Posts

John Durham’s Top Prosecutor, Andrew DeFilippis, Allegedly Miffed that DARPA Investigated Guccifer 2.0

Vladimir Putin’s invasion of Ukraine and the sanctions imposed as a result has led lawyers in the US to drop the now-sanctioned Alfa Bank and its owners, leading to the dismissal of the John Doe, BuzzFeed, and Fusion GPS lawsuits filed by Alfa Bank or its owners. That has, for now, brought an end to a sustained Russian effort to use lawfare to discover “U.S. cybersecurity methods and means” (as some of Alfa’s targets described the effort).

But the dismissal of the Alfa Bank suits hasn’t halted the effort to expose US cybersecurity efforts in the guise of pursuing right wing conspiracy theories. Both Federalist Faceplant Margot Cleveland and “online sleuths” goaded, in part, by Sergei Millian have picked up where Alfa Bank left off. In recent days, for example, documents obtained via a Federalist FOIA to Georgia Tech exposed the members of a cybersecurity sharing group, including a bunch at Three-Letter Agencies, which has little news value but plenty of intelligence value to America’s adversaries (these names were released even while someone — either Georgia Tech or the Federalist — chose to redact the contact information for Durham’s investigators, some of which is otherwise public).

Even while doing her part to make America less safe (raising the perennial question of who funds the Federalist), Cleveland has continued to do astounding work misrepresenting Durham’s investigation. From the same FOIA release, she published a document in which research scientist Manos Antonakakis described that chief Durham AUSA Andrew DeFilippis insinuated to him that it was abusive for DARPA to try to discover the network behind the Guccifer 2.0 persona.

Finally, I will leave you with an anecdote and a thought. During one of my interviews with the Special Counsel prosecutor, I was asked point blank by Mr. DeFilippis, “Do you believe that DARPA should be instructing you to investigate the origins of a hacker (Guccifer_2.0) that hacked a political entity (DNC)?” Let that sync for a moment, folks. Someone hacked a political party (DNC, in this case), in the middle of an election year (2016), and the lead investigator of DoJ’s special council would question whether US researchers working for DARPA should conduct investigations in this matter is “acceptable”! While I was tempted to say back to him “What if this hacker hacked GOP? Would you want me to investigate him then?”, I kept my cool and I told him that this is a question for DARPA’s director, and not for me to answer.

Assuming this is an accurate description, this is a shocking anecdote, a betrayal of US national security.

It suggests that Durham’s lead prosecutor doesn’t believe the government should throw its most innovative research at a hostile nation-state attack while that nation-state is attempting to influence an election. Sadly, though, it’s not surprising.

It is consistent with things we’ve seen from Durham’s team throughout. It’s consistent with Durham’s treatment of a loose tie between an indirect and unwitting Steele dossier source and the Hillary campaign as a bigger threat than multiple ties to Russian intelligence (or Dmitry Peskov’s office, which knew that Michael Cohen and Donald Trump were lying about the former’s secret communications with Peskov’s office). It is consistent with Durham’s more recent suggestion that the victim of such a nation-state attack must wait until after an election to report a tip that might implicate her opponent.

I almost feel like DeFilippis will eventually say Hillary should have just laid back and enjoyed being hacked in 2016.

DeFilippis, and Durham generally, have consistently treated Hillary as a far graver threat than Russia, even now, even as Russia conducts a barbaric invasion of a peaceful democracy.

But Antonakakis’ anecdote is all the more troubling because it suggests that DeFilippis seems to misunderstand what happened with the DARPA contract in question in 2016. The Enhanced Attribution RFP’s description of the hacking campaigns it was targeting — “multiple concurrent independent malicious cyber campaigns, each involving several operators” — pretty obviously aims to tackle Advanced Persistent Threats, of which APT 28 and 29 (both of which targeted the DNC) were among the most pressing in 2016. DARPA presumably didn’t ask Antonakakis to focus on Guccifer 2.0 — a persona which didn’t exist when the contract was put up for bid in April 2016, much less in the months earlier when it was originally conceived. Rather, by description, they were asking bidders to look at APTs, and looking at APT 28 would have happened to include looking at Guccifer 2.0, the DNC hack, and a number of hacks elsewhere in the US and the world.  The reason DARPA would ask Georgia Tech to look at APT 28 is because APT 28 was hacking a lot of targets in the time period, all of which provided learning sets for a researcher like Antonakakis. DeFilippis, then, seems miffed that the APT that DARPA wanted to combat happened to be one of two that targeted Hillary.

That’s a choice Russia made, not DARPA.

While I think Cleveland did serious damage with some of her releases, I’m glad she released this document because it provides a way for Michael Sussmann to make DeFilippis’ troubling views on national security a central issue at trial, something that normally is difficult to do.

It also provided Cleveland another opportunity to faceplant in spectacular trademark Federalist fashion. Cleveland used this document to rile up the frothers by suggesting this is proof that Durham is investigating the DNC attribution.

Exclusive: Special Counsel’s Office Is Investigating The 2016 DNC Server Hack

The U.S. Department of Defense tasked the same Georgia Tech researcher embroiled in the Alfa Bank hoax with investigating the “origins” of the Democratic National Committee hacker, according to an email first obtained by The Federalist on Wednesday. That email also indicates the special counsel’s office is investigating the investigation into the DNC hack and that prosecutors harbor concerns about the DOD’s decision to involve the Georgia Tech researcher in its probe.

[snip]

The public storyline until now had been that CrowdStrike, the cybersecurity firm Sussmann hired in April 2016, had concluded Russians had hacked the DNC server, and that the FBI, which never examined the server, concurred in that conclusion. Intelligence agencies and former Special Counsel Robert Mueller likewise concluded that Russian agents were behind the DNC hack, but with little public details provided.

It now appears that DARPA had some role in that assessment, or rather Antonakakis did on behalf of DARPA, which leads to a whole host of other questions, including whether DARPA had access to the DNC server and data and, if so, from whom did the DOD’s research arm get that access? Was it Sussmann?

There’s no reason to believe this and every reason to believe that — as I said — DeFilippis is pissed that DARPA prioritized their research on a target that was badly affecting national security (and not just in US, but also in allied countries) in 2016, one that happened to attempt to help Trump get elected.

But look how many errors Faceplant’s Cleveland made in the process:

Cleveland repeats the Single Server Fallacy, imagining that the DNC, DCCC, and Hillary had just one server between them to be hacked and all the servers that got hacked were in the possession of one of those victims. That’s, of course, ridiculous. The server that GRU hacked to get John Podesta’s emails belonged to Google. The server that GRU hacked to get Hillary’s analytics belonged to AWS. There was a staging server in AZ; I have been told that the FBI seized at least one US-based server that did not belong to the DNC (that server is why the frothy right’s focus on what Shawn Henry testified to HPSCI is so painfully ignorant — because it ignores that the FBI had access to servers that Henry did not that did show exfiltration).

Cleveland apparently doesn’t know that FBI knew who was hacking the DNC when they warned them starting in September 2015 they were being hacked. The FBI’s awareness of that not only explains why APT 29 and 28 would have been included in DARPA’s targets for EA, but proves that the government was tracking these hacking groups above and beyond the attack on Hillary. This was never just a reaction to the election year hack.

Cleveland claims Mueller’s attribution of the DNC hack to the GRU provided “little public details,” when in fact the Mueller Report showed 29 sources other than CrowdStrike, including:

  • Gmail
  • Linked-In
  • Microsoft
  • Facebook
  • Twitter
  • WordPress
  • ActBlue
  • AWS
  • AOL
  • Smartech Corporation
  • URL shortening service
  • Bitcoin exchanges
  • VPN services

According to Mueller’s report, all these sources also corroborated the GRU attribution. And Mueller’s list doesn’t include a number of other known entities that corroborated the attribution, including NSA and Dutch intelligence, which couldn’t be named in a public DOJ document. Mueller’s list doesn’t include Georgia Tech either, but it wouldn’t need to, because there was so much other evidence.

The Mueller Report described obtaining almost 500 warrants, but the released list — from which FBI’s Cyber Division successfully withheld those pertaining to the GRU investigation — only includes around 370-400 warrants (based on an 156 pages of warrants with roughly three per page), suggesting there may be 100 warrants tied to the GRU attribution alone.

By the time Antonakakis started looking at the DNC hack as part of EA, multiple entities, including several Infosec contractors, non-US intelligence services, and non-governmental entities like tech giants (including at least three of the ones on Mueller’s list), had plenty of evidence that the Guccifer 2.0 campaign was run by the APT 28. Including Guccifer 2.0 as part of the research set would simply be part of the existing targeting of a dangerous APT.

But apparently neither DeFilippis nor Cleveland understand that 2016 was part of an ongoing identified threat to US national security.

One thing Putin did in 2016 was to use disinformation to train the frothy right to favor Russia more than fellow Americans from the opposing party. Even as Russia attacks Ukraine, that still seems to be true.

John Durham and Newly-Sanctioned Alfa Bank’s Filings: “Almost like they were written by the same people”

In a DC hearing on February 9 regarding Alfa Bank’s attempt to obtain documents from Michael Sussmann before his trial, DC Superior Judge Shana Frost Matini observed that the Alfa Bank allegations and the John Durham indictment seemed like they could be written by the same people.

[R]ight now, given the — if the closeness of Alpha’s allegations, I mean, quite frankly, it’s — reading Alpha’s submissions and what the — and that compared to the indictment, there’s — it’s almost like they were written by the same people in some way. [Alpha misspelling original]

Judge Matini, a Trump appointee, scolded Alfa — which over this past weekend was included in sanctions against Russian banks in retaliation for the invasion — for claiming that their lawsuit and Durham’s indictment of Sussmann were not closely related after having raised the indictment in the first place.

As to the claims that the criminal and civil proceedings are not closely related, this is a surprising representation for Alpha to make, given that Alpha was the one to bring the criminal charges to the Court’s attention by filing what was styled as a notice of supplemental authority in support of its Motion to Compel.

Of course, there is no Supplemental Authority here. A criminal indictment is not an opinion of the Court. It’s just a charge that the prosecuting authority is bringing against an individual with facts that are alleged to support the charge.

In dual lawsuits in FL and PA, Alfa Bank purports to be trying to figure out who allegedly faked DNS records to make it look like Alfa was in contact with Trump back in 2016 so it can sue those people. Rather than finding anyone to sue, however, it has instead spent its time subpoenaing experts to learn as much as it can about how the US tracks DNS records to prevent cyberattacks by — among other hostile countries — Russia.

Matini ruled that Alfa’s effort to get more information from Sussmann will have to wait until June, after his trial. (It’s unclear whether the sanctioned bank will still have legal means to pay Skadden lawyers to pursue this lawsuit at that point.)

But since then, the timelines of the Alfa Bank and Durham investigations have closely paralleled.

Of particular interest, on the morning of February 11, Rodney Joffe — referred to as Tech Executive-1 in the Durham filings — sat for an almost 5-hour deposition with Alfa Bank’s lawyers. He revealed that Durham had first approached him for an interview at least a year earlier. He revealed he had been asked to testify before the grand jury, but he “declined to interview,” presumably meaning he told Durham he’d invoke the Fifth (just as Don Jr and probably his daddy are understood to have done with Mueller).

Joffe’s refusal to voluntarily feed this witch hunt continued in his Alfa deposition. Citing the ongoing Durham investigation, he invoked the Fifth Amendment a slew of times (though not as many times as your average Trump man in a financial fraud deposition or even Alex Jones in an interview about an insurrection). Those questions to which he invoked his Fifth Amendment rights and those he answered mapped out an interesting territory, marking who he does know and those Alfa thought he did but that he does not.

For example, he said he had never heard of Alfa Bank before investigating the anomaly related to it. He said he had never met Jean Camp or several of the other researchers that frothers are certain he conspired with. Joffe twice said he had never met Christopher Steele and also said he “had no idea” that Sussmann met with Steele about the server allegations. He denied knowing what the contract between Georgia Tech and DARPA looked like.

Alfa made a number of mistakes — confusing a domain name with a business. Claiming he authored a paper that David Dagon had. Asking him about several emails he hadn’t been sent.

There were several claims Alfa made that Joffe’s lawyer, Steven Tyrrell, established a record were unproven assumptions on Alfa’s part, such as that Joffe got one of the white papers described in the indictment. Importantly, that includes a question about the EOP server.

Q: I was just going to ask Mr. Joffe whether or not he knows who the executive branch office of the U.S. government is?

A: I have to invoke my Fifth Amendment rights.

Mr. Tyrrell: And Margaret, if I may, just — I apologize. Just for the record, I want to be clear that — that in invoking his rights and my allowing my client to invoke his rights, that should not be interpreted as an admission that the — I mean, you’ll argue whatever it is, if you do, that the allegations, which are just allegations in the indictment, are accurate.

In addition to those curious objections, there were several things alleged in the indictment that Joffe outright denied. In several questions, Joffe challenged the meaning of an email Durham has used to suggest he anticipated, and wanted, a top cybersecurity job within a hypothetical Hillary Administration. After objecting to the form of the way the Alfa Bank’s Skadden lawyer tried to corner Joffe into answering the question, Tyrrell answered,

You know, again, our position on this is Mr. Joffe is happy to answer the question that was posed about whether he was ever offered the top cybersecurity job by the Democrats when it looked like they’d win. I think he’s answered that question.

