Posts

Did GRU Learn that Democrats Had Hired Christopher Steele When They Hacked DNC’s Email Server?

/28 Comments/in , , /by

As I laid out a few weeks ago, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.

According to Glenn Simpson’s SJC testimony, he hired Christopher Steele in May or June of 2016 to investigate Trump’s ties to Russia.

Q. And when did you engage Mr. Steele to conduct opposition research on Candidate Trump?

A. I don’t specifically recall, but it would 10 have been in the — it would have been May or June  of 2016.

Q. And why did you engage Mr. Steele in May or June of 2016?

Simpson is maddeningly vague (undoubtedly deliberately) on this point. In one place he suggests he hired Steele after DCLeaks was registered and amid a bunch of chatter about Democrats being hacked, which would put it after June 8 and probably after June 15.

Q. So at the time you first hired him had it been publicly reported that there had been a cyber intrusion into the Democratic National Convention computer system?

A. I don’t specifically remember. What I know was that there was chatter around Washington about hacking of the Democrats and Democratic think tanks and other things like that and there was a site that had sprung up called D.C. Leaks that seemed to suggest that somebody was up to something. I don’t think at the time at least that we were particularly focused on — well, I don’t specifically remember.

But in his more informative HPSCI testimony, he suggests he may have started talking to Steele about collecting intelligence on Trump in May.

MR. QUIGLEY: When exactly did he start working under contract?

MR. SIMPSON: My recollection is that, you know, we began talking about the — I don’t remember when we started talking about the engagement, but the work started in June, I believe.

MR. QUIGLEY: Okay.

MR. SIMPSON: Possibly late May, but –

Given one detail in Mueller’s GRU Indictment, that difference may be critical.

Recall that the DNC figured out they had been hacked in April, and brought in Perkins Coie (the same firm that would engage Fusion GPS) for help. The attorney helping them respond to the hack, Michael Sussmann, warned them not to use DNC email to discuss the hack, because it might alert hackers they were onto them.

The day before the White House Correspondents’ Association dinner in April, Ms. Dacey, the D.N.C.’s chief executive, was preparing for a night of parties when she got an urgent phone call.

With the new monitoring system in place, Mr. Tamene had examined administrative logs of the D.N.C.’s computer system and found something very suspicious: An unauthorized person, with administrator-level security status, had gained access to the D.N.C.’s computers.

“Not sure it is related to what the F.B.I. has been noticing,” said one internal D.N.C. email sent on April 29. “The D.N.C. may have been hacked in a serious way this week, with password theft, etc.”

No one knew just how bad the breach was — but it was clear that a lot more than a single filing cabinet worth of materials might have been taken. A secret committee was immediately created, including Ms. Dacey, Ms. Wasserman Schultz, Mr. Brown and Michael Sussmann, a former cybercrimes prosecutor at the Department of Justice who now works at Perkins Coie, the Washington law firm that handles D.N.C. political matters.

“Three most important questions,” Mr. Sussmann wrote to his clients the night the break-in was confirmed. “1) What data was accessed? 2) How was it done? 3) How do we stop it?”

Mr. Sussmann instructed his clients not to use D.N.C. email because they had just one opportunity to lock the hackers out — an effort that could be foiled if the hackers knew that the D.N.C. was on to them.

“You only get one chance to raise the drawbridge,” Mr. Sussmann said. “If the adversaries know you are aware of their presence, they will take steps to burrow in, or erase the logs that show they were present.”

The D.N.C. immediately hired CrowdStrike, a cybersecurity firm, to scan its computers, identify the intruders and build a new computer and telephone system from scratch. Within a day, CrowdStrike confirmed that the intrusion had originated in Russia, Mr. Sussmann said.

But it’s not clear whether Sussmann warned this small team of people against using DNC emails at all, or just those emails discussing the hack.

Previously, I had always guesstimated how long after DNC brought Crowdstrike in the emails ultimately shared with WikiLeaks got exfiltrated from this analysis, based of the last dates of stolen emails and DNC’s email deletion policies in place at the time. It was a damned good estimate — May 19 to May 25.

