Employer Rupert Murdoch Turned Out to Be a More Important Tucker Carlson “Spy” Than the NSA

/115 Comments/in , , /by

In a piece that I otherwise find unpersuasive, Josh Marshall argued that the reports that Fox News President Suzanne Scott didn’t tell Tucker why he was being fired explain why we’re getting such a conflicting range of explanations for his summary shit-canning.

It’s been reported that Suzanne Scott, CEO of Fox News, didn’t tell Carlson why he was being fired when she gave him the news. If that’s true, that pushes me more to consider this possibility. It also might explain why you have all this miscellany of often contradictory theories and explanations about what “contributed” to the decision. Maybe no one at Fox has any idea and all the sources are basically speculating about possible vulnerabilities they believe must be the answer.

Axios reported that Scott made the decision with Lachlan Murdoch to fire Tucker Carlson Friday night, though other outlets more credibly report that Rupert was also personally involved.

Fox surely anticipated that Tucker would sue, which may be why Scott didn’t give Tucker an explanation for his firing, yet. But that has created a void of uncertainty about the firing.

It is true that Abby Grossberg, the former Tucker producer who has sued Fox in SDNY for the hostile work environment at Fox generally and specifically on Tucker’s show, and sued Fox in Delaware for how they dealt with her testimony in the Dominion case, has an incentive to emphasize her role in the firing (as she has). I agree with Opening Arguments that the DE suit is far more likely to be related (a paragraph from her SDNY suit that has attracted attention, in which Tucker seemingly speaks favorably about statutory rape, is not tied to her own complaints and was already public). But I also think that the DE suit also includes a bunch of stuff designed to leverage Fox’s legal exposure that has nothing to do with the actual complaint. Plus, Tucker has little to do with the main thrust of the complaint; Scott and other corporate people do, so firing Tucker won’t help. Also note, as far as I understand it, the recordings Grossberg referred to in her suit seem to be transcribed interviews not otherwise aired on TV, not private recordings of Tucker.

Of note, the claim that Tucker asked but Grossberg was unable to get a Proud Boy lawyer to claim the insurrection was caused by FBI informants, for example, makes no sense.

Upon information and belief, in early-March 2023, Mr. Carlson attempted to spin and manufacture another false narrative to defray blame from Fox News about the January 6th insurrection, this time, characterizing the Capitol attack as an FBI coup, and not the logical result of Fox News’s reckless 2020 election fraud coverage. Specifically, Mr. Carlson requested that his team investigate the ongoing Proud Boys trial, which he asserted was “taking forever” because the “Biden Administration [wa]s trying to hide the huge number of FBI spies it had placed in the group.” As Head of Booking, Ms. Grossberg was twice directed to reach out to Dan Hull, one of the defense attorneys representing the Proud Boys, who indicated to her that he was available to come on to the TCT show as a guest but emphatically denied Mr. Carlson’s theory. Instead, Mr. Hull insisted that “no one made my client go up the hill. The Proud Boys wanted to,” and the FBI angle Mr. Carlson sought to peddle was “on the conspiracy side.” When Ms. Grossberg relayed Mr. Hull’s message to Tom Fox, a Senior Producer for TCT and her superior, he blithely replied “That doesn’t fit with what Tucker is looking for. You’ll have to find someone else who will say that.” Ms. Grossberg was told to ask Mr. Hull yet again if he would reconsider, to which Mr. Hull replied, “Please just tell [Tucker], if I get on the show, I will walk out if he asks about the FBI setting it up. […] Blaming the FBI for Jan 6th doesn’t cut it.” Mr. Carlson then requested that Ms. Grossberg investigate whether any other defense attorneys, including Steven Metcalf, would tout the conspiracy on air.

Dominic Pezzola lawyer Roger Roots seems to have, as a primary purpose, floating the kinds of conspiracy theories that will attract attention on Tucker’s show or Jim Jordan’s committee. And in his closing arguments, Nick Smith made wild leaps to push the informant angle. So the lawyers willing to make these claims were certainly available (if unwilling to risk a gag order by going on TV). Plus, Tucker’s propaganda about January 6 long predated the Dominion exposure

But Grossberg’s claim might be where this claim, from the LAT, came from (which has, in turn, led to the improbable claim that Epps’ complaints about Tucker’s coverage played a key role).

Murdoch also was said to be concerned about Carlson’s coverage of the Jan. 6, 2021, insurrection at the U.S. Capitol. The host has promoted the conspiracy theory that it was provoked by government agents, and Carlson has called Ray Epps — an Arizona man who participated in the storming of the Capitol but did not enter the building — an FBI plant, without presenting any evidence.

Tucker’s conspiracy theories about January 6 have been far more unhinged than anything Fox has been sued for by a voting machine company, and that’s saying something. But, again, they’re not a recent development — back in June 2021, Tucker defamed Thomas Caldwell’s spouse Sharon based off an unsubstantiated conspiracy theory.

All of which leads me to suspect that this, also from Axios, may best explain what brought Fox to firing Tucker.

A slew of material was uncovered during pre-trial discovery that implicated Carlson. More information could be out there that could be legally damaging for Fox as it stares down more defamation cases.

None of the rest of Axios’ explanations make sense (as Grossberg’s DE suit does, Axios lists stuff that would not implicate Tucker personally). Many of the other public explanations make no sense.

But what does seem plausible is that between Dominion, Smartmatic, and Grossberg’s twin suits, Fox lawyers have spent a lot of time reading through digital records of Tucker’s statements. And — again, it seems plausible — one or many of the things they’ve seen there made it clear Fox could no longer sustain the legal exposure Tucker (and his Executive Producer Justin Wells, who was also shit-canned) represented, possibly even for reasons unrelated to any of the lawsuits.

There’s an irony here.

Back when Tucker first revealed that he had been picked up in NSA intercepts of texts and emails he exchanged with Russian go-betweens, he claimed the NSA was trying to take him off the air. That was in 2021, and his FOIA to the NSA suggested the contacts had gone back to January 2019. In his more recent March complaint that his efforts to cozy up to Putin got “spied on” by the NSA, he revealed the NSA had read his Signal texts, as well as the emails he sent purportedly setting up an interview with Putin.

For all his wailing that the NSA’s access to such comms was an attempt to get him fired, it didn’t happen.

But once Rupert’s lawyers reviewed Tucker’s communications, it did.

I’m not arguing that Tucker’s coziness with Putin got him fired (though Glenn Greenwald keeps complaining, in two languages, that Tucker was fired for falsely claiming that members of the African People’s Socialist Party were arrested because of their opposition to the Ukraine war, rather than because they were on the FSB payroll).

I’m stating a truism. In virtually all cases, “surveillance” of your communications by your employer can have a far more immediate and lasting impact than surveillance of your communications by the NSA.

Update: Daily Beast says the final straw was the number of times he called Sidney Powell the c-word.

Update: In comments, wasD4v1d referenced this Aaron Blake piece making a similar point.

Update: Murdoch property WSJ reports that one of the big factors was the disparaging comments Tucker made about others.

On Monday, Mr. Carlson’s famously combative stance toward members of Fox News management and other colleagues caught up with him, as the network abruptly announced it was parting ways with him, just minutes after informing Mr. Carlson of the change.

The private messages in which Mr. Carlson showed disregard for management and colleagues were a major factor in that decision, according to other people familiar with the matter. Although many portions of the Dominion court documents are redacted, there is concern among Fox Corp. executives that if the redacted material were to become public, it would lead to further embarrassment for the network and parent company.

[snip]

The Dominion court filings are filled with examples of him disparaging colleagues, from calling for the firing of Fox News reporter Jacqui Heinrich for fact-checking Mr. Trump’s false claims about the 2020 election to complaining about the network’s news coverage, including the decision to call Arizona for Mr. Biden on election night.

El Mo Drax’s Supersonic Rocket Ship Blowed Up

/159 Comments/in /by

Not exactly breaking news at this point, but the SpaceX Starship blew up after a successful launch this morning. Not entirely clear if it was inherent in the vehicle, or if it was intentionally taken out by SpaceX as it was malfunctioning. Either way, a disaster. From the New York Times:

“SpaceX’s Starship rocket exploded on Thursday, minutes after lifting off from a launchpad in South Texas. The spacecraft, the most powerful ever to launch, failed to reach orbit, but it was not a total failure for the private spaceflight company.

Before the launch, Elon Musk, the company’s founder, had tamped down expectations, saying it might take several tries before Starship succeeds at this test flight, which was to reach speeds fast enough to enter orbit before splashing down in the Pacific Ocean near Hawaii.”

As much as I dislike Musk, and trust me I have likely been doing so longer than most anybody, the SpaceX program is part and parcel of NASA now, and getting into, and out of, space is progress for the US and humanity. It really is “rocket science”, and it is not easy. There have always been things like this in the human approach to space. But no lives were lost this morning, and much was probably learned.

You could tell there was something wrong though. There was film of the bottom of the giant rocket, and there were several of the 33 engine pods that were clearly not firing. Was that the catastrophic failure, or was there really a failure to separate stages? The news people do not seem to know, and neither do I.

The SpaceX term has been “rapid unscheduled disassembly”. Orwellian almost, but I guess. In short, it blowed up, by whatever mechanism.

Forget El Mo on this one, SpaceX is effectively part of the government now, and their effort should be supported.

All thanks to Moonraker by Ian Fleming and Supersonic Rocket Ship by Ray Davies and the Kinks.

How the Government Proved Their Case against John Podesta’s Hacker

/4 Comments/in , , , , /by

We’re almost seven years past the hack of the DNC, and self-imagined contrarians are still clinging to conspiracy theories about the attribution of that and related hacks. In recent weeks, both Matt Taibbi and Jeff Gerth dodged questions about the attribution showing Russia’s role in the hack-and-leak by saying that the Mueller indictment of twelve GRU officers would never be tested in court (even while, especially in Gerth’s case, relying on unsubstantiated claims in John Durham indictments from his two failed prosecutions).

And while’s it’s likely true that DOJ will never extradite any of those twelve men to stand trial, DOJ did successfully convict one of their co-conspirators on a different hack: the hack-and-trade conspiracy involving Vladimir Klyushin and accused John Podesta hacker, Ivan [Y]Ermakov.

(The Mueller indictment and Ermakov’s second US indictment, for hacking anti-doping agencies, transliterated his name with a Y, the Boston one does not.)

