Christopher Steele Probably Saved Carter Page from Prosecution

/59 Comments/in , /by

As I laid out a few weeks ago, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.

As you no doubt know, the government released the Carter Page FISA materials in response to a slew of FOIAs for it. I’m still at HOPE conference, so will do a quick impression, and follow-up later in the week with real analysis.

I believe that Christopher Steele and his shitty disinformation dossier likely saved Carter Page from being prosecuted. I say that because the four FISA applications strongly suggest that the FBI had reason independent of the dossier to believe Page was happily serving as an agent of Russia, including new information in renewals. Nevertheless, it’s clear that a significant portion of the initial application did rely on Steele.

To be clear, I think most of the treatment of Steele is perfectly appropriate. As I’ve said before, FISA applications rely on a range of human sources, including informants and contractors like Steele. For each, the FBI will assess the source’s credibility, weighing things like his bias or personal animosity and past reliability. The applications did this at length for Steele, noting that he had an established history of quality reporting, explaining that he used subsources for his reporting, describing that this information came as part of politically motivated research, admitting that in follow-up Steele expressed real desperation about Trump, and describing how Steele got cut off for sharing information with the press. Four Republican judges assessed all this and approved these orders, and that seems like a reasonable judgment.

I increasingly believe the Russians started feeding Steele disinformation from the very beginning of his project. So this would represent a case where a previously reliable consultant had, in this instance, proven totally unreliable.  That happens, I’m sure.

The problem, however, is that the FBI couldn’t figure out that the Michael Isikoff report was based on the Steele dossier, something Isikoff has admitted. While the way they use the Isikoff report isn’t about validating the intelligence, it nevertheless should have been scrutinized closely enough to understand it might be downstream of Steele. I’ve laid part of this out here (and I’ll probably flesh out this discussion later when there aren’t hackers to hang out with).

Because of how the government apparently uses FISA reauthorizations, this defect remained in the reauthorizations, even as FBI admitted the problems associated with Steele. That doesn’t mean FBI didn’t have a slew of other reasons to wiretap Page. They obviously were obtaining useful intelligence off the wiretap. I can think of several criminal defendants who had what are surely more problematic stuff in their FISA application, who nevertheless had information downstream of that FISA application used in a prosecution against them. So thus far, it simply reflects what happens when you discover intelligence you had every reason to believe was reliable turned out not to be.

Ideally, however, once it became clear the dossier was a problem, they should have done something like submit a fresh application laying out all the other evidence that led the FBI to believe Page is a happy Russian asset. Not all of the stuff is fruit of the Steele tree (and as I’ve noted repeatedly, virtually none of the most important parts of what I know of the Mueller investigation is fruit of the Page wiretapping).

But that didn’t happen. So everything will now be treated as fruit of a stupid dossier, meaning none of it will be admissible in court. And that, I suspect, means that Page will never be prosecuted in spite of what appears to be a whole bunch of redacted information showing ongoing efforts to help Russia.

Indeed, I suspect that’s why the Steele defenders have fought so hard to claim the dossier has been corroborated: because if it were, then it might still be cool to go after Page, but because so little of it has been corroborated, that likely will never happen.

Three Things: Still Active Measures

/51 Comments/in , , /by

[Note the byline. This post contains some speculative content. / ~Rayne]

Whether counter-arguments or conspiracy theories, it’s interesting how certain narratives are pushed when tensions rise. But are they really theories or conditioning? And if conditioning, could other media infrastructure changes create more successful conditioning?

~ 3 ~

In an interview with Fox News post-Helsinki summit, Vladmir Putin made a point of blaming the Democratic Party for “manipulations of their party.”

…“The idea was about hacking an email account of a Democratic candidate. Was it some rigging of facts? Was it some forgery of facts? That’s the important thing that I am trying to — point that I’m trying to make. Was this — any false information planted? No. It wasn’t.”

The hackers, he said, entered “a certain email account and there was information about manipulations conducted within the Democratic Party to incline the process in favor of one candidate.” …

Have to give Putin props for sticking with a game plan — increase friction within the American left and fragment Democratic Party support to the benefit of Trump and the Republican Party at the polls and ultimately Putin himself if sanctions are lifted. Christopher Steele indicated in the Trump-Russia dossier that the Kremlin was using active measures to this effect in 2016 to widen the divide between Sanders and Clinton supporters; apparently left-splitting active measures continue.

But this is only part of an attack on the Democratic Party; another narrative undermines both the DNC and the FBI by questioning the investigation into the DNC’s hacking. Why didn’t the FBI take possession of the server itself rather than settle for an image of the system? A key technical reason is that any RAM-resident malware used by hackers will disappear into the ether if the machine is turned off; other digital footprints found only in RAM memory would likewise disappear. “The server” isn’t one machine with a single hard drive, either, but 140 devices — some of which were cloud-based. Not exactly something the FBI can power down and take back to a forensic lab with ease, especially during the hottest part of a campaign season.

But these points are never effectively made as a counter narrative, though some have tried with explainers, and certainly not featured in broadcast or cable news programs. The doubt is left to hang in the public’s consciousness, conditioning them to question FBI’s competence and the validity of their investigative work.

If Putin is still using active measures to divide Democratic Party voters, is it possible this narrative about the hacked DNC server is also an ongoing active measure? What if the active measure isn’t meant to undermine the FBI by questioning its actions? What if instead the lingering doubt is intended to shape future investigations into hacked materials which may also rely on server images rather than physical possession of the hardware? What if this active measure is pre-crime, intended to tamper with future evidence collection?

~ 2 ~

I’d begun drafting this post more than a week ago, but came to a halt when FCC chair Ajit Pai did something surprisingly uncorrupt by putting the brakes on the Sinclair-Tribune merger.

Sinclair Broadcast Group is a propaganda outlet masquerading as a broadcast media company. The mandatory airing of Boris Epsteyn’s program across all Sinclair stations offers evidence of Sinclair’s true raison d’etre; Epsteyn is a Russian-born former GOP political strategist who has been responsible for messaging in both the McCain-Palin campaign and the Trump administration, including the egregious 2017 Holocaust Remembrance Day statement which omitted any mention of Jews. The mandatory statement Sinclair management forced its TV stations to air earlier this year about “fake news” is yet another. The forced ubiquity and uniformity of messaging is a new element at Sinclair, which already had a history of right-wing messaging including the attempt to run a Kerry-bashing political movie to “swiftboat” the candidate just before the 2004 elections.

Sinclair and Tribune Media announced a proposed acquisition deal last May. If approved, the completed acquisition would give Sinclair access to 72% of U.S. homes — an insanely large percentage of the local broadcast TV market effectively creating a monopoly. There was bipartisan Congressional pushback about this deal because of this perceived potential monopoly.

FCC’s Ajit Pai wanted to relax regulations covering UHF stations — they would be counted as less than a full VHF station and therefore appear to reduce ownership of marketshare. Democrats protested this move as it offered Sinclair unfavorable advantage when evaluating stations it would acquire or be forced to sell during its Tribune acquisition.

