com­pa­nies con­nect­ed to Rus­sia. “We had big buy­ers from Rus­sia and Ukraine and Kaza­khstan,” sales agent Debra Stotts told Bloomberg.
    ...

    And when he start­ed the new TV celebri­ty phase of his career in 2004, there was even more Russ­ian mon­ey. And a grow­ing rela­tion­ship with Bay­rock Group LLC and the now noto­ri­ous Felix Sater:

    ...
    The influx of Russ­ian mon­ey did more than save Trump’s busi­ness from ruin—it set the stage for the next phase of his career. By 2004, to the out­side world, it appeared that Trump was back on top after his fail­ures in Atlantic City. That Jan­u­ary, flush with the appear­ance of suc­cess, Trump launched his new­ly bur­nished brand into anoth­er medi­um.

    “My name’s Don­ald Trump,” he declared in his open­ing nar­ra­tion for The Appren­tice, “the largest real estate devel­op­er in New York. I own build­ings all over the place. Mod­el agen­cies. The Miss Uni­verse pageant. Jet­lin­ers, golf cours­es, casi­nos, and pri­vate resorts like Mar-a-Lago, one of the most spec­tac­u­lar estates any­where in the world.”

    ...

    But the sto­ry of Don­ald Trump, self-made busi­ness genius, left out any men­tion of the shady Russ­ian investors who had done so much to make his come­back nar­ra­tive pos­si­ble. And Trump’s busi­ness, despite the hype, was hard­ly “stronger than it ever was”—his cred­it was still lousy, and two more of his prized prop­er­ties in Atlantic City would soon fall into bank­rupt­cy, even as his rat­ings soared.

    To fur­ther enhance his brand, Trump used his prime-time perch to unveil anoth­er big project. On the 2006 sea­son finale of The Appren­tice, as 11 mil­lion view­ers wait­ed to learn which of the two final­ists was going to be fired, Trump pro­longed the sus­pense by cut­ting to a pro­mo­tion­al video for his lat­est ven­ture. “Locat­ed in the cen­ter of Manhattan’s chic artist enclave, the Trump Inter­na­tion­al Hotel and Tow­er in SoHo is the site of my lat­est devel­op­ment,” he nar­rat­ed over swoop­ing heli­copter footage of low­er Man­hat­tan. The new build­ing, he added, would be noth­ing less than a “$370 mil­lion work of art … an awe-inspir­ing mas­ter­piece.”

    Trump SoHo was the brain­child of two devel­op­ment com­pa­nies—Bay­rock Group LLC and the Sapir Organization—run by a pair of wealthy émi­grés from the for­mer Sovi­et Union who had done busi­ness with some of Russia’s rich­est and most noto­ri­ous oli­garchs. Togeth­er, their firms made Trump an offer he couldn’t refuse: The devel­op­ers would finance and build Trump SoHo them­selves. In return for lend­ing his name to the project, Trump would get 18 per­cent of the profits—without putting up any of his own mon­ey.

    One of the devel­op­ers, Tamir Sapir, had fol­lowed an unlike­ly path to rich­es. After emi­grat­ing from the Sovi­et Union in the 1970s, he had start­ed out dri­ving a cab in New York City and end­ed up a bil­lion­aire liv­ing in Trump Tow­er. His big break came when he co-found­ed a com­pa­ny that sold high-tech elec­tron­ics. Accord­ing to the FBI, Sapir’s part­ner in the firm was a “mem­ber or asso­ciate” of Ivankov’s mob in Brighton Beach. No charges were ever filed, and Sapir denied hav­ing any mob ties. “It didn’t hap­pen,” he told The New York Times. “Every­thing was done in the most legit­i­mate way.”

    Trump, who described Sapir as a “great friend,” bought 200 tele­vi­sions from his elec­tron­ics com­pa­ny. In 2007, he host­ed the wed­ding of Sapir’s daugh­ter at Mar-a-Lago, and lat­er attend­ed her infant son’s bris.

    Sapir also intro­duced Trump to Tev­fik Arif, his part­ner in the Trump SoHo deal. On paper, at least, Arif was anoth­er heart­warm­ing immi­grant suc­cess sto­ry. He had grad­u­at­ed from the Moscow Insti­tute of Trade and Eco­nom­ics and worked as a Sovi­et trade and com­merce offi­cial for 17 years before mov­ing to New York and found­ing Bay­rock. Prac­ti­cal­ly overnight, Arif became a wild­ly suc­cess­ful devel­op­er in Brook­lyn. In 2002, after meet­ing Trump, he moved Bayrock’s offices to Trump Tow­er, where he and his staff of Russ­ian émi­grés set up shop on the twen­ty-fourth floor.

    ...

    Dur­ing his col­lab­o­ra­tion with Bay­rock, Trump also became close to the man who ran the firm’s dai­ly operations—a twice-con­vict­ed felon with fam­i­ly ties to Semi­on Mogile­vich. In 1974, when he was eight years old, Felix Sater and his fam­i­ly emi­grat­ed from Moscow to Brighton Beach. Accord­ing to the FBI, his father—who was con­vict­ed for extort­ing local restau­rants, gro­cery stores, and a med­ical clin­ic—was a Mogile­vich boss. Sater tried mak­ing it as a stock­bro­ker, but his career came to an abrupt end in 1991, after he stabbed a Wall Street foe in the face with a bro­ken mar­gari­ta glass dur­ing a bar fight, open­ing wounds that required 110 stitch­es. (Years lat­er, in a depo­si­tion, Trump down­played the inci­dent, insist­ing that Sater “got into a bar­room fight, which a lot of peo­ple do.”) Sater lost his trad­ing license over the attack, and served a year in prison.
    ...

    And ALL of this is part of the pub­lic record. It’s part of why it’s amaz­ing Trump ran for pres­i­dent at all. This is all part of the pub­lic record. But it’s even more amaz­ing if the Russ­ian gov­ern­ment pulled off a series of high pro­file hacks intend­ed to become the cen­ter of the 2016 cam­paign using some sort of joke hack­ing cam­paign that leaves all these “I’m a Russ­ian hack­er!” clues.

    It’s all one more big rea­son to seri­ous­ly look in the direc­tion of a pro-Trump hack­er who may not have been ful­ly aware of just how deeply inter­twined Trump’s past is with Russ­ian mon­ey — a hack­er like Andrew Auern­heimer — who car­ried out the hacks and thought they were being clever by fram­ing the Rus­sians but did­n’t have hav­ing any idea just how incred­i­bly risky such a scheme would be for Trump if he actu­al­ly won.

    It’s also all a pret­ty big expla­na­tion of why Trump is now open­ly talk­ing about his par­don­ing pow­ers and threat­en­ing Rober Mueller about not look­ing into his past busi­ness prac­tices. There are decades of poten­tial mon­ey-laun­der­ing charges and oth­er cor­rupt prac­tices that are just wait­ing to be unearthed. And all because of the incred­i­ble amount of atten­tion being giv­en towards Trump’s Russ­ian ties. And that incred­i­ble amount of atten­tion is pri­mar­i­ly due to an incred­i­bly high pro­file hack­ing cam­paign with ‘Russ­ian fin­ger­prints’ all over it.

    And that’s all also part of what makes this whole sit­u­a­tion so remark­able: Trump had to know how incred­i­bly vul­ner­a­ble he would be to inves­ti­ga­tions into his past as a Russ­ian mon­ey laun­dro­mat, and yet he stacked his cam­paign with peo­ple like Paul Man­afort or Carter Page who, them­selves, had high­ly ques­tion­able his­to­ries with shady Russ­ian mon­ey and then Trump does high­ly con­spic­u­ous things like ask­ing Rus­sia to hack Hillary Clin­ton’s emails in the mid­dle of the cam­paign. And that’s anoth­er impor­tant behav­ioral pat­tern when assess­ing the sus­pects for the hacks: while it would make lit­tle sense for either the Russ­ian gov­ern­ment, the Russ­ian mob, or the Trump cam­paign to draw undo atten­tion to their long his­to­ry, it’s unde­ni­able that the Trump cam­paign was rou­tine­ly draw­ing atten­tion to exact­ly that his­to­ry by their con­spic­u­ous staffing and behav­ior. The Trump team appar­ent­ly did­n’t real­ize this would be a big deal. So while it’s pos­si­ble a pro-Trump hack­ing oper­a­tion that did­n’t know about Trump’s vul­ner­a­bil­i­ty with his past ties to Rus­sia might con­duct the hacks and frame Rus­sia, even if the hack was done by the Trump team itself we still can’t rule out that the Trump team may have done the hacks in way to frame the Rus­sians. Because that’s just how cav­a­lier the Trump team has been about all this stuff from the begin­ning.

    So one of the big ques­tions now is just how wide spread is this par­don-o-rama going to get. Because one of the best ways to par­don him­self and his fam­i­ly is to obscure all that in a mael­strom of par­dons that could include all sorts of peo­ple. So why stop at just Trump and his fam­i­ly? This could becom­ing a new fam­i­ly busi­ness. Think about all the peo­ple who would love a par­don! How about the rest of the GOP lead­er­ship that may have par­tic­i­pat­ed in sort of Trumpian coverup. How about the hack­er? Or maybe like 10 ran­dom peo­ple behind bars every day with ques­tion­able pros­e­cu­tions? That could play well. Heck, he could start a TV show where peo­ple plead for a par­don. And who knows, Trump is always talk­ing about pros­e­cut­ing Hillary Clin­ton or Barack Oba­ma for what­ev­er crimes they alleged­ly com­mit­ted. Maybe he’ll par­don them for their fan­ta­sy crimes? That would sort of sweet­en the deal. Or how about all the leak­ers. He’ll just declared a blan­ket par­don for them at the same time he par­dons him­self. Who knows where this can go, but the par­don-o-rama won’t be able to con­tin­ue with­out Trump par­don­ing him­self first.

    Trump the Mer­ci­ful. It has a nice ring to it. Although he’d have to drop the GOP’s mer­ci­less pol­i­cy agen­da and have a per­son­al­i­ty trans­plant to real­ly fit the role so hope­ful­ly that’s also under con­sid­er­a­tion.

    Posted by Pterrafractyl | July 22, 2017, 2:51 pm
  8. Here’s a set of arti­cles about the strange tale of the ‘peace plan’ that was appar­ent­ly hatched by a Ukrain­ian politi­cian (report­ed­ly with ties to the Krem­lin, although, as we’re going to see, the guy has ties to the vir­u­lent­ly anti-Russ­ian “Right Sec­tor” neo-Nazi mili­tia) and arranged by Felix Sater and the Trump attor­ney Michael Cohen: First off, it’s worth not­ing that Cohen and Sater appar­ent­ly knew each oth­er going all the way back to their teen years grow­ing up in the same neigh­bor­hood:

    Talk­ing Points Memo
    Muck­rak­er

    Trump’s Con­duits For Cap­i­tal From The For­mer Sovi­et Bloc Are Actu­al­ly Old Pals

    By Sam Thiel­man
    Pub­lished July 25, 2017 4:28 pm

    Two very dif­fer­ent men have been instru­men­tal in intro­duc­ing financiers and clients from Rus­sia and the for­mer Sovi­et bloc to the Trump Organization’s real estate machine: Felix Sater, Don­ald Trump’s for­mer busi­ness part­ner and a con­vict­ed felon, and Michael Cohen, Trump’s brash, long­time per­son­al attor­ney.

    And TPM now has learned from con­ver­sa­tions with both Sater and Cohen that the two men know each oth­er dat­ing back to their teenage years, when they were acquain­tances from near­by towns on Long Island. Both went on to make their for­tunes in real estate, even­tu­al­ly work­ing with the same big-name businessman—although they insist that nei­ther helped the oth­er land his gig with the Trump Orga­ni­za­tion.

    “It isn’t a fam­i­ly atmos­phere kind of thing,” Sater said of the sev­er­al years he told TPM he worked direct­ly for Trump scout­ing deals, some as far afield as Moscow. “You sort of ran around and did your own deals.”

    The two men say they arrived in busi­ness with Trump through dif­fer­ent avenues. While Cohen declined to speak broad­ly about Sater, he agreed to con­firm or deny some of Sater’s state­ments and add slight­ly to Sater’s expla­na­tion of how the two men entered the Trump orbit inde­pen­dent­ly of each oth­er.

    “The fam­i­ly knew about me because I pur­chased sev­er­al Trump apart­ments over the years and Don, Jr. had sold me mul­ti­ple apart­ments at one of the prop­er­ties and was com­bin­ing them [into a sin­gle deal] for me,” Cohen explained.

    Sater’s tale is a lit­tle more dra­mat­ic and hard­er to con­firm in its par­tic­u­lars. In his telling, he began work­ing with one of his neigh­bors, a Kaza­kh real estate devel­op­er named Tev­fik Arif, at a new firm called Bay­rock, the offices of which were down­stairs from the Trumps. That’s how Sater said he land­ed a meet­ing with Trump.

    “I walked in and knocked on his door and told him I was going to be the biggest developer—this is 2000, 2001—first in the Unit­ed States and then world­wide,” Sater said of the Pres­i­dent. His brag­gado­cio paid off, he said: “We got along very, very well.”

    But the Russ­ian mon­ey didn’t begin to flow imme­di­ate­ly. “There were no Russ­ian investors at that point,” he told TPM. “1998, ’99, 2000—Russians did not have any mon­ey.” The rea­son, Sater said with a laugh: “$8‑a-bar­rel oil!”

    He pegged the date to when Rus­sians final­ly had mon­ey to spend abroad around 2005, the same year Bay­rock signed a one-year deal to explore devel­op­ing a Trump Tow­er in Moscow. The group even pro­posed the site of an old pen­cil fac­to­ry for the build­ing, but the deal nev­er closed.

    Long before they were seek­ing such deals, Cohen and Sater were run­ning in the same cir­cles, in the area where Brook­lyn bleeds into Long Island. Cohen is from Five Towns, the infor­mal name for a few tony sub­ur­ban hamlets—more than five, less than eight—in Nas­sau Coun­ty, east of Jamaica Bay. Sater hails from the less gen­teel Brook­lyn neigh­bor­hoods of Brighton Beach and Coney Island, west of the bay.

    “It was an emi­grant enclave of Jews from the for­mer Sovi­et Union,” Sater recalled. “Coney Island was kind of tough. I was one of the white kids on the block, which led to lots of beat­ings. It was dif­fi­cult grow­ing up but it tough­ens you up.”

    ...

    Sater said he most clear­ly remem­bers the begin­ning of his rela­tion­ship with Cohen from the time the for­mer Trump Orga­ni­za­tion attor­ney began dat­ing his now-wife, whom Sater describes as a girl from his neigh­bor­hood of Jew­ish Sovi­et expa­tri­ates. Cohen told TPM the pair had known each oth­er before then, in their teenage years, and that he hadn’t yet begun dat­ing his wife, report­ed­ly a Ukrain­ian émi­gré, when he was in his teens.

    “He wasn’t one of my close friends, just a guy dat­ing a girl in the neigh­bor­hood and we had a bunch of mutu­al friends,” Sater said. “We even­tu­al­ly both start­ed work­ing at Trump Org. Pri­or to that, again, lots of mutu­al acquain­tances.”

    Sater said he and Cohen still speak to each oth­er, even if they seem a bit loath to speak about each oth­er.

    “We did not own real estate togeth­er, but cer­tain­ly looked at a bunch of stuff togeth­er, dur­ing Trump and post-Trump,” Sater says. “After I left there, I was still look­ing at deals for Trump, but I would think about real estate with Michael. [It] was just two real estate guys talk­ing.” Sater starts to say some­thing more, but cuts him­self off and ends almost bash­ful­ly: “I would be more than hap­py to do a deal with Michael,” he says.

    Cohen was less forth­com­ing than his acquain­tance. “I don’t give pro­file pieces on peo­ple,” he told TPM when asked about Sater. When asked why not, he answered, “I just don’t want to.”

    Still, the two men appear to know each oth­er well enough for there to be con­sid­er­able trust. They were both involved in a scheme to deliv­er a “peace plan” to the White House that pro­posed let­ting Ukrain­ian vot­ers decide whether to lease Crimea to Rus­sia in hopes that the move would lead to the relax­ation of inter­na­tion­al sanc­tions.

    Sater told TPM he called the now-noto­ri­ous meet­ing with Cohen and Ukrain­ian politi­cian Andrii Arte­menko in Feb­ru­ary to dis­cuss the future of Ukraine. Cohen took the meet­ing, and told the New York Times that he ulti­mate­ly left the pro­pos­al on the desk of then-Nation­al Secu­ri­ty Advis­er Michael Fly­nn (Cohen would lat­er give sev­er­al con­tra­dic­to­ry inter­views in which he walked back his involve­ment).

    Noth­ing ever came of the plan, but it caused out­cry from all cor­ners of the diplo­mat­ic world—who were these men, and what were they doing?

    Asked why he arranged the meet­ing, Sater told TPM “Because I could!” Trump had dis­tanced him­self from Sater—in a 2013 depo­si­tion, he claimed not to know what Sater looked like—but he had Cohen’s ear, and the issue at hand per­tained to a region of the world of inter­est to both men.

    In con­ver­sa­tion, Sater framed his pur­suit of the deal as deep con­cern for the region of his birth. “Every­one in the pro­pos­al, all three sides would have won,” he said. “As a side note, some civil­ians wouldn’t have been killed and shelled. In hind­sight, I’m glad I did it. Any­body can paint it any way they want, but it was a peace deal.”

    ———-

    “Trump’s Con­duits For Cap­i­tal From The For­mer Sovi­et Bloc Are Actu­al­ly Old Pals” by Sam Thiel­man; Talk­ing Points Memo; 07/25/2017

    “And TPM now has learned from con­ver­sa­tions with both Sater and Cohen that the two men know each oth­er dat­ing back to their teenage years, when they were acquain­tances from near­by towns on Long Island. Both went on to make their for­tunes in real estate, even­tu­al­ly work­ing with the same big-name businessman—although they insist that nei­ther helped the oth­er land his gig with the Trump Orga­ni­za­tion.”

    Who knows how rel­e­vant this child­hood tie is between Sater and Cohen but it’s cer­tain­ly worth keep­ing in mind. Espe­cial­ly when we learn about the odd tale of that Ukraini­ant peace pro­pos­al:

    ...
    Still, the two men appear to know each oth­er well enough for there to be con­sid­er­able trust. They were both involved in a scheme to deliv­er a “peace plan” to the White House that pro­posed let­ting Ukrain­ian vot­ers decide whether to lease Crimea to Rus­sia in hopes that the move would lead to the relax­ation of inter­na­tion­al sanc­tions.

    Sater told TPM he called the now-noto­ri­ous meet­ing with Cohen and Ukrain­ian politi­cian Andrii Arte­menko in Feb­ru­ary to dis­cuss the future of Ukraine. Cohen took the meet­ing, and told the New York Times that he ulti­mate­ly left the pro­pos­al on the desk of then-Nation­al Secu­ri­ty Advis­er Michael Fly­nn (Cohen would lat­er give sev­er­al con­tra­dic­to­ry inter­views in which he walked back his involve­ment).

    Noth­ing ever came of the plan, but it caused out­cry from all cor­ners of the diplo­mat­ic world—who were these men, and what were they doing?

    Asked why he arranged the meet­ing, Sater told TPM “Because I could!” Trump had dis­tanced him­self from Sater—in a 2013 depo­si­tion, he claimed not to know what Sater looked like—but he had Cohen’s ear, and the issue at hand per­tained to a region of the world of inter­est to both men.

    In con­ver­sa­tion, Sater framed his pur­suit of the deal as deep con­cern for the region of his birth. “Every­one in the pro­pos­al, all three sides would have won,” he said. “As a side note, some civil­ians wouldn’t have been killed and shelled. In hind­sight, I’m glad I did it. Any­body can paint it any way they want, but it was a peace deal.”

    So that’s an inter­est­ing new twist about Sater and Cohen. But here’s a rel­a­tive­ly old twist about that Ukrain­ian peace pro­pos­al that just has­n’t got­ten much notice: Remem­ber how that meet­ing was wide­ly char­ac­ter­ized as being an attempt to set up a back chan­nel between Trump and the Krem­lin? And still large­ly is sus­pect­ed of that to this day? And remem­ber how the Ukrain­ian politi­cian in ques­tion, Andrey Arte­menko, was wide­ly report­ed as belong­ing to a “pro-Putin” par­ty? Well, check out this peace on Arte­menko that showed up in For­eign Pol­i­cy back in April. It turns out that while Arte­menko is indeed an East­ern Ukrain­ian politi­cian, which was seen as an indi­ca­tor that, of course, he’s a pro-Russ­ian Ukrain­ian. Except he’s a mem­ber of the far-right anti-Russ­ian “Rad­i­cal Par­ty” and has close ties to “Right Sec­tor”, one of the most anti-Russ­ian groups in the coun­try:

    For­eign Pol­i­cy

    Ukraine’s Back-Chan­nel Diplo­mat Still Shop­ping Peace Plan to Trump

    As pow­er strug­gles heat up back home, Andrey Arte­menko is push­ing pol­i­cy in Wash­ing­ton to play pol­i­tics in Kiev.

    By Reid Stan­dish
    April 18, 2017

    The last two months have not been easy for Andrey Arte­menko.

    On Feb. 19, the right-wing Ukrain­ian mem­ber of par­lia­ment was sucked into the scan­dal sur­round­ing Pres­i­dent Don­ald Trump and his alleged ties to Rus­sia when the New York Times report­ed that Arte­menko had served as a back chan­nel between Moscow and Trump asso­ciates.

    In the after­math of the report, Arte­menko was forced out of his polit­i­cal fac­tion in Ukraine, the far-right Rad­i­cal Par­ty, and the Pros­e­cu­tor General’s Office of Ukraine has opened an inves­ti­ga­tion into whether his diplo­mat­ic out­reach, which was done with­out Kiev’s approval, con­sti­tutes trea­son.

    Despite the polit­i­cal firestorm, Arte­menko is still shop­ping his pro­pos­al in Wash­ing­ton and insists that now is the time to find a res­o­lu­tion to the near­ly three-year war in east­ern Ukraine that has claimed more than 10,000 lives. In an inter­view with For­eign Pol­i­cy, Arte­menko denied any con­nec­tions between him and the Krem­lin, praised the ear­ly stages of the Trump pres­i­den­cy, and rebuffed ele­ments of the Times report, say­ing he was unfair­ly caught up in a fight between the U.S. pres­i­dent and the “lib­er­al media.” The law­mak­er also accused Ukrain­ian Pres­i­dent Petro Poroshenko of not being inter­est­ed in end­ing the war in the Don­bass and said he was using Rus­sia as an excuse to scape­goat his crit­ics.

    “Any­one who has a per­son­al opin­ion in Ukraine is auto­mat­i­cal­ly named a Russ­ian spy,” Arte­menko said. “But I don’t have any con­nec­tions to Rus­sia. That’s why I’m try­ing to involve the Trump admin­is­tra­tion on this issue and not the Krem­lin.”

    Artemenko’s peace plan episode is just one small part of a rapid­ly mush­room­ing inves­ti­ga­tion in Wash­ing­ton over pos­si­ble coor­di­na­tion between the Trump cam­paign and Russ­ian intel­li­gence to tilt the 2016 U.S. pres­i­den­tial elec­tion in Trump’s favor. But it’s also emblem­at­ic of anoth­er polit­i­cal fight unfold­ing against the back­drop of U.S. pol­i­tics: the pow­er strug­gle for the future of Ukraine.

    Since the 2014 Maid­an rev­o­lu­tion that oust­ed pro-Russ­ian Pres­i­dent Vik­tor Yanukovych, Wash­ing­ton has played an out­sized role in Ukrain­ian domes­tic pol­i­tics, where recog­ni­tion and sup­port from influ­en­tial U.S. fig­ures can make or break a politician’s career back home. The impor­tance of these ties has tak­en on a new but uncer­tain dimen­sion since the elec­tion of Trump in Novem­ber 2016; a lack of clar­i­ty about the administration’s poli­cies toward Kiev has been both a source of anx­i­ety and oppor­tu­ni­ty for Ukraine’s polit­i­cal class.

    With key pol­i­cy posi­tions still unfilled at the State Depart­ment, many high-pro­file Ukraini­ans have sought back chan­nels to the Trump admin­is­tra­tion to push for a solu­tion to the war in Ukraine.

    That’s what Arte­menko appar­ent­ly did to pitch his loose­ly defined plan, which calls for Russ­ian sep­a­ratists to return east­ern ter­ri­to­ry to Kiev, and the hold­ing of a nation­al ref­er­en­dum on leas­ing Crimea to Rus­sia for an unde­ter­mined amount of time.

    “Maybe it’s dual man­age­ment of Crimea, or maybe it’s a lease like the Pana­ma Canal and Hong Kong,” said Arte­menko, who prefers to call his pro­pos­al a “road map for peace” rather than a set plan. “It should be obvi­ous that there is no mil­i­tary solu­tion, only a diplo­mat­ic one.”

    Tall and brawny, Arte­menko is a pop­ulist politi­cian with ties to the far-right Ukrain­ian mil­i­tary-polit­i­cal group “Right Sec­tor” and a mem­ber of the pro-West­ern oppo­si­tion par­lia­men­tary coali­tion led by for­mer Prime Min­is­ter Yulia Tymoshenko’s par­ty. In Kiev, he’s known for being out­spo­ken and polit­i­cal­ly ambi­tious.

    The law­mak­er also pro­fess­es an affin­i­ty for Trump, say­ing he wants to “make Ukraine great again” and has been try­ing to make inroads with the real estate mogul since he was a pres­i­den­tial can­di­date. In July 2016, Arte­menko trav­eled to Cleve­land for the Repub­li­can Nation­al Con­ven­tion and lat­er attend­ed Trump’s inau­gu­ra­tion in Jan­u­ary.

    Arte­menko used these con­nec­tions in late Jan­u­ary to arrange a meet­ing with Michael Cohen, Trump’s long­time per­son­al lawyer who cur­rent­ly works at the Repub­li­can Nation­al Com­mit­tee, to pass his peace plan to Mike Fly­nn, who served about three weeks as Trump’s nation­al secu­ri­ty advi­sor. Fly­nn was forced to resign in ear­ly Feb­ru­ary over a sep­a­rate Rus­sia-relat­ed con­tro­ver­sy, but the Times report­ed that Cohen said he had “hand-deliv­ered” the plan in a sealed enve­lope to the now for­mer nation­al secu­ri­ty advi­sor.

    Arte­menko con­firmed to FP that Trump asso­ciate Felix Sater had arranged a meet­ing with Cohen and that he was told details of the plan were relayed to Fly­nn, although he says no phys­i­cal doc­u­ments were passed at the sit-down in Man­hat­tan.

    The Krem­lin denied any knowl­edge of the plan, and Cohen walked back his ini­tial com­ments, say­ing he hadn’t deliv­ered the plan to Fly­nn or dis­cussed it with any­one in the White House. The Times has stood by its report­ing.

    The Times also report­ed that Arte­menko said he “received encour­age­ment for his plans from top aides to Mr. Putin” and that he “emerged from the oppo­si­tion” nur­tured in Ukraine by Paul Man­afort, Trump’s for­mer cam­paign man­ag­er who pre­vi­ous­ly worked as polit­i­cal oper­a­tive in Ukraine.

    Arte­menko told FP that he had no con­tacts with any Russ­ian offi­cials and has nev­er met or dealt with Man­afort. Trump’s for­mer cam­paign man­ag­er made mil­lions of dol­lars in assist­ing the rise of Yanukovych and lob­bied for sev­er­al pro-Krem­lin caus­es in Wash­ing­ton.

    Arte­menko insists that his inten­tions in push­ing a peace plan for Ukraine are in the country’s best inter­ests. But polit­i­cal observers see his free­lance diplo­ma­cy as part of a ris­ing groundswell in Kiev against Poroshenko by oppo­si­tion forces ahead of par­lia­men­tary and pres­i­den­tial elec­tions sched­uled for 2019.

    “Alliances are shift­ing in Ukraine right now against Poroshenko,” said Bal­azs Jara­bik, a non­res­i­dent schol­ar at the Carnegie Endow­ment for Inter­na­tion­al Peace. “All this diplo­mat­ic maneu­ver­ing in Wash­ing­ton needs to be viewed through this lens.”

    Arte­menko has emerged as a vocal crit­ic of Poroshenko and says he has evi­dence show­ing cor­rup­tion by the Ukrain­ian pres­i­dent. More­over, Arte­menko claims to have offered to orga­nize a meet­ing between Trump and Valeriy Chaly, Ukraine’s ambas­sador to Wash­ing­ton, dur­ing the cam­paign. Chaly refused, Arte­menko told FP, say­ing the Ukrain­ian gov­ern­ment was back­ing Demo­c­ra­t­ic nom­i­nee Hillary Clin­ton at the time.

    “They said they didn’t want to meet Mr. Trump,” Arte­menko said.

    The Ukrain­ian Embassy has denied the charges and said it did not sup­port any can­di­date in the U.S. elec­tion.

    Frus­tra­tion at the slow pace of change in Ukraine has seen Poroshenko’s approval rat­ings plum­met, allow­ing rivals to try to fill the void. Arte­menko, who is a staunch ally of Valen­tyn Naly­vaichenko, a for­mer head of Ukraine’s secu­ri­ty ser­vice with lofty polit­i­cal ambi­tions, has aligned him­self with oth­er West-lean­ing pop­ulists like Tymoshenko. While it’s not say­ing much, she’s cur­rent­ly Ukraine’s most pop­u­lar politi­cian, with polls show­ing about 18 per­cent sup­port for her par­ty.

    Tymoshenko car­ried out some free­lance diplo­ma­cy of her own on Feb. 2 when the for­mer prime min­is­ter met Trump in Wash­ing­ton, before ever meet­ing Poroshenko or speak­ing with him on the phone. The con­ver­sa­tion, which took place at the Nation­al Prayer Break­fast, was report­ed­ly short and con­sist­ed of her seek­ing assur­ances that the Trump admin­is­tra­tion would “not aban­don” Ukraine or lift sanc­tions on Rus­sia. But the meet­ings worked to send a mes­sage back home that Tymoshenko was ascen­dant.

    Despite the back­lash he has faced, Arte­menko is still opti­mistic about his pro­pos­al, say­ing he has dis­cussed it with the office of Sen. Rob Port­man (R‑Ohio), who has spon­sored a res­o­lu­tion reaf­firm­ing sup­port for Ukraine and out­lin­ing mea­sures to stop the con­flict. Arte­menko says ele­ments of his plan influ­enced the Port­man mea­sure. A spokesper­son from Portman’s office con­firmed meet­ing Arte­menko but told FP that his peace plan is not part of the res­o­lu­tion.

    ...

    ———-

    “Ukraine’s Back-Chan­nel Diplo­mat Still Shop­ping Peace Plan to Trump” by Reid Stan­dish; For­eign Pol­i­cy; 04/18/2017

    “In the after­math of the report, Arte­menko was forced out of his polit­i­cal fac­tion in Ukraine, the far-right Rad­i­cal Par­ty, and the Pros­e­cu­tor General’s Office of Ukraine has opened an inves­ti­ga­tion into whether his diplo­mat­ic out­reach, which was done with­out Kiev’s approval, con­sti­tutes trea­son.”

    Yep, Arte­menko was a mem­ber of the vir­u­lent­ly anti-Russ­ian Rad­i­cal Par­ty. And he has ties to one of the more vio­lent neo-Nazi anti-Russ­ian groups oper­at­ing in the coun­try, Right Sector/Pravy Sek­tor:

    ...
    Tall and brawny, Arte­menko is a pop­ulist politi­cian with ties to the far-right Ukrain­ian mil­i­tary-polit­i­cal group “Right Sec­tor” and a mem­ber of the pro-West­ern oppo­si­tion par­lia­men­tary coali­tion led by for­mer Prime Min­is­ter Yulia Tymoshenko’s par­ty. In Kiev, he’s known for being out­spo­ken and polit­i­cal­ly ambi­tious.

    The law­mak­er also pro­fess­es an affin­i­ty for Trump, say­ing he wants to “make Ukraine great again” and has been try­ing to make inroads with the real estate mogul since he was a pres­i­den­tial can­di­date. In July 2016, Arte­menko trav­eled to Cleve­land for the Repub­li­can Nation­al Con­ven­tion and lat­er attend­ed Trump’s inau­gu­ra­tion in Jan­u­ary.
    ...

    So while his crit­i­cisms of Petro Poroshenko helped frame him as a pro-Russ­ian politi­cians, don’t for­get that the Ukrain­ian far-right crit­i­cizes Poroshenko all the time. And threat­en to “march on Kiev”.

    And like Sater in the TPM inter­view, Arte­menko con­firmed that it was Sater who arranged for the meet­ing. And he also claimed to the New York Times he received encour­age­ment from top aides to Putin. Claims the Krem­lin denies. And yet Arte­menko asserts to to For­eign Pol­i­cy that he had no con­tacts with any Russ­ian offi­cials (which would obvi­ous­ly com­pli­cate an recep­tion of encour­age­ment from Putin’s top aides):

    ...
    Arte­menko con­firmed to FP that Trump asso­ciate Felix Sater had arranged a meet­ing with Cohen and that he was told details of the plan were relayed to Fly­nn, although he says no phys­i­cal doc­u­ments were passed at the sit-down in Man­hat­tan.

    The Krem­lin denied any knowl­edge of the plan, and Cohen walked back his ini­tial com­ments, say­ing he hadn’t deliv­ered the plan to Fly­nn or dis­cussed it with any­one in the White House. The Times has stood by its report­ing.

    The Times also report­ed that Arte­menko said he “received encour­age­ment for his plans from top aides to Mr. Putin” and that he “emerged from the oppo­si­tion” nur­tured in Ukraine by Paul Man­afort, Trump’s for­mer cam­paign man­ag­er who pre­vi­ous­ly worked as polit­i­cal oper­a­tive in Ukraine.

    Arte­menko told FP that he had no con­tacts with any Russ­ian offi­cials and has nev­er met or dealt with Man­afort. Trump’s for­mer cam­paign man­ag­er made mil­lions of dol­lars in assist­ing the rise of Yanukovych and lob­bied for sev­er­al pro-Krem­lin caus­es in Wash­ing­ton.
    ...

    So that’s all rather inter­est­ing. And con­tra­dict­ing. Here’s more on what he said to the New York Times about that Krem­lin encour­age­ment for the peace plan:

    The New York Times

    A Back-Chan­nel Plan for Ukraine and Rus­sia, Cour­tesy of Trump Asso­ciates

    By MEGAN TWOHEY and SCOTT SHANE
    FEB. 19, 2017

    A week before Michael T. Fly­nn resigned as nation­al secu­ri­ty advis­er, a sealed pro­pos­al was hand-deliv­ered to his office, out­lin­ing a way for Pres­i­dent Trump to lift sanc­tions against Rus­sia.

    Mr. Fly­nn is gone, hav­ing been caught lying about his own dis­cus­sion of sanc­tions with the Russ­ian ambas­sador. But the pro­pos­al, a peace plan for Ukraine and Rus­sia, remains, along with those push­ing it: Michael D. Cohen, the president’s per­son­al lawyer, who deliv­ered the doc­u­ment; Felix H. Sater, a busi­ness asso­ciate who helped Mr. Trump scout deals in Rus­sia; and a Ukrain­ian law­mak­er try­ing to rise in a polit­i­cal oppo­si­tion move­ment shaped in part by Mr. Trump’s for­mer cam­paign man­ag­er Paul Man­afort.

    At a time when Mr. Trump’s ties to Rus­sia, and the peo­ple con­nect­ed to him, are under height­ened scruti­ny — with inves­ti­ga­tions by Amer­i­can intel­li­gence agen­cies, the F.B.I. and Con­gress — some of his asso­ciates remain will­ing and eager to wade into Rus­sia-relat­ed efforts behind the scenes.

    Mr. Trump has con­found­ed Democ­rats and Repub­li­cans alike with his repeat­ed praise for the Russ­ian pres­i­dent, Vladimir V. Putin, and his desire to forge an Amer­i­can-Russ­ian alliance. While there is noth­ing ille­gal about such unof­fi­cial efforts, a pro­pos­al that seems to tip toward Russ­ian inter­ests may set off alarms.

    The ama­teur diplo­mats say their goal is sim­ply to help set­tle a gru­el­ing, three-year con­flict that has cost 10,000 lives. “Who doesn’t want to help bring about peace?” Mr. Cohen asked.

    But the pro­pos­al con­tains more than just a peace plan. Andrii V. Arte­menko, the Ukrain­ian law­mak­er, who sees him­self as a Trump-style leader of a future Ukraine, claims to have evi­dence — “names of com­pa­nies, wire trans­fers” — show­ing cor­rup­tion by the Ukrain­ian pres­i­dent, Petro O. Poroshenko, that could help oust him. And Mr. Arte­menko said he had received encour­age­ment for his plans from top aides to Mr. Putin.

    “A lot of peo­ple will call me a Russ­ian agent, a U.S. agent, a C.I.A. agent,” Mr. Arte­menko said. “But how can you find a good solu­tion between our coun­tries if we do not talk?”

    ...
    ———-

    “A Back-Chan­nel Plan for Ukraine and Rus­sia, Cour­tesy of Trump Asso­ciates” by MEGAN TWOHEY and SCOTT SHANE; The New York Times; 02/19/2017

    ““A lot of peo­ple will call me a Russ­ian agent, a U.S. agent, a C.I.A. agent,” Mr. Arte­menko said. “But how can you find a good solu­tion between our coun­tries if we do not talk?””

    A US agent? CIA agent? Russ­ian agent? How about Ukrain­ian far-right agent? How about a Ukrain­ian far-right agent arrang­ing a meet­ing at the behest of an FBI/CIA infor­mant Felix Sater? That seems like a more accu­rate char­ac­ter­i­za­tion of Mr Arte­menko.

    So that all adds a rather fas­ci­nat­ing twist to the ques­tion of what role Felix Sater is play­ing with the Trump team’s con­tacts with the for­mer Sovi­et Union. He clear­ly has ties to Russ­ian fig­ures, but they also clear­ly aren’t lim­it­ed to Rus­sia and he appears to have set up a meet­ing with a far-right anti-Russ­ian Ukrain­ian politi­cian and appar­ent­ly has no prob­lem with the wide­spread report­ing of this meet­ing as being on behalf of the Krem­lin. Because, sure, it’s pos­si­ble the Krem­lin’s denials of any knowl­edge or “encour­age­ment” of this peace plan meet­ing and pan­ning of it as absurd is false and they real­ly did endorse­ment such talks. But con­sid­er­ing the nature of the pro­pos­al — Rus­sia gets to “lease” Crimea for 100 years, which does­n’t seem like an offer it would want at this point it sure seems extreme­ly pos­si­ble that a politi­cian with an intense­ly anti-Russ­ian pedi­gree sim­ply made up the “Putin’s top aides encour­aged me” line in order to obscure the nature of a meet­ing that was actu­al­ly a way of Ukraine’s far-right pass­ing some­thing along to Trump. And Felix Sater set it up.

    Posted by Pterrafractyl | July 26, 2017, 1:02 pm
  9. @Pterrafractyl–

    BRILLIANT! So it is actu­al­ly a Pravy Sek­tor-linked Ukrain­ian pol who is the piv­ot man for this “op.”

    Great, great work!

    Keep it up!

    Best,

    Dave

    Posted by Dave Emory | July 26, 2017, 4:17 pm
  10. Here’s a quick cor­rec­tion to the above com­ment that high­light­ed how the APT28/Fancy Bear mal­ware point­ed towards the same 76.31.112.10 com­mand & con­trol serv­er IP address of the mal­ware used the 2015 Bun­destag hack and has that Bun­destag hack indi­cat­ed a serv­er that was still vul­ner­a­ble to the Heart­bleed hack. The cor­rec­tion actu­al­ly makes the hack by APT28/Fancy Beear more sus­pi­cious, so it’s a pret­ty impor­tant cor­rec­tion, and it’s fol­lowed by some new info.

    First, the correction:The hack of the DNC serv­er by APT28 did­n’t hap­pen in the Fall of 2015. It hap­pened in March of 2016. The hack that hap­pened in the fall of 2015, which the FBI casu­al­ly informed the DNC about in Sep­tem­ber, was a phish­ing hack done by APT29/Cozy Bear/The Dukes. And that indi­cates that who­ev­er was oper­at­ing that 76.31.112.10 com­mand & con­trol serv­er would at least have had six extra months to patch that Heart­bleed vul­ner­a­bil­i­ty before the March 2016 hack was launched vs if they had ini­tial­ly launched them in the fall of 2015. It’s impor­tant to note giv­en that March of 2016 is a lot more time to patch some­thing like that com­pared to the fall of 2015 when that Heart­bleed vul­ner­a­bil­i­ty on that serv­er was pub­lished in teh sum­mer of 2015 reports on the Bun­destag hack.

    But let’s not for­get that what tied the DNC APT28 hack to the Bun­destag hack was the curi­ous hard­cod­ing of the 76.31.112.10 IP address into the mal­ware in both cas­es, which sug­gests that who­ev­er car­ried out the Bun­destag attack was also behind the March 2016 DNC hack. So, in that sense, the win­dow of oppor­tu­ni­ty — the win­dow for to hack into that serv­er after that Heart­bleed vul­ner­a­bil­i­ty was pub­lished in the var­i­ous reports on the Bun­destag hack — is kind of moot if oth­er clues sug­gest it was the same person/group who car­ried out both hacks. And let’s also not for­get that the 76.31.112.10 serv­er was vul­ner­a­ble to get­ting scanned as ‘Heart­bleed vul­ner­a­ble’ for over a year before the Bun­destag hack took place because any serv­er was vul­ner­a­ble to the ‘Heart­bleed’ attack going back to 2014 when sys­tem­at­ic scan­ning for vul­ner­a­ble servers across the inter­net was already under­way.

    But here’s what makes the APT28 hack extra sus­pi­cious if it hap­pened in March of 2016 vs fall of 2015: While the Ger­man gov­ern­ment maybe have offi­cial­ly declared APT28 a Russ­ian gov­ern­ment hack­ing group in May of 2016, this charge was more qui­et­ly lev­el by Ger­many’s BfV in newslet­ter it released in Jan­u­ary of 2016. So if the GRU was tru­ly run­ning that 76.31.112.10 com­mand & con­trol serv­er, it appar­ent­ly decid­ed to use the same mal­ware as it used in the Bun­destag hack with the same hard­cod­ed IP address to the same serv­er even after the Ger­many gov­ern­ment was start­ed to offi­cial­ly declare APT28 a GRU-run oper­a­tion, which is some real­ly, real­ly bad oper­a­tional secu­ri­ty:

    Medi­um

    Can Facts Slow The DNC Breach Run­away Train?

    Jef­frey Carr
    Prin­ci­pal con­sul­tant at 20KLeague.com; Founder of Suits and Spooks; Author of “Inside Cyber War­fare (O’Reilly Media, 2009, 2011)

    Jul 27, 2016

    Yes­ter­day, Pro­fes­sor Thomas Rid (Kings Col­lege Lon­don) pub­lished his nar­ra­tive of the DNC breach and strong­ly con­demned the lack of action by the U.S. gov­ern­ment against Rus­sia.

    Susan Hen­nessey, a Har­vard-edu­cat­ed lawyer who used to work at the Office of the Gen­er­al Coun­sel at NSA called the evi­dence “about as close to a smok­ing gun as can be expect­ed where a sophis­ti­cat­ed nation state is involved.”

    Then late Mon­day evening, the New York Times report­ed that “Amer­i­can intel­li­gence agen­cies have “high con­fi­dence” that the Russ­ian gov­ern­ment was behind the DNC breach.

    It’s hard to beat a good nar­ra­tive “when expla­na­tions take such a dread­ful time” as Lewis Car­roll point­ed out. And the odds are that noth­ing that I write will change the momen­tum that’s rapid­ly build­ing against the Russ­ian gov­ern­ment.

    Still, my goal for this arti­cle is to address some of the fac­tu­al errors in Thomas Rid’s Vice piece, pro­vide some new infor­ma­tion about the capa­bil­i­ties of inde­pen­dent Russ­ian hack­ers, and explain why the chaos at GRU makes it such an unlike­ly home for an APT group.

    ...

    Prob­lem #3: The BfV pub­lished a newslet­ter in Jan­u­ary 2016 which assumes that the GRU and FSB are respon­si­ble because of tech­ni­cal indi­ca­tors, not because of any clas­si­fied find­ing; to wit: “Many of these attack cam­paigns have each oth­er on tech­ni­cal sim­i­lar­i­ties, such as mali­cious soft­ware fam­i­lies, and infrastructure—these are impor­tant indi­ca­tors of the same author­ship. It is assumed that both the Russ­ian domes­tic intel­li­gence ser­vice FSB and the mil­i­tary for­eign intel­li­gence ser­vice GRU run cyber oper­a­tions.”

    Pro­fes­sor Rid’s argu­ment depend­ed heav­i­ly on con­vey­ing hard attri­bu­tion by the BfV even though the Pres­i­dent of the BfV didn’t dis­guise the fact that their attri­bu­tion was based on an assump­tion and not hard evi­dence.

    Per­son­al­ly, I don’t want to have my gov­ern­ment cre­ate more ten­sion in Russian‑U.S. rela­tions because the head of Germany’s BfV made an assump­tion.

    ...
    ———-

    “Can Facts Slow The DNC Breach Run­away Train?” by Jef­frey Carr; Medi­um; 07/27/2016

    “Prob­lem #3: The BfV pub­lished a newslet­ter in Jan­u­ary 2016 which assumes that the GRU and FSB are respon­si­ble because of tech­ni­cal indi­ca­tors, not because of any clas­si­fied find­ing; to wit: “Many of these attack cam­paigns have each oth­er on tech­ni­cal sim­i­lar­i­ties, such as mali­cious soft­ware fam­i­lies, and infrastructure—these are impor­tant indi­ca­tors of the same author­ship. It is assumed that both the Russ­ian domes­tic intel­li­gence ser­vice FSB and the mil­i­tary for­eign intel­li­gence ser­vice GRU run cyber oper­a­tions.”

    So, again, an APT28 hack in the fall of 2015 is pret­ty sus­pi­cious giv­en the pecu­liar­i­ties with the actu­al mal­ware employed like the hard­cod­ed IP address and the Heart­bleed vul­ner­a­ble serv­er. But an APT28 in March of 2016 is REALLY sus­pi­cious because those same mal­ware dig­i­tal “fin­ger­prints” had just been attrib­uted to a Russ­ian gov­ern­ment hack­ing oper­a­tion two months ear­li­er and the same “fin­ger­prints” were left in the DNC hack!

    Any­way, here’s a source for that time­line cor­rec­tion::

    The New York Times

    The Per­fect Weapon: How Russ­ian Cyber­pow­er Invad­ed the U.S.

    By ERIC LIPTON, DAVID E. SANGER and SCOTT SHANE
    DEC. 13, 2016

    WASHINGTON — When Spe­cial Agent Adri­an Hawkins of the Fed­er­al Bureau of Inves­ti­ga­tion called the Demo­c­ra­t­ic Nation­al Com­mit­tee in Sep­tem­ber 2015 to pass along some trou­bling news about its com­put­er net­work, he was trans­ferred, nat­u­ral­ly, to the help desk.

    His mes­sage was brief, if alarm­ing. At least one com­put­er sys­tem belong­ing to the D.N.C. had been com­pro­mised by hack­ers fed­er­al inves­ti­ga­tors had named “the Dukes,” a cyberes­pi­onage team linked to the Russ­ian gov­ern­ment.

    The F.B.I. knew it well: The bureau had spent the last few years try­ing to kick the Dukes out of the unclas­si­fied email sys­tems of the White House, the State Depart­ment and even the Joint Chiefs of Staff, one of the government’s best-pro­tect­ed net­works.

    Yared Tamene, the tech-sup­port con­trac­tor at the D.N.C. who field­ed the call, was no expert in cyber­at­tacks. His first moves were to check Google for “the Dukes” and con­duct a cur­so­ry search of the D.N.C. com­put­er sys­tem logs to look for hints of such a cyber­in­tru­sion. By his own account, he did not look too hard even after Spe­cial Agent Hawkins called back repeat­ed­ly over the next sev­er­al weeks — in part because he wasn’t cer­tain the caller was a real F.B.I. agent and not an impos­tor.

    “I had no way of dif­fer­en­ti­at­ing the call I just received from a prank call,” Mr. Tamene wrote in an inter­nal memo, obtained by The New York Times, that detailed his con­tact with the F.B.I.

    ...

    The D.N.C.’s fum­bling encounter with the F.B.I. meant the best chance to halt the Russ­ian intru­sion was lost. The fail­ure to grasp the scope of the attacks under­cut efforts to min­i­mize their impact. And the White House’s reluc­tance to respond force­ful­ly meant the Rus­sians have not paid a heavy price for their actions, a deci­sion that could prove crit­i­cal in deter­ring future cyber­at­tacks.

    The low-key approach of the F.B.I. meant that Russ­ian hack­ers could roam freely through the committee’s net­work for near­ly sev­en months before top D.N.C. offi­cials were alert­ed to the attack and hired cyber­ex­perts to pro­tect their sys­tems. In the mean­time, the hack­ers moved on to tar­gets out­side the D.N.C., includ­ing Mrs. Clinton’s cam­paign chair­man, John D. Podes­ta, whose pri­vate email account was hacked months lat­er.

    ...

    By March, Mr. Tamene and his team had met at least twice in per­son with the F.B.I. and con­clud­ed that Agent Hawkins was real­ly a fed­er­al employ­ee. But then the sit­u­a­tion took a dire turn.

    A sec­ond team of Russ­ian-affil­i­at­ed hack­ers began to tar­get the D.N.C. and oth­er play­ers in the polit­i­cal world, par­tic­u­lar­ly Democ­rats. Bil­ly Rine­hart, a for­mer D.N.C. region­al field direc­tor who was then work­ing for Mrs. Clinton’s cam­paign, got an odd email warn­ing from Google.

    “Some­one just used your pass­word to try to sign into your Google account,” the March 22 email said, adding that the sign-in attempt had occurred in Ukraine. “Google stopped this sign-in attempt. You should change your pass­word imme­di­ate­ly.”

    Mr. Rine­hart was in Hawaii at the time. He remem­bers check­ing his email at 4 a.m. for mes­sages from East Coast asso­ciates. With­out think­ing much about the noti­fi­ca­tion, he clicked on the “change pass­word” but­ton and half asleep, as best he can remem­ber, he typed in a new pass­word.

    What he did not know until months lat­er is that he had just giv­en the Russ­ian hack­ers access to his email account.

    Hun­dreds of sim­i­lar phish­ing emails were being sent to Amer­i­can polit­i­cal tar­gets, includ­ing an iden­ti­cal email sent on March 19 to Mr. Podes­ta, chair­man of the Clin­ton cam­paign. Giv­en how many emails Mr. Podes­ta received through this per­son­al email account, sev­er­al aides also had access to it, and one of them noticed the warn­ing email, send­ing it to a com­put­er tech­ni­cian to make sure it was legit­i­mate before any­one clicked on the “change pass­word” but­ton.

    ...

    Only in March 2016 did Fan­cy Bear show up — first pen­e­trat­ing the com­put­ers of the Demo­c­ra­t­ic Con­gres­sion­al Cam­paign Com­mit­tee, and then jump­ing to the D.N.C., inves­ti­ga­tors believe. Fan­cy Bear, some­times called A.P.T. 28 and believed to be direct­ed by the G.R.U., Russia’s mil­i­tary intel­li­gence agency, is an old­er out­fit, tracked by West­ern inves­ti­ga­tors for near­ly a decade. It was Fan­cy Bear that got hold of Mr. Podesta’s email.

    Attri­bu­tion, as the skill of iden­ti­fy­ing a cyber­at­tack­er is known, is more art than sci­ence. It is often impos­si­ble to name an attack­er with absolute cer­tain­ty. But over time, by accu­mu­lat­ing a ref­er­ence library of hack­ing tech­niques and tar­gets, it is pos­si­ble to spot repeat offend­ers. Fan­cy Bear, for instance, has gone after mil­i­tary and polit­i­cal tar­gets in Ukraine and Geor­gia, and at NATO instal­la­tions.

    That large­ly rules out cyber­crim­i­nals and most coun­tries, Mr. Alper­ovitch said. “There’s no plau­si­ble actor that has an inter­est in all those vic­tims oth­er than Rus­sia,” he said. Anoth­er clue: The Russ­ian hack­ing groups tend­ed to be active dur­ing work­ing hours in the Moscow time zone.

    ...

    ———–

    “The Per­fect Weapon: How Russ­ian Cyber­pow­er Invad­ed the U.S.” by ERIC LIPTON, DAVID E. SANGER and SCOTT SHANE; The New York Times; 12/13/2016

    Only in March 2016 did Fan­cy Bear show up — first pen­e­trat­ing the com­put­ers of the Demo­c­ra­t­ic Con­gres­sion­al Cam­paign Com­mit­tee, and then jump­ing to the D.N.C., inves­ti­ga­tors believe. Fan­cy Bear, some­times called A.P.T. 28 and believed to be direct­ed by the G.R.U., Russia’s mil­i­tary intel­li­gence agency, is an old­er out­fit, tracked by West­ern inves­ti­ga­tors for near­ly a decade. It was Fan­cy Bear that got hold of Mr. Podesta’s email

    So that cor­rects the time­line: APT29, wide­ly assumed to be the FSB, suc­cess­ful­ly “phished” it’s way into the DNC’s servers in the fall of 2015. Ger­many’s BfV attrib­ut­es the 2015 Bun­destag hack to Rus­sia in Jan­u­ary of 2016. And then two months lat­er, APT28, wide­ly assumed to be the GRU, appar­ent­ly phish­es its way into the DNC’s serv­er dur­ing a wave of phish­ing attacks that appeared to be pri­mar­i­ly tar­get­ing Democ­rats and deploys mal­ware with the exact same dig­i­tal “fin­ger­prints” that the left in the Bun­destag hack. That APT28 OPSEC sure does OPSUCK!

    Still, the fact that these hacks appear to have hap­pened via phish­ing attacks does make clear that the hacks real­ly did hap­pen. DNC employs have the sus­pi­cious emails they acci­den­tal­ly clicked on which is pret­ty strong evi­dence that a hack took place. And that’s a crit­i­cal find­ing at this point. Why? Because a recent analy­sis of the doc­u­ments alleged­ly tak­en by “Guc­cifer 2.0” from the DNC servers that on July 5th, 2016 sug­gests that those hacked doc­u­ments weren’t actu­al­ly hacked but instead exfil­trat­ed direct­ly from the DNC net­works. Yep!

    Except, as we’re going to see, there are some sig­nif­i­cant issues with this analy­sis. Still, it’s out there and get­ting more and more atten­tion and now that analy­sis is now get­ting high­light­ed by The Vet­er­an Intel­li­gence Pro­fes­sion­als for San­i­ty (VIPS) — a group of ex-US intel­li­gence offi­cer that got start­ed back in 2003 in oppo­si­tion to the intel­li­gence find­ings that led up to the Iraq War and has been more recent­ly rais­ing ques­tions about the 2016 elec­tion hacks. VIPS just chal­lenged the offi­cial con­clu­sion that the Russ­ian gov­ern­ment was behind that hack­ing cam­paign on some notable dig­i­tal foren­sics analy­sis recent­ly done by some­one going by “The Foren­si­ca­tor”.

    So what did The Foren­si­ca­tor dis­cov­er? Well, by look­ing at the time­stamps on a par­tic­u­lar DNC doc­u­ment dump made avail­able by “Guc­cifer 2.0”, The Foren­si­ca­tor made all sorts of deduc­tions about the soft­ware and hard­ware used to pro­cure the emails. The doc­u­ments in ques­tion weren’t emails, but instead oth­er DNC doc­u­ments in in an archived file called “NGP-VAN” that Guc­cifer 2.0 leaked live dur­ing a Lon­don Cyber Secu­ri­ty show in Sep­tem­ber of 2016. “NGP-VAN” refers to the “NGP-VAN” ‘vot­er acti­va­tion’ data­base soft­ware run­ning on the DNC’s hacked serv­er. Guc­cifer 2.0 claims he used a a 0‑day (pre­vi­ous­ly unknown) exploit to hack the DNC serv­er in the sum­mer of 2015, although it’s impor­tant to note that there are very seri­ous big rea­sons to believe that the “NGP-VAN 0‑day exploit” sto­ry is not plau­si­ble. And let’s not for­get that both APT29 and APT28 phished their way into the serv­er and there appears to be pret­ty good evi­dence that that phish­ing real­ly did hap­pen and was suc­cess­ful (evi­dence in the form of peo­ple say­ing “oops, I clicked on this phish­ing email and gave them my pass­word”).

    Regard­less of the issues with “NGP-VAN” hack claims, The Foren­si­ca­tor’s analy­sis does­n’t depend on whether or not the NGP-VAN exploit was used or not. Instead, the analy­sis focus­es on when exact­ly all the files in the NGP-VAN doc­u­ment dump made in Sep­tem­ber were removed from the DNC serv­er and how rapid­ly that hap­pened.

