In Monday’s hearing, Devin Nunes asked Jim Comey for reassurances that if anyone — including a member of the public — brought allegations of Russian attempts to infiltrate the Hillary campaign to the FBI, the FBI would expand the investigation to include those efforts as well.

NUNES:Director Comey, you announced this morning that there’ll be an investigation into Trump associates possible and President Trump and anyone around the campaign and any association with the Russian government.

If this committee or anyone else for that matter, someone from the public, comes with information to you about the Hillary Clinton campaign or their associates or someone from the Clinton Foundation, will you add that to your investigation? They have ties to Russian intelligence services, Russian agents, would that be something of interest to you?

COMEY: People bring us information about what they think is improper unlawful activity of any kind, we will evaluate it. Not just in — not just in this context. Folks send us stuff all the time. They should keep going that.

NUNES: Do you think it’s possible that the Russians would not be trying to infiltrate Hillary Clinton’s campaign, get information on Hillary Clinton and try to get to people that are around that campaign or the Clinton Foundation?

COMEY: I’m not prepared to comment about the particular campaigns but the Russians in general are always trying to understand who the future leaders might be and what levers of influence there might be on them.

NUNES: I just hope that if — if information does surface about the other campaigns, not even just Hillary Clinton’s but any other campaigns, that you would take that serious also if the Russians were trying to infiltrate those campaigns around them.

COMEY: Of course we would.

Yesterday, Politico reported that the RNC paid an intelligence firm that employs a former KGB officer dig up dirt on Hillary.

The payments attracted attention in political and intelligence circles, largely because the Virginia-based firm, Hamilton Trading Group, had particular expertise in Russia, which was emerging as a major campaign issue at the time.

RNC officials and the president and co-founder of Hamilton Trading Group, an ex-CIA officer named Ben Wickham, insisted the payments, which eventually totaled $41,500, had nothing to do with Russia.

[snip]

But RNC officials now acknowledge that most of the cash — $34,100 — went towards intelligence-style reports that sought to prove conflicts of interest between Democratic presidential candidate Hillary Clinton’s tenure as Secretary of State and her family’s foundation.

The firm produced two dossiers that tried to make the case that Clinton intervened in Bulgaria and Israel, respectively, on behalf of energy companies that had donated to the Clinton Foundation, according to people briefed on the reports.

The oppo firm’s story has been evolving, but thus far, it seems that the former KGB officer, Gennady Vasilenko, did not work on the Hillary project. That said, remember that the Christopher Steele dossier (which is effectively the Clinton counterpart to this oppo project) indicated that Russia held compromising information on Hillary. We don’t know if that was included in the earlier reports shared with Steele’s first, Republican client. If it was, I could imagine the RNC trying to replicate the same information via a different source.

Meanwhile, serial fabulist oppo hit man Jerome Corsi has a piece at Infowars purporting to explain Roger Stone’s August 21, 2016 tweet stating “it would soon be Podesta’s time in the barrel.” Corsi includes two reports from last summer — one done by Government Accountability Institute and another by himself in response to the Paul Manafort allegations — alleging ties between Hillary and Podesta and Russia.

When this article was published, I suggested to Roger Stone that the attack over Manafort’s ties to Russia needed to be countered.

My plan was to publicize the Government Accountability Institute’s report, “From Russia With Money,” that documented how Putin paid substantial sums of money to both Hillary Clinton and John Podesta.

Putin must have wanted Hillary to win in 2016, if only because Russian under-the-table cash payments to the Clintons and to Podesta would have made blackmailing her as president easy.

On Aug. 14, 2016, I began researching for Roger Stone a memo that I entitled “Podesta.”

I completed that memo on Aug. 31, 2016, and is embedded here in its entirety.

It’s not clear Corsi’s explanation works to absolve Stone: while the earlier (July 31) report does focus on John Podesta, Corsi’s August 31 report focuses primarily on John’s brother Tony.

But it does dig out these Russian allegations just after Nunes raised the possibility private citizens might provide FBI with evidence implicating the Hillary campaign.

I’d say this is all ridiculous, and within the counterintelligence department it probably is, but remember that similar allegations from Steve Bannon got the NY office of the FBI chasing after the Clinton Foundation for months and months.

Jim Comey’s statement confirming an investigation including the Trump campaign on Monday said the following:

I have been authorized by the Department of Justice to confirm that the FBI, as part of our counterintelligence mission, is investigating the Russian government’s efforts to interfere in the 2016 presidential election, and that includes investigating the nature of any links between individuals associated with the Trump campaign and the Russian government and whether there was any coordination between the campaign and Russia’s efforts. As with any counterintelligence investigation, this will also include an assessment of whether any crimes were committed. [my emphasis]

In spite of that careful, pre-approved word choice, “coordination,” members of Congress in the hearing, as well as the press both before and after the hearing, have used the term “collusion.”

But Comey made it clear much later in the hearing that the term coordination was deliberate. Mike Quigley asked for more details about how the FBI might find collusion with a foreign power. Comey corrected him, stating that he was investigating whether there had been coordination.

Collusion is not a legal term. It is not one I have used today. I said we are investigating to see if there is any coordination between people associated with the campaign–

I think — though the lawyers should correct me if I’m wrong — this suggests the FBI is thinking in terms of conspiracy.

That, along with Comey’s focus on knowing coordination, may put things like Roger Stone’s interactions in the limelight — though the case that Guccifer 2.0 is a Russian cut-out is and always has been one of the weakest parts of the public case against Russia, and even top intelligence community people stop short of calling Wikileaks a Russian cut-out (meaning Stone would be able to deny knowingly working with Russians).

It does, however, put the events surrounding the release of Podesta’s emails on October 7 in interesting light, though the lefty case on that is neither the best case for that period, nor does it account for all the details that would be of interest.

WikiLeaks has released the second in what they promise to be many further releases of CIA hacking tools it calls Vault 7. This release, which it dubs Dark Matter, consists of just 12 documents, which means (if WikiLkeak’s past claims about how big this leak is are true) the releases could go on forever.

As Motherboard lays out, the tools that got released are old — they date from 2008 to 2013.

While the documents are somewhat dated at this point, they show how the CIA was perhaps ahead of the curve in finding new ways to hacking and compromising Macs, according to Pedro Vilaca, a security researcher who’s been studying Apple computers for years.

Judging from the documents, Vilaca told Motherboard in an online chat, it “looks like CIA were very early adopters of attacks on EFI.”