He’s not going to answer questions about communications that he may or may not have had with other people about the topic. And as to those, he would invoke his rights under the Fifth Amendment.

Joffe answered no to three questions about whether the Clinton campaign paid him for his work on the server allegations, a false claim that Kash Patel spread.  Joffe also distinguished his concern about Donald Trump from a political desire to see him lose.

I’ve never been interested in politics. I’ve never been involved in politics. I haven’t voted for many, many years. I haven’t donated to any parties or any — or given any kind of benefit to any parties, but I certainly over the last few years have had an interest in the politics of the country that I live in.

That explanation premised two invocations of his Fifth Amendment in response to questions about Trump specifically.

In other words, Joffe’s Alfa Bank deposition on February 11 undermined several of the premises of the Durham investigation, while it identified several areas where his lawyer suggested Alfa’s assumptions were wrong (in the hearing on Laura Seago’s deposition, there was a central Alfa Bank assumption I know to be badly wrong).

Joffe’s deposition ended at 2:07PM ET on February 11.

Nine hours later, at 11:32PM, Durham submitted the belated conflicts motion — which would have been filed in September if Durham really had concerns about any conflict — and floated a number of claims about Joffe, claims that went beyond those in the indictment. Joffe is mentioned twenty times, including the following:

The defendant’s billing records reflect that the defendant repeatedly billed the Clinton Campaign for his work on the Russian Bank-1 allegations. In compiling and disseminating these allegations, the defendant and Tech Executive-1 also had met and communicated with another law partner at Law Firm-1 who was then serving as General Counsel to the Clinton Campaign (“Campaign Lawyer-1”).

The Indictment also alleges that, beginning in approximately July 2016, Tech Executive-1 had worked with the defendant, a U.S. investigative firm retained by Law Firm-1 on behalf of the Clinton Campaign, numerous cyber researchers, and employees at multiple Internet companies to assemble the purported data and white papers. In connection with these efforts, Tech Executive-1 exploited his access to non-public and/or proprietary Internet data. Tech Executive-1 also enlisted the assistance of researchers at a U.S.-based university who were receiving and analyzing large amounts of Internet data in connection with a pending federal government cybersecurity research contract. Tech Executive-1 tasked these researchers to mine Internet data to establish “an inference” and “narrative” tying then-candidate Trump to Russia. In doing so, Tech Executive-1 indicated that he was seeking to please certain “VIPs,” referring to individuals at Law Firm-1 and the Clinton Campaign.

The Government’s evidence at trial will also establish that among the Internet data Tech Executive-1 and his associates exploited was domain name system (“DNS”) Internet traffic pertaining to (i) a particular healthcare provider, (ii) Trump Tower, (iii) Donald Trump’s Central Park West apartment building, and (iv) the Executive Office of the President of the United States (“EOP”). (Tech Executive-1’s employer, Internet Company-1, had come to access and maintain dedicated servers for the EOP as part of a sensitive arrangement whereby it provided DNS resolution services to the EOP. Tech Executive-1 and his associates exploited this arrangement by mining the EOP’s DNS traffic and other data for the purpose of gathering derogatory information about Donald Trump.)

The Indictment further details that on February 9, 2017, the defendant provided an updated set of allegations – including the Russian Bank-1 data and additional allegations relating to Trump – to a second agency of the U.S. government (“Agency-2”). The Government’s evidence at trial will establish that these additional allegations relied, in part, on the purported DNS traffic that Tech Executive-1 and others had assembled pertaining to Trump Tower, Donald Trump’s New York City apartment building, the EOP, and the aforementioned healthcare provider. In his meeting with Agency-2, the defendant provided data which he claimed reflected purportedly suspicious DNS lookups by these entities of internet protocol (“IP”) addresses affiliated with a Russian mobile phone provider (“Russian Phone Provider-1”). The defendant further claimed that these lookups demonstrated that Trump and/or his associates were using supposedly rare, Russian-made wireless phones in the vicinity of the White House and other locations. The Special Counsel’s Office has identified no support for these allegations. Indeed, more complete DNS data that the Special Counsel’s Office obtained from a company that assisted Tech Executive-1 in assembling these allegations reflects that such DNS lookups were far from rare in the United States. For example, the more complete data that Tech Executive-1 and his associates gathered – but did not provide to Agency-2 – reflected that between approximately 2014 and 2017, there were a total of more than 3 million lookups of Russian Phone-Provider-1 IP addresses that originated with U.S.-based IP addresses. Fewer than 1,000 of these lookups originated with IP addresses affiliated with Trump Tower. In addition, the more complete data assembled by Tech Executive-1 and his associates reflected that DNS lookups involving the EOP and Russian Phone Provider-1 began at least as early 2014 (i.e., during the Obama administration and years before Trump took office) – another fact which the allegations omitted.

As I noted, less than a day after Durham filed that motion, the former President suggested that Joffe had been spying and should be killed. In response to the furor, Joffe’s spox later issued a statement clarifying what went on — precisely the information he had tried to plead the Fifth over.

In a statement, a spokesperson for Mr. Joffe said that “contrary to the allegations in this recent filing,” he was apolitical, did not work for any political party, and had lawful access under a contract to work with others to analyze DNS data — including from the White House — for the purpose of hunting for security breaches or threats.

After Russians hacked networks for the White House and Democrats in 2015 and 2016, it went on, the cybersecurity researchers were “deeply concerned” to find data suggesting Russian-made YotaPhones were in proximity to the Trump campaign and the White House, so “prepared a report of their findings, which was subsequently shared with the C.I.A.”

And some of the other researchers had to provide more details to push back on the frenzy (including that the data from EOP preceded Trump’s inauguration). Few outlets, though, have presented the basic innumeracy in Durham’s filing about the rarity of YotaPhones as anything but a contested issue.

And after Durham incited claims that Joffe should be killed, one week later Alfa Bank then affirmed the tie between Joffe and Tech Executive 1 by posting his deposition in their motion to get another four months to conduct their fishing expedition. That has had the effect of further inflaming the frothy right, and providing Durham sworn testimony from Joffe that he was otherwise not entitled to (including several warnings about how his case against Sussmann may be vulnerable).

In the wake of the release of the Florida filing, Joffe’s lawyers intervened in the Sussmann case and then filed a separate sealed motion to strike the (misleading) references to Joffe in the filing.

A Trump appointed judge in DC believes these efforts look like they’re being written by the same people. Whether Durham’s sources and a sanctioned Russian Bank’s sources are “colluding,” these parallel developments had the effect of depriving Joffe of his ability to fully invoke the Fifth Amendment. And with the help of a sanctioned Russian bank, it gave Durham a substantial benefit in a criminal investigation.

Timeline

January 25: Durham asks to extend discovery deadline

January 28: Durham admits that Durham was informed about the James Baker phone he claimed to forget knowing about

February 9: Michael Sussmann succeeds in staying Alfa Bank’s effort to get documents from him

February 10: Fusion GPS’ Laura Seago attempts to quash a subpoena

February 11, 9:30AM: Rodney Joffe deposition

February 11, 11:32PM: Durham files a motion purporting to be a conflicts motion that misrepresents the evidence

February 14: Sussmann asks to strike unsupported allegations in conflicts motion

February 14: Peter Fritsch deposition

February 17: Sussmann moves to dismiss the case, arguing his alleged lie would not be material

February 17: Durham claims that the close associates of the investigation that lied about what the conflicts motion said have nothing to do with the Durham team

February 18: Alfa Bank requests another extension to keep looking for John Does in FL

February 24: Rodney Joffe’s lawyers file notices of appearance in the Sussmann docket

February 25: Judge Christopher Cooper schedules a hearing on the conflicts motion for March 7

February 28: Joffe files a sealed motion to expunge the references to Tech Executive-1

March 1: Judge Cooper sets a Friday deadline for the government to respond to Joffe’s motion

March 7: Hearing scheduled to address conflicts memo

In Indictment Accusing Michael Sussmann of Hiding Details about Researchers, John Durham Hid Details about Researchers

In my initial John Durham Is the Jim Jordan of Ken Starrs post pointing to all the problems with John Durham’s attempt to criminalize victims reporting on information operations, I described Durham’s description of why Michael Sussmann’s alleged lie was material.

SUSSMANN’s lie was material because, among other reasons, SUSSMANN’s false statement misled the FBI General Counsel and other FBI personnel concerning the political nature of his work and deprived the FBI of information that might have permitted it more fully to assess and uncover the origins of the relevant data and technical analysis, including the identities and motivations of SUSSMANN’s clients.

Had the FBI uncovered the origins of the relevant data and analysis and as alleged below, it might have learned, among other things that (i) in compiling and analyzing the Russian Bank-1 allegations, Tech Executive-1 had exploited his access to non-public data at multiple Internet companies to conduct opposition research concerning Trump; (ii) in furtherance of these efforts, Tech Executive-1 had enlisted, and was continuing to enlist, the assistance of researchers at a U.S.-based university who were receiving and analyzing Internet data in connection with a pending federal government cybersecurity research contract; and (iii) SUSSMAN, Tech Executive-1, and Law Firm-1 had coordinated, and were continuing to coordinate, with representatives and agents of the Clinton Campaign with regard to the data and written materials that Sussmann gave to the FBI and the media. [my emphasis]

John Durham says it is a crime to hide details about the researchers who first identified the Alfa Bank anomaly.

Yet, even based on the indictment, I identified a number of holes in Durham’s description of what the researchers had done. Yesterday, NYT and CNN both published stories identifying the four researchers — Rodney Joffe (Tech Executive-1), April Lorenzen (Tea Leaves, whom Durham needlessly renamed Originator-1), Manos Antonakakis (Researcher-1), and David Dagon (Researcher-2) — showing that the holes I identified in the indictment indeed left out information that totally undermined Durham’s insinuations.

For example, I noted that the date when what NYT identifies as DARPA shared information with the researchers is important to identify whether they obtained the data in order to research Trump.

At some point [Durham doesn’t provide even a month, but by context it was at least as early as July 2016 and could have been far, far earlier], TE-1’s company provided a university with data for a government contract ultimately not contracted until November 2016, including the DNS data from an Executive Branch office of the US government that Tech Exec-1’s company had gotten as a sub-contractor to the US government. [This date of this is critical because it would be the trigger for a Conspiracy to Defraud charge, if Durham goes there.]

NYT describes that DARPA first approached potential partners in the spring, long before Sussman or Joffe got involved.

The involvement of the researchers traces back to the spring of 2016. DARPA, the Pentagon’s research funding agency, wanted to commission data scientists to develop the use of so-called DNS logs, records of when servers have prepared to communicate with other servers over the internet, as a tool for hacking investigations.

DARPA identified Georgia Tech as a potential recipient of funding and encouraged researchers there to develop examples. Mr. Antonakakis and Mr. Dagon reached out to Mr. Joffe to gain access to Neustar’s repository of DNS logs, people familiar with the matter said, and began sifting them.

I noted that Durham didn’t give the date when Lorenzen first started looking at the the DNS data. That date is another read of whether she had done so out of malice targeting Trump.

By some time in late July 2016 [the exact date Durham doesn’t provide], a guy who always operated under the pseudonym Tea Leaves but whom Durham heavy-handedly calls “Originator-1” instead had assembled “purported DNS data” reflecting apparent DNS lookups between Alfa Bank and “mail1.trump-email.com” that spanned from May 4 through July 29.

NYT reveals that Lorenzen and Dagon first started talking about using the DNS data to check other election-related hacking at a conference that went from June 13 to June 16 (meaning, the DNC hack would have been revealed during the conference).

Separately, when the news broke in June 2016 that Russia had hacked the Democratic National Committee’s servers, Mr. Dagon and Ms. Lorenzen began talking at a conference about whether such data might uncover other election-related hacking.

Ms. Lorenzen eventually noticed an odd pattern: a server called mail1.trump-email.com appeared to be communicating almost exclusively with servers at Alfa Bank and Spectrum Health. She shared her findings with Mr. Dagon, the people said, and they both discussed it with Mr. Joffe.

I noted that Durham had left out all mention of the WikiLeaks release and Trump’s invitation to Russia to keep hacking his opponent.

It appears (though Durham obscures this point) that all the actions laid out in this indictment post-date the press conference. Virtually everyone in the US committed to ensuring America’s national security was alarmed by Trump’s comments in this press conference. Yet Durham doesn’t acknowledge that all these actions took place in the wake of public comments that made it reasonable for those committed to cybersecurity to treat Donald Trump as a national security threat, irrespective of partisan affiliation.

Durham will work hard to exclude detail of Trump’s press conference from trial. But I assume that if any of the named subjects of this investigation were to take the stand at trial, they would point out that it was objectively reasonable after July 27 to have national security concerns based on Trump’s encouragement of Russia’s attack on Hillary Clinton and his defensive denials of any business ties. Any of the named subjects of the indictment would be able to make a strong case that there was reason to want to, as a matter of national security, test Trump’s claim to have no financial ties to Russia. Indeed, the bipartisan SSCI Report concluded that Trump posed multiple counterintelligence concerns, and therefore has concluded that Durham’s portrayal of politics as the only potential motive here to be false.

