Guccifer 2.0: What about those DCCC and “Clinton Foundation” documents

/22 Comments/in , , /by

In this post, I addressed one recent and one not-recent research finding pertaining to Guccifer 2.0 (I had already raised both of them, but I addressed them at more length). I pointed out the conclusions of the research itself (that Guccifer 2.0 put Russian metadata in the first documents he released intentionally, just as he had put the name Felix Dzerzhinsky in one; and that some files released by proxy in September were copied locally) were not that controversial and certainly don’t refute the Intelligence Community conclusion that Russia was behind these hacks.

I also pointed out something that came out of that and related research — the understanding that the documents Guccifer 2.0 first released weren’t the DNC documents released to WikiLeaks at all, and so had absolutely no bearing on the question of whether Guccifer 2.0 provided the DNC documents to WikiLeaks. The NYer’s Raffi Khatchadourian used that same data as part of his argument that Russia was clearly working with WikiLeaks.

Cui bono from DCCC documents

Not only does all this analysis focus on the DNC when it really should focus on Hillary documents, but it almost entirely ignores the later documents Guccifer 2.0. For example, here’s how Adam Carter dismisses the import of the DCCC documents in considering attribution.

The documents he posted online were a mixture of some from the public domain (eg. already been published by OpenSecrets.org in 2009), were manipulated copies of research documents originally created by Lauren Dillon (see attachments) and others or were legitimate, unique documents that were of little significant damage to the DNC. (Such as the DCCC documents)

The DCCC documents didn’t reveal anything particularly damaging. It did include a list of fundraisers/bundlers but that wasn’t likely to cause controversy (the fundraising totals, etc. are likely to end up on sites like OpenSecrets, etc within a year anyway). – It did however trigger 4chan to investigate and a correlation was found between the DNC’s best performing bundlers and ambassadorships. – This revelation though, is to be credited to 4chan. – The leaked financial data wasn’t, in itself, damaging – and some of the key data will be disclosed publicly in future anyway.

Even ignoring that some of these documents provided the DCCC’s views of races and candidates, the notion that data will one day become public in no way minimizes the value of having that data in time for an electoral race, which is what Guccifer 2.0’s release of them did.

Even Khatchadourian simply nods at what, given the timing, are likely the DCCC documents. After laying out what are suggestions of pressure Assange’s source is exerting on WikiLeaks in the early summer, he reveals that in August, Guccifer 2.0 considered leaking documents through Emma Best (who, notably, had just linked the Turkish emails that WikiLeaks would get blamed for at the end of July).

In mid-August, Guccifer 2.0 expressed interest in offering a trove of Democratic e-mails to Emma Best, a journalist and a specialist in archival research, who is known for acquiring and publishing millions of declassified government documents. Assange, I was told, urged Best to decline, intimating that he was in contact with the persona’s handlers, and that the material would have greater impact if he released it first.

Given the mid-August date, those emails are likely the DCCC emails that Guccifer 2.0 first announced on August 12 by publishing the contact information of members and their key staffers (one of the several things over the course of the operation that got suppressed by providers). While Khatchadourian doesn’t dwell on what happened to them instead of release via Best, it is significant: Guccifer 2.0 reached out to local journalists to report on the state-level data. That is, for a limited set of what must have been available at DCCC, a set focused on swing states (which, contrary to what Carter suggests, cannot be bracketed off from the top of the ticket in a presidential year), Guccifer 2.0 worked to magnify these documents too, with mixed success.

It’s hard to imagine why anyone associated with the Democratic party or Crowdstrike  — who both have been accused of being the real insiders behind the Wikileaks documents — would release those documents, no matter how uninteresting people outside of politics find them. Likewise, even the most bitter Bernie supporter would have little reason to help Republicans get elected to Congress. Leaking boring but useful documents that benefit just Republicans doesn’t even fit with the hacktivist persona Guccifer 2.0 presented as. That leaves GOPers, as well as the Russians if they were siding with the GOP, with sufficient motive to hack and leak them.

Moreover, given questions about whether Republicans incorporated data made available by Russia in their own data analysis, the release of these documents may have provided a way to do that while maintaining plausible deniability. This stuff could get more interesting now, given that Ron DeSantis, who benefitted from these state level leaks, wants to cut the Mueller investigation short.

What about Guccifer 2.0’s Clinton Foundation headfake?

Which brings us to some other still unexplained events from last year: Roger Stone’s promises that WikiLeaks would release the Clinton Foundation emails in early October. A lot gets missed in the public narrative of that period. Stone turned out to repeatedly promise files, only to be wrong, which (on its face, anyway) undermines Democratic accusations he was in cahoots with WikiLeaks. And ultimately, WikiLeaks didn’t publish the Clinton Foundation files; instead, it released the Podesta document that included excerpts of Hillary’s speeches. Though — again, contrary to what the Democrats now complain — those were completely drowned out by the Access Hollywood release. No one mentions, either, that Stone sort of sulked away, uninterested in WikiLeaks emails anymore, moving on to Bill Clinton rape allegations. What happened?

Here’s what I laid out in April.

CNN has a timeline of many of Stone’s Wikileaks related comments, which actually shows that in August, at least, Stone believed Wikileaks would release Clinton Foundation emails (a claim that derived from other known sources, including Bill Binney’s claim that the NSA should have all the Clinton Foundation emails).

It notes, as many timelines of Stone’s claims do, that on Saturday October 1 (or early morning on October 2 in GMT; the Twitter times in this post have been calculated off the unix time in the source code), Stone said that on Wednesday (October 5), Hillary Clinton is done.

Fewer of these timelines note that Wikileaks didn’t release anything that Wednesday. It did, however, call out Guccifer 2.0’s purported release of Clinton Foundation documents (though the documents were real, they were almost certainly mislabeled Democratic Party documents) on October 5. The fact that Guccifer 2.0 chose to mislabel those documents is worth further consideration, especially given public focus on the Foundation documents rather than other Democratic ones. I’ll come back to that.

Throughout the week — both before and after the Guccifer 2.0 release — Stone kept tweeting that he trusted the Wikileaks dump was still coming.

Monday, October 3:

Wednesday, October 5 (though this would have been middle of the night ET):

Thursday, October 6 (again, this would have been nighttime ET, after it was clear Wikileaks had not released on Wednesday):

On October 7, at 4:03PM, David Fahrenthold tweeted out the Access Hollywood video.

On October 7, at 4:32 PM, Wikileaks started releasing the Podesta emails.

Stone didn’t really comment on the substance of the Wikileaks release. In fact, even before the Access Hollywood release, he was accusing Bill Clinton of rape, and he continued in that vein after the release of the video, virtually ignoring the Podesta emails.

Two parts of this narrative now look very different, given what we know now. As noted, Kachadourian argues that Guccifer 2.0 served as a pressure point for WikiLeaks, pushing Assange to release things on the persona’s timeline. I’ve long been puzzled (for obvious reasons) by Guccifer 2.0’s response to my tweet, calling out his supposed October 4 release of Clinton Foundation documents as the bullshit it was.

There was no private conversation behind this — Guccifer 2.0 and I never spoke by DM. My guess is he chose to respond to my tweet because Glenn Greenwald immediately responded to me and took my debunking seriously, though Guccifer 2.0’s response was quick — within 45 minutes. And only after that tweet did he follow me. It was a rare unsolicited response to someone, and it was one of maybe three tweets he sent responding to a criticism. (Interesting side note: I realized when reviewing his tweets that a few of Guccifer 2.0’s tweets appear in Twitter’s count but are not visible.) In other words, Guccifer 2.0 apparently wanted to respond to my debunking, perhaps because Greenwald found them credible, thereby sustaining the claim he really had Clinton Foundation emails. But it happened at a time when Stone, too, was pushing WikiLeaks to release Clinton Foundation emails.

Now couple that information with the details of GOP rat-fucker Peter Smith’s attempt to hunt down Clinton Foundation emails. As Matt Tait describes, close to the July 22 release of the the DNC emails, Smith contacted him already having been contacted by someone who claimed to have copies of Hillary’s Clinton Foundation emails.

Over the course of a long phone call, he mentioned that he had been contacted by someone on the “Dark Web” who claimed to have a copy of emails from Secretary Clinton’s private server, and this was why he had contacted me; he wanted me to help validate whether or not the emails were genuine.

The WSJ explained that Smith could never authenticate any of the emails he got pitched, which is why they weren’t ever published, and recommended they be dealt to WikiLeaks.

So what if someone actually did deal those emails to WikiLeaks, authentic or not? What if Guccifer 2.0 somehow knew that? It would explain Stone’s certainty they’d come out, Guccifer 2.0’s attempt to claim he had them, and the back-and-forth in early October.

Incidentally, the latest stink in the right wing noise machine is that a guy trying to obtain more Hillary related emails via FOIA got denied because the public interest doesn’t outweigh Hillary’s privacy interests. [Deleted: this was one of the fake Assange accounts–thanks to  Arbed for heads up.] Assange claim he has duplicates.

To be clear, I don’t believe those are Clinton Foundation emails. But I find the possibility that Assange may still be getting and releasing materials damning to Hillary.

Guccifer 2.0’s other propaganda

Finally, it’s worth noting that these reassessments of Guccifer 2.0 largely look at the documents he released, out of context of the things he said.

I think that’s particularly problematic given this last two posts, which align with activities alleged to have ties to Russia. His second-to-last post was typically nonsensical (the FEC’s networks have nothing to do with vote counting). But it attributed any tampering with software to Democrats.

INFO FROM INSIDE THE FEC: THE DEMOCRATS MAY RIG THE ELECTIONS

I’d like to warn you that the Democrats may rig the elections on November 8. This may be possible because of the software installed in the FEC networks by the large IT companies.

