On Russian Treason

/26 Comments/in , /by

Yesterday, several reports revealed that a top Kaspersky employee, Ruslan Stoyanov, had been arrested in December on treason charges, along with a top FSB officer. The news has led many people to assume — as Paul Rosenzweig did here that Stoyanov was a source for the dossier on Donald Trump. And the timing of Stoyanov’s arrest — reportedly some time in December — may coincide with the suspicious death of another person who might be tied to the dossier, Oleg Erovinkin.

That may well be the case. But perhaps not in an obvious way. Kaspersky, at least, claims that Stoyanov is under investigation for things that pre-date his start at Kaspersky, so 2012 or earlier.

This case is not related to Kaspersky Lab. Ruslan Stoyanov is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation. The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments.

Moreover, there’s not anyone in the dossier that obviously fits the description of Stoyanov.

That said, there is a tie between Kaspersky and what is assumed to be the DNC hack. On January 8, Shadow Brokers — the entity that dumped a bunch of NSA hacking tools and targets on the web — announced it would sell a bunch of tools targeting Windows. On January 12, it dumped a subset of Windows tools. It claimed, in doing so, it was just dumping the tools identified by Kaspersky. But in fact, not all of them were detected at that point by Kaspersky.

They claim they only dumped the 58 tools that were detected by Kaspersky AV, but the dump contained 61 files.  A little anonymous birdie told me that Kaspersky only detects 43 of these files as of mid-day on the 12th. I don’t like Russian software on my machines so I can’t confirm whether or not that’s true.

At the time, a lot of US security people believed that Kaspersky was part of this plot. But it seemed to me, at the time, that this dump instead targeted Kaspersky for allowing vulnerabilities in Windows they knew about to remain unaddressed by the anti-virus (and perhaps by whatever other services they offered in Russia). The tools are dated, so they definitely could date to the period when Stoyanov was still at FSB.

Mind you, even if this connection explains why Stoyanov was arrested, it doesn’t explain several other things, such as why Russia would arrest Stoyanov before any of these Windows tools were released. Nor does it explain who Shadow Brokers is, and why he’d be targeting Kaspersky.

But it is a known tie between events believed to be related to the DNC hack and Kaspersky.

The Problems with Pompeo: A Willingness to Use Information on Americans Russia Hacked and Shared with Trump

/20 Comments/in , , , /by

On Friday, the Senate confirmed the first two of President Trump’s nominees: Generals Mattis and Kelly to run DOD and DHS, respectfully. But it did not confirm the third nominee slotted for that day, Mike Pompeo. In part because the nomination was not dealt with in regular fashion in the Senate Intelligence Committee (which did not vote out his nomination), Ron Wyden managed to force Mitch McConnell to hold 6 hours of debate tomorrow on his nomination.

Wyden has suggested we need to have more debate because Pompeo hasn’t answered all the questions posed to him. And it is true that Wyden has concerns about the following issues. But perhaps most of all, Wyden’s questions suggest he is concerned that the Trump administration will use information the Russians hacked against Americans.

In follow-up questions posed to Pompeo, Wyden expressed concern about Pompeo’s:

  • Enthusiasm for using bulk collections of “lifestyle” information on Americans
  • Willingness to have the CIA engage in activities the Ambassador or other Chief of Mission disagrees with
  • Squirminess about when the CIA can kill a US person
  • Dodginess on classifying torture information that reveals illegal, embarrassing, competitive, or otherwise unclassified information

But as I said, Wyden’s chief concern appears that Pompeo will use information the Russians have or will give the Trump administration against Americans.

Enthusiasm for using bulk collections of “lifestyle” information on Americans

A big point of concern for Wyden and Martin Heinrich throughout Pompeo’s confirmation process is this op-ed he wrote at the beginning of last year. Based in part on the fact that the intelligence community didn’t find the Tashfeen Malik’s anti-American statements on non-public social media, and in part on the demonstrably false claim that the IC didn’t find the Garland attackers beforehand (in reality, the FBI was cheering them on), Pompeo argued we need to collect still more data. “Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database,” he wrote.