Fortunately, Pai had “serious concerns” about the Sinclair-Tribune deal:

We have no idea to which administrative judge this deal may be handed, let alone their sentiments on media consolidation. We don’t know if this judge might be Trump-friendly and rule in favor of Sinclair, taking this horror off Ajit Pai’s back — which might be the real reason Pai punted after his egregious handling of net neutrality and the pummeling he’s received for it, including the hacking of the FCC’s comments leading up to his decision to end Obama-era net neutrality regulations and subsequent “misleading” statements to the media about the hack. New York State is currently investigating misuse of NY residents’ identities in the hack; one might wonder if Pai is worried about any personal exposure arising from this investigation.

BUT WAIT…the reason I started this post began not in New York but in the UK, after reading that Remain turnout may have been suppressed by news reports about “travel chaos,” bad weather, and long lines at the polls. Had the traditional media played a role in shaping turnout with its reporting?

I went looking for similar reports in the U.S. — and yes, news reports of long lines may have discouraged hundreds of thousands of voters in Florida in 2012. This wasn’t the only location with such reports in the U.S. during the last three general elections; minority voters are also far more likely to experience these waits than voters in majority white areas.

Probabilistic reports about a candidate’s win/loss may also suppress turnout, according to a Pew Research study.

Think about low-income voters who can’t afford cable TV or broadband internet, or live in a rural location where cable TV and broadband internet isn’t available. What news source are they likely to rely upon for news about candidates and voting, especially local polling places?

Hello, local broadcast network television station.

Imagine how voter turnout could be manipulated with reports of long lines and not-quite-accurate probabilistic reports about candidates and initiatives.

Imagine how a nationwide vote could be manipulated by a mandatory company-wide series of reports across a system of broadcast TV stations accessing 72% of U.S. homes.

How else might a media company with monopolistic access to American households condition the public’s response to issues?

~ 1 ~

There was all kinds of hullabaloo about the intersection of retiring Justice Anthony Kennedy, his son Justin, and Justin’s employment at Deutsche Bank at the same time DB extended financing to Donald Trump. It looks bad on the face of it.

And of course one prominent defense-cum-fact-check portrays Justin’s relationship to DB’s loans to Trump as merely administrative:

The extent to which Kennedy worked with Trump on this loan, or possibly on other Deutsche Bank matters, is unclear. “In that role, as the trader, he would have no contact with Trump … unless Eric [Schwartz] was trying to get Justin in front of Trump for schmoozing reasons,” Offit said, adding that he had recently spoken with former colleagues at the bank about Kennedy’s work.

Seems odd there has been little note made of Jared Kushner’s relationship with LNR Partners LLC — a company which Manta says has only 17 employees — and its subsidiary LNR Property which financed the Kushner 666 Fifth Avenue property in 2012. There was a report in Medium and another on DailyKos but little note made in mainstream news media.

I’m sure it’s just a coincidence that along with his business partner, Justin Kennedy was named 26th on the 50 Most Important People in Commercial Real Estate Finance in 2013 by the Commercial Observer — a publication of Observer Media, then owned by Jared Kushner.

I wonder what Justin’s rank was on this list while he worked at Deutsche Bank (also with current business partner Toby Cobb).

How odd this deal and the relationship wasn’t defended. I guess it’s just coincidence all the amphibians and reptiles know each other well in the swamp.

~ 0 ~

Let’s not forget:

587 Puerto Rican homes still don’t have electricity.

All asylum seeking families haven’t been reunited. Children may still be in danger due to poor care and lack of adequate tracking. As of yesterday only 364 children of more than 2500 torn from their families were reunited.

Treat this as an open thread.

The Government May Keep Paul Manafort’s iPods (in Part) Because of the June 9 Emails

/118 Comments/in , /by

As I laid out a few weeks ago, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Judge Amy Berman Jackson has finally weighed in whether Paul Manafort gets the eight iPods the government seized from him back. Unsurprisingly, she has ruled that the July 2017 search of Manafort’s Alexandria condo was properly authorized. Better still, she has ordered the parties carry out a discussion that may lead us to learn whether the seven or eight iPods I’ve been obsessing about contain any interesting evidence; she has ordered the government to return any devices that don’t include evidence covered by the warrant by August 17.

ABJ’s order is interesting for two reasons. First, because redacted sections of the order must refer to the June 9 meeting that is described in the warrant but for which the sections of the supporting affidavit are entirely redacted.

One of those sections describes email the government had already obtained that it used to justify its request to obtain electronic devices.

The redacted language almost certainly describes the emails about the June 9 meeting.

We know the government had already obtained emails pertaining to the June 9 meeting because Don Jr had already leaked them for all the world to see by the time of the search. But we also know that Don Jr, at least, was hiding Manafort’s side of the communication (the campaign would have provided Manafort’s side to Mueller’s team when they provided it to Congress).

So while it’s all redacted, one of the things ABJ uses to justify the search and seizure of Manafort’s iPods are almost certainly emails relating to the June 9 meeting, including whatever details noted OpSec wizard Paul Manafort included but which Don Jr recognized retrospectively would be damning.

ABJ goes to the trouble of ruling proper the seizure of the iPods, which might include records pertaining to the crimes in question, specifically.

Deliciously, because Manafort has bitched so much about his iPods, ABJ ordered a status report describing whether any seized devices (but not imaged) fall outside the scope of the warrant.

So we’re going to learn by August 17 (if things don’t come to a head before then) whether Manafort has specific disputes about whether these iPods were used to commit any of the crimes he is suspected of, including conspiring with Russians to steal the election.

How to Charge Americans in Conspiracies with Russian Spies?

/104 Comments/in , /by

As I laid out a few weeks ago, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

In general, Jack Goldsmith and I have long agreed about the problems with charging nation-state spies in the United States. So I read with great interest his post laying out “Uncomfortable Questions in the Wake of Russia Indictment 2.0 and Trump’s Press Conference With Putin.” Among other larger normative points, Goldsmith asks two questions. First, does indicting 12 GRU officers in the US expose our own nation-state hackers to be criminally prosecuted in other countries?

This is not a claim about the relative moral merits of the two countries’ cyber intrusions; it is simply a claim that each side unequivocally breaks the laws of the other in its cyber-espionage activities.

How will the United States respond when Russia and China and Iran start naming and indicting U.S. officials?  Maybe the United States thinks its concealment techniques are so good that the type of detailed attribution it made against the Russians is infeasible.  (The Shadow Brokers revealed the identities of specific NSA operators, so even if the National Security Agency is great at concealment as a matter of tradecraft that is no protection against an insider threat.)  Maybe Russia and China and Iran won’t bother indicting U.S. officials unless and until the indictments actually materialize into a trial, which they likely never will.  But what is the answer in principle?  And what is the U.S. policy (if any) that is being communicated to military and civilian operators who face this threat?  What is the U.S. government response to former NSA official Jake Williams, who worked in Tailored Access Operations and who presumably spoke for many others at NSA when he said that “charging military/gov hackers is dumb and WILL eventually hurt the US”?

And, how would any focus on WikiLeaks expose journalists in the United States to risks of prosecution themselves.

