Before John Durham’s Originator-1, There Was a Claimed BGP Hijack

/61 Comments/in , , /by

In this post, I described that “Phil,” the guy I went to the FBI about because I suspected he had a role in the Guccifer 2.0 persona, had a role in the Alfa Bank story. As noted, Phil’s provable role in pushing the Alfa Bank story in October 2016 was minor and would have no effect on the false statement charge — for an alleged lie told in September 2016 — against Michael Sussmann. But because of Durham’s sweeping materiality claims, it might have an impact on discovery.

It has to do with the theory that Alfa Bank has about the DNS anomalies, a theory that Durham seems to share: that the data was faked.

As Alfa laid out in its now abandoned John Doe lawsuits, it claims that the anomalous DNS traffic that Michael Sussmann shared with the FBI in September 2016 was faked. The bank appears to believe not just that the data was faked, but that April Lorenzen is involved in some way. For example, it describes that Tea Leaves and “two accomplices” were sources for Franklin Foer (though elsewhere, the lawsuit claims that Tea Leaves was pointed to the data by the unknown John Doe defendants).

Durham seems even more sure that Lorenzen is the culprit. For example, he always refers to the data as “purported.” He refers to Lorenzen as “Originator-1” rather than “Data Scientist-1” or “Tea Leaves,” insinuating she fabricated the data. And when Sussmann asked for all evidence indicating that Durham had bullied witnesses, Durham provided emails involving Lorenzen’s lawyers.

Alfa Bank might be excused for imagining that Lorenzen is the primary culprit to have fabricated the data. According to Krypt3ia, when Alfa asked him for his communications, he only had one email, with a different journalist, to share. They quite clearly don’t understand that someone else was involved in publicizing these claims.

Durham doesn’t have the same excuse.

That’s because DOJ – of which Durham remains a part – knows at least some of the details about “Phil” that I laid out in my last post. Because they would have checked Twitter to vet some of my most basic claims, they almost certainly obtained the Twitter DMs (or at least the metadata) showing that Phil brokered the tie between Krypt3ia and the NYT.

To be clear: I have no evidence that Phil altered the DNS records. I’m agnostic about what caused the anomaly (though am convinced that the experts involved believe the anomaly is real, even if they offer varying explanations for the cause). But Durham has made the source of the anomaly an issue to bolster his claims about materiality. And, as Sussmann noted in a recent filing, “Much as the Special Counsel may now wish to ignore the allegations in the Indictment, he is bound by them.” So, it seems, Durham’s on the hook for telling Sussmann if DOJ knows of anyone else involved in pushing the Alfa Bank story who could be a possible culprit for fabricating the data, especially if that person was known to have clandestinely signed a comment, “Guccifer 2.0.”

Phil probably faked a BGP hijack

The fact that Phil alerted the NYT to the Russian proxy of Lorenzen’s data matters not just because he had, months earlier, claimed to work for an FSB-led company and, even before that, claimed to have been coerced by Russian intelligence at an overseas meeting before the known DNC operation started.

It also matters because (I believe) Phil faked an Internet routing record in the same month the Alfa/Trump/Spectrum anomalies started.

In May 2016, Phil shared what he claimed was a traceroute of a request to my site, an Internet routing record that is different than but related to the DNS records at the heart of the Alfa Bank story. The screencap he sent me purported to show that a request to my site had been routed through (to the best of my memory) some L3 routers in Chicago, to Australia, back to those L3 switches, to my site. Phil was claiming to show me proof that someone had diverted requests to my site overseas along the way – what is known as a BGP hijack. Phil showed this to me in the wake and context of a DDOS attack that had brought my site down for days, an attack which led me to rebuild my site, change hosts, and add Cloudflare DDOS protection.

May 2016, the month Phil showed me what I believe to be a faked traceroute, is the same month the anomalous traffic involving Alfa Bank, Spectrum Health, and a Trump-related server started.

Phil used that traceroute to claim that the US intelligence community was diverting and spying on traffic to my website.

The claim made no sense. The only thing that diverting my traffic would get spies is access to my readers’ metadata, which would be readily accessible via easier means, including with a subpoena to my host provider. Aside from a bunch of drafts that I’ve decided didn’t merit publication, there’s no non-public content on my site. I was not competent (and did not ask others) to assess the validity of the screencap itself, but I considered it unreliable because it didn’t show the query or originating IP address behind the record, which would be needed to test its provenance.

I don’t have that original traceroute (I replaced my phone not long after he sent it). But in June 2016 he shared a reverse DNS look-up related to my site that wasn’t altered but in which Phil invoked the earlier one.

I corrected him in this case – this IP address was readily explainable; it was Cloudflare (which Phil surely knew). But Phil nevertheless repeated his earlier claim that “they” were hijacking my traffic.

When I said that Phil had been tracking how requests to my site worked for some time before he left a comment signed [email protected] in July 2016, this weeks-long exchange is what I was referring to. He had, effectively, been watching as I added Cloudflare protection to my site.

These screencaps show that Phil, who months later would play a role in pushing the Alfa Bank story, was using DNS records — real and possibly faked — as a prop in a false story.

Phil tracked DOD contracts closely

That’s not the only detail that DOJ may know about that Durham should consider before insinuating that Lorenzen is the most likely culprit if this data was fabricated. DOJ may know that Phil tracked DOD contracts very closely. That’s important because it explains how Phil could have learned researchers would be looking closely at DNS records.

For years, I’ve believed that the Alfa-Trump-Spectrum Health effort was disinformation, because so much of what came out that year was and because I viewed the Spectrum Health stuff to be such a reach. My belief it might be disinformation only grew stronger when I discovered the focus on Spectrum Health, with its link to Erik Prince’s sister’s spouse, came just after Prince had asked Roger Stone about his efforts to reach out to WikiLeaks.

Certainly, Putin exploited the allegations afterwards to his advantage. He used them to push Alfa Bank’s Petr Aven to take a primary role in reaching out to Trump during the transition, at least as recounted in the Mueller Report.

According to Aven, at his Q4 2016 one-on-one meeting with Putin,981 Putin raised the prospect that the United States would impose additional sanctions on Russian interests, including sanctions against Aven and/or Alfa-Bank.982 Putin suggested that Aven needed to take steps to protect himself and Alfa-Bank.983

981 At the time of his Q4 2016 meeting with Putin, Aven was generally aware of the press coverage about Russian interference in the U.S. election. According to Aven, he did not discuss that topic with Putin at any point, and Putin did not mention the rationale behind the threat of new sanctions

Aven even used Richard Burt, one of the people scrutinized by the Fusion and DNS research, to reach out to Trump, effectively pursuing precisely the back channel between Alfa and Trump that Fusion suspected months earlier.

The relevant part of Aven’s interview is redacted, so it’s not clear whether Aven mentioned that Alfa Bank had been a key focus of the interference allegations. But that’s the presumptive subtext: along with the Steele dossier, the DNS anomaly – both of which, in several lawsuits since, Aven or Alfa have claimed were “gravely damaging” – raised suspicions about Alfa Bank and made it more likely the bank would be sanctioned than had been the case previously.

And before the bank did get sanctioned last month, Alfa was using the DNS anomaly to conduct a lawfare campaign to learn how the US uses DNS tracking to thwart hacks (one wonders if Putin ordered that campaign, like he personally ordered Aven to reach out to Trump). That campaign even got a bunch of frothy right-wingers to decry efforts to prevent and detect nation-state hacks on the US. So at the very least, Russia has exploited the Alfa-Trump allegations to great benefit, one measure of whether something could be deliberate disinformation.

But as I’ve talked to people who’ve tried to figure out what the anomaly was – including experts who believed it did reflect real communication as well as some who didn’t – they always explained that seeding disinformation in such a fashion would be useless. That’s because you couldn’t ensure that any disinformation you planted would be seen. That is, unlike the Steele dossier, which was being collected by an Oleg Deripaska associate and shared with the press (and for which there’s far more evidence Russia used it to plant disinformation), you could never expect the disinformation to be noisy enough to attract the desired attention.

In the years since the original story, how researchers who found the anomalous data obtained the DNS data has driven a lot of the hostility behind it. The researchers have tried to hide where they got the data for proprietary and cybersecurity reasons. John Durham has alleged there was some legal impropriety behind using it, even when used (as the researchers understood they were doing) to research ongoing nation-state hacks. And Alfa Bank was using lawfare to try to find out as much about the means by which this DNS traffic was observed by cybersecurity experts as possible. The full story of how the researchers accessed the data has yet to be reported, but as I understand it, there’s more complexity to the question than initially made out or than has made it into Durham’s court filings. That complexity would make it even harder to anticipate where DNS researchers were looking. So, multiple experts told me, it would be crazy to imagine anyone would have thought to seed disinformation in DNS records expecting it’d get picked up via those collection points in 2016, because no one would have expected anyone was observing all those collection points.

If a Fancy Bear shits in the DNS woods but there’s no one there to see it, did it really happen?

But there was, in fact, a way to anticipate it might get seen.

As the Sussmann indictment vaguely alluded to and this NYT story laid out in detail, researchers found the DNS anomalies in the context of preparing a bid for a DARPA research contract.

The involvement of the researchers traces back to the spring of 2016. DARPA, the Pentagon’s research funding agency, wanted to commission data scientists to develop the use of so-called DNS logs, records of when servers have prepared to communicate with other servers over the internet, as a tool for hacking investigations.

DARPA identified Georgia Tech as a potential recipient of funding and encouraged researchers there to develop examples. Mr. Antonakakis and Mr. Dagon reached out to Mr. Joffe to gain access to Neustar’s repository of DNS logs, people familiar with the matter said, and began sifting them.

