GRU’s Alice Donovan Persona Warned of a WannaCry-Like Event a Year before It Happened

As I disclosed last month, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

In this post, I suggested that The Shadow Brokers persona served as a stick to the carrots Vladimir Putin dangled in front of Donald Trump. When Donald Trump took an action — bombing Syria to punish Bashar al-Assad — that violated what I believe to be one of the key payoffs in the election quid pro quo, Shadow Brokers first bitched mightily, then released a bunch of powerful NSA tools that would soon lead to the WannaCry global malware attack.

It turns out GRU warned of that kind of attack a year before it happened.

One of the tidbits dropped into a very tidbit-filled GRU indictment is that GRU ran the Alice Donovan propaganda persona.

On or about June 8, 2016, and at approximately the same time that the dcleaks.com website was launched, the Conspirators created a DCLeaks Facebook page using a preexisting social media account under the fictitious name “Alice Donovan.”

That tidbit has led to some follow-up on the Donovan figure, including this typically great DFRLab piece arguing that Russia had two parallel streams of troll campaigns, the Internet Research Agency one focused on the election, and the GRU one focused on foreign policy.

Donovan was first exposed in December of last year after WaPo reported on and CounterPunch did a review of “her” work after then WaPo reporter Adam Entous contacted CP after learning the FBI believed “she” had some tie to Russia.

We received a call on Thursday morning, November 30, from Adam Entous, a national security reporter at the Washington Post. Entous said that he had a weird question to ask about one of our contributors. What did we know about Alice Donovan? It was indeed an odd question. The name was only faintly familiar. Entous said that he was asking because he’d been leaked an FBI document alleging that “Alice Donovan” was a fictitious identity with some relationship to Russia. He described the FBI document as stating that “Donovan” began pitching stories to websites in early 2016. The document cites an article titled “Cyberwarfare: Challenge of Tomorrow.”

As both pieces emphasize, the first article that Donovan pitched — and “she” pitched it to multiple outlets — pertained to cyberattacks, specifically to ransomware attacks on hospitals.

The article was first published in Veterans Today on April 26, 2016. That’s the same day that Joseph Mifsud first told George Papadopoulos Russia had emails — emails hacked by Donovan’s operators — they planned to leak to help defeat Hillary Clinton.

CounterPunch published the cybersecurity article on April 29. That’s the day the DNC first figured out that GRU (and FSB’s APT 29) had hacked them.

Those dates may well be coincidences (though they make it clear the Donovan persona paralleled the hack-and-leak campaign). I’m less sure about the third publication of the article, in Mint Press, on August 17, 2016, just four days after Shadow Brokers went live. So just days after Shadow Brokers had called out, “!!! Attention government sponsors of cyber warfare and those who profit from it !!!” an article was republished with the penultimate paragraph accusing the US of planning to shut down Iran’s power grid.

Moreover, the U.S. has been designing crippling cyber attack plans targeting the civilian sector. In case its nuclear negotiations with Iran failed, the U.S. was prepared to shut down the country’s power grid and communications networks.

The basis for that accusation was actually this article, but “Donovan” took out the reference (bolded below) to GRU’s attack on Ukraine’s power grid in the original.

Today such ransomware attacks are largely the work of criminal actors looking for a quick payoff, but the underlying techniques are already part of military planning for state-sponsored cyberwarfare. Russia showcased the civilian targeting of modern hybrid operations in its attack on Ukraine’s power grid, which included software designed to physically destroy computer equipment. Even the US has been designing crippling cyberattack plans targeting the civilian sector. In case its nuclear negotiations with Iran failed, the US was prepared to shut down the country’s power grid and communications networks.

Imagine a future “first strike” cyberattack in which a nation burrowed its way deeply into the industrial and commercial networks of another state and deployed ransomware across its entire private sector, flipping a single switch to hold the entire country for ransom. Such a nightmare scenario is unfortunately far closer than anyone might think. [my emphasis]

And “Donovan” adds in this sentence (from elsewhere in the Forbes article).

Government itself, including its most senior intelligence and national security officials are no better off when a single phishing email can redirect their home phone service and personal email accounts.

When this article was first published, the memory was still fresh of the Crackas with Attitude hack, where self-described teenagers managed to hack John Brennan and James Clapper and forward the latter’s communications (among the men serving prison sentences for this attack are two adult Americans, Andrew Otto Boggs and Justin Liverman).

Most of the rest of the article uses the threat of malware attacks on hospitals to illustrate the vulnerability of civilian infrastructure to cyberattack. It cites a Kaspersky proof of concept (recall that Shadow Brokers included a long play with Kaspersky). It cites an FBI agent attributing much of this hacking to Eastern Europe.

Stangl said the hackers, most of them from Eastern Europe, have increasingly targeted businesses, which are often able to pay more than individuals to unlock data. The hackers “scan the Internet for companies that post their contact information,” then send them email phishing attacks. Unsuspecting employees, Stangl said, are asked to click on what seem to be innocuous links or attachments — perhaps something as simple as a .PDF purporting to be a customer complaint — and before they know it, their computers are infected.

And the “Donovan” article explains at length — stealing from this article — why hospitals are especially vulnerable to malware attacks.

Such attacks may all sound like nightmare scenarios, but the experts say they’re becoming almost routine. And hospitals have not made cybersecurity a priority in their budgets. On average hospitals spent about 2 percent on IT, and security might be 10 percent of that. Compare that percentage to the security spending by financial institutions: for example, Fidelity spends 35 percent of its budget on IT.

Moreover, medical facilities are vulnerable to these attacks in part because they don’t properly train their employees on how to avoid being hacked, according to Sinan Eren, who has worked in cybersecurity for government and health-care organizations for two decades.

“It’s not like the financial-services industry, where they train employees how to spot suspicious emails,” said Eren, general manager at Avast Mobile Enterprise. Also, many hospital computer systems are outdated, bulky and in dire need of upgrades or newer software, he said. But such institutions often don’t have — or don’t want to spend — the money to make sweeping changes.

While it’s still unclear which computer WannaCry first infected in May 2017, Britain’s National Health Service was easily the most famous victim, with about a third of the system being shut down. Not long after WannaCry, NotPetya similarly spanned the globe in wiperware designed to appear as ransomware (though the latter’s use of NSA tools was mostly just show). While the US and UK have publicly attributed WannaCry to North Korea (I’m not convinced), NotPetya was pretty clearly done by entities close to GRU.

And a year before those global pseudo-ransomware worms were launched, repeated just days after Shadow Brokers started releasing NSA’s own tools, GRU stole language to warn of “a nation burrow[ing] its way deeply into the industrial and commercial networks of another state and deploy[ing] ransomware across its entire private sector, flipping a single switch to hold the entire country for ransom. Such a nightmare scenario is unfortunately far closer than anyone might think.”

(h/t TC for the heads up on this file and a number of the insights in this piece)

Update: MB noted that the “added” sentence actually also comes from the original Forbes article (it links to an earlier column that notes the Crackas tie explicitly).

Lawfare’s Theory of L’Affaire Russe Misses the Kompromat for the Pee Glee

As I disclosed last month, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Lawfare has updated a piece they did in May 2017, laying out what they believe are the seven theories of “L’Affaire Russe,” of which just five have withstood the test of time. It’s a worthwhile backbone for discussion among people trying to sort through the evidence.

Except I believe they get one thing badly wrong. Close to the end of the long post, they argue we’ve seen no evidence of a kompromat file — which they imagine might be the pee tape described in the probably disinformation-filled Steele dossier.