There is a lot of anger against WikiLeaks and a lot of support for indicting Julian Assange and others related to WikiLeaks for their part in publishing the information stolen by the Russians.  If Mueller goes in this direction, he will need to be very careful not to indict Assange for something U.S. journalists do every day.  U.S. newspapers publish information stolen via digital means all the time.  They also openly solicit such information through SecureDrop portals.  Some will say that Assange and others at WikiLeaks can be prosecuted without threatening “real journalists” by charging a conspiracy to steal and share stolen information. I am not at all sure such an indictment wouldn’t apply to many American journalists who actively aid leakers of classified information.

I hope to come back to the second point. As a journalist who had a working relationship with someone she came to believe had a role in the attack, I have thought about and discussed the topic with most, if not all, the lawyers I consulted on my way to sitting down with the FBI.

For the moment, though, I want to focus on Goldsmith’s first point, one I’ve made in the past repeatedly. If we start indicting uniformed military intelligence officers — or even contractors, like the trolls at Internet Research Agency might be deemed — do we put the freedom of movement of people like Jake Williams at risk? Normally, I’d absolutely agree with Goldsmith and Williams.

But as someone who has already written extensively about the ConFraudUs backbone that Robert Mueller has built into his cases, I want to argue this is an exception.

As I’ve noted previously, while Rod Rosenstein emphasized that the Internet Research Agency indictment included no allegations that Americans knowingly conspired with Russians, it nevertheless did describe three Americans whose activities in response to being contacted by Russian trolls remain inconclusive.

Rod Rosenstein was quite clear: “There is no allegation in the indictment that any American was a knowing participant in the alleged unlawful activity.” That said, there are three (presumed) Americans who, both the indictment and subsequent reporting make clear, are treated differently in the indictment than all the other Americans cited as innocent people duped by Russians: Campaign Official 1, Campaign Official 2, and Campaign Official 3. We know, from CNN’s coverage of Harry Miller’s role in building a cage to be used in a fake “jailed Hillary” stunt, that at least some other people described in the indictment were interviewed — in his case, for six hours! — by the FBI. But no one else is named using the convention to indicate those not indicted but perhaps more involved in the operation. Furthermore, the indictment doesn’t actually describe what action (if any) these three Trump campaign officials took after being contacted by trolls emailing under false names.

On approximately the same day, Defendants and their co-conspirators used the email address of a false U.S. persona, [email protected], to send an email to Campaign Official 1 at that donaldtrump.com email account, which read in part:

Hello [Campaign Official 1], [w]e are organizing a state-wide event in Florida on August, 20 to support Mr. Trump. Let us introduce ourselves first. “Being Patriotic” is a grassroots conservative online movement trying to unite people offline. . . . [W]e gained a huge lot of followers and decided to somehow help Mr. Trump get elected. You know, simple yelling on the Internet is not enough. There should be real action. We organized rallies in New York before. Now we’re focusing on purple states such as Florida.

The email also identified thirteen “confirmed locations” in Florida for the rallies and requested the campaign provide “assistance in each location.”

[snip]

Defendants and their co-conspirators used the false U.S. persona [email protected] account to send an email to Campaign Official 2 at that donaldtrump.com email account.

[snip]

On or about August 20, 2016, Defendants and their co-conspirators used the “Matt Skiber” Facebook account to contact Campaign Official 3.

Again, the DOJ convention of naming makes it clear these people have not been charged with anything. But we know from other Mueller indictments that those specifically named (which include the slew of Trump campaign officials named in the George Papadopoulos plea, KT McFarland and Jared Kushner in the Flynn plea, Kilimnik in the Van der Zwaan plea, and the various companies and foreign leaders that did Manafort’s bidding, including the Podesta Group and Mercury Public Affairs in his indictment) may be the next step in the investigation.

In the GRU indictment, non US person WikiLeaks is given the equivalent treatment.

On or about June 22, 2016, Organization I sent a private message to Guccifer 2.0 to “[s]end any new material [stolen from the DNC] here for us to review and it will have a much higher impact than what you are doing.” On or about July 6, 2016, Organization 1 added, “if you have anything hillary related we want it in the next tweo [sic] days prefable [sic] because the DNC [DemocraticNationalConvention] is approaching and she Will solidify bernie supporters behind her after.” The Conspirators responded,“0k . . . i see.” Organization I explained,“we think trump has only a 25% chance of winning against hillary . . . so conflict between bernie and hillary is interesting.”

But the activities of other American citizens — most notably Roger Stone and Donald Trump — are discussed obliquely, even if they’re not referred to using the standard of someone still under investigation. Here’s the Roger Stone passage.

On or aboutAugust 15,2016, the Conspirators,posing as Guccifer 2.0,wrote to a person who was in regular contact with senior members of the presidential campaign of Donald J. Trump, “thank u for writing back. . . do u find anyt[h]ing interesting in the docs i posted?” On or about August 17, 2016, the Conspirators added, “please tell me if i can help u anyhow . . . it would be a great pleasureto me.” On or about September 9, 2016,the Conspirators, again posing as Guccifer 2.0, referred to a stolen DCCC document posted online and asked the person, “what do u think of the info on the turnout model for the democrats entire presidential campaign.” The person responded,“[p]retty standard.”

The Trump one, of course, pertains to the response GRU hackers appear to have made when he asked for Russia to find Hillary’s emails on July 27.

For example, on or about July 27, 2016, the Conspirators attempted after hours to spearphish for the first time email accounts at a domain hosted by a third‑party provider and used by Clinton’s personal office. At or around the same time, they also targeted seventy‐six email addresses at the domain for the Clinton Campaign.

Finally, there is yesterday’s Mariia Butina complaint, which charges her as an unregistered Russian spy and describes Aleksandr Torshin as her boss, but which also describes the extensive and seemingly willful cooperation with Paul Erickson and another American, as well as with the RNC and NRA. Here’s one of the Americans, for example, telling Butina that her Russian bosses should take the advice he had given her about which Americans she needed to meet.

If you were to sit down with your special friends and make a list of ALL the most important contacts you could find in America for a time when the political situation between the U.S. and Russia will change, you could NOT do better than the list that I just emailed you. NO one — certainly not the “official” Russian Federation public relations representative in New York — could build a better list.

[snip]

All that you friends need to know is that meetings with the names on MY list would not be possible without the unknown names in your “business card” notebook. Keep them focused on who you are NOW able to meet, NOT the people you have ALREADY met.

Particularly as someone whose communications (including, but not limited to, that text) stand a decent chance of being quoted in an indictment in the foreseeable future, let me be very clear: none of these people have been accused of any wrong-doing.

But they do suggest a universe of people who have attracted investigative scrutiny, both by Mueller and by NSD, as willing co-conspirators with Russian spies.