“It looks like CIA is very interested in Mac/iOS targets, which makes sense since high value targets like to use [those],” Vilaca told me. “Also interesting the lag between their tools and public research. Of course there’s always unpublished research but cool to see them ahead.”

But — because I’m as interested in how Wikileaks is releasing these tools as I am in what it is releasing — it appears that WL may be sitting on more recent documents related to compromising Apple products. WL’s press release describes other Vault 7 documents, plural, that refer to more recent versions of a tool designed to attack MacBook Airs. But it includes just one of those more recent documents in this dump.

While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

That seems to suggest that there are other, more current Apple tools in WikiLeaks’ possession besides the one developmental document linked. If so it raises the same questions I raised here: is it doing so as a pose of responsible release, withholding the active exploits until Apple can fix them? Or is it withholding the best tools for its own purposes, potentially its own or others’ use? Or, given this account, perhaps Wikileaks is playing a game of chicken with the CIA, seeing whether CIA will self-disclose the newer, still unreleased exploits before Wikileaks posts them. Thus far, neither side is being forthcoming with affected tech companies, if public reports are to be believed.

In either case, I’m just as interested in what Wikileaks is doing with the files it is sitting on as I am the dated ones that have been released.

Update: In his presser the other day, Julian Assange did provide a list of tech companies he had reached out to.

In his March 23 press conference, Assange offered the following timeline relating to WikiLeaks’ communications with technology firms:

• March 12: WikiLeaks reached out to Apple, Google, Microsoft and Mozilla.

• March 12: Mozilla replied to WikiLeaks, agreeing to its terms. The aforementioned Cisco engineer also reached out.

• March 13: Google “acknowledged receipt of our initial approach but didn’t address the terms,” Assange said.

• March 15: MikroTek contacted WikiLeaks; it makes a controller that’s widely used in VoIP equipment.

• March 17: Mozilla replied, asked for more files.

• March 18: WikiLeaks told Mozilla it’s looking for the information.

• March 20: First contact from Microsoft “not agreeing to the standard terms, but pointing to their standard procedures,” Assange said, including providing a PGP email key. Google also replied the same day, pointing to their standard procedures, and including a PGP email key.

One of the things that drives me nuts about the obsessive focus on Russia right now is the claim that Vladimir Putin is the biggest risk to America, to the EU, to western civilization. That claim ignores that — to the extent Putin is engaged in policies to maximize his advantage vis a vis American hegemony right now — the opportunity to do so has been created by the failure of American hegemony. The biggest threats to the EU, for example, stem from the idiotic policies “technocrats” enacted after America crashed the global economy and a refugee crisis caused, in part, by the chaos America has sown in the Middle East over the last 15 years (and to some degree manipulated by “allies” like Turkey). Sure, Putin is making the most of the American failures, but the underlying causes that make right wing populists popular, here and in Europe, can be significantly blamed on America. Significantly, that’s about a failure of the policies dictated by American ideology to deliver on what it promises — peace, democracy, prosperity.

Which brings me to this passage from a WSJ article on the latest installment of Anne Case and Angus Deaton’s documentation of a big spike in mortality among white people in America.

“For many Americans, America is starting to fail as a country,” said James Smith, chair in labor markets and demographic research at the Rand Corp., who wasn’t involved in the paper and said he was struck that mortality rates are rising for young working-class adults. “The bad things that are going on in America do not appear to be going on in Western European countries, and that’s a big deal.”

The spike in mortality, Case argues, is not about existing life conditions, but rather about “accumulating despair.”

The increase in mortality rate for working-class whites can’t be explained by declining income prospects alone. Blacks and Hispanics face many of the same income struggles but have experienced declines in mortality over the same period, the two economists argued, though their findings reveal more recent troubles for blacks, with gains stagnating the past couple of years amid an increase in drug overdoses and stalling progress against heart disease.

“This doesn’t seem to be about current income,” Ms. Case said in a call with reporters. “It seems to be about accumulating despair.”

The rising mortality of working-class white adults appears to be rooted both in worse job opportunities and increasing social dysfunction, following generations of relatively stable lives that involved job advancement and an expectation of living better than one’s parents, the researchers said.

As a number of people have noted, both today and after earlier releases of Case and Deaton’s data, one of the few precedents for such a spike is the rise in mortality in Russia leading up to and after the fall of the Soviet Union. Addiction and other despair-related health problems were significant in both.

Which got me wondering: to the extent this is driven by a failure in ideology — by the failure of the American dream — which comes first, the failed ideology or the rising mortality rates? That is, are people dying of despair in response to the recognition the American dream doesn’t deliver for people like them anymore (which, it should be said, has always involved white Americans benefitting from the unequal treatment of brown people both in the US and around the globe)? Or did a worsening lifestyle lead to a spike in mortality that has contributed to despair and the collapse of ideology?

I don’t know the answer — and admit it might be more closely tied to policy outcomes than ideology. But as we try to figure it out, we ought to be focusing at least as much on how to roll out life and meaning that can sustain Americans again as we are on blaming Putin for our recent failures to do that.

I did four — count them! four! — interviews on the Russian hearing yesterday. And one thing I realized over the course of the interviews is that people were far more impressed with Adam Schiff’s opening speech than they should have been.

I want to look closely at this passage which — if it were accurate — would be a tight little presentation of quid pro quo tied to the change of platform at the July 18-21, 2016 RNC. But it’s not. I’ve bolded the two claims that are most problematic, though the presentation as a whole is misleading.

In early July, Carter Page, someone candidate Trump identified as one of his national security advisors, travels to Moscow on a trip approved by the Trump campaign. While in Moscow, he gives a speech critical of the United States and other western countries for what he believes is a hypocritical focus on democratization and efforts to fight corruption.

According to Christopher Steele, a former British intelligence officer who is reportedly held in high regard by U.S. Intelligence, Russian sources tell him that Page has also had a secret meeting with Igor Sechin (SEH-CHIN), CEO of Russian gas giant Rosneft. Sechin is reported to be a former KGB agent and close friend of Putin’s. According to Steele’s Russian sources, Page is offered brokerage fees by Sechin on a deal involving a 19 percent share of the company. According to Reuters, the sale of a 19.5 percent share in Rosneft later takes place, with unknown purchasers and unknown brokerage fees.

Also, according to Steele’s Russian sources, the Trump campaign is offered documents damaging to Hillary Clinton, which the Russians would publish through an outlet that gives them deniability, like Wikileaks. The hacked documents would be in exchange for a Trump Administration policy that de-emphasizes Russia’s invasion of Ukraine and instead focuses on criticizing NATO countries for not paying their fare share – policies which, even as recently as the President’s meeting last week with Angela Merkel, have now presciently come to pass.