As I’ve already said, their software is of poor quality, with many holes and vulnerabilities.

I have registered in the FEC electronic system as an independent election observer; so I will monitor that the elections are held honestly.

I also call on other hackers to join me, monitor the elections from inside and inform the U.S. society about the facts of electoral fraud.

We’ve since learned (most recently in this NYT piece) that there was more risk of tampering with the vote count than initially revealed. And no matter whether or not you believe the Russians did it, there is no credible reason why Democrats would target turnout that they needed to win the election. This message, Guccifer 2.0’s last before the election, could only serve to give pre-emptive cover for any tampering that did get discovered.

Finally, there’s Guccifer 2.0’s last post, bizarrely posted months after he seemed to be done, capitalizing on legitimate complaints about the first Joint Analysis Report released on December 29 to suggest the evidence implicating him as Russian is fake.

The technical evidence contained in the reports doesn’t stand up to scrutiny. This is a crude fake.

Any IT professional can see that a malware sample mentioned in the Joint Analysis Report was taken from the web and was commonly available. A lot of hackers use it. I think it was inserted in the report to make it look a bit more plausible.

But several things are interesting about this post (in addition to the way it coincided with what Shadow Brokers claimed was going to be his last post). In spite of using the singular “this” to refer to the “reports,” Guccifer 2.0 claims that several reports tie him to Russia.

The U.S. intelligence agencies have published several reports of late claiming I have ties with Russia.

But the JAR actually doesn’t mention him at all. What does mention him is the Intelligence Community Assessment.

We assess with high confidence that the GRU used the Guccifer 2.0 persona, DCLeaks.com, and WikiLeaks to release US victim data obtained in cyber operations publicly and in exclusives to media outlets.

Guccifer 2.0, who claimed to be an independent Romanian hacker, made multiple contradictory statements and false claims about his likely Russian identity throughout the election. Press reporting suggests more than one person claiming to be Guccifer 2.0 interacted with journalists.

Guccifer 2.0’s silence about the ICA is all the more interesting given that the post — dated January 12 and so immediately after the leak of the Steele dossier — doesn’t mention that, but says the Obama Administration would release more fake information in the coming week.

Certainly, those who believe Guccifer 2.0 is not Russian even while noting his many false claims will take this post as gospel. But it’s worth noting that it doesn’t actually refute the substance of the claims made about Guccifer 2.0, rather than Russia.

Reassessing the Role of Guccifer 2.0 Should Not Terrify Analysts

I’m glad folks are still poking around the Guccifer 2.0 documents, and applaud the openness of the researchers to respond to criticism. Frankly, it’s a model those who made initial claims about Guccifer 2.0 — most egregiously, that Cyrillic metadata in a document adopting the name of Felix Dzerzhinsky would not be every bit as intentional as that graffiti — should adopt. There were errors in the early analysis of the Guccifer 2.0 persona (such as the assumption he was publishing DNC documents), that, with hindsight, are more clear. One particularly annoying one is the logic that because Guccifer 2.0 got caught pretending to be Romanian — a claim he backed off of in his FAQ a week later in any case — he had to be Russian. The unwillingness to revise early analysis only feeds the distrust of the Russian attribution.

That said, in my opinion nothing about the new analysis undermines the claim of Russian attribution, and the majority of the known evidence does support it (and has since been backed — for example — by Facebook, which has its own set of global data to draw from).

Update: I thought Stone was involved in the Smith effort. This article describes him as chatting to Guccifer 2.0 at the direction of Smith.

“The magnitude of what he was trying to do was kind of impressive,” Johnson said. “He had people running around Europe, had people talking to Guccifer.” (U.S. intelligence agencies have linked the materials provided by “Guccifer 2.0”—an alias that has taken credit for hacking the Democratic National Committee and communicated with Republican operatives, including Trump confidant Roger Stone—to Russian government hackers.)

Share this entry

On the New (and Not-So New) Claims about Guccifer 2.0

/30 Comments/in , /by

The initial files released by the persona Guccifer 2.0 on June 15, 2016 included — in addition to graffiti paying tribute to Felix Dzerzhinsky, the founder of Russia’s secret police — metadata deliberately set to Cyrillic (the metadata had previously been interpreted, implausibly even at the time, to be a mistake).

And a file later released on September 13, 2016 purportedly from Guccifer 2.0 but released via a magnet site and never linked on his WordPress site, was probably copied, locally, to a Linux drive somewhere in the Eastern time zone on July 5, 2016; the files were then copied to a Windows file on September 1, 2016.

Those are the fairly uncontroversial findings from two separate research efforts that have recently renewed debate over whether the conclusion of the intelligence community, that Russia hacked the DNC, is valid.

I’m going to do a two part post on this issue.

What to Read

As you might be able to figure out, nothing about those two conclusions at all dictates that the Intelligence Community conclusions that Russia is behind the hack of Democratic targets are wrong. The reason they’re so controversial is because they’ve been used, in tandem, to support claims that the IC conclusion is wrong, first in a (to me) unconvincing letter by the Veteran Intelligence Professionals for Sanity (chiefly Bill Binney, Kirk Wiebe, Ed Loomis, and Ray McGovern), and then in some even sloppier versions, most notably at the Nation. In between the original analysis and these reports are some other pieces making conclusions about the research itself that are in no way dictated by the research.

In other words, it’s all a big game of telephone, some research going in the front end and a significantly distorted message coming out the back end.

So before I get into what the two studies do show, let’s talk about what you should read. The first argument has been made by Adam Carter at his G2-space, which is laudable as a resource for documents on Guccifer 2.0, no matter what you think of his conclusions. There’s a ton in there, not all of which I find as persuasive as the argument pertaining to the Russian metadata. Happily, he made two free-standing posts demonstrating the RSID analysis (one, two). I first discussed this analysis here.

The RSID analysis showing that the cyrillic in Guccifer 2.0’s documents was actually intentional relies, in part, on the work of someone else, posting under the name /u/tvor_22. His post on this is worthwhile not just for the way it maps out how people came to be fooled by the analysis,  but for the five alternative explanations he offers. In in no way think those five possibilities are comprehensive, but I appreciate the effort to remain open about what conclusions might be drawn from the evidence.

Between those three posts, they show that the first five documents released by Guccifer 2.0 were all copied into one with certain settings set, deliberately, to the Russian language. That’s the first conclusion.

The forensics on copying was done by a guy posting under the name The Forensicator, whose main post is here. Note his site engages in good faith with the rebuttals he has gotten, so poke around and see how he responds.  He argues a bunch of things, most notably that the first copy of files released in September was copied locally back in July, perhaps from a computer networked to the host server. That analysis doesn’t rule out that the data was on some server outside of the DNC. I raised one concern about this analysis here.

Finally, for a more measured skeptical take — from someone also associated with VIPS who did not join in their letter — see Scott Ritter’s take. I don’t agree with all of that either, but I think a second skeptical view is worthwhile.

All of which is to say if you want to read the analysis — rather than conclusions that I think go well beyond the analysis — read the analysis. Assuming both are valid (again, I think the RSID case is stronger than the copying one), the sole conclusions I’d draw from them is that the Guccifer 2.0 figure wanted to be perceived as a Russian — something he succeeded in doing through far more than just metadata, though the predispositions of researchers and the press certainly made it easy for him. And, some entity that may associated with Guccifer 2.0 (but may also be a proxy)  is probably in the Eastern Time Zone, possibly (though not definitely) close to the DNC (or some other target server). That’s it. That’s what you need to explain if you believe both pieces of analysis.

Whatever explanation you use to explain the inclusion of Iron Felix in the documents (which is consistent with graffiti left in the hacked servers) would be the same one you use to explain why the metadata was set to Cyrillic; the IC and people close to the hack have explained that the hackers liked to boast. And the only explanation you need for the local copy is that someone associated with the Russians was close to DC, such as at the Maryland compound that got shut down.

Guccifer and the DNC … or DCCC … or Hillary

Since we’re examining these claims, there’s another part of the presentation on the RSID data (and Carter’s site generally), that deserves far more prominent mention than the current debate has given, because it undermines the framing of the debate. We’ve been arguing for a year about Russia’s tie to Guccifer 2.0 based on the persona’s claim to have provided DNC documents to WikiLeaks. But the documents originally released in the initial weeks by Guccifer 2.0 were, by and large, not DNC documents. As far as I know/u/tvor_22 was the first to note this. He describes that the Trump document first leaked only appears via other sources as an attachment to a Podesta email, though there are alterations in the metadata, as are three of the others, with the fifth coming from an unidentified source.

Let’s take the very first document posted by Guccifer2.0, which some security researchers have cited as ‘an altered document not properly sanitised.’ If we diff the raw copy — pasted into text documents — of both the original Trump document found in the Podesta emails and the Guccifer 2.0 version, ignoring white-spaces and tabs (diff -w original.txt altered.txt):

  • the table of contents has been re-factored.
  • many of the links are naked in the Guccifer2.0 version. (Naked as in not properly behind link titles, indicating Guccifer2.0’s version may have been an earlier draft.)
  • the error messages are in Russian.
  • None of the above quirks could be found in comparing 2,3, or 5.doc to their originals (100% textually equivalent). 4.doc could not be found on WikiLeaks for a comparison.

None of the textual content in any of these four ‘poorly sanitised’ documents has been altered, removed, or doctored. In other words all the differences you would expect from a copy and paste from one editor to another. So why bother copy and pasting into a new document at all? I wonder.

[1.doc’s original, 2.doc’s original, 3.doc’s original, 5.doc’original. 4.doc could not be found in Wikileaks. The bare texts of 2,3, and 5 are checksum equivalent.]