Granted, there are three different kinds of Russian spies included in these three documents:

  • Uniformed military intelligence officers working from Moscow
  • Civilian employees who might be considered intelligence contractors working from St. Petersburg (though with three reconnaissance trips to the US included)
  • Butina and Torshin, both of whom probably committed visa fraud to engage as unregistered spies in the US

We have a specific crime for the latter (and, probably, the reconnaissance trips to the US by IRA employees), and if any of the US persons and entities in Butina’s indictment are deemed to have willingly joined her conspiracy, they might easily be charged as well. Eventually, I’m certain, Mueller will move to start naming Americans (besides Paul Manafort and Rick Gates) in conspiracy indictments, including ones involving Russian spies operating from Russia (like Konstantin Kilimnik). It seems necessary to include the Russians in some charging documents, because otherwise you’ll never be able to lay out the willful participation of everyone, Russian and American, in the charging documents naming the Americans.

So while I generally agree with Goldsmith and Williams, this case, where we’re clearly discussing a conspiracy between Russian spies — operating both from the US and from Russia (and other countries), wearing uniforms and civilian clothing –and Americans, it seems important to include them in charging documents somewhere.

How Russian Spies Cultivated the NRA and National Prayer Breakfast to Seek Republican Assets

/162 Comments/in /by

DOJ just announced the arrest, over the weekend, of gun rights activist Maria Butina for conspiracy to spy for Russia. (complaint, affidavit)

The affidavit explains how, between March 2015 (when she expected the GOP would “likely obtain control over the U.S. government after the 2016 elections”) and 2017, Butina worked with Aleksandr Torshin and two US persons to cultivate Republicans and lay the groundwork for warmer relations between Republicans and Russia. She focused on the NRA, she explained, because “the NRA [is] the largest sponsor of the elections in the US congress.”

The person listed as USP 1 (who has been named but I’ll wait for confirmation) laid out precisely how she should pitch herself — not too critical of Obama, pretense that there was a post-Putin world on the horizon — and gave her all the introductions to friendly types she might need.

The end of the narrative laid out in the complaint describes meticulous details around the National Prayer Breakfast last year, on February 2, 2017. Trump very nearly met with Torshin at the meeting, only pulling out at the last minute.

I’ll have more to say about this indictment (there’s a bunch of screen caps on my Twitter feed). But understand that this indictment is not even part of the Mueller probe. Nevertheless, several parts of it get two degrees away from Trump and his spawn.

At Helsinki Summit, Putin Re-enacts the June 9 Trump Tower Meeting

/192 Comments/in , /by

As I laid out last week, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

I know there are a lot of people who aren’t as convinced as I am that a clear agreement was reached between Trump’s top aides and Putin’s emissaries at the June 9, 2016 Trump Tower meeting. For doubters, however, Vladimir Putin just re-enacted the meeting on the world stage at the Helsinki summit.

On top of the denials, from both sides, of Russian tampering in the election (and both sides’ embrace of a joint cybersecurity working group), that re-enactment came in three ways.

First, when asked whether Russia tampered in our election, Putin issued a line that was sort of a non-sequitur, asserting that, “I was an intelligence officer myself. And I do know how dossiers are made of.” The line — a reference both to the Steele dossier and Putin’s more damaging kompromat on Trump — is pregnant with meaning (and probably was planned). When asked, later, whether he had any compromising information on Trump or his family, Putin said, “Now to kompromat. I did hear these allegations that we collected kompromat when he was in Moscow. I didn’t even know he was in Moscow.”

This is a reference to the pee tape, allegedly taped when he put on Miss Universe in Russia in 2013. But it’s premised on a claim about which there is sworn counter-evidence in the US. Rob Goldstone — the guy who set up the June 9 meeting — described how Putin not only knew Trump was in Moscow, but was still trying to fit in a meeting with him.

And it went down to the wire. It was on the day of the contest itself that maybe around 4:00 in the afternoon Emin called a few of us into a conference room at Crocus, and his Dad, Aras, was there. And we were told that a call was coming in through from a Mr. Peskov, who I know to be Dmitry Peskov, who I believe is a spokesman for Mr . Putin, and there’d be an answer. And the answer I think, as I may have stated the last time I saw you, was that due to the lateness o f the newly crowned King of Holland who’d been delayed in traffic, whether air or road traffic, Mr. Putin would not be able to meet with Mr. Trump. However, he invited him to Sochi, to the Olympics, and said he’d be happy to meet him here or at any future time. And that’s how it was left, so there would be not meeting taking place.

So not only did Putin lie about whether there could be a pee tape (I don’t think there is one, but I think the 2013 involves compromise in another way), but did so in a way that invoked the Agalrovs as Trump’s handlers going back years.

And did you notice that he never denied having kompromat?

Then, in a response to one of the questions about Putin’s tampering in the election, after he suggested that he’d be willing to have Mueller come to Russia to question the GRU officers who hacked Hillary, he demanded similar cooperation on his legal issues. He then raised Bill Browder (who is no longer a US citizen), complaining that

For instance, we can bring up Mr. Browder in this particular case. Business associates of Mr. Browder have earned over $1.5 million [sic] in Russia. They never paid any taxes, neither in Russia nor in the United States. And yet the money escaped the country, they [sic] were transferred to the United States. They sent huge amount of money, $400 million, as a contribution to the campaign of Hillary Clinton.

Aside from being muddled, both in Putin’s delivery and the translation, this is precisely the dangle that Natalia Veselnitskaya used to get into Trump’s campaign back in 2016 to ask to have the Magnitsky sanctions overturned.

This was simply Putin laying out his receipts of Trump’s compromise on the world stage.

There’s one other area where Putin simply showed off how badly he has compromised the President. His prepared talks emphasized cooperation on Syria, claiming it “could be first showcase example of joint work.” As I have noted, that has been the operative plan since less than 15 hours after polls closed in November 2016. And it was known by someone who played a significant role in the Russian attack.

This meeting, then, is just Putin collecting on the receipts collected back on June 9, 2016.

Dragons Caught in the Crossfire: On the Genealogy of the Current and Future Mueller Investigation

/146 Comments/in , /by

As I laid out last week, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Lawfare has one of the best summaries of the Russian hack indictment on Friday. It does an excellent job of laying out what the indictment shows technically and legally. But I really wish it didn’t start with this passage.

This was the investigation over which the president of the United States fired James Comey as FBI director.

This is the investigation Comey confirmed on March 20, 2017, when he told Congress, “I have been authorized by the Department of Justice to confirm that the FBI, as part of our counterintelligence mission, is investigating the Russian government’s efforts to interfere in the 2016 presidential election.”

This was also the investigation that multiple congressional committees have spent more than a year seeking to discredit—most recently Thursday, when two House panels hauled the former deputy assistant director of the FBI’s Counterintelligence Department, Peter Strzok, a career FBI agent who worked on the Russia probe, up to Capitol Hill for 10 hours of public, televised, abusive conspiracy theorizing. When the president of the United States derides the Mueller investigation as a “witch hunt,” and when congressional Republicans scream at FBI agents, this is the investigation they are trying to harass out of existence.

I get the sentiment. I get criticizing Republicans for attacking the “Mueller probe” (or whatever you want to call it). I’ve criticized the Republicans for doing that myself. But it is assuredly not the case that Friday’s indictment is the “investigation over which the president of the United States fired James Comey as FBI director” or the investigation Comey confirmed in March of 2017.