Pompeo has dodged questions about precisely what “lifestyle” information he wants to collect — though it surely includes Twitter’s firehose of data from Dataminr. Sadly, he repeatedly pointed to executive orders in his answers, and the new EO 12333 sharing rules permit the access of “public” information, which can include information from data brokers (though Pompeo claims ignorance of what he might want to use). So while Wyden is concerned that Pompeo will start dragnetting Americans, sadly he has been enabled to do so by one of the last things Obama did.

Willingness to have the CIA engage in activities the Ambassador or other Chief of Mission disagrees with

Another concern Wyden raised pertains to disagreements between the Chief of Mission (the top diplomat in a country) and the CIA Station Chief. This has been an issue in the past at least as it pertains to drone strikes in Pakistan and the torture program, where the Ambassador was either not informed or not properly consulted on CIA activities within a country.

When asked a yes or no question whether he would permit CIA to conduct activities even while an outstanding disagreement remained, Pompeo refused to answer, stating instead that he would seek an expeditious decision from the President. Effectively, he suggested if he were losing a disagreement with State, he’d get Trump to override State.

Squirminess about when the CIA can kill a US person

Wyden, who has long sought guidelines on when the US can kill an American citizen, returned to pre-hearing questions on this topic. After citing the Drone Rule Book requirement that DOJ be involved before taking action against a US person, he asked whether Pompeo agreed with the requirement. Pompeo basically said the US “must consider an American citizen’s constitutional rights prior to targeting him” and “CIA attorneys frequently consult with” DOJ (though left open the possibility of relying on less formal analysis). Ultimately, Pompeo dodged laying out any additional checks he’d following before killing an American.

Dodginess on classifying torture information that reveals illegal, embarrassing, competitive, or otherwise unclassified information

Wyden asked Pompeo if he disagreed with the prohibitions on classifying information to “(1) conceal violations of law, inefficiency, or administrative error; (2) prevent embarrassment to a person, organization, or agency; (3) restrain  competition; or ( 4) prevent or delay the release of information that does not require protection in the interest of national security,” prohibitions that existed in Clinton’s, George W. Bush’s, and Obama’s EOs on classified information. Pompeo said he did not. However, immediately in that context, Wyden asked about the Torture Report, and Pompeo dodged all questions about declassifying the torture report.

Willingness to use information obtained by Russians hacking Americans

But as I said, Wyden’s persistent concerns in his post-hearing questions pertained to whether and how Pompeo would be willing to cooperate with the Russians. Raising a Pompeo hearing comment that if a foreign partner gave the CIA information on US persons “independently,” “it may be appropriate of CIA to collect [that] information in bulk,” Wyden raised Trump’s encouragement of Russian hacking and asked what circumstances would make foreign collection so improper that CIA should not receive such information. Pompeo responded, “information obtained through such egregious conduct may be appropriate for the CIA to use or disseminate.”

Wyden then listed out a bunch of conditions, such as information coming from an adversary, to disrupt US democracy, information implicating First Amendment protected political activity, or information affecting thousands or millions of Americans. “The listed conditions could all be relevant,” Pompeo responded, remaining non-committal.

Wyden raised a Pompeo comment suggesting rules for accessing US person communications under EO 12333 and asked if that was true of information known to include significant US person information. Pompeo said he would consult experts and AGG guidelines (which, arguably, are this flexible).

Wyden raised Pompeo’s promise to expand intelligence cooperation with state and non-state partners, and asked specifically whether this included Russia, and if so how Pompeo planned on dealing with the counterintelligence risks of doing so. Pompeo said he as not referring to “any specific partners,” said, “CIA already has a strong counterintelligence program,” and said anything he did would comply with law and standard practices and be noticed to Congress.

Wyden then asked if “it is legal or appropriate for the White House to obtain from a foreign partner…information that includes the communications of U.S. persons” and if he learned that they were doing so, whether he would inform Congress of it. Pompeo responded “I am not aware of a DCIA role in supervising White House activities or providing legal counsel to the White House on its activities,” apparently committing only to informing Congress of CIA’s own activities.

In short, there are a lot of reasons to be worried about Pompeo as Director of CIA. But Wyden seems most worried that CIA (and the White House) will use information Russia gives them against American citizens.

