Posts

Elon Musk’s Machine for Fascism: A Tale of Three Elections

Since the spring (when I first started writing this post), I’ve been trying to express what I think Elon Musk intended to do with his $44 billion purchase of Twitter, to turn it into a Machine for Fascism.

Ben Collins wrote a piece — which he has been working on even longer than I have on this post — that led me to return to it.

Collins returns to some texts sent to Elmo in April 2022, just before he bought Twitter, which referenced an unsigned post published at Revolver News laying out a plan for Twitter.

On the day that public records revealed that Elon Musk had become Twitter’s biggest shareholder, an unknown sender texted the billionaire and recommended an article imploring him to acquire the social network outright.

Musk’s purchase of Twitter, the 3,000-word anonymous article said, would amount to a “declaration of war against the Globalist American Empire.” The sender of the texts was offering Musk, the Tesla and SpaceX CEO, a playbook for the takeover and transformation of Twitter. As the anniversary of Musk’s purchase approaches, the identity of the sender remains unknown.

The text messages described a series of actions Musk should take after he gained full control of the social media platform: “Step 1: Blame the platform for its users; Step 2: Coordinated pressure campaign; Step 3: Exodus of the Bluechecks; Step 4: Deplatforming.”

The messages from the unknown sender were revealed in a court filing last year as evidence in a lawsuit Twitter brought against Musk after he tried to back out of buying it. The redacted documents were unearthed by The Chancery Daily, an independent legal publication covering proceedings before the Delaware Court of Chancery.

The wording of the texts matches the subtitles of the article, “The Battle of the Century: Here’s What Happens if Elon Musk Buys Twitter,” which had been published three days earlier on the right-wing website revolver.news.

Collins lays out that the post significantly predicted what has happened since, including an attack on the Anti-Defamation League.

The article on Beattie’s site begins with a baseless claim that censorship on Twitter cost President Donald Trump the 2020 election. “Free speech online is what enabled the Trump revolution in 2016,” the anonymous author wrote. “If the Internet had been as free in 2020 as it was four years before, Trump would have cruised to reelection.”

The author said that “Step 1” after a Musk takeover would be: “Blame the platform for its users.” He or she predicted that “Twitter would be blamed for every so-called act of ‘racism’ ‘sexism’ and ‘transphobia’ occurring on its platform.”

After Musk’s purchase of Twitter was finalized in October 2022, he allowed previously suspended accounts to return. Among them, he restored the account of Trump, whom Twitter had banned after the Jan. 6 Capitol insurrection, as well as the personal accounts of far-right Rep. Marjorie Taylor Greene, R-Ga., and the founder of a neo-Nazi website, Andrew Anglin.

The article predicted that “Step 2” would involve a “Coordinated pressure campaign” by the ADL and other nonprofit groups to get Musk to reinstate the banned accounts. “A vast constellation of activists and non-profits” will lurch into action to “put more and more pressure on the company to change its ways,” the article reads.

The next step, the revolver.news article predicted, would be the “Exodus of the bluechecks.” The term “bluechecks” refers to a former identity verification system on Twitter that confirmed the authenticity of the accounts of celebrities, public figures and journalists.

Musk experimented with and ultimately eliminated Twitter’s verification system of “bluechecks.” As the article predicted, the removal resulted in a public backlash and an exponential drop in advertisers and revenue. Other developments, including Musk’s drastically reducing the number of staffers who monitor tweets and a rise in hate speech, also contributed to the dynamic.

The article predicted that a final step, “Step 4,” would be the “deplatforming” of Twitter itself. He said a Musk-owned Twitter would face the same fate as Parler, a platform that presented itself as a “free speech” home for the right. After numerous calls for violence on Jan. 6 were posted on Parler, Google and Apple removed it from their app stores on the grounds that it had allowed too many posts that promoted violence, crime and misinformation.

Collins notes that the identity of the person who wrote the post on Revolver and sent the texts to Elmo has never been revealed. He seems to think it is Darren Beattie, the publisher of Revolver, whose white supremacist sympathies got him fired from Trump’s White House.

I’m not convinced the post was from Beattie. Others made a case that the person who texted Elmo was Stephen Miller (not least because there’s a redaction where his name might appear elsewhere in the court filing).

But I think Collins’ argument — that Elmo adopted a plan to use Twitter as a Machine for Fascism from the start, guided in part by that post, a post that has some tie to Russophile propagandist Beattie — persuasive.

Then again, I’ve already been thinking about the way that Elmo was trying to perfect a Machine for Fascism.

2016: Professionalizing Trolling

One thing that got me thinking about Elmo’s goals for Twitter came from reading the chatlogs from several Twitter listservs that far right trolls used to coordinate during the 2016 election, introduced as exhibits in Douglass Mackey’s trial for attempting to convince Hillary voters to text their votes rather than casting them at polling places.

The trolls believed, in real time, that their efforts were historic.

On the day Trump sealed his primary win in 2016, for example, Daily Stormer webmaster Andrew “Weev” Auernheimer boasted on a Fed Free Hate Chat that, “it’s fucking astonishing how much reach our little group here has between us, and it’ll solidify and grow after the general.” “This is where it all started,” Douglass Mackey replied, according to exhibits introduced at his trial. “We did it.”

After Trump’s November win became clear, Microchip — a key part of professionalizing this effort — declared, “We are making history,” before he immediately started pitching the idea of flipping a European election (as far right trolls attempted with Emmanuel Macron’s race in 2017) and winning the 2020 election.

By that point, the trolls had been working on–and fine tuning–this effort for at least a year.

Most chilling in the back-story presented in exhibits submitted at trial is the description of how Weev almost groomed Mackey, starting in 2015. “Thanks to weev I am inproving my rhetoric. People love it,” Mackey said in the Fed Free Hate Chat in November 2015. He boasted that his “exploding” twitter account was averaging 300,000 impressions every day, before he mused, “I just hope all this shitlording goes real life.” Two days later Weev admired that, “ricky’s audience expands rapidly, he’s now a leading polemicist” [Mackey did all this under the pseudonym Ricky Vaughn].

Weev and Mackey explained their ideological goals. “The goal is to give people simple lines they can share with family or around the water cooler,” Mackey described to Bidenshairplugs in September 2015. When Weev proposed in January 2016 that he and Mackey write a guide to trolling, he described the project as “ideological disruption” and “psychological loldongs terrorism.” The Daily Stormer webmaster boasted, “i am absolutely sure we can get anyone to do or believe anything as long as we come up with the right rhetorical formula and have people actually try to apply it consistently.” And so they explained the objectives to others. “[R]eally good memes go viral,” Mackey explained to AmericanMex067 on May 10, 2016. “really really good memes become embedded in our consciousness.”

One method they used was “highjacking hashtags,” either infecting the pro-Hillary hashtags pushed by Hillary or filling anti-Trump hashtags with positive content.

Another was repetition. “repitition is key. \’Crooked Hillary created ISIS with Obama\’ repeat it again and again.” Trump hasn’t been repeating the same stupid attacks for 8 years because he’s uncreative or stupid. He’s doing it to intentionally troll America’s psyche.

A third was playing to the irrationality of people. HalleyBorderCol as she pitched the text to vote meme: people aren’t rational. a significant proportion of people who hear the rumour will NOT hear that the rumour has been debunked.”

One explicit goal was to use virality to get the mainstream press to pick up far right lines. Anthime “Baked Alaska” Gionet described that they needed some tabloid to pick up their false claims about celebrities supporting Trump. “We gotta orchestrate it so good that some shitty tabloid even picks it up.” As they were trying to get the Podesta emails to trend in October 2016, P0TUSTrump argued, “we need CNN wnd [sic] liberal news forced to cover it.”

Microchip testified to the methodology at trial.

Q What does it mean to hijack a hashtag?

A So I guess I can give you an example, is the easiest way. It’s like if you have a hashtag — back then like a Hillary Clinton hashtag called “I’m with her,” then what that would be is I would say, okay, let’s take “I’m with her” hashtag, because that’s what Hillary Clinton voters are going to be looking at, because that’s their hashtag, and then I would tweet out thousands of — of tweets of — well, for example, old videos of Hillary Clinton or Bill Clinton talking about, you know, immigration policy for back in the ’90s where they said: You know, we should shut down borders, kick out people from the USA. Anything that was disparaging of Hillary Clinton would be injected into that — into those tweets with that hashtag, so that would overflow to her voters and they’d see it and be shocked by it.

Q Is it safe to say that most of your followers were Trump supporters?

A Oh, yeah.

Q And so by hijacking, in the example you just gave a Hillary Clinton hashtag, “I am with her,” you’re getting your message out of your silo and in front of other people who might not ordinarily see it if you just posted the tweet?

A Yeah, I wanted to infect everything.

Q Was there a certain time of day that you believed tweeting would have a maximum impact?

A Yeah, so I had figured out that early morning eastern time that — well, it first started out with New York Times. I would see that they would — they would publish stories in the morning, so the people could catch that when they woke up. And some of the stories were absolutely ridiculous — sorry. Some of the stories were absolutely ridiculous that they would post that, you know, had really no relevance to what was going on in the world, but they would still end up on trending hashtags, right? And so, I thought about that and thought, you know, is there a way that I could do the same thing.

And so what I would do is before the New York Times would publish their — their information, I would spend the very early morning or evening seeding information into random hashtags, or a hashtag we created, so that by the time the morning came around, we had already had thousands of tweets in that tag that people would see because there wasn’t much activity on Twitter, so you could easily create a hashtag that would end up on the trending list by the time morning came around.

In the 2016 election, this methodology served to take memes directly from the Daily Stormer, launder them through 4Chan, then use Twitter to inject them into mainstream discourse. That’s the methodology the far right still uses, including Trump when he baits people to make his Truth Social tweets go viral on Twitter. Use Twitter to break out of far right silos and into those of Hillary supporters to recodify meaning, and ensure it all goes viral so lazy reporters at traditional outlets republish it for free, using such tweets to supplant rational discussion of other news.

And as Microchip testified, in trolling meaning and rational arguments don’t matter. Controversy does.

Q What was it about Podesta’s emails that you were sharing?

A That’s a good question.

So Podesta ‘s emails didn’t, in my opinion, have anything in particularly weird or strange about them, but my talent is to make things weird and strange so that there is a controversy. So I would take those emails and spin off other stories about the emails for the sole purpose of disparaging Hillary Clinton.

T[y]ing John Podesta to those emails, coming up with stories that had nothing to do with the emails but, you know, maybe had something to do with conspiracies of the day, and then his reputation would bleed over to Hillary Clinton, and then, because he was working for a campaign, Hillary Clinton would be disparaged.

Q So you’re essentially creating the appearance of some controversy or conspiracy associated with his emails and sharing that far and wide.

A That’s right.

Q Did you believe that what you were tweeting was true?

A No, and I didn’t care.

Q Did you fact-check any of it?

A No.

Q And so what was the ultimate purpose of that? What was your goal?

A To cause as much chaos as possible so that that would bleed over to Hillary Clinton and diminish her chance of winning.

The far right is still using this methodology to make the corrupt but not exceptional behavior of Hunter Biden into a topic that convinces half the electorate that Joe Biden is as corrupt as Donald Trump. They’ve used this methodology to get the vast majority of media outlets to chase Hunter Biden’s dick pics like six year old chasing soccer balls.

Back in 2016, the trolls had a good sense of how their efforts helped to support Trump’s electoral goals. In April 2016, for example, Baked Alaska pitched peeling off about a quarter of Bernie Sanders’ votes. “Imagine if we got even 25% of bernie supporters to ragevote for trump.” On November 2, 2016, the same day he posted the meme that got him prosecuted, Mackey explained that the key to winning PA was “to drive up turnout with non-college whites, and limit black turnout.” One user, 1080p, seemed to have special skills — if not sources — to adopt the look and feel of both campaigns.

And this effort worked in close parallel to Trump’s efforts. As early as April, Baked Alaska invited Mackey to join a campaign slack “for more coordinated efforts.”

And there are several participants in the troll chatrooms whose actions or efforts to shield their true identities suggest they may be closely coordinating efforts as well.

