Roger Stone Archives - Page 39 of 44

Posts

The Universe of Hacked and Leaked Emails from 2016: Podesta Emails

October 23, 2018/12 Comments/in 2016 Presidential Election, emptywheel, Mueller Probe, WikiLeaks /by emptywheel

When Mueller’s team released George Papadopoulos’ plea deal last year, I noted that the initial denials that Papadopoulos had advance warning of the emails the Russians were preparing to hack and leak did not account for the entire universe of emails known to have been stolen. A year and several Mueller indictments later, we still don’t have a complete understanding of what emails were being dealt when. Because that lack of understanding hinders understanding what Mueller might be doing with Roger Stone, I wanted to lay out what we know about four sets of emails. This series will include posts on the following:

DNC emails
Podesta emails
DCCC emails
Emails Hillary deleted from her server

The series won’t, however, account for two more sets of emails, anything APT 29 stole when hacking the White House and State Department starting in 2015, or anything released via the several FOIAs of the Hillary emails turned over to the State Department from her home server. It also won’t deal with the following:

Emails from two Hillary staffers who had their emails released via dcleaks
The emails of other people released by dcleaks, which includes Colin Powell, some local Republican parties (including some 2015 emails Peter Smith sent to the IL Republican party), and others with interests in Ukraine
A copy of the Democrats’ analytics program copied on AWS
The NGP/VAN file, which was not directly released by Guccifer 2.0, but is central to one of the skeptics’ theories about an alternative source other than Russia

Meuller remains coy about how the Podesta emails were released by WikiLeaks

My post on the DNC emails noted some timing curiosities about when and how the DNC emails got shared with WikiLeaks.

The curiosities about the Podesta emails, however, are far more important for questions about Roger Stone’s knowledge of the process.

As a number of people have observed, while Mueller’s GRU indictment provides extensive details describing how Podesta was hacked and showing that the infrastructure to hack him was used for other parts of the operation, the indictment is far more coy about how the Podesta emails got to WikiLeaks.

In or around 2016, LUKASHEV sent spearphishing emails to members of the Clinton Campaign and affiliated individuals, including the chairman of the Clinton Campaign.

[snip]

For example, on or about March 19, 2016, LUKASHEV and his co-conspirators created and sent a spearphishing email to the chairman of the Clinton Campaign. LUKASHEV used the account “john356gh” at an online service that abbreviated lengthy website addresses (referred to as a “URL-shortening service”). LUKASHEV used the account to mask a link contained in the spearphishing email, which directed the recipient to a GRU-created website. LUKASHEV altered the appearance of the sender email address in order to make it look like the email was a security notification from Google (a technique known as “spoofing”), instructing the user to change his password by clicking the embedded link. Those instructions were followed. On or about March 21, 2016, LUKASHEV, YERMAKOV, and their co-conspirators stole the contents of the chairman’s email account, which consisted of over 50,000 emails.

[snip]

The funds used to pay for the dcleaks.com domain originated from an account at an online cryptocurrency service that the Conspirators also used to fund the lease of a virtual private server registered with the operational email account [email protected]. The dirbinsaabol email account was also used to register the john356gh URL-shortening account used by LUKASHEV to spearphish the Clinton Campaign chairman and other campaign-related individuals.

[snip]

On or about October 7, 2016, Organization 1 released the first set of emails from the chairman of the Clinton Campaign that had been stolen by LUKASHEV and his co-conspirators. Between on or about October 7, 2016 and November 7, 2016, Organization 1 released approximately thirty-three tranches of documents that had been stolen from the chairman of the Clinton Campaign. In total, over 50,000 stolen documents were released.

Mueller’s silence, thus far, about how the Podesta emails got shared with WikiLeaks is intriguing for several reasons, even aside from the fact that (as noted in the last post) the first documents Guccifer 2.0 shared were billed as DNC emails but (as far as have been identified) are actually Podesta ones. Perhaps Mueller doesn’t know how those emails were passed on. Perhaps the sources and methods by which the FBI learned about how they were shared are too sensitive to put in an indictment. Perhaps Mueller has reserved that story for a later indictment.

The August to September timing on receipt of the emails

The publicly known timing is no more clear.

The Roger Stone tweet on which suspicions of advance knowledge of WikiLeaks’ releases rest — warning “Trust me, it will soon [sic] the Podesta’s time in the barrel” — is dated August 21, 2016.

That date is significant, because it’s not at all clear WikiLeaks had the Podesta emails by that point (and if so, may have just obtained them).

Raffi Khatchadourian cites a WikiLeaks staffer saying they received the emails in “late summer” but also points to an August 24 Fox News interview where Assange described processing “a variety of documents, from different types of institutions that are associated with the election campaign,” which doesn’t necessarily narrow down those emails to Podesta’s.

A pattern that was set in June appeared to recur: just before DCLeaks became active with election publications, WikiLeaks began to prepare another tranche of e-mails, this time culled from John Podesta’s Gmail account. “We are working around the clock,” Assange told Fox News in late August. “We have received quite a lot of material.” It is unclear how long Assange had been in possession of the e-mails, but a staffer assigned to the project suggested that he had received them in the late summer: “As soon as we got them, we started working on them, and then we started publishing them. From when we received them to when we published them, it was a real crunch. My only wish is that we had the equivalent from the Republicans.”

As we’ll see later in this series, there was more certainty that by August 24 WikiLeaks had other hacked emails than that they had Podesta’s.

Khatchadourian also notes that the raw files are all dated September 19 and describes Assange “weaponizing” the release of the data a week or two before the files were released starting on October 7.

All of the raw e-mail files that WikiLeaks published from Podesta’s account are dated September 19th, which appears to indicate the day that they were copied or modified for some purpose. Assange told me that in mid-September, a week or two before he began publishing the e-mails, he devised a way to weaponize the information. If his releases followed a predictable pattern, he reasoned, Clinton’s campaign would be able to prepare. So he worked out an algorithm, which he called the Stochastic Terminator, to help staff members select e-mails for each day’s release. He told me that the algorithm was built on a random-number generator, modified by mathematical weights that reflected the pattern of the news cycle in a typical week. By introducing randomness into the process, he hoped to make it impossible for the Clinton war room “to adjust to the problem, to spin, to create antidote news beforehand.”

That timing lines up in interesting ways with the date when retired British diplomat Craig Murray claims he got a handoff of something (he’s never explained precisely what it was, though it sounded like it could be an encryption key) relating to the Podesta emails when he was in DC to attend the Sam Adams Award ceremony on September 25.

All of which suggests significant events relating to the transfer to WikiLeaks and preparation of the Podesta emails happened after the Stone tweet.

Still later, according to a recent WSJ report, Peter Smith indicated that he knew Podesta emails were coming ahead of time (the reporting is not clear whether this was before or after the fact).

The person familiar with Mr. Smith recalled him repeatedly implying that he knew ahead of time about leaks of Mr. Podesta’s emails.

That claim is all the more interesting when you tie it to the email shared with Smith via foldering on October 11, seemingly reflecting happiness about emails already released, which would seem to point to the Podesta emails that started to drop four days earlier.

“[A]n email in the ‘Robert Tyler’ [foldering] account [showing] Mr. Smith obtained $100,000 from at least four financiers as well as a $50,000 contribution from Mr. Smith himself.” The email was dated October 11, 2016 and has the subject line, “Wire Instructions—Clinton Email Reconnaissance Initiative.” It came from someone calling himself “ROB,” describing the funding as supporting “the Washington Scholarship Fund for the Russian students.” The email also notes, “The students are very pleased with the email releases they have seen, and are thrilled with their educational advancement opportunities.”

The email apparently linking the contemporaneous release of the Podesta emails to a future hoped for release of deleted Hillary ones is significant for several reasons. First, it shows that other geriatric rat-fuckers, in addition to Stone, linked the two. The reflection of pleasure with emails on October 11 is significant given that that was the day WikiLeaks released two Podesta emails Smith associate Jerome Corsi and Stone would use to advance an attack on Podesta pertaining to his ties with Joule Unlimited, an attack that the right wing had been pushing since August (and working on since March). The WSJ notes that both Corsi and Charles Ortel (to the latter of whom Stone now ties some of his WikiLeaks claims) were tied to both Smith and Stone, though Stone claims to have been unaware of the Smith effort.

Stone’s three different explanations for his tweet and the import of Joule emails

In this post, I looked in detail at how epically shitty Stone’s current excuse for his August 21 Podesta tweet is. Over time, Stone has basically offered at least three excuses for it.

First he adopted an explanation offered in March 2017 by Jerome Corsi. In that explanation, Corsi basically conflated two efforts: an attack on John Podesta based on his service on the board of Joule Unlimited from 2010 to 2014, and an effort to respond to mid-August reports on Paul Manafort’s corrupt ties to Russia by focusing instead on Tony Podesta.

The Joule attack research was started (per web access dates recorded in this report) two days before Podesta was spearphished, on March 17, and first rolled out publicly in a Steve Bannon-affiliated Government Accountability Insitute report on August 1. Corsi and Stone resuscitated the attack starting on October 6 (the day before the Podesta emails started coming out), seemingly correctly anticipating the WikiLeaks email releases that Stone and Corsi would use to advance the attack.

The Corsi explanation that Stone once adopted conflated that attack with a report that Corsi did for Stone (starting at PDF 39), which largely projected onto Tony Podesta the corrupt ties to Ukraine and Russia that Paul Manafort had; the report only tangentially focused on John. The date on the Corsi report is August 31, ten days after Stone’s tweet, but Corsi claims he and Stone started it on August 14.

Stone offered a slightly different explanation when he testified under oath to the House Intelligence Committee. There, he generalized the attack on “the Podesta brothers” and attributed his tweet to “early August” discussions about the August 31 Corsi report. In his prepared statement, he made no mention of Joule.

In the wake of Corsi’s interview on September 6 and grand jury appearance on September 21 (in conjunction with which he reportedly shared a bunch of documents that would substantiate when he and Stone were talking about Joule and when about Tony Podesta), Stone changed his tune again, now only admitting publicly for the first time that Charles Ortel forwarded him an email showing James Rosen promising “a massive dump of HRC emails relating to the CF in September,” but also attributing any August 14 interest to something besides Corsi, a Breitbart post that may be this one.