Separately, when the news broke in June 2016 that Russia had hacked the Democratic National Committee’s servers, Mr. Dagon and Ms. Lorenzen began talking at a conference about whether such data might uncover other election-related hacking.

The DOD bidding process provided public notice that DARPA was asking researchers to explore multiple ways, including DNS traffic, to attribute persistent hacking campaigns in real time.

The initial DARPA RFP was posted on April 22, 2016, ten days before the anomalous traffic started but well after the Russian hacking campaign had launched (documents FOIAed by the frothers reveal that the project was under discussion for months before that). This RFP provided a way for anyone who tracked DOD contracts closely to know that people would be looking and the announcement itself included DNS records and network infrastructure among its desired measurements. Depending on the means by which DARPA communicated about the contract, it might also provide a way to find out who would be looking and how and where they would be looking, though as I understand it, the team at Georgia Tech would have been an obvious choice in any case.

Phil tracked DOD contracts very closely. In September 2016, for example, he sent me a text alerting me to a new Dataminr contract just 66 minutes after I published a post about the company (I later wrote up the contract).

Phil also told me, verbally, he was checking what contracts DOD had with one of the US tech companies for which a back door was exposed in summer 2016. He claimed he was doing so to see how badly the government had fucked itself with its failure to disclose the vulnerability. By memory (though I am not certain), I believe it was Juniper Networks, in the wake of the Shadow Brokers release of an NSA exploit targeting the company.

And even on top of Phil’s efforts to convince me that the DNC hack wasn’t done by APT 28, DOJ has other evidence that Phil tracked APT attribution efforts closely, even using official government resources to do so. So it would be unsurprising if he had taken an interest in a contract on APT attribution in real time.

Durham may have access to some or all of this

Durham insinuates the DNS records are faked and he appears to want to blame Lorenzen for faking them. But he may be ignoring evidence in DOJ’s possession that someone else who, I’ve now confirmed, played at least a minor role in pushing the Alfa Bank story was using Internet routing records, possibly faked, to support a false story in May 2016.

To be sure: while I know the investigation into Phil continued at least the better part of a year after my FBI interview about him, any feedback I’ve gotten about that investigation has been deliberately vague. So aside from the obvious things – like the Twitter records that would show Phil’s DMs with Krypt3ia and Nicole Perloth – I can’t be sure what is in DOJ’s possession.

I don’t even know whether the 302 from my FBI interview would mention Phil’s pitch of the Alfa Bank story to me. It was on a list of the things I had intended to describe in that interview. But I didn’t work from the list in the interview itself and I have no affirmative memory of having mentioned it. If I did, it would have amounted to me saying little more than, “he also was pushing the Alfa Bank story.”

That said, unless the FBI agents were epically incompetent, my 302 should mention Alfa Bank, because I’m absolutely certain I raised this post and its emphasis on the inclusion of Alfa Bank in an alarming April 2017 BGP hijack.

And in fact, there’s a way Durham could have found out about Phil’s role in the Alfa Bank story independent of my FBI interview. Of just two people in the US government with whom I shared some of the Alfa Bank-related texts I exchanged with Phil (both were Republicans), one was centrally involved in the investigations that fed into the Durham investigation. If this stuff matters, Durham should ask why several of his key source investigations didn’t focus on it.

Durham should know that Phil had a role in the Alfa Bank story.

And given his insinuations in the indictment that Lorenzen fabricated DNS data in May 2016, making the insinuation part of his materiality claims, Durham may be obligated to tell Michael Sussmann that DOJ already knows of someone who was pushing the Alfa Bank story who used DNS data to tell a false story in May and June 2016.

Share this entry

The Alfa Bank Dark Net at Noon

/23 Comments/in , /by

Before its John Doe nuisance lawsuits got shut down by Vladimir Putin’s invasion of Ukraine, Alfa Bank made several claims that led me to chase down a minor – but potentially important – part of the Alfa Bank story.
Someone totally uninvolved in the Michael Sussman/Fusion/April Lorenzen effort played a role in making their efforts public in 2016: “Phil,” the guy about whom I went to the FBI in 2017. As I told the FBI, I suspected he had played a role in the Guccifer 2.0 and Shadow Brokers operations.

This post will focus on what Alfa Bank got wrong. A follow-up post will look at why, if John Durham made the same error, it may matter for the Michael Sussmann case.

Someone exposes Tea Leaves’ research via Krypt3ia

At issue is this post on the eponymously-named InfoSec blog Krypt3ia. As the post describes, someone tipped Krypt3ia off to a WordPress site and a purported i2p site (also called an “eepsite”) that laid out a version of the claims that Michael Sussmann had shared with the FBI and the NYT in September 2016.

Those claims are at the heart of the false statement charge against Sussmann.

Along with the basic allegations about weird DNS look-ups between servers from Alfa Bank and Spectrum Health and a Trump marketing server, those sites also revealed that after the NYT called Alfa Bank for comment about the DNS anomaly in September 2016, the Trump DNS address changed. This is the digital equivalent of someone changing their phone number after discovering they were being surveilled. The seeming response by Trump to the NYT call to Alfa for comment has always been regarded as the smoking gun showing human acknowledgement of the communications (a report from Alfa Bank attempted, unpersuasively, to contest that).

By connecting to a Russian-hosted proxy service, the Krypt3ia post about all this added an element of Russian mystery to the story. But that’s it. The post offered no other new content.

The Krypt3ia post is more important for the function it played than its content. Krypt3ia’s post served to make the contents of a publicly available but difficult to find i2p site – believed to be created by data scientist April Lorenzen, but written under the pseudonym Tea Leaves – accessible.

In response to tips from source(s) of his, Krypt3ia focused attention on a series of communications, none tied in his post to a then-identified person. First, someone alerted him to the WordPress site. That site spoke of Tea Leaves as a third person; there was never a pretense that it was Tea Leaves or Lorenzen. Krypt3ia learned of that WordPress site because someone approached Krypt3ia, purportedly asking for help finding an incomplete i2p address listed in the post.

I caught wind of the site when someone asked me to look at an i2p address that they couldn’t figure out and once I began to read the sites [sic] claims I thought this would be an interesting post.

That tip led Krypt3ia to find what was actually a proxy allowing access to a real i2p site – the one that injected an air of Russian mystery to the story.

First off, the i2p address in the WordPress site is wrong from the start. Once I dug around I found that the real address was gdd.i2p.xyz which is actually a site hosted on a server in Moscow on Marosnet.

That led Krypt3ia to ask whether anyone at NYT wanted to verify the claim that Trump Organization seemingly took action after NYT called Alfa.

I also have to wonder about this whole allegation that a NYT reporter asked about this.

Say, any of you NYT’s people out there care to respond?

Ask and you shall receive! Someone–as I lay out below, I have confirmed that this was “Phil”–put Krypt3ia in touch with a NYT reporter.

First off, someone in my feed put me in touch with the NYT and a reporter has confirmed to me that what the site says about NYT reaching out and asking about the connections, then the connections going bye bye is in fact true.

[snip]

The biggest takeaway is that the NYT confirmed that they asked the question and shit happened. They are still looking into it.

In an update, someone purporting to be Tea Leaves responded to Krypt3ia via an untraceable Tutanota email account, and in response, Krypt3ia posed a bunch of questions, only to get no answer. That non-answer was a key reason why Krypt3ia later treated the allegations as a fraud – an opinion that Alfa Bank, at least, used to bolster their own claims of fraud.

As Krypt3ia mused in real time, it seemed that the entire point of the tips he was receiving was focusing attention on the allegations themselves. Except, if your goal was to release a story that might swing an election, it was a really weird way of doing so.

One does wonder though just who might be trying this tac to attempt to cause Donny trouble. It seems a half assed attempt at best or perhaps they were not finished with it yet.. But then why the tip off email to someone who then got in touch with me? Someone I spoke to about this alluded to maybe that was the plan, for me to blog about this from the start..

[snip]

I have to say it though, these guys are trying to get the word out but in a strange way. I mean this eepsite is now hosted in Czechoslovakia, staying with the Baltic flavor but why not broadcast this more openly? Why does the WordPress site have the wrong address to start and then the other eepsite disappears after a little poking and prodding?

There are at least four unattributed or unattributable communications that appeared in this post: an email to someone who, in turn, got in touch with Krypt3ia; a tip about the WordPress site (presumably from the person who got the email) and through it to the i2p gateway; the contact with the unnamed NYT reporter; and the email from someone claiming to be Tea Leaves via a service that made it impossible to prove it was the person who originally adopted that pseudonym.

Notably, this all happened between October 5, 2016 – before the Podesta drop and the DHS attribution of the DNC hack to Russia – and the days after it. Krypt3ia was checking out the i2p proxy on October 7, at 3:08PM ET – less than half an hour before DHS would release an unprecedented attribution statement, followed shortly by the Access Hollywood video, followed shortly by the first Podesta email drop. Krypt3ia wrote his post the following day.

i2p sites aren’t supposed to get noticed

To understand why using Krypt3ia to get noticed is so weird, you need to understand a little about i2p.

i2p is a network like Tor that provides obscurity and security. Even today, it’s far less accessible than Tor (and was even more so in 2016). Krypt3ia could credibly access it, but I couldn’t have. Reporter Eric Lichtblau or Fusion GPS’ Laura Seago probably couldn’t have either. Normally you need either a special browser or a gateway to to access an eepsite. Importantly, the public DNS routing information that was at the heart of the project that discovered the Alfa Bank anomalies doesn’t exist for i2p. You can’t just Google for a site.

If data scientist April Lorenzen put her research on an i2p site, as alleged, she may have done so to limit who noticed it and her role in it.

It didn’t work out that way.

(Note, because the Durham investigation remains ongoing, I am not contacting her or her lawyers for comment or others who are obviously still the focus of Durham’s investigation.)

