Donald Trump, Accused Criminal

NYT reports that Trump has been indicted. CNN has confirmed.

A Manhattan grand jury voted to indict Donald J. Trump on Thursday for his role in paying hush money to a porn star, according to four people with knowledge of the matter, a historic development that will shake up the 2024 presidential race and forever mark him as the nation’s first former president to face criminal charges.

The felony indictment, filed under seal by the Manhattan district attorney’s office, will likely be announced in the coming days. By then, prosecutors working for the district attorney, Alvin L. Bragg, will have asked Mr. Trump to surrender and to face arraignment on charges that remain unknown for now.

These are just the training wheel charges.

Share this entry

The Yahoos in Brazil Identified in Sergey Cherkasov’s Complaint

There’s a detail in Greg Miller’s profile of Sergey Cherkasov, the Russian accused of posing under an assumed Brazilian identity and using a SAIS degree to get an internship at the ICC, that confirms something I’ve long assumed: the US has had a hand in the recent roll-up of Russian spies, mostly in Europe.

He was due to start a six-month internship there last year — just as the court began investigating Russian war crimes in Ukraine — only to be turned away by Dutch authorities acting on information relayed by the FBI, according to Western security officials.

[snip]

His arrest last April came at the outset of an ongoing roll-up of Russian intelligence networks across Europe, a crackdown launched after Russia’s invasion of Ukraine that officials say has inflicted greater damage on Kremlin spy agencies than any other effort since the end of the Cold War.

The FBI and CIA have played extensive behind-the-scenes roles in this wave of arrests and expulsions, according to Western officials.

As Miller describes, the Dutch realized that Russians stationed in the Hague were preparing to welcome a new agent, but by then, the US already had an incredibly detailed dossier on him.

On March 31, as he boarded a flight to Amsterdam, neither Cherkasov nor his GRU handlers seemed aware of the net closing in on him. By then, the Dutch intelligence service had picked up its own signals that the Russian Embassy in The Hague was making preparations for the arrival of an important new illegal, according to a Western security official.

Authorities in the Netherlands then received a dossier from the FBI with so much detail about Cherkasov’s identity and GRU affiliation that they concluded the bureau and the CIA had been secretly monitoring Cherkasov for months if not years, according to a Western official familiar with the matter.

Until DOJ charged him last week, this had been largely a European story, with Dutch intelligence crowing about their success at foiling his plans and Bellingcat serially unpacking his public life (though CNN published this story at the time). Significantly, the Dutch published his legend and an explanation of how it might be used, with translations into Dutch and English from the original Portuguese.

As noted below, the US would later source its own possession of the legend to devices seized from Cherkasov on arrest in Brazil.

However, as Brazil gets closer to extraditing Cherkasov back to Russia on a trumped up narcotics trafficking charge, the US stepped in to make their own claim with the criminal charges: multiple counts of fraud, as well as acting as an unregistered foreign power. It’s not yet clear how Brazil will respond to the competing charges. Contrary to some reporting on the charges, DOJ has not yet indicted the case. The complaint has not yet been docketed.

Which is why I wanted to look at the sourcing for the complaint.

Many of the sources in the complaint come via way of Brazil, temporally after the Dutch deported him and the Brazilians arrested him, and so long past the time the US shared “a dossier” from the FBI reflecting months if not years of review. Brazil-sourced evidence includes:

  • A picture taken on Cherkasov’s 2011 immigration into Brazil
  • His Brazilian birth certificate
  • The details behind Brazil’s identity theft charges
  • Items collected — as if for the first time — from devices Cherkasov had with him when he arrived in Brazil, including:
    • The hard drive
    • Thumb drive 1
    • Thumb drive 2
    • Thumb drive 3, including:
      • March 2022 emails of unknown provider with details about a dead drop
      • Details about his dead drop site
      • March 2022 emails about paying for false Portuguese citizenship
      • March 2022 mails about establishing a meeting place
    • Samsung Galaxy Note phone
      • His mother’s Kaliningrad contact
      • 90 contacts with someone whose Telegram account and VKontakte account lead to a 2011 picture of Cherkasov in military uniform and a 2008 picture with friends
      • Contacts from one of those friends to a posted picture in military uniform (a picture also shown in the original Bellingcat profile)
  • Devices collected from the dead drop shared by Brazilian authorities
  • Correspondence between Brazil and Russia about Cherkasov
  • Audio messages between Cherkasov and his fiancée from immediately after his arrest in the Netherlands
  • Post-arrest communications between Cherkasov and his one-time fiancée, at least some of which were photographs of hand-written notes
  • Validation of Cherkasov’s ID in certain photos from FBI agents who met him in 2022 (though these meetings are not explicitly described to have taken place in Brazil)
  • A Bellingcat story debunking the Russian narcotics charges against Cherkasov

The focus on the phone, especially, cites evidence that would be fairly easily collected via other sources, but attributes that evidence to analysis the FBI did only downstream from the Brazilian arrest, and with the assent of Brazil. The complaint doesn’t explain whether these devices were encrypted or even what messaging applications were used, at least on the thumb drives including communications with his handlers. But there’s at least some reason to believe Brazil let FBI take the lead on exploiting those devices.

To be sure, there are items that the US could have collected in the US, whether before or after Cherkasov flew to the Hague, such as an Uber receipt timed to his travel to the dead drop in Brazil and IP addresses tied to US-based cloud providers like Yahoo and Google. Just once does the complaint reference using legal process — a 2017 video from a Moscow airport restaurant, obtained using legal process, reflecting Cherkasov saying goodbye to his mother — though it doesn’t describe what kind (it sounds like it could be iCloud content).

Still, the emphasis on material obtained with subpoenas and investigative steps done while Cherkasov has been in Brazilian custody — whether or not that was the first that FBI obtained such evidence — is one reason I’m interested in the outliers.

This is a document that could form basis to extradite Cherkasov to the US — it seems more than sufficient to make that case. But it’s also a document that might reflect on the kinds of investigations that have contributed to efforts to roll up spies outside of the US.

First, there are details about communications that Cherkasov had, while studying at Trinity College in Ireland and so not a US person at all — via known Section 702 participant, Yahoo!!! — with a tour agent who wrote recommendations for Cherkasov then later worked in Russia’s Consul General and, apparently, the General Consul himself.

CHERKASOV used the Yahoo 1 Account on multiple occasions to contact individual “C2” who was communicating with CHERKASOV from Brazil. C2 communicated with CHERKASOV on numerous matters, including financial matters, between at least July 22, 2016, and December 27, 2019. According to a translation of C2’s curriculum vitae, C2 worked in Brazil at “The General Consulate of the Russian Federation,” for “General Consul [M.G.]”

[snip]

35. Other emails show C2 took direction from another person, M.G., about financial payments that C2 sent to CHERKASOV. In correspondence between C2 and M.G., C2 refers to M.G. as “Mikhail” and the email address is identified in C2’s contacts as “MikhailRussia.” For example, on or about November 30, 2016, C2 forwarded M.G. correspondence from CHERKASOV that indicated another payment to CHERKASOV was imminent. M.G. responded by sending an email to C2 instructing C2 to make a payment to CHERKASOV: “Friend; thank you very much. Let’s do another one on the 14th of December.” According to further correspondence, CHERKASOV was able to receive the original transaction intended via MoneyGram. However, after corresponding to CHERKASOV that C2 would attempt to make transactions via Western Union the following day, financial records indicate C2 attempted to make two separate transactions via Western Union shortly after on December 16 and 18, 2016, for $842.65 and $867.55, respectively, but the funds were never transferred to CHERKASOV. CHERKASOV corresponded on December 19, 2016, that Western Union would not work properly and moving forward, the transactions should be made via Moneygram. C2 corresponded back to CHERKASOV on December 20, 2016, that C2 had sent €750 again via Moneygram to CHERKASOV.

36. C2 also stated in other emails that C2 previously owned a travel agency in Brazil, and that the Russian Federation was one of C2’s best clients. C2 later moved to the Russian Consulate after C2 closed the travel agency.

37. On or about March 8, 2017, C2 wrote a letter of recommendation for CHERKASOV for a university located in Canada. In the letter, C2 indicated FERREIRA worked as a travel consultant for C2 from May 2014 until March 2017, and as a senior event manager in

It’s possible that something Cherkasov did while at SAIS triggered a larger investigation that worked its way back to two likely Russian spies in Brazil. It’s also possible that the investigation started from known subjects in Brazil and thereby discovered Cherkasov.

But one thing these two references do — aside from identify the travel agent later made part of the official Russian delegation, aside from making Cherkasov’s tie to Russian government officials necessary for the 18 USC 951 charge — is put both Brazil and Russia on notice that the US is aware of these two suspected intelligence officers who were or are in Brazil.

Both C2 and the Consult General would have been legal targets for the entirety of the period in question and (as noted) Cherkasov was while he was in both Ireland or Brazil.

Another of the relatively few pieces of evidence unmoored from the Brazil arrest pertains to collection Cherksov shared after taking a SAIS trip to Israel. The details around the reporting — the single use email directing Cherkasov to fly to the Philippines to meet — definitely give the story spy drama.

Just as interesting, however, are the descriptions of the identifiable US (and Israeli) subjects targeted by Cherksov’s collection.

45. On or about January 16, 2020, CHERKASOV, using his D.C.-based phone number, texted with M.S. at a Philippines-based number for M.S. the following:

CHERKASOV: Hey [M],7 I arrived…Where do you want to meet?

[M.S.]: Grab a taxi and ask to drive via skyway.

CHERKASOV: On my way. Will be there in approx. 15 min.

[M.S.]: Ok. Here

CHERKASOV: I can’t find it

[M.S.]: Names?

CHERKASOV: Yea, I’ll text you then when I’m in the airport.

CHERKASOV: Texting you the names.

CHERKASOV: Sent you a list there. Now whom we met.

CHERKASOV: All people from the Jerusalem Embassy, literally every single one, even LGBTQ advisor. [N.G.]8 – security expert, local. I think he is a spook. [?.L.]9 kingmaker’ – [Israeli political] party leader

CHERKASOV: The previous list didn’t sent [sic], I’ll retype it.

CHERKASOV: Can I send it to you email?

CHERKASOV: This SMS shit kills me

[M.S.]: Sure.

46. On or about January 17, 2020, CHERKASOV sent M.S. an email with a screen shot of names, mostly U.S. persons (“USP”), stating the following: Just a list of interesting people that I was talking to you about Experts side: [USP 1]10– DoS, middle Eastern direction advisor the president admin, former [University 1] student.

[USP 2]11– FDD, military security adviros [sic] to the Congress Committee on Intelligence, [USP 3]’s12 assistant. [“TT1”] 13 group: [USP 4]14– [USP 5]15 chair, came only for a day though, [USP 6]16– main guy to call shots, Israeli expert came with small team of his own. [University 1, University 2] student leader: [USP 7]17– Anapolis [sic] Naval Academy Cyber Sec instructor

While just one of the people involved in Cherkasov’s targeting — his SAIS professor, Eugene Finkel — has explicitly spoken out about being duped by Cherkasov, virtually all of these people (and a bunch more described later in the complaint) are likely to be able to identify themselves.

There are a few I suspect I recognize and, if I’m right, they’ve been apologists for Trump’s propaganda about Russia.

Notably, this messaging involved a US-based phone, one not obviously included among the devices seized from Cherkasov when he returned to Brazil. The FBI Agent who wrote the affidavit couldn’t have obtained the messaging in real time — he or she has only worked at the FBI since 2021, and the messaging dates to early 2020. But the affidavit does reference “surveillance that I have conducted.”

In general, the FBI is revealing almost nothing obtained via sensitive sources and methods — that’s one reason the reliance on evidence obtained via Brazil is of interest to me. Given how the US has allowed European countries to take credit for these stings, I find it interesting that the US almost creates the misimpression that it only discovered Cherkasov — that it accessed his legend that the Dutch had upon his arrest — when he arrived in Brazil.