But according to the indictment, the theft of the DNC emails happened later: starting on May 25, not ending on it.

Between on or about May 25, 2016 and June 1, 2016, the Conspirators hacked the DNC Microsoft Exchange Server and stole thousands of emails from the work accounts of DNC employees. During that time, YERMAKOV researched PowerShell commands related to accessing and managing the Microsoft Exchange Server.

The indictment doesn’t describe the entire universe of emails stolen — whether GRU stole just the 9 email boxes shared with WikiLeaks, or whether they obtained far more.

But the later date — possibly reaching as late as June 1 — means it’s possible GRU stole emails involving top DNC officials, officials involved in opposition research activities (as both Guccifer 2.0 and the DNC itself said had been a focus), including the activity of hiring a former MI6 officer to chase down Trump’s illicit ties to Russians.

Don’t get me wrong. If the Russians did, in fact, learn about the Steele effort and manage to inject his known reporting chain with disinformation, there were plenty of other possible ways they might have learned of the project: the several people overlapping between Fusion GPS’ Prevezon team and its Trump team, Rinat Akhmetshin who learned of the dossier from a chatty NYT editor, or maybe a close Trump ally like Sergei Millian. The sad thing about this disinformation project is it was so widely disseminated, any HUMINT integrity could have easily been compromised early in the process.

But the timeline laid out in the GRU indictment adds one more, even earlier possible way: that Russia learned the Democrats were seeking HUMINT from Russians about Russia’s efforts to help Trump from the Democrats’ own emails.

Sergei Millian and the Simpson Testimony

/98 Comments/in , /by

Glenn Simpson’s testimony to the House Intelligence Committee was actually far more informative than that he gave to the Senate Judiciary Committee. I get the feeling we all might have been better served had Simpson released Fusion’s own research on Trump rather than the Steele dossier (and it might have avoided all the drama over the dossier).

I was particularly interested in Simpson’s extended comments about Sergei Millian, who ran a sketchy Russian-American chamber of commerce organization (here’s a David Corn profile that surely is influenced by Fusion), who has been alleged by many outlets (WSJ, ABC, WaPo) to be one (D) or another (E) source for the Steele dossier (note, Steele’s labels for sources in the dossier were not consistent, and other figures must be one or another of those letters in some reports).

Simpson described that his own, unpublished research showed that Millian had ties to the Trump camp going back years, first in conjunction with an effort to help Trump brand vodka under his own name in Russia.

And there was, prior to the 2013 Miss Universe fair, there.was an earlier Trump vodka marketing project in Russia that later became something that we were very interested in.

[snip]

MR. SIMPSON: Well, one of the guys who organized this trip was a guy who’s currently known as Sergi Millian. And he’s been in the press a good bit, I think, although not recently. And, you know, he came up in connection with that, and then he came up in connection with Chris’ work as one of the people around Trump who had a Russian background, and unexplained, you know, a lot of unexplained things. So when we looked at him, we found that he ran a sort of shadowy kind of trade group called the Russian-American Chamber of Commerce, which is — Russians are known to use chambers of commerce and trade groups as fronts for intelligence operations.

And this guy, his name – his real name or his original n_ame that he came to the United States wasn’t Sergi Millian. It was Siarhei Kukuts, and that’s a pretty different name.

And he changed his name when he got to Atlanta. And when we looked at him some more, we found two different resumes for him. In one resume he said he was from Belarus and he went to Minsk State; and then in another he was from Moscow and went to Moscow State. In one he said he worked for the Belarussian Foreign Ministry; in the other, he said he worked for the Russian Foreign Ministry.

He was a linguist, also an interesting thing about his background. And as time went on, yeah, we found other things about him.

Simpson also described Millian dealing Trump condos to Russians.

We found a picture of him with Donald Trump. He boasted to people that he had sold hundreds of millions of dollars in Trump condos, Trump real estate to Russians, that he was some kind of exclusive agent for Trump in Russia and that he organized this trade fair.

That may refer to Millian’s involvement in the Trump Hollywood project. Simpson describes him playing a role that has been alleged of others in Trump’s Soho project — falsely claiming there were more buyers for the project than there really were.