    The meta­da­ta for these “NGP-VAN” files were ana­lyzed by “The Foren­si­ca­tor”, pri­mar­i­ly the time­stamp meta­da­ta on the files. The Foren­si­ca­tor looked at pecu­liar­i­ties of the time­stamp data to make edu­cat­ed guess­es about the time­zone of the oper­at­ing sys­tem get­ting copied to from the DNC serv­er, the oper­at­ing sys­tems of that device, and, per­haps most impor­tant­ly, the rate of trans­fer between the DNC serv­er and the hack­er. And based on those edu­cat­ed guess­es the Foren­si­ca­tor con­clud­ed the fol­low­ing:

    1. The oper­at­ing sys­tem of the com­put­er the doc­u­ments were get­ting trans­ferred to had an US East Coast time­zone set­ting.

    2. The oper­at­ing sys­tem of the com­put­er the doc­u­ments were get­ting trans­ferred to was prob­a­bly a Lin­ux (ext4) OS.

    3. The rate of the data trans­fer was 23 MB/second, which is way too fast for a remote trans­fer over the inter­net.

    Based on these clues, the Foren­si­ca­tor con­clud­ed that the ‘hacked’ files were like­ly obtained local­ly, prob­a­bly with a USB flash dri­ve that had Lin­ux on it (yes, you can boot up a serv­er with a USB dri­ve with an OS on it)

    Now, keep in mind that all of this file meta­da­ta could have been spoofed, much like the laugh­ably in-your-face meta­da­ta ‘oop­sies’ like all the Cyril­lic char­ac­ters and Sovi­et secret police names left in the doc­u­ments that were imme­di­ate­ly latched onto and treat­ed as strong proof of Rus­sia gov­ern­ment hack­ers.

    But note the key dif­fer­ence: the time­stamp-based meta­da­ta ‘oop­sies’ weren’t in-your-face. It took basi­cal­ly a year for these obser­va­tions to be made and pub­lished on the inter­net. We still can’t rule out that the time­stamp anom­alies The Foren­si­ca­tor dis­cov­ered were a non-in-your-face sec­ond lay­er of meta­da­ta obfus­ca­tion. But in terms of being the kinds of ‘mis­take’ that some­one might legit­i­mate­ly make, the non-in-your-face mis­takes seem much more plau­si­ble as a real mis­take. But, again, let’s not for­get that we can’t rule out that pro­fes­sion­al elite hack­ers might uti­lize tac­tics like set­ting up the file time­stamp data to mim­ic the copy­ing times you would find with a USB flash­drive con­nect­ed direct­ly to a serv­er, unless The Foren­si­ca­tor’s analy­sis was nov­el and unprece­dent­ed. And while “Guc­cifer 2.0” claims to have done their hacks remote­ly and then pro­ceed­ed to dis­trib­ute doc­u­ments with all sorts of in-your-face “I’m a Russ­ian hack­er!” clues in the meta­da­ta, it’s entire­ly pos­si­ble that “Guc­cifer 2.0” was employ­ing mul­ti­ple lay­ers of meta­da­ta ‘clues’. In-your-face clues and less-in-your-face clues. We can’t rule that out.

    But here’s anoth­er thing to keep in that that is a MAJOR poten­tial prob­lem with The Foren­si­ca­tor’s analy­sis: it assumes that July 5th, 2016 the time­stamps on the NGP-VAN files indi­cate that that was when the files were copied from the DNC’s serv­er. But by all indi­ca­tions the DNC serv­er was secured by July 5th, 2016. Guc­cifer 2.0 was said to be kicked out in June. So that would point towards an insid­er direct­ly grab­bing the doc­u­ments with a USB dri­ve or some­thing and hand­ing them off to Guc­cifer. But there’s no com­pelling rea­son to assume that the July 5th time­stamps are nec­es­sar­i­ly indica­tive of when those files were removed from the DNC serv­er. Those time­stamps could have been caused by copy­ing the files from some local com­put­er after they were removed or some­one using a pro­gram like timestomp to change the meta­da­ta. So the evi­dence that any files were removed from the DNC serv­er on July 5th isn’t exact­ly a slam dunk unless some of the leaked DNC doc­u­ments in that NGP-VAN cache appear to be orig­i­nal­ly cre­at­ed on dates between late June-July 5th, 2016.

    But despite all the evi­dence that there real­ly were remote hacks that hit the DNC serv­er (like the phish­ing emails peo­ple clicked on), we also can’t rule out the pos­si­bil­i­ty that there may have been an inside leak­er who decid­ed to grab a bunch of emails on July 5th and hand them over to Guc­cifer 2.0 too. We can’t rule it out, although that does seem like an incred­i­bly point­less risk for an insid­er to do giv­en that there were already reports about the DNC before July 5th and Guc­cifer 2.0 was already talk­ing to reporters and drop­ping doc­u­ments by then. But we def­i­nite­ly can’t rule it out, just as we can’t rule out the pos­si­bil­i­ty that peo­ple were inten­tion­al­ly infil­trat­ing the DNC for the pur­pose of steal­ing doc­u­ments.
    Addi­tion­al­ly, regard­ing The Foren­si­ca­tor’s con­clu­sion that the down­load speeds were only con­sis­tent with local copy­ing, don’t rule out the pos­si­bil­i­ty that there was a remove hack of the DNC’s servers, but the files were trans­ferred to a very close loca­tion, speed­ing up the trans­fer times.

    So there are a num­ber of out­stand­ing issues with The Foren­si­ca­tor’s analy­sis that need to be addressed. And since The Foren­si­ca­tor’s analy­sis is gain­ing steam and get­ting more and more atten­tion let’s hope those issues are even­tu­al­ly addressed, along with the rest of the ques­tions raised by the Vet­er­an Intel­li­gence Pro­fes­sion­als for San­i­ty about the hack:

    Con­sor­tium News

    Intel Vets Chal­lenge ‘Rus­sia Hack’ Evi­dence

    July 24, 2017

    In a memo to Pres­i­dent Trump, a group of for­mer U.S. intel­li­gence offi­cers, includ­ing NSA spe­cial­ists, cite new foren­sic stud­ies to chal­lenge the claim of the key Jan. 6 “assess­ment” that Rus­sia “hacked” Demo­c­ra­t­ic emails last year.

    MEMORANDUM FOR: The Pres­i­dent

    FROM: Vet­er­an Intel­li­gence Pro­fes­sion­als for San­i­ty (VIPS)

    mSUBJECT: Was the “Russ­ian Hack” an Inside Job?

    Exec­u­tive Sum­ma­ry

    Foren­sic stud­ies of “Russ­ian hack­ing” into Demo­c­ra­t­ic Nation­al Com­mit­tee com­put­ers last year reveal that on July 5, 2016, data was leaked (not hacked) by a per­son with phys­i­cal access to DNC com­put­ers, and then doc­tored to incrim­i­nate Rus­sia.

    After exam­in­ing meta­da­ta from the “Guc­cifer 2.0” July 5, 2016 intru­sion into the DNC serv­er, inde­pen­dent cyber inves­ti­ga­tors have con­clud­ed that an insid­er copied DNC data onto an exter­nal stor­age device, and that “tell­tale signs” impli­cat­ing Rus­sia were then insert­ed.

    Key among the find­ings of the inde­pen­dent foren­sic inves­ti­ga­tions is the con­clu­sion that the DNC data was copied onto a stor­age device at a speed that far exceeds an Inter­net capa­bil­i­ty for a remote hack. Of equal impor­tance, the foren­sics show that the copy­ing and doc­tor­ing were per­formed on the East coast of the U.S. Thus far, main­stream media have ignored the find­ings of these inde­pen­dent stud­ies [see here and here].

    Inde­pen­dent ana­lyst Skip Fold­en, a retired IBM Pro­gram Man­ag­er for Infor­ma­tion Tech­nol­o­gy US, who exam­ined the recent foren­sic find­ings, is a co-author of this Mem­o­ran­dum. He has draft­ed a more detailed tech­ni­cal report titled “Cyber-Foren­sic Inves­ti­ga­tion of ‘Russ­ian Hack’ and Miss­ing Intel­li­gence Com­mu­ni­ty Dis­claimers,” and sent it to the offices of the Spe­cial Coun­sel and the Attor­ney Gen­er­al. VIPS mem­ber William Bin­ney, a for­mer Tech­ni­cal Direc­tor at the Nation­al Secu­ri­ty Agency, and oth­er senior NSA “alum­ni” in VIPS attest to the pro­fes­sion­al­ism of the inde­pen­dent foren­sic find­ings.

    The recent foren­sic stud­ies fill in a crit­i­cal gap. Why the FBI neglect­ed to per­form any inde­pen­dent foren­sics on the orig­i­nal “Guc­cifer 2.0” mate­r­i­al remains a mys­tery – as does the lack of any sign that the “hand-picked ana­lysts” from the FBI, CIA, and NSA, who wrote the “Intel­li­gence Com­mu­ni­ty Assess­ment” dat­ed Jan­u­ary 6, 2017, gave any atten­tion to foren­sics.

    NOTE: There has been so much con­fla­tion of charges about hack­ing that we wish to make very clear the pri­ma­ry focus of this Mem­o­ran­dum. We focus specif­i­cal­ly on the July 5, 2016 alleged Guc­cifer 2.0 “hack” of the DNC serv­er. In ear­li­er VIPS mem­o­ran­da we addressed the lack of any evi­dence con­nect­ing the Guc­cifer 2.0 alleged hacks and Wik­iLeaks, and we asked Pres­i­dent Oba­ma specif­i­cal­ly to dis­close any evi­dence that Wik­iLeaks received DNC data from the Rus­sians [see here and here].

    Address­ing this point at his last press con­fer­ence (Jan­u­ary 18), he described “the con­clu­sions of the intel­li­gence com­mu­ni­ty” as “not con­clu­sive,” even though the Intel­li­gence Com­mu­ni­ty Assess­ment of Jan­u­ary 6 expressed “high con­fi­dence” that Russ­ian intel­li­gence “relayed mate­r­i­al it acquired from the DNC … to Wik­iLeaks.”

    Obama’s admis­sion came as no sur­prise to us. It has long been clear to us that the rea­son the U.S. gov­ern­ment lacks con­clu­sive evi­dence of a trans­fer of a “Russ­ian hack” to Wik­iLeaks is because there was no such trans­fer. Based most­ly on the cumu­la­tive­ly unique tech­ni­cal expe­ri­ence of our ex-NSA col­leagues, we have been say­ing for almost a year that the DNC data reached Wik­iLeaks via a copy/leak by a DNC insid­er (but almost cer­tain­ly not the same per­son who copied DNC data on July 5, 2016).

    From the infor­ma­tion avail­able, we con­clude that the same inside-DNC, copy/leak process was used at two dif­fer­ent times, by two dif­fer­ent enti­ties, for two dis­tinct­ly dif­fer­ent pur­pos­es:

    -(1) an inside leak to Wik­iLeaks before Julian Assange announced on June 12, 2016, that he had DNC doc­u­ments and planned to pub­lish them (which he did on July 22) – the pre­sumed objec­tive being to expose strong DNC bias toward the Clin­ton can­di­da­cy; and

    -(2) a sep­a­rate leak on July 5, 2016, to pre-emp­tive­ly taint any­thing Wik­iLeaks might lat­er pub­lish by “show­ing” it came from a “Russ­ian hack.”

    * * *

    Mr. Pres­i­dent:

    This is our first VIPS Mem­o­ran­dum for you, but we have a his­to­ry of let­ting U.S. Pres­i­dents know when we think our for­mer intel­li­gence col­leagues have got­ten some­thing impor­tant wrong, and why. For exam­ple, our first such mem­o­ran­dum, a same-day com­men­tary for Pres­i­dent George W. Bush on Col­in Powell’s U.N. speech on Feb­ru­ary 5, 2003, warned that the “unin­tend­ed con­se­quences were like­ly to be cat­a­stroph­ic,” should the U.S. attack Iraq and “just­fy” the war on intel­li­gence that we retired intel­li­gence offi­cers could read­i­ly see as fraud­u­lent and dri­ven by a war agen­da.

    The Jan­u­ary 6 “Intel­li­gence Com­mu­ni­ty Assess­ment” by “hand-picked” ana­lysts from the FBI, CIA, and NSA seems to fit into the same agen­da-dri­ven cat­e­go­ry. It is large­ly based on an “assess­ment,” not sup­port­ed by any appar­ent evi­dence, that a shad­owy enti­ty with the moniker “Guc­cifer 2.0” hacked the DNC on behalf of Russ­ian intel­li­gence and gave DNC emails to Wik­iLeaks.

    The recent foren­sic find­ings men­tioned above have put a huge dent in that assess­ment and cast seri­ous doubt on the under­pin­nings of the extra­or­di­nar­i­ly suc­cess­ful cam­paign to blame the Russ­ian gov­ern­ment for hack­ing. The pun­dits and politi­cians who have led the charge against Russ­ian “med­dling” in the U.S. elec­tion can be expect­ed to try to cast doubt on the foren­sic find­ings, if they ever do bub­ble up into the main­stream media. But the prin­ci­ples of physics don’t lie; and the tech­ni­cal lim­i­ta­tions of today’s Inter­net are wide­ly under­stood. We are pre­pared to answer any sub­stan­tive chal­lenges on their mer­its.

    You may wish to ask CIA Direc­tor Mike Pom­peo what he knows about this. Our own lengthy intel­li­gence com­mu­ni­ty expe­ri­ence sug­gests that it is pos­si­ble that nei­ther for­mer CIA Direc­tor John Bren­nan, nor the cyber-war­riors who worked for him, have been com­plete­ly can­did with their new direc­tor regard­ing how this all went down.

    Copied, Not Hacked

    As indi­cat­ed above, the inde­pen­dent foren­sic work just com­plet­ed focused on data copied (not hacked) by a shad­owy per­sona named “Guc­cifer 2.0.” The foren­sics reflect what seems to have been a des­per­ate effort to “blame the Rus­sians” for pub­lish­ing high­ly embar­rass­ing DNC emails three days before the Demo­c­ra­t­ic con­ven­tion last July. Since the con­tent of the DNC emails reeked of pro-Clin­ton bias, her cam­paign saw an over­rid­ing need to divert atten­tion from con­tent to prove­nance – as in, who “hacked” those DNC emails? The cam­paign was enthu­si­as­ti­cal­ly sup­port­ed by a com­pli­ant “main­stream” media; they are still on a roll.

    “The Rus­sians” were the ide­al cul­prit. And, after Wik­iLeaks edi­tor Julian Assange announced on June 12, 2016, “We have emails relat­ed to Hillary Clin­ton which are pend­ing pub­li­ca­tion,” her cam­paign had more than a month before the con­ven­tion to insert its own “foren­sic facts” and prime the media pump to put the blame on “Russ­ian med­dling.” Mrs. Clinton’s PR chief Jen­nifer Palmieri has explained how she used golf carts to make the rounds at the con­ven­tion. She wrote that her “mis­sion was to get the press to focus on some­thing even we found dif­fi­cult to process: the prospect that Rus­sia had not only hacked and stolen emails from the DNC, but that it had done so to help Don­ald Trump and hurt Hillary Clin­ton.”

    Inde­pen­dent cyber-inves­ti­ga­tors have now com­plet­ed the kind of foren­sic work that the intel­li­gence assess­ment did not do. Odd­ly, the “hand-picked” intel­li­gence ana­lysts con­tent­ed them­selves with “assess­ing” this and “assess­ing” that. In con­trast, the inves­ti­ga­tors dug deep and came up with ver­i­fi­able evi­dence from meta­da­ta found in the record of the alleged Russ­ian hack.

    They found that the pur­port­ed “hack” of the DNC by Guc­cifer 2.0 was not a hack, by Rus­sia or any­one else. Rather it orig­i­nat­ed with a copy (onto an exter­nal stor­age device – a thumb dri­ve, for exam­ple) by an insid­er. The data was leaked after being doc­tored with a cut-and-paste job to impli­cate Rus­sia. We do not know who or what the murky Guc­cifer 2.0 is. You may wish to ask the FBI.

    The Time Sequence

    June 12, 2016: Assange announces Wik­iLeaks is about to pub­lish “emails relat­ed to Hillary Clin­ton.”

    June 15, 2016: DNC con­trac­tor Crowd­strike, (with a dubi­ous pro­fes­sion­al record and mul­ti­ple con­flicts of inter­est) announces that mal­ware has been found on the DNC serv­er and claims there is evi­dence it was inject­ed by Rus­sians.

    June 15, 2016: On the same day, “Guc­cifer 2.0” affirms the DNC state­ment; claims respon­si­bil­i­ty for the “hack;” claims to be a Wik­iLeaks source; and posts a doc­u­ment that the foren­sics show was syn­thet­i­cal­ly taint­ed with “Russ­ian fin­ger­prints.”

    We do not think that the June 12 & 15 tim­ing was pure coin­ci­dence. Rather, it sug­gests the start of a pre-emp­tive move to asso­ciate Rus­sia with any­thing Wik­iLeaks might have been about to pub­lish and to “show” that it came from a Russ­ian hack.

    The Key Event

    July 5, 2016: In the ear­ly evening, East­ern Day­light Time, some­one work­ing in the EDT time zone with a com­put­er direct­ly con­nect­ed to the DNC serv­er or DNC Local Area Net­work, copied 1,976 MegaBytes of data in 87 sec­onds onto an exter­nal stor­age device. That speed is many times faster than what is phys­i­cal­ly pos­si­ble with a hack.

    It thus appears that the pur­port­ed “hack” of the DNC by Guc­cifer 2.0 (the self-pro­claimed Wik­iLeaks source) was not a hack by Rus­sia or any­one else, but was rather a copy of DNC data onto an exter­nal stor­age device. More­over, the foren­sics per­formed on the meta­da­ta reveal there was a sub­se­quent syn­thet­ic inser­tion – a cut-and-paste job using a Russ­ian tem­plate, with the clear aim of attribut­ing the data to a “Russ­ian hack.” This was all per­formed in the East Coast time zone.

    ...

    ———-

    “Intel Vets Chal­lenge ‘Rus­sia Hack’ Evi­dence” by Vet­er­an Intel­li­gence Pro­fes­sion­als for San­i­ty; Con­sor­tium News; 07/24/2017

    “Key among the find­ings of the inde­pen­dent foren­sic inves­ti­ga­tions is the con­clu­sion that the DNC data was copied onto a stor­age device at a speed that far exceeds an Inter­net capa­bil­i­ty for a remote hack. Of equal impor­tance, the foren­sics show that the copy­ing and doc­tor­ing were per­formed on the East coast of the U.S. Thus far, main­stream media have ignored the find­ings of these inde­pen­dent stud­ies [see here and here].”

    So that’s all part of why the VIPS is chal­leng­ing the offi­cial inves­ti­ga­tions in the hack: if you assume the time­stamp meta­da­ta can be tak­en at face val­ue and was­n’t manip­u­lat­ed and the time­zone set­ting also was­n’t manip­u­lat­ed, then, yes, it strong­ly sug­gests that some­one had to of direct­ly trans­ferred to a flash dri­ve hacked files that were released in the NGP-VAN archive. For at least some of the files. But, again, there’s no com­pelling rea­son to assume these time­stamps weren’t manip­u­lat­ed, espe­cial­ly giv­en all the oth­er meta­da­ta manip­u­la­tion found in the doc­u­ments released by Guc­cifer 2.0. It’s not as if Guc­cifer 2.0 was inter­est­ed in pro­vid­ing seem­ing­ly pris­tine doc­u­ments.

    But here’s some­thing else to keep in mind that ties back to the orig­i­nal cor­rec­tion about when APT28 and APT29 hacked the DNC servers: some­how the FBI sus­pect­ed that “The Dukes” (APT29) hacked the DNC’s serv­er with­out any­one at the DNC telling them. That call tha the DNC IT staff got in Sep­tem­ber of 2015 appar­ent­ly came out of the blue. And one clear pos­si­bil­i­ty is that US agen­cies detect­ed data trans­fers from the DNC’s serv­er to some serv­er asso­ci­at­ed with APT 29. Pre­sum­ably this would­n’t be the same 76.31.112.10 com­mand & con­trol serv­er used by APT28 but some oth­er serv­er. If that’s the case, that would be pret­ty strong proof that some­one was indeed remov­ing files remote­ly. Sim­i­lar­ly, if the APT28 hack hap­pened as we’re told, there def­i­nite­ly should be evi­dence of data mov­ing form the DNC serv­er to the 76.31.112.10 IP address. And that’s the kind of data that mul­ti­ple par­ties, beyond just Crowd­strike, might have access to. Does the NSA have evi­dence of data exfil­tra­tion from the DNC servers to sus­pect servers? That’s anoth­er ques­tion the VIPS should prob­a­bly add to their chal­lenge.

    All in all, one of the most fas­ci­nat­ing aspects of the sto­ry of the DNC hacks is that all the dif­fer­ent the­o­ries are pos­si­ble. Simul­ta­ne­ous­ly:
    1. It’s pos­si­ble Russ­ian hack­ers did indeed hack the DNC’s serv­er. It does­n’t mean they were the ones that hand­ed over the data, but they still might have hacked it as just rou­tine intel­li­gence col­lec­tion. Who knows, maybe APT29 real­ly was a Russ­ian gov­ern­ment hack­er.

    2. It’s extreme­ly pos­si­ble a non-Russ­ian gov­ern­ment hack­er did indeed hack the DNC and decid­ed to make it look like the Rus­sians. Espe­cial­ly in the case of the APT28 hack in the March of 2016 with all its “I’m a Russ­ian hack­er!” anom­alies and ties to the Bun­destag hack using a serv­er that, itself, could have eas­i­ly been hacked.

    3. It’s also pos­si­ble an insid­er work­ing at the DNC grabbed a bunch of doc­u­ments direct­ly too.

    There were enough dis­tinct hack­ing inci­dents and data dumps that an over­all sce­nario where all three sub-sce­nar­ios are true is entire­ly pos­si­ble. All we can say for cer­tain is that it looks a lot like “Guc­cifer 2.0” and who­ev­er was behind the APT28 hacks real­ly, real­ly, real­ly want­ed Rus­sia to be the cul­prit.

    Isn’t cyber attri­bu­tion fun?

    Posted by Pterrafractyl | July 26, 2017, 10:51 pm
  11. @Dave: Talk­ing Points Memo has a new piece on that ‘peace plan’ that adds some impor­tant back­ground to it: The ‘peace plan’ that Felix Sater and Andrii Arte­menko hatched was appar­ent­ly devel­oped back in Octo­ber of 2016 when the two were hav­ing dis­cus­sions over a busi­ness pro­pos­al to rehab Ukraine’s nuclear pow­er plants as part of a move to break the “Russ­ian monop­oly” on Ukraine’s ener­gy and then sell the elec­tric­i­ty to neigh­bor­ing coun­tries.

    An ener­gy expert cit­ed in the piece asserts that the plan would have ben­e­fit­ed from the fruition of that ‘peace plan’, which is true in the sense of that an ongo­ing civ­il war prob­a­bly does­n’t help with busi­ness deals involv­ing nuclear plants. But they also point out how it was the con­flict with Rus­sia that was actu­al­ly cre­at­ing demand in Ukraine for cre­at­ing alter­na­tive sources of ener­gy for Ukraine and increas­ing region­al demand for non-Russ­ian ener­gy sources. So if that ‘peace plan’ hap­pened, it might be eas­i­er to cut an inter­na­tion­al deal to get some­one to upgrade and/or build nuclear pow­er plants. But it would also make it a lot eas­i­er for Rus­sia to export its own ener­gy to the same coun­tries Ukraine wants to export to.

    In addi­tion, as the piece points out, Lithua­nia, Latvia, and Esto­nia already have plans to break of the old Sovi­et-era elec­tri­cal grid that con­nects the elec­tri­cal sys­tems of the for­mer-Sovi­et nations and instead join them up through the EU’s grids. By 2025. And Sater says in the piece that he’s hop­ing to help that process along. And yet it’s hard to think of some­thing that would derail such plans more effec­tive­ly that a peace plan that nor­mal­izes rela­tions with Rus­sia.

    So that’s quite a twist on the mys­tery of the ‘peace plan’ meet­ing: it came about dur­ing nego­ti­a­tions between Sater and Arte­menko back in Octo­ber over plans to devel­op Ukraine’s nuclear ener­gy sec­tor as a means of break­ing the Russ­ian grip on Ukraine’s ener­gy, which does­n’t seem like the kind of plan the Krem­lin would be very enthu­si­as­tic about:

    Talk­ing Points Memo
    Muck­rak­er

    Trump’s Ex-Biz Part­ner Eyed Ener­gy Deal As He Helped Push Ukraine ‘Peace Plan’

    By Sam Thiel­man
    Pub­lished July 27, 2017 2:43 pm

    When a for­mer busi­ness part­ner of Pres­i­dent Don­ald Trump’s and a Ukrain­ian politi­cian approached an ally of the admin­is­tra­tion with a “peace plan,” they were already at work on an ener­gy trad­ing deal. That deal, said one of the region’s lead­ing ener­gy pol­i­cy experts, stood to ben­e­fit from the scheme the pair pro­posed to resolve the ongo­ing con­flict in Ukraine.

    Felix Sater, who worked obtain­ing financ­ing for Trump projects includ­ing the Trump SoHo, told TPM that the “peace plan” came up in the course of his attempts to bro­ker an agree­ment to sell ener­gy abroad from Ukraine’s nuclear pow­er plants with Andrii Arte­menko, at the time a Ukrain­ian par­lia­men­tar­i­an. The plan was to refur­bish dilap­i­dat­ed nuclear pow­er plants in that coun­try and then sell the pow­er gen­er­at­ed by them into East­ern Europe, using estab­lished com­modi­ties trad­ing com­pa­nies as a means of retroac­tive­ly financ­ing the deal, Sater said.

    The busi­ness propo­si­tion would help break the Russ­ian monop­oly on ener­gy, accord­ing to Sater. But Artemenko’s polit­i­cal pro­pos­al would have had Ukrain­ian vot­ers decide whether to lease Crimea to Rus­sia for 50 or 100 years—an idea encour­aged by advi­sors to Russ­ian pres­i­dent Vladimir Putin, and so offen­sive to his country’s gov­ern­ment that Ukrain­ian pros­e­cu­tors accused Arte­menko of trea­so­nous con­spir­ing with Rus­sia after the peace plan was first report­ed ear­li­er this year.

    It’s been wide­ly report­ed that Sater and Arte­menko met with Michael Cohen, who was then Trump’s per­son­al lawyer and who has known Sater since he was a teenag­er, in Jan­u­ary; under dis­cus­sion was the peace plan, which would have paved a path for the U.S. to lift sanc­tions on Rus­sia. Cohen has giv­en con­flict­ing state­ments about his involve­ment. Sater said he came to be involved in the scheme through Arte­menko.

    “We were try­ing to do a busi­ness deal at the same time,” Sater told TPM. “We were work­ing on a busi­ness deal for about five months, and he kept telling me about the peace deal, and as the Trump admin­is­tra­tion won, that’s when I deliv­ered it [the peace deal] to them.”

    He insist­ed the polit­i­cal and busi­ness propo­si­tions were unre­lat­ed, oth­er than each involv­ing him­self and Arte­menko as pri­ma­ry play­ers.

    Sater had worked bro­ker­ing major deals inter­na­tion­al­ly for some time after the 1996 dis­so­lu­tion of White Rock, a firm at the cen­ter of a pump-and-dump secu­ri­ties fraud scan­dal that led to Sater’s con­vic­tion for fraud. Instead of going to prison, Sater paid a fine and went to work as an FBI infor­mant. Those deals includ­ed a job for AT&T in Rus­sia, as pre­vi­ous­ly report­ed by Moth­er Jones, where Sater says the com­pa­ny was “try­ing to expand.”

    Sater said the busi­ness propo­si­tion with Arte­menko “was to try to reha­bil­i­tate the exist­ing nuclear pow­er plants in the Ukraine and build new ones using either U.S. or Cana­di­an [com­pa­nies] like GE, or the Kore­ans.” Ukraine’s his­to­ry with nuclear pow­er includes the Cher­nobyl dis­as­ter, and Sater not­ed that the aging plants need­ed refur­bish­ment in order to con­tin­ue work­ing with­out anoth­er inci­dent. Oth­er­wise, he not­ed, “they’re ready to [have] anoth­er Cher­nobyl any day now.”

    The pair fur­ther planned “to sell the excess pow­er to [inter­na­tion­al ener­gy com­pa­nies] Trafigu­ra or Vitol to sell the pow­er to East­ern Europe, and in that way finance the plants,” Sater explained. He named Poland and Belarus as two poten­tial state clients.

    “It was a way to break the ener­gy monop­oly the Rus­sians have,” he said.

    Chi Kong Chy­ong, direc­tor of the Ener­gy Pol­i­cy Forum at Cam­bridge University’s Ener­gy Pol­i­cy Research Group, told TPM that ener­gy inde­pen­dence from Rus­sia was indeed a press­ing issue in Ukraine, and not­ed a peace deal would ease the kind of inter­na­tion­al trans­ac­tion Sater and Arte­menko were propos­ing.

    Sources close to the mat­ter told TPM that there were no records of any cur­rent con­ver­sa­tions between Sater or Arte­menko and Amer­i­can indus­tri­al con­glom­er­ate GE. Trafigu­ra and Vitol are trad­ing hous­es that deal heav­i­ly in ener­gy; Vic­to­ria Dix, a spokes­woman for Trafigu­ra, said there was “no ele­ment of truth what­so­ev­er” to any sug­ges­tion that Sater was pur­su­ing a pro­pos­al with the com­pa­ny. Andrea Schlaepfer, a spokes­woman for Vitol, said, “We don’t com­ment on com­mer­cial activ­i­ties.” Nei­ther the Ukrain­ian Embassy nor the Con­sulate imme­di­ate­ly respond­ed to requests for com­ment.

    ...

    For Arte­menko, the fall­out from the Jan­u­ary meet­ing with Sater and Cohen was imme­di­ate and severe. He was expelled from his Verk­hov­na Rada polit­i­cal par­ty the day after the New York Times report­ed the meet­ing, and by May, Ukrain­ian Pres­i­dent Petro Poroshenko had stripped him of his cit­i­zen­ship.

    For his part, Sater said he had noth­ing to do with the doc­u­ments filled with dam­ag­ing infor­ma­tion on Ukrain­ian politi­cians, includ­ing Poroshenko, that Arte­menko report­ed­ly brought to the Jan­u­ary meet­ing. “I nev­er saw them,” Sater said, adding that Cohen might have thrown them in trash but he wasn’t sure. “I don’t want to get into it.”

    Whether Sater and Artemenko’s ener­gy trad­ing plan was well under­way or sim­ply in the pro­pos­al stage by the time of the meet­ing, it would have been an eas­i­er sell with Artemenko’s Putin-approved cease­fire in place, accord­ing to Chy­ong.

    “Any mil­i­tary con­flict in your neigh­bor­hood or close to you affects the trans­ac­tion cost of arrang­ing com­mer­cial deals, whether that is between Ukraine and the east­ern [EU, where Poland lies] or Ukraine and Belarus, for exam­ple,” Chy­ong said. “It increas­es the trans­ac­tion­al costs. The con­flict itself, of course, forces the Ukraine to think about oth­er ways and oth­er sources of impor­ta­tion of energy—gas and elec­tric­i­ty trad­ing.

    Export­ing ener­gy from Ukraine would be eas­i­est to places like Belarus and Rus­sia, Chy­ong not­ed. Old elec­tri­cal grids are among the strongest remain­ing ties between for­mer Sovi­et bloc states and Rus­sia itself; Ukraine hopes to break them by 2025, some­thing Sater said he hoped he could help along.

    ...

    ———-

    “Trump’s Ex-Biz Part­ner Eyed Ener­gy Deal As He Helped Push Ukraine ‘Peace Plan’” by Sam Thiel­man; Talk­ing Points Memo; 07/27/2017

    “Felix Sater, who worked obtain­ing financ­ing for Trump projects includ­ing the Trump SoHo, told TPM that the “peace plan” came up in the course of his attempts to bro­ker an agree­ment to sell ener­gy abroad from Ukraine’s nuclear pow­er plants with Andrii Arte­menko, at the time a Ukrain­ian par­lia­men­tar­i­an. The plan was to refur­bish dilap­i­dat­ed nuclear pow­er plants in that coun­try and then sell the pow­er gen­er­at­ed by them into East­ern Europe, using estab­lished com­modi­ties trad­ing com­pa­nies as a means of retroac­tive­ly financ­ing the deal, Sater said.”

    That was appar­ent­ly the seed of the ‘peace plan’: a deal for rehab­bing Ukraine’s nuke plants and export­ing ener­gy. And accord­ing to Chi Kong Chy­ong, direc­tor of the Ener­gy Pol­i­cy Forum at Cam­bridge University’s Ener­gy Pol­i­cy Research Group, such a plan would indeed be eas­i­er if there was peace. But as Chy­ong also points out, it’s the con­flict itself that of course is what’s dri­ving Ukraine to think about non-Russ­ian ener­gy sources:

    ...
    Chi Kong Chy­ong, direc­tor of the Ener­gy Pol­i­cy Forum at Cam­bridge University’s Ener­gy Pol­i­cy Research Group, told TPM that ener­gy inde­pen­dence from Rus­sia was indeed a press­ing issue in Ukraine, and not­ed a peace deal would ease the kind of inter­na­tion­al trans­ac­tion Sater and Arte­menko were propos­ing.

    ...

    Whether Sater and Artemenko’s ener­gy trad­ing plan was well under­way or sim­ply in the pro­pos­al stage by the time of the meet­ing, it would have been an eas­i­er sell with Artemenko’s Putin-approved cease­fire in place, accord­ing to Chy­ong.

    “Any mil­i­tary con­flict in your neigh­bor­hood or close to you affects the trans­ac­tion cost of arrang­ing com­mer­cial deals, whether that is between Ukraine and the east­ern [EU, where Poland lies] or Ukraine and Belarus, for exam­ple,” Chy­ong said. “It increas­es the trans­ac­tion­al costs. The con­flict itself, of course, forces the Ukraine to think about oth­er ways and oth­er sources of impor­ta­tion of energy—gas and elec­tric­i­ty trad­ing.
    ...

    A nuclear plan designed to make Ukraine much less depen­dent on Russ­ian ener­gy, does­n’t exact­ly sound like the kind of thing a ‘pro-Russ­ian’ Ukrain­ian politi­cian would be work­ing on. And nei­ther does the plan to break up the Sovi­et bloc elec­tri­cal grid that Felix Sater wants to help along:

    ...
    Export­ing ener­gy from Ukraine would be eas­i­est to places like Belarus and Rus­sia, Chy­ong not­ed. Old elec­tri­cal grids are among the strongest remain­ing ties between for­mer Sovi­et bloc states and Rus­sia itself; Ukraine hopes to break them by 2025, some­thing Sater said he hoped he could help along.
    ...

    So that’s the lat­est strange twist on the mys­tery of Felix Sater’s Ukrain­ian ‘peace plan’. But note that word of this nuclear plan was actu­al­ly report back in May in The Nation­al Memo. And in that piece that point out one oth­er per­son who Sater and Arte­menko was appar­ent­ly try­ing to get involved with these nego­ti­a­tions: Robert Armao, a rather col­or­ful fig­ure who had some ties to Ukraine. Includ­ing, accord­ing to Armao, his work advised indi­vid­u­als who were work­ing with for­mer Ukrain­ian pres­i­dent Vik­tor Yushchenko dur­ing the Orange Rev­o­lu­tion protests of 2004–2005 (it’s not exact­ly a pro-Krem­lin back­ground):

    The Nation­al Memo

    How Felix Sater — For­mer Mob-linked Hus­tler And Ex-Trump Advis­er — Sought To ‘Pro­tect’ Ukraine’s Nuclear Plants

    Richard Behar
    May 25, 2017 3:10 pm

    The saga of Felix Sater — a twice-con­vict­ed one-time Mafia asso­ciate, real estate devel­op­er, some­time part­ner and for­mer “senior advis­er” to Don­ald Trump — con­tin­ues to grow more com­pli­cat­ed and bizarre. Details have now emerged of a sec­ond attempt­ed diplo­mat­ic inter­ven­tion by Sater, sup­pos­ed­ly to pre­vent a pos­si­ble nuclear pow­er plant con­fla­gra­tion in Ukraine.

    In a recent inves­ti­ga­tion for DC Report, (reprint­ed here by The Nation­al Memo), I explored a series of con­tro­ver­sial finan­cial trans­ac­tions that involved Sater and anoth­er for­mer Trump Orga­ni­za­tion asso­ciate named Daniel Ridloff, which involved accu­sa­tions that the two men had abscond­ed with near­ly $43 mil­lion from the sale of an Ohio shop­ping mall to Neil Bush, son and broth­er of the for­mer pres­i­dents.

    While that case was set­tled (with Sater and Ridloff receiv­ing rough­ly half of the con­test­ed mon­ey), and there was no evi­dence impli­cat­ing Trump in those trans­ac­tions, the president’s busi­ness appears to have ben­e­fit­ed from them. Sev­er­al con­do­mini­ums in his trou­bled Trump Soho build­ing were pur­chased with $3.1 mil­lion in cash that may have come from the same sources, with roots in Kaza­khstan. Inves­ti­ga­tors have long sus­pect­ed that fig­ures seek­ing to hide illic­it cash have used Trump busi­ness­es, includ­ing his casi­no and real estate hold­ings, whether or not Trump or his exec­u­tives were cog­nizant of such sus­pi­cious trans­ac­tions.

    Aside from Sater’s crim­i­nal past, which was cit­ed by Trump crit­ics dur­ing the 2016 elec­tion, he drew front-page atten­tion last Feb­ru­ary, just one week before Michael Fly­nn resigned as nation­al secu­ri­ty advis­er over his con­cealed dis­cus­sions with the Russ­ian ambas­sador, when news out­lets revealed that Sater had hand-deliv­ered a Krem­lin “peace pro­pos­al” for Ukraine to Flynn’s office. The pro­pos­al sug­gest­ed a way that Pres­i­dent Trump could lift sanc­tions against Rus­sia as part of a nego­ti­at­ed set­tle­ment

    Behind that propo­si­tion, accord­ing to the New York Times, were the Russ­ian-born Sater; Michael Cohen, the president’s per­son­al lawyer; and Andrii Arte­menko, a Ukrain­ian par­lia­ment mem­ber lead­ing a polit­i­cal oppo­si­tion move­ment that was forged in part by for­mer Trump cam­paign man­ag­er Paul Man­afort.

    Accord­ing to the Times, Sater, Cohen and Arte­menko met in Jan­u­ary in pri­vate con­fer­ence rooms and the restau­rant bar at New York’s Regency hotel to dis­cuss the plan before it was deliv­ered to the White House.

    Now I have learned that Sater and Arte­menko met last Octo­ber 7 for break­fast at the St. Reg­is Hotel in New York to dis­cuss anoth­er major prob­lem in Ukraine: Its aging cohort of nuclear pow­er plants, which may pose safe­ty risks as grave as the 1986 Cher­nobyl dis­as­ter. The meet­ing was con­vened a month before the U.S. pres­i­den­tial elec­tion. Sater declined to com­ment and Arte­menko — whose par­lia­men­tary sta­tus and cit­i­zen­ship were revoked by the Ukraine gov­ern­ment after the “peace plan” fias­co –could not be reached.

    Evi­dent­ly Sater and Arte­menko were seek­ing the assis­tance of a third per­son who attend­ed the break­fast, Robert Armao — a well-con­nect­ed inter­na­tion­al busi­ness­man who served as labor coun­sel to the late Vice Pres­i­dent Nel­son Rock­e­feller in the ear­ly 1970s. Armao says that Sater, whom he’d nev­er met or spo­ken with pri­or to last fall, reached out to him through a mutu­al friend.

    “He said that Arte­menko was in Wash­ing­ton meet­ing with mem­bers of Con­gress because of the world­wide effort to deal with nuclear pow­er plants in Ukraine,” recalls the for­mer Rock­e­feller aide. “Many are falling apart, like at the Cher­nobyl-lev­el, and the plants need to be refur­bished.”

    Armao was invit­ed to the New York meet­ing because he’s a long­time expert on Ukraine. He says he once advised indi­vid­u­als who were work­ing with for­mer Ukrain­ian pres­i­dent Vik­tor Yushchenko dur­ing the Orange Rev­o­lu­tion protests of 2004–2005. Dur­ing the Octo­ber 7 break­fast, Armao says he was asked whether he could inter­cede with Ukraine’s cur­rent ener­gy min­is­ter in an attempt to revive a con­tract that Kiev had signed with South Korea to bring the nuclear plants up to glob­al stan­dards.

    Armao has also enjoyed close deal­ings in the past with the gov­ern­ment of the Repub­lic of Korea, he says, and has done busi­ness there for decades. “I said, have you offi­cial­ly asked [the Ukraine ener­gy min­is­ter]?,” recalls Armao, but “[Arte­menko] was sketchy on that. I told Sater and Arte­menko that I’d find out what’s going on.”

    Accord­ing to Armao, he reached out to sources and learned that the Ukrain­ian gov­ern­ment was “in dis­cus­sion with the Kore­ans and all was under con­trol. So that was it.”

    In fact, just five weeks before the break­fast meet­ing, Korea’s state-con­trolled nuclear pow­er util­i­ty reached an agree­ment with Ukraine to resume con­struc­tion of two reac­tors. But it’s unclear whether that deal involves the ser­vic­ing of the exist­ing reac­tors that appar­ent­ly con­cerned Sater and Arte­menko.

    Armao admits that he was impressed by the for­mer Trump asso­ciate. “When you talk to the guy, he wants to save the world. He said, ‘You know, [Ukrain­ian nuclear plant safe­ty] is a big Wash­ing­ton con­cern.’ I do say, the man is bril­liant. You sit with him, he talks about real estate, he talks about every­thing. And he can charm the pants off you, Sater.”

    ...

    Sater and Trump have been doing an odd dance around each oth­er dur­ing the past few years, regard­ing how much they’ve inter­act­ed. Trump con­sis­tent­ly has tes­ti­fied in civ­il cas­es that he bare­ly knew Sater, bare­ly dealt with him and “wouldn’t rec­og­nize him if he was sit­ting in this [depo­si­tion] room.” How­ev­er, Sater, in a dif­fer­ent civ­il case, tes­ti­fied that he would often pop his head into Trump’s office to give him updates on a Moscow hotel deal they had in the works. (It doesn’t appear that project ever came to fruition.) Last Sep­tem­ber, I half-joked to Sater that he must have a pho­to album filled with pic­tures of him­self with Trump. “A pho­to album?” he respond­ed. “How about six!”

    The Trump-Sater rela­tion­ship is like­ly to receive sharp scruti­ny soon in Wash­ing­ton, both in Con­gres­sion­al probes and per­haps even by spe­cial coun­sel Robert Mueller, who will inves­ti­gate pos­si­ble col­lu­sion between Rus­sia offi­cials and the Trump cam­paign in the 2016 elec­tion.

    In late March, then-FBI direc­tor James Comey was asked about Sater’s rela­tion­ship with the FBI when he appeared before the House Intel­li­gence Com­mit­tee. Comey declined to com­ment, pre­sum­ably because Sater spent a decade as a secret gov­ern­ment coop­er­a­tor for both the FBI and at times, the CIA. But in 2015, dur­ing her con­fir­ma­tion hear­ing for the post of U.S. Attor­ney Gen­er­al, Loret­ta Lynch offered a teas­er. In response to a writ­ten ques­tion about Sater by Sen­a­tor Orrin Hatch, she stat­ed that his [decade-long] assis­tance as a fed­er­al coop­er­a­tor was “cru­cial to nation­al secu­ri­ty.”

    For nation­al secu­ri­ty rea­sons, it is now cru­cial that the pub­lic learn all the details of Sater’s work for the gov­ern­ment– and much more.

    ———–

    “How Felix Sater — For­mer Mob-linked Hus­tler And Ex-Trump Advis­er — Sought To ‘Pro­tect’ Ukraine’s Nuclear Plants” Richard Behar; The Nation­al Memo; 05/25/2017

    “Evi­dent­ly Sater and Arte­menko were seek­ing the assis­tance of a third per­son who attend­ed the break­fast, Robert Armao — a well-con­nect­ed inter­na­tion­al busi­ness­man who served as labor coun­sel to the late Vice Pres­i­dent Nel­son Rock­e­feller in the ear­ly 1970s. Armao says that Sater, whom he’d nev­er met or spo­ken with pri­or to last fall, reached out to him through a mutu­al friend.”

    So Robert Armao enters into the mix. An indi­vid­ual who says he once advised peo­ple work­ing with Vik­tor Yushchenko dur­ing the anti-Russ­ian Orange Rev­o­lu­tion protests of 2004–2005:

    ...
    He said that Arte­menko was in Wash­ing­ton meet­ing with mem­bers of Con­gress because of the world­wide effort to deal with nuclear pow­er plants in Ukraine,” recalls the for­mer Rock­e­feller aide. “Many are falling apart, like at the Cher­nobyl-lev­el, and the plants need to be refur­bished.”

    Armao was invit­ed to the New York meet­ing because he’s a long­time expert on Ukraine. He says he once advised indi­vid­u­als who were work­ing with for­mer Ukrain­ian pres­i­dent Vik­tor Yushchenko dur­ing the Orange Rev­o­lu­tion protests of 2004–2005. Dur­ing the Octo­ber 7 break­fast, Armao says he was asked whether he could inter­cede with Ukraine’s cur­rent ener­gy min­is­ter in an attempt to revive a con­tract that Kiev had signed with South Korea to bring the nuclear plants up to glob­al stan­dards.
    ...

    So we have Mr. Arte­menko, a guy from the vir­u­lent­ly anti-Russ­ian Rad­i­cal Par­ty and ties to Pravy Sek­tor, team­ing up with Felix Sater to enlist the help of Robert Armao, some­one who advised the fig­ures behind the Orange Rev­o­lu­tion Again, to help them with their scheme to free Ukraine from its depen­dence on Russ­ian ener­gy. And it was dur­ing those meet­ings that the ‘peace plan’ idea emerged.

    And who knows, maybe Arte­menko and Sater real­ly did want to push this ‘peace plan’. But regard­less, we have Felix Sater work­ing with peo­ple who were clear­ly not ‘Krem­lin-friend­ly’, and yet when this sto­ry breaks it’s all about how it was a pro-Putin peace plan and Sater appar­ent­ly had no prob­lem with that media spin on the sto­ry. He was inter­viewed about it many, many times, after all.

    Oh, and here’s a fun look at one of the more inter­est­ing busi­ness part­ner­ships from Mr. Armao’s past: Armao was an advi­sor to the Shah of Iran, and both Armao and Marc Rich busi­ness part­ners with Francesco Pazien­za, the Ital­ian intel­li­gence offi­cer and aide to Rober­to Calvi dur­ing a peri­od when Francesco Pazien­za was help­ing the US with the renew­al of the lease for a Unit­ed States intel­li­gence track­ing sta­tion in the Sey­chelles. It’s a rela­tion­ship that came up dur­ing the inves­ti­ga­tion of the of the implo­sion of Ban­co Ambrosiano:

    The New York Times

    ITALIAN EX-AGENT ORDERED EXTRADITED FROM U.S.

    By RALPH BLUMENTHAL
    Pub­lished: Sep­tem­ber 12, 1985

    A for­mer Ital­ian intel­li­gence offi­cial, in jail in New York since March, was ordered extra­dit­ed to Italy yes­ter­day to face finan­cial fraud charges grow­ing out of the 1981 bank­rupt­cy of the Ital­ian Ban­co Ambrosiano.

    The pris­on­er, Dr. Francesco Pazien­za, a 39-year-old non­prac­tic­ing physi­cian, has long been a sub­ject of keen inter­est in Italy, where his name has also cropped up in inves­ti­ga­tions of the shoot­ing of Pope John Paul II and of the pur­port­ed plot­tings of a right­ist under­ground.

    Since he was arrest­ed and jailed under dis­put­ed cir­cum­stances, Dr. Pazien­za, who for­mer­ly served in the Ital­ian Infor­ma­tion and Mil­i­tary Secu­ri­ty Ser­vice, has been telling tales of secret mis­sions and intrigues, includ­ing work he says he under­took with­out pay to aid the Unit­ed States Gov­ern­ment. A White House spokesman has denied that Dr. Pazien­za ever per­formed any autho­rized mis­sions.

    Claims Tip on Pope

    Dr. Pazien­za has also said he per­formed diplo­mat­ic ser­vices for the Vat­i­can, helped obtain infor­ma­tion on a trip to Libya by Bil­ly Carter and was tipped off about a pos­si­ble plot against the Pope six months before the shoot­ing.

    Con­cern­ing the fraud charges, Dr. Pazien­za has denied any wrong­do­ing, assert­ing that the author­i­ties in Italy were out to frame him and that he feared for his life if he was returned there.

    ”They’re try­ing to cre­ate a scape­goat,” Dr. Pazien­za, clad in an orange prison jump­suit, said in a recent three-hour inter­view in a con­fer­ence room of the Man­hat­tan Cor­rec­tion­al Cen­ter in Foley Square.

    In the extra­di­tion rul­ing yes­ter­day, Fed­er­al Dis­trict Judge Charles L. Brieant Jr. found that Dr. Pazien­za had been prop­er­ly arrest­ed by Unit­ed States Cus­toms Ser­vice agents when he appeared vol­un­tar­i­ly as an infor­mant at a pre­arranged meet­ing on March 4.

    He was grant­ed a stay of the rul­ing pend­ing an expect­ed appeal.

    Plans Volu­mi­nous Appeal

    Dr. Pazien­za, inter­viewed by tele­phone from the jail after the rul­ing was announced, said, ”I was expect­ing this kind of thing.” He added that he would per­son­al­ly pre­pare a volu­mi­nous appeal, which could go to the Unit­ed States Supreme Court.

    The Ital­ian charges on which the extra­di­tion is based accuse Dr. Pazien­za and five oth­er defen­dants of con­spir­ing to defraud Ban­co Ambrosiano of about $3 mil­lion lent to anoth­er con­cern, Pra­to Verde, ”with the delib­er­ate inten­tion of default­ing on the loan and of using the funds for per­son­al pur­pos­es,” accord­ing to Judge Brieant.

    The judge also said part of the mon­ey was sup­posed to have been used to bribe Ital­ian mag­is­trates hear­ing an appeal of the con­vic­tion of Ban­co Ambrosiano’s pres­i­dent, Rober­to Calvi. Mr. Calvi was found hang­ing from a bridge in Lon­don in 1982, either a sui­cide or a mur­der vic­tim.

    Much of the sto­ry of Dr. Pazien­za, who has been the sub­ject of more than 1,000 news arti­cles in the last 18 months in Italy alone, remains per­plex­ing.

    Much Remains Unver­i­fied

    Den­nis Fagan, spe­cial agent in charge of the Cus­toms Ser­vice in New York, said that there was ”some truth” as well as many incon­sis­ten­cies in Dr. Pazien­za­’s asser­tions and that much remained to be ver­i­fied.

    ”He’s thrown out lit­tle bones, but he’s put no meat on them,” Mr. Fagan said.

    A White House spokesman, Edward P. Djere­jian, deputy press sec­re­tary for for­eign affairs, said last week that Dr. Pazien­za had nev­er per­formed any mis­sions for the Unit­ed States. ”As far as we know, this is utter fan­ta­sy,” he said. ”No such mis­sion or any oth­er asso­ci­a­tion with Pazien­za ever took place or was even con­sid­ered.”

    At the Vat­i­can, the chief spokesman, Joaquin Navar­ro Valls, said the Vat­i­can had con­sis­tent­ly declined to dis­cuss the Pazien­za case.

    Tells of Vat­i­can Link

    One of his first assign­ments, after join­ing the intel­li­gence agency in ear­ly 1980, Dr. Pazien­za said, was to exchange views between the Vat­i­can and Sau­di Ara­bia on the sit­u­a­tion in Lebanon and on Israel’s posi­tion that for­eign embassies be sit­u­at­ed in Jerusalem rather than Tel Aviv. He said that posi­tion angered the Vat­i­can.

    In 1980, Dr. Pazien­za said, the mil­i­tary intel­li­gence chief, Gen. Giuseppe San­tovi­to, was asked by Michael A. Ledeen, an Amer­i­can for­eign affairs con­sul­tant, to pro­vide infor­ma­tion on a trip that Mr. Carter, Pres­i­dent Carter’s broth­er, had made to Libya.

    Mr. Ledeen — then a senior fel­low at George­town Uni­ver­si­ty’s Cen­ter for Strate­gic and Inter­na­tion­al Stud­ies, edi­tor of the Wash­ing­ton Quar­ter­ly and a spe­cial­ist in Ital­ian his­to­ry — said in inter­views that he had approached ”every­one I knew in Italy” for help in check­ing out infor­ma­tion for a mag­a­zine arti­cle on Mr. Carter.

    The arti­cle, part of a series of columns writ­ten togeth­er with Arnaud de Borch­grave, now edi­tor in chief of The Wash­ing­ton Times, appeared in The New Repub­lic short­ly before the 1980 Pres­i­den­tial elec­tion.

    Meet­ing With Arafat Report­ed

    It assert­ed that Pres­i­dent Carter’s broth­er had met with Yasir Arafat, head of the Pales­tine Lib­er­a­tion Orga­ni­za­tion, and George Habash, leader of the Pop­u­lar Front for the Lib­er­a­tion of Pales­tine, and had received $50,000 in trav­el mon­ey from the Libyans that he did not report to the Unit­ed States Gov­ern­ment, as required of those serv­ing for­eign gov­ern­ments. At the time, Mr. Carter was already a sub­ject of con­tro­ver­sy over his con­tacts with the Libyans.

    Mr. Carter lat­er said he had met briefly with Mr. Habash but denied hav­ing met Mr. Arafat or hav­ing received unre­port­ed funds. A Jus­tice Depart­ment inves­ti­ga­tion found that Mr. Carter had ”lied to Gov­ern­ment agents,” but no charges were brought.

    Mr. de Borch­grave said last week that he did not know Dr. Pazien­za but that Mr. Ledeen had used the Ital­ian to help obtain a tape record­ing to con­firm infor­ma­tion on the Bil­ly Carter arti­cle.

    Dr. Pazien­za also said that on Dec. 9, 1980, he and Mr. Ledeen car­ried a mes­sage from Gen­er­al San­tovi­to to Alexan­der M. Haig, then pres­i­dent of Unit­ed Tech­nolo­gies Cor­po­ra­tion and short­ly to be named Sec­re­tary of State for the new­ly elect­ed Pres­i­dent Rea­gan.

    Haig Recalls ‘Cour­tesy Vis­it’

    Gen­er­al Haig, now a con­sul­tant in Wash­ing­ton, said he recalled receiv­ing a ”cour­tesy vis­it” from Mr. Ledeen and Dr. Pazien­za in 1980. He said he no longer remem­bered the sub­ject but thought it had to do with what he called ”the Com­mu­nist con­spir­a­cy.”

    Mr. Ledeen said he recalled the meet­ing but declined to dis­cuss the sub­ject.

    Dr. Pazien­za said that after Mr. Rea­gan won the elec­tion, he trav­eled at Mr. Ledeen’s behest to Beirut in Feb­ru­ary 1981 to meet with Mr. Arafat to dis­cuss inter­na­tion­al ter­ror­ism and the Pales­tin­ian lead­er’s stand­ing with the new Admin­is­tra­tion.

    Mr. Ledeen, who began serv­ing in the spring of 1981 as a salaried, full-time spe­cial advis­er to Sec­re­tary of State Haig, denied send­ing Dr. Pazien­za on such a mis­sion.

    Ex-Envoy to Italy Com­ments

    Richard N. Gard­ner, Unit­ed States Ambas­sador to Italy at the end of the Carter Admin­is­tra­tion, said Mr. Ledeen and Dr. Pazien­za oper­at­ed ”as a chan­nel” between Italy and the Rea­gan Admin­is­tra­tion. ”I nev­er found out who autho­rized it,” he said.

    As recent­ly as last year, Dr. Pazien­za said, he sought to be help­ful to the Amer­i­cans by try­ing to nego­ti­ate a renew­al of the lease for a Unit­ed States intel­li­gence track­ing sta­tion in the Sey­chelles. He said he and two part­ners were then explor­ing an oil ven­ture with the Indi­an Ocean island nation off the east coast of Africa.

    He iden­ti­fied the part­ners as Robert Armao and Marc Rich. Mr. Rich is a com­modi­ties bro­ker now under crim­i­nal inves­ti­ga­tion in the Unit­ed States in con­nec­tion with tax eva­sion charges, for which he has already paid a $200 mil­lion civ­il set­tle­ment.