On Wikileaks and Chelsea Manning’s Commutation

/34 Comments/in , /by

Today, President Obama commuted Chelsea Manning’s sentence, effective May 17. May she have the fortitude to withstand five more months of prison.

Among the many responses to the commutation, many people are pointing to a tweet Julian Assange wrote in September, promising to agree to US prison if Manning got clemency.

Assange made a very similar comment more recently, on January 12.

To Assange’s credit, he has long called for clemency for Manning; and whatever you think of Assange, his anger against Hillary was in significant part motivated by Clinton’s response to the Manning leaks. Manning might have been able to cooperate against Assange for a lesser sentence, but there was nothing Assange did that was not, also, what the NYT has done.

Indeed, the oddity of Assange’s original tweet is that, as far as has been made public, he has never been charged, not even for aiding Edward Snowden as a fugitive.

Nevertheless, since the comments, Assange’s European lawyer said he stands by his earlier comment (though she points out the US has not asked for extradition).

But I’d like to point to a third tweet, which might explain why Assange would be so willing to be extradited now.

The day after Assange repeated his promise to undergo extradition, just as the uproar over the Trump dossier led Christopher Steele to go into hiding has been roiling, Assange also tweeted a comment at least pretending he thought he might be murdered.

Sure, Assange is paranoid. But while Assange has been hiding behind purportedly American IDed cutouts, claiming plausible deniability that he got the DNC emails from the Russians, he surely knows, now, those people were cut-outs. The Russians, Trump, and any American cutouts that Assange could ID would badly like him to sustain that plausible deniability.

And the Russians have a way of silencing people like that, even in fairly protected places in London.

So while Assange could just be blowing smoke, Assange may well be considering his options, coming to the US on a plea deal versus dealing with Putin’s goons.

All of which might make such deals more attractive.

Update: Here’s Assange’s latest on this.

Brennan Makes Even Crazier Plausible Deniability Claims about Trump Dossier

/19 Comments/in , /by

As I have laid out, the intelligence community has been making some odd claims about the Trump dossier. First, James Clapper claimed that the IC was the last to learn of the dossier, in spite of the fact that IC member FBI was getting the reports at least by August and probably earlier. Then, Sunday, John Brennan claimed the IC couldn’t be held responsible for leaking the dossier (though without denying that the IC had leaked it), because the dossier had already been out there; except the dossier — released with a report that post-dates all known public versions of the dossier — therefore post-dates what “was already out there.”

Brennan’s back with yet another claim, this in response to Trump’s insinuation that Brennan might have leaked it: Brennan claimed he has never read the dossier.

“Was I a leaker of this? No,” Mr. Brennan said Monday in an interview at CIA headquarters, days before he ends a career that has spanned more than three decades and that took him from entry-level recruit to head of the nation’s most storied spy service.

“First of all, this is not intelligence community information,” Mr. Brennan said. He noted that the dossier had been circulating “many months” and that he first heard about it from inquiring reporters last fall. To date, he hasn’t read the document and gave it no particular credence, he said.

“I would have no interest in trying to give that dossier any additional airtime,” Mr. Brennan said.

I mean, sure, you’re conducting one of the most sensitive briefings of recent history. The briefers here are all principals — along with Brennan and Clapper, Admiral Mike Rogers and Jim Comey. And you don’t even read the stuff that goes into it? You don’t review the underlying dossier that, you claim, you’re briefing just so Trump knows what the Russians have on him?

That may well be true. But if it is, it suggests a very deliberately cultivated plausible deniability, one that the decision to have Comey brief the dossier to Trump by himself only adds to. Most charitably, Brennan cultivated such deniability only to ensure he can claim that the CIA is not engaging in domestic politics (and that may well be enough).

But along with the pointedly false claims about what the IC knew when, the claim raises questions about why CIA would go so far out of its way to be able to claim they didn’t know.

The Significance of the December 13 Trump Dossier Report

/40 Comments/in , /by

John Brennan and Donald Trump are in a fight.