G2-space has posted an expansion of this analysis, by JimmysLlama. It provides a list for where the first 40 documents (covering Guccifer 2.0’s first two WordPress posts) can — or cannot — be found. The source for (roughly) half remains unidentified, the other half came from Podesta’s emails. At the very least, that reporting makes it clear that even for documents claimed (falsely) to be DNC documents, Guccifer had a broader range of documents than what WikiLeaks published.

That explains reporting from last summer that indicated the FBI wasn’t sure if WikiLeaks’ documents had come from Russia/Guccifer 2.0.

The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

Now we know why: because they weren’t the same set of files as had been taken from the DNC (though the FBI did already know some Hillary staffers had been hacked.) See this post from last summer, in which I explore that and related questions.

The detail that Guccifer 2.0 was actual posting Hillary, not DNC, documents is somewhat consistent with what John Podesta has said. He revealed that he recognized an early “DNC” document probably came from his email.

And other campaign officials also had their emails divulge earlier than October 7th. But in one of those D.N.C. dumps, there was a document that appeared to me was– that appeared came– might have come from my account.

Podesta he has always been squirrelly about thus stuff and probably has reason to hide that the Democrats’ claims that Guccifer 2.0 was releasing DNC documents were wrong (indeed, that’s something that would be far more supportive of skeptics’ alternative theories than this Guccifer 2.0 data, but it’s also easily explained by Democrats’ understandable choices to minimize their exposure last summer). Importantly, Podesta also suggests that “other campaign officials also had their emails divulged earlier than October 7th,” without any suggestion that that is just via DC Leaks.

On top of a lot of other implications of this, it shifts the entire debate about whether Guccifer 2.0 was WikiLeaks’ source, which has always focused on whether the documents leaked on July 22 came from Guccifer 2.0. Regardless of what you might conclude about that, it shifts the question to whether the Podesta emails WikiLeaks posted came from Guccifer 2.0, because those are the ones where there’s clear overlap. Russia’s role in hacking Podesta has always been easier to show than its role in hacking the DNC.

It also shifts the focus away from whether FBI obtained enough details from the DNC server via the forensic image it received from Crowdstrike to adequately assess the culprit. Both the DNC and Hillary (as well as the DCCC) servers are important. Though those that squawk about this always seem to miss that FBI, via FireEye, disagreed with Crowdstrike on a key point: the degree to which the two separate sets of hackers coordinated in targeted servers; I’ve been told by someone with independent knowledge that the FBI read is the correct one, so FBI certainly did their own assessment of the forensics and may have obtained more accurate results than Crowdstrike (I’ve noted elsewhere that public IC statements make it clear that not all public reports on the Russian hacks are correct).

In other words, given that the files that Guccifer 2.0 first leaked actually preempted WikiLeaks’ release of those files by four months, what you’d need to show about the DNC file leaks is something entirely different than what has been shown.

New Yorker’s analysis on coordination

That’s a task Raffi Khatchadourian took on, using an analysis of what got published when, to argue that Russia is WikiLeaks’ source in his recent profile of Assange (I don’t agree with all his logical steps, particularly his treatment of the relationship between Guccifer 2.0 and DC Leaks, but in general my disagreements don’t affect his analysis about Russia).

Throughout June, as WikiLeaks staff worked on the e-mails, the persona had made frequent efforts to keep the D.N.C. leaks in the news, but also appeared to leave space for Assange by refraining from publishing anything that he had. On June 17th, the editor of the Smoking Gun asked Guccifer 2.0 if Assange would publish the same material it was then doling out. “I gave WikiLeaks the greater part of the files, but saved some for myself,” it replied. “Don’t worry everything you receive is exclusive.” The claim at that time was true. None of the first forty documents posted on WordPress can be found in the WikiLeaks trove; in fact, at least half of them do not even appear to be from the D.N.C., despite the way they were advertised.

But then, on July 6th, just before Guccifer 2.0 complained that WikiLeaks was “playing for time,” this pattern of behavior abruptly reversed itself. “I have a new bunch of docs from the DNC server for you,” the persona wrote on WordPress. The files were utterly lacking in news value, and had no connection to one another—except that every item was an attachment in the D.N.C. e-mails that WikiLeaks had. The shift had the appearance of a threat. If Russian intelligence officers were inclined to indicate impatience, this was a way to do it.

On July 18th, the day Assange originally planned to publish, Guccifer 2.0 released another batch of so-called D.N.C. documents, this time to Joe Uchill, of The Hill. Four days later, after WikiLeaks began to release its D.N.C. archive, Uchill reached out to Guccifer 2.0 for comment. The reply was “At last!”

[snip]

Whatever one thinks of Assange’s election disclosures, accepting his contention that they shared no ties with the two Russian fronts requires willful blindness. Guccifer 2.0’s handlers predicted the WikiLeaks D.N.C. release. They demonstrated inside knowledge that Assange was struggling to get it out on time. And they proved, incontrovertibly, that they had privileged access to D.N.C. documents that appeared nowhere else publicly, other than in WikiLeaks publications. The twenty thousand or so D.N.C. e-mails that WikiLeaks published were extracted from ten compromised e-mail accounts, and all but one of the people who used those accounts worked in just two departments: finance and strategic communications. (The single exception belonged to a researcher who worked extensively with communications.) All the D.N.C. documents that Guccifer 2.0 released appeared to come from those same two departments.

The Podesta e-mails only make the connections between WikiLeaks and Russia appear stronger. Nearly half of the first forty documents that Guccifer 2.0 published can be found as attachments among the Podesta e-mails that WikiLeaks later published. Moreover, all of the hacked election e-mails on DCLeaks appeared to come from Clinton staffers who used Gmail, and of course Podesta was a Clinton staffer who used Gmail. The phishing attacks that targeted all of the staffers in the spring, and that targeted Podesta, are forensically linked; they originated from a single identifiable cybermechanism, like form letters from the same typewriter. SecureWorks, a cybersecurity firm with no ties to the Democratic Party, made this assessment, and it is uncontested.

Now, I’d like to see the analysis behind this publicly. It should be expanded to include all the documents leaked by Guccifer 2.0. It should include more careful analysis of the forensics behind the phishes (security companies have done this, but have not shown all their work). Moreover, it doesn’t rule out a piggyback hack, though given that Guccifer 2.0 was leaking Hillary emails from the start, it’s unclear how that piggyback would work. All that said, it provides a circumstantial case that these were the same two sets of documents.

Khatchadourian doesn’t dwell on something he alluded to here, which is that all the DNC documents were email focused, collected from just 10 mailboxes. That’s the nugget that, I suspect, Assange will point to (and may have shared with Dana Rohrabacher) in an effort to rebut the claims his source was Russia (one thing Khatchadourian gets wrong is what Craig Murray said about two different sources for WikiLeaks, but then he points to a WikiLeaks claim they got the emails in late summer and September 19 date on all of them — not long before Murray picked something up in DC — so that’s another area worth greater focus). For now, I’ll bracket that, but while I suspect it points to really interesting conclusions, I don’t think it necessarily undermines the claim that Russia was Assange’s source. More importantly, none of the things people are pointing to in this new analysis — the metadata in files released by Guccifer 2.0, the metadata in files released on a magnet site but never directly by Guccifer 2.0 — affects the analysis of how completely unrelated emails got to WikiLeaks at all.

All of which is to say that the these two pieces of analysis actually miss the far more interesting analysis that got done with it.

Update: Turns out the Nation issued a correction today, which reads in part,

Subsequently, Nation editors themselves raised questions about the editorial process that preceded the publication of the article. The article was indeed fact-checked to ensure that Patrick Lawrence, a regular Nation contributor, accurately reported the VIPS analysis and conclusions, which he did. As part of the editing process, however, we should have made certain that several of the article’s conclusions were presented as possibilities, not as certainties. And given the technical complexity of the material, we would have benefited from bringing on an independent expert to conduct a rigorous review of the VIPS technical claims.

It added an outside analysis by Nathanial Freitas of the two reports, a rebuttal from VIPS members who did not join the letter, and a response from those who did. Freitas provides a number of other possibilities to get the throughput observed by Forensicator. The VIPS dissenters raise some of the same points I do, including that this server may be somewhere outside of DNC.

It is important to note that it’s equally plausible that the cited July 5, 2016, event was carried out on a server separate from the DNC or elsewhere, and with data previously copied, transferred, or even exfiltrated from the DNC.

However, independent of transfer/copy speeds, if the data was not on the DNC server on July 5, 2016, then none of this VIPS analysis matters (including the categorically stated fact that the local copy was acquired by an insider) and simply undermines the credibility of any and all analysis in the VIPS memo when joined with this flawed predicate.

Share this entry

The Steele Dossier and WaPo’s Trump Tower Scoop

/19 Comments/in , , , /by

For some reason, many people who’re convinced the Trump Russia investigation will hit paydirt but who haven’t been particularly attentive believe the Steele dossier must all be true. This, in spite of the fact that some parts of it clearly are not true. The best example of that is report 086, labeled as July 25, 2015 (but which must actually date to July 2016), which quotes a former senior Russian intelligence official claiming FSB was having difficulty compromising western and G7 government targets. In the previous year, the Russians had been enjoying quite a lot of success against just those kinds of targets, including the Joint Chiefs of Staff (Russia’s APT 29 is also believed to have compromised the DNC in July 2015), making it surprising anyone following Russian matters even marginally closely could present that report as credible.

The Steele dossier is not a document that is either credible or not as a whole; it is a series of raw intelligence reports based off a series of sources, some of which conflict with each other, some of which may be credible, others of which are less so. Moreover, there are a number of details about the dossier as we received it or as we’ve since learned about its production that raise legitimate questions about its quality.