    Mr. Armao, head of a New York pub­lic rela­tions com­pa­ny and a for­mer advis­er to the Shah of Iran, large­ly con­firmed Mr. Pazien­za­’s account. But he said that while a Marc Rich sub­sidiary had been involved in their dis­cus­sions, the oil ven­ture nev­er came about.

    Mr. Djere­jian, the White House spokesman, said he had no infor­ma­tion on the mat­ter.

    ‘I Had Beau­ti­ful Mon­ey’

    Accord­ing to Dr. Pazien­za, he left the Ital­ian intel­li­gence ser­vice in the spring of 1981 and was in Italy until that Sep­tem­ber. Then, he said, he came to New York, where he lived until March 1983 in the Regency Hotel, one of the city’s most expen­sive hotels. Between then and April 1984, he said, he lived in an apart­ment at 2 East 80th Street, where the rent, he said, was $5,000 a month.

    ”I had beau­ti­ful mon­ey,” he said, giv­ing years of lucra­tive busi­ness con­sult­ing as the source.

    After that, he said, he left for the Sey­chelles, return­ing once to New York to meet vol­un­tar­i­ly with Cus­toms Ser­vice agents on Sept. 24, 1984, to pro­vide infor­ma­tion on miss­ing funds of Ban­co Ambrosiano and on inter­na­tion­al ter­ror­ism. Last Feb­ru­ary, he said, he called the Cus­toms Ser­vice from Mex­i­co to arrange a meet­ing on March 4.

    Dr. Pazien­za has con­tend­ed that he went to the meet­ing as an infor­mant and was instead improp­er­ly arrest­ed and held with­out bail. His attor­ney, Edward A. Mor­ri­son, a for­mer New York City deputy may­or, said, ”I was lied to, and my client was brought in false­ly.”

    ...

    Denies Meet­ing With Agca

    In the case of the attempt­ed assas­si­na­tion of Pope John Paul in May 1981, Dr. Pazien­za denied an asser­tion made in court in June by the con­vict­ed gun­man, Mehmet Ali Agca, that Dr. Pazien­za vis­it­ed him in Ascoli Piceno prison in March or April of 1982 to urge him to impli­cate Bul­gar­ia in the attack.

    Dr. Pazien­za con­tend­ed that he was out of the Ital­ian Mil­i­tary Secu­ri­ty Ser­vice at that time and could not have gained access to the high-secu­ri­ty prison. He said he had nev­er met or talked to Mr. Agca.

    Dr. Pazien­za also said that five or six months before the shoot­ing of the Pope, he received what he called ”vague infor­ma­tion” from a Pales­tin­ian infor­mant work­ing in a third-world press agency that ”some­thing may be going on against the Pope.”

    Dr. Pazien­za said he had asked Gen­er­al San­tovi­to if he could pass the vague report on to Arch­bish­op Achille Sil­vestri­ni at the Vat­i­can. ”He told me absolute­ly not,” that it would have to be checked fur­ther, Dr. Pazien­za recalled. He said he did not know what was final­ly done with the infor­ma­tion.

    Gen­er­al San­tovi­to was forced to resign after his name was found on the mem­ber­ship list of the secret Mason­ic lodge Pro­pa­gan­da 2, called P‑2, which was accused of con­spir­ing against the state. He died in 1984.

    Denies Belong­ing to Lodge

    Dr. Pazien­za said he had nev­er belonged to P‑2 and had nev­er met its leader, Licio Gel­li, who escaped from a Swiss jail in 1983 and remains at large.

    Dr. Pazien­za said he had also received infor­ma­tion from the Pales­tin­ian source that cer­tain duty-free trucks, known in Europe as TIR from their license plates, were arriv­ing in Italy from Bul­gar­ia with arms. But he said Gen­er­al San­tovi­to ruled out stop­ping such trucks for fear of an inter­na­tion­al inci­dent in the event the car­go proved harm­less.

    This detail may be sig­nif­i­cant, because one of the few inde­pen­dent­ly ver­i­fi­able facts Mr. Agca has giv­en as evi­dence was the exis­tence of a TIR truck near the Bul­gar­i­an Embassy in Rome that was sup­posed to have whisked him away after the attack on the Pope. Sovi­et bloc gov­ern­ments have charged that the infor­ma­tion was fed to him by Ital­ian intel­li­gence.

    Dr. Pazien­za also said that he had learned from Cus­toms agents that Ste­fano del­la Chi­aie, a right­ist fugi­tive want­ed in the 1980 bomb­ing of the Bologna train sta­tion that killed 85 peo­ple, had been report­ed seen in Mia­mi in the com­pa­ny of a Turk. A report in the Ital­ian Com­mu­nist news­pa­per L’U­ni­ta quot­ed uniden­ti­fied Amer­i­can Cus­toms offi­ials as iden­ti­fy­ing the Turk as Oral Celik, a prin­ci­pal defen­dant in the Rome tri­al of the pur­port­ed plot against the Pope. Mr. Agca has said Mr. Celik was with him in St. Peter’s Square the day the Pope was shot.

    ———-

    “ITALIAN EX-AGENT ORDERED EXTRADITED FROM U.S.” by RALPH BLUMENTHAL; The New York Times; 09/12/1985

    “The pris­on­er, Dr. Francesco Pazien­za, a 39-year-old non­prac­tic­ing physi­cian, has long been a sub­ject of keen inter­est in Italy, where his name has also cropped up in inves­ti­ga­tions of the shoot­ing of Pope John Paul II and of the pur­port­ed plot­tings of a right­ist under­ground.”

    Sounds like a great guy: an alleged P‑2 lodge mem­ber with ties to the assas­si­na­tion attempt on Pope John Paul II. And who were his oil ven­ture busi­ness part­ners? Robert Armao and Marc Rich:

    ...
    As recent­ly as last year, Dr. Pazien­za said, he sought to be help­ful to the Amer­i­cans by try­ing to nego­ti­ate a renew­al of the lease for a Unit­ed States intel­li­gence track­ing sta­tion in the Sey­chelles. He said he and two part­ners were then explor­ing an oil ven­ture with the Indi­an Ocean island nation off the east coast of Africa.

    He iden­ti­fied the part­ners as Robert Armao and Marc Rich. Mr. Rich is a com­modi­ties bro­ker now under crim­i­nal inves­ti­ga­tion in the Unit­ed States in con­nec­tion with tax eva­sion charges, for which he has already paid a $200 mil­lion civ­il set­tle­ment.

    Mr. Armao, head of a New York pub­lic rela­tions com­pa­ny and a for­mer advis­er to the Shah of Iran, large­ly con­firmed Mr. Pazien­za­’s account. But he said that while a Marc Rich sub­sidiary had been involved in their dis­cus­sions, the oil ven­ture nev­er came about.
    ...

    So that’s a taste of Mr. Armao’s past deal­ings. And now we can add Felix Sater’s schemes to export Ukrain­ian nuclear ener­gy in part­ner­ship with a Rad­i­cal Party/Pravy Sek­tor Ukrain­ian politi­cian to the list.

    Posted by Pterrafractyl | July 27, 2017, 3:19 pm
  12. Scott Rit­ter, the for­mer UN weapons inspec­tor who warned the world in the lead up to the Iraq war that it was unlike­ly that Iraq pos­sessed weapons of mass destruc­tion, has a post on the recent mem­o­ran­dum put out by the Vet­er­ans for Intel­li­gence San­i­ty (VIPS). That’s the mem­o­ran­dum that endors­es the find­ings of “The Foren­si­ca­tor” based on time­stamp meta­da­ta from a Sept 13th, 2016 DNC doc­u­ment dump by “Guc­cifer 2.0” that con­clud­ed that the dumped doc­u­ments must have been removed from the DNC via a flash dri­ve, thus strong­ly sug­gest­ing a DNC insid­er or infil­tra­tor was the source of the doc­u­ments. As not­ed above, those find­ings are sus­pect because there is no rea­son what­so­ev­er to con­clude the time­stamps of the dumped doc­u­ments in any way reflects the time­stamps of the ini­tial removal of those files and yet The Foren­si­ca­tor’s analy­sis nev­er even men­tions that pos­si­bil­i­ty and behaves as if their analy­sis is rock sol­id proof of some­thing. Rit­ter’s piece makes those same cri­tiques. And as Rit­ter notes, he him­self is a mem­ber of the Vet­er­ans for Intel­li­gence San­i­ty, but chose not to sign on to this par­tic­u­lar mem­o­ran­dum. But as he also notes, the mis­tak­en endorse­ment of this analy­sis by The Foren­si­ca­tor is by no means a rea­son to dis­count the myr­i­ad of major prob­lems with the offi­cial DNC 2016 hacks inves­ti­ga­tion that have been raised by the VIPS and oth­ers:

    TruthDig

    Time to Reassess the Roles Played by Guc­cifer 2.0 and Rus­sia in the DNC ‘Hack’

    By Scott Rit­ter
    Post­ed on Jul 27, 2017

    Editor’s note: The writer is a mem­ber of Vet­er­an Intel­li­gence Pro­fes­sion­als for San­i­ty (VIPS), but he was not a sign­er of the July 24 mem­o­ran­dum that fig­ures promi­nent­ly in this arti­cle.

    The cur­rent Amer­i­can polit­i­cal canon­i­cal the­ol­o­gy holds as an incon­tro­vert­ible truth that Rus­sia med­dled in the 2016 pres­i­den­tial elec­tion. Accord­ing to this dog­ma, which has been active­ly pro­mul­gat­ed by for­mer and cur­rent gov­ern­ment offi­cials and echoed by an unques­tion­ing main­stream media, Russ­ian intel­li­gence ser­vices, direct­ed by Pres­i­dent Vladimir Putin, con­duct­ed cyber-oper­a­tions against tar­gets asso­ci­at­ed with the U.S. elec­tion for the pur­pose of den­i­grat­ing the Demo­c­ra­t­ic can­di­date, Hillary Clin­ton, to help her oppo­nent, Don­ald Trump.

    ...

    It was with some inter­est, there­fore, that I read a mem­o­ran­dum pub­lished ear­li­er this week by a group of retired intel­li­gence pro­fes­sion­als who, like the pres­i­dent, dare to chal­lenge the con­ven­tion­al wis­dom of attribut­ing to Rus­sia the cyber­at­tacks against the Demo­c­ra­t­ic Nation­al Com­mit­tee (DNC) in 2016 and the sub­se­quent release of infor­ma­tion obtained for the osten­si­ble pur­pose of harm­ing the can­di­da­cy of Clin­ton. This group, Vet­er­an Intel­li­gence Pro­fes­sion­als for San­i­ty (VIPS), used a por­tion of its col­lec­tive expe­ri­ence to close­ly exam­ine a foren­sic analy­sis of meta­da­ta-relat­ed infor­ma­tion that the U.S. intel­li­gence com­mu­ni­ty and its sup­port­ers in Con­gress claimed was “hacked” by Rus­sia. Doc­u­ments from the DNC were copied by the per­sona Guc­cifer 2.0 on July 5, 2016, col­lat­ed on Sept. 1 and released to select mem­bers of the press on Sept. 13.

    The men and women who com­pose VIPS have, in their pri­or lives, briefed U.S. pres­i­dents and mem­bers of Con­gress. They have served as nation­al intel­li­gence offi­cers, FBI spe­cial agents, CIA case offi­cers, Nation­al Secu­ri­ty Agency (NSA) tech­ni­cal direc­tors, Defense Intel­li­gence Agency and State Depart­ment ana­lysts, and more. Their exper­tise is drawn from decades of high­ly sen­si­tive work with­in the three agencies—the Cen­tral Intel­li­gence Agency, the Fed­er­al Bureau of Inves­ti­ga­tion and the NSA—responsible for prepar­ing the U.S. intel­li­gence com­mu­ni­ties’ assess­ment of Russ­ian med­dling and with­in most, if not all, of the oth­er agen­cies that make up the U.S. intel­li­gence com­mu­ni­ty.

    These are ratio­nal peo­ple whose col­lec­tive body of work has always been in direct sup­port of the nation­al inter­est and nev­er against it. They cut across the Amer­i­can polit­i­cal spec­trum, hold­ing views that are lib­er­al, con­ser­v­a­tive and moderate—sometimes simul­ta­ne­ous­ly, as is fit­ting those intel­lects that have been con­di­tioned to be open to con­sid­er­ing all sources of infor­ma­tion. Since 2003, VIPS has pub­lished 50 mem­o­ran­dums sim­i­lar to the one pub­lished this week, all address­ing cur­rent issues on which the intel­li­gence back­ground of its col­lec­tive mem­ber­ship could weigh in cred­i­bly. Like any intel­li­gence col­lec­tive, the group strives for accu­ra­cy but is sus­cep­ti­ble to the all-too-human trait of fal­li­bil­i­ty. The retired pro­fes­sion­als of VIPS, like their active coun­ter­parts, some­times get it wrong.

    I agree with the argu­ment of the July 24 VIPS mem­o­ran­dum that takes issue with the Jan. 6, 2017, Intel­li­gence Com­mu­ni­ty Assess­ment (ICA) on Russ­ian med­dling. This NIA eval­u­a­tion assessed “with high con­fi­dence that Russ­ian mil­i­tary intel­li­gence (Gen­er­al Staff Main Intel­li­gence Direc­torate or GRU) used the Guc­cifer 2.0 per­sona … to release U.S. vic­tim data obtained in cyber oper­a­tions pub­licly and in exclu­sives to media out­lets and relayed mate­r­i­al to Wik­iLeaks.” The assess­ments con­tained with­in the Rus­sia ICA, which lies at the very heart of the ongo­ing con­tro­ver­sy sur­round­ing accu­sa­tions of col­lu­sion by peo­ple affil­i­at­ed with the Trump pres­i­den­tial cam­paign and Rus­sia, is demon­stra­bly wrong. The VIPS mem­o­ran­dum to Pres­i­dent Trump is a valu­able con­tri­bu­tion to a larg­er dis­cus­sion of the intel­li­gence community’s erro­neous assess­ment that is, oth­er­wise, lack­ing.

    The heart of the VIPS mem­o­ran­dum can be found in two para­graphs that relate to Guc­cifer 2.0 and his alleged involve­ment in the cyber­at­tack against the DNC:

    After exam­in­ing meta­da­ta from the “Guc­cifer 2.0” July 5, 2016 intru­sion into the DNC serv­er, inde­pen­dent cyber inves­ti­ga­tors have con­clud­ed that an insid­er copied DNC data onto an exter­nal stor­age device, and that “tell­tale signs” impli­cat­ing Rus­sia were then insert­ed.

    Key among the find­ings of the inde­pen­dent foren­sic inves­ti­ga­tions is the con­clu­sion that the DNC data was copied onto a stor­age device at a speed that far exceeds an Inter­net capa­bil­i­ty for a remote hack. [Bold­face in orig­i­nal.] Of equal impor­tance, the foren­sics show that the copy­ing and doc­tor­ing were per­formed on the East Coast of the U.S.

    Two issues emerge from these pas­sages. First, the ICA con­tends that Guc­cifer 2.0 accessed data from the DNC through a “cyber oper­a­tion.” Tech­ni­cal­ly, this could mean any­thing involv­ing com­put­ers, includ­ing remote hack­ing and/or direct data removal using an exter­nal stor­age device, such as a thumb dri­ve. How­ev­er, Guc­cifer 2.0 has claimed he accessed the DNC serv­er through remote hack­ing, and an inves­ti­ga­tion of unau­tho­rized intru­sions into the DNC serv­er con­duct­ed by a pri­vate cyber­se­cu­ri­ty com­pa­ny, Crowd­Strike, has attrib­uted the theft of data to a hack­ing oper­a­tion osten­si­bly over­seen by Russ­ian mil­i­tary intel­li­gence, or the GRU. The FBI has endorsed the find­ings of Crowd­Strike when it comes to the cyber-intru­sion into the DNC serv­er. As such, there is lit­tle doubt that the NIA is refer­ring to a remote hack when it speaks of a “cyber oper­a­tion” involv­ing the DNC.

    The analy­sis con­tained in the VIPS mem­o­ran­dum con­tra­dicts such an asser­tion. Unfor­tu­nate­ly, this con­clu­sion is not sup­port­ed by the data. I reached out to the foren­sic ana­lysts who con­duct­ed the analy­sis of the meta­da­ta in ques­tion. They have stat­ed that there is no way to use the avail­able meta­da­ta to deter­mine where the copy­ing of the data was done. In short, one can­not state that this data proves Guc­cifer 2.0 had direct access to the DNC serv­er or that the data was locat­ed in the DNC when it was copied on July 5, 2016. These same ana­lysts also note that the July 5 date that is per­va­sive on the meta­da­ta prob­a­bly over­wrote all pri­or mod­i­fi­ca­tion times, mean­ing it is impos­si­ble to ascer­tain if there were any pri­or copy oper­a­tions.

    The VIPS mem­o­ran­dum also speaks of the inser­tion of “tell­tale” signs into data copied from the DNC serv­er designed to impli­cate Rus­sia. I have reached out to the ana­lysts respon­si­ble for this asser­tion, and it appears that they mis­tak­en­ly attrib­uted actu­al doc­u­ment manip­u­la­tion from an ear­li­er date to the July 5 data trans­fer event. This in no way min­i­mizes the seri­ous­ness of the under­ly­ing charge—other cred­i­ble cyber-inves­ti­ga­tors have proved such data inser­tion on doc­u­ments pre­vi­ous­ly pub­lished by Guc­cifer 2.0 on June 15, 2016. Meta­da­ta analy­sis of sev­er­al Word doc­u­ments relat­ed to that release clear­ly shows that the con­tents of at least four doc­u­ments were cut from the orig­i­nal doc­u­ment and then past­ed into a Word tem­plate specif­i­cal­ly set up for the Cyril­lic alpha­bet, and which showed doc­u­ment attri­bu­tion, in the Cyril­lic alpha­bet, to “Felix Edmundovich,” the first name and patronymic of the founder of the Sovi­et intel­li­gence ser­vice.

    This cut-and-paste activ­i­ty was con­duct­ed after the doc­u­ments were accessed by Guc­cifer 2.0, which means Guc­cifer 2.0, for no prac­ti­cal rea­son what­so­ev­er, manip­u­lat­ed doc­u­ments in a way that cre­at­ed the impres­sion of a Russ­ian con­nec­tion at the same time he was deny­ing any such link. While the July 5 event can­not be used to argue a con­tin­u­a­tion of the doc­u­ment manip­u­la­tion that tran­spired on June 15, it is clear that the false Russ­ian attri­bu­tion that arose from this manip­u­la­tion car­ried over when the July 5 data was final­ly released, on Sept. 13. “The DNC is the vic­tim of a crime—an ille­gal cyber­at­tack by Russ­ian state-spon­sored agents who seek to harm the Demo­c­ra­t­ic Par­ty and pro­gres­sive groups in an effort to influ­ence the pres­i­den­tial elec­tion” Don­na Brazille, the inter­im chair of the Demo­c­ra­t­ic Par­ty at the time, pro­claimed in an offi­cial state­ment after the doc­u­ments were released by Guc­cifer 2.0.

    The impli­ca­tions of the con­clu­sions reached in the VIPS mem­o­ran­dum (if not the actu­al tech­ni­cal analy­sis it relied on) are stag­ger­ing: The DNC “hack” was actu­al­ly a cyber-theft per­pe­trat­ed by an insid­er with direct access to the DNC serv­er, who then delib­er­ate­ly doc­tored doc­u­ments to make them look as if they had been accessed by a Russ­ian-speak­ing actor pri­or to releas­ing them to the pub­lic. This is not the nar­ra­tive being pushed by the U.S. intel­li­gence, Con­gress and the main­stream media. More­over, if true, the con­clu­sions reached by VIPS point to a broad­er con­spir­a­cy with­in the Unit­ed States to under­mine the cred­i­bil­i­ty of an admit­ted­ly unpop­u­lar, yet legit­i­mate­ly elect­ed pres­i­dent that bor­ders on sedi­tion.

    These are seri­ous alle­ga­tions that should not be made light­ly. Indeed, if I were act­ing sole­ly on the infor­ma­tion con­tained with­in the VIPS mem­o­ran­dum, I would hes­i­tate to make them—the issue of down­load rates for a data set dat­ed July 5, 2016, seems irrel­e­vant for a cyber-intru­sion alleged to have tak­en place in April-May of 2016. Either Guc­cifer 2.0 regained access to the DNC serv­er in an as-of-yet-unre­port­ed (and unclaimed) cyber-oper­a­tion, or the down­load involved data pre­vi­ous­ly removed from the DNC serv­er, and, as such, is apro­pos of noth­ing. The VIPS mem­o­ran­dum does not pro­vide any tech­ni­cal data that would sus­tain a find­ing that the infor­ma­tion in ques­tion was phys­i­cal­ly in the pos­ses­sion of the DNC on July 5, 2016—the day Guc­cifer 2.0 sup­pos­ed­ly over­saw the trans­mis­sion from its point of ori­gin. Indeed, the ana­lysts say that asser­tion can­not be derived from the data.

    Such atten­tion to detail, nor­mal­ly the sig­na­ture of sol­id intel­li­gence analy­sis, is not need­ed in this case. The VIPS mem­o­ran­dum serves a larg­er pur­pose here: It ques­tions a premise that has become de rigueur in the nation­al narrative—that Guc­cifer 2.0 was a Russ­ian actor. “Guc­cifer 2.0 is known to be the Rus­sians,” Bri­an Fal­lon, the press sec­re­tary for Hillary Clin­ton, opined in Sep­tem­ber 2016. Demo­c­ra­t­ic oper­a­tives made sim­i­lar state­ments through­out the sum­mer and fall of 2016.

    On Oct. 6, 2016, the Office of the Direc­tor of Nation­al Intel­li­gence and the Depart­ment of Home­land Secu­ri­ty pub­lished a joint state­ment that not­ed that the “recent dis­clo­sures of alleged hacked e‑mails” by Guc­cifer 2.0 (and oth­ers) “are con­sis­tent with the meth­ods and moti­va­tions of Russ­ian-direct­ed efforts,” with­out fur­ther elab­o­ra­tion beyond declar­ing that “the Rus­sians have used sim­i­lar tac­tics and tech­niques across Europe and Eura­sia, for exam­ple, to influ­ence pub­lic opin­ion there.”

    Rep. Schiff, the afore­men­tioned Demo­c­ra­t­ic co-chair of the House Intel­li­gence Com­mit­tee, stat­ed in March 2017 that “a hack­er who goes by the moniker, Guc­cifer 2.0, claims respon­si­bil­i­ty for hack­ing the DNC and giv­ing the doc­u­ments to Wik­iLeaks. … The U.S. intel­li­gence com­mu­ni­ty also lat­er con­firmed that the doc­u­ments were in fact stolen by Russ­ian intel­li­gence, and Guc­cifer 2.0 act­ed as a front.”

    The prob­lem is that there sim­ply isn’t any hard data in the pub­lic domain to back up these state­ments of fact. What is known is that a per­sona using the name Guc­cifer 2.0 pub­lished doc­u­ments said to be sourced from the DNC on sev­er­al occa­sions start­ing from June 15, 2016. Guc­cifer 2.0 claims to have stolen these doc­u­ments by per­pe­trat­ing a cyber-pen­e­tra­tion of the DNC serv­er. How­ev­er, the hack­ing method­ol­o­gy Guc­cifer 2.0 claims to have employed does not match the tools and tech­niques alleged­ly uncov­ered by the cyber­se­cu­ri­ty pro­fes­sion­als from Crowd­Strike when they inves­ti­gat­ed the DNC intru­sion. More­over, cyber-experts claim the Guc­cifer 2.0 “hack” could not have been exe­cut­ed as he described.

    What Crowd­Strike did claim to have dis­cov­ered is that some­time in March 2016, the DNC serv­er was infect­ed with what is known as an X‑Agent mal­ware. Accord­ing to Crowd­Strike, the mal­ware was deployed using an open-source, remote admin­is­tra­tion tool known as Rem­Com. The mal­ware in ques­tion, a net­work tun­nel­ing tool known as X‑Tunnel, was itself a repur­posed open-source tool that made no effort to encrypt its source code, mean­ing any­one who gained access to this mal­ware would be able to tell exact­ly what it was intend­ed to do.

    Crowd­Strike claimed that the pres­ence of the X‑Agent mal­ware was a clear “sig­na­ture” of a hack­ing group—APT 28, or Fan­cy Bear—previously iden­ti­fied by Ger­man intel­li­gence as being affil­i­at­ed with the GRU, Russ­ian mil­i­tary intel­li­gence. Addi­tion­al infor­ma­tion about the com­mand and con­trol servers used by Fan­cy Bear, which Crowd­Strike claims were pre­vi­ous­ly involved in Russ­ian-relat­ed hack­ing activ­i­ty, was also report­ed.

    The Crowd­Strike data is uncon­vinc­ing. First and fore­most, the Ger­man intel­li­gence report it cites does not make an iron­clad claim that APT 28 is, in fact, the GRU. In fact, the Ger­mans only “assumed” that GRU con­ducts cyber­at­tacks. They made no claims that they knew for cer­tain that any Rus­sians, let alone the GRU, were respon­si­ble for the 2015 cyber­at­tack on the Ger­man Par­lia­ment, which Crowd­Strike cites as proof of GRU involve­ment. Sec­ond, the mal­ware in ques­tion is avail­able on the open mar­ket, mak­ing it vir­tu­al­ly impos­si­ble to make any attri­bu­tion at all sim­ply by look­ing at sim­i­lar­i­ties in “tools and tech­niques.” Vir­tu­al­ly any­one could have acquired these tools and used them in a man­ner sim­i­lar to how they were employed against both the Ger­man Par­lia­ment and the DNC.

    The pres­ence of open-source tools is, in itself, a clear indi­ca­tor that Russ­ian intel­li­gence was not involved. Doc­u­ments released by Edward Snow­den show that the NSA mon­i­tored the hack­ing of a promi­nent Russ­ian jour­nal­ist, Anna Politkovskaya, by Russ­ian intel­li­gence, “deploy­ing mali­cious soft­ware which is not avail­able in the pub­lic domain.” The notion that the Rus­sians would use spe­cial tools to hack a journalist’s email account and open-source tools to hack either the DNC or the Ger­man Par­lia­ment is laugh­able. My expe­ri­ence with Soviet/Russian intel­li­gence, which is con­sid­er­able, has impressed me with the pro­fes­sion­al­ism and ded­i­ca­tion to oper­a­tional secu­ri­ty that were involved. The APT 28/Fancy Bear cyber-pen­e­tra­tion of the DNC and the Guc­cifer 2.0 oper­a­tion as a whole are the antithe­sis of pro­fes­sion­al.

    Per­haps more impor­tant, how­ev­er, is the fact that no one has linked the theft of the DNC doc­u­ments to Guc­cifer 2.0. We do not know either the date or mech­a­nism of pen­e­tra­tion. We do not have a list of the doc­u­ments accessed and exfil­trat­ed from the DNC by APT 28, or any evi­dence that these doc­u­ments end­ed up in Guc­cifer 2.0’s pos­ses­sion. It is wide­ly assumed that the DNC pen­e­tra­tion was per­pe­trat­ed through a “spear-phish­ing” attack, in which a doc­u­ment is cre­at­ed that sim­u­lates a gen­uine com­mu­ni­ca­tion in an effort to prompt a response by the receiv­er, usu­al­ly by click­ing a spec­i­fied field, which facil­i­tates the inser­tion of mal­ware. Evi­dence of the Google-based doc­u­ments believed to have been the cul­prits behind the pen­e­tra­tion of the Demo­c­ra­t­ic Con­gres­sion­al Cam­paign Com­mit­tee (DCCC) and John Podesta’s email servers have been iden­ti­fied, along with the dates of mal­ware infec­tion. No such infor­ma­tion has been pro­vid­ed about the DNC pen­e­tra­tion.

    Which brings up per­haps the most curi­ous aspect of this entire case: The DNC servers at the cen­ter of this con­tro­ver­sy were nev­er turned over to the FBI for foren­sic inves­ti­ga­tion. Instead, the FBI had to rely upon copies of the DNC serv­er data pro­vid­ed by Crowd­Strike. The fact that it was Crowd­Strike, and not the FBI, that made the GRU attri­bu­tion call based upon the inves­ti­ga­tion of the alleged cyber-pen­e­tra­tion of the DNC serv­er is dis­turb­ing. As shown here, there is good rea­son to doubt the via­bil­i­ty of the Crowd­Strike analy­sis. That the FBI, fol­lowed by the U.S. Con­gress, the U.S. intel­li­gence com­mu­ni­ty, and the main­stream media, has par­rot­ed this ques­tion­able asser­tion as fact is shock­ing.

    The Guc­cifer 2.0 sto­ry is at the cen­ter of the ongo­ing con­tro­ver­sy swirling around the Trump White House con­cern­ing alle­ga­tions of col­lu­sion with Rus­sia regard­ing med­dling in the 2016 pres­i­den­tial elec­tion. While APT 28/Fancy Bear is not the only alleged Russ­ian hack­ing oper­a­tion claimed to have been tar­get­ing the DNC, it is the one that has been sin­gled out as “weaponiz­ing” intelligence—employing stolen doc­u­ments for the express pur­pose of alter­ing pub­lic opin­ion against Hillary Clin­ton. This act has been char­ac­ter­ized as an attack against Amer­i­ca, and was cit­ed by Pres­i­dent Barack Oba­ma when he imposed sanc­tions on Rus­sia in Decem­ber 2016 and expelled 35 Russ­ian diplo­mats. Con­gress has also referred to this “attack” as the prin­ci­pal jus­ti­fi­ca­tion for a bill seek­ing new and tougher sanc­tions tar­get­ing Rus­sia.

    ...

    The stakes could not be high­er. The Amer­i­can peo­ple would do well to demand a prop­er inves­ti­ga­tion into what actu­al­ly tran­spired at the DNC in the spring of 2016. To date there has been no exam­i­na­tion wor­thy of the name regard­ing the facts that under­pin the accu­sa­tions at the cen­ter of the Amer­i­can argu­ment against Russia—that the GRU hacked the DNC serv­er and used Guc­cifer 2.0 as a con­duit for the release of stolen doc­u­ments in a man­ner designed to influ­ence the Amer­i­can pres­i­den­tial elec­tion. The VIPS mem­o­ran­dum of July 24, 2017, ques­tions the verac­i­ty of these claims. I believe these doubts are well found­ed.

    ———-

    “Time to Reassess the Roles Played by Guc­cifer 2.0 and Rus­sia in the DNC ‘Hack’” by Scott Rit­ter; TruthDig; 07/27/2017

    “The analy­sis con­tained in the VIPS mem­o­ran­dum con­tra­dicts such an asser­tion. Unfor­tu­nate­ly, this con­clu­sion is not sup­port­ed by the data. I reached out to the foren­sic ana­lysts who con­duct­ed the analy­sis of the meta­da­ta in ques­tion. They have stat­ed that there is no way to use the avail­able meta­da­ta to deter­mine where the copy­ing of the data was done. In short, one can­not state that this data proves Guc­cifer 2.0 had direct access to the DNC serv­er or that the data was locat­ed in the DNC when it was copied on July 5, 2016. These same ana­lysts also note that the July 5 date that is per­va­sive on the meta­da­ta prob­a­bly over­wrote all pri­or mod­i­fi­ca­tion times, mean­ing it is impos­si­ble to ascer­tain if there were any pri­or copy oper­a­tions

    Yep, The Foren­si­ca­tor’s analy­sis is indeed one pos­si­ble inter­pre­ta­tion of the avail­able data. But it is only one of many pos­si­bil­i­ties that fit the data. And yet it is being treat­ed as some sort of rock sol­id proof that that one pos­si­ble sce­nario — that a USB flash dri­ve was used on July 5th to remove those DNC doc­u­ments (which are sep­a­rate from the dumped emails) — is that only sce­nario rea­son­ably sup­port­ed by the avail­able evi­dence. Don’t for­get that Wik­ileaks was heav­i­ly push­ing the “Seth Rich may have been our source and was mur­dered by the DNC” meme well before the Sep­tem­ber 13, 2016, dump of those DNC doc­u­ments, so that alone could have been incen­tive enough to mod­i­fy the dump doc­u­ment time­stamps to July 5th, five days before Rich’s mur­der. Again, the key prob­lem with The Foren­si­ca­tor’s analy­sis is that time­stamp meta­da­ta can be set to any­thing and there’s no way to no now many times its been mod­i­fied. Thus, it tells us noth­ing about when the dump doc­u­ments were ini­tial­ly removed from the DNC serv­er.

    And as Rit­ter goes on to cri­tique The Foren­si­ca­tor’s find­ings, he notes that the mis­tak­en endorse­ment by the VIPS should in no way down­play the many oth­er issues with the wide­ly accept­ed con­clu­sions about what actu­al­ly hap­pened:

    ...
    The VIPS mem­o­ran­dum also speaks of the inser­tion of “tell­tale” signs into data copied from the DNC serv­er designed to impli­cate Rus­sia. I have reached out to the ana­lysts respon­si­ble for this asser­tion, and it appears that they mis­tak­en­ly attrib­uted actu­al doc­u­ment manip­u­la­tion from an ear­li­er date to the July 5 data trans­fer event. This in no way min­i­mizes the seri­ous­ness of the under­ly­ing charge—other cred­i­ble cyber-inves­ti­ga­tors have proved such data inser­tion on doc­u­ments pre­vi­ous­ly pub­lished by Guc­cifer 2.0 on June 15, 2016. Meta­da­ta analy­sis of sev­er­al Word doc­u­ments relat­ed to that release clear­ly shows that the con­tents of at least four doc­u­ments were cut from the orig­i­nal doc­u­ment and then past­ed into a Word tem­plate specif­i­cal­ly set up for the Cyril­lic alpha­bet, and which showed doc­u­ment attri­bu­tion, in the Cyril­lic alpha­bet, to “Felix Edmundovich,” the first name and patronymic of the founder of the Sovi­et intel­li­gence ser­vice.

    This cut-and-paste activ­i­ty was con­duct­ed after the doc­u­ments were accessed by Guc­cifer 2.0, which means Guc­cifer 2.0, for no prac­ti­cal rea­son what­so­ev­er, manip­u­lat­ed doc­u­ments in a way that cre­at­ed the impres­sion of a Russ­ian con­nec­tion at the same time he was deny­ing any such link. While the July 5 event can­not be used to argue a con­tin­u­a­tion of the doc­u­ment manip­u­la­tion that tran­spired on June 15, it is clear that the false Russ­ian attri­bu­tion that arose from this manip­u­la­tion car­ried over when the July 5 data was final­ly released, on Sept. 13. “The DNC is the vic­tim of a crime—an ille­gal cyber­at­tack by Russ­ian state-spon­sored agents who seek to harm the Demo­c­ra­t­ic Par­ty and pro­gres­sive groups in an effort to influ­ence the pres­i­den­tial elec­tion” Don­na Brazille, the inter­im chair of the Demo­c­ra­t­ic Par­ty at the time, pro­claimed in an offi­cial state­ment after the doc­u­ments were released by Guc­cifer 2.0.

    The impli­ca­tions of the con­clu­sions reached in the VIPS mem­o­ran­dum (if not the actu­al tech­ni­cal analy­sis it relied on) are stag­ger­ing: The DNC “hack” was actu­al­ly a cyber-theft per­pe­trat­ed by an insid­er with direct access to the DNC serv­er, who then delib­er­ate­ly doc­tored doc­u­ments to make them look as if they had been accessed by a Russ­ian-speak­ing actor pri­or to releas­ing them to the pub­lic. This is not the nar­ra­tive being pushed by the U.S. intel­li­gence, Con­gress and the main­stream media. More­over, if true, the con­clu­sions reached by VIPS point to a broad­er con­spir­a­cy with­in the Unit­ed States to under­mine the cred­i­bil­i­ty of an admit­ted­ly unpop­u­lar, yet legit­i­mate­ly elect­ed pres­i­dent that bor­ders on sedi­tion.

    These are seri­ous alle­ga­tions that should not be made light­ly. Indeed, if I were act­ing sole­ly on the infor­ma­tion con­tained with­in the VIPS mem­o­ran­dum, I would hes­i­tate to make them—the issue of down­load rates for a data set dat­ed July 5, 2016, seems irrel­e­vant for a cyber-intru­sion alleged to have tak­en place in April-May of 2016. Either Guc­cifer 2.0 regained access to the DNC serv­er in an as-of-yet-unre­port­ed (and unclaimed) cyber-oper­a­tion, or the down­load involved data pre­vi­ous­ly removed from the DNC serv­er, and, as such, is apro­pos of noth­ing. The VIPS mem­o­ran­dum does not pro­vide any tech­ni­cal data that would sus­tain a find­ing that the infor­ma­tion in ques­tion was phys­i­cal­ly in the pos­ses­sion of the DNC on July 5, 2016—the day Guc­cifer 2.0 sup­pos­ed­ly over­saw the trans­mis­sion from its point of ori­gin. Indeed, the ana­lysts say that asser­tion can­not be derived from the data.

    Such atten­tion to detail, nor­mal­ly the sig­na­ture of sol­id intel­li­gence analy­sis, is not need­ed in this case. The VIPS mem­o­ran­dum serves a larg­er pur­pose here: It ques­tions a premise that has become de rigueur in the nation­al narrative—that Guc­cifer 2.0 was a Russ­ian actor. “Guc­cifer 2.0 is known to be the Rus­sians,” Bri­an Fal­lon, the press sec­re­tary for Hillary Clin­ton, opined in Sep­tem­ber 2016. Demo­c­ra­t­ic oper­a­tives made sim­i­lar state­ments through­out the sum­mer and fall of 2016.
    ...

    Such atten­tion to detail, nor­mal­ly the sig­na­ture of sol­id intel­li­gence analy­sis, is not need­ed in this case. The VIPS mem­o­ran­dum serves a larg­er pur­pose here: It ques­tions a premise that has become de rigueur in the nation­al narrative—that Guc­cifer 2.0 was a Russ­ian actor. “Guc­cifer 2.0 is known to be the Rus­sians,” Bri­an Fal­lon, the press sec­re­tary for Hillary Clin­ton, opined in Sep­tem­ber 2016. Demo­c­ra­t­ic oper­a­tives made sim­i­lar state­ments through­out the sum­mer and fall of 2016.”

    So that’s where we are: despite the fact that the analy­sis by The Foren­si­ca­tor endorsed by VIPS has some glar­ing holes, at this point sim­ply hav­ing a group like the VIPS raise ques­tions off the offi­cial find­ings is net help­ful in this sit­u­a­tion, espe­cial­ly since the mem­o­ran­dum includ­ed oth­er cri­tiques beyond just the find­ings of The Foren­si­ca­tor. Although send­ing out a mem­o­ran­dum that not­ed the Foren­si­ca­tor’s analy­sis and the prob­lems with it would have been more help­ful.

    Posted by Pterrafractyl | July 29, 2017, 1:34 pm
  13. Fol­low­ing on the reports about the plans of Felix Sater and Andrey(Andreii/Andrii) Arte­menko — the Ukrain­ian ‘pro-Russ­ian’ politi­cian behind the alleged ‘pro-Russ­ian’ peace plan that Felix Sater had Michael Cohen hand deliv­er to Michael Fly­nn — to build up Ukraine’s nuclear ener­gy sec­tor as a means of free­ing Ukraine from its depen­dence on Russ­ian ener­gy, here’s some more back­ground info on Arte­menko’s pol­i­tics and busi­ness in an arti­cle in the Kyiv Post. And note the date of the arti­cle: Feb­ru­ary 20, 2017, which is one day after this ‘peace plan’ was ini­tial­ly report­ed in the New York Times. It high­lights the fact that Ukrain­ian press was mak­ing it very clear very ear­ly on after this sto­ry broke that this guy’s polit­i­cal pedi­gree was anti-Russ­ian in the extreme, with close ties to Right Sector/Pravy Sek­tor.

    The arti­cle also notes anoth­er inter­est­ing aspect of Arte­menko’s busi­ness back­ground: from 2007–2013, he found­ed sev­er­al com­pa­nies that pro­vid­ed mil­i­tary logis­tics ser­vices into the Mid­dle East­ern con­flict zones and trav­eled to Sau­di Ara­bia, Syr­ia, and Qatar for busi­ness trips.

    So a guy with a con­flict-zone mil­i­tary sup­ply busi­ness and ties to the vir­u­lent­ly anti-Russ­ian Right Sec­tor and who was also work­ing on break­ing Ukraine’s depen­dence on Russ­ian ener­gy is the guy behind the ‘pro-Russ­ian’ peace plan:

    Kyiv Post

    Andrey Arte­menko: Who is this Ukrain­ian mem­ber of par­lia­ment with the peace plan?

    By Veroni­ka Melkoze­ro­va.
    Pub­lished Feb. 20. Updat­ed Feb. 20 at 8:24 pm

    Now ex-Rad­i­cal Par­ty mem­ber of par­lia­ment Andrey Arte­menko came under crit­i­cism from all sides after the New York Times revealed on Feb. 19 that he was try­ing to bro­ker his own peace plan to end Russia’s war against Ukraine.

    The plan was dis­tinct­ly pro-Russ­ian, but even the Rus­sians reject­ed it and his free­lance, ama­teur­ish diplo­ma­cy got him kicked out of his own par­ty, although he remains a mem­ber of par­lia­ment.

    His ideas includ­ed leas­ing Crimea to Rus­sia for 50 years and the lift­ing of eco­nom­ic sanc­tions against Rus­sia by U.S. Pres­i­dent Don­ald J. Trump.

    Dmit­ry Peskov, Vladimir Putin’s press sec­re­tary, denied pri­or knowl­edge of the sealed plan, which includes a sug­ges­tion that Ukraine lease Crimea to Rus­sia, which annexed the region in 2014, the Tele­graph in Lon­don quot­ed him as say­ing. “There’s noth­ing to talk about. How can Rus­sia rent its own region from itself?” Peskov said.

    Arte­menko described him­self to the New York Times as a Trump-style politi­cian.

    The 48-year-old lawmaker’s biog­ra­phy is col­or­ful and con­tro­ver­sial: He has a wife who is a mod­el, he served 2.5 years in prison with­out a tri­al, he has busi­ness in U.S and he is involved in the mil­i­tary trade to the war zones in the Mid­dle East. At home, he has close ties with the ultra-nation­al­is­tic Right Sec­tor.

    “I demand Andrey Arte­menko dis­card as a law­mak­er. He has no rights to rep­re­sent our fac­tion and par­ty. Our posi­tion is unchange­able – Rus­sia is the aggres­sor and must get away from Ukrain­ian ter­ri­to­ries,” Oleh Lyashko, Rad­i­cal Par­ty leader said to the jour­nal­ist in Verk­hov­na Rada on Feb. 20.

    “Nobody in Rad­i­cal Par­ty trades Ukraine,” Lyashko said. “To lease Crimea to Rus­sia is the same as to give your own moth­er for rent to the trav­el­ing cir­cus.”

    Arte­menko told the New York Times that many peo­ple would crit­i­cize him as a Russ­ian or Amer­i­can C.I.A. agent for his plan, but peace is what he’s after.

    “But how can you find a good solu­tion between our coun­tries if we do not talk?” Arte­menko said.

    Before the New York Times sto­ry, Arte­menko wasn’t famous. He may see him­self as the next pres­i­dent of Ukraine, but oth­ers saw him as just anoth­er gray car­di­nal.

    Fam­i­ly, busi­ness in U.S.

    Arte­menko hasn’t filed elec­tron­ic dec­la­ra­tion for 2016.

    How­ev­er, accord­ing to his pre­vi­ous e‑declaration in 2015, Arte­menko has a wife, mod­el Oksana Kuch­ma and four chil­dren, includ­ing two with U.S. cit­i­zen­ship — Edward Daniel, Amber Kather­ine. The chil­dren from the first mar­riage, Vitaly and Kristi­na Arte­menko (Kraskovs­ki), have Ukrain­ian cit­i­zen­ship but live in Ontario, Cana­da with their mother’s hus­band. In 2014 Artemenko’s elder daugh­ter Kristi­na gave birth to Artemenko’s grand­son.

    Arte­menko owns land plots of 14,000 square meters and 5,000 square meters in Vyshen­ki vil­lage of Kyiv Oblast.
    And his wife Oksana Kuch­ma is not only a mod­el but a busi­ness­woman. Accord­ing to Artemenko’s e‑declaration, Kuch­ma has a land plot of 3,000 square meters and a house in Gni­dyn vil­lage of Kyiv Oblast, an 850 square meter apart­ment in Lviv Oblast’s Zhovk­va and also a 127-square meter apart­ment in Kyiv under con­struc­tion.

    Arte­menko also owns three lux­u­ry watch­es: De Griso­gono (Hr 127,500), De Griso­gono –Gen­eve (Hr 123,450), Franck Muller (Hr 118,950) and sev­er­al lux­u­ry cars.

    Kuch­ma owns a com­pa­ny OKSY GLOBAL LLC, reg­is­tered in the U.S. and also the pri­vate avian-trans­porta­tion com­pa­ny, the Avi­a­tion Com­pa­ny Spe­cial Avia Alliance reg­is­tered in Kyiv at the same address as the com­pa­ny Glob­al Busi­ness Group GMBh, Arte­menko used to work as a deputy direc­tor before he came to Rada after the par­lia­ment elec­tions in 2014.
    Accord­ing to the Min­istry of Jus­tice reg­istry, the Glob­al Busi­ness Group GMBh pro­vides the vari­ety of ser­vices: vehi­cles trade, var­i­ous goods trade, restau­rants busi­ness and busi­ness con­sult­ing.

    The share­hold­er of the Glob­al Busi­ness Group GMBh is also a U.S. based com­pa­ny Glob­al Assets Inc., reg­is­tered in Mia­mi, Flori­da.

    ...

    Start from Kyiv

    Arte­menko came into pol­i­tics after busi­ness and jail. Accord­ing to the biog­ra­phy on his offi­cial web­site, in the ear­ly 1990s he found­ed a law firm that advo­cat­ed the inter­ests of pro­fes­sion­al ath­letes and then he became a pres­i­dent of CSK Kyiv soc­cer club. In 1998–2000, he was the advis­er of than Kyiv May­or Olek­san­dr Omelchenko, a mem­ber and one of the founders of his par­ty Uni­ty.

    In 2002, Arte­menko was arrest­ed by the Prosecutor’s Gen­er­al Office of Ukraine on accu­sa­tions of mon­ey laun­der­ing and kept in pre-tri­al deten­tion for more than two years. How­ev­er, he suc­cess­ful­ly chal­lenged his impris­on­ment as ille­gal and ground­less. He said pros­e­cu­tors were per­se­cut­ing him in hopes of get­ting Omelchenko, who was also sus­pect­ed of mon­ey laun­der­ing.

    In 2004, Arte­menko released from pre-tri­al deten­tion cen­ter Lukyanivske on bail of Mikhail Dobkin, a Par­ty of Regions law­mak­er.

    But in 2006 he became the head of the Kyiv depart­ment of Batkivshchy­na Par­ty, led by now ex-Prime Min­is­ter Yulia Tymoshenko.

    In 2007–2013 Arte­menko found­ed sev­er­al com­pa­nies that pro­vid­ed mil­i­tary logis­tics ser­vices into the con­flict zones and trav­eled to Sau­di Ara­bia, Syr­ia, and Qatar for busi­ness trips.

    Since 2013 he has his own char­i­ty foun­da­tion that helps inter­nal­ly dis­placed per­sons from the war-torn Don­bas.

    True patri­ot?

    Arte­menko came to the Verk­hov­na Rada in 2014 as a Rad­i­cal Par­ty law­mak­er (16th on the party’s list). Accord­ing to the parliament’s web­site, Arte­menko is the deputy head of the Euro­pean Inte­gra­tion Com­mit­tee and respon­si­ble for diplo­mat­ic con­nec­tions with Sau­di Ara­bia, Qatar, Unit­ed States, Kuwait, Lithua­nia and Belarus.

    The law­mak­er took an active part in Euro­Maid­an Rev­o­lu­tion in 2013–2014 that deposed Pres­i­dent Vik­tor Yanukovych.
    In 2014 he joined the Right Sec­tor polit­i­cal par­ty and was rumored to be one of the spon­sors of its leader, Dmytro Yarosh, dur­ing his pres­i­den­tial elec­tion cam­paign in 2014.

    There is even a pho­to of Arte­menko, seat­ing among the Right Sec­tor Par­ty founders at the first par­ty meet­ing in March 2014.
    Right Sec­tor spokesper­son Artem Sko­ropad­sky told the Kyiv Post on Feb. 20 that he couldn’t con­firm or deny whether Arte­menko financed the Right Sec­tor Par­ty.

    “I was nev­er into all the ‘finan­cial stuff,’ but I have no infor­ma­tion about him giv­ing the mon­ey. I remem­ber all those guys like him (Arte­menko) and (Borislav) Bereza just came to us after March 22. They weren’t Right Sec­tor mem­bers dur­ing the Rev­o­lu­tion of Dig­ni­ty,” said Sko­ropad­sky.

    He said that after the end of Euro­Maid­an Rev­o­lu­tion there was a “mess” in Right Sec­tor. Dozens of peo­ple a day was com­ing to the activists only in Kyiv.

    “The ones who could afford it gave us mon­ey, oth­ers help in dif­fer­ent ways. But as soon as we start­ed build­ing the struc­ture of the orga­ni­za­tion, the guys like Arte­menko and Bereza went to the oth­er par­ties, came in Rada or oth­er gov­ern­ment struc­tures,” Sko­ropad­sky recalled.

    ———-

    “Andrey Arte­menko: Who is this Ukrain­ian mem­ber of par­lia­ment with the peace plan?” by Veroni­ka Melkoze­ro­va; Kyiv Post; 02/20/2017

    “The law­mak­er took an active part in Euro­Maid­an Rev­o­lu­tion in 2013–2014 that deposed Pres­i­dent Vik­tor Yanukovych.
    In 2014 he joined the Right Sec­tor polit­i­cal par­ty and was rumored to be one of the spon­sors of its leader, Dmytro Yarosh, dur­ing his pres­i­den­tial elec­tion cam­paign in 2014.”

    Rumored to have spon­sored Dmytro Yarosh’s pres­i­den­tial run! That’s quite a rumor, and even if there’s no truth to it, it’s hard to ignore things like pho­tos of Arte­menko seat­ed among the Right Sec­tor Par­ty founders at the first par­ty meet­ing. That sure sounds like he’s a founder. Even if Right Sec­tor does­n’t want to acknowl­edge this:

    ...
    There is even a pho­to of Arte­menko, seat­ing among the Right Sec­tor Par­ty founders at the first par­ty meet­ing in March 2014.
    Right Sec­tor spokesper­son Artem Sko­ropad­sky told the Kyiv Post on Feb. 20 that he couldn’t con­firm or deny whether Arte­menko financed the Right Sec­tor Par­ty.
    ...

    And there’s his inter­est­ing busi­ness back­ground: start­ing sev­er­al mil­i­tary logis­tics ser­vices com­pa­nies that oper­ates in con­flict zones in the Mid­dle East. And a pri­vate avi­a­tion com­pa­ny reg­is­tered in Mia­mi, Flori­da:

    ...
    The 48-year-old lawmaker’s biog­ra­phy is col­or­ful and con­tro­ver­sial: He has a wife who is a mod­el, he served 2.5 years in prison with­out a tri­al, he has busi­ness in U.S and he is involved in the mil­i­tary trade to the war zones in the Mid­dle East. At home, he has close ties with the ultra-nation­al­is­tic Right Sec­tor.

    ...

    Kuch­ma owns a com­pa­ny OKSY GLOBAL LLC, reg­is­tered in the U.S. and also the pri­vate avian-trans­porta­tion com­pa­ny, the Avi­a­tion Com­pa­ny Spe­cial Avia Alliance reg­is­tered in Kyiv at the same address as the com­pa­ny Glob­al Busi­ness Group GMBh, Arte­menko used to work as a deputy direc­tor before he came to Rada after the par­lia­ment elec­tions in 2014.
    Accord­ing to the Min­istry of Jus­tice reg­istry, the Glob­al Busi­ness Group GMBh pro­vides the vari­ety of ser­vices: vehi­cles trade, var­i­ous goods trade, restau­rants busi­ness and busi­ness con­sult­ing.

    The share­hold­er of the Glob­al Busi­ness Group GMBh is also a U.S. based com­pa­ny Glob­al Assets Inc., reg­is­tered in Mia­mi, Flori­da.

    ...

    In 2007–2013 Arte­menko found­ed sev­er­al com­pa­nies that pro­vid­ed mil­i­tary logis­tics ser­vices into the con­flict zones and trav­eled to Sau­di Ara­bia, Syr­ia, and Qatar for busi­ness trips.
    ...

    And then there’s this inter­est­ing bit of back­ground on Arte­menko’s work in the Ukrain­ian par­lia­ment: he was the the deputy head of the Euro­pean Inte­gra­tion Com­mit­tee and respon­si­ble for diplo­mat­ic con­nec­tions with Sau­di Ara­bia, Qatar, Unit­ed States, Kuwait, Lithua­nia and Belarus:

    ...
    Arte­menko came to the Verk­hov­na Rada in 2014 as a Rad­i­cal Par­ty law­mak­er (16th on the party’s list). Accord­ing to the parliament’s web­site, Arte­menko is the deputy head of the Euro­pean Inte­gra­tion Com­mit­tee and respon­si­ble for diplo­mat­ic con­nec­tions with Sau­di Ara­bia, Qatar, Unit­ed States, Kuwait, Lithua­nia and Belarus.
    ...

    So Arte­menko is the deputy head of the Euro­pean Inte­gra­tion Com­mit­tee and is respon­si­ble for diplo­mat­ic con­nec­tions with Sau­di Ara­bia, Qatar, Unit­ed States, Kuwait, Lithua­nia and Belarus? Euro­pean Inte­gra­tion and US diplo­ma­cy. That’s does­n’t sound like the assign­ments for a politi­cian the rest of Ukraine’s politi­cians would con­sid­er ‘pro-Russ­ian’.

    And regard­ing Arte­menko’s respon­si­bil­i­ty for diplo­mat­ic con­nec­tions with the US, note how, in the orig­i­nal New York Times arti­cle that broke the sto­ry about this whole secret ‘peace plan’ scheme, Arte­menko talked on Face­book about he was ped­dling his peace plan to Amer­i­can law­mak­ers and even attend­ed Trump’s inau­gu­ra­tion. He also trav­eled to Cleve­land last year for the GOP’s Nation­al Con­ven­tion and met with mem­bers of the Trump team. So it would appear that Mr. Arte­menko had quite a bit of con­tact with the Trump team long before reports about this ‘secret peace plan’:

    The New York Times

    A Back-Chan­nel Plan for Ukraine and Rus­sia, Cour­tesy of Trump Asso­ciates

    By MEGAN TWOHEY and SCOTT SHANE
    FEB. 19, 2017

    A week before Michael T. Fly­nn resigned as nation­al secu­ri­ty advis­er, a sealed pro­pos­al was hand-deliv­ered to his office, out­lin­ing a way for Pres­i­dent Trump to lift sanc­tions against Rus­sia.

    Mr. Fly­nn is gone, hav­ing been caught lying about his own dis­cus­sion of sanc­tions with the Russ­ian ambas­sador. But the pro­pos­al, a peace plan for Ukraine and Rus­sia, remains, along with those push­ing it: Michael D. Cohen, the president’s per­son­al lawyer, who deliv­ered the doc­u­ment; Felix H. Sater, a busi­ness asso­ciate who helped Mr. Trump scout deals in Rus­sia; and a Ukrain­ian law­mak­er try­ing to rise in a polit­i­cal oppo­si­tion move­ment shaped in part by Mr. Trump’s for­mer cam­paign man­ag­er Paul Man­afort.

    At a time when Mr. Trump’s ties to Rus­sia, and the peo­ple con­nect­ed to him, are under height­ened scruti­ny — with inves­ti­ga­tions by Amer­i­can intel­li­gence agen­cies, the F.B.I. and Con­gress — some of his asso­ciates remain will­ing and eager to wade into Rus­sia-relat­ed efforts behind the scenes.

    Mr. Trump has con­found­ed Democ­rats and Repub­li­cans alike with his repeat­ed praise for the Russ­ian pres­i­dent, Vladimir V. Putin, and his desire to forge an Amer­i­can-Russ­ian alliance. While there is noth­ing ille­gal about such unof­fi­cial efforts, a pro­pos­al that seems to tip toward Russ­ian inter­ests may set off alarms.

    The ama­teur diplo­mats say their goal is sim­ply to help set­tle a gru­el­ing, three-year con­flict that has cost 10,000 lives. “Who doesn’t want to help bring about peace?” Mr. Cohen asked.

    But the pro­pos­al con­tains more than just a peace plan. Andrii V. Arte­menko, the Ukrain­ian law­mak­er, who sees him­self as a Trump-style leader of a future Ukraine, claims to have evi­dence — “names of com­pa­nies, wire trans­fers” — show­ing cor­rup­tion by the Ukrain­ian pres­i­dent, Petro O. Poroshenko, that could help oust him. And Mr. Arte­menko said he had received encour­age­ment for his plans from top aides to Mr. Putin.