That trial provides a way to show how DOJ would prove the 2018 indictment if one of the twelve men charged ever wandered into a jurisdiction with an extradition treaty with the US.

As laid out at trial, between 2018 and 2020, the co-conspirators hacked two securities filing agencies, Toppan Merrill and Donnelly Financial, to obtain earnings statements in advance of their filing, then traded based off advance knowledge of earnings. Klyushin was one of seven people (two charged in a separate indictment, three who were clients of Klyushin’s company M-13) who did the trading. Ermakov didn’t trade under his own name. He may have been compensated for Klyushin’s side of the trades with a Moscow home and a Porsche. But at least as early as May 9, 2018, forensic evidence introduced at trial shows, an IP address at which Ermakov’s iTunes account had just gotten updates was used to steal some of the filings.

Ermakov did not show up in a courtroom in Boston to stand trial and Klyushin has launched a challenge to his conviction that rests entirely on a challenge to venue there. But the jury did convict Klyushin on the hacking charge along with the trading charges, meaning a jury has now found DOJ proved Ermakov’s hacking beyond a reasonable doubt.

And they did it using the same kind of evidence cited in the Mueller indictment.

The crime scene

Start with the crime scene: the servers of the two filing agencies victimized in the hack-and-trade, Toppan Merrill and Donnelly Financial.

According to the trial record, neither figured out they had been hacked on their own. As the FBI had tried to do for months beforehand in the case of the DNC, a government agency, the SEC, had to tell them about it. The SEC had seen a number of Russians making big, improbable stock trades from clients of the two filing agencies, all in the same direction, and wanted to know why. So it sent subpoenas to both companies.

As the DNC did with CrowdStrike in 2016, both filing agencies hired an outside incident response contractor — Kroll Cyber in the case of Toppan Merrill, Ankura in the case of Donnelly Financial — to conduct an investigation.

The lead investigators from those two contractors were the first witnesses at trial. Each explained how they had been brought in in 2019 and described what they found as they began investigating the available logs, which went back six months, a year, and two years, depending on the type and company. The witness from Kroll described finding signs of hacking in Toppan Merrill’s logs:

The Ankura witness described how they first found the account of employee Julie Soma had been compromised, then used the IP addresses associated with that compromise to find other employees whose accounts were used to download reports or other unauthorized activity.

In sum, the two incident response witnesses described providing the FBI with the forensic details of their investigation — precisely the same thing that CrowdStrike provided to FBI from the DNC hack. There’s not even evidence that they shared a full image of the filing agencies’ servers (though an FBI agent described going back to Donnelly to search for the domain names behind the intrusions that Kroll had found at Toppan Merrill), which was one of the first conspiracy theories about the DNC hack Republicans championed: that the FBI failed to adequately investigate the DNC hack because it didn’t insist on seizing the actual victim servers during the middle of an election.

The forensic evidence wasn’t the only evidence submitted at trial from the crime scene. One after another of the employees whose credentials had been misused testified. Each described why they normally accessed customer records, if at all, how and when they would normally access such records, and from what locations they might access corporate servers remotely, including their use of the corporate VPN. Julie Soma — the Donnelly employee whose credentials were used most often to download customer filings — described that she would never have done what was done in this case, download one after another filing from Donnelly customers in alphabetical order.

Q. Would you ever go from client to client and alphabetically access those types of documents?

A. No.

Both interview records from the Mueller investigation (one, two, three) and documents from the Michael Sussmann case show that the FBI did similar interviews in the DNC hack. The Douglass Mackey trial, too, featured witnesses describing how the Hillary campaign identified that attack on the campaign as well.

In proving their case against John Podesta’s hacker, DOJ presented witness testimony that eliminated insiders as the culprit.

Fingerprinting

Having established the forensic data tied to intruders through the incident response contractors, prosecutors then called FBI agents as witnesses to describe how — largely through the use of IP addresses obtained using subpoenas or pen registers and the materials found in the suspects’ iCloud accounts — they tied Klyushin’s company, M-13, to both the hacking and the trading.

The trading was fairly easy: the co-conspirators accessed the two online brokers used to execute the trades under their own names and from IP addresses tied to M-13. An SEC witness described in detail how trades always shortly followed hacks but preceded the public filing of earnings statements.

Tying M-13 to the hacking took a few more steps.

For the hacking conducted via the domains Kroll identified, the FBI first found the account that registered the domains. Each was registered under a different name, but each of the names were based on a Latvian-based email service and used similar naming conventions. Each had been accessed from the same set of 3 IP addresses.

For IPs that Kroll identified, the FBI found BitLaunch servers created by an account in the name of Andrea Neumann, which was controlled from one of the same IP addresses that had registered the domain names. The FBI got search warrants to obtain images of those BitLaunch servers.

Another IP address used to steal filings, several FBI agents explained, was from an Italian-run VPN, AirVPN. The FBI used a pen register to show that someone accessed AirVPN from the M-13 IP address during the same period when the AirVPN IP was stealing records from the filing companies. The FBI also showed that Klyushin had accessed his bank at the same time from that same IP address. The FBI also showed that eight common IP addresses had accessed Ermakov’s iTunes account and the AirVPN IP address (in this case, the access was not at the same time because the FBI only had a pen register on the VPN for two months in 2020). While FBI witnesses couldn’t show that the specific activity tied to an AirVPN IP at the victim companies tied back to M-13, they did show that both Klyushin and Ermakov routinely used AirVPN.

Plus there were the filing thefts — noted above — that were done on May 9, 2018 using the same IP address that, four minutes earlier, had downloaded an Apple update from Ermakov’s iTunes account. As I’ve noted repeatedly, before Ermakov was first indicted by Mueller, he had already left a smoking gun in the servers at Donnelly in the form of IP activity that the FBI obtained over a year later inside the US.

In fact, much of the evidence used to prove this case (particularly establishing the close relationship between the conspirators) came from Apple, including WhatsApp chats saved in Klyushin and other co-conspirators’ iCloud accounts. We know Mueller used the same source of evidence. In March of this year, emails stolen by hacktivists revealed, Apple informed another of the GRU officers charged in the DNC hack that the FBI had obtained material from his Apple account in April 2018, in advance of the Mueller indictment.

The indictment likely also relied on warrants served on Google, especially on Ermakov’s account. The Mueller indictment (as well as the later anti-doping one) attributes much of the reconnaissance conducted in advance of the hacks to Ermakov: the names of some victims; information on the DNC, the Democratic Party, and Hillary; how to use PowerShell (which would be used against Toppan Merrill); and CrowdStrike’s reporting on GRU tools. If he did this research via Google, it would all be accessible with a warrant served on the US tech company.

The getaway car

One pervasive conspiracy theory about the Mueller indictment stems from testimony that Shawn Henry gave to the House Intelligence Committee in December 2017, describing that Crowdstrike did not see the data exfiltrated from the DNC servers. Denialists claim that is proof that the information was never exfiltrated by the GRU hackers. The conspiracy theory is ridiculous in any case, since there were so many other Russian hacks involving so many other servers, including servers run by Google and Amazon that had a different kind of visibility on the hack (something that Henry alluded to in his testimony), and since the indictment describes that the DNC hackers destroyed logs to cover their tracks.

But the Klyushin trial featured testimony about a tool used in the hack-and-trade conspiracy that has a parallel in the DNC hack: the AMS panel, hidden behind an overseas middle server, which the Mueller indictment described this way:

X-Agent malware implanted on the DCCC network transmitted information from the victims’ computers to a GRU-leased server located in Arizona. The Conspirators referred to this server as their “AMS” panel. KOZACHEK, MALYSHEV, and their co-conspirators logged into the AMS panel to use X-Agent’s keylog and screenshot functions in the course of monitoring and surveilling activity on the DCCC computers. The keylog function allowed the Conspirators to capture keystrokes entered by DCCC employees. The screenshot function allowed the Conspirators to take pictures of the DCCC employees’ computer screens.

[snip]

On or about April 19, 2016, KOZACHEK, YERSHOV, and their co-conspirators remotely configured an overseas computer to relay communications between X-Agent malware and the AMS panel and then tested X-Agent’s ability to connect to this computer. The Conspirators referred to this computer as a “middle server.” The middle server acted as a proxy to obscure the connection between malware at the DCCC and the Conspirators’ AMS panel. On or about April 20, 2016, the Conspirators directed X-Agent malware on the DCCC computers to connect to this middle server and receive directions from the Conspirators.

[snip]

For example, on or about April 22, 2016, the Conspirators compressed gigabytes of data from DNC computers, including opposition research. The Conspirators later moved the compressed DNC data using X-Tunnel to a GRU-leased computer located in Illinois.

In the hack-and-trade conspiracy, the hackers set up a similar structure, using the servers given names like “developingcloud” and “finshopland” as reverse proxies, with a final server behind them all executing orders on the hacked servers at Toppan Merrill (and the implication is, Donnelly, though the forensics came from Toppan Merrill via Kroll). The “computers numbered 1 through 7” in what follows are the servers identified by Kroll stealing earnings filings from Toppan Merrill.

A. So this is a digital depiction of the servers that I examined on the right there, so they each have a number on them, 1 through 9.

Q. Let me focus you first on the computers numbered 1 through 7. Do you see them there?

A. Yes.

Q. Are they kind of in a sideways V configuration?

A. Yes.

Q. Okay. And what do computers 1 through 7 show on this Exhibit DDD?

A. They functioned as gatekeepers for the furthest machine to the right, server number 8.

Q. And when you say “gatekeeper,” is there a technical term for that?

A. Yes. So the technical term is a “reverse proxy.”

Q. Can you explain to the jury, in a easy for me to understand way, what a reverse proxy or gatekeeper is in this chart, 1 through 7.

A. Yes. So in this chart, it would function — so the seven that are in that V formation, they would pass traffic to server number 8, if it was coming from an infected machine; and if it was something else, it would send the traffic to some other website.

This structure would have made it impossible for Toppan Merrill to understand the source or function of the anomalous traffic on its servers because any attempt to do so would be redirected away from the control server.

But not the FBI, because they obtained images of the servers with a warrant.

The forensic witness describing this structure showed, command by command, that the forensic clues identified by Kroll on the Toppan Merrill servers were controlled via that final server running PowerShell (the same tool that Mueller alleged Ermakov researched during the DNC hacks in 2016).

Q. And is there something on this log that you found that tells you the name of the program that was running on the victim’s computer at Toppan Merrill?