On the other hand, the hard evidence to support “Theory of the Case #6: Kompromat” has not materially changed in the last 15 months, though no evidence has emerged that undermines the theory either. No direct evidence has emerged that there exists a Russian kompromat file—let alone a pee tape—involving Trump, despite a huge amount of speculation on the subject. What has changed is that Trump’s behavior at the Helsinki summit suddenly moved the possibility of kompromat into the realm of respectable discourse.

Nevertheless, along the way, they point to evidence of direct ties between Trump’s behavior and Russian response.

The candidate, after all, did make numerous positive statements about Russian relations and Vladimir Putin himself—though how much of this has anything to do with these meetings is unclear. At a minimum, it is no small thing for the Russian state to have gotten a Republican nominee for president willing to reverse decades of Republican Russia-skepticism and commitment to NATO.

[snip]

What’s more, two days before the meeting, Trump promised a crowd that he would soon be giving a “major speech” on “all of the things that have taken place with the Clintons”—but after the meeting turned out to be a dud, the speech did not take place. And notably, the hacking indictment shows that the GRU made its first effort to break into Hillary Clinton’s personal email server and the email accounts of Clinton campaign staff on the same day—July 27, 2016—that Trump declared at a campaign stop, “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing” from Clinton’s email account.

For some reason, they describe Don Jr’s reported disappointment about the June 9 meeting, but not Ike Kaveladze’s testimony that his initial report to Aras Agalarov (the report made in front of witnesses) was positive. Based on Don Jr’s heavily massaged (and, public evidence makes clear, perjurious) testimony, they claim that the Trump Tower meeting was a dud. Then they go on to note that the Russians at the June 9 meeting asked for Magnitsky sanction relief, rather than offering dirt.

In June 2016, Donald Trump, Jr., Jared Kushner and Paul Manafort met with a group of Russian visitors in Trump Tower, including attorney Natalia Veselnitskaya. In the now-infamous email exchange that preceded the meeting, Trump, Jr. wrote, “I love it, especially later in the summer” when informed that the meeting would provide him with documents that “would incriminate Hillary and her dealings with Russia and would be very useful to your father.” Trump, Jr. and other representatives of the Trump campaign were reportedly disappointed when Veselnitskaya failed to provide the promised “dirt” on Clinton and discussed the issue of Russian adoptions under the Magnitsky Act instead.

[snip]

While there is evidence—most notably with respect to the Trump Tower meeting—of Trump campaign willingness to work with the Russians, there’s not a lot of evidence that any kind of deal was ever struck.

To sustain their case that “there’s not a lot of evidence that any kind of deal was ever struck,” they neglect a number of other points. They don’t mention, for example, that a week after the Trump Tower meeting, the Russians released the first of the stolen files. They don’t mention that (contrary to Don Jr’s massaged testimony and most public claims since) there was a significant effort in November 2016 to follow-up on that June 9 meeting. They don’t mention that that effort was stalled because of the difficulty of communicating given the scrutiny of being President-elect. They don’t mention that the same day the Agalarov people discussed the difficulty of communicating with the President-elect, Jared Kushner met the Russian Ambassador in Don Jr’s office (not in transition space) and raised the possibility of a back channel, a meeting which led to Jared’s meeting with the head of a sanctioned bank, which in turn led to a back channel meeting in the Seychelles with more sanctioned financiers. And inexplicably, they make no mention of the December 29, 2016 calls, during which — almost certainly on direct orders from Trump relayed by KT McFarland — Mike Flynn got the Russians to stall any response to Obama’s sanctions, a discussion Mike Flynn would later lie about to the FBI, in spite of the fact that at least six transition officials knew what he really said.

Why does Lawfare ignore the basis for the plea deal that turned Trump’s one-time National Security Advisor into state’s evidence, when laying out the evidence in this investigation?

All of which is to say that even with all the things Lawfare ignores in their summary, they nevertheless lay out the evidence that Trump and the Russians were engaged in a call-and-response, a call-and-response that appears in the Papadopoulos plea and (as Lawfare notes) the GRU indictment, one that ultimately did deal dirt and got at least efforts to undermine US sanctions (to say nothing of the Syria effort that Trump was implementing less than 14 hours after polls closed, an effort that has been a key part of both Jared Kushner and Mike Flynn’s claims about the Russian interactions).

At each stage of this romance with Russia, Russia got a Trump flunkie (first, Papadopoulos) or Trump himself to publicly engage in the call-and-response. All of that led up to the point where, on July 16, 2018, after Rod Rosenstein loaded Trump up with a carefully crafted indictment showing Putin that Mueller knew certain things that Trump wouldn’t fully understand, Trump came out of a meeting with Putin looking like he had been thoroughly owned and stood before the entire world and spoke from Putin’s script in defiance of what the US intelligence community has said.

People are looking in the entirely wrong place for the kompromat that Putin has on Trump, and missing all the evidence of it right in front of their faces.

Vladimir Putin obtained receipts at each stage of this romance of Trump’s willing engagement in a conspiracy with Russians for help getting elected. Putin knows what each of those receipts mean. Mueller has provided hints, most obviously in that GRU indictment, that he knows what some of them are.

For example, on or about July 27, 2016, the Conspirators  attempted after hours to spearphish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton’s personal office. At or around the same time, they also targeted seventy-six email addresses at the domain for the Clinton Campaign.

But Mueller’s not telling whether he has obtained the actual receipts.

And that’s the kompromat. Trump knows that if Mueller can present those receipts, he’s sunk, unless he so discredits the Mueller investigation before that time as to convince voters not to give Democrats a majority in Congress, and convince Congress not to oust him as the sell-out to the country those receipts show him to be. He also knows that, on the off-chance Mueller hasn’t figured this all out yet, Putin can at any time make those receipts plain. Therein lies Trump’s uncertainty: It’s not that he has any doubt what Putin has on him. It’s that he’s not sure which path before him — placating Putin, even if it provides more evidence he’s paying off his campaign debt, or trying to end the Mueller inquiry before repaying that campaign debt, at the risk of Putin losing patience with him — holds more risk.

Trump knows he’s screwed. He’s just not sure whether Putin or Mueller presents the bigger threat.

How ABC Broke a Story about Mueller LIMITING Questions on Obstruction and Claimed It Showed a Focus on Obstruction

As I disclosed last month, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

On Monday, Rudy Giuliani revealed that Robert Mueller had gone ten days without responding to the White House’s latest set of conditions under which President Trump would be willing to sit for an interview.

We have an offer to [Mueller] — by now, like, the fifth offer back and forth, so you’d have to call it a counter-counter-counteroffer. And, where it stands is, they haven’t replied to it and it’s been there about 10 days,” he said. “Despite the fact that we’re getting more and more convinced that maybe he shouldn’t do it, we still have that offer outstanding, and in good faith, if they came back and accepted it, or if they came back and modified it in a way that we can accept, we would consider it.

By yesterday afternoon, ABC, showing unbelievable credulity, reported that Mueller wanted to ask Trump questions about obstruction.

Special counsel Mueller wants to ask Trump about obstruction of justice: Sources

Special Counsel Robert Mueller’s office wants to ask President Donald Trump about obstruction of justice, among other topics, sources close to the White House tell ABC News. According to sources, the president learned within the last day that the special counsel will limit the scope of questioning and would like to ask questions both orally and written for the President to respond to.

This left the impression — not just among readers who aren’t paid to know better, but among journalists who are — that the focus of any interview would be obstruction, not the President’s role in a conspiracy with the Russians.

By the end of the day, more responsible reporting revealed that pretty much the opposite of what ABC reported had occurred. In his latest proposal, Mueller offered to drop half the obstruction questions.

In a letter sent Monday, Mueller’s team suggested that investigators would reduce by nearly half the number of questions they would ask about potential obstruction of justice, the two people said.