MR. SCHIFF: And tell me about the Trump Hollywood project. That was an example of the latter or the former? Did they get the financing from what you could tell because they got a bunch of Russians to pre-sale, or did they go to a bank and say these are our investors, or how did they go about that?

MR. SIMPSON: Well, eventually, I mean, they lost the project. It went under. I, can’t – I’m not – I’m sure we did look at who the creditors were, who the lenders were. This is the project that Sergi Millian appears to have been involved in, and there’s a picture of Jorge Perez, Donald Trump, and Sergi Millian.

And he tells a story about meeting Donald Trump at the golf — at a racetrack, drinking a bottle of Crystal with him, seems — he gave him some Crystal. And that was in the early phases of the project. So it was clear that Donald Trump — so the equity partner was the related group. It was clear that this Russian had been brought into this with Trump, and what you can surmise from that is that he’s there to say there are buyers. We can bring you buyers for this property. And that’s what a developer needs to know is that he’s got buyer interest.

MR. SCHIFF: And how does it work? Let’s say Sergi Millian or someone else lines up the Russian buyers. The Russian buyers sign pre-sale agreements. Trump can then get financing for the res! of the project. Do the buyers go through and buy the properties, or is that no longer necessary, once you’ve obtained the bank financing you can actually sell them to real people?

Simpson describes Millian’s role in an NGO that — public reporting had revealed years earlier — had been investigated by the FBI as a recruiting organization.

And then, I guess, last but not least, he, you know – as we became more and more interested in his background and the press started to write stories about him, it came out that he was associated with this Russian friendship entity called Rossotrudnichestvo, and that he was involved in organizing a junket to Moscow for some American businessmen that was the subject of an FBI investigation, because it was a suspected recruiting operation. And the FBI had questioned people who were involved in this trip about whether they were recruited by the Russians when they went to Moscow.

So it was that kind of thing.

Finally, Simpson claims his research established ties between Millian and Trump lawyer Michael Cohen (though it’s not clear whether this involved anything beyond Twitter exchanges) that Cohen subsequently tried to downplay.

And then, you know, as further time went on, we found he was connected to Michael Cohen, the President’s lawyer. And eventually, after boasting about a lot of this stuff on camera, on tape, to the TV network, he backed away from all of it suddenly when the Russia controversy began to get hot.

And Michael Cohen was very adamant that he didn’t actually have a connection to Sergi, even though he was one of only like 100 people who followed Sergi on Twitter. And they — we had Twitter messages back and forth between the two of them just – we just pulled them off of Twitter.

There are two reasons this is interesting.

First, as the NYT noted, in the wake of Trump’s victory, Millian proposed a business deal with George Papadopoulos, with whom he had gotten close in the previous six months.

Mr. Trump’s improbable victory raised Mr. Papadopoulos’s hopes that he might ascend to a top White House job. The election win also prompted a business proposal from Sergei Millian, a naturalized American citizen born in Belarus. After he had contacted Mr. Papadopoulos out of the blue over LinkedIn during the summer of 2016, the two met repeatedly in Manhattan.

[snip]

Mr. Millian proposed that he and Mr. Papadopoulos form an energy-related business that would be financed by Russian billionaires “who are not under sanctions” and would “open all doors for us” at “any level all the way to the top.”

One billionaire, he said, wanted to explore the idea of opening a Trump-branded hotel in Moscow. “I know the president will distance himself from business, but his children might be interested,” he wrote.

I think Millian’s cultivation of Papadopoulos likely explains this reference in the affidavit supporting Papadopoulos’ arrest, showing Papadopoulos asking Ivan Timofeev over Facebook on July 22, 2016 for any information he had on someone he was about to meet for the first time (see my timeline here).

“If you know any background of him that is noteworthy before I see him, kindly send my way.”

That would say that, on the same day WikiLeaks released the DNC emails — which itself took place a day after Papadopoulos signaled something about Trump’s RNC speech to Timofeev — Millian started cultivating Papadopoulos, who apparently had started spending more time in NYC.