In the middle of July, Paul Manafort, the Trump campaign manager and someone who was long on the payroll of Pro-Russian Ukrainian interests, attends the Republican Party convention. Carter Page, back from Moscow, also attends the convention. According to Steele, it was Manafort who chose Page to serve as a go-between for the Trump campaign and Russian interests. Ambassador Kislyak, who presides over a Russian embassy in which diplomatic personnel would later be expelled as likely spies, also attends the Republican Party convention and meets with Carter Page and additional Trump Advisors JD Gordon and Walid Phares. It was JD Gordon who approved Page’s trip to Moscow. Ambassador Kislyak also meets with Trump campaign national security chair and now Attorney General Jeff Sessions. Sessions would later deny meeting with Russian officials during his Senate confirmation hearing.

Just prior to the convention, the Republican Party platform is changed, removing a section that supports the provision of “lethal defensive weapons” to Ukraine, an action that would be contrary to Russian interests. Manafort categorically denies involvement by the Trump campaign in altering the platform. But the Republican Party delegate who offered the language in support of providing defensive weapons to Ukraine states that it was removed at the insistence of the Trump campaign. Later, JD Gordon admits opposing the inclusion of the provision at the time it was being debated and prior to its being removed.

Later in July, and after the convention, the first stolen emails detrimental to Hillary Clinton appear on Wikileaks. A hacker who goes by the moniker Guccifer 2.0 claims responsibility for hacking the DNC and giving the documents to Wikileaks. But leading private cyber security firms including CrowdStrike, Mandiant, and ThreatConnect review the evidence of the hack and conclude with high certainty that it was the work of APT28 and APT29, who were known to be Russian intelligence services. The U.S. Intelligence community also later confirms that the documents were in fact stolen by Russian intelligence and Guccifer 2.0 acted as a front. [emphasis on most problematic claims mine]

What Schiff tries to do here is suggest that the Russians offered Trump kompromat on Hillary, Trump’s team changed the GOP platform, and then in response the Russians started releasing the DNC emails through Wikileaks.

Later in the hearing, several Republicans disputed the nature of the change in the platform. Both in and outside of the hearing, Republicans have noted that the changed platform matched the policy in place by the Obama Administration at the time: to help Ukraine, but stop short of arming them. All that said, the story on this has clearly changed. The change in the platform clearly shows the influence of Russophiles moving the party away from its hawkish stance, but it’s not enough, in my opinion, to sustain the claims of quid pro quo. [Update: One of the outside the hearing arguments that the platform was not weakened is this Byron York piece b linked, which argues the platform actually got more anti-Russian.]

The bigger problem with Schiff’s neat narrative is the way it obscures the timeline of events, putting the release of DNC emails after the change in platform. That is true with regards to the Wikileaks release, but not the Guccifer 2 release, which preceded the platform change.  Moreover, the references in Steele’s dossier Schiff invokes are not so clear cut — the dossier alleges Russia offered kompromat on Hillary unrelated to the stolen emails before any discussion of the Wikileaks emails. I’ve put what Schiff’s timeline would look like if it were not aiming to play up the quid pro quo of the RNC below (note this timeline doesn’t include all Steele reports, just those specifically on point; see also this site for a comprehensive Guccifer related timeline). It shows several things:

• The changes to the platform preceded the meetings with Sergey Kislyak. Indeed, the first public report on the change in platform even preceded the Kislyak meetings by a day.
• The stolen documents began to be released well before the platform got changed.
• The early Steele report on discussions of sharing a dossier of kompromat on Hillary pertains to a dossier dating back decades (even though these reports all post-date the first Guccifer releases, so could have included a discussion of hacked materials). The first explicit reference to the DNC hack comes after Wikileaks started releasing documents (and earlier reports which ought to include such references don’t).
• The later Steele report tying the Wikileaks release to a change in policy came after the policy had already changed and documents had already been released.
• The alleged quid pro quo tied to the early July Carter Page meeting was for the lifting of sanctions, not the shift on NATO and Ukraine; the Steele dossier describes the latter as the quid pro quo in exchange for the Wikileaks release only after the emails start coming out from Wikileaks.

Also note: the report that first ties Wikileaks (but not Guccifer) to a quid pro quo is one of the reports that made me raise questions about the provenance of the report as we received it.

This is not lethal for the argument that the Trump campaign delivered on a quid pro quo. For example, if there was extensive coordination, Trump could have changed his policy in March after learning that the Russian military intelligence hack — the one allegedly designed to collect documents to leak — had started. Or perhaps the Guccifer leaks were a down-payment on the full batch. But there’s no evidence of either.

In any case, the narrative, as laid out by Adam Schiff, doesn’t hold together on several points. Trump’s team has not yet delivered on the quid pro quo allegedly tied to the Rosneft brokerage fees that were paid to someone (it’s not public whom) in December — that is, the lifting of sanctions. As laid out here, the descriptions of an offer of a dossier of information on Hillary prior to the Republican platform pertained to stuff going back decades, not explicitly to Wikileaks; the shift of discussion to Wikileaks only came after the emails had already appeared and any Ukraine related policy changes had already been made.

There’s plenty of smoke surrounding Trump and his associates. It doesn’t require fudging the timeline in order to make it appear like a full quid pro quo (and given Jim Comey’s reliance on “coordination” rather than “collusion” in Monday’s discussion, it’s not even clear such quid pro quo would be necessary for a conspiracy charge). Adam Schiff can and should be more careful about this evidence in future public hearings.

Update: Given how remarkably late the references to the stolen emails are in the dossier, I’m linking this post showing how later entries included a feedback loop.

March 19: John Podesta phished (DNC compromise generally understood to date to same time period).

March 31: Trump reportedly embraces pro-Russian stance in foreign policy meeting with advisors.

April 19th: DCLeaks.com registered.

June 8th: DCLeaks.com posts leaks (from post dates).

June 13th: First archived record of DCLeaks posts.

June 15: Crowdstrike report names Russia in DNC hack, first Guccifer 2.0 releases via TSG and Gawker.

June 18: Guccifer releases at WordPress site.