That would, of course, mean that a greater proportion of the questions would be on that conspiracy with Russia, not on obstruction. That’s not surprising. Between January and March, after all, the focus of Mueller’s questions (as interpreted by Jay Sekulow) shifted more towards that conspiracy than obstruction.

Meanwhile, the President’s favorite scribes pushed another bullshit line he has been pushing for over six months: in spite of what you might conclude given his increasing attacks on Mueller on Twitter, the NYT would have you believe, Trump wants to do an interview, against his lawyers’ better judgment, and isn’t just stalling while trying to claim he’s not obsessed with and afraid of this investigation.

President Trump pushed his lawyers in recent days to try once again to reach an agreement with the special counsel’s office about his sitting for an interview, flouting their advice that he should not answer investigators’ questions, three people briefed on the matter said on Wednesday.

Mr. Trump has told advisers he is eager to meet with investigators to clear himself of wrongdoing, the people said. In effect, he believes he can convince the investigators for the special counsel, Robert S. Mueller III, of his belief that their own inquiry is a “witch hunt.”

[snip]

Mr. Trump has put his lawyers in the vexing position of trying to follow the desires of their client while seeking to protect him from legal jeopardy at the same time.

Here’s CNN showing Rudy planting the bullshit line, as well as another bullshit line the press continues to repeat uncritically, that this inquiry is leading towards a report to Congress and not another set of indictments.

He added that Trump has “always been interested in testifying. It’s us, meaning the team of lawyers, including me, that have the most reservations about that.”

Giuliani also sent a message to Mueller: It’s time for the special counsel to “put up or shut up.”

“They should render their report. Put up — I mean I guess if we were playing poker (you would say) ‘Put up or shut up.’ What do you got?” Giuliani said. “We have every reason to believe they don’t have anything of the President doing anything wrong. I don’t think they have any evidence he did anything wrong.”

Why is it that the press can easily identify outright bullshit when it comes directly from Trump or Rudy’s mouth, but when they tell you equally obvious bullshit on terms that they’re telling you a secret, it somehow gets reported as if it’s true, all the evidence notwithstanding?

Ferfecksake, people. Trump and his legal team have spent weeks claiming that “collusion” is not a crime. He stood next to Vladimir Putin as the latter replayed the June 9 script, looking like a whipped puppy, and denied he got elected thanks to Putin’s assistance, siding with a hostile foreign leader over the United States’ intelligence community. The last indictment Mueller released included a paragraph nodding vigorously towards GRU’s hackers responding to requests from Trump, as if responding to a signal (a practice for which Mueller has already shown evidence).

For example, on or about July 27, 2016, the Conspirators attempted after hours to spearphish for the first time email accounts at a domain hosted by a third party provider and used by Clinton’s personal office. At or around the same time, they also targeted seventy-six email addresses at the domain for the Clinton Campaign.

Do you really think Mueller would put Donald Trump right there on page 8 of the GRU indictment and be focused primarily on obstruction? Do you really think Mueller doesn’t have the conspiracy to defraud the US (and conspiracy to commit CFAA) indictment that has been clear since February planned out, where even without an interview he could include Trump as “Male 1” to indicate how he communicated acceptance of a Russian deal over and over? Do you really think people with a significant role in the conspiracy would know that Trump was moving within 14 hours of the polls closing to pay off his debts to Russia if there weren’t more evidence that Donald J Trump willingly joined a conspiracy with Russia?

I even got asked the other day, by a self-described expert on this case, why so many witnesses are talking about being asked questions about obstruction. I noted that the only witnesses we’ve heard from recently — close associates of Roger Stone — were instead describing questions about meetings attended and Russian deals floated and social media campaigns launched. That is, they were asked about conspiracy, not obstruction. We don’t even know what Jared Kushner was asked in his lengthy April questioning, but I assure you it wasn’t focused primarily on obstruction.

I get it. Mueller isn’t leaking and readers want more Russia stories so any time the White House seeds one, all secret like except that CNN films it, you gotta tell it in such a way that you’ll get those cable-televised secrets the next time. But please please please treat those claims with the same skepticism you treat Trump and Rudy bullshit when it is delivered where the public can see it. If Trump and Rudy are lying in public, there is zero reason to believe they’re telling you the truth when they claim to be feeding you secrets.

Robert Mueller is investigating the President of the United States for willfully entering a conspiracy with Russians offering to help him get elected, I believe in exchange for certain policy considerations, including changes to US Syria policy. Yes, Mueller obtained evidence demonstrating that conspiracy in large part because, in an effort to thwart any investigation into how he got elected, Trump fired the last guy who was investigating it (and investigating it less aggressively). Yes, that means obstruction is one of the crimes that Mueller believes Trump may have committed (if you’re going to harp on obstruction, then please focus on Trump’s pre-emptive offers of pardons to Mike Flynn and Paul Manafort, because it’s one of the most grave examples of obstruction and it’s critical to understanding what is going on now in EDVA).

I can’t predict how this will end — whether Mueller will decide he has enough evidence to implicate a sitting president, if so, how Mueller might lay out Trump’s involvement along with that of his family and aides, what Congress will do in response, what the long term impact on the country will be.

But that doesn’t mean the press is doing its readers any favors by playing dumb about what Mueller is really pursuing.

The Non-EDVA Manafort Thread: Paulie Continues to Work for His Pardon

Today, a bunch of stalwart journalists are fighting the back-asswards conditions in Alexandria’s courthouse to bring breaking news from the first day of Paul Manafort’s tax evasion trial. In this post, I’m going to look at a few details that have happened outside of the courthouse

Yesterday, The Daily Beast provided some kind of an explanation for Rudy Giuliani’s weird TV meltdown yesterday. It turns out Rudy was (successfully) pre-empting a NYT story.

The day began with a morning interview with Fox & Friends, during which Giuliani insisted that “collusion [with Russian election-meddlers] is not a crime” in the first place. He then headed to CNN where he proceeded to, ostensibly, break a bit of news about the infamous Trump Tower meeting that the president’s son took with a Russian lawyer reportedly tied to Kremlin officials.

Two days before that meeting, Giuliani relayed, former Trump attorney and fixer Michael Cohen claimed that there was a separate meeting; this one, involving five people, including Cohen himself. According to Giuliani, three of the five people in that supposed meeting told him “it didn’t take place.” Not only that, they had done so “under oath on it and the other two couldn’t possibly reveal it because [Special Counsel Robert] Mueller never asked us about it.”

“You get to the other meeting he says he was at, that the president wasn’t at…with Donald [Trump] Jr., Jared [Kushner], [Paul] Manafort…[Rick] Gates and one other person. Cohen also now says that—he says too much—that two days before he was participating in a meeting with roughly the same group of people—but not the president, definitely not the president—in which they were talking about the strategy of the meeting with the Russians,” Giuliani continued. “The people in that meeting deny it, the people who we’ve been able to interview. The people we’ve not been able to interview have never said that about that meeting.”

[snip]

In subsequent interviews on Monday, the president’s lawyer claimed that, in fact, he was only speaking off of as-yet unverified details from reporters who had contacted Team Trump to ask about the planning meeting.

Giuliani told The Daily Beast that this included reporters from The New York Times, such as the paper’s star Trump reporter Maggie Haberman, who had reached out about the alleged pre-meeting meeting. So, he added, “Jay [Sekulow] and I spent a great deal of [Sunday] trying to run it down.”

Giuliani said that he believes they managed to “shut it down” and help kill the story, and speculated the journalists had also found other reasons not to run the item. Giuliani and Sekulow—according to Giuliani—had to “go to [alleged participants’] lawyers, and they had to go back to their notes, because nowadays no one wants to be inaccurate”—a rather ironic statement.