In his press conference last week, Trump called out the intelligence community for “allowing … information that turned out to be so false and fake” out, likening the leak to something that would happen in Nazi Germany.

I think it was disgraceful, disgraceful that the intelligence agencies allowed any information that turned out to be so false and fake out. I think it’s a disgrace. And I say that and I say that.

And that’s something that Nazi Germany would have done and did do. It’s a disgrace. That information that was false and fake and never happened got released to the public, as far as BuzzFeed, which is a failing pile of garbage, writing it, I think they’re going to suffer the consequences.

Over the weekend, Brennan went on Fox News to scold Trump for the Nazi analogy. At that appearance, he said this about the release of the dossier.

I think as the Director of National Intelligence said in his statement, this is information that’s been out there, circulating, for many months. So it’s not a question of the intelligence community leaking or releasing this information. It was already out there.

[snip]

There is no basis for Mr. Trump to point fingers at the intelligence community for leaking information that was already available publicly.

In response to Brennan’s appearance (and his suggestion Trump didn’t know what the fuck he was doing in Syria and Russia), Trump insinuated that Brennan may have leaked the dossier.

Let’s unpack this. Because while I have no idea who leaked the document (though I highly doubt Brennan would have done so personally), the intelligence community’s claims are really suspect.

As I noted last week, the James Clapper statement rather bizarrely claimed the IC was the last to know about the document. The dossier, according to Clapper, was “widely circulated in recent months among the media, members of Congress and Congressional staff even before the IC became aware of it.”

That (as some people have pointed out) cannot be true.

The stories about what Christopher Steele did when have been evolving. But David Corn’s description, based off a conversation that occurred before the IC started making public claims, strongly suggests that Steele started sharing documents with the FBI “soon” after “the end of June.”

By the end of June, he was sending reports of what he was finding to the American firm.

The former spy said he soon decided the information he was receiving was “sufficiently serious” for him to forward it to contacts he had at the FBI. He did this, he said, without permission from the American firm that had hired him. “This was an extraordinary situation,” he remarked.

Some other reports, based off claims made after the Clapper statement, put this date later — maybe August — even while the implication has always been that the FBI request for a FISA warrant in June stems from these reports.

Even if that information sharing dates to August, however, it would mean the FBI — a member of the IC — had regular updates from the dossier at least by then, if not by June. Sure, you might claim that FBI investigative teams are not part of the IC, but given that this would be a counterintelligence investigation, that’d be a laughable claim.

In other words, even assuming the claims about where the dossier came from and who paid for it are true, the IC was not the last to know, but one of the first.

There are two other dates of note that go into the claim the dossier was widely circulated before it got briefed to Trump this month. We know that the IC briefed the Gang of Eight on this dossier in October. Shortly thereafter, Corn received a copy of the dossier and wrote about it (though he has not revealed who gave it to him). Then in December, John McCain got a copy from Sir Andrew Wood. According to a Guardian article published around 9AM on the same day as the Clapper statement, McCain had not only received the dossier, but handed it over — yet another copy — to the FBI on December 9.

Senator John McCain, who was informed about the existence of the documents separately by an intermediary from a western allied state, dispatched an emissary overseas to meet the source and then decided to present the material to Comey in a one-on-one meeting on 9 December, according to a source aware of the meeting. The documents, which were first reported on last year by Mother Jones, are also in the hands of officials in the White House.

McCain, in a statement released midday on the day of the Clapper statement, is more vague about the hand-off date, describing it only as “late last year.”

I’m working on the specific times, but it is significant that the Guardian with the exact date came out in the morning on January 11, the vague McCain statement came out mid-day sometime, and Clapper’s statement came out that evening.

That’s significant because some people assume that McCain is the one who released the dossier — the dossier he received on December 9.

If that date is correct, the dossier couldn’t have come from McCain, because the last report in the dossier is dated four days later, December 13.

Very significantly, this last report, which talks about the Russian cover-up of the hack, alleges “the operatives involved had been paid by both TRUMP’s team and the Kremlin.” This is, in my opinion, one of the most incendiary claims in the entire dossier — that Trump not only encouraged Russia’s campaign, but paid operatives involved in it.