June 20: Steele report presents obviously conflicting information on exchanging intelligence with Trump. A senior Russian Foreign Ministry figure said “the Kremlin had been feeding TRUMP and his team valuable intelligence on his opponents, including … Hillary CLINTON, for several years.” A former top level intelligence officer still active in the Kremlin stated that the Kremlin had been collating a dossier on Hillary, “for many years, dating back to her husband Bill’s presidency, and comprised mainly eavesdropped conversations of various sorts. … Some of the conversations were from bugged comments CLINTON had made on her various trips to Russia and focused on things she had said which contradicted her current position on various issues.” A senior Kremlin official, however, said that the dossier “had not as yet been made available abroad, including to TRUMP or his campaign team.”

July 7-8: Carter Page in Moscow. Allegedly (per later Steele dossier reports) he is offered brokerage fees for the sale of a stake in Rosneft in exchange for ending sanctions on Russia.

July 11-12: Platform drafted.

July 18-21: RNC.

July 18: First report of changes to platform.

July 19: Sergey Kislyak meets numerous Trump associates after a Heritage sponsored Jeff Sessions talk.

July 19: Steele report provides first details of Carter Page meeting in Russia during which Divyekin raises “a dossier of ‘kompromat’ the Kremlin possessed on TRUMP’s Democratic presidential rival, Hillary CLINTON, and its possible release to the Republican’s campaign team.” In context (especially because the same report also warns Trump of kompromat Russia holds on him), this seems to be the dossier going back years also mentioned in the June 20 report, not Wikileaks emails. Certainly no explicit mention of Wikileaks or the hack appears in the report, even though the report is based off July reporting that post-date the first Guccifer 2.0 leaks.

July 22: Wikileaks starts releasing DNC emails.

July 26: Steele report describing conversations from June describes Russian hacking efforts in terms already publicly known to be false. For example, the report claims FSB had not yet had success penetrating American or other “first tier” targets. FSB had success hacking American targets the previous year, including the DNC. This report includes no discussion of the DNC hack or Wikileaks.

Undated July, probably because of report number between July 26 and 30: An “ethnic Russian close associate of Republican US presidential candidate Donald TRUMP” includes the first reference to the DNC hack and WikiLeaks:

[T]he Russian regime had been behind the recent leak of embarrassing e-mail messages, emanating from the Democratic National Committee (DNC) to the Wikileaks platform. The reason for using WikiLeaks was “plausible deniability” and the operation had been conducted with the full knowledge and support of TRUMP and senior members of his campaign team. In return the TRUMP team had agreed to sideline Russian intervention in Ukraine as a campaign issue and to raise US/NATO defence commitments in the Baltics and Eastern Europe to deflect attention away from Ukraine, a priority for PUTIN who needed to cauterise the subject.

July 30: A Russian emigre close to Trump describes concern in the campaign about the DNC email fallout. This report mentions that the Kremlin “had more intelligence on CLINTON and her campaign but he did not know the details or when or if it would be released.” In context, it is unclear whether this refers to stolen documents, though the reference to the campaign suggests that is likely.

August 5: Steele report describes Russian interference as a botched operation, discusses wishful thinking of Trump withdrawing.

August 10: Steele report discusses the “impact and results of Kremlin intervention in the US presidential election to date” claiming Russia’s role in the DNC hack was “technically deniable.” This report conflicts in some ways with the August 5 report, specifically with regards to the perceived success of the operation.

September 14: Steele report referencing kompromat on Hillary clearly in context of further emails.

October 18: More detailed Steele report account of Carter Page meeting, including date. It asserts that “although PAGE had not stated it explicitly to SECHIN, he had clearly implied that in terms of his comment on TRUMP’s intention to lift Russian sanctions if elected president, he was speaking with the Republican candidate’s authority.”

October 19: More Steele report accounting of Michael Cohen’s August attempts to clean up after Manafort and Page.

As I laid out here, Trey Gowdy spent much of Monday’s Russia hearing talking about how, if someone reveals details of FISA collection, that person has violated sacred trust and also committed felonious leaking. House Intelligence Chair Devin Nunes was present for some, if not all of Gowdy’s tirade.

Yet that didn’t stop Nunes from engaging in precisely the kind of felonious leaking that Gowdy claims violates that sacred trust. At a press conference today, Nunes gave the following statement:

At our open hearing on Monday, I encouraged anyone who has information about relevant topics—including surveillance on President-elect Trump or his transition team—to come forward and speak to the House Intelligence Committee. I also said that, while there was not a physical wiretap of Trump Tower, I was concerned that other surveillance activities were used against President Trump and his associates.

• I recently confirmed that, on numerous occasions, the Intelligence Community incidentally collected information about U.S. citizens involved in the Trump transition.
• Details about U.S. persons associated with the incoming administration—details with little or no apparent foreign intelligence value—were widely disseminated in intelligence community reporting.
• I have confirmed that additional names of Trump transition team members were unmasked.
• To be clear, none of this surveillance was related to Russia or any investigation of Russian activities or of the Trump team.

The House Intelligence Committee will thoroughly investigate this surveillance and its subsequent dissemination to determine:

• Who was aware of it
• Why it was not disclosed to Congress
• Who requested and authorized the additional unmasking
• Whether anyone directed the intelligence community to focus on Trump associates; and
• Whether any laws, regulations, or procedures were violated

I’ve asked the Directors of the FBI, NSA, and CIA to expeditiously comply with my March 15 letter, and to provide a full account of these surveillance activities. I informed Speaker Ryan this morning of this new information, and I will be going to the White House this afternoon to share what I know with the President.

Nunes went on to say this was normal incidental collection, possibly including Trump’s communications. He said it was all obtained legally. He said the communications were collected in November, December, and January. He stated he was unsure whether these were wiretapped phone calls, or something else. He wondered why the identities of Trump people were unmasked (though his later statements suggested it may have been circulated in raw form) and said “it bothers me that that would have any foreign intelligence value whatsoever.”

Nunes said he saw dozens of reports and that the information he saw has nothing to do with Russia or the Russia investigation, or any discussions with Russians.

Nunes then said he was headed to the White House to tell Trump which, if there is any legal interest in any of these intercepts (as there might be if they pertained to Mike Flynn’s communications with Turkey, for example), then Nunes just committed obstruction of justice.

“It’s all classified information,” Nunes explained.

And Nunes so lacks any self-awareness, he seemed completely oblivious to the ways he had violated everything the Republicans were wailing about on Monday.

The presser ended with this exchange, which may totally upend the debate over Section 702 reauthorization this year:

Reporter 1: Do you think right now the NSA — or a member of the intelligence community — was spying on Trump during the transition period?

Nunes: Well, I guess it all  depends on one’s definition of spying. Clearly it bothers me enough, I’m not comfortable with it.