As others have noted, this explanation may be most interesting for the glimpse it offers on the Joint Defense Agreement, in which Rudy can call up other potential defendants’ lawyers and agree on a story. And, after consulting with these other lawyers, Rudy appears to claim the following:

  • At a June 7 meeting attended by Jr, Jared, Manafort, Gates, one other person, and Cohen, strategizing the Russian meeting did not come up.
  • At another meeting, reportedly including the President and four of the six who attended the June 7 meeting, he was not told about the Russian meeting.

Also, collusion is not a crime because only hacking is.

Rudy provides us some clues here. Rudy’s says that three of five people in the meeting including Trump told Mueller it didn’t happen and the other two weren’t asked about it by Mueller. Those other two must be Don and his spawn, because they haven’t been interviewed by Mueller. But if that’s the case, the math actually works out to just two people telling Mueller it didn’t happen, because Cohen also hasn’t been interviewed. There’s a 66% chance that Manafort and Gates are the ones who told Mueller it didn’t happen.

Then there’s the June 7 meeting — a meeting on the same day that Manafort also had a meeting with Trump, and the day that Trump promised a report on Hillary in the upcoming days (so a day when the campaign would have been strategizing a Hillary attack of one sort or another). Rudy suggests that meeting was attended by someone or someones who they haven’t been able to interview, but who nevertheless have never said anything about strategizing the Russia meeting. Perhaps this is just a reference to Cohen, a way of claiming he never said this before. Or perhaps there’s someone else who’s not part of the JDA.

Notice how this story, thus far, relies on Junior (who has not been interviewed and clearly is a target) and Gates (who has subsequently flipped) and Manafort (whose first trial just started)?

Given the centrality of Manafort in this story — and Trump’s prior admission that Manafort could incriminate him — I’m particularly interested in this other bit from Rudy, suggesting the possibility that Manafort has flipped and “lied.” (h/t CH)

They’re putting Manafort in solitary confinement — which sounds more like Russian than the US — in order to get him to break. And maybe they’ve succeeded in cracking this guy, and getting him to lie. I don’t know. I’m not sure of that.

So Cohen may (or may not) be blabbing about stories that greatly incriminate Trump. To rebut them, his lawyer is taking to the cable shows to reveal multiple previously undisclosed meetings, and assuring the public that those who either were or maybe just the people who remain in a JDA with the President say it didn’t happen. Which leaves Gates, who has flipped, and Manafort, whom Rudy is obviously worried might flip.

Meanwhile, as he was heading into his client’s trial this morning, Manafort lawyer Kevin Downing apparently said there was “no chance” his client would flip to avoid trial. From whence Downing proceeded to go spend much of his opening argument blaming Gates for Manafort’s epic corruption. Here’s HuffPo.

An attorney for former Trump campaign manager Paul Manafort told jurors during opening arguments in his tax and bank fraud trial on Tuesday that Manafort’s longtime aide Rick Gates ― now a witness for special counsel Robert Mueller ― is a liar who can’t be trusted.

Manafort, attorney Tom Zehnle told jurors, made a mistake in “placing his trust in the wrong person” who was now willing to say anything to keep himself out of trouble. Zehnle told jurors that Manafort “rendered a valuable service to our system of government” because of his involvement in multiple presidential campaigns.

And here’s Reuters.

“Rick Gates had his hand in the cookie jar,” defense attorney Thomas Zehnle said in opening statements at Manafort’s trial in federal court in Virginia. “Little did Paul know that Rick was lining his own pockets.”

Meanwhile, several developments in Manafort’s cases happened outside the courtroom. First, he dropped his challenge to Mueller’s authority in the DC Circuit. The DC Circuit denied his bid to get out of jail during this and while awaiting his DC trial, based primarily on the additional witness tampering charges that followed Amy Berman Jackson’s warnings about violating her gag order.

Most interesting however, was this exchange. Last night, Manafort asked for a 25-day delay in a pre-trial report he has to submit jointly with the prosecution in his DC case, citing his ongoing EDVA trial. But as the scathing response made clear, he brought that on himself when he refused to waive venue for these tax charges and instead took his chances with two trials.

[T]he Court’s August 1, 2018, deadline is no surprise; it has been in place for five months, when this Court entered its Scheduling Order on March 1, 2018. (Doc. 217). Nor was it a surprise that Manafort (like the government) would need to prepare for two trials when Manafort elected to have two trials. Indeed, this Court advised the defense that the defendant’s choice to have two trials might well result in “a trial in the Eastern District of Virginia before this one. So you may want to keep that in mind.”

More interesting, the Mueller team described how Manafort has spent the last two weeks accepting details of the government’s plan in the DC case, without reciprocating or warning them he was going to ask for a delay.

[T]he government spent the last two weeks making disclosures to Manafort of all of the different components required by the joint pretrial statement. The government furnished to the defense: (a) a proposed joint statement of the case; (b) an estimate of the length of the government’s case-in-chief; (c) proposed jury instructions; (d) a notice of intended expert witnesses; (e) an exhibit list; (f) all proposed stipulations; (g) a proposed special jury instruction (in lieu of a list of matters for the Court to take judicial notice); and (h) a proposed verdict form.1 Notably, the government identified a list of hundreds of exhibits—with Bates numbers and descriptions—it intends to use at trial, giving the defense a roadmap of its case. With each submission to the defense, the government asked the defense to alert it to its position, so the government could inform the Court in the joint statement due on August 1, 2018. Not once did Manafort respond, in any way, to any of the government’s disclosures. Similarly, the defense produced no reciprocal materials to the government.

When Manafort dropped his challenge to Mueller’s authority, some wondered whether that was a sign he’s about to flip. But this ploy with the DC schedule makes it clear he continues to do what he has been doing from the start: using his trials as an effort to discredit Mueller as much as possible, while obtaining as much information about the case in chief — the conspiracy with Russia.

As I’ve said repeatedly, that seems to be the terms of his pardon deal with Trump: he spends his time discrediting the Russian conspiracy case, and in the future, Trump may reward him in kind.

Given that Gates may actually have already told Mueller about the meetings Rudy is trying to deny, I expect more attacks in Rick Gates in the coming weeks, then.

Without Integrity: The Debunking of the Metadata Debunkers

As I laid out a few weeks ago, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.

When people have asked me if I’ve gotten a lot of pushback since I revealed that I provided information to the FBI on a matter that became part of the Mueller inquiry, I’ve said that I’m mostly surprised by how little I’ve gotten. While I’ve had a few alarms with respect to my website or device security (which I might attribute to Russians), I’ve had almost no pushback from Republicans accusing me of gunning for the President, not even after I suggested my testimony probably changed the import of publicly available information that implicated the President.

The exception has been a group of Assange loyalists close to Adam Carter — a group of people who have spent a great deal of time trying to undermine the public case implicating Russia in the attack. I have been shocked by the persistence with which Carter loyalists flooded my timeline at certain times in recent weeks, even though nothing I’ve said publicly would indicate Carter’s efforts were put in any great danger because I went to the FBI sometime last year.

Today, Duncan Campbell released a long story on the guy behind the pseudonym Adam Carter, Tim Leonard.

Before I look at it, two comments. First, contrary to some guesses, Leonard is not the person I went to the FBI about. Second, I think there are still details in this story that are not correct (though are far closer than other work thus far); one value of Leonard’s effort was to get some people (including me!) to work through assumptions, something people are still not doing enough on this story.