    “A lot of peo­ple will call me a Russ­ian agent, a U.S. agent, a C.I.A. agent,” Mr. Arte­menko said. “But how can you find a good solu­tion between our coun­tries if we do not talk?”

    Mr. Cohen and Mr. Sater said they had not spo­ken to Mr. Trump about the pro­pos­al, and have no expe­ri­ence in for­eign pol­i­cy. Mr. Cohen is one of sev­er­al Trump asso­ciates under scruti­ny in an F.B.I. coun­ter­in­tel­li­gence exam­i­na­tion of links with Rus­sia, accord­ing to law enforce­ment offi­cials; he has denied any illic­it con­nec­tions.

    ...

    While it is unclear if the White House will take the pro­pos­al seri­ous­ly, the diplo­mat­ic free­lanc­ing has infu­ri­at­ed Ukrain­ian offi­cials. Ukraine’s ambas­sador to the Unit­ed States, Valeriy Chaly, said Mr. Arte­menko “is not enti­tled to present any alter­na­tive peace plans on behalf of Ukraine to any for­eign gov­ern­ment, includ­ing the U.S. admin­is­tra­tion.”

    At a secu­ri­ty con­fer­ence in Munich on Fri­day, Mr. Poroshenko warned the West against “appease­ment” of Rus­sia, and some Amer­i­can experts say offer­ing Rus­sia any alter­na­tive to a two-year-old inter­na­tion­al agree­ment on Ukraine would be a mis­take. The Trump admin­is­tra­tion has sent mixed sig­nals about the con­flict in Ukraine.

    But giv­en Mr. Trump’s praise for Mr. Putin, John Herb­st, a for­mer Amer­i­can ambas­sador to Ukraine, said he feared the new pres­i­dent might be too eager to mend rela­tions with Rus­sia at Ukraine’s expense — poten­tial­ly with a plan like Mr. Artemenko’s.

    It was late Jan­u­ary when the three men asso­ci­at­ed with the pro­posed plan con­verged on the Loews Regency, a lux­u­ry hotel on Park Avenue in Man­hat­tan where busi­ness deals are made in a lob­by fur­nished with leather couch­es, over mar­ti­nis at the restau­rant bar and in pri­vate con­fer­ence rooms on upper floors.

    Mr. Cohen, 50, lives two blocks up the street, in Trump Park Avenue. A lawyer who joined the Trump Orga­ni­za­tion in 2007 as spe­cial coun­sel, he has worked on many deals, includ­ing a Trump-brand­ed tow­er in the repub­lic of Geor­gia and a short-lived mixed mar­tial arts ven­ture star­ring a Russ­ian fight­er. He is con­sid­ered a loy­al lieu­tenant whom Mr. Trump trusts to fix dif­fi­cult prob­lems.

    The F.B.I. is review­ing an unver­i­fied dossier, com­piled by a for­mer British intel­li­gence agent and fund­ed by Mr. Trump’s polit­i­cal oppo­nents, that claims Mr. Cohen met with a Russ­ian rep­re­sen­ta­tive in Prague dur­ing the pres­i­den­tial cam­paign to dis­cuss Russia’s hack­ing of Demo­c­ra­t­ic tar­gets. But the Russ­ian offi­cial named in the report told The New York Times that he had nev­er met Mr. Cohen. Mr. Cohen insists that he has nev­er vis­it­ed Prague and that the dossier’s asser­tions are fab­ri­ca­tions. (Mr. Man­afort is also under inves­ti­ga­tion by the F.B.I. for his con­nec­tions to Rus­sia and Ukraine.)

    Mr. Cohen has a per­son­al con­nec­tion to Ukraine: He is mar­ried to a Ukrain­ian woman and once worked with rel­a­tives there to estab­lish an ethanol busi­ness.

    Mr. Arte­menko, tall and burly, arrived at the Man­hat­tan hotel between vis­its to Wash­ing­ton. (His wife, he said, met the first lady, Mela­nia Trump, years ago dur­ing their mod­el­ing careers, but he did not try to meet Mr. Trump.) He had attend­ed the inau­gu­ra­tion and vis­it­ed Con­gress, post­ing on Face­book his admi­ra­tion for Mr. Trump and talk­ing up his peace plan in meet­ings with Amer­i­can law­mak­ers.

    He entered Par­lia­ment in 2014, the year that the for­mer Ukrain­ian pres­i­dent Vik­tor Yanukovych fled to Moscow amid protests over his eco­nom­ic align­ment with Rus­sia and cor­rup­tion. Mr. Man­afort, who had been instru­men­tal in get­ting Mr. Yanukovych elect­ed, helped shape a polit­i­cal bloc that sprang up to oppose the new pres­i­dent, Mr. Poroshenko, a wealthy busi­ness­man who has tak­en a far tougher stance toward Rus­sia and accused Mr. Putin of want­i­ng to absorb Ukraine into a new Russ­ian Empire. Mr. Arte­menko, 48, emerged from the oppo­si­tion that Mr. Man­afort nur­tured. (The two men have nev­er met, Mr. Arte­menko said.)

    Before enter­ing pol­i­tics, Mr. Arte­menko had busi­ness ven­tures in the Mid­dle East and real estate deals in the Mia­mi area, and had worked as an agent rep­re­sent­ing top Ukrain­ian ath­letes. Some col­leagues in Par­lia­ment describe him as cor­rupt, untrust­wor­thy or sim­ply insignif­i­cant, but he appears to have amassed con­sid­er­able wealth.

    He has fash­ioned him­self in the image of Mr. Trump, pre­sent­ing him­self as Ukraine’s answer to a ris­ing class of nation­al­ist lead­ers in the West. He even trav­eled to Cleve­land last sum­mer for the Repub­li­can Nation­al Con­ven­tion, seiz­ing on the chance to meet with mem­bers of Mr. Trump’s cam­paign.

    “It’s time for new lead­ers, new approach­es to the gov­er­nance of the coun­try, new prin­ci­ples and new nego­tia­tors in inter­na­tion­al pol­i­tics,” he wrote on Face­book on Jan. 27. “Our time has come!”

    Mr. Arte­menko said he saw in Mr. Trump an oppor­tu­ni­ty to advo­cate a plan for peace in Ukraine — and help advance his own polit­i­cal career. Essen­tial­ly, his plan would require the with­draw­al of all Russ­ian forces from east­ern Ukraine. Ukrain­ian vot­ers would decide in a ref­er­en­dum whether Crimea, the Ukrain­ian ter­ri­to­ry seized by Rus­sia in 2014, would be leased to Rus­sia for a term of 50 or 100 years.

    The Ukrain­ian ambas­sador, Mr. Chaly, reject­ed a lease of that kind. “It is a gross vio­la­tion of the Con­sti­tu­tion,” he said in writ­ten answers to ques­tions from The Times. “Such ideas can be pitched or pushed through only by those open­ly or covert­ly rep­re­sent­ing Russ­ian inter­ests.”

    The reac­tion sug­gest­ed why Mr. Artemenko’s project also includes the dis­sem­i­na­tion of “kom­pro­mat,” or com­pro­mis­ing mate­r­i­al, pur­port­ed­ly show­ing that Mr. Poroshenko and his clos­est asso­ciates are cor­rupt. Only a new gov­ern­ment, pre­sum­ably one less hos­tile to Rus­sia, might take up his plan.

    Mr. Sater, a long­time busi­ness asso­ciate of Mr. Trump’s with con­nec­tions in Rus­sia, was will­ing to help Mr. Artemenko’s pro­pos­al reach the White House.

    ...

    Mr. Arte­menko said a mutu­al friend had put him in touch with Mr. Sater. Help­ing to advance the pro­pos­al, Mr. Sater said, made sense.

    “I want to stop a war, num­ber one,” he said. “Num­ber two, I absolute­ly believe that the U.S. and Rus­sia need to be allies, not ene­mies. If I could achieve both in one stroke, it would be a home run.”

    After speak­ing with Mr. Sater and Mr. Arte­menko in per­son, Mr. Cohen said he would deliv­er the plan to the White House.

    Mr. Cohen said he did not know who in the Russ­ian gov­ern­ment had offered encour­age­ment on it, as Mr. Arte­menko claims, but he under­stood there was a promise of proof of cor­rup­tion by the Ukrain­ian pres­i­dent.

    “Fraud is nev­er good, right?” Mr. Cohen said.

    He said Mr. Sater had giv­en him the writ­ten pro­pos­al in a sealed enve­lope. When Mr. Cohen met with Mr. Trump in the Oval Office in ear­ly Feb­ru­ary, he said, he left the pro­pos­al in Mr. Flynn’s office.

    Mr. Cohen said he was wait­ing for a response when Mr. Fly­nn was forced from his post. Now Mr. Cohen, Mr. Sater and Mr. Arte­menko are hop­ing a new nation­al secu­ri­ty advis­er will take up their cause. On Fri­day the pres­i­dent wrote on Twit­ter that he had four new can­di­dates for the job.

    ———-

    “A Back-Chan­nel Plan for Ukraine and Rus­sia, Cour­tesy of Trump Asso­ciates” by MEGAN TWOHEY and SCOTT SHANE; The New York Times; 02/19/2017

    “Mr. Arte­menko, tall and burly, arrived at the Man­hat­tan hotel between vis­its to Wash­ing­ton. (His wife, he said, met the first lady, Mela­nia Trump, years ago dur­ing their mod­el­ing careers, but he did not try to meet Mr. Trump.) He had attend­ed the inau­gu­ra­tion and vis­it­ed Con­gress, post­ing on Face­book his admi­ra­tion for Mr. Trump and talk­ing up his peace plan in meet­ings with Amer­i­can law­mak­ers.”

    And before Mr. Art­menko trav­eled to DC for Trump’s inau­gu­ra­tion, he was at the GOP nation­al con­ven­tion to meet with Trump’s team:

    ...
    He has fash­ioned him­self in the image of Mr. Trump, pre­sent­ing him­self as Ukraine’s answer to a ris­ing class of nation­al­ist lead­ers in the West. He even trav­eled to Cleve­land last sum­mer for the Repub­li­can Nation­al Con­ven­tion, seiz­ing on the chance to meet with mem­bers of Mr. Trump’s cam­paign.
    ...

    And note how the peace plan Arte­menko was advo­cat­ing, a plan wide­ly char­ac­ter­ized as obvi­ous­ly pro-Russ­ian, did­n’t even include that Crimea would be leased to Rus­sia for 100 years. It was a plan for a pub­lic ref­er­en­dum on the ques­tion of whether or not Crimea would be leased to Rus­sia for 100 years:

    ...
    “It’s time for new lead­ers, new approach­es to the gov­er­nance of the coun­try, new prin­ci­ples and new nego­tia­tors in inter­na­tion­al pol­i­tics,” he wrote on Face­book on Jan. 27. “Our time has come!”

    Mr. Arte­menko said he saw in Mr. Trump an oppor­tu­ni­ty to advo­cate a plan for peace in Ukraine — and help advance his own polit­i­cal career. Essen­tial­ly, his plan would require the with­draw­al of all Russ­ian forces from east­ern Ukraine. Ukrain­ian vot­ers would decide in a ref­er­en­dum whether Crimea, the Ukrain­ian ter­ri­to­ry seized by Rus­sia in 2014, would be leased to Rus­sia for a term of 50 or 100 years.
    ...

    A ref­er­en­dum that would almost cer­tain­ly be reject­ed by Ukrain­ian vot­ers. It’s not exact­ly the kind of plan the Krem­lin is going to get excit­ed about.

    And yet Arte­menko kept push­ing this plan, along with the kom­pro­mat on Poroshenko. Because it was­n’t just a peace plan. It was a peace plan char­ac­ter­ized as one that only a dif­fer­ent future Ukrain­ian gov­ern­ment could endorse, hence the komo­pro­mat:

    ...
    The Ukrain­ian ambas­sador, Mr. Chaly, reject­ed a lease of that kind. “It is a gross vio­la­tion of the Con­sti­tu­tion,” he said in writ­ten answers to ques­tions from The Times. “Such ideas can be pitched or pushed through only by those open­ly or covert­ly rep­re­sent­ing Russ­ian inter­ests.”

    The reac­tion sug­gest­ed why Mr. Artemenko’s project also includes the dis­sem­i­na­tion of “kom­pro­mat,” or com­pro­mis­ing mate­r­i­al, pur­port­ed­ly show­ing that Mr. Poroshenko and his clos­est asso­ciates are cor­rupt. Only a new gov­ern­ment, pre­sum­ably one less hos­tile to Rus­sia, might take up his plan.
    ...

    “Only a new gov­ern­ment, pre­sum­ably one less hos­tile to Rus­sia, might take up his plan.”

    Yes, this ‘peace plan’ will first require get­ting rid of Poroshenko using the kom­pro­mat and ush­er­ing in a new gov­ern­ment. And we’re sup­posed to believe a more ‘pro-Russ­ian’ gov­ern­ment would fol­low and that’s all part of Arte­menko’s plan. The plan being offered by a far-right asso­ciate of vir­u­lent­ly anti-Russ­ian forces who have long want­ed to see Poroshenko replaced with some­one even more far-right and more vir­u­lent­ly anti-Russ­ian.

    So it’s look­ing a lot like that whole peace plan scheme was actu­al­ly a ‘dump Poroshenko’ scheme by Urkaine’s far-right. Con­sid­er­ing the rum­blings com­ing from groups like the Azov Bat­tal­ion about how Ukraine should get its own nuclear weapons, you have to won­der if the plans for build­ing up Ukraine’s nuclear plants that Arte­menko and Felix Sater involved the gen­er­a­tion of some­thing more explo­sive than elec­tric­i­ty. After all, when Svo­bo­da, Right Sec­tor, and the Avoz Bat­tal­ion’s new “Nation­al Corps” par­ties signed a joint man­i­festo in March, their man­i­festo called for get­ting nukes for Ukraine:

    Kyiv Post

    Nation­al­ists say Ukraine has right to nuclear weapons

    By Veroni­ka Melkoze­ro­va.
    Pub­lished March 17. Updat­ed March 17 at 4:36 pm

    Ukraine should have the right to arm itself again with nuclear weapons, accord­ing to a joint man­i­festo signed by three of the country’s nation­al­ist par­ties on March 16 in Kyiv.

    The “Nation­al Man­i­festo” signed by Svo­bo­da, Right Sec­tor and Nation­al Corps – none of whom have any rep­re­sen­ta­tion in par­lia­ment – calls for coop­er­a­tion among the three to “fight for the pros­per­i­ty of Ukraine as a pow­er­ful nation state.”

    Ukraine, which once had the third largest nuclear arse­nal in the world, gave up the weapons in 1994 in exchange for secu­ri­ty assur­ances from the Unit­ed States, the Unit­ed King­dom and Rus­sia under the Budapest Mem­o­ran­dum.

    The nation­al­ists’ man­i­festo also includes reori­ent­ing Ukraine from the West and cre­at­ing “a new Euro­pean Union with the Baltic States.”

    They also said that Russ­ian cap­i­tal and busi­ness­es would be banned, and that “tra­di­tion­al val­ues” should be pro­mot­ed in the mass media.

    Speak­ing at the sign­ing cer­e­mo­ny, Svo­bo­da Par­ty leader Oleh Tiah­ny­bok slammed Ukraine’s cur­rent lead­er­ship for fail­ing to “defend the inter­ests of the Ukrain­ian nation.”

    “We saw that the democ­rats, lib­er­als, and social­ists … make shady deals, and do any­thing but stand for the inter­ests of the mas­ters of this land. Only nation­al­ists, when they have the full pow­er and author­i­ty, can devel­op the state in favor of all Ukraini­ans,” he said.

    How­ev­er, Svo­bo­da, Right Sec­tor, and Nation­al Corps have no plans to unite into one orga­ni­za­tion or polit­i­cal par­ty, Artem Sko­ropad­sky, the spokesper­son for Right Sec­tor told the Kyiv Post on March 17.

    More­over, the rad­i­cal nation­al­ists fre­quent­ly have dif­fer­ent views and adopt dif­fer­ing posi­tions on a vari­ety of issues.

    “The cre­ation of a so-called nation­al­ist bloc is noth­ing more than polit­i­cal PR,” Sko­ropad­sky said. “Par­tic­i­pa­tion in elec­tions is not our goal. We aim to take over­all con­trol and cre­ate a nation state.”

    Tiah­ny­bok described the man­i­festo as more of a “coor­di­na­tion of efforts.”

    ...
    ———-
    “Nation­al­ists say Ukraine has right to nuclear weapons” by Veroni­ka Melkoze­ro­va; Kyiv Post; 03/17/2017

    “Ukraine should have the right to arm itself again with nuclear weapons, accord­ing to a joint man­i­festo signed by three of the country’s nation­al­ist par­ties on March 16 in Kyiv.”

    And in addi­tion to call­ing for nukes, they want Russ­ian cap­i­tal frozen out of the coun­try, “tra­di­tion­al val­ues” (i.e. far-right cul­tur­al norms) active­ly pro­mot­ed by the mass media, and the for­ma­tion of “a new EU with the Baltic States”. And they also slammed the cur­rent lead­er­ship (the lead­er­ship tar­get­ed by Arte­menko’s kom­pro­mat on Poroshenko) but not doing enough to protest Ukraine’s inter­ests:

    ...
    The nation­al­ists’ man­i­festo also includes reori­ent­ing Ukraine from the West and cre­at­ing “a new Euro­pean Union with the Baltic States.”

    They also said that Russ­ian cap­i­tal and busi­ness­es would be banned, and that “tra­di­tion­al val­ues” should be pro­mot­ed in the mass media.

    Speak­ing at the sign­ing cer­e­mo­ny, Svo­bo­da Par­ty leader Oleh Tiah­ny­bok slammed Ukraine’s cur­rent lead­er­ship for fail­ing to “defend the inter­ests of the Ukrain­ian nation.”
    ...

    And how do these groups intend to obtain the polit­i­cal pow­er required to achieve these man­i­festo objec­tives? Well, note the rather omi­nous warn­ing from the Right Sec­tor spokesper­son:

    ...
    “The cre­ation of a so-called nation­al­ist bloc is noth­ing more than polit­i­cal PR,” Sko­ropad­sky said. “Par­tic­i­pa­tion in elec­tions is not our goal. We aim to take over­all con­trol and cre­ate a nation state.”
    ...

    Elec­tions aren’t the goal. That’s the word from the Right Sec­tor’s spokeper­son to a Kyiv Post reporter report­ing on this new ‘nationalist’/fascist man­i­festo. Although if there’s a bunch of scan­dalous kom­pro­mat that sud­den­ly scan­dal­izes Poroshenko, and pre­sum­ably most non-far-right polit­i­cal par­ties too, and cre­ates an open­ing for a far-right elec­toral surge, Right Sec­tor and the rest of its allies will pre­sum­ably be fine with obtain­ing pow­er through elec­tions.

    Posted by Pterrafractyl | July 31, 2017, 8:10 pm
  14. Here’s a poten­tial­ly sig­nif­i­cant new twist to Robert Mueller’s spe­cial coun­cil inves­ti­ga­tion: Inves­ti­ga­tors are now inves­ti­gat­ing whether or not Michael Fly­nn was secret­ly paid by a for­eign gov­ern­ment in the final months of the 2016 cam­paign. But it’s not the Russ­ian gov­ern­ment. It’s an inves­ti­ga­tion into whether or not the Turk­ish gov­ern­ment was secret­ly behind the pay­ments for Fly­n­n’s anti-Fethul­lah Gulen work. Work that the arti­cle describes as sus­p­cious slap­dash for a $530,000 con­tract:

    Ino­vo ulti­mate­ly paid the Fly­nn Intel Group only $530,000 and received lit­tle more than slap­dash research and a com­i­cal­ly inept attempt to make an anti-Gulen video, which was nev­er com­plet­ed. The entire enter­prise would prob­a­bly have gone unno­ticed if Mr. Fly­nn had not writ­ten an opin­ion piece advo­cat­ing improved rela­tions between Turkey and the Unit­ed States and call­ing Mr. Gulen “a shady Islam­ic mul­lah.”

    Part of what the inves­ti­ga­tors are report­ed­ly inter­est­ed in is whether or cer­tain refunds by the Fly­nn Intel Group back to the Turk­ish busi­ness who paid for his ser­vices con­sti­tut­ed an ille­gal kick­back.

    But here’s where it starts get­ting extra inter­est­ing: Fly­nn also recent­ly amend­ed his dis­clo­sure forms to include work for Cam­bridge Ana­lyt­i­ca’s par­ent SCL Group. And, intrigu­ing­ly, inves­ti­ga­tors are now look­ing to the work of the White Can­vas Group (actu­al­ly, its spin­off VizSense), a data-min­ing com­pa­ny that was paid $200,000 by the Trump cam­paign for unspec­i­fied ser­vices. And as we’re going to see, White Can­vas Group/VizSense appears to spe­cial­ize in “mil­i­tary grade” social media cam­paigns (some­thing sim­i­lar to SCL’s mil­i­tary grade psy-op ser­vices) and the ser­vices it offered the Trump team involved cre­at­ing social media tar­get­ing mil­lenials. And as we’ll also see, it’s ser­vices include dark web search, which is extra inter­est­ing when you con­sid­er how right-wing oper­a­tive Peter Smith’s team was not just work­ing with Fly­nn (and Steve Ban­non and Kellyanne Con­way), but it was also search­ing the dark­web for signs of hack­ers who might have hacked Hillary Clin­ton’s per­son­al email serv­er. A quest that led them to Chuck John­son and “Guc­cifer 2.0”, who both told them to con­tact Andrew Auern­heimer.

    So, yeah, the Mueller inves­ti­ga­tion just start­ed head­ing down a very inter­est­ing path:

    The New York Times

    Mueller Seeks White House Doc­u­ments on Fly­nn

    By MATTHEW ROSENBERG, MATT APUZZO and MICHAEL S. SCHMIDT
    AUG. 4, 2017

    WASHINGTON — Inves­ti­ga­tors work­ing for the spe­cial coun­sel, Robert S. Mueller III, recent­ly asked the White House for doc­u­ments relat­ed to the for­mer nation­al secu­ri­ty advis­er Michael T. Fly­nn, and have ques­tioned wit­ness­es about whether he was secret­ly paid by the Turk­ish gov­ern­ment dur­ing the final months of the pres­i­den­tial cam­paign, accord­ing to peo­ple close to the inves­ti­ga­tion.

    Though not a for­mal sub­poe­na, the doc­u­ment request is the first known instance of Mr. Mueller’s team ask­ing the White House to hand over records.

    In inter­views with poten­tial wit­ness­es in recent weeks, pros­e­cu­tors and F.B.I. agents have spent hours por­ing over the details of Mr. Flynn’s busi­ness deal­ings with a Turk­ish-Amer­i­can busi­ness­man who worked last year with Mr. Fly­nn and his con­sult­ing busi­ness, the Fly­nn Intel Group.

    The com­pa­ny was paid $530,000 to run a cam­paign to dis­cred­it an oppo­nent of the Turk­ish gov­ern­ment who has been accused of orches­trat­ing last year’s failed coup in the coun­try.

    Inves­ti­ga­tors want to know if the Turk­ish gov­ern­ment was behind those pay­ments — and if the Fly­nn Intel Group made kick­backs to the busi­ness­man, Ekim Alptekin, for help­ing con­ceal the source of the mon­ey.

    The line of ques­tion­ing shows that Mr. Mueller’s inquiry has expand­ed into a full-fledged exam­i­na­tion of Mr. Flynn’s finan­cial deal­ings, beyond the rel­a­tive­ly nar­row ques­tion of whether he failed to reg­is­ter as a for­eign agent or lied about his con­ver­sa­tions and busi­ness arrange­ments with Russ­ian offi­cials.

    Mr. Fly­nn last­ed only 24 days as nation­al secu­ri­ty advis­er, but his legal trou­bles now lie at the cen­ter of a polit­i­cal storm that has engulfed the Trump admin­is­tra­tion. For months, pros­e­cu­tors have used mul­ti­ple grand juries to issue sub­poe­nas for doc­u­ments relat­ed to Mr. Fly­nn.

    Pres­i­dent Trump has pub­licly said Mr. Mueller should con­fine his inves­ti­ga­tion to the nar­row issue of Russia’s attempts to dis­rupt last year’s pres­i­den­tial cam­paign, not con­duct an expan­sive inquiry into the finances of Mr. Trump or his asso­ciates.

    ...

    After Mr. Flynn’s dis­missal, Mr. Trump tried to get James B. Comey, the F.B.I. direc­tor, to drop the inves­ti­ga­tion, Mr. Comey said.

    Mr. Mueller is inves­ti­gat­ing whether Mr. Trump com­mit­ted obstruc­tion of jus­tice in press­ing for an end to the Fly­nn inquiry. The pres­i­dent fired Mr. Comey on May 9.

    Inves­ti­ga­tors are also exam­in­ing the flow of mon­ey into and out of the Fly­nn Intel Group — a con­sult­ing firm Mr. Fly­nn found­ed after being forced out as the direc­tor of the Defense Intel­li­gence Agency — accord­ing to sev­er­al poten­tial wit­ness­es who have been inter­viewed by pros­e­cu­tors and F.B.I. agents.

    Tak­ing mon­ey from Turkey or any for­eign gov­ern­ment is not ille­gal. But fail­ing to reg­is­ter as a for­eign agent is a felony, and try­ing to hide the source of the mon­ey by rout­ing it through a pri­vate com­pa­ny or some oth­er enti­ty, and then pay­ing kick­backs to the mid­dle­man, could lead to numer­ous crim­i­nal charges, includ­ing fraud.

    Pros­e­cu­tors have also asked dur­ing inter­views about Mr. Flynn’s speak­ing engage­ments for Russ­ian com­pa­nies, for which he was paid more than $65,000 in 2015, and about his company’s clients — includ­ing work it may have done with the Japan­ese gov­ern­ment.

    They have also asked about the White Can­vas Group, a data-min­ing com­pa­ny that was report­ed­ly paid $200,000 by the Trump cam­paign for unspec­i­fied ser­vices. The Fly­nn Intel Group shared office space with the White Can­vas Group, which was found­ed by a for­mer Spe­cial Oper­a­tions offi­cer who was a friend of Mr. Flynn’s.

    Mr. Fly­nn has now had to file three ver­sions of his finan­cial-dis­clo­sure forms. His first ver­sion did not dis­close pay­ments from Rus­sia-linked com­pa­nies. He added those pay­ments to an amend­ed ver­sion of the forms he sub­mit­ted in March. This week he filed a new ver­sion, adding that he briefly had a con­tract with SCL Group, the par­ent com­pa­ny of Cam­bridge Ana­lyt­i­ca, a data-min­ing firm that worked with the Trump cam­paign.

    The new forms list at least $1.8 mil­lion in income, up from rough­ly the $1.4 mil­lion he had pre­vi­ous­ly report­ed. It is unclear how much of that mon­ey was relat­ed to work Mr. Fly­nn did on Turkey issues.

    Mr. Flynn’s cam­paign to dis­cred­it the oppo­nent of the Turk­ish gov­ern­ment, Fethul­lah Gulen, began on Aug. 9 when his firm signed a $600,000 deal with Ino­vo BV, a Dutch com­pa­ny owned by Mr. Alptekin, the Turk­ish-Amer­i­can busi­ness­man.

    Mr. Gulen, a reclu­sive cler­ic, lives in rur­al Penn­syl­va­nia.

    The con­tract with Mr. Alptekin was brought in by Bijan R. Kian, an Iran­ian-Amer­i­can busi­ness­man who was one of Mr. Flynn’s busi­ness part­ners. Mr. Kian, who served until 2011 as a direc­tor of the Export-Import Bank, a Unit­ed States fed­er­al agency, is also under scruti­ny, accord­ing to wit­ness­es ques­tioned by Mr. Mueller’s inves­ti­ga­tors. A lawyer for Mr. Kian declined to com­ment.

    Ino­vo ulti­mate­ly paid the Fly­nn Intel Group only $530,000 and received lit­tle more than slap­dash research and a com­i­cal­ly inept attempt to make an anti-Gulen video, which was nev­er com­plet­ed. The entire enter­prise would prob­a­bly have gone unno­ticed if Mr. Fly­nn had not writ­ten an opin­ion piece advo­cat­ing improved rela­tions between Turkey and the Unit­ed States and call­ing Mr. Gulen “a shady Islam­ic mul­lah.”

    The opin­ion piece appeared on Elec­tion Day. Soon after, The Dai­ly Caller revealed that the Fly­nn Intel Group had a con­tract with Ino­vo, prompt­ing the Jus­tice Depart­ment look into Mr. Flynn’s rela­tion­ship with Mr. Alptekin.

    The author­i­ties quick­ly deter­mined that Mr. Fly­nn had not reg­is­tered as a for­eign agent, as required by law. In March, he retroac­tive­ly reg­is­tered with the Jus­tice Depart­ment.

    Mr. Mueller’s inves­ti­ga­tors have asked repeat­ed­ly about two pay­ments of $40,000 each that the Fly­nn Intel Group made to Ino­vo, said wit­ness­es who have been inter­viewed in the case.

    The inves­ti­ga­tors have indi­cat­ed that they sus­pect that the pay­ments were kick­backs, and in one inter­view point­ed to the sus­pi­cious tim­ing of the trans­fers. The first pay­ment back to Ino­vo was made on Sept. 13, four days after the Dutch com­pa­ny made its first pay­out under the con­tract, send­ing $200,000 to the Fly­nn Intel Group.

    On Oct. 11, Ino­vo paid the Fly­nn Intel Group an addi­tion­al $185,000. Then, six days lat­er, the Fly­nn Intel Group sent $40,000 to Ino­vo.

    Mr. Alptekin said that both pay­ments were refunds for work that the Fly­nn Intel Group had not com­plet­ed.

    “Ekim main­tains that all pay­ments and refunds were for unful­filled work, and that they were legal, eth­i­cal and above board,” said Mol­ly Toomey, a spokes­woman for Mr. Alptekin. She described the reim­burse­ments as “a busi­ness deci­sion.”

    Anoth­er focus for inves­ti­ga­tors is the repeat­ed­ly chang­ing expla­na­tion Mr. Alptekin has offered for why he hired Mr. Fly­nn. In March, he told a reporter that Mr. Fly­nn had been hired “to pro­duce geopo­lit­i­cal analy­sis on Turkey and the region” for an Israeli ener­gy com­pa­ny. But in an inter­view with The New York Times in June, he said he want­ed a cred­i­ble Amer­i­can firm to help dis­cred­it Mr. Gulen, whom Pres­i­dent Recep Tayyip Erdo­gan of Turkey has blamed for the coup attempt.

    “Like many Amer­i­cans rolling up their sleeves in 9/11 to do some­thing, I decid­ed to do some­thing,” Mr. Alptekin said.

    He scoffed at the sug­ges­tion that he was a front for the Turk­ish gov­ern­ment. Ino­vo, he not­ed, was reg­is­tered in the Nether­lands, where it is dif­fi­cult to mask the own­er­ship of a com­pa­ny. A clear paper trail linked the pay­ments between his com­pa­ny and the Fly­nn Intel Group, he said.

    “If we were try­ing to hide,” he said, “you’d think we’d be good at it.”

    ———-

    “Mueller Seeks White House Doc­u­ments on Fly­nn” by MATTHEW ROSENBERG, MATT APUZZO and MICHAEL S. SCHMIDT; The New York Times; 08/04/2017

    “They have also asked about the White Can­vas Group, a data-min­ing com­pa­ny that was report­ed­ly paid $200,000 by the Trump cam­paign for unspec­i­fied ser­vices. The Fly­nn Intel Group shared office space with the White Can­vas Group, which was found­ed by a for­mer Spe­cial Oper­a­tions offi­cer who was a friend of Mr. Flynn’s.”

    Note that it’s not quite accu­rate that doc­u­ments show that $200,000 was paid by the Trump team to White Can­vas Group last year. As we’ll see below, the $200,000 was paid to Colt Ven­tures, a Dal­las-based ven­ture-cap­i­tal firm owned by a fig­ure close to Ban­non and who report­ed­ly met with Ban­non fre­quent­ly dur­ing the cam­paign. Colt Ven­ture is also an investor in VizSense And VizSense was spun off from White Can­vas Group.

    So while the poten­tial kick­backs and secret pay­ments from the Turk­ish gov­ern­ment are indeed quite inter­est­ing, when it comes to the inves­ti­ga­tion into the 2016 hacks it’s the Colt Ventures/White Can­vas Group/VizSense that is the far more inter­est aspect of the inves­ti­ga­tion. Espe­cial­ly in light of the Trump cam­paign’s use of the mil­i­tary-grade psy-op ser­vices offered by the SCL Group, which we now learn briefly con­tract­ed Fly­nn too (which isn’t par­tic­u­lar­ly shock­ing in this con­text, but still worth not­ing):

    ...
    Mr. Fly­nn has now had to file three ver­sions of his finan­cial-dis­clo­sure forms. His first ver­sion did not dis­close pay­ments from Rus­sia-linked com­pa­nies. He added those pay­ments to an amend­ed ver­sion of the forms he sub­mit­ted in March. This week he filed a new ver­sion, adding that he briefly had a con­tract with SCL Group, the par­ent com­pa­ny of Cam­bridge Ana­lyt­i­ca, a data-min­ing firm that worked with the Trump cam­paign.
    ...

    So what exact­ly did VizSense do in ser­vice of the Trump cam­paign? Well, that’s unspec­i­fied. The Trump team goes as far as acknowl­edg­ing it involved a social-media project that involved video-con­tent cre­ation and “mil­len­ni­al engage­ment” in the campaign’s final month and the founder report­ed­ly fre­quent­ly met with Steve Ban­non. But as the fol­low­ing arti­cle shows, VizSense is described as a “DARPA” and has received numer­ous Pen­ta­gon con­tracts, includ­ing “deep and dark web capa­bil­i­ty and gap analy­sis.”

    So in light of the Peter Smith group efforts and their attempts to scour the dark web in search of ‘Russ­ian hack­ers’ (recall they were advised by “Guc­cifer 2.0” to con­tact neo-Nazi hack­er Andrew Auern­heimer), and the work that Smith did with Fly­nn and Ban­non, we now learn that White Can­vas Group and VizSense are on the inves­ti­ga­tors’ radar:

    The Wash­ing­ton Post

    The mys­tery behind a Fly­nn associate’s qui­et work for the Trump cam­paign

    By Matea Gold
    May 4, 2017

    Jon Iadon­isi, a friend and busi­ness asso­ciate of for­mer nation­al secu­ri­ty advis­er Michael Fly­nn, had two under-the-radar projects under­way in the fall of 2016.

    One of his com­pa­nies was help­ing Fly­nn with an inves­tiga­tive effort for an ally of the Turk­ish gov­ern­ment — details of which Fly­nn revealed only after he was forced to step down from his White House post.

    At the same time, Iadon­isi was also doing work for the Trump cam­paign, although his role was not pub­licly report­ed, accord­ing to peo­ple famil­iar with his involve­ment.

    The project Iadon­isi was engaged in for Trump’s cam­paign focused on social media, accord­ing to a per­son with knowl­edge of the arrange­ment. What that work con­sist­ed of — and why his com­pa­ny was not dis­closed as a ven­dor in cam­paign finance reports — remains a mys­tery.

    The Trump cam­paign did not report any pay­ments to Iadon­isi or his firms. How­ev­er, Fed­er­al Elec­tion Com­mis­sion reports show that the Trump cam­paign paid $200,000 on Dec. 5 for “data man­age­ment ser­vices” to Colt Ven­tures, a Dal­las-based ven­ture-cap­i­tal firm that is an investor in VizSense, a social-media com­pa­ny co-found­ed by Iadon­isi.

    The Wash­ing­ton Post made repeat­ed inquiries to Iadon­isi and oth­er VizSense offi­cials, but none respond­ed to requests for com­ment.

    Michael Glass­ner, exec­u­tive direc­tor of the Trump cam­paign com­mit­tee, said invoic­es show Colt Ven­tures was paid for a ­social-media project that involved video-con­tent cre­ation and “mil­len­ni­al engage­ment” in the campaign’s final month. He declined to com­ment on why the pay­ment went to a ven­ture-cap­i­tal firm and whether cam­paign offi­cials were aware of the firm’s con­nec­tion to VizSense and Iadon­isi.

    It is com­mon for polit­i­cal ven­dors to hire sub­con­trac­tors whose work is not pub­licly report­ed. How­ev­er, cam­paign com­mit­tees can­not seek to avoid dis­clo­sure by pay­ing an enti­ty that does not have a legit­i­mate rela­tion­ship with the ulti­mate recip­i­ent, said Wash­ing­ton cam­paign-finance lawyer Daniel Peta­las, who served as the FEC’s act­ing gen­er­al coun­sel and head of enforce­ment.

    “A ven­ture-cap­i­tal com­pa­ny is cer­tain­ly a strange enti­ty for a cam­paign to be mak­ing an expen­di­ture to, and I would want to look fur­ther to assess whether it was it an appro­pri­ate recip­i­ent,” he said.

    Colt Ven­tures was found­ed by Dar­ren Blan­ton, a Dal­las investor who lat­er served as an advis­er to Trump’s tran­si­tion. Blan­ton met fre­quent­ly with Trump strate­gist Stephen K. Ban­non at Trump Tow­er dur­ing the cam­paign, accord­ing to peo­ple who saw him there. Colt also sent a report to Ban­non about work done for the cam­paign, accord­ing to a per­son famil­iar with the mat­ter.

    It is unclear who approved the con­tract with Colt Ven­tures. Ban­non declined to com­ment, but a White House offi­cial said Ban­non is “not aware of any of these com­pa­nies or con­tracts.”

    Blan­ton did not respond to requests for com­ment. How­ev­er, short­ly after the The Post first con­tact­ed him, Colt Ven­tures updat­ed an online list of com­pa­nies that make up its invest­ment port­fo­lio and added VizSense.

    VizSense, based in Plano, Tex., promis­es on its web­site to “weaponize your brand’s influ­ence” through “mil­i­tary-grade influ­encer mar­ket­ing and intel­li­gence ser­vices.”

    Iadon­isi, a for­mer Navy SEAL, start­ed the com­pa­ny in 2015 with Tim New­ber­ry, a nuclear engi­neer who served as a sub­ma­rine offi­cer. It was spun out of the duo’s con­sult­ing firm, White Can­vas Group, which they once described as a “a pri­va­tized DARPA,” a ref­er­ence to the Pentagon’s research arm.

    White Can­vas has received numer­ous Pen­ta­gon con­tracts, includ­ing near­ly $150,000 last year from the Navy for “deep and dark web capa­bil­i­ty and gap analy­sis,” accord­ing to con­tract­ing records.

    In a 2015 inter­view with the Dal­las Morn­ing News, Iadon­isi said VizSense helps clients track online video per­for­mance and iden­ti­fy which social-media users dri­ve the most traf­fic. He said he wit­nessed the pow­er of viral media first­hand while serv­ing in Iraq.

    “We know of a lot of bad guys who were killing my friends, and they were real­ly good at mak­ing viral videos,” Iadon­isi said. “These videos cat­alyze, and now we can look at data.”

    Iadon­isi, who worked with the CIA as a Navy SEAL, accord­ing to an online biog­ra­phy, has close ties to Fly­nn, a retired Army lieu­tenant gen­er­al with whom he served in Iraq. His LinkedIn page fea­tures an endorse­ment from Fly­nn, who called Iadon­isi “one of the best prob­lem solvers I have ever worked with” and “an incred­i­ble asset for any orga­ni­za­tion.”

    In late Decem­ber, the offi­cial VizSense account tweet­ed praise of Fly­nn, writ­ing that he “is going to con­struct an NSC that is cus­tom built for what Amer­i­ca needs to be first!@DanScavino @GenFlynn @realDonaldTrump.”

    Fly­nn declined to com­ment through his attor­ney. But a per­son with knowl­edge of their rela­tion­ship said Fly­nn has no stake in Iadonisi’s com­pa­nies and received no finan­cial ben­e­fit from any of Iadonisi’s cam­paign work.

    Until recent­ly, Iadon­isi and Flynn’s firms shared an office suite in Alexan­dria, Va. Flynn’s now-closed con­sul­tan­cy, Fly­nn Intel Group, rent­ed space from White Can­vas Group, accord­ing to a per­son famil­iar with the arrange­ment.

    And last fall, Fly­nn tapped White Can­vas Group to help him inves­ti­gate Fethul­lah Gulen, a Turk­ish Islam­ic cler­ic who lives in Penn­syl­va­nia, Jus­tice Depart­ment doc­u­ments show.

    The research was financed by a com­pa­ny owned by Ekim Alptekin, a Turk­ish Amer­i­can busi­ness­man close to top offi­cials in Turkey, the doc­u­ments show. Turkey’s pres­i­dent, Recep Tayyip Erdo­gan, accus­es Gulen of foment­ing a coup attempt last sum­mer and wants him extra­dit­ed from the Unit­ed States.

    Ino­vo, a Nether­lands-based com­pa­ny owned by Alptekin, paid Fly­nn Intel Group $530,000 to acti­vate an “inves­tiga­tive lab­o­ra­to­ry” made up of for­mer top secu­ri­ty and intel­li­gence offi­cials to research Gulen, accord­ing to doc­u­ments Fly­nn filed under the For­eign Agents Reg­is­tra­tion Act. Fly­nn, in turn, paid White Can­vas Group $15,000 for “pub­lic open source research,” accord­ing to dis­clo­sures.

    In its con­tract with Ino­vo, Fly­nn Intel Group said the Gulen inves­ti­ga­tion would be done by “its most senior prin­ci­pals,” includ­ing “the head of Fly­nn Intel Group’s Spe­cial Oper­a­tions Cyber Force.”

    At the time, that role appeared to be filled by New­ber­ry, Iadonisi’s part­ner and the chief exec­u­tive of White Can­vas Group.

    In August 2016, the same month the Ino­vo con­tract was signed, New­ber­ry tem­porar­i­ly took on an addi­tion­al post: chief exec­u­tive of FIG Cyber, a unit of Fly­nn Intel Group, accord­ing to his LinkedIn pro­file. He held the title until Novem­ber, when the Ino­vo con­tract end­ed. New­ber­ry did not respond to requests for com­ment.

    ...

    The Defense Department’s inspec­tor gen­er­al is inves­ti­gat­ing pay­ments Fly­nn received from Ino­vo and oth­er for­eign groups. Defense Depart­ment guide­lines require for­mer offi­cers to obtain per­mis­sion before work­ing for for­eign gov­ern­ments.

    ———-

    “The mys­tery behind a Fly­nn associate’s qui­et work for the Trump cam­paign” by Matea Gold; The Wash­ing­ton Post; 05/04/2017

    “The project Iadon­isi was engaged in for Trump’s cam­paign focused on social media, accord­ing to a per­son with knowl­edge of the arrange­ment. What that work con­sist­ed of — and why his com­pa­ny was not dis­closed as a ven­dor in cam­paign finance reports — remains a mys­tery.”

    And not only is the work done by VizSense for the Trump Team large­ly a mys­tery, but the fact that Colt Ven­tures was an investor in VizSense was itself a secret until reporters start­ed ask­ing them about it:

    ...
    Colt Ven­tures was found­ed by Dar­ren Blan­ton, a Dal­las investor who lat­er served as an advis­er to Trump’s tran­si­tion. Blan­ton met fre­quent­ly with Trump strate­gist Stephen K. Ban­non at Trump Tow­er dur­ing the cam­paign, accord­ing to peo­ple who saw him there. Colt also sent a report to Ban­non about work done for the cam­paign, accord­ing to a per­son famil­iar with the mat­ter.

    It is unclear who approved the con­tract with Colt Ven­tures. Ban­non declined to com­ment, but a White House offi­cial said Ban­non is “not aware of any of these com­pa­nies or con­tracts.”

    Blan­ton did not respond to requests for com­ment. How­ev­er, short­ly after the The Post first con­tact­ed him, Colt Ven­tures updat­ed an online list of com­pa­nies that make up its invest­ment port­fo­lio and added VizSense.
    ...

    And when you look at the ser­vices VizSense offer and look at the work Fly­nn appar­ent­ly did with Peter Smith’s oper­a­tion to scour the dark web for ‘Russ­ian hack­ers’ with Hillary’s emails, it’s not hard to imag­ine why they might have want­ed to keep that VizSense invest­ment a secret:

    ...
    VizSense, based in Plano, Tex., promis­es on its web­site to “weaponize your brand’s influ­ence” through “mil­i­tary-grade influ­encer mar­ket­ing and intel­li­gence ser­vices.”

    Iadon­isi, a for­mer Navy SEAL, start­ed the com­pa­ny in 2015 with Tim New­ber­ry, a nuclear engi­neer who served as a sub­ma­rine offi­cer. It was spun out of the duo’s con­sult­ing firm, White Can­vas Group, which they once described as a “a pri­va­tized DARPA,” a ref­er­ence to the Pentagon’s research arm.

    White Can­vas has received numer­ous Pen­ta­gon con­tracts, includ­ing near­ly $150,000 last year from the Navy for “deep and dark web capa­bil­i­ty and gap analy­sis,” accord­ing to con­tract­ing records.
    ...

    So that was a pret­ty big new devel­op­ment in Mueller’s inves­ti­ga­tion. Let’s hope it keeps going down this par­tic­u­lar path. Who knows where it might lead.

    Posted by Pterrafractyl | August 5, 2017, 2:54 pm
  15. Fol­low­ing up on the flawed analy­sis by “The Foren­si­ca­tor” that pur­ports to use time­stamp meta­da­ta from a batch of DNC doc­u­ments dumped by “Guc­cifer 2.0” on Sep­tem­ber 13th, 2016, to con­clu­sive­ly prove that the files had to have been removed direct­ly from the DNC’s serv­er — flawed because the time­stamp meta­da­ta in uploaded files tells us noth­ing when those files were ini­tial­ly copied from the DNC’s serv­er and how many times they may have been copied after that — it looks like The Foren­si­ca­tor is acknowl­edg­ing these prob­lems in their analy­sis after some­one direct­ly asked them about this in the com­ments sec­tion of The Foren­si­ca­tor’s blog.

    First, here’s the ques­tion posed on July:

    Kevin Poulsen
    July 31, 2017 at 10:46 am

    Foren­si­ca­tor,

    Regard­ing this con­clu­sion:

    “The ini­tial copy­ing activ­i­ty was like­ly done from a com­put­er sys­tem that had direct access to the data. By ‘direct access’ we mean that the indi­vid­ual who was col­lect­ing the data either had phys­i­cal access to the com­put­er where the data was stored, or the data was copied over a local high speed net­work (LAN).”

    How did you deter­mine that the July 5 copy­ing was the ini­tial copy­ing?

    And here’s The Foren­si­ca­tor’s reply:

    the­foren­si­ca­tor
    July 31, 2017 at 12:13 pm

    How did you deter­mine that the July 5 copy­ing was the ini­tial copy­ing?

    The study dis­cuss­es two copy oper­a­tions: the first was done (per the meta­da­ta) on July 5, 2016 and the sec­ond on Nov. 1, 2016. In this con­text, ini­tial copy is anoth­er way of refer­ring to the first copy oper­a­tion of the two.

    Some review­ers have not­ed that the July 5, 2016 dates present in the meta­da­ta over­wrote any pre­vi­ous­ly record­ed dates/times, which of course is true. They fur­ther note that pri­or inter­me­di­ate copy oper­a­tions may have been per­formed, which is also true. Some have opined that if Guc­cifer 2 pulled data from his pre­vi­ous­ly claimed hack and sim­ply copied that data to say his local hard dri­ve on July 5, 2016 that the pat­tern present in the meta­da­ta might result; also true.

    We should also keep in mind that the study con­cludes that East­ern time zone set­tings were in force on both the first (ini­tial) and sec­ond copy oper­a­tions. Some review­ers have not­ed that Guc­cifer 2 could have man­u­al­ly set his time­zone to East­ern time – also true.

    Such an action (man­u­al­ly set­ting the time zone to East­ern time, when not phys­i­cal­ly being locat­ed there) seems out of char­ac­ter for Guc­cifer 2 who went to a lot of trou­ble to con­vince the pub­lic he is a for­eign (Roman­ian) hack­er.

    Fur­ther, for any­one who wants to claim that Guc­cifer 2 might have set his time zone to East­ern time in order to inten­tion­al­ly give the impres­sion of being on the East Coast, that can only make sense if we are to believe that he thought ahead about the rela­tion­ship between the local times record­ed in the .rar files and the UTC times record­ed in the 7zip file. That rela­tion­ship is quite obscure and went unno­ticed for almost a year. The idea that Guc­cifer 2 decid­ed to depend upon some­one stum­bling onto that rela­tion­ship as a method of dis­clos­ing his East Coast time set­ting is far-fetched, to say the least.

    “Some review­ers have not­ed that the July 5, 2016 dates present in the meta­da­ta over­wrote any pre­vi­ous­ly record­ed dates/times, which of course is true. They fur­ther note that pri­or inter­me­di­ate copy oper­a­tions may have been per­formed, which is also true. Some have opined that if Guc­cifer 2 pulled data from his pre­vi­ous­ly claimed hack and sim­ply copied that data to say his local hard dri­ve on July 5, 2016 that the pat­tern present in the meta­da­ta might result; also true

    So that pret­ty thor­ough­ly under­cuts the nar­ra­tive based on The Foren­si­ca­tor’s blog that’s been build­ing for weeks now. Which is what the per­son ask­ing the ini­tial ques­tion more or less says in their response:

    Kevin Poulsen
    July 31, 2017 at 2:42 pm

    You may not have intend­ed it, but your report is being wide­ly mis­read as address­ing the orig­i­nal migra­tion of the files off the DNC’s net­work, when, as you seem acknowl­edge, it actu­al­ly address­es the pack­ag­ing of the files for pub­lic release, which might have occurred weeks lat­er on the attacker’s own machine. It’s sad to see your painstak­ing analy­sis so wild­ly mis­un­der­stood because of ambigu­ous lan­guage in the “key find­ings” sec­tion at the top.

    And that ends the back and forth between that per­son and The Foren­si­ca­tor and remains the only admis­sion by The Foren­si­ca­tor of these crit­i­cal details. so there’s that.

    At the same time, it’s worth keep­ing in mind that there is still some val­ue in The Foren­si­ca­tor’s analy­sis since it does describe one of the many pos­si­ble sce­nar­ios that fit the avail­able evi­dence. Plus, the find­ing that the com­put­er that the files were copied from on July 5, 2015, appeared to have an US East Coast time­zone set­ting is notable even if we assume that July 5th event had noth­ing to do with the ini­tial removal of the files from the DNC serv­er. Espe­cial­ly con­sid­er­ing the very real pos­si­bil­i­ty that the stolen doc­u­ments were being qui­et­ly passed around to all sorts of indi­vid­u­als, includ­ing peo­ple who may not have had been par­tic­u­lar tech savvy and did­n’t have the sit­u­a­tion­al aware­ness to even think about some­thing like leav­ing a pos­si­ble clue in the time­stamp meta­da­ta, it’s entire­ly pos­si­ble the East Coast time­stamp data real­ly does reflect the loca­tion of the com­put­er where those files were pack­aged. Yes, there’s no com­pelling rea­son to assume this is true since time­zone set­tings could be changed on the com­put­er or the meta­da­ta could have been set to any­thing on the files. But, who knows, maybe that time­stamp sig­na­ture real­ly was indica­tive of the DNC doc­u­ments pass­ing through an East Coast-based com­put­er at some point before their release. It’s a pos­si­bil­i­ty worth keep­ing in mind. As long as we don’t exclu­sive­ly keep it in mind.

    Posted by Pterrafractyl | August 8, 2017, 6:13 pm
  16. Oh great: It looks like The Foren­si­ca­tor’s analy­sis that pur­ports to prove that at least some of the leaked DNC doc­u­ments could­n’t have been remote­ly hacked and instead must have been removed via a USB dri­ve — deeply flawed analy­sis that even the Foren­si­ca­tor has qui­et­ly and inad­ver­tent­ly debunked — is con­tin­ue to get more press in the media. Both The Nation and Bloomberg put out pieces about the Vet­er­an Intel­li­gence Pro­fes­sion­als for San­i­ty (VIPS) and their endorse­ment of the Foren­si­ca­tor’s analy­sis. The Bloomberg piece does a much bet­ter job in that it at least acknowl­edges the pos­si­ble prob­lems and links to Scott Rit­ter’s piece that points out the prob­lems with it. The Nation piece, on the oth­er hand, treats it as a slam dunk case and proof that the DNC files must have been extract­ed local­ly. And, again, in addi­tion to Rit­ter’s cri­tique, which the VIPS mem­bers almost sure­ly have seen since he him­self is a VIPS mem­ber, The Foren­si­ca­tor himself/herself debunked their own find­ings when pressed with ques­tions about it on their own blog. So now this eas­i­ly debunked analy­sis is increas­ing­ly becom­ing the most promi­nent attempt to ques­tion the ‘Russ­ian hack­ers’ nar­ra­tive.:

    New York Mag­a­zine

    The Nation Arti­cle About the DNC Hack Is Too Inco­her­ent to Even Debunk

    By Bri­an Feld­man
    August 10, 2017 4:31 pm

    Yes­ter­day, The Nation pub­lished an arti­cle by jour­nal­ist Patrick Lawrence pur­port­ing to demon­strate that last summer’s piv­otal DNC hack was, in fact, an inside job. Maybe unsur­pris­ing­ly, it’s proven espe­cial­ly pop­u­lar among peo­ple who hold it as an arti­cle of polit­i­cal faith that the Russ­ian gov­ern­ment and intel­li­gence ser­vices played no role in the theft and pub­li­ca­tion of a cache of emails from DNC staffers:

    Must read: It was­n’t a hack. It was a DNC insid­er with a mem­o­ry stick. Or how a “con­spir­a­cy the­o­ry” became real­i­ty. https://t.co/heyzYzLZSZ— Kim Dot­com (@KimDotcom) August 10, 2017

    The media con­spir­a­cy the­o­ry that Rus­sia hacked the DNC is utter­ly debunked https://t.co/2zpYyRIGK9— Jack Poso­biec ???? (@JackPosobiec) August 10, 2017

    Anoth­er Demo­c­ra­t­ic Russ­ian nar­ra­tive bites the dust. https://t.co/IgfpzguPNT— Nick Short ???? (@PoliticalShort) August 10, 2017

    Con­clu­sive proof, or even strong evi­dence, that the DNC emails were leaked by an insid­er and not by Russ­ian-spon­sored hack­ers would indeed be a huge sto­ry — among oth­er things, it would con­tra­dict the near-unan­i­mous opin­ion of U.S. intel­li­gence agen­cies, and raise some very seri­ous ques­tions about their objec­tiv­i­ty and neu­tral­i­ty.

    But this arti­cle is nei­ther con­clu­sive proof nor strong evi­dence. It’s the extreme­ly long-wind­ed prod­uct of a crank, and it’s been get­ting atten­tion only because it appears in a respect­ed left-wing pub­li­ca­tion like The Nation. Any­one hop­ing to read it for care­ful report­ing and clear expla­na­tion is going to come away dis­ap­point­ed, how­ev­er.

    If you want to get to the actu­al claims being made, you’ll have to skip the first 1,000 or so words, which most­ly con­sist of breath­tak­ing­ly elab­o­rate throat-clear­ing. (“[H]ouses built on sand and made of cards are bound to col­lapse, and there can be no sur­prise that the one rest­ing atop the ‘hack the­o­ry,’ as we can call the pre­vail­ing wis­dom on the DNC events, appears to be in the process of doing so.”) About halfway through, you get to the crux of the arti­cle: A report, made by an anony­mous ana­lyst call­ing him­self “Foren­si­ca­tor,” on the “meta­da­ta” of “locked files” leaked by the hack­er Guc­cifer 2.0.

    This should, already, set off alarm bells: An anony­mous ana­lyst is claim­ing to have ana­lyzed the “meta­da­ta” of “locked files” that only this ana­lyst had access to? Still, if I’m under­stand­ing it cor­rect­ly, Lawrence’s cen­tral argu­ment (which, again, rests on the belief that Forensicator’s claims about “meta­da­ta” are mean­ing­ful and cor­rect) is that the ini­tial data trans­fer from the DNC occurred at speeds impos­si­ble via the inter­net. Instead, he and a few retired intel-com­mu­ni­ty mem­bers and some pseu­do­ny­mous blog­gers believe the data was trans­ferred to a USB stick, mak­ing the infil­tra­tion a leak from some­one inside the DNC, not a hack.

    ...