Reporter 2: But you think he might have been spied on?

Nunes: I’m not going to get into legal definitions here, but clearly I have a concern.

As expected, much of today’s hearing on the Russian hack consisted of members of Congress — from both parties — posturing for the camera.

At first, it seemed that the Republican line of posturing — complaining about the leak that exposed Mike Flynn’s conversations with Ambassador Sergey Kislyak — tracked Donald Trump’s preferred approach, to turn this into a witch hunt for the leakers.

But it was actually more subtle than that. It appears Republicans believe the leaks about Flynn have (finally) made Congress skittish about incidental collection of US person communications as part of FISA collection. And so both Tom Rooney and Trey Gowdy spent much of their early hearing slots discussing how much more difficult the leak of Flynn’s name will make Section 702 reauthorization later this year. In the process, they should have created new fears about how painfully ignorant the people supposedly overseeing FISA are.

Rooney, who heads the subcommittee with oversight over NSA, started by quizzing Mike Rogers about the process by which a masked US person identity can be disclosed. Along the way, it became clear Rooney was talking about Section 702 reauthorization even while he was talking traditional FISA collection, which doesn’t lapse this year.

Rooney: If what we’re talking about is a serious crime, as has been alleged, in your opinion would leaking of a US person who has been unmasked and disseminated by intelligence community officials, would that leaking hurt or help our ability to conduct national security.

Rogers: Hurt.

Rooney: Ok, if it hurts, this leak, which through the 702 tool, which we all agree is vital–or you and I at least agree to that–do you think that that leak actually threatens our national security. If it’s a crime, and if it unmasks a US person, and this tool is so important it could potentially jeopardize this tool when we have to try to reauthorize it in a few months, if this is used against our ability to reauthorize this tool, and we can’t get it done because whoever did this leak, or these nine people that did this leak, create such a stir, whether it be in our legislative process or whatever, that they don’t feel confident a US person, under the 702 program, can be masked, successfully, and not leaked to the press, doesn’t that hurt–that leak–hurt our national security.

Eventually Admiral Rogers broke in to explain to his congressional overseer very basic facts about surveillance, including that Flynn was not and could not have been surveilled under Section 702.

Rogers: FISA collection on targets in the United States has nothing to do with 702, I just want to make sure we’re not confusing the two things here. 702 is collection overseas against non US persons.

Rooney: Right. And what we’re talking about here is incidentally, if a US person is talking to a foreign person that we’re listening to whether or not that person is unmasked.

Nevertheless, Rooney made it very clear he’s very concerned about how much harder the Flynn leak will make it for people like him to convince colleagues to reauthorize Section 702, which is even more of a privacy concern than traditional FISA.

Rooney: But it’s really going to hurt the people on this committee and you in the intelligence community when we try to retain this tool this year and try to convince some of our colleagues that this is really important for national security when somebody in the intelligence community says, you know what the hell with it, I’m gonna release this person’s name, because I’m gonna get something out of it. We’re all gonna be hurt by that. If we can’t reauthorize this tool. Do you agree with that?

A little later, Trey Gowdy got his second chance to complain about the leak. Referencing Rogers’ earlier explanation that only 20 people at NSA can unmask a US person identity, Gowdy tried to figure out how many at FBI could, arguing (this is stunning idiocy here) that by finding a finite number of FBI officials who could unmask US person identities might help assuage concerns about potential leaks of US persons caught in FISA surveillance.

Comey: I don’t know for sure as I sit here. Surely more, given the nature of the FBI’s work. We come into contact with US persons a whole lot more than the NSA does because we may be conducting — we only conduct our operations in the United States to collect electronic surveillance. I can find out the exact number. I don’t know it as I sit here.

Gowdy: I think Director Comey given the fact that you and I agree that this is critical, vital, indispensable. A similar program is coming up for reauthorization this fall with a pretty strong head wind right now, it would be nice to know the universe of people who have the power to unmask a US citizen’s name. Cause that might provide something of a road map to investigate who might have actually disseminated a masked US citizen’s name.

Here’s why this line of questioning from Gowdy is unbelievably idiotic. Both for traditional FISA, like the intercept targeting Kislyak that caught Flynn, and for Section 702, masking and unmasking identities at FBI is not the concern. That’s because the content from both authorities rests in FBI’s databases, and anyone cleared for FISA can access the raw data. And those FBI Agents not cleared for FISA can and are encouraged just to ask a buddy who is cleared to do it.

In other words, every Agent at FBI has relatively easy way to access the content on Flynn, so long as she can invent a foreign intelligence or criminal purpose reason to do so.

Which is probably why Comey tried to pitch something he called “culture” as adequate protection, rather than the very large number of FBI Agents who are cleared into FISA.

Comey: The number is … relevant. What I hope the US–the American people will realize is the number’s important but the culture behind it is in fact more important. The training, the rigor, the discipline. We are obsessive about FISA in the FBI for reasons I hope make sense to this committee. But we are, everything that’s FISA has to be labeled in such a way to warn people this is FISA, we treat this in a special way. So we can get you the number but I want to assure you the culture in the FBI and the NSA around how we treat US person information is obsessive, and I mean that in a good way.

So then Gowdy asks Comey something he really has a responsibility to know: what other agencies have Standard Minimization Procedures. (The answer, at least as the public record stands, is NSA, CIA, FBI, and NCTC have standard minimization procedures, with Main Justice using FBI’s SMPs.)

Gowdy: Director Comey I am not arguing with you and I agree the culture is important, but if there are 100 people who have the ability to unmask and the knowledge of a previously masked name, then that’s 100 different potential sources of investigation. And the smaller the number is, the easier your investigation is. So the number is relevant. I can see the culture is relevant. NSA, FBI, what other US government agencies have the authority to unmask a US citizen’s name?

Comey: Well I think all agencies that collect information pursuant to FISA have what are called standard minimization procedures which are approved by the FISA court that govern how they will treat US person information. So I know the NSA does, I know the CIA does, obviously the FBI does, I don’t know for sure beyond that.

Gowdy: How about Main Justice?

Comey: Main Justice I think does have standard minimization procedures.

Gowdy: Alright, so that’s four. NSA, FBI, CIA, Main Justice. Does the White House has the authority to unmask a US citizen’s name?

Comey: I think other elements of the government that are consumers of our can ask the collectors to unmask. The unmasking resides with those who collected the information. And so if Mike Rogers’ folks collected something, and they send it to me in a report and it says it’s US person #1 and it’s important for the FBI to know who that is, our request will go back to them. The White House can make similar requests of the FBI or NSA but they don’t on their own collect, so they can’t on their own unmask.

