Posts

On the Lawfare over the Steele Dossier

October 25: For those looking for “Reasons Why Dems Have Been Fucking Stupid on the Steele Dossier, a Long Essay,” it’s here; I screwed up the link.

Say, did you know that Christopher Steele and his company, Orbis Business Intelligence, claim that Fusion GPS, the US-based intelligence firm that hired him to collect dirt on Donald Trump, did not share that dirt with its clients?

Steele’s curious claims made from the comfort of the UK

That’s the rather improbable claim made in a May 18 filing in the British lawsuit Webzilla CEO Alexej Gubarev filed against Steele and his company in the UK. In response to questions about who was contractually prohibited from disclosing Steele’s reports, Steele claimed that while Fusion was permitted to share the information he gave them with their clients, they did not.

In relation to the pre-election memoranda the duty not to disclose intelligence to third parties without the prior agreement of [Steele and his company, Orbis] did not extend to disclosure by Fusion to its client(s), although the Defendants understand that copies of the memoranda were not disclosed by Fusion to its client(s).

In response to a follow-up question on whether Fusion’s clients were allowed to disclose any reports they got, Steele claimed that Fusion’s clients weren’t supposed to release the information.

[Steele and his company] understood that the arrangement between Fusion and its client(s) was that intelligence would not be disclosed.

Yet, in spite of the claim that Fusion never shared Steele’s intelligence reports with its clients, Steele admits that he gave off the record briefings, in one form or another, to reporters from six different American outlets.

The journalists initially briefed at the end of September 2016 by [Steele] and Fusion at Fusion’s instruction were from the New York Times, the Washington Post, Yahoo News, the New Yorker and CNN. [Steele] subsequently participated in further meetings at Fusion’s instruction with Fusion and the New York Times, the Washington Post and Yahoo News, which took place in mid-October 2016. In each of those cases the briefing was conducted verbally in person. In addition, and again at Fusion’s instruction, in late October 2016 [Steele] briefed a journalist from Mother Jones by Skype. No copies of the pre-election memoranda were ever shown or provided to any journalists by, or with the authorization of, the Defendants. The briefings involved the disclosure of limited intelligence regarding indications of Russian interference in the US election process and the possible co-ordination of members of Trump’s campaign team and Russian government officials.

So the folks footing the bill for all this never saw the reports they paid for, and if you believe Steele no reporters ever actually looked at the dossier. Steele makes no mention (in a lawsuit in the UK targeting just him, not Fusion GPS) of the evolving claims of BBC’s Paul Wood.

Steele’s claim that he wasn’t sharing the dossier itself is dubious for several reasons. For example, the defense makes no mention of Steele sharing the dossier with the FBI, in spite of multiple reports of him doing so.

More damning, one of the reporters with whom the dossier was shared before the election, BBC’s Paul Wood, has changed a published story about receiving the dossier on two occasions. The original story appeared like this.

Sometime between the original publication and 14:06 GMT, the paragraph claiming the American oppo research company, Fusion, disseminated the document was removed from the story.

Then, by 15:32 GMT — roughly 20 minutes after I did a post noting the first change — that passage was again changed, this time to suggest the pages were shown, but not given, to journalists.

I’ve been told second-hand that actual pages were given, not shown, to at least one journalist, suggesting the middle story may be the accurate one. Moreover, the actual dossier would have had to have been shared for James Clapper’s claim that the dossier “was widely circulated … among the media, members of Congress and Congressional staff ” to be true.

Note, too, that in an April declaration, Steele claimed that the briefings took place in “late summer/autumn 2016;” while those briefings took place before September 23, that’s only late summer if you’re fairly strict about when the equinox falls.

Suffice it to say, I don’t find Steele’s claims that persuasive. Which may be why he tried to challenge Gubarev’s efforts — in his US lawsuit against Buzzfeed — to obtain a deposition. The judge in that suit denied Steele’s request, though Steele can still challenge the request in the UK, where he’ll likely get a far friendlier reception.

Let me interrupt and suggest the Russians — and probably the most partisan Republicans — know who’s behind Steele’s dossier. By all appearances Russian interests are fighting a multi-front legal effort to force those details out in public, on top of any damage it does to Buzzfeed.

