Posts

The Frothy Right’s Redaction-Ray Glasses in Defense of Roger Stone

Update: As Fox first reported and WaPo has written up, the highers up at DOJ have now announced they’re going to change the sentencing guidelines submitted last night. This means they’re arguing that Stone should not have the guidelines sentence submitted by the Probation Office.

As noted yesterday, I think prosecutors larded on upward enhancements in their sentencing memo for Roger Stone — though as Stone’s own sentencing memo makes clear, those enhancements came from the Probation Office.

But in Stone’s argument — and that of his acolyte, Chuck Ross — against those enhancements, they just make shit up, including but not limited to the Mueller Report.

Stone invests much, for example, in a claim that Mueller had access to both Jerome Corsi and Randy Credico (but doesn’t mention that he has repeatedly said he would not cooperate with any investigation, which is precisely the point, and probably one reason prosecutors are asking for a harsh sentence).

As discussed above, the Office of the Special Counsel had access to both Jerome Corsi and Randy Credico, as well as to the communications between Stone and each of them, and found no evidence of any connection to Russia. Stone’s convictions for obstruction of justice and witness tampering should similarly be viewed in the broader context of the investigation. In other words, Stone stands convicted for having sought to conceal information ultimately determined to be of no investigative value. Neither Corsi, nor Credico, nor any of their communications provided any useful information in the investigation into election interference.

Stone’s buddy, Chuck Ross, goes further, utterly misstating the results of various investigations.

Despite Democrats’ and the special counsel’s initial suspicions that Stone conspired with Russia or WikiLeaks, investigators found no evidence that the Trump associate had direct contact with anyone involved in stealing or disseminating Democrats’ emails.

The special counsel’s report said that investigators found no evidence that any Trump associates worked with Russia or WikiLeaks to release Democrats’ emails.

Both are absolutely, brazenly lying about the record.

I guess both stances were necessary to justify Trump’s wails of injustice.

In both the GRU indictment and the Mueller Report, Mueller showed that Stone did have direct contact with someone involved in the dissemination of Democrats’ emails, Guccifer 2.0. And even the unredacted parts of report show that witnesses said Stone had knowledge of emails before they were released and the ultimate transfer of the ones he knew of, the Podesta emails, remained undetermined back in March 2019.

Plus, neither Stone nor Ross have the basis to make such claims, unless they have x-ray vision (and unless Stone violated his protective order by sharing with Ross).

There are significant sections (this is page 57) — which remains redacted for us but which Stone got in unredacted fashion and Judge Amy Berman Jackson reviewed closely in response to Stone’s effort to get the entire report in unredacted fashion — that likely lays out how important it would be to have truthful testimony from Stone.

And there are sections that Stone has not seen in unredacted fashion at all, such the entirety of page 177 (or the ongoing and referred prosecutions, three of which pertain to Stone’s trial).

More amusing still, further claims that Stone makes actually undermine his point. He compares two Senate Intelligence Reports on entirely different subjects to claim his false testimony didn’t harm the House Intelligence Committee’s ability to find the truth.

It is speculation that HPSCI’s Report on Russian Active Measures, released March 22, 2018, is “erroneous.” To the contrary, the “Report of the Select Committee on Intelligence United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election,” Volumes 1 and 2, and the Special Counsel’s “Report on the Investigation Into Russian Interference in the 2016 Presidential Election,” Volumes I and II, made findings consistent with those found in the publicly available, redacted HPSCI Report. In other words, even had Stone testified differently and even had Credico testified before HPSCI, the conclusions drawn in its report would not have been materially different.

Thus, Probation’s claim that the HPSCI Report “lacked valuable information which would have been provided by witnesses who chose not to testify” (PSR ¶77) grossly overstates the importance and significance of Roger Stone (and Randy Credico).

Not only has SSCI not released their report on Trump’s possible coordination with WikiLeaks yet (and it is likely to be shown to have shortcomings when it is finally released), but a report released last week (in time to be cited in this memo) suggests there’s far more we don’t know about both WikiLeaks and Guccifer 2.0.

From there, Stone makes much of where Credico’s testimony shows up in the Mueller Report, without mentioning the significant passages where Corsi’s (still redacted to us) testimony makes clear the big questions remaining about Stone’s role.

In the end, Credico was mentioned on five pages of the Special Counsel’s Report, not mentioned in either volume of the Senate Intelligence Report, and not mentioned at all in the HPSCI Majority Report. He was mentioned on two pages of the HPSCI Minority Report, where they noted that Stone identified Credico to the Committee.

Ultimately, though, as has been true in the past, the specific forms of Stone’s denials are as interesting that he’s making them.

In the end, the investigations yielded no evidence of the involvement of any American with the Russian government or any agent operating on its behalf to interfere in the 2016 election. It is also undisputed that Roger Stone had nothing to do with obtaining the compromised emails or providing them to WikiLeaks.

Just on its face and based off unredacted passages, the first is questionable, as the Mueller investigation provided ample evidence that WikiLeaks served as an agent of Russia, and Stone has obstructed the true nature of his ties to WikiLeaks. Given the uncertainty regarding how the Podesta emails got to WikiLeaks — and Craig Murray’s claims to have been involved in that process with someone telling similar bogus stories to the ones Stone is still telling — it is far from undisputed that Stone had nothing to do with the process. Plus, this trial was not about whether he provided them to WikiLeaks; it was about whether he optimized their release via some cutout.

The Universe of Hacked and Leaked Emails from 2016: Podesta Emails

When Mueller’s team released George Papadopoulos’ plea deal last year, I noted that the initial denials that Papadopoulos had advance warning of the emails the Russians were preparing to hack and leak did not account for the entire universe of emails known to have been stolen. A year and several Mueller indictments later, we still don’t have a complete understanding of what emails were being dealt when. Because that lack of understanding hinders understanding what Mueller might be doing with Roger Stone, I wanted to lay out what we know about four sets of emails. This series will include posts on the following:

  • DNC emails
  • Podesta emails
  • DCCC emails
  • Emails Hillary deleted from her server

The series won’t, however, account for two more sets of emails, anything APT 29 stole when hacking the White House and State Department starting in 2015, or anything released via the several FOIAs of the Hillary emails turned over to the State Department from her home server. It also won’t deal with the following:

  • Emails from two Hillary staffers who had their emails released via dcleaks
  • The emails of other people released by dcleaks, which includes Colin Powell, some local Republican parties (including some 2015 emails Peter Smith sent to the IL Republican party), and others with interests in Ukraine
  • A copy of the Democrats’ analytics program copied on AWS
  • The NGP/VAN file, which was not directly released by Guccifer 2.0, but is central to one of the skeptics’ theories about an alternative source other than Russia

Meuller remains coy about how the Podesta emails were released by WikiLeaks

My post on the DNC emails noted some timing curiosities about when and how the DNC emails got shared with WikiLeaks.

The curiosities about the Podesta emails, however, are far more important for questions about Roger Stone’s knowledge of the process.

As a number of people have observed, while Mueller’s GRU indictment provides extensive details describing how Podesta was hacked and showing that the infrastructure to hack him was used for other parts of the operation, the indictment is far more coy about how the Podesta emails got to WikiLeaks.

In or around 2016, LUKASHEV sent spearphishing emails to members of the Clinton Campaign and affiliated individuals, including the chairman of the Clinton Campaign.

[snip]

For example, on or about March 19, 2016, LUKASHEV and his co-conspirators created and sent a spearphishing email to the chairman of the Clinton Campaign. LUKASHEV used the account “john356gh” at an online service that abbreviated lengthy website addresses (referred to as a “URL-shortening service”). LUKASHEV used the account to mask a link contained in the spearphishing email, which directed the recipient to a GRU-created website. LUKASHEV altered the appearance of the sender email address in order to make it look like the email was a security notification from Google (a technique known as “spoofing”), instructing the user to change his password by clicking the embedded link. Those instructions were followed. On or about March 21, 2016, LUKASHEV, YERMAKOV, and their co-conspirators stole the contents of the chairman’s email account, which consisted of over 50,000 emails.

[snip]

The funds used to pay for the dcleaks.com domain originated from an account at an online cryptocurrency service that the Conspirators also used to fund the lease of a virtual private server registered with the operational email account [email protected]. The dirbinsaabol email account was also used to register the john356gh URL-shortening account used by LUKASHEV to spearphish the Clinton Campaign chairman and other campaign-related individuals.

[snip]

On or about October 7, 2016, Organization 1 released the first set of emails from the chairman of the Clinton Campaign that had been stolen by LUKASHEV and his co-conspirators. Between on or about October 7, 2016 and November 7, 2016, Organization 1 released approximately thirty-three tranches of documents that had been stolen from the chairman of the Clinton Campaign. In total, over 50,000 stolen documents were released.

Mueller’s silence, thus far, about how the Podesta emails got shared with WikiLeaks is intriguing for several reasons, even aside from the fact that (as noted in the last post) the first documents Guccifer 2.0 shared were billed as DNC emails but (as far as have been identified) are actually Podesta ones. Perhaps Mueller doesn’t know how those emails were passed on. Perhaps the sources and methods by which the FBI learned about how they were shared are too sensitive to put in an indictment. Perhaps Mueller has reserved that story for a later indictment.

The August to September timing on receipt of the emails

The publicly known timing is no more clear.

The Roger Stone tweet on which suspicions of advance knowledge of WikiLeaks’ releases rest — warning “Trust me, it will soon [sic] the Podesta’s time in the barrel” — is dated August 21, 2016.

That date is significant, because it’s not at all clear WikiLeaks had the Podesta emails by that point (and if so, may have just obtained them).

Raffi Khatchadourian cites a WikiLeaks staffer saying they received the emails in “late summer” but also points to an August 24 Fox News interview where Assange described processing “a variety of documents, from different types of institutions that are associated with the election campaign,” which doesn’t necessarily narrow down those emails to Podesta’s.

A pattern that was set in June appeared to recur: just before DCLeaks became active with election publications, WikiLeaks began to prepare another tranche of e-mails, this time culled from John Podesta’s Gmail account. “We are working around the clock,” Assange told Fox News in late August. “We have received quite a lot of material.” It is unclear how long Assange had been in possession of the e-mails, but a staffer assigned to the project suggested that he had received them in the late summer: “As soon as we got them, we started working on them, and then we started publishing them. From when we received them to when we published them, it was a real crunch. My only wish is that we had the equivalent from the Republicans.”

As we’ll see later in this series, there was more certainty that by August 24 WikiLeaks had other hacked emails than that they had Podesta’s.

Khatchadourian also notes that the raw files are all dated September 19 and describes Assange “weaponizing” the release of the data a week or two before the files were released starting on October 7.

All of the raw e-mail files that WikiLeaks published from Podesta’s account are dated September 19th, which appears to indicate the day that they were copied or modified for some purpose. Assange told me that in mid-September, a week or two before he began publishing the e-mails, he devised a way to weaponize the information. If his releases followed a predictable pattern, he reasoned, Clinton’s campaign would be able to prepare. So he worked out an algorithm, which he called the Stochastic Terminator, to help staff members select e-mails for each day’s release. He told me that the algorithm was built on a random-number generator, modified by mathematical weights that reflected the pattern of the news cycle in a typical week. By introducing randomness into the process, he hoped to make it impossible for the Clinton war room “to adjust to the problem, to spin, to create antidote news beforehand.”

That timing lines up in interesting ways with the date when retired British diplomat Craig Murray claims he got a handoff of something (he’s never explained precisely what it was, though it sounded like it could be an encryption key) relating to the Podesta emails when he was in DC to attend the Sam Adams Award ceremony on September 25.

All of which suggests significant events relating to the transfer to WikiLeaks and preparation of the Podesta emails happened after the Stone tweet.

Still later, according to a recent WSJ report, Peter Smith indicated that he knew Podesta emails were coming ahead of time (the reporting is not clear whether this was before or after the fact).

The person familiar with Mr. Smith recalled him repeatedly implying that he knew ahead of time about leaks of Mr. Podesta’s emails.

That claim is all the more interesting when you tie it to the email shared with Smith via foldering on October 11, seemingly reflecting happiness about emails already released, which would seem to point to the Podesta emails that started to drop four days earlier.

“[A]n email in the ‘Robert Tyler’ [foldering] account [showing] Mr. Smith obtained $100,000 from at least four financiers as well as a $50,000 contribution from Mr. Smith himself.” The email was dated October 11, 2016 and has the subject line, “Wire Instructions—Clinton Email Reconnaissance Initiative.” It came from someone calling himself “ROB,” describing the funding as supporting “the Washington Scholarship Fund for the Russian students.” The email also notes, “The students are very pleased with the email releases they have seen, and are thrilled with their educational advancement opportunities.”

The email apparently linking the contemporaneous release of the Podesta emails to a future hoped for release of deleted Hillary ones is significant for several reasons. First, it shows that other geriatric rat-fuckers, in addition to Stone, linked the two. The reflection of pleasure with emails on October 11 is significant given that that was the day WikiLeaks released two Podesta emails Smith associate Jerome Corsi and Stone would use to advance an attack on Podesta pertaining to his ties with Joule Unlimited, an attack that the right wing had been pushing since August (and working on since March). The WSJ notes that both Corsi and Charles Ortel (to the latter of whom Stone now ties some of his WikiLeaks claims) were tied to both Smith and Stone, though Stone claims to have been unaware of the Smith effort.

Stone’s three different explanations for his tweet and the import of Joule emails

In this post, I looked in detail at how epically shitty Stone’s current excuse for his August 21 Podesta tweet is. Over time, Stone has basically offered at least three excuses for it.

First he adopted an explanation offered in March 2017 by Jerome Corsi. In that explanation, Corsi basically conflated two efforts: an attack on John Podesta based on his service on the board of Joule Unlimited from 2010 to 2014, and an effort to respond to mid-August reports on Paul Manafort’s corrupt ties to Russia by focusing instead on Tony Podesta.