Campbell’s is an important and successful effort to push back against disinformation (and to get Bill Binney and Ray McGovern to back off their support for it). It does the following:

  • Affirmatively IDs Leonard, demonstrates that he used the facilities of his employer to do some of this work, and shows how he falsely blamed a former co-worker for some of the work
  • Shows how Leonard serially adopted ever new theories, but never the one almost every expert had backed, that Russia had done the hack
  • Shows the co-travelers, including the far right, that Leonard embraced in his efforts to discredit the dominant explanation
  • Tracks some of the false identities Leonard adopted along the way (I believe, given the data in the story, he has adopted false IDs on this site as well)

This work is particularly valuable because it demonstrates how early — by May 2016 — Leonard focused attacks on Clinton before coming out with his debunking site.

As US election campaigns ramped up in May 2016, Leonard’s Defianet email address, [email protected], was used to create a new Twitter account, @with_integrity. The name, he said, was a parody of Clinton’s campaign slogan, “I’m with Hillary”. The profile displayed a WikiLeaks avatar.

For 10 days in 2016, @with_integrity trolled and attacked the Democratic Convention, accusing the Democrats of collusion, conspiracy, cheating, corruption, rigging elections and sabotage.

On 22 July 2016, @with_integrity tweeted a link to the Russian propaganda and news channel, RT, claiming that primary elections had been rigged. On 26 July, as delegates voted, @with_integrity tweeted a new RT attack on Hillary Clinton.

After Clinton was nominated, @with_integrity followed the Russian trolls’ path in supporting Donald Trump, retweeting Trump slogans, including #CrookedHillary, #LockHerUp, #MakeAmericaGreatAgain and #VoteOnlyTrump, and a third link to a “special episode” on RT.

But the core of Campbell’s debunking (and the basis of his success at persuading Binney and McGovern, to the extent he did) pertains to the Forensicator effort to claim that certain files released in September 2016 proved that Russia couldn’t have done the hack because they had been copied in the Eastern time zone. Campbell shows that shows that the data behind the Forensicator effort had been adopted uncritically by Leonard and his allies, and that the most obvious conclusion based on the evidence is that hackers manipulated the timestamps of these files, and only these files.

The team that created Forensicator, including Leonard, gave away that they were not the real authors of the analysis when they inaccurately copied a Linux “Bash” script they had been sent, breaking it. This suggested that they did not write, understand, or test the script before they published. Someone else had sent the script, together with the fake conclusion they wanted discovered and published – that DNC stolen files had been copied in the US Eastern Time zone on 5 July 2016, five days before DNC employee Seth Rich was killed.

Uncritical reporters failed to spot that the Forensicator blog gave no evidence for its conclusion, which was that the data analysed was evidence of theft by local copying happening within the eastern US. The Forensicator report avoided pointing out that the time stamps examined were present only in the special London group of documents, and not in tens of thousands of other DNC files published by WikiLeaks or Guccifer 2.0.

The files were manipulated using an unusual method of file packing, forensic checks show. Because of computer clock settings, the packing operations appeared to have created “evidence” that the stolen files had been copied in the US Eastern Time zone, which includes Washington.

US Eastern Standard Time (EST) is normally five hours behind Coordinated Universal Time (UTC) – better known in Britain as Greenwich Mean Time (GMT). In summer months, clocks are set forward, placing the US Eastern Daylight Time (EDT) four hours behind UTC. The difference between a time zone and UTC is the offset. It is trivially easy for any computer user to change their time, date and time zone offset, using standard controls.

The files released in London, we found, had first been processed in this way to show timestamps for 5 July 2016. Some 13 groups had then been compressed using WinRAR 4.2. Nine additional files were compressed using 7zip. The archive, called 7dc58-ngp-van.7z, was published in this format, as a single file of 680MB.

This dual compression method was unique to the London documents. It was not used in other file dumps released by Guccifer 2.0, WikiLeaks or other publishers of stolen DNC material. The special method used two different file compression systems, 7zip and WinRAR, and required using a four-year-old, superseded version of WinRAR to obtain the required result. The way the Russians did it, the two compression operations appeared to overlap within a single 20-minute period. The tampering may have been done on 1 September, a week before the London conference.

[snip]

The obvious, simple explanation was that hackers were manipulating computer clock settings. The observed changes would have taken seconds.

In response to Campbell’s piece, Leonard has complained that Campbell doxed him rather than debunk the evidence.

He doesn’t actually tackle what he’s framing as disinformation and instead tries to attack character and tries to dox people rather than discredit or debunk the evidence/research published. You don’t tackle disinfo with smears/distortion/character attacks yet this is what DC did.

This is where I get a little cranky — probably crankier than I otherwise would have been if Leonards fans hadn’t flooded my timelines in recent weeks.

Campbell is actually wrong when he claims that “uncritical reporters” didn’t point out that this file was a unique file. I noted this file was a proxy file back in October, and that before you got into the analysis of its forensics, you first had to account for the provenance of it. I also noted WikiLeaks’ role in sharing the file with the Trump campaign here. In this post, I noted that the files in question weren’t DNC files (nor were the earliest Guccifer 2.0 ones), so the entire exercise said absolutely nothing about who hacked the DNC, purportedly the central project of Leonard and his ilk. And all that’s before I noted, over and over, that copying of files in the US would not prove a damn thing (as the GRU’s use of staging servers in AZ and IL make clear).

I raise these posts not to challenge Campbell’s reporting, but instead to challenge Leonard’s complaint. He has claimed for over a year now that he would respond to legitimate responses to his theories. And while I vaguely recall him making a half-hearted attempt at it on his site, I can’t find it.

Even before you get into the evidence of a concerted disinformation campaign — one that paralleled if it wasn’t coordinated with at least WikiLeaks if not the Russians’ — you’ve got to be arguing facts that might address the questions you claim to. And Leonard quickly strayed from that purported effort, never to return again.

Did GRU Learn that Democrats Had Hired Christopher Steele When They Hacked DNC’s Email Server?

As I laid out a few weeks ago, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.

According to Glenn Simpson’s SJC testimony, he hired Christopher Steele in May or June of 2016 to investigate Trump’s ties to Russia.

Q. And when did you engage Mr. Steele to conduct opposition research on Candidate Trump?

A. I don’t specifically recall, but it would 10 have been in the — it would have been May or June  of 2016.

Q. And why did you engage Mr. Steele in May or June of 2016?

Simpson is maddeningly vague (undoubtedly deliberately) on this point. In one place he suggests he hired Steele after DCLeaks was registered and amid a bunch of chatter about Democrats being hacked, which would put it after June 8 and probably after June 15.

Q. So at the time you first hired him had it been publicly reported that there had been a cyber intrusion into the Democratic National Convention computer system?

A. I don’t specifically remember. What I know was that there was chatter around Washington about hacking of the Democrats and Democratic think tanks and other things like that and there was a site that had sprung up called D.C. Leaks that seemed to suggest that somebody was up to something. I don’t think at the time at least that we were particularly focused on — well, I don’t specifically remember.

But in his more informative HPSCI testimony, he suggests he may have started talking to Steele about collecting intelligence on Trump in May.

MR. QUIGLEY: When exactly did he start working under contract?

MR. SIMPSON: My recollection is that, you know, we began talking about the — I don’t remember when we started talking about the engagement, but the work started in June, I believe.

MR. QUIGLEY: Okay.

MR. SIMPSON: Possibly late May, but –

Given one detail in Mueller’s GRU Indictment, that difference may be critical.

Recall that the DNC figured out they had been hacked in April, and brought in Perkins Coie (the same firm that would engage Fusion GPS) for help. The attorney helping them respond to the hack, Michael Sussmann, warned them not to use DNC email to discuss the hack, because it might alert hackers they were onto them.

The day before the White House Correspondents’ Association dinner in April, Ms. Dacey, the D.N.C.’s chief executive, was preparing for a night of parties when she got an urgent phone call.