That series of answers didn’t satisfy Gowdy, because from his perspective, if Comey isn’t able to investigate and find a head for the leak of Flynn’s conversation with Kislyak — well, I don’t know what he thinks but he’s sure an investigation, possibly even the prosecution of journalists, is the answer.

Gowdy: I guess what I’m getting at Director Comey, you say it’s vital, you say it’s critical, you say that it’s indispensable, we both know it’s a threat to the reauthorization of 702 later on this fall and oh by the way it’s also a felony punishable by up to 10 years. So how would you begin your investigation, assuming for the sake of argument that a US citizen’s name appeared in the Washington Post and the NY Times unlawfully. Where would you begin that investigation?

This whole series of questions frankly mystifies me. I mean, these two men who ostensibly provide oversight of FISA clearly didn’t understand what the biggest risk to privacy is –back door searches of US person content — which at the FBI doesn’t even require any evidence of wrong-doing. That is the biggest impediment to reauthorizing FISA.

And testimony about the intricacies of unmasking a US person identity — particularly when a discussion of traditional FISA serves as stand-in for Section 702 — does nothing more than expose that the men who supposedly oversee FISA closely have no fucking clue — and I mean really, not a single fucking clue — how it works. Devin Nunes, too, has already expressed confusion on how access to incidentally collected US person content works.

Does anyone in the House Intelligence Committee understand how FISA works? Bueller?

In retrospect, I’m really puzzled by what is so damning about the Flynn leak to them. I mean, don’t get me wrong, I’m very sympathetic to the complaint that the contents of the intercepts did get leaked. If you’re not, you should be. Imagine how you’d feel if a Muslim kid got branded as a terrorist because he had a non-criminal discussion with someone like Anwar al-Awlaki? (Of course, in actual fact what happened is the Muslim kids who had non-criminal discussions with Awlaki had FBI informants thrown at them until they pressed a button and got busted for terrorism, but whatever.)

But Rooney and Gowdy and maybe even Nunes seemed worried that their colleagues in the House have seen someone like them — not a young Muslim, but instead a conservative white man — caught up in FISA, which has suddenly made them realize that they too have conversations all the time that likely get caught up in FISA?

Or are they worried that the public discussion of FISA will expose them for what they are, utterly negligent overseers, who don’t understand how invasive of privacy FISA currently is?

If it’s the latter, their efforts to assuage concerns should only serve to heighten those concerns. These men know so little about FISA they don’t even understand what questions to ask.

In any case, after today’s hearing I am beginning to suspect the IC doesn’t like to have public hearings not because someone like me will learn something, but because we’ll see how painfully little most of the so-called overseers have learned in all the private briefings the IC has given them. If these men don’t understand the full implications of incidental collection, two months after details of Flynn’s conversations have been leaked, then it seems likely they’ve been intentionally mis or underinformed.

Or perhaps they’re just not so bright.

As every newspaper in town has reported, at today’s hearing into Russia’s hack of the DNC, Jim Comey confirmed that the FBI has a counterintelligence investigation into the hack that includes whether Trump’s associates coordinated with Russian actors. Along the way, Comey refused to join in James Clapper’s statement that there was no evidence of collusion between Trump’s aides and Russia. When the now retired Director of National Intelligence said that, Clapper had emphasized that his statement only extended through the end of his service, January 20; he warned that some evidence may have been discovered after that.

A far more telling detail came close to the end of the hearing, during NY Congresswoman Elise Stefanik’s questioning. She started by asking what typical protocols were for informing the DNI, the White House, and senior Congressional leadership about counterintelligence investigations.

Stefanik: My first set of questions are directed at Director Comey. Broadly, when the FBI has any open counterintelligence investigation, what are the typical protocols or procedures for notifying the DNI, the White House, and senior congressional leadership?

Comey: There is a practice of a quarterly briefing on sensitive cases to the Chair and Ranking of the House and Senate Intelligence Committees. The reason I hesitate is, thanks to feedback we’ve gotten, we’re trying to make it better. And that involves a briefing briefing the Department of Justice, I believe the DNI, and the — some portion of the National Security Council at the White House. We brief them before Congress is briefed.

Stefanik: So it’s quarterly for all three, then, senior congressional leadership, the White House, and the DNI?

Comey: I think that’s right. Now that’s by practice, not by rule or by written policy. Which is why, thanks to the Chair and Ranking giving us feedback, we’re trying to tweak it in certain ways.

Note that point: the practice has been that FBI won’t brief the Gang of Four until after they’ve briefed DOJ, the DNI, and the White House. Stefanik goes on to ask why, if FBI normally briefs CI investigations quarterly, why FBI didn’t brief the Gang of Four before the last month, at least seven months after the investigation started. Comey explains they delayed because of the sensitivity of the investigation.

Stefanik: So since in your opening statement you confirmed that there is a counterintelligence investigation currently open and you also referenced that it started in July, when did  you notify the DNI, the White House, or senior Congressional leadership?

Comey: Congressional leadership, sometime recently — they were briefed on the nature of the investigation and some details, as I said. Obviously the Department of Justice must have been aware of it all along. The DNI … I don’t know what the DNI’s knowledge of it was, because we didn’t have a DNI until Mr. Coats took office and I briefed him his first morning in office.

Stefanik: So just to drill down on this, if the open investigation began in July, and the briefing of Congressional leadership only occurred recently, why was there no notification prior to the recent — the past month.

Comey: I think our decision was it was a matter of such sensitivity that we wouldn’t include it in the quarterly briefings.

Stefanik: So when you state “our decision,” is that your decision, is it usually your decision what gets briefed in those quarterly updates?

Comey: No. It’s usually the decision of the head of our counterintelligence division.

Stefanik: And just again, to get the details on the record, why was the decision not to brief senior congressional leadership until recently, when the investigation had been open since July, a very serious investigation. Why was that decision made to wait months?

Comey: Because of the sensitivity of the matter.

Stefanik then got Comey to reconfirm what the IC report says: that Russia had hacked numerous entities, he would later say over a thousand, including Republican targets.

Stefanik then turned to the Yahoo investigation. She asked whether the FSB officers involved conducted the hack for intelligence purposes — a question Comey refused to answer. He also refused to answer what the FSB did with the information stolen.