And, according to the NYT, that cultivation ended up right where Michael Cohen had started in November 2015, discussing a deal for a Trump Tower in Moscow which inexplicably related to Trump winning election, with oligarchs who could evade US sanctions.

Cohen to Millian to Papadopoulos full circle, in the course of one year.

And if I’m right that that Facebook message that Papadopoulos tried to delete indicates a Timofeev role in Millian’s cultivation of Papadopoulos, it suggests a good deal of  orchestration on that front.

Which brings me to Simpson’s comments about Millian and the dossier.

In the first exchange about Millian, Simpson dodges on whether — as had been publicly reported, perhaps even based on sources close to Simpson — Millian was one of the sources for the dossier.

MR. SCHIFF: To your knowledge, was Mr. Millian one of the sources for Christopher Steele in the dossier?

MR. SIMPSON: I’m not in a position to get into the identity of the sources for the dossier for security reasons, primarily.

But there’s a more interesting exchange later, where, in response to a Mike Quigley question about Simpson’s non-public production, Simpson first offers up the non-sequitur that Fusion didn’t leak the dossier to BuzzFeed, then offers a seemingly different non-sequitur about the import of Sergei Millian.

MR. QUIGLEY: The dossier was published. Other elements were published. What wasn’t published? Are there still documents? Is there still information that was garnered by either Mr. Steele or others that the public isn’t aware of at this point, on this point?

MR. SIMPSON: Well, to just put it on the record, we were not the ones that gave this document to Buzzfeed, and I was not happy when this was published. I was very upset. I thought it was a very dangerous thing and that someone had violated my confidences, in any event. I think the story is largely known and that there’s very little that was left on the cutting room table from that time. I think, you know, there’s a little bit of, you know, color, I would say. You know, this guy that we were talking about earlier, Sergi Millian, isn’t named in the dossier, but is someone who was important.

In this bizarre series of non-sequiturs, Simpson appears to connect Millian with the leak of the dossier, which led to the lawfare that in turn led to the campaign to discredit the entire Mueller investigation by focusing on the dossier.

He almost certainly wasn’t the leaker; John McCain associate David Kramer almost certainly was.

But I wonder if, as part of the plan (in which former McCain campaign manager Paul Manafort may have been involved) to use the dossier to undercut the investigation, someone in Millian’s orbit encouraged its leak?

FBI Is Examining Possible Coordination with Russia, Not Collusion

/9 Comments/in , /by

Jim Comey’s statement confirming an investigation including the Trump campaign on Monday said the following:

I have been authorized by the Department of Justice to confirm that the FBI, as part of our counterintelligence mission, is investigating the Russian government’s efforts to interfere in the 2016 presidential election, and that includes investigating the nature of any links between individuals associated with the Trump campaign and the Russian government and whether there was any coordination between the campaign and Russia’s efforts. As with any counterintelligence investigation, this will also include an assessment of whether any crimes were committed. [my emphasis]

In spite of that careful, pre-approved word choice, “coordination,” members of Congress in the hearing, as well as the press both before and after the hearing, have used the term “collusion.”

But Comey made it clear much later in the hearing that the term coordination was deliberate. Mike Quigley asked for more details about how the FBI might find collusion with a foreign power. Comey corrected him, stating that he was investigating whether there had been coordination.

Collusion is not a legal term. It is not one I have used today. I said we are investigating to see if there is any coordination between people associated with the campaign–

I think — though the lawyers should correct me if I’m wrong — this suggests the FBI is thinking in terms of conspiracy.

That, along with Comey’s focus on knowing coordination, may put things like Roger Stone’s interactions in the limelight — though the case that Guccifer 2.0 is a Russian cut-out is and always has been one of the weakest parts of the public case against Russia, and even top intelligence community people stop short of calling Wikileaks a Russian cut-out (meaning Stone would be able to deny knowingly working with Russians).

It does, however, put the events surrounding the release of Podesta’s emails on October 7 in interesting light, though the lefty case on that is neither the best case for that period, nor does it account for all the details that would be of interest.