Even in the unfettered world of 2016, Twitter’s anemic efforts to limit the trolls’ manipulation of Twitter was a common point of discussion.

For example, as the trolls were trying to get Podesta’s emails trending, HalleyBorderCol complained, “we haven’t been able to get anything to trend for aaaages … unless they changed their algorithms, they must be watching what we’re doing.” Later in October as they were launching two of their last meme campaigns, ImmigrationX complained,”I see Jack in full force today suppressing hashtags.”

Both Mackey and Microchip were banned multiple times. “Microchip get banned again??” was a common refrain. “glad to be back,” Microchip claimed on September 24. “they just banned me two times in 3 mins.” He warned others to follow-back slowly to evade an auto-detect for newly created accounts. “some folks are being banned right now, apparently, so if I’m banned for some reason, I’ll be right back,” Microchip warned on October 30. “Be good till nov 9th brother! We need your ass!” another troll said on the day Mackey was banned; at the time Microchip was trending better than Trump himself. Mackey’s third ban in this period, in response to the tweets a jury has now deemed to be criminal, came with involvement from Jack Dorsey personally.

Both testified at trial about the techniques they used to thwart the bans (including using a gifted account to return quickly, in Mackey’s case). Microchip built banning, and bot-based restoration and magnification, into his automation process.

2020: Insurrection

The far right trolls succeeded in helping Donald Trump hijack American consciousness in 2016 to get elected.

By the time the trolls — some of whom moved into far more powerful positions with Trump’s election — tried again in 2020, the social media companies had put far more controls on the kinds of viral disinformation that trolls had used with such success in 2016.

As Yoel Roth explained during this year’s Twitter hearing, the social media companies expanded their moderation efforts with the support of a bipartisan consensus formulated in response to Russia’s (far less successful than the far right troll efforts) 2016 interference efforts.

Rep. Shontel Brown

So Mr. Roth, in a recent interview you stated, and I quote, beginning in 2017, every platform Twitter included, started to invest really heavily in building out an election integrity function. So I ask, were those investments driven in part by bipartisan concerns raised by Congress and the US government after the Russian influence operation in the 2016 presidential election?

Yoel Roth:

Thank you for the question. Yes. Those concerns were fundamentally bipartisan. The Senate’s investigation of Russian active measures was a bipartisan effort. The report was bipartisan, and I think we all share concerns with what Russia is doing to meddle in our elections.

But in advance of the election, Trump ratcheted up his attacks on moderation, personalizing that with a bullying attack on Roth himself.

In the spring of 2020, after years of internal debate, my team decided that Twitter should apply a label to a tweet of then-President Trump’s that asserted that voting by mail is fraud-prone, and that the coming election would be “rigged.” “Get the facts about mail-in ballots,” the label read.

On May 27, the morning after the label went up, the White House senior adviser Kellyanne Conway publicly identified me as the head of Twitter’s site integrity team. The next day, The New York Post put several of my tweets making fun of Mr. Trump and other Republicans on its cover. I had posted them years earlier, when I was a student and had a tiny social media following of mostly my friends and family. Now, they were front-page news. Later that day, Mr. Trump tweeted that I was a “hater.”

Legions of Twitter users, most of whom days prior had no idea who I was or what my job entailed, began a campaign of online harassment that lasted months, calling for me to be fired, jailed or killed. The volume of Twitter notifications crashed my phone. Friends I hadn’t heard from in years expressed their concern. On Instagram, old vacation photos and pictures of my dog were flooded with threatening comments and insults.

In reality, though, efforts to moderate disinformation did little to diminish the import of social media to right wing political efforts. During the election, the most effective trolls were mostly overt top associates of Donald Trump, or Trump himself, as this table I keep posting shows.

The table, which appears in a Stanford University’s Election Integrity Project report on the election, does not reflect use of disinformation (as the far right complains when they see it). Rather, it measures efficacy. Of a set of false narratives — some good faith mistakes, some intentional propaganda — that circulated on Twitter in advance of the election, this table shows who disseminated the false narratives that achieved the most reach. The false narratives disseminated most broadly were disseminated by Donald Trump, his two adult sons, Tom Fitton, Jack Posobiec, Gateway Pundit, Charlie Kirk, and Catturd. The least recognized name on this list, Mike Roman, was among the 19 people indicted by Fani Willis for efforts to steal the election in Georgia. Trump’s Acting Director of National Intelligence, Ric Grenell, even got into the game (which is unsurprising, given that before he was made Ambassador to Germany, he was mostly just a far right troll).

This is a measure of how central social media was to Trump’s efforts to discredit, both before and after the election, the well-run election that he lost.

The far right also likes to claim (nonsensically, on its face, because these numbers reflect measurements taken after the election) that these narratives were censored. At most, and in significant part because Twitter refused to apply its own rules about disinformation to high profile accounts including but not limited to Trump, this disinformation was labeled.

As the Draft January 6 Social Media Report described, they had some success at labeling disinformation, albeit with millions of impressions before Twitter could slap on a label.

Twitter’s response to violent rhetoric is the most relevant affect it had on January 6th, but the company’s larger civic integrity efforts relied heavily on labeling and downranking. In June of 2019, Twitter announced that it would label tweets from world leaders that violate its policies “but are in the public interest” with an “interstitial,” or a click-through warning users must bypass before viewing the content.71 In October of 2020, the company introduced an emergency form of this interstitial for high-profile tweets in violation of its civic integrity policy.” According to information provided by Twitter, the company applied this interstitial to 456 tweets between October 27″ and November 7″, when the election was called for then-President-Elect Joe Biden. After the election was called, Twitter stopped applying this interstitial.”* From the information provided by Twitter, it appears these interstitials had a measurable effect on exposure to harmful content—but that effect ceased in the crucial weeks before January 6th.

The speed with which Twitter labels a tweet obviously impacts how many users see the unlabeled (mis)information and how many see the label. For PIIs applied to high-profile violations of the civic integrity policy, about 45% of the 456 labeled tweets were treated within an hour of publication, and half the impressions on those tweets occurred after Twitter applied the interstitial. This number rose to more than eighty percent during election week, when staffing resources for civic issues were at their highest; after the election, staff were reassigned to broader enforcement work.” In answers to Select Committee questions during a briefing on the company’s civic integrity policy, Twitter staff estimates that PIIs prevented more than 304 million impressions on violative content. But at an 80% success rate, this still leaves millions of impressions.

But this labeling effort stopped after the election.

According to unreliable testimony from Brandon Straka the Stop the Steal effort started on Twitter. According to equally unreliable testimony from Ali Alexander, he primarily used Twitter to publicize and fundraise for the effort.

It was, per the Election Integrity Project, the second most successful disinformation after the Dominion propaganda.

And the January 6 Social Media Report describes that STS grew organically on Facebook after being launched on Twitter, with Facebook playing a losing game of whack-a-mole against new STS groups.

But as Alexander described, after Trump started promoting the effort on December 19, the role he would place became much easier.

Twitter wasn’t the only thing that brought a mob of people to DC and inspired many to attack the Capitol. There were right wing social media sites that may have been more important for organizing. But Twitter was an irreplaceable part of what happened.

The lesson of the 2020 election and January 6, if you care about democracy, is that Twitter and other social media companies never did enough moderation of violent speech and disinformation, and halted much of what they were doing after the election, laying the ground work for January 6.

The lesson of the 2020 election for trolls is that inadequate efforts to moderate disinformation during the election — including the Hunter Biden “laptop” operation — prevented Trump from pulling off a repeat of 2016. The lesson of January 6, for far right trolls, is that unfettered exploitation of social media might allow them to pull off a violent coup.

That’s the critical background leading up to Elmo’s purchase of Twitter.

2024: Boosting Nazis

The first thing Elmo did after purchasing Twitter was to let the far right back on.

More recently, he has started paying them money that ads don’t cover to subsidize their propaganda.

The second thing he did, with the Twitter Files, was to sow false claims about the effect and value of the moderation put into place in the wake of 2016 — an effort Republicans in Congress subsequently joined. The third thing Elmo did was to ratchet up the cost for the API, thereby making visibility into how Twitter works asymmetric, available to rich corporations and (reportedly) his Saudi investors, but newly unavailable to academic researchers working transparently. He has also reversed throttling for state-owned media, resulting in an immediate increase in propaganda.

He has done that while making it easier for authoritarian countries to take down content.

Elmo attempted, unsuccessfully, to monetize the site in ways that would insulate it from concerns about far right views or violence.

For months, Elmo, his favored trolls, and Republicans in Congress have demonized the work of NGOs that make the exploitation of Twitter by the far right visible. More recently, Elmo has started suing them, raising the cost of tracking fascism on Twitter yet more.

Roth recently wrote a NYT column that, in addition to describing the serial, dangerous bullying — first from Trump, then from Elmo — that this pressure campaign includes, laid out the stakes.

Bit by bit, hearing by hearing, these campaigns are systematically eroding hard-won improvements in the safety and integrity of online platforms — with the individuals doing this work bearing the most direct costs.

Tech platforms are retreating from their efforts to protect election security and slow the spread of online disinformation. Amid a broader climate of belt-tightening, companies have pulled back especially hard on their trust and safety efforts. As they face mounting pressure from a hostile Congress, these choices are as rational as they are dangerous.

In 2016, far right trolls helped to give Donald Trump the presidency. In 2020, their efforts to do again were thwarted — barely — by attempts to limit the impact of disinformation and violence.

But in advance of 2024, Elmo has reversed all that. Xitter has preferentially valued far right speech, starting with Elmo’s increasingly radicalized rants. More importantly, Xitter has preferentially valued speech that totally undercuts rational thought.

Elmo has made Xitter a Machine for irrational far right hate speech.

The one thing that may save us is that this Machine for Fascism has destroyed Xitter’s core value to aspiring fascists: it has destroyed Xitter’s role as a public square, from which normal people might find valuable news. In the process, Elmo has destroyed Twitter’s key role in bridging from the far right to mainstream readers.

But it’s not for lack of trying to make Xitter a Machine for Fascism.

How the Government Proved Their Case against John Podesta’s Hacker

We’re almost seven years past the hack of the DNC, and self-imagined contrarians are still clinging to conspiracy theories about the attribution of that and related hacks. In recent weeks, both Matt Taibbi and Jeff Gerth dodged questions about the attribution showing Russia’s role in the hack-and-leak by saying that the Mueller indictment of twelve GRU officers would never be tested in court (even while, especially in Gerth’s case, relying on unsubstantiated claims in John Durham indictments from his two failed prosecutions).

And while’s it’s likely true that DOJ will never extradite any of those twelve men to stand trial, DOJ did successfully convict one of their co-conspirators on a different hack: the hack-and-trade conspiracy involving Vladimir Klyushin and accused John Podesta hacker, Ivan [Y]Ermakov.

(The Mueller indictment and Ermakov’s second US indictment, for hacking anti-doping agencies, transliterated his name with a Y, the Boston one does not.)

That trial provides a way to show how DOJ would prove the 2018 indictment if one of the twelve men charged ever wandered into a jurisdiction with an extradition treaty with the US.

As laid out at trial, between 2018 and 2020, the co-conspirators hacked two securities filing agencies, Toppan Merrill and Donnelly Financial, to obtain earnings statements in advance of their filing, then traded based off advance knowledge of earnings. Klyushin was one of seven people (two charged in a separate indictment, three who were clients of Klyushin’s company M-13) who did the trading. Ermakov didn’t trade under his own name. He may have been compensated for Klyushin’s side of the trades with a Moscow home and a Porsche. But at least as early as May 9, 2018, forensic evidence introduced at trial shows, an IP address at which Ermakov’s iTunes account had just gotten updates was used to steal some of the filings.

Ermakov did not show up in a courtroom in Boston to stand trial and Klyushin has launched a challenge to his conviction that rests entirely on a challenge to venue there. But the jury did convict Klyushin on the hacking charge along with the trading charges, meaning a jury has now found DOJ proved Ermakov’s hacking beyond a reasonable doubt.

And they did it using the same kind of evidence cited in the Mueller indictment.