The investigation that resulted in Friday’s indictment is, rather, the result of investigations conducted primarily in San Francisco and Pittsburgh. At the time Comey confirmed the counterintelligence investigation into Trump’s camp and at the time Comey got fired for not shutting the Trump counterintelligence investigation down, those San Francisco and Pittsburgh investigations were totally separate. Those two investigations almost certainly had little if any involvement from Peter Strzok (indeed, they involved a bunch of FBI cyber agents, a division of FBI that Strzok never tired of mocking in his texts to Lisa Page). The DOJ press release from Friday states that explicitly.

This case was investigated with the help of the FBI’s cyber teams in Pittsburgh, Philadelphia and San Francisco and the National Security Division.

Those two investigations (plus the separate one noted in Philadelphia that started later, as I understand it from what a lawyer who represented a witness in that investigation described to me) got moved under the Mueller umbrella sometime in or just before November, and now the GRU officer part of the investigation will be moved back to Pittsburgh where it started, to languish forever like some other nation-state hacker indictments investigated by Western District of Pennsylvania.

There are several reasons, besides exactitude, I’m harping on this point.

First, House Republicans, working in tandem with the President, have made the CI investigation Comey confirmed the end-all and be-all of the investigation, a way of simplifying it so as to villainize and discredit it. An entire stable of right wing journalists and members of Congress are trying to discredit something in the early stages of the investigation — whether it’s the inclusion of the Steele dossier among other evidence to obtain a FISA order on long-time suspected Russian asset Carter Page, the use of a lifelong Republican operative to conduct interviews in the least intrusive way, or the fact that even as he was losing the fight to investigate aggressively, Peter Strzok shared a widespread belief that Trump was not fit to be President. They believe that if they can do so, they can claim everything downstream of those actions is tainted. They’re doing so even while launching conspiracies off of stories that clearly show the existence of four counterintelligence investigations focused on the Russian operation, just one of which is known to have targeted Trump’s people.

“Crossfire Hurricane” was one of the code names for four separate investigations the FBI conducted related to Russia matters in the 2016 election.

“At a minimum, that keeps the hurry the F up pressure on him,” Strzok emailed Page on Oct. 14, 2016, less than four weeks before Election Day.

Four days later the same team was emailing about rushing to get approval for another FISA warrant for another Russia-related investigation code-named “Dragon.”

The GOP is literally bitching that the FBI was expediting FISA applications targeted at likely Russian targets during an ongoing Russian attack.

It is important to show how each of these attacks on the CI investigation into Trump is bullshit.

  • It is common to use information from consultants like Steele or paid informants in FISA applications. Their credibility is measured, in significant part, based on past credibility. And whatever you think about the impropriety of using oppo research (as DOJ also did with Clinton Cash) and whatever the likelihood that in this case Steele’s intelligence network got fed disinformation, it is the case that in 2016, Steele’s track record with the DOJ was far more reliable than a host of other consultants that presumably get included in FISA applications.
  • The FBI is permitted to use human informants at the assessment level (and when Stefan Halper interviewed Papadopoulos, it appears to have been a full investigation), and using a Republican operative like Halper to question George Papadopoulos was both less likely to affect the election in any way, and legally less dangerous for Papadopoulos than an undercover FBI officer would have been.
  • Strzok definitely believed Trump was unfit to be President, but (as I noted), he fought to use more aggressive investigative methods with both Hillary and Trump, and he lost that fight both times.

Ultimately, when you ask people wielding these complaints as if they’re a big deal what investigative steps against Page (after he left the campaign) or Papadopoulos (when he remained on it) would have been acceptable, they start to scramble, because (and I say this as someone who exposed herself to significant FBI scrutiny by going to them as a witness) these were reasonable steps to take. And the other favorite suggestion — that Trump would have responded to a defensive briefing — ignores that Trump hired Mike Flynn as his National Security Advisor even after President Obama gave him far more explicit warnings about the counterintelligence concerns about Flynn at the time.

At some point, GOP hoaxsters have to commit to whether they think it is legitimate to investigate suspected Russian spies or not, and if so how.

It is equally important to note that — as is demonstrably the case both with the GRU indictment rolled out Friday and with the information I provided — there is a ton of really damning evidence that never touched Peter Strzok. As I explained the other day, you can put information I provided to a team that had nothing to do with the Mueller team at the time I spoke to them, together with several other pieces of information Mueller obtained via other means (some of it was public!), and get right to the question of Trump conspiring with Russians to win the election.

Treating a range of investigations as only one investigation plays into the Trump game of discrediting an overly simplistic caricature of the investigation.

The other reason those covering the Russian investigation should be far more careful with what the investigation consisted of over time is, without understanding where the investigation came from, you can’t understand where the investigation is going. There have been a slew of reports reading dockets and citing anonymous DOJ and Trump sources. Some show an awareness of why prosecutors get added to dockets in particular cases. Others completely ignore things that are in the public record.

It is my well-educated opinion that we’re seeing several things with recent developments. First, where possible, Mueller is handing off things (the Concord Management and GRU hack prosecutions) that don’t need to be politically protected. He has also handed off issues (the Cohen search) that don’t relate directly to conspiring with Russians, even while any prosecution there could result in cooperation on the conspiracy case; though note, Mueller’s reported investigation of inauguration funding would also implicate Cohen. I suspect, eventually, he’ll hand off things that amount to garden variety corruption, as distinct from graft tied directly to the election money laundering.

But when reports say Mueller is preparing to wrap it up, I suspect the reality is Mueller is close to taking steps that will lay out a case for conspiracies with Russia involving people very close to Trump, which will make it much harder for Trump to refuse an interview without putting himself at risk to be indicted personally. Those steps will show what a farce six months of Trump-planted stories emphasizing a focus on obstruction have been. That prosecution Mueller’s team will see through, I imagine, not least because that’s precisely why he included four appellate specialists on his team, including Solicitor General star lawyer Michael Dreeben.

Update: Tweaked the San Francisco/Pittsburgh discussion because it was confusing several people.

Timeline

June 15, 2016: Likely start date for FBI investigation into hack of DNC/DCCC (the genesis for Friday’s indictment)

July 31, 2016: Peter Strzok opens up Operation Crossfire

October 21, 2016: Carter Page FISA approved

January 12, 2017: Carter Page FISA reauthorized

February 18, 2017: Reuters describes a tripartite division of investigation, with DNC hack investigation in Pittsburgh, Guccifer 2.0 investigation in San Francisco, and Trump CI investigation in DC

Early April, 2017: Carter Page FISA reauthorized

May 2017: I learn of Philadelphia investigation targeted in some way at Guccifer 2.0

May 17, 2017: Rod Rosenstein appoints Robert Mueller to take over Operation Crossfire

June 29, 2017: Carter Page FISA reauthorized

August 2, 2017: Mueller investigation includes, at a minimum, George Papadopoulos obstruction, Paul Manafort graft, collusion (including June 9 meeting), and obstruction

October 5, 2017: Papadopoulos pleads guilty (waiving venue)