Just as significantly, the date completely undermines the substance of Brennan’s defense. When he says, “this is information that’s been out there, circulating, for many months. … It was already out there. … There is no basis for Mr. Trump to point fingers at the intelligence community for leaking information that was already available publicly,” he’s wrong. The full set of information released to BuzzFeed — including the allegation Trump paid for this operation — actually hasn’t been out there, because it post-dates all known circulation of the document.

Also remember that journalists have suggested they got copies of the dossier that redacted all the sources. This one didn’t. At least one likely source named in the report has died in curious circumstances since the release of the report.

I really have no idea where the dossier got leaked from — that is one reason I’m so interested in artifacts in the document that may raise questions about the provenance of the released dossier. I also wouldn’t, at this point, be surprised if Trump were getting his own stream of intelligence, possibly even from Russia, about where and how it got released.

But thus far, the IC’s claims about the dossier are even more dodgy than Trump’s, which is saying something.

The Trump Dossier Alleges DNC Insiders Were Involved in Anti-Clinton Operation

/54 Comments/in , /by

I still have questions about the provenance of the Trump dossier, particularly with respect to how we’ve received it. While this article has been touted as answering a lot of questions, it actually creates new ones (plus, it would seem to violate the D Notice that formally prohibits talking about Christopher Steele and his role).

But I did want to point to a passage in the dossier that seems critically important, if it can be deemed true. (Note, Cannonfire has an OCRed version of the dossier here.) According to a July report from Steele, there were DNC insiders involved in the operation.

Agreed exchange of information established in both directions. team using moles within DNC and hackers in the US as well as outside in Russia. PUTIN motivated by fear and hatred of Hillary CLINTON. Russians receiving intel from team on Russian oligarchs and their families in US

[snip]

2. Inter alia, Source E, acknowledged that the Russian regime had been behind the recent leak of embarrassing e-mail messages, emanating from the Democratic National Committee (DNC), to the WikiLeaks platform. The reason for using WikiLeaks was “plausible deniability” and the operation had been conducted with the full knowledge and support of TRUMP and senior members of his campaign team. In return the TRUMP team had agreed to sideline Russian intervention in Ukraine as a campaign issue and to raise defence commitments in the Baltics and Eastern Europe to deflect attention away from Ukraine, a priority for PUTIN who needed to cauterise the subject.

3. In the wider context campaign/Kremlin co-operation, Source E claimed that the intelligence network being used against CLINTON comprised three elements. Firstly there were agents/facilitators within the Democratic Party structure itself; secondly Russian emigre and associated offensive cyber operators based in the US [note: corrected OCE error] and thirdly, state-sponsored cyber operatives working in Russia. All three elements had played an important role to date. On the mechanism for rewarding relevant assets based in the US, and effecting a two-way flow of intelligence and other useful information, Source E claimed that Russian diplomatic staff in key cities such as New York, Washington DC and Miami were using the emigre ‘pension’ distribution system as cover. The operation therefore depended on key people in the US Russian emigre community for its success. Tens of thousands of dollars were involved. [my emphasis]

The claim there were “moles” within the DNC would be perfectly consistent with something Julian Assange has long claimed: that he got the documents from a disgruntled DNC insider.

The Released Trump Dossier Is Not the Complete Dossier

/13 Comments/in /by

Update: Also note that these reports are not done in the same typeface, with variations between sans serif and serif fonts, changes to margins, and at least one report changing font size mid-report. I’ve marked those below as well, and will continue to work on margin size. I’ve been informed that this is a way the Brits track leakers, which means this copy should be identifiable to a particular leaker. 

I want to return to a point I made here about the dossier — billed as an oppo research project — on Donald Trump’s ties to Russia.

This is not the complete dossier. It was selectively released.