With the new monitoring system in place, Mr. Tamene had examined administrative logs of the D.N.C.’s computer system and found something very suspicious: An unauthorized person, with administrator-level security status, had gained access to the D.N.C.’s computers.

“Not sure it is related to what the F.B.I. has been noticing,” said one internal D.N.C. email sent on April 29. “The D.N.C. may have been hacked in a serious way this week, with password theft, etc.”

No one knew just how bad the breach was — but it was clear that a lot more than a single filing cabinet worth of materials might have been taken. A secret committee was immediately created, including Ms. Dacey, Ms. Wasserman Schultz, Mr. Brown and Michael Sussmann, a former cybercrimes prosecutor at the Department of Justice who now works at Perkins Coie, the Washington law firm that handles D.N.C. political matters.

“Three most important questions,” Mr. Sussmann wrote to his clients the night the break-in was confirmed. “1) What data was accessed? 2) How was it done? 3) How do we stop it?”

Mr. Sussmann instructed his clients not to use D.N.C. email because they had just one opportunity to lock the hackers out — an effort that could be foiled if the hackers knew that the D.N.C. was on to them.

“You only get one chance to raise the drawbridge,” Mr. Sussmann said. “If the adversaries know you are aware of their presence, they will take steps to burrow in, or erase the logs that show they were present.”

The D.N.C. immediately hired CrowdStrike, a cybersecurity firm, to scan its computers, identify the intruders and build a new computer and telephone system from scratch. Within a day, CrowdStrike confirmed that the intrusion had originated in Russia, Mr. Sussmann said.

But it’s not clear whether Sussmann warned this small team of people against using DNC emails at all, or just those emails discussing the hack.

Previously, I had always guesstimated how long after DNC brought Crowdstrike in the emails ultimately shared with WikiLeaks got exfiltrated from this analysis, based of the last dates of stolen emails and DNC’s email deletion policies in place at the time. It was a damned good estimate — May 19 to May 25.

But according to the indictment, the theft of the DNC emails happened later: starting on May 25, not ending on it.

Between on or about May 25, 2016 and June 1, 2016, the Conspirators hacked the DNC Microsoft Exchange Server and stole thousands of emails from the work accounts of DNC employees. During that time, YERMAKOV researched PowerShell commands related to accessing and managing the Microsoft Exchange Server.

The indictment doesn’t describe the entire universe of emails stolen — whether GRU stole just the 9 email boxes shared with WikiLeaks, or whether they obtained far more.

But the later date — possibly reaching as late as June 1 — means it’s possible GRU stole emails involving top DNC officials, officials involved in opposition research activities (as both Guccifer 2.0 and the DNC itself said had been a focus), including the activity of hiring a former MI6 officer to chase down Trump’s illicit ties to Russians.

Don’t get me wrong. If the Russians did, in fact, learn about the Steele effort and manage to inject his known reporting chain with disinformation, there were plenty of other possible ways they might have learned of the project: the several people overlapping between Fusion GPS’ Prevezon team and its Trump team, Rinat Akhmetshin who learned of the dossier from a chatty NYT editor, or maybe a close Trump ally like Sergei Millian. The sad thing about this disinformation project is it was so widely disseminated, any HUMINT integrity could have easily been compromised early in the process.

But the timeline laid out in the GRU indictment adds one more, even earlier possible way: that Russia learned the Democrats were seeking HUMINT from Russians about Russia’s efforts to help Trump from the Democrats’ own emails.

Devin Nunes’ Promise of Shock!! Shock!! in the Evolving Steele Claims in the Fourth Carter Page FISA Application

As I laid out a few weeks ago, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.

Devin Nunes and the right wing press corps (Catherine HerridgeByron York, Chuck Ross) have now made it clear where Nunes’ games to discredit the Mueller investigation goes next: to claiming that a portion of the Carter Page FISA application say “shocking” things about Christopher Steele and the FBI. That’s based on a letter the House Intelligence Republicans signed inviting President Trump to “declassify and release publicly, and in unredacted form, pages 10-12 and 17-34, along with all associated footnotes, of the third renewal of the FISA application on Mr. Page. That renewal was filed in June 2017 and signed by Deputy Attorney General Rod Rosenstein.”

They’re playing a bit of a game with this, permitting right wing scribes to compare the first and the fourth application as if nothing (including applications signed by people not named Rod Rosenstein) came between.

So what is on pages 10-12 and 17-34? That is certainly a tantalizing clue dropped by the House Intel members, but it’s not clear what it means. Comparing the relevant sections from the initial FISA application, in October 2016, and the third renewal, in June 2017, much appears the same, but in pages 10-12 of the third renewal there is a slightly different headline — “The Russian Government’s Coordinated Efforts to Influence the 2016 U.S. Presidential Election” — plus a footnote, seven lines long, that was not in the original application.

As for pages 17-34, there appear to be, in the third renewal, new text and footnotes throughout the section headlined “Page’s Coordination with Russian Government Officials on 2016 U.S. Presidential Election Influence Activities.” (That is the same headline as the original application.) The Republican lawmakers ask that it be unredacted in its entirety, suggesting they don’t believe revealing it would compromise any FBI sources or methods.

Clearly, the GOP lawmakers believe pages 10-12 and 17-34 contain critical information, so it seems likely that the release of those pages would affect the current public debate over the FISA application

I guess, in this, they’re working a bit harder than Jim Jordan and Mark Meadows did in their Rosenstein impeachment effort.

As it happens, I’ve done a ridiculously anal 20 page analysis of the application (for the near future, I’m not going to be releasing any of my surveillance analysis publicly; for those interested, let me know separately), so I’ve tracked what changes in each application. So, for example, whereas York suggests that the title in the first section the Republicans want declassified changed in the fourth application, it actually changed in the second, submitted in early January 2017. Here’s how that title looks in each of the four applications, in order (see PDF 8, 93, 191, and 301 for the start of this section in each application).

It’s pretty clear the changes in this section stem in part from a shift to the past tense and an understanding of the extent of Russian interference.

Similarly, while York points to a footnote in the fourth application he claims doesn’t appear in the first, a footnote of similar length, though not the same shape (suggesting slightly different wording) appears in the third application. Here’s how footnote 4 looks in those two applications.

Otherwise, the discussion in applications three and four in this section appears the same. Which is to say that Republicans are trying to suggest this “shocking!!!” content derives from Rosenstein, when in fact much of it was probably approved by Dana Boente. It turns out Nunes’ efforts to discredit Rosenstein are barely more rigorous than Meadows’.

The second section Republicans want selectively declassified pertains to Steele. And there, there are significant changes to the application over the course of the four applications, second only to section where the most changes get made over the course of the four applications, the entirely redacted Section VI (it grows from 3 pages in the first application to 23 in the fourth). The Steele section grows from 7 pages in the first application to 11 in the last, with changes in each application and substantial changes in the last two. Here are all the sections that are new in the fourth, the one the Republicans want declassified:

As a measure of how inattentive the right wing story line is, Byron claims in follow-up reporting that DOJ never told FISC about Steele’s reaction to Jim Comey’s reopening of the Hillary investigation, in spite of unclassified language in footnote 22 (as numbered in the fourth application, though it was added in the second) revealing that,

In or about late October 2016, however, after the FBI Director sent a letter to the U.S. Congress, which stated that the FBI had learned of new information that might be pertinent to an investigation that the FBI was conducting of Candidate #2, Source #1 told the FBI that he/she was frustrated with this action and believed it would likely influence the 2016 U.S. Presidential election. In response to Source #1’s concerns, Source #1 independently, and against the prior admonishment from the FBI to speak only with the FBI on this matter, released the reporting discussed herein to an identified news organization. Although the FBI continues to assess Source #1’s reporting is reliable, as noted above, the FBI closed Source #1 as an active source. (PDF 320)

Byron appears not to understand that Steele’s response to Comey’s actions on October 28 could not have added bias to his reporting from prior to that date, which is when all of his reports shared formally with the FBI date to (the one other report, dated December 13, was only shared informally).