The crime scene

Start with the crime scene: the servers of the two filing agencies victimized in the hack-and-trade, Toppan Merrill and Donnelly Financial.

According to the trial record, neither figured out they had been hacked on their own. As the FBI had tried to do for months beforehand in the case of the DNC, a government agency, the SEC, had to tell them about it. The SEC had seen a number of Russians making big, improbable stock trades from clients of the two filing agencies, all in the same direction, and wanted to know why. So it sent subpoenas to both companies.

As the DNC did with CrowdStrike in 2016, both filing agencies hired an outside incident response contractor — Kroll Cyber in the case of Toppan Merrill, Ankura in the case of Donnelly Financial — to conduct an investigation.

The lead investigators from those two contractors were the first witnesses at trial. Each explained how they had been brought in in 2019 and described what they found as they began investigating the available logs, which went back six months, a year, and two years, depending on the type and company. The witness from Kroll described finding signs of hacking in Toppan Merrill’s logs:

The Ankura witness described how they first found the account of employee Julie Soma had been compromised, then used the IP addresses associated with that compromise to find other employees whose accounts were used to download reports or other unauthorized activity.

In sum, the two incident response witnesses described providing the FBI with the forensic details of their investigation — precisely the same thing that CrowdStrike provided to FBI from the DNC hack. There’s not even evidence that they shared a full image of the filing agencies’ servers (though an FBI agent described going back to Donnelly to search for the domain names behind the intrusions that Kroll had found at Toppan Merrill), which was one of the first conspiracy theories about the DNC hack Republicans championed: that the FBI failed to adequately investigate the DNC hack because it didn’t insist on seizing the actual victim servers during the middle of an election.

The forensic evidence wasn’t the only evidence submitted at trial from the crime scene. One after another of the employees whose credentials had been misused testified. Each described why they normally accessed customer records, if at all, how and when they would normally access such records, and from what locations they might access corporate servers remotely, including their use of the corporate VPN. Julie Soma — the Donnelly employee whose credentials were used most often to download customer filings — described that she would never have done what was done in this case, download one after another filing from Donnelly customers in alphabetical order.

Q. Would you ever go from client to client and alphabetically access those types of documents?

A. No.

Both interview records from the Mueller investigation (one, two, three) and documents from the Michael Sussmann case show that the FBI did similar interviews in the DNC hack. The Douglass Mackey trial, too, featured witnesses describing how the Hillary campaign identified that attack on the campaign as well.

In proving their case against John Podesta’s hacker, DOJ presented witness testimony that eliminated insiders as the culprit.

Fingerprinting

Having established the forensic data tied to intruders through the incident response contractors, prosecutors then called FBI agents as witnesses to describe how — largely through the use of IP addresses obtained using subpoenas or pen registers and the materials found in the suspects’ iCloud accounts — they tied Klyushin’s company, M-13, to both the hacking and the trading.

The trading was fairly easy: the co-conspirators accessed the two online brokers used to execute the trades under their own names and from IP addresses tied to M-13. An SEC witness described in detail how trades always shortly followed hacks but preceded the public filing of earnings statements.

Tying M-13 to the hacking took a few more steps.

For the hacking conducted via the domains Kroll identified, the FBI first found the account that registered the domains. Each was registered under a different name, but each of the names were based on a Latvian-based email service and used similar naming conventions. Each had been accessed from the same set of 3 IP addresses.

For IPs that Kroll identified, the FBI found BitLaunch servers created by an account in the name of Andrea Neumann, which was controlled from one of the same IP addresses that had registered the domain names. The FBI got search warrants to obtain images of those BitLaunch servers.

Another IP address used to steal filings, several FBI agents explained, was from an Italian-run VPN, AirVPN. The FBI used a pen register to show that someone accessed AirVPN from the M-13 IP address during the same period when the AirVPN IP was stealing records from the filing companies. The FBI also showed that Klyushin had accessed his bank at the same time from that same IP address. The FBI also showed that eight common IP addresses had accessed Ermakov’s iTunes account and the AirVPN IP address (in this case, the access was not at the same time because the FBI only had a pen register on the VPN for two months in 2020). While FBI witnesses couldn’t show that the specific activity tied to an AirVPN IP at the victim companies tied back to M-13, they did show that both Klyushin and Ermakov routinely used AirVPN.

Plus there were the filing thefts — noted above — that were done on May 9, 2018 using the same IP address that, four minutes earlier, had downloaded an Apple update from Ermakov’s iTunes account. As I’ve noted repeatedly, before Ermakov was first indicted by Mueller, he had already left a smoking gun in the servers at Donnelly in the form of IP activity that the FBI obtained over a year later inside the US.

In fact, much of the evidence used to prove this case (particularly establishing the close relationship between the conspirators) came from Apple, including WhatsApp chats saved in Klyushin and other co-conspirators’ iCloud accounts. We know Mueller used the same source of evidence. In March of this year, emails stolen by hacktivists revealed, Apple informed another of the GRU officers charged in the DNC hack that the FBI had obtained material from his Apple account in April 2018, in advance of the Mueller indictment.

The indictment likely also relied on warrants served on Google, especially on Ermakov’s account. The Mueller indictment (as well as the later anti-doping one) attributes much of the reconnaissance conducted in advance of the hacks to Ermakov: the names of some victims; information on the DNC, the Democratic Party, and Hillary; how to use PowerShell (which would be used against Toppan Merrill); and CrowdStrike’s reporting on GRU tools. If he did this research via Google, it would all be accessible with a warrant served on the US tech company.

The getaway car

One pervasive conspiracy theory about the Mueller indictment stems from testimony that Shawn Henry gave to the House Intelligence Committee in December 2017, describing that Crowdstrike did not see the data exfiltrated from the DNC servers. Denialists claim that is proof that the information was never exfiltrated by the GRU hackers. The conspiracy theory is ridiculous in any case, since there were so many other Russian hacks involving so many other servers, including servers run by Google and Amazon that had a different kind of visibility on the hack (something that Henry alluded to in his testimony), and since the indictment describes that the DNC hackers destroyed logs to cover their tracks.

But the Klyushin trial featured testimony about a tool used in the hack-and-trade conspiracy that has a parallel in the DNC hack: the AMS panel, hidden behind an overseas middle server, which the Mueller indictment described this way:

X-Agent malware implanted on the DCCC network transmitted information from the victims’ computers to a GRU-leased server located in Arizona. The Conspirators referred to this server as their “AMS” panel. KOZACHEK, MALYSHEV, and their co-conspirators logged into the AMS panel to use X-Agent’s keylog and screenshot functions in the course of monitoring and surveilling activity on the DCCC computers. The keylog function allowed the Conspirators to capture keystrokes entered by DCCC employees. The screenshot function allowed the Conspirators to take pictures of the DCCC employees’ computer screens.

[snip]

On or about April 19, 2016, KOZACHEK, YERSHOV, and their co-conspirators remotely configured an overseas computer to relay communications between X-Agent malware and the AMS panel and then tested X-Agent’s ability to connect to this computer. The Conspirators referred to this computer as a “middle server.” The middle server acted as a proxy to obscure the connection between malware at the DCCC and the Conspirators’ AMS panel. On or about April 20, 2016, the Conspirators directed X-Agent malware on the DCCC computers to connect to this middle server and receive directions from the Conspirators.

[snip]

For example, on or about April 22, 2016, the Conspirators compressed gigabytes of data from DNC computers, including opposition research. The Conspirators later moved the compressed DNC data using X-Tunnel to a GRU-leased computer located in Illinois.

In the hack-and-trade conspiracy, the hackers set up a similar structure, using the servers given names like “developingcloud” and “finshopland” as reverse proxies, with a final server behind them all executing orders on the hacked servers at Toppan Merrill (and the implication is, Donnelly, though the forensics came from Toppan Merrill via Kroll). The “computers numbered 1 through 7” in what follows are the servers identified by Kroll stealing earnings filings from Toppan Merrill.

A. So this is a digital depiction of the servers that I examined on the right there, so they each have a number on them, 1 through 9.

Q. Let me focus you first on the computers numbered 1 through 7. Do you see them there?

A. Yes.

Q. Are they kind of in a sideways V configuration?

A. Yes.

Q. Okay. And what do computers 1 through 7 show on this Exhibit DDD?

A. They functioned as gatekeepers for the furthest machine to the right, server number 8.

Q. And when you say “gatekeeper,” is there a technical term for that?

A. Yes. So the technical term is a “reverse proxy.”

Q. Can you explain to the jury, in a easy for me to understand way, what a reverse proxy or gatekeeper is in this chart, 1 through 7.

A. Yes. So in this chart, it would function — so the seven that are in that V formation, they would pass traffic to server number 8, if it was coming from an infected machine; and if it was something else, it would send the traffic to some other website.

This structure would have made it impossible for Toppan Merrill to understand the source or function of the anomalous traffic on its servers because any attempt to do so would be redirected away from the control server.

But not the FBI, because they obtained images of the servers with a warrant.

The forensic witness describing this structure showed, command by command, that the forensic clues identified by Kroll on the Toppan Merrill servers were controlled via that final server running PowerShell (the same tool that Mueller alleged Ermakov researched during the DNC hacks in 2016).

Q. And is there something on this log that you found that tells you the name of the program that was running on the victim’s computer at Toppan Merrill?

A. Yes, the process name line, and that reads rdtevc.

Q. And is process another name for computer program?

A. Yes.

Q. So this is a log that shows that a program named RDTEVC was running on a Toppan Merrill computer, right?

A. Yes.

Q. But it’s stored in the hacker computer?

[snip]

Q. And what does PowerShell do? You can call it anything, right? You can call it RDTEVC?

A. That’s probably a randomly chosen name.

Q. But no matter what it’s called, what does it do?

A. So it allows it to be remotely controlled and accessed.

Q. Allows what to be remotely controlled and accessed?

A. The infected machine.

The same forensic expert explained that he didn’t find any downloads of stolen files.

But he also explained why.

He had also found secure tunnels, readily available but similar in function to a proprietary GRU tool Crowdstrike found in the DNC server. As he described, these would be used to transfer data in encrypted form, making it impossible to identify the content of the data while it was in transit.

Q. Mr. Uitto, are you familiar with the concept of exfiltration?

A. Yes.

Q. Big word, but what does it mean?

A. It means to steal data, take data.

Q. And in your review, did you find evidence — you told Mr. Nemtsev you didn’t find evidence of the taking of data from the victim computers to these particular hacker servers; is that right?

A. That’s right, but I did see secure tunnels that were created.

Q. So when you say there were secure tunnels, were you able to tell what was going through those secure tunnels?

A. No.

Q. Those were encrypted, right?

A. Yes.

Q. So you actually don’t know whether or not there was financial information in those tunnels?

A. That’s correct.

Q. Or sports scores or anything?

A. That’s correct.

Q. It’s encrypted.

A. Yes.

[snip]

Q. What role does encryption serve in this hacker architecture?

[snip]

A. Yes, so it can be used to hide data or information.

Q. So if it’s encrypted, we can’t know what’s being passed?

To prove the hack, you would have to — and FBI did, in both cases — prove that the stolen data made it to the end point.

This testimony is important for more than explaining where you’d need to look to find proof of a hack (at the end points). It shows the import of understanding not just the crime scene and those end points, but the infrastructure used to control the hack and exfiltrate the data. With both the hack-and-trade conspiracy and the hack of the DNC, the FBI got forensics about the victim from the incident response contractors, but they obtained the data from these external servers directly, with warrants.

The denialists looking for proof in the DNC server were focused on just the crime scene, but not what I’ve likened to a getaway car, one to which the FBI had direct access but Crowdstrike did not.

Follow the money

Another specialized kind of fingerprint prosecutors used to prove the case against Klyushin parallels the one in the Mueller indictment (and, really, virtually all hacking cases these days): the cryptocurrency trail. As the Mueller indictment explained, the hackers who targeted the DNC used the same cryptocurrency account to pay for different parts of their infrastructure, thereby showing they were all related.