The gaps are immediately identifiable from the report numbering, which (as released) goes like this:

  • 080: June 20, 2016, serif
  • 086: July 26, 2015 (citing events in 2016), serif
  • 095: not dated, serif
  • 94: July 19, 2016, serif
  • 097: July 30, 2016, sans, justified
  • 100: August 5, 2016, serif, note typeface size change
  • 101: August 10, 2016, sans
  • 102: August 10, 2016, sans
  • 136: October 20, 2016, serif, wider margins
  • 105: August 22, 2016, serif
  • 111: September 14, 2016, serif
  • 112: September 14, 2016, serif
  • 113: September 14, 2016, serif
  • 130: October 12, 2016, larger sans
  • 134: October 18, 2016, smaller serif
  • 135: October 19, 2016, serif
  • 166: December 13, 2016, serif

You might think some of this is just about pages being out of order but someone — perhaps Buzzfeed? — wrote in page numbers by hand on the lower right.

So the reporting was frequent, sometimes more than daily. It must have started sometime in April, if not before (which explains how a project started by a Republican challenger to Trump ends up with a June 2016 report; we just don’t have the first 79 reports); it’s even possible the earlier reporting included more details on Hillary. Over that time, the reporting protocol changed (no longer identifying each source with a letter). And the reports continue into December, well past the election, and well past the time a Hillary supporter — ostensibly the funder for this project — might want to influence the election.

Reports 94 and 095 are especially weird, as it appears that the temporal sequences is broken. 095 reports on the general scope of the campaign against Hillary. 94 reports on meetings between Carter Page and Igor Sechin.

None of this explains why those gaps exist or what the oddness in reports 94 and 095 stem from. But it is a real reason to question the provenance of the copy BuzzFeed got.

Update: I’ve been informed that these kinds of typeface changes are a way the Brits use to track leakers.

So they may know who the leaker is here.

Here are two screen shots showing the justification and typeface change that happens at report 097.

Here’s page one of report 100. The last line seems to extend beyond the right margin.

The next page of report 100 has noticeably smaller typeface and an apparently different left margin.

Report 101 is back to right justified sans typeface, but much smaller than the one used in report 097. These screen caps are both 100X100 pixels.

 

How Did the IC Allegedly Remain Unaware of a Dossier Widely Shopped in DC?

/27 Comments/in /by

Donald Trump spent yesterday and today going nuts because of the leak of the oppo research dossier. In response last night, James Clapper (who must be counting the seconds until he’s out of here at this point) spoke to Trump personally, then released a statement revealing what he had said. The statement reads:

This evening, I had the opportunity to speak with President-elect Donald Trump to discuss recent media reports about our briefing last Friday. I expressed my profound dismay at the leaks that have been appearing in the press, and we both agreed that they are extremely corrosive and damaging to our national security.

We also discussed the private security company document, which was widely circulated in recent months among the media, members of Congress and Congressional staff even before the IC became aware of it. I emphasized that this document is not a U.S. Intelligence Community product and that I do not believe the leaks came from within the IC. The IC has not made any judgment that the information in this document is reliable, and we did not rely upon it in any way for our conclusions. However, part of our obligation is to ensure that policymakers are provided with the fullest possible picture of any matters that might affect national security.

President-elect Trump again affirmed his appreciation for all the men and women serving in the Intelligence Community, and I assured him that the IC stands ready to serve his Administration and the American people.

While most have focused on the seeming confirmation that a summary of the dossier was included in Trump’s briefing on Friday, I’m most interested in the claim (one I don’t entirely believe) that the IC did not learn about this dossier until after the dossier “was widely circulated in recent months among the media, members of Congress and Congressional staff.”

According to one public claim, the IC learned of the dossier sometime before a late October briefing to the Gang of Eight, one that led Harry Reid to complain publicly that the FBI Was sitting on explosive information.

During that period, the leader of the Democrats in the Senate, Harry Reid, wrote to the director of the FBI, accusing him of holding back “explosive information” about Mr Trump.

Mr Reid sent his letter after getting an intelligence briefing, along with other senior figures in Congress. Only eight people were present: the chairs and ranking minority members of the House and Senate intelligence committees, and the leaders of the Democratic and Republican parties in Congress, the “gang of eight” as they are sometimes called. Normally, senior staff attend “gang of eight” intelligence briefings, but not this time. The Congressional leaders were not even allowed to take notes.

According to another claim — one backed by an on-the-record statement — McCain formally told Comey about the dossier on December 9 (which is the day leakapalooza started).