    If that’s your strongest evi­dence, your argu­ment is already in trou­ble. But the real prob­lem isn’t that there’s a bizarre claim about inter­net speed that doesn’t hold up to scruti­ny. It’s that Lawrence is writ­ing in tech­no-gib­ber­ish that falls apart under even the slight­est scruti­ny. You could try to go on, but to what end? As an exam­ple: Lawrence writes that “researchers pen­e­trat­ed what Fold­en calls Guccifer’s top lay­er of meta­da­ta and ana­lyzed what was in the lay­ers beneath.” What on earth is that sup­posed to mean? We don’t know what “meta­da­ta” we’re talk­ing about, or why it comes in “lay­ers,” and all I’m left with is the dis­tinct impres­sion that Lawrence doesn’t either. Even if you want­ed to take this seri­ous­ly enough to engage with, you can’t, because it only inter­mit­tent­ly makes sense. There may be evi­dence out there, some­where, that a vast con­spir­a­cy the­o­ry has tak­en place to cov­er up a leak and blame Rus­sia. But it’s going to need to be at least com­pre­hen­si­ble.

    ———-

    “The Nation Arti­cle About the DNC Hack Is Too Inco­her­ent to Even Debunk” by Bri­an Feld­man; New York Mag­a­zine; 08/10/2017

    “But this arti­cle is nei­ther con­clu­sive proof nor strong evi­dence. It’s the extreme­ly long-wind­ed prod­uct of a crank, and it’s been get­ting atten­tion only because it appears in a respect­ed left-wing pub­li­ca­tion like The Nation. Any­one hop­ing to read it for care­ful report­ing and clear expla­na­tion is going to come away dis­ap­point­ed, how­ev­er.”

    Yep, much like how the offi­cial evi­dence for ‘Russ­ian hack­ers’ lacks a clear expla­na­tion and relies on long-wind­ed nar­ra­tives that nev­er actu­al­ly pro­vide mean­ing­ful evi­dence, the same is true with the nar­ra­tives the VIPS folks are now push­ing.

    But notice this curi­ous part: In The Nation piece, the var­i­ous IT pro­fes­sion­als work­ing with the VIPS note that The Foren­si­ca­tor was­n’t sim­ply bas­ing their analy­sis on the data Guc­cifer 2.0 pub­lic dump on Sep­tem­ber 13, 2016. Instead, The Foren­si­ca­tor appar­ent­ly unlocked pass­word pro­tect­ed direc­to­ries. And it appears that ONLY The Foren­si­ca­tor had the pass­word, or has some­how bro­ken it:

    ...
    If you want to get to the actu­al claims being made, you’ll have to skip the first 1,000 or so words, which most­ly con­sist of breath­tak­ing­ly elab­o­rate throat-clear­ing. (“[H]ouses built on sand and made of cards are bound to col­lapse, and there can be no sur­prise that the one rest­ing atop the ‘hack the­o­ry,’ as we can call the pre­vail­ing wis­dom on the DNC events, appears to be in the process of doing so.”) About halfway through, you get to the crux of the arti­cle: A report, made by an anony­mous ana­lyst call­ing him­self “Foren­si­ca­tor,” on the “meta­da­ta” of “locked files” leaked by the hack­er Guc­cifer 2.0.

    This should, already, set off alarm bells: An anony­mous ana­lyst is claim­ing to have ana­lyzed the “meta­da­ta” of “locked files” that only this ana­lyst had access to? Still, if I’m under­stand­ing it cor­rect­ly, Lawrence’s cen­tral argu­ment (which, again, rests on the belief that Forensicator’s claims about “meta­da­ta” are mean­ing­ful and cor­rect) is that the ini­tial data trans­fer from the DNC occurred at speeds impos­si­ble via the inter­net. Instead, he and a few retired intel-com­mu­ni­ty mem­bers and some pseu­do­ny­mous blog­gers believe the data was trans­ferred to a USB stick, mak­ing the infil­tra­tion a leak from some­one inside the DNC, not a hack.
    ...

    Also note that the Foren­si­ca­to’s blog describes, step by step, how oth­ers can repeat their analy­sis and link to a Sep­tem­ber 13th, 2016 at 5:13 PM CST post­ing on Paste­bin where peo­ple can down­load the files and that post­ing includes a pass­word. But that appears to just be the pass­word to open open up the zipped doc­u­ments. But The Foren­si­ca­tor appar­ent­ly some­how access direc­to­ries in that zipped file that also had their own pass­words. So either The Foren­si­ca­tor is adept at crack­ing those pass­words (which no one else has pub­licly done) or The Foren­si­ca­tor got the pass­word from Guc­cifer 2.0. Or per­haps is Guc­cifer 2.0.

    And it gets even more mys­te­ri­ous when The Nation piece indi­cates that one of the IT experts work­ing with the VIPS folks is act­ing as a liai­son with The Foren­si­ca­tor:

    The Nation

    A New Report Rais­es Big Ques­tions About Last Year’s DNC Hack
    For­mer NSA experts say it wasn’t a hack at all, but a leak—an inside job by some­one with access to the DNC’s sys­tem.

    By Patrick LawrenceTwit­ter

    August 10, 2017 8:00 am

    It is now a year since the Demo­c­ra­t­ic Nation­al Committee’s mail sys­tem was compromised—a year since events in the spring and ear­ly sum­mer of 2016 were iden­ti­fied as remote hacks and, in short order, attrib­uted to Rus­sians act­ing in behalf of Don­ald Trump. A great edi­fice has been erect­ed dur­ing this time. Pres­i­dent Trump, mem­bers of his fam­i­ly, and numer­ous peo­ple around him stand accused of var­i­ous cor­rup­tions and exten­sive col­lu­sion with Rus­sians. Half a dozen simul­ta­ne­ous inves­ti­ga­tions pro­ceed into these mat­ters. Last week news broke that Spe­cial Coun­sel Robert Mueller had con­vened a grand jury, which issued its first sub­poe­nas on August 3. Alle­ga­tions of trea­son are com­mon; promi­nent polit­i­cal fig­ures and many media cul­ti­vate a case for impeach­ment.

    ...

    This arti­cle is based on an exam­i­na­tion of the doc­u­ments these foren­sic experts and intel­li­gence ana­lysts have pro­duced, notably the key papers writ­ten over the past sev­er­al weeks, as well as detailed inter­views with many of those con­duct­ing inves­ti­ga­tions and now draw­ing con­clu­sions from them. Before pro­ceed­ing into this mate­r­i­al, sev­er­al points bear not­ing.

    One, there are many oth­er alle­ga­tions impli­cat­ing Rus­sians in the 2016 polit­i­cal process. The work I will now report upon does not pur­port to prove or dis­prove any of them. Who deliv­ered doc­u­ments to Wik­iLeaks? Who was respon­si­ble for the “phish­ing” oper­a­tion pen­e­trat­ing John Podesta’s e‑mail in March 2016? We do not know the answers to such ques­tions. It is entire­ly pos­si­ble, indeed, that the answers we deserve and must demand could turn out to be mul­ti­ple: One thing hap­pened in one case, anoth­er thing in anoth­er. The new work done on the mid-June and July 5 events bears upon all else in only one respect. We are now on notice: Giv­en that we now stand face to face with very con­sid­er­able cas­es of duplic­i­ty, it is imper­a­tive that all offi­cial accounts of these many events be sub­ject to rig­or­ous­ly skep­ti­cal ques­tion­ing. Do we even know that John Podesta’s e‑mail was in fact “phished”? What evi­dence of this has been pro­duced? Such rock-bot­tom ques­tions as these must now be posed in all oth­er cas­es.

    Two, hous­es built on sand and made of cards are bound to col­lapse, and there can be no sur­prise that the one rest­ing atop the “hack the­o­ry,” as we can call the pre­vail­ing wis­dom on the DNC events, appears to be in the process of doing so. Nei­ther is there any­thing far-fetched in a rever­sal of the truth of this mag­ni­tude. Amer­i­can his­to­ry is replete with sim­i­lar cas­es. The Span­ish sank the Maine in Havana har­bor in Feb­ru­ary 1898. Iran’s Mossadegh was a Com­mu­nist. Guatemala’s Árbenz rep­re­sent­ed a Com­mu­nist threat to the Unit­ed States. Vietnam’s Ho Chi Minh was a Sovi­et pup­pet. The San­din­istas were Com­mu­nists. The truth of the Maine, a war and a rev­o­lu­tion in between, took a cen­tu­ry to find the light of day, where­upon the offi­cial sto­ry dis­in­te­grat­ed. We can do bet­ter now. It is an odd sen­sa­tion to live through one of these episodes, espe­cial­ly one as big as Rus­si­a­gate. But its place atop a long line of prece­dents can no longer be dis­put­ed.

    Three, regard­less of what one may think about the inves­ti­ga­tions and con­clu­sions I will now outline—and, as not­ed, these inves­ti­ga­tions continue—there is a bot­tom line attach­ing to them. We can even call it a red line. Under no cir­cum­stance can it be accept­able that the rel­e­vant authorities—the Nation­al Secu­ri­ty Agency, the Jus­tice Depart­ment (via the Fed­er­al Bureau of Inves­ti­ga­tion), and the Cen­tral Intel­li­gence Agency—leave these new find­ings with­out reply. Not cred­i­bly, in any case. Foren­sic inves­ti­ga­tors, promi­nent among them peo­ple with decades’ expe­ri­ence at high lev­els in these very insti­tu­tions, have put a body of evi­dence on a table pre­vi­ous­ly left emp­ty. Silence now, should it ensue, can­not be writ­ten down as an admis­sion of duplic­i­ty, but it will come very close to one.

    It requires no elab­o­ra­tion to apply the above point to the cor­po­rate media, which have been flac­cid­ly sat­is­fied with offi­cial expla­na­tions of the DNC mat­ter from the start.

    Qual­i­fied experts work­ing inde­pen­dent­ly of one anoth­er began to exam­ine the DNC case imme­di­ate­ly after the July 2016 events. Promi­nent among these is a group com­pris­ing for­mer intel­li­gence offi­cers, almost all of whom pre­vi­ous­ly occu­pied senior posi­tions. Vet­er­an Intel­li­gence Pro­fes­sion­als for San­i­ty (VIPS), found­ed in 2003, now has 30 mem­bers, includ­ing a few asso­ciates with back­grounds in nation­al-secu­ri­ty fields oth­er than intel­li­gence. The chief researchers active on the DNC case are four: William Bin­ney, for­mer­ly the NSA’s tech­ni­cal direc­tor for world geopo­lit­i­cal and mil­i­tary analy­sis and design­er of many agency pro­grams now in use; Kirk Wiebe, for­mer­ly a senior ana­lyst at the NSA’s SIGINT Automa­tion Research Cen­ter; Edward Loomis, for­mer­ly tech­ni­cal direc­tor in the NSA’s Office of Sig­nal Pro­cess­ing; and Ray McGov­ern, an intel­li­gence ana­lyst for near­ly three decades and for­mer­ly chief of the CIA’s Sovi­et For­eign Pol­i­cy Branch. Most of these men have decades of expe­ri­ence in mat­ters con­cern­ing Russ­ian intel­li­gence and the relat­ed tech­nolo­gies. This arti­cle reflects numer­ous inter­views with all of them con­duct­ed in per­son, via Skype, or by tele­phone.

    The cus­tom­ary VIPS for­mat is an open let­ter, typ­i­cal­ly addressed to the pres­i­dent. The group has writ­ten three such let­ters on the DNC inci­dent, all of which were first pub­lished by Robert Par­ry at http://www.consortiumnews.com. Here is the lat­est, dat­ed July 24; it blue­prints the foren­sic work this arti­cle explores in detail. They have all argued that the hack the­o­ry is wrong and that a local­ly exe­cut­ed leak is the far more like­ly expla­na­tion. In a let­ter to Barack Oba­ma dat­ed Jan­u­ary 17, three days before he left office, the group explained that the NSA’s known pro­grams are ful­ly capa­ble of cap­tur­ing all elec­tron­ic trans­fers of data. “We strong­ly sug­gest that you ask NSA for any evi­dence it may have indi­cat­ing that the results of Russ­ian hack­ing were giv­en to Wik­iLeaks,” the let­ter said. “If NSA can­not pro­duce such evidence—and quickly—this would prob­a­bly mean it does not have any.”

    The day after Par­ry pub­lished this let­ter, Oba­ma gave his last press con­fer­ence as pres­i­dent, at which he deliv­ered one of the great gems among the offi­cial state­ments on the DNC e‑mail ques­tion. “The con­clu­sions of the intel­li­gence com­mu­ni­ty with respect to the Russ­ian hack­ing,” the lega­cy-mind­ed Oba­ma said, “were not con­clu­sive.” There is lit­tle to sug­gest the VIPS let­ter prompt­ed this remark, but it is typ­i­cal of the lin­guis­tic tap-danc­ing many offi­cials con­nect­ed to the case have indulged so as to avoid putting their names on the hack the­o­ry and all that derives from it.

    Until recent­ly there was a seri­ous hin­drance to the VIPS’s work, and I have just sug­gest­ed it. The group lacked access to pos­i­tive data. It had no lump of cyber-mate­r­i­al to place on its lab table and ana­lyze, because no offi­cial agency had pro­vid­ed any.

    Don­ald Rums­feld famous­ly argued with regard to the WMD ques­tion in Iraq, “The absence of evi­dence is not evi­dence of absence.” In essence, Bin­ney and oth­ers at VIPS say this log­ic turns upside down in the DNC case: Based on the knowl­edge of for­mer offi­cials such as Bin­ney, the group knew that (1) if there was a hack and (2) if Rus­sia was respon­si­ble for it, the NSA would have to have evi­dence of both. Bin­ney and oth­ers sur­mised that the agency and asso­ci­at­ed insti­tu­tions were hid­ing the absence of evi­dence behind the claim that they had to main­tain secre­cy to pro­tect NSA pro­grams. “Every­thing that they say must remain clas­si­fied is already well-known,” Bin­ney said in an inter­view. “They’re play­ing the Wiz­ard of Oz game.”

    New find­ings indi­cate this is per­fect­ly true, but until recent­ly the VIPS experts could pro­duce only “neg­a­tive evi­dence,” as they put it: The absence of evi­dence sup­port­ing the hack the­o­ry demon­strates that it can­not be so. That is all VIPS had. They could allege and assert, but they could not con­clude: They were stuck demand­ing evi­dence they did not have—if only to prove there was none.

    Research into the DNC case took a fate­ful turn in ear­ly July, when foren­sic inves­ti­ga­tors who had been work­ing inde­pen­dent­ly began to share find­ings and form loose col­lab­o­ra­tions where­in each could build on the work of oth­ers. In this a small, new web­site called http://www.disobedientmedia.com proved an impor­tant cat­a­lyst. Two inde­pen­dent researchers select­ed it, Snow­den-like, as the medi­um through which to dis­close their find­ings. One of these is known as Foren­si­ca­tor and the oth­er as Adam Carter. On July 9, Adam Carter sent Eliz­a­beth Vos, a co-founder of Dis­obe­di­ent Media, a paper by the Foren­si­ca­tor that split the DNC case open like a coconut.

    By this time Bin­ney and the oth­er tech­ni­cal-side peo­ple at VIPS had begun work­ing with a man named Skip Fold­en. Fold­en was an IT exec­u­tive at IBM for 33 years, serv­ing 25 years as the IT pro­gram man­ag­er in the Unit­ed States. He has also con­sult­ed for Pen­ta­gon offi­cials, the FBI, and the Jus­tice Depart­ment. Fold­en is effec­tive­ly the VIPS group’s liai­son to Foren­si­ca­tor, Adam Carter, and oth­er inves­ti­ga­tors, but nei­ther Fold­en nor any­one else knows the iden­ti­ty of either Foren­si­ca­tor or Adam Carter. This bears brief expla­na­tion.

    The Forensicator’s July 9 doc­u­ment indi­cates he lives in the Pacif­ic Time Zone, which puts him on the West Coast. His notes describ­ing his inves­tiga­tive pro­ce­dures sup­port this. But lit­tle else is known of him. Adam Carter, in turn, is locat­ed in Eng­land, but the name is a coy pseu­do­nym: It derives from a char­ac­ter in a BBC espi­onage series called Spooks. It is pro­to­col in this com­mu­ni­ty, Eliz­a­beth Vos told me in a tele­phone con­ver­sa­tion this week, to respect this degree of anonymi­ty. Kirk Wiebe, the for­mer SIGINT ana­lyst at the NSA, thinks Foren­si­ca­tor could be “some­one very good with the FBI,” but there is no cer­tain­ty. Unan­i­mous­ly, how­ev­er, all the ana­lysts and foren­sics inves­ti­ga­tors inter­viewed for this col­umn say Forensicator’s advanced exper­tise, evi­dent in the work he has done, is unas­sail­able. They hold a sim­i­lar­ly high opin­ion of Adam Carter’s work.

    Foren­si­ca­tor is work­ing with the doc­u­ments pub­lished by Guc­cifer 2.0, focus­ing for now on the July 5 intru­sion into the DNC serv­er. The con­tents of Guccifer’s files are known—they were pub­lished last September—and are not Forensicator’s con­cern. His work is with the meta­da­ta on those files. These data did not come to him via any clan­des­tine means. Foren­si­ca­tor sim­ply has access to them that oth­ers did not have. It is this access that prompts Kirk Wiebe and oth­ers to sug­gest that Foren­si­ca­tor may be some­one with excep­tion­al tal­ent and train­ing inside an agency such as the FBI. “Foren­si­ca­tor unlocked and then ana­lyzed what had been the locked files Guc­cifer sup­pos­ed­ly took from the DNC serv­er,” Skip Fold­en explained in an inter­view. “To do this he would have to have ‘access priv­i­lege,’ mean­ing a key.”

    ...

    I con­clud­ed each of the inter­views con­duct­ed for this col­umn by ask­ing for a degree of con­fi­dence in the new find­ings. These are care­ful, exact­ing peo­ple as a mat­ter of pro­fes­sion­al train­ing and stan­dards, and I got care­ful, exact­ing replies.

    All those inter­viewed came in between 90 per­cent and 100 per­cent cer­tain that the foren­sics prove out. I have already quot­ed Skip Folden’s answer: impos­si­ble based on the data. “The laws of physics don’t lie,” Ray McGov­ern vol­un­teered at one point. “It’s QED, the­o­rem demon­strat­ed,” William Bin­ney said in response to my ques­tion. “There’s no evi­dence out there to get me to change my mind.” When I asked Edward Loomis, a 90 per­cent man, about the 10 per­cent he held out, he replied, “I’ve looked at the work and it shows there was no Russ­ian hack. But I didn’t do the work. That’s the 10 per­cent. I’m a sci­en­tist.”

    ———–

    “A New Report Rais­es Big Ques­tions About Last Year’s DNC Hack” by Patrick Lawrence; The Nation; 08/10/2017

    “Qual­i­fied experts work­ing inde­pen­dent­ly of one anoth­er began to exam­ine the DNC case imme­di­ate­ly after the July 2016 events. Promi­nent among these is a group com­pris­ing for­mer intel­li­gence offi­cers, almost all of whom pre­vi­ous­ly occu­pied senior posi­tions. Vet­er­an Intel­li­gence Pro­fes­sion­als for San­i­ty (VIPS), found­ed in 2003, now has 30 mem­bers, includ­ing a few asso­ciates with back­grounds in nation­al-secu­ri­ty fields oth­er than intel­li­gence. The chief researchers active on the DNC case are four: William Bin­ney, for­mer­ly the NSA’s tech­ni­cal direc­tor for world geopo­lit­i­cal and mil­i­tary analy­sis and design­er of many agency pro­grams now in use; Kirk Wiebe, for­mer­ly a senior ana­lyst at the NSA’s SIGINT Automa­tion Research Cen­ter; Edward Loomis, for­mer­ly tech­ni­cal direc­tor in the NSA’s Office of Sig­nal Pro­cess­ing; and Ray McGov­ern, an intel­li­gence ana­lyst for near­ly three decades and for­mer­ly chief of the CIA’s Sovi­et For­eign Pol­i­cy Branch. Most of these men have decades of expe­ri­ence in mat­ters con­cern­ing Russ­ian intel­li­gence and the relat­ed tech­nolo­gies. This arti­cle reflects numer­ous inter­views with all of them con­duct­ed in per­son, via Skype, or by tele­phone.”

    That’s who is pro­vid­ing the strong VIPS endorse­ment of The Foren­si­ca­tor’s analy­sis: William Bin­ney, for­mer­ly the NSA’s tech­ni­cal direc­tor for world geopo­lit­i­cal and mil­i­tary analy­sis and design­er of many agency pro­grams now in use; Kirk Wiebe, for­mer­ly a senior ana­lyst at the NSA’s SIGINT Automa­tion Research Cen­ter; Edward Loomis, for­mer­ly tech­ni­cal direc­tor in the NSA’s Office of Sig­nal Pro­cess­ing; and Ray McGov­ern, an intel­li­gence ana­lyst for near­ly three decades and for­mer­ly chief of the CIA’s Sovi­et For­eign Pol­i­cy Branch.

    And they appear to have coor­di­nat­ing with Skip Fold­en, some­one act­ing as a liai­son with The Foren­si­ca­tor and “Adam Carter”, the pseu­do­nym of anoth­er per­son that’s done quite a bit of work look­ing into the “Guc­cifer 2.0” per­sona (and there does­n’t appear to be any­thing sus­pect of Adam Carter’s work):

    ...
    By this time Bin­ney and the oth­er tech­ni­cal-side peo­ple at VIPS had begun work­ing with a man named Skip Fold­en. Fold­en was an IT exec­u­tive at IBM for 33 years, serv­ing 25 years as the IT pro­gram man­ag­er in the Unit­ed States. He has also con­sult­ed for Pen­ta­gon offi­cials, the FBI, and the Jus­tice Depart­ment. Fold­en is effec­tive­ly the VIPS group’s liai­son to Foren­si­ca­tor, Adam Carter, and oth­er inves­ti­ga­tors, but nei­ther Fold­en nor any­one else knows the iden­ti­ty of either Foren­si­ca­tor or Adam Carter. This bears brief expla­na­tion.

    The Forensicator’s July 9 doc­u­ment indi­cates he lives in the Pacif­ic Time Zone, which puts him on the West Coast. His notes describ­ing his inves­tiga­tive pro­ce­dures sup­port this. But lit­tle else is known of him. Adam Carter, in turn, is locat­ed in Eng­land, but the name is a coy pseu­do­nym: It derives from a char­ac­ter in a BBC espi­onage series called Spooks. It is pro­to­col in this com­mu­ni­ty, Eliz­a­beth Vos told me in a tele­phone con­ver­sa­tion this week, to respect this degree of anonymi­ty. Kirk Wiebe, the for­mer SIGINT ana­lyst at the NSA, thinks Foren­si­ca­tor could be “some­one very good with the FBI,” but there is no cer­tain­ty. Unan­i­mous­ly, how­ev­er, all the ana­lysts and foren­sics inves­ti­ga­tors inter­viewed for this col­umn say Forensicator’s advanced exper­tise, evi­dent in the work he has done, is unas­sail­able. They hold a sim­i­lar­ly high opin­ion of Adam Carter’s work
    ...

    And accord­ing to Fold­en, The Foren­si­ca­tor some­how obtained an “access key” to get inside “locked” doc­u­ments that no one else could get:

    ...
    Foren­si­ca­tor is work­ing with the doc­u­ments pub­lished by Guc­cifer 2.0, focus­ing for now on the July 5 intru­sion into the DNC serv­er. The con­tents of Guccifer’s files are known—they were pub­lished last September—and are not Forensicator’s con­cern. His work is with the meta­da­ta on those files. These data did not come to him via any clan­des­tine means. Foren­si­ca­tor sim­ply has access to them that oth­ers did not have. It is this access that prompts Kirk Wiebe and oth­ers to sug­gest that Foren­si­ca­tor may be some­one with excep­tion­al tal­ent and train­ing inside an agency such as the FBI. “Foren­si­ca­tor unlocked and then ana­lyzed what had been the locked files Guc­cifer sup­pos­ed­ly took from the DNC serv­er,” Skip Fold­en explained in an inter­view. “To do this he would have to have ‘access priv­i­lege,’ mean­ing a key.”
    ...

    “These data did not come to him via any clan­des­tine means. Foren­si­ca­tor sim­ply has access to them that oth­ers did not have. It is this access that prompts Kirk Wiebe and oth­ers to sug­gest that Foren­si­ca­tor may be some­one with excep­tion­al tal­ent and train­ing inside an agency such as the FBI. “Foren­si­ca­tor unlocked and then ana­lyzed what had been the locked files Guc­cifer sup­pos­ed­ly took from the DNC serv­er,” Skip Fold­en explained in an inter­view. “To do this he would have to have ‘access priv­i­lege,’ mean­ing a key.””

    So did The Foren­si­ca­tor real­ly need to use a spe­cial pass­word to access some of the direc­to­ries in that DNC doc­u­ment dump? Well, they aren’t at all explic­it about it, but yes, they do indi­cate that they accessed pass­word pro­tect­ed doc­u­ments while nev­er say­ing what pass­word is or if they instead some­how broke the encryp­tion:

    The Foren­si­ca­tor

    Guc­cifer 2.0 NGP/VAN Meta­da­ta Analy­sis

    07/09/2017

    ...

    Analy­sis

    The Guc­cifer 2 “NGP VAN” files are found in a pass­word pro­tect­ed 7zip file; instruc­tions for down­load­ing this 7zip file can be found at https://pastebin.com/fN9uvUE0.

    Tech­ni­cal note: the size of the 7zip file is 711,396,436 bytes and the MD5 sum is: a6ca56d03073ce6377922171fc8b232d.

    This .7z file con­tains sev­er­al .rar files – one for each top-lev­el direc­to­ry, as shown below.

    [see screen­shot of unpacked DNC doc­u­ment dump]

    The times shown above are in Pacif­ic Day­light Sav­ings Time (PDT). The embed­ded .rar files are high­light­ed in yel­low. The “*” after each file indi­cates that the file is pass­word encrypt­ed. This dis­play of the file entries is shown when the .7z file is opened. A pass­word is required to extract the con­stituent files. This aspect of the .7z file like­ly moti­vat­ed zip­ping the sub-direc­to­ries (e.g. CNBC and DNC) into .rar files; this effec­tive­ly hides the struc­ture of the sub-direc­to­ries, unless the pass­word is pro­vid­ed and the sub-direc­to­ries are then extract­ed. The last mod­i­fi­ca­tion dates indi­cate that the .rar files were built on 9/1/2016 and all the oth­er files were copied on 7/5/2016. Note that all the times are even (accu­rate only to the near­est 2 sec­onds); the sig­nif­i­cance of this prop­er­ty will be dis­cussed near the end of this analy­sis. The files copied on 7/5/2016 have last mod­i­fied times that are close­ly clus­tered around 3:50 PM (PDT); the sig­nif­i­cance of those times will be described below.

    ...

    ———–

    “Guc­cifer 2.0 NGP/VAN Meta­da­ta Analy­sis” by the­foren­si­ca­tor; The Foren­si­ca­tor; 07/09/2017

    “The times shown above are in Pacif­ic Day­light Sav­ings Time (PDT). The embed­ded .rar files are high­light­ed in yel­low. The “*” after each file indi­cates that the file is pass­word encrypt­ed. This dis­play of the file entries is shown when the .7z file is opened. A pass­word is required to extract the con­stituent files. This aspect of the .7z file like­ly moti­vat­ed zip­ping the sub-direc­to­ries (e.g. CNBC and DNC) into .rar files; this effec­tive­ly hides the struc­ture of the sub-direc­to­ries, unless the pass­word is pro­vid­ed and the sub-direc­to­ries are then extract­ed. The last mod­i­fi­ca­tion dates indi­cate that the .rar files were built on 9/1/2016 and all the oth­er files were copied on 7/5/2016. Note that all the times are even (accu­rate only to the near­est 2 sec­onds); the sig­nif­i­cance of this prop­er­ty will be dis­cussed near the end of this analy­sis. The files copied on 7/5/2016 have last mod­i­fied times that are close­ly clus­tered around 3:50 PM (PDT); the sig­nif­i­cance of those times will be described below.”

    So let’s review:
    1. The Foren­si­ca­tor puts out this analy­sis in ear­ly July pur­port­ing to demon­strate con­clu­sive­ly that the DNC doc­u­ments MUST have been removed local­ly.

    2. Their analy­sis indi­cates a pass­word was required to view some of the files, but they nev­er indi­cate how they got past this pass­word and bare­ly address it at all.

    3. Their analy­sis is also deeply flawed since it in no way address­es the very real pos­si­bil­i­ty that all of the meta­da­ta analy­sis they based their con­clu­sions on was the meta­da­ta gen­er­at­ed by sub­se­quent copy­ing of the data, some­thing they qui­et­ly acknowl­edge much lat­er (and sub­se­quent­ly ignore) when pressed on the issue by a com­menter on their blog.

    4. A team of VIPS folks that includes for­mer NSA ana­lysts whole heart­ed­ly endorse their ‘slam dunk’ find­ings.

    5. Scott Rit­ter, also a VIPS mem­ber, slams his fel­low VIPS mem­bers for putting out such a report giv­en the flaws. And is appar­ent­ly ignored.

    6. More arti­cles con­tin­ue to come out from the VIPS crew tout­ing this as unas­sail­able proof that the doc­u­ments must have been removed local­ly.

    7. And now we learn that the VIPS team has been work­ing with Skip Fold­en, an IT exec­u­tive at IBM for 33 years who also con­sult­ed for Pen­ta­gon offi­cials, the FBI, and the Jus­tice Depart­ment. And Fold­en is appar­ent­ly the VIPS group’s liai­son to Foren­si­ca­tor, Adam Carter, and oth­er inves­ti­ga­tors.

    8. Final­ly, Kirk Wiebe, one of the VIPS team mem­bers work­ing on this, sug­gests that The Foren­si­ca­tor is prob­a­bly “some­one with excep­tion­al tal­ent and train­ing inside an agency such as the FBI”. And accord­ing to Fel­don, “Foren­si­ca­tor unlocked and then ana­lyzed what had been the locked files Guc­cifer sup­pos­ed­ly took from the DNC server...To do this he would have to have ‘access priv­i­lege,’ mean­ing a key.”

    So a group of IT experts has con­clud­ed that the Foren­si­ca­tor some­how has elite train­ing on these mat­ters and some­how got “access priv­i­lege” to those pass­word-pro­tect­ed doc­u­ments. And this team is dou­bling down on the asser­tion that The Foren­si­ca­tor’s analy­sis is strong evi­dence of the sce­nario that the DNC doc­u­ments files were removed local­ly. And, again, even The Foren­si­ca­tor has admit­ted that their analy­sis is not evi­dence of that, although it appeared to be a grudg­ing admis­sion that they sub­se­quent­ly ignore along with almost every­one else push­ing this the­o­ry.

    It rais­es the ques­tion: is there a group out there try­ing to put forth deeply analy­sis in order to even­tu­al­ly dis­cred­it inquiries into the ‘Russ­ian hack­ers’ nar­ra­tive? Or are they just try­ing to over­whelm the pub­lic with a bunch of tech­ni­cal analy­sis that almost no one even both­ers close­ly cri­tique? Con­sid­er­ing the US gov­ern­ment appeared to use the lat­ter approach when push­ing the ‘Russ­ian hack­ers’ nar­ra­tive, the answer isn’t obvi­ous, although none of the avail­able fea­si­ble answers are good.

    Posted by Pterrafractyl | August 11, 2017, 3:55 pm
  17. (I’m not 100% sure of where to place this, so for­give me.)

    In the North Korea mess, it seems that there’s a “pup­pet show” being put on for us with a cast of char­ac­ters:

    * “Crazy” ego­tis­ti­cal pres­i­dent who appears to be plac­ing the coun­try at risk with haz­ardous com­ments toward the “crazy” N Kore­ans (equipped thru Ukraine?)

    * “Ratio­nal” mil­i­tary men whose only chance to “save the coun­try” may be thru a mil­i­tary coup, and since hatred of Trump has been well-cul­ti­vat­ed over the months, might actu­al­ly be wel­comed by (too?) many Amer­i­cans.

    What do you think?

    http://freebeacon.com/national-security/trump-talking-not-answer-north-korea/

    Posted by Uncle Grody | August 31, 2017, 1:39 pm
  18. Just a quick fol­low-up on the prob­lem­at­ic analy­sis done by “the Foren­si­ca­tor” — claim­ing to prove that at least one DNC serv­er hack had to be done local­ly based on an exam­i­na­tion of the meta­da­ta of one of the batch­es of released files — and the cri­tique of that analy­sis in New York Mag­a­zine that includ­ed a very unex­pect­ed asser­tion that the Foren­si­ca­tor used a pass­word that only the Foren­si­ca­tor pos­sessed to unlock hid­den files in the leaked batch of DNC files for use in their analy­sis.

    Well, “Adam Carter” — the pseu­do­nym for anoth­er per­son (or per­sons) whose analy­sis on the time­line of “Guc­cifer 2.0” and the var­i­ous “fin­ger­prints” left in the leaked DNC doc­u­ments has been close­ly asso­ci­at­ed with the Foren­si­ca­tor’s analy­sis — jumped into the fray to address that and accord­ing to Carter there is absolute­ly no secret pass­word that was required to open the files and the New York Mag­a­zine arti­cle was sim­ply wrong on that account:

    g‑2.space

    The First Attack Dog Steps For­ward — New York Mag­a­zine (10 Aug 2017)

    By Adam Carter — August 12th, 2017

    New York Mag­a­zine Has A Glitch

    On Thurs­day, 10 August, 2017, Bri­an Feld­man, writ­ing for New York Mag­a­zine, wrote a hos­tile review of an arti­cle fea­tured in The Nation regard­ing new research, under­re­port­ed evi­dence and analy­sis that, until recent­ly, had appar­ent­ly been giv­en no atten­tion by the main­stream press, intel­li­gence agen­cies or intel­li­gence com­mit­tees (even though one of the major dis­cov­er­ies ref­er­enced was made at the begin­ning of the year, almost 6 months ago).

    There are actu­al­ly some legit­i­mate rea­sons to crit­i­cize the arti­cle in The Nation, how­ev­er, unfor­tu­nate­ly for Feld­man, he only men­tions these minor flaws in pass­ing and instead appears to opt for build­ing straw­man argu­ments, mis­rep­re­sent­ing what was writ­ten through tac­ti­cal omis­sion and attack­ing the char­ac­ter of Patrick Lawrence.

    Feld­man’s Fol­ly

    This was fool­ish, because, if he had attacked the inac­cu­ra­cies sur­round­ing the “locked file” state­ments and sought to make a sub­stan­tive argu­ment against it, he’d have been on sol­id ground.

    For­tu­nate­ly, he’s cho­sen to do some­thing dif­fer­ent which gives me the chance to clear up any mis­con­cep­tions caused (that, again, are rel­a­tive­ly triv­ial and make no dif­fer­ence to the ulti­mate con­clu­sions about the valid­i­ty of Guc­cifer 2.0’s claims to be a hack­er):

    THE FACTS: Foren­si­ca­tor did NOT have a “key” to unlock any­thing that was “locked” in any lit­er­al sense and noth­ing was “cracked”. The NGP-VAN archive he ana­lyzed was pub­licly avail­able and it’s pass­word pub­licly known in Sep­tem­ber of 2016.

    This is the only thing in Lawrence’s arti­cle that I spot­ted that was sig­nif­i­cant­ly dif­fer­ent to the cir­cum­stances I’m aware of (and it’s incon­se­quen­tial to the evi­dence, analy­sis and con­clu­sions made in any of the research car­ried out that Lawrence ref­er­ences in his arti­cle).

    ...

    ———-

    “The First Attack Dog Steps For­ward — New York Mag­a­zine (10 Aug 2017)” by Adam Carter; g‑2.space; 08/12/2017

    “THE FACTS: Foren­si­ca­tor did NOT have a “key” to unlock any­thing that was “locked” in any lit­er­al sense and noth­ing was “cracked”. The NGP-VAN archive he ana­lyzed was pub­licly avail­able and it’s pass­word pub­licly known in Sep­tem­ber of 2016.”

    As Carter points out, if you go to the Paste­bin site where the DNC doc­u­ments were orig­i­nal­ly released to the world you’ll find a pass­word to unlock the files (which hap­pens to be “GuCCif3r_2.0”). And that appears to be the only pass­word involved at all to repli­cate the Foren­si­ca­tor’s analy­sis.

    Hope­ful­ly that clears that plot twist up because it was a rather stun­ning claim in the New York Mag­a­zine arti­cle, in part because there was no indi­ca­tion any­where else that a secret pass­word was used and the steps Foren­si­ca­tor when to to arrive at their con­clu­sion was writ­ten to be repro­ducible by oth­ers. But more impor­tant­ly, the claim of a non-pub­lic pass­word sug­gest­ed that the Foren­si­ca­tor either had access to sig­nif­i­cant decryp­tion resources or some­how came across such a pass­word from who­ev­er cre­at­ed that leaked batch of DNC doc­u­ments. And that, in turn, sug­gest­ed the pos­si­bil­i­ty that the Foren­si­ca­tor was either some­one with access to supe­ri­or decryp­tion resources (sug­gest­ing some­one work­ing for an intel­li­gence agency) or access to a secret pass­word from who­ev­er cre­at­ed it (sug­gest­ing ties to the hack­ers).

    And with that flaw in the New York Mag­a­zine’s analy­sis of the Foren­si­ca­tor’s flawed analy­sis in mind, it’s worth not­ing that the Foren­si­ca­tor did cre­ate a new “Cor­rec­tions and Clar­i­fi­ca­tions” page recent­ly and include one of the most sig­nif­i­cant flaws in their con­clu­sion: The assump­tion that the DNC doc­u­ment data was­n’t copied one or more times before the July 5th “last mod­i­fied” date that most of the files in the leaked doc­u­ment have. There was sim­ply no rea­son to con­clude that the meta­da­ta in the leaked DNC doc­u­ments the Foren­si­ca­tor based their analy­sis on was meta­da­ta cre­at­ed dur­ing the ini­tial event when the files were removed from the DNC serv­er because copy­ing events could have over­writ­ten the “last mod­i­fied” meta­da­ta that the Foren­si­ca­tor’s con­clu­sions were based on.

    And that basi­cal­ly destroys the whole argu­ment that local exfil­tra­tion of the DNC data was some­how proven by the meta­da­ta. And yet that was the con­clu­sion the VIPS team backed and was pro­mot­ed in the arti­cle in The Nation. But now the Foren­si­ca­tor has acknowl­edged that pri­or copy oper­a­tions could have tak­en place, agree­ing with dis­sent­ing VIPS mem­ber Scott Rit­ter who wrote a scathing cri­tique of the VIPS endorse­ment of the Foren­si­ca­tor’s con­clu­sions. And not only does the Foren­si­ca­tor state their agree­ment with Rit­ter on that point but they go on to crit­i­cize the VIPS peo­ple that back their analy­sis for being over­ly con­clu­sive. So even the Foren­si­ca­tor appears to be cri­tique the VIPS report now:

    theforensicator.wordpress.com

    Cor­rec­tions and Clar­i­fi­ca­tions

    08/24/2017

    The Foren­si­ca­tor ful­ly sup­ports the work of the VIPS (Vet­er­an Intel­li­gence Pro­fes­sion­als for San­i­ty) and agrees with their over­all rec­om­men­da­tion that a more thor­ough inves­ti­ga­tion of Russ­ian hack­ing claims is need­ed. Ide­al­ly, this inves­ti­ga­tion would share more evi­dence and more con­vinc­ing evi­dence than has been pro­vid­ed in pre­vi­ous­ly dis­closed US Intel­li­gence reports.

    Some reports in the media have been crit­i­cal of aspects of the VIPS report, and then by impli­ca­tion have trans­ferred their crit­i­cisms to the Guc­cifer 2.0 NGP/VAN Meta­da­ta Analy­sis. In the process, those reporters have demon­strat­ed that they like­ly did not care­ful­ly read the Forensicator’s analy­sis or were not care­ful in mak­ing attri­bu­tions.

    ...

    Clar­i­fi­ca­tions: the VIPS report

    The VIPS arti­cle [July 24, 2017] describes the fol­low­ing as a “Key Event” (their empha­sis):

    July 5, 2016: In the ear­ly evening, East­ern Day­light Time, some­one work­ing in the EDT time zone with a com­put­er direct­ly con­nect­ed to the DNC serv­er or DNC Local Area Net­work, copied 1,976 MegaBytes of data in 87 sec­onds onto an exter­nal stor­age device. That speed is much faster than what is phys­i­cal­ly pos­si­ble with a hack.

    The Foren­si­ca­tor responds to the state­ments above as fol­lows:

    * The Guc­cifer 2.0 NGP/VAN Meta­da­ta Analy­sis describes a copy oper­a­tion that (based on the meta­da­ta) occurred in the ear­ly evening on July 5, 2016. No claim is made in the report that the data might not have been copied ear­li­er nor whether it might have been copied or leaked.
    * The analy­sis deter­mined that this first (of two) copy oper­a­tions was done using a com­put­er that had East­ern time zone set­tings in force. The Foren­si­ca­tor adds that the com­put­er was like­ly on the East Coast.
    * No claim was made in the Forensicator’s analy­sis that this com­put­er was con­nect­ed to a DNC serv­er. That may have been men­tioned in a reply to a com­ment as a hypo­thet­i­cal sce­nario when dis­cussing aspects of the analy­sis that would sup­port such a claim.
    * No claim was made in the analy­sis that the data dis­closed in the NGP VAN 7zip file pub­lished by Guc­cifer 2 was derived from data tak­en from a DNC serv­er. Guc­cifer 2 allud­ed to that. The “Find­ings” sec­tion refers to the data this way: “On Sep­tem­ber 1, 2016, two months after copy­ing the ini­tial large col­lec­tion of (alleged) DNC relat­ed con­tent …” (empha­sis added).
    * No claim was made in the analy­sis that the esti­mat­ed trans­fer speed “is much faster than what is phys­i­cal­ly pos­si­ble with a hack” [VIPS]. Rather the state­ment was “this rate is too fast to sup­port the hypoth­e­sis that the DNC data was ini­tial­ly copied over the Inter­net (esp. to Roma­nia)“. They’re close; they dif­fer in degree of cer­tain­ty and the Foren­si­ca­tor added the qual­i­fi­er “(esp. to Roma­nia)“.
    * The Forensicator’s report makes no ref­er­ence to “hack”, “leak”, or “serv­er”.

    There may be oth­er over-ambi­tious extrap­o­la­tions made by the VIPS in their report. Scott Rit­ter who declined to sign onto the VIPS memo, offered his per­spec­tive in an arti­cle on Truthdig.com [July 28, 2017 – four days after the VIPS arti­cle was pub­lished]. Here is an excerpt. The “foren­sics ana­lysts” that Scott refers to below are The Foren­si­ca­tor and Adam Carter.

    The analy­sis con­tained in the VIPS mem­o­ran­dum con­tra­dicts such an asser­tion. Unfor­tu­nate­ly, this con­clu­sion is not sup­port­ed by the data. I reached out to the foren­sic ana­lysts who con­duct­ed the analy­sis of the meta­da­ta in ques­tion. They have stat­ed that there is no way to use the avail­able meta­da­ta to deter­mine where the copy­ing of the data was done. In short, one can­not state that this data proves Guc­cifer 2.0 had direct access to the DNC serv­er or that the data was locat­ed in the DNC when it was copied on July 5, 2016. These same ana­lysts also note that the July 5 date that is per­va­sive on the meta­da­ta prob­a­bly over­wrote all pri­or mod­i­fi­ca­tion times, mean­ing it is impos­si­ble to ascer­tain if there were any pri­or copy oper­a­tions.

    Scott places the VIPS report into per­spec­tive.

    The impli­ca­tions of the con­clu­sions reached in the VIPS mem­o­ran­dum (if not the actu­al tech­ni­cal analy­sis it relied on) are stag­ger­ing: The DNC “hack” was actu­al­ly a cyber-theft per­pe­trat­ed by an insid­er with direct access to the DNC serv­er, who then delib­er­ate­ly doc­tored doc­u­ments to make them look as if they had been accessed by a Russ­ian-speak­ing actor pri­or to releas­ing them to the pub­lic.

    When the Foren­si­ca­tor first read the pub­lished VIPS report, he noticed issues like those above and his reac­tion was that their report was their own inter­pre­ta­tion of the Forensicator’s find­ings; it seemed to be based on assump­tions that should be more clear­ly stat­ed. Still, the Foren­si­ca­tor rec­og­nized that it was their pre­rog­a­tive to make their own inter­pre­ta­tion.

    ...

    ———-

    “Cor­rec­tions and Clar­i­fi­ca­tions” by the foren­si­ca­tor; theforensicator.wordpress.com; 08/24/2017

    “When the Foren­si­ca­tor first read the pub­lished VIPS report, he noticed issues like those above and his reac­tion was that their report was their own inter­pre­ta­tion of the Forensicator’s find­ings; it seemed to be based on assump­tions that should be more clear­ly stat­ed. Still, the Foren­si­ca­tor rec­og­nized that it was their pre­rog­a­tive to make their own inter­pre­ta­tion.”

    So the VIPS sup­port for the Foren­si­ca­tor is not mutu­al. Ouch.

    And, again, the Foren­si­ca­tor explic­it­ly cites the part in Rit­ter’s cri­tique about how there’s no way to tell how many pri­or copy oper­a­tions may have tak­en place, rewrit­ing the “last mod­i­fied” meta­da­ta each time:

    ...
    There may be oth­er over-ambi­tious extrap­o­la­tions made by the VIPS in their report. Scott Rit­ter who declined to sign onto the VIPS memo, offered his per­spec­tive in an arti­cle on Truthdig.com [July 28, 2017 – four days after the VIPS arti­cle was pub­lished]. Here is an excerpt. The “foren­sics ana­lysts” that Scott refers to below are The Foren­si­ca­tor and Adam Carter.

    The analy­sis con­tained in the VIPS mem­o­ran­dum con­tra­dicts such an asser­tion. Unfor­tu­nate­ly, this con­clu­sion is not sup­port­ed by the data. I reached out to the foren­sic ana­lysts who con­duct­ed the analy­sis of the meta­da­ta in ques­tion. They have stat­ed that there is no way to use the avail­able meta­da­ta to deter­mine where the copy­ing of the data was done. In short, one can­not state that this data proves Guc­cifer 2.0 had direct access to the DNC serv­er or that the data was locat­ed in the DNC when it was copied on July 5, 2016. These same ana­lysts also note that the July 5 date that is per­va­sive on the meta­da­ta prob­a­bly over­wrote all pri­or mod­i­fi­ca­tion times, mean­ing it is impos­si­ble to ascer­tain if there were any pri­or copy oper­a­tions.

    ...

    Yes, not only does the Foren­si­ca­tor no longer endorse the VIPS memo endors­ing the Foren­si­ca­tor, but the Foren­si­ca­tor might not even endorse the Foren­si­ca­tor any­more. Although if you read the Foren­si­ca­tor’s web­site they clear­ly stick­ing to their broad­er nar­ra­tive (that the DNC files were like­ly stolen local­ly with a USB stick) even though that nar­ra­tive is strong­ly under­mined by the obser­va­tion about pos­si­ble pri­or copy oper­a­tions.

    It’s progress. Sort of.

    Posted by Pterrafractyl | September 6, 2017, 9:46 pm
  19. There were a cou­ple of rather notable events recent­ly in the giant AT&T $85 bil­lion bid for Time Warn­er that’s await­ing gov­ern­ment approval.

    The most recent notable event might not seem big on the sur­face: AT&T’s CEO made a num­ber of pub­lic com­ments quite sup­port­ive of CNN’s chief Jeff Zuck­er, say­ing he’s doing a “ter­rif­ic job.”

    Why is this notable? Because as the fol­low­ing arti­cle from back in July describes, Pres­i­dent Trump has made numer­ous threats to block the merg­er and he real­ly seems to hate Jeff Zuck­er over CNN’s cov­er­age of him. They used to be close since Zuck­er helped launch Trump’s real­i­ty TV career. Back in Octo­ber of 2016, can­di­date Trump said the merg­er was bad because it made the media too con­cen­trat­ed. It was one of those moments when he was doing his “I care about the lit­tle guy” shtick and said some­thing that was­n’t some­how hor­ri­ble. And then in July of this year — around the time Trump tweet­ed out that gif of him­self beat­ing up CNN that was cre­at­ed by a white suprema­cist (and the whole thing turned into a death threat cam­paign against CNN employ­ees waged by Andrew Auern­heimer) — Trump made numer­ous threats to block the merg­er, while hint­ing that Jeff Zuck­er’s depar­ture might be the price he extracts. And that threat obvi­ous­ly includes replac­ing Zuck­er with some­one more like Roger Ailes because he was mak­ing these threats in the con­text of his com­plaints about CNN’s cov­er­age of him.

    So Trump’s stance on the pro­posed mega-merg­er appears to be that the con­cen­tra­tion of media pow­er from the mega-merg­er would be bad for con­sumers, unless Jeff Zuck­er gets replaced with some­one who turns CNN into Fox News in which case it’s fine:

    The Huff­in­g­ton Post

    Trump Might Try To Threat­en AT&T‑Time Warn­er Deal Over CNN’s Cov­er­age Of Him
    It could be blus­ter, but the notion of finan­cial­ly pun­ish­ing crit­ics is a dis­turb­ing esca­la­tion of the president’s war on the press.

    By Michael Calderone
    07/06/2017 06:03 pm ET

    Pres­i­dent Don­ald Trump dis­missed CNN yet again on Thurs­day as “fake news” dur­ing a press con­fer­ence in War­saw, Poland, con­tin­u­ing a long-run­ning feud with the net­work that this week includ­ed every­thing from a con­tro­ver­sial wrestling GIF to accu­sa­tions of black­mail.

    There’s grow­ing con­cern that Trump’s war with CNN could esca­late beyond insults and Twit­ter posts, with sources close to the pres­i­dent mus­ing about open­ing a new front aimed at CNN’s par­ent com­pa­ny, Time Warn­er — and Trump him­self spec­u­lat­ing about CNN Pres­i­dent Jeff Zuck­er los­ing his job in a shake-up.

    The New York Times, cit­ing an unnamed senior admin­is­tra­tion offi­cial, report­ed Wednes­day night that White House advis­ers have dis­cussed AT&T’s pro­posed $85 bil­lion acqui­si­tion of Time Warn­er as a “poten­tial point of lever­age” over CNN. Media ana­lysts have expect­ed Trump’s Jus­tice Depart­ment to approve the deal, but the Times reports that “the president’s ani­mus toward CNN remains a wild card.”

    On Thurs­day, The Dai­ly Caller, cit­ing “a source famil­iar with Pres­i­dent Trump’s think­ing,” report­ed that the White House won’t sup­port the mega-media deal if Zuck­er remains atop the news net­work.

    The anony­mous threats may turn out to be blus­ter. But the idea of a pres­i­dent abus­ing his pow­er to finan­cial­ly pun­ish com­pa­nies over news cov­er­age he doesn’t like is nonethe­less dis­turb­ing.

    Trump has demo­nized the press as a can­di­date and as pres­i­dent, at times stray­ing beyond ver­bal attacks to sug­gest the gov­ern­ment could exert more finan­cial pres­sure on media own­ers. In a tweet last week blast­ing The Wash­ing­ton Post, which is owned by Ama­zon chief Jeff Bezos, Trump com­plained that Ama­zon doesn’t pay (nonex­is­tent) “inter­net tax­es.” He has also talked about chang­ing libel laws to make it eas­i­er to suc­cess­ful­ly sue news orga­ni­za­tions, although that appears to be out­side the scope of his pow­ers.

    When AT&T announced its plan in Octo­ber to buy Time Warn­er, Trump expressed oppo­si­tion. The deal, he said, would put “too much con­cen­tra­tion of pow­er in the hands of too few” — a view that depart­ed from Repub­li­can ortho­doxy but fit with his pop­ulist cam­paign mes­sage.

    AT&T CEO Ran­dall Stephen­son and Time Warn­er CEO Jef­frey Bewkes said in Decem­ber that they were hope­ful the deal would be approved under the new admin­is­tra­tion. Stephen­son acknowl­edged that Trump’s dis­plea­sure with CNN could have fac­tored into his orig­i­nal oppo­si­tion to the deal, and met with the pres­i­dent-elect at Trump Tow­er in mid-Jan­u­ary.

    The Hol­ly­wood Reporter’s Michael Wolff wrote in March that Trump may try scut­tling the AT&T‑Time Warn­er deal to keep that cam­paign pledge or per­haps try extract­ing con­ces­sions, such as CNN get­ting spun off in the deal or Zuck­er being out of a job. “The sur­prise would not be if Pres­i­dent Trump, with ham hand and big foot, jumped into the mid­dle of this deal,” Wolff wrote, “but if he didn’t keep the promise he made to do exact­ly that.”

    Trump isn’t the only politi­cian opposed to the deal. A num­ber of Demo­c­ra­t­ic sen­a­tors urged the Jus­tice Depart­ment last month to reject the merg­er, argu­ing that fur­ther media con­sol­i­da­tion would be bad for con­sumers. In addi­tion to CNN, the telecom­mu­ni­ca­tions giant would acquire Time Warner’s major enter­tain­ment assets like HBO, TBS, TNT and Warn­er Bros.

    ...

    Despite the recent chat­ter about Trump pos­si­bly inter­fer­ing out of anger toward CNN, the acqui­si­tion is expect­ed to pro­ceed as planned. On Thurs­day, CNBC report­ed that the deal could close with­in 60 days.

    Inside CNN, the con­sen­sus is that the deal is like­ly on track, accord­ing to a net­work source who was not autho­rized to speak pub­licly.

    Still, Trump has pub­licly sug­gest­ed that Zucker’s days at the com­pa­ny are num­bered. Zuck­er has also been the sub­ject of unflat­ter­ing cov­er­age on Fox News and in the New York Post, both owned by Rupert Mur­doch ? a close Trump ally whose 21st Cen­tu­ry Fox com­petes with Time Warn­er.

    On June 26, Fox News host Sean Han­ni­ty ripped Zuck­er in a TV seg­ment and tweet­ed that the CNN chief was “soon to be fired.”

    “Fake News CNN is look­ing at big man­age­ment changes now that they got caught false­ly push­ing their pho­ny Russ­ian sto­ries,” Trump tweet­ed the next day. “Rat­ings way down!”

    That evening, the Post report­ed that CNN faced a $100 mil­lion law­suit over a bun­gled Rus­sia sto­ry, and quot­ed a source sug­gest­ing Zuck­er and Time Warn­er exec­u­tives were “anx­ious about if they will sur­vive the merg­er.”

    Trump said at a fundrais­er on June 28 that he’d heard Zuck­er was “going to resign at some point pret­ty soon.” That night, the Post report­ed that AT&T exec­u­tives planned to “neu­tral­ize” Zuck­er upon tak­ing con­trol of Time Warn­er.

    This week, Han­ni­ty won­dered on Twit­ter if AT&T would fire Zuck­er.

    Where are Zuck­ers stenog­ra­phers? Work­ing over­time. Will AT&T fire Zuck­er? https://t.co/m0EiOcGGjL— Sean Han­ni­ty (@seanhannity) July 5, 2017

    Trump was once close with Zuck­er, who launched “The Appren­tice” while head of NBC Enter­tain­ment and gave the now-pres­i­dent a dis­pro­por­tion­ate amount of air­time dur­ing the Repub­li­can pri­ma­ry. Their rela­tion­ship soured amid the network’s more aggres­sive cov­er­age of then-can­di­date Trump, who hasn’t sat down for an inter­view on CNN in about a year.

    CNN’s cov­er­age of inves­ti­ga­tions into ties between Trump asso­ciates and Rus­sia has fur­ther strained the rela­tion­ship. Zuck­er recent­ly told reporters that he hasn’t spo­ken to Trump at all this year.

    ———–

    “Trump Might Try To Threat­en AT&T‑Time Warn­er Deal Over CNN’s Cov­er­age Of Him” by Michael Calderone; The Huff­in­g­ton Post; 07/06/2017

    “There’s grow­ing con­cern that Trump’s war with CNN could esca­late beyond insults and Twit­ter posts, with sources close to the pres­i­dent mus­ing about open­ing a new front aimed at CNN’s par­ent com­pa­ny, Time Warn­er — and Trump him­self spec­u­lat­ing about CNN Pres­i­dent Jeff Zuck­er los­ing his job in a shake-up.”

    Trump has lever­age, of sorts, over the chief of CNN and there’s exact­ly the kind of mind worm that’s will take deep root in Trump’s mind:

    ...
    The New York Times, cit­ing an unnamed senior admin­is­tra­tion offi­cial, report­ed Wednes­day night that White House advis­ers have dis­cussed AT&T’s pro­posed $85 bil­lion acqui­si­tion of Time Warn­er as a “poten­tial point of lever­age” over CNN. Media ana­lysts have expect­ed Trump’s Jus­tice Depart­ment to approve the deal, but the Times reports that “the president’s ani­mus toward CNN remains a wild card.”

    On Thurs­day, The Dai­ly Caller, cit­ing “a source famil­iar with Pres­i­dent Trump’s think­ing,” report­ed that the White House won’t sup­port the mega-media deal if Zuck­er remains atop the news net­work.
    ...