Central to Durham’s theory of prosecution is that there was no sound national security basis to respond to anomalous forensic data suggesting a possible financial tie between Trump and Russia. Except that, after that July 27 speech — and all of these events appear to post-date it — that theory is unsustainable.

NYT reveals that when Dagon shared the data with Joffe on July 29, he did so in the context of those two events.

“Half the time I stop myself and wonder: am I really seeing evidence of espionage on behalf of a presidential candidate?” Mr. Dagon wrote in an email to Mr. Joffe on July 29, after WikiLeaks made public stolen Democratic emails timed to disrupt the party’s convention and Mr. Trump urged Russia to hack Mrs. Clinton.

I noted that Durham was probably wrong to believe that an August discussion about whether the data could have been spoofed was inculpatory.

Still others (such as the recognition that this could be spoofed data) will almost certainly end up being presented as exculpatory if this ever goes to trial, but Durham seems to think is inculpatory.

NYT describes that a later discussion doubted that the data could have been spoofed.

The indictment quotes August emails from Ms. Lorenzen and Mr. Antonakakis worrying that they might not know if someone had faked the DNS data. But people familiar with the matter said the indictment omitted later discussion of reasons to doubt any attempt to spoof the overall pattern could go undetected.

I noted that Durham attributed the view that the DNS traffic was a “red herring” to everyone involved, including Sussmann, even though Sussmann appears not to have been on the email.

In one place, Durham describes “aforementioned views,” plural, that the Alfa Bank data was a “red herring,” something only attributed to TE-1 in the indictment, seemingly presenting TE-1’s stated view on August 21 to everyone involved, including Sussmann, who does not appear to have been on that email chain.

NYT describes that after that, Joffe came to discount the marketing server explanation.

Mr. Tyrrell, his lawyer, said that research in the weeks that followed, omitted by the indictment, had yielded evidence that the specific subsidiary server in apparent contact with Alfa Bank had not been used to send bulk marketing emails. That further discussion, he said, changed his client’s mind about whether it was a red herring.

“The quotation of the ‘red herring’ email is deeply misleading,” he said, adding: “The research process is iterative and this is exactly how it should work. Their efforts culminated in the well-supported conclusions that were ultimately delivered to the F.B.I.”

It also explains that in context, Joffe referenced a June article describing Trump’s interest in a Trump Tower Moscow.

The indictment says Mr. Joffe sent an email on Aug. 21 urging more research about Mr. Trump, which he stated could “give the base of a very useful narrative,” while also expressing a belief that the Trump server at issue was “a red herring” and they should ignore it because it had been used by the mass-marketing company.

The full email provides context: Mr. Trump had claimed he had no dealings in Russia and yet many links appeared to exist, Mr. Joffe noted, citing an article that discussed aspirations to build a Trump Tower in Moscow. Despite the “red herring” line, the same email also showed that Mr. Joffe nevertheless remained suspicious about Alfa Bank, proposing a deeper hunt in the data “for the anomalies that we believe exist.”

He wrote: “If we can show possible email communication between” any Trump server and an Alfa Bank server “that has occurred in the last few weeks, we have the beginning of a narrative,” adding that such communications with any “Russian or Ukrainian financial institutions would give the base of a very useful narrative.”

In my post, I noted that Durham neglected to describe that the researchers turned out to correctly suspect Trump was hiding efforts to broker a Trump Tower deal.

According to Michael Cohen, when Trump walked off the stage from that July 27 press conference, Cohen asked Trump why he had claimed that he had zero business ties with Russia when he had in fact been pursuing an impossibly lucrative deal to brand a Trump Tower in Moscow. And we now know that within hours of Trump’s request, GRU hackers made a renewed assault on Hillary’s own servers. By the time security researchers pursued anomalous data suggesting covert communications with a Russian bank, Cohen had already participated in discussions about working with two sanctioned Russian banks to fund the Trump Tower deal, had agreed to work with a former GRU officer to broker it, had spoken to an aide of Dmitry Peskov, and had been told that Putin was personally involved in making the deal happen. Just on the Trump Tower basis alone, Trump had publicly lied in such a way that posed a counterintelligence risk to America.

In my post, I noted that Durham downplayed that, when Joffe asked the researchers if the paper Sussmann wrote was plausible, they said it was.

On September 14, TE-1 [not Sussmann] sent the white paper he had drafted to Researcher 1, Researcher 2, and Tea Leaves to ask them if a review of less than an hour would show this to be plausible. Though some of them noted how limited the standard of “plausibility” was, they agreed it was plausible, and Researcher 2 said [Durham does not quote the specific language here] “the paper should be shared with government officials.”

NYT describes that Durham misrepresented the enthusiasm with which Lorenzen “wholeheartedly” expressed her belief the explanation was plausible.

The indictment also quoted from emails in mid-September, when the researchers were discussing a paper on their suspicions that Mr. Sussmann would soon take to the F.B.I. It says Mr. Joffe asked if the paper’s hypothesis would strike security experts as a “plausible explanation.”

The paper’s conclusion was somewhat qualified, an email shows, saying “there were other possible explanations,” but the only “plausible” one was that Alfa Bank and the Trump Organization had taken steps “to obfuscate their communications.”

The indictment suggested Ms. Lorenzen’s reaction to the paper was guarded, describing an email from her as “stating, in part, that it was ‘plausible’ in the ‘narrow scope’ defined by” Mr. Joffe. But the text of her email displays enthusiasm.

“In the narrow scope of what you have defined above, I agree wholeheartedly that it is plausible,” she wrote, adding: “If the white paper intends to say that there are communications between at least Alfa and Trump, which are being intentionally hidden by Alfa and Trump I absolutely believe that is the case,” her email said.

NYT shows several more ways that Durham utterly misrepresented how seriously the researchers took this thesis.

The indictment cited emails by Mr. Antonakakis in August in which he flagged holes and noted they disliked Mr. Trump, and in September in which he approvingly noted that the paper did not get into a technical issue that specialists would raise.

Mr. Antonakakis’ lawyer, Mark E. Schamel, said his client had provided “feedback on an early draft of data that was cause for additional investigation.” And, he said, their hypothesis “to this day, remains a plausible working theory.”

The indictment also suggests Mr. Dagon’s support for the paper’s hypothesis was qualified, describing his email response as “acknowledging that questions remained, but stating, in substance and in part, that the paper should be shared with government officials.”

The text of that email shows Mr. Dagon was forcefully supportive. He proposed editing the paper to declare as “fact” that it was clear “that there are hidden communications between Trump and Alfa Bank,” and said he believed the findings met the probable cause standard to open a criminal investigation.

“Hopefully the intended audience are officials with subpoena powers, who can investigate the purpose” of the apparent Alfa Bank connection, Mr. Dagon wrote.

One of the first things Michael Sussmann is going to do after this story is request information on what the grand jury was told, including whether any of this was affirmatively misrepresented to the grand jury.

The sheer amount of communications that, in days, these researchers have been able to prove were misrepresented, too, suggests DOJ has cause to review whether Durham misrepresented the substance of this indictment to those who approved it, up to and including Merrick Garland.

John Durham says it is a crime to lie about these researchers in an effort to launch an investigation. And yet, the available evidence suggests he did just that.

Update: To be clear, he can’t be prosecuted for any of this. Prosecutors have expansive immunity for such things.

If the Steele Dossier Is Disinformation, Republicans Have Become Willful Participants in the Operation

I was among the first people to argue that the Steele dossier had been planted either partially or predominantly with Russian disinformation.

Republicans never consider the implications if the Steele dossier is disinformation

I first suggested the dossier reflected a feedback loop — magnifying both the Alfa Bank and the Michael Cohen allegations — in March 2017 (there’s increasing evidence the Alfa Bank story was disinformation, too, which I’ve also argued). In November 2017, I showed evidence suggesting the Democrats were complacent in response to their discovery of the hack in May and June 2016, in part because the dossier falsely led them to believe that the Russians hadn’t accomplished such hacks and that the kompromat Russians had on Hillary consisted of old FSB intercepts of her, not newly stolen emails. In January 2018, I showed how the dossier would be useful to Russia, partly to thwart and partly to discredit the investigation into their operation. In August 2018, I laid out six specific false claims made in the dossier that would have led Democrats or the FBI to take action counter to their own interests:

  • Russians hadn’t had success hacking targets like Hillary
  • Russians were planning to leak dated FSB intercepts rather than recent stolen emails
  • Misattribution of both what the social media campaign included and who did it, blaming Webzilla rather than Internet Research Agency
  • Carter Page, not George Papadopoulos or Roger Stone, was one key focus of Russian outreach
  • Russia had grown to regret the operation in August, when instead they were planning the next phase
  • Michael Cohen was covering up Trump’s funding of the hackers rather than Trump’s sexual scandals and an improbably lucrative business deal

Also in August 2018, I laid out the specific risk that Oleg Deripaska, who had influence over both Christopher Steele and Paul Manafort at the time, could have been manipulating both sides. In January, I wrote a much more detailed post that, in part, showed that that’s what Deripaska seems to have done. The post also showed how any disinformation in the dossier succeeded in confusing and discrediting the most experienced investigators into Russian organized crime (both Steele and at both DOJ and FBI), as well as harming Democrats.

Long after I started laying out the implications of the possibility that the dossier was disinformation, Republicans came to believe that was the case. Unsurprisingly, however, that’s all they’ve done, point to Russia’s success at feeding the FBI and Democrats disinformation (just as Russia got Don Jr, Roger Stone, and Mike Flynn to embrace and magnify other disinformation), as if that in some way uniquely damns Democrats. When, earlier this year, Chuck Grassley got footnotes declassified providing further evidence that the dossier was disinformation, Republicans just kept squawking that it was, without thinking through the implications of it.

Because Grassley and others raised the issue in the Rod Rosenstein hearing yesterday (and because I’m preparing a post on that hearing), I’m going back to look closely at three footnotes reflecting Russian knowledge of the dossier project. As with all my other posts criticizing the dossier, nothing here is meant to excuse the Democrats’ refusal to come clean on it, or the ham-handed way the project was managed in the first place. But the footnotes don’t actually say what the Republicans think they do, and in some ways they increase the import of Paul Manafort’s interactions with Deripaska during the campaign.

The three references to June 2017 reporting on mid-2016 knowledge of the dossier

There were actually three mentions of June 2017 reporting related to the Steele dossier. I’ve included the context from the IG Report and footnotes below, but summarized, they are:

  • Footnote 211: An intelligence report from June 2017 said someone associated with Oleg Deripaska was or may have been aware of Steele’s work by early July 2016.
  • Footnote 342: An early June 2017 USIC report said two people affiliated with Russian intelligence were aware of Steele’s work in “early 2016” (this is either a typo or inaccurate, as the earliest anyone could have known would have been May 2016, and more likely June 2016).
  • Footnote 347: The FBI received reporting in early June 2017 that must come from 702 coverage revealing a bunch of details about a sub-source, including that the person had contact with the Presidential Administration in June/July 2016 and that he or she was strongly pro-Hillary.

I’ve highlighted the temporal references in the longer passages below, to make this more clear, but it’s worth noting that all three of these references are to intelligence reports dated June 2017. Once you account for the error in footnote 342 (since Steele’s election reporting didn’t start until May 2016, awareness of it most post-date that), all three of the reports reflect some time to Steele’s project in roughly the same time frame: May to early July 2016.

So it’s possible that some if not all three of these reports are the same report. All the more so given that two key Deripaska deputies, Konstantin Kilimnik and Victor Boyarkin, have been publicly identified as having links to Russian intelligence.

The Mueller Report describes evidence–including but not limited to witness interviews–that Kilimnik has ties to GRU.

Manafort told the Office that he did not believe Kilimnik was working as a Russian “spy.”859 The FBI, however, assesses that Kilimnik has ties to Russian intelligence.860 Several pieces of the Office’s evidence-including witness interviews and emails obtained through court-authorized search warrants-support that assessment.

It makes no such claims about Boyarkin, though it does note that he served as defense attaché in the past, the kind of job often used for official cover. But when Treasury sanctioned Boyarkin in December 2018 along with all the people who implemented the Russian interference campaign in 2016, it identified Boyarkin as a former GRU officer.

Victor Alekseyevich Boyarkin (Boyarkin) is a former GRU officer who reports directly to Deripaska and has led business negotiations on Deripaska’s behalf.  Deripaska and Boyarkin were involved in providing Russian financial support to a Montenegrin political party ahead of Montenegro’s 2016 elections.  Boyarkin was designated pursuant to Executive Orders (E.O.) 13661 and 13662 for having acted or purported to act for or on behalf of, directly or indirectly, Oleg Deripaska, who was previously designated pursuant to E.O. 13661 for having acted or purported to act for or on behalf of a senior Russian government official, as well as pursuant to E.O. 13662 for operating in the energy sector of the Russian Federation economy, as well as with entities 50 percent or more owned by designated persons.

The government refers to both of these guys as GRU-linked publicly. So if either showed up in a classified intelligence report, that affiliation would likely be more explicit. Both Kilimnik and Boyarkin were the target of retroactive surveillance as part of the investigation in Paul Manafort. And because they were interacting with Manafort, it would be likely one or both of them would learn of any issues involving Manafort, like the dossier, if such information came to Deripaska. To be clear, it is speculation that one of these men was the person associated with Deripaska who got wind of the dossier, but the description would fit both, both were under surveillance, and both would have a reason to be informed of the dossier if feeding disinformation to it was part of a larger project.