The Joule attack research was started (per web access dates recorded in this report) two days before Podesta was spearphished, on March 17, and first rolled out publicly in a Steve Bannon-affiliated Government Accountability Insitute report on August 1.  Corsi and Stone resuscitated the attack starting on October 6 (the day before the Podesta emails started coming out), seemingly correctly anticipating the WikiLeaks email releases that Stone and Corsi would use to advance the attack.

The Corsi explanation that Stone once adopted conflated that attack with a report that Corsi did for Stone (starting at PDF 39), which largely projected onto Tony Podesta the corrupt ties to Ukraine and Russia that Paul Manafort had; the report only tangentially focused on John. The date on the Corsi report is August 31, ten days after Stone’s tweet, but Corsi claims he and Stone started it on August 14.

Stone offered a slightly different explanation when he testified under oath to the House Intelligence Committee. There, he generalized the attack on “the Podesta brothers” and attributed his tweet to “early August” discussions about the August 31 Corsi report. In his prepared statement, he made no mention of Joule.

In the wake of Corsi’s interview on September 6 and grand jury appearance on September 21 (in conjunction with which he reportedly shared a bunch of documents that would substantiate when he and Stone were talking about Joule and when about Tony Podesta), Stone changed his tune again, now only admitting publicly for the first time that Charles Ortel forwarded him an email showing James Rosen promising “a massive dump of HRC emails relating to the CF in September,” but also attributing any August 14 interest to something besides Corsi, a Breitbart post that may be this one.

Stone, however, says that the tweet was based on “an August 14th article in Breitbart News by Peter Schweitzer that reported that Tony Podesta was working for the same Ukrainian Political Party that Paul Manafort was being excoriated for,” and that “the Podesta brothers extensive business dealings with the Oligarchs around Putin pertaining to gas, banking and uranium had been detailed in the Panama Papers in April of 2016.”

Stone’s explanations seem to attempt to do three things:

  • Provide non-incriminating explanations for any foreknowledge of WikiLeaks — first pointing to Randy Credico and now to James Rosen
  • Offer explanations for discussions about Podesta that he may presume Mueller has that took place around August 14
  • Shift the focus away from Joule and the remarkable prescience with which the right wing anticipated that WikiLeaks would be able to advance an attack first rolled out on August 1

With that in mind, I find the timeline of Stone’s tweets mentioning either Podesta instructive. It shows Stone never mentioned either brother until August 15 — the day after the first of the stories on Manafort’s Ukraine corruption and after that August 14 date he seems so worried about. That tweet, “@JohnPodesta makes @PaulManafort look like St. Thomas Aquinas Where is the @NewYorkTimes?” may prove as interesting as the August 21 one.

Stone mentioned John Podesta again in that August 21 tweet.

Then he remained silent on Twitter about Clinton’s campaign chairman until the day after the Podesta emails started coming out, whereupon Stone started claiming that Podesta had been money laundering for Russia.

Stone’s first tweet as the Podesta emails dropped pointed back to an earlier Corsi post reporting that the Podesta Group was also under investigation. That same day, he pointed to the Corsi post that seemed to anticipate the Joule attack would be returning. Yet, in an interview done after the release on October 11 of the Podesta emails that both he and Corsi would later rely on to extend the Joule attack, Stone made no mention of those emails or the Joule attack. By the next day, however, Stone was relying on (but not linking) those emails.

In other words, at least as measured by his Twitter feed, Stone was uninterested in the Joule attack when it came out in August. He didn’t mention it at all in his two Podesta tweets that month (nor does he in his currently operative explanation). But he did become interested in the story in advance of the release of emails by WikiLeaks pertaining to the attack.

This is probably a good time to recall that many of the Stone associates Mueller has interviewed did research for Stone, and others had access to his social media accounts. Note that even this selection of his tweets show the use of multiple clients — Twitter Web Client, Tweetdeck, and Twitter for iPhone — that may reflect different people posting from his account.

Stone’s claims about WikiLeaks — and his outreach to Guccifer 2.0 — took place as Manafort started to panic about his own Russian ties

Given some of Stone’s explanations (and his apparent concern with offering some explanation for discussions about Podesta on August 14), I also find it notable the way this timeline overlaps with Manafort’s increasingly desperate efforts to stave off bankruptcy even while working for Trump for “free.” Part of those efforts, of course, involved criminal efforts to hide his ties to Russia in the wake of reporting on those ties in mid-August.

It’s unclear when Manafort knew for sure his ties with Russia would blow up. In the wake of the first WikiLeaks dump on July 27, he got asked about his and Trump’s ties to Russia, a question he struggled with before responding by pointing to Hillary’s deleted emails. In spite of the risk of his own Russian ties, Manafort met on August 2 with Konstantin Kilimnik, talking (among other things) about unpaid bills and the presidential election. Sometime in early August, in advance of the first NYT story substantiating his Russian ties, he was reportedly blackmailed over the secret ledgers of his work with Ukrainian oligarchs.

Remarkably, just as attention to Trump and Manafort’s ties to Russia started becoming an issue, Republicans had that GAI report insinuating a tie between Hillary and Russia all ready to go on August 1. That insinuation went through John Podesta and his ties to Joule. Before laying out that relationship, however, the GAI report suggested there must be more dirt on the topic in the emails Hillary deleted.

More recently, in January, 2015, Podesta became the campaign chairman of Hillary Clinton’s campaign for the 2016 presidential bid.85

During Hillary Clinton’s tenure as Secretary of State, he was in regular contact with her and played an important role in shaping U.S. policy. For one thing, he sat on the State Department’s Foreign Affairs Policy Board, appointed by Hillary. (The board was established in December 2011.)86

The full extent of Podesta’s email communication cannot ultimately be known because Hillary Clinton deleted approximately half of her emails after she left the State Department.

So along with everything else the report did, it built expectations that Hillary’s deleted emails would reveal secret dirt about Russia she was suppressing to win the campaign.

By the time the report came out, we know that Stone was already interested in what WikiLeaks might have, as Charles Ortel BCCed him on an email suggesting that WikiLeaks had Clinton Foundation emails to dump in September in late July.

Then, precisely as the Russian attack on Podesta was rolling out, Stone flip-flopped on his claimed belief about who hacked Hillary Clinton. Between August 1 and August 5, on the same days he was claiming to have dined with Julian Assange when he was instead in Southern California meeting his dark money associates, he started claiming that Guccifer 2.0 was just a hacktivist, not Russians. That stated belief has always been central to his claims not to have conspired with Russia.

In significant part because he flip-flopped publicly, he and Guccifer 2.0 started communicating, first about Stone’s claim that Guccifer 2.0 had nothing to do with Russia, then about Guccifer 2.0 being shut down on Twitter:

August 12: Guccifer 2.0:   thanks that u believe in the real

August 13: Stone: @WL @G2 Outrageous! Clintonistas now nned to censor their critics to rig the upcoming election.

Stone: @DailyCaller Censorship ! Gruciffer2 is a HERO.

August 14: Guccifer 2.0 Here I am! They’ll have to try much harder to block me!

Stone: First #Milo, now Guccifer 2.0 – why are those exposing the truth banned? @RealAlexJones @infowars #FreeMilo

Stone: @poppalinos @RealAlexJones @infowars @GUCCIFER_2 Thank You, SweetJesus. I’ve prayed for it.

That’s when Stone moved their conversations to DM.

That conversation, including Guccifer 2.0’s question whether Stone found “anything interesting in the docs I posted?” (which, in public context at least, would refer to some DCCC documents Guccifer had posted on WordPress on August 12) took place even as Stone was continuing to speak about knowing what was in the next WikiLeaks dump and as he responded badly to his childhood friend becoming the target of NYT’s attention on August 14.

As noted, Stone seems to be struggling to answer why he was discussing John Podesta on August 14.

To be sure, Stone was talking to Corsi on August 14 or 15. On August 15, Corsi published an interview with Stone, in which he claimed to have been badly hacked and described what he expected would come next from WikiLeaks.

But nothing in the interview mentions Podesta.

Stone’s descriptions of what WikiLeaks might dump next in that interview could reflect the BCCed James Rosen email reporting that WikiLeaks would dump Clinton Foundation documents in September, but the information he laid out went far beyond that email (and promised an October surprise, not a September dump).

“In the next series of emails Assange plans to release, I have reason to believe the Clinton Foundation scandals will surface to keep Bill and Hillary from returning to the White House,” he said.

[snip]

In a speech Southwest Broward Republican Organization in Florida, published Aug. 9 by David Brock’s left-wing website Media Matters, Stone said he had “communicated with Assange.”

“I believe the next tranche of his documents pertain to the Clinton Foundation, but there is no telling what the October surprise may be,” he said.

Stone told WND that Assange “plans to drop at various strategic points in the presidential campaigns Hillary Clinton emails involving the Clinton Foundation that have yet to surface publically.”

“Assange claims the emails contain enough damaging information to put Hillary Clinton in jail for selling State Department ‘official acts’ in exchange for contributions to the Clinton Foundation and as a reward for Clinton Foundation donors becoming clients of Teneo, the consulting firm established by Bill Clinton’s White House ‘body man’ Doug Band,” he said.

That same day, August 15, is the first time Stone ever mentioned Podesta on Twitter.

Stone claims (and claimed, in sworn testimony) that his focus on John Podesta was a response to the allegations against Manafort. That makes the confluence of all these events all the more interesting.

Corsi’s lawyer claims he avoided criminal liability

As noted above, Jerome Corsi has explained what he knows of all this in a September 21 grand jury appearance, a grand jury appearance that Mueller seems to have been working towards since having Ted Malloch questioned way back in March.

In advance of that testimony, Corsi’s attorney David Grey seemed to suggest that Corsi declined to participate in certain activities involving Stone that might have exposed him to criminal liability.

Gray said he was confident that Corsi has done nothing wrong. “Jerry Corsi made decisions that he would not take actions that would give him criminal liability,” he added, declining to elaborate.

Asked if Corsi had opportunities to take such actions, Gray said, “I wouldn’t say he was offered those opportunities. I would say he had communications with Roger Stone. We’ll supply those communications and be cooperative. My client didn’t act further that would give rise to any criminal liability.”

But Mueller is apparently now chasing down Corsi’s associates.

FBI agents have recently been seeking to interview Corsi’s associates, according to the person.

One other key player in the Podesta hand-off conflated the Podesta brothers

The close ties between how Stone focused on both Podesta brothers in response to the public allegations against Manafort is interesting for another reason.

Former Ambassador Craig Murray, the only one not denying some role in the handoff of the Podesta emails (again, he has said he didn’t get the emails themselves, which he believed were already with WikiLeaks, but something associated with them).

Murray told Scott Horton that his source had obtained whatever he received from a figure in American national security with legal access to the information.

[H]e says “The material was already, I think, safely with WikiLeaks before I got there in September,” though other outlets have suggested (with maps included!) that’s when the hand-off happened. In that account, Murray admits he did not meet with the person with legal access; he instead met with an intermediary.

But the explanation of his source’s legal access and motivation not only doesn’t make sense, but seems to parrot what Stone was saying at the time.

I also want you to consider that John Podesta was a paid lobbyist for the Saudi government — that’s open and declared, it’s not secret or a leak in a sense. John Podesta was paid a very substantial sum every month by the Saudi government to lobby for their interests in Washington. And if the American security services were not watching the communications of the Saudi government paid lobbyist then the American intelligence services would not be doing their job. Of course it’s also true that the Saudis’ man, the Saudis’ lobbyist in Washington, his communications are going to be of interest to a great many other intelligence services as well.

As Stone did, this conflates John and Tony. It wrongly suggests that US national security officials would be collecting all of Tony Podesta’s emails, or that collecting on Tony would obtain all of John’s emails. All the more interesting, this conflation would have come in a period when Manafort’s lifelong buddy, Stone, was trying to distract attention from Manafort’s own corruption — which included telling Tony not to disclose the influence-peddling he had done for Manafort in the legally required manner — by projecting Manafort’s corruption onto Tony.

One more point about Murray. Murray has ties (including through the Sam Adams Association the awards ceremony for which he was in DC attending) to NSA whistleblowers Bill Binney (Murray received the award in 2005 and Binney received it in 2015) and Kirk Wiebe. This claim that US law enforcement would collect everything (including Hillary’s deleted emails) is the kind of line that Binney was pushing at the time, including to Andrew Napolitano, who was CCed on the email Stone received about WikiLeaks’ plans in July. Napolitano is one of the people who has championed that Binney line about the hack.

In other words, it’s not just that Murray was telling a similar story as Stone, even though they’re politically very different people. It’s that he was not that distant from the network of Republicans talking about what WikiLeaks might have had.

Update: Emma Best just wrote up something she’s been tracking for some time: there are four different numbers on how many Podesta mails there are.

WikiLeaks’ own data gives us five different totals for the number of Podesta emails:

  1. 50,866
  2. 57,153
  3. 58,660
  4. 59,258
  5. 59,188

The two most authoritative answers to the question come from WikiLeaks and the Special Counsel’s office, and both indicate that the total exceeded 50,000. While WikiLeaks’ stated there were “well over 50,000” emails, the Special Counsel’s indictment simply said that “over 50,000 stolen documents were released.” Since “documents” can be construed to include both the emails and their various attachments, the SC’s total is even more vague and less definitive than WikiLeaks’.

Ultimately, he best answer to the question of how many Podesta emails there are appears to be 59,188.

This raises the possibility that Stone or Corsi saw copies that WikiLeaks didn’t publish. Mueller’s distinction between how many emails were stolen and how many released suggests FBI may know what WikiLeaks chose not to public, if in fact they did.