But in just a few spots, the affidavit gives a glimpse of what else the US Intelligence Community might know.

The US has not really taken much credit for helping a bunch of European countries roll up Russian spies (though they’re likely reminding them of the role Section 702 plays in the process). But this document, seemingly released because they had reason to exert legal pressure with a country that is fairly close to Russia, likely serves multiple purposes. While it doesn’t give away a lot, it does hint at far more.

Update, 4/6: The Guardian reported that two suspected Russian illegals, one presenting as Brazilian and the other presenting as Greek-Mexican, disappeared in January.

Halfway through a trip to Malaysia in January, Gerhard Daniel Campos Wittich stopped messaging his girlfriend back home in Rio de Janeiro and she promptly launched a frantic search for her missing partner.

A Brazilian of Austrian heritage, Campos Wittich ran a series of 3D printing companies in Rio that made, among other things, novelty resin sculptures for the Brazilian military and sausage dog key chains.

[snip]

The Brazilian foreign ministry and Facebook communities in Malaysia mobilised to look for the missing man. But Campos Wittich had simply disappeared.

Greece believes Campos Wittich was a Russian illegal with the surname Shmyrev, said the official, while his wife, “Maria Tsalla”, was born Irina Romanova. She married him in Russia before their missions began and took his surname, the Greeks claim. She left Athens in a hurry in early January, just after Campos Wittich left Brazil. Neither have returned.

If I’m right that the FBI chose to use the Cherkasov complaint in part to identify those in Brazil who were running illegals, it may be because the disappearance of another Brazilian illegal in January led the US Intelligence Community to believe Russia had figured out what the US knew.

Share this entry

Donald Trump’s Dumbass Russia Binder

There is some tie between Donald Trump’s effort — as one of his last acts as President — to declassify a binder of materials from the Crossfire Hurricane investigation and his hoarding of still-classified documents that could get him charged under the Espionage Act.

It’s not yet clear what that tie is, though.

On May 5 of last year, Kash Patel offered the declassification effort as an alibi, claiming Trump had declassified a bunch of materials, including not just the Crossfire Hurricane materials, but everything else discovered in boxes returned to NARA in January 2022. Kash’s claim would be included in the search affidavit for Mar-a-Lago and ultimately lead to his compelled testimony in the investigation.

Last fall, at a time when Alex Cannon and Eric Herschmann would have been under some scrutiny for their role in Stefan Passantino’s dubious legal advice to Cassidy Hutchinson, Maggie Haberman told a story in which the Trump lawyers heroically warned Trump about the risks of holding classified documents. That story claimed Trump had offered to swap the documents he did have for the Russian-related documents the former President believed NARA had.

It was around that same time that Mr. Trump floated the idea of offering the deal to return the boxes in exchange for documents he believed would expose the Russia investigation as a “hoax” cooked up by the F.B.I. Mr. Trump did not appear to know specifically what he thought the archives had — only that there were items he wanted.

Mr. Trump’s aides — recognizing that such a swap would be a non-starter since the government had a clear right to the material Mr. Trump had taken from the White House and the Russia-related documents held by the archives remained marked as classified — never acted on the idea.

The story doesn’t mention Cannon’s role in a fall 2021 inquiry to NARA about the Russian documents. Nor does it say that National Archives General Counsel Gary Stern told Cannon and Justin Clark that NARA had 2,700 undifferentiated documents, but that the binder Trump wanted declassified had been rendered a Federal Record when it got sent back to DOJ.

That’s what NARA told John Solomon on June 23, 2022 — that Trump’s lawyers had requested the binder in fall 2021 — in Stern’s first explanation for why NARA didn’t have the binder.

John, fyi, last fall Justin Clark, another PRA representative of President Trump, also asked us for a copy of this declassified binder. Upon conducting a search, we learned that the binder had been returned to the Department of Justice on January 20, 2021, per the attached memo from Chief of Staff Mark Meadows to the Attorney General, titled “Privacy Act Review of Certain Declassified Materials Related to the FBI’s Crossfire Hurricane Investigation.”

Accordingly, we do not have the binder containing the declassified records. As we explained to Justin, what we were able to locate is a box that contains roughly 2700 undifferentiated pages of documents with varying types of classification and declassification markings, but we could not be certain of the classification status of any of the information in the box. We are therefore obligated under Executive Order 13526 to treat the contents of the box as classified at the TS/SCI level.

Then on August 9 and again on August 10 last year, immediately following the search on Mar-a-Lago, Solomon asked for all correspondence between Cannon and NARA up until days before the search.

Gary, John: My research indicates there may be a new wrinkle to the Russian declassified documents. As part of my authorized access, I would like to see all correspondence between NARA and attorney Alex Cannon between December 2020 and July 31, 2022. I think the information will have significant value to the public regarding current events. Can that be arranged?

[snip]

Checking back on this. It’s time sensitive from a news perspective. Can you accommodate?

Stern, no dummy, likely recognized that this information would not just have news value, but would also have value to those under criminal investigation; he responded with lawyerly caution. As NARA representative for Trump, he explained, Solomon was only entitled to access Presidential records — those that predate January 20, 2021 — and communications between Cannon and NARA post-dated all that. But, Stern helpfully noted, Cannon was cc’ed on the request for the Russian binder.

It’s important to clarify that, as a designated PRA representative of President Trump, you may receive access to the Presidential records of the Trump Administration that have been transferred to NARA, which date from January 20, 2017 to January 20, 2021.

Alex Cannon has represented President Trump on PRA matters (along with Justin Clark) only since the summer of 2021, principally with respect to the notification and review process in response to special access requests. Accordingly, there would not be any Trump Presidential records between NARA and Alex Cannon.

FYI, in my June 23 email to you (which is below within this email thread), I noted that “last fall Justin Clark, another PRA representative of President Trump, also asked us for a copy of this declassified binder.” Alex Cannon was cc’d on Justin’s request and our response. I am not aware of any other communications that would exist between NARA and Alex about this matter. [my emphasis]

That would be the only communications “about this matter,” seemingly distinguishing the Russian binder from the missing Presidential records.

At the time Maggie was distracting the chattering classes with the swap story, ABC had a very thorough story that revealed some of what Stern had explained to Solomon last year. That story suggests the month-long focus on the Russian binder had led overall compliance with the Presidential Records Act to be lacking. As Hutchinson tells it, it was worse, with 10 to 15 NSC staffers madly copying classified documents in the last days Trump was in office, with two sets of four copies — one still classified, one less sensitive — circulating to who knows where.

The tie between the Russian documents and the documents Trump stole may be no more than the alibi Kash tried to use them as, an attempt to claim that the limited declassification was instead a blanket effort. Perhaps it was also a failed effort to use Kash and Solomon as moles to figure out what NARA got back. Or perhaps some of these materials madly copied at the last moment were among the classified documents Trump took with him. Perhaps some of those materials were among the still-classified documents Trump took and hoarded in a storage closet with a shitty lock.

But that tie is one of the reasons I read the version of the binder released earlier this year in response to a Judicial Watch FOIA closely (release 1, release 2).

That is one dumbass binder. If you’re going to expose yourself and your assistants to Espionage Act prosecution, this is one dumbass document to do so over.

Having reviewed it — even with great familiarity with the unending ability of certain frothers to get ginned up over these things — I cannot believe how many people remain obsessed about this document.

The document, as released to Judicial Watch, is little more than a re-release of a bunch of files that have already been released. Perhaps the only released documents I hadn’t read closely before were memorializations that Andy McCabe wrote of conversations he had in the wake of Jim Comey’s firing with and about Trump, including the one that described Rod Rosenstein offering to wear a wire to meetings at the White House.

And because DOJ subjected the documents to a real Privacy Act review, unlike declassifications effectuated by Director of National Intelligence John Ratcliffe when Kash babysat him as his Chief of Staff, a number of the documents actually are more redacted than previous versions, something that will no doubt be a topic of exciting litigation going forward.

Mark Meadows ordered DOJ to do a Privacy Act review and as a result great swaths of documents were withheld, page after page of b6/b7C exemptions as well as b7D ones to shield confidential information.

Here’s what got released to Judicial Watch, along with links to the previous releases of the documents:

The Bruce Ohr 302s are the only documents that include much newly released materials, mostly reflecting Igor Danchenko’s subsequent public identification. Both the candidate briefing and the Carter Page FISA application include significantly more redaction (and those are not the only interesting new redactions); given the redactions, it doesn’t look like Trump contemplated disseminating any Page material that was sequestered by the FISA Court, which would have been legally problematic no matter what Trump ordered, but references to the sequestration were all redacted.

As noted above as Requests 1, 5, 6, 14, and 17, there were five things Trump asked for that were still pending at DOJ when Trump left office. Two of those are identified: A request for materials on Perkins Coie lawyers, which (DOJ informed Trump) had no tie to Crossfire Hurricane, and a request for details on an August 2016 meeting involving Bruce Ohr, Andrew Weissmann, and one other person “concerning Russia or Trump.”

There were a number of communications between Ohr, Weissmann, and others later in 2016, including communications potentially relating to an effort to flip Dmitry Firtash, as well as October 2016 communications between Ohr and McCabe. But the jumbled timeline of Ohr’s communications has often been used to insinuate that the Crossfire Hurricane team learned of the Steele allegations earlier in the investigation than the September 19 that DOJ IG reflects. In any case, some of these meetings likely touched on Oleg Deripaska and some might touch on the suspected Egyptian donation Trump used to stay in the race past September 2016, not the dossier.

Between other then-pending requests and big chunks of withheld information (I’ve noted the biggest chunks above, but it would be around 300 pages total), there are things I would have expected to see in this binder that are not there. For example, almost none of the material released as part of DOJ’s attempt to undermine the Flynn investigation (links to which are in this post) is included here. Most of that stuff constitutes information that would never normally be released. It was egregiously misrepresented by Barr’s DOJ. Some of the files were altered. If these were requested, I can think of a number of reasons it would take DOJ a while to provide the materials. Even still, though, the materials didn’t persuade Emmet Sullivan to overturn Flynn’s prosecution, and documents left out of this bunch — such as Flynn’s later 302s, including some where he obviously told the same lies he had told in January 2017, would easily rebut any claims Trump might offer with the Flynn documents.

The documentation showing Strzok learning of a Russian intelligence product claiming not very damning things about Hillary is not in here. That, too, is something that would never have been released with a normal DNI not being led around by Kash Patel and it’s one that would take DOJ a good deal of time to clear. But as I laid out here, the report came after Trump had already demonstrably started pursuing files stolen by Russia. By the time Hillary purportedly decided to call out Trump for encouraging the Russian hack, Trump was encouraging the Russian hack.

Given that Mike Rogers’ 302 from the Mueller investigation is included here, you’d expect those of Trump’s other top intelligence officials to be included as well. Dan Coats and Mike Pompeo were interviewed in the weeks after Rogers. Coats’ aide Mike Dempsey and NSA Deputy Director Rick Ledgett were also interviewed about Trump’s March 2017 effort to get the IC to deny he had a role in Russian interference, as was Trump’s one-time briefer Edward Gistaro (Gistaro was interviewed a second time in 2018, in an interview treated as TS/SCI, which likely pertained to his involvement in briefing at Mar-a-Lago during the transition). Details of these interviews show up in the Mueller Report, and his request only helps to make Trump look more guilty.

It doesn’t include materials released as part of the failed Sussmann and Danchenko prosecutions. But like Barr’s effort to overturn the Flynn prosecution, none of that evidence sustained Trump’s conspiracy theories either. Indeed, during a bench conference in the Danchenko trial, Durham fought hard to keep the substance of the discussions — ostensibly about energy investments — between Sergei Millian and George Papadopoulos starting in July 2016 out of the trial because, “it certainly sounds creepy.” The Sussmann trial showed how justified people were in wondering about Trump’s Russia ties in the wake of his “Russia are you listening” comment. It provided a glimpse of how time-consuming being a victim of a nation-state hack had been for Hillary in 2016. Durham even demonstrated that FBI badly screwed up the Alfa Bank investigation. When subjected to the rules of evidence, none of Trump’s hoax claims hold up.