Krypt3ia didn’t link directly to her i2p site at first. He started by linking a gateway, which would be accessible to mere mortals who don’t have an i2p browser or technical prowess. His second link may have been a different gateway – again, a link readily accessible to people without using special software. It was one of these links that got sent around by journalists and researchers.

That’s what I mean about content versus function: Krypt3ia added no new content to this story. He did, however, make parts of it accessible to people – like reporters – who would otherwise never have found it.

A comment purportedly from Lorenzen sent to Krypt3ia’s site, playing on Tea Leaves’ name, expressed (or feigned) surprise at finding what the email called a mirror (but which was a proxy).

Thank you to https://krypt3ia .wordpress.com for pointing out a possible mirror of this (the original, what you are reading, http://gdd.i2p). We did not know about gdd.i2p.xyz until hearing about it from Krypt3ia. So we did a little research and see that i2p.xyz has been around for years and appears to mirror a lot of *.i2p sites. *i2p.xyz probably functions as an alternative for everybody that doesn’t have the skills to reach an i2p site :)

Next question, why would somebody first mirror – and then drop their mirror – of our http://gdd.i2p website. The following is just speculation: maybe normally i2p.xyz just mirrors everything but oops! Something hot – drop the mirror. I don’t know. I didn’t try to visit it. Mirrors of course could choose to alter content and measure who visits. We have no such opportunity to see who is visiting our real i2p site.

Whoever wrote the email, it emphasized how the proxy was different from the “real i2p site:” The proxy “functions as an alternative for everybody who that doesn’t have the skills to reach an i2p site,” but it also can “measure who visits” whereas a “real i2p site” cannot.

Whatever the story behind the Krypt3ia post, it had the effect of making it clear that researchers who believed they could find hackers by looking at public DNS data couldn’t hide what they were doing, even on networks designed to be untrackable. It had the effect of making it clear their efforts to look for Russian hackers in DNS data had been seen.

Alfa Bank alleges the Krypt3ia notice is part of an imagined conspiracy targeting the bank

It also appears to have convinced Alfa Bank that Krypt3ia was a key cog in the publication of this story. Their lawsuit claimed that,

The scientists and researchers who obtained the nonpublic DNS data deliberately leaked portions of that data to other scientists and researchers and, ultimately, to the media.

Depositions in the Alfa Bank lawsuit make it clear that Alfa believed (presumably because of those characteristics about i2p) that Fusion GPS must have been behind the effort to alert Krypt3ia to the research site and, via his post, to alert the public.

In a February 10 bid to overcome privilege claims that Fusion GPS’ Laura Seago had previously made, Alfa Bank lawyer Margaret Krawiec argued that Seago must have breached any privilege by sharing information from the publicly posted Tea Leaves information. Krawiec’s logic was that someone internal to the privilege claims asserted by Perkins Coie must have told Seago where the i2p site was, because otherwise there would be no way she could find it.

Krawiec: So, your honor, let me jump in there because one of the things that happened is that we were trying to understand how it was that Ms. Seago knew that this data had been published on the internet because it was published in an obscure place in the internet by this Tea Leaves that I told you about.

And then what Fusion did was – so we asked about that. We said, “How did you know where to look for that data? Who told you?” Cut off, instruction not to answer, privileged. But guess what they did with those links of that data? They took that data that someone told them because no one would have known to find it where it was unless someone told them.

And they wouldn’t tell us who told them or how they found it, but then they took all those links – the supposed public source research – and disseminated it to seven or eight media outlets saying you have to check this out. This is big stuff.

Fusion’s lawyer Joshua Levy countered that the link and the site itself were public.

Levy: If you – if you take the example that Alfa-Bank’s lawyer just presented to the Court, the link that someone at Fusion had circulated to a reporter, that link is a link to the internet. It’s a publicly available link, right?

The link – it’s, it’s like sending a New York Times article to a reporter at the Washington Post. Have you – have you seen this article? You should look at it. It’s interesting. Here’s a link. It happens to do with the subject matter which (indiscernible) is fascinated, [sic] but it’s a publicly available link.

Ms. Seago may have had communications internally at Fusion about that link. Those are privileged communications, but the link itself is available online for the Court, for me, for Ms. Krawiec. It’s public. There’s, there’s nothing confidential about that link.

Alfa’s lawyer responded by arguing that because an i2p site was so difficult to find, Seago’s knowledge of its location must have come from privileged information, and because she subsequently shared a link to a gateway with journalists, she had waived privilege.

Krawiec: Your Honor, I can tell you that where this link was when it was on the internet, you, myself, Mr. Levy, no one could have found that by doing a basic Google search. They were instructed where to find it in this obscure location.

And all we were trying to understand is who instructed them because the person who posted it was Tea Leaves, the anonymous computer scientist who had this computer data.

Alfa’s lawyer argued, not unreasonably, that because Tea Leaves’ site could not have been discovered by a Google search, someone connected to Tea Leaves must have told Fusion where it was, and because Fusion, in turn, shared a link to it, any privilege around Fusion’s discussions about Tea Leaves had therefore been breached.

Alfa’s focus on how Tea Leaves’ i2p site became public continued during a February 14 deposition of Peter Fritsch. In it, Alfa raised an email from Seago to Fritsch describing that Krypt3ia had become aware of Tea Leaves’ work, in response to which questions Fritsch pled the Fifth. By the time Krypt3ia posted, it seems likely, Fusion already knew April Lorenzen was involved.

But in the Seago hearing, Fusion lawyer Joshua Levy stated clearly that, “Our client didn’t move that specific communication –” pushing Tea Leaves’ information (from the context, it’s unclear to me whether this was a link directly to a gateway to Tea Leaves i2p site or one that involved Krypt3ia). Elsewhere Levy explained that Mark Hosenball had sent the link to Fusion which, in turn, sent it out to other journalists.

Fusion’s claims are consistent with them knowing of Lorenzen’s work before the Krypt3ia post, but having nothing to do with the Krypt3ia post and/or public links directly to Lorenzen’s site.

“Phil” hooked Krypt3ia up with the NYT

Alfa Bank seems to doubt Fusion’s denials that they were behind all those levels of notice to Krypt3ia.

I have no idea who first alerted Krypt3ia to the WordPress site or the i2p site, and he says he doesn’t remember who did. I do know who hooked him up with the NYT.

As I noted when I criticized this story in 2016, I was pitched the Alfa Bank story, like the NYT. But unlike the NYT, I was not pitched it by the people Durham is trying to put in jail like Sussmann, the researchers, or Fusion GPS. I was pitched it by the guy whom I’ve referred to by the pseudonym “Phil,” the person I went to the FBI about in 2017. (This is a pseudonym and he has not been charged by DOJ.)

Not only did he pitch me on it, but he told me he was the one to have hooked Krypt3ia up with the NYT reporter.

The rest of our exchange is below…

The claim that Phil had introduced Krypt3ia to a NYT reporter was credible. At the time I knew of several NYT reporters he claimed to have ties to (at Phil’s request, I had introduced him to one of them, and I’ve confirmed his contacts with others since). He also publicly interacted with Krypt3ia on Twitter.

But I had never checked whether Phil had really introduced the NYT to Krypt3ia until the Alfa Bank filing that blamed that tie on Fusion.

Nicole Perloth has confirmed it was Phil. As she described, Phil basically pushed Krypt3ia on her. “Nicole: Krypt is a person who can be an invaluable resource on this,” specifically addressing Krypt3ia‘s expertise on the dark web, even while asking her to keep him (Phil) updated on when the story would be published.

When I asked Krypt3ia if it was possible that the same person alerted him to the i2p site as had connected him to a NYT journalist, he said he did not remember.

Do you know if the person who connected you with the NYT reporter was the same was the one who pointed out the mirror? As per your post? Or don’t you remember?

Honestly don’t remember. Did not take notes or anything, thought it all bullshit and some kind of game of disinformation.

Whether or not Phil had a role in first tipping Krypt3ia off to the i2p proxy, he had a role in making the NYT aware of a series of moving versions of that site, starting with the one in Russia.

Importantly, this is not the only attempt to broker these allegations that remains publicly unexplained. There’s another unexplained package of these allegations – a “mediafire” package first posted on Reddit – raised in the Alfa suit that Fusion disclaimed credit for.

At least one person pushing this story was (as far as I know) completely unrelated to the efforts Durham and Alfa have focused on. Given that April Lorenzen used a pseudonym for her efforts, it would have been easy to hijack those efforts. So until April Lorenzen certifies that all the communications posted under the name “Tea Leaves” out there are hers (including the comment attached to a Tutanota email in Krypt3ia’s post), neither should anyone assume she’s responsible for all of them.

Alfa Bank believed that the public notice of the Tea Leaves i2p site was proof that Fusion, and only Fusion, was dealing these allegations. The opposite is the case.

To be sure: that might have mattered if Vladimir Putin’s invasion hadn’t killed the Alfa Bank lawsuit. But Phil’s role in the Krypt3ia post doesn’t much matter to the Sussmann indictment. Sussmann’s alleged lie was on September 19, 2016, 16 days before the communications leading to the Krypt3ia post started. Nothing Phil did on October 8 and thereafter, it seems, could affect that alleged lie.

That said, Durham’s sprawling single-count indictment does include allegations about Sussmann’s outreach to the press that post-dates Phil’s involvement and may rely on it. Most notably, a paragraph describing that Sussmann emailed Lichtblau on October 10 encouraging him to send an opinion piece criticizing the NYT for its Trump coverage mentions that, “At or around that time, and according to public sources, [Lichtblau] was working on an article concerning the [Alfa Bank] allegations, but [Lichtblau’s] editors at [NYT] had not yet authorized publication of the article.” [my emphasis] Krypt3ia’s comment, “the NYT confirmed that they asked the question and shit happened. They are still looking into it” – a comment that indirectly involved Phil – is one of those public sources.