The funds used to pay for the dcleaks.com domain originated from an account at an online cryptocurrency service that the Conspirators also used to fund the lease of a virtual private server registered with the operational email account [email protected]. The dirbinsaabol email account was also used to register the john356gh URL-shortening account used by LUKASHEV to spearphish the Clinton Campaign chairman and other campaign-related individuals.

[snip]

For example, between on or about March 14, 2016 and April 28, 2016, the Conspirators used the same pool of bitcoin funds to purchase a virtual private network (“VPN”) account and to lease a server in Malaysia. In or around June 2016, the Conspirators used the Malaysian server to host the dcleaks.com website. On or about July 6, 2016, the Conspirators used the VPN to log into the @Guccifer_2 Twitter account. The Conspirators opened that VPN account from the same server that was also used to register malicious domains for the hacking of the DCCC and DNC networks.

By following the money, prosecutors were able to show the jury how these pieces of infrastructure fit together.

In the case of the hack-and-trade, the conspirators did nothing fancy to launder the cryptocurrency used in the operation. The servers obtained in the name of Andrea Neumann were paid using three successive cryptocurrency accounts, each with different names but accessed from the same IP address. The third name was Wan Connie. An interlocked Wan Connie email account had been accessed from M-13’s IP address. So while the cryptocurrency itself couldn’t tie the conspirators to the hack, the interlocked infrastructure did.

The conspiracy

To prove the hack, prosecutors at trial showed how the FBI had used evidence from the crime scene, the “getaway” car, the money trail, and evidence obtained at the end point from iCloud accounts to tie the hack back to Ermakov personally and M-13 more generally. The biggest smoking gun came from matching the IP addresses to which Ermakov got his iTunes updates to the infrastructure used in the hack (or, in the case of the May 9, 2018 thefts, directly to someone exploiting Julie Soma’s stolen credentials.

All that was left in the Klyushin case was proving the conspiracy, showing that Klyushin and others had used this stolen information to make millions by trading in advance of earnings announcements. This would be the functional equivalent of tying the records stolen from Democrats (and some Republicans) to their release via Guccifer 2.0, dcleaks, and WikiLeaks.

At Klyushin’s trial, the government proved the conspiracy via two means: an SEC analyst presented a bunch of coma-inducing analysis showing how the trades attributed to online brokerage accounts that Klyushin and others had in their own names lined up with the thefts. The analyst explained that odds of seeing those trading patterns would be virtually impossible.

More spectacularly, prosecutors introduced Klyushin’s role with a bunch of pictures establishing that he was “besties” with Ermakov (and, eventually, that there were unencrypted and encrypted communications, along with a picture of Klyushin’s yacht, sent via Ermkaov to two guys in St. Petersburg who didn’t work for M-13 but who were making the same pattern of trades); I looked at some of that evidence here. One picture found in Klyushin’s account showed Ermakov, crashed on a chair, wearing an M-13 sticker, taken in the same period as some of the logs provided by Kroll showed hacking activity. About the only thing the FBI found in Ermakov’s iCloud account was the online brokerage account used to execute the insider trading, in Klyushin’s name, but that tied him to the trading side of the conspiracy.

As their trades began to attract attention, Ermakov and another M-13 employee attempted to craft cover stories, evidence of which prosecutors found via Apple. Prosecutors even introduced Threema chats in which Ermakov told Klyushin, his boss, not to share details about their trading clients or he might end up a defendant in a trial.

He did.

And at that trial, prosecutors were able to prove a hacking conspiracy against Klyushin using evidence and victim testimony from the crime scene, but also from other data readily available with a subpoena or warrant inside the US.

Update: Tweaked language describing secure tunnels.

Elon Musk “Censors” Matt Taibbi’s Post about Twitter “Censoring” the “Hunter Biden” “Laptop” Story

Back in October 2020, #MattyDickPics Taibbi wrote a post on his Substack about the great scandal that Twitter throttled the dodgy NYPost story.

The incredible decision by Twitter and Facebook to block access to a New York Post story about a cache of emails reportedly belonging to Democratic nominee Joe Biden’s son Hunter, with Twitter going so far as to lock the 200 year-old newspaper out of its own account for over a week, continues to be a major underreported scandal.

The hypocrisy is mind-boggling. Imagine the reaction if that same set of facts involved the New York Times and any of its multitudinous unverifiable “exposes” from the last half-decade: from the similarly-leaked “black ledger” story implicating Paul Manafort, to its later-debunked “repeated contacts with Russian intelligence” story, to its mountain of articles about the far more dubious Steele dossier.

[snip]

The flow of information in the United States has become so politicized – bottlenecked by an increasingly brazen union of corporate press and tech platforms – that it’s become impossible for American audiences to see news about certain topics absent thickets of propagandistic contextualizing.

That makes the effect of Elon Musk’s decision yesterday to block links to Substack (as well as WordPress, on which this site is built) all the more tragicomic.

Here’s how that tragicomedy unfolded, in four five acts (note: Mehdi made the same joke I made yesterday at about the same time):

One:

Two:

Three:

Four:

Just days ago, as Mehdi Hasan shredded his false claims, #MattyDickPics squirmed as he explained that he had no criticism to make of authoritarian narcissist Elon Musk because he believed Musk intended to reverse what, #MattyDickPics claimed to believe, amounted to censorship from Twitter, including the throttling for 24-hours of one story from the NYPost.

Almost immediately after that, Elmo throttled not just #MattyDickPics’ own posts about “Hunter Biden’s” “laptop,” but scores of other such posts as well.

Update, Five:

Matt Taibbi Is Furious that Election Integrity Project Documented How Big Trump’s Big Lie Was

As you’ve no doubt heard, #MattyDickPics Taibbi went on Mehdi Hasan’s show yesterday and got called out for his false claims.

After the exchange, #MattyDickPics made a show of “correcting” some of his false claims, which in fact consisted of repeating the false claims while taking out the proof, previously included in the same tweet, that he had misquoted a screen cap to sustain his previous false claim.

#MattyDickPics made a mishmash of these same claims in his sworn testimony before Jim Jordan’s committee, which may be why he doesn’t want to make wholesale corrections. I look forward to him correcting the record on false claims made under oath.

#MattyDickPics also wrote a petulant post announcing that MSNBC sucks, in which, after a bunch of garbage that repeatedly cites Jeff Gerth as a factual source (!!!), finally gets around to admitting how sad he is that no one liked his Twitter Files thread making claims about the FBI.

After the first thread, Mehdi was one of 27 media figures to complain in virtually identical language: “Imagine volunteering to do PR work for the world’s richest man.”

I laughed about that, but couldn’t believe the reaction after Twitter Files #6, showing how Twitter communicated with the FBI and DHS through a “partner support channel,” and in response to state requests actioned accounts on both sides of the political aisle for harmless jokes. Mehdi’s take wasn’t that this information was wrong, or not newsworthy, but that it shouldn’t have been published because Elon Musk put Keith Olbermann in timeout for a day, or something. “Even Bari Weiss called him out, but Taibbi seems to want to tweet through it,” Mehdi tweeted.

If it sounds like my beef with MSNBC is personal, by now it is. Take the Twitter Files. When first presented with the opportunity to do that story, my first reaction was to be extremely excited, as any reporter would be, including anyone at MSNBC. In the next second however I was terrified, because I care about my job, and knew there would be a million eyes on this thing and a long way down if I got anything wrong. If you’ve ever wondered why I look 100 years old at 53 it’s because I embrace this part of the process. Audiences have a right to demand reporters lie awake nights in panic, and every good one I’ve ever met does.

But people who used to be my friends at MSNBC embraced a different model, leading to one of the biggest train wrecks in the history of our business. Now they have the stones to point at me with this “What happened to you?” routine. It’s rare that the following words are justified on every level, but really, MSNBC: Fuck you.

As I showed, #MattyDickPics made a number of egregiously false claims in that very same Twitter Files #6, the very same one he’s stewing over because it wasn’t embraced warmly.

But one of the other key false claims Mehdi caught #MattyDickPics making is far more important: the claim that the Election Integrity Project “censored” 22 million tweets; in his tweet, he claimed that “According to EIP’s own data, it succeeded in getting nearly 22 million tweets labeled in the runup to the 2020 vote.”

After Mehdi posted the appearance, #MattyDickPics “removed” his error.

Then, after a guy named Mike Benz, who is at the center of this misinformation project, misinformed him, #MattyDickPics reverted to his original false claim.

As to the factual dispute, there is none. #MattyDickPics and his Elmo-whisperer Mike Benz are wrong. The error stems from either an inability to read an academic methodology statement or the ethic among these screencap boys that says you can make any claim you want so long as you have a screencap with a key word in it.

At issue is a report the Election Integrity Project released in 2021 describing their two-phase intervention in the 2020 election. The first phase consisted of ticketing mis- or disinformation in real time in an attempt to stave off confusion about the election. Here’s the example of real-time ticketing they include in their report.

To illustrate the scope of collaboration types discussed above, the following case study documents the value derived from the multistakeholder model that the EIP facilitated. On October 13, 2020, a civil society partner submitted a tip via their submission portal about well-intentioned but misleading information in a Facebook post. The post contained a screenshot (See Figure 1.4).

Figure 1.4: Image included in a tip from a civil society partner.

In their comments, the partner stated, “In some states, a mark is intended to denote a follow-up: this advice does not apply to every locality, and may confuse people. A local board of elections has responded, but the meme is being copy/pasted all over Facebook from various sources.” A Tier 1 analyst investigated the report, answering a set of standardized research questions, archiving the content, and appending their findings to the ticket. The analyst identified that the text content of the message had been copied and pasted verbatim by other users and on other platforms. The Tier 1 analyst routed the ticket to Tier 2, where the advanced analyst tagged the platform partners Facebook and Twitter, so that these teams were aware of the content and could independently evaluate the post against their policies. Recognizing the potential for this narrative to spread to multiple jurisdictions, the manager added in the CIS partner as well to provide visibility on this growing narrative and share the information on spread with their election official partners. The manager then routed the ticket to ongoing monitoring. A Tier 1 analyst tracked the ticket until all platform partners had responded, and then closed the ticket as resolved.

It wasn’t a matter of policing speech. It was a matter of trying to short circuit even well-meaning rumors before they start going viral.

According to the report, social media companies acted on 35% of the identified tickets, most often those claiming victory before the election had been called. Just 13% of all those items ticketed were removed.

35% of the URLs we shared with Facebook, Instagram, Twitter, TikTok, and YouTube were either labeled, removed, or soft blocked. Platforms were most likely to take action on content that involved premature claims of victory.

[snip]

We find, overall, that platforms took action on 35% of URLs that we reported to them. 21% of URLs were labeled, 13% were removed, and 1% were soft blocked. No action was taken on 65%. TikTok had the highest action rate: actioning (in their case, their only action was removing) 64% of URLs that the EIP reported to their team.

Then after the election, EIP looked back and pulled together all the election-related content to see what kinds of mis- and disinformation had been spread, including after the election. Starting in Chapter 3, the report describes the waves of mis- and disinformation they identified, starting with claims about mail-in voting, to claims about how the votes would be counted, to organized efforts to “Stop the Steal” that resulted in the January 6 attack. It looked at a number of case studies, including Stop the Steal, the false claims about Dominion that have already been granted a partial summary judgment in their Fox lawsuit, and nation-state campaigns including the Iranian one that involved posing as Proud Boys to threaten Democratic voters that #MattyDickPics has systematically ignored.

Chapter 5 describes the historic review that #MattyDickPics misrepresented. It clearly describes that this analysis was done after the fact, starting only after November 30.

Through our live ticketing process, analysts identified social media posts and other web-based content related to each ticket, capturing original URLs (as well as screenshots and URLs to archived content). In total, the EIP processed 639 unique tickets and recorded 4,784 unique original URLs. After our real-time analysis phase ended on November 30, 2020, we grouped tickets into incidents and narratives. We define an incident as an information cascade related to a specific information event. Often, one incident is equivalent to one ticket, but in some cases a small number of tickets mapped to the same information cascade, and we collapsed them. As described in Chapter 3, incidents were then mapped to narratives—the stories that develop around these incidents—where some narratives might include several different incidents. [my emphasis]

Then it describes how it collected a bunch of data for this historic review. One of three sources of data used in this historic review was Twitter’s API (the other two were original tickets and data from Facebook and Instagram). Starting from a dataset of 859 million tweets pertaining to the election, EIP pulled out nearly 22 million tweets that involved “election incidents” of previously identified mis- or disinformation.