In the suit against Steele in the UK, Steele has basically explained he disseminated the December 13 memo — which is the one that mentions Webzilla and so is the only one that matters in that suit — to just two people: a hard copy to a senior UK government official (believed to be someone at MI6), and an encrypted copy to Fusion to pass on to John McCain via a Senior Director of McCain’s Institute for International Leadership, David Kramer. Steele admits his instructions that the last report remain classified were given over a secure phone call, not in writing. Steele admits giving off-the-record briefings (though not to BuzzFeed), but not the materials themselves, on the earlier reports, but not the December 13 one. In any case, given that BuzzFeed was not one of those outlets, Steele argues he can’t be held responsible for any defamation of Webzilla in the UK. Steele also emphasizes that the December 13 memo “did not represent (and did not purport to represent) verified facts, but were raw intelligence which had identified a range of allegations that further investigation.” And since the December 13 memo was produced for free, from intelligence “not actively sought, … merely received,” Steele doesn’t have to reveal who paid for the other reports, which don’t mention Webzilla.

Barring greymail, the Florida suit permits Webzilla to compare Steele’s answers with Fusion’s

That’s all well and good, but in its Florida suit, Webzilla is pursuing a deposition from Fusion GPS as well as Steele (curiously, the joint status report says nothing about deposing McCain or Kramer).

For its part, Buzzfeed appears to be pursuing a graymail defense. Around July 7, Buzzfeed sent subpoenas to a bunch of national security witnesses who are not going to want to testify.

Six weeks ago, Defendants  served subpoenas for depositions and the production of documents on several third party witnesses, including several government agencies and their former officials. These include the FBI, DOJ, ODNI, CIA, and James Comey, James Clapper, and John Brennan.

Particularly Comey and the FBI are likely to invoke ongoing investigations to refuse to give a deposition.

Still, comparing the stories of Steele and Fusion may produce some discomfort, all the more so if Webzilla succeeds in making Steele attest to the things he said in the UK in the US.

Fusion was far less cooperative with the Senate Judiciary Committee than made out

Which brings us to efforts in Congress. As I’ve said before, I think Chuck Grassley’s efforts to understand Fusion’s role in the dossier are good faith efforts. While a key focus of that is on Steele’s relationship with the FBI, Grassley fought for five months to get Fusion to cooperate with the Committee, which Fusion head Glenn Simspon finally did in a 10 hour August 22 interview with the Senate Judiciary Committee (See release 1, release 2, release 3, hearing statement 1, release 4, release 5, hearing statement 2, release 6 for Grassley’s efforts). Democrats — apparently led by Rachel Maddow — made much about the appearance. But the main outcome was nothing more than a carefully crafted statement for the benefit of Fusion’s clients assuring them Simpson hadn’t revealed their names.

While Simpson’s attorney said his client provided significant details about his firm’s findings, he did not reveal the identities of those who paid for his research.

Simpson “kept the identities of Fusion GPS’ clients confidential,” Levy said in his statement. “Fusion GPS represents businesses, individuals and, occasionally, political clients on both the right and the left. When those clients want Fusion GPS to keep their identities confidential, Fusion GPS honors that commitment without exception – just as law firms and businesses do all over the country.”

A Grassley staffer offered a very different take than the celebratory one Democrats claimed to Fox News’ Catherine Herridge.

“Fusion’s initial production of documents consisted of solely of headlines from publicly available news reports and more than 7,500 pages of blank paper,” Grassley spokesman Taylor Foy said. “Fusion eventually provided a copy of the same unverified dossier that’s been publicly available since January, and a privilege log that raises more questions than it answers.”

Fox reported this week that Fusion GPS gave the committee 40,000 documents.

The records were finally provided by Simpson and his legal team after Grassley sent several letters raising questions about the dossier, moved a Judiciary Committee hearing to accommodate Simpson’s schedule, and withdrew a subpoena in return for a pledge of cooperation.

“I’d note that only after the subpoena did Simpson indicated any willingness to cooperate voluntarily, yet the documents produced by his legal team have not been responsive to the committee’s questions,” Foy said.

Effectively, Fusion is still refusing to cooperate, over five months after Grassley’s first request.