Timeline

July 18-21: Stone meets Nigel Farage while at RNC

July 25: Stone gets BCCed on an email from Charles Ortel that shows James Rosen reporting “a massive dump of HRC emails relating to the CF in September;” Stone now claims this explains his reference to a journalist go-between

July 27: Paul Manafort struggles while denying ties to Russia, instead pointing to Hillary’s home server

July 31: GAI report on From Russia with Money claiming Viktor Vekselberg’s Skolkovo reflects untoward ties; it hints that a greater John Podesta role would be revealed in her deleted emails and claims he did  not properly disclose role on Joule board when joining Obama Administration

August 1: Steve Bannon and Peter Schweitzer publish a Breitbart version of the GAI report

August 1: Stone NYC > LA

August 2: Manafort and Konstantin Kilimnik meet in the Grand Havana Room in Jared’s 666 Park Avenue and “talked about bills unpaid by our clients, about [the] overall situation in Ukraine . . . and about the current news,” including the presidential campaign

August 2, 2016: Stone dines with dark money funder, John Powers Middleton in West Hollywood

August 3 and 4: Manafort obtains the bio of Steve Calk, from whom he was getting a $16 million mortgage in tacit exchange for a role in the Trump administration

August 3: Stone claims to Sam Nunberg to have dined with Assange

August 3-4: Stone takes a red-eye from LAX to Miami

August 4: Stone flip-flops on whether the Russians or a 400 pound hacker are behind the DNC hack and also tells Sam Nunberg he dined with Julian Assange; first tweet in the fall StopTheSteal campaign

August 5: Trump names Calk to his advisory committee

August 5: Stone column in Breitbart claiming Guccifer 2.0 is individual hacker

August 7: Stone starts complaining about a “rigged” election, claims that Nigel Farage had told him Brexit had been similarly rigged

August 8: Stone tells Broward Republicans he has communicated with Assange, expects next tranche to pertain to Clinton Foundation

August 10: Manafort tells his tax preparer that he would get $2.4 million in earned income collectable from work in Ukraine in November

August 10: Stone asserts that Hillary’s deleted emails will be coming out

Early August: Manafort gets blackmail threat pertaining to secret ledgers

August 12: Guccifer 2.0 publicly tweets Stone

August 13: Stone claims to have been hacked

August 14: NYT publishes story on secret ledgers

August 14: Stone DMs Guccifer 2.0

August 14: Corsi claims to have started research on response to NYT story

August 14: Breitbart piece suggesting NYT was ignoring Hillary’s own ties to Russia; this may be Stone’s latest explanation for interest in Podesta on that date

August 15: Manafort and Gates lie to the AP about their undisclosed lobbying, locking in claims they would make under oath later that fall

August 15: In first tweet mentioning John Podesta, Stone claims John Podesta “makes Paul Manafort look like St. Thomas Aquinas”

August 15: Corsi reports Stone’s prediction that WikiLeaks will release deleted Hillary emails (also reports on claimed hack)

August 17: AP publishes story on Manafort’s unreported Ukraine lobbying, describing Podesta Group’s role at length

August 17: Trump adds Steve Bannon and Kellyanne Conaway to campaign leadership team (Manafort’s daughter claims he hired them)

August 19: Manafort resigns from campaign

August 21: Stone tweets it will soon be Podesta’s time on the barrel

August 26: Rebekka Mercer asks Alexander Nix whether Cambridge Analytica or GAI could better organize the leaked Hillary emails

September 12: Following further reporting in the Kyiv Post, Konstantin Kilimnik contacts Alex Van der Zwaan in attempt to hide money laundering to Skadden Arps

September 28: Corsi post (later linked on Twitter by Stone) noting that Podesta Group also under investigation

October 6: Corsi repeats the Joule/GAI claims

October 11: Release of Podesta email allegedly backing Joule story (December 31, 2013 resignation letter, January 7, 2014 severance letters)

October 11: Foldering email among Peter Smith operatives that may included coded satisfaction with emails released thus far

October 12: Roger Stone interview with the Daily Caller responding to Podesta’s allegations he knew of release in advance, which makes no mention of Joule attack

October 13: In response to accusations he knew of Podesta emails in advance, Stone repeats Joule story falsely claiming this WikiLeaks email, released October 11, substantiates it; Corsi also posts a story on Joule, like Stone not linking to the underlying WikiLeaks emails

October 17: Corsi post that actually links the WikiLeaks releases relied on in his and Stone’s October 13 posts

October 30: Additional Joule letter (including actual transfer signatures) released

October 31: Additional Joule letter released

November 1: Additional Joule letter released

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

How the DNC Hack Skeptics’ Dominant Theory Sinks Stone

I’ve been thinking about something since I wrote this piece on Roger Stone’s Swiss cheese denials of conspiring with Guccifer 2.0 or Wikileaks on the hack-and-leak. As I laid out, Stone’s denial consists of two tactics: he admits he spoke with Guccifer 2.0 at a time he believed him to have done the hack but notes that that happened after (he claims six weeks, but it was really three) the documents already started coming out. And he denies knowing anything in advance about Wikileaks, which wouldn’t be a problem anyway, he says, because there’s no evidence Wikileaks is a Russian asset.

Effectively, that puts Stone’s involvement after the undeniably criminal act — the hack of the DNC and puts the rest into simple general foreknowledge of Wikileaks’ plan.

As I noted in my first post on Stone’s non-denials, that doesn’t address the possibility he was involved in the Peter Smith led rat-fuck negotiations with Russian hackers to find Hillary’s deleted emails.

But there’s one other problem with it.

According to the public record, Guccifer 2.0 first spoke with Stone on August 12 (though in his statement to Congress, he fudged that date interestingly and claimed the first contact — perhaps meaning DM — was August 14). While that post-dates all known hacking, it pre-dates at least one and possibly several key dates on the leak part of the operation. As Raffi Khatchadourian lays out, Wikileaks may have obtained the John Podesta emails around this time.

A pattern that was set in June appeared to recur: just before DCLeaks became active with election publications, WikiLeaks began to prepare another tranche of e-mails, this time culled from John Podesta’s Gmail account. “We are working around the clock,” Assange told Fox News in late August. “We have received quite a lot of material.” It is unclear how long Assange had been in possession of the e-mails, but a staffer assigned to the project suggested that he had received them in the late summer: “As soon as we got them, we started working on them, and then we started publishing them. From when we received them to when we published them, it was a real crunch. My only wish is that we had the equivalent from the Republicans.”

All of the raw e-mail files that WikiLeaks published from Podesta’s account are dated September 19th, which appears to indicate the day that they were copied or modified for some purpose.

Indeed, Stone’s “Podesta time in the barrel” comment, which Chuck Todd noted addressed Tony but not John Podesta, may even have preceded Wikileaks’ receipt of the emails.

But Stone’s discussions with Guccifer 2.0 undeniably precede an event that, at least according to the skeptics’ theory, necessarily precedes the publication of Podesta’s emails. That’s Craig Murray obtaining … something from someone while he was in the US for the Sam Adams Award on September 25. He has said he didn’t obtain the documents, but it might be a key or something.

That still doesn’t, by itself, make Stone’s conduct criminal. But it does mean his timeline is not exonerating.

Why Was Manafort FISA Tapped Rather than Criminal Tapped?

Congratulations to Donald Trump, who may have finally figured out how to prove his March 4 claim that there was a “tapp” on Trump Tower — by continuing to speak to Paul Manafort after FBI got a second FISA wiretap on him, at least according to the CNN’s report on the tap.

US investigators wiretapped former Trump campaign chairman Paul Manafort under secret court orders before and after the election, sources tell CNN, an extraordinary step involving a high-ranking campaign official now at the center of the Russia meddling probe.

The government snooping continued into early this year, including a period when Manafort was known to talk to President Donald Trump.

[snip]

The conversations between Manafort and Trump continued after the President took office, long after the FBI investigation into Manafort was publicly known, the sources told CNN. They went on until lawyers for the President and Manafort insisted that they stop, according to the sources.

It’s unclear whether Trump himself was picked up on the surveillance.

I mean, if you’re dumb enough to talk to a guy under active investigation, you should expect to be tapped. Trump should know this from his NY mobster buddies.

The CNN report — by the same team that last month revealed Carter Page had actually been wiretapped going back to 2014, too — is maddeningly vague about the dates of all this. Manafort was first targeted under FISA for his (and associated consulting companies, probably including Tony Podesta) Ukrainian influence peddling in 2014. Then the order lapsed, only to have a new one, possibly last fall, approved in association with the Trump investigation.

A secret order authorized by the court that handles the Foreign Intelligence Surveillance Act (FISA) began after Manafort became the subject of an FBI investigation that began in 2014. It centered on work done by a group of Washington consulting firms for Ukraine’s former ruling party, the sources told CNN.

The surveillance was discontinued at some point last year for lack of evidence, according to one of the sources.

The FBI then restarted the surveillance after obtaining a new FISA warrant that extended at least into early this year.

[snip]

The FBI interest deepened last fall because of intercepted communications between Manafort and suspected Russian operatives, and among the Russians themselves, that reignited their interest in Manafort, the sources told CNN. As part of the FISA warrant, CNN has learned that earlier this year, the FBI conducted a search of a storage facility belonging to Manafort. It’s not known what they found.

The gap would presumably have excluded June, given that Mueller reportedly didn’t learn about the June 9 meeting until the usual suspects started turning over records on it (though I may come back to that).

The report of a fall wiretap, based in part on intercepts of Russians, would put it well beyond the time Manafort got booted from the campaign (and might be consistent with the reporting of an earlier application followed by ultimate approval in the fall). The mention of a search of a storage facility suggests that Manafort would have been targeted under both 1805 (data in motion) and 1824 (data at rest, plus physical search like that used with the storage facility).

Here’s some relevant information from last year’s FISC and I Con the Record transparency numbers.

For the same authorities (1805, 1824, 1805/1824, and 1881c), the FISA Court, which uses different and in most cases more informative counting metrics, reports 1,220 orders granted, 313 orders modified, and 26 orders denied in part (which add up to I Con the Record’s 1,559), plus 8 orders denied, which I Con the Record doesn’t mention.

As an improvement this year, I Con the Record has broken down how many of these targets are US persons or not, showing it to be 19.9%. That means the vast majority of targeted FISA orders are targeted at people like Sergey Kislyak, the Russian Ambassador all of Trump’s people talked to.

This is the target number for the original report, not the order number, and it is an estimate (which is curious). This means at least 28 orders target multiple people. Neither ICTR nor FISC reveals how many US persons were approved for 705b, meaning they were spied on when they went overseas.

I include this, especially the FISC numbers (the top ones), to show that for the category that Manafort would have been targeted under, the court outright rejected 8 applications, denied in part — perhaps by approving only some of the facilities in the application — 18, and modified — which can often be minimization procedures — 260. Note, too, that among all the individual orders approved last year, roughly 336 were targeted at Americans like Manafort and Page. I assume there would be more minimization procedures on those targeting Americans, especially those who hang out with political candidates or the President.

All of which is my way of saying that for Manafort, in particular, the FBI may have had to use some kind of clean team to separate the political items from the foreign intelligence ones. The members of Congress that are the most likely sources for this story probably would have known that too, but it wouldn’t serve the point of the leak as well if that detail were included.

One more point.

The CNN piece is clear: FBI had a FISA order targeting Manafort (and probably others, probably the same ones who’ve been asked to testify, including Tony Podesta’s group), then let it lapse. They then got an order focused on election-related issues.

By the point they got the election-related FISA, the FBI was very deep into their investigation of Manafort for money laundering (and in NY, where FBI agents are notoriously gabby).

But at least given all the public reporting thus far, there have been no reported criminal warrants against Manafort, at least not before the no-knock search in VA this summer.

Which is odd, because they sure seem to have probable cause against him for crimes, as well. If Manafort were targeted by a criminal warrant, it’s nowhere near as clear that any minimization would be overseen by a court. That is, it might be more likely that Trump would get picked up in his rash conversations with someone known to be under investigation if that person were targeted with a criminal warrant than if he were targeted under FISA.

One, final, point. Craig Murray, who ferried something (though not emails) to Julian Assange in September 2016 claimed the emails had been picked obtained by American National Security types wiretapping [John] Podesta because of the Podesta Group’s lobbying for Saudi Arabia. As I noted at the time, that didn’t make any sense, partly because Tony would have been the target, not John, but also the FBI wouldn’t be all that interested in lobbying for Saudi Arabia.

Murray claimed the documents came from someone in the national security establishment, and implied they had come from legal monitoring of John Podesta because he (meaning John) is a lobbyist for Saudi Arabia.

Again, the key point to remember, in answering that question, is that the DNC leak and the Podesta leak are two different things and the answer is very probably not going to be the same in both cases. I also want you to consider that John Podesta was a paid lobbyist for the Saudi government — that’s open and declared, it’s not secret or a leak in a sense. John Podesta was paid a very substantial sum every month by the Saudi government to lobby for their interests in Washington. And if the American security services were not watching the communications of the Saudi government paid lobbyist then the American intelligence services would not be doing their job. Of course it’s also true that the Saudis’ man, the Saudis’ lobbyist in Washington, his communications are going to be of interest to a great many other intelligence services as well.

As a threshold matter, no national security agency is going to monitor an American registered to work as an agent for the Saudis. That’s all the more true if the agent has the last name Podesta.

But that brings us to another problem. John Podesta isn’t the lobbyist here. His brother Tony is. So even assuming the FBI was collecting all the emails of registered agent for the Saudis, Tony Podesta, even assuming someone in national security wanted to blow that collection by revealing it via Wikileaks, they would pick up just a tiny fraction of John Podesta’s emails. So this doesn’t explain the source of the emails at all.

They would — and apparently were — interested in tapping all the corrupt people working with corrupt Ukrainians, including Manafort and, maybe, Tony (but not John).

This in no way confirms Murray’s explanation — his story still makes no sense for the reasons I laid out when I first wrote the post. But I find it particularly interesting that Tony Podesta may well have been wiretapped along with Manafort, for his Ukrainian influence peddling, not his Saudi influence peddling, earlier in the year last year.