Stone, however, says that the tweet was based on “an August 14th article in Breitbart News by Peter Schweitzer that reported that Tony Podesta was working for the same Ukrainian Political Party that Paul Manafort was being excoriated for,” and that “the Podesta brothers extensive business dealings with the Oligarchs around Putin pertaining to gas, banking and uranium had been detailed in the Panama Papers in April of 2016.”

Stone’s explanations seem to attempt to do three things:

Provide non-incriminating explanations for any foreknowledge of WikiLeaks — first pointing to Randy Credico and now to James Rosen
Offer explanations for discussions about Podesta that he may presume Mueller has that took place around August 14
Shift the focus away from Joule and the remarkable prescience with which the right wing anticipated that WikiLeaks would be able to advance an attack first rolled out on August 1

With that in mind, I find the timeline of Stone’s tweets mentioning either Podesta instructive. It shows Stone never mentioned either brother until August 15 — the day after the first of the stories on Manafort’s Ukraine corruption and after that August 14 date he seems so worried about. That tweet, “@JohnPodesta makes @PaulManafort look like St. Thomas Aquinas Where is the @NewYorkTimes?” may prove as interesting as the August 21 one.

Stone mentioned John Podesta again in that August 21 tweet.

Then he remained silent on Twitter about Clinton’s campaign chairman until the day after the Podesta emails started coming out, whereupon Stone started claiming that Podesta had been money laundering for Russia.

Stone’s first tweet as the Podesta emails dropped pointed back to an earlier Corsi post reporting that the Podesta Group was also under investigation. That same day, he pointed to the Corsi post that seemed to anticipate the Joule attack would be returning. Yet, in an interview done after the release on October 11 of the Podesta emails that both he and Corsi would later rely on to extend the Joule attack, Stone made no mention of those emails or the Joule attack. By the next day, however, Stone was relying on (but not linking) those emails.

In other words, at least as measured by his Twitter feed, Stone was uninterested in the Joule attack when it came out in August. He didn’t mention it at all in his two Podesta tweets that month (nor does he in his currently operative explanation). But he did become interested in the story in advance of the release of emails by WikiLeaks pertaining to the attack.

This is probably a good time to recall that many of the Stone associates Mueller has interviewed did research for Stone, and others had access to his social media accounts. Note that even this selection of his tweets show the use of multiple clients — Twitter Web Client, Tweetdeck, and Twitter for iPhone — that may reflect different people posting from his account.

Stone’s claims about WikiLeaks — and his outreach to Guccifer 2.0 — took place as Manafort started to panic about his own Russian ties

Given some of Stone’s explanations (and his apparent concern with offering some explanation for discussions about Podesta on August 14), I also find it notable the way this timeline overlaps with Manafort’s increasingly desperate efforts to stave off bankruptcy even while working for Trump for “free.” Part of those efforts, of course, involved criminal efforts to hide his ties to Russia in the wake of reporting on those ties in mid-August.

It’s unclear when Manafort knew for sure his ties with Russia would blow up. In the wake of the first WikiLeaks dump on July 27, he got asked about his and Trump’s ties to Russia, a question he struggled with before responding by pointing to Hillary’s deleted emails. In spite of the risk of his own Russian ties, Manafort met on August 2 with Konstantin Kilimnik, talking (among other things) about unpaid bills and the presidential election. Sometime in early August, in advance of the first NYT story substantiating his Russian ties, he was reportedly blackmailed over the secret ledgers of his work with Ukrainian oligarchs.

Remarkably, just as attention to Trump and Manafort’s ties to Russia started becoming an issue, Republicans had that GAI report insinuating a tie between Hillary and Russia all ready to go on August 1. That insinuation went through John Podesta and his ties to Joule. Before laying out that relationship, however, the GAI report suggested there must be more dirt on the topic in the emails Hillary deleted.

More recently, in January, 2015, Podesta became the campaign chairman of Hillary Clinton’s campaign for the 2016 presidential bid.85

During Hillary Clinton’s tenure as Secretary of State, he was in regular contact with her and played an important role in shaping U.S. policy. For one thing, he sat on the State Department’s Foreign Affairs Policy Board, appointed by Hillary. (The board was established in December 2011.)86

The full extent of Podesta’s email communication cannot ultimately be known because Hillary Clinton deleted approximately half of her emails after she left the State Department.

So along with everything else the report did, it built expectations that Hillary’s deleted emails would reveal secret dirt about Russia she was suppressing to win the campaign.

By the time the report came out, we know that Stone was already interested in what WikiLeaks might have, as Charles Ortel BCCed him on an email suggesting that WikiLeaks had Clinton Foundation emails to dump in September in late July.

Then, precisely as the Russian attack on Podesta was rolling out, Stone flip-flopped on his claimed belief about who hacked Hillary Clinton. Between August 1 and August 5, on the same days he was claiming to have dined with Julian Assange when he was instead in Southern California meeting his dark money associates, he started claiming that Guccifer 2.0 was just a hacktivist, not Russians. That stated belief has always been central to his claims not to have conspired with Russia.

In significant part because he flip-flopped publicly, he and Guccifer 2.0 started communicating, first about Stone’s claim that Guccifer 2.0 had nothing to do with Russia, then about Guccifer 2.0 being shut down on Twitter:

August 12: Guccifer 2.0: @RogerJStoneJr thanks that u believe in the real #Guccifer2

August 13: Stone: @WL @G2 Outrageous! Clintonistas now nned to censor their critics to rig the upcoming election.

Stone: @DailyCaller Censorship ! Gruciffer2 is a HERO.”

August 14: Guccifer 2.0: #Guccifer2 Here I am! They’ll have to try much harder to block me! #DNCleak #dccchack

Stone: First #Milo, now Guccifer 2.0 – why are those exposing the truth banned? @RealAlexJones @infowars #FreeMilo

Stone: @poppalinos @RealAlexJones @infowars @GUCCIFER_2 Thank You, SweetJesus. I’ve prayed for it.

That’s when Stone moved their conversations to DM.

That conversation, including Guccifer 2.0’s question whether Stone found “anything interesting in the docs I posted?” (which, in public context at least, would refer to some DCCC documents Guccifer had posted on WordPress on August 12) took place even as Stone was continuing to speak about knowing what was in the next WikiLeaks dump and as he responded badly to his childhood friend becoming the target of NYT’s attention on August 14.

As noted, Stone seems to be struggling to answer why he was discussing John Podesta on August 14.

To be sure, Stone was talking to Corsi on August 14 or 15. On August 15, Corsi published an interview with Stone, in which he claimed to have been badly hacked and described what he expected would come next from WikiLeaks.

But nothing in the interview mentions Podesta.

Stone’s descriptions of what WikiLeaks might dump next in that interview could reflect the BCCed James Rosen email reporting that WikiLeaks would dump Clinton Foundation documents in September, but the information he laid out went far beyond that email (and promised an October surprise, not a September dump).

“In the next series of emails Assange plans to release, I have reason to believe the Clinton Foundation scandals will surface to keep Bill and Hillary from returning to the White House,” he said.

[snip]

In a speech Southwest Broward Republican Organization in Florida, published Aug. 9 by David Brock’s left-wing website Media Matters, Stone said he had “communicated with Assange.”

“I believe the next tranche of his documents pertain to the Clinton Foundation, but there is no telling what the October surprise may be,” he said.

Stone told WND that Assange “plans to drop at various strategic points in the presidential campaigns Hillary Clinton emails involving the Clinton Foundation that have yet to surface publically.”

“Assange claims the emails contain enough damaging information to put Hillary Clinton in jail for selling State Department ‘official acts’ in exchange for contributions to the Clinton Foundation and as a reward for Clinton Foundation donors becoming clients of Teneo, the consulting firm established by Bill Clinton’s White House ‘body man’ Doug Band,” he said.

That same day, August 15, is the first time Stone ever mentioned Podesta on Twitter.

Stone claims (and claimed, in sworn testimony) that his focus on John Podesta was a response to the allegations against Manafort. That makes the confluence of all these events all the more interesting.

Corsi’s lawyer claims he avoided criminal liability

As noted above, Jerome Corsi has explained what he knows of all this in a September 21 grand jury appearance, a grand jury appearance that Mueller seems to have been working towards since having Ted Malloch questioned way back in March.

In advance of that testimony, Corsi’s attorney David Grey seemed to suggest that Corsi declined to participate in certain activities involving Stone that might have exposed him to criminal liability.

Gray said he was confident that Corsi has done nothing wrong. “Jerry Corsi made decisions that he would not take actions that would give him criminal liability,” he added, declining to elaborate.

Asked if Corsi had opportunities to take such actions, Gray said, “I wouldn’t say he was offered those opportunities. I would say he had communications with Roger Stone. We’ll supply those communications and be cooperative. My client didn’t act further that would give rise to any criminal liability.”

But Mueller is apparently now chasing down Corsi’s associates.

FBI agents have recently been seeking to interview Corsi’s associates, according to the person.

One other key player in the Podesta hand-off conflated the Podesta brothers

The close ties between how Stone focused on both Podesta brothers in response to the public allegations against Manafort is interesting for another reason.

Former Ambassador Craig Murray, the only one not denying some role in the handoff of the Podesta emails (again, he has said he didn’t get the emails themselves, which he believed were already with WikiLeaks, but something associated with them).

Murray told Scott Horton that his source had obtained whatever he received from a figure in American national security with legal access to the information.

[H]e says “The material was already, I think, safely with WikiLeaks before I got there in September,” though other outlets have suggested (with maps included!) that’s when the hand-off happened. In that account, Murray admits he did not meet with the person with legal access; he instead met with an intermediary.

But the explanation of his source’s legal access and motivation not only doesn’t make sense, but seems to parrot what Stone was saying at the time.

I also want you to consider that John Podesta was a paid lobbyist for the Saudi government — that’s open and declared, it’s not secret or a leak in a sense. John Podesta was paid a very substantial sum every month by the Saudi government to lobby for their interests in Washington. And if the American security services were not watching the communications of the Saudi government paid lobbyist then the American intelligence services would not be doing their job. Of course it’s also true that the Saudis’ man, the Saudis’ lobbyist in Washington, his communications are going to be of interest to a great many other intelligence services as well.