The other notable development from Congress is Devin Nunes’ efforts — even as people who haven’t recused from the Russian investigation are trying to negotiate an interview with Steele — to search out the spy directly. He sent two staffers to London to try to contact Steele, without informing the people on the House Intelligence Committee who are actually supposed to be conducting an investigation.

After getting Steele to commit to one Webzilla suit, Alfa sued

As noted, on May 18 effectively Steele made a set of claims in the UK that — while sketchy — nevertheless would bracket off questions about the circumstances of the larger dossier’s production by claiming that the last report, the one pertinent to Webzilla, basically had a virgin birth.

Which is why I find the timing of this suit — a  May 26 lawsuit by Alfa Bank against BuzzFeed — so interesting. As I noted here, the September 14 Steele dossier report on Alfa Bank isn’t all that damning. It alleges Alfa did some corrupt stuff for Putin back when he was Deputy Mayor of St. Petersburg. Particularly given that report has nothing to do with Trump directly, I suspect the report appears in the dossier because of the allegations of weird communications between a Trump marketing server and the bank; the allegations had already been shared with the FBI and were beginning to be shared with journalists at about precisely that moment.

The suit nods to such a theory without mentioning it directly.

More than one defamatory meaning can be drawn from this passage. It suggests that Alfa and Messrs. Fridman and Aven use their knowledge of past bribery of President Putin as a means of criminally extorting continuing favorable treatment for their business interests from his government. Within the context ofthe entire Dossier, it also implies that Alfa and its three officials willingly maintain the close relationship with
President Putin based on the “kompromat” they hold on him by cooperating in some unspecified way in the Kremlin’s campaign to interfere in the U.S. election.

At the same time, in context, the whole of CIR 112 can also be understood to suggest that because oftheir past (and possibly current) relationship involving mutually beneficial corrupt practices, Alfa and its three officials are required to do President Putin’s bidding, which includes cooperating in the Kremlin efforts to influence the outcome of the recent U.$. election. The statements quoted from the Dossier are false

But one of the real points of the lawsuit is not just that Buzzfeed published the dossier, but called out Alfa bank, correcting its spelling, even while acknowledging that the spelling indicated an error.

The Article specifically refers to Alfa as having been named in the Dossier, while acknowledging that the Dossier “is not just unconfirmed: It includes some clear errors. The [Dossier] misspells the name of one company, ‘Alpha Group,’ throughout. It is Alfa Group.”

The Article, by explicitly referring to Alfa, increases the likelihood that persons interested in Alfa (including but not limited to government intelligence officials, regulatory authorities, financial institutions, print and online news media and journalists) would search the Dossier to find out what it says about Alfa.

In any case, because this report was part of the dossier before it got shared with journalists, and because it was among the reports paid for by yet-unknown sources, Alfa will have cause to ask all about those details — details which Steele worked so hard to hide with the sketchy story he told in the UK. And Alfa filed the suit just a week after Steele committed to those facts in the UK.

Even aside from the timing, however, the background to the suit is worth mention.

It came out as part of the confirmation process for Trump transition official and former Jeff Sessions staffer Brian Benczkowski to be Assistant Attorney General of DOJ’s Criminal Division. Days before his confirmation, he sent Chuck Grassley letters revealing that not only had his firm, Kirkland & Ellis, confidentially represented Alfa bank, but he personally had overseen one of the investigations into the weird communications data. It came out later that he also consulted on Alfa’s plan to sue Buzzfeed.

Dianne Feinstein described at length why she considered this problematic, particularly given Benczkowski’s refusal to recuse himself from the Mueller investigation and any cases involving Alfa Bank.

I very much appreciate that Mr. Benczkowski has agreed to speak publicly about his work for Alfa Bank and I think it’s an important topic to understand given the position he’s been nominated for.

As I understand it, Mr. Benczkowski participated in President Trump’s transition team from September of last year to January of this year. He led the transition team’s work at the Justice Department, which is now led by his former boss, Attorney General Jeff Sessions.

Mr. Benczkowski told the committee that the retention of former FBI Director James Comey was discussed by those on the transition team, including himself.

