Posts

NYT Does Not Have the Smoking Gun on Trump Campaign Email Knowledge

The NYT had a complex story today, reporting three things:

  1. The counterintelligence investigation into the Trump campaign followed from a drunken conversation George Papadopoulos had in May 2016 with Aussie Ambassador to the UK, Alexander Downer
  2. Papadopoulos was more influential than Trump’s team has made out
  3. Papadopoulos pitched an April 2016 Trump foreign policy speech as a signal to Russia that Trump would be willing to meet

It’s the first detail that has attracted all the attention. NYT reported it this way:

During a night of heavy drinking at an upscale London bar in May 2016, George Papadopoulos, a young foreign policy adviser to the Trump campaign, made a startling revelation to Australia’s top diplomat in Britain: Russia had political dirt on Hillary Clinton.

About three weeks earlier, Mr. Papadopoulos had been told that Moscow had thousands of emails that would embarrass Mrs. Clinton, apparently stolen in an effort to try to damage her campaign.

Exactly how much Mr. Papadopoulos said that night at the Kensington Wine Rooms with the Australian, Alexander Downer, is unclear. But two months later, when leaked Democratic emails began appearing online, Australian officials passed the information about Mr. Papadopoulos to their American counterparts, according to four current and former American and foreign officials with direct knowledge of the Australians’ role.

[snip]

Not long after, however, he opened up to Mr. Downer, the Australian diplomat, about his contacts with the Russians. It is unclear whether Mr. Downer was fishing for that information that night in May 2016. The meeting at the bar came about because of a series of connections, beginning with an Israeli Embassy official who introduced Mr. Papadopoulos to another Australian diplomat in London.

It is also not clear why, after getting the information in May, the Australian government waited two months to pass it to the F.B.I. In a statement, the Australian Embassy in Washington declined to provide details about the meeting or confirm that it occurred.

NYT’s story does pose a good question: why the Australians didn’t tell the US about this conversation until July, after Wikileaks started releasing DNC emails.

But the few GOPers who have responded to this news raise another question: did the Aussies even know what emails Papadopoulos was talking about?

As I noted in October, we actually don’t know what emails Joseph Misfud was talking about when he told Papadopoulos the Russians had dirt on Hillary. Trumpsters are now suggesting these emails might be those Guccifer 1.0 stole from Hillary, but they could be a range of other emails.

This story would be far more damning if the NYT knew for sure that the emails were ones freshly stolen from DNC, John Podesta, or the Hillary campaign itself, but they don’t.

The uncertainty about what emails Papadopoulos learned about — and revealed to Downer — might explain why the Aussies didn’t tell the US right away. If the Australians didn’t know what emails the Russians had, it might explain their lack of urgency. If the emails were known Guccifer 1.0 emails, it wouldn’t be news. But it doesn’t explain why the Aussies didn’t tell the US in June, when Guccifer 2.0 started releasing documents, but instead waited until their own citizen, Julian Assange, started releasing some on July 22.

All this could be a lot more easily explained if we knew the one detail the NYT admits it didn’t confirm: whether and when Papadopoulos told the campaign that the Russians had emails (and whether he knew which emails the Russians had).

In late April, at a London hotel, Mr. Mifsud told Mr. Papadopoulos that he had just learned from high-level Russian officials in Moscow that the Russians had “dirt” on Mrs. Clinton in the form of “thousands of emails,” according to court documents. Although Russian hackers had been mining data from the Democratic National Committee’s computers for months, that information was not yet public. Even the committee itself did not know.

Whether Mr. Papadopoulos shared that information with anyone else in the campaign is one of many unanswered questions. He was mostly in contact with the campaign over emails. The day after Mr. Mifsud’s revelation about the hacked emails, he told Mr. [Stephen] Miller in an email only that he had “interesting messages coming in from Moscow” about a possible trip. The emails obtained by The Times show no evidence that Mr. Papadopoulos discussed the stolen messages with the campaign.

NYT makes clear Papadopoulos (who was, after all, remote and traveling a lot) primarily communicated via emails. But the emails they obtained (but didn’t share) don’t include any evidence of him telling the campaign about the emails (much less which ones they were).

Which brings us to a point I made in November: when the FBI arrested Papadopoulos in July, they believed he lied to hide whether he told the campaign about the emails, but they de-emphasized that detail in the October plea deal.