At the time, Phil was pushing a NYT article more aggressively than what Durham describes Sussmann doing, and he played at least some role in the public sources that reported NYT was working on an article.

So Phil’s involvement adds an important detail about how these claims were made public in the weeks leading up to the election, but none of that changes whether or not Sussmann lied to cover up Hillary and/or Rodney Joffe’s role in all this.

Update: I’ve corrected the post to reflect that the original site, hosted in Russia, was a proxy, not a mirror. Thanks to @i2p at geti2p.net for the corrections starting in this exchange.

Texts

The following includes all the Signal texts included in the exchange regarding the Alfa Bank DNS anomalies.

Two comments on these texts: I’m not sure what I meant in the text sent on October 9 at 10:51AM. I suspect I mistyped. I suspect I was trying to explain Betsy and Dick DeVos’ traditional role in the Republican party – money – was less urgent to Trump in October 2016 than some kind of credible Republican policy platform. 

I stand by everything else I said in these texts, though admit my observation about the adversity between UAE and Russia turned out to be hilariously and epically wrong, particularly as it pertained to Prince.

Share this entry

Whinger Verbs: To Investigate … To Prosecute … To Indict

/139 Comments/in , , , /by

Because Alvin Bragg chose not to prosecute Donald Trump, the whingers are out again complaining about Merrick Garland, who last I checked was an entirely different person.

I’ve copied the “Key January 6 posts” from my post showing what reporting on the January 6 investigation — rather than simply fear-mongering to rile up CNN viewers or your Patreon readers — really looks like below.

But for now I’d like to talk about the language the whingers — those complaining that Merrick Garland hasn’t shown people who aren’t looking what DOJ is doing. It’s telling.

Take this post from David Atkins that opines, accurately, that “Refusing to Prosecute Trump Is a Political Act,” but which stumbles in its sub-head — “The evidence is clear. It’s time to prosecute the former president, and Merrick Garland shouldn’t wait.” — and then completely collapses when it asserts that there are just two possible reasons why Merrick Garland has not “prosecuted” Trump.

But there is a deeper question as to why Attorney General Merrick Garland and the DOJ have not prosecuted Trump. No one at the department is talking on the record, but there are only two possible answers—neither of which is satisfactory.

It is possible that prosecutors do not believe there is enough evidence against Trump to convince a jury of his guilt. I’m not a lawyer, but this seems somewhat difficult to believe.

[snip]

The second possibility is that the Department of Justice hasn’t prosecuted Trump because of political pressure. Again, this is speculation. But if Garland is succumbing to either internal or external pressure to avoid charging Trump out of fears of civil conflict, or the appearance of political motivation, that would be a grave error—not prosecutorial discretion but prosecutorial dereliction. Allowing fears of violent reprisals to derail a prosecution would be a grave injustice.

Atkins is wrong about the reasons. I wrote here about why the ten acts of obstruction Mueller identified are almost universally misrepresented by whingers, in part because Billy Barr did real damage to those charges (as he did to other ongoing investigations), and in part because the ten acts that existed in March 2019 are not the acts of obstruction that exist today.

We know part of why Trump hasn’t been charged for political crimes: because Trump ensured the FEC remained dysfunctional and Republicans have voted not to pursue them (something that whingers might more productively spend their time pursuing).

It seems nutty to suggest that Trump should be “prosecuted” already for taking classified documents to Mar-a-Lago when that was referred just weeks ago. It’s also worth considering whether it would be easier to prosecute Trump for obstruction for these actions, tied to one of his other malfeasance, and then consider where investigations related to that malfeasance already exist.

Bizarrely, Atkins doesn’t consider it a possibility that it would take Merrick Garland’s DOJ more than 380 days to prosecute the former President. It took months to just wade through Stewart Rhodes’ Signal texts. It has taken 11 months, so far, to conduct a privilege review of Rudy’s phones (for which DOJ obtained a warrant on Lisa Monaco’s first day on the job). DOJ has six known cooperators in the Oath Keeper case (at least four with direct ties to Roger Stone) and one known cooperator in the Proud Boys case (and likely a bunch more we don’t know about). Particularly in the Oath Keeper investigation, DOJ has been rolling people up serially. But that process has taken longer because of COVID, discovery challenges, and the novelty of the crime.

But that goes to Atkins’ curious choice of the word “prosecute” here. I generally use the verb to refer to what happens after an indictment — the years long process of rebuffing frivolous legal challenges, but for an organized crime network, “prosecute” might also mean working your way up from people like militia members guarding your rat-fucker to the militia leaders planning with your rat-fucker to the rat-fucker to the crime boss.

I think what Atkins actually means, though, is “indict,” or “charge.” But his entire post betrays a fantasy where one can simply arrest a white collar criminal in the act after he has committed the act.

What whingers often say, though, is they want Garland to “investigate” Trump. Then they list a bunch of things — like cooperating witnesses or grand jury leaks or raids or indictments — that we’ve already seen, and insist we would see those things if there were an investigation but take from that that there’s not an investigation even though we see the things that they say we would see if there were an investigation.

Whinger brain confuses me sometimes.

The point, though, is that the language whingers use to describe what they imagine is Garland’s inaction or cowardice (none of these people have done the work to figure out whether that’s really the case), is designed to be impossible. That makes it necessarily an expression of helplessness, because their demand is actually that Trump be disappeared from the political scene tomorrow, and that’s hasn’t happened with multiple investigations implicating him, it sure as hell won’t happen if and when he is indicted, and it wouldn’t happen during a hypothetical extended period during which Trump is prosecuted.

Indeed, I’ve lost count of the number of people who tell me Bannon hasn’t been indicted, even though Bannon has been indicted. It’s just that he’s entitled to due process and in many ways being indicted provides him a way to play the victim.

There are multiple investigations implicating close Trump associates and the January 6 investigation is absolutely designed to incorporate Trump, if DOJ manages to continue building from the crime scene backwards. But that’s not actually what people want. None of these verbs — to investigate, to indict, to prosecute — are the ones that whingers are really hoping to see.

And the verbs they’re hoping to see — perhaps “neutralize” or “disappear” — are not ones that happen as part of due process.

And none of the due process verbs — “investigate,” “indict,” “prosecute” — are likely to work unless people at the same time think of things like “discredit.”

Key January 6 posts

The Structure of the January 6 Assault: “I will settle with seeing [normies] smash some pigs to dust”

DOJ Is Treating January 6 as an Act of Terrorism, But Not All January 6 Defendants Are Terrorists

While TV Lawyers Wailed Impotently, DOJ Was Acquiring the Communications of Sidney Powell, Rudy Giuliani, and (Probably) Mark Meadows

Why to Delay a Mark Meadows Indictment: Bannon Is Using His Contempt Prosecution to Monitor the Ongoing January 6 Investigation

The Eight Trump Associates Whom DOJ Is Investigating

January 6 Is Unknowable

“I’m Just There to Open the Envelopes:” The Select Committee and DOJ Investigations Converge at Mike Pence

Why It Would Be Counterproductive To Appoint a Special Counsel to Investigate January 6

DOJ’s Approximate January 6 Conspiracies

Easy Cases: Why Austin Sarat’s Argument That Trump Should Not Be Prosecuted Is Wrong

How a Trump Prosecution for January 6 Would Work

Judge Mehta’s Ruling that Donald Trump May Have Aided and Abetted Assaults on Cops Is More Important Than His Conspiracy Decision

“Fill the Silence:” On Obstruction, Listen to DOJ and Merrick Garland

Share this entry

John Durham Keeps Chasing Possible Russian Disinformation

/59 Comments/in , /by

Yesterday, the two sides in the Michael Sussmann case submitted the proposed jury questions they agree on and some they disagree on.

Durham objects to questions about security clearances and educational background (presumably Durham wants to make it harder for Sussmann to get people who understand computers and classification on the jury).

Sussmann objects to questions about April Lorenzen’s company and Georgia Tech.

He also objects to a question that assumes, as fact, that the Hillary campaign and the DNC “promoted” a “collusion narrative.”

I suspect Sussmann’s objections to these questions are about direct contact. For all of Durham’s heaving and hollering, while Sussmann definitely met with Fusion GPS, of the researchers, the indictment against Sussmann only shows direct contact with David Dagon. Everything else goes through Rodney Joffe. Plus, a document FOIAed by the frothy right shows that Manos Antonakakis believes what is portrayed in the indictment is at times misleading and other times false, which I assume he’ll have an opportunity to explain at trial.

As regards the campaign, as I already noted, when Sussmann asked Durham what proof the Special Counsel had that he was coordinating with the campaign, Durham pointed to Marc Elias’ contacts with the campaign and, for the first time (over a month after the indictment), decided to interview a Clinton staffer.

Sussmann will probably just argue that Durham’s plan to invoke these things simply reflects Durham’s obstinate and improper treatment of a single false statement charge as a conspiracy the Special Counsel didn’t have the evidence to charge.

But Durham’s inclusion of it makes me suspect that Durham wants to use an intelligence report that even at the time analysts noted, “The IC does not know the accuracy of this allegation or the extent to which the Russian intelligence analysis may reflect exaggeration or fabrication.” Nevertheless, John Ratcliffe, who has a history of exaggeration for career advancement, declassified, unmasked Hillary’s name, and then shared with Durham.

If Durham does intend to use this, though, it would likely mean Durham would have to share parts of the Roger Stone investigation file with Sussmann. That’s because the report in question ties the purported Clinton plan to Guccifer 2.0.

And as the FBI later discovered, there was significant evidence that Roger Stone had been informed of the Guccifer 2.0 persona before it went public.