    It’s a rather remark­able shift from his stance as a can­di­date back in Octo­ber of 2016:

    ...
    When AT&T announced its plan in Octo­ber to buy Time Warn­er, Trump expressed oppo­si­tion. The deal, he said, would put “too much con­cen­tra­tion of pow­er in the hands of too few” — a view that depart­ed from Repub­li­can ortho­doxy but fit with his pop­ulist cam­paign mes­sage.

    AT&T CEO Ran­dall Stephen­son and Time Warn­er CEO Jef­frey Bewkes said in Decem­ber that they were hope­ful the deal would be approved under the new admin­is­tra­tion. Stephen­son acknowl­edged that Trump’s dis­plea­sure with CNN could have fac­tored into his orig­i­nal oppo­si­tion to the deal, and met with the pres­i­dent-elect at Trump Tow­er in mid-Jan­u­ary.
    ...

    So when the time comes for the gov­ern­ment to make a final deci­sion on the merg­er, which ver­sion of Trump’s oppo­si­tion to the deal will he embrace, assum­ing he con­tin­ues to threat­en to block it? Will it be a prin­ci­pled oppo­si­tion based on oppo­si­tion to a con­cen­tra­tion of media pow­er or whin­ing about CNN’s mean cov­er­age?

    Well, that brings us to the sec­ond notable event relat­ed to the merg­er in recent days. On Octo­ber 28th, the day news came out about the first charges in the Mueller inves­ti­ga­tion: right when that news start­ed com­ing out Roger Stone went on twit­ter and issued the fol­low­ing threat:

    When AT&T aquires Time Warn­er the house clean­ing at CNN of human excre­ment like @donlemon @jaketapper & dumb­fu ck @ananavarro will be swift

    — Roger Stone (@RogerJStoneJr) Octo­ber 28, 2017

    So if Stone was giv­ing us an idea of what Trump has in mind, it would appear Trump might demand CNN get rid of a whole bunch of hosts if this merg­er goes through:

    Talk­ing Points Memo
    Edi­tor’s Blog

    Will It Soon Be CNN’s Time in the Bar­rel?

    By Josh Mar­shall
    Pub­lished Octo­ber 28, 2017 1:11 pm

    We know Pres­i­dent Trump’s con­fi­dante Roger Stone is intem­per­ate and aggres­sive. We also know he often blurts things out that end up being accu­rate or high­ly pre­scient. On August 21st, 2016, Stone tweet­ed: “Trust me, it will soon [be] Podesta’s time in the bar­rel.” A few weeks lat­er (Oct. 7th, 2016), that’s just what hap­pened. Wik­ileaks, with whom Stone had been in active and direct con­tact, began releas­ing thou­sands of Podesta’s stolen emails.

    ...

    AT&T is cur­rent­ly try­ing to final­ize an $86 bil­lion acqui­si­tion of Time Warn­er. It’s actu­al­ly behind sched­ule. But not to wor­ry. The com­pa­nies say they are extend­ing their dead­line “for a short peri­od of time to facil­i­tate obtain­ing final reg­u­la­to­ry approval required to close the merg­er.”

    AT&T needs the Jus­tice Department’s approval for that deal. Nor­mal­ly, that deci­sion would be housed off at the Antitrust Divi­sion at the Jus­tice Depart­ment. But no one thinks that’s how it works in the Trump Admin­is­tra­tion. AT&T needs Don­ald Trump’s sign off, pos­si­bly medi­at­ed through the hand of Jeff Ses­sions but maybe not. Indeed, there has already been quite a bit of con­cern on Capi­tol Hill that Trump would try to hold up the AT&T deal as a way to exert pres­sure on Time Warn­er?

    Why would the Pres­i­dent want to pres­sure Time Warn­er? Because Time Warn­er owns CNN. And the White House has already put out word that it want­ed to use the deal as a way to place pres­sure on CNN to rein in its cov­er­age. Sen­a­tors have pressed the admin­is­tra­tion to make the deci­sion pure­ly on legit­i­mate antitrust grounds. Final­iz­ing the deal has gone over sched­ule. It’s been sug­gest­ed that to help move things along AT&T might sug­gest (or per­haps already has sug­gest­ed) that it will rein in the “fake news” at CNN as a way to get Pres­i­dent Trump to Yes.

    Last night, as CNN’s break­ing news about a Mueller indict­ment was rip­pling across the inter­webs, Roger Stone went on a Twit­ter tirade rant­i­ng at var­i­ous peo­ple. One Tweet thought was quite spe­cif­ic.

    When AT&T aquires Time Warn­er the house clean­ing at CNN of human excre­ment like @donlemon @jaketapper & dumb­fu ck @ananavarro will be swift

    — Roger Stone (@RogerJStoneJr) Octo­ber 28, 2017

    Obvi­ous­ly, Roger Stone can rant and wish all he wants. He was in a splut­ter and a rage. How can he know what AT&T is going to do. But let’s go back to one more thing we know. Roger Stone still reg­u­lar­ly talks to Pres­i­dent Trump. Is that what Pres­i­dent Trump told Stone? That AT&T promised they’ll ‘clean house’ at CNN?

    Yes, I agree, a few links in the chain of this hypo­thet­i­cal. But is it even plau­si­ble that Don­ald Trump wouldn’t try to use such an oppor­tu­ni­ty to at least squeeze one of his arch-wrestling match ene­mies? Hard­ly. It’s exact­ly the kind of thing that would get Trump and Stone gid­dy and bloody-mind­ed. It’s total­ly Stone’s kind of thing; and Trump’s too. Some­one should start ask­ing some ques­tions. Start at DOJ and in the C‑Suite at AT&T.

    Do I think AT&T will try to gut CNN? I have no idea. But is Trump push­ing for it and grous­ing and gos­sip­ing about it with Roger Stone? I’d say that’s a pret­ty good bet. And giv­en he’s the Pres­i­dent of the Unit­ed States … well, you know how that sen­tence ends.

    ———-

    “Will It Soon Be CNN’s Time in the Bar­rel?” by Josh Mar­shall; Talk­ing Points Memo; 10/28/2017

    “AT&T needs the Jus­tice Department’s approval for that deal. Nor­mal­ly, that deci­sion would be housed off at the Antitrust Divi­sion at the Jus­tice Depart­ment. But no one thinks that’s how it works in the Trump Admin­is­tra­tion. AT&T needs Don­ald Trump’s sign off, pos­si­bly medi­at­ed through the hand of Jeff Ses­sions but maybe not. Indeed, there has already been quite a bit of con­cern on Capi­tol Hill that Trump would try to hold up the AT&T deal as a way to exert pres­sure on Time Warn­er?”

    Yep, Trump is almost cer­tain­ly going to find a way to direct­ly inter­vene on a merg­er involv­ing his favorite media punch­ing bag. It would be high­ly unchar­ac­ter­is­tic. Plus he’s already threat­ened to do so.

    So is Roger Stone’s expand­ed threat, one that include CNN’s hosts crit­i­cal of Turmp, an exam­ple of Stone act­ing as a Trump proxy? As Josh Mar­shall reminds us, it’s a pret­ty good bet that, yes, this is exact­ly the case:

    ...
    Obvi­ous­ly, Roger Stone can rant and wish all he wants. He was in a splut­ter and a rage. How can he know what AT&T is going to do. But let’s go back to one more thing we know. Roger Stone still reg­u­lar­ly talks to Pres­i­dent Trump. Is that what Pres­i­dent Trump told Stone? That AT&T promised they’ll ‘clean house’ at CNN?

    Yes, I agree, a few links in the chain of this hypo­thet­i­cal. But is it even plau­si­ble that Don­ald Trump wouldn’t try to use such an oppor­tu­ni­ty to at least squeeze one of his arch-wrestling match ene­mies? Hard­ly. It’s exact­ly the kind of thing that would get Trump and Stone gid­dy and bloody-mind­ed. It’s total­ly Stone’s kind of thing; and Trump’s too. Some­one should start ask­ing some ques­tions. Start at DOJ and in the C‑Suite at AT&T.

    Do I think AT&T will try to gut CNN? I have no idea. But is Trump push­ing for it and grous­ing and gos­sip­ing about it with Roger Stone? I’d say that’s a pret­ty good bet. And giv­en he’s the Pres­i­dent of the Unit­ed States … well, you know how that sen­tence ends.

    No, it just does­n’t seem that plau­si­ble that Trump would pass up this oppor­tu­ni­ty.

    So that’s one more rea­son to be very wary of the AT&T/Time Warn­er merg­er: turn­ing CNN into Fox News might be part of the deal too.

    Posted by Pterrafractyl | November 1, 2017, 11:30 pm
  20. Remem­ber all those threats Don­ald Trump and Roger Stone were issu­ing over the AT&T/Time Warn­er mega-merg­er and the Trump/Stone implic­it demands that CNN (owned by Time Warn­er) be reigned in about its crit­i­cism of Trump? Well, it looks like the DOJ has come with a new demand if this merg­er is going to be allowed to go through: if Time Warn­er sells CNN the deal will get approved.

    And while that would­n’t be an out­ra­geous demand from an antitrust stand­point if this was the approach the Trump admin­is­tra­tion was tak­ing to antitrust issues in gen­er­al, as Josh Mar­shall not­ed fol­low­ing reports of this DOJ, it is actu­al­ly pret­ty out­ra­geous if it’s an instance of selec­tive enforce­ment of antitrust laws for polit­i­cal ends, which is what it appears to be in this case:

    Talk­ing Points Memo
    Edi­tor’s Blog

    Boom – Watch This Close­ly

    By Josh Mar­shall
    Pub­lished Novem­ber 8, 2017 2:17 pm

    I’ve pre­vi­ous­ly not­ed the chat­ter that AT&T may have or may need to give Pres­i­dent Trump assur­ances that CNN will be reined in before his Jus­tice Depart­ment okays its $84.5 bil­lion acqui­si­tion of Time Warn­er. The Finan­cial Times has just report­ed (sub req) that the DOJ is now telling AT&T that it needs to sell CNN if it wants the acqui­si­tion approved.

    From the FT

    The sale of CNN, which Pres­i­dent Don­ald Trump has fierce­ly crit­i­cised as a broad­cast­er of “fake news”, is just one of the demands being made by the US antitrust author­i­ty in order to sign off on the deal, those involved in the talks said. But it could prove a stum­bling block.

    AT&T is opposed to sell­ing the TV net­work and is prepar­ing to take the Trump admin­is­tra­tion to court, argu­ing the deal with Time Warn­er does not pose any com­pe­ti­tion vio­la­tions.

    “It’s all about CNN,” said one per­son with direct knowl­edge of the talks between the com­pa­ny and the DOJ, adding that the reg­u­la­tor made it clear to AT&T that if it sold CNN the deal would go through.

    Makan Del­rahim is the new head of the AntiTrust divi­sion …

    Makan Del­rahim, the new head of the jus­tice department’s antitrust divi­sion, has been more con­cil­ia­to­ry, say­ing before tak­ing office that he did not believe the merg­er posed a “major antitrust prob­lem”.

    “The sheer size of it, and the fact that it’s media, I think will get a lot of atten­tion,” Mr Del­rahim told a Cana­di­an TV sta­tion in 2016 after the AT&T deal with Time Warn­er was announced. “How­ev­er, I don’t see this as a major antitrust prob­lem.”

    Peo­ple with direct knowl­edge of the antitrust nego­ti­a­tions said Mr Del­rahim had changed his view since tak­ing office.

    As I’ve not­ed in oth­er con­texts, I believe that as a gen­er­al mat­ter antitrust enforce­ment should be much more expan­sive and aggres­sive than it’s been in recent decades. But that’s a sep­a­rate point. The key here is selec­tive enforce­ment to advance polit­i­cal ends. We don’t know that that is what’s hap­pen­ing here. But giv­en the play­ers involved we have good rea­son to be high­ly sus­pi­cious.

    ———-

    “Boom – Watch This Close­ly” by Josh Mar­shall; Talk­ing Points Memo; 11/08/2017

    “As I’ve not­ed in oth­er con­texts, I believe that as a gen­er­al mat­ter antitrust enforce­ment should be much more expan­sive and aggres­sive than it’s been in recent decades. But that’s a sep­a­rate point. The key here is selec­tive enforce­ment to advance polit­i­cal ends. We don’t know that that is what’s hap­pen­ing here. But giv­en the play­ers involved we have good rea­son to be high­ly sus­pi­cious.”

    So are these DOJ demands that Time Warn­er sell off CNN polit­i­cal­ly dri­ven? Well, con­sid­er­ing that CNN appears to be the only stick­ing point the Trump admin­is­tra­tion can find with this pro­pos­al that sure looks polit­i­cal.

    The eas­i­est way to answer that ques­tion is to find oth­er exam­ples of the Trump admin­is­tra­tion’s antitrust behav­ior to see if there’s some con­sis­ten­cy or incon­sis­ten­cy in how these rules are enforced. And while the Trump admin­is­tra­tion is still too new for there to be much time for a track record to be estab­lished on antitrust issues at this point, we do have one oth­er very notable media pro­posed merg­er with major antitrust issues that Trump admin­is­tra­tion has also been grap­pling with this year: Sin­clair Broad­cast­ing and its attempt to buy up a mas­sive num­ber of local broad­cast­er and turn their local news con­tent into far-right dis­in­fo­tain­ment garbage:

    Mic

    How the FCC helped pave the way for Sin­clair to take over Amer­i­can broad­cast­ing

    by Kelsey Sut­ton
    Pub­lished Oct. 19, 2017

    Tri­bune Media’s share­hold­ers on Thurs­day approved a takeover by Sin­clair Broad­cast Group, mov­ing the con­ser­v­a­tive telecom­mu­ni­ca­tions com­pa­ny one step clos­er to a mas­sive media con­sol­i­da­tion deal that will like­ly go through under the Repub­li­can-led Fed­er­al Com­mu­ni­ca­tions Com­mis­sion.

    Sin­clair, which owns more than 170 local tele­vi­sion chan­nels across the coun­try, in May pro­posed to buy Tri­bune for $3.9 bil­lion in a deal that would give it con­trol over some of the biggest local tele­vi­sion mar­kets in the nation, includ­ing in New York and Chica­go.

    ...

    While reg­u­la­to­ry and antitrust offi­cials still need to approve the deal, it is far more like­ly to get the go-ahead under the Trump administration’s Fed­er­al Com­mu­ni­ca­tions Com­mis­sion. FCC chair­man Ajit Pai, a Repub­li­can Trump appointee, vot­ed in April to change the way the com­mis­sion counts the audi­ences of sta­tions, mak­ing it eas­i­er for big broad­cast­ing com­pa­nies to grow even larg­er.

    Cor­po­ra­tions were pre­vi­ous­ly lim­it­ed in how many media out­lets they could own in cer­tain mar­kets. Addi­tion­al­ly, com­pa­nies are only allowed to serve 39% of the nation­al TV view­er­ship. But the new pol­i­cy, which reversed a 2016 FCC rul­ing, only counts of some sta­tions’ audi­ence, mak­ing it eas­i­er for big cor­po­ra­tions to buy more sta­tions before max­ing out. The FCC also sug­gest­ed it might con­sid­er rais­ing the 39% lim­it, allow­ing for even more expan­sion.

    For­mer FCC chair­man Tom Wheel­er warned of the impend­ing deal in a recent inter­view.

    “The Trump FCC has, in one very short peri­od, moved to change three basic rules that have been in place to pro­tect the diver­si­ty of voic­es and avoid monop­o­liza­tion of the broad­cast tele­vi­sion mar­ket,” Wheel­er said on PBS New­sHour. “We have a soci­ety in which the flow of infor­ma­tion is cru­cial to a democ­ra­cy. And when that free flow of infor­ma­tion gets choked off by cor­po­rate con­sol­i­da­tion, we ought to all wor­ry.”

    Sinclair’s bid to buy Tri­bune has already come under a great deal of scruti­ny, not least because the Bal­ti­more-based broad­cast­er requires its sta­tions to run a cer­tain amount of con­ser­v­a­tive-lean­ing news pro­gram­ming each day. That prac­tice, as well as the company’s deci­sion to hire Don­ald Trump’s for­mer cam­paign advis­er Boris Epshteyn, has attract­ed a con­sid­er­able amount of media atten­tion.

    Con­ser­v­a­tives and lib­er­als alike have close­ly watched the takeover bid because of the con­sol­i­da­tion of pow­er that would occur under the deal. If the merg­er is approved, Sin­clair would become the largest sin­gle own­er of local tele­vi­sion sta­tions around the coun­try, reach­ing near­ly 70% of U.S. house­holds. Var­i­ous con­ser­v­a­tive-lean­ing media sites and net­works, like News­max, the Blaze and One Amer­i­ca News Net­work, have voiced oppo­si­tion to the deal. Fox News’ par­ent com­pa­ny, 21st Cen­tu­ry Fox, made an unsuc­cess­ful bid for Tri­bune.

    ———-

    “How the FCC helped pave the way for Sin­clair to take over Amer­i­can broad­cast­ing” by Kelsey Sut­ton; Mic; 10/19/2017

    “While reg­u­la­to­ry and antitrust offi­cials still need to approve the deal, it is far more like­ly to get the go-ahead under the Trump administration’s Fed­er­al Com­mu­ni­ca­tions Com­mis­sion. FCC chair­man Ajit Pai, a Repub­li­can Trump appointee, vot­ed in April to change the way the com­mis­sion counts the audi­ences of sta­tions, mak­ing it eas­i­er for big broad­cast­ing com­pa­nies to grow even larg­er.”

    Huh. So Trump’s FCC is so uncon­cerned about a con­sol­i­da­tion of own­er­ship in the media mar­kets that it changed the rules to make it eas­i­er for com­pa­nies to meet the cur­rent 39% nation­al mar­ket share cap and even talked about rais­ing that 39% cap:

    ...
    Cor­po­ra­tions were pre­vi­ous­ly lim­it­ed in how many media out­lets they could own in cer­tain mar­kets. Addi­tion­al­ly, com­pa­nies are only allowed to serve 39% of the nation­al TV view­er­ship. But the new pol­i­cy, which reversed a 2016 FCC rul­ing, only counts of some sta­tions’ audi­ence, mak­ing it eas­i­er for big cor­po­ra­tions to buy more sta­tions before max­ing out. The FCC also sug­gest­ed it might con­sid­er rais­ing the 39% lim­it, allow­ing for even more expan­sion.
    ...

    And this, of course, is being done for Sin­clair Broad­cast­ing, a far-right media out­fit that forces its local affil­i­ates to show con­ser­v­a­tive con­tent every evening. It’s like Fox News for your local news except the audi­ence has no idea about the ‘Foxy’ nature of what they’re watch­ing:

    ...
    Sinclair’s bid to buy Tri­bune has already come under a great deal of scruti­ny, not least because the Bal­ti­more-based broad­cast­er requires its sta­tions to run a cer­tain amount of con­ser­v­a­tive-lean­ing news pro­gram­ming each day. That prac­tice, as well as the company’s deci­sion to hire Don­ald Trump’s for­mer cam­paign advis­er Boris Epshteyn, has attract­ed a con­sid­er­able amount of media atten­tion.
    ...

    So unless Trump’s DOJ sud­den­ly issues a bunch of con­cerns over Sin­clair it’s pret­ty obvi­ous that we are look­ing at an issue of selec­tive enforce­ment to advance a polit­i­cal end. And that polit­i­cal end appears to be putting an end any crit­i­cism of Trump on the net­work he loves to hate.

    But let’s not for­get: there prob­a­bly are pret­ty decent rea­son for hav­ing seri­ous con­cerns about the AT&T/Time Warn­er merg­er from an antitrust per­spec­tive, which is why the prop­er response isn’t to demand that AT&T and Time Warn­er get to merge with no strings attached. The prop­er response is to demand an end to Sin­clair’s stealth far-right takeover of local news and to stop allow mega-media merg­ers where antitrust con­cerns are set­tled with promise by the com­pa­nies not to abuse their mar­ket pow­er. That should help take care of the selec­tive enforce­ment issue. And a lot of oth­er issues.

    Posted by Pterrafractyl | November 8, 2017, 4:17 pm
  21. This prob­a­bly should have been seen as inevitable: Guess who made a trip to vis­it Bill Bin­ney and the “Vet­er­an Intel­li­gence Pro­fes­sion­als for San­i­ty” (VIPS) memo about “the Foren­si­ca­tor” that Bin­ney con­tin­ues to cham­pi­on along with the­o­ries that Seth Rich was the real source of the DNC hacks: CIA direc­tor Mike Pom­peo. That’s who just met with Bin­ney. Under Trump’s orders:

    Busi­ness Insid­er

    Trump report­ed­ly told the direc­tor of the CIA to meet with a for­mer intel­li­gence offi­cial who claims Rus­sia nev­er hacked the DNC

    Michal Kranz
    Nov. 7, 2017, 3:51 PM

    * A for­mer intel­li­gence offi­cial who claims that Rus­sia did not hack the Demo­c­ra­t­ic Nation­al Com­mit­tee in 2016 report­ed­ly met with CIA Direc­tor Mike Pom­peo in late Octo­ber at the request of Pres­i­dent Don­ald Trump.
    * The offi­cial was part of a group of intel­li­gence vet­er­ans whose report con­tra­dicts the find­ings of the intel­li­gence agen­cies that inves­ti­gat­ed the 2016 elec­tion hack­ing. They say DNC emails were leaked by some­one on the inside.
    * Pom­peo has a his­to­ry of sid­ing with Trump on intel­li­gence mat­ters relat­ing to Rus­si­a’s med­dling in the 2016 elec­tion.

    Pres­i­dent Don­ald Trump report­ed­ly told CIA Direc­tor Mike Pom­peo to meet with a for­mer intel­li­gence offi­cial who argued in a memo that Rus­sia nev­er hacked the Demo­c­ra­t­ic Nation­al Com­mit­tee in July of 2016, and that instead its emails were released due to an inter­nal leak, accord­ing to the Inter­cept.

    Pom­peo met with William Bin­ney, the for­mer Nation­al Secu­ri­ty Agency offi­cial who co-wrote the memo with sev­er­al oth­er alleged intel­li­gence vet­er­ans, on Octo­ber 24 at the pres­i­den­t’s urg­ing. Accord­ing to Bin­ney, Pom­peo said Trump told him that if he “want[ed] to know the facts, he should talk to me,” refer­ring to Bin­ney.

    Bin­ney claimed the DNC emails were leaked by some­one on the inside, con­tra­dict­ing the find­ings of intel­li­gence agen­cies

    A high-rank­ing intel­li­gence source con­firmed for the Inter­cept that the meet­ing between Bin­ney and Pom­peo had tak­en place at Trump’s request. Bin­ney him­self acknowl­edged that he had brought up the case of deceased DNC staffer Seth Rich to Pom­peo, ref­er­enc­ing a right-wing con­spir­a­cy the­o­ry that claims that Rich was mur­dered on the orders of Hillary Clin­ton’s cam­paign. Don­ald Trump Jr. also ref­er­enced the con­spir­a­cy the­o­ry in a tweet on Sun­day.

    Bin­ney was one of sev­er­al senior intel­li­gence offi­cials who authored a reanaly­sis of the 2016 DNC hack under the name Vet­er­an Intel­li­gence Pro­fes­sion­als for San­i­ty (VIPS), claim­ing that the DNC emails released by Wik­iLeaks in July of 2016 were in fact leaked “by a per­son with phys­i­cal access to DNC com­put­er,” and not by hack­ers work­ing for the Russ­ian gov­ern­ment, accord­ing to Con­sor­tium News.

    Bin­ney and his col­leagues wrote that the DNC data was copied at much high­er speeds than would be pos­si­ble through a remote inter­net hack, and that they were extract­ed by some­one on the east coast of the US.

    These find­ings con­tra­dict the offi­cial find­ings of the four intel­li­gence agen­cies that inves­ti­gat­ed the inci­dent, which all con­clud­ed that Rus­sia was behind a remote breach of the DNC’s servers con­duct­ed by a hack­er known as Guc­cifer 2.0 who report­ed­ly claimed respon­si­bil­i­ty for the hack last year. In addi­tion, sev­er­al mem­bers of the VIPS group signed an oppos­ing memo that chal­lenged its asser­tions.

    ...

    Pom­peo’s meet­ing with Bin­ney fits into a pat­tern of alle­giance to Trump

    A for­mer CIA offi­cer said that Trump’s insis­tence that Pom­peo, who heads one of the agen­cies that pre­sent­ed the Rus­sia find­ings, meet with Bin­ney was high­ly unusu­al.

    “This is crazy. You’ve got all these intel­li­gence agen­cies say­ing the Rus­sians did the hack. To deny that is like com­ing out with the the­o­ry that the Japan­ese did­n’t bomb Pearl Har­bor,” the offi­cer told the Inter­cept.

    Dean Boyd, the direc­tor of the CIA Office of Pub­lic Affairs, said Pom­peo “stands by, and has always stood by, the Jan­u­ary 2017 Intel­li­gence Com­mu­ni­ty Assess­ment.”

    “The Direc­tor has been adamant that CIA offi­cers have the time, space and resources to make sound and unbi­ased assess­ments that are deliv­ered to pol­i­cy mak­ers with­out fear or favor,” he said.

    But Pom­peo has emerged as a Trump ally in the intel­li­gence com­mu­ni­ty, and he recent­ly made the Coun­ter­in­tel­li­gence Mis­sion Cen­ter report direct­ly to him. The cen­ter will like­ly play a large role in future CIA inquiries into Rus­si­a’s influ­ence on the 2016 elec­tion. He has also stat­ed that Russ­ian med­dling like­ly had no impact on the out­come of the elec­tion.

    ———-
    “Trump report­ed­ly told the direc­tor of the CIA to meet with a for­mer intel­li­gence offi­cial who claims Rus­sia nev­er hacked the DNC” by Michal Kranz; Busi­ness Insid­er; 11/07/2017

    “Pom­peo met with William Bin­ney, the for­mer Nation­al Secu­ri­ty Agency offi­cial who co-wrote the memo with sev­er­al oth­er alleged intel­li­gence vet­er­ans, on Octo­ber 24 at the pres­i­den­t’s urg­ing. Accord­ing to Bin­ney, Pom­peo said Trump told him that if he “want[ed] to know the facts, he should talk to me,” refer­ring to Bin­ney.”

    Yep, Trump him­self is a fan of the Foren­si­ca­tor’s pet the­o­ry that pur­port­ed to some­how prove that the DNC doc­u­ments Guc­cifer released in Sep­tem­ber were lift­ed from the DNC’s servers direct­ly via USB stick or some­thing by a DNC insid­er and the larg­er nar­ra­tive pushed by Bin­ney that this is all part of Seth Rich’s mur­der. Trump is such a big fan that he appar­ent­ly ordered the CIA direc­tor to talk to Bin­ney.

    And now Pom­peo is hav­ing the agency that han­dles the Coun­ter­in­tel­li­gence Mis­sion Cen­ter report direct­ly to him:

    ...
    But Pom­peo has emerged as a Trump ally in the intel­li­gence com­mu­ni­ty, and he recent­ly made the Coun­ter­in­tel­li­gence Mis­sion Cen­ter report direct­ly to him. he cen­ter will like­ly play a large role in future CIA inquiries into Rus­si­a’s influ­ence on the 2016 elec­tion. He has also stat­ed that Russ­ian med­dling like­ly had no impact on the out­come of the elec­tion.

    We have Trump involv­ing him­self in the CIA’s inves­ti­ga­tion of the hacks (isn’t that kind of obstruc­tion of jus­tice-ish?) at the same time Pom­peo is tak­ing more con­trol of the CIA agency that’s going to be tak­ing the lead on future CIA inves­ti­ga­tions into the Krem­lin’s influ­ence on the 2016 elec­tion. Things could start get­ting extra weird with #TrumpRus­sia when some­thing like is report­ed.

    So it’s prob­a­bly worth keep­ing in mind that the Foren­si­ca­tor already qui­et­ly acknowl­edged the mass hole in the the­o­ry’s log­ic in the “Clar­i­fi­ca­tions and Cor­rec­tions” sec­tion of their blog. Despite that, Bin­ney and oth­ers con­tin­ue to push this the­o­ry on the pub­lic and Pres­i­dent Trump is clear­ly lis­ten­ing.

    It’s also worth not­ing that when the anony­mous CIA offi­cer com­pares the evi­dence that Rus­sia was behind the hacks to the evi­dence the Japan­ese attacked Pearl Har­bor that’s the kind of gross mis­rep­re­sen­ta­tion of the actu­al hack­ing evi­dence that is only going to feed into the Seth Rich/DNC insid­er the­o­ries by draw­ing atten­tion to how weak the pub­licly avail­able tech­ni­cal evi­dence that Rus­sia was behind the hacks actu­al­ly is:

    ...
    A for­mer CIA offi­cer said that Trump’s insis­tence that Pom­peo, who heads one of the agen­cies that pre­sent­ed the Rus­sia find­ings, meet with Bin­ney was high­ly unusu­al.

    “This is crazy. You’ve got all these intel­li­gence agen­cies say­ing the Rus­sians did the hack. To deny that is like com­ing out with the the­o­ry that the Japan­ese did­n’t bomb Pearl Har­bor,” the offi­cer told the Inter­cept.
    ...

    ““This is crazy. You’ve got all these intel­li­gence agen­cies say­ing the Rus­sians did the hack. To deny that is like com­ing out with the the­o­ry that the Japan­ese did­n’t bomb Pearl Har­bor,” the offi­cer told the Inter­cept.”

    Unless oth­er world pow­ers dur­ing WWII had the capac­i­ty to fake a Japan­ese air­craft car­ri­er attack in the Pacif­ic it’s noth­ing like deny­ing the Japan­ese bombed Pearl Har­bor to deny that Rus­sia was behind those hacks. Yes, there’s a steadi­ly grow­ing col­lec­tion of facts point­ing at some sort of Russ­ian and Trump cam­paign agreement/collusion of some sort at this point and it’s entire­ly pos­si­ble that involved agree­ments relat­ed to the hacked mate­r­i­al hack­ing , but it’s still impor­tant to keep in mind that the detailed tech­ni­cal evi­dence that the US used to con­clude Rus­sia was behind the hacks has nev­er actu­al­ly been made pub­lic. It’s based on infer­ences around the con­stel­la­tion of fact that the Trump cam­paign and appar­ent Russ­ian oper­a­tives were engaged in some sort of intense game of foot­sie for months cul­mi­nat­ing the June 9th Trump Tow­er meet­ing, and the hack­ers left a myr­i­ad of con­spic­u­ous “I’m a Russ­ian hack­er!” dig­i­tal clues in the hacked doc­u­ments and mal­ware.

    That said, it’s also worth not­ing that we could end up see­ing much more tech­ni­cal evi­dence that Rus­sia was behind the hack made pub­lic if such evi­dence exists for a pret­ty sig­nif­i­cant rea­son: US pros­e­cu­tors are report­ed­ly con­sid­er­ing charges against Russ­ian intel­li­gence offi­cials over the hacks, and that pre­sum­ably means there’s going to be some com­pelling tech­ni­cal evi­dence made pub­lic at some point:

    The Wall Street Jour­nal

    U.S. Pros­e­cu­tors Con­sid­er Charg­ing Russ­ian Offi­cials in DNC Hack­ing Case
    At least six Russ­ian gov­ern­ment offi­cials are iden­ti­fied as part of ongo­ing inves­ti­ga­tion

    By Aruna Viswanatha and Del Quentin Wilber
    Updat­ed Nov. 2, 2017 10:54 a.m. ET

    The Jus­tice Depart­ment has iden­ti­fied more than six mem­bers of the Russ­ian gov­ern­ment involved in hack­ing the Demo­c­ra­t­ic Nation­al Committee’s com­put­ers and swip­ing sen­si­tive infor­ma­tion that became pub­lic dur­ing the 2016 pres­i­den­tial elec­tion, accord­ing to peo­ple famil­iar with the inves­ti­ga­tion.

    Pros­e­cu­tors and agents have assem­bled evi­dence to charge the Russ­ian offi­cials and could bring a case next year, these peo­ple said. Dis­cus­sions about the case are in the ear­ly stages, they said.

    If filed, the case would pro­vide the clear­est pic­ture yet of the actors behind the DNC intru­sion. U.S. intel­li­gence agen­cies have attrib­uted the attack to Russ­ian intel­li­gence ser­vices, but haven’t pro­vid­ed detailed infor­ma­tion about how they con­clud­ed those ser­vices were respon­si­ble, or any details about the indi­vid­u­als alleged­ly involved.

    The high-pro­file hack of the DNC’s com­put­ers played a cen­tral role in the U.S. intel­li­gence community’s assess­ment in Jan­u­ary that “Russ­ian Pres­i­dent Vladimir Putin ordered an influ­ence cam­paign in 2016 aimed at the U.S. pres­i­den­tial elec­tion.” Mr. Putin and the Russ­ian gov­ern­ment have denied med­dling in the U.S. elec­tion.

    Thou­sands of the DNC’s emails and oth­er data, as well as emails from the per­son­al account of John Podes­ta, who served as cam­paign chair­man to 2016 Demo­c­ra­t­ic pres­i­den­tial nom­i­nee Hillary Clin­ton, were made pub­lic by Wik­iLeaks last year.

    The pin­point­ing of par­tic­u­lar Russ­ian mil­i­tary and intel­li­gence hack­ers high­lights the exhaus­tive nature of the government’s probe. It also sug­gests the eager­ness of some fed­er­al pros­e­cu­tors and Fed­er­al Bureau of Inves­ti­ga­tion agents to file charges against those respon­si­ble, even if the result is nam­ing the alleged per­pe­tra­tors pub­licly and mak­ing it dif­fi­cult for them to trav­el, rather than incar­cer­at­ing them. Arrest­ing Russ­ian oper­a­tives is high­ly unlike­ly, peo­ple famil­iar with the probe said.

    Peo­ple famil­iar with the inves­ti­ga­tion drew the par­al­lel to the Jus­tice Department’s deci­sion in March to charge two Russ­ian oper­a­tives and two oth­ers with hack­ing into Yahoo’s com­put­ers start­ing in 2014 and pil­fer­ing infor­ma­tion about 500 mil­lion accounts, one of the largest data breach­es in U.S. his­to­ry. One of the defen­dants in the Yahoo case, a Cana­di­an nation­al, was arrest­ed and has plead­ed not guilty; the oth­er defen­dants are believed to be in Rus­sia.

    Last Decem­ber, the Demo­c­ra­t­ic admin­is­tra­tion of then-Pres­i­dent Barack Oba­ma imposed sanc­tions on Russia’s mil­i­tary-intel­li­gence agency, which uses the acronym GRU, and Russia’s Fed­er­al Secu­ri­ty Ser­vice, Russia’s equiv­a­lent to the Cen­tral Intel­li­gence Agency, in response to the DNC and oth­er hacks. It also named sev­er­al indi­vid­u­als, includ­ing one who was lat­er charged in the Yahoo case.

    Fed­er­al pros­e­cu­tors and fed­er­al agents work­ing in Wash­ing­ton, Pitts­burgh, San Fran­cis­co and Philadel­phia have been col­lab­o­rat­ing on the DNC inves­ti­ga­tion. The inquiry is being con­duct­ed sep­a­rate­ly from Spe­cial Coun­sel Robert Mueller’s inves­ti­ga­tion of alleged Russ­ian med­dling in the 2016 elec­tion and any pos­si­ble col­lu­sion by Pres­i­dent Don­ald Trump’s asso­ciates.

    ...

    Mr. Mueller’s inves­ti­ga­tion result­ed this week in mon­ey-laun­der­ing and tax-relat­ed charges against Paul Man­afort, for­mer chair­man of Mr. Trump’s cam­paign, and Richard Gates, Mr. Manafort’s busi­ness asso­ciate who also worked on the cam­paign.

    George Papadopou­los, who served as a for­eign-pol­i­cy advis­er on Mr. Trump’s cam­paign, plead­ed guilty last month to lying to FBI agents about his deal­ings with Russ­ian go-betweens dur­ing the cam­paign. Messrs. Man­afort and Gates plead­ed not guilty ear­li­er this week.

    A Jus­tice Depart­ment spokesman and an FBI spokes­woman declined to com­ment on the iden­ti­fi­ca­tion of the Russ­ian gov­ern­ment offi­cials alleged­ly behind the DNC hack. The Russ­ian Embassy didn’t respond to a request for com­ment.

    ...

    High-rank­ing U.S. intel­li­gence and law-enforce­ment offi­cials have con­sis­tent­ly stood by the intel­li­gence community’s Jan­u­ary assess­ment.

    In that doc­u­ment, the intel­li­gence com­mu­ni­ty said GRU, “prob­a­bly began cyber oper­a­tions aimed at the U.S. elec­tion by March 2016.” It said the GRU had exfil­trat­ed “large vol­umes of data” from the DNC by May.

    In a state­ment Thurs­day, the DNC said: “It is irrefutable that Rus­sia hacked the DNC and inter­fered in our elec­tion to help elect Pres­i­dent Trump. The Krem­lin must be held account­able for its attack on our coun­try.”

    The Jus­tice Depart­ment and FBI inves­ti­ga­tion into the DNC hack had been under way for near­ly a year, by pros­e­cu­tors and agents with cyber exper­tise, before Mr. Mueller was appoint­ed in May. Rather than take over the rel­a­tive­ly tech­ni­cal cyber inves­ti­ga­tion, Mr. Mueller and the Jus­tice Depart­ment agreed that it would be bet­ter for the orig­i­nal pros­e­cu­tors and agents to retain that aspect of the case, the peo­ple famil­iar with the Jus­tice Depart­ment-FBI probe said.

    It is unclear if pros­e­cu­tors will hold back fil­ing charges until Mr. Mueller com­pletes his inves­ti­ga­tion or wait to iden­ti­fy oth­ers who may have played a role in the DNC hack. Inves­ti­ga­tors believe dozens of oth­ers may have played a role in the cyber­at­tack, the peo­ple said.

    While the alleged hack­ers are unlike­ly to be arrest­ed and pros­e­cut­ed in the U.S., the Jus­tice Depart­ment has been bring­ing more cas­es against alleged hack­ers act­ing on behalf of for­eign gov­ern­ments as a means of mak­ing the alle­ga­tions pub­lic and poten­tial­ly forc­ing a change in behav­ior, peo­ple famil­iar with the strat­e­gy said.

    In the first such case, in 2014, the Jus­tice Depart­ment indict­ed five Chi­nese mil­i­tary offi­cers, alleg­ing they had hacked U.S. com­pa­nies’ com­put­ers to steal trade secrets. Offi­cials said they wit­nessed a drop in such activ­i­ty fol­low­ing the indict­ment. The defen­dants are believed to be in Chi­na; the Chi­nese gov­ern­ment denied the alle­ga­tions.

    In a 2016 case, pros­e­cu­tors charged hack­ers alleged­ly linked to the Iran­ian gov­ern­ment. The defen­dants are believed to be out­side the U.S.

    ————

    “U.S. Pros­e­cu­tors Con­sid­er Charg­ing Russ­ian Offi­cials in DNC Hack­ing Case” by Aruna Viswanatha and Del Quentin Wilber; The Wall Street Jour­nal; 11/02/2017

    “If filed, the case would pro­vide the clear­est pic­ture yet of the actors behind the DNC intru­sion. U.S. intel­li­gence agen­cies have attrib­uted the attack to Russ­ian intel­li­gence ser­vices, but haven’t pro­vid­ed detailed infor­ma­tion about how they con­clud­ed those ser­vices were respon­si­ble, or any details about the indi­vid­u­als alleged­ly involved.”

    This could be a pret­ty dra­mat­ic case. Or a real­ly sad one that replaces evi­dence with blus­ter. We’ll see. But if it those hacks can be con­clu­sive­ly tied to par­tic­u­lar Russ­ian mil­i­tary and intel­li­gence hack­ers that will be quite an accom­plish­ment. And it would be nice to at least have a degree of res­o­lu­tion to the mys­tery of who exact­ly did the hacks. But as the arti­cle notes, that would be the goal of this case. Nam­ing names and mak­ing it more dif­fi­cult for the named peo­ple to trav­el:

    ...
    The pin­point­ing of par­tic­u­lar Russ­ian mil­i­tary and intel­li­gence hack­ers high­lights the exhaus­tive nature of the government’s probe. It also sug­gests the eager­ness of some fed­er­al pros­e­cu­tors and Fed­er­al Bureau of Inves­ti­ga­tion agents to file charges against those respon­si­ble, even if the result is nam­ing the alleged per­pe­tra­tors pub­licly and mak­ing it dif­fi­cult for them to trav­el, rather than incar­cer­at­ing them. Arrest­ing Russ­ian oper­a­tives is high­ly unlike­ly, peo­ple famil­iar with the probe said.
    ...

    So giv­en that arrest of these indi­vid­u­als is unlike­ly it’s unclear what kind of defense case they’ll be mus­ter­ing. And that’s too bad because it would have been fas­ci­nat­ing to see a real legal bat­tle over this top­ic. Fas­ci­nat­ing and pret­ty use­ful now that we’re learn­ing about the CIA direc­tor’s vis­it with Bill Bin­ney to learn more about the Foren­si­ca­tor and the Seth Rich nar­ra­tives under Trump’s orders.

    Posted by Pterrafractyl | November 9, 2017, 12:13 am
  22. #ReleaseThe­Memo!...*memo gets released*...#Sad!

    That was more or less the sequence of events around the now infa­mous “Nunes Memo”, the recent­ly released memo writ­ten by the House Intel­li­gence Com­mit­tee chair­man Devin Nunes that pur­port­ed­ly demon­strat­ed an egre­gious weaponiza­tion of the intel­li­gence com­mu­ni­ty by the Oba­ma admin­is­tra­tion against then-can­di­date Don­ald Trump.

    The memo was sup­posed to show that Trump cam­paign for­eign advi­sor Carter Page had a FISA war­rant issued against him based on the con­tents of the Steele Dossier and, based the GOP’s asser­tions that the Steele Dossier was actu­al­ly pro­duced in a con­spir­a­cy between the Krem­lin and the Demo­c­ra­t­ic Nation­al Com­mit­tee, this would indi­cate that the Oba­ma admin­is­tra­tion was con­scious­ly using fake intel­li­gence pro­vid­ed by the Krem­lin as a jus­ti­fi­ca­tion for spy­ing on the Trump cam­paign. That’s lit­er­al­ly the argu­ment Devin Nunes put for­ward dur­ing an inter­view on Fox News when he said, “So, there is clear evi­dence of col­lu­sion with the Rus­sians, it just hap­pens to be with the Hillary Clin­ton cam­paign and the Demo­c­ra­t­ic Nation­al Com­mit­tee, that the news media fails to talk about or fails to even inves­ti­gate.”

    But, of course, the whole nar­ra­tive — that the Steel Dossier was cen­tral to the counter-intel­li­gence inves­ti­ga­tion into Trump — fell apart upon even casu­al scruti­ny since the memo did­n’t include all of the pri­or sus­pi­cions going back to 2013 that Carter Page had been recruit­ed by Russ­ian agents. Plus, the memo ends with a sen­tence about how the FBI’s counter-intel­li­gence inves­ti­ga­tion into the Trump cam­paign began when the FBI received infor­ma­tion from the Aus­tralian gov­ern­ment about Trump cam­paign oper­a­tive George Papadopou­los brag­ging to Aus­trali­a’s top diplo­mat in the UK, Alexan­der Down­er, about an alleged Krem­lin oper­a­tive — Joseph Mif­sud the mys­te­ri­ous Mal­tese pro­fes­sor — telling Papadopou­los that the Krem­lin had thou­sands of Hillary Clin­ton’s emails.

    It’s a reminder that, while there are seri­ous prob­lems with the inves­ti­ga­tion into the actu­al DNC hacks that pin the blame on the Krem­lin, it’s pret­ty indis­putable that the Trump cam­paign was behav­ing as if it was col­lud­ing with the Krem­lin through­out the cam­paign. Whether it was hir­ing peo­ple like Carter Page, Trump’s own his­to­ry of facil­i­tate mon­ey-laun­der­ing with Russ­ian oli­garchs and oth­er shady char­ac­ters from around the world, or Trump’s open call for Rus­sia to find Hillary’s emails, it’s pret­ty obvi­ous that the Trump cam­paign was almost beg­ging for a counter-intel­li­gence inves­ti­ga­tion with Trump’s behav­ior and per­son­nel (which, inten­tion­al­ly or not, set up the sit­u­a­tion per­fect­ly for a ‘Russ­ian’ hack). And now that there’s a full-blown inves­ti­ga­tion into Trump-Krem­lin col­lu­sion, it’s hard to ignore the fact that the whole Trump admin­is­tra­tion and GOP in gen­er­al has behaved as guilty as pos­si­ble. What pre­cise­ly they are wor­ried about being dis­cov­ered is a fas­ci­nat­ing ques­tion that needs answer­ing, but they cer­tain­ly are all behav­ing like peo­ple with A LOT to hide. Hence this sad Nunes memo, a sign of incred­i­ble des­per­a­tion.

    So giv­en that the Trump White House, and GOP in gen­er­al, appears to be increas­ing­ly des­per­ate to halt the ongo­ing inves­ti­ga­tions — inves­ti­ga­tion into both the Trump cam­paign and Trump’s own per­son­al and busi­ness his­to­ry that undoubt­ed­ly includes a great deal of crim­i­nal­i­ty — the ques­tion of “what’s next?” looms large.
    And that “what’s next” ques­tion brings us to the fol­low­ing incred­i­bly dis­turb­ing sto­ry: The can­di­date to be the next US ambas­sador to South Korea, Vic­tor Cha, recent­ly with­drew his nom­i­na­tion. And on the same day that was announced, Cha pub­lished an op-ed piece in the Wash­ing­ton Post decry­ing what he saw as a US plans for “bloody nose” strat­e­gy against the North Kore­an regime that entails a high-risk lim­it­ed mil­i­tary strike against North Kore­a’s nuclear facil­i­ties that gam­bles that this does­n’t result in a retal­ia­to­ry strike on Seoul:

    The Wash­ing­ton Post

    Vic­tor Cha: Giv­ing North Korea a ‘bloody nose’ car­ries a huge risk to Amer­i­cans

    By Vic­tor Cha
    Jan­u­ary 30, 2018

    Vic­tor Cha is a pro­fes­sor at George­town Uni­ver­si­ty and senior advis­er at the Cen­ter for Strate­gic and Inter­na­tion­al Stud­ies.

    North Korea, if not stopped, will build an arse­nal with mul­ti­ple nuclear mis­siles meant to threat­en the U.S. home­land and black­mail us into aban­don­ing our allies in Asia. North Kore­an dic­ta­tor Kim Jong Un will sell these weapons to state and non­state actors, and he will inspire oth­er rogue actors who want to under­mine the U.S.-backed post­war order. These are real and unprece­dent­ed threats. But the answer is not, as some Trump admin­is­tra­tion offi­cials have sug­gest­ed, a pre­ven­tive mil­i­tary strike. Instead, there is a force­ful mil­i­tary option avail­able that can address the threat with­out esca­lat­ing into a war that would like­ly kill tens, if not hun­dreds, of thou­sands of Amer­i­cans.

    When I was under con­sid­er­a­tion for a posi­tion in this admin­is­tra­tion, I shared some of these views.

    Some may argue that U.S. casu­al­ties and even a wider war on the Kore­an Penin­su­la are risks worth tak­ing, giv­en what is at stake. But a strike (even a large one) would only delay North Korea’s mis­sile-build­ing and nuclear pro­grams, which are buried in deep, unknown places impen­e­tra­ble to bunker-bust­ing bombs. A strike also would not stem the threat of pro­lif­er­a­tion but rather exac­er­bate it, turn­ing what might be a North Kore­an mon­ey­mak­ing endeav­or into a venge­ful effort intend­ed to equip oth­er bad actors against us.

    I empathize with the hope, espoused by some Trump offi­cials, that a mil­i­tary strike would shock Pyongyang into appre­ci­at­ing U.S. strength, after years of inac­tion, and force the regime to the denu­cleariza­tion nego­ti­at­ing table. I also hope that if North Korea did retal­i­ate mil­i­tar­i­ly, the Unit­ed States could con­trol the esca­la­tion lad­der to min­i­mize col­lat­er­al dam­age and pre­vent a col­lapse of finan­cial mar­kets. In either event, the ratio­nale is that a strike that demon­strates U.S. resolve to pur­sue “all options” is nec­es­sary to give the mer­cu­r­ial Kim a “bloody nose.” Oth­er­wise he will remain unde­terred in his nuclear ambi­tions.

    Yet, there is a point at which hope must give in to log­ic. If we believe that Kim is unde­terrable with­out such a strike, how can we also believe that a strike will deter him from respond­ing in kind? And if Kim is unpre­dictable, impul­sive and bor­der­ing on irra­tional, how can we con­trol the esca­la­tion lad­der, which is premised on an adversary’s ratio­nal under­stand­ing of sig­nals and deter­rence?

    Some have argued the risks are still worth tak­ing because it’s bet­ter that peo­ple die “over there” than “over here.” On any giv­en day, there are 230,000 Amer­i­cans in South Korea and 90,000 or so in Japan. Giv­en that an evac­u­a­tion of so many cit­i­zens would be vir­tu­al­ly impos­si­ble under a rain of North Kore­an artillery and mis­siles (poten­tial­ly laced with bio­chem­i­cal weapons), these Amer­i­cans would most like­ly have to hun­ker down until the war was over.

    While our pop­u­la­tion in Japan might be pro­tect­ed by U.S. mis­sile defens­es, the U.S. pop­u­la­tion in South Korea, let alone mil­lions of South Kore­ans, has no sim­i­lar active defens­es against a bar­rage of North Kore­an artillery (aside from coun­ter­fire artillery). To be clear: The pres­i­dent would be putting at risk an Amer­i­can pop­u­la­tion the size of a medi­um-size U.S. city — Pitts­burgh, say, or Cincin­nati — on the assump­tion that a crazy and unde­terrable dic­ta­tor will be ratio­nal­ly cowed by a demon­stra­tion of U.S. kinet­ic pow­er.

    ...

    ———–

    “Vic­tor Cha: Giv­ing North Korea a ‘bloody nose’ car­ries a huge risk to Amer­i­cans” by Vic­tor Cha; The Wash­ing­ton Post; 01/30/2018

    “When I was under con­sid­er­a­tion for a posi­tion in this admin­is­tra­tion, I shared some of these views. ”

    So that’s the thrust of Cha’s op-ed: while he was under con­sid­er­a­tion to be ambas­sador he shared these views about the extreme dan­ger in the “bloody nose” strat­e­gy. And he appar­ent­ly felt so strong­ly about this that he wrote an op-ed about it right after with­draw­ing from con­sid­er­a­tion. And that op-ed notes how “Some have argued the risks are still worth tak­ing because it’s bet­ter that peo­ple die “over there” than “over here”,” so he’s pre­sum­ably echo­ing views he’s heard in these dis­cus­sions:

    ...
    Some have argued the risks are still worth tak­ing because it’s bet­ter that peo­ple die “over there” than “over here.” On any giv­en day, there are 230,000 Amer­i­cans in South Korea and 90,000 or so in Japan. Giv­en that an evac­u­a­tion of so many cit­i­zens would be vir­tu­al­ly impos­si­ble under a rain of North Kore­an artillery and mis­siles (poten­tial­ly laced with bio­chem­i­cal weapons), these Amer­i­cans would most like­ly have to hun­ker down until the war was over.
    ...

    Now, how does this “bloody nose” strat­e­gy relate to the “what’s next?” ques­tion about the GOP’s/Trump’s increas­ing­ly evi­dence des­per­a­tion from some­thing, any­thing, that can shift the atten­tion away from the #TrumpRus­sia inves­ti­ga­tions? Well, accord­ing to a South Kore­an news out­let, White House Nation­al Secu­ri­ty Coun­cil senior direc­tor for Asian affairs Matthew Pot­tinger alleged­ly said in a recent closed-door meet­ing with US Kore­an Penin­su­la experts that a lim­it­ed strike on the North “might help in the midterm elec­tions.” (note that Pot­tinger was brought into the the NSC via his close ties to Michael Fly­nn)

    Now, as Josh Mar­shall notes in the piece below, it turns out that the Eng­lish trans­la­tion of this piece was flubbed a bit and trans­lat­ed in a way that makes it sound like Pot­tinger def­i­nite­ly made these state­ments when, in fact, a more accu­rate trans­la­tion would mere­ly sug­gest that it’s rumored that Pot­tinger made these state­ments. Still, giv­en the over­all mad­ness of Trump and the GOP and their grow­ing des­per­ate and clear lack of a moral core, the pos­si­bil­i­ty that they might be con­sid­er­ing a “bloody-nose” strike just in time for the US mid-terms this Fall is the kind of pos­si­bil­i­ty that can’t be dis­count­ed. At all:

    Talk­ing Points Memo
    Edi­tor’s Blog

    Very, Very Bad

    By Josh Mar­shall | Feb­ru­ary 2, 2018 9:41 pm

    I’d say we need to know more about. Quick­ly.

    From a South Kore­an paper, flagged on Twit­ter by The Wash­ing­ton Post’s Tokyo Bureau Chief …

    Indeed, White House Nation­al Secu­ri­ty Coun­cil senior direc­tor for Asian affairs Matthew Pot­tinger was report­ed as say­ing in a recent closed-door meet­ing with US experts on Kore­an Penin­su­la issues that a lim­it­ed strike on the North “might help in the midterm elec­tions.”

    The Post’s Anna Fifield iden­ti­fies the paper Han­ky­oreh as “left-wing” and that it is the only paper cur­rent­ly report­ing it. I don’t know more about the source. But this sounds like some­thing we need to know more about very quick­ly. The report sug­gests Trump may see such a move not sim­ply in the con­text of the stan­dard efforts to help in a midterm elec­tion but to ward offer fac­ing the prospect of impeach­ment or actu­al inves­ti­ga­tions under a Demo­c­ra­t­ic con­gress.

    Late Update: Some fol­low-on com­men­tary on this report (not­ed here among oth­er places) sug­gests that the trans­la­tion may make it sound more con­crete than it does in the orig­i­nal. More like, “we’ve heard” in a gener­ic sense that it “was report­ed.” So this sounds more like scut­tle­butt, what peo­ple are hear­ing that a con­firmed report. Still, giv­en the stakes and what else we are hear­ing, max­i­mum scruti­ny is war­rant­ed.

    ———-

    “Very, Very Bad” by Josh Mar­shall; Talk­ing Points Memo; 02/02/2018

    “Indeed, White House Nation­al Secu­ri­ty Coun­cil senior direc­tor for Asian affairs Matthew Pot­tinger was report­ed as say­ing in a recent closed-door meet­ing with US experts on Kore­an Penin­su­la issues that a lim­it­ed strike on the North “might help in the midterm elec­tions.”

    That was what just got report­ed in South Kore­a’s news, albeit with more ambi­gu­i­ty about whether or not these state­ments will def­i­nite­ly made by Pot­tinger or if it’s just a rumor. But that ambi­gu­i­ty is no excuse to dis­miss this report so, as Mar­shall points out, we real­ly need answers on this and need them soon. The more des­per­ate the GOP gets the more seri­ous­ly these kinds of reports need to be tak­en.

    So what exact­ly did that Kore­an piece argue? Basi­cal­ly that the cli­mate of rec­on­cil­i­a­tion between North and South Korea prompt­ed by the upcom­ing South Kore­an Win­ter Olympic games has strength­ened the influ­ence of exact­ly the kinds of voiced advo­cat­ing a “bloody-nose” strat­e­gy Cha was warn­ing about and that this is insane­ly dan­ger­ous for South Korea:

    Han­ky­oreh

    [Edi­to­r­i­al] Trump’s “bloody nose” strat­e­gy must be com­plete­ly off the table

    Post­ed on : Feb.2,2018 17:53 KST Mod­i­fied on : Feb.2,2018 17:53 KST

    The so-called “bloody nose” strat­e­gy, refer­ring to a lim­it­ed pre­ven­tive strike against North Korea, has gone pub­lic fol­low­ing the with­draw­al of Vic­tor Cha’s nom­i­na­tion as US Ambas­sador to South Korea. The bloody nose is one of the Don­ald Trump administration’s mil­i­tary options: a small-scale, lim­it­ed sur­gi­cal strike against North Kore­an nuclear sites or oth­er nuclear facil­i­ties that osten­si­bly would not pro­voke a response from North Korea.

    There’s no way to know how seri­ous­ly this strat­e­gy has been dis­cussed at the White House. It’s also unclear whether Cha’s nom­i­na­tion was with­drawn because of his oppo­si­tion to the strat­e­gy or for per­son­al rea­sons. But a Jan. 30 con­tri­bu­tion from Cha to the Wash­ing­ton Post sug­gests the truth prob­a­bly has some­thing to do with a debate over the “bloody nose” approach that unfold­ed between hard­lin­ers and mod­er­ates dur­ing the nom­i­na­tion process. That’s what makes the present sit­u­a­tion seem so seri­ous and trou­bling.