[T]he description of the false statements makes the import of them far more clear (import that the Special Counsel seems to want to obscure for now). Papadopoulos lied about the circumstances of his conversations with Mifsud — the FBI appears to have believed when they arrested him in July — as part of a story to explain why, after having heard about dirt in the form of thousands of emails from Hillary, he didn’t tell anyone else on the campaign about them. Laid out like this, it’s clear Papadopoulos was trying to hide both when he learned about the emails (just three days before the DNC did, as it turns out, not much earlier as he seems to have suggested in January), but also how important he took those emails to be (which in his false story, he tied to to a false story about how credible he found Mifsud to be).

FBI found those lies to be significant enough to arrest him over because they obscured whether he had told anyone on the campaign that the Russians had dirt in the form of Hillary emails.

To be sure, nothing in any of the documents released so far answer the questions that Papadopoulos surely spent two months explaining to the FBI: whether he told the campaign (almost certainly yes, or he wouldn’t have lied in the first place) and when (with the big import being on whether that information trickled up to Paul Manafort and Jared Kushner before they attended a meeting on June 9, 2016 in hopes of obtaining such dirt).

I’m sure that’s intentional. You gotta keep everyone else guessing about what Mueller knows.

The NYT’s sources are described as “four current and former American and foreign officials with direct knowledge of the Australians’ role,” though this statement — and a past willingness on behalf of Papadopoulos’ fiancée to provide details and emails — suggests that people close to Papadopoulos cooperated as well: ” Papadopoulos’s lawyers declined to provide a statement.”

The point being, we still don’t have the most important detail of this story: whether Papadopoulos told the campaign about the emails, but more importantly, what the emails were.

Thus far, everyone seems intent on withholding that detail.

Guccifer 1’s Potentially Russian IP Address

I’m a bit late to the FBI report on Hillary’s emails. I’m reading it now for all the details that don’t serve to reinforce one’s assumptions about Hillary’s email scandal (as the report honestly can do for all sides).

But I wanted to point to this detail. In the report’s short discussion of Guccifer 1’s hack of Sidney Blumenthal, the report suggests that Guccifer may have tried to hack Hillary in the days after hacking Blumenthal.

screen-shot-2016-09-07-at-3-05-04-pm

The passage is appropriately ambiguous. Guccifer (Lazar) successfully hacked Blumenthal on March 14, 2013. The next day — and again on March 19 and 21 — there were unsuccessful probes on Hillary’s server. The FBI suggests those may have been Guccifer, though states it doesn’t know whether it is or not (which is weird, because Guccifer has been in US custody for some time, though I suppose his lawyer advised him against admitting he tried to hack Hillary).

I find all this interesting because those probes were made from Russian and Ukrainian IPs. That’s not surprising. Lots of hackers use Russian and Ukrainian IPs. What’s surprising is there has been no peep about this from the Russian fear industry.

That may be because the FBI isn’t leaking wildly about this. Or maybe FBI has less interest to pretend that all IPs in Russia are used exclusively by state agents of Vlad Putin (not least because then they should have been looking for Russians hacking the DNC?).

It’s just an example of what an attempted hack might look like without that Russian fear industry.

 

Two (Three, Four?) Data Points on DNC Hack: Why Does Wikileaks Need an Insurance File?

Actually, let me make that three data points. Or maybe four.

First, Reuters has reported that the DCCC has also been hacked, with the hacker apparently believed to be the same entity (APT28, also believed to be GRU). The hackers created a spoof version of ActBlue, which donors use to give money to campaigns.

The intrusion at the group could have begun as recently as June, two of the sources told Reuters.

That was when a bogus website was registered with a name closely resembling that of a main donation site connected to the DCCC. For some time, internet traffic associated with donations that was supposed to go to a company that processes campaign donations instead went to the bogus site, two sources said.

The sources said the Internet Protocol address of the spurious site resembled one used by Russian government-linked hackers suspected in the breach of the DNC, the body that sets strategy and raises money for the Democratic Party nationwide.

That would mean hackers were after either the donations themselves, the information donors have to provide (personal details including employer and credit card or other payment information), or possibly the bundling information tied to ActBlue.

Second, Joe Uchill, who wrote one of the stories — on two corrupt donors to the Democratic Party — that preceded both publication at the Guccifer 2 site and Wikileaks, said Guccifer gave him the files for the story because Wikileaks was dawdling in publishing what they had.

Screen Shot 2016-07-29 at 12.59.01 PM
Guccifer posted some of the documents Uchill used here.

This detail is important because it says Julian Assange is setting the agenda (and possibly, the decision to fully dox DNC donors) for the Wikileaks release, and that agenda does not perfectly coincide with Guccifer’s (which is presumed to be a cut-out for GRU).