That information, along with a bunch of other things revealed about Stone’s activities before this Russian report, suggest the Russian report may actually be an attempt to protect Stone, one that anticipated Stone’s claims in the days after the report that Guccifer 2.0 was not Russian.

Unless Durham finds a way to charge conspiracy in the next two months, Judge Christopher Cooper would do well to prevent Durham from continuing his wild conspiracy theorizing. Because it’s not clear Durham knows where the strings he is pulling actually lead.

Share this entry

Paul Manafort Prevented from Flying to Dubai

/72 Comments/in , , /by

As Knewz first reported and AP has now matched, Paul Manafort was pulled from a flight to Dubai on Sunday because his passport was revoked.

Former Trump adviser Paul Manafort was removed from a plane at Miami International Airport before it took off for Dubai because he carried a revoked passport, officials said Wednesday.

Miami-Dade Police Detective Alvaro Zabaleta confirmed that Manafort was removed from the Emirates Airline flight without incident Sunday night but directed further questions to U.S. Border and Customs Protection. That agency did not immediately respond to an email Wednesday seeking comment.

A lawyer who has represented Manafort did not immediately return a call and email seeking comment Wednesday.

As a reminder, Manafort’s pardon did not include his actions in an August 2, 2016 meeting with alleged Russian spy Konstanin Kilimnik, at which he seemingly traded his strategy to win the election for $19 million in financial benefit and a commitment to help carve up Ukraine.

Nor was Manafort pardoned for his efforts, which continued at least until he was arrested, to help Kilimnik carve up Ukraine to Russia’s liking.

Nor was Manafort pardoned for his role in all the influence-peddling that Rudy Giuliani was involved with in Ukraine through 2020.

This was three days ago. The fact that Sean Hannity has not been wailing about the poor treatment of Manafort since suggests either that there’s not a good way to spin it, or that Manafort has some reason to want to keep this quiet.

Update: NBC’s Tom Winter says that, contrary to other reports, he was simply not permitted to board and that he can apply for a new passport. It’s not clear why he speaks of a “new investigation.”

Share this entry

John Durham’s Top Prosecutor, Andrew DeFilippis, Allegedly Miffed that DARPA Investigated Guccifer 2.0

/59 Comments/in , , /by

Vladimir Putin’s invasion of Ukraine and the sanctions imposed as a result has led lawyers in the US to drop the now-sanctioned Alfa Bank and its owners, leading to the dismissal of the John Doe, BuzzFeed, and Fusion GPS lawsuits filed by Alfa Bank or its owners. That has, for now, brought an end to a sustained Russian effort to use lawfare to discover “U.S. cybersecurity methods and means” (as some of Alfa’s targets described the effort).

But the dismissal of the Alfa Bank suits hasn’t halted the effort to expose US cybersecurity efforts in the guise of pursuing right wing conspiracy theories. Both Federalist Faceplant Margot Cleveland and “online sleuths” goaded, in part, by Sergei Millian have picked up where Alfa Bank left off. In recent days, for example, documents obtained via a Federalist FOIA to Georgia Tech exposed the members of a cybersecurity sharing group, including a bunch at Three-Letter Agencies, which has little news value but plenty of intelligence value to America’s adversaries (these names were released even while someone — either Georgia Tech or the Federalist — chose to redact the contact information for Durham’s investigators, some of which is otherwise public).

Even while doing her part to make America less safe (raising the perennial question of who funds the Federalist), Cleveland has continued to do astounding work misrepresenting Durham’s investigation. From the same FOIA release, she published a document in which research scientist Manos Antonakakis described that chief Durham AUSA Andrew DeFilippis insinuated to him that it was abusive for DARPA to try to discover the network behind the Guccifer 2.0 persona.

Finally, I will leave you with an anecdote and a thought. During one of my interviews with the Special Counsel prosecutor, I was asked point blank by Mr. DeFilippis, “Do you believe that DARPA should be instructing you to investigate the origins of a hacker (Guccifer_2.0) that hacked a political entity (DNC)?” Let that sync for a moment, folks. Someone hacked a political party (DNC, in this case), in the middle of an election year (2016), and the lead investigator of DoJ’s special council would question whether US researchers working for DARPA should conduct investigations in this matter is “acceptable”! While I was tempted to say back to him “What if this hacker hacked GOP? Would you want me to investigate him then?”, I kept my cool and I told him that this is a question for DARPA’s director, and not for me to answer.

Assuming this is an accurate description, this is a shocking anecdote, a betrayal of US national security.

It suggests that Durham’s lead prosecutor doesn’t believe the government should throw its most innovative research at a hostile nation-state attack while that nation-state is attempting to influence an election. Sadly, though, it’s not surprising.

It is consistent with things we’ve seen from Durham’s team throughout. It’s consistent with Durham’s treatment of a loose tie between an indirect and unwitting Steele dossier source and the Hillary campaign as a bigger threat than multiple ties to Russian intelligence (or Dmitry Peskov’s office, which knew that Michael Cohen and Donald Trump were lying about the former’s secret communications with Peskov’s office). It is consistent with Durham’s more recent suggestion that the victim of such a nation-state attack must wait until after an election to report a tip that might implicate her opponent.

I almost feel like DeFilippis will eventually say Hillary should have just laid back and enjoyed being hacked in 2016.

DeFilippis, and Durham generally, have consistently treated Hillary as a far graver threat than Russia, even now, even as Russia conducts a barbaric invasion of a peaceful democracy.

But Antonakakis’ anecdote is all the more troubling because it suggests that DeFilippis seems to misunderstand what happened with the DARPA contract in question in 2016. The Enhanced Attribution RFP’s description of the hacking campaigns it was targeting — “multiple concurrent independent malicious cyber campaigns, each involving several operators” — pretty obviously aims to tackle Advanced Persistent Threats, of which APT 28 and 29 (both of which targeted the DNC) were among the most pressing in 2016. DARPA presumably didn’t ask Antonakakis to focus on Guccifer 2.0 — a persona which didn’t exist when the contract was put up for bid in April 2016, much less in the months earlier when it was originally conceived. Rather, by description, they were asking bidders to look at APTs, and looking at APT 28 would have happened to include looking at Guccifer 2.0, the DNC hack, and a number of hacks elsewhere in the US and the world.  The reason DARPA would ask Georgia Tech to look at APT 28 is because APT 28 was hacking a lot of targets in the time period, all of which provided learning sets for a researcher like Antonakakis. DeFilippis, then, seems miffed that the APT that DARPA wanted to combat happened to be one of two that targeted Hillary.

That’s a choice Russia made, not DARPA.

While I think Cleveland did serious damage with some of her releases, I’m glad she released this document because it provides a way for Michael Sussmann to make DeFilippis’ troubling views on national security a central issue at trial, something that normally is difficult to do.

It also provided Cleveland another opportunity to faceplant in spectacular trademark Federalist fashion. Cleveland used this document to rile up the frothers by suggesting this is proof that Durham is investigating the DNC attribution.

Exclusive: Special Counsel’s Office Is Investigating The 2016 DNC Server Hack

The U.S. Department of Defense tasked the same Georgia Tech researcher embroiled in the Alfa Bank hoax with investigating the “origins” of the Democratic National Committee hacker, according to an email first obtained by The Federalist on Wednesday. That email also indicates the special counsel’s office is investigating the investigation into the DNC hack and that prosecutors harbor concerns about the DOD’s decision to involve the Georgia Tech researcher in its probe.

[snip]

The public storyline until now had been that CrowdStrike, the cybersecurity firm Sussmann hired in April 2016, had concluded Russians had hacked the DNC server, and that the FBI, which never examined the server, concurred in that conclusion. Intelligence agencies and former Special Counsel Robert Mueller likewise concluded that Russian agents were behind the DNC hack, but with little public details provided.

It now appears that DARPA had some role in that assessment, or rather Antonakakis did on behalf of DARPA, which leads to a whole host of other questions, including whether DARPA had access to the DNC server and data and, if so, from whom did the DOD’s research arm get that access? Was it Sussmann?

There’s no reason to believe this and every reason to believe that — as I said — DeFilippis is pissed that DARPA prioritized their research on a target that was badly affecting national security (and not just in US, but also in allied countries) in 2016, one that happened to attempt to help Trump get elected.

But look how many errors Faceplant’s Cleveland made in the process:

Cleveland repeats the Single Server Fallacy, imagining that the DNC, DCCC, and Hillary had just one server between them to be hacked and all the servers that got hacked were in the possession of one of those victims. That’s, of course, ridiculous. The server that GRU hacked to get John Podesta’s emails belonged to Google. The server that GRU hacked to get Hillary’s analytics belonged to AWS. There was a staging server in AZ; I have been told that the FBI seized at least one US-based server that did not belong to the DNC (that server is why the frothy right’s focus on what Shawn Henry testified to HPSCI is so painfully ignorant — because it ignores that the FBI had access to servers that Henry did not that did show exfiltration).

Cleveland apparently doesn’t know that FBI knew who was hacking the DNC when they warned them starting in September 2015 they were being hacked. The FBI’s awareness of that not only explains why APT 29 and 28 would have been included in DARPA’s targets for EA, but proves that the government was tracking these hacking groups above and beyond the attack on Hillary. This was never just a reaction to the election year hack.

Cleveland claims Mueller’s attribution of the DNC hack to the GRU provided “little public details,” when in fact the Mueller Report showed 29 sources other than CrowdStrike, including:

  • Gmail
  • Linked-In
  • Microsoft
  • Facebook
  • Twitter
  • WordPress
  • ActBlue
  • AWS
  • AOL
  • Smartech Corporation
  • URL shortening service
  • Bitcoin exchanges
  • VPN services

According to Mueller’s report, all these sources also corroborated the GRU attribution. And Mueller’s list doesn’t include a number of other known entities that corroborated the attribution, including NSA and Dutch intelligence, which couldn’t be named in a public DOJ document. Mueller’s list doesn’t include Georgia Tech either, but it wouldn’t need to, because there was so much other evidence.