John Sipher’s Garbage Post Arguing the Steele Dossier Isn’t Garbage

I generally find former CIA officer John Sipher’s work rigorous and interesting, if not always persuasive. Which is why I find the shoddiness of this post — arguing, just as Republicans in Congress and litigious Russians start to uncover information about the Christopher Steele dossier, that the dossier is not garbage  — so telling.

I don’t think the Steele dossier is garbage.

But neither do I think it supports the claim that it predicted a lot of information we’ve found since, something Sipher goes to great pains to argue. And there are far more problems with the dossier and its production than Sipher, who claims to be offering his wisdom about how to interpret raw intelligence, lets on. So the dossier isn’t garbage (though the story behind its production may well be). But Sipher’s post is. And given that it appears to be such a desperate — and frankly, unnecessary — attempt to reclaim the credibility of the dossier, it raises questions about why he feels the need.

Making and claiming accuracy for a narrative out of raw intelligence

Sipher’s project appears to be taking what he admits is raw intelligence and providing a narrative that he says we should continue to use to understand Trump’s Russian ties.

Close to the beginning of his piece, Sipher emphasizes that the dossier is not a finished intelligence report, but raw intelligence; he blames the media for not understanding the difference.

I spent almost thirty years producing what CIA calls “raw reporting” from human agents.  At heart, this is what Orbis did.  They were not producing finished analysis, but were passing on to a client distilled reporting that they had obtained in response to specific questions.  The difference is crucial, for it is the one that American journalists routinely fail to understand.

[snip]

Mr. Steele’s product is not a report delivered with a bow at the end of an investigation.  Instead, it is a series of contemporaneous raw reports that do not have the benefit of hindsight.

Sipher explains that you need analysts to make sense of these raw reports.

The onus for sorting out the veracity and for putting the reporting in context against other reporting – which may confirm or deny the new report – rests with the intelligence community’s professional analytic cadre.

He then steps into that role, an old clandestine services guy doing the work of the analysts. The result, he says, is a narrative he says we should still use — even in the wake of eight months of aggressive reporting since the dossier came out — in trying to understand what went on with the election.

As a result, they offer an overarching framework for what might have happened based on individuals on the Russian side who claimed to have insight into Moscow’s goals and operational tactics.  Until we have another more credible narrative, we should do all we can to examine closely and confirm or dispute the reports.

[snip]

Looking at new information through the framework outlined in the Steele document is not a bad place to start.

How to read a dossier

One thing Sipher aspires to do — something that would have been enormously helpful back in January — is explain how an intelligence professional converts those raw intelligence reports into a coherent report. He describes the first thing you do is source validation.

In the intelligence world, we always begin with source validation, focusing on what intelligence professionals call “the chain of acquisition.”  In this case we would look for detailed information on (in this order) Orbis, Steele, his means of collection (e.g., who was working for him in collecting information), his sources, their sub-sources (witting or unwitting), and the actual people, organizations and issues being reported on.

He goes to great lengths to explain how credible Steele is, noting even that he “was the President of the Cambridge Union at university.” I don’t dispute that Steele is, by all accounts, an accomplished intelligence pro.

But Sipher unwisely invests a great deal of weight into the fact that the FBI sought to work with Steele.

The fact that the FBI reportedly sought to work with him and to pay him to develop additional information on the sources suggest that at least some of them were worth taking seriously.  At the very least, the FBI will be able to validate the credibility of the sources, and therefore better judge the information.  As one recently retired senior intelligence officer with deep experience in espionage investigations quipped, “I assign more credence to the Steele report knowing that the FBI paid him for his research.  From my experience, there is nobody more miserly than the FBI.  If they were willing to pay Mr. Steele, they must have seen something of real value.”

This is flat-out dumb for two reasons. First, it is one of the things the GOP has used to discredit the dossier and prosecution — complaining (rightly) that the FBI was using a document designed as opposition research, possibly even to apply for a FISA warrant. If the FBI did that, I’m troubled by it.

More importantly, the actual facts about whether FBI did pay Steele are very much in dispute, with three different versions in the public record and Chuck Grassley claiming the FBI has been giving conflicting details about what happened (it’s likely that FBI paid Steele’s travel to the US but not for the dossier itself).

WaPo reported that Steele had reached a verbal agreement that the FBI would pay him to continue his investigation of Russia’s involvement with Trump after still unnamed Democrats stopped paying him after the election. CNN then reported that FBI actually had paid Steele for his expenses. Finally, NBC reported Steele backed out of the deal before it was finalized.

If the FBI planned to pay Steele, but got cold feet after Steele briefed David Corn for a piece that made explicit reference to the dossier, it suggests FBI may have decided the dossier was too clearly partisan for its continued use. In any case, citing a “recently retired senior intelligence officer” claiming the FBI did pay Steele should either be accompanied by a “BREAKING, confirming the detail no one else has been able to!” tag, or should include a caveat that the record doesn’t affirmatively support that claim.

After vouching for Steele (again, I don’t dispute Steele’s credentials), Sipher lays out the other things that need to happen to properly vet raw intelligence, which he claims we can’t do.

The biggest problem with confirming the details of the Steele “dossier” is obvious: we do not know his sources, other than via the short descriptions in the reports.  In CIA’s clandestine service, we spent by far the bulk of our work finding, recruiting and validating sources.  Before we would ever consider disseminating an intelligence report, we would move heaven and earth to understand the access, reliability, trustworthiness, motivation and dependability of our source.  We believe it is critical to validate the source before we can validate the reliability of the source’s information.  How does the source know about what he/she is reporting?  How did the source get the information?  Who are his/her sub-sources?  What do we know about the sub-sources?  Why is the source sharing the information?  Is the source a serious person who has taken appropriate measures to protect their efforts?

The thing is, we actually know answers to two of these questions. First, Steele’s sources shared the information (at least in part) because they were paid. [Update, 11/15: According to CNN, Glenn Simpson testified that Steele did not pay his sources. That somewhat conflicts with suggestions made by Mike Morell, who said Steele paid intermediaries who paid his sources, but Simpson’s testimony may simply be a cute legal parse.] That’s totally normal for spying, of course, but if Sipher aspires to explain to us how to assess the dossier, he needs to admit that money changes hands and that’s just the way things are done (again, that’s all the more important given that it’s one of the bases the GOP is using to discredit the report).

More importantly, Sipher should note that Steele worked one step removed — from London, rather than from Moscow — than an intelligence officer otherwise might. The reports may still be great, but that additional step introduces more uncertainty into the validation. It’s all the more important that Sipher address these two issues, because they’re the ones the GOP has been and will continue to use to discredit the dossier.

Ultimately, though, in his section on vetting the document, Sipher doesn’t deal with some key questions about the dossier. Way at the end of his piece, he questions whether we’re looking at the entire dossier.

We also don’t know if the 35 pages leaked by BuzzFeed is the entirety of the dossier.  I suspect not.

He doesn’t raise two other key questions about the provenance of the dossier we’ve been given, some of which I laid out when the dossier came out when I also noted that the numbering of the dossier by itself makes it clear it’s not the complete dossier. Importantly: is the copy of the dossier leaked to BuzzFeed an unaltered copy of what Steele delivered to Fusion, in spite of the weird textual artifacts in it? And how and why did the dossier get leaked to BuzzFeed, which Steele has told us was not one of the six outlets that he briefed on its contents.

Finally, Sipher includes the obligation to “openly acknowledge the gaps in understanding” outside of the section on vetting, which is telling given that he notes only a few of the obvious gaps in this dossier.

Sipher claims the dossier predicted what wasn’t known

So there are a lot of aspects of vetting Sipher doesn’t do, whether or not he has the ability to. But having done the vetting of checking Steele’s college extracurricular record, he declares the dossier has proven to be “stunningly accurate.”

Did any of the activities reported happen as predicted?

To a large extent, yes.

The most obvious occurrence that could not have been known to Orbis in June 2016, but shines bright in retrospect is the fact that Russia undertook a coordinated and massive effort to disrupt the 2016 U.S. election to help Donald Trump, as the U.S. intelligence community itself later concluded.  Well before any public knowledge of these events, the Orbis report identified multiple elements of the Russian operation including a cyber campaign, leaked documents related to Hillary Clinton, and meetings with Paul Manafort and other Trump affiliates to discuss the receipt of stolen documents.  Mr. Steele could not have known that the Russians stole information on Hillary Clinton, or that they were considering means to weaponize them in the U.S. election, all of which turned out to be stunningly accurate.

Now as I said above, I don’t believe the dossier is junk. But this defense of the dossier, specifically as formulated here, is junk. Central to Sipher’s proof that Steele’s dossier bears out are these claims:

  • Russia undertook a coordinated and massive effort to disrupt the 2016 U.S. election to help Donald Trump
  • The Orbis report identified multiple elements of the Russian operation including
    • A cyber campaign
    • Leaked documents related to Hillary Clinton
    • Meetings with Paul Manafort and other Trump affiliates to discuss the receipt of stolen documents

As I’ll show, these claims are, with limited exceptions, not actually what the dossier shows. Far later into the dossier, the reason Sipher frames it this way is clear. He’s taking validation from recent details about the June 9, 2016 meeting.

Of course, to determine if collusion occurred as alleged in the dossier, we would have to know if the Trump campaign continued to meet with Russian representatives subsequent to the June meeting.

The Steele dossier was way behind contemporary reporting on the hack-and-leak campaign

I consider the dossier strongest in its reports on early ties between Trump associates and Russians, as I’ll lay out below. But one area where it is — I believe this is the technical term — a shit-show is the section claiming the report predicted Russia’s hacking campaign.

Here’s how Sipher substantiates that claim.

By late fall 2016, the Orbis team reported that a Russian-supported company had been “using botnets and porn traffic to transmit viruses, plant bugs, steal data and conduct ‘altering operations’ against the Democratic Party leadership.” Hackers recruited by the FSB under duress were involved in the operations. According to the report, Carter Page insisted that payments be made quickly and discreetly, and that cyber operators should go to ground and cover their tracks.

[snip]

Consider, in addition, the Orbis report saying that Russia was utilizing hackers to influence voters and referring to payments to “hackers who had worked in Europe under Kremlin direction against the Clinton campaign.” A January 2017 Stanford study found that “fabricated stories favoring Donald Trump were shared a total of 30 million times, nearly quadruple the number of pro-Hillary Clinton shares leading up to the election.”  Also, in November, researchers at Oxford University published a report based on analysis of 19.4 million Twitter posts from early November prior to the election.  The report found that an “automated army of pro-Trump chatbots overwhelmed Clinton bots five to one in the days leading up to the presidential election.”  In March 2017, former FBI agent Clint Watts told Congress about websites involved in the Russian disinformation campaign “some of which mysteriously operate from Eastern Europe and are curiously led by pro-Russian editors of unknown financing.”

The Orbis report also refers specifically to the aim of the Russian influence campaign “to swing supporters of Bernie Sanders away from Hillary Clinton and across to Trump,” based on information given to Steele in early August 2016. It was not until March 2017, however, that former director of the National Security Agency, retired Gen. Keith Alexander in Senate testimony said of the Russian influence campaign, “what they were trying to do is to drive a wedge within the Democratic Party between the Clinton group and the Sanders group.”

Here’s what the dossier actually shows about both kompromat on Hillary and hacking.

June 20: In the first report, issued 6 days after the DNC announced it had been hacked by Russia, and 5 days after Guccifer 2.0 said he had sent stolen documents to WikiLeaks, the dossier spoke of kompromat on Hillary, clearly described as years old wiretaps from when she was visiting Russia. While the report conflicts internally, one part of it said it had not been distributed abroad. As I note in this post, if true, that would mean the documents Natalia Veselnitsaka shared with Trump folks on June 9 was not the kompromat in question.

July 19: After Guccifer 2.0 had released 7 posts, most with documents, and after extended reporting concluding that he was a Russian front, the second report discussed kompromat — still seemingly meaning that dated FSB dossier — as if it were prospective.

July 26: Four days after WikiLeaks released DNC emails first promised in mid-June, Steele submitted a report claiming that Russian state hackers had had “only limited success in penetrating the ‘first tier’ of foreign targets. These comprised western (especially G7 and NATO) governments, security and intelligence services and central banks, and the IFIs.” There had been public reports of FSB-associated APT 29’s hacking of such targets since at least July 2015, and public reporting on their campaigns that should have been identified when DNC did a Google search in response to FBI’s warnings in September 2015. It’s stunning anyone involved in intelligence would claim Russia hadn’t had some success penetrating those first tier targets.

Report 095: An undated report, probably dating sometime between July 26 and July 30, did state that a Trump associate admitted Russia was behind WikiLeaks release of emails, something that had been widely understood for well over a month.

July 30: A few weeks before WikiLeaks reportedly got the second tranche of (Podesta) emails, a report states that Russia is worried that the email hacking operation is spiraling out of control so “it is unlikely that these [operations] would be ratcheted up.”

August 5: A report says Dmitry Peskov, who is reportedly in charge of the campaign, is “scared shitless” about being scapegoated for it.

August 10: Just days before WikiLeaks purportedly got the Podesta tranche of emails, a report says Sergei Ivanov said “Russians would not risk their position for the time being with new leaked material, even to a third party like WikiLeaks.”

August 10: Months after a contentious primary and over two weeks after Debbie Wasserman Schultz’s resignation during the convention (purportedly because of DNC’s preference for Hillary), a report cites an ethnic Russian associate of Russian US presidential candidate Donald TRUMP campaign insider, not a Russian, saying the email leaks were designed to “swing supporters of Bernie SANDERS and away from Hillary CLINTON and across to TRUMP.” It attributes that plan to Carter Page, but does not claim any Russian government involvement in that strategy. Nor would it take a genius for anyone involved in American politics to pursue such a strategy.