We collected data from Twitter in real time from August 15 through December 12, 2020.1 Using the Twitter Streaming API, we tracked a variety of election-related terms (e.g., vote, voting, voter, election, election2020, ballots), terms related to voter fraud claims (e.g., fraud, voterfraud), location terms for battleground states and potentially newsworthy areas (e.g., Detroit, Maricopa), and emergent hashtags (e.g., #stopthesteal, #sharpiegate). The collection resulted in 859 million total tweets.

From this database, we created a subset of tweets associated with each incident, using three methods: (1) tweets recorded in our ticketing process, (2) URLs recorded in our ticketing process, and (3) search strings.

Relying upon our Tier 1 Analysis process (described in Chapter 1), we began with tweets that were directly referenced in a ticket associated with an incident. We also identified (from within our Twitter collection) and included any retweets, quote tweets, and replies to these tweets. Next, we identified tweets in our collection that contained a URL that had been recorded during Tier 1 Analysis as associated with a ticket related to this incident. Finally, we used the search string and time window developed for each incident to identify tweets from within our larger collection that were associated with each election integrity incident.

In total, our incident-related tweet data included 5,888,771 tweets and retweets from ticket status IDs directly, 1,094,115 tweets and retweets collected first from ticket URLs, and 14,914,478 from keyword searches, for a total of 21,897,364 tweets.

Here’s the EIP table of its top-10 most viral examples of mis- or disinformation, amounting to over 14 million of the tweets in question. Right away, it should alert you to the effect, if not the goal, of conflating EIP’s real-time tickets to social media companies, including of things like an overgeneral statement about how ballots are treated in different states, with what EIP found in their historical review of how mis- and disinformation worked in 2020.

What #MattyDickPics and his Elmo whisperer Mike Benz are complaining about is not that EIP attempted to “censor” speech in real time. What they’re complaining about is that a bunch of academics and other experts figured out what the scale and scope of mis- and disinformation was in 2020. And what those experts showed is that systematic Republican disinformation (and mind you, this is just the disinformation through December 12; it missed the bulk of the build-up to January 6) made up the vast majority of mis- and disinformation that went viral in 2020. It showed that, even by December 12, almost 45% of the mis- and disinformation on Twitter consisted of two campaigns tied to Trump’s Big Lie, the attacks on Dominion and the organized Stop the Steal campaign.

EIP’s list of repeat spreaders is still more instructive, particularly when you compare it against the list of people that Elmo has welcomed back to Twitter since he took over.

What EIP did was catalog how central disinformation from Trump and his family — and that of close allies in the insurrection — was in the entire universe of mis- and disinformation (Mike Roman, one of least known people on this list, had his phone seized as part of the January 6 investigation last year).

Some mis- and disinformation did not go viral in 2020. What did, overwhelmingly, was that which Trump and his allies made sure to promote.

The dataset of 22 million tweets is not a measure of mis- or disinformation identified in real time. What it is, though, is a measure of how central Trump is to disinformation on social media.

Whether #MattyDickPics understands the effect of the stubborn false claim that Mike Benz fed him, whether #MattyDickPics understands how his false claim provides Elmo cover to replatform outright white supremacists, or not, the effect is clear.

The concerted effort to discredit the Election Integrity Project has little effect on flagging mis- or disinformation in real time. What it does, however, is discredit efforts to track just how central Trump is to election disinformation in the US.

Update: Here’s the full Mehdi Hasan interview.

Update! Oh no!! Drama!!

Douglass Mackey’s Criminal Twitter Trolling

For the entire time since MattyDickPics started complaining about the fact he couldn’t see nonconsensual pictures of Hunter Biden’s dick, he and other apologists for disinformation have claimed there was nothing to the effort to suppress the vote using Twitter.

A jury in Brooklyn just decided otherwise. Douglass Mackey — who was indicted for attempting to suppress the Black and Latino vote in 2016 — was found guilty of conspiring to violate his targets’ right to vote.

As proven at trial, between September 2016 and November 2016, Mackey conspired with other influential Twitter users and with members of private online groups to use social media platforms, including Twitter, to disseminate fraudulent messages that encouraged supporters of presidential candidate Hillary Clinton to “vote” via text message or social media which, in reality, was legally invalid. For example, on November 1, 2016, in or around the same time that Mackey was sending tweets suggesting the importance of limiting “black turnout,” the defendant tweeted an image depicting an African American woman standing in front of an “African Americans for Hillary” sign. The ad stated: “Avoid the Line. Vote from Home,” “Text ‘Hillary’ to 59925,” and “Vote for Hillary and be a part of history.” The fine print at the bottom of the deceptive image stated: “Must be 18 or older to vote. One vote per person. Must be a legal citizen of the United States. Voting by text not available in Guam, Puerto Rico, Alaska or Hawaii. Paid for by Hillary For President 2016.” The tweet included the typed hashtag “#ImWithHer,” a slogan frequently used by Hillary Clinton. On or about and before Election Day 2016, at least 4,900 unique telephone numbers texted “Hillary” or some derivative to the 59925 text number, which had been used in multiple deceptive campaign images tweeted by Mackey and his co-conspirators.

Several hours after tweeting the first image, Mackey tweeted an image depicting a woman seated at a conference room typing a message on her cell phone. This deceptive image was written in Spanish and mimicked a font used by the Clinton campaign in authentic ads. The image also included a copy of the Clinton campaign’s logo and the “ImWithHer” hashtag.

The people with whom Mackey conspired are a collection of leading figures in the (Russian-backed) alt-Right.

I plan to return to this trial in weeks ahead.

But for the moment, this verdict says that all the disinformation that Matt Taibbi and Elon Musk are working to replatform on Twitter has been found to be potentially criminal.

Matt Taibbi Declares John Podesta’s Risotto Recipe Was “True”

The Democrats on Jim Jordan’s insurrection protection committee were really unprepared for Matt Taibbi and Michael Shellenberger yesterday, failing to call out their repeated false claims.

One of the most interesting details came when Taibbi described that someone besides Elon Musk invited him to have unfettered access to a company under a consent decree. Given the likelihood that this person was not even a Twitter employee, it gives the FTC far more reason to want to know why a company under a consent decree made information on individual users available to journalists.

But the hearing was nevertheless useful for the way it revealed that Taibbi doesn’t know the difference between “authentic” and “true.” In an exchange with Stephen Lynch about whether Russia interfered in the 2016 election (in which Lynch falsely claimed that the intelligence report attributing the Russian campaign to Russia involved 18 intelligence agencies, instead of three, and mispronounced both Shellenberger’s and Yevgeniy Prigozhin’s name), Taibbi professed to be uncertain whether Russia conducted a hack-and-dump campaign.

Lynch: Do you believe that Russia engaged in a hack-and-release campaign damaging to the Clinton campaign, back in 2016?

Taibbi: I don’t know and I would say it’s irrelevant.

[snip]

Lynch: Mr. Shellenbech [sic] do you believe that the Russians engaged in a hack-and-release campaign with respect to the damaging information they released regarding the Clinton campaign?

Shellenberger: To the best of my awareness, that is what happened, yes.

Lynch: Okay, fair enough.

Shellenberger: That’s not the same thing as influence campaign.

Lynch: I understand.

Taibbi: Also that material was true. That is not a legitimate predicate for censorship.

Taibbi obviously thought he was being very clever, justifying publishing material stolen from an American because it was “true.” (And Shellenberger was being equally clever, not understanding that a hack-and-leak campaign is, indeed, part of an information operation.)

But instead, he betrayed something that is obvious from his propaganda efforts: Taibbi doesn’t understand the difference between “authentic” and “true.” When someone makes false claims about authentic material, it is a lie.

For example, Taibbi has repeatedly claimed that the FBI was not building cases on the suspected voter suppression accounts they turned over to Twitter, even though he included a screen cap showing the FBI taking steps — asking in what venue they needed to serve legal process and seeking a preservation order — that allows them to conduct an investigation.

The email is authentic. His claims about FBI’s efforts to investigate voter suppression are — he himself proved — a lie.

He also betrays that he doesn’t understand some of the material released in 2016 was neither “true” nor “authentic.” Not only were the Guccifer 2.0 documents altered, but the persona repeatedly falsely claimed they were something they were not, most obviously when the persona claimed he was releasing Clinton Foundation documents and I had to explain that that’s not what they were to Glenn Greenwald.

That persona did just what Taibbi has done with the Twitter files, wow credulous people (like Greenwald) with “authentic” files, while making false claims about them.

#MattyDickPic’s confusion about the difference between “true” and “authentic” became more obvious later in the hearing.

Goldman: Are you aware that there was an analysis of the hard drive that was done by the Washington Post at a later date?

Shellenberger: My awareness is that multiple media organizations have done an analyses, including CBS, and found that it was indeed, the laptop was authentic, and that nothing had been changed on it.

Goldman: Let’s just get something clear. The laptop that the FBI had is different than the hard drive that Rudy Giuliani gave to the New York Post. A hard drive, you will agree with this, is a copy of a laptop, right?

Shellenberger: Yes.

Goldman: And you are aware that hard drives can be altered, are you not?

Shellenberger: Of course.

Goldman: So are you aware that the Washington Post analysis of the hard drive showed that it had been altered?

Shellenberger: I have heard that, but I’m also saying that CBS verified —

Taibbi: Politico …

Shellenberger: and other media organizations have verified…

Never mind that Shellenberger seems to have no fucking clue that the laptop CBS analyzed is not the same hard drive that Rudy gave to the Post, and therefore is not the “laptop” on which the story that Twitter throttled was based. Never mind that CBS’ analysis is inconsistent with John Paul Mac Isaac’s claims that the process by which he made his own copy of the laptop was repeatedly interrupted, a problem that would make it difficult to distinguish from an iCloud hack and a real laptop (who puts voice mail messages on a laptop hard drive, for example?), a detail consistent with what I know of the Washington Post analysis (which was conducted by two different people).

But the cutest was little #MattyDickPics chiming in to claim that Politico had authenticated “the laptop.”

They claim no such thing! They authenticated some files (and not forensically, but instead by a witness who couldn’t even confirm the emails hadn’t been altered).

Shreckinger’s source remembered viewing both emails but was not able to compare the text leaked to the Post with the original emails. Other emails from the leaked files matched a cache of emails released by a Swedish government agency, two people who communicated with Hunter Biden said.

This kind of “authentication,” when the claims of someone with a bias like Tony Bobulinski can supplant forensic authentication, is precisely the problem with hack-and-leak reporting, regardless of whether Russian hackers or Matt Taibbi’s buddies do the hacking.

And neither Michael Shellenberger nor Matt Taibbi understand that.

Matt Taibbi does not know the difference between “true” and “authentic,” and it shows in his propaganda.

James Comer’s Twitter Hearing Confirmed Donald Trump’s Censorship Attempt and Matt Taibbi’s “Censorship” about It

“When did these guys drink the Kool-Aid, and who served it to them?” the NYT quoted Bob Luskin as saying of John Durham and Bill Barr in last month’s blockbuster, revealing scandalous new details about the Durham investigation.

The answer is clear: both men had pickled in conspiracy theories floated on Fox News, and several specific investigative prongs were laundered through a Mark Meadows House “investigation” and a Lindsey Graham Senate one, to be picked up by Durham as if formally referred.

One of the most alarming disclosures in the NYT blockbuster on the Durham investigation, for example, was that after the Italians provided a tip about Trump’s criminal exposure on a junket that Barr and Durham took together in 2019, someone leaked to the press that a criminal investigation into others, not Trump, had been opened.

The trip to Italy about came after George Papadopoulous aired conspiracy theories — suspicions he explicitly attributed to right wing outlets, not his own personal knowledge — in a House Oversight hearing.