The point is, nothing in this binder — particularly as released — supports Trump’s claims that the investigation into him wasn’t independently predicated and didn’t lead to really damning information implicating at least five of his top aides and his own son.

Trump keeps trying to collect some set of evidence that will make go away the far more damning ties to Russia that his National Security Advisor, his Coffee Boy, his personal lawyer, his campaign manager, and his rat-fucker all lied to hide. And in this case, it may have led Trump to do something far dumber, to defy a subpoena and hoard highly classified documents.

Which possibility only makes the dumbass Russia binder even more of a dumbass Russian binder.

Share this entry

“That’s How … You End Up as a Defendant in a Court Room:” Some Days in the Life of a Named-and-Shamed Former GRU Hacker, Ivan Ermakov

In early 2018, Ivan [Y]Ermakov,* one of the hackers alleged to have stolen John Podesta’s emails two years earlier, was living it up.

For his April 10 birthday that year, he went on a stunning heli-ski trip with his future co-conspirator, Vladislav Klyushin (Ermakov is on the left in this picture, Klyushin, on the right and in the Featured Image picture).

In summer 2018, they were enjoying the Sochi World Cup together, too.

Just days after this trip to Sochi, however, on July 13, 2018, Robert Mueller would indict Ermakov, along with eleven of his former GRU colleagues, for hacking the DNC, DCCC, Hillary Clinton, election vendors, and registration websites, as well as orchestrating the release of the stolen files.

By the time of that first indictment against him — the first of three known indictments against the Russian hacker so far — Ermakov had already made one of the fatal slip-ups that would form part of the proof against Klyushin at trial, this time for a hack-and-trade scam. On May 9, 2018, Yermakov received three updates from his Apple iTunes account to the IP address 119.204.194.11. Just four minutes later, someone using that IP address downloaded an SEC filing using credentials stolen from a Donnelly Financial employee named Julie Soma. That download occurred hours before the report would be publicly filed with the SEC, one of dozens of such thefts of SEC filings that formed the basis of the hacking and securities fraud charges against the men.

So months before Mueller’s indictment alerted Ermakov that the FBI had discovered who he was and that they believed he was one of the hackers behind the 2016 hack, he had already left proof in US-based servers that would tie to him to a follow-up crime, the hack-and-insider trading conspiracy for which Klyushin was convicted in February.

Klyushin has challenged the verdict, largely based on a technical challenge to the venue of the charges in Massachusetts.

Per trial testimony, Ermakov left those tell-tale forensic tracks four months before Klyushin would first get involved in the hack-and-trade scheme, in August 2018. The scheme was doomed from the start — at least, it would be doomed if any of the identified co-conspirators traveled to a jurisdiction that would extradite to the US, as Klyushin did in March 2021.

In fact, there’s something curious about that.

One thing submitted as evidence at trial was a picture of a May 22, 2017 Reuters article reporting the US sentence for Ukrainian hacker Vadym Iermolovych, one of ten people prosecuted for a hack-and-trade conspiracy similar to the one for which Klyushin was convicted.

According to the FBI agent who introduced the exhibit, the picture itself was taken in August 2018. Someone printed out the article and packaged it up in a plastic folder over a year after the fact. That suggests Klyushin was in discussion with a very well-connected friend about the possibility of such charges in the same month that Klyushin first got involved in the scheme.

The possibility of prosecution hung over the conspiracy from the start.

Thanks to Klyushin’s promiscuous storage of damning evidence in his iCloud account, from which many of the pictures and chats in this post were obtained by the FBI, the Klyushin case offers an unprecedented public glimpse into the effect that US indictments against nation-state hackers like Ermakov might have on one of the target’s lives. In Ermakov’s case, it didn’t stop him from hacking US targets. Indeed, it’s possible that others used the indictments to pressure Ermakov to use his hacking skills for them.

Since 2014, DOJ has been indicting nation-state hackers in what have always been assumed to be name-and-shame documents, indictments that would never lead to trial. Indeed, that’s what the two earlier indictments of Ermakov have always been assumed to be: a public accusation that would never lead to Ermakov’s imprisonment. The wisdom of indicting nation-state hackers has never been obvious. Yevgeniy Prigozhin’s exploitation of his own name-and-shame indictment has revealed the potential perils of the policy. And Russian denialists brush off the July 2018 indictment charging Ermakov and others with the election year hack (as Matt Taibbi did in his recent congressional testimony), arguing that since the indictment will never be tested at trial, it could be mere government propaganda.

At least in the case of the 2016 Russian operation, the indictment has done little to persuade denialists, who simply refuse to read about the many places where the hackers left evidence.

In a follow-up, I’ll show how DOJ proved their case against Klyushin using the same kind of evidence they used in the earlier indictments against Ermakov and his colleagues, largely metadata and content obtained from US-based and a few foreign servers. DOJ may never get a chance to prove the first two indictments against Ermakov, but using the same investigative techniques, they did prove the case against Ermakov’s co-conspirator, Klyushin.

This case, where a sealed complaint ultimately led to the trial of one co-conspirator of a hacker previously charged, also provides a glimpse of what happened after one nation-state hacker got name-and-shamed in the US.

It’s not clear from the trial record when Ermakov left the GRU or who his formal employer was before he joined Klyushin’s M-13, an information services company with ties to Putin’s office that offered, among its services, pen testing.

The FBI found a contact card for Igor Sladkov, with whom Ermakov may have started the hack-and-trade scheme at least as early as October 2017, in Ermakov’s own iCloud account, one of the only interesting pieces of evidence they found there. It was dated November 16, 2016, just over a week after Donald Trump got elected with Ermakov’s help. Sladkov — whose iCloud OpSec was just as shoddy as Klyushin’s — had a bunch of photos of Ermakov in his iCloud account, including the hacker’s passport, a 2016 picture of Ermakov sitting before an enormous plate of some animal flesh, and a picture from Ermakov’s 2018 ski trip, as well as a picture of Klyushin’s yacht that Ermakov had shared.

Before trial, Klyushin’s team argued that Ermakov never worked for Klyushin’s company, bolstering the claim with a chat from May 2019 in which Ermakov bitched about his job to Klyushin and a certificate from the Russian tax service claiming that [Y]Ermakov never worked at M-13.

But days after that chat, per another pre-trial filing, Ermakov spoke longingly of being able to travel like Klyushin could. Klyushin responded that he would get Ermakov new identity papers so the two could travel to Europe together, but not — Klyushin conceded — London or America. Klyushin seemingly used that discussion as background to press Ermakov to get back to work, with the implication being he should get back to the hack-and-trade scheme.

That is, Ermakov appears to have included Klyushin in the hack-and-trade scheme while still working for someone else. And Klyushin seems to have used his promise to help Ermakov mitigate the risks created by those earlier indictments to pressure Ermakov to keep hacking. If that’s right, the vulnerability created by the earlier indictments gave Klyushin leverage to get Ermakov to keep hacking.

But Ermakov did eventually join M-13, at least informally. The government introduced an M-13 employee list reflecting Ermakov’s participation in specific project at trial. And they submitted a picture, from December 2019, showing Ermakov with an M-13 sticker, within days of the time when a staging server similar to the one used in the 2016 hack of the Democrats was set up.

Klyushin may have even incorporated Sladkov into M-13. The FBI found a proposal for a data analysis service, dated September 4, 2019, which M-13 would introduce on October 28, 2020, as well as encrypted communications from an M-13 chat application, in Sladkov’s iCloud account.

Klyushin fought hard to exclude one of the most telling pieces of evidence that the hacking scheme came to be tied to M-13 — the four Porsches that, Klyushin bragged to an investor, he had bought for himself, Ermakov, and one other co-conspirator with the proceeds of the insider trading.

But this currency — expensive gifts — seems to have been at least part of the way Erkamov was compensated for his role in the scheme.

Ermakov did not engage in any trading himself. Instead, two men in St. Petersburg, two associated with M-13 (including Klyushin himself), and three clients of M-13, profited off documents [Y]Ermakov seems to have stolen.

But in addition to the Porsche, on August 17, 2020, ten days before the delivery of the Porsches, Ermakov took possession of a Moscow house worth millions, the loan agreement for which Klyushin reportedly ripped up. Months earlier, Klyushin had tied paying for the house with continued hacking — which, Klyushin joked, amounted to just turning on the computer and thinking about making money.

Ermakov was effectively printing money for Klyushin, and his reward was that house.

In September 2020, the hack-and-trade scheme would be shut down for good.

Throughout the time it was going, however, those co-conspirators knew of the indictment against Ermakov. Sladkov downloaded Ermakov’s wanted poster from the FBI website on October 5, 2018, just a day after Ermakov was charged in the 2016 hack-and-leak of anti-doping agencies while Ermakov was still a GRU officer.

And on October 4, 2020, Klyushin took a screencap of Ermakov’s wanted poster from the FBI website.

By the time Klyushin took this screencap, the victim filing agencies had finally shut down Ermakov’s access to the site, after eight months of trying. Perhaps Klyushin was contemplating what that would mean or how it had happened? According to trial evidence, DOJ didn’t identify the hack-and-trade scheme by tracking what Ermakov was doing. Rather, the investigation started when the SEC started tracking some large-scale trading by a bunch of Russians together, then asked the filing agencies if they had been hacked. At least according to the public record, the involvement of Ermakov was disclosed only after working backwards from the forensic evidence. But in October 2020, Klyushin may have considered the risks of entering into a hack-and-trade scheme with a hacker whose habits were already known within the FBI.

By then it was too late. Indeed, Ermakov had already warned his boss about his shoddy OpSec. On July 18, 2019, Kluyshin asked Ermakov and the other M-13 co-conspirator Nikolai Rumiantcev how the hack-and-trade was going. He included pictures of two of the M-13 investors. In response, Ermakov warned his boss that that kind of OpSec is the kind of thing that would land him as a defendant in a courtroom.

Q. Okay, thank you. And now can we move to 3980, please. And this date is?

A. This is July 18 of 2019.

Q. Would you begin with 3980.

A. “Vladislav Klyushin: So what did we earn today?”

Q. And then there’s an attachment?

A. Correct.

Q. And then he says what?

A. Ermakov responds: “About 350 and another 350 in the mind. Sasha the most among the rest. “Klyushin: Our comrades are wondering.”

MR. FRANK: Could we stop right there, and I realize it’s hard, Ms. Lewis, because we’re in the Excel, but could you please display Exhibits 52 and Exhibit 50.

Q. Those are the attachments, Special Agent. Have you had an opportunity to review those?

A. Yes.

Q. Who’s depicted in Exhibits 52 and 50?

A. On the left, 52 is Sergey Uryadov. On the right is Boris Varshavksiy in Exhibit 50.

MR. FRANK: I offer 52 and 50. (Exhibits 50 and 52 received in evidence.)

Q. Okay. So those are the two attachments Mr. Klyushin has just transmitted in the chat?

A. Yes.

Q. Can we go back to the chat and pick up where we left off. So Mr. Klyushin says, “What did we earn today? Our comrades are wondering.” Could you continue, please, at 3987.

A. After sending those pictures we just looked at, Ermakov replies: “Vlad, you are exposing our organization. This is bad.” Nikolai Rumiantcev: Vlad, stop sending to Threema.” Klyushin replies, “So sorry.” “Ermakov: And that’s how they get you and you end up as a defendant in a courtroom.”

Q. How does Mr. Klyushin respond?

A. Klyushin responds, “Removed. Open a chat with us already. “Ermakov: Go ahead and create. It was a bad move now. “Klyushin: Sorry. Did a dumb thing. “Rumiantcev: I suggest to recreate the chat with the deletion of attachments in Threema, or switch to ours if ready. “Klyushin: I will delete this one on my end.”