    To begin with the idea that North Korea “wouldn’t dare” strike back against the US is both sad and dan­ger­ous. It’s based on a US-cen­tered mind­set that equates a North Kore­an counter-strike with the end of the Pyongyang regime. But with Trump admin­is­tra­tion hard­lin­ers describ­ing Kim Jong-un as “irra­tional and unpre­dictable,” it’s not clear how they are pre­dict­ing he would reach the same mil­i­tary con­clu­sion as them. It’s a gam­ble where the stakes are mil­lions of lives.

    The peo­ple advo­cat­ing the bloody nose approach are either hard­lin­ers with mil­i­tary back­grounds or laypeo­ple in terms of mil­i­tary and secu­ri­ty issues. In most cas­es, their under­stand­ing of the Kore­an Penin­su­la or North Korea is close to zero. These peo­ple seem to pos­sess author­i­ty that far out­strips their abil­i­ties. They’re also arro­gant and rash.

    Accord­ing to Cha’s Wash­ing­ton Post piece, some ultra-hard­lin­ers have argued that the risk of endan­ger­ing the lives of the 230,000 Amer­i­cans liv­ing in South Korea if the bloody nose strat­e­gy esca­lates is worth tak­ing in terms of “long-term inter­ests” and the “safe­ty of Amer­i­cans liv­ing in the con­ti­nen­tal US.” The fates of 50 mil­lion South Kore­ans don’t even war­rant a men­tion.

    The rea­son hard­line voic­es have got­ten so much loud­er in the White House late­ly has much to do with the dis­cus­sions occur­ring between South and North Korea for the Pyeongchang Olympics. It appears to be an attempt to stop a cli­mate of rec­on­cil­i­a­tion from form­ing on the penin­su­la. Giv­en their lack of faith in denu­cleariza­tion, they seem to believe the North Kore­an nuclear pro­gram will become irre­versible if rec­on­cil­i­a­tion occurs at a time of inten­si­fy­ing sanc­tions.

    Mean­while, the Rus­sia scan­dal is rais­ing the pos­si­bil­i­ty that Trump not only faces a dif­fi­cult road to re-elec­tion but could end up impeached. Depend­ing on how the mid-term elec­tions in Novem­ber turn out, he could find him­self a lame duck. This rais­es the trou­bling ques­tion of whether he might con­sid­er a strike against North Korea as a way out of his domes­tic polit­i­cal cri­sis.

    Indeed, White House Nation­al Secu­ri­ty Coun­cil senior direc­tor for Asian affairs Matthew Pot­tinger report­ed­ly said in a recent closed-door meet­ing with US experts on Kore­an Penin­su­la issues that a lim­it­ed strike on the North might help in the midterm elec­tions.

    ...

    ———–

    “[Edi­to­r­i­al] Trump’s “bloody nose” strat­e­gy must be com­plete­ly off the table”;
    Han­ky­oreh; 02/02/2018

    The rea­son hard­line voic­es have got­ten so much loud­er in the White House late­ly has much to do with the dis­cus­sions occur­ring between South and North Korea for the Pyeongchang Olympics. It appears to be an attempt to stop a cli­mate of rec­on­cil­i­a­tion from form­ing on the penin­su­la. Giv­en their lack of faith in denu­cleariza­tion, they seem to believe the North Kore­an nuclear pro­gram will become irre­versible if rec­on­cil­i­a­tion occurs at a time of inten­si­fy­ing sanc­tions.”

    Peace and rec­on­cil­i­a­tion rep­re­sent and exis­ten­tial threat that must be stopped with a “bloody-nose” strike on North Korea. That’s the view of US hard­lin­ers accord­ing to this piece. And giv­en the omi­nous nature of Cha’s op-ed it’s hard to dis­re­gard this analy­sis.

    Also note that the US is offi­cial­ly deny­ing that Cha’s with­draw­al for con­sid­er­a­tion as ambas­sador had any­thing to do with dif­fer­ences in pol­i­cy, although US diplo­mat­ic sources refuse to say why exact­ly Cha with­drew:

    Han­ko­reh

    Diplo­mat­ic source: Cha’s ambas­sador­ship with­draw­al unre­lat­ed to pol­i­cy dif­fer­ences with Trump admin­is­tra­tion

    By Kim Ji-eun, staff reporter
    Post­ed on : Feb.3,2018 16:43 KST Mod­i­fied on : Feb.3,2018 16:43 KST

    The source declined to dis­cuss the actu­al rea­sons behind the deci­sion

    The with­draw­al of Cen­ter for Strate­gic and Inter­na­tion­al Stud­ies (CSIS) Korea chair Vic­tor Cha’s nom­i­na­tion as US Ambas­sador to South Korea was not relat­ed to pol­i­cy dif­fer­ences with the White House on mil­i­tary action against North Korea, a diplo­mat­ic source in Seoul said.

    “The press has been report­ing that [Cha’s] with­draw­al was because of North Korea pol­i­cy and clash­es of opin­ion on poli­cies relat­ed to the mil­i­tary option, but that was not the case,” a for­eign affairs source famil­iar with South Korea-US rela­tions told reporters on Feb. 2.

    “As far as I have ascer­tained, the rea­son for the with­draw­al was not dif­fer­ences on North Korea poli­cies involv­ing a mil­i­tary clash, and var­i­ous oth­er fac­tors were respon­si­ble,” the source explained.

    ...

    “The fact of Vic­tor Cha drop­ping out and the fact of the US mil­i­tary option against the North are not log­i­cal­ly con­nect­ed,” the source stressed.

    The source went on to say that the US mil­i­tary option against North Korea is “not very fea­si­ble at the cur­rent stage.”

    “At the present stage, [the US] is focus­ing on diplo­mat­ic and peace­ful efforts [to resolve North Korea-relat­ed issues].”

    The so-called “bloody nose” strat­e­gy, which has quick­ly gained atten­tion in the wake of Cha’s with­draw­al, is viewed as dis­tinct from pre­ven­tive war or a pre­emp­tive strike. Instead, it is report­ed­ly a term for US mil­i­tary pol­i­cy con­cept that seeks to dis­cour­age nuclear and mis­sile “provo­ca­tions” from the North through lim­it­ed mil­i­tary action in a form that min­i­mizes the like­li­hood of esca­la­tion.

    The approach has been open­ly dis­cussed among White House hard­lin­ers since ear­ly 2018 as inter-Kore­an dia­logue began gath­er­ing momen­tum. Experts inter­pret­ed it as their attempt to nip the restora­tion of inter-Kore­an rela­tions in the bud.

    The source kept qui­et on the actu­al rea­sons for Cha’s with­draw­al.

    “It’s a per­son­nel-relat­ed mat­ter that I can’t real­ly talk about specif­i­cal­ly,” the source said.

    “If I had to say some­thing, I would say that US soci­ety is a lot more com­plex than we think.”

    The US gov­ern­ment report­ed­ly respond­ed to the grow­ing ques­tions about Cha’s with­draw­al by explain­ing to Seoul that the rea­son was “not dif­fer­ences on North Korea pol­i­cy.”

    ———-

    “Diplo­mat­ic source: Cha’s ambas­sador­ship with­draw­al unre­lat­ed to pol­i­cy dif­fer­ences with Trump admin­is­tra­tion” by Kim Ji-eun; Han­ko­reh; 02/03/2018

    ““As far as I have ascer­tained, the rea­son for the with­draw­al was not dif­fer­ences on North Korea poli­cies involv­ing a mil­i­tary clash, and var­i­ous oth­er fac­tors were respon­si­ble,” the source explained.”

    That’s the US diplo­mat­ic line on Cha: no, it def­i­nite­ly was­n’t pol­i­cy dif­fer­ences that prompt­ed his with­draw­al. It was “var­i­ous­ly oth­er fac­tors”. What fac­tors? Uhh...they can’t say oth­er than that they are “per­son­nel-relat­ed”:

    ...
    The source kept qui­et on the actu­al rea­sons for Cha’s with­draw­al.

    “It’s a per­son­nel-relat­ed mat­ter that I can’t real­ly talk about specif­i­cal­ly,” the source said.
    ...

    And what about Cha’s warn­ings about the “bloody-nose” strike being under seri­ous con­sid­er­a­tion? Well, the dipo­mat­ic source says not to wor­ry since it’s not fea­si­ble “not very fea­si­ble at the cur­rent stage”:

    ...
    The source went on to say that the US mil­i­tary option against North Korea is “not very fea­si­ble at the cur­rent stage.”

    “At the present stage, [the US] is focus­ing on diplo­mat­ic and peace­ful efforts [to resolve North Korea-relat­ed issues].”
    ...

    It’s not exact­ly reas­sur­ing.

    So how con­cerned should we be that Trump and the GOP are seri­ous­ly plan­ning on attack­ing North Korea in part for polit­i­cal gain in the lead up to the mid-terms? Well, beyond the obvi­ous and grow­ing des­per­a­tion of the Trump and the GOP and their will­ing­ness to engage in high-risk ill-con­ceived gam­bits, there’s anoth­er very big rea­son to be very con­cerned: Recall the recent report about how Pres­i­dent Trump isn’t so con­cerned about the mid-terms. Why was­n’t he con­cerned? Because he appar­ent­ly has been telling peo­ple in the White House that he doesn’t think the 2018 elec­tion has to be as bad as oth­ers are pre­dict­ing. And then he ref­er­enced how the GOP did bet­ter in the 2002 midterms fol­low­ing the the Sept. 11 ter­ror­ist attacks:

    The Wash­ing­ton Post

    New alarm among Repub­li­cans that Democ­rats could win big this year

    By Michael Scher­er, Josh Dawsey and Sean Sul­li­van
    Jan­u­ary 14, 2018

    A raft of retire­ments, dif­fi­cul­ty recruit­ing can­di­dates and Pres­i­dent Trump’s con­tin­u­ing pat­tern of throw­ing his par­ty off mes­sage have prompt­ed new alarm among Repub­li­cans that they could be fac­ing a Demo­c­ra­t­ic elec­toral wave in Novem­ber.

    The con­cern has grown so acute that Trump received what one con­gres­sion­al aide described as a “sober­ing” slide pre­sen­ta­tion about the dif­fi­cult midterm land­scape at Camp David last week­end, lead­ing the pres­i­dent to pledge a robust sched­ule of fundrais­ing and cam­paign trav­el in the com­ing months, White House offi­cials said.

    ...

    Repub­li­cans hold the advan­tage of a his­tor­i­cal­ly favor­able elec­toral map, with more House seats than ever ben­e­fit­ing from Repub­li­can-friend­ly redis­trict­ing and a Sen­ate land­scape that puts 26 Demo­c­ra­t­ic seats in play, includ­ing 10 states that Trump won in 2016, and only eight Repub­li­can seats.

    But oth­er indi­ca­tors are clear­ly flash­ing GOP warn­ing signs. Democ­rats have ben­e­fit­ed from sig­nif­i­cant recruit­ment advan­tages — there are at least a half dozen for­mer Army Rangers and Navy SEALs run­ning as Democ­rats this year, for exam­ple — as Repub­li­cans strug­gle to con­vince incum­bents to run for reelec­tion.

    At least 29 House seats held by Repub­li­cans will be open in Novem­ber fol­low­ing announced retire­ments, a greater num­ber for the major­i­ty par­ty than in each of the past three midterm elec­tions when con­trol of Con­gress flipped.

    The president’s own job approval, a tra­di­tion­al har­bin­ger of his party’s midterm per­for­mance, is at record lows as he approach­es a year in office, accord­ing to Gallup. Polls ask­ing which par­ty Amer­i­cans want to see con­trol Con­gress in 2019 show a dou­ble-dig­it advan­tage for Democ­rats.

    “When the wave comes, it’s always under­es­ti­mat­ed in the polls,” said a con­ser­v­a­tive polit­i­cal strate­gist who has met with GOP can­di­dates. “That is the rea­son that Repub­li­cans are duck­ing for cov­er.”

    Amid the onslaught, Repub­li­can strate­gists say they con­tin­ue to pin their party’s elec­toral hopes on the nation’s still-ris­ing eco­nom­ic indi­ca­tors, the poten­tial effects of the recent tax-reform bill and Trump’s abil­i­ty to ral­ly the con­ser­v­a­tive base.

    “The month­ly met­rics are bad, from the gener­ic bal­lot to the Repub­li­can retire­ments to the num­ber of Demo­c­ra­t­ic recruits with mon­ey,” said one Repub­li­can polit­i­cal con­sul­tant, who works with major con­ser­v­a­tive donors involved in the midterms and asked for anonymi­ty to speak frankly. “The big ques­tion is: Is every­thing dif­fer­ent with Trump? Because the major met­rics point to us los­ing at least one house of Con­gress.”

    ...

    In pri­vate con­ver­sa­tions, Trump has told advis­ers that he doesn’t think the 2018 elec­tion has to be as bad as oth­ers are pre­dict­ing. He has ref­er­enced the 2002 midterms, when George W. Bush and Repub­li­cans fared bet­ter after the Sept. 11 ter­ror­ist attacks, these peo­ple said.

    ...

    ———-

    “New alarm among Repub­li­cans that Democ­rats could win big this year” by Michael Scher­er, Josh Dawsey and Sean Sul­li­van; The Wash­ing­ton Post; 01/14/2018

    “In pri­vate con­ver­sa­tions, Trump has told advis­ers that he doesn’t think the 2018 elec­tion has to be as bad as oth­ers are pre­dict­ing. He has ref­er­enced the 2002 midterms, when George W. Bush and Repub­li­cans fared bet­ter after the Sept. 11 ter­ror­ist attacks, these peo­ple said.”

    Yep, it’s not just Pot­tinger on the NSC report­ed­ly mur­mur­ing about war for polit­i­cal gain. It’s Trump too. And that is why it is prob­a­bly very appro­pri­ate to be very con­cerned that we are about to see a nuclear ‘wag-the-dog’ sce­nario this year. Well, that and the fact that, again, Trump and the GOP appear to be so des­per­ate to change the con­ver­sa­tion about Trump that they’re los­ing their minds.

    It’s also a reminder that, for all the legit­i­mate con­cerns about the #TrumpRus­sia inves­ti­ga­tion and the GOP’s response lead­ing to a con­sti­tu­tion­al cri­sis or a US/Russia show­down over Ukraine spi­ral­ing into a WWIII sit­u­a­tion (all it poten­tial­ly takes is one nasty hack blamed on Rus­sia), we should­n’t lim­it the pos­si­ble reper­cus­sions from this cri­sis to things direct­ly involv­ing Rus­sia in this sit­u­a­tion. The mad­ness and des­per­a­tion ani­mat­ing Trump and the GOP can lash out in all sorts of dif­fer­ent hor­ri­ble direc­tions.

    Posted by Pterrafractyl | February 3, 2018, 3:12 pm
  23. And the twists keep com­ing: There’s a new fig­ure involved in the Felix Sater/Michael Cohen/Andrii Arte­men­tko ‘peace plan’ scheme. For­mer GOP con­gress­man Curt Wel­don appears to be in the mid­dle it all too. And if Wel­don’s alleged com­ments are too, Russ­ian oli­garch Vik­tor Vek­sel­berg might also be involved.

    It turns out Wel­don and Arte­menko have known each oth­er for over a decade. Wel­don is also know for endur­ing Rus­sia-relat­ed scan­dals, adding to the intrigue. And while it’s unclear at this point how exact­ly they got to know each oth­er, it’s worth recall­ing that one of Arte­menko’s areas of inter­est is defense con­tract­ing in the Mid­dle East. And it turns out that one of the Rus­sia-relat­ed scan­dals Curt Wel­don has had to deal with was a 2008 scan­dal involv­ing a Penn­syl­va­nia-based defense con­trac­tor, Defense Solu­tion, which employed Wel­don. And in addi­tion to part­ner­ing with Rus­si­a’s state weapons agency at a time when it was on the US gov­ern­ment black­list, Defense Solu­tion was also try­ing to cor­ner the mar­ket on Ukrain­ian-sup­plied armored per­son­nel car­ri­ers to Iraq. So you have to won­der if that’s how Wel­don and Arte­menko met over a decade ago.

    Now, regard­ing Wel­don’s role the ‘peace plan’, this is based on two sources. One named and one unnamed. The named source, Tom­my Allen, the founder of Allen Tac­ti­cal Secu­ri­ty Con­sul­tants, claims that Wel­don actu­al­ly ask him to vet Artemenko’s plan.

    But it’s the unnamed source that has the most explo­sive claims: accord­ing to this source, he was hav­ing a meet­ing with Wel­don in March of 2017. It was a meet­ing of around 4–5 peo­ple to dis­cuss Wel­don’s busi­ness. And when the top­ic of Rus­sia came up Wel­don appar­ent­ly spon­ta­neous­ly start­ed talk­ing about how upset he was that the ‘peace plan’ had been exposed in the news just a cou­ple of weeks ear­li­er. And it was dur­ing this out­burst that Wel­don lament­ed that they were so close to get­ting the deal done and that Vik­tor Vek­sel­berg had even agreed to finance the pro­mo­tion of this.

    There are two recent sto­ries that add cred­i­bil­i­ty to this claim: the first is that Vek­sel­berg and Cohen met 11 days before Trump’s inau­gu­ra­tion. And then sec­ond is the recent rev­e­la­tion that Colum­bus Nova, a New York based invest­ment man­age­ment firm owned by Vik­tor Vek­sel­berg’s cousin, paid Michael Cohen over $500,000 over from Jan­u­ary to August of 2017 for Cohen’s con­sult­ing ser­vices. Cohen, it turns out, basi­cal­ly start­ed sell­ing access to Trump as part of a con­sult­ing ser­vice after Trump won. He even took $400,000 from the gov­ern­ment of Ukraine to secure a meet­ing between Trump and Petro Poroshenko.

    And now we learn that Vik­tor Vek­sel­berg’s cousin paid Cohen over $500,000 on con­sult­ing fees start­ing in Jan­u­ary 2017 and Curt Wel­don blurt­ed out that Vek­sel­berg agreed to finance the pro­mo­tion of the ‘peace plan’. It’s why Wel­don is now being see­ing as pos­si­ble miss­ing piece in the Rus­sia probe:

    The Atlantic

    Sen­ate Inves­ti­ga­tors May Have Found a Miss­ing Piece in the Rus­sia Probe

    An ex-con­gress­man alleged­ly has ties to the Trump campaign—as well as to pow­er­ful fig­ures in Rus­sia and Ukraine. Find­ing out what he knows is cru­cial, a top Demo­c­rat in the Sen­ate says.

    Natasha Bertrand
    Jun 7, 2018
    Updat­ed June 8, 2018 at 5:28 p.m. ET

    An ex-con­gress­man has attract­ed scruti­ny from the Sen­ate Judi­cia­ry Com­mit­tee, as it con­tin­ues to inves­ti­gate whether Pres­i­dent Don­ald Trump’s cam­paign con­spired with Moscow to sway the 2016 pres­i­den­tial elec­tion.

    Curt Wel­don, a Repub­li­can and for­mer Penn­syl­va­nia con­gress­man, lost his reelec­tion cam­paign more than a decade ago fol­low­ing an FBI probe into his ties to two Russ­ian com­pa­nies. He has “con­nec­tions to both Rus­sia and the Trump cam­paign” that are rais­ing sus­pi­cions among sen­a­tors, a spokes­woman for Demo­c­ra­t­ic Sen­a­tor Dianne Fein­stein said. Fein­stein is the committee’s rank­ing mem­ber, and wants to inter­view Wel­don, the spokes­woman said.

    The rea­sons for the committee’s inter­est in Wel­don are murky, but his ties to Rus­sia are sig­nif­i­cant. Mem­bers of Con­gress believe, for exam­ple, that Wel­don may lead to answers about why the Trump admin­is­tra­tion sought to lift sanc­tions on Rus­sia in the after­math of the 2016 elec­tion despite a pub­lic state­ment by intel­li­gence agen­cies that the Krem­lin tried to help Trump win. Wel­don may also have infor­ma­tion about the role a Russ­ian oli­garch may have played in try­ing to influ­ence the Trump administration—though Wel­don denied this when I asked him about it.

    ...

    At issue is the ques­tion of whether the pres­i­dent and his asso­ciates have sought to trade favors with for­eign enti­ties for per­son­al gain. Mueller has been inves­ti­gat­ing, for exam­ple, whether Paul Man­afort, Trump’s for­mer cam­paign chair­man, tried to use his posi­tion to repay old debts to a Russ­ian oli­garch, and whether Ivan­ka Trump and her hus­band, Jared Kush­n­er, have influ­enced Trump’s for­eign-pol­i­cy deci­sions based on their busi­ness inter­ests. Mueller is also inves­ti­gat­ing for­eign-linked donors to Trump’s inau­gu­ra­tion fund.

    Asked how Wel­don was con­nect­ed to the cam­paign, Feinstein’s office would not elab­o­rate, cit­ing the sen­si­tiv­i­ty of the Judi­cia­ry Committee’s ongo­ing inves­ti­ga­tion. Wel­don declined mul­ti­ple inter­view requests. But a let­ter Fein­stein sent last year to Trump’s long­time per­son­al attor­ney, Michael Cohen, may pro­vide a clue. In it, Fein­stein asked for all of Cohen’s com­mu­ni­ca­tions “to, from, or copied to” Wel­don, as well as cor­re­spon­dence “relat­ed to” Wel­don, along with near­ly two dozen oth­er peo­ple.

    Weldon’s name stuck out—he had served as a mem­ber of Con­gress and had not been men­tioned pre­vi­ous­ly in rela­tion to the Rus­sia inves­ti­ga­tion. But his con­nec­tion to Cohen may lie in a mutu­al acquain­tance who has since tes­ti­fied before Mueller’s grand jury: a for­mer mem­ber of the Ukrain­ian Par­lia­ment named Andrii Arte­menko.

    ———-

    In Jan­u­ary 2017, short­ly after Trump’s inau­gu­ra­tion, Arte­menko met with Cohen at a New York City hotel to dis­cuss bring­ing peace to Rus­sia and Ukraine. Also present was Felix Sater, a friend of Cohen’s and a for­mer busi­ness part­ner of Trump’s. All three men con­firmed to me that this meet­ing took place. When Arte­menko pitched the peace plan, which involved lift­ing sanc­tions on Rus­sia in exchange for Russia’s retreat from east­ern Ukraine, Cohen said he would deliv­er it to then–National-Security advis­er Michael Fly­nn, accord­ing to The The New York Times. Arte­menko told the news­pa­per that he had received encour­age­ment for his peace plan from top aides to Russ­ian Pres­i­dent Vladimir Putin. Arte­menko also told me that he had got­ten “con­fir­ma­tion” that the peace plan had been left on Flynn’s desk. But Cohen walked back his sto­ry after the meet­ing was exposed by the Times, insist­ing that he had thrown the plan in the garbage. (Fly­nn has not respond­ed to mul­ti­ple requests for com­ment.)

    Wel­don, who has known Arte­menko, the Ukrain­ian politi­cian, for more than a decade, was furi­ous that The New York Times had learned about the meet­ing, accord­ing to a per­son who spoke with him at a sep­a­rate gath­er­ing last March, two weeks after the sto­ry in the Times had been pub­lished. “We were so close,” Wel­don com­plained, this source recalled. Then Wel­don dropped a bomb­shell: “He said [he and Arte­menko] had already secured fund­ing for the pro­mo­tion of the plan from Vik­tor Vekselberg’s fund in New York City.”

    Vek­sel­berg, a Russ­ian oli­garch who attend­ed Trump’s inau­gu­ra­tion, was ques­tioned by Mueller’s team late last year, accord­ing to The New York Times. The peace plan would have ben­e­fit­ed Vek­sel­berg: He has been doing busi­ness in the Unit­ed States since at least 1990, when he co-found­ed the con­glom­er­ate Ren­o­va Group as a joint U.S.-Russian ven­ture. Attempts to reach Vek­sel­berg through his busi­ness were unsuc­cess­ful.

    Accord­ing to the source who alleged­ly spoke to Wel­don in March, Wel­don ref­er­enced Colum­bus Nova, a New York City invest­ment man­age­ment firm, as being involved in the fund­ing of his and Artemenko’s plan. After this sto­ry was ini­tial­ly pub­lished, Colum­bus Nova denied par­tic­i­pat­ing in any­thing relat­ed to a Ukran­ian peace plan, but acknowl­edged that Ren­o­va Group and Vek­sel­berg are its biggest clients. A spokesman for Colum­bus Nova said the com­pa­ny is “dum­found­ed” by the idea that it was “ever approached by any­body to par­tic­i­pate in any­thing relat­ed to a Ukrain­ian peace plan.”

    When a source first relayed the con­ver­sa­tion with Wel­don to me ear­li­er this year, it had not yet been report­ed that Colum­bus Nova gave more than $500,000 to Cohen’s LLC, Essen­tial Con­sul­tants, over a sev­en-month peri­od in 2017. Weldon’s alleged ref­er­ence to Colum­bus Nova, and his com­ment about Vekselberg’s role in fund­ing the plan’s pro­mo­tion, renews ques­tions about what that $500,000 was actu­al­ly for.

    The New York Times has report­ed that Cohen and Vek­sel­berg met 11 days before Trump’s inau­gu­ra­tion, and dis­cussed U.S.–Russia rela­tions. Colum­bus Nova acknowl­edged in a state­ment that it hired Cohen “after the inau­gu­ra­tion” for con­sult­ing work, but insist­ed that Vek­sel­berg had noth­ing to do with it. “Colum­bus Nova itself is not now, and has nev­er been, owned by any for­eign enti­ty or per­son includ­ing Vik­tor Vek­sel­berg or the Ren­o­va Group,” the state­ment read. Colum­bus Nova did not men­tion in the state­ment that its pres­i­dent, Andrew Intrater, is Vekselberg’s cousin. The com­pa­ny did acknowl­edge it had hired Cohen as a “busi­ness con­sul­tant.”

    Accord­ing to the BBC, Cohen has in the past lever­aged his rela­tion­ship with the pres­i­dent to land a lucra­tive deal with a for­eign enti­ty. The out­let report­ed last month that Ukraine paid Cohen at least $400,000 to arrange a meet­ing between Trump and Ukrain­ian Pres­i­dent Petro Poroshenko in June 2017. (Poroshenko and Cohen have both denied that mon­ey was exchanged.)

    Nei­ther Cohen nor his attor­ney respond­ed to mul­ti­ple requests for com­ment regard­ing the pay­ments Cohen’s com­pa­ny received from Colum­bus Nova in 2017. They also ignored repeat­ed ques­tions about whether the mon­ey was con­nect­ed to the pro­posed Rus­sia-Ukraine peace plan. Wel­don told me in a LinkedIn mes­sage: “I have nev­er met Vik­tor Vek­sel­burg [sic] and am not aware of any peace plan that he would have fund­ed.” He then made a ref­er­ence to his work with Ukraine’s Rada, or par­lia­ment, dur­ing his time in office. “As one of the founders of the Rada/Congress Rela­tion­ship dur­ing my 29 years in Con­gress, I spent much time on US/Ukraine rela­tions and tried repeat­ed­ly to strength­en the US/Ukraine rela­tion­ship.”

    Arte­menko, the Ukrain­ian, told me that he and Wel­don have known each oth­er for more than 10 years, but tried to min­i­mize the sig­nif­i­cance of their appear­ance togeth­er at an event, in Feb­ru­ary 2016, about “how Amer­i­cans can pro­mote peace and sta­bil­i­ty in Ukraine.” Last year, Wel­don asked his col­league Tom­my Allen, the founder of Allen Tac­ti­cal Secu­ri­ty Con­sul­tants, to vet Artemenko’s plan, Allen told me. “We were at a meet­ing in Wash­ing­ton, and Arte­menko walked in because he was meet­ing with Curt,” Allen said. “We tried to warn him off of Arte­menko, because you nev­er know who the oli­garchs are behind these guys, and the play­ers behind the play­ers tend to stay pret­ty sta­t­ic.” Allen said he did “not recall” Wel­don ever ask­ing any­one for mon­ey. “The indi­vid­u­als I know of who were pro­vid­ing fund­ing were all U.S. enti­ties.”

    Fast for­ward to anoth­er meet­ing in Wash­ing­ton, the one in March 2017, where Wel­don told my source about Vekselberg’s role in the peace plan. Only four or five peo­ple were in the room, and the gath­er­ing “had noth­ing do with politics—it only had to do with Curt [Weldon]’s busi­ness­es,” this source said. Still, Wel­don “couldn’t help him­self” when the top­ic of Rus­sia came up. “He start­ed say­ing, ‘Putin is not that bad. The U.S. is much worse in many ways.’ He was very cyn­i­cal.” That’s when he start­ed com­plain­ing about the peace plan’s demise, this source said.

    Felix Sater, who says he ini­ti­at­ed the con­ver­sa­tion between Arte­menko and Cohen about the peace plan told me he didn’t remem­ber Vekselberg’s name com­ing up when they gath­ered in New York. He also said that, as far as he knew, Colum­bus Nova hadn’t been involved. He not­ed, how­ev­er, that Cohen had been look­ing for new clients around that time. “It seems clear,” Sater said, “that the com­pa­ny was pay­ing for access.”

    ———-

    “Sen­ate Inves­ti­ga­tors May Have Found a Miss­ing Piece in the Rus­sia Probe” Natasha Bertrand; The Atlantic; 06/07/2018

    “Curt Wel­don, a Repub­li­can and for­mer Penn­syl­va­nia con­gress­man, lost his reelec­tion cam­paign more than a decade ago fol­low­ing an FBI probe into his ties to two Russ­ian com­pa­nies. He has “con­nec­tions to both Rus­sia and the Trump cam­paign” that are rais­ing sus­pi­cions among sen­a­tors, a spokes­woman for Demo­c­ra­t­ic Sen­a­tor Dianne Fein­stein said. Fein­stein is the committee’s rank­ing mem­ber, and wants to inter­view Wel­don, the spokes­woman said.”

    Yes, Curt Wel­don has ties to both the Trump cam­paign and Rus­sia, but as we’re going to see, his pri­ma­ry con­tact in this par­tic­u­lar sto­ry is to Andrii Arte­menko, the Ukrain­ian politi­cians with close ties to far right Right Sector/Pravy Sec­tor neo-Nazi orga­ni­za­tion with a vir­u­lent­ly anti-Russ­ian plat­form:

    ...
    Asked how Wel­don was con­nect­ed to the cam­paign, Feinstein’s office would not elab­o­rate, cit­ing the sen­si­tiv­i­ty of the Judi­cia­ry Committee’s ongo­ing inves­ti­ga­tion. Wel­don declined mul­ti­ple inter­view requests. But a let­ter Fein­stein sent last year to Trump’s long­time per­son­al attor­ney, Michael Cohen, may pro­vide a clue. In it, Fein­stein asked for all of Cohen’s com­mu­ni­ca­tions “to, from, or copied to” Wel­don, as well as cor­re­spon­dence “relat­ed to” Wel­don, along with near­ly two dozen oth­er peo­ple.

    Weldon’s name stuck out—he had served as a mem­ber of Con­gress and had not been men­tioned pre­vi­ous­ly in rela­tion to the Rus­sia inves­ti­ga­tion. But his con­nec­tion to Cohen may lie in a mutu­al acquain­tance who has since tes­ti­fied before Mueller’s grand jury: a for­mer mem­ber of the Ukrain­ian Par­lia­ment named Andrii Arte­menko.
    ...

    Yep, it turns out Wel­don has known Arte­menko for more than a decade.

    So how does Wel­don tie into the Artemenko/Sater/Cohen ‘peace plan’? Well, that’s accord­ing two sources, Tom­my Allen, the founder of Allen Tac­ti­cal Secu­ri­ty Con­sul­tants, and one unnamed source.

    And it’s the unnamed source who claims that Wel­don told him explic­it­ly that Russ­ian oli­garch Vik­tor Vek­sel­berg had already agreed to finance the pro­mo­tion of the plan:

    ...
    Wel­don, who has known Arte­menko, the Ukrain­ian politi­cian, for more than a decade, was furi­ous that The New York Times had learned about the meet­ing, accord­ing to a per­son who spoke with him at a sep­a­rate gath­er­ing last March, two weeks after the sto­ry in the Times had been pub­lished. “We were so close,” Wel­don com­plained, this source recalled. Then Wel­don dropped a bomb­shell: “He said [he and Arte­menko] had already secured fund­ing for the pro­mo­tion of the plan from Vik­tor Vekselberg’s fund in New York City.”
    ...

    Note how Wel­don alleged­ly made this claim about Vek­sel­berg to this unnamed source two weeks after the sto­ry of this ‘peace plan’ scheme was report­ed on in the media, cre­at­ing a giant scan­dal. So Wel­don appar­ent­ly not only admit­ted to being part of this plan but also assert­ed that the Russ­ian gov­ern­ment (or at least top oli­garch) was already behind it. It’s one hel­lu­va an admis­sion giv­en the con­text and the kind of admis­sion you would expect Wel­don to only make to some­one he real­ly trusts if he want­ed it to remain a secret. So he either made this admis­sion to the wrong per­son (since they are talk­ing to the press about it) or this was an admis­sion that was intend­ed to even­tu­al­ly get out.

    But adding to the cred­i­bil­i­ty of this unnamed source is that the recent report­ing about Colum­bus Nova, a New York-based invest­ment man­age­ment firm owned by a cousin of Vik­tor Vek­sel­berg, pay­ing Michael Cohen over $500,000 in 2017 for Cohen’s con­sult­ing ser­vices after Cohen basi­cal­ly made him­self ‘open for busi­ness’ to any­one want­i­ng to pay for access to Trump:

    ...
    Vek­sel­berg, a Russ­ian oli­garch who attend­ed Trump’s inau­gu­ra­tion, was ques­tioned by Mueller’s team late last year, accord­ing to The New York Times. The peace plan would have ben­e­fit­ed Vek­sel­berg: He has been doing busi­ness in the Unit­ed States since at least 1990, when he co-found­ed the con­glom­er­ate Ren­o­va Group as a joint U.S.-Russian ven­ture. Attempts to reach Vek­sel­berg through his busi­ness were unsuc­cess­ful.

    Accord­ing to the source who alleged­ly spoke to Wel­don in March, Wel­don ref­er­enced Colum­bus Nova, a New York City invest­ment man­age­ment firm, as being involved in the fund­ing of his and Artemenko’s plan. After this sto­ry was ini­tial­ly pub­lished, Colum­bus Nova denied par­tic­i­pat­ing in any­thing relat­ed to a Ukran­ian peace plan, but acknowl­edged that Ren­o­va Group and Vek­sel­berg are its biggest clients. A spokesman for Colum­bus Nova said the com­pa­ny is “dum­found­ed” by the idea that it was “ever approached by any­body to par­tic­i­pate in any­thing relat­ed to a Ukrain­ian peace plan.”
    When a source first relayed the con­ver­sa­tion with Wel­don to me ear­li­er this year, it had not yet been report­ed that Colum­bus Nova gave more than $500,000 to Cohen’s LLC, Essen­tial Con­sul­tants, over a sev­en-month peri­od in 2017. Weldon’s alleged ref­er­ence to Colum­bus Nova, and his com­ment about Vekselberg’s role in fund­ing the plan’s pro­mo­tion, renews ques­tions about what that $500,000 was actu­al­ly for.
    ...

    Addi­tion­al­ly, it’s been report­ed that Cohen and Vek­sel­berg met 11 days before Trump’s inau­gu­ra­tion:

    ...
    The New York Times has report­ed that Cohen and Vek­sel­berg met 11 days before Trump’s inau­gu­ra­tion, and dis­cussed U.S.–Russia rela­tions. Colum­bus Nova acknowl­edged in a state­ment that it hired Cohen “after the inau­gu­ra­tion” for con­sult­ing work, but insist­ed that Vek­sel­berg had noth­ing to do with it. “Colum­bus Nova itself is not now, and has nev­er been, owned by any for­eign enti­ty or per­son includ­ing Vik­tor Vek­sel­berg or the Ren­o­va Group,” the state­ment read. Colum­bus Nova did not men­tion in the state­ment that its pres­i­dent, Andrew Intrater, is Vekselberg’s cousin. The com­pa­ny did acknowl­edge it had hired Cohen as a “busi­ness con­sul­tant.”
    ...

    But note how even the Urkain­ian gov­ern­ment paid Cohen $400,000 to get Petro Poroshenko a meet­ing with Trump last year too, so Cohen appeared to be ‘open for busi­ness’ to just about any­one at that point:

    ...
    Accord­ing to the BBC, Cohen has in the past lever­aged his rela­tion­ship with the pres­i­dent to land a lucra­tive deal with a for­eign enti­ty. The out­let report­ed last month that Ukraine paid Cohen at least $400,000 to arrange a meet­ing between Trump and Ukrain­ian Pres­i­dent Petro Poroshenko in June 2017. (Poroshenko and Cohen have both denied that mon­ey was exchanged.)
    ...

    For what it’s worth (which isn’t much), Felix Sater also denies both Vek­sel­berg and Colum­bus Nova played any role in the scheme:

    ...
    Felix Sater, who says he ini­ti­at­ed the con­ver­sa­tion between Arte­menko and Cohen about the peace plan told me he didn’t remem­ber Vekselberg’s name com­ing up when they gath­ered in New York. He also said that, as far as he knew, Colum­bus Nova hadn’t been involved. He not­ed, how­ev­er, that Cohen had been look­ing for new clients around that time. “It seems clear,” Sater said, “that the com­pa­ny was pay­ing for access.”

    So what does Curt Wel­don say about all this? Not sur­pris­ing­ly, he denies any knowl­edge of this peace plan:

    ...
    Nei­ther Cohen nor his attor­ney respond­ed to mul­ti­ple requests for com­ment regard­ing the pay­ments Cohen’s com­pa­ny received from Colum­bus Nova in 2017. They also ignored repeat­ed ques­tions about whether the mon­ey was con­nect­ed to the pro­posed Rus­sia-Ukraine peace plan. Wel­don told me in a LinkedIn mes­sage: “I have nev­er met Vik­tor Vek­sel­burg [sic] and am not aware of any peace plan that he would have fund­ed.” He then made a ref­er­ence to his work with Ukraine’s Rada, or par­lia­ment, dur­ing his time in office. “As one of the founders of the Rada/Congress Rela­tion­ship dur­ing my 29 years in Con­gress, I spent much time on US/Ukraine rela­tions and tried repeat­ed­ly to strength­en the US/Ukraine rela­tion­ship.”
    ...

    But Tom­my Allen, the founder of Allen Tac­ti­cal Secu­ri­ty Con­sul­tants, claims that Wel­don asked him to vet Arte­menko’s ‘peace plan’:

    ...
    Arte­menko, the Ukrain­ian, told me that he and Wel­don have known each oth­er for more than 10 years, but tried to min­i­mize the sig­nif­i­cance of their appear­ance togeth­er at an event, in Feb­ru­ary 2016, about “how Amer­i­cans can pro­mote peace and sta­bil­i­ty in Ukraine.” Last year, Wel­don asked his col­league Tom­my Allen, the founder of Allen Tac­ti­cal Secu­ri­ty Con­sul­tants, to vet Artemenko’s plan, Allen told me. “We were at a meet­ing in Wash­ing­ton, and Arte­menko walked in because he was meet­ing with Curt,” Allen said. “We tried to warn him off of Arte­menko, because you nev­er know who the oli­garchs are behind these guys, and the play­ers behind the play­ers tend to stay pret­ty sta­t­ic.” Allen said he did “not recall” Wel­don ever ask­ing any­one for mon­ey. “The indi­vid­u­als I know of who were pro­vid­ing fund­ing were all U.S. enti­ties.”
    ...

    So that sure sounds like Wel­don was indeed involved with this plan. And it seems like a safe assump­tion that Wel­don asked Allen to vet the plan before it became a new sto­ry.

    Also, regard­ing that Feb­ru­ary 2016 event that both Cohen and Arte­menko spoke at, note how Arte­menko makes some rather inter­est­ing admis­sions in his brief talk (it’s about 10 min­utes). He talks about how he was among the first to take up armed resis­tance against the Yanukovych gov­ern­ment and helped form the vol­un­teer bat­tal­ions (~33:50–34:00 in the video), which is con­sis­tent with the reports that he was involved with the found of Right Sec­tor. He then goes on to dis­cuss how these actions made him a tar­get of Russ­ian pro­pa­gan­da and how his rel­a­tives liv­ing in Rus­sia no longer speak to him as a result (~34:00–35:00 in the video). It’s a reminder that, while Arte­menko cer­tain­ly has no short­age of ties to Rus­sia, it’s hard to find much in his biog­ra­phy that makes him the ‘pro-Russ­ian’ politi­cians he’s vir­tu­al­ly always char­ac­ter­ized as in West­ern media.

    But note how Allen says the fund­ing for the plan would all come from US enti­ties, “The indi­vid­u­als I know of who were pro­vid­ing fund­ing were all U.S. enti­ties.” That’s part of what makes Wel­don’s alleged admis­sion that Vik­tor Vek­sel­berg agreed to finance the pro­mo­tion of the plan so inter­est­ing: He made this claim to this unnamed source dur­ing a gath­er­ing of Wel­don and three or four oth­er peo­ple dur­ing a meet­ing that appar­ent­ly just had to do with Wel­don’s busi­ness­es (so it was prob­a­bly Wel­don’s busi­ness part­ners). But this meet­ing took place after it was a big sto­ry in the news to a group of peo­ple that appar­ent­ly were meet­ing with him over busi­ness, rais­ing the ques­tion of whether or not Wel­don was basi­cal­ly try­ing to give his part­ners a heads up that he was involved in these sto­ry, but also rais­ing the ques­tion of whether or not he was try­ing to put out mis­in­for­ma­tion intend­ed to pro­tect those US enti­ties who agreed to finance the push for the plan:

    ...
    Fast for­ward to anoth­er meet­ing in Wash­ing­ton, the one in March 2017, where Wel­don told my source about Vekselberg’s role in the peace plan. Only four or five peo­ple were in the room, and the gath­er­ing “had noth­ing do with politics—it only had to do with Curt [Weldon]’s busi­ness­es,” this source said. Still, Wel­don “couldn’t help him­self” when the top­ic of Rus­sia came up. “He start­ed say­ing, ‘Putin is not that bad. The U.S. is much worse in many ways.’ He was very cyn­i­cal.” That’s when he start­ed com­plain­ing about the peace plan’s demise, this source said.
    ...

    At the same time, keep in mind that while Colum­bus Nova, which was pay­ing Michael Cohen last year, was owned by Vek­sel­berg’s cousin, it’s also an Amer­i­can firm. So it’s pos­si­ble Colum­bus Nova was one of the Amer­i­can fund­ing sources Allen was talk­ing about.

    At the same time, keep in mind that Colum­bus Nova’s +$500,000 pay­ments to Cohen in 2017 spanned from Jan­u­ary to August, and this ‘peace plan’ was exposed in late Feb­ru­ary 2017. So it seems pret­ty unlike­ly that the pay­ments to Cohen through Colum­bus Nova were part of a plan to indi­rect­ly finance the pro­mo­tion of that peace plan.

    So we’ll see what more emerges for this rev­e­la­tion of Curt Wel­don’s claim that Vik­tor Vek­sel­berg was on board with the ‘peace plan’. But giv­en the pos­si­bil­i­ty that the Russ­ian gov­ern­ment essen­tial­ly agreed to pro­mote this plan, it’s worth keep­ing in mind one of the main com­po­nents of the ‘peace plan’: over­throw­ing the Poroshenko gov­ern­ment in a wave of scan­dalous infor­ma­tion with Arte­menko replac­ing him as Ukraine’s new pres­i­dent. So while the ‘peace plan’ itself does­n’t sound like some­thing the Krem­lin would be inter­est­ed in, see­ing Poroshenko go down in scan­dalous flames just might be. As we saw when the sto­ry of this plan first broke, Arte­menko claimed to have evi­dence — “names of com­pa­nies, wire trans­fer” — show­ing cor­rup­tion for Poroshenko that could help oust him.

    Also, regard­ing the mis­giv­ings the Krem­lin would prob­a­bly have about some­one with Arte­men­tko’s far right polit­i­cal pedi­gree becom­ing pres­i­dent of Ukraine, keep in mind that there is no guar­an­tee Arte­menko would actu­al­ly become Ukraine’s new pres­i­dent if the scan­dalous infor­ma­tion he claimed to pos­sess became pub­lic. In oth­er words, about the only thing guar­an­teed by this ‘peace plan’ is the expo­sure of scan­dalous mate­ri­als about Poroshenko that could lead to new, pos­si­bly far right, gov­ern­ment in Ukraine.

    And there’s anoth­er rea­son the Krem­lin might not mind of the far right took pow­er in Ukraine: it would both dis­cred­it the Ukrain­ian gov­ern­ment and make it much less like­ly that Ukraine ends up join­ing NATO and mov­ing clos­er to the West.

    And that all points towards a fas­ci­nat­ing pos­si­bil­i­ty that real­ly would be quite scan­dalous: While the osten­si­ble focus of this Sater/Cohen/Artemenko scheme was some sort of ‘peace plan’, it’s pos­si­ble that the peace plan angle of this is real­ly just a fig leaf for some­thing very dif­fer­ent: regime change in Ukraine. Again. But this time with the far right tak­ing pow­er result­ing in Ukraine, pos­si­bly result­ing in Ukraine los­ing the sup­port of the West? Because, while a neo-Nazi Ukrain­ian gov­ern­ment with the full back­ing of the West is a Russ­ian night­mare, a neo-Nazi Ukrain­ian gov­ern­ment with­out the back­ing of the West could be a very dif­fer­ent sto­ry from the Krem­lin’s per­spec­tive.

    A win for the glob­al far right, and an indi­rect win for the Krem­lin giv­en how unlik­able the Ukrain­ian gov­ern­ment would sud­den­ly become. Might that have been the real plan? If so, you could def­i­nite­ly see why the Krem­lin could have been onboard.

    Posted by Pterrafractyl | June 9, 2018, 4:30 pm
  24. The sit­u­a­tion in Mid­dle East took anoth­er turn for the worse fol­low­ing news of the Israeli assas­si­na­tion of two top Hamas lead­ers in recent days: one killed in Beirut and the oth­er in Tehran. It was the kind of high­ly provoca­tive act that had many observers won­der­ing of the Netanyahu gov­ern­ment was tak­ing active steps to drag in Unit­ed States into much broad­er region­al war. Adding to the omi­nous feel is the fact that these strikes came just days after Ben­jamin Netanyahu made an appear­ance before Con­gress where he vowed “total vic­to­ry” against Hamas.

    And, of course, this is all months before the US pres­i­den­tial elec­tion that was just turned on its head less than two weeks ago with the great Biden/Harris swap out. Don­ald Trump’s reelec­tion prospects were look­ing a lot bet­ter a month ago.

    So with the prospects of some sort of Israel-relat­ed event trans­form­ing the final months of the US pres­i­den­tial cam­paign and poten­tial­ly swing­ing the momen­tum back towards Don­ald Trump, it’s worth recall one of the biggest rev­e­la­tions we got in mod­ern US pol­i­tics that’s been almost entire­ly for­got­ten: It was Netanyahu’s close trust­ed asso­ciate, Isaac Mol­ho, who was for­ward­ing infor­ma­tion about upcom­ing Wik­ileak dumps to Roger Stone dur­ing the 2016 elec­tion. A rev­e­la­tion that put Netanyahu in the cen­ter of the whole ‘Trump Rus­sia’ fias­co and strong­ly sug­gest­ed an Israel role in the Demo­c­ra­t­ic hacks. Almost entire­ly ignored and for­got­ten.

    And don’t for­get, if Netanyahu real­ly was direct­ly involved with orches­trat­ing the whole 2016 ‘Rus­sia hack’ on behalf of Don­ald Trump, he got away with it. Entire­ly. Even after the sto­ry of his involve­ment was revealed every­one ignored it any­way. It was a wild suc­cess. So with Don­ald Trump again run­ning and again in need of some ‘cam­paign assis­tance’, it seems like we should prob­a­bly be on guard for anoth­er round of ‘Russ­ian hacks’. Or maybe it will be ‘Iran­ian hacks’ this time. ‘Hamas hacks’, per­haps? There’s a range of nar­ra­tives to choose from.

    And that all brings us to an inter­est­ing look back at the inves­ti­ga­tion that result­ed in the ‘Rus­sia did it’ con­clu­sion in the first place. Rolling Stone has a new inter­view of the indi­vid­ual who led that inves­ti­ga­tion: CIA ana­lyst Michael Van Land­ing­ham, the indi­vid­ual even­tu­al­ly tasked with author­ing the first draft of the of the intel­li­gence community’s 2017 assess­ment about Russ­ian elec­tion med­dling. It’s Van Land­ing­ham’s first inter­view describ­ing the expe­ri­ence.

    And while we might hope that some big new inves­tiga­tive rev­e­la­tion was revealed in the inter­view, it was more or less a rehash­ing of what we’ve already heard. A lack of new details that leaves the impres­sion that Van Land­ing­ham’s con­clu­sion was more or less based on the same ‘pub­lic clues’ every­one else was look­ing at. Major ‘pub­lic clues’ left behind thanks to the incred­i­ble ‘mis­take’ made by the hack­ers. Mis­takes like keep­ing their Bit­ly account pub­lic so ANYONE who stum­bles across one of their spearphish­ing emails can poten­tial­ly trace it back to that account and mon­i­tor­ing all the oth­er Bit­ly links gen­er­at­ed for the hack­ing oper­a­tion.

    And then there was ‘mis­take’ the hack­ers made in includ­ing in emails of each of their tar­gets encode in each of the link-short­ened URLs. In oth­er words, once some­one dis­cov­ered their pub­licly avail­able Bit­ly account, not only could they track which short­ened links were being cre­at­ed but who was being tar­get­ed with the link too. And it was that infor­ma­tion on the iden­ti­ties of the spearphish­ing vic­tims that allowed researchers to con­clude that the hack­ers were heav­i­ly tar­get­ing indi­vid­u­als and insti­tu­tions across the for­mer sovi­et union but also gov­ern­ment offi­cials in the West, in par­tic­u­lar peo­ple with a pro­fes­sion­al inter­est in Rus­sia. And that was more or less the infor­ma­tion Van Land­ing­ham relied on in arriv­ing at his assess­ment that it was a Russ­ian hack­ing oper­a­tion. If there was more defin­i­tive infor­ma­tion the US gov­ern­ment based that con­clu­sion on, we have yet to hear about it.

    Inter­est­ing­ly, the secu­ri­ty firm that did this ini­tial analy­sis of the hack­er­s’s pub­lic Bit­ly account, Secure­Works, claimed back in Octo­ber of 2016 that they had been track­ing Fan­cy Bear for a year at that point and watch­ing “in real time” the cre­ation of these Bit­ly accounts. They even watched how the links were clicked by the vic­tims since that’s a fea­ture of the account con­trol pan­el the hack­ers left pub­lic. They saw 4 vic­tims at the DNC click on their links. So the hack­ing of the DNC was effec­tive­ly watch­ing in real time by Secure­Works back in March of 2016. That’s kind of fas­ci­nat­ing.

    One some­what new rev­e­la­tion we get from Van Land­ing­ham is just how dis­gust­ed he was with the qual­i­ty of the intel­li­gence found in the Steele Dossier. “This is garbage,” Van Land­ing­ham recounts think­ing at the time. And yet, the FBI was request­ing that the dossier be includ­ed as evi­dence to sup­port the team’s con­clu­sions. In fact, he claims he threat­ened to quit the team at one point over the FBI’s insis­tence on incor­po­rat­ing the Dossier into the report. In the end, they arrive at a com­pro­mise where the dossier would not be used in the final report but it would be put in the an annex. This isn’t the first time we’ve heard about the con­cerns over the qual­i­ty of the infor­ma­tion in that dossier but it’s inter­est­ing to learn it was seen as so shod­dy that Van Land­ing­ham threat­ened to quit at the same time the FBI was insist­ing it be used as evi­dence.

    So just days after Ben­jamin Netanyahu’s defi­ant speech before Con­gress, we get this big ‘update’ on what actu­al­ly led to the US gov­ern­men­t’s assess­ment that, yes, it was def­i­nite­ly Rus­sia behind the 2016 hacks. An update that com­plete­ly ignores the rev­e­la­tions about Netanyahu’s role and tells us almost noth­ing we did­n’t already know. The kind of update that could only serve to reaf­firm to some­one like Netanyahu just how easy it is to med­dle in a US elec­tion and get away with it. As long as your hack­ing teams leaves enough ‘pub­lic clues’ that point towards a pre­ferred cul­prit, the rest of the cov­er up takes care of itself:

    Rolling Stone

    He Con­firmed Rus­sia Med­dled in 2016 to Help Trump. Now, He’s Speak­ing Out

    Trump viewed the 2017 intel report as his “Achilles heel.” The ana­lyst who wrote it opens up about Trump, Rus­sia and what real­ly hap­pened in 2016

    By Adam Rawns­ley
    July 28, 2024

    It was the sum­mer of 2016 when a man­ag­er at the Cen­tral Intel­li­gence Agency pulled him into a con­fer­ence room, sat him down at a table, and asked him to read the intel­li­gence they had brought.

    Michael van Land­ing­ham wasn’t naive about what the Krem­lin was capa­ble of. His work as an intel­li­gence ana­lyst for the CIA had giv­en him a front-row seat to the destruc­tion that Russia’s spy ser­vices had wrought in places like Syr­ia and Ukraine.

    But this wasn’t about what Rus­sia was doing in some far away coun­try.

    Inside a room wrapped in a vault in the bow­els of the Cen­tral Intel­li­gence Agency’s head­quar­ters, he read the intel­li­gence show­ing that Moscow was try­ing to dis­rupt the 2016 U.S. pres­i­den­tial elec­tion.

    ...

    That was only the begin­ning of a long, strange jour­ney that would place van Land­ing­ham right at the cen­ter of the 2016 campaign’s biggest sto­ry. Months lat­er, the agency assigned him the job of writ­ing the first draft of the intel­li­gence community’s 2017 assess­ment about Russ­ian elec­tion med­dling that con­clud­ed what many had sus­pect­ed: Vladimir Putin did it. And he did it to help Don­ald Trump.

    The 2017 Intel­li­gence Com­mu­ni­ty Assess­ment (ICA), dubbed “Assess­ing Russ­ian Activ­i­ties and Inten­tions in Recent U.S. Elec­tions,” was one of the most con­se­quen­tial doc­u­ments in mod­ern Amer­i­can his­to­ry. It helped trig­ger inves­ti­ga­tions by the House and Sen­ate intel­li­gence com­mit­tees and a spe­cial coun­sel inves­ti­ga­tion, and it fueled an eight-year-long grudge that Trump has nursed against the intel­li­gence com­mu­ni­ty. A Trump aide would lat­er tes­ti­fy that the then-pres­i­dent-elect viewed the report as his “Achilles heel,” because it threat­ened to dimin­ish his sur­prise elec­toral vic­to­ry over Hillary Clin­ton.

    Over the course of three admin­is­tra­tions, the authors of the report have remained most­ly unknown out­side the intel­li­gence com­mu­ni­ty. But now, with his gov­ern­ment career behind him and the prospect of a sec­ond Trump admin­is­tra­tion loom­ing on the hori­zon, van Landg­in­ham opened up about the sto­ry behind the doc­u­ment, the myths that still fol­low it, and what he thinks we can expect from Russ­ian intel­li­gence going for­ward.

    If Trump wins, many observers are brac­ing for his revi­sion­ist his­to­ry of the Rus­sia inves­ti­ga­tions to become an offi­cial Wash­ing­ton par­ty line, with stiff pro­fes­sion­al con­se­quences for those who dare to cross it.

    Trump acolytes, gid­dy at the whiff of pow­er, are prepar­ing to gut the fed­er­al civ­il ser­vice and the so-called “deep state,” on the belief that they’re dens of par­ti­san resis­tance bent on under­min­ing their leader.

    The idea of a Rus­sia “hoax” born with the 2017 report, and the vengeance it sup­pos­ed­ly demands, is now a through­line ani­mat­ing plans for a sec­ond Trump admin­is­tra­tion.

    On the cam­paign trail, Trump has pledged “ret­ri­bu­tion,” the pros­e­cu­tion of his ene­mies, and a cru­sade to “clean out all of the cor­rupt actors in our Nation­al Secu­ri­ty and Intel­li­gence appa­ra­tus.” It has also inspired calls by Trump and his cam­paign advis­ers to aban­don Ukraine to Moscow’s inva­sion, which the for­mer pres­i­dent has said was caused by the so-called Rus­sia “hoax.”

    Gavin Wilde, a Nation­al Secu­ri­ty Agency senior ana­lyst, worked on the intel­li­gence report along­side van Land­ing­ham, and lat­er rose to become a Rus­sia direc­tor on the Nation­al Secu­ri­ty Coun­cil under Trump. He says he’s con­cerned that the MAGA con­spir­a­cy the­o­ries and the poli­cies they inspire could have a chill­ing effect on Amer­i­can intel­li­gence and for­eign pol­i­cy going for­ward.

    ...