Two seemingly contradictory claims provide one example that is especially noteworthy given WaPo’s report that the Trump organization inked a branding deal in Russia in late 2015. The very first report released as the Steele dossier, dated June 20, claims that the FSB has, for years, been trying to cultivate Trump by offering him “lucrative real estate development deals in Russia” but “for reasons unknown, TRUMP had not taken up any of these.”

The sourcing on this claim definitely includes “a close associate of TRUMP who had organized and managed his recent trips to Moscow” (though how would they know FSB was dangling real estate to compromise Trump unless they were themselves tied to FSB?) and may include the trusted compatriot of a “senior Foreign Ministry figure.”

Compare that with the undated report (it probably dates to between July 19 and July 30, 2016) crediting “a separate source with direct knowledge” claiming that Trump’s “claimed minimal investment profile in Russia … had not been for want of trying.”

Which is it? Has Trump been pushing for real estate deals but failing, or have figures close to Putin been trying to entice him with such deals only to have him respond with remarkable coyness?

A September 14 report, reported second-hand from two people in Petersburg, goes so far as to claim Trump had even paid bribes to get business deals in the city, but offered little more. Significantly, the sources said Aras Agalarov — who was involved in the June 9, 2016 meeting offering dirt on Clinton in New York’s Trump Tower — would have any details on real estate deals and sex parties and the clean-up thereof.

All of which is to say that in three different reports, Steele’s sources offered conflicting details about whether Trump was trying to get business in Russia but had failed, or Russia was trying to suck Trump into business deals as part of a program to compromise him, only to have him inexplicably resist.

Which brings us to the WaPo’s latest scoop, which reveals that between November 2015 and January 2016, the Trump organization signed a licensing deal for a big real estate project in Moscow, which ended up flopping because there was actually no deal behind it.

As part of the discussions, a Russian-born real estate developer urged Trump to come to Moscow to tout the proposal and suggested he could get President Vladimir Putin to say “great things” about Trump, according to several people who have been briefed on his correspondence.

The developer, Felix Sater, predicted in a November 2015 email that he and Trump Organization leaders would soon be celebrating — both one of the biggest residential projects in real estate history and Donald Trump’s election as president, according to two of the people with knowledge of the exchange.

Sater wrote to Trump Organization Executive Vice President Michael Cohen, “something to the effect of, ‘Can you believe two guys from Brooklyn are going to elect a president?’ ” said one person briefed on the email exchange. Sater emigrated to the United States from what was then the Soviet Union when he was 8 and grew up in Brooklyn.

Trump never went to Moscow as Sater proposed. And although investors and Trump’s company signed a letter of intent, they lacked the land and permits to proceed and the project was abandoned at the end of January 2016, just before the presidential primaries began, several people familiar with the proposal said.

[snip]

Discussions about the Moscow project began in earnest in September 2015, according to people briefed on the deal. An unidentified investor planned to build the project and, under a licensing agreement, put Trump’s name on it. Cohen acted as a lead negotiator for the Trump Organization. It is unclear how involved or aware Trump was of the negotiations.

For six months, Christopher Steele pushed his sources for information on any deals Trump had planned in Russia. And only one of them — the one suggesting his go-between consult with Agalarov — offered any hint that a deal might have actually been done. Yet just months earlier, a deal had purportedly been signed, a deal personally involving Michael Cohen, who figures prominently throughout the dossier.

At least on their face, those are contradictory claims, ones that (because the WaPo story is backed by documents Congress will shortly vet) either emphasize how limited Steele’s collection was, even on one of his key targets like Cohen, or may even hint he was getting disinformation.

Or perhaps reading them in tandem can elucidate both?

First, some comments on the WaPo story.

It seems the real story here is as much the details as the fact that the deal was proposed. For example, I’m as interested that Felix Sater, from whom (as the story notes) Trump has been trying to distance himself publicly for years, was still brokering deals for the Trump organization as late as November 2015 as any other part of the story. See this post for some reasons why that’s so interesting.

It’s also quite significant that whoever leaked this to the WaPo did not explain who the investors were. Schedule another scoop in a week or so for when some outlet reveals that detail, because I suspect that’s as big a part of the story as the fact that the deal got signed. What entity came to Cohen months after Trump had kicked off his presidential campaign, and offered up the kind of branding deal that Trump loves (and which at least some of Steele’s sources say Trump had been seeking for over a decade), yet without the permits that would be a cinch if Putin and the FSB were really pushing the deal as part of a plan to compromise the candidate?

The sourcing, too, is of particular interest. WaPo describes its story as coming from, “several people familiar with the proposal and new records reviewed by Trump Organization lawyers;” in another place it describes its sources as, “several people who have been briefed on his correspondence.”  It explains that the emails are going to be turned over to Congress soon.

The new details from the emails, which are scheduled to be turned over to congressional investigators soon, also point to the likelihood of additional contacts between Russia-connected individuals and Trump associates during his presidential bid.

This all feels like an attempt, on the part of Trump lawyer Michael Cohen, to reveal to Trump via non-obstructive channels what he has found in a review of documents he’s about to turn over, with an emphasis on some of the most damning parts (Sater and the timing), but without yet revealing the public detail of the investors. By releasing it in this form, Cohen’s associates give Trump warning of what’s about to come, while blunting the damage the revelation will have in more fleshed out form.

Finally, the WaPo emphasizes Sater’s push for Trump to get Putin to say nice things. Particularly given the lack of permits here, that suggests Sater recognized the deal was not actually done, it needed powerful push from Putin. A push that, given the January collapse, apparently didn’t come in timely fashion. That may be the more interesting take-away here. The deal was, when Sater bragged about it to the guy who (according to Steele’s dossier) would shortly go on to clean up Paul Manafort’s earlier corrupt discussions with Russia, illusory. But it makes it clear that Cohen, if and when he had those discussions, was aware of the Trump organization’s earlier, failed effort to finally brand a building in Moscow. It would mean that if those dodgy meetings in Prague actually happened, they came against the backdrop of Putin deciding not offer the help needed to make the Trump deal happen in the months before the election started.

All that may suggest the Steele dossier may instead be rich disinformation on a key point, disinformation that hid how active such discussions really were.

In any case, the WaPo story is not definitive one way or another. It may be utterly damning, the kind of hard evidence Cohen is about to turn over that he is aware could really blow the investigation into Trump wide open, or it could be yet more proof that Trump continued to resist the allure of real estate deals in Russia, as some of Steele’s sources claimed. But it does raise some important questions that reflect back on the Steele dossier.

Update: NYT got the actual language of two of the Sater emails, which have now been delivered to HPSCI.

Michael I arranged for Ivanka to sit in Putins [sic] private chair at his desk and office in the Kremlin. I will get Putin on this program and we will get Donald elected. We both know no one else knows how to pull this off without stupidity or greed getting in the way. I know how to play it and we will get this done. Buddy our boy can become President of the USA and we can engineer it. I will get Putins [sic] team to buy in on this, I will manage this process.

[snip]

Michael we can own this story. Donald doesn’t stare down, he negotiates and understand the economic issues and Putin only want to deal with a pragmatic leader, and a successful business man is a good candidate for someone who knows how to negotiate. “Business, politics, whatever it allis the same for someone who knows how to deal.”

Why does Sater tie the Trump Tower deal so closely with getting Trump elected?

Share this entry

Government Aims to Protect Other Ongoing Investigations in MalwareTech Case

/3 Comments/in , /by

In its request for a protection order governing discovery materials turned over to the defense in the Marcus Hutchins/MalwareTech case, the government provided this explanation of things it needed to keep secret.

The discovery in this matter may include information related to other ongoing investigations, malware, and investigative techniques employed by the United States during its investigation of Mr. Hutchins and others.

The government will always aim to protect investigative techniques — though in an international case investigating hackers, those techniques might well be rather interesting. Of particular interest, the government wants to hide techniques it may have used against Hutchins … and against others.

The government’s claim it needs to hide information on malware will disadvantage researchers who are analyzing the Kronos malware in an attempt to understand whether any code Hutchins created could be deemed to be original and necessary to the tool. For example, Polish researcher hasherezade showed that the hooking code Hutchins complained had been misappropriated from him in 2015, when the government claims he was helping his co-defendant revise Kronos, was not actually original to him.

The interesting thing about this part of Kronos is its similarity with a hooking engine described by MalwareTech on his blog in January 2015. Later, he complained in his tweet, that cybercriminals stolen and adopted his code. Looking at the hooking engine of Kronos we can see a big overlap, that made us suspect that this part of Kronos could be indeed based on his ideas. However, it turned out that this technique was described much earlier (i.e. here//thanks to  @xorsthings for the link ), and both authors learned it from other sources rather than inventing it.

Hasherezade may well have proven a key part of the government’s argument wrong here. Or she may be missing some other piece of code the government claims comes from Hutchins. By hiding any discussions about what code the government is actually looking at, though, it prevents the security community from definitely undermining the claims of the government, at least before trial.

Finally, there’s the reference to other, ongoing investigations.

One investigation of interest might be the Kelihos botnet. In the April complaint against Pyotr Levashov, the government claimed that the Kelihos botnet had infected victims with Kronos malware.

In addition to using Kelihos to distribute spam, the Defendant also profits by using Kelihos to directly install malware on victim computers. During FBI testing, Kelihos was observed installing ransomware onto a test machine, as well as “Vawtrak” banking Trojan (used to steal login credentials used at financial institutions), and a malicious Word document designed to infect the computer with the Kronos banking Trojan.

Unlike known uses of Kronos by itself, Kelihos is something that has victimized people in the United States; the government has indicted and is trying to extradite Pyotr Levashov in that case. So that may be one investigation the government is trying to protect.

It’s also possible that, in an effort to pressure Hutchins to take a plea deal, the government is investigating allegations he engaged in other criminal activity, activity that would more directly implicate him in criminal hacking. There’s little (aside from statutes of limitation) to prevent the government from doing that, and their decision to newly declare the case complex may suggest they’re threatening more damaging superseding indictments against Hutchins, if they can substantiate those allegations, to pressure him to take a plea deal.