A. Yes, the process name line, and that reads rdtevc.

Q. And is process another name for computer program?

A. Yes.

Q. So this is a log that shows that a program named RDTEVC was running on a Toppan Merrill computer, right?

A. Yes.

Q. But it’s stored in the hacker computer?

[snip]

Q. And what does PowerShell do? You can call it anything, right? You can call it RDTEVC?

A. That’s probably a randomly chosen name.

Q. But no matter what it’s called, what does it do?

A. So it allows it to be remotely controlled and accessed.

Q. Allows what to be remotely controlled and accessed?

A. The infected machine.

The same forensic expert explained that he didn’t find any downloads of stolen files.

But he also explained why.

He had also found secure tunnels, readily available but similar in function to a proprietary GRU tool Crowdstrike found in the DNC server. As he described, these would be used to transfer data in encrypted form, making it impossible to identify the content of the data while it was in transit.

Q. Mr. Uitto, are you familiar with the concept of exfiltration?

A. Yes.

Q. Big word, but what does it mean?

A. It means to steal data, take data.

Q. And in your review, did you find evidence — you told Mr. Nemtsev you didn’t find evidence of the taking of data from the victim computers to these particular hacker servers; is that right?

A. That’s right, but I did see secure tunnels that were created.

Q. So when you say there were secure tunnels, were you able to tell what was going through those secure tunnels?

A. No.

Q. Those were encrypted, right?

A. Yes.

Q. So you actually don’t know whether or not there was financial information in those tunnels?

A. That’s correct.

Q. Or sports scores or anything?

A. That’s correct.

Q. It’s encrypted.

A. Yes.

[snip]

Q. What role does encryption serve in this hacker architecture?

[snip]

A. Yes, so it can be used to hide data or information.

Q. So if it’s encrypted, we can’t know what’s being passed?

To prove the hack, you would have to — and FBI did, in both cases — prove that the stolen data made it to the end point.

This testimony is important for more than explaining where you’d need to look to find proof of a hack (at the end points). It shows the import of understanding not just the crime scene and those end points, but the infrastructure used to control the hack and exfiltrate the data. With both the hack-and-trade conspiracy and the hack of the DNC, the FBI got forensics about the victim from the incident response contractors, but they obtained the data from these external servers directly, with warrants.

The denialists looking for proof in the DNC server were focused on just the crime scene, but not what I’ve likened to a getaway car, one to which the FBI had direct access but Crowdstrike did not.

Follow the money

Another specialized kind of fingerprint prosecutors used to prove the case against Klyushin parallels the one in the Mueller indictment (and, really, virtually all hacking cases these days): the cryptocurrency trail. As the Mueller indictment explained, the hackers who targeted the DNC used the same cryptocurrency account to pay for different parts of their infrastructure, thereby showing they were all related.

The funds used to pay for the dcleaks.com domain originated from an account at an online cryptocurrency service that the Conspirators also used to fund the lease of a virtual private server registered with the operational email account [email protected]. The dirbinsaabol email account was also used to register the john356gh URL-shortening account used by LUKASHEV to spearphish the Clinton Campaign chairman and other campaign-related individuals.

[snip]

For example, between on or about March 14, 2016 and April 28, 2016, the Conspirators used the same pool of bitcoin funds to purchase a virtual private network (“VPN”) account and to lease a server in Malaysia. In or around June 2016, the Conspirators used the Malaysian server to host the dcleaks.com website. On or about July 6, 2016, the Conspirators used the VPN to log into the @Guccifer_2 Twitter account. The Conspirators opened that VPN account from the same server that was also used to register malicious domains for the hacking of the DCCC and DNC networks.

By following the money, prosecutors were able to show the jury how these pieces of infrastructure fit together.

In the case of the hack-and-trade, the conspirators did nothing fancy to launder the cryptocurrency used in the operation. The servers obtained in the name of Andrea Neumann were paid using three successive cryptocurrency accounts, each with different names but accessed from the same IP address. The third name was Wan Connie. An interlocked Wan Connie email account had been accessed from M-13’s IP address. So while the cryptocurrency itself couldn’t tie the conspirators to the hack, the interlocked infrastructure did.

The conspiracy

To prove the hack, prosecutors at trial showed how the FBI had used evidence from the crime scene, the “getaway” car, the money trail, and evidence obtained at the end point from iCloud accounts to tie the hack back to Ermakov personally and M-13 more generally. The biggest smoking gun came from matching the IP addresses to which Ermakov got his iTunes updates to the infrastructure used in the hack (or, in the case of the May 9, 2018 thefts, directly to someone exploiting Julie Soma’s stolen credentials.

All that was left in the Klyushin case was proving the conspiracy, showing that Klyushin and others had used this stolen information to make millions by trading in advance of earnings announcements. This would be the functional equivalent of tying the records stolen from Democrats (and some Republicans) to their release via Guccifer 2.0, dcleaks, and WikiLeaks.

At Klyushin’s trial, the government proved the conspiracy via two means: an SEC analyst presented a bunch of coma-inducing analysis showing how the trades attributed to online brokerage accounts that Klyushin and others had in their own names lined up with the thefts. The analyst explained that odds of seeing those trading patterns would be virtually impossible.

More spectacularly, prosecutors introduced Klyushin’s role with a bunch of pictures establishing that he was “besties” with Ermakov (and, eventually, that there were unencrypted and encrypted communications, along with a picture of Klyushin’s yacht, sent via Ermkaov to two guys in St. Petersburg who didn’t work for M-13 but who were making the same pattern of trades); I looked at some of that evidence here. One picture found in Klyushin’s account showed Ermakov, crashed on a chair, wearing an M-13 sticker, taken in the same period as some of the logs provided by Kroll showed hacking activity. About the only thing the FBI found in Ermakov’s iCloud account was the online brokerage account used to execute the insider trading, in Klyushin’s name, but that tied him to the trading side of the conspiracy.

As their trades began to attract attention, Ermakov and another M-13 employee attempted to craft cover stories, evidence of which prosecutors found via Apple. Prosecutors even introduced Threema chats in which Ermakov told Klyushin, his boss, not to share details about their trading clients or he might end up a defendant in a trial.

He did.

And at that trial, prosecutors were able to prove a hacking conspiracy against Klyushin using evidence and victim testimony from the crime scene, but also from other data readily available with a subpoena or warrant inside the US.

Update: Tweaked language describing secure tunnels.

Rudy Giuliani Claims He’s Shooting Blank Documents

/70 Comments/in , , /by

Ruby Freeman and her daughter Shaye Moss have, as Beryl Howell invited them to do, moved to compel Rudy Giuliani to comply with discovery in their defamation lawsuit. The two 2020 Georgia election workers sued for the damage caused by the lynch mob Rudy summoned by falsely claiming they were attempting to steal votes after he saw a video showing Moss passing her mother a ginger mint.

The motion and all its exhibits are here.

What seems to be happening is that Rudy, having had his phones seized in 2021 and successfully avoided — thus far — charges for his Ukraine influence-peddling, is deliberately slow-walking discovery here to avoid identifying any devices or records that prosecutors can use in that investigation, the Georgia investigation, or Jack Smith’s January 6 one, all while sustaining a story that is already starting to fall apart.

As described in the motion to compel, Rudy’s non-compliance has included:

  • Refusing to turn over any phone or financial records
  • Refusing to explain what accounts and devices he has included in his searches
  • Failing to search for texts and messaging apps from the phones seized in 2021
  • Providing discovery based on much earlier requests from the January 6 Committee and Dominion’s lawsuit against him, rather than the requests from Freeman’s lawyers
  • Providing documents on Hunter Biden along with one Pentagon City Costco receipt
  • Others — like Bernie Kerik and Christina Bobb — similarly refusing to comply
  • Claiming, then disclaiming, reliance on “unknown GOP operatives” for the false claims made about Freeman
  • Refusing to describe how he became aware of the surveillance footage on which he based his false claims about Freeman and Moss

As a reminder, back on April 21, 2021, DOJ obtained a warrant for around 18 of Rudy’s phones in conjunction with the investigation into Rudy’s Ukrainian influence peddling that Bill Barr had successfully obstructed. By September of that year, DOJ had convinced Judge Paul Oetken to have Special Master Barbara Jones to review all the contents on his phones, not just that pertaining to the Ukraine warrants. Since then, I’ve been arguing that DOJ could — and at this point, almost certainly has — obtained that content for use in the January 6 investigation.

Dominion sued Rudy back in 2021. The January 6 Committee subpoenaed Rudy in January 2022 and interviewed him in May 2022. Those are the discovery requests on which Rudy is attempting to rely in this suit, rather than doing searches specific to the requests made by Freeman’s lawyers.

But after May 2022, Rudy’s exposure in Georgia went up. In addition to Freeman’s lawyers filing their amended complaint on May 10, 2022, Fani Willis convened her grand jury on May 2, 2022, subpoenaed Rudy to testify in June 2022, and he testified in August. It is virtually certain that Rudy gave answers to Willis — at the very least, about what he knew of Trump’s call to Brad Raffensperger on January 2 — that subsequent testimony has since disputed and on which topic he has since amended his interrogatory response.

The materials in this motion reveal that Rudy’s lawyer in this matter (Joe Sibley — who represented Christina Bobb in a J6C deposition that conflicts with Rudy’s answers here, though Robert Costello was present for Rudy’s March deposition) at first promised thousands of documents to Freeman’s lawyers, while claiming that most documents would be unavailable because of the Special Master process tied to the Ukraine investigation. Last July 12, Rudy provided 1,269 documents he had also turned over to Dominion’s much earlier request, which Freeman’s lawyers describe as, “his first and only substantial document production to date.”

Then, on August 3, Robert Costello made a showy announcement that SDNY had ended the Special Master process, which is not the same thing as getting a letter that he’s not a subject of that investigation anymore. Shortly thereafter, Freeman’s attorneys pointed out that the excuse Rudy had been using to limit his discovery in this case was no longer operative. He had the phones that — he claimed — included all his communications from the period during which he had started the conspiracy theories about Freeman.

After that showy announcement from Costello on August 3, things changed dramatically. In September, Sibley told Freeman’s lawyers there were 18,000 documents relevant to discovery in the materials seized from his phone. A month later, he said there were 400. In October, Rudy turned over 177 of those documents, 51 of which were blank. Since then, Sibley seems to have provided answer after answer that amounted to throwing up his hands when describing the state of Rudy’s discovery.

Rudy is quite literally attempting to claim he can only shoot blank documents in hopes of getting through this discovery process.