Stefanik: Taking a further step back of what’s been in the news recently and I’m referring to the Yahoo hack, the Yahoo data breach, last week the Department of Justice announced it was charging hackers with ties to the FSB in the 2014 data breach. Was this hack done, to your knowledge, for intelligence purposes?

Comey: I can’t say in this forum.

Stefanik: Press reporting indicates the Yahoo hack targeted journalists, dissidents and government officials. Do you know what the FSB did with the information they obtained?

Comey: Same answer.

Stefanik: Okay, I understand that.

This is important for a number of reasons, including the evidence that the FSB was hiding their hacking from others in Russia.

Stefanik then turned to the sanctions, asking if Comey had any insight into how the Obama Administration chose who got sanctioned in December — which included Alexsey Belan but not the FSB officers involved (one of whom, Dmitry Dokuchaev, was already under arrest for treason by the time of the sanctions).

Stefanik: How did the Administration determine who to sanction as part of the election hacking? How familiar are [] with that decision process and how is that determination made?

Comey: I don’t know. I’m not familiar with the decision-making process. The FBI is a factual input but I don’t recall — I don’t have any personal knowledge about how the decisions were made about who to sanction.

Again, her interest in this is significant — I’ll explain why in a follow-up.

Stefanik then asked what the intelligence agencies would do going forward to keep entities safe from Russian hacking. As part of the response, Mike Rogers revealed (unsurprisingly) that NSA first learned of FSB’s hacking of those many targets in the summer of 2015.

Finally, Stefanik returned to her original point, when Congress gets briefed on CI investigations. Comey’s response was remarkable.

Stefanik: It seems to me, in my first line of questioning, the more serious a counterintelligence investigation is, that would seem to trigger the need to update not just the White House, the DNI, but also senior congressional leadership. And you stated it was due to the severity. I think moving forward, it seems the most severe and serious investigations should be notified to senior congressional leadership. And with that thanks for your lenience, Mr. Chairman, I yield back.

Comey could have been done with Stefanik yielding back. But instead, he interrupted, and suggested part of the delay had to do with the practice of briefing within the Executive Branch NSC before briefing Congress.

Comey: That’s good feedback, Ms. Stefanik, the challenge for is, sometimes we want to keep it tight within the executive branch, and if we’re going to go brief congressional leaders, the practice has been then we brief inside the executive branch, and so we have to try to figure out how to navigate that in a good way.

Which seems to suggest one reason why the FBI delayed briefing the Gang of Four (presumably, this is the Gang of Eight) is because they couldn’t brief all Executive Branch people the White House, and so couldn’t brief Congress without first having briefed the White House.

Which would suggest Mike Flynn may be a very central figure in this investigation.

Update: I’ve corrected my last observation to match Comey’s testimony that the delay had to do with keeping things on a close hold within the Executive Branch. That may be nothing, it may reflect the delay on confirming Dan Coats, it may be Flynn (if you normally brief the NSC, after all the National Security Advisor would be among the first to be briefed), but it also could be Jeff Sessions.

Remember this article from CNN that renewed the Alfa Bank funny server story? It totally pissed me off for the way it cited about seven people telling it there was no there there, and then reporting that there was based off one identified source (a US official, who could be a member of Congress) and other non-identified ones.

In addition, it claimed that Dick DeVos leads Spectrum Health — my local hospital. DeVos is currently Chairman of the Board, but the company is “led” by CEO and President Rick Breon. DeVos “leads” a company called Windquest Group, which invests in boutique things like an excellent wine bar and the fancy gym I belonged to before I joined the Y. The DeVos family “owns” a lot more, notably RDV Corporation, through which they own and mismanage the Orlando Magic. There are probably a jillion servers associated with RDV corporation that could (and probably do!) conduct secret communications. Which is another way of saying that if Dick DeVos wanted to conduct secret conversations with Donald Trump at a time when he was attracting attention because he was not yet even donating money to the candidate, he might have done it via a server more directly operated by his family. Hell, since DeVos spooked up brother-in-law Erik Prince was supporting Trump at that time of the weird server activity, why wouldn’t we expect spooky conversations to happen from one of Prince’s far-flung spook properties?

But perhaps the funniest part of the CNN story is that it pointed to evidence the story had been packaged — but it didn’t seem to understand that.

Other computer experts said there could be additional lookups that weren’t captured by the original leak. That could mean that Alfa’s presence isn’t as dominant as it seems. But Dyn, which has a major presence on the internet’s domain name system, spotted only two such lookups — from the Netherlands on August 15.

If there were lookups not recorded in the publicly released data — even if there were just two of them — then it shows that the publicly released data is incomplete.

Other outlets say was even more data sometimes excluded from the public story. The Intercept cataloged how different sets of material purportedly backing this story include different sets of IP addresses.

On Tea Leaves’ WordPress site, he claimed that “only two networks resolved the mail1.trump-email.com host.” This is contradicted by the very works of analysis furnished by Tea Leaves’ collaborators: The author of the white paper found that at least 19 IP addresses, all belonging to different networks except for the two that belong to Alfa Bank, had looked up Trump’s server. And these are only the 19 the author was able to observe in a short time period — it can’t be ruled out that there were many more, which quickly deflates the portrait of a shady Russian backchannel.

The white paper included DNS look-up data, but not nearly enough to reproduce the results. Rather than the 19 IP addresses we expected to see, the data only included three, and the DNS look-ups were not for the same time period that the paper described. Tea Leaves published a different set of data on the dark web, which we also looked at, but this set of data only included a total of four IP addresses. When we pressed Tea Leaves for the complete set of data so we could attempt to reproduce the analysis, he gave us a new, more comprehensive set of data, but still that included a total of only eight IP addresses, and it was missing an IP address belonging to a VPN service in Utah that accounted for a significant portion of the DNS look-ups described in the paper.

And Robert Graham states that a source of his says the data for June — one of the key months in question — was altered.

Tea Leaves and Jean Camp are showing logs of private communications. Where did these logs come from? This information isn’t public. It means somebody has done something like hack into Alfa Bank. Or it means researchers who monitor DNS (for maintaing DNS, and for doing malware research) have broken their NDAs and possibly the law.

The data is incomplete and inconsistent. Those who work for other companies, like Dyn, claim it doesn’t match their own data. We have good reason to doubt these logs. There’s a good chance that the source doesn’t have as comprehensive a view as “Tea Leaves” claim. There’s also a good chance the data has been manipulated.

Specifically, I have as source who claims records for trump-email.com were changed in June, meaning either my source or Tea Leaves is lying.