Whatever the additional caveats on Steele that Nunes is so sure will shock! shock!! the press when all his past predictions of shock have fallen flat, the Minority apparently disagrees. That’s because the Schiff Memo cites precisely the passage that Nunes is so sure will shock us for the following claims:

How odd that the Majority didn’t fight to have these passages, which derive from the passage they claim is so critical to have declassified, declassified in the Schiff Memo (not that I totally buy the Schiff memo on this point either: he claims that Page’s meeting with other key Russians, not the ones Steele described him meeting with, corroborate Steele’s reporting when it doesn’t). Similarly, the Majority also doesn’t want the passages of the fourth application that support this claim to be declassified.

For what it’s worth, a Republican who has reviewed these things told me last week that there was abundant evidence to support the surveillance on Page. So mostly this is just an attempt to beat up the Democrats for the Steele dossier; honest Republicans agree that Page was a legitimate surveillance target.

This is something the right wing press corps is struggling with (the cognitive dissonance among people like Ross would be palpable if logic were a requirement in his work) as much as the left wing, however. It appears increasingly likely that Steele was fed disinformation as a way to confuse the Democrats and ensure any investigation would look at marginal dolts like Page rather than centrally important dolts like Don Jr. I’ll even present a new factoid about how that may have happened in a follow-up.

That doesn’t mean that when the FBI relied on Steele, using the same measure they use for all consultants (past track record), they had reason to know it was disinformation. Rather, it’s yet another indication that Russia was really really intent on making sure it could get Trump elected, via whatever deceit.

But that doesn’t help the GOP claim that Trump isn’t thereby implicated.

Update: Fixed Dana Boente, not Sally Yates, as approving the third application h/t jr.

A Warning about Hype Surrounding the Manafort Tax Evasion Trial

As I laid out a few weeks ago, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.

Because Mueller has already obtained the testimony of chatty Trump allies who promptly leaked the content of their interviews to the press, the constant stream of easy updates on the Mueller inquiry has dried up. No outlet has thus far invested in the critical thinking to figure out the publicly available side of what I reported to the FBI that subsequently got moved under Mueller. No one has thought about why Michael Cohen’s very competent attorney is letting him leak to the press rather than (or, at best, in parallel with) offering a proffer to the Feds. Instead, outlets are dedicating front page space to recycled stories they first reported three months earlier. We actually spent half the day Friday getting our fix from the news that Don Jr and Robert Mueller not only had reason to fly out of National Airport’s shitty 35X gate, but were doing so at the same time (for the record, I would have been in the 35X terminal with Trey Gowdy Thursday, but he apparently got rebooked from a badly delayed Greenville flight onto an on-time Charlotte one across from 35X; he wore shades right up to boarding the plane to avoid detection but that didn’t thwart my powers of observation).

We’ve hit the summer doldrums of the non-stop Mueller inquiry news addiction and things are getting bleak.

Perhaps because of that, news outlets are hugely hyping the Paul Manafort trial, due to start on Tuesday. Here’s Politico reporting “Risks pile up for Trump as Manafort heads to trial.” And here’s WSJ claiming “Manafort Trial Holds Big Implications for Russia Probe.” [Update: Here’s the WaPo contribution to the hype; I make some specific compliments and criticisms of it in this thread.]

Yes, it is true that (as both Politico and WSJ point out) there will be a small campaign angle to the trial: Mueller’s team wants to explain how Manafort got a $16 million loan from Chicago’s Federal Savings Bank by promising its Chairman, Stephen Calk, a position in the Trump Administration. But that’s garden variety sleaze, not conspiring with Russia.

It’s also true we’ll get salacious new details on the luxury goods Manafort used to launder money. But most of that, including details of a bizarre arrangement with the local antique rug shop, have already been stipulated in pre-trial filings. Manafort is even trying to get details of his ties to Viktor Yanukovych excluded from the trial, but in doing so, he released a ton of documents that the press has already mined for worthwhile reporting.

It’s also possible that Manafort will decide, between today and Tuesday, to cooperate with Mueller rather than face a fairly straightforward trial, or that a guilty verdict in four weeks time will induce him to cooperate. Thus far, there’s little sign of that, and a guilty verdict will have no immediate change on his jailhouse conditions that might persuade him to cooperate. Any federal sentence will ultimately be served in conditions better than the ones he currently is in at Alexandria jail.

Barring some unexpected jury intransigence or judicial rulings, it still looks like Manafort’s best shot to avoid spending the rest of his life in prison is a pardon, and he looks to be operating accordingly, imposing as much reputational damage to Mueller as possible, without budging on his willingness to stay the course in apparent expectation he’ll be rewarded at some point in the future.

Aside from Rick Gates — who is sure to be beat up by Manafort’s attorneys — the most interesting witness who might testify at trial is Bernie Sanders’ former campaign manager Tad Devine, who would testify about PR work done before 2014. We’ll have to wait to see Tony Podesta and Vin Webber and similarly illustrious people testify for the DC trial, if it happens. This trial is just the appetizer course for the feast on sleazy DC influence peddling we’ll get in September, if the DC trial actually happens.

The newsworthiness of the trial will be limited further still by the outdated policies of the courthouse, EDVA. No devices are permitted in the courthouse, which means there will be no real time coverage. To break news, you have to leave the courthouse, and go to your (meter parked) car or the cafe where you’ve left your device across the square to report out. As a result, any “breaking” scoops will likely come from less responsible journalists with less grasp of both how trials and Judge TS Ellis works (as we saw earlier this year, when Daily Caller led everyone to believe one of Ellis’ typical rants indicated trouble for Mueller). Responsible journalists (Josh Gerstein and Zoe Tillman are particularly good bets for this trial) will sit through the entire proceeding before reporting out something more measured.

This is a tax trial, not a spy trial. Financial experts call it a “paper trial,” meaning the jurors will weigh dry documentary evidence rather than the reliability of unreliable witnesses (like Gates), which makes the outcome more predictable, though in no way guaranteed.

One of a slew of reasons why I declined an offer to cover this trial is I expect any interesting Mueller news to happen elsewhere — perhaps in his apparent relentless pursuit of testimony from Roger Stone’s allies, perhaps in the negotiations over Julian Assange’s continued residence in Ecuador’s embassy, perhaps even in fallout from Mariia Butina’s arrest (though Butina is not a Mueller case, in spite of what some outlets will tell you). I didn’t want to miss such news because I was stuck in a court room watching witnesses talking about financial documents.

Undoubtedly, the trial will be well-watched and in some outlets well-reported. It will teach a lot of people about how white collar trials of privileged defendants work. It may well be the rare moment when a white collar criminal faces consequences for his acts.

But don’t rest your hopes for continued Mueller disclosures on the Manafort trial.

The Info Ops Unit at GRU, Not the Technical Hacking Unit, Hacked the State Boards of Election Servers

As I laid out a few weeks ago, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.

Yesterday, there was a big to-do on Twitter about a story (which subsequently got pulled) claiming that vote totals got changed as part of the Russian attack on the 2016 election. I don’t care to engage the story — which I understand was very weak — directly. There are multiple ways for Russian efforts to have affected the outcome of the election, and the evidence increasingly supports a conclusion that that happened, without vote totals getting changed.