In March, within two months of leaving the transition team, Mr. Benczkowski agreed to represent Alfa Bank.

Specifically, his work for Alfa Bank went to the heart of the reported investigations. He worked with a computer forensics firm to determine any ties between servers of Alfa Bank and the Trump Organization, and also whether and how private server information had gotten out of the ban.

Additionally, he reviewed the “Steele dossier,” a private investigator’s file on alleged links between Russia and the Trump campaign. He did this for Alfa Bank to consider suing Buzz Feed for defamation over their online publication of the dossier. Alfa Bank, in fact, did sue Buzz Feed on May 26 of this year.

In April, while Mr. Benczkowski was working for Alfa Bank, Attorney General Sessions’s chief of staff asked him about his interest in leading the Criminal Division.

Mr. Benczkowski’s law firm then notified Alfa Bank of his potential nomination for the Trump administration. But the fact that Mr. Benczkowski continued representing Alfa Bank, until the day of his nomination, which was June 6, raises questions. After he found out about his potential nomination, why did he continue his representation of Alfa Bank?

It is clear to me that Mr. Benczkowski is knowledgeable about issues related to an ongoing investigation. So I asked before this hearing if he would commit himself to recusing—not only from cases involving Alfa Bank as his former client, but also matters within Special Counsel Mueller’s investigation.

He would not commit to recusing himself. I’m concerned with his refusal, especially given the position for which he has been nominated.

In other words, days before he got the offer to oversee all criminal investigations in the country, Alfa had sued Buzzfeed (though a different firm is representing Alfa in the suit. Benczkowski’s nomination hasn’t been considered in any of the confirmation votes the committee has considered since.

The lawsuit, even more than Nunes’ free-lance efforts in London, seems like an attempt to expose highly inconvenient information about the dossier.

It’s all perfectly legal. But taken altogether, it’s clear that some really well-connected businesses run by Russians are using British and US courts to try to expose information they all seem to know exists.

Remember: the Russians learned about this dossier by October 31, if not before. There are real questions about the provenance of the document as leaked to Buzzfeed. There are real questions about whether some of the material in it wasn’t offered to Steele’s sources as deliberate disinformation — something recently floated by British spy historian Ben Macintyre.

S.L.Do you think the Russians really have something on Trump?

B.M. I can tell you what the veterans of the S.I.S. [the British Secret Intelligence Service, or MI6] think, which is yes, kompromat was done on him. Of course, kompromat is done on everyone. So they end up, the theory goes, with this compromising bit of material and then they begin to release parts of it. They set up an ex-MI6 guy, Chris Steele, who is a patsy, effectively, and they feed him some stuff that’s true, and some stuff that isn’t true, and some stuff that is demonstrably wrong. Which means that Trump can then stand up and deny it, while knowing that the essence of it is true. And then he has a stone in his shoe for the rest of his administration.

It’s important to remember that Putin is a K.G.B.-trained officer, and he thinks in the traditional K.G.B. way.

Particularly given that the last report in the dossier came out after its existence became known, it would have been especially easy to include disinformation that can now be exploited for this campaign of lawfare.

And while Buzzfeed’s graymail is likely to be effective and Steele’s deposition in the US is in no way assured, thus far the lawfare has revealed a lot of data that doesn’t really make sense.

Update: WashEx reports the House Intelligence Committee subpoenaed FBI and DOJ for information on the dossier and, having not gotten a response, has now also subpoeaned Christopher Wray and Jeff Sessions (who of course should be recused).

The committee issued the subpoenas — one to the FBI, an identical one to the Justice Department — on August 24, giving both until last Friday, September 1, to turn over the information.

Neither FBI nor Justice turned over the documents, and now the committee has given them an extension until September 14 to comply.

Illustrating the seriousness with which investigators view the situation, late Tuesday the committee issued two more subpoenas, specifically to FBI Director Christopher Wray and Attorney General Jeff Sessions, directing them to appear before the committee to explain why they have not provided the subpoenaed information.

The subpoenas are the result of a months-long process of committee investigators requesting information from the FBI and Justice Department. Beginning in May, the committee sent multiple letters to the FBI and Justice requesting information concerning the Trump-Russia affair.