Until we know more about the source of the data, it’s impossible to believe the conclusions that only Alfa Bank was doing DNS lookups.

Here’s his latest post on this issue.

All the different sets of data (and the way the data was culled without evidence about how that was done), plus the fact that the entity behind this story goes by the name “Tea Leaves” and now refuses to talk to anyone about it, really ought to raise questions about a hoax. But not CNN. For CNN it was all proof of something there.

Now CNN reports that once in February and increasingly since CNN’s story about a non-story, someone has been spoofing lookups from Trump to Alfa.

[O]n Friday, Alfa Bank claimed hackers are now trying to perpetuate that suspicion by tricking the Trump Organization into sending communication toward the bank.

[snip]

One attack happened on February 18, the bank said. (The bank did not mention that to CNN before its story published on March 10.)

After CNN published its story about the puzzling Trump-Alfa situation, hackers stepped up their attack on the Trump Organization with “spoofed” signals for five hours, which were then directed back towards the bank, Alfa Bank said.

Hackers continued this attack on March 13, the bank said.

The bank contacted the FBI and offered “complete co-operation in finding the people behind attempted cyberattacks.” A US law enforcement official confirmed that the FBI was contacted.

[snip]

According to Alfa Bank’s description of recent events, hackers have recently tricked a Trump Organization computer server into sending internet traffic to Alfa Bank.

Hackers have “manufactured this deceit by ‘spoofing’ or falsifying DNS lookups to create the impression of communication between Alfa Bank and the Trump Organization,” the bank said in a statement.

Alfa Bank offered this analogy: “A simple analogy would be someone in the U.S. sending an empty envelope… to a Trump office… addressed to Trump, but on the back of the envelope the return address is Russia… instead of its own real address.”

“So, on cursory examination, Alfa Bank appears to have been receiving responses to queries it never actually sent.”

Alex McGeorge, head of threat intelligence at cybersecurity firm Immunity, said this is a prank “that is simple to do from pretty much any internet connected computer. We could probably manufacture this from a Starbucks.”

That someone is trying to manufacture something out of nothing here should not be surprising. There’s abundant reason to believe that’s what was always happening. And now that the FBI has been called back in by Alfa, I do hope they find an explanation about whether this is a Hillary person trying to taint Trump or Russia trying to do a limited hangout on other more damaging Alfa stuff. Maybe both have been faking this story at different times?

In any case, at this point, the story should be about why this story got packaged in the way it did, as much as any questions about how Trump sends spam around the world.

Update: Here’s the press release from Alfa. They’re also calling the larger story a hoax.

Alfa Bank’s working hypothesis is that an individual — possibly well known in internet research circles — may have fed selected DNS data to an anonymous cyber group to ensure they reached a specific (and erroneous) conclusion. Alternatively, the cyber group may have been complicit in the deceit. In the most recent cases, unknown individuals demonstrably attempted to insert falsified records onto Alfa Bank’s computer systems designed to create the same impression.

An Alfa Bank spokesperson said: «The anonymous cyber group, which is led according to news accounts by ‘Tea Leaves,’ cannot produce evidence of a link because there never has been one. Alfa Bank believes that it is under attack and has pledged its complete cooperation to U.S. authorities to find out who is behind these malicious attacks and false stories.»

At the Atlantic, I expanded on this post to explore how Russia has to do by hacking what the US can do using Section 702. As I lay out, for a lot of foreign spying involving US tech companies, Russia has to do things like phish or hack Yahoo’s servers to gain the kind of access the NSA gets just by asking nicely.

But as Jeffrey Carr notes in this post, that’s not true for unencrypted communications that originate in Russia. FSB — the agency where alleged Yahoo hackers Dmitry Dokuchaev and Igor Sushchin worked — have access to anything that originates in Russia.

To put it another way, the FSB has total information awareness on every type of communication that originates in Russia or passes through Russian servers.

Carr uses that detail to argue that this probably means Dokuchaev — who was charged by Russia with treason in December — and Suschin were operating on their own.

[W]hy would the FSB, with their vast resources and legal authorities, need to collect information on Russian targets in Russia via Yahoo?

The obvious answer is — they don’t. And since all of the defendants with the exception of one person are either criminals or charged by the Russian government with treason, the Yahoo breach was most likely the act of corrupt FSB employees and criminal hackers rather than an official FSB operation.

Now, many if not most accounts identified in the indictment (I made a list of the described targets in this post) wouldn’t be officially available, because they’re located in countries adjoining Russia or the US.

But there are a few other details that do support Carr’s argument.

First, in addition to Yahoo and Google accounts, the conspirators targeted a Russian webmail service — probably Yandex.

In or around April 2016, the conspirators sought access to an account of a senior officer at a Russian webmail and internet-related services provider (the “Russian Webmail Provider”). On or about April 25, 2016, DOKUCHAEV successfully minted a cookie to gain access to the victim user’s account.

Admittedly, FSB might not want to go to Yandex (or whichever provider it is) to ask for information on one of their senior officers, but nevertheless, this information should be available officially in Russia. Another passage that describes the Russian webmail service lists only Russian targets, though that section also includes Google targets, so those may have been the GMail accounts of Russians unavailable in Russia.

In addition, the day after the indictment, Sushchin got fired from Renaissance Capital (which is owned by Nets owner Mikhail Prokhorov), where he was embedded. That suggests his was not an official embed noticed to the company (though it still may have been a legitimate FSB placement).

Most interesting of all is that Dokuchaev used US resources to conduct the hack. He had a Paypal account, which he presumably used to pay Karim Baratov.

All funds which constitute proceeds that are held on deposit in PayPal account number xxxxxxxxxxxxxxx2639, held by DOKUCHAEV;

And, according to the G&M (and this is the most amazing part), Dokuchaev used a Yahoo account to communicate with Baratov.

Mr. Dokuchaev is alleged in the court documents to have used a Yahoo e-mail account to contact Mr. Baratov and hire him to get the log-in information for about 80 accounts belonging to victims of the Yahoo hack.

I get why you wouldn’t email Baratov from your [email protected] account, because that would alert Canadian and US authorities he was working with Russian spies. But surely a Russian spy knows enough not to communicate via an account that is readily available to US authorities under Section 702, even if the conspirators’ persistent presence in the Yahoo servers might alert you to such surveillance? Even if you wanted to use an account in North America there are surely better options.

In other words, there are a lot of reasons to believe that Dokuchaev was making more effort to keep this activity out of easy reach of Russian authorities then he did to hide it from the US.