That said, given the focus on changing vote tallies, I want to note something about Mueller’s GRU hacker indictment that has gotten almost no attention. Twelve men were indicted, from two different units of GRU, Units 26165 and 74455. The indictment describes the activities of each department in a way that generally suggests a division of labor, with Unit 26165 carrying out core hacking activities and Unit 74455 carrying out information operations. Here’s what that breakdown looks like.

Unit 26165

Address: 20 Komsomolskiy Prospekt (this is the location spied on by the Dutch intelligence agency, AIVD).

Charged individuals:

  • Viktor Netyksho: Commands Unit 26165
    • Boris Antonov: “Head of Department” that oversees spear-phishing targeting
      • Dmitriy Badin: “Assistant Head of Department” conducting spear-phishing targeting
      • Ivan Yermakov: works for Antonov, uses identities Kate Milton, Kames McMorgans, Karen Millen. Hacked at least two email accounts the contents of which were released by DCLeaks. Helped hack DNC emails server released through WikiLeaks.
      • Aleksey Lukashev: Senior Lieutenant in Antonov’s department. Uses identities Den Katenberg, Yuliana Martynova. Sent spear-phishing emails to Clinton campaign, including the one to John Podesta.
    • Sergey Morgachev: Lieutenant Colonel who oversaw department that developed and managed X-Agent.
      • Nikolay Kozachek: Lieutenant Captain. Used monikers including “kazak” and “blablabla1234565.” Developed, customized, and monitored X-Agent used to hack DCCC.
      • Pavel Yershov: Helped customize and text X-Agent before deployment against DCCC.
      • Artem Malyshev: Second Lieutenant in Morgachev’s department. Used handles “djangomagicdev” and “realblatr.” Monitored X-Agent implanted in DCCC and DNC servers.

Charged actions attributed to named defendants:

  • ¶21-22: Spear-phishing targets
  • ¶23-25: Hacking into DCCC
  • ¶29-30: Stealing DCCC and DNC documents
  • ¶33: Persistence in DCCC and DNC servers

Crimes charged to named defendants:

  • Count One: CFAA
  • Counts Two through Nine: Aggravated Identity Theft
  • Count Ten: Conspiracy to Launder Money

Unit 74455

Address: 22 Korva Streett, Khimki (the Tower)

Charged individuals:

  • Aleksandr Osadchuk: Colonel and commanding officer of 74455, which assisted in release of stolen documents through DCLeaks, Guccifer 2.0, and the publication of anti-Clinton propaganda on social media.
    • Aleksey Potemkin (!!): A supervisor in department responsible for administration of computer infrastructure used to assist in release in DCLeaks and Guccifer 2.0 documents.
    • Anatoliy Kovalev: officer assigned to 74455 involved in hacks of State Boards of Election.

Charged actions attributed to named defendants:

  • ¶38: Operating fictitious personas promoting DCLeaks
  • ¶71-78: Hacking into State Boards of Election (SBOEs) and VR Systems

Crimes charged to named defendants:

  • Count One: CFAA
  • Counts Two through Nine: Aggravated Identity Theft
  • Count Ten: Conspiracy to Launder Money
  • Count Eleven: Conspiracy to Commit an Offense against the US

Generally, the indictment describes Unit 26165 as being in charge of the technical hacking, including excruciating detail on what named officer played what role in phishing and malware deployment activities (probably thanks to the AIVD intelligence). The description of the information operations — running DC Leaks and Guccifer 2.0 and working with WikiLeaks — is less specific as to which officer did what, but the indictment clearly assigns those activities to Unit 74455. In any case, the indictment appears to suggest a division of labor, where Unit 26165 carries out the technical hacking and Unit 74455 carries out the information operations.

All 12 GRU officers are charged in Counts One through Ten.

Count Eleven, the ConFraudUs charge, is an outlier, however, in two ways. First, just Unit 74455 officers — Osadchuk and Kovalev — are charged in this operation. And aside from the indictment’s description that Potemkin (!!) runs the infrastructure for Unit 74455, just the description of the phish of the State Boards of Election and VR Systems includes specific details about which Unit 74455 officer was involved in activities attributed to that unit.

All of which is to say that, for some reason, what is described as an information operations unit — Unit 74455 — conducted the hack of election infrastructure, not the technical hacking unit that carried out the other phishes of Democratic targets.

Perhaps the division of labor between these two units is not so clearcut as the indictment lays out. But if it is, then there may be an explanation why the information operations department would be hacking election infrastructure. Remember that in the days leading up to the election, Guccifer 2.0 — according to the indictment, a Unit 74455 operation — predicted the Democrats might “rig the elections.”

Hacks on SBOEs and election vendors would be an easy piece of evidence to point to to claim that Democrats had stolen the election. That is, it could be that these hacks (which, given that Illinois was targeted most aggressively, weren’t going to alter the presidential election) may have been propaganda designed to undermine the Hillary win that never materialized.

Mind you, I still await the results of the investigation into whether there was a tie between the VR Systems hack and oddities in Durham County, NC on election day, something that would amount to voter suppression rather than altering vote tallies.

But it is at least possible that the attacks on our voting infrastructure were designed as propaganda, this time at least, rather than as an attempt to use the information obtained.

The Worm Turns: Neither Devin Nunes Nor Ron DeSantis (Thus Far) Support Jim Jordan’s Impeachment Bid

As I laid out a few weeks ago, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.

I was in DC when Mark Meadows and Jim Jordan rolled out articles of impeachment against Rod Rosenstein. As a number of people have noted, the articles themselves are batshit crazy, calling over-redaction subsequently corrected a high crime and misdemeanor.

And some of the articles would require a time machine to prove, such as holding Rosenstein responsible for a FISA application submitted when he was merely the US Attorney for MD with no role in the investigation.

But something else is even more interesting to me.

The original press release included the names of 6 congressmen, in addition to Mark Meadows and Jim Jordan, who co-sponsored the articles HR 1028:

  1. Mark Meadows
  2. Jim Jordan
  3. Andy Biggs
  4. Scott Perry
  5. Paul “Dentists Read Body Language” Gosar
  6. Jody Hice
  7. Matt Gaetz
  8. Scott DesJarlais

And while the other three congressmen who joined as co-sponsors seemed a lot more sheepish about signing on, the following me also joined:

  1. John Duncan
  2. Louie Gohmert
  3. Bill Posey

By mid-morning yesterday, in the face of opposition from Paul Ryan and citing some deal with Bob Goodlatte, Meadows and Jordan admitted defeat. Shortly thereafter, Jordan announced a bid to be Speaker, with support from Meadows.

Apparently this morning, the following men signed on:

  1. Tom Massie
  2. Ted Yoho
  3. Ralph Norman
  4. Duncan Hunter

We’re two days into this effort, and thus far, two names are conspicuously absent: Devin Nunes (who has admittedly refrained from officially participating in some of the batshittery to — apparently — limit his legal exposure) and Ron DeSantis, who has spent the last seven months leading efforts to discredit Mueller’s investigation.

While I was in DC, a Republican admitted to me that this was just about ginning up votes and predicted that the House is done meeting until November — meaning Rosenstein should be safe from Congressional tampering until then.

If so, DeSantis’ non-participation in this stunt is telling. He’s running for governor with the vocal support of President Trump.

Indeed, DeSantis currently has a healthy lead against Adam Putnam in the GOP primary, with the primary date a month away, August 28, largely due to Trump’s support.

DeSantis is also one of the people who most obviously benefitted from Russian interference in 2016.

That Ron DeSantis has not (yet) signed onto this stunt suggests he’s not sure that, in a month (or perhaps in three, in the general), having done so will benefit his electoral chances to be governor.

So apparently Jim Jordan (facing sexual assault cover-up charges) and Duncan Hunter (facing even more serious legal troubles) think it’s a smart idea to go all-in on supporting Trump. But Ron DeSantis does not.