I actually have no problems with the questions Congress is asking about the dossier (though I do think Mueller’s investigation should be given deference, if he asks for it). What’s funny, though, is that none of the committees are asking CIA and ODNI for more information on when they learned about the dossier. As I’ve noted their answers about it have been laughable, to put it charitably. But that might risk committing oversight.

Timeline

February 3: Webzilla and Alexej Gubarev sue Buzzfeed

March 27: Grassley first submits questions to Fusion

April, unknown date: Sessions Chief of Staff inquires about Benczkowski’s interest in serving as Assistant Attorney General

April 3: Steele Defence in UK Webzilla suit

May 18: Steele’s response to claimants request for further information

May 22: Ursula Ungaro denies BuzzFeed request to move suit to NYC in US Webzilla suit

May 26: Alfa Bank sues Buzzfeed in NY

June 6: Brian Benczkowski offered Assistant Attorney General position

July 19-21: Kirkland & Ellis disclose Benczkowski’s ties to Alfa bank

July 25: Benczkowski confirmation hearing

August 10: Ungaro requests UK require Steele provide a deposition in this case

August 10: Steele fights deposition request in US Webzilla suit

August 15: Ungaro denies Steele request

August 22: Glenn Simpson submits to 10 hour transcribed interview with Senate Judiciary Committee

August 24: HPSCI subpoenas FBI and DOJ for information on dossier

September 14: Extended deadline for FBI and DOJ to comply with HPSCI subpoena

After Three Suggestions of Doctored Data, Alfa Bank Claims They’re Being Framed

Remember this article from CNN that renewed the Alfa Bank funny server story? It totally pissed me off for the way it cited about seven people telling it there was no there there, and then reporting that there was based off one identified source (a US official, who could be a member of Congress) and other non-identified ones.

In addition, it claimed that Dick DeVos leads Spectrum Health — my local hospital. DeVos is currently Chairman of the Board, but the company is “led” by CEO and President Rick Breon. DeVos “leads” a company called Windquest Group, which invests in boutique things like an excellent wine bar and the fancy gym I belonged to before I joined the Y. The DeVos family “owns” a lot more, notably RDV Corporation, through which they own and mismanage the Orlando Magic. There are probably a jillion servers associated with RDV corporation that could (and probably do!) conduct secret communications. Which is another way of saying that if Dick DeVos wanted to conduct secret conversations with Donald Trump at a time when he was attracting attention because he was not yet even donating money to the candidate, he might have done it via a server more directly operated by his family. Hell, since DeVos spooked up brother-in-law Erik Prince was supporting Trump at that time of the weird server activity, why wouldn’t we expect spooky conversations to happen from one of Prince’s far-flung spook properties?

But perhaps the funniest part of the CNN story is that it pointed to evidence the story had been packaged — but it didn’t seem to understand that.

Other computer experts said there could be additional lookups that weren’t captured by the original leak. That could mean that Alfa’s presence isn’t as dominant as it seems. But Dyn, which has a major presence on the internet’s domain name system, spotted only two such lookups — from the Netherlands on August 15.

If there were lookups not recorded in the publicly released data — even if there were just two of them — then it shows that the publicly released data is incomplete.

Other outlets say was even more data sometimes excluded from the public story. The Intercept cataloged how different sets of material purportedly backing this story include different sets of IP addresses.

On Tea Leaves’ WordPress site, he claimed that “only two networks resolved the mail1.trump-email.com host.” This is contradicted by the very works of analysis furnished by Tea Leaves’ collaborators: The author of the white paper found that at least 19 IP addresses, all belonging to different networks except for the two that belong to Alfa Bank, had looked up Trump’s server. And these are only the 19 the author was able to observe in a short time period — it can’t be ruled out that there were many more, which quickly deflates the portrait of a shady Russian backchannel.

The white paper included DNS look-up data, but not nearly enough to reproduce the results. Rather than the 19 IP addresses we expected to see, the data only included three, and the DNS look-ups were not for the same time period that the paper described. Tea Leaves published a different set of data on the dark web, which we also looked at, but this set of data only included a total of four IP addresses. When we pressed Tea Leaves for the complete set of data so we could attempt to reproduce the analysis, he gave us a new, more comprehensive set of data, but still that included a total of only eight IP addresses, and it was missing an IP address belonging to a VPN service in Utah that accounted for a significant portion of the DNS look-ups described in the paper.