If either of them were one of the people named in the intelligence reports, it would mean Deripaska’s actions towards Manafort during the election would have been conducted by someone who knew of the Steele dossier. It would also mean that Boyarkin’s outreach (via Kilimnik) to Manafort in July 2016 would have come just after (this intelligence report reflects) learning of the dossier.

For example, in response to a July 7, 2016, email from a Ukrainian reporter about Manafort’ s failed Deripaska-backed investment, Manafort asked Kilimnik whether there had been any movement on “this issue with our friend.”897 Gates stated that “our friend” likely referred to Deripaska,898 and Manafort told the Office that the “issue” (and “our biggest interest,” as stated below) was a solution to the Deripaska-Pericles issue.899 Kilimnik replied:

I am carefully optimistic on the question of our biggest interest.

Our friend [Boyarkin] said there is lately significantly more attention to the campaign in his boss’ [Deripaska’s] mind, and he will be most likely looking for ways to reach out to you pretty soon, understanding all the time sensitivity. I am more than sure that it will be resolved and we will get back to the original relationship with V. ‘s boss [Deripaska].900

Eight minutes later, Manafort replied that Kilimnik should tell Boyarkin’s “boss,” a reference to Deripaska, “that if he needs private briefings we can accommodate.”901

It would also mean that when Manafort traveled to Madrid in early January 2017 he may have learned whatever the Deripaska people knew of the disinformation effort.

Manafort’ s activities in early 2017 included meetings relating to Ukraine and Russia. The first meeting, which took place in Madrid, Spain in January 2017, was with Georgiy Oganov. Oganov, who had previously worked at the Russian Embassy in the United States, was a senior executive at a Deripaska company and was believed to report directly to Deripaska.940 Manafort initially denied attending the meeting. When he later acknowledged it, he claimed that the meeting had been arranged by his lawyers and concerned only the Pericles lawsuit.941 Other evidence, however, provides reason to doubt Manafort’s statement that the sole topic of the meeting was the Pericles lawsuit. In particular, text messages to Manafort from a number associated with Kilimnik suggest that Kilimnik and Boyarkin-not Manafort’s counsel-had arranged the meeting between Manafort and Oganov.942 Kilimnik’s message states that the meeting was supposed to be “not about money or Pericles” but instead “about recreating [the] old friendship”-ostensibly between Manafort and Deripaska-“and talking about global politics.”943

According to an old Ken Vogel story, Manafort called Reince Priebus the day the dossier came out — at a time when he’d still be in Madrid with Oganov (he returned on January 12) and suggested he discredit the Russian investigation by focusing on the Steele dossier.

It was about a week before Trump’s inauguration, and Manafort wanted to brief Trump’s team on alleged inaccuracies in a recently released dossier of memos written by a former British spy for Trump’s opponents that alleged compromising ties among Russia, Trump and Trump’s associates, including Manafort.

“On the day that the dossier came out in the press, Paul called Reince, as a responsible ally of the president would do, and said this story about me is garbage, and a bunch of the other stuff in there seems implausible,” said a personclose to Manafort.

[snip]

According to a GOP operative familiar with Manafort’s conversation with Priebus, Manafort suggested the errors in the dossier discredited it, as well as the FBI investigation, since the bureau had reached a tentative (but later aborted) agreement to pay the former British spy to continue his research and had briefed both Trump and then-President Barack Obama on the dossier.

Manafort told Priebus that the dossier was tainted by inaccuracies and by the motivations of the people who initiated it, whom he alleged were Democratic activists and donors working in cahoots with Ukrainian government officials, according to the operative.

This would have been one of the few communications Manafort had with anyone in the Trump Administration (per court records, he had no direct communication after the inauguration, though he did use Sean Hannity as a back channel after that).

From that Manafort call to the present, the push to discredit the Russian investigation by treating the dossier as the Russian investigation and discrediting the former by unpacking the (admitted, egregious) problems in the latter has been the primary response to the Russian investigation. If Manafort was tipped to the fact that the dossier was full of baseless allegations because the Russians had put them there, it would mean the entire GOP effort since has been one of the intended goals of the disinformation.

Again, this rests on speculation, but if, in fact, Manafort’s interlocutors were the people identified as those who learned of the dossier, then everything the Republicans have been doing since would be part of that disinformation campaign.

210 and 211: Deripaska’s contemporaneous knowledge of the Steele dossier

Ohr told the OIG that, based on information that Steele told him about Russian Oligarch 1, such as when Russian Oligarch 1 would be visiting the United States or applying for a visa, and based on Steele at times seeming to be speaking on Russian Oligarch l’s behalf, Ohr said he had the impression that Russian Oligarch 1 was a client of Steele. 210 We asked Steele about whether he had a relationship with Russian Oligarch 1. Steele stated that he did not have a relationship and indicated that he had met Russian Oligarch 1 one time. He explained that he worked for Russian Oligarch l’s attorney on litigation matters that involved Russian Oligarch 1 but that he could not provide “specifics” about them for confidentiality reasons. Steele stated that Russian Oligarch 1 had no influence on the substance of his election reporting and no contact with any of his sources. He also stated that he was not aware of any information indicating that Russian Oligarch 1 knew of his investigation relating to the 2016 U.S. elections. 211

210 As we discuss in Chapter Six, members of the Crossfire Hurricane team were unaware of Steele’s connections to Russian Oligarch 1. [redacted]

211 Sensitive source reporting from June 2017 indicated that a [person affiliated] to Russian Oligarch 1 was [possibly aware] of Steele’s election investigation as of early July 2016.

342: On top of disinformation, FBI believed both Steele and his sources may have been boasting

According to the Supervisory Intel Analyst, the cause for the discrepancies between the election reporting and explanations later provided to the FBI by Steele’s Primary Sub-source and sub-sources about the reporting was difficult to discern and could be attributed to a number of factors. These included miscommunications between Steele and the Primary Sub-source, exaggerations or misrepresentations by Steele about the information he obtained, or misrepresentations by the Primary Sub-source and/or sub-sources when questioned by the FBI about the information they conveyed to Steele or the Primary Sub-source. 342

342 In late January 2017, a member of the Crossfire Hurricane team received information [redacted] that RIS [may have targeted Orbis; redacted] and research all publicly available information about it. [redacted] However, an early June 2017 USIC report indicated that two persons affiliated with RIS were aware of Steele’s election investigation in early 2016. The Supervisory Intel Analyst told us he was aware of these reports, but that he had no information as of June 2017 that Steele’s election reporting source network had been penetrated or compromised.

347: FBI used 702 collection to test Steele’s sub-sources

FBI documents reflect that another of Steele’s sub-sources who reviewed the election reporting told the FBI in August 2017 that whatever information in the Steele reports that was attributable to him/her had been “exaggerated” and that he/she did not recognize anything as originating specifically from him/her. 347

347 The FBI [received information in early June 2017 which revealed that, among other things, there were [redacted]] personal and business ties between the sub-source and Steele’s Primary Sub-source; contacts between the sub-source and an individual in the Russian Presidential Administration in June/July 2016[redacted] and the sub‐source voicing strong support for candidate Clinton in the 2016 U.S. elections. The Supervisory Intel Analyst told us that the FBI did not have Section 702 coverage on any other Steele sub‐source.

The Ohr 302 Exemptions

As I noted yesterday, the FD-302s of FBI’s conversations with Bruce Ohr released to Judicial Watch the other day are unremarkable. The scope of Judicial Watch’s request left out the time periods — before Ohr was handed off to another FBI Agent after the election, and after Mueller was hired — that would be the most interesting. But what we do see shows that FBI first reached out to Ohr in an effort to assess the Steele dossier production, and Ohr was able and willing to chase down answers for the FBI that go to issues of credibility. Later, Steele reached out to Ohr in a panic about what would happen as Congress scrutinized his work more closely; in what we see, those conversations were not inappropriate (which is not to say I’m sympathetic to Steele’s concerns, given how he publicized his work). Though given Ohr’s notes, they may have been later in the year; at a minimum, they show how aggressively Steele was trying to prepare a public story that ended up being quite partial.

In my opinion, the FOIA exemptions are the most interesting aspect to the 302s. We can learn a bit from the things DOJ chose (or felt obligated) to protect. Here’s a short guide to FOIA exemptions and here’s DOJ’s more thorough one.

The less interesting redactions are for the following purposes:

  • b7C/b6: Protects privacy, used here to protect everything from Steele’s name to other sources
  • b7D: Protects confidential sources (both Steele and his sub-sources would get some protection)
  • b7E: Protects law enforcement techniques, including the bureaucracy of writing up 302s

The exemption, b3, protects information protected by statute, often the National Security Act. For example, that’s one of the exemptions (along with privacy and law enforcement technique exemptions) used to protect boring bureaucratic details about the case file. But it’s interesting in one instance.

The discussions, starting on PDF 14, of how Steele was panicking about one of his sources are protected for privacy, source, and b3, statute (as well as, sometimes, law enforcement technique).

That’s interesting, because FBI is not saying this person’s identity is classified. Nor is it saying that this person is credibly at risk of being killed, which would be a b7F (which is what they’d use to protect our own recruited agents). But they are according Steele’s source some kind of statutory protection.

The exemption, b1, protects classified information. It’s a measure, in these discussions about someone who used to work as an intelligence officer for an ally and who continues to collect HUMINT, of what the DOJ or other agencies considers genuinely classified (and doesn’t always line up with the initial or FOIA review classification marks on the paragraphs). For example, a paragraph describing how Ohr first met Steele — which appears in unredacted form in Ohr’s congressional testimony as follows — is protected by both a b3 and b1 exemption, presumably to protect references to MI6.

I believe I met Chris Steele for the first time around 2007. That was an official meeting. At that time, he was still employed by the British Government. I went to London to talk with British Government officials about Russian organized crime and what they were doing to look at the threat, and the FBI office at the U.S. Embassy in London set up a meeting. That was with Chris Steele. And there were other members of different British Government agencies there. And we met and had a discussion. And afterwards, I believe the agent and I spoke with Chris Steele further over lunch.

A more interesting redaction appears on PDF 8, in a series of paragraphs where the Agent was asking Ohr whether about his personal knowledge of certain aspects of Steele’s work, such as whether he had witnessed Steele’s meetings with Jon Winer. One of those paragraphs is redacted, in part for b3 and b1 reasons, and classified Secret. Whatever that protects, it’s a reminder that Ohr and Steele had real discussions about organized crime in the past.

By far the most interesting exemptions, however, are what FBI has chosen to protect because of ongoing investigations, exemption b7A, starting with what they have not protected: these conversations, generally.

The frothy right believes that Bruce Ohr should go to prison because he shared information about suspected Russian crimes with other experts in the subject. Ohr’s role in the dossier has presumably been under scrutiny for some time as part of DOJ IG’s investigation into the basis for Carter Page’s FISA application. In addition, Christopher Steele and Glenn Simpson have both been referred to DOJ for suspected lies to Congress, the latter more credibly than the former. With one significant possible exception, there’s nothing in these 302s that has been protected for either of those reasons. Ohr’s earlier and later conversations with Steele would be more pertinent to those inquiries (and there’s reason to believe the later ones are being treated as such), but some of these 302s would clearly be too. But FBI has determined they can release these files. That’s interesting, especially, because of the history of this FOIA:

  • August 6, 2018: Initial Judicial Watch FOIA
  • September 10, 2018: JW sues
  • March 15, 2019: DOJ tells JW the files are being withheld in full
  • March 22, 2019: Conclusion of Mueller investigation
  • April 1, 2019: Status report states that FBI is evaluating impact of conclusion of that investigation on FOIA
  • May 8, 2019: DOJ still considering whether FBI can release the files
  • July 25, 2019: DOJ decides it can release the files in part

As recently as August 5, DOJ said it was “still engaged in internal discussions about the redactions necessary to release the requested records to the public.” In other words, a very recent review of these files has determined that files showing how FBI handled the mid-term discussions between Christopher Steele and Bruce Ohr may be released to the public.

The big possible exception pertains to details of the original conversation on Trump and Russia with Steele.

Steele’s initial conversation

The paragraph describing what Steele first told Ohr back on July 30, 2016 is redacted for b1, b3, and b7A reasons.

The redactions in this passage include the entirety of Steele’s explanation for the “over a barrel” comment, which is interesting because other agencies have released these details (which may name the people boasting they had kompromat on Trump). The paragraph also redacts part of the discussion of Deripaska preparing to bring details on Paul Manafort’s “theft” from him to US authorities. That may be for privacy reasons,  but — assuming the order is the same in the interview and the notes, but it seems Ohr was reading verbatim — both are redacted for ongoing investigation reasons in Ohr’s notes released in December.

If, as seems to be the case, Page was not redacted as part of an ongoing investigation in either of these suggests the early Ohr conversation is not one being scrutinized by DOJ IG on the FISA application (especially given the notes were released in December, well before the IG had come close to finishing, as has been reported).

Note, Ohr turned over notes from during and after the meeting with Steele to the Agent. Just these notes were released in December, meaning the notes he wrote after the meeting must be among the 6 pages of Ohr’s notes withheld in that December release, in part to protect an ongoing investigation (that could be consistent both with the known DOJ IG investigation into the origins of the investigation, and an investigation into those two allegations).