Klyushin did delete this chat. Rumiantcev left it in his iCloud account, where the FBI found it.

At the time, the men appear to have been shifting their trading discussions to the encrypted M-13 chat application found in all their iCloud accounts, finally taking measures to cover their tracks going forward, over eighteen months into the hack-and-trade conspiracy. Going forward, those working with Ermakov might not exhibit the kind of abysmal OpSec that produced abundant trial evidence against his co-conspirator. Maybe they learned their lesson, and they’ll be able to exploit Ermakov’s skill more safely going forward.

It remains to be seen whether the prosecution of Klyushin, with his ties to high even higher ranking Russians, does more than hold him accountable for millions in fraudulent trades. But that may have little effect on the life of John Podesta’s suspected hacker.

* The government has used two different transliterations for [Y]Ermakov’s last name. In 2018, they used the one that aids in pronunciation. In 2021, they used the direct transliteration from the Cyrillic. Because evidence submitted at Klyushin’s trial uses the initials “IE” to refer to Ermakov, I’ll adopt that spelling here.

Share this entry

On Joshua Schulte’s Alleged Substantial Amount of CSAM … and Other Contraband

Yesterday, Judge Jesse Furman docketed a letter, impossibly dated March 23, updating him on the investigation into the Child Sexual Abuse Material allegedly found on WikiLeaks Vault 7 source, Josh Schulte’s discovery computer, six months ago (see this post for an explanation).

It described more about the CSAM material found on Schulte’s computer: The FBI had found “at least approximately 2,400 files on the laptop … likely containing CSAM.”

With respect to assertions that Joshua Schulte, the defendant, has made about the discovery laptop—that the laptop does not contain CSAM, that any CSAM appears only in thumbnails, or that the CSAM was maliciously or inadvertently loaded onto the laptop by the Government. See, e.g., D.E. 998 at 3 (pro se letter to the Court dated Dec. 21, 2022), 5 (pro se letter to the Court dated Jan. 5, 2023)—the Government is able to confirm the following: at least approximately 2,400 files on the laptop have been identified to date as likely containing CSAM. Those files include full images, and are not limited to thumbnail images. Moreover, the Government did not copy discovery materials onto the defendant’s laptop. In 2021, former defense counsel copied discovery and trial materials onto the laptop, which was then reviewed by personnel from the U.S. Attorney’s Office for security compliance before making a file index and providing the laptop to the Metropolitan Correctional Center (“MCC”), where the defendant was then in custody. The CSAM on the laptop was not provided by the Government or the result of Government action.

That, by itself, doesn’t tell us a lot more than we learned in an October filing, which explained that the FBI had found, “a substantial amount” of suspected CSAM.

Indeed, the letter focuses on debunking two counterarguments Schulte has made since, which is one of the reasons Furman docketed it after DOJ submitted it ex parte: “[T]his letter responds directly to assertions by Mr. Schulte,” Furman observed.

The government was debunking a claim made by Schulte that the government had caused the CSAM — but only thumbnails — to be loaded onto his discovery computer by “connect[ing] a child pornography drive to the laptop during setup.”

Schulte repeated and expanded — at great, great length — that theory in a set of filings dated March 1 but just loaded to the docket today.

The government response, effectively, was that they made an index of the files as the computer existed when it was turned over to MCC in 2021, calling Schulte on his claim that he was framed with CSAM.

Ultimately both sides will be able to present their claims to a jury.

But there are several other reasons I’m interested in the letter and related issues.

The government’s working theory when they first revealed this last fall, was that Schulte got a thumb drive into the SCIF and from that accessed the CSAM allegedly found on his home computer six years ago, presumably just to have it in his cell for his own further exploitation of children.

there is reason to believe that the defendant may have misused his access to the SCIF, including by connecting one or more unauthorized devices to the laptop used by the defendant to access the CSAM previously produced.

That’s because in August, they found a thumb drive attached to the SCIF laptop.

On or about August 26, 2022, Schulte was produced to the Courthouse SCIF and, during that visit, asked to view the hard drive containing the Home CSAM Files from the Home Desktop. The hard drive was provided to Schulte and afterwards re-secured in the dedicated safe in the SCIF. The FBI advised the undersigned that, while securing the hard drive containing the Home CSAM Files, they observed that an unauthorized thumb drive (the “Thumb Drive”) was connected to the SCIF laptop used by Schulte and his counsel to review that hard drive containing the Home CSAM Files. On or about September 8, 2022, at the Government’s request, the CISO retrieved the hard drive containing materials from the Home Desktop from the SCIF and returned it to the FBI so that it could be handled pursuant to the normal procedures applicable to child sexual abuse materials. The CISO inquired about what should be done with the Thumb Drive, which remained in the dedicated SCIF safe.

But in a little noticed development, during the period when FBI has been investigating how a defendant held under SAMs managed to get (we’re now told) 2,400 CSAM files onto his discovery computer, CNN reported that the network of FBI’s NY Field Office focused on CSAM had been targeted in a hacking attempt.

The FBI has been investigating and working to contain a malicious cyber incident on part of its computer network in recent days, according to people briefed on the matter.

FBI officials believe the incident involved an FBI computer system used in investigations of images of child sexual exploitation, two sources briefed on the matter told CNN.

“The FBI is aware of the incident and is working to gain additional information,” the bureau said in a statement to CNN. “This is an isolated incident that has been contained. As this is an ongoing investigation the FBI does not have further comment to provide at this time.”

FBI officials have worked to isolate the malicious cyber activity, which two of the sources said involved the FBI New York Field Office — one of the bureau’s biggest and highest profile offices. The origin of the hacking incident is still being investigated, according to one source.

DOJ still insists that former CIA hacker Josh Schulte found a way to access a whole bunch of CSAM. And in the same period, reportedly, the servers involved with CSAM investigation in the NYFO were hacked.

And while the letter released yesterday doesn’t tell us — much — that’s new about what Schulte allegedly had on his laptop, it does tell us, by elimination, which of the sealed filings in his docket are not related to the CSAM investigation.

Since the October update on the investigation into Schulte, sealed documents have been filed in Schulte’s docket on the following days:

  • December 15: Sealed document
  • January 19: Ex parte update on CSAM investigation
  • January 26: Sealed document
  • March 9: Sealed document
  • March 13: Sealed document

Only the January 19 letter — along with yesterday’s letter — have been unsealed. That, plus the flurry of filings in September and October, are it for the CSAM investigation. There’s something else going on in this docket, four sealed documents worth.

Indeed, in those very long set of filings mentioned above, both dated February and finalized March 1, both docketed today, Schulte alluded to something beyond CSAM.

Judge Furman has begun claiming that there are other vague misuses or misbehavior on the laptop.

He must not have read the September and October letters very closely, because they describe there was a warrant that preceded the discovery of the CSAM.

The warrants that we know of include the following:

Since late September, this investigation was about the “substantive” amounts of CSAM found on a computer possessed by Schulte.

But before that it was based on suspicions of contraband.

That stems, in significant part, from a search of the computer DOJ did in June, when Schulte turned it over claiming it had been dropped.

It hadn’t been dropped. It needed to be charged. Indeed, in the interminable motions filed today, Schulte treated plugging in a laptop as some kind of due process violation.

Plugging in a laptop should in no way compromise the privacy of a laptop. But it did raise real questions about the excuse Schulte offered in an attempt to get a second laptop (one he effectively got once trial started anyway).

Needless to say, his description of what happened with the BIOS password differs from the government’s, as provided last June.

First, with respect to the defendant’s discovery laptop, which he reported to be inoperable as of June 1, 2022 (D.E. 838), the laptop was operational and returned to Mr. Schulte by the end of the day on June 3, 2022. Mr. Schulte brought the laptop to the courthouse on the morning of June 3 and it was provided to the U.S. Attorney’s Office information technology staff in the early afternoon. It appears that the laptop’s charger was not working and, after being charged with one of the Office’s power cords, the laptop could be turned on and booted. IT staff discovered, however, that the user login for the laptop BIOS1 had been changed. IT staff was able to log in to the laptop using an administrator BIOS account and a Windows login password provided by the defendant. IT staff also discovery an encrypted 15-gigabyte partition on the defendant’s hard drive. The laptop was returned to Mr. Schulte, who confirmed that he was able to log in to the laptop and access his files, along with a replacement power cord. Mr. Schulte was admonished about electronic security requirements, that he is not permitted to enable or use any wireless capabilities on the laptop, and that attempting to do so may result in the laptop being confiscated and other consequences. Mr. Schulte returned to the MDC with the laptop. [my emphasis]

Here’s more background on all the funky things that happened with this laptop that led me to suspect something was going on last summer.

Anyway, the government claims it found a whole bunch of CSAM on Schulte’s computer. But there’s also something else going on.

We may find out reasonably soon. The impossibly dated filing from this week promised an update in a week, which (if the impossibly dated filing was actually dated March 21) might be Tuesday.

The Government expects to provide the Court with a supplemental status letter in approximately one week.

At the same time that CIA hacker Josh Schulte was allegedly finding a way to load CSAM onto his discovery laptop, the local FBI office’s CSAM servers were hacked.

That might be a crazy coincidence.

Update: DOJ filed an ex parte update today, which may or may not have to do with the CSAM investigation.

Share this entry

Remember: DOJ May Still Suspect Trump Is Hoarding Classified Documents

When I wrote up initial reports of Christina Bobb’s first interview with investigators in the stolen documents case, I noted,

Bobb’s testimony will clarify for DOJ, I guess, about how broadly they need to get Beryl Howell to scope the crime-fraud exception.

Here we are five months later, and Beryl Howell has indeed, very predictably, scoped out the crime-fraud exception for Evan Corcoran’s testimony and the DC Circuit has refused Trump’s request of a stay to fight that ruling.

In fact, ABC reported a list of the things that Judge Howell ruled Evan Corcoran must share with Jack Smith’s prosecutors, the scope I predicted she’d draw up five months ago.

As you read it, keep in mind that DOJ likely suspects that Trump still is hoarding classified documents. I say keep that in mind, because these questions will help to pinpoint the extent to which Trump or Boris Epshteyn masterminded efforts last June to hide classified documents, which may help DOJ to understand whether someone has masterminded efforts to hide remaining classified documents since.

The six things Corcoran has been ordered to testify about, per ABC, are:

  1. “[T]he steps [Corcoran] took to determine where documents responsive to DOJ’s May subpoena may have been located”
  2. Why Corcoran “believed all documents with classification markings were held in Mar-a-Lago’s storage room”
  3. “[T]he people involved in choosing Bobb as the designated custodian of records for documents that Trump took with him after leaving the White House, and any communications he exchanged with Bobb in connection with her selection”
  4. “[W]hether Trump or anyone else in his employ was aware of the signed certification that was drafted by Corcoran and signed by Trump attorney Christina Bobb then submitted in response to the May 11 subpoena from the DOJ seeking all remaining documents with classified markings in Trump’s possession”
  5. “[W]hether Trump was aware of the statements in the certification, which claimed a “diligent search” of Mar-a-Lago had been conducted, and if Trump approved of it being provided to the government”
  6. What Corcoran “discussed with Trump in a June 24 phone call on the same day that the Trump Organization received a second grand jury subpoena demanding surveillance footage from Mar-a-Lago that would show whether anyone moved boxes in and out of the storage room

Questions 1 and 2 are a test of whether Corcoran wrote the declaration that Christina Bobb signed on June 3 in good faith. Given the fact that boxes were moved out of the storage room, it’s quite plausible that Corcoran did do a good faith search of the remaining boxes. So the answer to question 2 — why did he think all the classified documents were in that room? — will help pinpoint who has criminal liability for that obstructive act. Someone told him only to search the storage room and he took Jay Bratt to that storage room on June 3 and falsely (but likely unwittingly) told them that’s where all the classified documents would have been stored. Who told him that was true?