Finally, there’s WannaCry. As I noted, while the government lifted some of the more onerous bail conditions on Hutchins, they added the restriction that he not touch the WannaCry sinkhole he set up in May. The reference to ongoing investigations may suggest the government will be discussing aspects of that investigation with Hutchins’ defense team, but wants to hide those details from the public.

Update: I’ve corrected the language regarding Kelihos to note that this doesn’t involve shared code. h/t ee for finding the reference.

Share this entry

Rohrabacher Can’t Remember Talking Assange Pardon with Trump But Is Sure Trump Wants Mind-Boggling Info from Julian Assange

/11 Comments/in , , , /by

In this post, I noted that Dana Rohrabacher might try to broker a deal between Assange and President Trump trading information on WikiLeaks’ DNC email source for — it appears — a pardon. As I noted, the meeting was first reported — at 8:02 PM —- by the Daily Caller.

At 12:22 AM ET, Julian Assange tweeted that “I do not speak to the public through third parties. Only unmediated statements coming directly from me can be considered authoritative.”

This morning, Rohrabacher issued a statement (posted in my last post) that ends with a promise he will share information already in hand with the President.

The congressman plans to divulge more of what he found directly to President Trump.

The Daily Caller has written a new story, based on an interview with Rohrabacher. In it Rohrabacher first claimed that “he can’t remember” if he has spoken to anyone in the White House about a pardon for Assange.

A pardon of Assange would have to come directly from President Donald Trump, and Rohrabacher told TheDC, “I can’t remember if I have spoken to anybody in the White House about this.”

Apparently Rohrabacher has so many conversations with the White House that he can’t remember them all.

He goes on to suggest he hasn’t gotten the information he (in his statement) promised to divulge to Trump.

The congressman has yet to receive the information that has been promised to him by Assange, but he said he is confident he will receive it.

But — Rohrabacher is sure — the information his office thought he had this morning but which he doesn’t have any more is sure to  be mind-boggling.

“If I had to bet on it, I would bet that we are going to get the information that will be mind-boggling and of major historical significance,” Rohrabacher said. He said if it is significant enough, he will bring it directly to Trump.

After which Rohrabacher, who can’t remember whether he has talked to anyone at the White House about this — much less the President!!! — asserts that “there has already been some indication that the president will be very anxious to hear what I have to say.”

“And there has already been some indication that the president will be very anxious to hear what I have to say if that is the determination that I make,” Rohrabacher added.

Call me crazy, but I think Assange demanded the Daily Caller back off their prior reporting [see update], perhaps to get reassurances from Trump he’ll get a pardon before he (through his proxy Rohrabacher) actually hands over the information. I don’t blame Assange for that — as I noted earlier, he’s only got one shot to produce his case, and if it is easily debunked, both he and Trump will be screwed.

Assange sure seems pretty uncertain about this information that Rohrabacher — who may or may not have already received it — is sure will be mind-boggling.

Update: Here is Assange’s statement about the visit, which makes no mention of disclosing his source.

WikiLeaks’ publisher Julian Assange and his lawyer Jennifer Robinson met with U.S. Congressman Dana Rohrabacher yesterday at the Congressman’s request. Mr. Assange explained how the ongoing proceedings against WikiLeaks over its publications on war, diplomacy and rendition violate the First Amendment rights of WikiLeaks and its readers. The grand jury proceedings against Mr. Assange and his staff started in July 2010 and have been repeatedly condemned by press freedom groups, the ACLU, Human Rights Watch and the United Nations. The proceedings are the largest ever conducted against a publisher and are widely viewed by legal scholars to be unconstitutional. The alleged source of the publications was granted clemency by President Obama in January. However the grand jury proceedings against the publisher continue and have expanded under the Trump administration. Mr. Assange faces potential life imprisonment. Now at seven years, the grand jury is one of the longest and most expensive in US history.

Mr. Assange does not speak through third parties. Only statements issued directly by him or his lawyers can be considered authoritative.

It also claims that Rohrabacher requested the visit, not vice versa.

Update: Curiously, Don Jr, who we know is happy to take meetings with just about anyone if they can produce information that damages dad’s enemies, just followed Assange on Twitter.

Update: The Daily Caller insists that Assange didn’t get them to back off any reporting, and instead explains that the contradictions between their Wednesday story and their Thursday one (and in Rohrabacher’s statements) derive instead from the poor wording of the statement from Rohrbacher’s office. My apologies for the insinuations that their failure to point out these multiple contradictions doesn’t just stem from bad reporting.

Update: Washington Times has more, which not only underscores how newsworthy are Daily Caller’s contradictions, but also confirms that Rohrabacher is now talking a back and forth process.

“I will have discussions with President Trump before going public, and that should happen hopefully within two weeks of now, by the end of the month,” he said. “In the end, the American people are going to know more than what they know now, and it will be with more certainty.”

Rohrabacher declined to say if he was given a physical set of files by Assange to support a counter-narrative on how WikiLeaks acquired emails damaging to Hillary Clinton’s candidacy. U.S. spy agencies say Russia hacked those emails and gave them to WikiLeaks.

“I told you, I’m not going to go into details on that,” said the Orange County conservative about whether he was given physical files. At one point, however, Rohrabacher implied he had not been given documents.

“We did not go into detail [about how WikiLeaks acquired Democratic emails], but that will obviously be something that will be provided in greater detail shortly,” he said.

“This is not a one step process, it’s a two-step or three step-process. There are some things we just have to go to the president with and see what he says, and then see how we can actually work its way so the American people know the truth,” he said.

Update, 8/19: In an article revealing that Charles Johnson has refused to cooperate with the Senate Intelligence Committee’s request for information on how he helped now-deceased rat-fucker Peter Smith attempt to find hacked files from Hillary’s server, Michael Isikoff provides his own version of the Rohrabacher/Assange deal. His version lacks the contradictions of the right wing press. It explains that Assange would basically trade “irrefutable” evidence he didn’t get the DNC emails from Russia (which is different than proving they didn’t come from Russia) in exchange for a pre-emptive pardon.

Johnson said he and Rohrabacher came back from their meeting with a specific proposal that the congressman intends to present to President Trump soon: Grant a preemptive pardon to Assange (who has been under Justice Department investigation for years, although he has never been charged) and the WikiLeaks founder would, in exchange, turn over “irrefutable” evidence that he didn’t get the Democratic National Committee emails from Russia, but from another source.

“Assange wants to have a deal with the president,” Johnson said. “He believes he should be pardoned in the same way that Chelsea Manning was pardoned.” Once Assange turns his evidence over, showing the Russians were not the source of the DNC emails, then the “president could put the kibosh” on the whole Russia investigation being conducted by special counsel Robert Mueller.

Johnson declined to say what Assange’s supposed evidence actually is (though he did say it did not include any documents). But he insisted he has spoken to unidentified figures in the White House who have told him the president wants to hear the proposal. “I know the president is interested in this,” he said. “There will be a meeting between Rep. Rohrabacher and President Trump.”

A spokesman for Rohrabacher confirmed that Johnson had arranged the meeting between the congressman and Assange. “My understanding is that there is not yet a concrete proposal, but that Dana does believe that if Assange does turn over the proof he’s promised, then he deserves a pardon,” the spokesman said.

There’s a lot that’s batshit about these claims, not least the suggestion that Chelsea Manning got a full pardon, rather than a commutation after 7 years of imprisonment and abusive treatment by the federal government.

But it’s also hard to imagine how, having laid out this deal in such stark terms, Robert Mueller won’t begin to show some interest in it.

Share this entry

Lawfare Disappears Democratic Support for Centrist Failures to Claim a “Sea-Change” because of Russia

/14 Comments/in , , , , /by

In a piece that calls Max Blumenthal — author of three books of original journalism — an “activist,” Lawfare’s Quinta Jurecic attempts to lay out how the left has split on its response to Russia’s interference in last year’s election. She does a fine job avoiding generalizations about the current stance of the various parts of the left she portrays. But she creates a fantasy past, in which even the center-left has been distrustful of the intelligence community, to suggest the center-left’s embrace of the Russia investigation represents a “sea-change” in its comfort with the spooks.

The story of the American left under Trump, as in the larger story, is one of bifurcation and polarization. It’s a story of a profound emerging divide over the role of patriotism and the intelligence community in the left’s political life. To put the matter simply, some on the left are actively revisiting their long-held distrust of the security organs of the American state; and some are rebelling against that rapprochement.

[snip]

But these arguments have taken place against the backdrop of a much greater and more visible embrace of the investigation on the part of the center-left—and a concurrent embrace by many center-left commentators of actively patriotic vocabulary that is traditionally the province of the right, along with a skepticism about Russia that has not been in fashion in Democratic circles since the Scoop Jackson wing of the party bolted. As Trump has attacked and belittled the intelligence community’s assessment of Russian election interference, the center-left has embraced not only the report but also the intelligence community itself.

[snip]

Political leaders of the center-left always had a quiet peace with the national security apparatus. But the peace was a quiet one, generally speaking, one without overly demonstrative displays of affection or support.

[snip]

[B]roadly speaking, the center-left these days sounds a lot like the mainstream right of the last few decades before Trump came along: hawkish towards Russia and enthusiastic about the U.S.  intelligence apparatus as one of the country’s key lines of defense. And the mainstream right sounds a lot like the center-left on the subject—which is to say very quiet.

This new posture for the center-left, to some degree anyway, has politicians speaking the language of the intelligence world: the language of active patriotism.