Mid-October, 2017: Technical witness preparing for interview with Mueller’s team

October 30, 2017: Papadopoulos guilty plea unsealed

Early November, 2017: Mueller adds cyber prosecutor Ryan Dickey

November 2, 2017: WSJ reports DOJ will prosecute GRU hackers, reports that Pittsburgh, San Francisco, Philadelphia, along with DC remain in charge of investigation

December 1, 2017: Mike Flynn pleads guilty

February 12, 2018: Richard Pinedo pleads guilty, waives venue

February 16, 2018: Internet Research Agency (Concord Management) indictment

February 20, 2018: Alex van der Zwaan pleads guilty

February 22, 2018: Paul Manafort indicted in EDVA, refuses to waive venue

March 1, 2018: NBC reports that Mueller — not main DOJ — will prosecute GRU hackers

April 9, 2018: Michael Cohen searches executed by SDNY; SDNY investigation, covering taxi medallion fraud and hush money payments, is likely just part of his criminal exposure

May 3, 2018: Mueller adds Uzo Asonye to EDVA team prosecuting Paul Manafort at request of Judge TS Ellis

June 22, 2018: Mueller brings in DOJ team to prosecute Concord Management, freeing up tech-focused Mueller prosecutors

July 13, 2018: Mueller indicts GRU hackers, sends prosecution back to Pittsburgh

As the Summit Arrives, Keep in Mind that Putin Manages Trump with Carrots and Sticks

/96 Comments/in , , /by

As I laid out last week, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

In my post revealing that I went to the FBI with information about someone who played a significant role in Russia’s attack on US elections, I revealed that the person sent me a text less than 15 hours after polls closed indicating Trump had ordered Mike Flynn to start working on Syrian issues.

Both Jared Kushner’s public statement and Mike Flynn’s anonymous confidant’s comments corroborate that Trump focused on Syria immediately after the election. I have taken from that that conceding to Russian plans to leave Bashar al-Assad in place is one of the payoffs Trump owed Putin for help winning the election.

For that reason, I want to look at the Shadow Brokers Don’t Forget Your  Base post, posted on April 9, 2017, just three days after Trump retaliated against Syria for a chemical weapons attack on civilians. It was the first post after Shadow Brokers had announced he was going away on January 12 (which, I now realize, was the day after the Seychelles meeting set up a back channel with Russia through Erik Prince). It preceded by days the Lost in Translation post, which released powerful NSA hacking tools that would lead directly to the WannaCry malware attack in May. And while the Don’t Forget Your Base post did release files, it was mostly about messaging.

That messaging included a bunch of things. Among other things (such as that Trump shouldn’t have fired Steve Bannon and should refocus on his racist domestic policies), the post argues that Trump should just own up to Russia helping Trump win the election.

Your Supporters:

  • Don’t care what is written in the NYT, Washington Post, or any newspaper, so just ignore it.
  • Don’t care if you swapped wives with Mr Putin, double down on it, “Putin is not just my firend he is my BFF”.
  • Don’t care if the election was hacked or rigged, celebrate it “so what if I did, what are you going to do about it”.

It talks about what the people who got Trump elected expect.

The peoples whose voted for you, voted against the Republican Party, the party that tried to destroying your character in the primaries. The peoples who voted for you, voted against the Democrat Party, the party that hates, mocks, and laughs at you. Without the support of the peoples who voted for you, what do you think will be happening to your Presidency? Without the support of the people who voted for you, do you think you’ll be still making America great again?

It claims that embracing Russian foreign policy will make America great.

TheShadowBrokers isn’t not fans of Russia or Putin but “The enemy of my enemy is my friend.” We recognize Americans’ having more in common with Russians than Chinese or Globalist or Socialist. Russia and Putin are nationalist and enemies of the Globalist, examples: NATO encroachment and Ukraine conflict. Therefore Russia and Putin are being best allies until the common enemies are defeated and America is great again.

And it argues (in a thoroughly muddled description of what happened) that Trump shouldn’t have bombed Syria.

Respectfully, what the fuck are you doing? TheShadowBrokers voted for you. TheShadowBrokers supports you. TheShadowBrokers is losing faith in you. Mr. Trump helping theshadowbrokers, helping you. Is appearing you are abandoning “your base”, “the movement”, and the peoples who getting you elected.

Good Evidence:

#1 — Goldman Sach (TheGlobalists) and Military Industrial Intelligence Complex (MIIC) cabinet
#2 — Backtracked on Obamacare
#3 — Attacked the Freedom Causcus (TheMovement)
#4 — Removed Bannon from the NSC
#5 — Increased U.S. involvement in a foreign war (Syria Strike)

[snip]

Because from theshadowbrokers seat is looking really bad. If you made deal(s) be telling the peoples about them, peoples is appreciating transparency. But what kind of deal can be resulting in chemical weapons used in Syria, Mr. Bannon’s removal from the NSC, US military strike on Syria, and successful vote for SCOTUS without change rules?

[snip]

Mr Trump, we getting it. You having special empathy for father whose daughter is killed. We know this is root cause for anti-illegal immigrant policy. Illegal immigrant shoot man’s daughter in San Francisco. Now is Syrian man daughter killed by chemical gas. We agree its needless tragedy. But tragedies happening everyday and wars endangers all the children not just Syrian.

There is, admittedly, a lot going on here, even ignoring that it sounds like a batshit insane rant.

But is also that case that Shadow Brokers had gone away in the transition period. And then shortly after Trump bombed Syria, he came back, and very quickly released tools he had threatened to release during the transition period. The release of those tools did significant damage to the NSA (and its relations with Microsoft and other US tech companies) and led directly to one of the most damaging malware attacks in history.

It is my opinion that Russia manages Trump with both carrots — in the form of election year assistance and promises of graft — and sticks — in this case, in the form of grave damage to US security and to innocent people around the world.

And Trump is poised to head into a meeting with Vladimir Putin on Monday — showing no embarrassment about the proof laid out yesterday that without Putin, Trump wouldn’t have won the election — to discuss (among other things) a deal on Syria.

Meanwhile, Trump’s own Director of National Intelligence, Dan Coats, says the lights are blinking red like they were in advance of 9/11.

Director of National Intelligence Dan Coats raised the alarm on growing cyberattack threats against the United States, saying the situation is at a “critical point” and coming out forcefully against Russia.

“The warning signs are there. The system is blinking. It is why I believe we are at a critical point,” Coats said, addressing the Hudson Institute in Washington, DC, on Friday.

“Today, the digital infrastructure that serves this country is literally under attack,” he said.
Coats compared the “warning signs” to those the United States faced ahead of the September 11 terrorist attacks.

Rather than doing the things to prepare for an attack, Trump has virtually stood down, firing his very competent cyber czar and providing no order to take more assertive steps to prepare for an attack.

This is why I came forward two weeks ago to talk about how quickly someone involved in the election attack learned of Trump’s policy shift on Syria. I believe Trump is cornered — has allowed himself to be cornered. And in spite of everything, Trump is prepared to go alone into a meeting on Monday with Vladimir Putin — the guy wielding both carrots and sticks against Trump — and make a deal.