As Stone did, this conflates John and Tony. It wrongly suggests that US national security officials would be collecting all of Tony Podesta’s emails, or that collecting on Tony would obtain all of John’s emails. All the more interesting, this conflation would have come in a period when Manafort’s lifelong buddy, Stone, was trying to distract attention from Manafort’s own corruption — which included telling Tony not to disclose the influence-peddling he had done for Manafort in the legally required manner — by projecting Manafort’s corruption onto Tony.

One more point about Murray. Murray has ties (including through the Sam Adams Association the awards ceremony for which he was in DC attending) to NSA whistleblowers Bill Binney (Murray received the award in 2005 and Binney received it in 2015) and Kirk Wiebe. This claim that US law enforcement would collect everything (including Hillary’s deleted emails) is the kind of line that Binney was pushing at the time, including to Andrew Napolitano, who was CCed on the email Stone received about WikiLeaks’ plans in July. Napolitano is one of the people who has championed that Binney line about the hack.

In other words, it’s not just that Murray was telling a similar story as Stone, even though they’re politically very different people. It’s that he was not that distant from the network of Republicans talking about what WikiLeaks might have had.

Update: Emma Best just wrote up something she’s been tracking for some time: there are four different numbers on how many Podesta mails there are.

WikiLeaks’ own data gives us five different totals for the number of Podesta emails:

50,866

57,153

58,660

59,258

59,188

The two most authoritative answers to the question come from WikiLeaks and the Special Counsel’s office, and both indicate that the total exceeded 50,000. While WikiLeaks’ stated there were “well over 50,000” emails, the Special Counsel’s indictment simply said that “over 50,000 stolen documents were released.” Since “documents” can be construed to include both the emails and their various attachments, the SC’s total is even more vague and less definitive than WikiLeaks’.

Ultimately, he best answer to the question of how many Podesta emails there are appears to be 59,188.

This raises the possibility that Stone or Corsi saw copies that WikiLeaks didn’t publish. Mueller’s distinction between how many emails were stolen and how many released suggests FBI may know what WikiLeaks chose not to public, if in fact they did.

Timeline

July 18-21: Stone meets Nigel Farage while at RNC

July 25: Stone gets BCCed on an email from Charles Ortel that shows James Rosen reporting “a massive dump of HRC emails relating to the CF in September;” Stone now claims this explains his reference to a journalist go-between

July 27: Paul Manafort struggles while denying ties to Russia, instead pointing to Hillary’s home server

July 31: GAI report on From Russia with Money claiming Viktor Vekselberg’s Skolkovo reflects untoward ties; it hints that a greater John Podesta role would be revealed in her deleted emails and claims he did not properly disclose role on Joule board when joining Obama Administration

August 1: Steve Bannon and Peter Schweitzer publish a Breitbart version of the GAI report

August 1: Stone NYC > LA

August 2: Manafort and Konstantin Kilimnik meet in the Grand Havana Room in Jared’s 666 Park Avenue and “talked about bills unpaid by our clients, about [the] overall situation in Ukraine . . . and about the current news,” including the presidential campaign

August 2, 2016: Stone dines with dark money funder, John Powers Middleton in West Hollywood

August 3 and 4: Manafort obtains the bio of Steve Calk, from whom he was getting a $16 million mortgage in tacit exchange for a role in the Trump administration

August 3: Stone claims to Sam Nunberg to have dined with Assange

August 3-4: Stone takes a red-eye from LAX to Miami

August 4: Stone flip-flops on whether the Russians or a 400 pound hacker are behind the DNC hack and also tells Sam Nunberg he dined with Julian Assange; first tweet in the fall StopTheSteal campaign

August 5: Trump names Calk to his advisory committee

August 5: Stone column in Breitbart claiming Guccifer 2.0 is individual hacker

August 7: Stone starts complaining about a “rigged” election, claims that Nigel Farage had told him Brexit had been similarly rigged

August 8: Stone tells Broward Republicans he has communicated with Assange, expects next tranche to pertain to Clinton Foundation

August 10: Manafort tells his tax preparer that he would get $2.4 million in earned income collectable from work in Ukraine in November

August 10: Stone asserts that Hillary’s deleted emails will be coming out

Early August: Manafort gets blackmail threat pertaining to secret ledgers

August 12: Guccifer 2.0 publicly tweets Stone

August 13: Stone claims to have been hacked

August 14: NYT publishes story on secret ledgers

August 14: Stone DMs Guccifer 2.0

August 14: Corsi claims to have started research on response to NYT story

August 14: Breitbart piece suggesting NYT was ignoring Hillary’s own ties to Russia; this may be Stone’s latest explanation for interest in Podesta on that date

August 15: Manafort and Gates lie to the AP about their undisclosed lobbying, locking in claims they would make under oath later that fall

August 15: In first tweet mentioning John Podesta, Stone claims John Podesta “makes Paul Manafort look like St. Thomas Aquinas”

August 15: Corsi reports Stone’s prediction that WikiLeaks will release deleted Hillary emails (also reports on claimed hack)

August 17: AP publishes story on Manafort’s unreported Ukraine lobbying, describing Podesta Group’s role at length

August 17: Trump adds Steve Bannon and Kellyanne Conaway to campaign leadership team (Manafort’s daughter claims he hired them)

August 19: Manafort resigns from campaign

August 21: Stone tweets it will soon be Podesta’s time on the barrel

August 26: Rebekka Mercer asks Alexander Nix whether Cambridge Analytica or GAI could better organize the leaked Hillary emails

September 12: Following further reporting in the Kyiv Post, Konstantin Kilimnik contacts Alex Van der Zwaan in attempt to hide money laundering to Skadden Arps

September 28: Corsi post (later linked on Twitter by Stone) noting that Podesta Group also under investigation

October 6: Corsi repeats the Joule/GAI claims

October 11: Release of Podesta email allegedly backing Joule story (December 31, 2013 resignation letter, January 7, 2014 severance letters)

October 11: Foldering email among Peter Smith operatives that may included coded satisfaction with emails released thus far

October 12: Roger Stone interview with the Daily Caller responding to Podesta’s allegations he knew of release in advance, which makes no mention of Joule attack

October 13: In response to accusations he knew of Podesta emails in advance, Stone repeats Joule story falsely claiming this WikiLeaks email, released October 11, substantiates it; Corsi also posts a story on Joule, like Stone not linking to the underlying WikiLeaks emails

October 17: Corsi post that actually links the WikiLeaks releases relied on in his and Stone’s October 13 posts

October 30: Additional Joule letter (including actual transfer signatures) released

October 31: Additional Joule letter released

November 1: Additional Joule letter released

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.

Detour: Roger Stone’s Epically Shitty Explanation for His Podesta Tweet

October 22, 2018/10 Comments/in 2016 Presidential Election, Mueller Probe /by emptywheel

I need to take another detour from my series on the universe of the known hacked and leaked emails from 2016.

While working on the Podesta email post, my treatment of how epically shitty Stone’s explanation for his August 21, 2016 tweet boasting that “it would soon the Podesta’s time in the barrel” grew so big it has become its own post.

For reasons I laid out in this post, the public record is not all that convincing that Stone did have foreknowledge of the Podesta dump. Both in August, when he started talking about foreknowledge of a Hillary release, and in October, when he promised it on a specific day (that turned out to be wrong), he predicted WikiLeaks would dump Hillary’s deleted emails, not Podesta’s emails.

But Stone’s explanation for the tweet is epically shitty and increasingly makes me think he not only knew that Podesta’s emails would be released, but may have seen some of them in advance.

Effectively, Stone claimed to the House Intelligence Committee that his Podesta comment referred to a report Jerome Corsi did for him between August 14, and 31 ,2016 (which doesn’t identifiably show up in Stone’s political expenditures in this period).

My Tweet of August 21, 2016, in which I said, “Trust me, it will soon be the Podesta’s time in the barrel. #CrookedHillary” Must be examined in context. I posted this at a time that my boyhood friend and colleague, Paul Manafort, had just resigned from the Trump campaign over allegations regarding his business activities in Ukraine. I thought it manifestly unfair that John Podesta not be held to the same standard. Note, that my Tweet of August 21, 2016, makes no mention, whatsoever, of Mr. Podesta’s email, but does accurately predict that the Podesta brothers’ business activities in Russia with the oligarchs around Putin, their uranium deal, their bank deal, and their Gazprom deal, would come under public scrutiny. Podesta’s activities were later reported by media outlets as diverse as the Wall Street Journal and Bloomberg. My extensive knowledge of the Podesta brothers’ business dealings in Russia was based on The Panama Papers, which were released in early 2016, which revealed that the Podesta brothers had extensive business dealings in Russia. The Tweet is also based on a comprehensive, early August opposition research briefing provided to me by investigative journalist, Dr. Jerome Corsi, which I then asked him to memorialize in a memo that he sent me on August 31st , all of which was culled from public records. There was no need to have John Podesta’s email to learn that he and his presidential candidate were in bed with the clique around Putin.

The claim is, particularly knowing what we know about efforts Paul Manafort was making to hide his own corruption by asking Tony Podesta to avoid legally mandated reporting, … interesting. Particularly given the way this timeline overlaps with some other events, notably Manafort’s increasingly desperate efforts to stave off bankruptcy even while working for Trump for “free.” There are also some oddities about how the timing evolved from those August “research” documents and later October publications. I’ll hit both those timing issues in my Podesta email post.

For now, consider what Corsi claimed back in March 2017, the first attempt to explain Stone’s tweet. In his version, Stone’s tweet was about four different reports.

Corsi first said that he started researching the Podestas and Russia in response to reading a July 31, 2016 Government Accountability Institute report, one not mentioned in Stone’s explanation.

On July 31, 2016, the New York Post reported that Peter Schweizer’s Washington-based Government Accountability Institute had published a report entitled, “From Russia with Money: Hillary Clinton, the Russian Reset, and Cronyism.”

That report detailed cash payments from Russia to the Clintons via the Clinton Foundation which included a Putin-connected Russian government fund that transferred $35 million to a small company that included Podesta and several senior Russian officials on its executive board.

“Russian government officials and American corporations participated in the technology transfer project overseen by Hillary Clinton’s State Department that funneled tens of millions of dollars to the Clinton Foundation,” the report noted in the executive summary.

“John Podesta failed to reveal, as required by law on his federal financial disclosures, his membership on the board of this offshore company,” the executive summary continued. “Podesta also headed up a think tank which wrote favorably about the Russian reset while apparently receiving millions from Kremlin-linked Russian oligarchs via an offshore LLC.”