But I find it really hard to believe that Christopher Steele (the former MI6 officer who created the dossier) was shopping its contents for months without the IC asking some questions. And if it’s true, it means the dossier is entirely separate from the FISA warrant first sought in June.

Not to mention the fact, ODNI seems to be disclaiming IC involvement in things that antagonize Trump right now in ways I find really unconvincing, particularly with respect to CIA.

Ah well. The Intelligence Community. Always the last to know.

The Democrats Newfound Love for Russian Intelligence Product

/38 Comments/in , /by

As you know, Buzzfeed published a dossier laying out Donald Trump’s ties to Russia last night. The dossier is described as oppo research done by a former MI6 agent first for a GOP rival (which doesn’t make a ton of sense as the dossier starts in June 2016) and then picked up by Hillary. There are competing reports on whether this dossier was included in the briefing on the Russian hack intelligence provided to Trump the other day (and I and others falsely claimed that this dossier is what some Senate Dems have pointed to as evidence they’ve been briefed about Trump’s ties to Russia).

I wanted to make a few points about the dossier.

First, note that this is not the complete dossier. There are references to reports that are not included with this dump. That means, even assuming the provenance on all else is solid, this is a cherry picked version of what the former MI6 consultant reported to Hillary.

Second, ask yourself why Hillary didn’t leak this dossier during the election (besides sharing the contents of it with David Corn). I don’t know the answer to that, but I’d sure like to know it (and I’ve got some theories that don’t raise my confidence about the dossier generally).

Third, as a number of people have noted, there are errors in this report, down to the spelling of Alfa Bank. That’s not itself discrediting, but it should caution people not to take this as finished intelligence.

For what it’s worth, I find some of it very credible. Some of it accords with stuff I know. Others of it conflicts in material ways with well-sourced information I know. I find other claims transparently silly (such as the report that anyone believed Trump didn’t have serious business ties to Russia). That may simply speak to the credibility of the individual underlying sources, or it may speak to the dossier generally. I don’t yet have an opinion on that.

Which brings me to the sources. Trump’s team has claimed that these reports come from Russian intelligence, which ought to raise the very good question of why we’d take as Gospel something Russian intelligence said now when we’re supposed to disdain known accurate information (Hillary emails) leaked on behalf of Russian intelligence. Trump’s claim is — as regards the most sensational of the claims in the report, that Trump had prostitutes urinate on a bed that Barack and Michelle Obama had used while in Moscow, as well as a few more of the claims — true. It is not true for others of the claims.

Which is to say, I’m not entirely sure what to make of this dossier yet. It is more interesting to me as an artifact — as something that Hillary had but chose not to leak but that got leaked yesterday of all days — than as a source of information, but I do think some of the information in the dossier might, with far more vetting, turn out to be somewhat accurate. There are reports FBI is investigating this document that I’m not 100% sure I believe.

I’ll come back to this analysis when I can print out the document, but here’s a list of all of the sources used in the report. Remember, before you get to these embedded sources (most are described as a “compatriot” of the actual source), you’ve got to remember the former MI6 agent paid to do opposition research (and perhaps directing his agents to look for opposition research). So everything here is Hillary’s surrogates to former MI6 agent to (usually) a “compatriot” to the underlying source. Also, some of these sources are obviously repetitive (such as the source close to Ivanov), so the entire dossier likely relies on closer to 10 underlying sources than the 31 listed here.