Everyone is worried that Putin might release a pee tape. I think what Putin holds over Trump may be far more serious. And if something happens, know that there’s good reason to believe Trump brought it on the country himself, willingly.

Yesterday, Roger Stone Answered, then Backtracked, on a Question Mueller Has Already Posed to Trump

/43 Comments/in , , /by

As I laid out last week, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Contrary to Trump’s squeals about the hack indictment yesterday, it’s utterly damning for him. It shows:

  • Russian hackers responded to his plea for more Hillary emails by targeting her office that same day
  • Trump’s lifelong political advisor, Roger Stone, was described directly communicating with a GRU-run persona
  • Stone’s own advisor on these matters, then Breitbart and current Sputnik journalist Lee Stranahan, asked for and obtained files from the same GRU-run persona
  • GRU stole Hillary’s analytics in September, the heart of the general election, and did … the indictment doesn’t say what GRU did with the data
  • The same GRU persona made available information helping some of Trump’s most vocal defenders in Congress, ones he has discussed pushback strategies with on Air Force One

Like my own testimony, because this investigation started in Pittsburgh, and only later got moved under Mueller sometime last fall (I know one key witness who was about to speak to prosecutors when I saw him in October), it minimally overlaps with Peter Strzok’s involvement in the case, if at all.

In this post, I want to look at the second bullet: Roger Stone.

Since Stone got described in an indictment of those who helped Trump win the election, he has  (as is his habit) provided conflicting explanations, first suggesting it wasn’t him, then suggesting it couldn’t be him because he wasn’t “a person who was in regular contact with senior members of the presidential campaign of Donald J. Trump,” as the indictment described.

My contact with the campaign in 2016 was Donald Trump. I was not in regular contact with campaign officials.

Only, this morning (as Ryan Goodman noted), Stone has changed his tune, admitting that he did talk to Trump campaign officials and probably is the person described in the indictment who said all the things he said in his DMs to Guccifer 2.0.

I certainly acknowledge that I was in touch with Trump campaign officials.

Here’s why Stone’s changing story about whether he only spoke with Trump or in fact spoke with other campaign officials. Among the questions (as interpreted by Jay Sekulow) that Mueller has already posed to Trump is this one:

What did you know about communication between Roger Stone, his associates, Julian Assange or Wikileaks?

Mueller wants to know how much of Stone’s discussions with election operation participants Trump knew about. And Stone’s first instinct when seeing himself mentioned in an indictment of those participants was to say he only spoke to Trump.

I guess it’s clear why he’s backtracking from that.

The Russian Hack

/158 Comments/in , /by

As I laid out last week, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Mueller’s team just announced (and announced the transfer, as I predicted) of the Russian hack indictment, naming 12 GRU officers for the hack of the Hillary campaign, the DNC, and the DCCC. This will be a working thread.

Rod Rosenstein, as he did with the Internet Research Agency, made clear there are no Americans named in this indictment (and that those who interacted with Guccifer 2.0 and DC Leaks did not know they were interacting with Russians). That said, here are some of the interesting nods in it.

Other known conspirators

The indictment names 12 officers — and (as conspiracy cases often do) — persons known and unknown to the Grand Jury.

Hillary’s campaign targeted more aggressively than previously reported

This is a detail I’ve known for quite some time: Hillary’s campaign actually faced far more persistent hacking threats than previously known. Of absolutely critical importance, the indictment makes it clear that GRU hackers spear-phished Hillary’s personal office on July 27, after Donald Trump asked Russia to find her emails.

For example, on or about July 27, 2016, the Conspirators attempted after hours to spearphish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton’s personal office. At or around the same time, they also targeted seventy-six email addresses at the domain for the Clinton Campaign.

I know a key witness in that part of the hack has been waiting to share his story (he’s quite happy this is finally out), so expect far more details on the targeting of the Hillary campaign itself, rather than just the DNC and DCCC, in coming days.

Wikileaks

The indictment doesn’t name Wikileaks, but alleges that Guccifer 2.0 released additional stolen documents through a website maintained by “Organization 1.” There’s an entire section on communications between Guccifer 2.0 and Wikileaks (starting on page 17). Among other things it quotes Wikileaks as saying on July 6,

if you have anything hillary related we want it in the next tweo [sic] days prefabl [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after.

This makes it clear that WikiLeaks was not only working directly with Guccifer 2.0, but doing so in ways that would antagonize Bernie-supporting progressives.

Cryptocurrency

The computer infrastructure (including computers in the US) here was paid for by cryptocurrency, not via payments laundered through the embassy (one of several claims about funding made in the Steele dossier).

May through June 2016

The indictment names Ivan Sergeyovich Yermakov as the person who hacked into the DNC email server and stole the emails released via WikiLeaks. This hack date is critical to the timing of the narrative. The emails exfiltrated and provided to Wikileaks were stolen from May 25 through June 1.

Note, too, the indictment says hackers remained in the DNC computers through June.

Servers

The hackers used a server in AZ but then ran that through a server “overseas.” The hackers leased a DCCC computer in Illinois. The use of infrastructure within the US suggests much of the hot air around transfer times — one of the key attempts to debunk the hack — is just that, hot air.

Targeted information

The indictment gives the search terms for some of the targeted information. For example, on April 15, 2016, the conspirators searched for Hillary, Cruz, and Trump, as well as “Benghazi investigations.”

It describes a search on a server in Moscow for some of the terms used in the original Guccifer 2.0 post, including “some hundred sheets,” “illuminati,” “think twice about” “company’s competence” (referring to CrowdStrike).

Crowdstrike

The indictment describes Crowdstrike’s efforts to oust the hackers, but notes that a Linux based version of X-Agent remained on DNC’s network until October 2016.

Analytics

I have been saying forever that the easiest way to steal the election would be to steal Hillary’s analytics. The indictment revals that,

In or around September 2016, the Conspirators also successfully gained access to DNC computers hosted on a third-party cloud-computing service. These computers contained test applications related to the DNC’s analytics. After conducting reconnaissance, the Conspirators gathered data by creating backups, or “snapshots,” of the DNC’s cloud-based systems using the cloud provider’s own technology.

The indictment is silent about what happened to this stolen analytics data.

Republicans

The indictment notes that DCLeaks also released emails of Republicans that were hacked in 2015 (though I think it actually included some that were more recent than that).

Alice Donovan

Alice Donovan pitched news articles to various outlets. It was also the name used for DC Leaks’ Facebook account. This name (and a few others in the indictment) connects the hack and leak with the wider disinformation campaign.

Requested Stolen Information

The indictment describes how a candidate for Congress asked for information. I think I know who this is, but need to check.

It describes Guccifer 2.0 providing documents to Aaron Nevins, which I have covered repeatedly.

And it describes a journalist who obtained Black Lives Matters documents. As his DMs make clear, this was then Breitbart and current Sputnik journalist Lee Stranahan.

Stranahan is the journalist who helped Roger Stone write the column claiming that Guccifer 2.0 was an American.

It describes Guccifer 2.0’s interactions with Roger Stone (see paragraph 44).