And Robert Graham states that a source of his says the data for June — one of the key months in question — was altered.

Tea Leaves and Jean Camp are showing logs of private communications. Where did these logs come from? This information isn’t public. It means somebody has done something like hack into Alfa Bank. Or it means researchers who monitor DNS (for maintaing DNS, and for doing malware research) have broken their NDAs and possibly the law.

The data is incomplete and inconsistent. Those who work for other companies, like Dyn, claim it doesn’t match their own data. We have good reason to doubt these logs. There’s a good chance that the source doesn’t have as comprehensive a view as “Tea Leaves” claim. There’s also a good chance the data has been manipulated.

Specifically, I have as source who claims records for trump-email.com were changed in June, meaning either my source or Tea Leaves is lying.

Until we know more about the source of the data, it’s impossible to believe the conclusions that only Alfa Bank was doing DNS lookups.

Here’s his latest post on this issue.

All the different sets of data (and the way the data was culled without evidence about how that was done), plus the fact that the entity behind this story goes by the name “Tea Leaves” and now refuses to talk to anyone about it, really ought to raise questions about a hoax. But not CNN. For CNN it was all proof of something there.

Now CNN reports that once in February and increasingly since CNN’s story about a non-story, someone has been spoofing lookups from Trump to Alfa.

[O]n Friday, Alfa Bank claimed hackers are now trying to perpetuate that suspicion by tricking the Trump Organization into sending communication toward the bank.

[snip]

One attack happened on February 18, the bank said. (The bank did not mention that to CNN before its story published on March 10.)

After CNN published its story about the puzzling Trump-Alfa situation, hackers stepped up their attack on the Trump Organization with “spoofed” signals for five hours, which were then directed back towards the bank, Alfa Bank said.

Hackers continued this attack on March 13, the bank said.

The bank contacted the FBI and offered “complete co-operation in finding the people behind attempted cyberattacks.” A US law enforcement official confirmed that the FBI was contacted.

[snip]

According to Alfa Bank’s description of recent events, hackers have recently tricked a Trump Organization computer server into sending internet traffic to Alfa Bank.

Hackers have “manufactured this deceit by ‘spoofing’ or falsifying DNS lookups to create the impression of communication between Alfa Bank and the Trump Organization,” the bank said in a statement.

Alfa Bank offered this analogy: “A simple analogy would be someone in the U.S. sending an empty envelope… to a Trump office… addressed to Trump, but on the back of the envelope the return address is Russia… instead of its own real address.”

“So, on cursory examination, Alfa Bank appears to have been receiving responses to queries it never actually sent.”

Alex McGeorge, head of threat intelligence at cybersecurity firm Immunity, said this is a prank “that is simple to do from pretty much any internet connected computer. We could probably manufacture this from a Starbucks.”

That someone is trying to manufacture something out of nothing here should not be surprising. There’s abundant reason to believe that’s what was always happening. And now that the FBI has been called back in by Alfa, I do hope they find an explanation about whether this is a Hillary person trying to taint Trump or Russia trying to do a limited hangout on other more damaging Alfa stuff. Maybe both have been faking this story at different times?

In any case, at this point, the story should be about why this story got packaged in the way it did, as much as any questions about how Trump sends spam around the world.

Update: Here’s the press release from Alfa. They’re also calling the larger story a hoax.

Alfa Bank’s working hypothesis is that an individual — possibly well known in internet research circles — may have fed selected DNS data to an anonymous cyber group to ensure they reached a specific (and erroneous) conclusion. Alternatively, the cyber group may have been complicit in the deceit. In the most recent cases, unknown individuals demonstrably attempted to insert falsified records onto Alfa Bank’s computer systems designed to create the same impression.

An Alfa Bank spokesperson said: «The anonymous cyber group, which is led according to news accounts by ‘Tea Leaves,’ cannot produce evidence of a link because there never has been one. Alfa Bank believes that it is under attack and has pledged its complete cooperation to U.S. authorities to find out who is behind these malicious attacks and false stories.»