The Mueller Report described obtaining almost 500 warrants, but the released list — from which FBI’s Cyber Division successfully withheld those pertaining to the GRU investigation — only includes around 370-400 warrants (based on an 156 pages of warrants with roughly three per page), suggesting there may be 100 warrants tied to the GRU attribution alone.

By the time Antonakakis started looking at the DNC hack as part of EA, multiple entities, including several Infosec contractors, non-US intelligence services, and non-governmental entities like tech giants (including at least three of the ones on Mueller’s list), had plenty of evidence that the Guccifer 2.0 campaign was run by the APT 28. Including Guccifer 2.0 as part of the research set would simply be part of the existing targeting of a dangerous APT.

But apparently neither DeFilippis nor Cleveland understand that 2016 was part of an ongoing identified threat to US national security.

One thing Putin did in 2016 was to use disinformation to train the frothy right to favor Russia more than fellow Americans from the opposing party. Even as Russia attacks Ukraine, that still seems to be true.

Share this entry

“The Laptop” Is the Functional Equivalent of The Steele Dossier, 1: Rudy Is the Real Scandal

/51 Comments/in , , /by

I’m going to explain how The Laptop that Rudy Giuliani floated just before the election is the functional equivalent of the Steele dossier.

Before I do, let me make a fairly obvious (if counterintuitive) point: Of the three people that powerful Ukrainians attempted to cultivate for their ties to the Vice President or President — Paul Manafort, Hunter Biden, and Rudy Giuliani — just one provably affected US policy through the Vice President or President: Rudy.

Contrary to what you may have read, for example, Manafort actually wasn’t the one who prevented the GOP platform from being strengthened to support Ukraine, JD Gordon was (though Trump’s do-not-recall answer about his own involvement can’t rule that out). Mueller’s decision not to prosecute Gordon as an agent of Russia was only recently made public (thanks to the relentless work of Jason Leopold and his lawyer).

And while there’s a lot of circumstantial evidence that Manafort entered into a quid pro quo on August 2, 2016, trading campaign strategy for a commitment to help carve up Ukraine to Russia’s liking along with $19 million a financial benefit for Manafort personally, because the investigation into Manafort became public in 2016, his ongoing efforts to push that Russian plan to dismember Ukraine never (as far as has been made public) had the involvement of Trump. It’s possible Trump was involved or Manafort got certain commitments in 2016, but Manafort’s own cover-up prevented DOJ from determining whether or not that was true.

According to the NYT story that has renewed the frenzy around the laptop Rudy Giuliani released just before the election, Federal prosecutors still haven’t determined whether Hunter Biden’s treatment of Chinese, Kazakh, and Ukrainian influence efforts amounted to a crime. But they do have evidence that Hunter Biden tried to be explicit that he could not influence his father to help Burisma.

In one email to Mr. Archer in April 2014, Mr. Biden outlined his vision for working with Burisma. In the email, Hunter Biden indicated that the forthcoming announcement of a trip to Ukraine by Vice President Biden — who is referred to in the email as “my guy,” but not by name — should “be characterized as part of our advice and thinking — but what he will say and do is out of our hands.”

The announcement “could be a really good thing or it could end up creating too great an expectation. We need to temper expectations regarding that visit,” Hunter Biden wrote.

Vice President Biden traveled to Kyiv, the Ukrainian capital, about a week after the email.

In the same April 2014 email, Hunter Biden indicated that Burisma’s officials “need to know in no uncertain terms that we will not and cannot intervene directly with domestic policymakers, and that we need to abide by FARA and any other U.S. laws in the strictest sense across the board.”

He suggested enlisting the law firm where he worked at the time, Boies Schiller Flexner, to help Burisma through “direct discussions at state, energy and NSC,” referring to two cabinet departments and the National Security Council at the White House.

The firm “can devise a media plan and arrange for legal protections and mitigate U.S. domestic negative press regarding the current leadership if need be,” Mr. Biden wrote in the email.

And sworn testimony from experts in both parties say Hunter did not dissuade his father from taking steps to crack down on corruption.

Of these three well-connected Americans being cultivated by powerful and corrupt Ukrainians — some but not all of them known Russian agents — only Rudy Giuliani is known to have had a direct effect on policy. Among other things, Rudy got Marie Yovanovitch fired. In only Rudy’s case, then, do we have clearcut proof that a Ukrainian influence operation had the desired effect of  changing American policy. Though even there, it’s not yet clear whether Rudy’s unregistered influence peddling was criminal.

(Obviously, Manafort pled guilty to being an unregistered Ukrainian agent during the earlier period, and he got paid orders of magnitude more than Hunter Biden did, too.)

So as we fight about The Laptop again, based on a reference to verified emails in a NYT article bylined by serial Rudy mouthpiece Ken Vogel, the first thing we should keep in mind is that there’s far more evidence that Rudy Giuliani successfully influenced the President or Vice President as a secret agent of Ukraine than Hunter Biden.

Share this entry

Five Years after WikiLeaks Exposed CIA Identities in Vault 7, UK Moves Closer to Assange Extradition

/9 Comments/in , , , /by

Last November, in response to an order from Judge Jesse Furman, DOJ said that they were fine with accused Vault 7 leaker Joshua Schulte’s request for a delay before his retrial. In fact, they didn’t think a Schulte retrial could start before March 21.

Although the Government is available for trial at any time in the first or second quarters of 2022, the Government does not believe it would be practical to schedule the trial prior to March 2022. In particular, although the Government believes that the Court’s prior rulings pursuant to Section 6 of CIPA address the vast majority of questions concerning the use of classified information at trial in this matter, it appears likely that the defendant will seek to use additional classified information beyond that previously authorized by the Court. The process for pretrial consideration of that application pursuant to Section 6 is necessarily complex, entailing both briefing and hearings in a classified setting. To the extent the Court authorizes the defendant to use additional classified information, implementation of the Court’s rulings can also take time, such as through either declassification of information or supplemental briefing regarding the application of Section 8 of CIPA (authorizing the admission of classified evidence without change in classification status). The proposed trial date also takes into consideration matters discussed in the Government’s ex parte letter submitted on August 4, 2021. Accordingly, in order to afford sufficient time both for the likely upcoming CIPA litigation and for the parties to prepare for trial with the benefit of any supplemental CIPA rulings, the Government believes that the earliest practical trial date for this matter would be March 21, 2022.

Part of this delay was to revisit the Classified Information Procedures Act decisions from the first trial because, now that he’s defending himself, Schulte likely wanted to use more classified information than Sabrina Shroff had used in the first trial. It turns out March 21 was overly optimistic for CIPA to be done. Because of an extended debate over how to alter the protective order, the government will only file its CIPA motion tomorrow (it just asked to submit a much longer filing than originally permitted, and got permission to file a somewhat longer one).

It’s the other part of the government’s interest in delay — its references to “matters discussed” in a sealed letter from August 4 — that I’ve been tracking with interest, particularly as the Assange extradition proceeded. As I noted earlier, that August 4 letter would have been sent five years to the day after Schulte started searching on WikiLeaks, Edward Snowden, and Shadow Brokers (according to the government theory of the case, Schulte stole and leaked the CIA’s hacking tools earlier, in late April and early May 2016).

Since those mentions of a sealed letter last year, the government has asked for and gotten two meetings to discuss classified information with Judge Fruman under section 2 of CIPA, first for February 8 (after which a sealed document was lodged in Chambers), and the second one for March 9.

Section 2 provides that “[a]t any time after the filing of the indictment or information, any party may move for a pretrial conference to consider matters relating to classified information that may arise in connection with the prosecution.” Following such a motion, the district court “shall promptly hold a pretrial conference to establish the timing of requests for discovery, the provision of notice required by Section 5 of this Act, and the initiation of the procedure established by Section 6 (to determine the use, relevance, or admissibility of classified information) of this Act.”

That second CIPA Section 2 meeting, on March 9, would have taken place days after the five year anniversary for the first Vault 7 publication, and with it the publication of the names or pseudonyms and a picture of several colleagues Schulte had vendettas against.

Schulte acknowledged that publication in a recently-released self-justification he wrote to an associate after the Vault 7 release (it’s unclear when in 2017 or 2018 he wrote it), one he’s making a renewed attempt to suppress.

The names that were allegedly un-redacted were pseudonyms — fake names used internally in case a leak happened. Those of us who were overt never used last names anyway; This was an unwritten rule at the agency — NEVER use/write true last names for anyone. So I was convinced that there was little personal information revealed besides a picture of an old boss of mine that was mistakenly released with the memes.

Not long after he acknowledged the rule against using people’s names in that self-justification, Schulte used the names of the three colleagues he was most angry at: His boss Karen, his colleague “Jeremy Weber,” and another colleague, Amol, names that were also central to his efforts to leak from jail. If the FBI could ever develop evidence that Weber’s name was deliberately left in WikiLeaks’ Vault 7 publication, both Schulte and anyone else involved would be exposed to legal liability for violating the Intelligence Identities Protection Act, among other crimes.

On Monday, one week short of the day DOJ thought might be a realistic start day for the retrial, the British Supreme Court refused Assange’s bid to appeal a High Court decision accepting (flimsy) US assurances that Assange would not be held under Special Administrative Measures, finding that the appeal “does not raise an arguable point of law.”