In his March 2023 deposition, Rudy claimed that the physical phones returned by SDNY — which he says only happened in August — were “wiped out.” What actually seems to have happened is that he hasn’t figured out how to access the content saved to the cloud by discovery vendor TrustPoint, and may not have tried to access the phones themselves, which I believe Costello had publicly claimed to have been returned earlier last year.

But far and away the best way to understand his answers are that, first of all, he and Bobb gave materially inconsistent answers while being represented by Sibley, most notably on the topic of whether they participated in the Brad Raffensperger call, which Bobb said they did and Rudy originally claimed — and presumably claimed to Fani Willis’ grand jury — that they had not.

Just as importantly, Rudy may be aware of both messaging apps and phone accounts that he’s not certain prosecutors in SDNY, Georgia, or DC have identified, so he’s refusing to be forthcoming about all the devices and phone accounts he used. There are probably communications from his phones that Costello successfully claimed were privileged during the SDNY Special Master process, which would be obviously crime-fraud excepted in any proceeding before someone who knows the January 6 investigation well. Prosecutors in both SDNY and DC will be able to tell after a quick review of exhibits included with this motion to compel whether Rudy’s claims about the status of the phone content from TrustPoint are accurate.

And therein lies the risk of the game that Rudy is playing.

This would be an obviously bullshit response before any judge, including Carl Nichols (who is presiding over the much more leisurely Dominion suit against Rudy).

But by luck of the draw, he’s attempting this stunt before Beryl Howell, who even on good days does not suffer fools at all, much less gladly, and who until just a month ago was the Chief Judge presiding over all the grand jury proceedings in DC, including the January 6 investigation. She’s one of just two or three judges who knows whether DOJ asked for and obtained a warrant to get the stuff from Rudy’s phones in SDNY. If they did (and I’d bet a very good deal of money they did), she would have seen an affidavit explaining in what form DC USAO understood that phone content to be, and if they did, she has likely overseen discussions about any further attorney-client protections DOJ had to adhere to. If DC USAO obtained warrants for other cloud content, she might also know about any accounts that Rudy is not disclosing to Freeman, including those whose email and phone accounts Rudy consistently used as a proxy. She likely has a sense of how many phone accounts DOJ has identified for Rudy, none of the call records of which would be subject to attorney-client protection. She may know of other aliases that Rudy used in his assault on the election.

Rudy is pulling this contemptuous stunt in front of the one judge who may know the extent to which he’s bullshitting.

Which may be why, at a few points in Freeman’s Motion to Compel, her attorneys note that they’re only asking for modest relief, basically just leverage to get Rudy to actually answer the questions, as well as attorney fees for their time he has wasted.

But Judge Howell? Well, if she wants to use her discretion to provide expanded relief, Freeman’s lawyers say, they’d be open to that too.

The relief Plaintiffs seek in this Motion is narrow, while recognizing that the Court in its discretion may enter additional forms of relief, including sanctions. Plaintiffs reserve all rights relating to seeking expanded forms of relief in the future.

At this point, there are at least two criminal investigations into Rudy and two civil suits — January 6, Georgia, Dominion, and this suit. Even before reviewing his J6C transcript, it’s easy to identify plenty of ways his evolving answers here, amended in part because of inconsistent testimony given before the J6C, conflict with what he must have answered before the Georgia grand jury, which could start issuing indictments any day.

Juggling all that legal exposure would be difficult for a sober, organized man with little real legal exposure.

For Rudy, though, this insane approach may be, at best, a futile attempt to limit the damage this civil case can do to his criminal exposure.

Jack Teixeira: Leak Dumps Don’t Care about (the Story You Tell about) Motive

/49 Comments/in , /by

Dan Froomkin says reporters should call Jack Teixeira’s release of highly classified documents “theft,” not a leak, distinguishing “public-spirited” leakers from “self-serving … thieves.” Spencer Ackerman muses that Teixeira, “leaked for that most ineffable thing, something nonmaterial but nevertheless hyper-real in the logic of the poster, and particularly the right-wing-chud poster: clout.” Charlie Savage suggests something distinguishes this case, legally, from those of everyone else (among a limited subset) who took classified information. Glenn Greenwald has been all over the map, in one breath calling this, “a bullshit leak, despite some relevant docs, the impact of which has been severely overblown from the start,” but then applauding Tucker Carlson’s focus on the altered casualty numbers in Ukraine and Tucker’s claims that even Fox has factchecked as an example of, “the significant revelations these leaks provide.”

Now he’s just making shit up about WaPo and NYT hunting down Teixeira, shit that a quick reading of the arrest affidavit readily debunks, shit that ignores that WaPo’s source(s) for hundreds of still-unpublished documents, at least, are one or more of the Discord chat kids, to whom WaPo has given source protection (that will be utterly meaningless in the face of the subpoenas already served).

A bunch of people who made their careers because a young, narcissistic IT guy stole a shit-ton of records about which he had little personal expertise — some incredibly important, a great many useful only to America’s adversaries — seem to be uncertain what to make of Jack Teixeira, who, early reports at least suggest, is an even younger narcissistic IT guy who stole a smaller shit-ton of records about which he had even less personal expertise, some newsworthy, some useful primarily to America’s adversaries.

We will likely have the rest of Teixeira’s young life to get a better understanding of why he allegedly did what he did, which may well be very different than what he told the kids in the Discord chat rooms about why he did what he did, who in any case are entirely unreliable narrators. But then, they may be no more unreliable, as narrators, than Greenwald is about Edward Snowden, and for a similar reason: because their identity is wrapped up in a certain narrative about this dude.

Since this age of the leak dump started, journalists have been sustaining self-serving stories about what leak dumps really are.

That Ackerman treats Josh Schulte’s hack-and-dump in the same breath as the leak dumps of Chelsea Manning or Edward Snowden, calling Teixeira’s leaks, “something different than the Snowden leaks, Manning leaks or, say, the Vault 7 hack,” is a great example of that. At trial, Schulte didn’t so much claim he was a whistleblower as he was a scapegoat, someone the CIA already hated to blame for an embarrassing compromise. But in his second trial, in the course of representing himself, he performed precisely what the government said he was: a narcissistic coder — KingJosh, he called himself — exacting revenge for the escalating personnel problems he caused after his manager moved his desk. “I think you are playing into the government’s theory of the case,” Judge Jesse Furman warned in a sidebar during Schulte’s cross-examination of a former supervisor, “by making clear to the jury that even today you remain aggrieved by you as being mistreated.”

Vault 7 was not a noble leak. It was an epic act of nihilism. A man-boy retaliating because he couldn’t get his way at work.

And except for security researchers in the business of attributing CIA hacks, the Vault 7 files weren’t all that newsworthy, either — though they did give Julian Assange a way to pressure the Trump Administration. Plus, the fate of both the Vault 7 files during the nine months between leak and publication, during a period when Assange was a key part of a Russian influence operation, as well as the Vault 8 source code included in Schulte’s guilty verdict, remains unknown. In a letter attempting to exonerate himself (even while exposing the protected identities of several colleagues), Schulte himself described the value that the source code would have for Russia, particularly during that nine month window before the CIA learned Schulte had hacked them:

So much still unknown, and with potential (yet unconfirmed) link between wikileaks and Russia–Did the Russians have all the tools? How long? It seems very unlikely that an intelligence service would ever leak a nation’s “cyber weapons” as the media calls them. These tools are MUCH more valuable undiscovered by the media or the nation that lost them. Now, you can secretly trace and discover every operation that nation is conducting.

I don’t imagine that these issues were what Ackerman had in mind, when comparing Schulte to Manning and Snowden, but perhaps he should give some thought to why he believes otherwise.

Meanwhile, Marjorie Taylor Greene is already creating a heroic myth about Teixeira not all that dissimilar from the myths WikiLeaks spun about Schulte that Ackerman appears to still believe.

Maybe, like Chelsea Manning, a struggle with his own demons made Teixeira more apt to leverage classified records to win the adulation of a bunch of teenagers. Or maybe, like Schulte, he really is the racist shithole he sounds like.

Or both.

We may never learn how much damage these leaks did such that we could adequately balance their value against their cost. We will undoubtedly get inflammatory claims from prosecutors if Teixeira is ever sentenced, which may or may not be backed by some damage assessment that will get declassified in a decade or three.

Because it’ll be some time before we really understand this guy, because journalists seem to be struggling to understand how to treat him, I thought it worthwhile to lay out some lessons I have learned from covering leak-dumps for 15 years, lessons that have resulted in a radically different view than the Manichean belief in good dumps or bad dumps others have.

Leak dumps don’t care about all that.

In what follows, I’m not questioning the value of (some) of Snowden’s and Manning’s leaks. I’m saying that some of the people most closely involved haven’t taken a step back, in the decade since, to see what we’ve learned since, including some things these celebrated leakers have in common with what we know, so far, of Teixeira.

It’s worth distinguishing leaks from people knowledgable about what they’re leaking

Those who’ve worked on past leak dumps like to compare the leakers with Daniel Ellsberg, a comparison Ellsberg has welcomed.

But for most, there’s something that clearly distinguishes this later group of leakers: many don’t have expertise on the specific files they’re leaking.

Indeed, several of these leakers obtained new jobs while they were already contemplating leaking (or, in Snowden’s case, long after he had started collecting documents to leak). Several took files entirely unrelated to their jobs.

By comparison, Ellsberg was a PhD who leaked the Rand study he worked on himself.

To the extent that prior leak dumpers leaked files they didn’t have specific reason to want to expose, they often did so out of a generalized malaise, usually stemming from America’s war on terror policies. While I think Manning and Daniel Hale’s reaction to the war on terror was just and righteous, and while Teixeira thus far seems like a badly misguided conspiracy theorist, the type of motivation, a general malaise about American conduct, may not be that dissimilar.

Similarly, Teixeira clearly doesn’t have the knowledge or maturity to make an ethical decision to leak these documents. But it’s not clear some of his predecessors did either.

False claims about authentic documents are still false claims

Over the years, Greenwald and others — most recently #MattyDickPics Taibbi — have completely collapsed the distinction between “true” and “authentic.” There’s a good deal of Snowden reporting, for example, that remains uncorrected. Ackerman even repeated one such error, from the Guardian’s report on PRISM, in his 2021 book — “the NSA could conduct what internal documents described as ‘legally-compelled collection’ from the servers—the exact form of access remains unknown”—of PRISM participants. [my emphasis] This description of getting data directly from tech companies’ servers came from a guy who was overselling the program, effectively a Deep State hypester snookering civil libertarian journalists to buy into his hype.