One other thing in that first interview pertains, per the redaction to an ongoing investigation: a discussion of a post-Ukrainian invasion meeting involving Ohr, Steele, and oligarchs (possibly, though not definitely, Russian).

 

The description seems to match a meeting Steele is known to have set up with Deripaska (though that meeting was in 2015).

Oleg Deripaska

The treatment of one known Deripaska reference and this reference to cultivating oligarchs as sources (earlier in 2016, Steele had been trying to get DOJ to use Deripaska as a source) is particularly interesting given that, what appear to be additional Deripaska references, are also redacted to protect an ongoing investigation.

A significant chunk of the 302 memorializing the February 6, 2017 interview protects an ongoing investigation.

There are good reasons to think this is a reference to Deripaska. Steele worked for Deripaska lawyer Paul Hauser, and Deripaska was interviewed in September 2016. Deripaska would be directly implicated in the election (two months after this interview, Deripaska was sanctioned).

This may reflect a conversation directly with Hauser though, as the Steele reference in this interview was covered in entirely in a WhatsApp chat. Given the redaction, it’s also possible that Ohr took notes, which would be among the 6 pages not turned over because of an ongoing investigation.

And while less definitive, this passage from the February 14 interview of Steele referring to which lawyers he was working for could also be the Hauser work.

Given the withholdings on Ohr’s note from the meeting, the ongoing investigation does pertain to Steele’s client.

If it is Deripaska, it would suggest that Steele was financially dependent on his Deripaska work, as the other client mentioned, Bilfinger, wasn’t paying him (which he complained about to Ohr).

[Note, this note also has what looks like a reference to “Snowden report,” which makes absolutely no sense to me, so I assume I’m misreading it.] Update: This is likely a reference to the report, from the day before, that Russia was offering Snowden to Trump.

It has long been troubling that Steele had an ongoing relationship with Deripaska during the time he worked on the dossier. It’s clear that Deripaska used Steele to misinform DOJ that he was upping the pressure on Manafort, hiding that Manafort was instead making a desperate — and somewhat successful bid — to get back on Deripaska’s payroll.

A good deal of the ongoing investigation redactions in these Ohr 302s suggest DOJ continues to be interested in all that, as well.

Alfa Bank

The other ongoing investigation redactions are far more surprising, as they suggest (though this is far less definitive than the Deripaska tie) that DOJ may continue to investigate … something pertaining to the Alfa Bank allegations.

The initial reference to Alfa Bank, from the November 22, 2016 interview and discussing his September 2016 meeting with Glenn Simpson, is not protected as part of an ongoing investigation — though what appears to be a continuation of a discussion of it is treated as classified.

But a follow-up reference to Alfa bank does seem to be redacted as part of an ongoing investigation. These two paragraphs from the December 12, 2016 interview of Ohr, at PDF 11, have just one exemption explanation, including the b7A ongoing investigation one.

It’s certainly possible that the second paragraph is unrelated, and that’s what pertains to the ongoing investigation. But treating them as the same FOIA exemptions suggests they’re related.

In the same interview, Ohr explained that when he asked Simpson if he was concerned about his personal safety, Simpson,

mentioned that someone called and asked him to find out where all of the Alfa Bank stories were coming from. Simpson did not state this was a threat from the Russians, but that was the impression made upon OHR based upon the timing of the comment and using that story as a response to OHR’s question.

This seems to suggest more than one Alfa Bank story.

Also note two things. First, when the NYT first got the story of Jared Kushner’s “back channel” meeting with Sergey Gorkov, they had it as a meeting with Alfa Bank (though they misspelled it in the same way that Steele’s dossier did). That meeting would take place four days after Simpson raised whatever crazy tip he got, on December 13.

Kushner agreed to meet with Gorkov. 1151 The one-on-one meeting took place the next day, December 13, 2016, at the Colony Capital building in Manhattan, where Kushner had previously scheduled meetings. 1152

Also, during this period, Petr Aven was trying to reach out to Trump’s people on direct orders from Putin.

In December 2016, weeks after the one-on-one meeting with Putin described in Volume I, Section IV.B.1.b, supra, Petr Aven attended what he described as a separate “all-hands” oligarch meeting between Putin and Russia’s most prominent businessmen. 1167 As in Aven’s one-on-one meeting, a main topic of discussion at the oligarch meeting in December 2016 was the prospect of forthcoming U.S. economic sanctions. 1168

After the December 2016 all-hands meeting, Aven tried to establish a connection to the Trump team. Aven instructed Richard Burt to make contact with the incoming Trump Administration

It’s highly unlikely that Simpson got wind of any of those things; we would have heard about it. I raise these other instances not because I think Simpson had them, but because it’s clear Mueller chased these Alfa leads much further than we otherwise knew, and the leads themselves still seem not to have amounted to anything (even while showing that Putin leveraged the threat of election-related sanctions on the one bank that was legally acceptable in the west at the time, Alfa, to get its oligarch to join his efforts to cultivate Trump).

These Alfa allegations all still seem to be fluff. But even so, the redactions in the second reference may suggest there’s something here of continued interest to the FBI.

Update: I’ve taken out Bill Priestap’s name, as that was incorrect reporting when this came out.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Alfa-Trump Redux: Full Spectrum Circumstance

The Trump Tower – Alfa Bank story is back!

Back in October 2016, Franklin Foer wrote about some metadata analysis showing that a marketing server paid for by Trump Organization was messaging with a server at Russia’s Alfa Bank. The story, as Foer presented it, was quickly challenged. I myself focused on a side angle to the story: that in addition to communications with Alfa Bank, the Trump marketing server was also communicating with Grand Rapids’ Spectrum Health, which (the original public pitch of the story suggested) might show a tie between the DeVos family — or maybe Erik Prince — and Trump. From the vantage of October 2016, that didn’t make sense, as the DeVoses (as distinct from Betsy’s brother Erik) were actually remarkably hesitant to support Trump until after the DNS lookups ended.

Dexter Filkins has now reexamined the story. It concludes — via a proliferating set of academics and cybersecurity experts departing from the norm in both those fields and insisting on hiding their identities — that there must be some kind of communication going on.

(Max and his colleagues did not see any D.N.S. evidence that the Trump Organization was attempting to access the server; they speculated that the organization was using a virtual private network, or V.P.N., a common security measure that obscures users’ digital footprints.)

If this was a communications mechanism, it appeared to have been relatively simple, suggesting that it had been set up spontaneously and refined over time. Because the Trump Organization did not have administrative control of the server, Paul and Leto theorized that any such system would have incorporated software that one of the parties was already using. “The likely scenario is not that the people using the server were incredibly sophisticated networking geniuses doing something obscure and special,” Max said. “The likely scenario is that they adapted a server and vender already available to them, which they felt was away from prying eyes.” Leto told me that he envisioned “something like a bulletin-board system.” Or it could have been an instant-messaging system that was part of software already in use on the server.

Kramer, of Listrak, insisted that his company’s servers were used exclusively for mass marketing. “We only do one thing here,” he told me. But Listrak’s services can be integrated with numerous Cendyn software packages, some of which allow instant messaging. One possibility is Metron, used to manage events at hotels. In fact, the Trump Organization’s October, 2016, statement, blaming the unusual traffic on a “banking customer” of Cendyn, suggested that the communications had gone through Metron, which supports both messaging and e-mail.

The parties might also have been using Webmail—e-mail that leaves few digital traces, other than D.N.S. lookups. Or, Paul and Leto said, they could have been communicating through software used to compose marketing e-mails. They might have used a method called foldering, in which messages are written but not sent; instead, they are saved in a drafts folder, where an accomplice who also has access to the account can read them. “This is a very common way for people to communicate with each other who don’t want to be detected,” Leto told me.

I hope to return to some of the moves Filkins makes in his story generally after I come home from this trip. But for now, I just want to look at how Filkins deals with the Spectrum Health tie, which Filkins focuses on even more than Foer. Here’s how he introduces the connection:

Only one other entity seemed to be reaching out to the Trump Organization’s domain with any frequency: Spectrum Health, of Grand Rapids, Michigan. Spectrum Health is closely linked to the DeVos family; Richard DeVos, Jr., is the chairman of the board, and one of its hospitals is named after his mother. His wife, Betsy DeVos, was appointed Secretary of Education by Donald Trump. Her brother, Erik Prince, is a Trump associate who has attracted the scrutiny of Robert Mueller, the special counsel investigating Trump’s ties to Russia. Mueller has been looking into Prince’s meeting, following the election, with a Russian official in the Seychelles, at which he reportedly discussed setting up a back channel between Trump and the Russian President, Vladimir Putin. (Prince maintains that the meeting was “incidental.”) In the summer of 2016, Max and the others weren’t aware of any of this. “We didn’t know who DeVos was,” Max said.

This is a remarkable paragraph, repeating a lot of the shitty link analysis that people always do when they try to explain the Spectrum tie. In it, a children’s hospital named after Dick DeVos’ mother is the smoking gun in an international spy plot. Then, having utterly ignored the status of the relationship between the DeVoses and Trump at the time of the DNS lookups, Filkins looks at what has happened since: the appointment of close Mike Pence ally and leading GOP education ideologue Betsy to be Education Secretary, and Erik Prince’s covert meeting with an entirely different — and far more suspect — bank, using means that are precisely the kinds of means you’d expect Erik Prince to use (and not using the network of a hospital that his brother-in-law chairs but doesn’t run, because why the fuck would a Navy Seal use more covert methods that Navy Seals know well instead of using a server with an easily subpoenaed footprint in the US??).

The paragraph misses some other details of note. For example, after Dick got on a commercial puddle jumper to fly to interview with Trump, he was appointed to the FAA Advisory Board, another position for which he is an obvious and arguably well-qualified pick. It also doesn’t note that Prince — who is a separate political entity from his sister and brother-in-law — was threatening anti-Trump Republicans both before and after the election, something that might support this theory except for all the other more obvious ways Prince accomplished such efforts.

Which is to say that, while the piece acknowledges that to conclude the Trump – Alfa Bank records are suspect, you also have to explain why the Spectrum ones would be, it does no reporting to discern why that would be the case.

Later in the piece, after trying to explain DNC lookups involving a third entity that had previously only been alluded to (and only alluded to because without explanation, it would have and did problematize past claims), Filkins strains further to suggest the ties between Spectrum and Trump have been proven by events that have taken place since.

In one tranche of data that he gave them, they noticed that a third entity, in addition to Alfa Bank and Spectrum Health, had been looking up the Trump domain: Heartland Payment Systems, a payments processor based in Princeton. Of the thirty-five hundred D.N.S. queries seen for the Trump domain, Heartland made only seventy-six—but no other visible entity made more than two. Heartland had a link to Alfa Bank, but a tenuous one. It had recently been acquired by Global Payments, which, in 2009, had paid seventy-five million dollars for United Card Services, Russia’s leading credit-card-processing company; two years later, United Card Services bought Alfa Bank’s credit-card-processing unit. (A spokesperson for Global Payments said that her company had never had any relationship with the Trump Organization or with Alfa Bank, and that its U.S. and Russia operations functioned entirely independently.)

Spectrum Health has a similarly indirect business tie to Alfa Bank. Richard DeVos’ father co-founded Amway, and his brother, Doug, has served as the company’s president since 2002. In 2014, Amway joined with Alfa Bank to create an “Alfa-Amway” loyalty-card program in Russia. But such connections are circumstantial at best; the DeVos family seems far more clearly linked to Trump than to Russia.

It’s this sentence — “the DeVos family seems far more clearly linked to Trump than to Russia” — that exemplifies this story, and its epistemology, for me. It treats the DeVos family — Dick, his wife Betsy Prince DeVos, his brother Doug, his charitable mother Helen, and his brother-in-law Erik Prince, to say nothing of the hospital administrators that actually run Spectrum — as a monolith they’re simply not, reads their current varied relationships with Trump back into a history where only Erik’s relationship resembled his current one, and then concludes that a link with Dick through Helen-Betsy-Erik is all you need to explain why these presumed conspirators would use a hospital rather than any of the many entities the DeVoses privately hold (and therefore more directly manage) or the Prince entities that already have built-in covert channels with a proven past ability to reach out to oligarchs discretely.

I mean, I absolutely think there’s a place for more journalism on what Erik was doing during the election, his role as a cut-out to Trump, and how he has helped to discipline the Republican party since. Or, if you want to pursue some theory of nefarious plot explaining how the originally reluctant DeVoses came to become close Trump associates, you’d explore far more about Mike Pence’s obvious role in it all (to say nothing of Pence’s frequent meetings with the DeVoses since), something Jean Camp is well situated to do from Indiana.

But one thing any such journalism would show is that Prince has the ability to conduct convert communications via much more effective channels, and Betsy and Dick DeVos have the network to achieve their political goals via means that don’t require hijacking a hospital server they don’t directly control.

Meanwhile, the story doesn’t explore the tangential role of Alfa Bank, via Alex van der Zwaan, in the Skadden Arps part of the Paul Manafort story, and doesn’t explain that any focus on Alfa Bank prior to Trump’s inauguration might have distracted from the sanctioned Russian banks that, at least as far as is currently known, are the actual key players in the Trump Russia story. It also doesn’t explain that key events in any conspiracy between Trump and Russia were communicated via insecure Trump Organization hosted email, often (in Manafort’s case, for long after he had been indicted) backed up to the iCloud.