Perhaps Jurecic has been asleep since 9/11, and has overlooked how aggressively supportive centrist Democrats have been of the National Security establishment? There’s no sea-change on the center left — none. What she actually presents evidence for is a sea-change on the right, with increased skepticism from some of those (like Devin Nunes) who have been the intelligence community’s biggest cheerleaders in the past.

To create this fantasy past, the foreign policy history Jurecic focuses on is that of the Cold War (a history that stops short of NATO expansion), not more recent history in which members of the center-left voted for a disastrous Iraq War (which Russia opposed), misrepresented (to both Russia and the left) the regime change goals of the Libya intervention, and applauded the CIA effort to back (al Qaeda allied) rebels to carry out regime change in Syria. To say nothing of the center-left’s failure to hold banks accountable for crashing the world economy. The only place those policies show up is in Jurecic’s explanation why “younger” people are more isolationist than their elders.

There’s another stream of thought too, from voices who tend to be younger and more focused on left-wing domestic policy, rather than Cold War-inflected foreign policy—people whose formative political experience dates to the Iraq War, rather than anything to do with the Soviet Union. This stream tends toward isolationism.

It’s not just that the Iraq War and the Wall Street crash, not the Cold War, provided the formative moment for these young people (though many of Jurecic’s claims about the young are immediately supported by descriptions of Glenn Greenwald or other old farts). It’s that these were disastrous policies. And through all of them, the center-left that Jurecic portrays as distrusting the IC were instead enabling and often — certainly for the entire Obama Administration — directing them.

Jurecic’s fantasy of past skepticism about the IC relies on the Democrats’ changing views towards Jim Comey, particularly the treatment of him (and to a lesser degree Robert Mueller) as messiahs.

As Americans gathered to watch James Comey testify before the Senate Intelligence Committee, a meme emerged on certain corners of the left-leaning internet: people had a crush on the former FBI director. It was his patriotism, his scrupulousness, his integrity that did it. “Get you a man who loves you like [C]omey loves the FBI,” wrote one commenter. “Is COMEY … attractive?” asked another. Declared one: “Comey should be the next Bachelor.”

The trend may have started with Comey, but it hasn’t ended with him. Earlier this month, Vogue reported that special counsel Robert Mueller, too, has been transformed into an unlikely object of adoration.

The point of these outbursts of affection—whatever level of queasiness or amusement they might inspire—is not actually that anyone finds the former FBI director or the special counsel attractive. In the odd parlance of the internet, this kind of language is a way to express intense emotional involvement with an issue. Half-jokingly and with some degree of self-awareness, the many people who profess their admiration are projecting their swirling anxiety and anticipation over the Russia investigation and the fate of the Trump presidency onto Mueller and Comey.

Not only does Jurecic ignore the wild swing Democrats exhibited about Comey, whom many blamed for Hillary’s loss (something both I and, later, Lawfare predicted). But she makes no mention of what happened in 2013 with Jim Comey’s confirmation process, in which a man who signed off on torture and legitimized an illegal dragnet by strong-arming the FISA Court was pushed through by Democrats with one after another fawning statement of admiration, where the only procedural or voting opposition came from Republicans.

You don’t approve Comey with no probing questions about his hawkish past if you’re at all embarrassed about your support for the IC. Yet that’s what the allegedly skeptical Democratic party did.

There’s a reason all this matters, especially given the way Jurecic wields the concept of patriotism in her invention of a sea-change in center-left support for spooks.

I’m on the more progressive (“hard”) left that Jurecic generally portrays as opposing the Russia investigation. Yet I may have written more, myself, than all of Lawfare about it. I think it is real and important. I support the investigations into Russian interference and Trump’s tolerance for it.

But I also think that as part of that review, the center-left — and institutions of centrist policy, starting with Brookings — need to reflect on how their own epic policy failures have discredited centrist ideology and created an opportunity that both Donald Trump and Vladimir Putin found all too easy to exploit.

Trump succeeded, in part, because he deceitfully promised to reinvest in the crumbling US interior, rather than overseas. Putin has attracted support in a Europe still paying for the German banks’ follies, a Europe struggling to accommodate refugees escaping a destabilized Middle East. That doesn’t make either of them positive forces. Rather, it makes them opportunists capitalizing on the failures of centrist hegemony. But until the center is either replaced or offers policies that haven’t already failed, Trump and Putin will continue to exploit those failures.

I consider myself a patriot. But true patriotism — as opposed to the messianism she celebrates as patriotism on the center-left — requires honest criticism of America’s disastrous economic and foreign policy failures. Messianism, by contrast, is a position of impotence, where necessary work is supplanted by hope that a strong man will rescue us all.

Ben Wittes and Lawfare generally are right that caricatures of them as handmaidens of the Deep State are too simple. But Jurecic’s analysis is associated with a think tank paid for by funders that include entities that have backed disastrous destabilizing policies in the Middle East — like Qatar, UAE, Haim Saban — as well as those who profit from them — like Northrop Grumman  It was paid for by the banks that centrists didn’t hold accountable for the crash, including JP Morgan and Citi. It was paid for by big oil, including Exxon. It was even paid for by Dianne Feinstein, the Democrat who presided over the solicitous Comey confirmation process Jurecic completely disappeared from her narrative of Democrats embracing Comey.

That a Brookings-affiliated analyst has just invented a fantasy past skepticism for spooks on the center-left — the center-left that has championed failed policies — even as she deems the tribalism she portrays as “patriotism” is itself part of the problem. It dodges the work of true patriotism: ensuring America is strong enough to offer the rest of the world something positive to support, rather than something that demagogues like Trump and Putin can effectively consolidate power over.

Share this entry

Three Times Donald Trump Treated Vehicular Manslaughter as Terrorism

/28 Comments/in , /by

Donald Trump gave the weakest statement on Charlottesville today, even going so far as calling on Americans to “cherish our history,” in response to a Nazi mob responding to the removal of Confederate symbols.

[W]e’re closely following the terrible events unfolding in Charlottesville, Virginia.  We condemn in the strongest possible terms this egregious display of hatred, bigotry and violence, on many sides.  On many sides.  It’s been going on for a long time in our country.  Not Donald Trump, not Barack Obama.  This has been going on for a long, long time.

It has no place in America.  What is vital now is a swift restoration of law and order and the protection of innocent lives.  No citizen should ever fear for their safety and security in our society, and no child should ever be afraid to go outside and play, or be with their parents, and have a good time.

[snip]

I want to salute the great work of the state and local police in Virginia — incredible people — law enforcement, incredible people — and also the National Guard.  They’ve really been working smart and working hard.  They’ve been doing a terrific job.  The federal authorities are also providing tremendous support to the governor.  He thanked me for that.  And we are here to provide whatever other assistance is needed.  We are ready, willing, and able.

Above all else, we must remember this truth:  No matter our color, creed, religion or political party, we are all Americans first.  We love our country.  We love our God.  We love our flag.  We’re proud of our country.  We’re proud of who we are.  So we want to get the situation straightened out in Charlottesville, and we want to study it.  And we want to see what we’re doing wrong as a country, where things like this can happen.

My administration is restoring the sacred bonds of loyalty between this nation and its citizens, but our citizens must also restore the bonds of trust and loyalty between one another.  We must love each other, respect each other, and cherish our history and our future together.  So important.  We have to respect each other.  Ideally, we have to love each other. [my emphasis]

In spite of the attack on counter-protestors — a tactic borrowed from ISIS terrorists in Europe — Trump didn’t label this terrorism or even call out the white supremacist violence.

Which is curious, because on at least three occasions he treated vehicular manslaughter as terrorism. He did it with Nice.

He accused London Mayor Sadiq Khan of blowing off the London Bridge terrorist attack.

And he demanded the “civilized world” change its thinking in response, in part, to the Berlin truck attack.

I guess Trump has lost his interest in civilization now?

Share this entry
[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The 702 Compliance Reporting

/in , /by

This will be a very weedy post on two quarterly reports on 702 compliance released to ACLU under FOIA: March 2014, March 2015; the March reports both cover the December 1 through February 28 period. ACLU obtained them not by FOIAing quarterly compliance reporting directly. Rather, ACLU asked for all the documents referred in this Summary of Notable Section 702 Requirements, which they had received earlier. But the released copies are entirely useless in elucidating the Notable Requirements. The 2015 report, for example, was provided in part to explain how NSA assesses whether a selector will provide foreign intelligence information, but the section of the report that details with it (item 28 on page 46) has been withheld entirely (see break between PDF 8 and 9). In addition, there must be at least one more citation to it that is redacted in the Notable Requirements document. The reference(s) to the 2014 report are entirely redacted.

There are a few places such redacted references to the two reports might be: There’s a missing citation in Pre- and Post-Tasking Due Diligence (the redaction at the bottom of 2). There may be a citation missing in the continued assessment section at the bottom of page 4. There’s definitely one missing in the Obligation to Review section (page 5). There’s likely to be one in the long redacted passage on page 6 pertaining to resolving post-tasking problems as quickly as possible. And the sole footnote (see page 11) in the Summary has a reference, which is likely one on FBI techniques to analyze Section 702 information the government identified as being withheld in its entirety.

So the Compliance reports don’t help us — at all — to understand the requirements the government places on itself with respect to 702.

But they do show us, in more granular detail than show up in the Semiannual reports (this one includes the March 2014 period and this one includes the March 2015 period), the kinds of things that show up in the compliance reviews. The compliance reporting in both is generally organized in to the same sections (see page 29):

  • Tasking Issues
  • Detasking Issues
  • Notification Delays
  • Documentation Issues
  • Overcollection
  • Minimization
  • Other

And — as the Semiannual Report makes clear — we’re just seeing a fraction of the granular descriptions in the quarterly reports, because we’re not seeing the tasking, detasking, notification, or documentation issues. That means the unredacted content in the released reports represents less than 20% of the total number of compliance incidents for these two quarters.