As Bart Gellman described in his own book, not only was the direct access misleading, but it distracted from the more important policy points of the Section 702 collection.

Companies that had declined to comment in advance, or had said nothing of substance, now issued categorical denials that any U.S. agency had “direct access” to their servers. I scrambled to reconcile those statements with the NSA program manager’s explicit words—repeated twice—in the authoritative PRISM overview. Later that night I found a clue in another document from the Snowden archive. There, in a description of a precursor to PRISM, I found a variation on Rick’s formula. “For Internet content selectors, collection managers sent content tasking instructions directly to equipment installed at company-controlled locations,” it said. That sounded as though the U.S. government black box was on company property but might not touch the servers themselves. I updated my story to disclose the conflicting information and the new evidence.

[snip]

The “direct access” question became a big distraction, rightly essential to the companies but not so much to the core questions of public policy.”

The Snowden reporters were under a real time crunch and unbelievable security pressure to report, so have a good excuse, but others don’t.

#MattyDickPics blithely started reporting on Twitter without first bothering to get the least understanding of what he was looking at and he still has never gotten records showing what requests Trump made of Twitter, the only thing close to real censorship in question. Yet because he has some screen caps to wave around, vast swaths of people believe his false claims.

The same is true of the “laptop.” Virtually the entire Republican Party has refused to distinguish between authentic emails on a hard drive allegedly obtained from a Hunter Biden laptop, and the authenticity of the laptop itself, even after people in Rudy’s orbit started altering that hard drive. To say nothing of whether provably authentic emails say what the GOP breathlessly claims they do, which so far, they have not.

As noted, Tucker has already magnified (with Greenwald applauding) two of the false claims about the documents that Teixeira released: the doctored casualty numbers put out by Russia, and misrepresentations about the role of Special Operations forces in Ukraine, which have been debunked by the same Fox News reporter that Tucker tried to get fired one of the previous times she corrected the network’s false claims.

Notably, I think one thing that is contributing to more accurate reporting based on these files is more hesitation from responsible outlets to publish or magnify the files themselves, while still using them as a basis for stories, though as WaPo races to beat its competitors that may be changing.

Documents can serve to distract

And that’s because authentic documents have, from the start of these leak dumps, often served to distract attention from the actual content.

As I noted the other day, FBI’s cooperating troll witness in the Douglass Mackey trial, Microchip, described unashamedly how the trolls ensuring the John Podesta emails would go viral in the last weeks of the 2016 election knew there was no there, there. But they also knew that so long as they could invent some kind of controversy out of them, they could suck the air out of substantive political coverage.

Q What was it about Podesta’s emails that you were sharing?

A That’s a good question.

So Podesta ‘s emails didn’t, in my opinion, have anything in particularly weird or strange about them, but my talent is to make things weird and strange so that there is a controversy. So I would take those emails and spin off other stories about the emails for the sole purpose of disparaging Hillary Clinton.

T[y]ing John Podesta to those emails, coming up with stories that had nothing to do with the emails but, you know, maybe had something to do with conspiracies of the day, and then his reputation would bleed over to Hillary Clinton, and then, because he was working for a campaign, Hillary Clinton would be disparaged.

Q So you’re essentially creating the appearance of some controversy or conspiracy associated with his emails and sharing that far and wide.

A That’s right.

Q Did you believe that what you were tweeting was true?

A No, and I didn’t care.

Q Did you fact- check any of it?

A No.

Q And so what was the ultimate purpose of that? What was your goal?

A To cause as much chaos as possible so that that would bleed over to Hillary Clinton and diminish her chance of winning.

In this model — the exact model adopted by the Twitter Files (and, frankly, virtually all of Trump’s tweets) — the actual documents themselves are just a hook for viral dissemination of the false claims made about the documents, just like most of the Twitter Files are.

Microchip even admitted that disinformation can increase buzz.

Q As you sit here today, back in that time period, did you like to get a rise out of people?

A Sure, yeah.

Q And that’s one of the reasons you posted things on Twitter; correct?

A Correct.

Q Was it your belief back then that disinformation increases buzz? A Um, disinformation sometimes does increase buzz, yes.

The claims about the documents don’t work like truth claims do; instead, they serve to short-circuit rational thought, making it far easier to believe conspiracy theories or intentional disinformation.

We’re seeing some of that now from the disinformation crowd, starting with Tucker and Greenwald.

You can’t always tell who is in a chat room

The Discord kids told WaPo there were “roughly two dozen” active members of the Discord chat room where Teixeira allegedly first released the documents, about half of whom were overseas, including in Ukraine and elsewhere in post-Soviet countries.

Of the roughly 25 active members who had access to the bear-vs-pig channel, about half were located overseas, the member said. The ones who seemed most interested in the classified material claimed to be from mostly “Eastern Bloc and those post-Soviet countries,” he said. “The Ukrainians had interest as well,” which the member chalked up to interest in the war ravaging their homeland.

But the affidavit to search Teixeira’s house says there were twice that many members, approximately 50. WSJ reports that the group was more pro-Russian than the Discord kids have thus far admitted. So while initial reports suggest this was not espionage, it’s far too early to tell either what Teixeira’s motive was or whether he was cultivated by someone else in his server, encouraged to leak certain kinds of documents just as Chelsea Manning was encouraged to seek out certain things over a decade ago.

That’s why I harped on this earlier: I’ve learned, both stuff that’s public and not, about how easily sophisticated actors can manipulate precisely the kinds of people, usually young men, who inhabit these kinds of chat rooms.

Foreign intelligence services have been searching out these opportunities, eliciting both criminal hacking and leaks, for at least a decade.

For example, the LulzSec hackers knew there were Russians in their chat rooms, but didn’t much care. But it might explain why some documents hacked as part of the Syria Leaks that would be particularly damaging to Russia never got published by WikiLeaks, even though multiple sets of the documents were shared with the outlet.

Even the FBI, with subpoena power, may have troubles identifying everyone who participated in a chat room. And if the FBI can’t do it, the teenagers involved likely can’t either. That’s especially true as operational security increases. Which means they may have no idea who they were really talking to, no matter what they tell the WaPo and FBI.

So while Teixeira paid for with this server with his own credit card, it has been shut down long enough that FBI may never be able to figure out who else was in the chat room, much less their real identity. So we may never know what happened before someone decided to ruin their lives by leaking documents with what inevitably will be inadequate operational security.

Which, in the case of Teixeira’s leaks, means we may not know all the people who got advance access to documents months before their publication on Twitter and Telegram alerted the IC about them, to say nothing of whether those people were nudging Teixeira for certain kinds of leaks.

No one controls what happens with dump leaks

Back in 2021, former Principal Deputy Director of National Intelligence Sue Gordon and former DOD Chief of Staff Eric Rosenbach seemingly confirmed that the files released by Shadow Brokers in 2016 and 2017 were obtained after two NSA employees, Nghia Pho and Hal Martin, brought them home from work; there’s no evidence that Pho, at least, ever tried to share them and no proof Martin did either.

In two separate incidents, employees of an NSA unit that was then known as the Office of Tailored Access Operations—an outfit that conducts the agency’s most sensitive cybersurveillance operations—removed extremely powerful tools from top-secret NSA networks and, incredibly, took them home. Eventually, the Shadow Brokers—a mysterious hacking group with ties to Russian intelligence services—got their hands on some of the NSA tools and released them on the Internet. As one former TAO employee told The Washington Post, these were “the keys to the kingdom”—digital tools that would “undermine the security of a lot of major government and corporate networks both here and abroad.”

If that’s right, it means the last most damaging leak to DOD wasn’t intentionally leaked at all, which makes it not dissimilar from the way that Teixeira reportedly intended just to share it with the guys in his Discord server. It was exfiltrated from NSA’s secure servers by employees (in Pho’s case, purportedly for work reasons), then stolen, then released.

In the wake of that discovery, DOJ seems to have started pushing to hold leakers accountable for the unintended consequences of their leaks. In a declaration accompanying Terry Albury’s sentencing, for example, Bill Priestap raised the concern that by loading some of the files onto an Internet-accessible computer, Albury could have made them available to entities he had no intention of sharing them with.

The defendant had placed certain of these materials on a personal computing device that connects to the Internet, which creates additional concerns that the information has been or will be transmitted or acquired by individuals or groups not entitled to receive it.

But it’s a lesson journalists don’t take seriously, except (in most cases) their own operational security. What happened to the source code of CIA hacking tools Schulte took? What happened to the damning files on Russia from the Syria leaks? Did Chelsea Manning envision the State cables she leaked would be shared with someone like Israel Shamir, who reportedly shared them, in turn, with Alexander Lukashenko’s regime in advance — the same kind of advance knowledge that Schulte himself reflected on?

Even the laudable, distinguishing aspect of Snowden’s leaks, that he gave them to journalists to determine what was in the public interest (an approach he abandoned when he described CIA infrastructure in his own book), is a double-edged sword. He made multiple copies of his files — most of which weren’t in the public interest — and handed the files to others, including at least one person, Greenwald, that Snowden knew had started out with epically shitty OpSec. We would never know if someone got some the Snowden files as a result unless, like Shadow Brokers or Teixeira’s leaks, someone started sharing them openly on Telegram.

The damage assessment and the reporting goes on

We are nine days into the public part of this leak and, thanks to WaPo reporters’ success at befriending the Discord kids, WaPo has obtained hundreds of otherwise unpublished documents. In addition to about eight background stories on the leaks and charges against Teixeira, WaPo currently has Discord Leak stories on: Taiwan’s military vulnerability, China’s surveillance balloonsSurveillance on Mexican cartels. There’s nothing that makes WaPo’s reporting more or less credible, more or less honorable, because Teixeira released these to show off to his buddies (if that is why he released them).

The Discord Leaks are a leak dump. They may have more in common with past leak dumps than a lot of past leak dump journalists would like to admit. Importantly, no matter what journalists would like to tell themselves, Teixeira’s motive, if he is the source, will have virtually no impact on the damage he does to US national security or the value those documents offer to the public good, both of which will be driven by the content of the documents and the details of any advance notice adversaries may have gotten.