Given the timing of the sealed filings in the Schulte case and the way the 2020 superseding indictment accuses Assange of “exhort[ing a Chaos Computer Club] audience to join the CIA in order to steal and provide information to WikiLeaks,” effectively teeing up Schulte’s alleged theft, I would be unsurprised if one of the things DOJ was delaying for weren’t this moment, some resolution to the Assange extradition.

To be sure: the Assange extradition is not over, not by a long shot. As a letter from his attorneys explains, this decision will go back to Vanessa Baraitser, who will then refer the extradition to Home Secretary Priti Patel. Assange will have four weeks to try to persuade Patel not to extradite him.

And, as the same letter notes in classically British use of the passive voice, Assange could still appeal Baraitser’s original ruling.

It will be recollected that Mr Assange succeeded in Westminster Magistrates’ Court on the issue subsequently appealed by the US to the High Court. No appeal to the High Court has yet been filed by him in respect of the other important issues he raised previously in Westminster Magistrates’ Court. That separate process of appeal has, of course, has yet to be initiated.

But an appeal on these issues would be decidedly more difficult now than they would have been two years ago.

That’s true, in part, because the Biden Administration’s continuation of Assange’s prosecution has debunked all the bullshit claims Assange made about being politically targeted by Donald Trump.

I also expect at least one of the purportedly exculpatory stories WikiLeaks has been spamming in recent months to be exposed as a complete set-up by WikiLeaks — basically an enormous hoax on WikiLeaks’ boosters and far too many journalist organizations. WikiLeaks has become little more than a propaganda shop, and I expect that to become clearer in the months ahead.

Finally, if the US supersedes[d] the existing indictment against Assange or obtains[ed] a second one in the last seven months, it will badly undermine any remaining claim Assange has to doing journalism. That’s true for a slew of reasons.

As I laid out here, the part of the Baraitser ruling that distinguished Assange’s actions from journalism based on his solicitation of hacks relied heavily on the language that directly teed up the hack-and-leak Schulte is accused of.

Mr. Assange, it is alleged, had been engaged in recruiting others to obtain information for him for some time. For example, in August 2009 he spoke to an audience of hackers at a “Hacking at Random” conference and told them that unless they were a serving member of the US military they would have no legal liability for stealing classified information and giving it to Wikileaks. At the same conference he told the audience that there was a small vulnerability within the US Congress document distribution system stating, “this is what any one of you would find if you were actually looking”. In October 2009 also to an audience of hackers at the “Hack in the Box Security Conference” he told the audience, “I was a famous teenage hacker in Australia, and I’ve been reading generals’ emails since I was 17” and referred to the Wikileaks list of “flags” that it wanted captured. After Ms. Manning made her disclosures to him he continued to encourage people to take information. For example, in December 2013 he attended a Chaos computer club conference and told the audience to join the CIA in order to steal information stating “I’m not saying don’t join the CIA; no, go and join the CIA. Go in there, go into the ballpark and get the ball and bring it out”. [emphasis Baraitser’s]

If the government proves what is publicly alleged, Schulte’s actions have nothing to do with whistleblowing and everything to do with vindictive hacking to damage the CIA, precisely what Assange was eliciting. Plus, even if such a hypothetical superseding indictment added just Vault 7/Vault 8 charges against Assange, it could put extortion and IIPA on the table (the latter of which would be a direct analogue to the UK’s Official Secrets Act), to say nothing of the still unexplained fate of the CIA source code which — as Schulte himself acknowledged — would have provided an unbelievable benefit had Russia had received it.

And that assumes that Vault 7/Vault 8 would be the only thing the US wanted to supersede with. When Jeremy Hammond asked prosecutors why they hadn’t charged Assange for helping Russia tamper in US elections, they appeared to respond by describing the long time it would take to extradite Assange, implying that they still had time to charge Assange. To be sure, Mueller concluded that he “did not have admissible evidence that was probably sufficient to obtain and sustain a Section 1030 conspiracy conviction of WikiLeaks [or] Assange.” But the implication was that Mueller had evidence, just not stuff that could be submitted at trial. The extradition of Vladislav Klyushin — whose lawyer believed the US was particularly interested in his knowledge of the 2016 operation — might change that. (Like Assange, Klyushin’s extradition was also pending when DOJ submitted that first sealed filing; Klyushin’s case has been continued to share more discovery.)

There are several other operations WikiLeaks was involved in in 2015 and afterwards that would undermine any claim of being a journalistic outlet — and would add to the evidence that Assange had, at least by those years, been working closely to advance the interests of the Russian government.

It would be very hard to argue that Assange was being prosecuted for doing journalism if the US unveiled more credible allegations about the multiple ways Assange did Russia’s bidding in 2016 and 2017, even in normal times. All the more so as Russia is continuing its attack on democracy with its invasion of Ukraine.

And that’s what Assange faces as he attempts to stay out of the US.

Share this entry

The Lesson Marina Ovsyannikova Offers to Chuck Todd and Lester Holt

/73 Comments/in , , , , /by

Yesterday, an editor at Russia’s official Channel One news, Marina Ovsyannikova, came onto a live broadcast and held up a sign condemning Russia’s war on Ukraine.

Predictably, she was quickly detained; thus far, her attorneys have been unable to locate her (though one outlet has said she’ll be charged under Russia’s new crackdown law).

Shortly after her detention, a pre-recorded video was released, in which she explained her actions. She spoke of the shame she feels about her past involvement in Putin’s lies.

What is happening right now in Ukraine is a crime and Russia is the aggressor. And the responsibility for this aggression lies on the conscience of only one person. This man is Vladimir Putin. My father is Ukrainian. My mother is Russian. And they were never enemies. And this necklace on my neck is a symbol of the fact that Russia must immediately stop the fratricidal war and then our brotherly peoples will still be able to reconcile.

Unfortunately, in recent years I have been working on Channel One, working for Kremlin’s propaganda. And I am very ashamed of it. I am ashamed that I was letting them tell those lies from the screen. I’m ashamed that I allowed to “zombify” the Russian people.

We kept silent in 2014, when all this was just in the beginning. We didn’t go to rallies when the Kremlin poisoned Navalny. We just silently watched this inhumane regime.

And now the whole world has turned away from us, and even 10 generations of our descendants will not be enough to wash away the shame of this fratricidal war. We are Russian people — thoughtful and smart. It’s up to us to stop this madness. Come out to rallies. Don’t be afraid of anything. They can’t imprison all of us.

It was an incredibly brave — and because she planned her actions in advance — well-executed protest.

But make no mistake. Ovsyannikova is not, like another brave journalist who spoke up this week, Yevgenia Albats, someone who has criticized the regime in the past, someone whose witness now is a continuation of years of brave reporting.

Rather, Ovsyannikova is someone who, a profile describes, “was a cog in a big machine of Channel One’s news production.” She was part of the the production of official truth. And as she describes, hers is the lesson of regret for that complicity, someone who will forever own a part of Putin’s crimes because she took the comfortable route of contributing to and participating in Putin’s exercise of power. She will almost certainly pay a stiff price for her speech, but she is also someone who did nothing, up till now, as Putin kept raising the price of speaking freely.

While Ovsyannikova’s protest will likely resonate for some time, I would hope that complicit journalists in countries where it’s not too late to defend democracy reflect seriously on Ovsyannikova’s shame. Even as Russia rains bombs down on Ukraine, journalists like Chuck Todd and Lester Holt invited Bill Barr onto their TV to tell lies about Russia’s attack on democracy in the United States, to tell lies about Trump’s extortion of Ukraine, to tell lies about his role in an attack on democracy. Like Ovsyannikova, Todd and Holt sit, comfortable, polished, and complicit, as Barr told lies that were a direct attack on democracy and rule of law.

And like Ovsyannikova, they are doing nothing to rebut the lies of authoritarianism before it’s too late.

Update: Ovsyannikova has surfaced and is thus far facing only administrative crimes, so days, not years, in jail.

Update: Ovsyannikova was fined 30,000 rubles and released, but that apparently only covers the social media video, not the protest on TV.

Share this entry

“Problem:” SDNY Charges Elena Branson as Unregistered Agent of Russia

/76 Comments/in , /by

Back in 2013, the Senior Vice President of the Russian American Chamber of Commerce (Sergei Millian’s organization) sent Elena Branson language from FARA with the subject line, “Problem.”

a. On or about January 30, 2013, BRANSON received an email from an individual using an email address ending in “mail.ru.” Based on my review of publicly available information, I have learned that this individual was a Senior Vice President of the Russian American Chamber of Commerce in the USA. This email had the subject line “Problem.” and the text of the email included, among other things, a portion of the FARA Unit’s website with background on FARA. In response, BRANSON wrote, in part, “I am interested in the number of the law, its text in English[.]” The sender then responded with “Lena, read …” and copied into the email background on FARA and portions of the statute.

Branson, who the prior year had founded the Russian Center of New York and subsequently became the Chair of Russian Community Council of the USA (KSORS), apparently didn’t think it was an urgent problem. It wasn’t until 2019 that she appears to have considered — but then, after asking Russian Ambassador Anatoly Antonov for guidance, decided not to — register under FARA.

b. On or about December 10, 2019, BRANSON received an email indicating that BRANSON had requested a new FARA “eFile” account.21 That day, a member of the FARA Unit emailed the Branson RCNY Account with an eFile account number and temporary password to log in to the FARA eFile system. Later that day, a user logged in to the FARA eFile system using that account number and temporary password, and entered the registration name “Russian Center, Inc.” and the RCNY Office as the address. The user did not submit a FARA registration for the account. A user then accessed the account again on or about December 11, 2019, but, again, the individual did not submit a FARA registration. The internet protocol addresses connected to both log-ins of this account resolve to the same zip code as the RCNY Office.

c. On or about December 26, 2019, BRANSON emailed the Embassy Email Account. In the cover email, BRANSON wrote, in part, “[A] letter is in the attachment. Respectfully, Elena.” In the attached letter, BRANSON wrote, in part, that she had been asked questions from “compatriots” about “whether it is necessary to register their public organizations as a foreign agent.” BRANSON further wrote “[t]hese questions began to arise after the arrest of Maria Butina in Washington in July 2018 on charges of working as a foreign agent in the United States without registration.” BRANSON concluded the letter by asking the Embassy to advise such Russian compatriot groups, writing, “I am asking you to provide legal advice regarding registration as a foreign agent . . . for public organizations of Russian compatriots in the United States.” The letter was addressed to Ambassador-1.