Questions 4 and 5 go to Trump’s awareness of the attempt to mislead DOJ on June 3. Did he know about the signed certification, and if so was Trump aware that Corcoran and Bobb had, between them, claimed the search of a storage room out of which boxes had been moved amounted to a diligent search? Since he reportedly ordered Walt Nauta to move boxes out of there, does that mean he knew the declaration was false?

Question 3 is more interesting though: The fact that Corcoran wouldn’t sign the certification himself is testament that he had doubts about the search he did himself or, at least, that someone knew enough to protect him. Per reporting from after she spoke to investigators the first time (see this post), Boris Epshteyn contacted Bobb the night before the search to serve the role she played.

She told them that another Trump lawyer, Boris Epshteyn, contacted her the night before she signed the attestation and connected her with Mr. Corcoran. Ms. Bobb, who was living in Florida, was told that she needed to go to Mar-a-Lago the next day to deal with an unspecified legal matter for Mr. Trump.

When she showed up the next day, Bobb complained that she didn’t know Corcoran, which is one of the reasons she wisely caveated the document before signing it.

“Wait a minute — I don’t know you,” Ms. Bobb replied to Mr. Corcoran’s request, according to a person to whom she later recounted the episode. She later complained that she did not have a full grasp of what was going on around her when she signed the document, according to two people who have heard her account.

And Bobb wasn’t the custodian of records. Someone decided to have someone unaffiliated with the Office of the Former President sign as custodian of records, thereby protecting Trump’s legal entity — the one served with the subpoena — from liability for the inadequate response.

She was, however, someone who — like Boris Epshteyn — likely has significant exposure for January 6, and even (per her testimony to January 6 Committee) witnessed Trump’s call to Brad Raffensperger.

But either Corcoran knew or suspected his own search was inadequate, or someone built in plausible deniability for him. DOJ may find out which it was on Friday.

As noted, this may help DOJ understand what has happened since Bobb’s initial testimony. Reports of her testimony came in the same days as initial reports that DOJ had told Trump they believed he still had classified records. Both Bloomberg and NYT described the tensions that arose among Trump’s lawyers as a result, with some objecting to any further certification.

Christopher M. Kise, who suggested hiring a forensic firm to search for additional documents, according to the people briefed on the matter.

But other lawyers in Mr. Trump’s circle — who have argued for taking a more adversarial posture in dealing with the Justice Department — disagreed with Mr. Kise’s approach. They talked Mr. Trump out of the idea and have encouraged him to maintain an aggressive stance toward the authorities, according to a person familiar with the matter.

That was in October. In November, Merrick Garland appointed Jack Smith. In late November, Trump hired Tim Parlatore to do the search Kise had recommended over a month earlier. The search found, and returned to DOJ, two documents with classification markings found in a separate storage facility.

But even as Trump lawyers were dribbling out details of the result of that search, they were hiding at least two more details: that a Trump aide had been carting around — and had uploaded via the cloud — White House schedules that included once-classified information. And, Parlatore’s searchers had discovered, there was another empty classified folder on Trump’s bedside table that hadn’t been discovered in the August search. Whether willful or not, both likely show that additional documents with classification markers were brought back to Mar-a-Lago after the August search.

Since the time in December DOJ tried to hold Trump in contempt for refusing to comply with the May subpoena, they have chased down the box of schedules and the computer to which they were uploaded and subpoenaed the extra empty classified folder. They have interviewed the people who did the search, as well as the lawyers that Boris Epshteyn was giving orders. Significantly, they also interviewed Alina Habba, whose own search of Mar-a-Lago for documents responsive to Tish James’ subpoena had obvious gaps, most notably the storage closet full of documents where a bunch of classified documents were being stored. And finally, after five months, they will answer the questions first made obvious after Bobb’s initial interview in October: what Trump told Corcoran to get him to do an inadequate search.

Which brings me to Question 6: What Trump said to Corcoran after he received a subpoena for security footage that Trump knew — but Corcoran may not have known — showed Walt Nauta moving boxes that would thereby be excluded from the search Corcoran had done in May and June. Since this was a call, it may well be one of the things about which Corcoran took notes or even a recording that he later transcribed. Also recall that there was a discrepancy as to the date of the subpoena (as well as whether Trump greeted Jay Bratt and others when they were at MAL) when the search was originally revealed last year, a discrepancy that led me to suspect DOJ first served a subpoena on Trump’s office and only then served a subpoena on Trump Organization. June 24 may have been the first date that Corcoran became aware that his representations about the search for documents was incomplete.

Here’s the point, though. Trump played a shell game in advance of the search that Corcoran did last summer. Alina Habba’s declaration, on its face, reflects a shell game. There’s reason to believe — given the box containing additional documents marked classified and the empty classified folder — that Trump played another shell game when Parlatore’s investigators searched in November and December. And Howell reportedly also approved a crime-fraud waiver for Jennifer Little, a lawyer representing Trump in conjunction with the Georgia investigation.

If Corcoran does testify tomorrow, it may crystalize DOJ’s understanding of that shell game, at least. Not only will that help DOJ understand if another shell game, one involving Parlatore, managed to hide still more documents in November and December. But it may help to understand any other shell games Trump engaged in in NY and GA.

It may also finally provide the basis to hold Trump in contempt for withholding further documents.

Share this entry

Just for Perspective: Investigations Take Longer When Presidents Don’t Wiretap Themselves

A few weeks ago, Peter Baker marked the day that the January 6 investigation has taken as long as the time between the burglary to Nixon’s resignation.

I reacted poorly to Baker’s claim to offer perspective; even on past presidential investigations, he has been overly credulous. And there’s really no comparison between Watergate and January 6, particularly if one compares — as Baker does — time-to-resignation under a still-sane Republican party with time-to-indictment in the MAGAt era. The comparison offers no perspective.

But I thought I’d take Baker up on the challenge, because the Watergate investigation offers a worthwhile way to demonstrate several of the reasons why the January 6 investigation is so much harder. (I plan to make running updates of this post because I expect feedback, particularly from people who know the Watergate investigation better than me, will help me fine tune this explanation.)

Same day arrests

In Watergate, the burglars were arrested in the act of breaking into the DNC headquarters.

On January 6, the cops tried to (and in a relative handful of cases, did) arrest people onsite. But this is the challenge they faced when they tried: Every attempted arrest required multiple officers to focus on one individual rather than the mob of thousands poised to invade the Capitol; every arrest was a diversion from the effort to defend the Capitol, Mike Pence, and members of Congress, with a woefully inadequate force.

In the case pictured above, the cops made a tactical decision to let Garret Miller go. After assuring the cops he only wanted to go home, just 33 minutes later, Miller burst through the East door with the rest of the mob.

There wasn’t a great delay in arrests of January 6 rioters, though. Nicholas Ochs, the first Proud Boy arrested, was arrested on January 7 when his flight home from DC landed in Hawaii.

Q-Shaman Jacob Chansley was arrested on January 8. The first person who would be convicted of a felony by a jury, Guy Reffitt, was arrested on January 15 (his son had tipped the FBI about him before the attack). The first person known to later enter into a cooperation agreement, Jon Schaffer, was arrested on January 17. Miller, pictured above, was rearrested January 20. VIP Stop the Steal associates Brandon Straka and Anthime “Baked Alaska” Gionet — the former of whom did provide and the latter of whom likely provided useful information on organizers to earn misdeamenor pleas — were arrested on January 25 and January 17, respectively. Joe Biggs — now on trial for sedition and an utterly critical pivot between the crime scene and those who coordinated with Trump — was arrested January 20, the same day that Joe Biden would, under tight security, be sworn in as President, the same day Steve Bannon’s last minute pardon was announced.

Kelly Meggs, the Oath keeper who facilitated cooperation among three militias who was convicted with Stewart Rhodes of sedition last November, was arrested on an already growing conspiracy indictment on February 19.

In the first month then, DOJ had already taken steps in an investigation implicating those who worked with Trump. The table below includes the arrests of some of the witnesses who will have an impact on an eventual Trump prosecution. There are others that I suspect are really important, but their role is not yet public.

Trial delays

The Watergate burglars didn’t go to trial right away. They were first indicted on September 15, 1972, 90 days after their arrest. Those who didn’t plead out went on trial January 8, 1973, 205 days after their arrest. Steps that John Sirica took during that trial — most notably, refusing to let the burglars take the fall and reading James McCord’s confession publicly — led directly to the possibility of further investigation. Nixon wouldn’t even commit his key crimes for over two months, in March.

That’s an important reminder, though: the Watergate investigation would have gone nowhere without that trial. That’s unsurprising. That’s how complex investigations in the US work.

Many people don’t understand, though, that there were two major delays before anyone could be brought to trial for January 6. First, COVID protocols had created a backlog of trials for people who were already in pretrial detention and for about 18 months, would limit the number of juries that could be seated. Efforts to keep grand jury members safe created similar backlogs, sometimes for months. In one conspiracy case I followed, prosecutors were ready to supersede several defendants into a conspiracy in April 2021, but did not get grand jury time to do so until September.

To make that bottleneck far, far worse, the nature of the attack and the sheer volume of media evidence about the event led DOJ to decide — in an effort to avoid missing exculpatory evidence that would undermine prosecutions — to make “global production” to all defendants. That required entering into several contracts, finding ways to package up media that started out in a range of different formats, getting special protective orders so one defendant wouldn’t expose personal details of another (though one defendant is or was under investigation for doing just that), then working with the public defenders’ office to effectively create a mirror of this system so prosecutors would have no access to defense filings. It was an incredibly complex process necessitated by the thing — the sheer amount of evidence from the crime scene — that has made it possible to prosecute so many of the crime scene culprits.

Here’s one of the memos DOJ issued to update the status of this process, one of the last global updates. Even at that point over a year after the attack, DOJ was just starting to move forward in a few limited cases by filling in what remained of discovery.

The first felony trial coming out of January 6 was that of Guy Reffitt, which started on March 3, 2022, a full 420 days after the event. Bringing him to trial that was made easier — possible even — because Reffitt never went into the Capitol itself, so didn’t have to wait until all global discovery was complete, and because there were several witnesses against him, including his own son.

The delays in discovery resulted in delays in plea deals too, as most defense attorneys believed they needed to wait until they had seen all of the discovery to make sure they advised their client appropriately.

Lots of people thought this process was unnecessary. But the decision to do it was utterly vindicated the other day, as DOJ started responding to defendants claiming that Tucker Carlson had found video that somehow proved their innocence. As I noted, prosecutors were able to point to the video shown by Tucker Carlson that he said vindicated Jacob Chansley and describe specifically when an unrelated defendant, Dominic Pezzola, had gotten what was effectively Chansley’s discovery.

The footage in question comes from the Capitol’s video surveillance system, commonly referred to as “CCTV” (for “closed-circuit television”). The Court will be familiar with the numerous CCTV clips that have been introduced as exhibits during this trial. The CCTV footage is core evidence in nearly every January 6 case, and it was produced en masse, labeled by camera number and by time, to all defense counsel in all cases.3 With the exception of one CCTV camera (where said footage totaled approximately 10 seconds and implicated an evacuation route), all of the footage played on television was disclosed to defendant Pezzola (and defendant Chansley) by September 24, 2021.4 The final 10 seconds of footage was produced in global discovery to all defense counsel on January 23, 2023. Pezzola’s Brady claim therefore fails at the threshold, because nothing has been suppressed. United States v. Blackley, 986 F. Supp. 600, 603 (D.D.C. 1997) (“For an item to be Brady, it must be something that is being ‘suppress[ed] by the prosecution.’”) (quoting Brady v. Maryland, 373 U.S. 83, 87 (1963)).

While discovery in this case is voluminous, the government has provided defense counsel with the necessary tools to readily identify relevant cameras within the CCTV to determine whether footage was produced or not. Accordingly, the volume of discovery does not excuse defense counsel from making reasonable efforts to ascertain whether an item has been produced before making representations about what was and was not produced, let alone before filing inaccurate and inflammatory allegations of discovery failures.