Reading Schweizer’s report, I began conducting extensive research into Secretary Clinton’s “reset” policy with Russia, Podesta’s membership on the board of Joule Global Holdings, N.V. – a shell company in the Netherlands that Russians close to Putin used to launder money – as well as Podesta’s ties to a foundation run by one of the investors in Joule Energy, Hans-Jorg Wyss, a major contributor to the Clinton Foundation.

Having claimed this report got him interested in substantiating a tie between Hillary and Russia, Corsi then shifts, saying that the August 14 NYT story on Manafort’s secret ledgers did (which I would call “mid-August,” not early August). He claimed his goal in response to the NYT reporting — it’s not clear whether this started on August 1 or August 14 — was just to publicize the already-written GAI report.

On Aug. 14, 2016, the New York Times reported that a secret ledger in Ukraine listed cash payments for Paul Manafort, a consultant to the Ukraine’s former President Viktor F. Yanukovych.

When this article was published, I suggested to Roger Stone that the attack over Manafort’s ties to Russia needed to be countered.

My plan was to publicize the Government Accountability Institute’s report, “From Russia With Money,” that documented how Putin paid substantial sums of money to both Hillary Clinton and John Podesta.

Putin must have wanted Hillary to win in 2016, if only because Russian under-the-table cash payments to the Clintons and to Podesta would have made blackmailing her as president easy.

On Aug. 14, 2016, I began researching for Roger Stone a memo that I entitled “Podesta.”

So Corsi suggests the report he did for Stone was based on the GAI one.

Except Corsi’s report (starting at PDF 39, copies of the report are at this point just reproductions without metadata to track when they were written, but Corsi claims to have handed over ways for Mueller to track such things when he interviewed with Mueller’s team and then appeared before the grand jury in September) doesn’t deal with the GAI report at all. Instead, it is a direct response to the NYT Manafort report, claiming that the NYT reporting (the stuff that has since been confirmed by all of Manafort’s guilty pleas) was not substantiated. It then makes a key logical move, admitting that his report is an attempt to undermine the claim that Russia’s close ties to Manafort had some relation to the hack-and-leak.

From there, the Democratic Party narrative continues to suggest Manafort’s close relationship to the Kremlin allowed him to position the Trump campaign to receive a dump of hacked emails that embarrassed the Clinton campaign by exposing the efforts Debbie Wasserman Schultz, as chairman of the DNC, took to rig the primaries for Hillary, to the distinct disadvantage of challenger, Sen. Bernie Sanders.

The entire Democratic Party narrative is thrown into disarray if it turns out the Podesta brothers, via the Podesta Group, have tighter and more easily documentable financial ties to Russia, involving far greater numbers than have ever been suggested to tie Manafort to Russia via Ukraine.

This is a key distinction. While the report definitely responds to the burgeoning scandal about Manafort’s ties to Russian oligarchs, Corsi admits that this report is about undercutting the claim that Russia would have reason to target Hillary in a hack-and-leak effort. So yeah, it’s about Stone’s “boyhood friend and colleague” (who at the time was setting off on a crime spree to hide his Russian ties), but it’s also about his longtime buddy Donald Trump, too.

From there the Corsi report focuses on the Podesta Group, on Uranium One, on Clinton’s ties to Fethulla Gulen (whom Mike Flynn was moving towards on kidnapping at the time), as if any of that suggests closer ties to Russia than Manafort has. Virtually the only claim about John Podesta (as opposed to Tony) is that he had ties to Hillary’s Foundation.

The idea behind Corsi’s story, I suppose, is that if Corsi started writing this report on August 14, then when Stone tweeted on August 21, it would reflect a draft of the report that bears the final date of August 31. There’s no public record to support that chronology, though.

From there, Corsi notes that he and Podesta returned to the subject of the GAI report — Podesta’s ties with Joule — in October.

On October 6, 2016, I published in WND.com the first of a series of articles detailing Putin’s financial ties to Clinton and Podesta, based largely on the research contained in the Government Accountability Institute’s report, “From Russia With Money.”

On Oct. 13, 2016, Stone published on his website an article entitled, “Russian Mafia money laundering, the Clinton Foundation and John Podesta.”

So thus far, Corsi argues that the progression goes from an August 1 GAI Report, to … something … to his research starting on August 14 about entirely unrelated allegations about the Podestas, back to both he and Stone writing on Joule in October.

In his description of the October pieces, Corsi claims — citing selectively — that Stone’s Joule piece relied on his and (he seems to claim, but this is nonsense) his private research report.

A comparison of the two articles will show the extent to which Stone incorporated my research into his analysis.

Probably, Corsi is talking about that series he is referring to, which include these posts:

September 28: Media Neglect Clinton-Linked Firm’s Role in Russia Scandal (pointing out the Podesta Group was also under investigation)

October 6: Russia? Look Who’s Really in Bed with Moscow (Reiterates findings of GAI report)

October 13: Hillary Campaign Chief Linked to Money-Laundering in Russia (cites but does not link to WikiLeaks releases)

October 17: How Hillary’s Campaign Chief Hid Money from Russia (actually inking to the WikiLeaks emails and claiming the Leonidio to which Podesta transferred Joule shares was one one in Utah

Though he cites Stone’s denials of advance knowledge that WikiLeaks would dump the Podesta emails, Corsi doesn’t cite this passage in Stone’s October 13 piece.

Wikileaks emails tie John Podesta, chairman of Hillary Clinton’s 2016 presidential campaign, into the money-laundering network with the confirmation Podesta had exercised 75,000 shares out of 100,000 previously undisclosed stock options he was secretly issued by Joule Unlimited, a U.S. corporation that ties back to Vekselberg connected Joule Global Stichting in the Netherlands – a shady entity identified in the Panama Papers as an offshore money-laundering client of the notorious Panamanian law firm Mossack Fonseca.

As a clear indication of guilty conscience, the Wikileaks Podesta file further documents that Podesta made a serious effort to keep the transaction from coming to light as evidenced by his decision to transfer 75,000 common shares of Joule Unlimited to Leonidio LLC, another shady shell corporation – this one listed in Salt Lake City at the home apartment of the gentlemen who registered the company.

Stone mentions — but does not link to — some of the WikiLeaks files he’s discussing. It is true that two Podesta emails released two days earlier on October 11 (December 31, 2013 resignation letter, January 7, 2014 severance letters) relate to the stuff Stone mentions and have some of the same numbers. They certainly don’t substantiate Stone’s claim about mob ties and shell corporations. Plus, three of the Joule documents that might actually pertain to Stone’s claims weren’t released until October 30, October 31, and November 1. Significantly, the research that Corsi claims Stone relied on didn’t show up until Corsi’s October 17 post, four days after Stone’s.

That at least suggests that Stone may have had those WikiLeaks emails earlier — and it may suggest he had “WikiLeaks documents” that never got published, which he ironically would have referenced in a piece purporting to prove he didn’t have advance knowledge of the release. It also raises real questions about why Corsi resuscitated the Joule attack on October 6, as if knowing both that Podesta emails would come out and that they would include some attached documents allegedly substantiating and advancing the GAI report from the summer.

Stone also claims further research reflects an unsubstantiated further tie with (Trump inauguration donor) Viktor Vekselberg, one he didn’t repeat when he revived the post to implicate Michael Cohen last May.

Further research has documented that Viktor Vekselberg arranged for two transfers of unknown amounts to a private Clinton Foundation account in the Bank of America, with the funds passing though a pass-through account at Deutsche Bank and Trust Company Americas in New York City – with the first transfer made on Feb. 10, 2015, and the second on March 15, 2016.

Vekselberg is known to have donated to the Clinton Foundation, though it’s not clear where Stone gets the banking details.

I’m not actually sure what to make of Stone’s post. I have yet to chase down where all these claims come from (if not from Stone’s ripe imagination).

But even aside from these three unsubstantiated claims, I know this.

Corsi originally claimed that all four reports — the August 1 GAI report, his own August 14-31 private report to Stone, his own revival of the GAI report the day before the Podesta emails started coming out on October 7 (and, arguably, the entire series), and then Stone’s own piece after some WikiLeaks documents came out that sort of related to his arguments but not entirely — were part of the same effort.

That’s not right. His own report for Stone is the outlier.

While it’s unsurprising that Manafort’s “boyhood friend” might solicit a report both to protect that boyhood friend and his longtime political mentee, Donald Trump, that report was part of a separate effort than the GAI research — which Stone would ultimately claim without proof WikiLeaks releases supported. It’s unclear which of the three things is most damning: the Stone report which claimed to use WikiLeaks research to elaborate on the GAI research, the report attempting to disprove true facts about Manafort’s ties to Russia, or the tweet.

But they don’t explain each other. And inserted into the timeline — as I’ll do — they become even more problematic.

Update: I took out a paragraph on Corsi’s timing, which was erroneous.

Update: Via the Daily Caller, Stone has now offered another explanation: that he learned of all this from a James Rosen email to Andrew Napolitano on which he was BCCed.

Stone also told The Post he had a “second source” regarding his claims about WikiLeaks the Clinton Foundation. Emails provided to The Daily Caller show the “second source” referenced is an email Stone was Bcc’d on from July 25, 2016. Stone was Bcc’d on the email by Clinton Foundation expert Charles Ortel, who was conducting a conversation with then-Fox News journalist James Rosen and Judge Andrew Napolitano.

July 2016 Email

The email included a previous exchange between Ortel and Rosen in which the Fox News journalist wrote “am told Wikileaks will be doing a massive dump of HRC emails relating to the CF in September” to Ortel. There is no evidence to suggest Rosen was aware of Stone’s visibility on the email chain.

James Rosen Email

Ortel confirmed the authenticity of the email exchanges to TheDC while Rosen declined to comment.

Stone explained to TheDC the information he learned from the email was part of the basis for his August 2016 claim of impending information from WikiLeaks about the Clinton Foundation.

This doesn’t actually explain squat. But it does put Stone in contact with people who might be explain the rest of what went down. The DC piece also provides another Stone excuse for why he was interested in Podesta’s plight on August 14, which he claims was a Schweitzer piece at Breitbart, but which might instead be this one. In any case, Stone seems to have a real urgency to have something that explains an August 14 interest in Podesta.