August 22: A report on Manafort’s “demise” doesn’t mention emails or any kompromat.

September 14: Three months after Guccifer 2.0 first appeared, the dossier for the first time treated the Russians’ kompromat as the emails, stating that more might be released in late September. That might coincide with Craig Murray’s reported contact with a go-between (Murray has been very clear he did not ferry the emails themselves though he did have some contact in late September).

October 12: A week after the Podesta emails first started appearing, a report states that “a stream of further hacked CLINTON materials already had been injected by the Kremlin into compliant media outlets like Wikileaks, which remained at least “plausibly deniable”, so the stream of these would continue through October and up to the election, something Julian Assange had made pretty clear. See this report for more.

October 18, 19, 19: Three reports produced in quick succession describe Michael Cohen’s role in covering up the Trump-Russia mess, without making any explicit (unredacted) mention of emails. See this post on that timing.

December 13: A virgin birth report produced as the US intelligence community scrambled to put together the case against Russia for the first time ties Cohen to the emails in unredacted form).

What the timeline of the hacking allegations in the Steele dossier (and therefore also “predictions” about leaked documents) reveal is not that his sources predicted the hack-and-leak campaign, but on the contrary, he and his sources were unbelievably behind in their understanding of Russian hacking and the campaign generally (or his Russian sources were planting outright disinformation). Someone wanting to learn about the campaign would be better off simply hanging out on Twitter or reading the many security reports issued on the hack in real time.

Perhaps Sipher wants to cover this over when he claims that, “The Russian effort was aggressive over the summer months, but seemed to back off and go into cover-up mode following the Access Hollywood revelations and the Obama Administration’s acknowledgement of Russian interference in the fall, realizing they might have gone too far and possibly benefitted Ms. Clinton.” Sure, that’s sort of (though not entirely) what the dossier described. But the reality is that WikiLeaks was dropping new Podesta emails every day, Guccifer 2.0 was parroting Russian (and Republican) themes about a rigged election, and Obama was making the first ever cyber “red phone” call to Moscow because of Russia’s continued probes of the election infrastructure (part of the Russian effort about which both the dossier and Sipher’s post are silent).

The quotes Sipher uses to defend his claim are even worse. The first passage includes two clear errors. The report in question was actually the December 13 one, not “late fall 2016” one. And the Trump associate who agreed (in the alleged August meeting in Prague, anticipating that Hillary might win) to making quick payments to hackers was Michael Cohen, not Carter Page. [Update, 12/10/17: Just Security has fixed this error.] Many things suggest this particular report should be read with great skepticism, not least that it post-dated both the disclosure of the existence of the dossier and the election, and that this intelligence was offered up to Steele, not solicited, and was offered for free.

Next, Sipher again cites the December 13 report to claim Steele predicted something reported in a November Oxford University report (and anyway widely reported by BuzzFeed for months), which seems to require either a time machine or an explanation for why Steele didn’t report that earlier. He attributes a quote sourced to a Trump insider as indicating Russian strategy, which that report doesn’t support. And if you need Keith Alexander to suss out the logic of Democratic infighting that had been clear for six months, then you’re in real trouble!

Sipher would have been better off citing the undated Report 095 (which is another report about which there should be provenance questions), which relies on the same ethnic Russian Trump insider as the August 10 report, which claims agents/facilitators within the Democratic Party and Russian émigré hackers working in the United States — a claim that is incendiary but (short of proof that the Al-Awan brothers or Seth Rich really were involved) — one that has not been substantiated.

In short, the evidence in the dossier simply doesn’t support the claim it predicted two of the three things Sipher claims it does, at least not yet.

The dossier is stronger in sketchy contacts with Russians

The dossier is stronger with respect to some, but not all Trump associates. But even there, Sipher’s defense demonstrates uneven analytic work.

First, note that Sipher relies on “renowned investigative journalist” Michael Isikoff to validate some of these claims.

Renowned investigative journalist Michael Isikoff reported in September 2016 that U.S. intelligence sources confirmed that Page met with both Sechin and Divyekin during his July trip to Russia.

[snip]

A June 2017 Yahoo News article by Michael Isikoff described the Administration’s efforts to engage the State Department about lifting sanctions “almost as soon as they took office.”

Among the six journalists Steele admits he briefed on his dossier is someone from Yahoo.

The journalists initially briefed at the end of September 2016 by [Steele] and Fusion at Fusion’s instruction were from the New York Times, the Washington Post, Yahoo News, the New Yorker and CNN. [Steele] subsequently participated in further meetings at Fusion’s instruction with Fusion and the New York Times, the Washington Post and Yahoo News, which took place in mid-October 2016.

That the Yahoo journalist is Isikoff would be a cinch to guess. But we don’t have to guess, because Isikoff made it clear it was him in his first report after the dossier got leaked.

Another of Steele’s reports, first reported by Yahoo News last September, involved alleged meetings last July between then-Trump foreign policy adviser Carter Page and two high-level Russian operatives, including Igor Sechin — a longtime associate of Russian President Vladimir Putin who became the chief executive of Rosneft, the Russian energy giant.

In other words, Sipher is engaging in navel-gazing here, citing a report based on the Steele dossier, to say it confirms what was in the Steele dossier.

Sipher similarly cites a NYT article that was among the most criticized for the way it interprets “senior Russian intelligence officials” loosely to include anyone who might be suspect of being a spook.

We have also subsequently learned of Trump’s long-standing interest in, and experience with Russia and Russians.  A February 2017 New York Times article reported that phone records and intercepted calls show that members of Trump’s campaign and other Trump associates had repeated contacts with senior Russian officials in the year before the election.  The New York Times article was also corroborated by CNN and Reuters independent reports.

The two reports he claims corroborate the NYT one fall far short of the NYT claim about talks with Russian intelligence officials — a distinction that is critical given what Sipher claims about Sergey Kislyak, which I note below.

Carter Page

Sipher cites the Carter Page FISA order as proof that some of these claims have held up.

What’s more, the Justice Department obtained a wiretap in summer 2016 on Page after satisfying a court that there was sufficient evidence to show Page was operating as a Russian agent.

But more recent reporting, by journalists Sipher elsewhere cites approvingly, reveals that Page had actually been under a FISA order as early as 2014.

Page had been the subject of a secret intelligence surveillance warrant since 2014, earlier than had been previously reported, US officials briefed on the probe told CNN.

Paul Manafort

I have no complaint with Sipher’s claims about Manafort — except to the extent he suggests Manafort’s Ukrainian corruption wasn’t know long before the election. Sipher does, however, repeat a common myth about Manafort’s influence on the GOP platform.

The quid pro quo as alleged in the dossier was for the Trump team to “sideline” the Ukrainian issue in the campaign.  We learned subsequently the Trump platform committee changed only a single plank in the 60-page Republican platform prior to the Republican convention.  Of the hundreds of Republican positions and proposals, they altered only the single sentence that called for maintaining or increasing sanctions against Russia, increasing aid for Ukraine and “providing lethal defensive weapons” to the Ukrainian military.  The Trump team changed the wording to the more benign, “appropriate assistance.”

Republicans have credibly challenged this claim about the platform. Bob Dole is credited with making the platform far harsher on China in the service of his Taiwanese clients. And Trump’s team also put in language endorsing the revival of Glass-Steagall, with support from Manafort and/or Carl Icahn.

Michael Cohen

Sipher’s discussion of Trump lawyer Michael Cohen is the weirdest of all, not least because the Cohen reports are the most incendiary but also because they were written at a time when Steele had already pitched the dossier to the media (making it far more likely the ensuing reports were the result of disinformation). Here’s how Sipher claims the Steele dossier reports have been validated.

We do not have any reporting that implicates Michael Cohen in meetings with Russians as outlined in the dossier.  However, recent revelations indicate his long-standing relationships with key Russian and Ukrainian interlocutors, and highlight his role in a previously hidden effort to build a Trump tower in Moscow. During the campaign, those efforts included email exchanges with Trump associate Felix Sater explicitly referring to getting Putin’s circle involved and helping Trump get elected.

Go look at that “recent revelations” link. It goes to this Josh Marshall post which describes its own sourcing this way:

TPM Reader BR flagged my attention to this 2007 article in The New York Post.

[snip]

Because two years ago, in February 2015, New York real estate trade sheet The Real Deal reported that Cohen purchased a $58 million rental building on the Upper East Side.

This is not recent reporting!! Again, this is stuff that was publicly known before the election.

More importantly, given Cohen’s rebuttal to the dossier, Marshall supports a claim that Cohen has ties to Ukraine, not Russia. The dossier, however, claims Cohen has ties to the latter, as Cohen mockingly notes.

Felix Sater

Then there are the Trump associates who are now known to have been central to any ties between Trump and the Russians that the Steele dossier didn’t cite — as least not as subjects (all could well be sources, which raises other questions). The first is Felix Sater, whom Sipher discusses three times in suggesting that the dossier accurately predicts Cohen’s involvement in the Russian negotiations.

To take one example, the first report says that Kremlin spokesman Dmitry Peskov was responsible for Russia’s compromising materials on Hillary Clinton, and now we have reports that Michael Cohen had contacted Peskov directly in January 2016 seeking help with a Trump business deal in Moscow (after Cohen received the email from Trump business associate Felix Sater saying “Our boy can become president of the USA and we can engineer it. I will get all of Putins team to buy in on this.”).

[snip]

Following the inauguration, Cohen was involved, again with Felix Sater, to engage in back-channel negotiations seeking a means to lift sanctions via a semi-developed Russian-Ukrainian plan (which also included the hand delivery of derogatory information on Ukrainian leaders) also fits with Orbis reporting related to Cohen.

Given that Sater’s publicly known links between mobbed up Russians and Trump go back a decade, why isn’t he mentioned in the dossier? And why does the dossier seemingly contradict these claims about an active Trump Tower deal?

Aras Agalarov and Rinat Akhmetshin

There are far more significant silences about two other Trump associates, Aras Agalarov and Rinat Akhmetshin.

To be fair, the dossier isn’t entirely silent about the former, noting in at one place that Agalarov would be the guy to go to to learn about dirt on Trump in Petersburg (elsewhere he could be a source).

Far, far more damning is the dossier’s silence (again, at least as a subject rather than source) about Akhmetshin. That’s long been one of the GOP complaints about the dossier — that Akhmetshin was closely involved with Fusion GPS on Magnitsky work in parallel with the Trump dossier, which (if Akhmetshin really is still tied to Russian intelligence) would provide an easy feedback loop to the Russians. The dossier’s silence on someone well known to Fusion GPS is all the more damning given the way that Sipher points to the June 9 meeting (which the dossier didn’t report, either) as proof that the dossier has been vindicated.

It was also apparently news to investigators when the New York Times in July 2017 published Don Jr’s emails arranging for the receipt of information held by the Russians about Hillary Clinton. How could Steele and Orbis know in June 2016 that the Russians were working actively to elect Donald Trump and damage Hillary Clinton?

[snip]

To take another example, the third Orbis report says that Trump campaign manager Paul Manafort was managing the connection with the Kremlin, and we now know that he was present at the June 9 2016 meeting with Donald Trump, Jr., Russian lawyer Natalia Veselnitskaya and Rinat Akhmetshin, who has reportedly boasted of his ties to ties and experience in Soviet intelligence and counterintelligence.  According to a recent New York Times story, “Akhmetshin told journalists that he was a longtime acquaintance of Paul J. Manafort.”

There’s no allegation that investigations didn’t know about June 2016 plan to hurt Hillary (indeed, the Guccifer 2.0 stuff that Sipher ignores was public to all). Rather they didn’t know — but neither did Fusion, who has an established relationship with Akhmetshin — about the meeting involving Akhmetshin. If you’re going to claim the June 9 meeting proves anything, it’s that the dossier as currently known has a big hole right in Fusion’s client/researcher list.

Sergey Kislyak

Which brings me — finally! — to Sipher’s weird treatment of Sergey Kislyak. Sipher argues (correctly) that Trump associates’ failure to report details of their contacts with Russians may support a conspiracy claim.

 Of course, the failure of the Trump team to report details that later leaked out and fit the narrative may make the Steele allegations appear more prescient than they otherwise might.  At the same time, the hesitancy to be honest about contacts with Russia is consistent with allegations of a conspiracy.

Of course, Trump’s folks have failed to report details of that June 9 meeting as well as meetings with Sergey Kislyak. Having now invested his vindication story on that June 9 meeting, he argues that reports about Kislyak (on which the NYT article he cites approvingly probably rely) are misguided; we need to look to that June 9 meeting intead.

It should be noted in this context, that the much-reported meetings with Ambassador Kislyak do not seem to be tied to the conspiracy. He is not an intelligence officer, and would be in the position to offer advice on politics, personalities and political culture in the United States, but would not be asked to engage in espionage activity.  It is likewise notable that Ambassador Kislyak receives only a passing reference in the Steele dossier and only having to do with his internal advice on the political fallout in the U.S. in reaction to the Russian campaign.

Of course, to determine if collusion occurred as alleged in the dossier, we would have to know if the Trump campaign continued to meet with Russian representatives subsequent to the June meeting.

This seems utterly bizarre. We know what happened after June 9, in part: Per Jared Kushner (who also is not mentioned in the dossier or Sipher’s column), immediately after the election Kislyak started moving towards meeting about Syria (not Ukraine). But in the process, Kushner may have asked for a back channel and at Kislyak’s urging, Kushner took a meeting with the head of a sanctioned bank potentially to talk about investments in his family’s debt-ridden empire. And all that is the lead-up to the Mike Flynn calls with Kislyak about sanctions relief which provide some of the proof that Trump was willing to deliver the quo that the dossier claims got offered for quids.

That latter story — of the meetings Kushner and Flynn did in the wake of the election and events that may have taken place since — is every bit as coherent a narrative as the Steele dossier or the entirely new narratives tied to the June 9 meeting (which Sipher claims are actually the Steele narrative).