Though we may be able to use the reports in conjunction to identify how many selectors, on average, are tasked at any given time. If the 25 minimization issues cited in the March 2015 report are representative (meaning there’d be 50 for the entire six month period), then there’d be roughly 338 incidents across all topics for the six month period (it’s not entirely clear how they deal with overlap). Given a compliance rate of .35% per average facilities tasked, this means roughly 96,571 facilities tasked at any given time, thought that may be low given the vastly different lead times on these reports (meaning in the interim year, the government might ID many more compliance issues that get reported primarily in the Semiannual report). There were 94,368 targets across the whole year in FY 2015 (which covers this entire period because the Fiscal Year begins in October). What that suggests is that for some targets, you’ll have more than one facility tasked at any given time, but unless there’s a lot of turnover in a given year (meaning that most targets are only tasked for some weeks or months), not that many.

Which leaves us with what the reports do show us: the other (largely dissemination) and minimization (largely overly broad queries and US person queries) compliance errors, errors which I’ve roughly tallied in this document.

Dissemination

Between the two quarterly reports, there are 13 incidences of what I’m lumping under improper dissemination (the report treats database dissemination differently from disseminating unmasked USP identities). Most of these are fairly non-descript, true error. In three cases, analysts at other agencies alerted the NSA that they had not masked a US person identity.

The exceptions are 2015-19 and -20, which are almost entirely redacted but pretty clearly deal with NSA sharing raw data with FBI and/or CIA improperly.

I find the second one — which includes no unredacted discussion of emergency detasking or other mitigation — to be the more alarming of the two. But in general, the possibility that NSA might mistakenly send FBI (especially) the wrong data is troubling because once things get to FBI they get far less direct scrutiny (both in terms of compliance reviews and in terms of auditing) than NSA gets. Sending the collection on an entire selector over to another agency is far more intrusive than sending over one unmasked name (though it’s not clear this raw data belonged to a US person). Plus, once things get to FBI they can start having repercussions.

Overbroad Queries

The overbroad queries are interesting not so much because they affect US persons directly (though they do in perhaps two cases), but for what they say about the querying process. Here’s what the 2015 Semiannual Report says about overbroad queries, which it acknowledges is a problem even while attributing the problem to errors in constructing Boolean queries.

(U) NSA’s minimization procedures require queries of Section 702-acquired data to be designed in a manner “reasonably likely to return foreign intelligence information.” Approximately 29% of the minimization errors in this reporting period involved non-compliance with this rule regarding queries (54% in the last reporting period).56 As with prior Joint Assessments, this is the cause of most compliance incidents involving NSA’s minimization procedures. These types of errors are typically traceable to a typographical or comparable error in the construction for the query. For example, an overbroad query can be caused when an analyst mistakenly inserts an “or” instead of an “and” in constructing a Boolean query, and thereby potentially received overbroad results as a result of the query. No incidents of an analyst purposely running a query for nonforeign intelligence reasons against Section 702-acquired data were identified during the reporting period, nor did any of the overbroad queries identified involve the use of a United States person identifier as a query term.

That generally accords with the most common description of the compliance errors: an analyst constructs a query poorly, recognizes as soon as she gets the results (presumably resulting in far more returned records than expected), someone (the reports as often as not don’t tell us who) deletes them, and it gets reported. There are a few incidents where analysts run multiple such queries before discovering the problem — that seems like more of a concern, as fat-fingering a Boolean connector shouldn’t explain it. I’m interested in the errors (2015-7, -8, and -9) where the redaction seems to suggest either some other kind of query or some embarrassment about disclosing that top secret method, Boolean search; it’s possible this pertains to XKS searches, which can also involve scripts. One of these overboard queries was done by a linguist (which given the Reality Winner case is interesting). There are also discrepancies about whether the analyst themselves discovered the problem or an auditor, the latter of which happened at least five times (two incidences don’t describe who discovered them). Finally, there are interesting differences in the description of the coaching that happens after an issue. Sometimes none is described. Most often, the report describes the analyst getting a talking to. But in a number of cases, “personnel,” which might be plural, get coaching. I’m interested in when more than one person would get such coaching.

Finally, consider what it means that most of these violations seem to involved multiple authorities, including 702. That’s not at all surprising: you’d want to track a target across all the collection you had on the person. But that also includes upstream 702, which may be part of the problem upstream became such a problem.

US Person Queries

Finally, there are the queries using US person identifiers that, for some reason, were improper under the guidelines first approved in 2011. As I’ve noted, these have been a consistent problem since at least 2013. The Semiannual Report acknowledges this, or at least the problems with searching upstream 702 data, which was prohibited in the 2011 guidelines.

(U) Additionally, as noted in prior Joint assessments, the joint oversight team believes NSA should assess modifications to systems used to query raw Section 702-acquired data to require analysts to identify when they believe they are using a United States person identifier as a query term. Such an improvement, even if it cannot be adopted universally in all NSA systems, could help prevent compliance instances with respect to the use of United States person query terms.59 NSA plans to test and implement this recommendation during calendar year 2016. The new internal compliance control mechanism being developed for NSA data repositories containing unevaluated and unminimized Section 702 information will require analysts to document whether the query being executed against the database includes a known United States person identifier. Once the query is executed, the details concerning the query will be passed to NSA’s auditing system of record for post-query review and potential metrics compilation. As part of the testing, NSA will evaluate the accuracy of reporting this number in future Joint Assessments.60

As you review the violations discovered in 2014 and 2015, remember that (as noted in the 2017 702 authorization), these results were in a period where NSA was just discovering far more pervasive problems with US person searches. As it is, in each quarter here, there were 10 or 11 inappropriate US person searches. In 2014, a number of those (2,5, 8, 17) were searches of 702 data using identifiers associated with US persons already targeted under Title I, 704, or 705(b). Just one (5) of the 2015 violations was approved for individual targeting, and that appears to be one of the earlier violations in the quarter (note it must have occurred in December 2014). That’s interesting, because this undated guideline on USP queries of 702 collections says any US person approved for individualized targeting or RAS (under the old phone dragnet) could be backdoor searched. It seems likely, then, they changed the policy in 2015 (which is particularly alarming, given that they did so just as NSA was moving towards discovering how bad their upstream searches were. In other words, they seem to have made legal one of the practices that was coming up as a violation.

These violation descriptions are also interesting for the (often redacted) specificity about the kind of selector used, sometimes described as email, telephony (which could include messaging), and in others as “facilities” (which might include cookies or IPs). That’s an indication of the range of identifiers under which you can search 702 data, which is in turn (because 702 searches are all supposed to derive from PRISM collection) a testament to the kinds of things that get turned over in PRISM returns.

Of the violations described, just one obviously pertains to the search on an identifier for which the authorization had expired. That’s interesting, because searches on expired warrants appeared far more frequently in past reports. Significantly, the IG Report reviewing compliance 704/705(b), which reviewed queries for two months that overlapped with the 2015 report at issue (January and February 2015; the compliance report included December 2014 whereas the IG Report included March 2015), did find persistent problems with expired authorizations, but in EO 12333 data (suggesting FISA queries might have fixed earlier such problems). But the discussion of these problems in Rosemary Collyer’s 702 reauthorization opinion shows that for one tool, 85% of 704/705(b) queries conducted from November 2015 through April 2016 — well after the later quarter covered here — were non-compliant. “Many of these non-compliant queries involved use of the same identifiers over different date ranges.” NSA was unable to segregate and destroy the improper queries. That’s perhaps unsurprising, because as late as April 2017, the NSA was still having difficulties identifying all the queries run against 702 data.

And in spite of the reports, from later 702 reporting that some of the 704/705(b) queries of 702 did not get included in auditing systems, a good number of these violations were not discovered by analysts (as often happened with improper queries) but by auditors, suggesting the violations may have had an impact on US persons.

All that said, there’s not all that much there there, aside from the sheer number (which the Semiannual report seems to think is just NSA’s serial refusal to fix the problem of default search settings). These two snap-shots of the 702 upstream query problem, capturing 702 collection in the period immediately before it started to blow up, are also an indication of how much ODNI/DOJ’s oversight of NSA (which is far more rigorous than the oversight than the same agencies give CIA and especially FBI) was missing.

Share this entry

The AlphaBay Jewish Community Center Bomb Threat of the Week Service

/13 Comments/in , /by

Back in April, the Department of Justice announced it had identified the perpetrator of at least some of the series of threats against targets that had terrified the Jewish community between January and March: Michael Ron David Kadar, an Israeli-American 18-year old, had allegedly placed at least 15 calls to different Jewish Community Centers and other targets this year. While it received less attention, DOJ also charged Kadar with swatting calls targeting secular schools in Georgia going back to August 2015.

The fact that Kadar, an Israeli Jew, was behind sowing terror throughout the Jewish community defied assumptions that the threats were motivated out of anti-Semitism. After all, why would a Jew seek to terrorize other Jews?

Except — as documents tweeted out by GWU’s Seamus Hughes yesterday make clear — the reality may be quite different.

Back in April, the FBI obtained a search warrant to search certain accounts on AlphaBay, the dark web marketplace taken down in July. It reveals that Israeli police seized a thumb drive in their search of Kadar’s room showing “THE ARCHIVE OF TARGETS.” Documents from the archive corresponded to the hoaxes launched against Jewish targets.

It then explains that an AlphaBay vendor working under the name Darknet_Legend — apparently run by Kadar — offered a “unique emailing service for all of you, I email bomb threats to schools on your request.” Emailed bomb threats cost $30 each, plus an extra $15 if you wanted to frame someone in particular for the hoax.

In June, a prosecutor asked the magistrate to unseal the earlier search warrant to facilitate the arrest of the person believed to have paid for at least one of the JCC bomb threats.