And legally, Teixeira is going to be treated just like Chelsea Manning and Josh Schulte — which is to say, harshly, unless he decides to flip before prosecutors can build charges on another twenty documents and has information of value to prosecutors. That’s not surprising in the least. But — short of proving he knowingly shared these documents with an agent of a foreign power — nor will it be tied to his motive.

Leak dumps don’t care about motive.

Update: PwnAllTheThings’ analysis of the damage caused by the Discord leaks is worth reading. Along with noting that at least one human source has been put in danger by these leaks (as well as a bunch of SIGINT collection), he describes how these releases could have gotten a bunch of Ukrainians killed.

We don’t know yet if Teixeira wanted lots of Ukrainians to die as a result of his leak. But we definitely know he didn’t care if they did, and they certainly had the potential to cause colossal amounts of death—both military and civilian—in Ukraine, even if that huge potential was never fully realized.

Problems With The Standard Story Of The Revolutionary War And The Constitution

/61 Comments/in /by

Index to posts in this series

The standard story of the origin of our nation tells us that the Declaration of INdependence asserts that all men are created equal and naturally endowed with certain rights including the right to life, liberty and the pursuit of happiness; that the Revolutionary War was fought to uphold these principles; and that the principles are instantiated in the Constitution. We didn’t always live up to those principles but we’ve always worked towards them, and we get closer all the time. P. 9 et seq. In the first post in this series, we saw that the Declaration doesn’t fit well with the standard story. What about the Revolutionary War and the Constitution?

The Revolutionary War

Roosevelt doesn’t think there was a single cause for the War.

Different people sought independence for different reasons, and likely they sometimes said what they thought would advance their cause rather than what they truly believed. History requires interpretation, and a claim to possession of the one singular truth is a hallmark of ideology. P. 55.

The Declaration explains the decision of the Colonists to throw off English rule. It claims that governments derive their just powers from the consent of the governed. The Declaration complains that the King cut off trade between the Colonies and the rest of the world. It claims that the King ignores the laws and even the courts of the Colonists. The King attacks the Colonies directly, keeps a standing army in the Colonies, and quarters troops on the population. The King imposes taxes on the Colonies even though they are not represented in Parliament. The King stirs up the “merciless savages” to attack and murder the Colonists. The only reference to slavery is oblique: the King “… has excited domestic insurrections amongst us….”

No doubt one or more of these claims were a factor for some of the Colonists. The principle of consent itself may have motivated some of them. The listed claims may have motivated others. Perhaps some were motivated by a desire to bring about equality or at least to end slavery (Thomas Paine and Benjamin Franklin, for example.) Roosevelt points out that protecting slavery may have brought others into the war:

There isn’t much evidence supporting the idea that slavery was an issue. Of course just as people say things they don’t believe to advance their cause, others may keep quiet about their actual reasons if they would hurt the cause. There was little to be gained by saying we’re rebelling because we want to enslave people. Roosevelt suggests that

… for some of the Patriots, a desire to preserve slavery was one reason—and maybe a strong one—to declare independence[.] On its face, this is pretty plausible. Just as it seems unlikely that northern Patriots had slavery at the front of their minds, it is unlikely the southern ones didn’t have it at least at the back of theirs. P. 53.

In any event it’s hard to argue that the War was fought over the principle of equality for anyone except white men and especially white men with property. A telling detail: the British offered slaves freedom if they fought for the King. After the War the Colonists demanded the return to slavery of those people. The British refused.

Nor was the Revolution fought to advance a broad principle of equality. Roosevelt says that the statement that all men are created equal is a reference to the fictional state of nature assumed to exist in the beginning. The broader concept of equality would have to wait for the French Revolution and the Declaration of the Rights of Man and of the Citizen in 1789. It asserts that “Men are born and remain free and equal in rights.” This is a statement about real people living in real societies, not imaginary savages in the wild.

The Constitution

The Constitution was necessary because the Articles of Confederation failed to create a strong enough central government. The states were fighting among themselves, refusing to adhere to treaties, imposing trade restrictions and refusing to pay the debts incurred in the Revolutionary War. The preamble states the reasons for adoption of the Constitution, starting with “to produce a more perfect union”, and ending with “to secure the blessings of liberty to ourselves and our posterity.” Roosevelt says that the chief goal of the Constitution was unity, with liberty at the bottom of the list.

If the Constitution were actually about individual human rights, it would include provisions that protected the rights of individuals. It doesn’t. The Founders Constitution restricts the Federal Government’s right to intrude on the specific rights in the Bill of Rights, but the states were free to intrude as much as their own constitutions allowed. It took the 14th Amendment to change that, and to make the Federal Government the guarantor of individual rights against itself and against the states.

As to slavery, there are three provisions that directly or indirectly support its continuation: the Three-Fifths Clause, a provision barring the Federal Government from ending the international slave trade until 1808, and the Fugitive Slave Clause. Each of these cemented the power of the slave states.

The Three-Fifths Clause redressed the population imbalance between the slave states and the rest, allowing slaves to be counted at ⅗ of a person for purposes of calculating the number of Representatives allocated to each state. It worked with the provision giving each state two senators to insure a balance in the legislature between slave and free states. In addition it gave the slave states an edge in the Electoral College with respect to population. Thomas Jefferson would have lost the election of 1800 to John Adams without the Three-Fifths Clause. Ten of the first 12 presidents were slavers. P. 76.

The prohibition on ending the slave trade before 1808 enabled slavers to rebuild their holdings by importation after losses in the Revolutionary War. The British offered freedom to any slave who fought for the King, and thousands of slaves accepted this offer. Others escaped their bonds. The Colonists demanded return of these escapees, but the British refused. The outcome is that slave population rose from 697,497 in the first census of 1790 to 1,191,362 in the 1810 census.

The Fugitive Slave Clause says that slaves who escaped to a free state did not gain their freedom, and that the free state was required to return them to their enslavers. This was a big win for the slavers. Under the Articles, each state determined how it would treat slaves in their territory; in fact that rule remained in effect as to slaves brought to free states by their masters. The Constitution stripped the States of their right to decide the question of slavery as to escapees, which today we would call a violation of States Rights.

As South Carolina delegate Charles Cotesworth Pinckney boasted upon his return from the Constitutional Convention, “We have obtained a right to recover our slaves in whatever part of America they may take refuge, which is a right we had not before.” P. 79.

Discussion

1. The standard story has a central place in our understanding of ourselves as Americans, regardless of other political views. Other nations have national stories, but it seems like we put a lot of emphasis on this story and the two documents, more than citizens of other countries do.

2. One consistent element of our self-image as Americans is that we consent to our government. In prior posts I’ve discussed the theoretical idea of the social contract. That’s not what I’m talking about. We believe that government only works if people consent to it.

Apparently that belief is not shared by a substantial of Republicans today. In this they are like the secessionist Confederates, as Heather Cox Richardson shows.

“We do not agree with the authors of the Declaration of Independence, that governments ‘derive their just powers from the consent of the governed,’” enslaver George Fitzhugh of Virginia wrote in 1857. “All governments must originate in force, and be continued by force.” There were 18,000 people in his county and only 1,200 could vote, he said, “But we twelve hundred . . . never asked and never intend to ask the consent of the sixteen thousand eight hundred whom we govern.”

3. Regardless of what Jefferson meant with the phrase all men are created equal, today we flatly mean that we’re all born equal, we’re all entitled to equal rights, and that one function of government is to guarantee that equality.

Apparently that belief is not shared by a substantial number of Republicans.

It Is A Mad Mad World

/133 Comments/in /by

So, while some digital jackass named “Microchip” is dominating so much discussion here, let us talk about other things.

When I was a kid, I read Mad Magazine.

If I had to ride my training wheels bicycle there to the local store, I did. There were Playboys there on the shelf, and I did not even know that yet. I went for Mad. Alfred E. Neuman.

There were a lot of “illustrators” of Mad over the years, too many to go into currently, but (thank you Scribe) Al Jaffee was one of the most important.

“Microchip” is a blip, Al Jaffee spanned, and influenced, in a very good way, generations.

“I wanted to infect everything:” The Curiously Expert Pathologies of FBI Informant, Microchip

/18 Comments/in , , /by

I’ve now read the substantive transcripts in the trial of Douglass Mackey, the far right troll who was convicted last month of conspiring to violate the voting rights of Hillary voters in the 2016 election.

As I noted in my first write-up of the verdict, the case has lessons that remain quite pressing, as loud boys on, who own, and claim to be interested in regulating Twitter attempt to make the site more welcoming to far right election disinformation. I plan to write that up.

Before I do, though, I want to talk about Microchip, the cooperating witness who pled guilty to the same conspiracy as part of a cooperation agreement in 2022.

We first learned the FBI had a cooperating witness on March 8 of this year, when Judge Nicholas Garaufis ordered the government to unseal its request to keep its informant’s identity secret. The filings in that discussion did not describe much about the timing or scope of his cooperation, other than that those he is targeting have the technical skills that might lead to him being hacked if he were discovered.

The fact of the CW’s cooperation is sure to be seen by many in that community as a profound betrayal, with the result that, at a minimum, online harassment is bound to follow the CW should his or her identity become a matter of public record. That harassment can have negative consequences in and of itself. In addition, to claim that intense online attacks do not endanger a person’s physical safety is to ignore the reality of our current world, as evinced in common newspaper headlines. See, e.g., Sheera Frenkel, The Storming of Capitol Hill Was Organized on Social Media, N.Y. TIMES, Jan. 6, 2021, available at https://www.nytimes.com/2021/01/06/us/politics/protesters-storm-capitol-hillbuilding.html; Eric Lipton, Man Motivated by “Pizzagate” Conspiracy Theory Arrested in Washington Gunfire, N.Y. TIMES, Dec. 5, 2016, available at https://www.nytimes.com/2016/12/05/us/pizzagate-comet-ping-pong-edgar-maddisonwelch.html. It is simply (and regrettably) a fact of the times that many acts of politically motivated violence in current society arise from campaigns of online harassment.

Beyond the risk to the CW, the potential consequences include the disruption of the CW’s ongoing work with the FBI. It is certainly true that the nature of this work is online and anonymous, but, if the CW’s name and location were to become known, the CW would become a target for all who believe that they might be under investigation (whether they are or not). Given the technical proficiency of those with whom the CW associates, it is not difficult to envision multiple scenarios in which the CW’s online work could be jeopardized by way of a cyberattack (at a minimum).