This Trump Tower – Alfa Bank story continues to spin journalists, not to mention academics and infosec experts, into uncharacteristic habits that don’t appear to be leading to any real clarity about the topic at hand.

With the Upcoming Concord Consulting Not Guilty Plea, Russians Continue to Win the Lawfare Hockey Title

Last year, I observed how effective the mostly-Russian (with some assistance from Republicans) lawfare surrounding the Steele dossier had been. Between the Webzilla and Alfa Bank suits against Steele dossier actors (the latter advised by top Republican lawyers at Kirkland & Ellis), they forced out information that would embarrass Democrats and assist Republican efforts to undermine the Russian investigation. Further, the many suits were far more costly than the initial oppo research had been.

As a number of outlets have observed, one of the firms named in the Internet Research Agency indictment, Concord Management and Consulting, is waging similar lawfare in response to that indictment.

Concord is the firm of Yevgeniy Prigozhin, often called Putin’s chef because he’s gotten rich of catering contracts. The indictment claims Concord provided the bulk of the funding for the IRA. It further alleges Concord funds disinformation campaigns not just targeting America, but targeting other countries and domestic Russian audiences.

Beginning as early as 2014, Defendant ORGANIZATION began operations to interfere with the U.S. political system, including the 2016 U.S. presidential election. Defendant ORGANIZATION received funding for its operations from Defendant YEVGENIY VIKTOROVICH PRIGOZHIN and companies he controlled, including Defendants CONCORD MANAGEMENT AND CONSULTING LLC and CONCORD CATERING (collectively “CONCORD”). Defendants CONCORD and PRIGOZHIN spent significant funds to further the ORGANIZATION’s operations and to pay the remaining Defendants, along with other uncharged ORGANIZATION employees, salaries and bonuses for their work at the ORGANIZATION.

[snip]

Defendants CONCORD MANAGEMENT AND CONSULTING LLC (Конкорд Менеджмент и Консалтинг) and CONCORD CATERING are related Russian entities with various Russian government contracts. CONCORD was the ORGANIZATION’s primary source of funding for its interference operations. CONCORD controlled funding, recommended personnel, and oversaw ORGANIZATION activities through reporting and interaction with ORGANIZATION management.

CONCORD funded the ORGANIZATION as part of a larger CONCORD-funded interference operation that it referred to as “Project Lakhta.” Project Lakhta had multiple components, some involving domestic audiences within the Russian Federation and others targeting foreign audiences in various countries, including the United States.

Among the details in the indictment that would require the most SIGINT (as distinct from cooperation from Facebook and domestic forensics analysis) is a paragraph describing the funding behind the operation.

To conceal its involvement, CONCORD labeled the monies paid to the ORGANIZATION for Project Lakhta as payments related to software support and development. To further conceal the source of funds, CONCORD distributed monies to the ORGANIZATION through approximately fourteen bank accounts held in the names of CONCORD affiliates, including Glavnaya Liniya LLC, Merkuriy LLC, Obshchepit LLC, Potentsial LLC, RSP LLC, ASP LLC, MTTs LLC, Kompleksservis LLC, SPb Kulinariya LLC, Almira LLC, Pishchevik LLC, Galant LLC, Rayteks LLC, and Standart LLC.

Presumably, the Mueller team named Concord and Prigozhin because doing so would support sanctions against him and his companies (indeed, Prigozhin was added to sanctions back in March). But it was also a way to put the operation within the immediate vicinity of Putin and tie it to the patronage that he uses to stay in power.

But then the corporate person of Concord Consulting unexpectedly started to contest the charges. On April 11, two lawyers from Reed Smith filed an attorney appearance for the firm. That same day, the lawyers sent Mueller’s team two letters, one asking for a Bill of Particulars and the other an expansive discovery request. Mueller’s team (having previously tried to serve Concord via the Russian government) then sent a letter to the lawyers, asking for confirmation they can receive summons for their client, which the lawyers returned it 10 days later, saying it violated Federal Rules of Criminal Procedure. The government, based on the returned summons, asked for a continuance to make sure that summons had been accepted.

Acceptance of service is ordinarily an indispensable precondition providing assurance that a defendant will submit to the jurisdiction of the court, obey its orders, and comply with any judgment. Here, proper service is disputed. It would not be an efficient use of resources to conduct proceedings against Concord clouded by the question whether Concord has been properly served. And as mentioned above, that is particularly true given the sensitive intelligence gathering, national security, and foreign affairs issues presented by defense counsel’s initial requests.

Concord’s lawyers responded by arguing the Special Counsel was ignoring local rules requiring two weeks advance notice to make a scheduling change, and further noting the government had not cited any case law supporting the argument that there might be uncertainty about whether Concord had been served.

The Special Counsel is not entitled to special rules, and is required like the Attorney General to follow the rules of the Court. See United States v. Libby, 498 F.Supp.2d 1, 10-11 (D.C.C. 2007).

The Special Counsel’s motion, filed late on a Friday afternoon, essentially seeks to usurp the scheduling authority of the Court by requesting a continuance of a proceeding scheduled in five days knowing that Defendant is ordinarily entitled to fourteen days to respond.

The Special Counsel’s motion is in violation of Local Criminal Rule 47(b) in that its contains no citation to points of law and authority and instead proclaims without citation to any authority that “A criminal case against an organizational defendant ordinarily requires that the defendant has been properly served with a summons in order for the court to be assured that the defendant has submitted to the jurisdiction of this court and has obligated itself to proceed in accordance with the Federal Rules of Criminal Procedure and other applicable laws that govern this criminal proceeding,”

Judge Dabney Friedrich denied the government motion, meaning there’ll be an initial appearance Wednesday.

Before looking at what Concord is trying to do with its discovery request, let’s take a step back.

The US has been charging Russian hackers and other criminals (like Viktor Bout) for years. Russia hates it. Even ignoring the number of Russian criminals we’ve imprisoned for long sentences, in cases where we don’t nab defendants while on vacation, the indictments still provide the US a forum to expose Russian intelligence activities with little cost to the US.

Charging a corporate person — one close to Putin — for a crime (information operations) that the US also engages in, the government provided Putin and his ally Prigozhin with an opening to either inflict some damage or force the government to withdraw the indictment (and think twice before indicting any other Russian corporations in other Russian investigation indictments).

Here’s some of what Concord is asking for:

Unnamed co-conspirators. When Rod Rosenstein announced this indictment, he emphasized that no Americans were named as co-conspirators in the indictment. That’s different than saying no Americans did conspire (indeed, I’ve noted that three Trump Campaign Officials described in the indictment may be under ongoing investigation). The motion for a Bill of Particulars asks for the identities of those three Trump Campaign Officials, as well as the identities of at least ten other Americans described specifically, and 100 recruited by IRA (described in ¶81). It also asks for the name of co-conspirators for an act, ¶7 of the indictment, who were required to register even though no co-conspirators are alleged to have to do so. Intriguingly, it asks not just for the identity of the real US person who held a sign in front of the White House (¶12b), but also all details surrounding the communications behind that appearance.

Related crimes the government will introduce at trial. The discovery request makes a very normal Rule 404(b) request for any “other crimes, wrongs, or acts” the government might introduce at trial. If Mueller’s team believes anyone in this indictment was involved in other parts of the operation, they might have to disclose that.

SIGINT. The request for a Bill of Particulars asks the government to identify all VPNs, PayPal accounts, Twitter accounts, and web-based emails used in the operation. It asks for the IDs of the people behind the operation and a definition of what significant funds means which would convey how much money Mueller has tracked. It asks for the specific bank accounts the indictment alleges Concord used to launder its money. It asks for specific evidence showing Prigozhin’s knowledge of the operation. It asks for all the communications behind the named events in the indictment. Showing this would provide Concord, and so Prigozhin, and so Putin, a very detailed picture of how much intelligence the US collected to draw up this indictment, which would also hint a lot about how we got it.

Details they will use to show US double standards. This includes a request for all the times since 1945 an agent of the US “engaged in operations to interfere with elections and political processes in any foreign country,” which is probably a reference to this study that shows CIA has done it more than Russia, along with a parallel request about any times Americans have been charged under the same crime, 18 USC 371, charged in the indictment. It also asks for a definition of a bunch of terms — such as “improper foreign influence,” “computer infrastructure,” “collecting intelligence,” and “began to monitor” that Russia will then use to point out where US spooks do the same. The request asks for a list of all criminal statutes that prohibit interference operations, the specific statutes behind the FECA, FARA, and visa violations alleged, as well as statutes that prohibit “impairing, obstructing and defeating the lawful governmental functions of the US … [by] interfer[ing] with US political and electoral processes. Together, those requests are designed to show that much of this stuff is either legal or spying.

The names of informants. Concord asks for this both as a general Brady request and asks for the specific name of the uncharged co-conspirator who traveled to Atlanta in 2014 in the request for a Bill of Particulars. While Prigozhin probably knows which Russians cooperated, Russia will nevertheless love to use that to punish whoever did.

While neither will happen immediately — Mueller’s team will push for a protection order and CIPA process before turning over the requested discovery and defendants almost never get a Bill of Particulars — effectively, Concord signaled its intention to impose real costs on the US government’s use of our criminal justice system to embarrass Russia. They made it clear that one of Putin’s closes allies will be demanding the intelligence behind an indictment naming him and two of his companies. Which is going to pose real discomfort for Mueller’s team (which might explain a bit of their delay here).

Let me clear: Concord is entirely within its right to begin demanding such evidence. That’s the risk of using our criminal justice system, affording due process, in charging a Russian corporate person who can challenge any charges without risking their freedom. I imagine Mueller’s team didn’t sufficiently account for this possibility when charging it this way. And if there are any other known Russian corporations involved in this operation (or fronts, such as the one Joseph Mifsud worked behind), I would imagine Mueller’s team is rethinking their approach to including those fronts. This could be problematic to the extent that proving any “collusion” between Trump’s people and Russians would most easily be demonstrated via conspiracy charges involving Russian entities.

As I said, for years, it has pissed off Russia generally and Putin in particular that the US used its criminal justice system to embarrass Russia, particularly for actions (like nation-state spying or information warfare like that alleged in this indictment) that we also engage in, including against Russia. It seems clear Putin and his buddy Prigozhin are using the incidence of the latter having had his company be named in this indictment as an opportunity to retaliate and make DOJ think twice as it continues to expand such efforts in the future.

And to a large degree, it’s quite likely to work.

On Disinformation and the Dossier

By all accounts, the House will vote to release the Nunes memo tonight, even while Adam Schiff pushes to release his countering memo at the same time. Perhaps in advance of that, Andrew McCabe either chose to or was told to take leave today until such time as his pension kicks in in mid-March, ending his FBI career.

Since we’re going to be obsessing about the dossier for the next while again, I want to return to a question I’ve repeatedly raised: the possibility that some or even much of the Christopher Steele dossier could be the product of Russian disinformation. Certainly, at least by the time Fusion and Steele were pitching the dossier to the press in September 2016, the Russians might have gotten wind of the project and started to feed Steele’s sources disinformation. But there’s at least some reason to believe it could have happened much sooner.

Former CIA officer Daniel Hoffman argues the near misses are a mark of Russian disinformation

A number of spooks had advanced this idea in brief comments in the past. Today, former CIA officer Daniel Hoffman makes the arguement at more length at WSJ.

There is a third possibility, namely that the dossier was part of a Russian espionage disinformation plot targeting both parties and America’s political process. This is what seems most likely to me, having spent much of my 30-year government career, including with the CIA, observing Soviet and then Russian intelligence operations. If there is one thing I have learned, it’s that Vladimir Putin continues in the Soviet tradition of using disinformation and espionage as foreign-policy tools.

Hoffman points to what I consider the dossier’s abundance of near-misses (such as events involving the correct person in the wrong place or time) on correct information to back his case.

The pattern of such Russian operations is to sprinkle false information, designed to degrade the enemy’s social and political infrastructure, among true statements that enhance the veracity of the overall report. In 2009 the FSB wanted to soil the reputation of a U.S. diplomat responsible for reporting on human rights. So it fabricated a video, in part using real surveillance footage of the diplomat, that purported to show him with a prostitute in Moscow.

Similarly, some of the information in the Steele dossier is true. Carter Page, a Trump campaign adviser, did travel to Moscow in the summer of 2016. But he insists that the secret meetings the dossier alleges never happened. This is exactly what you’d expect if the Kremlin followed its usual playbook: accurate basic facts provided as bait to convince Americans that the fake info is real.

John Sipher, in our joint interview with Jeremy Scahill admitted such a thing was possible, though that the dossier still tied the hack to “collusion.”