As I’ve noted, Wikileaks has its own beef with Hillary Clinton, independent of whom Vladimir Putin might prefer as President or any other possible motive for Russia to do this hack.

Now consider this bizarre feature of several high level leak based stories on the hack: the claim of uncertainty about how the files got from the hackers to Wikileaks. This claim, from NYT, seems bizarrely stupid, as Guccifer and Wikileaks have both said the former gave the latter the files.

The emails were released by WikiLeaks, whose founder, Julian Assange, has made it clear that he hoped to harm Hillary Clinton’s chances of winning the presidency. It is unclear how the documents made their way to the group. But a large sampling was published before the WikiLeaks release by several news organizations and someone who called himself “Guccifer 2.0,” who investigators now believe was an agent of the G.R.U., Russia’s military intelligence service

The claim seems less stupid when you consider these two cryptic comments from two equally high level sourced piece from WaPo. In a story on FBI’s certainty Russia did the hack(s), Ellen Nakashima describes that the FBI is less certain that Russia passed the files to Wikileaks.

What is at issue now is whether Russian officials directed the leak of DNC material to the anti-secrecy group WikiLeaks — a possibility that burst to the fore on the eve of the Democratic National Convention with the release of 20,000 DNC emails, many of them deeply embarrassing for party leaders.

The intelligence community, the officials said, has not reached a conclusion about who passed the emails to WikiLeaks.

“We have not drawn any evidentiary connection to any Russian intelligence service and WikiLeaks — none,” said one U.S. official. Doing so will be a challenge, in part because the material may not have been passed electronically. [my emphasis]

The claim appears this way in a more recent report.

The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

Now, the doubts about whether the files were passed electronically is thoroughly fascinating. I assume the NSA has Assange — and potentially even the Wikileaks drop — wired up about 100 different ways, so the questions about whether the files were passed electronically may indicate that they didn’t see them get passed in such a fashion.

Add in the question of whether they’re even the same emails! We know the DCCC hack is targeting donor information. The Wikileaks release included far more than that. Which raises the possibility GRU is only after donor information (which is part of, but just one part of, what Guccifer has released).

But then there’s this detail. On June 17, Wikileaks released an insurance file — a file that will be automatically decrypted if Wikileaks is somehow impeded from releasing the rest of the files. It has been assumed that the contents of that file are just the emails that were already released, but that is almost certainly not the case. After all, Wikileaks has already released further documents (some thoroughly uninteresting voice mails that nevertheless further impinge on the privacy of DNC staffers). They have promised still more, files they claim will be more damaging. Indeed, Wikileaks claims there’s enough in what they have to indict Hillary, though such claims should always be taken with a grain of salt. Correction: That appears to have been a misunderstanding about what Assange said about the previously released State emails.

But here’s the other question.

There’s no public discussion of Ecuador booting Assange from their Embassy closet (though I’m sure they’re pretty tired of hosting him). His position — and even that of Wikileaks generally — seems pretty stable.

So why does Assange believe they need an insurance file? I don’t even remember the last time they issued an insurance file (update: I think it was when they released an insurance file of Chelsea Manning’s documents). So is there someone else in the process that needs an insurance file? Is there someone else in the process that would use the threat of full publication of the files (which presumably is going to happen anyway) to ensure safety?

I’ll leave that question there.

That said, these data point confirms there are at least two players with different motivations: Wikileaks, and the Russian hackers. But the FBI isn’t even certain whether the files the Russians took are the same that Wikileaks released, which might suggest a third party.

Meanwhile, James Clapper (who thankfully is willing to poo poo claims that hacks that we ourselves do are unique) seems very interested in limiting the panic about this hack.

Update: Oh! I forgot this fifth data point. This absolutely delightful take-down of Debbie Wasserman Schultz includes this claim that Wikileaks has malware in its site, which I’ve asked around and doesn’t seem to be true.

Staff members were briefed in a Tuesday afternoon meeting in Washington that their personal data was part of the hack, as were Social Security numbers and other information for donors, according to people who attended. Don’t search WikiLeaks, they were told — malware is embedded throughout the site, and they’re looking for more data.

Who told the DNC Wikileaks is releasing malware, and why?

Update: here’s what the malware claim is about: When it posted the “AKP emails,”  WL either added or did not remove a bunch of malware included in those emails, and as a result, that malware is still posted at the site. That is, the malware is associated with a separate set of documents available at the site.