State and vendor servers

The language describing the efforts to hack state sites, starting on page 25, is very specific, down to the named GRU officer. It describes Kovalev stealing the information of 500,000 voters (this is probably from Illinois).

Note, the indictment describes Kovalev deleting information in response to an FBI alert on the hacks of the state server. It doesn’t say whether he did so in response to public reporting on it.

Timeline

February 1, 2016: gfade147 0.026043 bitcoin transaction

March 2016: Conspirators hack email accounts of volunteers and employees of Hillary campaign, including John Podesta

March 2016: Yermakov spearphishes two accounts that would be leaked to DC Leaks

March 14, 2016 through April 28, 2016: Conspirators use same pool of bitcoin to purchase VPN and lease server in Malaysia

March 15, 2016: Yermakov runs technical query for DNC IP configurations and searches for open source info on DNC network, Dem Party, and Hillary

March 19, 2016: Lukashev spearphish Podesta personal email using john356gh

March 21, 2016: Lukashev steals contents of Podesta’s email account, over 50,000 emails (he is named Victim 3 later in indictment)

March 25, 2016: Lukashev spearphishes Victims 1 (personal email) and 2 using john356gh; their emails later released on DCLeaks

March 28, 2016: Yermakov researched Victims 1 and 2 on social media

April 2016: Kozachek customizes X-Agent

April 2016: Conspirators hack into DCCC and DNC networks, plant X-Agent malware

April 2016: Conspirators plan release of materials stolen from Clinton Campaign, DCCC, and DNC

April 6, 2016: Conspirators create email for fake Clinton Campaign team member to spearphish Clinton campaign; DCCC Employee 1 clicks spearphish link

April 7, 2016: Yermakov runs technical query for DCCC’s internet protocol configurations

April 12, 2016: Conspirators use stolen credentials of DCCC employee to access network; Victim 4 DCCC email victimized

April 14, 2016: Conspirators use X-Agent keylog and screenshot functions to surveil DCCC Employee 1

April 15, 2016: Conspirators search hacked DCCC computer for “hillary,” “cruz,” “trump” and copied “Benghazi investigations” folder

April 15, 2016: Victim 5 DCCC email victimized

April 18, 2016: Conspirators hack into DNC through DCCC using credentials of DCCC employee with access to DNC server; Victim 6 DCCC email victimized

April 19, 2016: Kozachek, Yershov, and co-conspirators remotely configure middle server

April 19, 2016: Conspirators register dcleaks using operational email [email protected]

April 20, 2016: Conspirators direct X-Agent malware on DCCC computers to connect to middle server

April 22, 2016: Conspirators use X-Agent keylog and screenshot function to surveil DCCC Employee 2

April 22, 2016: Conspirators compress oppo research for exfil to server in Illinois

April 26, 2016: George Papadopolous learns Russians are offering election assistance in the form of leaked emails

April 28, 2016: Conspirators use bitcoin associated with Guccifer 2.0 VPN to lease Malaysian server hosting dcleaks.com

April 28, 2016: Conspirators test IL server

May 2016: Yermakov hacks DNC server

May 10, 2016: Victim 7 DNC email victimized

May 13, 2016: Conspirators delete logs from DNC computer

May 25 through June 1, 2016: Conspirators hack DNC Microsoft Exchange Server; Yermakov researches PowerShell commands related to accessing it

May 30, 2016: Malyshev upgrades the AMS (AZ) server, which receives updates from 13 DCCC and DNC computers

May 31, 2016: Yermakov researches Crowdstrike and X-Agent and X-Tunnel malware

June 2016: Conspirators staged and released tens of thousands of stolen emails and documents

June 1, 2016: Conspirators attempt to delete presence on DCCC using CCleaner

June 2, 2016: Victim 2 personal victimized

June 8, 2016: Conspirators launch dcleaks.com, dcleaks Facebook account using Alive Donovan, Jason Scott, and Richard Gingrey IDs, and @dcleaks_ Twitter account, using same computer used for other

June 9, 2016: Don Jr, Paul Manafort, Jared Kushner have meeting expecting dirt from Russians, including Aras Agalarov employee Ike Kaveladze

June 10, 2016: Ike Kaveladze has calls with Russia and NY while still in NYC

June 14, 2016: Conspirators register actblues and redirect DCCC website to actblues

June 14, 2016: WaPo (before noon ET) and Crowdstrike announces DNC hack

June 15, 2016, between 4:19PM and 4:56 PM Moscow Standard Time (9:19 and 9:56 AM ET): Conspirators log into Moscow-based sever and search for words that would end up in first Guccifer 2.0 post, including “some hundred sheets,” “illuminati,” “think twice about company’s competence,” “worldwide known”

June 15, 2016, 7:02PM MST (12:02PM ET): Guccifer 2.0 posts first post

June 15 adn 16, 2016: Ike Kaveladze places roaming calls from Russia, the only ones he places during the extended trip

June 20, 2016: Conspirators delete logs from AMS panel, including login history, attempt to reaccess DCCC using stolen credentials

June 22, 2016: Wikileaks sends a private message to Guccifer 2.0 to “send any new material here for us to review and it will have a much higher impact than what you are doing.”

June 27, 2016: Conspirators contact US reporter, send report password to access nonpublic portion of dcleaks

Late June, 2016: Failed attempts to transfer data to Wikileaks

July, 2016: Kovalev hacks into IL State Board of Elections and steals information on 500,000 voters

July 6, 2016: Conspirators use VPN to log into Guccifer 2.0 account

July 6, 2016: Wikileaks writes Guccifer 2.0 adding, “if you have anything hillary related we want it in the next tweo [sic] days prefabl [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after”

July 6, 2016: Victim 8 personal email victimized

July 14, 2016: Conspirators send WikiLeaks an email with attachment titled wk dnc link1.txt.gpg providing instructions on how to access online archive of stolen DNC documents

July 18, 2016: WikiLeaks confirms it has “the 1Gb or so archive” and would make a release of stolen documents “this week”

July 22, 2016: WikiLeaks releases first dump of 20,000 emails

July 27, 2016: Trump asks Russia for Hillary emails

July 27, 2016: After hours, conspirators attempt to spearphish email accounts at a domain hosted by third party provider and used by Hillary’s personal office, as well as 76 email addresses at Clinton Campaign

August 2016: Kovalev hacks into VR systems

August 15, 2016: Conspirators receive request for stolen documents from candidate for US congress

August 15, 2016: First Guccifer 2.0 exchange with Roger Stone noted

August 22, 2016: Conspirators transfer 2.5 GB of stolen DCCC data to registered FL state lobbyist Aaron Nevins

August 22, 2016: Conspirators send Lee Stranahan Black Lives Matter document

September 2016: Conspirators access DNC computers hosted on cloud service, creating backups of analytics applications

October 2016: Linux version of X-Agent remains on DNC network

October 7, 2016: WikiLeaks releases first set of Podesta emails

October 28, 2016: Kovalev visits counties in GA, IA, and FL to identify vulnerabilities

November 2016: Kovalev uses VR Systems email address to phish FL officials

January 12, 2017: Conspirators falsely claim the intrusions and release of stolen documents have “totally no relation to the Russian government”