You may think the thirteen month delay for discovery was a waste of time. But it just prevented Tucker Carlson from being able to upend hundreds of prosecutions.

Obviously, most of the trials that have occurred in the last year won’t directly lead to Trump. Some will. I’ve said for 22 months that I think the Proud Boy trial is critical — and that won’t go to the jury for another two or three weeks yet. There are a number of steps that, I suspect, DOJ has been holding on pending the results of that trial, because so much else rides on it.

The Stewart Rhodes trial was likely helpful. I’ve suggested DOJ may use Danny Rodriguez as a way to tie Trump and Rudy Giuliani to the near-murder of Michael Fanone on an aid-and-abet theory. And there are a few more sleeper cases that seem to have greater significance than what went on at the Capitol that day.

Update: On May 4, 2023, a jury found four of the five Proud Boy leaders guilty of sedition. This trial was an important precursor for other investigative steps.

The legal uncertainty

In the Nixon case, there were fairly well established crimes: burglary, and obstruction of a criminal investigation.

I won’t say too much on this point, because I already have. But in this case, prosecutors were (and undoubtedly still are) trying to apply existing statute to an unprecedented event. One law they’ve used with a lot of the rioters — civil disorder — was already being appealed elsewhere in the country when prosecutors started applying to the January 6. Since then its legal certainty has been all-but solidified.

Far more importantly, the way prosecutors have applied obstruction of an official proceeding, 18 USC 1512(c)(2), has been challenged (starting with Garret Miller–the guy in the aborted arrest photo above) for over a year. That’s precisely the crime with which the January 6 Committee believes Trump should be charged (I advocated the same before their investigation even started in earnest); but I’m not sure whether Jack Smith will wait until the appeals on the law get resolved.

Still, DOJ has spent a great deal of time already trying to defend the legal approach they’ve used with the investigation.

Update: On April 7, the DC Circuit reversed Carl Nichols, holding that 18 USC 1512(c)(2) does not require a documentary component. That opinion raised new questions about the meaning of “corrupt purpose” under the statute. The Circuit rejected Fischer’s request for a rehearing, clearing the possibility of an appeal to SCOTUS. On May 11, the DC Circuit heard Thomas Robertson’s challenge to the same statute. Its decision in that case will almost certainly be the first DC Circuit ruling on “corrupt purpose” under the statute.

The insider scoop

For all the delays in setting up the January 6 Committee, it (and an earlier Senate Judiciary Committee inquiry into Jeffrey Clark’s efforts to undermine the vote) got started more quickly than Sam Ervin’s committee, which first started 11 months after the burglary.

Yet it only took Ervin’s Senate investigators about two months to discover their important insider, whose testimony would provide critical to both Congressional and criminal investigators. On July 13, 1973, Alexander Butterfield first revealed the existence of the White House taping system.

For all the January 6 Committee’s great work, it wasn’t until her third interview, on May 17, 2022, before Cassidy Hutchinson began to reveal more details of Trump’s unwillingness to take steps against his supporters chanting “Hang Mike Pence.” Even Hutchinson’s remarkable public testimony on June 28, 2022, when she described Trump demanding that his supporters be allowed to enter the Ellipse rally with the weapons Secret Service knew them to be carrying, is not known to have provided the kind of Rosetta stone to the conspiracy that disclosure of Nixon’s White House taping system did. In later testimony, Hutchinson provided key details about a cover-up. And her testimony provided leverage for first J6C and then, in at least two appearances, grand jury testimony from Pat Philbin and Pat Cipollone, the latter appearance of which came with an Executive Privilege waiver on December 2, 2022, 23 months after the attack.

Cell-xploitation

This brings us to the biggest difference in the timeline. Once the Senate and prosecutors learned that Nixon had effectively wiretapped himself, it turned the investigation into a fight over access to those materials.

The parts of the draft Nixon indictment that have been released describe a fairly narrow conspiracy. The proof against Nixon would have comprised, in significant part:

  • The report John Dean did disclaiming a tie to the break-in
  • Proof of payments to Howard Hunt
  • White House recordings, primarily from several days in March 1973, proving that Nixon had the payments arranged

That is, in addition to the James McCord confession and John Dean’s cooperation, any charges against Nixon relied on recordings Nixon himself had made, the import of which were made all the more salient with the disclosure of the 18-minute gap.

One thing likely made the January 6 prosecution easier: The sheer amount of data available to prosecutors using subpoenas. We have yet to see any of that with regards to organizers (though we know that Denver Riggelman, with far weaker subpoena power, was able to do a detailed map of ties between Trump, organizers, and mobsters).

There will undoubtedly be a great deal of evidence obtained from cloud companies. The only hint of this process we know about yet involves the emails from Jeffrey Clark, Ken Klukowski, John Eastman, and one other person, who is not a lawyer. DOJ had obtained emails from them with a warrant by last May. They have undoubtedly done the same for dozens of other subjects (beyond those arrested from the crime scene, where they have done so as well), but we won’t know about it until we see it in indictments.

But even that is not always easy. DOJ has spent seven months so far getting Peter Navarro to turn over emails from his Proton Mail account covered by the Presidential Records Act. Judge Colleen Kollar-Kotelly just issued an order requiring him to turn the emails over, but it’s not clear whether he’ll further obstruct this effort to simply enforce his normal record-keeping obligations.

But one challenge that didn’t exist fifty years ago makes prosecutors jobs much harder: the need to obtain and exploit individual cell phones to obtain encrypted communications — things like Signal and Telegram chats — not otherwise available. In Enrique Tarrio’s case, simply breaking into the phone took most of a year. In Rudy Giuliani’s case (his phones were first obtained in the Ukraine investigation starting on Lisa Monaco’s first day on the job, but the results would be available with a separate warrant here), it took a nine month Special Master review. In Scott Perry’s case, his speech and debate claims will be appealed to SCOTUS. The table below shows whose phones we know to have been obtained, including how long it took to exploit the phones to the extent that became public (It does not show known cloud content obtained; much of that remains secret.)

The point being, even for the Proud Boys and Oath Keeper cases, you had to get one phone, use it to get probable cause on the next guy, then get his phone to use it to get probable cause on the next guy. This process is very obviously at the stage where both Alex Jones and Roger Stone would be in prosecutors’ sights, as well as much of the fake elector plot. But that’s still several steps away from people like Mark Meadows, who would necessarily be involved in any Trump prosecution.

Privilege

When DOJ subpoenaed the two Pats last summer, multiple media outlets reported that subpoenaing the White House counsels was particularly “aggressive.”

Two top lawyers who worked in the White House under former President Donald Trump have been subpoenaed to appear before a federal grand jury investigating the events leading up to the Jan. 6, 2021, attack on the Capitol, people familiar with the matter said, in the latest sign that the Justice Department’s probe is entering a more aggressive phase.

Mr. Trump’s White House counsel Pat Cipollone and his deputy Pat Philbin received subpoenas in recent days seeking documents and testimony, the people said. [my emphasis]

But as coverage of, first, Mike Pence’s two aides and, then, the two Pats being compelled to testify about topics Trump had claim was privileged noted, it’s not actually a new or particularly aggressive thing to ask White House counsels to testify. Indeed, John Dean’s cooperation — the most important part of holding Nixon accountable — arose after he had gotten himself deeper and deeper into Nixon’s cover-up.

And in spite of the Nixon precedent that said there were limits to Executive Privilege, and in spite of the DC Circuit ruling that the import of investigation January 6 overcame Trump’s Executive Privilege claims, even with Congress, Trump has used — and DOJ has been obligated to navigate — a series of privilege claims to delay the investigation.

As I’ve noted, there are close to thirty key witnesses or subjects whose attorney-client claims have to be carefully addressed to avoid blowing both that case and those of any downstream investigation.

In the case of Scott Perry, DOJ has spent six months trying to get into his phone. That delay is not a sign of lassitude. On the contrary, it’s a sign they’re including subjects who very rarely get investigated in the investigation.

Update: On April 21 and 22, seven-plus months after DOJ seized his phone (which is often how long exploitation takes), Boris Epshteyn spent two days interviewing with Jack Smith’s prosecutors though not — at least by description — appearing before the grand jury. He played a key role in both January 6 and the stolen documents case.

Cooperating witnesses

According to this timeline, John Dean started cooperating on April 6, 1973, almost ten months after the arrest of the burglars, though just a few weeks after the day of Nixon’s crimes as alleged in the draft indictment.

As noted on this table, there were people who entered into cooperation agreements more quickly than that, but it’s not clear who of them will help prosecute those closer to Trump. As I keep noting, I’m really dubious of the value of Brandon Straka’s cooperation.

There are maybe 30 to 35 known known cooperators in January 6, but most only cooperated against their buddies, and most of those prosecutions didn’t much build prosecutions related to Trump.

This table only includes a few of the cooperating witnesses — the first (Schaffer, the nature of whose cooperation is still totally obscure), the dubious cooperation of Straka and, potentially, Gionet, the most important of at least five Proud Boy cooperators, Jeremy Bertino, and the most important of at least eight Oath Keeper cooperators, Joshua James.

James, along with a few of the other Oath Keeper cooperators, might help prosecute Roger Stone. But there is no one on this list who has the goods on Trump, like John Dean did. No one even close.

That said, we wouldn’t necessarily know if someone closer to Trump were cooperating. Even some people who are secondary cooperators remain entirely obscure, both that they are cooperating, and the extent of their knowledge. I suspect several people are cooperating — I even have specific people in mind, based on other details. But we won’t know anytime soon if someone has flipped on Donald Trump.

And given the ferociousness of his supporters and the aggressiveness of Trump’s obstruction that’s a good thing.

Update, May 26: I’ve updated the table below to reflect the Oath Keeper sentences and the Proud Boy verdict.

Share this entry

KT McFarland Likened Trump’s Transition Interventions to the Iran October Surprise

In an FBI interview on September 14, 2017, KT McFarland likened Mike Flynn’s transition period interference with Obama policy to Richard Nixon’s Chennault Affair and what she called Reagan’s “purported dealings with Iran to free American hostages.”

Based on her study of prior presidential transitions, McFarland believed the sorts of things Flynn did were not unusual. She cited Richard Nixon’s involvement in Vietnam War peace talks and Ronald Reagan’s purported dealings with Iran to free American hostages during their transitions as precedent for proactive foreign policy engagements by an incoming administration. Most incoming administrations did similar things. No “red light” or “alarm bells” went off in her head when she head what Flynn was doing. The President-elect made his support for Israel very clear during the campaign and contrasted his position with President Obama, who he believed had not treated Israel fairly.

To be clear: She was only talking about Flynn’s request of Russia, on December 22, to help stave off a UN vote condemning Israeli illegal settlements. At that point in September 2017, she was still claiming not to remember the calls Flynn made on December 29 to undermine Obama’s sanctions on Russia itself. She wouldn’t unforget those calls until after Flynn pled guilty a month and a half later.

But to the extent that she was happy to acknowledge that Trump’s National Security Advisor — her boss — was undermining US policy, she rationalized it by comparing it to Nixon and Reagan’s efforts to undermine US policy for political gain.

Only, it wasn’t just Flynn involved in undermining Obama’s foreign policy. Records from Mueller’s investigation show the following sequence on December 22:

  • 6:02AM: A “senior advisor to a Republican Senator” writes McFarland, cc’ing Flynn and others, warning that the UNSC was “voting to condemn Israeli settlements at 10a.m.” yet Obama was silent
  • 8:46AM: Flynn and Kushner speak for four minutes
  • 8:53AM: Flynn calls Sergei Kislyak, then calls a representative of the Egyptian government and speaks to him for four minutes
  • 8:59AM Flynn speaks to Kislyak for three minutes
  • Flynn had “several additional” calls with the representative of the Egyptian government
  • Egypt delayed the vote

When the President’s son-in-law read a draft statement from Egypt noting that Abdel Fattah El-Sisi had spoken with Trump that day and had “agreed to lay the groundwork … to drive the establishment of a true peace between the Arabs and the Israelis,” Kushner asked whether they could alter the statement. “Can we make it clear that Al Sisi reached out to DJT so it doesn’t look like we reached out to intercede?” He then falsely claimed, on an email with others like Reince Priebus that, “This happens to be the true fact pattern and better for this to be out there.”