Of course, neither is yet evidence of collusion. And that’s, frankly, what we as citizens should be after.

A narrative offered up by an intelligence contractor who was always trying to catch up to the central part of the story — the hack-and-leak — is not what we should be striving for. That’s why this dossier is probably mostly irrelevant to the Mueller probe, no matter how the GOP would like to insinuate the opposite. If there was collusion (or rather, coordination on all this stuff between the campaign and Russia), we should expect evidence of it. The Steele dossier, as I have noted, left out one of the key potential proofs of that, in spite of having ties with someone who attended the meeting.

All that said, it would be useful for someone responsible to respond to GOP criticisms and, where invented (such as with the claim that Steele paying sources diminishes its value), demonstrate that. It would be useful for someone to explain what we should take from the dossier.

Sipher didn’t do that, though. Indeed, his post largely suffers from the same bad analysis he accuses the media of.

Update: In the original I got the date of the final report incorrect. That has been corrected.

Update, 12/10/17: I didn’t realize it, but Just Security updated Sipher’s post to include this language, which it explains with an editor’s note saying “Editor’s note: This article was update to provide additional analysis on Carter Page.” Compare this with this. Here’s the language.

Admittedly, Isikoff’s reporting may have relied on Steele himself for that information. Isikoff, however, also reported that U.S. intelligence officials were confident enough in the information received about Page’s meeting Russian officials to brief senior members of Congress on it. There are also other indicia that are also consistent with the Orbis report but only developed or discovered later. In early December 2016, Page returned to Moscow where he said he had “the opportunity to meet with an executive from” Sechin’s state oil company. In April 2017, Page confirmed that he met with and passed documents to a Russian intelligence officer in 2013. Court documents include an intercept in April 2013 of conversations between the Russians discussing their effort to recruit Page as “as an intelligence source.” A Russian intelligence officer said of Page: “He got hooked on Gazprom … I don’t know, but it’s obvious that he wants to earn lots of money … For now his enthusiasm works for me. I also promised him a lot … You promise a favor for a favor. You get the documents from him and tell him to go fuck himself.” In late December 2016, Sechin’s chief of staff, Oleg Erovinkin “who may have been a source for ex-British spy Christopher Steele’s Trump dossier,” according to multiple reports, was found dead in the back of his car in Moscow.

But this passage introduces new errors for Sipher’s post!

First, here’s the language (in an article Just Security never links) Sipher relies on to justify using Isikoff’s Steele-based reporting to claim Steele had been proven correct.

After one of those briefings, Senate minority leader Harry Reid wrote FBI Director James Comey, citing reports of meetings between a Trump adviser (a reference to Page) and “high ranking sanctioned individuals” in Moscow over the summer as evidence of “significant and disturbing ties” between the Trump campaign and the Kremlin that needed to be investigated by the bureau.

Some of those briefed were “taken aback” when they learned about Page’s contacts in Moscow, viewing them as a possible back channel to the Russians that could undercut U.S. foreign policy, said a congressional source familiar with the briefings but who asked for anonymity due to the sensitivity of the subject. The source added that U.S. officials in the briefings indicated that intelligence reports about the adviser’s talks with senior Russian officials close to President Vladimir Putin were being “actively monitored and investigated.”

A senior U.S. law enforcement official did not dispute that characterization when asked for comment by Yahoo News. “It’s on our radar screen,” said the official about Page’s contacts with Russian officials. “It’s being looked at.”

It is true that “U.S. intelligence officials were confident enough in the information received about Page’s meeting Russian officials to brief senior members of Congress on it,” and that Harry Reid was leaking from the Steele dossier just like Isikoff was. But the “senior US law enforcement officer” does not back the identities of those Page met with, just that “it’s being looked at.”

That’s important for the way that Page’s meetings with people other than Igor Sechin have been used to claim the dossier has borne out. Not-A = A. Which is what Sipher does here, by pointing to Page saying he met with Rosneft but not Sechin. “Page says he was not referring to Sechin in his remarks,” the linked AP story says (as does Page’s congressional testimony).

Then Sipher points to language unsealed in a court filing in January 2015 that Page admitted — after reporting on it — was him. That Page was wrapped up in an earlier Russian spy prosecution is another of those things one might ask why Steele didn’t know, particularly given that the filing and the case was already public.

But the citation also exacerbates the problems with Sipher’s reliance on Page’s FISA wiretap as proof the Steele dossier proved out. As I noted above, later reports stated Page had been under FISA wiretap “since 2014, earlier than had been previously reported, US officials briefed on the probe told CNN.” That means it wasn’t the meetings in Russia, per se, that elicited the interest, but (at least) the earlier interactions with Russian spies.

Finally, Sipher points to the death of Oleg Erovinkin, something I’ve pointed to myself (and which would only be “Carter Page” analysis if Page actually had met with Sechin). Since Sipher updated this post, however, Luke Harding wrote (on page 101),

Steele was adamant that Erovinkin wasn’t his source and “not one of ours.”

As a person close to Steele put it to me: “Sometimes people just die.”

I’m not sure I find Harding entirely reliable elsewhere, and I can see why Steele would deny working with Erovinkin if the leak of his work had gotten the man killed. But if you buy Harding, then Erovinkin no longer proves the value of the Steele dossier either.

Update, 12/10: According to the Wayback Machine this change was made between October 25 and November 6. Ryan Goodman explained that he didn’t give me a hat-tip for this correction because he’s not sure whether he corrected because of me because a Daily Caller reporter also weighed in.

It is true that Chuck Ross (with whom I discuss the dossier regularly) tweeted that Sipher’s Isikoff reference was self-confirming on November 4, shortly before the change was made.

Ryan and I had a conversation about the errors in this piece on September 6, when the post first came out, both on Twitter then–late that evening–on DM. I included a link to my post.

I guess Ryan is now confessing he never read this post, and let notice of egregious errors sit unreviewed for two months, because he didn’t like my tone.

 

On the New (and Not-So New) Claims about Guccifer 2.0

The initial files released by the persona Guccifer 2.0 on June 15, 2016 included — in addition to graffiti paying tribute to Felix Dzerzhinsky, the founder of Russia’s secret police — metadata deliberately set to Cyrillic (the metadata had previously been interpreted, implausibly even at the time, to be a mistake).

And a file later released on September 13, 2016 purportedly from Guccifer 2.0 but released via a magnet site and never linked on his WordPress site, was probably copied, locally, to a Linux drive somewhere in the Eastern time zone on July 5, 2016; the files were then copied to a Windows file on September 1, 2016.

Those are the fairly uncontroversial findings from two separate research efforts that have recently renewed debate over whether the conclusion of the intelligence community, that Russia hacked the DNC, is valid.

I’m going to do a two part post on this issue.

What to Read

As you might be able to figure out, nothing about those two conclusions at all dictates that the Intelligence Community conclusions that Russia is behind the hack of Democratic targets are wrong. The reason they’re so controversial is because they’ve been used, in tandem, to support claims that the IC conclusion is wrong, first in a (to me) unconvincing letter by the Veteran Intelligence Professionals for Sanity (chiefly Bill Binney, Kirk Wiebe, Ed Loomis, and Ray McGovern), and then in some even sloppier versions, most notably at the Nation. In between the original analysis and these reports are some other pieces making conclusions about the research itself that are in no way dictated by the research.

In other words, it’s all a big game of telephone, some research going in the front end and a significantly distorted message coming out the back end.

So before I get into what the two studies do show, let’s talk about what you should read. The first argument has been made by Adam Carter at his G2-space, which is laudable as a resource for documents on Guccifer 2.0, no matter what you think of his conclusions. There’s a ton in there, not all of which I find as persuasive as the argument pertaining to the Russian metadata. Happily, he made two free-standing posts demonstrating the RSID analysis (one, two). I first discussed this analysis here.

The RSID analysis showing that the cyrillic in Guccifer 2.0’s documents was actually intentional relies, in part, on the work of someone else, posting under the name /u/tvor_22. His post on this is worthwhile not just for the way it maps out how people came to be fooled by the analysis,  but for the five alternative explanations he offers. In in no way think those five possibilities are comprehensive, but I appreciate the effort to remain open about what conclusions might be drawn from the evidence.

Between those three posts, they show that the first five documents released by Guccifer 2.0 were all copied into one with certain settings set, deliberately, to the Russian language. That’s the first conclusion.

The forensics on copying was done by a guy posting under the name The Forensicator, whose main post is here. Note his site engages in good faith with the rebuttals he has gotten, so poke around and see how he responds.  He argues a bunch of things, most notably that the first copy of files released in September was copied locally back in July, perhaps from a computer networked to the host server. That analysis doesn’t rule out that the data was on some server outside of the DNC. I raised one concern about this analysis here.

Finally, for a more measured skeptical take — from someone also associated with VIPS who did not join in their letter — see Scott Ritter’s take. I don’t agree with all of that either, but I think a second skeptical view is worthwhile.

All of which is to say if you want to read the analysis — rather than conclusions that I think go well beyond the analysis — read the analysis. Assuming both are valid (again, I think the RSID case is stronger than the copying one), the sole conclusions I’d draw from them is that the Guccifer 2.0 figure wanted to be perceived as a Russian — something he succeeded in doing through far more than just metadata, though the predispositions of researchers and the press certainly made it easy for him. And, some entity that may associated with Guccifer 2.0 (but may also be a proxy)  is probably in the Eastern Time Zone, possibly (though not definitely) close to the DNC (or some other target server). That’s it. That’s what you need to explain if you believe both pieces of analysis.

Whatever explanation you use to explain the inclusion of Iron Felix in the documents (which is consistent with graffiti left in the hacked servers) would be the same one you use to explain why the metadata was set to Cyrillic; the IC and people close to the hack have explained that the hackers liked to boast. And the only explanation you need for the local copy is that someone associated with the Russians was close to DC, such as at the Maryland compound that got shut down.

Guccifer and the DNC … or DCCC … or Hillary

Since we’re examining these claims, there’s another part of the presentation on the RSID data (and Carter’s site generally), that deserves far more prominent mention than the current debate has given, because it undermines the framing of the debate. We’ve been arguing for a year about Russia’s tie to Guccifer 2.0 based on the persona’s claim to have provided DNC documents to WikiLeaks. But the documents originally released in the initial weeks by Guccifer 2.0 were, by and large, not DNC documents. As far as I know/u/tvor_22 was the first to note this. He describes that the Trump document first leaked only appears via other sources as an attachment to a Podesta email, though there are alterations in the metadata, as are three of the others, with the fifth coming from an unidentified source.

Let’s take the very first document posted by Guccifer2.0, which some security researchers have cited as ‘an altered document not properly sanitised.’ If we diff the raw copy — pasted into text documents — of both the original Trump document found in the Podesta emails and the Guccifer 2.0 version, ignoring white-spaces and tabs (diff -w original.txt altered.txt):

  • the table of contents has been re-factored.
  • many of the links are naked in the Guccifer2.0 version. (Naked as in not properly behind link titles, indicating Guccifer2.0’s version may have been an earlier draft.)
  • the error messages are in Russian.
  • None of the above quirks could be found in comparing 2,3, or 5.doc to their originals (100% textually equivalent). 4.doc could not be found on WikiLeaks for a comparison.

None of the textual content in any of these four ‘poorly sanitised’ documents has been altered, removed, or doctored. In other words all the differences you would expect from a copy and paste from one editor to another. So why bother copy and pasting into a new document at all? I wonder.

[1.doc’s original, 2.doc’s original, 3.doc’s original, 5.doc’original. 4.doc could not be found in Wikileaks. The bare texts of 2,3, and 5 are checksum equivalent.]

G2-space has posted an expansion of this analysis, by JimmysLlama. It provides a list for where the first 40 documents (covering Guccifer 2.0’s first two WordPress posts) can — or cannot — be found. The source for (roughly) half remains unidentified, the other half came from Podesta’s emails. At the very least, that reporting makes it clear that even for documents claimed (falsely) to be DNC documents, Guccifer had a broader range of documents than what WikiLeaks published.

That explains reporting from last summer that indicated the FBI wasn’t sure if WikiLeaks’ documents had come from Russia/Guccifer 2.0.

The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

Now we know why: because they weren’t the same set of files as had been taken from the DNC (though the FBI did already know some Hillary staffers had been hacked.) See this post from last summer, in which I explore that and related questions.

The detail that Guccifer 2.0 was actual posting Hillary, not DNC, documents is somewhat consistent with what John Podesta has said. He revealed that he recognized an early “DNC” document probably came from his email.

And other campaign officials also had their emails divulge earlier than October 7th. But in one of those D.N.C. dumps, there was a document that appeared to me was– that appeared came– might have come from my account.

Podesta he has always been squirrelly about thus stuff and probably has reason to hide that the Democrats’ claims that Guccifer 2.0 was releasing DNC documents were wrong (indeed, that’s something that would be far more supportive of skeptics’ alternative theories than this Guccifer 2.0 data, but it’s also easily explained by Democrats’ understandable choices to minimize their exposure last summer). Importantly, Podesta also suggests that “other campaign officials also had their emails divulged earlier than October 7th,” without any suggestion that that is just via DC Leaks.

On top of a lot of other implications of this, it shifts the entire debate about whether Guccifer 2.0 was WikiLeaks’ source, which has always focused on whether the documents leaked on July 22 came from Guccifer 2.0. Regardless of what you might conclude about that, it shifts the question to whether the Podesta emails WikiLeaks posted came from Guccifer 2.0, because those are the ones where there’s clear overlap. Russia’s role in hacking Podesta has always been easier to show than its role in hacking the DNC.