  1. Source A: Senior Russian Foreign Ministry figure with knowledge of intelligence the Kremlin was feeding Trump [via trusted compatriot]
  2. Source B: Former top level Russian intelligence officer still active insider the Kremlin, who says the Russians have enough material to blackmail Trump [via trusted compatriot]
  3. Source C: Senior Russian financial official
  4. Source D: A close associate of Trump who knows that the Ritz Carlton is under control by FSB
  5. Source E: redacted, possibly a staffer at the Ritz Carlton, which is reportedly controlled by FSB
  6. Source F: A female staffer at the Ritz, which is reportedly controlled by FSB
  7. Source G: A senior Kremlin official
  8. Unlabeled senior government official claiming the Russians had had only limited success penetrating foreign governments we know they’ve penetrated (like the US) but explaining RU had had increasing problems with its own hackers
  9. A Russian IT specialist with direct knowledge of FSB’s coercion and blackmail used to recruit hackers
  10. An IT operator inside a leading Russian State Owned Entity familiar with FSB penetration of a foreign director
  11. An FSB cyber operative
  12. Source E2: An ethnic Russian close associate of Trump who claims Trump has a minimal investment profile in Russia
  13. A Russian source close to Rosneft President Igor Sechin
  14. A compatriot of an official close to Presidential Admin Head Sergei Ivanov
  15. A trusted associate of a Russian émigré figure
  16. A Kremlin source close to Sergei Ivanov
  17. A Kremlin source close to Dmitri   Medvedev
  18. A close colleague of Sergei Ivanov
  19. A Kremlin official involved in US relations
  20. An ethnic Russian associate of Trump, who had spoken to Carter Page
  21. A compatriot of a Kremlin insider discussing Duma Head of Foreign Relations Committee Konstantin Kosachev
  22. A well-placed Russian figure
  23. An American political figure associated with Trump
  24. A trusted compatriot of a senior member of Presidential Administration and of a senior Minister of Foreign Affairs official
  25. A former top level Russian intelligence officer
  26. A trusted compatriot of a top level Russian government official
  27. A trusted compatriot of a St. Petersburg member of the political/business elite and another involved in the services/tourist industry
  28. A trusted compatriot of a senior Russian leadership figure and a foreign ministry official
  29. A trusted compatriot of a close associate of Rosneft President Igor Sechin, a senior member of Sechin’s staff, and a Kremlin insider with direct access to the leadership
  30. A longstanding compatriot friend of a Kremlin insider
  31. [Redacted]

 

Two Cautions on the Russian Hack of RNC Servers

/23 Comments/in /by

I followed the Senate Intelligence Committee Hearing on the Russian hacking via Twitter on the train.

From what I can tell, there was a big stink about the fact that Russia hacked, but did not release, information from Republicans (aside from Colin Powell, but he appears to have been kicked out of the Republican party as far as hacking victims go). In addition, there was some befuddlement about the fact that the Russians hacked an old RNC server. Here’s WSJ’s coverage of it.

There are two details in the public domain that may go some way to explain the discrepancy.

First, as I pointed out here, you should distinguish between FSB and GRU when discussing these things (something the head spooks have been really sloppy about doing, helped in part by combining two different hacking groups into one Grizzly Steppe). As far as we know, FSB hacked the DNC for months, but never released anything. Whereas GRU was only in the DNC server for a few months, but then passed on the documents they stole to be leaked.

From what I’ve read online (I’ll check later) it’s possible FSB hacked the RNC, but — as they are thus far believed to have done with the DNC too — simply sat on the documents.

In addition, this report from SecureWorks (which is one of the more measured security contractor reports on the hack), which tracked which entities and people were targeted by fake GMail links, reveals that key Republican entities don’t use GMail and therefore would have had to have been hacked via other means.

Republican party or the other U.S. presidential candidates whose campaigns were active between mid-March and mid-May: Donald Trump, Bernie Sanders, Ted Cruz, Marco Rubio, and John Kasich. However, the following email domains do not use Google mail servers and may have been targeted by other means:

  • gop.com — used by the Republican National Committee
  • donaldjtrump.com — used by the Donald Trump campaign
  • johnkasich.com — used by the John Kasich campaign

Access to targets’ Google accounts allows TG-4127 to review internal emails and potentially access other Google Apps services used by these organizations, such as Google Drive.

Of course, phishing is phishing, and if you can make an expert fake of a Gmail login, you can do the same for some other login. But one major source of information on the hack of Democrats (though not necessarily on the DNC, given that it was not using Gmail when the report was done) has a gap for the campaigns that didn’t use Gmail.

Presumably, the IC has more than just a bunch of clicked fake Gmail links to go on, though, including awareness of other, non-Gmail phishing campaigns.

That said, details like this are one of the reasons top spooks would raise confidence in their Trust Us claims by being rigorous about what they’re actually referring to.