Only it wasn’t the true fact pattern. Flynn had reached out. Not Sisi.

Indeed, this incident was probably the start of Kushner’s Abraham Accords, which in turn probably relates to why the Saudis paid Kushner $2 billion after he left the White House.

And it wasn’t just Flynn involved. Flynn made all these calls from Mar-a-Lago. After Egypt delayed the vote, McFarland bragged that Flynn, “had worked it all day with trump from Mara lago.” [my emphasis]

Trump was involved too.

That December 22 transcript was withheld from those released in 2020. But on a later call with Kislyak — the one where he asked Kislyak to hold off on sanctions — analysts suggested “he may be using a speaker phone.” Had Flynn used a speaker phone on December 22, when he was in Mar-a-Lago with Trump, Trump would have been on that call as well.

The next day, McFarland bragged still some more. She suggested Flynn should leak to the press about,

the crucial role [he] played in working your contacts built up over the decades to get administration ambush Israel headed off. You worked the phones with Japanese Russians Egyptians Spanish etc and reversed a sure defeat for Israel by kerry/Obama/susan rice/samantha power cabal.

In 2016, McFarland wanted Flynn to get credit in the press that he had undermined US policy to help Israel. In 2017, she rationalized doing so because Nixon and Reagan had done similar things in their day.

I raise all this not just because I wonder whether Bill Barr killed the investigation into whether Egypt kept Trump’s campaign alive in September 2016 with a $10 million donation.

I raise all this because NYT, on the verge of Jimmy Carter’s death, has finally revealed who reached out to Iran to get them to hold Americans hostage longer to help Reagan win the White House.

It was former Texas Governor John Connolly.

It was 1980 and Jimmy Carter was in the White House, bedeviled by a hostage crisis in Iran that had paralyzed his presidency and hampered his effort to win a second term. Mr. Carter’s best chance for victory was to free the 52 Americans held captive before Election Day. That was something that Mr. Barnes said his mentor was determined to prevent.

His mentor was John B. Connally Jr., a titan of American politics and former Texas governor who had served three presidents and just lost his own bid for the White House. A former Democrat, Mr. Connally had sought the Republican nomination in 1980 only to be swamped by former Gov. Ronald Reagan of California. Now Mr. Connally resolved to help Mr. Reagan beat Mr. Carter and in the process, Mr. Barnes said, make his own case for becoming secretary of state or defense in a new administration.

What happened next Mr. Barnes has largely kept secret for nearly 43 years. Mr. Connally, he said, took him to one Middle Eastern capital after another that summer, meeting with a host of regional leaders to deliver a blunt message to be passed to Iran: Don’t release the hostages before the election. Mr. Reagan will win and give you a better deal.

Then shortly after returning home, Mr. Barnes said, Mr. Connally reported to William J. Casey, the chairman of Mr. Reagan’s campaign and later director of the Central Intelligence Agency, briefing him about the trip in an airport lounge.

At that moment of history, when Reagan won a victory in part thanks to Connally’s sacrifice of Americans’ freedom, KT McFarland was at the height of her credibility on foreign policy, fresh off going ABD in a PhD program. With the new Republican regime, she worked first for Texas Senator John Tower on the Senate Armed Services Committee, then for Cap Weinberger at DOD.

KT McFarland, who derives any foreign policy credibility to that moment created by an effort to harm US policy for political gain, likened what Trump did to what Reagan had done before.

Share this entry

Beryl Howell’s Biggest Secret: Whether Bill Barr Killed the Egyptian Bank Investigation

As I noted, Judge Beryl Howell ended her tenure as DC’s Chief Judge yesterday decisively, ruling that Evan Corcoran must testify about topics she has found to be crime-fraud excepted.

By dint of age and tenure, Howell was appointed Chief Judge just in time to preside over the most remarkable set of investigations against a sitting and former President: the Mueller investigation and certain follow-on investigations, the January 6 investigation, and the stolen documents investigation.

And now Jeb Boasberg gets to pick up her work. Like Howell, he’s an Obama appointee; he already did a stint presiding over the FISA Court.

Howell’s decision requiring Corcoran to testify elicited all sorts of superlative language about the import of the decision. I’ll return to the number of other Trump lawyers against whom Howell has already approved legal process. The Corcoran decision really is not that unusual in the twin Jack Smith investigations. Or even in the other grand juries over which Howell has presided.

Indeed, the fruits of a warrant Howell approved on August 1, 2017 as part of an investigation into suspicious payments (especially those from Viktor Vekelselberg) to Michael Cohen’s Essential Consultants’ bank account, will likely yield Donald Trump’s first criminal indictment next week. Referrals of part of the resulting investigation to SDNY led to Cohen’s 2018 prosecution, including on the hush payments scheme. NYC has started making security preparations for Trump’s arrest on the same campaign finance scheme next week.

To repeat: a fairly uncontroversial decision Howell made six years ago — to approve the first of a series of warrants targeting Trump’s personal lawyer, Michael Cohen — will have played a part if and when Alvin Bragg indicts Trump next week.

Howell’s colleagues razzed her yesterday about all the secrets she may keep from the past seven years.

Howell seemed to freeze in her seat as the most senior jurist on the court, Judge Paul Friedman, publicly described her still-secret rulings in grand jury-related matters, pointing to press accounts of Howell ruling in favor of Trump in a contempt dispute over his office’s response to a grand jury subpoena for classified records and against Trump on an effort to assert attorney-client privilege in the same probe.

“What fascinating issues!” Friedman declared wryly as Howell remained stone-faced on the dais. “We’d all love to read her opinions, but we can’t,” he said to laughter.

Friedman did note, however, that Howell had issued 100 secret grand jury opinions during her seven-year term.

Another colleague, Judge Tanya Chutkan, also alluded to Howell’s work resolving disputes related to the court’s grand juries over the past seven years.

“There’s so much work Chief Judge Howell has done that we may never know about,” Chutkan said.

In an interview with Zoe Tillman, though, Howell suggested she expects some of it will be unsealed.

Howell said she was still processing the past seven years.

“A lot of my work in the grand jury arena remains under seal, so it is going to be very hard to say what my legacy will be until after some of that work gets unsealed and people are able to evaluate it,” she said.

I expect a good deal of her recent work will be unsealed, in fairly short order.

It bears reminding, though, that Judge Howell attempted to share information about what she had been overseeing in a grand jury with the House Judiciary Committee in 2019. In a 75-page opinion invoking the Federalist papers and defending separation of powers, Howell issued a ruling that should have been uncontroversial: that the House could have grand jury materials in contemplation of impeachment.

In her opinion, Howell cited a number of the things the House might get with grand jury testimony. They included Paul Manafort’s description of how Trump ordered him to chase the documents stolen from Hillary.

Again, the Mueller Report recounts an incident when then-candidate Trump spoke to associates indicating that he may have had advance knowledge of damaging leaks of documents illegally obtained through hacks by the Russians, stating “shortly after WikiLeaks’s July 22, 2016 release of hacked documents, [Manafort] spoke to Trump [redacted]; Manafort recalled that Trump responded that Manafort should [redacted] keep Trump updated. Deputy campaign manager Rick Gates said that . . . Manafort instructed Gates [redacted] status updates on upcoming releases. Around the same time, Gates was with Trump on a trip to an airport [redacted], and shortly after the call ended, Trump told Gates that more releases of damaging information would be coming.” Id. at II-18 (footnotes omitted) (redactions in original, with citation in footnote 27 redacted due to grand jury secrecy).

They included Don Jr’s refusal to testify to the grand jury about the June 9 meeting.

[A] discussion related to the Trump Tower Meeting contains two grand jury redactions: “On July 12, 2017, the Special Counsel’s Office [redacted] Trump Jr. [redacted] related to the June 9 meeting and those who attended the June 9 meeting.” Id. at II-105 (redactions in original).

They included Manafort’s details of his discussions with Konstantin Kilimnik.

The Mueller Report further recounts evidence suggesting that then-candidate Trump may have received advance information about Russia’s interference activities, stating:

Manafort, for his part, told the Office that, shortly after WikiLeaks’s July 22 release, Manafort also spoke with candidate Trump [redacted]. Manafort also [redacted] wanted to be kept apprised of any developments with WikiLeaks and separately told Gates to keep in touch [redacted] about future WikiLeaks releases. According to Gates, by the late summer of 2016, the Trump campaign was planning a press strategy, a communications campaign, and messaging based on the possible release of Clinton emails by WikiLeaks. [Redacted] while Trump and Gates were driving to LaGuardia Airport. [Redacted], shortly after the call candidate Trump told Gates that more releases of damaging information would be coming.

Id. at I-53–54 (footnotes omitted) (redactions in original, with citation in referenced footnote 206 redacted due to grand jury secrecy).

But Bill Barr’s DOJ, after having challenged the uncontroversial notion that the House should be permitted to receive what was obviously an impeachment referral, appealed to the DC Circuit, lost, and then stalled long enough to outlast Congress. Bill Barr effectively refused to let Congress receive and act on an impeachment referral. But Howell did her constitutionally mandated part.

It’s an action DOJ took during precisely the period when Barr was stalling long enough to outlast Congress that, in my mind, is the biggest secret Howell takes from her tenure: What happened with an investigation into a suspected $10 million donation in September 2016 from an Egyptian-owned bank that allowed Trump to stay in the race when he was running out of funds. Though aspects of the investigation were dribbled out in grand jury unsealings from Howell along the way, CNN first confirmed the Egyptian bank angle in 2020.

For more than three years, federal prosecutors investigated whether money flowing through an Egyptian state-owned bank could have backed millions of dollars Donald Trump donated to his own campaign days before he won the 2016 election, multiple sources familiar with the investigation told CNN.

The investigation, which both predated and outlasted special counsel Robert Mueller’s probe, examined whether there was an illegal foreign campaign contribution. It represents one of the most prolonged efforts by federal investigators to understand the President’s foreign financial ties, and became a significant but hidden part of the special counsel’s pursuits.

The investigation was kept so secret that at one point investigators locked down an entire floor of a federal courthouse in Washington, DC, so Mueller’s team could fight for the Egyptian bank’s records in closed-door court proceedings following a grand jury subpoena. The probe, which closed this summer with no charges filed, has never before been described publicly.

Prosecutors suspected there could be a link between the Egyptian bank and Trump’s campaign contribution, according to several of the sources, but they could never prove a connection.

Shortly after the investigation was killed, Barr went up to Hillsdale College and ranted about prosecuting corruption.

This criminalization of politics is not healthy. The criminal law is supposed to be reserved for the most egregious misconduct — conduct so bad that our society has decided it requires serious punishment, up to and including being locked away in a cage. These tools are not built to resolve political disputes and it would be a decidedly bad development for us to go the way of third world nations where new administrations routinely prosecute their predecessors for various ill-defined crimes against the state. The political winners ritually prosecuting the political losers is not the stuff of a mature democracy.

The Justice Department abets this culture of criminalization when we are not disciplined about what charges we will bring and what legal theories we will bless. Rather than root out true crimes — while leaving ethically dubious conduct to the voters — our prosecutors have all too often inserted themselves into the political process based on the flimsiest of legal theories. We have seen this time and again, with prosecutors bringing ill-conceived charges against prominent political figures, or launching debilitating investigations that thrust the Justice Department into the middle of the political process and preempt the ability of the people to decide.