Microchip’s identity can’t be that well protected. As soon as this pre-trial discussion was posted, Mackey’s lawyer, Andrew Frisch, contacted the government to tell them he had learned of the informant’s real identity independently (possibly via Anthime “Baked Alaska” Gionet) and at least one researcher I’ve spoken with since seems to have a plausible theory as to his real identity.

But I assumed, based on those filings, that Microchip had flipped in advance of Mackey’s arrest.

The actual details are more complicated — and a bit unpersuasive, as AUSA William Gullotta got Microchip to explain in his testimony on March 23.

The thing I find most unbelievable is Microchip’s claim that he only joined Twitter — in any capacity — in July 2015, just months before he started playing a central and expert role in expanding the reach of anti-Hillary trolling.

Q When did you start using Twitter?

A Back in around July of 2015.

Q When did you start using the alias Microchip on Twitter?

A Anywhere from November 2015 through March 2016, somewhere around there.

I find this claim so surprising because, in his description of his trolling, Microchip described the kind of Twitter expertise that normally takes years to build. And two 2017 articles celebrating Microchip’s expertise (Buzzfeed, Politico) describe that he exhibited expertise from the start of his identity in November 2015.

For example, Microchip described how — the implication is all of his engagement was Microchip — he used various levels of operational security to succeed in creating new accounts anonymously, from the start.

Q When you would set up your accounts, did you set them up anonymously?

A I did.

Q How do you go about doing that?

A Using virtual private networks or proxy IP address services.

Q What’s a virtual private network?

A It’s, basically, somebody who sets up servers across the world in different locations and then you can tie into that service so you appear as if you are at that location and then they feed the internet through that.

Q So it would mask your true location from Twitter?

A That’s right.

Q What other information did you need to provide to Twitter to set up a new account?

A Yes, you need an email address or a phone number or both.

Q So would you just set up anonymous email addresses —

A Oh, yeah, through Google, Gmail, you set up a account and then you set up a Google Voice account and then if you need to change a phone number on that, you pay ten bucks and you get a new phone Number.

His description of various means to exploit Twitter to inject extremist views into the mainstream come off as pathological … but extremely savvy.

Q And why would you want it to be on a trending list?

A Because I wanted our message to move from Twitter into regular society and part of that would be — well it’s based on the idea that, you know, back then maybe — I don’t know, 10 to 30 percent of the US population was on Twitter, but I wanted everybody to see it, so I had figured out that back then, news agencies, other journalists would look at that trending list and then develop stories based on it.

Q What does it mean to hijack a hashtag?

A So I guess I can give you an example, is the easiest way. It’s like if you have a hashtag — back then like a Hillary Clinton hashtag called “I’m with her,” then what that would be is I would say, okay, let’s take “I’m with her” hashtag, because that’s what Hillary Clinton voters are going to be looking at, because that’s their hashtag, and then I would tweet out thousands of — of tweets of — well, for example, old videos of Hillary Clinton or Bill Clinton talking about, you know, immigration policy for back in the ’90s where they said: You know, we should shut down borders, kick out people from the USA. Anything that was disparaging of Hillary Clinton would be injected into that — into those tweets with that hashtag, so that would overflow to her voters and they’d see it and be shocked by it.

Q Is it safe to say that most of your followers were Trump supporters?

A Oh, yeah.

Q And so by hijacking, in the example you just gave a Hillary Clinton hashtag, “I am with her,” you’re getting your message out of your silo and in front of other people who might not ordinarily see it if you just posted the tweet?

A Yeah, I wanted to infect everything.

Q Was there a certain time of day that you believed tweeting would have a maximum impact?

A Yeah, so I had figured out that early morning eastern time that — well, it first started out with New York Times. I would see that they would — they would publish stories in the morning, so the people could catch that when they woke up. And some of the stories were absolutely ridiculous — sorry. Some of the stories were absolutely ridiculous that they would post that, you know, had really no relevance to what was going on in the world, but they would still end up on trending hashtags, right? And so, I thought about that and thought, you know, is there a way that I could do the same thing.

And so what I would do is before the New York Times would publish their — their information, I would spend the very early morning or evening seeding information into random hashtags, or a hashtag we created, so that by the time the morning came around, we had already had thousands of tweets in that tag that people would see because there wasn’t much activity on Twitter, so you could easily create a hashtag that would end up on the trending list by the time morning came around.

Perhaps most chilling is his description of how participants in this anti-Hillary trolling knew there was nothing to the John Podesta emails they made the focus of their October 2016 trolling.

It didn’t matter. They didn’t care.

They were aiming to cause chaos to hurt Hillary’s chances of winning.

Q What was it about Podesta’s emails that you were sharing?

A That’s a good question.

So Podesta ‘s emails didn’t, in my opinion, have anything in particularly weird or strange about them, but my talent is to make things weird and strange so that there is a controversy. So I would take those emails and spin off other stories about the emails for the sole purpose of disparaging Hillary Clinton.

T[y]ing John Podesta to those emails, coming up with stories that had nothing to do with the emails but, you know, maybe had something to do with conspiracies of the day, and then his reputation would bleed over to Hillary Clinton, and then, because he was working for a campaign, Hillary Clinton would be disparaged.

Q So you’re essentially creating the appearance of some controversy or conspiracy associated with his emails and sharing that far and wide.

A That’s right.

Q Did you believe that what you were tweeting was true?

A No, and I didn’t care.

Q Did you fact- check any of it?

A No.

Q And so what was the ultimate purpose of that? What was your goal?

A To cause as much chaos as possible so that that would bleed over to Hillary Clinton and diminish her chance of winning.

Microchip was actually one of the people who, on October 30, 2016, brought the idea of getting Hillary voters to vote from home from 4Chan to the War Room where anti-Hillary trolls workshopped ways to make it more realistic and ensure that Trump voters wouldn’t also fall for the meme.

Text telling Hillary voters to tweet Hillary on November 8.

And, as he described it, during 2016, Microchip was paying up to $500 a month, between two services, to use bots to expand the reach of right wing trolling.

A Yeah, so one of the first services to kind of seed the followers was a service called Add Me Fast, A-D-D, M-E, F-A-S-T, and that service is kind of like a peer networking service where I would insert the tweet into that service, somebody else would insert a tweet and then, we would retweet each other’s information, right? And you could gain points doing that and, if you accumulate points, you can then expend those on likes, followers, retweets. So that service, I would spend sometimes $300 a month on it. That would give you around a thousand to three thousand retweets, likes, or follows.

[snip]

Another step is using Fast Followerz and that’s F-A-S-T and then F-O-L-L – – Q O-W-E-R-S? A Yeah, but it’s with a “Z,” it’s with a Z at the end. .com, yeah. And that service you spends like, a monthly fee of, you know, a hundred to two hundred, sometimes three hundred bucks a month. And they have control of all the bots, so you don’t actually retweet anything, but you put in your Twitter handle or you put in a tweet that you want to get retweeted, and the service that I would use would be 50 to a hundred followers, something like that, a day, and then those followers would also retweet or “like” my tweets anywhere from three to five times.

No one explained where Microchip came up with $500 a month to make anti-Hillary trolling go viral.

On cross-examination, however, Mackey’s lawyer, Frisch, did get Microchip to admit that when he started cooperating with the FBI on this case in 2021, he had both IRS and bankruptcy debts.

Also on cross, Microchip described that he’s not paid for any of the assistance he provides to the FBI — though as he prepared for the trial in February, he described liking the “structure” working with the FBI provided his life.

Q Without telling us what you’re doing, how often do you do this work for the FBI?

A As often as needed, essentially.

Q You’re not getting paid for it; right?

A That’s right.

Q In fact — in fact, you met with the FBI on or about February 23, 2023, earlier, about a month ago; do you remember that? Mr. Paulson was there, Mr. Gullotta was there. All three prosecutors were there.

A Yeah, I think that was here in Brooklyn.

Q And you asked — you said — you said — do you recall saying that you wanted to keep working with the FBI because the FBI provided a structure that was valuable to you?

[Frisch refreshes his memory with his 302]

Q And that’s what you said; right?

A Yes.

While the trial showed that Mackey was important to the effort to suppress the votes of Black and Latino Hillary voters because he had so much reach, particularly among the more general public in 2016, Microchip — who claims to have been a newB Twitter user in July 2015 — seems to have played a more important role in professionalizing all aspects of the anti-Hillary campaign.

Mackey made these memes popular; Microchip made them work.

Which makes the timeline more curious. By all appearances, the FBI knew of Microchip long before they charged Mackey, starting in 2018 (about eight months after Mackey was first IDed). That’s when he first offered to cooperate with the FBI.

A No. I talked to the FBI about being useful to them when they came and actually talked to me the first time. I discussed with the FBI in the car at my residence at the time. We actually sat in the car outside of my home, and I talked to them about my use of technology and how it could possibly be useful to whatever they might be working on.

They seem to have paid him a visit, as well, as they prepared to charge Mackey in December 2020. But even in spite of the fact that his key role in preparing anti-Hillary memes would have been readily obvious in warrants served on Twitter in advance of charging Mackey, the FBI didn’t charge Microchip along with Mackey in January 2021.

And only as they looked closer after he reached out did they decide they needed him to plead guilty.

Timeline

July 2015: Microchip joins Twitter

November 2015: Microchip starts to create his persona

April 5, 2017: Buzzfeed article quoting Microchip claiming, “it’s all us, not Russians” describing he turned to Twitter in response to November 2015 terror attacks in Paris

August 9, 2017: Politico article describing Microchip as an “early player” in hard-right Twitter chatrooms starting in November 2015

December 17, 2018: FBI questions Microchip about July 2018 online threat

December 15, 2020: Second contacts with FBI, including Megan Rees (about which Microchip tells Baked Alaska), Microchip lawyers up

January 27, 2021: Mackey arrest

February 4, 2021: Microchip’s lawyer reaches out to FBI, broaches cooperation

April 22, 2021: Formal proffer with government

June 2021: First of several agreements to toll statutes of limitation

April 14, 2022: Guilty plea

Dear Jeff Gerth: Peter Strzok Is Not a Media Critic

/22 Comments/in , , /by

I really hope that after this and one more post on CJR’s series performing “Russiagate,” I’ll be done for good. CJR is not going to correct, much less retract, a piece that makes clear errors and relies on an undisclosed Russian intelligence product. So all that’s left is to describe what CJR might have done — as editor Kyle Pope has said was his goal — to say something new about the journalism on the Russian investigation, which I’ll do in a follow-up.