[T]he belief that got Bill Barr to fly to Italy — that Mifsud actually works for Western, not Russian, intelligence — Papadopoulos cited to a Daily Caller article which itself relayed claims Mifsud’s Russian-backed lawyer made he had read the day before.

Q Okay. So, and Mifsud, he presented himself as what? Who did he tell you he was?

A So looking back in my memory of this person, this is a mid-50’s person, describes himself as a former diplomat who is connected to the world, essentially. I remember he was even telling me that, you know, the Vietnamese prime minister is a good friend of mine. I mean, you have to understand this is the type of personality he was portraying himself as.

And, you know, I guess I took the bait because, you know, usually somebody who — at least in Washington, when somebody portrays themselves in a specific way and has credentials to back it, you believe them. But that’s how he portrayed himself. And then I can’t remember exactly the next thing that happened until he decided to introduce me to Putin’s fake niece in London, which we later found out is some sort of student. But I could get into those details of how that all started.

Q And what’s your — just to kind of jump way ahead, what’s your current understanding of who Mifsud is?

A My current understanding?

Q Yeah. A You know, I don’t want to espouse conspiracy theories because, you know, it’s horrifying to really think that they might be true, but just yesterday, there was a report in the Daily Caller from his own lawyer that he was working with the FBI when he approached me. And when he was working me, I guess — I don’t know if that’s a fact, and I’m not saying it’s a fact — I’m just relaying what the Daily Caller reported yesterday, with Chuck Ross, and it stated in a categorical fashion that Stephan Roh, who is Joseph Mifsud’s, I believe his President’s counsel, or PR person, said that Mifsud was never a Russian agent.

In fact, he’s a tremendous friend of western intelligence, which makes sense considering I met him at a western spying school in Rome. And all his interactions — this is just me trying to repeat the report, these are not my words — and when he met with me, he was working as some sort of asset of the FBI. I don’t know if that’s true or not. I’m just reporting what my current understanding is of this individual based on reports from journalists.

[snip]

Q And then at what point did you learn that, you know, he’s not who he said he was?

A Like I said, I don’t have the concrete proof of who this person is. I’m just going with reports. And all I can say is that I believe the day I was, my name was publicly released and Papadopoulos became this person that everyone now knows, Mifsud gave an interview to an Italian newspaper. And in this newspaper, he basically said, I’m not a Russian agent. I’m a Clinton supporter. I’m a Clinton Foundation donor, and that — something along those lines. I mean, don’t quote me exactly, you could look up the article yourself. It is in La Republica. And then all of a sudden, after that, he disappears off the face of the planet, which I always found as odd.

[snip]

I guess the overwhelming evidence, from what I’ve read, just in reports, nothing classified, of course, because I’m not privy to anything like that, and considering his own lawyer is saying it, Stephan Roh, that Mifsud is a western intelligence source. And, I guess, according to reports yesterday, he was working with the FBI

Less than a year after this testimony, Barr and Durham were flying off to Italy together to chase down Papadopoulos’ feverish imaginings.

It’s not that Barr and Durham believed Papadopoulos to be credible; Durham never interviewed the Coffee Boy, not even to assess Sergei Millian’s credibility before indicting Igor Danchenko based on Millian’s hearsay claims. But they nevertheless chased that clear conspiracy theory all the way to Italy together.

The Congressional hearing — a hearing that didn’t even incorporate Papadopolous’ own emails, which would have made it harder for the convicted liar to sustain a number of the claims he made — served as a way to legitimize what were obviously rewarmed frothy rants. The hearing was a messaging vehicle that served to legitimize garbage claims. Had the press called this out as a circus in real time, it might have forestalled some of Barr and Durham’s own stunts.

The same is happening again, with the multiple “investigations” pitched by the new GOP-led House. And much of the press is playing along again, treating the hearings as both-sides disputes about the truth, rather than clear efforts to mainstream conspiracy theories that supplant any hold on the truth.

Consider James Comer’s hearing with former Twitter executives (video, transcript), a hearing called in response to Matt Taibbi’s sloppy rants about files selectively released by Elon Musk, the same kind of conspiracy theories floated during the Russian investigation by right wing outlets and then legitimized by Congressional hearings.

The finding of Comer’s hearing is clear: the witnesses all rebutted any claim that government influence drove the decision to throttle the NYPost report on a laptop that Rudy Giuliani claimed belonged to Hunter Biden. The hearing exposed that the claimed basis for legislative interest in Twitter’s actions was baseless. That should been the headline: James Comer’s conspiracy theory flopped. James Comer exposed, wasting taxpayer dollars.

Worse still for the Congressman from Kentucky, witness testimony revealed just one instance of the federal government affirmatively asking that content be taken down, just one instance of censorship. That demand came from Donald Trump.

As Twitter whistleblower Anika Navaroli explained in response to a Gerry Conolly question, when Chrissy Teigen responded to a Trump  attack on her by calling him a, “pussy ass bitch,” the White House asked Twitter to take the tweet down.

Rep. Gerry Connolly (D-VA):

Okay. On September 8th, 2019 at 11:11 PM Donald Trump heckled two celebrities on Twitter. John Legend and his wife, Chrissy Teigen, and referred to them as the musician, John Legend and his filthy mouthed wife, Ms. Teigen responded to that email at 12:17 AM and according to notes from a conversation with you, Ms. Navaroli’s counsel, your counsel, the White House almost immediately thereafter contacted Twitter to demand the tweet be taken down. Is that accurate?

Anika Collier Navaroli:

Thank you for the question. In my role, I was not responsible for receiving any sort of request from the government. However, what I was privy to was my supervisors letting us know that we had received something along those lines or something of a request. In that particular instance, I do remember hearing that we had a request from the White House to make sure that we evaluated this tweet and that they wanted it to come down because it was a derogatory statement directly towards the President.

Rep. Gerry Connolly (D-VA):

They wanted it to come down. They made that request.

Anika Collier Navaroli:

To my recollection, yes.

Daily Beast was one of the few outlets that reported, accurately, that the hearing showed the opposite of what Republicans claimed: in fact, Trump had been the one to use government power to attempt to silence speech on Twitter. Rolling Stone reported on another pathetic detail from Comer’s hearing, when Byron Donalds got Yoel Roth to explain what was implicit in all of Chairman Comer’s discussions of the scope of the hearing: Republicans were complaining that Twitter took down nonconsensual dick pics of Hunter Biden, some posted as part of a campaign by Steve Bannon associate Guo Wengui.

Comer’s premise was shattered by a “pussy ass bitch” retort and dick pics. That’s the weight of James Comer’s chairmanship. And with it should go the credibility of Taibbi’s consistently shoddy rants.

Five times since then, Taibbi has complained that his own silence about Twitter’s coddling of Trump was exposed in the hearing. In none of those complaints did he issue a correction.

Indeed, in his responses, Taibbi repeated several of his lies, obscuring that those FBI spreadsheets he complained about were part of an FBI effort to protect voting rights or that a request that a CIA colleague get an invite to a publicly listed meeting is some sign of the deep state. Taibbi just keeps repeating claims that have long been exposed as garbage.

Taibbi was exposed as a partisan fraud in the hearing, and that should be one of the takeaways.

Yet much of the rest of the coverage of the hearing was like AP’s, which treated the entire premise as if it were serious, dedicating the first four paragraphs to a (false) claim that this was the first that any of them had admitted throttling the NYP story was a mistake (as the hearing reviewed repeatedly, Roth had already given a deposition on the subject, and while the story quotes Jack Dorsey, it doesn’t mention that he has testified to Congress as well). Nowhere in the AP story does it reveal that Comer’s entire premise was debunked by the hearing. It’s not until paragraphs 18 and 19 that AP mentions that the Twitter files presented no evidence for Comer’s claim.

The issue was also reignited recently after Musk took over Twitter as CEO and began to release a slew of company information to independent journalists, what he has called the “Twitter Files.”

The documents and data largely show internal debates among employees over the decision to temporarily censor links to the Hunter Biden story. The tweet threads lacked substantial evidence of a targeted influence campaign from Democrats or the FBI, which has denied any involvement in Twitter’s decision-making.

Nowhere did AP reveal that Donald Trump was the only one guilty of the crime that Comer wants to pursue. Nowhere did AP reveal other instances where Twitter coddled Trump, as when they rewrote their content moderation standards on attacks on immigrants, which previously had banned the use of the term, “Go back to where you came from,” to retroactively excuse their approval of a Trump attack on AOC and others.

Worse still, AP was silent about the degree to which members like Clay Higgins started baselessly calling for the arrest of witnesses not accused, much less credibly, of a crime.

In other words, AP let James Comer dictate the terms of their story even after the premise of it had been debunked.

That’s not journalism.

And there’s one more reason why the press needs to treat these hearings not as a both-sides affair but as an effort to flip truth upside-down.

While neither have said this outright, both Comer’s hearing and the first hearing of Jim Jordan’s insurrection protection committee attacked the nation’s ability to push back against disinformation, including, but not limited to, Russian disinformation.

And as Roth explained in the Twitter hearing, for example, Republican attacks on Twitter were an attack on efforts that came out of a bipartisan response to Russia’s interference in the 2016 election.

Shontel Brown:

Mr. Roth, in a recent interview you stated, and I quote, beginning in 2017, every platform Twitter included, started to invest really heavily in building out an election integrity function. So I ask, were those investments driven in part by bipartisan concerns raised by Congress and the US government after the Russian influence operation in the 2016 presidential election?

Yoel Roth:

Thank you for the question. Yes. Those concerns were fundamentally bipartisan. The Senate’s investigation of Russian active measures was a bipartisan effort. The report was bipartisan, and I think we all share concerns with what Russia is doing to meddle in our elections.

This is what both hearings explicitly sought to roll back, those bipartisan efforts to protect American democracy.

Comer engaged in his own disinformation as part of the process. He falsely claimed that a letter from 50 former spooks said “Hunter Biden’s laptop was Russian disinformation,” rather than that it bore the hallmarks of disinformation. Jim Jordan and HPSCI Chair Mike Turner are now ratcheting up threats against those spooks for speech they engaged in as private citizens, precisely the thing that Jordan purports to be fighting.

In Jordan’s insurrection protection hearing, he presented three witnesses purporting to talk about the weaponization of government. One, Tulsi Gabbard, presented as evidence of weaponizing government that private citizen Hillary Clinton claimed she was being “groomed” by Russia, something that had nothing to do with weaponizing government and everything to do with the free speech Tulsi purported to be defending. The two others, Chuck Grassley and Ron Johnson, complained that the FBI warned them their own investigation into private citizen Hunter Biden parroted an organized Russian campaign.

Taken together, these efforts are fairly unashamedly complaining that private entities — whether Twitter, Hillary, or former spooks — are exercizing their own right to speak up against Russian disinformation. That is, all three efforts use government resources against those speaking up against Russia.

And against the background of the Durham investigation — which investigated Hillary’s campaign because of the way she responded to being victimized by a Russian attack — this effort continues a GOP-led effort to criminalize opposition to Russian disinformation.

There’s no reason, journalistically, to treat this as a serious pursuit. Particularly not given the abundant evidence that these efforts are premised on false claims and easily debunked propaganda, and are an attempt to legitimize that propaganda to serve as the basis for criminal investigations.

If James Comer and Jim Jordan want to squander their majority by building hearings and investigations around lies, the press should call them on that, not reward it. If they don’t, we’re headed down an increasingly ugly cycle.

James Comer’s Dick Pics Hearing Just Became an Alleged Stolen Laptop Hearing

As I have repeatedly pointed out, the first thing that James Comer chose to do after becoming Chair of the House Oversight Committee was to schedule a hearing about why he can’t look at non-consensually posted pictures of Hunter Biden’s dick on Twitter.

In letters asking former Twitter executives Jim Baker, Yoel Roth, and Vijaya Gadde to testify next week, Comer described the substance of the hearing to be about their, “role in suppressing Americans’ access to information about the Biden family on Twitter shortly before the 2020 election.” As Matt #MattyDickPics Taibbi has helpfully revealed, some of the “information about the Biden family” that Twitter suppressed Americans’ access to before the election were nonconsensual dick pics, including a number posted as part of a campaign led by Steve Bannon’s buddy Guo Wengui.