Branson’s failure to register lies at the core of a 6-count complaint unveiled by SDNY yesterday, charging Branson in several conspiracies, under both FARA and 18 USC 951, as well as for visa fraud.

Branson won’t be arrested off this complaint. She’s long gone.

A month after the FBI interviewed her and searched her office in September 2020, she fled the country. Not long after Biden was inaugurated, Branson sold her NYC apartment.

During this investigation, the FBI has, among other things, executed judicially authorized search warrants for (i) approximately eight of BRANSON’s electronic accounts (the “Branson Accounts”3); (ii) the RCNY office (which was also BRANSON’s residence) in Manhattan, New York (the “RCNY Office”); and (iii) BRANSON’s person, for all electronics and other materials in her possession at the time of the search. From the RCNY Office and the search of BRANSON’s person, the FBI recovered a total of approximately 34 electronic devices (the “Branson Electronics”), including approximately 11 cellular phones. The FBI also conducted a voluntary interview of BRANSON on the same day as the search of the RCNY Office (the “Branson Interview”) and has interviewed other individuals living in the United States in connection with the investigation.

The searches of the RCNY Office (the “RCNY Search”) and BRANSON’s person, as well as the Branson Interview, took place on or about September 29, 2020. BRANSON flew to Moscow, Russia, on or about October 20, 2020, and BRANSON does not appear to have returned to the United States since that date. In or about March 2021, BRANSON sold the RCNY Office, which had been her residence in New York City. During in or about October and November 2020, BRANSON’s then boyfriend 9 (“Boyfriend-1”) wired approximately $197,000 to two of BRANSON’s bank accounts at Russian banks.4 On or about October 15, 2021, RT, formerly known as Russia Today, a Russian state-controlled television station, published an interview conducted by Maria Butina5 of BRANSON. During this interview, BRANSON told Butina, in substance and in part, that BRANSON left the United States for Moscow approximately one month after the Branson Interview because BRANSON was “scared” and thought the “probability was very high” that she would be arrested if she stayed in the United States.6

3 The Branson Accounts include four email accounts and four social media accounts, including BRANSON’s Facebook account (the “Branson Facebook Account”).

So Branson will only be arrested if she decides to flee Putin’s increasingly totalitarian regime.

Unlike the prosecution of Jack Hanick, then, whose indictment may have been timed to tolling statutes of limitation last November and in which the US is working on getting him extradited from the UK, this complaint seems to be more about messaging in the wake of the Russian invasion of Ukraine.

As a messaging vehicle, it shows how Russia has committed to the “consolidation” of Russian diaspora, cultivating a Russian identity that can be used to mobilize political pressure (and, in Ukraine and the Baltics, justifications for imperialism).

In or about November 2015, Lavrov published an article titled “Russian World: Steering Towards Consolidation.” In this article, Lavrov wrote, in part, “The provision of support to the Russian world is an unconditional foreign-policy priority for Russia, as formalized by Russia’s Foreign Policy Concept. . . . Over the years, we have managed to elevate our work in this area to an entirely new level and to create effective cooperation mechanisms in close contact with representatives of foreign communities.”

Some of Branson’s activities are mundane cultural exchanges paid for by Russian government entities. Some sprinkle the names of likely spies or handlers in the description.

Perhaps most interesting, the complaint provides an interesting addition to this passage from the Mueller Report.

Later [on November 9, 2016, the day after Trump’s victory, Kirill] Dmitriev flew to New York, where Peskov was separately traveling to attend the chess tournament. 1020 Dmitriev invited Nader to the opening of the tournament and noted that, if there was “a chance to see anyone key from Trump camp,” he “would love to start building for the future.” 1021 Dmitriev also asked Nader to invite Kushner to the event so that he (Dmitriev) could meet him. 1022 Nader did not pass along Dmitriev’s invitation to anyone connected with the incoming Administration. 1023 Although one World Chess Federation official recalled hearing from an attendee that President-Elect Trump had stopped by the tournament, the investigation did not establish that Trump or any Campaign or Transition Team official attended the event. 1024 And the President’s written answers denied that he had. 1025

The complaint describes how Branson had been instructed to arrange a meeting with Trump or Ivanka in March 2016, around the same time Russia was hacking John Podesta, though the complaint is remarkably coy about whether Branson ever sent her draft letter to Trump Organization (and if so, whether it was among the documents showing direct ties to Russia that Trump Organization withheld from Mueller’s inquiry and SSCI).

In or about March 2016, BRANSON exchanged a series of emails with Minister-2. During these messages, in part, Minister-2 asked BRANSON to organize a meeting with CC-2 and the now-former President of the United States, who was then a candidate for the Republican presidential nomination, or his daughter, in New York. On or about March 23, 2016, BRANSON received an email from Minister-2 with the subject line “additional meetings of [CC-2].” The email stated, in part, that the author was requesting BRANSON’s assistance in organizing meetings for CC-2 with “the management” of certain specified U.S. companies. On or about March 16, 2016, BRANSON sent an individual, who was then-chair of KSORS, a draft letter addressed to the now-former President, inviting him to the Russia Forum New York in April 2016 and suggesting that if his “busy schedule will not permit your attending our forum, perhaps you can suggest one of your children . . . who have followed in your footsteps.” The draft invitation included BRANSON’s name and contact information in the signature block. There is no indication that the now-former President or his children attended the referenced meeting.

Branson’s complaint describes what would be a second attempt to get Trump to attend the Chess Championship, in addition to Kirill’s attempt to extend an invite through George Nader. Branson sent her invite to an unnamed Trump Advisor.

BRANSON also attempted to arrange meetings for Russian officials at the 2016 World Chess Championship, which was held in Manhattan, New York:

1. On or about November 9, 2016, CC-6 emailed BRANSON with the subject line “Chess business.” CC-6 wrote to BRANSON, in part, “as discussed we will try to get Kirsan online after tomorrow’s official press-conference is over around noon at Fulton Street Market Building, South Street Seaport NY[.]”20 On or about that same day, BRANSON responded to CC-6 and wrote “[CC-6], good evening! I can bring the ipad for a Skype session. I will contact the media. Need them at noon?”

2. On or about November 10, 2016, BRANSON emailed an advisor to the now-former President of the United States (“Advisor-1”), expressing congratulations for their victory in the presidential election and attaching an invitation to the World Chess Championship addressed to the then-President- elect. The invitation was signed by “President of the International Chess Federation (FIDE-FIDE).” There is no indication that the now-former President attended the referenced event.

3. On or about November 11, 2016, BRANSON was photographed at the World Chess Championship with CC-6 and a second individual who I recognize, based on my review of publicly available photographs, to be the current Press Secretary for Russian President Vladimir Putin.

20 Based on my training and experience, including my review of publicly available material, I have learned that Kirsan Ilyumzhinov is the former President of the Republic of Kalmykia in the Russian Federation and the former president of FIDE, the International Chess Federation. I have further learned that, on or about November 25, 2015, the United States Department of the Treasury designated Ilyumzhinov as a Specially Designated National for his involvement with the Government of Syria and related entities.

Here, the complaint reiterates the Mueller conclusion: there’s no evidence Trump attended the event. But it does raise questions about the completeness of the response Trump offered to Mueller’s questions, pertaining to whether Trump was asked to attend.

Were you asked to attend the World Chess Championship gala on November 10, 2016? If yes, who asked you to attend, when were you asked, and what were you told about about [sic] why your presence was requested? 1. Did you attend any part of the event? If yes, describe any interactions you had with any Russians or representatives of the Russian government at the event.

Were you asked to attend the World Chess Championship gala on November 10, 2016? If yes, who asked you to attend, when were you asked, and what were you told about about [sic] why your presence was requested? 1. Did you attend any part of the event? If yes, describe any interactions you had with any Russians or representatives of the Russian government at the event.

Response to Question V, Part (a)

I do not remember having been asked to attend the World Chess Championship gala, and I did not attend the event. During the course of preparing to respond to these questions, I have become aware of documents indicating that in March of 2016, the president of the World Chess Federation invited the Trump Organization to host, at Trump Tower, the 2016 World Chess Championship Match to be held in New York in November 2016. I have also become aware that in November 2016, there were press inquiries to my staff regarding whether I had plans to attend the tournament, which was not being held at Trump Tower. I understand these documents have already been provided to you.

Trump describes a March 2016 discussion about hosting the event and November press inquiries about whether he would attend it. But there’s no mention of a November 2016 invitation asking him to attend.

Yet the Branson complaint suggests there would have been an invitation to Trump, signed by the sanctioned Kirsan Ilyumzhinov, sent through an unnamed advisor. His response reflects only earlier (in March) communications about the chess championship, not anything sent on November 10 bearing Ilyumzhinov’s signature.

This is a signaling complaint, one that likely won’t lead to anyone’s arrest. But it should raise more questions about Donald Trump’s candor with Mueller back in 2018.

And we should expect more of the same. On Twitter, Brandon Van Grack, who would have been involved in Branson’s investigation when he ran the National Security Division’s FARA office and likely knows what else might be in the pipeline, suggested there’s probably more of the same to come.

Share this entry