The Russians are the best in the world at this disinformation and deception. I don’t think, based on what we saw in the June, the first of his reports, that the Russians would have controlled all of those sources and controlled that whole narrative. It just doesn’t seem to make sense to me. And if in fact they did control the information that was given to Mr. Steele at that time, you have to wonder what was the point. If they were trying to send a message that they had compromising information on Mr. Trump, that might be that they wanted Mr. Trump to know what they had so he would act accordingly. In terms of using kompromat you don’t have to go to the person and make the quid pro quo, you just have to let them know that you have the information and they’ll do the right thing. So, I do agree, as time went by, and as she mentioned, for example, that what GPS Fusion information had in the connections they had there’s, it’s certainly possible that the Russians could have come across some of these sources and provided disinformation especially as time went by. I don’t think that that’s out of the realm of possibility.

Nevertheless Sipher argued in response to Hoffman that the content of the dossier would rule against it being disinformation.

[Hoffman] did not address the content. If was disinformation, it was designed to hurt Trump.

The content of the dossier would have led Democrats to be complacent about the hacking

But I can think of several ways the information in the dossier, if it was disinformation, would help Trump. I have already noted how, if Democrats had used the intelligence provided by Steele in the very earliest reports in the dossier to gauge the risk posed by the hack, they would have been lulled into complacency, because Steele’s first reports clearly said any kompromat the Russians wanted to dump was old intercepts from Hillary’s trips to Russia, and even Steele’s first report after the WikiLeaks dump would not only not confirm Russia was behind the release, but would also contradict a year of public reporting on APT29 to claim that Russia had not had success breaching targets like the State Department and Hillary.

On June 20, Perkins Coie would have learned from a Steele report that the dirt Russia had on Hillary consisted of “bugged conversations she had on various visits to Russia and intercepted phone calls rather than any embarrassing conduct.” It would also have learned that “the dossier however had not yet been made available abroad, including to TRUMP or his campaign team.”

On July 19, Perkins Coie would have learned from a Steele report that at a meeting with a Kremlin official named Diyevkin which Carter Page insists didn’t take place, Diyevkin “rais[ed] a dossier of ‘kompromat’ the Kremlin possessed on TRUMP’s Democratic presidential rival, Hillary CLINTON, and its possible release to the Republican’s campaign team.” At that point in time, the reference to kompromat would still be to intercepted messages, not email.

On July 22, Wikileaks released the first trove of DNC emails.

On July 26 — days after Russian-supplied emails were being released to the press — Perkins Coie would receive a Steele report (based on June reporting) that claimed FSB had the lead on hacking in Russia. And the report would claim — counter to a great deal of publicly known evidence — that “there had been only limited success in penetrating the ‘first tier’ foreign targets.” That is, even after the Russian hacked emails got released to the public, Steele would still be providing information to the Democrats suggesting there was no risk of emails getting released because Russians just weren’t that good at hacking.

In fact, in his testimony to the House Intelligence Committee, in one of the few instances in either congressional appearance where he admitted that Steele was hired at almost precisely the same moment the Democrats were trying to get the FBI to make a public statement attributing the hack to Russia, Glenn Simpson explained that the Democrats did use Steele’s intelligence to “manage” the aftermath of the hack.

MR. SIMPSON: Well, this was a very unusual situation, because right around the time that the work started, it became public that the FBI suspected the Russians of hacking the DNC. And so there was sort of an extraordinary coincidence. It wasn’t really a coincidence but, you know, our own interest in Russia coincided with a lot of public disclosures that there was something going on with Russia.

And so what was originally envisioned as an original — as just a sort of a survey, a first cut of what might be — whether there might be something interesting about Donald Trump and Russia quickly became more of an effort to help my client manage a, you know, exceptional situation and understand what the heck was going on.

I also think it’s creepy that Guccifer 2.0 promised what he called a dossier on Hillary on the same day Steele delivered his first report, June 20, and delivered documents he claimed to be that dossier the next day.

There are multiple ways the Russians may have learned of the Steele dossier

Hoffman lays out a number of the reasons I believe Steele’s production process might have been uniquely susceptible to discovery.

There are three reasons the Kremlin would have detected Mr. Steele’s information gathering and seen an opportunity to intervene. First, Mr. Steele did not travel to Russia to acquire his information and instead relied on intermediaries. That is a weak link, since Russia’s internal police service, the FSB, devotes significant technical and human resources to blanket surveillance of Western private citizens and government officials, with a particular focus on uncovering their Russian contacts.

Second, Mr. Steele was an especially likely target for such surveillance given that he had retired from MI-6, the British spy agency, after serving in Moscow. Russians are fond of saying that there is no such thing as a “former” intelligence officer. The FSB would have had its eye on him.

Third, the Kremlin successfully hacked into the Democratic National Committee. Emails there could have tipped it off that the Clinton campaign was collecting information on Mr. Trump’s dealings in Russia.

I’d flesh out another, one the Republicans have been dancing close to for the last year. Because Fusion GPS did business with both the Democrats and, via Baker Hostetler, anti-Magnitsky lobbyists Natalia Veselnitskaya and Rinat Akhmetshin at the same time, it created a second source via which the Russians might learn that Hillary had a dossier. In addition to Simpson himself,  Fusion researcher Edward Baumgartner also worked with both Baker Hostetler and the Democrats at the same time. Simpson tried to minimize the overlap and the possibility for revealing the dossier, especially in his Senate testimony.

Q. We had talked about work for multiple clients. What steps were taken, if any, to make sure that the work that Mr. Baumgartner was doing for Prevezon was not shared across to the clients you were working for with regard to the presidential election?

A. He didn’t deal with them. He didn’t deal with the clients.

But the publicly released financial data shows a clear overlap in those projects and Baumgartner’s comments to BI show he worked quite closely with Veselnitskaya.

Baumgartner, a fluent Russian speaker, said he was hired by Fusion to serve as “an interface” with Veselnitskaya, who does not speak much English. They worked “very closely” together in Washington and Moscow, Baumgartner said, reviewing documents and finding witnesses who could bolster Prevezon’s case.

Simpson attended a dinner in DC on June 10, attended by both Veselnitskaya and Akhmetshin, in the aftermath of the Trump Tower meeting at which (per Simpson) “we had drinks before;” Baumgartner’s vague memory suggests he did too. When asked if Baumgartner knew Akhmetshin, which is virtually certain, Simpson said, “I don’t know.” So there were at least opportunities where people working on both campaigns might have disclosed details about the project for the Democrats (though both Simpson and Baumgartner said Baumgartner didn’t know about the Steele part of the project).

One other detail makes it more likely that Russians succeeded in planting at least some disinformation: both Luke Harding (who worked closely with Steele on his book) and Simpson describe Steele’s sources drying up as the focus on Trump’s ties to Russia grew. Simpson’s statement on this grossly understates (as he often does) how much focus there already publicly was on the Russian hack by the time he hired Steele.

So, you know, when Chris started asking around in Moscow about this the information was sitting there. It wasn’t a giant secret. People were talking about it freely. It was only, you know, later that it became a subject of great controversy and people clammed up, and at that time the whole issue of the hacking was also, you know, not really focused on Russia. So these things eventually converged into, you know, a major issue, but at the time it wasn’t one.

So if Steele’s regular sources were drying up, it makes it far more likely any new ones would be easy to compromised.

Russians seem to have planned to use the dossier to discredit the investigation — just as they are using it

Finally, I want to turn to another reason why I think parts of this may be disinformation. At least two of the reports — the Alfa Bank report (which was pretty clearly a feedback loop on another dodgy story) and the depiction of what should have been the Internet Research Association but was instead targeted at Webzilla, seem custom made to prepare the kind of lawfare that has discredited the dossier. Indeed, Alfa Bank and Webzilla’s owners both sued, suggesting they feel like they can survive discovery.

Look, now, at this detail from the letters Chuck Grassley sent out to the DNC, its top officials, and the Hillary campaign, and its top officials, trying to find out how much they knew about and used the dossier. Grassley also asks for any communications to, from, or relating to the following (I’ve rearranged and classified them).

Fusion and its formal employees: Fusion GPS; Bean LLC; Glenn Simpson; Mary Jacoby; Peter Fritsch; Tom Catan; Jason Felch; Neil King; David Michaels; Taylor Sears; Patrick Corcoran; Laura Sego; Jay Bagwell; Erica Castro; Nellie Ohr;

Fusion researcher who worked on both the Prevezon and Democratic projects: Edward Baumgartner;

Anti-Magnitsky lobbyists: Rinat Akhmetshin; Ed Lieberman;

Christopher Steele’s business and colleagues: Orbis Business Intelligence Limited; Orbis Business International Limited.; Walsingham Training Limited; Walsingham Partners Limited; Christopher Steele; Christopher Burrows; Sir Andrew Wood,

Hillary-related intelligence and policy types: Cody Shearer; Sidney Blumenthal; Jon Winer; Kathleen Kavalec; Victoria Nuland; Daniel Jones;

DOJ and FBI: Bruce Ohr; Peter Strzok; Andrew McCabe; James Baker; Sally Yates; Loretta Lynch;

Grassley, like me, doesn’t believe Brennan was out of the loop either: John Brennan

Oleg Deripaska and his lawyer: Oleg Deripaska; Paul Hauser;

It’s the last reference I’m particularly interested in.

When Simpson talked about how the dossier got leaked to BuzzFeed, he complains that, “I was very upset. I thought it was a very dangerous thing and that someone had violated my confidences, in any event.” The presumed story is that John McCain and his aide David Kramer were briefed by Andrew Wood at an event that Rinat Akhmetshin also attended, later obtained the memo (I’m still not convinced this was the full memo yet), McCain shared it, again, with the FBI, and Kramer leaked it to Buzzfeed.

But Grassley seems to think Russian oligarch Oleg Deripaska was in on the loop of this. Deripaska is important to this story not just for because he owns Paul Manafort (he figures heavily in this worthwhile profile of Manafort). But also because he’s got ties, through Rick Davis, to John McCain. This was just rehashed last year by Circa, which has been running interference on this story.

There is a report that Manafort laid out precisely the strategy focusing on the dossier that is still the main focus of GOP pushback on the charges against Trump and his campaign (and Manafort).

It was about a week before Trump’s inauguration, and Manafort wanted to brief Trump’s team on alleged inaccuracies in a recently released dossier of memos written by a former British spy for Trump’s opponents that alleged compromising ties among Russia, Trump and Trump’s associates, including Manafort.

“On the day that the dossier came out in the press, Paul called Reince, as a responsible ally of the president would do, and said this story about me is garbage, and a bunch of the other stuff in there seems implausible,” said a personclose to Manafort.

[snip]

According to a GOP operative familiar with Manafort’s conversation with Priebus, Manafort suggested the errors in the dossier discredited it, as well as the FBI investigation, since the bureau had reached a tentative (but later aborted) agreement to pay the former British spy to continue his research and had briefed both Trump and then-President Barack Obama on the dossier.

Manafort told Priebus that the dossier was tainted by inaccuracies and by the motivations of the people who initiated it, whom he alleged were Democratic activists and donors working in cahoots with Ukrainian government officials, according to the operative.

If Deripaska learned of the dossier — and obtained a copy from McCain or someone close to him — it would make it very easy to lay out the strategy we’re currently seeing.

Update: Welp, here’s why Grassley wants to know who among the Democrats spoke with Cody Shearer.

The FBI inquiry into alleged Russian collusion in the 2016 US presidential election has been given a second memo that independently set out many of the same allegations made in a dossier by Christopher Steele, the British former spy.

The second memo was written by Cody Shearer, a controversial political activist and former journalist who was close to the Clinton White House in the 1990s.

[snip]

The Shearer memo was provided to the FBI in October 2016.

It was handed to them by Steele – who had been given it by an American contact – after the FBI requested the former MI6 agent provide any documents or evidence that could be useful in its investigation, according to multiple sources.

The Guardian was told Steele warned the FBI he could not vouch for the veracity of the Shearer memo, but that he was providing a copy because it corresponded with what he had separately heard from his own independent sources.

Among other things, both documents allege Donald Trump was compromised during a 2013 trip to Moscow that involved lewd acts in a five-star hotel.

The Cost of the Lawfare Surrounding the Steele Dossier Will Vastly Outstrip Its Original Cost

In response to Monday’s server hiccups and in anticipation that Mueller is nowhere near done, we expanded our server capacity overnight. If you think you’ll rely on emptywheel reporting on the Mueller probe, please consider a donation to support the site

Yesterday, Reuters reported that Fusion GPS has told Congress (presumably as part of the settlement on a bank subpoena reached last week) how much it got paid for the dossier on Donald Trump, and how much of that it paid Christopher Steele for his part in the dossier. Fusion got $1.02 million from Perkins Coie, of which Steele got $168K.

Fusion GPS’ statement said it had told Congress about how $168,000 was paid last year to Orbis Business Intelligence, Steele’s company.

The money paid to Orbis was taken from $1.02 million it received in fees and expenses from the Perkins Coie law firm, the statement said.

There’s some confusion about this number, however, with some claiming that Fusion had a huge markup on Steele’s labor. But that’s not right. We’ve now confirmed what we’ve seen is just part of the total dossier Fusion did on Trump. If the numbering in the dossier is any indication, there were at least 166 reports done, with 79 done between the time  started on the dossier in April and when Steele got involved in June. Of the total, we’ve seen just 17 released reports from Steele, or about 10% of the total (assuming none of his Russian-related reports were withheld). That would put his payment — over 16% of what Fusion got paid — to be a reasonable fraction (of course much of the rest of the dossier is likely domestic and less reliant on paid sources built up over decades).