That ongoing investigation has identified a suspect believed to have ordered and paid for at least [sic] of the bomb threats made by Kadar. The FBI and local authorities in California intend to pursue criminal charges against the suspect. If they are successful in doing so, the local authorities may need this warrant and/or it may be producible in discovery.

On July 17, the magistrate unsealed that warrant.

While it’s not yet clear who the CA target was or what has happened to him or her since June, it appears that Kadar only carried out the threats, at $30 a pop, for someone else.

Share this entry

Robert Mueller’s Grand Jury and the Significance of Felix Sater

/25 Comments/in , , , /by

In response to Monday’s server hiccups and in anticipation that Mueller is nowhere near done, we expanded our server capacity overnight. If you think you’ll rely on emptywheel reporting on the Mueller probe, please consider a donation to support the site

The world is abuzz with the news that Robert Mueller has impaneled a DC-based grand jury that he used to subpoena information on the June 9, 2016 meeting between Don Jr., Paul Manafort, Jared Kushner, and some Russians promising dirt on Hillary Clinton. In reality, the Special Counsel had already been using a grand jury to get information on Mike Flynn and Paul Manafort and we should always have expected a dedicated grand jury.

Nevertheless, the move has convinced the chattering classes that this investigation is for real.

This comes as a surprise to people, apparently, after reports of Mueller’s 16th hire, illegal foreign bribery expert Greg Andres. It’s almost as if people haven’t been making sense of where Mueller is going from the scope of his hires, which include:

  1. Mob specialists: Andrew Weissman and Lisa Page are mob prosecutors.
  2. Fraud specialists: Weissman and Rush Atkinson are also fraud prosecutors.
  3. Corporate crime specialists: Weissman also led the Enron Task force. One of Dreeben’s key SCOTUS wins pertained to corporate crime. Jeannie Rhee has also worked on white collar defense.
  4. Public corruption specialists: Mueller hired someone with Watergate experience, James Quarles. And Andrew Goldstein got good press in SDNY for prosecuting corrupt politicians (even if Sheldon Silver’s prosecution has since been overturned).
  5. International experts: Zainab Ahmad, who worked terrorism cases in EDNY, which has some of the most expansive precedents for charging foreigners flown into JFK (including Russia’s darling Viktor Bout), knows how to bring foreigners to the US and successfully prosecute them in this country. Aaron Zelinsky has also worked in international law. Elizabeth Prelogar did a Fulbright in Russia and reportedly speaks it fluently. And, as noted, Andres has worked on foreign bribery.
  6. Cyber and spying lawyers: Brandon Van Grack is the guy who had been leading the investigation into Mike Flynn; he’s got a range of National Security experience. Aaron Zebley, Mueller’s former chief of staff at FBI, also has that kind of NSD experience.
  7. Appellate specialists: With Michael Dreeben, Mueller already has someone on the team who can win any appellate challenges; Adam Jed and Elizabeth Prelogar are also appellate specialists. Mueller’s hires also include former clerks for a number of SCOTUS justices, which always helps out if things get that far.

I lay this out there to suggest that in addition to hiring a bunch of super stars, Mueller also appears to have picked people for their expertise. Those picks reflect an already well-developed theory of the case, one formed long before he impaneled his own grand jury. And many of them boast expertise fairly distant from the question of foreign adversary’s hacking a political party’s server.

And I’d suggest there’s good reason for that.

Some of Mueller’s theory of the case undoubtedly comes from whatever evidence Jim Comey’s FBI and Van Grack’s grand jury had already collected, which at least publicly pertains to Mike Flynn’s disclosure problems, his comments to the Russians, and Paul Manafort’s money laundering. Some of it comes from stuff that was being investigated in NY.

But remember: Trump’s sordid ties to Russian mobsters (see categories 1, 2, 3, and 5) go back a long way. One of the best ways to understand what and how close some of those ties are is to look at the case of Felix Sater. Josh Marshall’s description here gets at a lot of the important bits.

Sater is a Russian emigrant who was jailed for assault in the mid-90s and then pulled together a major securities fraud scheme in which investors lost some $40 million. He clearly did something for the US government which the feds found highly valuable. It seems likely, though not certain, that it involved working with the CIA on something tied to the post-Soviet criminal underworld. Now Bayrock and Trump come into the mix.

According to Sater’s Linkedin profile, Sater joined up with Bayrock in 1999 – in other words, shortly after he became involved with the FBI and CIA. (The Times article says he started up with Bayrock in 2003.) In a deposition, Trump said he first came into contact with Sater and Bayrock in the early 2000s. The Trump SoHo project was announced in 2006 and broke ground in November of that year. In other words, Sater’s involvement with Bayrock started soon after he started working with the FBI and (allegedly) the CIA. Almost the entire period of his work with Trump took place during this period when he was working for the federal government as at least an informant and had his eventual sentencing hanging over his head.

What about Salvatore Lauria, Sater’s accomplice in the securities swindle?

He went to work with Bayrock too and was also closely involved with managing and securing financing for the Trump SoHo project. The Timesarticle I mentioned in my earlier post on Trump SoHo contains this …

Mr. Lauria brokered a $50 million investment in Trump SoHo and three other Bayrock projects by an Icelandic firm preferred by wealthy Russians “in favor with” President Vladimir V. Putin, according to a lawsuit against Bayrock by one of its former executives. The Icelandic company, FL Group, was identified in a Bayrock investor presentation as a “strategic partner,” along with Alexander Mashkevich, a billionaire once charged in a corruption case involving fees paid by a Belgian company seeking business in Kazakhstan; that case was settled with no admission of guilt.

All sounds totally legit, doesn’t it?

But there’s more!, as they say.

Sater’s stint as a “Senior Advisor” to Donald Trump at the Trump Organization began in January of January 2010 and lasted roughly a year. What significance that has in all of this I’m not sure. But here’s the final morsel of information that’s worth knowing for this installment of the story.

How exactly did all of Sater’s secret work and the federal government’s efforts to keep his crimes secret come to light?

During the time Sater was working for Bayrock and Trump he organized what was supposed to be Trump Tower Ft Lauderdale. The project was announced in 2004. People paid in lots of money but the whole thing went bust and Trump finally pulled out of the deal in 2009. Lots of people who’d bought units in the building lost everything. And they sued.

In other words, an FBI (and, possibly, CIA) informant had links with two of Trump’s business with ties to the Russian mob for — effectively — the entire extended Mueller tenure at FBI.

This is a point one of the few other people with reservations about Mueller as Special Counsel made to me not long ago. The FBI — Mueller’s FBI — has known about the ties between Trump’s businesses and the Russian mob for well over a decade. The FBI — Mueller’s FBI — never referred those ties, that money laundering, for prosecution in that entire time, perhaps because of the difficulties of going after foreign corruption interlaced with US businesses.

Now, in a remarkably short timeframe, former mob prosecutor Robert Mueller has put together a dream team of prosecutors who have precisely the kind of expertise you might use to go after such ties.

Because now it matters. It matters that the President has all these obligations to the Russian mob going back over a decade, because he can’t seem to separate his own entanglements from the good of the country.

Yes, Robert Mueller convened a grand jury and he has used it to go after the records of a meeting set up by one of Trump’s key Russian allies, Aras Agalarov, and his campaign, the guy who, at the very end of Mueller’s tenure at FBI, helped Trump stage the Miss Universe pageant in Russia, an event that may have marked significant new levels of Trump exposure to Russian compromise. But Mueller was on the trail of Trump and his Russian crime ties long before that. (The person with Mueller reservations actually wondered whether Trump himself wasn’t cooperating with the FBI in this period.)

Folks have made much of this exchange in the NYT’s long interview with Trump.

SCHMIDT: Last thing, if Mueller was looking at your finances and your family finances, unrelated to Russia — is that a red line?

HABERMAN: Would that be a breach of what his actual charge is?

TRUMP: I would say yeah. I would say yes. By the way, I would say, I don’t — I don’t — I mean, it’s possible there’s a condo or something, so, you know, I sell a lot of condo units, and somebody from Russia buys a condo, who knows? I don’t make money from Russia. In fact, I put out a letter saying that I don’t make — from one of the most highly respected law firms, accounting firms. I don’t have buildings in Russia. They said I own buildings in Russia. I don’t. They said I made money from Russia. I don’t. It’s not my thing. I don’t, I don’t do that. Over the years, I’ve looked at maybe doing a deal in Russia, but I never did one. Other than I held the Miss Universe pageant there eight, nine years [crosstalk].

SCHMIDT: But if he was outside that lane, would that mean he’d have to go?

[crosstalk]

HABERMAN: Would you consider——

TRUMP: No, I think that’s a violation. Look, this is about Russia. So I think if he wants to go, my finances are extremely good, my company is an unbelievably successful company. And actually, when I do my filings, peoples say, “Man.” People have no idea how successful this is. It’s a great company. But I don’t even think about the company anymore. I think about this. ’Cause one thing, when you do this, companies seem very trivial. O.K.? I really mean that. They seem very trivial. But I have no income from Russia. I don’t do business with Russia. The gentleman that you mentioned, with his son, two nice people. But basically, they brought the Miss Universe pageant to Russia to open up, you know, one of their jobs. Perhaps the convention center where it was held. It was a nice evening, and I left. I left, you know, I left Moscow. It wasn’t Moscow, it was outside of Moscow.

Technically, Trump was only asked about whether he’d consider Mueller’s review of finances unrelated to Russia to be outside his lane. But Trump largely answered it about Russia, about business deals — the condos, the pageant — with Russia going back to the time Mueller’s FBI would have been working with Felix Sater to learn about the Russian mob.

Yeah. It’s no surprise Mueller has impaneled a grand jury.

Share this entry