    The lead author of the CIA report who would haunt Trump’s pres­i­den­cy wasn’t a Hillary Clin­ton par­ti­san or a ringer for the CIA leadership’s per­son­al pref­er­ences, as MAGA con­spir­a­cy the­o­rists have claimed. He doesn’t have a book to sell, he’s not run­ning for office, and you won’t find him in a cable news green­room.

    Van Land­ing­ham is a man whose brush with his­to­ry came about almost by coin­ci­dence. He’s just an ana­lyst who one day in 2014 found him­self real­ly pissed off.

    A dour car­toon por­trait of Vladimir Putin in an Ushanka fur hat scowls down at a liv­ing room full of bright children’s toys and children’s books. At the sub­ur­ban Madi­son, Wis­con­sin, house where van Land­ing­ham lives, Putin’s fish-faced gaze is the only hint of the analyst’s for­mer clas­si­fied career.

    ...

    In 2014, van Land­ing­ham was a CIA ana­lyst serv­ing a rota­tion at anoth­er intel­li­gence agency (he won’t say which) when Russ­ian-backed oper­a­tives in Ukraine shot down a civil­ian Malaysian air­line as it flew across the coun­try Moscow had just invad­ed.

    “I was real­ly mad about [the air­lin­er] get­ting shot down because there were a bunch of chil­dren on it. I think 80 chil­dren,” he says.

    Rus­sia false­ly claimed that its troops weren’t fight­ing in Ukraine or send­ing weapons to proxy forces. The Krem­lin denied any involve­ment in the inci­dent.

    “What I real­ly didn’t like was that they were lying. You want to demon­strate that they’re lying, right? So I spent some of my time writ­ing a paper about Rus­sia lying and then using mes­sag­ing to den­i­grate the Unit­ed States,” he says.

    At the time, how Rus­sia lies was hard­ly the buzzi­est top­ic, even among Rus­sia nerds. But van Landingham’s exper­tise would soon make him an in-demand ana­lyst when Moscow’s covert pro­pa­gan­da oper­a­tion set its sights on an Amer­i­can pres­i­den­tial elec­tion.

    Dur­ing the 2016 cam­paign, Wik­iLeaks and a hand­ful of self-styled hack­tivist per­sonas began releas­ing tranch­es of hacked doc­u­ments from the Demo­c­ra­t­ic Par­ty, rais­ing con­cerns that the sites were exe­cut­ing part of Russia’s effort to under­mine the elec­tion. The emails, stolen from the Demo­c­ra­t­ic Nation­al Com­mit­tee, the Demo­c­ra­t­ic Con­gres­sion­al Cam­paign Com­mit­tee, and the Clin­ton cam­paign, con­tained much that was mun­dane — cam­paign chair­man John Podesta’s risot­to recipe — but also led to the res­ig­na­tion of DNC chair Deb­bie Wasser­man Schultz after the mes­sages showed par­ty offi­cials secret­ly favor­ing the Clin­ton cam­paign against Sen. Bernie Sanders.

    The intel­li­gence com­mu­ni­ty, anx­ious to fig­ure out what was hap­pen­ing, formed an inter­a­gency task force and van Land­ing­ham was tapped to join it.

    “We had a cou­ple names for it that we were try­ing to come up with. Every­one wants to be on a team with a cool name,” he says. But CIA man­age­ment opt­ed instead to give the team a vaguer, more ano­dyne title: the “fusion cell.”

    Mem­bers of the cell were asked to answer two ques­tions: “Tell us what’s going on and what is going to hap­pen next,” van Land­ing­ham recalls.

    The lat­ter ques­tion was hard­er. “There were just a lot of gaps in knowl­edge,” he says. “I don’t think that we had real­ly the best insight into what was going to hap­pen next until toward the end of the elec­tion.”

    For exam­ple, “There wasn’t that much known about what was the polit­i­cal role of the [Russ­ian hack­ing] units, not just the mil­i­tary or the oper­a­tional role. But what do they do? Who are these peo­ple?” he says.

    Oth­er gaps in under­stand­ing about what was hap­pen­ing were more frus­trat­ing.

    For months, the Clin­ton cam­paign and its sur­ro­gates played coy and shrugged their shoul­ders when asked in pub­lic whether the leaks from their cam­paign were gen­uine. Absent a more coop­er­a­tive set of vic­tims, van Land­ing­ham was left to parse the Clin­ton campaign’s pub­lic utter­ances to fig­ure out whether Russ­ian spies were leak­ing fake doc­u­ments or real ones.

    “At a cer­tain point, come on, guys. These are Podesta’s emails, right? It’s his risot­to recipe. Why not just say that they’re real?” he says. “I would have pre­ferred to not spend that time look­ing for forg­eries and plant­ed doc­u­ments.”

    When Wik­iLeaks pub­lished a tranche of Podesta’s emails in late Octo­ber, the link between the Russ­ian hack­ers and the releas­es became unde­ni­able. The dump con­tained the orig­i­nal spear phish­ing mes­sage that Russ­ian hack­ers had used to trick Podes­ta into cough­ing up his pass­word. News out­lets quick­ly seized on the email, cred­it­ing it for what it was: proof that the Rus­sians were behind the cam­paign.

    Adding to the day-to-day dif­fi­cul­ty with­in the fusion cell were the extra­or­di­nary secu­ri­ty mea­sures the Agency had assigned to its intel­li­gence on the Russ­ian cam­paign. The exis­tence of a for­eign effort to med­dle in an Amer­i­can elec­tion was so poten­tial­ly explo­sive that agency offi­cials kept a tight rein on the intel­li­gence.

    Even van Landingham’s col­leagues out­side the team couldn’t know what he was work­ing on. “I did not admit to any of my work col­leagues at the time there was a fusion cell,” van Land­ing­ham says.

    ...

    As Elec­tion Day drew clos­er, ana­lysts turned their atten­tion toward what Rus­sia might do after the votes were count­ed. “At that point it was like OK, Rus­sia is kind of resigned to Clin­ton win­ning,” van Land­ing­ham. “They gave it their best shot. But here’s what they might try in the Clin­ton admin­is­tra­tion ear­ly on because we thought the prob­lem wouldn’t go away.”

    But on Elec­tion Day, he says, Trump won in a shock vic­to­ry, lead­ing to a dis­turb­ing ques­tion: “Oh fu ck. Did the cam­paign suc­ceed?”

    Still, the elec­tion was over and what Rus­sia had done and why were his­tor­i­cal ques­tions. The fusion cell appeared set to wind down, but Pres­i­dent Oba­ma want­ed the unit’s work memo­ri­al­ized. He ordered the intel­li­gence com­mu­ni­ty to pre­serve the work it had com­plet­ed in the run up to the elec­tion and include it in both clas­si­fied and unclas­si­fied reports.

    Van Land­ing­ham wasn’t pleased. He thought, ‘‘Why do we have to write this? It’s just antag­o­niz­ing the next admin­is­tra­tion.’”

    But it wasn’t just the CIA, the insti­tu­tion, that was on the hook to write the report. Van Landingham’s col­leagues broke the news at a CIA hol­i­day par­ty. Man­agers had tapped him to write the first draft.

    ...

    Among the var­i­ous con­spir­a­cy the­o­ries put forth by MAGA fever swamps about the CIA’s report is the notion that agency direc­tor John Bren­nan hand-picked the authors of the doc­u­ment in an attempt to pre­de­ter­mine its out­come.

    The real­i­ty of van Langinham’s rela­tion­ship to Bren­nan is less dra­mat­ic. He says the two only ever spoke to each oth­er once in Decem­ber 2016, and it took place well after van Land­ing­ham had already begun work on the draft Oba­ma ordered.

    Van Land­ing­ham says the meet­ing took place one night when the direc­tor and his aides got into the ele­va­tor with him as he was head­ed back to his office with some din­ner while work­ing late on the intel­li­gence report. “Good evening,” the CIA direc­tor said, flash­ing no indi­ca­tion he knew whom he was talk­ing to, van Land­ing­ham says.

    Those two words rep­re­sent­ed the sum total of his con­ver­sa­tions with Bren­nan through­out his CIA career.

    The process of com­plet­ing an intel­li­gence report of that grav­i­ty and polit­i­cal sig­nif­i­cance can be tax­ing in nor­mal cir­cum­stances. The expe­dit­ed sched­ule hand­ed down by the White House to fin­ish it made the work tough but the under­ly­ing judge­ments were fair­ly straight­for­ward.

    “It wasn’t a dif­fi­cult ana­lyt­ic call,” he says. “I viewed my role as most­ly like cat­a­loging a his­tor­i­cal thing that had hap­pened. None of my judg­ments should be con­tro­ver­sial because they were all backed up by both com­ments and actions that Rus­sia had per­formed.”

    As the intel­li­gence com­mu­ni­ty tracked the Russ­ian cam­paign through clas­si­fied means, Moscow’s mil­i­tary intel­li­gence hack­ers had left a trail of pub­lic clues behind them. The hack­ers had left their account on a link short­en­ing ser­vice used to craft con­tent for spear phish­ing emails exposed, and researchers at the cyber­se­cu­ri­ty firm Dell Secure­works found it.

    The Russ­ian mil­i­tary hack­ing unit that went after Clin­ton had tar­get­ed up to 4,000 dif­fer­ent email address­es, and it wasn’t just Amer­i­can polit­i­cal oper­a­tives who had got­ten the mes­sages, accord­ing to a report released by the firm in June 2016. Jour­nal­ists and for­mer gov­ern­ment and mil­i­tary offi­cials in the U.S. and Europe had been tar­get­ed, too.

    Van Land­ing­ham, who had been mon­i­tor­ing pub­lic reports about the hack­ing, asked a fel­low ana­lyst work­ing on the report to check his per­son­al email for a mes­sage with the same word­ing as the one leaked in the Podes­ta dump. To their shock, he says, the ana­lyst found an iden­ti­cal mes­sage in a spam fil­ter.

    The same Russ­ian spies who had breached the Clin­ton cam­paign appeared to have tried and failed to hack a CIA offi­cial who would lat­er work on the intel­li­gence community’s assess­ment of their cam­paign, accord­ing to van Land­ing­ham. The ana­lyst wasn’t under­cov­er, but their affil­i­a­tion with the CIA wasn’t pub­lic knowl­edge either. The Rus­sians seemed to know who they were, where they worked, and had tried to learn a whole lot more.

    One of the biggest frus­tra­tions van Land­ing­ham faced while work­ing on the report came not from the Rus­sians but from with­in the U.S. gov­ern­ment.

    The FBI threw him a curve­ball in the form of the Steele Dossier — a com­pi­la­tion of uncor­rob­o­rat­ed gos­sip about Trump and Rus­sia. The dossier was com­piled by for­mer MI6 offi­cer Christo­pher Steele, who had worked as an occa­sion­al paid source for the FBI.

    The dossier’s most noto­ri­ous bit of gos­sip was a dubi­ous claim that Trump had been filmed by Russ­ian intel­li­gence order­ing sex work­ers to uri­nate on a Moscow hotel bed for him dur­ing a 2013 trip. (Trump has repeat­ed­ly denied the so-called “pee tape” claim.) Oth­er tan­ta­liz­ing tales includ­ed a fake sto­ry that for­mer Trump fix­er Michael Cohen had secret­ly trav­eled to Prague in August 2016 to meet with Krem­lin offi­cials.

    Rumors of the dossier had been swirling for a while, but one morn­ing in Decem­ber 2016, an FBI ana­lyst sent over a copy of Steele’s work to the CIA before the entire­ty of its con­tents had become pub­lic.

    Van Land­ing­ham start­ed read­ing and thought, “This is garbage.”

    “On the first read, the Steele Dossier was inde­fen­si­bly trash. The worst pos­si­ble infor­ma­tion dressed up as clan­des­tine­ly obtained intel­li­gence. It was a joke,” he says, dis­dain creep­ing into a fur­rowed brow as he recounts the encounter.

    The bureau’s deci­sion to send it to the agency annoyed him. “Some­one takes a dump on your front doorstep and you’re like, ‘What do I do with this?’ Because you’ve got to touch sh it or it’s going to sit there.”

    What galled van Land­ing­ham even more was the FBI’s request that the CIA use the dossier as evi­dence to sup­port ana­lyt­ic judg­ments in the report he was work­ing on. By that point, he’d been work­ing long hours for weeks, and the strain of it led him to be blunt.

    “I told my boss­es, ‘I’m going to quit if you put this in there. I won’t par­tic­i­pate in this any­more because this is just obvi­ous non­sense,’” he says.

    The agency stood by its ana­lysts. Bren­nan lat­er told the Sen­ate Intel­li­gence Com­mit­tee that the CIA’s ana­lyt­i­cal branch “was very con­cerned about pol­lut­ing the [report] with this mate­r­i­al.” In the face of their objec­tions, the CIA and FBI struck a com­pro­mise that the agency would not include or use the dossier in the final ICA but “agreed to place the mate­r­i­al in an annex,” accord­ing to the committee’s report.

    “The cir­cum­stances may have been extra­or­di­nary — but the peo­ple and the process of putting the [report] togeth­er were remark­ably ordi­nary and mun­dane,” recalls Gavin Wilde, van Landingham’s intel­li­gence com­mu­ni­ty coun­ter­part. “That’s the best descrip­tion of pub­lic ser­vice I can think of. It’s also the high­est com­pli­ment.”

    The unclas­si­fied ver­sion of the intel­li­gence report con­clud­ed that Putin had “ordered an influ­ence cam­paign in 2016 aimed at the U.S. pres­i­den­tial elec­tion,” had “devel­oped a clear pref­er­ence for [Trump]” and “aspired to help [Trump’s] elec­tion chances when pos­si­ble.”

    The report found broad agree­ment with­in the intel­li­gence com­mu­ni­ty except for one point: Had Putin ordered Russia’s spy ser­vices to med­dle in the elec­tion mere­ly to cause bipar­ti­san chaos, or had he want­ed Trump to win?

    Van Land­ing­ham, his CIA col­leagues, and the FBI con­clud­ed with high con­fi­dence that Putin had done it in order to help Trump. The NSA dis­agreed some­what and assigned only mod­er­ate con­fi­dence to the judg­ment. The report spelled out both CIA and NSA’s con­fi­dence lev­els in the final unclas­si­fied report, allow­ing read­ers to see the scope of the nar­row dis­agree­ment.

    The Sen­ate Intel­li­gence Com­mit­tee spent three years inves­ti­gat­ing the Russ­ian influ­ence oper­a­tion and the U.S. response. The bipar­ti­san inves­ti­ga­tion had only praise for the ICA.

    For­mer Rep. Devin Nunes, a MAGA true believ­er and at the time the top Repub­li­can on the House Intel­li­gence Com­mit­tee, was not so enthu­si­as­tic about it. Van Land­ing­ham and his col­leagues in the intel­li­gence com­mu­ni­ty, com­mit­tee staff argued in a report released in April 2018, “did not employ prop­er ana­lyt­ic trade­craft” in con­clud­ing that Putin had been try­ing to help Trump.

    In an awk­ward feat of tim­ing, Putin him­self appeared to set­tle the mat­ter soon after, dur­ing a press con­fer­ence with Trump on July 16, 2018, in Helsin­ki, Fin­land. Asked direct­ly if he want­ed Trump to win, Putin was blunt. “Yes, I want­ed him to win.”

    “Well, he just said it,” van Land­ing­ham recalls of his reac­tion to the press con­fer­ence, throw­ing his arms up. “And every­thing that has come out sub­se­quent­ly proved it.”

    As the 2024 elec­tion draws clos­er, the now-peren­ni­al ques­tion of whether Rus­sia will try to med­dle again comes up. Is van Land­ing­ham wor­ried about a repeat per­for­mance with Trump back on the bal­lot? “No,” he laughs.

    It’s not that he doesn’t expect Russ­ian intel­li­gence to try to cause a new mess. “The thing is that if it’s solid­i­fied in the Russ­ian bureau­crat­ic under­stand­ing that influ­ence oper­a­tions work, or at least they take up ene­mies’ time, they’re just going to keep hap­pen­ing,” he says.

    The stakes for that, how­ev­er, are small in his mind. “I think a pop­u­lar con­cept took over in the U.S. under­stand­ing that influ­ence oper­a­tions work. There’s this idea that if you see some­thing, it’ll influ­ence you. It’s unclear to me whether there are any real effects with a cap­i­tal ‘E’ from these cam­paigns, that they’ve achieved any­thing, or that they’ve changed anybody’s mind.”

    He bris­tles at how his work on Russ­ian influ­ence oper­a­tions, once a nar­row field dis­cussed most­ly by prac­tic­ing intel­li­gence pro­fes­sion­als, got blown out of pro­por­tion by Clin­ton fans keen for a scape­goat after 2016.

    “A lot of Demo­c­ra­t­ic politi­cians used the Russ­ian cam­paign as an excuse for the Clin­ton campaign’s loss,” says van Land­ing­ham. “There were trolls lurk­ing behind every­thing and so for cer­tain peo­ple, any­one they didn’t want to agree with was a Russ­ian troll or Russ­ian co-optee.”

    But as far as the 2024 elec­tion goes, his con­cerns are more prac­ti­cal.

    “What I wor­ry about are the pol­i­cy impli­ca­tions of a pres­i­den­cy that’s friend­ly to Rus­sia or at least friend­ly to Rus­sia because of neg­a­tive par­ti­san­ship,” he says.

    ...

    ———

    “He Con­firmed Rus­sia Med­dled in 2016 to Help Trump. Now, He’s Speak­ing Out” By Adam Rawns­ley; Rolling Stone; 07/28/2024

    The 2017 Intel­li­gence Com­mu­ni­ty Assess­ment (ICA), dubbed “Assess­ing Russ­ian Activ­i­ties and Inten­tions in Recent U.S. Elec­tions,” was one of the most con­se­quen­tial doc­u­ments in mod­ern Amer­i­can his­to­ry. It helped trig­ger inves­ti­ga­tions by the House and Sen­ate intel­li­gence com­mit­tees and a spe­cial coun­sel inves­ti­ga­tion, and it fueled an eight-year-long grudge that Trump has nursed against the intel­li­gence com­mu­ni­ty. A Trump aide would lat­er tes­ti­fy that the then-pres­i­dent-elect viewed the report as his “Achilles heel,” because it threat­ened to dimin­ish his sur­prise elec­toral vic­to­ry over Hillary Clin­ton.”

    Yeah, “one of the most con­se­quen­tial doc­u­ments in mod­ern Amer­i­can his­to­ry” seems like a fair way to char­ac­ter­ize the 2017 Intel­li­gence Com­mu­ni­ty Assess­ment (ICA). And with the per­il of a sec­ond Trump term loom­ing over the ICA’s authors, we’re now see­ing the lead author, Michael van Land­ing­ham, come for­ward to talk about it for the first time. But the threat of Trump’s vengeance isn’t the thing that made the tim­ing of this report notable. It also came just days after Ben­jamin Netan­hayu’s speech before Con­gress. As we’ve seen, it was Netanyahu’s close trust­ed asso­ciate, Isaac Mol­ho, who was for­ward­ing infor­ma­tion about upcom­ing Wik­ileak dumps to Roger Stone dur­ing the 2016 elec­tion. And while US inves­ti­ga­tors may have pre­ferred the “Israel was spy­ing on the Russ­ian hack­ers” expla­na­tion for this sur­prise twist that we did­n’t learn until last year, it was the kind of rev­e­la­tion that obvi­ous­ly rais­es major ques­tions about whether or not the DNC hack­ing oper­at­ing was ulti­mate­ly an Israeli op. There was, of course, zero men­tion of any of this his­to­ry dur­ing Netanyahu’s recent trip to Con­gress. But you have to won­der if the tim­ing of this new account by Van Land­ing­ham — an account that serves to shore up the ‘Rus­sia did it’ con­clu­sion — is just a coin­ci­dence:

    ...
    Inside a room wrapped in a vault in the bow­els of the Cen­tral Intel­li­gence Agency’s head­quar­ters, he read the intel­li­gence show­ing that Moscow was try­ing to dis­rupt the 2016 U.S. pres­i­den­tial elec­tion.

    ...

    That was only the begin­ning of a long, strange jour­ney that would place van Land­ing­ham right at the cen­ter of the 2016 campaign’s biggest sto­ry. Months lat­er, the agency assigned him the job of writ­ing the first draft of the intel­li­gence community’s 2017 assess­ment about Russ­ian elec­tion med­dling that con­clud­ed what many had sus­pect­ed: Vladimir Putin did it. And he did it to help Don­ald Trump.

    ...

    Over the course of three admin­is­tra­tions, the authors of the report have remained most­ly unknown out­side the intel­li­gence com­mu­ni­ty. But now, with his gov­ern­ment career behind him and the prospect of a sec­ond Trump admin­is­tra­tion loom­ing on the hori­zon, van Landg­in­ham opened up about the sto­ry behind the doc­u­ment, the myths that still fol­low it, and what he thinks we can expect from Russ­ian intel­li­gence going for­ward.

    ...

    Gavin Wilde, a Nation­al Secu­ri­ty Agency senior ana­lyst, worked on the intel­li­gence report along­side van Land­ing­ham, and lat­er rose to become a Rus­sia direc­tor on the Nation­al Secu­ri­ty Coun­cil under Trump. He says he’s con­cerned that the MAGA con­spir­a­cy the­o­ries and the poli­cies they inspire could have a chill­ing effect on Amer­i­can intel­li­gence and for­eign pol­i­cy going for­ward.
    ...

    Start­ing off, Van Land­ing­ham acknowl­edges how his team appar­ent­ly had major knowl­edge gaps about who car­ried out the attacks. “There wasn’t that much known about what was the polit­i­cal role of the [Russ­ian hack­ing] units, not just the mil­i­tary or the oper­a­tional role. But what do they do? Who are these peo­ple?” Keep in mind that ‘Russ­ian hack­ers’ were blamed almost imme­di­ate­ly upon the release of this sto­ry:

    ...
    Dur­ing the 2016 cam­paign, Wik­iLeaks and a hand­ful of self-styled hack­tivist per­sonas began releas­ing tranch­es of hacked doc­u­ments from the Demo­c­ra­t­ic Par­ty, rais­ing con­cerns that the sites were exe­cut­ing part of Russia’s effort to under­mine the elec­tion. The emails, stolen from the Demo­c­ra­t­ic Nation­al Com­mit­tee, the Demo­c­ra­t­ic Con­gres­sion­al Cam­paign Com­mit­tee, and the Clin­ton cam­paign, con­tained much that was mun­dane — cam­paign chair­man John Podesta’s risot­to recipe — but also led to the res­ig­na­tion of DNC chair Deb­bie Wasser­man Schultz after the mes­sages showed par­ty offi­cials secret­ly favor­ing the Clin­ton cam­paign against Sen. Bernie Sanders.

    The intel­li­gence com­mu­ni­ty, anx­ious to fig­ure out what was hap­pen­ing, formed an inter­a­gency task force and van Land­ing­ham was tapped to join it.

    “We had a cou­ple names for it that we were try­ing to come up with. Every­one wants to be on a team with a cool name,” he says. But CIA man­age­ment opt­ed instead to give the team a vaguer, more ano­dyne title: the “fusion cell.”

    Mem­bers of the cell were asked to answer two ques­tions: “Tell us what’s going on and what is going to hap­pen next,” van Land­ing­ham recalls.

    The lat­ter ques­tion was hard­er. “There were just a lot of gaps in knowl­edge,” he says. “I don’t think that we had real­ly the best insight into what was going to hap­pen next until toward the end of the elec­tion.”

    For exam­ple, “There wasn’t that much known about what was the polit­i­cal role of the [Russ­ian hack­ing] units, not just the mil­i­tary or the oper­a­tional role. But what do they do? Who are these peo­ple?” he says.
    ...

    And as Van Land­ing­ham also describes, part of what made the work for his team dif­fi­cult was how extreme­ly com­part­men­tal­ized and secre­tive they were. Keep in mind that we saw this com­part­men­tal­iza­tion reflect­ed in the admis­sion by then-CIA direc­tor John Bren­nan dur­ing a con­gres­sion­al tes­ti­mo­ny that it was only four US intel­li­gence agen­cies — the CIA, FBI, NSA, under the direc­tion of ODNI — and NOT all sev­en­teen agen­cies as wide­ly tout­ed that par­tic­i­pat­ed in that inves­ti­ga­tion. So when we see Van Land­ing­ham describe how he almost quit the team in protest over the low qual­i­ty of the FBI’s Steele Dossier, keep in mind the FBI was a MAJOR piece of this inves­tiga­tive team. It was real­ly just some peo­ple from the CIA, NSA, and FBI. That was it. And the CIA guys appar­ent­ly felt the FBI was ped­dling “garbage” but were forced to take it seri­ous­ly any­way:

    ...
    Adding to the day-to-day dif­fi­cul­ty with­in the fusion cell were the extra­or­di­nary secu­ri­ty mea­sures the Agency had assigned to its intel­li­gence on the Russ­ian cam­paign. The exis­tence of a for­eign effort to med­dle in an Amer­i­can elec­tion was so poten­tial­ly explo­sive that agency offi­cials kept a tight rein on the intel­li­gence.

    Even van Landingham’s col­leagues out­side the team couldn’t know what he was work­ing on. “I did not admit to any of my work col­leagues at the time there was a fusion cell,” van Land­ing­ham says.

    ...

    The FBI threw him a curve­ball in the form of the Steele Dossier — a com­pi­la­tion of uncor­rob­o­rat­ed gos­sip about Trump and Rus­sia. The dossier was com­piled by for­mer MI6 offi­cer Christo­pher Steele, who had worked as an occa­sion­al paid source for the FBI.

    The dossier’s most noto­ri­ous bit of gos­sip was a dubi­ous claim that Trump had been filmed by Russ­ian intel­li­gence order­ing sex work­ers to uri­nate on a Moscow hotel bed for him dur­ing a 2013 trip. (Trump has repeat­ed­ly denied the so-called “pee tape” claim.) Oth­er tan­ta­liz­ing tales includ­ed a fake sto­ry that for­mer Trump fix­er Michael Cohen had secret­ly trav­eled to Prague in August 2016 to meet with Krem­lin offi­cials.

    Rumors of the dossier had been swirling for a while, but one morn­ing in Decem­ber 2016, an FBI ana­lyst sent over a copy of Steele’s work to the CIA before the entire­ty of its con­tents had become pub­lic.

    Van Land­ing­ham start­ed read­ing and thought, “This is garbage.”

    “On the first read, the Steele Dossier was inde­fen­si­bly trash. The worst pos­si­ble infor­ma­tion dressed up as clan­des­tine­ly obtained intel­li­gence. It was a joke,” he says, dis­dain creep­ing into a fur­rowed brow as he recounts the encounter.

    The bureau’s deci­sion to send it to the agency annoyed him. “Some­one takes a dump on your front doorstep and you’re like, ‘What do I do with this?’ Because you’ve got to touch sh it or it’s going to sit there.”

    What galled van Land­ing­ham even more was the FBI’s request that the CIA use the dossier as evi­dence to sup­port ana­lyt­ic judg­ments in the report he was work­ing on. By that point, he’d been work­ing long hours for weeks, and the strain of it led him to be blunt.

    “I told my boss­es, ‘I’m going to quit if you put this in there. I won’t par­tic­i­pate in this any­more because this is just obvi­ous non­sense,’” he says.

    The agency stood by its ana­lysts. Bren­nan lat­er told the Sen­ate Intel­li­gence Com­mit­tee that the CIA’s ana­lyt­i­cal branch “was very con­cerned about pol­lut­ing the [report] with this mate­r­i­al.” In the face of their objec­tions, the CIA and FBI struck a com­pro­mise that the agency would not include or use the dossier in the final ICA but “agreed to place the mate­r­i­al in an annex,” accord­ing to the committee’s report.

    “The cir­cum­stances may have been extra­or­di­nary — but the peo­ple and the process of putting the [report] togeth­er were remark­ably ordi­nary and mun­dane,” recalls Gavin Wilde, van Landingham’s intel­li­gence com­mu­ni­ty coun­ter­part. “That’s the best descrip­tion of pub­lic ser­vice I can think of. It’s also the high­est com­pli­ment.”
    ...

    Inter­est­ing­ly, despite being the guy in charge of com­ing to the con­clu­sion that Russ­ian hack­ers were behind the DNC hack, even Van Land­ing­ham goes on to lament how claims of ‘Russ­ian influ­ence’ end­ed get­ting wild­ly over hyped and blown out of pro­por­tion:

    ...
    The stakes for that, how­ev­er, are small in his mind. “I think a pop­u­lar con­cept took over in the U.S. under­stand­ing that influ­ence oper­a­tions work. There’s this idea that if you see some­thing, it’ll influ­ence you. It’s unclear to me whether there are any real effects with a cap­i­tal ‘E’ from these cam­paigns, that they’ve achieved any­thing, or that they’ve changed anybody’s mind.”

    He bris­tles at how his work on Russ­ian influ­ence oper­a­tions, once a nar­row field dis­cussed most­ly by prac­tic­ing intel­li­gence pro­fes­sion­als, got blown out of pro­por­tion by Clin­ton fans keen for a scape­goat after 2016.

    “A lot of Demo­c­ra­t­ic politi­cians used the Russ­ian cam­paign as an excuse for the Clin­ton campaign’s loss,” says van Land­ing­ham. “There were trolls lurk­ing behind every­thing and so for cer­tain peo­ple, any­one they didn’t want to agree with was a Russ­ian troll or Russ­ian co-optee.”
    ...

    So what was it that led Van Land­ing­ham’s team to arrive at the con­clu­sion that Russ­ian hack­ers were respon­si­ble for the 2016 Demo­c­ra­t­ic Par­ty data dumps? Well, we told that the pub­li­ca­tion of a Wik­ileaks tranche in late Octo­ber 2016 pro­vid­ed the con­clu­sive evi­dence. In that tranche was the orig­i­nal spearphish­ing email that tricked John Podes­ta into reveal­ing his pass­word. How did that spearphish­ing email lead to that con­clu­sion? As we’ve seen, the link to the cor­rupt web­site that looked like a Google pass­word-chang­ing site used to cap­ture Podesta’s pass­word was gen­er­at­ed using the Bit­ly link-short­en­ing ser­vice. And the hack­ers appar­ent­ly made the incred­i­ble mis­take of leav­ing their Bit­ly account pub­licly avail­able and open to secu­ri­ty researchers to exam­ine the tar­gets of near­ly 4,000 dif­fer­ent emails tar­get­ed by this hack­ing group. And as that pub­lic Bit­ly account revealed, the tar­gets went far beyond Democ­rats and includ­ed jour­nal­ists and for­mer gov­ern­ment and mil­i­tary offi­cials across the US and Europe. It was an incred­i­ble ‘mis­take’ on the part of the hack­ers that seem­ing­ly left inves­ti­ga­tors the pow­er­ful trail of pub­lic clues that who­ev­er hacked the Democ­rats was inter­est­ed in hack­ing the kind of broad array of nation­al secu­ri­ty-relat­ed tar­gets in the West that we might expect Russ­ian gov­ern­ment hack­ers to be tar­get. Which isn’t actu­al­ly direct evi­dence. It’s infer­ence based on a trail of ‘pub­lic clues’ incred­i­bly left behind by these oth­er­wise sophis­ti­cat­ed hack­ers:

    ...
    When Wik­iLeaks pub­lished a tranche of Podesta’s emails in late Octo­ber, the link between the Russ­ian hack­ers and the releas­es became unde­ni­able. The dump con­tained the orig­i­nal spear phish­ing mes­sage that Russ­ian hack­ers had used to trick Podes­ta into cough­ing up his pass­word. News out­lets quick­ly seized on the email, cred­it­ing it for what it was: proof that the Rus­sians were behind the cam­paign.

    ...

    “It wasn’t a dif­fi­cult ana­lyt­ic call,” he says. “I viewed my role as most­ly like cat­a­loging a his­tor­i­cal thing that had hap­pened. None of my judg­ments should be con­tro­ver­sial because they were all backed up by both com­ments and actions that Rus­sia had per­formed.”

    As the intel­li­gence com­mu­ni­ty tracked the Russ­ian cam­paign through clas­si­fied means, Moscow’s mil­i­tary intel­li­gence hack­ers had left a trail of pub­lic clues behind them. The hack­ers had left their account on a link short­en­ing ser­vice used to craft con­tent for spear phish­ing emails exposed, and researchers at the cyber­se­cu­ri­ty firm Dell Secure­works found it.

    The Russ­ian mil­i­tary hack­ing unit that went after Clin­ton had tar­get­ed up to 4,000 dif­fer­ent email address­es, and it wasn’t just Amer­i­can polit­i­cal oper­a­tives who had got­ten the mes­sages, accord­ing to a report released by the firm in June 2016. Jour­nal­ists and for­mer gov­ern­ment and mil­i­tary offi­cials in the U.S. and Europe had been tar­get­ed, too.

    Van Land­ing­ham, who had been mon­i­tor­ing pub­lic reports about the hack­ing, asked a fel­low ana­lyst work­ing on the report to check his per­son­al email for a mes­sage with the same word­ing as the one leaked in the Podes­ta dump. To their shock, he says, the ana­lyst found an iden­ti­cal mes­sage in a spam fil­ter.

    The same Russ­ian spies who had breached the Clin­ton cam­paign appeared to have tried and failed to hack a CIA offi­cial who would lat­er work on the intel­li­gence community’s assess­ment of their cam­paign, accord­ing to van Land­ing­ham. The ana­lyst wasn’t under­cov­er, but their affil­i­a­tion with the CIA wasn’t pub­lic knowl­edge either. The Rus­sians seemed to know who they were, where they worked, and had tried to learn a whole lot more.
    ...

    Now, giv­en the evi­dence that it was Netanyahu’s close per­son­al asso­ciate who was feed­ing Roger Stone infor­ma­tion about the upcom­ing Demo­c­ra­t­ic leaks, we have to ask: would­n’t mak­ing incred­i­ble ‘mis­takes’ like leav­ing that Bit­ly account pub­lic and hand­ing all these ‘pub­lic clues’ over to inves­ti­ga­tors exact­ly the kind of thing Israeli hack­ers — maybe not gov­ern­ment hack­ers but pri­vate hack­ers affil­i­at­ed with Netanyahu — would have been inclined to do in order to leave a false trail?

    And then there’s the obvi­ous fol­low up ques­tion: if it real­ly was Isre­ali hack­ers asso­ci­at­ed with Netanyahu, why not do it again since it worked out so well the first time? And giv­en Netanyahu’s own polit­i­cal per­il it’s not hard to imag­ine he’ll be even more inclined to take risks than he was in 2016. If Netanyahu got away with it in 2016, what’s in store for 2024? Espe­cial­ly now that Trump’s elec­tion prospects are look­ing far less promis­ing fol­low­ing the Biden/Harris swap out. Time will tell, but it’s hard to be assured there isn’t going to be a new round of hacks in store for the final weeks of the 2024 cam­paign giv­en that prece­dent. Again, Netanyahu got away with it in 2016 and he’s far more des­per­ate in 2024. It’s a recipe for some­thing big enough to reset the pres­i­den­tial race in Don­ald Trump’s direc­tion.

    So with that grow­ing prospect of some sort of renewed round of false flag for­eign elec­tion med­dling in mind, it’s worth tak­ing anoth­er look back at the Octo­ber 2016 Vice Moth­er­board arti­cle where we learned about the incred­i­ble mis­takes seem­ing­ly made by the hack­ers that revealed all the ‘pub­lic clues’ about the broad nature of the mil­i­tary and polit­i­cal indi­vid­u­als and insti­tu­tions tar­get­ed by the hack­ers. Because it was­n’t just that they left their Bit­ly account pub­lic, allow­ing researchers to view thou­sands of Bit­ly links — each one tai­lored for a dif­fer­ent tar­get — but they also had those Bit­ly links point to longer URLs that includ­ed the tar­get’s email address. That’s what allowed inves­ti­ga­tors to rapid­ly assess the nature of the thou­sands of peo­ple tar­get­ed in this hack­ing cam­paign. The hack­ers left the Bit­ly account pub­lic and used non-short­ened links that includ­ed the tar­get’s email address. And thanks to those ‘mis­takes’, the hack­ers hand­ed inves­ti­ga­tors around the world ‘pub­lic clues’ scream­ing ‘we are hack­ers who real­ly don’t like the West and prob­a­bly work for a gov­ern­ment’:

    Vice Moth­er­board

    How Hack­ers Broke Into John Podes­ta and Col­in Powell’s Gmail Accounts

    New evi­dence proves Russ­ian hack­ers were behind the hack on Podes­ta, con­nect­ing the dots on dif­fer­ent parts of the com­plex hack­ing cam­paign.

    by Loren­zo Franceschi-Bic­chierai
    Octo­ber 20, 2016, 8:30am

    On March 19 of this year, Hillary Clin­ton’s cam­paign chair­man John Podes­ta received an alarm­ing email that appeared to come from Google.

    The email, how­ev­er, did­n’t come from the inter­net giant. It was actu­al­ly an attempt to hack into his per­son­al account. In fact, the mes­sage came from a group of hack­ers that secu­ri­ty researchers, as well as the US gov­ern­ment, believe are spies work­ing for the Russ­ian gov­ern­ment. At the time, how­ev­er, Podes­ta did­n’t know any of this, and he clicked on the mali­cious link con­tained in the email, giv­ing hack­ers access to his account.

    Months lat­er, on Octo­ber 9, Wik­iLeaks began pub­lish­ing thou­sands of Podesta’s hacked emails. Almost every­one imme­di­ate­ly point­ed the fin­ger at Rus­sia, who is sus­pect­ed of being behind a long and sophis­ti­cat­ed hack­ing cam­paign that has the appar­ent goal of influ­enc­ing the upcom­ing US elec­tions. But there was no pub­lic evi­dence prov­ing the same group that tar­get­ed the Demo­c­ra­t­ic Nation­al Com­mit­tee was behind the hack on Podesta—until now.

    The data link­ing a group of Russ­ian hackers—known as Fan­cy Bear, APT28, or Sofacy—to the hack on Podes­ta is also yet anoth­er piece in a grow­ing heap of evi­dence point­ing toward the Krem­lin. And it also shows a clear thread between appar­ent­ly sep­a­rate and inde­pen­dent leaks that have appeared on a web­site called DC Leaks, such as that of Col­in Pow­ell’s emails; and the Podes­ta leak, which was pub­li­cized on Wik­iLeaks.

    All these hacks were done using the same tool: mali­cious short URLs hid­den in fake Gmail mes­sages. And those URLs, accord­ing to a secu­ri­ty firm that’s tracked them for a year, were cre­at­ed with Bit­ly account linked to a domain under the con­trol of Fan­cy Bear.

    THE TRAIL THAT LEADS TO FANCY BEAR

    The phish­ing email that Podes­ta received on March 19 con­tained a URL, cre­at­ed with the pop­u­lar Bit­ly short­en­ing ser­vice, point­ing to a longer URL that, to an untrained eye, looked like a Google link.

    Inside that long URL, there’s a 30-char­ac­ter string that looks like gib­ber­ish but is actu­al­ly the encod­ed Gmail address of John Podes­ta. Accord­ing to Bit­ly’s own sta­tis­tics, that link, which has nev­er been pub­lished, was clicked two times in March.

    ...

    That link is only one of almost 9,000 links Fan­cy Bear used to tar­get almost 4,000 indi­vid­u­als from Octo­ber 2015 to May 2016. Each one of these URLs con­tained the email and name of the actu­al tar­get. The hack­ers cre­at­ed them with with two Bit­ly accounts in their con­trol, but for­got to set those accounts to pri­vate, accord­ing to Secure­Works, a secu­ri­ty firm that’s been track­ing Fan­cy Bear for the last year.

    Secure­Works was track­ing known Fan­cy Bear com­mand and con­trol domains. One of these lead to a Bit­ly short­link, which led to the Bit­ly account, which led to the thou­sands of Bit­ly URLs that were lat­er con­nect­ed to a vari­ety of attacks, includ­ing on the Clin­ton cam­paign. With this priv­i­leged point of view, for exam­ple, the researchers saw Fan­cy Bear using 213 short links tar­get­ing 108 email address­es on the hillaryclinton.com domain, as the com­pa­ny explained in a some­what over­looked report ear­li­er this sum­mer, and as Buz­zFeed report­ed last week.

    Using Bit­ly allowed “third par­ties to see their entire cam­paign includ­ing all their tar­gets— some­thing you’d want to keep secret,” Tom Finney, a researcher at Secure­Works, told Moth­er­board.

    It was one of Fan­cy Bear’s “gravest mis­takes,” as Thomas Rid, a pro­fes­sor at King’s Col­lege who has close­ly stud­ied the case, put it in a new piece pub­lished on Thurs­day in Esquire, as it gave researchers unprece­dent­ed vis­i­bil­i­ty into the activ­i­ties of Fan­cy Bear, link­ing dif­fer­ent parts of its larg­er cam­paign togeth­er.

    This is how researchers have been able to find the phish­ing link that tricked Col­in Pow­ell and got him hacked. This also allowed them to con­firm oth­er pub­lic reports of com­pro­mis­es, such as that of William Rine­hart, a staffer with Clin­ton’s pres­i­den­tial cam­paign. As The Smok­ing Gun report­ed in August, Rine­hart received a mali­cious Google secu­ri­ty alert on March 22, accord­ing to a screen­shot Rine­hart shared with the site. Secure­Works found a URL that had Rine­hart’s Gmail address encod­ed, which had the same date.

    Sim­i­lar mali­cious emails and short URLs have also been used recent­ly against inde­pen­dent jour­nal­ists from Belling­cat, a web­site that has inves­ti­gat­ed the inci­dent of the shoot­down of Malaysian Air­lines Flight 17 (MH17) over Ukraine in 2014, find­ing evi­dence that Russ­ian-backed rebels were behind it.

    ...

    These mali­cious emails, just like the ones used against Podes­ta, Pow­ell, Rine­hart and many oth­ers, looked like Google alerts, and con­tained the same type of encod­ed strings hid­ing the vic­tims’ names.

    It’s unclear why the hack­ers used the encod­ed strings, which effec­tive­ly reveal their tar­gets to any­one. Kyle Ehmke, a threat intel­li­gence researcher at secu­ri­ty firm Threat­Con­nect, argued that “the strings might help them keep track of or bet­ter orga­nize their oper­a­tions, tai­lor cre­den­tial har­vest­ing pages to spe­cif­ic vic­tims, mon­i­tor the effec­tive­ness of their oper­a­tions, or dif­fuse their oper­a­tions against var­i­ous tar­gets across sev­er­al URLs to facil­i­tate con­ti­nu­ity should one of the URLs be dis­cov­ered.”

    The use of pop­u­lar link short­en­ing ser­vices such as Bit­ly or Tinyurl might have a sim­pler expla­na­tion. Accord­ing to Rid, the hack­ers prob­a­bly want­ed to make sure their phish­ing attempts went past their tar­gets’ spam fil­ters.

    THE SMOKING GUN?

    None of this new data con­sti­tutes a smok­ing gun that can clear­ly frame Rus­sia as the cul­prit behind the almost unprece­dent­ed hack­ing cam­paign that has hit the DNC and sev­er­al oth­er tar­gets some­what con­nect­ed to the US pres­i­den­tial elec­tion.

    Almost two weeks ago, the US gov­ern­ment took the rare step of pub­licly point­ing the fin­ger at the Russ­ian gov­ern­ment, accus­ing it of direct­ing the recent string of hacks and data breach­es. The intel­li­gence com­mu­ni­ty declined to explain how they reached their con­clu­sion, and it’s fair to assume they have data no one else can see.

    This new­ly uncov­ered data paints an even clear­er pic­ture for the pub­lic, show­ing a cred­i­ble link between the sev­er­al leak­ing out­lets cho­sen by the hack­ers, and, once again, point­ing toward Fan­cy Bear, a noto­ri­ous hack­ing group that’s wide­ly believed to be con­nect­ed with the Russ­ian gov­ern­ment. While there are still naysay­ers, includ­ing pres­i­den­tial can­di­date and for­mer real­i­ty TV star Don­ald Trump, for many, the debate over who hacked the DNC, and who’s behind all this hack­ing, is pret­ty much closed.

    “We are approach­ing the point in this case where there are only two rea­sons for why peo­ple say there’s no good evi­dence,” Rid told me. “The first rea­son is because they don’t under­stand the evidence—because the don’t have the nec­es­sary tech­ni­cal knowl­edge. The sec­ond rea­son is they don’t want to under­stand the evi­dence.”

    ...

    ———–

    “How Hack­ers Broke Into John Podes­ta and Col­in Powell’s Gmail Accounts” by Loren­zo Franceschi-Bic­chierai; Vice Moth­er­board; 10/20/2016

    “All these hacks were done using the same tool: mali­cious short URLs hid­den in fake Gmail mes­sages. And those URLs, accord­ing to a secu­ri­ty firm that’s tracked them for a year, were cre­at­ed with Bit­ly account linked to a domain under the con­trol of Fan­cy Bear.”

    Fan­cy Bear was appar­ent­ly oper­at­ing in a man­ner that just allowed secu­ri­ty researchers to open­ly mon­i­tor their hack­ing cam­paign tar­gets. And in the case of Secure­Works, which claimed at the time to have been track­ing Fan­cy Bear for a year at that point. But it was­n’t just leav­ing the Bit­ly account pub­lic. That ‘mis­take’ alone would­n’t have revealed the iden­ti­ties of their hack­ing tar­gets. The hack­ers also chose to encode that iden­ti­ty infor­ma­tion in eas­i­ly decod­ed char­ac­ter strings that were part of short­en-links Bit­ly was obscur­ing. So it sounds like once inves­ti­ga­tors found the pub­lic Bit­ly account they could track in real time who was being tar­get­ed, which itself is a remark­able admis­sion. Also note that it was­n’t one Bit­ly account that the hack­ers for­got to set to pri­vate. It was two Bit­ly accounts:

    ...
    Months lat­er, on Octo­ber 9, Wik­iLeaks began pub­lish­ing thou­sands of Podesta’s hacked emails. Almost every­one imme­di­ate­ly point­ed the fin­ger at Rus­sia, who is sus­pect­ed of being behind a long and sophis­ti­cat­ed hack­ing cam­paign that has the appar­ent goal of influ­enc­ing the upcom­ing US elec­tions. But there was no pub­lic evi­dence prov­ing the same group that tar­get­ed the Demo­c­ra­t­ic Nation­al Com­mit­tee was behind the hack on Podesta—until now.

    ...

    The phish­ing email that Podes­ta received on March 19 con­tained a URL, cre­at­ed with the pop­u­lar Bit­ly short­en­ing ser­vice, point­ing to a longer URL that, to an untrained eye, looked like a Google link.

    Inside that long URL, there’s a 30-char­ac­ter string that looks like gib­ber­ish but is actu­al­ly the encod­ed Gmail address of John Podes­ta. Accord­ing to Bit­ly’s own sta­tis­tics, that link, which has nev­er been pub­lished, was clicked two times in March.

    ...

    That link is only one of almost 9,000 links Fan­cy Bear used to tar­get almost 4,000 indi­vid­u­als from Octo­ber 2015 to May 2016. Each one of these URLs con­tained the email and name of the actu­al tar­get. The hack­ers cre­at­ed them with with two Bit­ly accounts in their con­trol, but for­got to set those accounts to pri­vate, accord­ing to Secure­Works, a secu­ri­ty firm that’s been track­ing Fan­cy Bear for the last year.

    ...

    The use of pop­u­lar link short­en­ing ser­vices such as Bit­ly or Tinyurl might have a sim­pler expla­na­tion. Accord­ing to Rid, the hack­ers prob­a­bly want­ed to make sure their phish­ing attempts went past their tar­gets’ spam fil­ters.
    ...

    So what’s the expla­na­tion for these incred­i­ble ‘mis­takes’? Well, we’re just told that leav­ing the Bit­ly account pub­lic was just a pure mis­take. But one researcher sug­gest­ed the deci­sion to use encod­ed strings reveal­ing the iden­ti­ties of the tar­gets “might help them keep track of or bet­ter orga­nize their oper­a­tions, tai­lor cre­den­tial har­vest­ing pages to spe­cif­ic vic­tims, mon­i­tor the effec­tive­ness of their oper­a­tions, or dif­fuse their oper­a­tions against var­i­ous tar­gets across sev­er­al URLs to facil­i­tate con­ti­nu­ity should one of the URLs be dis­cov­ered.” In oth­er words, the hack­ers were appar­ent­ly super lazy. Keep in mind that there was absolute­ly noth­ing pre­vent­ing these hack­ers from using ran­dom­ly gen­er­at­ed strings tied to an inter­nal data­base of con­tact infor­ma­tion on the tar­gets. But they decid­ed to use the strings that direct­ly encod­ed their tar­gets’ names and emails. But also keep in mind that this ‘mis­take’ was mas­sive­ly com­pound­ed by the ‘mis­take’ of leav­ing the Bit­ly account pub­lic. Each mis­take, alone, was dam­ag­ing to the oper­a­tion but not a dis­as­ter. Tak­en togeth­er, and it was enough ‘pub­lic evi­dence’ to allow researchers and reporters to con­fi­dent­ly tout ‘it was Rus­sia!’:

    ...
    Using Bit­ly allowed “third par­ties to see their entire cam­paign includ­ing all their tar­gets— some­thing you’d want to keep secret,” Tom Finney, a researcher at Secure­Works, told Moth­er­board.

    It was one of Fan­cy Bear’s “gravest mis­takes,” as Thomas Rid, a pro­fes­sor at King’s Col­lege who has close­ly stud­ied the case, put it in a new piece pub­lished on Thurs­day in Esquire, as it gave researchers unprece­dent­ed vis­i­bil­i­ty into the activ­i­ties of Fan­cy Bear, link­ing dif­fer­ent parts of its larg­er cam­paign togeth­er.

    ...

    It’s unclear why the hack­ers used the encod­ed strings, which effec­tive­ly reveal their tar­gets to any­one. Kyle Ehmke, a threat intel­li­gence researcher at secu­ri­ty firm Threat­Con­nect, argued that “the strings might help them keep track of or bet­ter orga­nize their oper­a­tions, tai­lor cre­den­tial har­vest­ing pages to spe­cif­ic vic­tims, mon­i­tor the effec­tive­ness of their oper­a­tions, or dif­fuse their oper­a­tions against var­i­ous tar­gets across sev­er­al URLs to facil­i­tate con­ti­nu­ity should one of the URLs be dis­cov­ered.”

    ...

    And yet, note this admis­sion we also get in the arti­cle: none of the evi­dence revealed by the pub­lic Bit­ly account serves as a clear smok­ing gun it was a Russ­ian gov­ern­ment oper­a­tion. Instead, we are told how it’s fair to assume that the US intel­li­gence com­mu­ni­ty’s con­clu­sion that it was Rus­sia was based on evi­dence that can’t be revealed. And yet, as we just saw in the about inter­view of Michael van Land­ing­ham, it was these ‘pub­lic clues’ that Van Land­ing­ham kept refer­ring to in mak­ing his case. The secret evi­dence every­one assumed exists does­n’t appear to actu­al­ly exist. Or at least we have yet to hear about it:

    ...
    None of this new data con­sti­tutes a smok­ing gun that can clear­ly frame Rus­sia as the cul­prit behind the almost unprece­dent­ed hack­ing cam­paign that has hit the DNC and sev­er­al oth­er tar­gets some­what con­nect­ed to the US pres­i­den­tial elec­tion.

    Almost two weeks ago, the US gov­ern­ment took the rare step of pub­licly point­ing the fin­ger at the Russ­ian gov­ern­ment, accus­ing it of direct­ing the recent string of hacks and data breach­es. The intel­li­gence com­mu­ni­ty declined to explain how they reached their con­clu­sion, and it’s fair to assume they have data no one else can see.
    ...

    Now, regard­ing that claim by Secure­Works that they had been mon­i­tor­ing Fan­cy Bear for a year at that point and were observ­ing Fan­cy Bear’s Bit­ly accounts, keep in mind that Secure­Works also claimed they were mon­i­tor­ing Fan­cy Bear’s Bit­ly account over that peri­od and watched the cre­ation of these links “in real time”. Beyond that, they could see how often those links were click, observ­ing how at least 4 peo­ple at the DNC clicked on these spearphish­ing links at the time. So there was appar­ent­ly a secu­ri­ty firm watch­ing not just the cre­ation of these spearphish­ing links tar­get­ing the DNC in real time but also watched how those links were being clicked:

    Buz­zfeed News

    Meet Fan­cy Bear, The Russ­ian Group Hack­ing The US Elec­tion

    For the first time in his­to­ry, Wash­ing­ton has accused a for­eign gov­ern­ment of try­ing to inter­fere with the US elec­tion. Sheera Frenkel inves­ti­gates the Russ­ian hack­ing group at the fore­front of that claim — and finds they’ve been prac­tic­ing for this moment for a long time.

    Sheera Frenkel
    Buz­zFeed News World Cor­re­spon­dent
    Post­ed on Octo­ber 15, 2016 at 9:41 am

    SAN FRANCISCO — On the morn­ing of March 10, nine days after Hillary Clin­ton had won big on Super Tues­day and all but clinched the Demo­c­ra­t­ic nom­i­na­tion, a series of emails were sent to the most senior mem­bers of her cam­paign.

    At a glance, they looked like a stan­dard mes­sage from Google, ask­ing that users click a link to review recent sus­pi­cious activ­i­ty on their Gmail accounts. Click­ing on them would lead to a page that looked near­ly iden­ti­cal to Gmail’s pass­word reset page with a prompt to sign in. Unless they were look­ing close­ly at the URL in their address bar, there was very lit­tle to set off alarm bells.

    ...

    From March 10, 2016, emails appear­ing to come from Google were sent to 108 mem­bers of Demo­c­ra­t­ic pres­i­den­tial nom­i­nee Hillary Clinton’s cam­paign, and anoth­er 20 peo­ple from the Demo­c­ra­t­ic Nation­al Con­ven­tion (DNC), accord­ing to research pub­lished by the cyber­se­cu­ri­ty firm Secure­Works. They found the emails by trac­ing the mali­cious URLs set up by Fan­cy Bear using Bit­ly, the same ser­vice used to tar­get Belling­cat. Fan­cy Bear had set the URL they sent out to read accoounts-google.com, rather than the offi­cial Google URL, accounts.google.com. Dozens of peo­ple were fooled.

    “We were mon­i­tor­ing bit.ly and saw the accounts being cre­at­ed in real time,” said Phil Bur­dette, a senior secu­ri­ty researcher at Secure­Works, explain­ing how they stum­bled upon the URLs set up by Fan­cy Bear. Bit­ly also keeps data on when a link is clicked, which allowed Bur­dette to deter­mine that of the 108 email address­es tar­get­ed at the Clin­ton cam­paign, 20 peo­ple clicked on the links (at least four peo­ple clicked the link more than once). At the DNC, 16 email address­es were tar­get­ed, and 4 peo­ple clicked on them.

    “They did a great job with cap­tur­ing the look and feel of Google,” said Bur­dette, who added that unless a per­son was pay­ing clear atten­tion to the URL or noticed that the site was not HTTPS secure, they would like­ly not notice the dif­fer­ence.

    ...

    ———-

    “Meet Fan­cy Bear, The Russ­ian Group Hack­ing The US Elec­tion” by Sheera Frenkel; Buz­zfeed News; 10/15/2016

    “We were mon­i­tor­ing bit.ly and saw the accounts being cre­at­ed in real time,” said Phil Bur­dette, a senior secu­ri­ty researcher at Secure­Works, explain­ing how they stum­bled upon the URLs set up by Fan­cy Bear. Bit­ly also keeps data on when a link is clicked, which allowed Bur­dette to deter­mine that of the 108 email address­es tar­get­ed at the Clin­ton cam­paign, 20 peo­ple clicked on the links (at least four peo­ple clicked the link more than once). At the DNC, 16 email address­es were tar­get­ed, and 4 peo­ple clicked on them.

    Secure­Works was watch­ing the cre­ation of the Bit­ly accounts “in real time” and could pre­sum­ably watch all the links they were cre­at­ing in real time too. And then they got to watch as the ‘hit coun­ters’ on the links start­ed rack­ing up clicks. Include four peo­ple at the DNC and four peo­ple on the Clin­ton cam­paign. This is also a good time to recall how the FBI report­ed­ly warned the DNC back in Sep­tem­ber of 2015 that they had been hacked, but those warn­ings were appar­ent­ly ignored until March of 2016. A whole lot of peo­ple were watch­ing these hacks play out in real time, it would seem.

    We’ll see if there are any major dig­i­tal dis­rup­tions to impact the 2024 race. There’s plen­ty of time left. So try not to be sur­prised when ‘Russia/China/Iran/North Korea’ decides to stage a major dis­rup­tion and the cul­prits gets caught by inves­ti­ga­tors from all the pub­lic evi­dence left behind thanks to an incred­i­ble series of high­ly reveal­ing mis­takes that just hap­pened to pub­lic point to a one of these pre­ferred cul­prits.

    Posted by Pterrafractyl | July 31, 2024, 6:04 pm

Post a comment