This criminalization of politics will only worsen until we change the culture of concocting new legal theories to criminalize all manner of questionable conduct. Smart, ambitious lawyers have sought to amass glory by prosecuting prominent public figures since the Roman Republic. It is utterly unsurprising that prosecutors continue to do so today to the extent the Justice Department’s leaders will permit it.

Even at the time — with the Mike Flynn, Roger Stone, and Paul Manafort cases — it was clear that Barr was engaged in fairly unprecedented corruption of DOJ to protect Trump. Since then, we’ve learned of more. Most notably, as we await a potential Bragg indictment, Geoffrey Berman described how, after Cohen pled guilty in the hush payment case, Barr not only shut down any investigation of Trump on the charge, but attempted to reverse Cohen’s own prosecution.

While Cohen had pleaded guilty, our office continued to pursue investigations related to other possible campaign finance violations. When Barr took over in February 2019, he not only tried to kill the ongoing investigations but—incredibly—suggested that Cohen’s conviction on campaign finance charges be reversed.

Barr summoned Rob Khuzami in late February to challenge the basis of Cohen’s plea as well as the reasoning behind pursuing similar campaign finance charges against other individuals. Khuzami was told to cease all investigative work on the campaign finance allegations until the Office of Legal Counsel, an important part of Main Justice, determined there was a legal basis for the campaign finance charges to which Cohen pleaded guilty—and until Barr determined there was a sufficient federal interest in pursuing charges against others.

Barr even attempted to put supervision of the case in the hands of Richard Donoghue, as he did do with the Rudy Giuliani case.

Given that Barr didn’t think Trump should be prosecuted for the Cohen illegal contribution case, there’s no telling what he thought of the suspected Egyptian bank donation. Certainly, he was in complete control of DC USAO at the time, if he wanted to shut down an otherwise viable investigation.

We are, as Howell herself said, likely to know much of what she has been doing for the last two years. But her biggest secret is whether Bill Barr prevented DOJ from fully attempting to learn whether Donald Trump was beholden to Egypt or some other foreign country for the entirety of the time he served as President.

Share this entry

Tucker’s Putin Envy

There was a part of the Global Threats Report presented to both the Senate and House Intelligence Committees last week that deserves more attention. In the middle of the section on Russia’s influence operations, the report predicted that Russia will “try to strengthen ties to U.S. persons in the media and politics in hopes of developing vectors for future influence operations.”

It is the judgment of the intelligence community, per the report, that Russia is trying to cultivate “US persons in the media and politics” as part of its foundation for future influence operations.

Russia presents one of the most serious foreign influence threats to the United States, because it uses its intelligence services, proxies, and wide-ranging influence tools to try to divide Western alliances and increase its sway around the world, while attempting to undermine U.S. global standing, sow discord inside the United States, and influence U.S. voters and decisionmaking. Moscow probably will build on these approaches to try to undermine the United States as opportunities arise. Russia and its influence actors are adept at capitalizing on current events in the United States to push Moscow-friendly positions to Western audiences. Russian officials, including Putin himself, and influence actors routinely inject themselves into contentious U.S. issues, even if that causes the Kremlin to take a public stand on U.S. domestic political matters.

  • Moscow views U.S. elections as opportunities for malign influence as part of its larger foreign policy strategy. Moscow has conducted influence operations against U.S. elections for decades, including as recently as the U.S. midterm elections in 2022. It will try to strengthen ties to U.S. persons in the media and politics in hopes of developing vectors for future influence operations.
  • Russia’s influence actors have adapted their efforts to increasingly hide their hand, laundering their preferred messaging through a vast ecosystem of Russian proxy websites, individuals, and organizations that appear to be independent news sources. Moscow seeds original stories or amplifies preexisting popular or divisive discourse using a network of state media, proxy, and social media influence actors and then intensifies that content to further penetrate the Western information environment. These activities can include disseminating false content and amplifying information perceived as beneficial to Russian influence efforts or conspiracy theories. [italicized bold original, underline my emphasis]

This is not new news. Obviously Russia has been cultivating both journalists and politicians in recent years, often by inviting them for big shindigs in Russia, after which, over the course of years, they come to spout more and more Russian propaganda uncritically.

It’s is noteworthy that the IC stuck this detail amid discussions about election interference and Ukraine mobilization, because Russia has had renewed success of late getting entertainers and politicians to magnify inflammatory and often false claims about Ukraine.

The judgement came out the same week that Tucker Carlson (whose Ukraine invasion anniversary special was breathtaking even by his standards of propaganda) provided more details of the time, in summer 2021, he was informed that the NSA had discovered his back channel contacts to Putin.

The story starts when Tucker squeals that he’s envious of the podcasters because they got to go to Russia, but he might be arrested if he went. Throughout the show, his interviewers operate on the assumption that Russia is the threat to Tucker, but he suggests State or FBI is.

Tucker: Now I’m envious.

[snip]

Full Send: But everyone told us not to go obviously, but. We knew we were with good people. So after that, it was all good, but.

Tucker: Oh, I want to go. I’ve never been there!

Full Send: You feel it though, it is real scary. There’s like military checkpoints.

Tucker: Oh yeah!

Full Send: It’s … it’s serious shit.

Full Send 2: Would you have gone with him or no?

Tucker: I can’t go to Russia. I honestly think I would be arrested.

Full Send: Yeah, they get you.

Tucker: Which is outrageous because, I’m a journalist, and I’ve been all over the world. I feel like I’ve been everywhere except Russia. And Russia is a combatant in a war that’s changing the world, and like I should go see it. And I was planning it and then I got stopped by the US government from doing it.

Full Send: Oh, you were gonna go? What were going to do?

Tucker: Interview Putin. Why wouldn’t I?

Full Send: You had it set up? Damn!

Tucker: I was working on it and then they broke into my text messages — the NSA broke into my Signal account, which I didn’t know they could do —

Full Send: Oh so Signal’s not even safe!

Tucker: Signal is not safe. It’s not safe. Signal’s not safe.

Full Send: I know people think WhatsApp’s safe.

Tucker: WhatsApp?!?! WhatsApp is not — you know what’s safe? And ask any mafia Don. Park your car in front of the liquor store. Leave your phone in the vehicle, in your Caprice Classic, and walk out behind the liquor store, in the vacant lot back there with the WINOs, to talk to the person you want to talk to.

Full Send 2: How many times have you done that?

Tucker: Zero. Cause I’m like lazy. I’m like whoa! And I’m — actually I always say to myself, I’m not hiding anything. I don’t have a secret life. I’m pretty upfront. And some people like it and some people don’t. Of course, but, I’m not hiding anything. But I was definitely hiding my plan to go interview Putin, just because it’s an interview. It’s no one’s business.

Full Send 2: So how did that happen? How do you know the NSA broke into your Signal?

Tucker: Because they admitted it.

Full Send: Really?

Tucker: Oh yeah!

Full Send: Can you tell us about it? Like how did you find out?

Tucker: I got a call from somebody in Washington who’s — who would know. Just trust me. So I went up there for another reason. But this person said, you know, you going to come to Washington anytime soon? This was a year and a half ago, and I was like, yeah, actually I’m going to be up in a week. He’s like, meet me Sunday morning. So weird. Like, who does that? Just text me, you know what I mean? Just text me. No. So I go and this person’s like — and this is someone who would know — Um, are you planning a trip to go see Putin? This was the summer before the war started. I was like, how would you know that? I haven’t told anybody that, I mean, anybody. Not my brother, not my wife, nobody. Just because, you know, it’s one of a million things you’re working on, but that was one of them. I want to go interview Putin. Why wouldn’t I want to go interview Putin?

Full Send 2: Of course.

Tucker: I want to interview Xi, I want to interview everybody. Right? That’s kind of my job.

Full Send: We want to get Kim Jong Un on here one day.

Tucker: Of course! Of course! We met him.

Full Send: You did? We gotta talk about that. Holy shit.

Tucker: Yup. Super interesting. But anyway, um, how would you know that? Because NSA pulled your texts with this other person you were texting. How did you know that? And so I immediately, I was intimidated, I’m embarrassed to admit, but I was, I was completely freaked out by it. I called a US Senator, who I know — not that well, but it seems like a trustworthy person, and I told him the story, I just want to tell you this, and then I went on TV on Monday and I’m like this happened. And so they had — Congress asked NSA and NSA’s like, yes we did this, but for good reason. What would be a good reason to read my — you know, what? But the head of NSA, it’s fine, cause everyone’s in on it, Republicans and Democrats are all in on it. And by it I mean the assumption that there’s no privacy whatsoever, that they have a right to know everything you’re saying and thinking,

Full Send: That shit’s scary.

Tucker: And that’s just not a right as far as I’m concerned. By the way, if you have no privacy you have no freedom. [my emphasis]

Parts of Tucker’s commentary provides more detail on the incident than previous reporting did, which I covered here and here. As Jonathan Swan reported, the IC collected communications showing a back channel effort to set up a meeting with Putin.

Tucker Carlson was talking to U.S.-based Kremlin intermediaries about setting up an interview with Vladimir Putin shortly before the Fox News host accused the National Security Agency of spying on him, sources familiar with the conversations tell Axios.

[snip]

The intrigue: Two sources familiar with Carlson’s communications said his two Kremlin intermediaries live in the United States, but the sources could not confirm whether both are American citizens or whether both were on U.S. soil at the time they communicated with Carlson.

  • This is relevant because if one of them was a foreign national and on foreign soil during the communications, the U.S. government wouldn’t necessarily have had to seek approval to monitor their communications.

On Maria Bartiromo’s show in 2021, Tucker pointed to what was undoubtedly reporting done in the wake of his initial story — quite likely Swan’s own story (indeed, Tucker could well be one of Swan’s two sources) — and claimed it was proof the NSA was leaking information about him.

In the Bartiromo appearance, Tucker spoke in terms of a single email arranging an imminent trip to Russia.

In last week’s podcast, in addition to reiterating that Tucker is not trying to hide anything but oh yeah he was trying to hide his back channel to Putin, even from his spouse, Tucker adds two details: After he learned about it, he reached out to a (male) Senator to look into it, and the communications obtained include Signal texts, not just a single email.

In the past, I had suggested that Tucker’s tipster might be a member of Congress — a Gang of Eight member like Devin Nunes or Kevin McCarthy — or someone close to them (like Kash Patel). The fact that Tucker called a Senator in response (then Chair of the Senate Intelligence Committee Marco Rubio would make sense given the details he provides), and not someone he was closer to like Nunes, makes it more likely his initial tipster had a tie to the House. The focus on the Senate response may suggest this came up again in the Global Threats hearing, during the closed session.

The detail that, per Tucker, in addition to the email he sent about arranging a then-imminent trip to Russia, they also got Signal texts is more interesting, but it doesn’t mean he was the target or that they broke into his phone.

It does suggest that there could have been two different tracks going on: the discussion, over email, about a trip to Russia, one his producer knew about, and another more sensitive discussion going on via Signal.

We do know, however, that Tucker hasn’t hidden past interview preparation. Indeed, his outreach to Viktor Orbán was quite overt and gleeful. So his explanations about why he would want to hide preparation for a Putin interview don’t hold up.

Remember: When Tucker sent his now former investigative producer to try to FOIA this information from NSA (via a FOIA that was guaranteed to fail), he asked for 30 months of data, going back to January 1, 2019. That’s more than a single email to set up a meeting with Putin.

Rather than taking this as a tip that the back channels via which he was (at least) trying to set up a meeting with Putin are considered — even by Republican Senators — legitimate intelligence targets, possibly Russian spies, Tucker has instead spun up conspiracy theories. And that has, in turn, led him to suggest he faces a bigger threat from the US State Department than he would from Russian military checkpoints.

Update: On Twitter, MD suggested that Rand Paul may have been the Senator Tucker approached, given that he wrote a letter to General Nakasone. It’s an interesting possibility, especially given Russia’s cultivation of Rand and his father as well as the suggestion that whatever Senator he approached was ultimately satisfied with the explanation.

Share this entry