Certainly, the Twitter witnesses, who themselves have been dangerously harassed as the result of #MattyDickPics’ sloppy propaganda, would be within the scope of Comer’s stated inquiry to explain why a private company doesn’t want to be part of an organized revenge porn campaign, even if a Congressman from Kentucky wants to see those dick pics.

But Comer’s campaign also just became about something else: Twitter’s decision to suppress a story based off a laptop that its purported owner claims was unlawfully obtained.

As several outlets have reported (WaPo, CNN, NBC, ABC), Hunter Biden has hired Abbe Lowell, who has written letters to DOJ, Delaware authorities, and the IRS, asking for investigations into those who have disseminated the materials from the alleged laptop (though Lowell made clear that no one is confirming any of the versions of the laptop). Those included in the letters are:

  • John Paul Mac Isaac (whom a prior lawyer, Chris Clark, had already referred to SDNY)
  • Robert Costello, who first obtained the laptop from Mac Isaac
  • Rudy Giuliani
  • Steve Bannon
  • Garrett Ziegler (who plays a key role in the January 6 investigation but who now hosts the content as part of a non-profit)
  • Jack Maxey (who provided the “laptop” to multiple outlets)
  • Yaacov Apelbaum (whom Mac Isaac claimed had helped to create a “forensic” image of the laptop)

The lawyers also sent a defamation letter to Tucker Carlson for a story since proven to be false.

These letters aren’t likely to change what DOJ, at least, will do about the laptop. They’ve had the Mac Isaac copy in hand for some time, and the earlier SDNY referral would likely go to the same people already investigating the theft of Ashley Biden’s diary.

Ziegler may be an exception. DOJ likely already has interest for his role in January 6, the invitation to conduct an investigation may give reason to look more closely.

Eric Herschmann is not, according to reports, on these letters but he was even pitching “laptop” content while working at the White House.

But the public coverage of this will undoubtedly change the tenor of next week’s hearing. At the very least, it will validate Yoel Roth’s concerns in real time that the NYPost story was based on stolen data. It will, retroactively, mean that the NYPost story was a violation of Twitter’s terms of service agreement.

None of (the coverage of) these letters describes a key detail: How the Oversight Committee got the copy of the laptop they claim they have. These criminal complaints are broad enough that they likely include at least a few people involved in the channel via which the Committee obtained the laptop, meaning that the Committee would be — is — harboring data from a private citizen that he claims was illegally obtained.

Significantly, the letters include false statements to Congress among the crimes raised (probably with respect to Mac Isaac). Given that Comer’s actions are premised on what Mac Isaac has claimed (and as several of these stories note, Mac Isaac’s story has changed in significant ways, and never made sense in the first place), the allegation may give the Committee further reason to exercise caution.

At the very least, it’ll give Democrats on the Committee plenty to talk about in next week’s hearing.

I thought it would take some doing to top kicking off one’s chairmanship by having a hearing to complain about non-consensual dick pics. But having a hearing to complain that stolen private information wasn’t more widely disseminated may top that.

Kash Patel Wants the Insurrection Protection Committee to Investigate Why Robert Hur Tried to Protect Past Ongoing Investigations

Matt Taibbi (aka MattyDickPics) and Kash Patel are whining about the Nunes Memo again.

As you’ll recall, in the first year of the Trump Administration, Patel wrote a misleading memo for Devin Nunes purporting that the entire Russian investigation stemmed from the Steele dossier.  When the Carter Page IG Report and FISA applications were released, it became clear how Patel spun the facts. In this post I cataloged what both Nunes and Adam Schiff, in his counterpart to the Nunes memo, got wrong.

But it’s not the Nunes Memo itself that Taibbi and Patel are whining about. They’re complaining about the circumstances of its release five years ago.

Taibbi made it the subject of his latest Twitter Files propaganda thread and related Substack — the latter of which, astoundingly, says the public has to rely on the attributions of cloud companies, something Taibbi has always refused to do when discussing the GRU attribution of the 2016 hacks targeting Democratic targets. “It’s over, you nitwits. It’s time to stow the Mueller votive candles, cop to the coverage pileup created by years of errors, and start the reconciliation process,” Taibbi says, in appealing to precisely the kind of evidence he himself has refused to credit for more than six years. I dealt with both in this thread, but the important takeaway is that Taibbi doesn’t even manage to get facts that both the Daily Beast and I were able to cover in real time, including the fact that Republicans, too, were making unsupported claims based on the Dashboard’s reporting and Russian trolls were part of — just not the biggest part — of the campaign.

[A] knowledgeable source says that Twitter’s internal analysis has thus far found that authentic American accounts, and not Russian imposters or automated bots, are driving #ReleaseTheMemo. There are no preliminary indications that the Twitter activity either driving the hashtag or engaging with it is either predominantly Russian.

In short, according to this source, who would not speak to The Daily Beast for attribution, the retweets are coming from inside the country.

The source pointed to influential American users on the right, including Donald Trump Jr., with his 2.49 million followers, pushing the hashtag forward. It’s become a favorite of far-right Republican congressmen, including Steve King, who claimed the still-secret memo shows the FBI was behaving “worse than Watergate” in one viral tweet. Mark Meadows called it an “absolutely shocking” display of “FISA abuses,” referring to a counterintelligence process.

Rules of Engagement

There are reasons for skepticism about both the source’s claim and Alliance for Securing Democracy’s contrary findings.

Russian influence accounts did, in fact, send an outsize number of tweets about #ReleaseTheMemo—simply not enough for those accounts to reach the top of Twitter’s internal analysis.

Meanwhile, Kash Patel is outraged that Merrick Garland picked Robert Hur as Special Counsel to investigate Biden’s mishandling of classified documents because, when and after serving as a top aide to Rod Rosenstein in the early days of the Russian investigation, he opposed release of the memo.

This guy Hur needs to be the first one subpoenaed by the new Special Select Committee under Jim Jordan’s authority on the weaponization of government and do you want to know why? Because Hur — we have the receipts, Steve, and we’re going to release them later — was sending communications to the Justice Department and Rod Rosenstein’s crew arguing against the release of the Nunes memo. Saying that it would bastardize and destroy the United States national security apparatus. This guy is a swamp monster of the Tier One level, he’s a government gangster, he’s now in charge of the continued crime scene cover-up, which is why the first congressional subpoena that has to go out for the weaponization of government subcommittee is against Hur.

Remember, this committee was modified during the period when key insurrectionists were refusing to vote for Kevin McCarthy to include language authorizing the committee to investigate why the Executive Branch is permitted to conduct criminal investigations of US citizens.

the expansive role of article II authority vested in the executive branch to collect information on or otherwise investigate citizens of the United States, including ongoing criminal investigations;

It may be the intent to interfere in ongoing investigations into people like Scott Perry and Paul Gosar (who changed their votes on McCarthy later in the week, as these changes were being made) and Jordan (who will have great leeway to direct the direction of this committee). But Jordan may be surprised when he discovers that Merrick Garland will enforce the long-standing DOJ policies about providing Congress access to ongoing investigations that Jeff Sessions and Matt Whitaker and Bill Barr did not. Indeed, some precedents from the Russia investigation legally prohibit the sharing of this information with Congress.

But Kash’s complaint (back atcha with the rap gangsta alliteration, Kash!) is a bellybutton moment in which he attempts to villainize Hur’s past commitment to those long-standing DOJ (and intelligence community, including the NSA that conduct much FISA surveillance) policies. Consider the things the memo revealed, many of which had never before been released publicly.

  • Details about the dates and approvals for four FISA orders
  • Financial details involving private individuals, including US citizens
  • Contents of the FISA memo (but not their true context)
  • A reference to a Mike Isikoff article that appeared in the Carter Page applications; Kash was outraged when his own public article was included in the warrant affidavit targeting Trump
  • Details from a Confidential Human Source file
  • Misrepresentations about both Bruce Ohr and his spouse, the latter of whom was a private citizen whose work was shared with the FBI as part of the effort to vet the dossier
  • Direct communications with the President-elect the likes of which Trump claimed were covered by Executive Privilege in the Mueller investigation
  • False claims about the texts between Peter Strzok and Lisa Page that are currently the subject of two Privacy Act lawsuits; even aside from the privacy implications, at the time it was virtually unprecedented for texts between FBI officials to be released, even in criminal discovery (and many of these released, including some misrepresented in the memo, pertained to work matters unrelated to the Russian investigation)

In other words, Kash Patel wants to investigate Hur’s comments, made either at the time he was the key overseer of the Mueller investigation or during a transition period as he awaited confirmation to be US Attorney, advocating that DOJ protect informants, FISA materials, details about private citizens, and work texts between FBI officials.

The very first thing Kash wants the Insurrection Protection Committee to investigate is why, five years ago, a senior DOJ official advocated following long-standing DOJ policy.

Matt Taibbi Confesses He Hasn’t Read His Own Twitter Files

Matt Taibbi, whom I have taken to calling “#MattyDickPics” for his wails about tweets that were part of a coordinated revenge porn campaign targeting Hunter Biden being taken down, confessed yesterday he knows virtually nothing about his own “Twitter Files” campaign, including what he himself has posted. In response to a Twitter account with just four followers that observed that his campaign had exposed nothing, MattyDickPics tweeted the following:

Before I use MattyDickPics to debunk MattyDickPics, let’s first unpack his claims: He says that, “These DHS/FBI programs are not for building cases” which he judges is “Not even close to the criminal case-building mission.”

Let’s talk about his premise, first of all — the claim that the “mission” is about “criminal case-building.”

The Cybersecurity & Infrastructure Security Agency, the part of DHS that runs what Taibbi calls a “program,” describes its public-facing mission this way:

The Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. We connect our stakeholders in industry and government to each other and to resources, analyses, and tools to help them build their own cyber, communications, and physical security and resilience, in turn helping to ensure a secure and resilient infrastructure for the American people.

In his January 6 Committee testimony, former CISA Director Chris Krebs described the kinds of things CISA would do to help protect the vote.

In terms of the bidding internal to the U.S. Government on who had lead in those three areas [targeting of campaigns, targeting of election infrastructure, disinformation], it was clear, you know, once Jeh Johnson, the prior Secretary in 2017, January of 2017, designated election infrastructure critical infrastructure, it was, you know, CISA had the lead for working with State and local election officials on protecting critical infrastructure — or election infrastructure. That’s the systems. That’s the hardware. That’s the equipment and the processes associated with conducting an election.

Q Ands so can stop you there for a second?

A Yes.

Q Is that primarily protecting against what we would think of as hacking?

A No, not necessarily. It’s, again, critical infrastructure, we had an all-hazards approach. So we worked with election officials to conduct active shooter drills and 13 assessments. We would go look at election warehouses where equipment is stored in the off season, do physical risk assessments. In the wake of hurricanes, we would work with election officials. In fact, Kyle Ardoin, who’s the Secretary of State in Louisiana, in 2000 — the summer of 2020, I guess, where they got hit pretty hard by an election, we helped him work with FEMA and some of the response efforts there to get resources he needed to be able to conduct the election in 2020. So it was not just cyber. That tended to be the public – at least what the public cared about or the media cared about, just because it’s 2016, but it was – again, it was an all hazards. And we did — I don’t want to put numbers on it, because I don’t recall, again, off the top of my head, but a significant number of physical assessments of election facilities.

[snip]

Q You talked earlier about the infrastructure and protecting that. How did you work with State officials to make sure that their – to help them ensure that their equipment was safe and secure?

A We had a number of different offerings that we had. There’s an entire catalog. There’s an election security catalog. It’s not in here because it’s thick. But we would go out and conduct things like security and vulnerability assessments. We could do red team. We could do fairly in-depth assessments of voter registration database configurations 1) We had a, what’s known as cyber hygiene scan that they would sign up for and we’d do a regular scan to see if anything touching the internet was mis- – well, not misconfigured, but running an old vulnerable version. We developed in the summer before the election a product called – or tool called Crossfeed, which was a little bit more in-depth of assessing vulnerabilities of systems and websites that are touching the internet. ~ And then we would provide them reports and technical assistance on how they might secure things.