Update: One other point about the language in Corsi’s report making it clear it was a response to the Russian allegations. He still seems to treat the possibility that Russia did the hack seriously. That’s an interesting detail given that the guy he was purportedly doing the report for was publicly on the record blaming a 400 pound hacker in mom’s basement.

On the Roger Stone Investigation: Talking to Guccifer 2.0 or WikiLeaks Is Not a Crime

October 22, 2018/8 Comments/in 2016 Presidential Election, Mueller Probe /by emptywheel

Before I get further in my series on the known universe of hacked and leaked emails from 2016, I want to explain something about Roger Stone, especially given this WaPo story that provides interesting details but claims Mueller is pursuing them in hopes of answering this question:

Did longtime Trump adviser Roger Stone — or any other associate of the president — have advance knowledge of WikiLeaks’ plans to release hacked Democratic emails in 2016?

While I don’t claim to understand much more than the rest of the world about what the Mueller probe is doing, I say with a fair degree of certainty that Mueller has not had three prosecutors chasing leads on Roger Stone since February because he wants to know if Stone had advance knowledge of WikiLeaks’ plans on releasing emails. Knowing that WikiLeaks planned on releasing emails is not a crime.

Indeed, Assange at times (most notably on June 12) telegraphed what he was up to. There were WikiLeaks volunteers and some journalists who knew what WikiLeaks was up to. None of that, by itself, is a crime.

With that in mind, consider the following:

It matters what emails Stone claimed to know would be released

At the risk of spoiling my series, let me explain the significance of it. While knowing that WikiLeaks would release emails is not by itself a crime, advance knowledge becomes more interesting based on what Stone might have done with that knowledge. Here’s why:

DNC emails: Mueller has presumably tracked whether and to whom George Papadopoulos shared advance knowledge of the tip he got on April 26 that the Russians would release emails to help Trump. That’s important because if he can show meeting participants knew those emails had been offered, then June 9 meeting becomes an overt act in a conspiracy. While there’s no public allegation Stone knew that WikiLeaks would be releasing Hillary emails before Julian Assange stated that publicly on June 12 (after the Trump Tower meeting and therefore at most a response to the meeting), if Stone knew that WikiLeaks would be part of the delivery method it adds to evidence of a conspiracy.
Podesta emails: The Democrats’ focus on Stone has always been on his seeming advance knowledge that WikiLeaks would release the Podesta emails, though the public case that he did is in no way definitive. Even assuming he did learn in advance, there are multiple channels via which Stone might have learned the Podesta emails were coming (just as an example, Democrats have necessarily always been obfuscating about how much they knew). But any presumed advance knowledge is still only a crime if Stone in some way coordinated with it or encouraged ongoing hacking.
Deleted Hillary emails: While the evidence that Roger Stone knew that WikiLeaks would release Podesta’s emails is inconclusive, the evidence that he “knew” WikiLeaks had Hillary’s deleted emails is not. Stone made that claim over and over. It’s actually not public whether and when WikiLeaks obtained files purporting to be Hillary’s deleted emails, though we should assume they got at least some sets of purported emails via the Peter Smith effort. If Stone had involvement in that effort, it might be criminal (because operatives were soliciting stolen emails from criminal hackers, not just making use of what got released), though Stone says he was unaware of it.
DCCC emails: The DCCC files, which offered more operational data about downstream campaigns, might raise other problems under criminal law. That’s because the data offered was generally more operational than the DNC and Podesta emails offered, meaning operatives could use the stolen data to tweak their campaign efforts. And Guccifer 2.0 was sharing that data specifically with operatives, providing something of value to campaigns. Guccifer 2.0 tried to do the same with Stone. The text messages between Stone and Guccifer 2.0 show the persona trying to get Stone interested in some of the DCCC files pertaining to FL. But at least on those DMs, Stone demurred. That said, if Stone received and operationalized DCCC data in some of his rat-fucking, then it might raise criminal issues.

It matters from whom Stone learned (if he did) of WikiLeaks’ plans

A big part of Mueller’s focus seems to be on testing Stone’s public claims that his go-between with WikiLeaks was Randy Credico, who had ties to Assange but was not conspiring to help Trump win via those channels.

There are other possible go-betweens that would be of greater interest. For example, the public discussion of Stone’s potential advance knowledge seems to have forgotten the suspected role of Nigel Farage, with whom Stone dined at the RNC and later met at Trump’s inauguration. That would be of heightened interest, particularly given the way Stone suggested the vote had been rigged against Brexit and Trump when in reality Russians were rigging the vote for both.

It matters whether Stone lied about the whom or the what

Stone’s testimony to the House, in which he offered explanations about any advance knowledge and his Podesta comment, was sworn. If Mueller can show he lied in his sworn testimony, that is certainly technically a crime (indeed, Sam Patten got referred to Mueller based on on his false statements to the Senate Intelligence Committee). But it’s unlikely Mueller would charge, much less investigate, Stone for 8 months solely to prove whether he lied to Congress.

But if Stone did lie — claiming he learned of WikiLeaks’ plans from Credico when in fact he learned from someone also conspiring with the Russians — then those lies would lay out the import of Stone’s role, in what he was hypothetically trying to cover up.

Stone’s flip-flop on blaming the Russians at the moment he claimed to have knowledge of WikiLeaks’ plans is of likely interest

There’s a data point that seems very important in the Roger Stone story. On or around August 3, the very same day Stone told Sam Nunberg that he had dined with Julian Assange, Stone flip-flopped on his public statements about whether Russia had hacked Hillary or some 400 pound hacker in a basement had. During that period, he went from NY (where he met with Trump) to LA to coordinate with his dark money allies, then went home to Florida to write a column that became the first entry in Stone’s effort to obfuscate the Russian role in the hack. That flip-flop occurred just before Stone started making public claims about what WikiLeaks had.

I suspect that flip-flop is a real point of interest, and as such may involve some other kind of coordination that the press has no public visibility on (particularly given that his claimed meeting with Assange happened while he was meeting with his dark money people).

Mueller may have had probable cause Roger Stone broke the law by March

In the wake of Michael Caputo’s testimony, Roger Stone briefly claimed that he must have been targeted under FISA, apparently based on the fact that Mueller had (possibly encrypted) texts he didn’t provide himself showing that he and Caputo had had contact with a presumed Russian dangle they had hidden in prior sworn testimony. A more likely explanation is that Stone’s was one of the at-least five phones Mueller got a warrant for on March 9, in the wake of Rick Gates’ cooperation. But if that’s the case, then it means that Mueller already had shown probable cause Stone had committed some crime by the time he got this phone.

Mueller is scrutinizing Stone for more than just knowledge of WikiLeaks

Even the public reporting on Mueller’s investigative actions make it clear that he is scrutinizing Stone for more than just a hypothetical knowledge of, much less coordination with, WikiLeaks. He seems to have interest in the two incarnations of Stone’s Stop the Steal dark money group, which worked to intimidate Cruz supporters around the RNC and worked to suppress Democratic voters in the fall. There’s reason to suspect that the ways in which Stone and his people sloshed that money around did not follow campaign finance rules (in which case Don McGahn might have played a role). Certainly, Andrew Miller seems to worry that his own role in that sloshing might lead to criminal exposure. But Jerome Corsi has also suggested that Stone might have pitched some legally suspect actions to him, and those would constitute rat-fuckery, not campaign finance violations in the service of rat-fuckery.

Now, those other potential crimes might just be the gravy that Mueller has repeatedly used, charging people with unrelated crimes (like Mike Flynn’s Turkish influence peddling or Michael Cohen’s Stormy Daniel payoffs) to get their cooperation in the case in chief. Or they might be something that more closely ties to conspiracy with Russians.

The larger point, however, is that isolated details from Stone-friendly witnesses (and from Stone himself) may not be the most reliable way to understand where Mueller is going with his investigation of Stone. Certainly not witnesses who say Mueller has spent 8 months scrutinizing whether Stone lied about his foreknowledge of WikiLeaks’ actions.

The Universe of Hacked and Leaked Emails from 2016: DNC Emails

October 21, 2018/11 Comments/in 2016 Presidential Election, emptywheel, Mueller Probe, WikiLeaks /by emptywheel

DNC emails
Podesta emails
DCCC emails
Emails Hillary deleted from her server

The series won’t, however, account for two more sets of emails, anything APT 29 stole when hacking the White House and State Department in 2015, or anything released via the several FOIAs of the Hillary emails turned over to the State Department from her home server. It also won’t deal with the following:

Emails from two Hillary staffers who had their emails released via dcleaks
The emails of other people released by dcleaks, which includes Colin Powell, some Republican party officials (including some 2015 emails Peter Smith sent to the IL Republican party), and others with interests in Ukraine
A copy of the Democrats’ analytics program copied on AWS
The NGP/VAN file, which was not directly released by Guccifer 2.0, but is central to one of the skeptics’ theories about an alternative source other than Russia

DNC Emails

The “DNC emails” are generally thought of as the 44,000 emails WikiLeaks released on July 22, 2016. The GRU indictment describes the theft and conveyance of those emails this way:

Between on or about May 25, 2016 and June 1, 2016, the Conspirators hacked the DNC Microsoft Exchange Server and stole thousands of emails from the work accounts of DNC employees. During that time, YERMAKOV researched PowerShell commands related to accessing and managing the Microsoft Exchange Server.

[snip]

On or about June 22, 2016, Organization 1 sent a private message to Guccifer 2.0 to “[s]end any new material [stolen from the DNC] here for us to review and it will have a much higher impact than what you are doing.” On or about July 6, 2016, Organization 1 added, “if you have anything hillary related we want it in the next tweo [sic] days prefable [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after.” The Conspirators responded, “ok . . . i see.” Organization 1 explained, “we think trump has only a 25% chance of winning against hillary . . . so conflict between bernie and hillary is interesting.”

After failed attempts to transfer the stolen documents starting in late June 2016, on or about July 14, 2016, the Conspirators, posing as Guccifer 2.0, sent Organization 1 an email with an attachment titled “wk dnc link1.txt.gpg.” The Conspirators explained to Organization 1 that the encrypted file contained instructions on how to access an online archive of stolen DNC documents. On or about July 18, 2016, Organization 1 confirmed it had “the 1Gb or so archive” and would make a release of the stolen documents “this week.”