But Jeff Gerth said something in last week’s Zoom conference that revealed a(nother) serious cognitive problem with his project. [Since CJR did not record the event, Dan Froomkin downloaded the closed captions to provide an approximation, which I’ve posted here.] When invited to address any question that the moderator, Berkeley School of Journalism Dean, Geeta Anand, had not asked, Gerth addressed why he (claimed to) focus so closely on the NYT.

[Jeff Gerth] 14:03:21
Well, I wanted to address a question that I’ve been asked quite a bit that didn’t come up here, which is why I focused so much on the New York Times.

[Jeff Gerth] 14:03:34
And so my answer to that question is threefold.

[Jeff Gerth] 14:03:39
One. It’s the most influential. No widely read news outlet.

[Jeff Gerth] 14:03:46
Certainly in America, perhaps in the World number 2. It’s the only news organization whose coverage of the Trump Russia matter was repeatedly criticized by the FBI in internal documents that later became public.

[Jeff Gerth] 14:04:11
And obviously, if other news organizations have been criticized by the FBI in documents, I would have reported on that as well.

[Jeff Gerth] 14:04:20
But the New York Times stood out. That regard. So that’s a second reason.

[Jeff Gerth] 14:04:26
And the third reason is, that the times provided a valuable window into their editorial and repertory decision making by allowing a filmmaker into the newsroom for a year and a half, and then you know the fruits of it became a 4 part series that aired in 2

[Jeff Gerth] 14:04:50
1,018, and so that offered invaluable.

[Jeff Gerth] 14:04:57
Raw material for any journalist. Looking at at this story, and a lot of the documentarians work feature.

[Jeff Gerth] 14:05:09
The stories that I was interested in, as well as the stories that the FBI was internally being quite critical of, as well.

[Jeff Gerth] 14:05:19
So those those are the the main reasons why there’s so much in the piece about the New York Times. [my emphasis]

Now, as I have shown, Gerth actually didn’t focus on the NYT. His main villains — those who chased the Steele dossier — published elsewhere. And he ignored almost all of NYT’s Pulitzer winning coverage of Russia. He ignored a September 2016 story revealing how often Julian Assange’s Wikileaks releases served Russia’s political interests. He ignored a December 2016 epic that described the Russian hack-and-leak from the DNC perspective, one that completely debunks Gerth’s claims that the hack-and-leak had limited impact on Hillary’s campaign. He ignored other 2016 Pulitzer-winning stories — on Russia hunting down its enemies in other countriesRussia’s use of disinformationthe elite hackers Russia was recruiting, and Russia’s cultivation of the far right — that show the framework with which NYT’s editors came to their 2017 coverage. He ignored a 2017 report on the Russian contacts that Jared Kushner omitted from his application for clearance. He ignored a 2017 report that Trump knew Mike Flynn had been an unregistered agent for Turkey before Trump appointed him to be National Security Adviser. He may or may not have ignored a 2017 story on how Trump bragged to Sergey Lavrov that he fired Jim Comey to end the Russian investigation, but if he mentioned it, he ignored the Comey part, which undermined Gerth’s own wildly generous interpretation of Trump’s related comments to Lester Holt. Gerth included two (one, two) of three stories on the June 9 meeting, but not the one revealing that Trump had drafted Don Jr’s false statement about the meeting. That’s particularly problematic given that Gerth’s treatment of an interview NYT did with Trump (the only story linked in this paragraph that wasn’t part of NYT’s two Pulitzer winning packages) focused on the dossier and not the discussion Trump had with Putin about the topic he used for his cover story about the June 9 meeting.

This would have been a very different series had Gerth really focused on the NYT, as he claims to think he did.

But something Gerth said really surprised me. A key to his purported reason to (claim to) focus on the NYT is that, he describes, the FBI “criticized” NYT’s coverage. NYT was, “the only news organization whose coverage of the Trump Russia matter was repeatedly criticized by the FBI in internal documents that later became public,” Gerth said. The documentary The Fourth Estate focused on, “the stories that the FBI was internally being quite critical of,” Gerth claimed.

He even asserted that the NYT was the only outlet on whose coverage the FBI was closely focused. “If other news organizations have been criticized by the FBI in documents, I would have reported on that as well.” That claim would be quite a shock to Andy McCabe, whose focus on the WSJ coverage of the Clinton Foundation showed up in two DOJ IG Reports and provided the bogus excuse for his firing. And if Gerth had covered the Mike Flynn case with any level of attention, he would also know that the FBI launched an investigation into some of Sara Carter’s inaccurate reporting, which had been fed to her by Senate Judiciary Committee staffer Barbara Ledeen. Bizarrely, in his coverage of the dossier, Gerth made no mention of the sustained FBI discussions of the September 2016 Michael Isikoff story based on Christopher Steele’s reporting, even though they appear in the DOJ IG Report on the Carter Page FISAs; he discussed the Isikoff story at length, but not the FBI effort to confirm whether Steele or Glenn Simpson was Isikoff’s source.

Gerth doesn’t even account for all the discussions of news coverage in Peter Strzok’s texts, though one such text appears to be one of the two instances of “criticism” of the NYT he speaks of.

My own coverage of Strzok’s sustained attention to such stories — as well as Mueller’s attempts to track how investigative subjects worked the press, including Konstantin Kilimnik — is what made Gerth’s claims so confusing to me.

It led me to suspect Gerth totally misunderstood the purpose of Strzok’s annotation, and thereby saw it as something different than the attempts to stave off clear errors in Devlin Barrett or Sara Carter’s reporting, the woefully belated effort to attribute the Yahoo reporting, to say nothing of efforts to learn how Roger Stone and Kilimnik were planting false stories as part of their attempts to cover their tracks.

The FBI has no business in doing press criticism (though it does attempt to correct dangerously incorrect reporting). It does, however, have reason to track classified or investigative leaks and public claims made by subjects of their investigation. Which is what the reams full of records on Strzok’s work show him doing.

In my own coverage of the Strzok annotation on which Gerth hangs most of his claim of FBI criticism of the NYT, I surmised that it arose out of his focus on leaks. Some of it clearly seems to reflect concern that the NSA might be not be turning over everything it had found. And Strzok’s observation that the NYT falsely believed an investigation into Stone had already been opened may have come in handy nine months later, when they learned from Ann Donaldson that Richard Burr had provided Don McGahn that same false information just weeks later. Indeed, the identification of a common false belief shared by the NYT and SSCI’s Chair might explain why DOJ refused to share the most sensitive details of the Russian investigation with the committee.

I asked Strzok why he had done the annotation. He explained: “Critique played no role — nobody’s got time for that. My purpose was to figure out who’s talking and whether they had info they weren’t sharing with us and/or whether they were leaking to shape the public political narrative.”

In other words, it was perfectly consistent with all the other known efforts by the FBI to track public reports on ongoing investigations. It was an effort to understand what partners and subjects of the investigation were sharing with reliable journalists. And while the annotation shows two clearly incorrect beliefs on the part of the NYT — that an investigation into Stone had already been opened and that the FBI specifically already had call record returns on Trump’s associates — many of the other observations could have multiple explanations, including that the NYT learned of ties, later confirmed, between Trump’s people and Russian spooks before the FBI did. If that’s the explanation, NYT should be lauded, not criticized.

Those stories in which NYT was so far ahead of the FBI are absolutely ripe for review. I don’t fault Gerth’s focus on them; I fault his silence and at times misrepresentation about the rest of NYT’s coverage. But if you’re going to look at those four stories (one, two. threefour) alleging many ties between Trump and Russia — if you’re going to imagine you’re anchoring an entire 23,000 word piece on the NYT based on the FBI attention to several of those stories — you need, first, to understand what you’re looking at.

Gerth imagined he was looking at the FBI doing media criticism. In a sense, he may have been right. What distinguishes Strzok’s apparent effort to understand an outlier NYT story from Gerth’s attempt to understand the Russia coverage is that Strzok had a better handle on the known facts and he tried to understand why reports deviated from those known facts.

Gerth, over and over, simply imposed his own conclusions onto the things that he saw.

LINKS

CJR’s Error at Word 18

The Blind Spots of CJR’s “Russiagate” [sic] Narrative

Jeff Gerth’s Undisclosed Dissemination of Russian Intelligence Product

Jeff Gerth Declares No There, Where He Never Checked

“Wink:” Where Jeff Gerth’s “No There, There” in the Russian Investigation Went

Columbia Journalism Review–and Now Columbia School of Journalism–Have a Russian Intelligence Problem

Dear Jeff Gerth: Peter Strzok Is Not a Media Critic

My own disclosure statement

An attempted reconstruction of the articles Gerth includes in his inquiry

A list of the questions I sent to CJR

“Forthwithier:” Peter Navarro Attempts to Pull a Fast One on His Incriminating Use of ProtonMail

/44 Comments/in , , /by

Peter Navarro appears to be attempting to stall out a month-long order to avoid turning over ProtonMail content he has been trying to withhold from DOJ since last July.

In the guise of doing a more thorough search for materials he should have turned over under the Presidential Records Act, he has not turned over 200 to 250 already identified ProtonMail records that, last year, his attorney said would incriminate him if he turned them over.

I wrote about the lawsuit DOJ filed to force Navarro to turn over the records last August. In effect, after Navarro lawyered up last year and DOJ told them they were going to sue, Navarro’s lawyer went through his emails, identified 200 to 250 ProtonMail records that should have been turned over, but said he would not on the grounds that it would amount to self-incrimination. So DOJ sued to get them.

In March, Judge Colleen Kollar-Kotelly ruled for the government and ordered Navarro to turn over the documents he had already identified to be covered by the Presidential Record Act, “forthwith.”

ORDERED, that Defendant shall produce to Plaintiff the 200 to 250 documents that his counsel has identified as Presidential records forthwith.

In a status report submitted yesterday describing all the new files Navarro is looking for, DOJ included a footnote making it clear Navarro still has not complied with the March 9 order.

1 As of the filing of this status report, Plaintiff advises that it has not received any of the 200 to 250 documents that Defendant’s counsel has identified as Presidential records, nor has Defendant obtained a stay of this Court’s order from the D.C. Circuit.

Navarro has appealed and is asking for a stay of Judge KK’s order; his reply brief for that stay is due Monday. He has clearly ignored a pending order for over a month in hopes that the DC Circuit — a panel consisting of Patricia Millett, Robert Wilkins, and Neomi Rao — will give allow him to delay turning over the 200 to 250 documents his lawyer has said include evidence of a crime.