In any case, as Reuters points out, it’s far less than the $12 million Trump has alleged.

But it’s also far less than what the dossier will cost in the long run. As I’ve been tracking, there are a number of strands of “lawfare” surrounding the dossier — Russian and Republican attempts to use lawsuits to make the dossier toxic. They include:

  • Alexej Gubarev’s lawsuit against Steele and his company in the UK
  • Alexej Gubarev’s lawsuit against BuzzFeed in FL (with related subpoena challenges being litigated in DC)
  • The lawsuit by Alfa Bank executives against BuzzFeed in DC (filed after consulting with top GOP lawyers Viet Dinh and Brian Benczkowski and their firm)
  • Fusion’s efforts to fight testimony and bank subpoenas in DC
  • Carter Page’s lawsuit against HuffPo and Yahoo

In addition, I would be shocked if Marc Elias doesn’t get slapped with a lawsuit or two, now that his role in funding the dossier has become known. With the exception of Page’s suit, each of those involves at least two sets of well paid lawyers to fight things out.

Which is to say that the lawfare surrounding the dossier may well end up costing $12 million, even assuming no one ever has to pay any penalties. Which seems to offer a lesson for sleazy politicos: If you’re going to pay to develop dirt on your opponent, make sure that the blowback from it doesn’t cost more in terms of dollars and damage than the actual dossier itself.

Reasons Why Dems Have Been Fucking Stupid on the Steele Dossier: a Long Essay

Let me start this post by reposting in full my explanation of why Trump opponents are idiots for clinging to the Steele dossier, so I can add to that with an explanation of why the disclosure that Marc Elias paid for the dossier on behalf of Hillary and the DNC makes it far, far worse.

I have zero doubt that the Russians attempted to influence the election. I think it likely Robert Mueller will eventually show evidence that senior people in Trump’s camp attempted to and may have coordinated with people working for Russia, and people more tangential to the campaign sought out Russians for help. I think if the full story of the Russian involvement in the election comes out, it will be worse than what people currently imagine.

I also think Trump opponents have made a really grave error in investing so much in the Steele dossier. That’s true because, from the start, there were some real provenance questions about it, as leaked. Those questions have only grown, as I’ll explain below. The dossier was always way behind ongoing reporting on the hack-and-leak, meaning it is utterly useless for one of the most important parts of last year’s tampering. The dossier provides Trump officials a really easy way to rebut claims of involvement, even when (such as with Michael Cohen) there is ample other evidence to suggest inappropriate ties with Russia. Most importantly, the dossier is not needed for the most common reason people cling to it, to provide a framework to understand Trump’s compromise by Russia. By late January, WaPo’s reporting did a far better job of that, with the advantage that it generally proceeded from events with more public demonstrable proof. And (again, given the abundance of other evidence) there’s no reason to believe the Mueller investigation depends on it.

But because Trump opponents have clung to the damn dossier for months, like a baby’s blanket, hoping for a pee tape, it allows Trump, Republicans, and Russians to engage in lawfare and other means to discredit the dossier as if discrediting the dossier will make the pile of other incriminating evidence disappear.

So let’s see how the Marc Elias disclosure makes this far, far worse.

The WaPo reports that Elias’ firm, Perkins Coie, acting on behalf of both Hillary and the DNC, paid Fusion GPS. And they did so much earlier than previously reported, starting in April.

Marc E. Elias, a lawyer representing the Clinton campaign and the DNC, retained Fusion GPS, a Washington firm, to conduct the research.

After that, Fusion GPS hired dossier author Christopher Steele, a former British intelligence officer with ties to the FBI and the U.S. intelligence community, according to those people, who spoke on the condition of anonymity.

Elias and his law firm, Perkins Coie, retained the company in April 2016 on behalf of the Clinton campaign and the DNC. Before that agreement, Fusion GPS’s research into Trump was funded by an unknown Republican client during the GOP primary.

Given the numbering of the dossier, the April date makes far better sense than the June date. In fact, on January 13, I said, “It must have started sometime in April.” Yay me — that’s the one piece of prescience I’ll write about here I’m happy about.

The news comes as Fusion has been digging itself deeper and deeper into a perjury hole in an effort to protect Elias and the Democrats, just as they would have had to release financial documents showing Perkins Coie’s involvement in any case (I’ll do a follow-up to show that Fusion seems to have been using a cute definition of “client” in its sworn legal declarations about the dossier).

Some of the details are included in a Tuesday letter sent by Perkins Coie to a lawyer representing Fusion GPS, telling the research firm that it was released from a ­client-confidentiality obligation. The letter was prompted by a legal fight over a subpoena for Fusion GPS’s bank records.

As the WaPo and an army of Dem flacks have noted since this story broke, it is totally normal to pay oppo research firms for dirt on opponents.

It is!!

Which ought to raise really big questions why Elias didn’t come forward before now to simply admit that Hillary and the Dems — rather than some unnamed big donor as has always been intimated — were doing what every campaign normally does.

And there are several likely reasons for that.

First, consider what position this puts the FBI in. Steele started sharing his information with the FBI during the summer, possibly before the FBI opened an investigation into Trump’s Russian ties (though the CIA claims to have had a report in June about such ties, so the investigation doesn’t derive exclusively from the dossier). It’s still unclear — not even given Steele’s legal statements on this fact — whether Steele shared the information on his own, or whether Fusion permitted him to share. It’s also not clear whether Steele disclosed to FBI who was paying for his work (or even if he actually knew). But it is qualitatively different for the FBI to accept and respond to information from a political party than it is to respond to information paid for by — say — a rich private person like George Soros. That is, admittedly, how the Whitewater investigation got started (so I can appreciate the irony), but it was wrong then and it’s wrong now.

Note, this detail also provides a much better explanation for why the FBI backed out of its planned relationship with Steele in October, one that matches my supposition. As soon as it became clear Elias was leaking the dossier all over as oppo research, the FBI realized how inappropriate it was to use the information themselves, no matter how credible Steele is. This also likely explains why FBI seeded a story with NYT, one Democrats have complained about incessantly since, reporting “none of the investigations so far have found any conclusive or direct link between Mr. Trump and the Russian government.” Ham-handed? Sure. But in the wake of Harry Reid and David Corn’s attempts to force FBI to reveal what Democratic oppo research had handed to FBI, the FBI needed to distance themselves from the oppo research, and make sure they didn’t become part of it. Particularly if Steele was not fully forthcoming about who was paying him, the FBI was fucked.

And consider what Hillary and the DNC did. Back when the June 9 Trump Tower meeting first broke, I warned Democrats who were screaming that this was proof of collusion to be very careful of how they defined it.

[T]hus far, it is not evidence of collusion, contrary to what a lot of people are saying.

That’s true, most obviously, because we only have the implicit offer of a quid pro quo: dirt on Hillary — the source of which is unknown — in exchange for sanctions relief. We don’t (yet) have evidence that Don Jr and his co-conspirators acted on that quid pro quo.

But it’s also true because if that’s the standard for collusion, then Hillary’s campaign is in trouble for doing the same.

Remember: A supporter of Hillary Clinton paid an opposition research firm, Fusion GPS, to hire a British spy who in turn paid money to Russians — including people even closer to the Kremlin than Veselnitskaya — for Russia-related dirt on Don Jr’s dad.

Yes, the Clinton campaign was full of adults, and so kept their Russian-paying oppo research far better removed from the key players on the campaign than Trump’s campaign, which was run by incompetents. But if obtaining dirt from Russians — even paying Russians to obtain dirt — is collusion, then a whole bunch of people colluded with Russians (and a bunch of other foreign entities, I’m sure), including whatever Republican originally paid Fusion for dirt on Trump.

Breaking: Our political process is sleazy as fuck (but then, so are most of our politicians).

I assumed at the time that Democrats were adults and provided Hillary some plausible deniability and distance from the payments to ex-spooks who in turn paid Russian spies.

Serves me right for underestimating, yet again, Hillary’s ability to score own goals, because Nope! They’re not that adult! And so while it pains me greatly to have to say this, the Dems who screamed “COLLUSION!!!!!!!!” after evidence of a meeting but not payment have earned this attack from Ari Fleischer, accusing them of colluding, because that’s the standard they adopted at the time.

Finally, there’s the most interesting thing implicated by the disclosure that Perkins Coie partner Marc Elias paid for the dossier.

As noted, the WaPo explains Elias started to do so in April, which makes far more sense given the numbering of the dossier. But Steele, we know, was brought in in June; his first report, about whether Russia had kompromat on Hillary, was June 20. That means Steele’s involvement, paid for by Perkins Coie, postdates the involvement of Perkins Coie partner (and former DOJ prosecutor who should have known better than to do this) Michael Sussman in the DNC’s response to learning they were hacked by Russia, starting around April 29.

“Not sure it is related to what the F.B.I. has been noticing,” said one internal D.N.C. email sent on April 29. “The D.N.C. may have been hacked in a serious way this week, with password theft, etc.”

No one knew just how bad the breach was — but it was clear that a lot more than a single filing cabinet worth of materials might have been taken. A secret committee was immediately created, including Ms. Dacey, Ms. Wasserman Schultz, Mr. Brown and Michael Sussmann, a former cybercrimes prosecutor at the Department of Justice who now works at Perkins Coie, the Washington law firm that handles D.N.C. political matters.

“Three most important questions,” Mr. Sussmann wrote to his clients the night the break-in was confirmed. “1) What data was accessed? 2) How was it done? 3) How do we stop it?”

It also means that Steele’s involvement — paid for by Perkins Coie — roughly coincides with the time Democrats and Perkins Coie partner Michael Sussman first sat down with the FBI and pushed the FBI to “tell the American public that” Russia had attacked the Democrats.

The D.N.C. executives and their lawyer had their first formal meeting with senior F.B.I. officials in mid-June, nine months after the bureau’s first call to the tech-support contractor. Among the early requests at that meeting, according to participants: that the federal government make a quick “attribution” formally blaming actors with ties to Russian government for the attack to make clear that it was not routine hacking but foreign espionage.

“You have a presidential election underway here and you know that the Russians have hacked into the D.N.C.,” Mr. Sussmann said, recalling the message to the F.B.I. “We need to tell the American public that. And soon.”

Shortly thereafter, Steele, paid for by Perkins Coie, started sharing reports with the FBI, with as yet unknown disclosure to them about who was paying his bills. Do you see why this is a problem yet?

Note, too, the irony. The DNC was unwilling to share their server directly with the FBI. But they were willing to launder their intelligence to it.

Not cool, Democrats. Also, not smart.

Now, add to this massive own goal the Democrats have scored on themselves. The second report in the released dossier, is dated July 26, released four days after WikiLeaks started releasing the DNC emails, making it clear the Democrats had a far bigger hack-and-leak problem on their hands than they had let on in a June 14 story to the WaPo. It is an incredibly back-assward report on Russian hacking that proved unaware of the most basic publicly known details about Russia’s hacking (the Democrats would have been better served reading this report that had been released ten months before, which is almost certainly what FBI was trying to point them to when they first warned of the hack in September). That is, in the wake of the DNC hack, the Democrats’ lawyer paid for private intelligence about Russian involvement with Trump, and they ended up paying someone whose sources (because Steele is a follow-the-money guy, not a follow-the-packets guy) consistently were months and months behind the public knowledge on the hack.

Yikes.

Finally, one more point. It has been clear for some time that Steele’s reports had some kind of feedback loop, responding to information the Democrats got. That was most obvious with respect to the September 14 Alfa Bank report, which was obviously written after first news of the Alfa Bank/Trump Tower story, which was pushed by Democratic partisans. Particularly given that we know the released report is a selective release of just some reports from the dossier, the inclusion of Alfa Bank in that release makes no sense. Even if reports about old corrupt ties between Alfa and Putin are true (as if Democratic politicians and corrupt American banks never have old ties), the inclusion of the Alfa report in the dossier on Trump made zero sense.

Which is why Alfa Bank decided — after consulting with big Republican lawyers like Viet Dinh and soon-to-be DOJ Criminal Division Chief Brian Benczkowski — to sue for defamation. Now I understand why (particularly given that Republicans seem to have known who paid for the dossier for some time). I’m not sure Alfa Bank executives pass the bar for defamation here (though the publication of a report that misspelled Alfa’s name is pretty damning), but the fact that Elias paid for this dossier on behalf of the Democrats is going to make that defamation case far more explosive (and I’ll be surprised if Elias doesn’t get added into the mix).

As I said when I began this: I have no doubt Russia tampered with the election, and if the full truth comes out I think it will be more damning than people now imagine.

But the Democrats have really really really fucked things up with their failures to maintain better ethical distance between the candidate and the dossier, and between the party and the FBI sharing. They’ve made things worse by waiting so long to reveal this, rather that pitching it as normal sleazy political oppo research a year ago.

The case of Russian preference for Trump is solid. The evidence his top aides were happy to serve as Russian agents is strong.

But rather than let FBI make the case for that, Democrats instead tried to make their own case, and they did in such a way as to make the very solid case against Trump dependent on their defense of the dosser, rather than on better backed claims released since then.

Boy it seems sadly familiar, Democrats committing own goals like this. And all that’s before where the lawfare on this dossier is going to go.

Update, 12/6/17: This, from April, is a really interesting claim by claim debunking of the dossier.