The stuff that MattyDickPics is concerned about was an effort to facilitate state election officials’ ability to rebut false claims about elections.

Q We’ve seen some documents that were produced by DHS relating to efforts to connect with social media platforms, Twitter, for example, to working with State and local officials to try to address claims that were being made on Twitter that were false.

A Uhhh,

Q Are you familiar generally with that initiative?

A I think generally, yes. And I gave an example of the 2018 election, at least, how we were able to connect I think it was Ohio with one of the platforms.

Q And it seemed as if that was a fairly robust — I was going to say operation. That’s probably too strong a word. But there was a fairly – it looked to be, from the documents I’ve seen, a fairly well-coordinated effort to put State officials in touch with the social media platforms and try to provide the information necessary to address what were false claims in their respective jurisdictions.

A I think certainly the efforts to make those connections was a priority. We had frequent — I think it was monthly – at least monthly I think monthly, let me put it that way meetings between interagency partners, so FBI, DNI, and CISA, with representatives from the social media platforms. And we sometimes did those out in California. You know, I would attend every now and then some of those meetings. Now, State and local partners were not there. This was just making sure the Federal Government and the social media platforms were connected and were sharing kind of our understanding of how things were playing out, what our concerns were.

None of that, CISA’s role in information-sharing, is law enforcement. The one example Krebs mentioned that involved an attempted hack, CISA passed off to the FBI and intelligence agencies.

And there was a State, Delaware observed an unknown actor trying to exploit an Oracle database vulnerability that they had had patched. So what we were able to do is Delaware let us know. We said, that’s interesting. ~ But because we were integrated with the FBI and the intelligence community and others, we could actually say, hey, 12 guys so it wasn’t just for our benefit, like | said, decision support. We were able to share it with our operational partners for them to go do whatever they need to do. Soit was a functional operational watch cell, also coordinating situational awareness, coordinating action. And that was and that was the day.

CISA didn’t ask for anything back from Twitter because CISA is not a law enforcement agency (note: one other thing MattyDickPics is referencing is that a Signal thread the FBI used for sharing information was treated as one way, but according to Chan, the social media companies would respond by other channels). It has no law enforcement mandate. Is has no case-building mandate.

With regard to CISA — and MattyDickPics is not alone in this gross misunderstanding of CISA’s mandate or legal status — MattyDickPics’ entire premise is false.

But that also means his complaint is wrong. Is MattyDickPics complaining that people make an effort to correct errors about the election? Would he prefer that local election authorities try to chase down rumors and false claims themselves, even as they’re putting in 16-hour days trying to run an election? Does he think that deliberate misinformation about elections, like non-consensually posted dick pics, must be protected on social media sites? Is he angry — as Elon Musk seems to be — that social media sites choose not to be the vehicle for messaging that makes it harder to conduct successful elections?

If you’re complaining that an information-sharing agency is sharing information, then ultimately your complaint is that you don’t think that information should be shared, that you don’t think election officials should make an effort to ensure information about elections is clear and accurate — or at least, you don’t think the federal government should do anything to protect elections. If that’s your view, own it.

Even with FBI, MattyDickPics’ premise that the mission is “case-building” is partly wrong. In addition to its law enforcement mission, FBI has a counterintelligence mission, which would cover a good deal of interaction with social media sites. Indeed, a great deal of entire threads of MattyDickPics’ rants pertain to the FBI passing on assessments about such operations, as when accounts associated with the Internet Research Agency were shared. The FBI has built several cases against the IRA, but that’s not the primary goal. The primary goal is to track how Russia and China and Iran attempt to interfere in our country.

Some of what MattyDickPics seems to misunderstand about this is that foreign spooks will pretend to be Americans as part of their efforts to fuck in democratic elections. For example, MattyDickPics has said nothing about the most significant hack-and-disinformation campaign from 2020, an Iranian attempt to pose as Proud Boys to send messages to Democrats to discourage them from voting. It’s not impossible that some of what he has portrayed as FBI interest in “Americans” was actually an effort to adopt the identity of Proud Boys — effectively maligning right wing Trump supporters — as cover for their operation. This kind of FBI investigation might never result in charges — because you’re never going to arrest the Iranian spooks behind it — but posing as American Proud Boys to interfere in the election could be charged under FARA laws.

One can complain about FBI’s dual mission — lord knows I have! But one cannot claim that FBI has exclusively a case-building mission and be entirely accurate.

Still, maybe all that can be excused because MattyDickPics decided to respond to a 4-follower Twitter account that also misunderstood the premise of some of what this information sharing is about.

It’s the claim that the FBI “program,” at least, is not about building cases, that I find outrageous.

Among the single screen caps that Twitter Files followers have latched onto most — along with one about Adam Schiff inappropriately and unsuccessfully trying to use Twitter’s QAnon rules to protect staffers (I won’t link that because MattyDickPics doxxed the person in question), a CIA official asking to be included in a public event, and the NSA asking whether Twitter still prohibited Dataminr from sharing the “firehose” of Twitter content with intelligence agencies (they did, though under Elmo, the Saudis and Qataris will reportedly be given access to it) — is this one, which they claim is proof that the FBI asked for location data without legal process:

As a threshold matter, note what this is not: an email from Elvis Chan, the guy in charge of San Francisco’s Election Command Post, to Twitter. It is an email from the National Election Command Post to Chan. MattyDickPics doesn’t explain how Twitter got this. He has “censored” how Chan sent this to Twitter.

Before I get into the content, let me repeat some background that two of Elmo’s pets, at least, claim to be familiar with, which I laid out here. Here’s how Chan explained the actions of both the National and San Francisco Election Command Post, which is behind a great deal of the FBI to Twitter requests MattyDickPics wails about.

A. During FBI San Francisco’s 2020 election command post, which I believe was held from the Friday before the election through election night, that Tuesday at midnight, information would be provided by other field offices and FBI headquarters about disinformation, specifically about the time, place or manner of elections in various states. These were passed to FBI San Francisco’s command post, which I mentioned to you before I was the daytime shift commander, and we would relay this information to the social media platforms where these accounts were detected. So I do not believe we were able to determine whether the accounts that were posting time, place or manner of election disinformation, whether they were American or foreign.

Q. But you received reports, I take it, from all over the country about disinformation about time, place and manner of voting, right?

A. That is — we received them from multiple field offices, and I can’t remember. But I remember many field offices, probably around ten to 12 field offices, relayed this type of information to us. And because DOJ had informed us that this type of information was criminal in nature, that it did not matter where the — who was the source of the information, but that it was criminal in nature and that it should be flagged to the social media companies. And then the respective field offices were expected to follow up with a legal process to get additional information on the origin and nature of these communications.

Q. So the Department of Justice advised you that it’s criminal and there’s no First Amendment right to post false information about time, place and manner of voting?

[snip]

A. That was my understanding.

Q. And did you, in fact, relay — let me ask you this. You say manner of voting. Were some of these reports related to voting by mail, which was a hot topic back then?

A. From my recollection, some of them did include voting by mail. Specifically what I can remember is erroneous information about when mail-in ballots could be postmarked because it is different in different jurisdictions. So I would be relying on the local field office to know what were the election laws in their territory and to only flag information for us. Actually, let me provide additional context. DOJ public integrity attorneys were at the FBI’s election command post and headquarters. So I believe that all of those were reviewed before they got sent to FBI San Francisco.

Q. So those reports would come to FBI San Francisco when you were the day commander at this command post, and then FBI San Francisco would relay them to the various social media platforms where the problematic posts had been made, right?

A. That is correct.

Q. And then the point there was to alert the social media platforms and see if they could be taken down, right?

A. It was to alert the social media companies to see if they violated their terms of service.

[snip]

Q. And this command post was chosen to be — I mean, it addresses nationwide election-related information, right?

A. So every field office, every FBI field office was mandated by headquarters to stand at a command post at least on election day. And FBI San Francisco was responsible for relaying any time, place or manner disinformation or malign-foreign-influence information to the social media companies as well as accepting any referrals from the social media companies.

Q. So FBI San Francisco had the special job of referring concerns to social media companies?

[snip]

THE WITNESS: Yes, and the reason for that is because the majority of the social media companies are headquartered in FBI San Francisco’s territory. [my emphasis]

That is, much of this activity (including this screen cap in particular) came in the context of a DOJ Public Integrity determination that lying about the time, place, or manner of voting might be a crime, and — Chan’s understanding at least — referrals to Twitter had already been vetted by a Public Integrity prosecutor.

As I’ve noted, this is not a frivolous claim. In early 2021, one of Bill Barr’s closest associates, Seth DuCharme, then serving as EDNY US Attorney, charged a Jack Posobiec associate named Douglass Mackey with violations of the Ku Klux Klan Act for doing this kind of thing at scale, by tweeting that users could text their vote in rather than show up and cast it, in 2016. Almost 5,000 people responded to this campaign and texted in their “vote” for President. It took two years and some HuffPo reporting before Mackey was identified and several more years to charge him.

Mackey is aggressively contesting the charge, including on First Amendment grounds; his trial is scheduled to start on March 13.

There’s even a tie between Mackey’s campaign and Elmo’s efforts to restore white supremacists to the platform. Right wingers have been lobbying Elmo to reinstate the pseudonymous Ricky_Vaughn99 account.

That’s what this is about: Efforts, some conducted at scale, to suppress the vote of certain Americans by lying to them about how or when or where to vote. And the involvement of prosecutors on the front end indicates that this was not just an effort to alert Twitter to misinformation so it could remove it if it chose to. This activity — which, again, makes up a great deal of what MattyDickPics has wailed about — was conducted in the context of law enforcement investigations.

But MattyDickPics has already confirmed that. The very screen cap in question — one of the screen caps that MattyDickPics’ frothers are most outraged about (caveating, again, that MattyDickPics chose to “censor” how Chan actually passed this onto Twitter) — asks for the following regarding 25 accounts that are “spread[ing] misinformation about the upcoming election:”

  1. Coordination between [San Francisco’s Field Office] and Twitter to determine whether the accounts identified below have violated Twitter’s terms of service and may be subject any actions deemed appropriate by Twitter.
  2. The issuance of preservation letters regarding any of the accounts identified below to preserve subscriber information and content information pending the issuance of legal process.
  3. Any location information associated with the accounts that Twitter will voluntarily provide to aid the FBI in assigning any follow-up deemed necessary to the appropriate FBI field office.

MattyDickPics has focused primarily on Bullet 1: If this violates Twitters terms of service, then — the FBI request suggests — Twitter can choose to do what it wants. That’s the “censorship” of efforts to dupe people into wasting their ability to participate in democracy that MattyDickPics is so outraged about.

Bullet 2, however, single-handedly refutes MattyDickPics’ claim from yesterday. Chan was supposed to ask for preservation letters, a request that Twitter preserve the account long enough that the FBI could follow up with a subpoena and/or warrant to get the subscriber information and then the content. This screen cap is explicitly about FBI’s case-building mission. MattyDickPics proved, on December 16, that MattyDickPics’ claims yesterday are false.

And even Bullet 3 — the reason this was deemed such an abuse — is about building a case. The National Command Post was not asking, voluntarily, for information that would help it identify whose mother’s basement this disinformation campaign was launched from, whether Brooklyn or Iran. Rather, it was asking for location information sufficiently detailed such that DOJ could assign follow-up leads to a US Attorney’s office that might be able to prosecute it. In fact, Mackey is challenging his prosecution, in part, by challenging venue in Brooklyn, a subject on which Judge Nicholas Garaufis has reserved judgment. That request for location information — accompanied as it was by a request for preservation order to get location information with a warrant — was all part of building a case.

One can certainly argue that the prosecution of Mackey and people like him for trying to affect the election by duping people out of their vote is a violation of the First Amendment, just like one can argue, as MattyDickPics is, that Twitter should be forced to permit users to use the platform to dupe others — Mackey allegedly targeted Blacks and Spanish speakers — out of casting their vote.

That’s a debate we can have.

But there’s no debate about whether these Command Post requests came in a framework that envisioned the possibility of case-building. MattyDickPics has already proven that MattyDickPics is lying about that.