It also shifts the focus away from whether FBI obtained enough details from the DNC server via the forensic image it received from Crowdstrike to adequately assess the culprit. Both the DNC and Hillary (as well as the DCCC) servers are important. Though those that squawk about this always seem to miss that FBI, via FireEye, disagreed with Crowdstrike on a key point: the degree to which the two separate sets of hackers coordinated in targeted servers; I’ve been told by someone with independent knowledge that the FBI read is the correct one, so FBI certainly did their own assessment of the forensics and may have obtained more accurate results than Crowdstrike (I’ve noted elsewhere that public IC statements make it clear that not all public reports on the Russian hacks are correct).

In other words, given that the files that Guccifer 2.0 first leaked actually preempted WikiLeaks’ release of those files by four months, what you’d need to show about the DNC file leaks is something entirely different than what has been shown.

New Yorker’s analysis on coordination

That’s a task Raffi Khatchadourian took on, using an analysis of what got published when, to argue that Russia is WikiLeaks’ source in his recent profile of Assange (I don’t agree with all his logical steps, particularly his treatment of the relationship between Guccifer 2.0 and DC Leaks, but in general my disagreements don’t affect his analysis about Russia).

Throughout June, as WikiLeaks staff worked on the e-mails, the persona had made frequent efforts to keep the D.N.C. leaks in the news, but also appeared to leave space for Assange by refraining from publishing anything that he had. On June 17th, the editor of the Smoking Gun asked Guccifer 2.0 if Assange would publish the same material it was then doling out. “I gave WikiLeaks the greater part of the files, but saved some for myself,” it replied. “Don’t worry everything you receive is exclusive.” The claim at that time was true. None of the first forty documents posted on WordPress can be found in the WikiLeaks trove; in fact, at least half of them do not even appear to be from the D.N.C., despite the way they were advertised.

But then, on July 6th, just before Guccifer 2.0 complained that WikiLeaks was “playing for time,” this pattern of behavior abruptly reversed itself. “I have a new bunch of docs from the DNC server for you,” the persona wrote on WordPress. The files were utterly lacking in news value, and had no connection to one another—except that every item was an attachment in the D.N.C. e-mails that WikiLeaks had. The shift had the appearance of a threat. If Russian intelligence officers were inclined to indicate impatience, this was a way to do it.

On July 18th, the day Assange originally planned to publish, Guccifer 2.0 released another batch of so-called D.N.C. documents, this time to Joe Uchill, of The Hill. Four days later, after WikiLeaks began to release its D.N.C. archive, Uchill reached out to Guccifer 2.0 for comment. The reply was “At last!”

[snip]

Whatever one thinks of Assange’s election disclosures, accepting his contention that they shared no ties with the two Russian fronts requires willful blindness. Guccifer 2.0’s handlers predicted the WikiLeaks D.N.C. release. They demonstrated inside knowledge that Assange was struggling to get it out on time. And they proved, incontrovertibly, that they had privileged access to D.N.C. documents that appeared nowhere else publicly, other than in WikiLeaks publications. The twenty thousand or so D.N.C. e-mails that WikiLeaks published were extracted from ten compromised e-mail accounts, and all but one of the people who used those accounts worked in just two departments: finance and strategic communications. (The single exception belonged to a researcher who worked extensively with communications.) All the D.N.C. documents that Guccifer 2.0 released appeared to come from those same two departments.

The Podesta e-mails only make the connections between WikiLeaks and Russia appear stronger. Nearly half of the first forty documents that Guccifer 2.0 published can be found as attachments among the Podesta e-mails that WikiLeaks later published. Moreover, all of the hacked election e-mails on DCLeaks appeared to come from Clinton staffers who used Gmail, and of course Podesta was a Clinton staffer who used Gmail. The phishing attacks that targeted all of the staffers in the spring, and that targeted Podesta, are forensically linked; they originated from a single identifiable cybermechanism, like form letters from the same typewriter. SecureWorks, a cybersecurity firm with no ties to the Democratic Party, made this assessment, and it is uncontested.

Now, I’d like to see the analysis behind this publicly. It should be expanded to include all the documents leaked by Guccifer 2.0. It should include more careful analysis of the forensics behind the phishes (security companies have done this, but have not shown all their work). Moreover, it doesn’t rule out a piggyback hack, though given that Guccifer 2.0 was leaking Hillary emails from the start, it’s unclear how that piggyback would work. All that said, it provides a circumstantial case that these were the same two sets of documents.

Khatchadourian doesn’t dwell on something he alluded to here, which is that all the DNC documents were email focused, collected from just 10 mailboxes. That’s the nugget that, I suspect, Assange will point to (and may have shared with Dana Rohrabacher) in an effort to rebut the claims his source was Russia (one thing Khatchadourian gets wrong is what Craig Murray said about two different sources for WikiLeaks, but then he points to a WikiLeaks claim they got the emails in late summer and September 19 date on all of them — not long before Murray picked something up in DC — so that’s another area worth greater focus). For now, I’ll bracket that, but while I suspect it points to really interesting conclusions, I don’t think it necessarily undermines the claim that Russia was Assange’s source. More importantly, none of the things people are pointing to in this new analysis — the metadata in files released by Guccifer 2.0, the metadata in files released on a magnet site but never directly by Guccifer 2.0 — affects the analysis of how completely unrelated emails got to WikiLeaks at all.

All of which is to say that the these two pieces of analysis actually miss the far more interesting analysis that got done with it.

Update: Turns out the Nation issued a correction today, which reads in part,

Subsequently, Nation editors themselves raised questions about the editorial process that preceded the publication of the article. The article was indeed fact-checked to ensure that Patrick Lawrence, a regular Nation contributor, accurately reported the VIPS analysis and conclusions, which he did. As part of the editing process, however, we should have made certain that several of the article’s conclusions were presented as possibilities, not as certainties. And given the technical complexity of the material, we would have benefited from bringing on an independent expert to conduct a rigorous review of the VIPS technical claims.

It added an outside analysis by Nathanial Freitas of the two reports, a rebuttal from VIPS members who did not join the letter, and a response from those who did. Freitas provides a number of other possibilities to get the throughput observed by Forensicator. The VIPS dissenters raise some of the same points I do, including that this server may be somewhere outside of DNC.

It is important to note that it’s equally plausible that the cited July 5, 2016, event was carried out on a server separate from the DNC or elsewhere, and with data previously copied, transferred, or even exfiltrated from the DNC.

However, independent of transfer/copy speeds, if the data was not on the DNC server on July 5, 2016, then none of this VIPS analysis matters (including the categorically stated fact that the local copy was acquired by an insider) and simply undermines the credibility of any and all analysis in the VIPS memo when joined with this flawed predicate.

Is Trump’s Revelation the Same as Craig Murray’s Revelation: An American Cut-Out?

Because security professionals are so confident in the Russian attribution of the DNC hack, they have largely ignored alternative theories from the likes of Wikileaks and Bill Binney. That’s unfortunate, because Craig Murray, in his description of his own role in getting the Podesta files to Wikileaks, at least, revealed a detail that needs greater attention. He believes he received something (perhaps the documents themselves, perhaps something else) from a person with ties to US national security.

[I]f we believe that Murray believes this, we know that the intermediary can credibly claim to have ties to American national security.

So on September 25, Murray met a presumed American in DC for a hand-off related to the Podesta hack.

I raise that because Trump is now promising we’ll learn something this week about the hack that may cast doubt on the claims Russia was behind it.

He added: “And I know a lot about hacking. And hacking is a very hard thing to prove. So it could be somebody else. And I also know things that other people don’t know, and so they cannot be sure of the situation.”

When asked what he knew that others did not, Mr. Trump demurred, saying only, “You’ll find out on Tuesday or Wednesday.”

If Murray met an American claiming to have done the hack, then Trump may have too. That doesn’t mean the Russians didn’t do the hack (though it could mean an American borrowed GRU’s tools to do it). It could just as easily mean the Russians have an American cut-out, and that while the security community has been looking for Russian-speaking proxies, they’ve ignored the possibility of American ones.

I have a suspicion that Trump’s campaign did meet with such a person (I even have a guess about when it would have happened).

I guess we’ll learn more this week.

The DNC’s Evolving Story about When They Knew They Were Targeted by Russia

This week’s front page story about the Democrats getting hacked by Russia starts with a Keystone Kops anecdote explaining why the DNC didn’t respond more aggressively when FBI first warned them about being targeted in September. The explanation, per the contractor presumably covering his rear-end months later, was that the FBI Special Agent didn’t adequately identify himself.

When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk.

His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.

The F.B.I. knew it well: The bureau had spent the last few years trying to kick the Dukes out of the unclassified email systems of the White House, the State Department and even the Joint Chiefs of Staff, one of the government’s best-protected networks.

Yared Tamene, the tech-support contractor at the D.N.C. who fielded the call, was no expert in cyberattacks. His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion. By his own account, he did not look too hard even after Special Agent Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real F.B.I. agent and not an impostor.

This has led to (partially justified) complaints from John Podesta about why the FBI didn’t make the effort of driving over to the DNC to warn the higher-ups (who, the article admitted, had decided not to spend much money on cybersecurity).

This NYT version of the FBI Agent story comes from a memo that DNC’s contractor, Yared Tamene, wrote at some point after the fact. The NYT describes the memo repeatedly, though it never describes the recipients of the memo nor reveals precisely when it was written (it is clear it had to have been written after April 2016).

“I had no way of differentiating the call I just received from a prank call,” Mr. Tamene wrote in an internal memo, obtained by The New York Times, that detailed his contact with the F.B.I.

[snip]

“The F.B.I. thinks the D.N.C. has at least one compromised computer on its network and the F.B.I. wanted to know if the D.N.C. is aware, and if so, what the D.N.C. is doing about it,” Mr. Tamene wrote in an internal memo about his contacts with the F.B.I. He added that “the Special Agent told me to look for a specific type of malware dubbed ‘Dukes’ by the U.S. intelligence community and in cybersecurity circles.”

[snip]

In November, Special Agent Hawkins called with more ominous news. A D.N.C. computer was “calling home, where home meant Russia,” Mr. Tamene’s memo says, referring to software sending information to Moscow. “SA Hawkins added that the F.B.I. thinks that this calling home behavior could be the result of a state-sponsored attack.”

[DNC technology director Andrew] Brown knew that Mr. Tamene, who declined to comment, was fielding calls from the F.B.I. But he was tied up on a different problem: evidence suggesting that the campaign of Senator Bernie Sanders of Vermont, Mrs. Clinton’s main Democratic opponent, had improperly gained access to her campaign data.

[snip]

One bit of progress had finally been made by the middle of April: The D.N.C., seven months after it had first been warned, finally installed a “robust set of monitoring tools,” Mr. Tamene’s internal memo says. [my emphasis]

The NYT includes a screen cap of part of that memo (which reveals that the DNC had already been exposed to ransomware attacks by September 2015), but not the other metadata or a link to the full memo.

One reason I raise all this is because the evidence laid out in the story contradicts, in several ways, this August report, relying on three anonymous sources (at least some of whom are probably members of Congress, but then so was the DNC Chair at the time).

The FBI did not tell the Democratic National Committee that U.S officials suspected it was the target of a Russian government-backed cyber attack when agents first contacted the party last fall, three people with knowledge of the discussions told Reuters.

And in months of follow-up conversations about the DNC’s network security, the FBI did not warn party officials that the attack was being investigated as Russian espionage, the sources said.

The lack of full disclosure by the FBI prevented DNC staffers from taking steps that could have reduced the number of confidential emails and documents stolen, one of the sources said. Instead, Russian hackers whom security experts believe are affiliated with the Russian government continued to have access to Democratic Party computers for months during a crucial phase in the U.S. presidential campaign, the source said.

[snip]

In its initial contact with the DNC last fall, the FBI instructed DNC personnel to look for signs of unusual activity on the group’s computer network, one person familiar with the matter said. DNC staff examined their logs and files without finding anything suspicious, that person said.

When DNC staffers requested further information from the FBI to help them track the incursion, they said the agency declined to provide it. In the months that followed, FBI officials spoke with DNC staffers on several other occasions but did not mention the suspicion of Russian involvement in an attack, sources said.

The DNC’s information technology team did not realize the seriousness of the incursion until late March, the sources said. It was unclear what prompted the IT team’s realization.

In August, anonymous sources told Reuters that FBI never told DNC they were being attacked by Russians until … well, Reuters doesn’t actually tell us when the FBI told DNC the Russians were behind the attack, just that Democrats started taking it seriously in March.

But in the pre-Trump Russian hack bonanza, the NYT has now revealed that an internal memo says that the DNC had been informed in November, not March.

And even that part of the explanation doesn’t make sense. As a number of people have noted, Brown is basically saying he didn’t respond to a warning — given in November — that a DNC server was calling home to Russia because he was dealing with a NGP-VAN breach that happened on December 18. He would have had over two weeks to respond to Russia hacking the DNC before the NGP-VAN issue, and that would have been significantly handled by NGP.

Moreover, even the September narrative invites some skepticism. Tamene admits the FBI Special Agent, “told me to look for a specific type of malware dubbed ‘Dukes’ by the U.S. intelligence community and in cybersecurity circles.” And he describes “His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion.” Had Tamene Googled for “dukes malware” any time after September 17, 2015, this is what he would have found.

Today we release a new whitepaper on an APT group commonly referred to as “the Dukes”. We believe that the Dukes are a well-resourced, highly dedicated, and organized cyber-espionage group that has been working for the Russian government since at least 2008 to collect intelligence in support of foreign and security policy decision-making. [my emphasis]

So had this initial report taken place after September 17, Tamene would have learned, thanks to the second sentence of a top Google return, that he was facing a “highly dedicated, and organized cyber-espionage group that has been working for the Russian government. ” Had he done the Google search he said he did, that is, he would almost certainly have learned he was facing down Russian hackers.

Had he clicked through to the report — which is where he would have gone to find the malware signatures to look for — he would have seen a big pink graphic tying the Dukes to Russia.