On or about July 22, 2016, Organization 1 released over 20,000 emails and other documents stolen from the DNC network by the Conspirators. This release occurred approximately three days before the start of the Democratic National Convention. Organization 1 did not disclose Guccifer 2.0’s role in providing them. The latest-in-time email released through Organization 1 was dated on or about May 25, 2016, approximately the same day the Conspirators hacked the DNC Microsoft Exchange Server.

Raffi Khatchadourian (who has done as much work as anyone else on the known universe of emails) noted that by the time the July 14 exchange had happened, Julian Assange had already said he had emails and Guccifer 2.0 had already said he had shared them with WikiLeaks.

On June 12th, three days before the creation of Guccifer 2.0, Assange announced that he had a substantial trove of Clinton-related e-mails that were pending publication. Likewise, Guccifer 2.0 proclaimed, on its very first post on the WordPress site, “The main part of the papers, thousands of files and mails, I gave to Wikileaks. They will publish them soon.” Again and again, the G.R.U. officers tried to drive home this point—which, of course, was evidently the main point of creating the persona. “I sent a big part of docs to WikiLeaks,” Guccifer 2.0 told the editor of the Smoking Gun that same day. On June 17th, Guccifer 2.0 said in another e-mail, “I gave WikiLeaks the greater part of the files.” (For e-mail, the G.R.U. gave Guccifer 2.0 another fake identity: Stephan Orphan.)

In other words, both the G.R.U. and Assange appear to have confessed to the transmission and reception of a large trove of Clinton-related e-mails in mid-June, before Guccifer 2.0 was apparently created. The indictment does not address this. There is no way to say precisely what that trove was—if it was the Podesta archive given to WikiLeaks much earlier than is generally presumed, or the D.N.C. e-mails, or both, or something else. (There is also the possibility that both parties were not speaking truthfully.) But, if Assange did have the D.N.C. e-mails before Guccifer 2.0 was created, then the details in the indictment take on new meaning. Some version of the following may be true: it is mid-June, with the convention approaching, and Assange is about to release a bombshell, when he notices the sudden appearance of Guccifer 2.0, a “hacker” edging into his turf, inviting journalists to write in. So he writes in, asking for material that interests him. He has already gone through the D.N.C. e-mails and has recognized that the trove highlights conflict within the Democratic Party. He signals that he wants more on that specific issue. The G.R.U. is happy to comply, through its new cutout. Perhaps some of it overlaps with what the G.R.U. already provided, making Guccifer 2.0’s confessions literally accurate. Perhaps it is the same irrelevant dross that Guccifer 2.0 fed to others.

Last year, I visited Assange several times in the Ecuadorian Embassy in London. He often emphasized to me that the sourcing of his election publications was complex. I usually took this as a dodge. But the sourcing may indeed have been multilayered. There are many conceivable ways that G.R.U. officers could have provided e-mails to WikiLeaks before they created Guccifer 2.0. They could have used the WikiLeaks anonymous-submission system. They could have used a different fictitious online persona. They could have used a human intermediary. Last year, James Clapper told me, “It was done by a cutout, which of course afforded Assange plausible deniability.” In January, 2017, Clapper oversaw a formal intelligence assessment on Russian meddling. At the time, more than one news organization reported that a classified version of the assessment made clear that the intermediaries between the G.R.U. and WikiLeaks were already known. (Certainly, the intelligence community would also have been in possession of Guccifer 2.0’s Twitter D.M.s at that time, too.) One intelligence official, describing the report, indicated to Reuters last year that the e-mails relayed to WikiLeaks had followed a “circuitous route,” by a series of handoffs, on their journey from Moscow. Such a scenario seems to be at odds with the idea that Guccifer 2.0 merely sent WikiLeaks an encrypted link to download it all in one swoop.

An earlier Khatchadourian piece describes WikiLeaks experiencing some pressure to publish before the convention.

In early July, for example, Guccifer 2.0 told a Washington journalist that WikiLeaks was “playing for time.” There was no public evidence for this, but from the inside it was clear that WikiLeaks was overwhelmed. In addition to the D.N.C. archive, Assange had received e-mails from the leading political party in Turkey, which had recently experienced a coup, and he felt that he needed to rush them out. Meanwhile, a WikiLeaks team was scrambling to prepare the D.N.C. material. (A WikiLeaks staffer told me that they worked so fast that they lost track of some of the e-mails, which they quietly released later in the year.) On several occasions, and in different contexts, Assange admitted to me that he was pressed for time. “We were quite concerned about meeting the deadline,” he told me once, referring to the Democratic National Convention.

His original release date for the D.N.C. archive, he explained, was July 18th, the Monday before the Convention; his team missed the deadline by four days. “We were only ready Friday,” he said. “We had these hiccups that delayed us, and we were given a little more time—” He stopped, and then added, strangely, “to grow.”

Khatchadourian’s earlier mention of a July 18 deadline is quite interesting, given the response from WikiLeaks to a Guccifer 2.0 email, promising to publish that week, on the 18th.

Khatchadourian also describes WikiLeaks as doing significant work to verify the emails — more than they could have done in the time between July 14 and July 22.

Once they were in Assange’s hands, his overriding concern was to insure that they were genuine. “We had quite some difficulties to overcome, in terms of the technical aspects, and making sure we were comfortable with the forensics,” he recalled. As an Australian, he had only a vague grasp of the way the D.N.C. operated, which made deciphering the political significance of the e-mails difficult. “It’s like looking at a very complex Hieronymus Bosch painting from a distance,” he told me. “You have to get close and interact with it, then you start to get a feel.” Often, a first encounter with a WikiLeaks database submission can be overwhelming—as one former staffer told me, “My heart sinks a bit.”

To work on the material, Assange had to coördinate with operatives outside the building, and avoid surveillance inside it. “I have a lot of security issues in the Embassy,” he told me. “It’s not like you can be comfortable with your source material and read it.” He would not tell me how many people worked on the project, except that the number was small. “We’re all secret squirrels now,” he said.

All this raises questions about how much verification WikiLeaks did, and if instead this was a tale told to Khatchadourian, not to mention why they had confidence publishing them would not blow up on them.

Now, I have suggested that one possible second source of the emails — or at least one alternate explanation that Russia and WikiLeaks might claim that could provide GRU some plausible deniability — would be via the contents of email boxes stolen using passwords released just before the DNC hack from Yevgeniy Nikulin’s past hacks of Linked-In and MySpace. Nikulin has utterly stalled his prosecution until February by refusing not only to cooperate with his defense (though he has had repeated contacts from Russian diplomatic officials), but also with a competency evaluation. So we won’t learn anything (and Nikulin won’t be coerced to cooperate) anytime soon as a result of his extradition to the US.

But, as part of an effort to track changes to WikiLeaks’ website and the DNC emails, Emma Best identified what at first appeared to be a change in one email but ultimately just revealed that the cache includes both the sent and received copies of some emails.

After pointing this out on Twitter and listing the 36 known instances, one user checked a copy of the DNC emails they had retrieved months before. They found what appeared to be a modification to the email – a missing piece of metadata that identified the internal IP address that sent the email. After several hours of searching and comparing five different caches of DNC emails, the difference was both confirmed and explained – WikiLeaks’ copy of the DNC emails comes from several accounts, which resulted in some duplicates in their cache. The internal message ID for the duplicates would be the same, but differences in metadata would appear based on whether the email was being sent or received, and in the case of the former what device and client was sending the emails. Since the x-originating-ip metadata which seemed to appear and then disappear is added by the server when it’s sent, it would naturally be missing from the sender’s copy of the email. This addresses the most alarming question regarding the DNC emails, but does nothing to address the rest.

There are reasons to believe that this means the email in question comes from the Microsoft Exchange server and not from someone’s own mailbox (Update: though I may be 100% wrong on this point). Which, if my speculation that WikiLeaks might invoke the Nikulin alternate theory, might still show Assange got the emails in one batch early on, but then published what he got via the delivery identified in the indictment and didn’t spend much time vetting that delivery.

Meanwhile, it’s crucial to note, as Khatchadourian does in his earlier piece, that emails Guccifer 2.0 claimed were DNC documents when he released them the day after the WaPo revealed the DNC had been hacked didn’t come from the DNC; those that have been identified came, instead, from John Podesta. It wasn’t until July 6 that the Guccifer 2.0 documents billed as DNC ones actually were.

But then, on July 6th, just before Guccifer 2.0 complained that WikiLeaks was “playing for time,” this pattern of behavior abruptly reversed itself. “I have a new bunch of docs from the DNC server for you,” the persona wrote on WordPress. The files were utterly lacking in news value, and had no connection to one another—except that every item was an attachment in the D.N.C. e-mails that WikiLeaks had. The shift had the appearance of a threat. If Russian intelligence officers were inclined to indicate impatience, this was a way to do it.

The notion that the Guccifer 2.0 persona may have — in addition to discrediting the WaPo article and providing a quick cover for the Russian attribution of the hack — served to pressure Assange to keep to some kind of July 18 deadline raises more stakes on that detail from the GRU indictment, but also may relate to the kind of signaling we saw elsewhere.

Update: I should have laid out some of the logic behind emails we’ve got. First, WikiLeaks has claimed that all the emails they have come from the “accounts” of seven identified people.

The leaks come from the accounts of seven key figures in the DNC: Communications Director Luis Miranda (10520 emails), National Finance Director Jordon Kaplan (3799 emails), Finance Chief of Staff Scott Comer (3095 emails), Finanace Director of Data & Strategic Initiatives Daniel Parrish (1742 emails), Finance Director Allen Zachary (1611 emails), Senior Advisor Andrew Wright (938 emails) and Northern California Finance Director Robert (Erik) Stowe (751 emails).

Khatchadourian says they actually come from ten accounts.

The twenty thousand or so D.N.C. e-mails that WikiLeaks published were extracted from ten compromised e-mail accounts, and all but one of the people who used those accounts worked in just two departments: finance and strategic communications. (The single exception belonged to a researcher who worked extensively with communications.)

DNC automatically deleted emails after 30 days if they weren’t specifically saved (which is where this exfiltration estimate came from, which was off from the Mueller date by a week). Emails that precede the 30 day window (so April 19 or 25) or that weren’t part of one of the identified accounts may indicate another source.

As I disclosed July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.