It’s certainly possible the alert came before the white paper was released (though if it came after, it explains why the FBI would have thought simply mentioning the Dukes would be sufficient). But that would suggest Tamene remembered the call and his Google search for the Dukes in detail sometime in April but not in September when this report got a fair amount of attention.

None of this is to excuse the FBI (I’ve already started a post on that part of this). But it’s clear that Democrats have been — at a minimum — inconsistent in their story to the press about why they didn’t respond to warnings sooner. And given the multiple problems with their explanation about what happened last fall, it’s likely they did get some warning, but just didn’t heed it.

Update: When I wrote this this morning, I had read this tweet stream and this story but not the underlying Shadow Brokers related post, by someone writing under the pseudonym Boceffus Cleetus it relates to, which is basically a Medium post introducing the latest sale of Shadow Broker tools. It wasn’t until I read this post — and then the second Boceffus Cleetus post that I realized Boceffus Cleetus posted (his) original post — along with a reference to the name magnified back when this hack started — the day after the NYT wrote a story of the hack from DNC’s perspective.

As the tweet stream lays out, Boceffus Cleetus is a play on ventriloquism, (duh, speaking for others) and the Dukes of Hazard. Both analyses of this argue that the reference to “Dukes of Hazard” is, in turn, a reference to the name given to the FSB hacking efforts (the other I’ve used is “Cozy Bear”) in the report I linked above — that is, to the name F-Secure had given the FSB hackers, most notably in the report I linked above. I didn’t make too much of it until I read this second Boceffus Cleetus post, which in seemingly one sentence lays out Bill Binney’s theory of the DNC hack (that is, that NSA handed it on) with a country drawl and a lot of conspiracy theory added.

After my shadow brokers tweet I was contacted by an anonymous source claiming to be FBI. Yep I know prove it? I wasn’t able to get’em to verify their identity. But y’all don’t be runnin away yet, suspend yer disbelief and check out their claims. What if the Russian’s ain’t hacking nothin? What if the shadow brokers ain’t Russian? Whatcha got as the next best theory? What if its a deep state civil war tween CIA and ole NSA? A deep state civil war to see who really runs things. NSA is Department of Defense, military. The majority of the military are high school grads, coming from rural “Red States”, conservatives. The NSA has the global surveillance capabilities to intercept all the DNC and Podesta emails. CIA is college grads only and has the traditions of the urban yankee northeastern and east coast ivy leaguers, “Blue State”, liberals.

It’s all mostly gratuitous — an attempt to feed (as explicitly named “fake news”) some of the alternate explanations out there right now.

But I find the portrayal of an NSA-CIA feud notable, in part, because the mostly likely reason FBI (which is where Boceffus Cleetus’ fictional source came from) didn’t tell the DNC who was hacking them back in September 2015 is because the actual tip — that Russia was hacking the DNC — came from the NSA. But FBI had to hide that. So instead, they used the name for FSB that was current at the time.

I’ll add, too, that this plays on Craig Murray’s claim that a national security person leaked him the Podesta documents.

So what’s the point? Dunno. I defer to theGrugq’s third post, in which he argues this post is signaling to show NSA the Russian hackers must have access to NSA’s classified networks, because they’ve accessed a map of everything.

This dump has a bit of everything. In fact, it has too much of everything. The first drop was a firewall ops kit. It had everything that was supposed to be used against firewalls. This dump, on the other hand, has too much diversity and each tool is comprehensive.

The depth and breadth of the tooling they reveal can only possibly be explained by:

  1. an improbable sequence of hack backs which got, in sequence, massive depth of codenamed implants, exploits, manuals,
  2. access to high side data

[snip]

It is obvious that this data would never leave NSA classified networks except by some serious operator error (as I believe was the case with the first ShadowBrokers leak.) For this dump though, it is simply not plausible. There is no way that such diverse and comprehensive ops tooling was accidentally exposed. It beggars belief to think that any operator could be so careless that they’d expose this much tooling, on multiple diverse operations.

There are, based on my count, twenty one (21) scripts/manuals for operations contained in this dump. They cover too many operations for a mistake, and they are too comprehensive for a mistake.

Remember, Obama has been stating assuredly that the US has far more defensive and offensive capability than Russia. The latter might well be true. But the latter is nuts, if for no other reason than we have so much more to secure. The former might be true. But not if hackers can log into NSA’s fridge and steal their beer.

I’m not entirely sure what to make of this. But against the background of increasing dick-wagging, it’ll be interesting to see how it plays out.

Craig Murray’s Description of WikiLeaks’ Sources

One of the weaknesses of my post on the evidence needed to prove the Russian DNC hack (one I’ll fix when I move it into a page) is that I didn’t include a step where the intelligence community had to dismiss alternative theories. It is not enough to prove that tools associated with Russian intelligence hacked the DNC (whether or not you’re convinced they necessarily are used exclusively by GRU), but you also have to prove that no one else either hacked the known sources of leaked documents or otherwise obtained them. That was particularly important given early reports that FBI wasn’t sure that the documents stolen by hackers presumed to be GRU were the same documents dealt to WikiLeaks.

One alternative theory I know some researchers tested, for example, is whether hackers could have gotten into the accounts of DNC staffers by testing passwords made available by past hacks (of LinkedIn and MySpace, in particular) for reuse. For a while, that definitely seemed like a plausible alternative theory, but ultimately I don’t think it could explain the known evidence.

The most important alternative theory, however, comes from Julian Assange, who has been first intimating and more recently asserting directly that Russians were not his source (even while showing immediate concern that Obama’s hacking review targeted Wikileaks directly). Former UK Ambassador to Uzbekistan Craig Murray has also made such a claim, first in a series of posts on his blog, and at more length in an interview with Scott Horton.

Murray’s interview is well worth the listen, as he has nowhere near the same personal stakes in this story as Assange and — as he makes clear in the interview — because he seems to have had a role in handing over the second batch of emails. Ultimately, his description is unconvincing. But it is an important indication of what he claims to believe (which must reflect what Assange has told him, whether Assange believes it or not). Importantly, Murray admits that “It’s perfectly possible that WikiLeaks themselves don’t know what is going on,” which admits one possibility I’ve always suspected: that whoever dealt the documents did so in a way that credibly obscured their source.

Murray explained that the two sets of documents handed over to Wikileaks came via two different American sources, both of whom had legal access to them.

He describes a lot more about the Podesta emails, of which he said he had “first hand knowledge,” because of something he did or learned on a trip to DC in September. In this interview, he says “The material was already, I think, safely with WikiLeaks before I got there in September,” though other outlets have suggested (with maps included!) that’s when the hand-off happened. In that account, Murray admits he did not meet with the person with legal access; he instead met with an intermediary. That means the intermediary may have made false claims about the provenance.

And even the claims about the provenance don’t make sense. Murray claimed the documents came from someone in the national security establishment, and implied they had come from legal monitoring of John Podesta because he (meaning John) is a lobbyist for Saudi Arabia.

Again, the key point to remember, in answering that question, is that the DNC leak and the Podesta leak are two different things and the answer is very probably not going to be the same in both cases. I also want you to consider that John Podesta was a paid lobbyist for the Saudi government — that’s open and declared, it’s not secret or a leak in a sense. John Podesta was paid a very substantial sum every month by the Saudi government to lobby for their interests in Washington. And if the American security services were not watching the communications of the Saudi government paid lobbyist then the American intelligence services would not be doing their job. Of course it’s also true that the Saudis’ man, the Saudis’ lobbyist in Washington, his communications are going to be of interest to a great many other intelligence services as well.

As a threshold matter, no national security agency is going to monitor an American registered to work as an agent for the Saudis. That’s all the more true if the agent has the last name Podesta.

But that brings us to another problem. John Podesta isn’t the lobbyist here. His brother Tony is. So even assuming the FBI was collecting all the emails of registered agent for the Saudis, Tony Podesta, even assuming someone in national security wanted to blow that collection by revealing it via Wikileaks, they would pick up just a tiny fraction of John Podesta’s emails. So this doesn’t explain the source of the emails at all.

But if we believe that Murray believes this, we know that the intermediary can credibly claim to have ties to American national security.

Horton and Murray go on to discuss how WikiLeaks got the first batch of emails, the ones from DNC. That’s specifically the context where Murray talks about the possibility Assange doesn’t actually know. Though he suggests the leaker is a DNC insider angry about Bernie Sanders’ treatment.

There’s a section on the murdered DNC staffer, which I’m not going to focus on because I find it distasteful. But Murray explains that Assange offered a reward pertaining to his murder because he thought the staffer might be mistaken for the real source, but was not the real source. Which suggests Assange implied to Murray that the documents were directly leaked by someone in a similar position. Again, someone who could pose as a DNC staffer.

Here, Murray states clearly that “Guccifer is not the source for WikiLeaks.” He explains that claim based primarily off the assumption that the Russians would never employ such as buffoon as Guccifer, not direct knowledge. Remember Guccifer stated publicly he had given the documents to WikiLeaks, with no rebuttal from Assange I know of.

In other words, that doesn’t seem to make sense either. And with Assange you are by necessity dealing with documents passed through at least one and in the Podesta email case, perhaps two or more intermediaries. So even assuming the best effort to vet people on Assange’s side, he does have limited resources to do so himself.

One more comment. Murray ends with a description of the reception of the emails that doesn’t make sense at all. He suggests the “mainstream media” ignored concerns about the Clinton foundation (he doesn’t even mention that this coverage might come from the legally FOIAed emails). He says they ignored other details, such as that Donna Brazile gave Hillary a debate question and that the DNC conspired against Bernie. He claims members of the media “colluded” with the Hillary campaign.

I know some people believe these topics should have gotten more attention. Even if you believe these things, though, believing the traditional media didn’t cover them requires a blind spot about the massive Trump corruption they might have been covering instead.

All that neither proves or disproves that Murray believes he got documents from someone in the national security establishment that were legally obtained. It just might explain why he’d believe something that, in this case, makes no sense.

Update: Now Assange is saying his source wasn’t Guccifer. He also snipes about Murray’s comments.

“Craig Murray is not authorized to talk on behalf of WikiLeaks,” Assange said sternly.

 

Tory-Speak on the Torture Inquiry

I seem to be one of the biggest skeptics about the torture inquiry David Cameron announced this week. Among other things, I worry that Cameron intends to pressure plaintiffs who allege they were tortured into a mediated settlement to prevent more details of their torture from coming out. So I wanted to look at Cameron’s full statement about the inquiry for clarification.

Unfortunately, Cameron doesn’t offer any clarity on that key point: while he makes clear that the inquiry won’t start until “we’ve made enough progress,” he doesn’t specify either what “enough progress” is, or the precise role the government will play in mediating suits.

We can’t start that inquiry while criminal investigations are ongoing. And it’s not feasible to start it when there so many civil law suits that remain unresolved.So we want to do everything we can to help that process along. That’s why we are committed to mediation with those who have brought civil claims about their detention in Guantanamo. And wherever appropriate, we will offer compensation.

As soon as we’ve made enough progress, an independent Inquiry will be held.

His office’s summary is barely more specific.

The Government is committed to a mediation process with those who have brought civil claims about their detention in Guantanamo;

Though my suspicion does seem to be correct on one point: the call for mediation reflects a preference to solve these legal questions outside of the courts and therefore out of public view.

As for one of the other key questions about the inquiry, Cameron appears to say the inquiry will examine not just whether Brits ordered up torture, but also to what extent the government knowingly accepted information collected using torture–the question that Craig Murray has pushed.

It will look at whether Britain was implicated in the improper treatment of detainees held by other countries that may have occurred in the aftermath of 9/11. And if we were, what went wrong, and what do we need to do to learn the lessons.

So the inquiry will need to look at our security departments and intelligence services.

Should we have realised sooner that what foreign agencies were doing may have been unacceptable and that we shouldn’t be associated with it? Did we allow our own high standards to slip – either systemically or individually? Did we give clear enough guidance to officers in the field?

Was information flowing quickly enough from officers on the ground to the intelligence services and then on to Ministers – so we knew what was going on and what our response should be?

That said, Cameron also seems to know the answer to the last question–what the UK’s response to learning of torture should be. The answer? Whatever the Ministers say it should be.

That’s why today, we are also publishing the guidance issued to intelligence and military personnel on how to deal with detainees held by other countries. The previous Government had promised to do this, but didn’t. We are.

It makes clear that:

One – our Services must never take any action where they know or believe that torture will occur.

Two – if they become aware of abuses by other countries they should report it to the UK government so we can try to stop it.

And three – in cases where our Services believe that there may be information crucial to saving lives but where there may also be a serious risk of mistreatment, it is for Ministers – rightly – to determine the action, if any, our Services should take. [my emphasis]

That is, even while announcing this torture inquiry, Cameron is saying that that the response that the Foreign Office gave Craig Murray when he raised torture concerns–that he didn’t understand the moral trade-offs that Ministers make…

I gave Craig a copy of your revised draft telegram (attached) and took him through this. I said that he was right to raise with you and Ministers (Jack Straw) his concerns about important legal and moral issues. We took these very seriously and gave a great deal of thought to such issues ourselves. There were difficult ethical and moral issues involved and at times difficult judgements had to be made weighing one clutch of “moral issues” against another. It was not always easy for people in post (embassies) to see and appreciate the broader picture, eg piecing together intelligence material from different sources in the global fight against terrorism. But that did not mean we took their concerns any less lightly.

…is precisely the answer he wants, too. If the Prime Minister or Foreign Minister say it’s okay to look the other way while close friends torture British citizens, then it’s okay, I guess.

Particularly with that in mind, I was particularly interested in this dogwhistle Cameron included twice in his speech.

In the past, it was the intelligence services that cracked the secrets of Enigma and helped deliver victory in World War II. They recruited Russian spies like Gordievsky and Mitrokin and kept Britain safe in the Cold War. And they helped disrupt the Provisional IRA in the 1980s and 1990s.

Read more