Yevgeniy Prigozhin’s Paid Trolls Prove His Legal Challenge to His Indictment To Be False

October 20, 2018/39 Comments/in 2016 Presidential Election, 2018 Mid-Term Election, Mueller Probe /by emptywheel

I have long argued that the most visible error that Robert Mueller’s team has made thus far in their investigation of Russian involvement in the 2016 election was in charging Concord Management as part of the Internet Research Agency indictment. Doing so effectively charged Vladimir Putin’s crony, Yevgeniy Prigozhin, in both his natural and corporate form, giving him a way to defend against the charges without having to show up in person in the US to do so. On April 11, almost two months after first being indicted (and after Prigozhin assumed an official role in management of Concord so he could claim he needed to be personally involved in any defense of the company), some American lawyers from Reed Smith showed up to start defending Concord against the charges.

By paying money to have lawyers defend his corporate self against trolling accusations, Prigozhin got the opportunity to do several things:

Obtain discovery about what the government knew of his companies’ efforts and communications with (among others) Vladimir Putin
Challenge Robert Mueller’s authority as Special Counsel
Dispute Mueller’s theory that online trolls operated by foreigners should be subject to regulation under campaign finance law and DOJ’s Foreign Agents Registration Act (as well as laws prohibiting visa fraud)

Thus far, Prigozhin’s efforts have done no real damage. Mueller found a way to limit what Prigozhin could look at by requiring his lawyers keep most discovery here in the US. And he beat back Prigozhin’s first challenge to his authority in Judge Dabney Friedrich’s District Court; Concord has submitted an amicus brief in Roger Stone aide Andrew Miller’s challenge to Mueller’s authority under the same theory, but it won’t get a chance to appeal Friedrich’s decision itself unless the case actually goes to trial.

Prigozhin’s third challenge, to Mueller’s theory of the case, poses more of a problem. While Special Counsel has lots of case law to argue that when charging ConFraudUS you don’t need to prove the underlying crimes (here, that Prigozhin’s trolls committed campaign finance, FARA, and visa fraud violations), Prigozhin’s lawyers nevertheless have argued — starting formally in a brief filed on July 15 — that those poor Russian trolls sowing division in the US had no way of knowing they were supposed to register with the FEC and DOJ before doing so, and so could not be accused of fraudulently hiding their Russian nationality, location, and funding. Effectively, the brief argued over and over and over — some form of the word “willful” shows up 99 times in the filing, “mens rea” shows up 33 times, “knowingly” shows up 58 times — that these poor Russian trolls just can’t be shown to have willfully violated America’s laws against unregistered foreign influence peddling because they had no way to know about those laws.

No case has specifically addressed whether a willfulness mens rea is required in a § 371 defraud conspiracy case like this one. But that is only because of the novelty of this Indictment. In circumstances where, as here, complex regulations are implicated against a foreign national with no presence in the United States, and the threat of punishing innocent conduct is extant, courts frequently have expressed the need for a heightened mens rea requirement. And even in those cases favored by the Special Counsel in his prior briefing, which he erroneously believes serve to relax the standard for criminal intent—requiring only some vague proof that Concord knew “on some level” the existence of some unspecified “regulatory apparatus” governing foreign nationals who participate in some fashion in United States elections (Hr’g Tr. 9:17–22)— the concerns over the proof of mens rea are evident, just as they should be in any conspiracy case. It is simply impossible for any person, whether a foreign national or a U.S. citizen, to have any knowledge of, let alone understand, the Special Counsel’s imaginary “on some level” mens rea standard. Further, none of the cases relied upon by the Special Counsel provide any reason not to impose a willfulness requirement in this case.

As Mueller’s August 15 response emphasized, the trolls focused their challenge to this indictment on Brett Kavanaugh well before he was confirmed.

Concord repeatedly invokes (at 1, 7, 17, 19, 20, 23-24, 27, 31, 32) Judge Kavanaugh’s majority opinion in Bluman v. Federal Election Comm’n, 800 F. Supp. 2d 281 (D.D.C. 2011), sum aff’d, 565 U.S. 1104 (2012), and his concurring opinion in United States v. Moore, 612 F.3d 698 (D.C. Cir. 2010), but neither addresses Section 371. Bluman—a civil case—assessed the constitutionality of the ban on non-citizens’ political expenditures and cautioned that, when the government “seek[s] criminal penalties for violations of th[at] provision” (which requires a defendant “act ‘willfully’”), the government must prove the defendant’s “knowledge of the law.” 800 F. Supp. 2d at 292 (citation omitted; emphasis added). Similarly, Moore concerned a violation of Section 1001, which “proscribes only those false statements that are ‘knowingly and willfully’ made.’” 612 F.3d at 702 (Kavanaugh, J., concurring) (emphasis added). Accordingly, Judge Kavanaugh opined, the government must prove that “the defendant knew his conduct was a crime.” Id. at 704. Because Count One need not allege a violation of a substantive offense other than Section 371 and that statute does not contain an express “willful” element, Bluman and Moore contribute nothing to Concord’s mens rea argument.

Kavanaugh, Kavanaugh, Kavanaugh, Kavanaugh, Kavanaugh, Kavanaugh, Kavanaugh, Kavanaugh, Kavanaugh, the troll lawyers have been chanting since 6 days after he was nominated. And while Mueller’s team argued that those past Kavanaugh opinions did not address ConFraudUS, the newest Supreme Court Justice clearly believes any legal limits on foreign influence peddling must be clearly conveyed to those foreigners doing their influence peddling. Kavanaugh’s elevation, then, presented the real possibility that by charging Concord, Mueller might make it easier for foreigners to tamper in our election than for Americans.

Moreover, it looked like Trump appointee Dabney Friedrich (who gave the challenge to Mueller’s authority far more consideration than she should have) was sympathetic to the troll challenge to the indictment. Not only did Friedrich seem sympathetic to the Concord challenge in a hearing on Monday, on Thursday she ordered Mueller’s team to be more specific about whether the trolls had to — and knew they had to — register with the FEC and DOJ.

Specifically, should the Court assume for purposes of this motion that neither Concord nor its co-conspirators knowingly or unknowingly violated any provision, civil or criminal, of FECA or FARA by failing to report expenditures or by failing to register as a foreign agent?

That is the genius (and I suspect, the entire point) of the complaint against Prigozhin’s accountant, Elena Alekseevna Khusyaynova, who oversees the funding of all these trolls, which was unsealed yesterday.

It provides proof that Prigozhin and Concord continued to engage in ConFraudUS long after receiving notice, in the form of that February 16 indictment, that the US considered engaging in such trolling without registration a crime.

Among the overt acts of the conspiracy, for example, the complaint describes Khusyaynova:

Requesting payment from Concord for trolling expenses on February 21, February 28, March 6, April 6, May 8, May 10, June 1, June 4, June 9, and July 10, 2018
Submitting a 107 million ruble budget in March to cover April’s expenditures, a 111 million ruble budget in April to cover May’s expenditures, and a 114 million budget for June in June (the complaint calculates these budgets to amount to over $5.25 million, though not all of that got spent in the US)
Following up with a Concord employee on April 11 and 12 to make sure one of Concord’s laundering vehicles, Almira LLC, paid its part of the budget for March expenditures
Spending $60,000 in Facebook ads and $6,000 in Instagram ads between January and June of this year
Spending $18,000 for “bloggers” and “developing accounts” on Twitter between January and June

In other words, the complaint shows that even after Concord got indicted for spending all this money to influence American politics, even after it hired lawyers to claim it didn’t know spending all that money was illegal, it continued to spend the money without registering with FEC or DOJ. The very same day Prigozhin’s lawyers filed their attorney appearances in court in DC, his accountant in St. Petersburg was laundering more money to pay for trolling.

But the true genius of the complaint comes in the evidence of trolling it cites. As noted, the complaint cites two trolls tweeting about the February 16 indictment of their own trolling.

@JemiSHaaaZzz (this was an RT): Dear @realDonaldTrump: The DOJ indicted 13 Russian nationals at the Internet Research Agency for violating federal criminal law to help your campaign and hurt other campaigns. Still think this Russia thing is a hoax and a witch hunt? Because a lot of witches just got indicted.

[snip]

@JohnCopper16: Russians indicted today: 13 Illegal immigrants crossing Mexican border indicted today: 0 Anyway, I hope that all those Internet Research Agency f*ckers will be sent to gitmo.

@JohnCopper16: We didn’t vote for Trump because of a couple of hashtags shilled by the Russians. We voted for Trump because he convinced us to vote for Trump. And we are ready to vote for Trump again in 2020!

Prigozhin has paid 7 months of legal fees arguing that he had no idea that this was a crime, even while paying $5 million, part of which paid his own trolls to describe being indicted for “violating federal criminal law” and asking to be sent to Gitmo for that crime.

And his trolls continued to claim they had knowledge of American campaign law, as when on March 14, almost a month after the indictment, @TheTrainGuy13 reposted a pro-Trump tweet noting that voter fraud is a felony.

The complaint even cites @KaniJJackson tweeting about a Net Neutrality vote on May 17, well after Reed Smith had told the court they were representing Concord to make claims that Prigozhin had no idea unregistered political trolling was illegal.

Ted Cruz voted to repeal #NetNeutrality. Let’s save it and repeal him instead.

Here’s the list of GOP senators who broke party lines and voted to save #NetNeutrality: Susan Collins John N Kennedy Lisa Murkowski Thank you!

Since July, Prigozhin’s Reed Smith lawyers have spent 326 pages briefing their claim that their poor foreign client and his trolls had no way of knowing that the United States expected him and his trolls to register before tampering in US politics. Even while they were doing that, in a complaint filed in sealed form three weeks ago, on September 28, DOJ had compiled proof that even after receiving official notice of the fact that the US considered that a crime on February 16, even after Prigozhin showed on April 11 his knowledge that the US considered that a crime by hiring attorneys to argue he couldn’t have known, he and his accountant and his trolls continued trolling.

As persuasive as Reed Smith lawyers have been in arguing Prigozhin couldn’t have known this was illegal, his trolls have laid out far better proof that he knew he was breaking the law.

Trump’s Open Book Test Still Poses a Big Perjury Risk

October 12, 2018/50 Comments/in 2016 Presidential Election, Mueller Probe /by emptywheel

In spite of a great deal of encouragement to do so on Twitter, I can’t muster a victory lap from the news that the Mueller team has agreed that Trump’s first round of open book test will focus only on conspiracy with Russia.

President Donald Trump’s legal team is preparing answers to written questions provided by special counsel Robert Mueller, according to sources familiar with the matter.

The move represents a major development after months of negotiations and signals that the Mueller investigation could be entering a final phase with regard to the President.

The questions are focused on matters related to the investigation of possible collusion between Trump associates and Russians seeking to meddle in the 2016 election, the sources said. Trump’s lawyers are preparing written responses, in part relying on documents previously provided to the special counsel, the sources said.

[snip]

Negotiations for Trump’s testimony lasted for the better part of a year. The two sides nearly reached a deal in January for Trump to be questioned at the presidential retreat in rural Maryland, Camp David, only for talks to break down at the last minute. What followed was a series of letters and meetings — some hostile — in which Trump’s lawyers raised objections and sought to limit any potential testimony.

For months, Mueller told Trump’s lawyers that he needed to hear from the President to determine his intent on key events in the obstruction inquiry.

While I find it significant that this report came first from Evan Perez and (?!?!) Dana Bash, not Maggie and Mike (suggesting it may come from different sources than the people who fed the NYT the line that Mueller was primarily interested in obstruction), this report seems to suggest that after letting Trump stall for almost a year, Mueller has decided to finally get him on the record on the key crimes.

While CNN has not said anything about timing — that is, how long Trump’s lawyers will stall over an open book test that they claim they’ve already written many of the answers to — this agreement may have as much to do with preparation for the post-election period in which Mueller can roll out any indictments he has been working on and Trump can start firing people. That is, before he makes any big moves in the case in chief, he has to get Trump on the record in some form or other. Better to get him on the record in sworn written statements than launch a subpoena fight that will last past that post-election period.

So I don’t think this says much about the relative legal exposure Mueller thinks Trump has for obstruction versus conspiracy (though, again, if you’ve got the conspiracy charges, the obstruction charges will be minor by comparison). It says that Mueller has decided it’s time to get Trump committed to one story, under penalty of perjury.

That said, consider two details about obstruction.

First, Mueller has gotten both of the men Trump reportedly dangled pardons to, Mike Flynn and Paul Manafort, to enter cooperation agreements. That means he’s got both men — possibly along with the non-felon lawyers who passed on the offer — describing that they were offered pardons if they protected the President. That, to my mind, is the most slam dunk instance of obstruction even considered. So by obtaining Manafort’s cooperation, Mueller may have already obtained the most compelling evidence of obstruction possible.

Also, it’s not at all clear that Trump can avoid perjury exposure even on an open book test. We’ve already seen that some of the written responses the Trump team has provided Mueller — such as the two versions of their explanation for the Flynn firing — obscure key details (including Trump’s own role in ordering Flynn to tell Russia not to worry about sanctions). Plus, Trump’s lawyers have recently come to realize they not only don’t know as much as they thought they did about what other “friendly” witnesses had to say (Bill Burck seems to have reconfirmed last week that his clients — which include, at a minimum, Don McGahn, Steve Bannon, and Reince Priebus — don’t have Joint Defense Agreements with Trump), but that they don’t actually know everything they need to know from Trump. Trump is unmanageable as a client, so it’s likely he continues to lie to his own lawyers.

Most importantly, on all of the key conspiracy questions Mueller posed to Trump last March (the first two were also in his first set of questions in January), Mueller has at least one and sometimes several cooperating witnesses.

What did you know about phone calls that Mr. Flynn made with the Russian ambassador, Sergey I. Kislyak, in late December 2016? [Flynn]
When did you become aware of the Trump Tower meeting? [Manafort]
During a 2013 trip to Russia, what communication and relationships did you have with the Agalarovs and Russian government officials? [Cohen, Goldstone, Kaveladze]
What communication did you have with Michael D. Cohen, Felix Sater and others, including foreign nationals, about Russian real estate developments during the campaign? [Cohen, Sater]
What discussions did you have during the campaign regarding any meeting with Mr. Putin? Did you discuss it with others? [Manafort, Gates, Cohen]
What discussions did you have during the campaign regarding Russian sanctions? [Manafort, Flynn]
What involvement did you have concerning platform changes regarding arming Ukraine? [Manafort, Gates]
During the campaign, what did you know about Russian hacking, use of social media or other acts aimed at the campaign? [Stone’s associates, Gates, Manafort]
What knowledge did you have of any outreach by your campaign, including by Paul Manafort, to Russia about potential assistance to the campaign? [Manafort]
What did you know about communication between Roger Stone, his associates, Julian Assange or WikiLeaks? [Stone’s associates, Manafort]
What did you know during the transition about an attempt to establish back-channel communication to Russia, and Jared Kushner’s efforts? [Flynn]
What do you know about a 2017 meeting in Seychelles involving Erik Prince? [Flynn]
What do you know about a Ukrainian peace proposal provided to Mr. Cohen in 2017? [Cohen]

The one area where that’s not true is with Roger Stone (though Rick Gates, at least, seems to have been in the loop on some of that), but then Mueller has spent the last 10 months collecting every imaginable piece of evidence pertaining to Stone.

Between Trump’s lawyers’ incomplete grasp of what their client did and the witnesses and other evidence regarding these activities, Mueller has a much better idea of what happened than Trump’s lawyers do. Which means they may not be able to help their client avoid lying.

Offering John Podesta Emails While Selling Deleted Hillary Emails

October 11, 2018/20 Comments/in 2016 Presidential Election, Mueller Probe, WikiLeaks /by emptywheel

Back in April 2017, I noted something problematic with Democratic theories about the advance knowledge of Roger Stone — and by association, the Trump camp — of Russia’s hack and leak plans: Democrats have largely focused on Stone’s warning, on August 21, 2016, that “it would soon be the Podesta’s time in the barrel,” arguing it reflected foreknowledge of the October 2016 dump of John Podesta’s emails. Stone has said he was talking about blaming Tony Podesta for his corruption, and while that does appear to be a projection-focused defense of Paul Manafort as his own corruption posed problems for the Trump campaign, none of that explains how Stone implicated John in his brother’s sleaze.

That one comment aside, virtually every time Stone predicted a WikiLeaks October Surprise, he implied it would be Clinton Foundation documents or other ones she deleted from her home server, not Podesta emails. That is, while Stone appears to have known the general timing of the October dump, Stone didn’t predict the Podesta emails. He predicted emails deleted from Hillary’s home server, emails that never got published. Here’s how it looks in a timeline (partly lifted from this CNN timeline).

August 12, 2016: Roger Stone says, “I believe Julian Assange — who I think is a hero, fighting the police state — has all of the emails that Huma and Cheryl Mills, the two Clinton aides thought that they had erased. Now, if there’s nothing damning or problematic in those emails, I assure you the Clintonites wouldn’t have erased them and taken the public heat for doing so. When the case is I don’t think they are erased. I think Assange has them. I know he has them. And I believe he will expose the American people to this information you know in the next 90 days.”

August 15, 2016: Stone tells WorldNetDaily that, “’In the next series of emails Assange plans to release, I have reason to believe the Clinton Foundation scandals will surface to keep Bill and Hillary from returning to the White House,’ … The next batch, Stone said, include Clinton’s communications with State Department aides Cheryl Mills and Huma Abedin.”

August 26, 2016: Stone tells Breitbart Radio that “I’m almost confident Mr. Assange has virtually every one of the emails that the Clinton henchwomen, Huma Abedin and Cheryl Mills, thought that they had deleted, and I suspect that he’s going to drop them at strategic times in the run up to this race.”

August 29, 2016: Stone suggests Clinton Foundation information might lead to prison. “Perhaps he has the smoking gun that will make this handcuff time.”

September 16, 2016: Stone says that “a payload of new documents” that Wikileaks will drop “on a weekly basis fairly soon … will answer the question of exactly what was erased on that email server.”

September 18, 2016 and following: Stone asks Randy Credico to get from Assange any emails pertaining to disrupting a peace deal in Libya, making it clear he believes Assange has emails that WikiLeaks has not yet released.

In a Sept. 18, 2016, message, Mr. Stone urged an acquaintance who knew Mr. Assange to ask the WikiLeaks founder for emails related to Mrs. Clinton’s alleged role in disrupting a purported Libyan peace deal in 2011 when she was secretary of state, referring to her by her initials.

“Please ask Assange for any State or HRC e-mail from August 10 to August 30–particularly on August 20, 2011,” Mr. Stone wrote to Randy Credico, a New York radio personality who had interviewed Mr. Assange several weeks earlier. Mr. Stone, a longtime confidant of Donald Trump, had no formal role in his campaign at the time.

Mr. Credico initially responded to Mr. Stone that what he was requesting would be on WikiLeaks’ website if it existed, according to an email reviewed by the Journal. Mr. Stone, the emails show, replied: “Why do we assume WikiLeaks has released everything they have ???”

In another email, Mr. Credico then asked Mr. Stone to give him a “little bit of time,” saying he thought Mr. Assange might appear on his radio show the next day. A few hours later, Mr. Credico wrote: “That batch probably coming out in the next drop…I can’t ask them favors every other day .I asked one of his lawyers…they have major legal headaches riggt now..relax.”

As I further noted, when WikiLeaks started dumping Podesta emails in October (including excerpts of Hillary’s private speeches), Stone focused more on accusing Bill Clinton of rape, another projection-based defense of Donald Trump (especially in light of the Access Hollywood tape) than he focused on the Podesta emails.

In other words, Stone may not have exhibited foreknowledge of the Podesta dump. By all appearances, he seemed to expect that WikiLeaks would publish emails obtained via the Peter Smith efforts — efforts that involved soliciting Russian hackers for assistance. That actually makes Stone’s foreknowledge more damning, as it suggests he was part of the conspiracy to pay Russian hackers for emails they had purportedly already hacked from Hillary’s server and that he expected WikiLeaks would be an outlet for the emails, as opposed to just learning that Podesta’s emails had been hacked some months after they had been.

It was Guccifer 2.0, not Assange, who claimed anyone had Clinton server documents (including in a tweet responding to my observation he was falsely billing documents as Clinton Foundation ones).

And Guccifer 2.0 was (according to Politico, not WSJ) in the loop of this effort, so may have been trying to pressure WikiLeaks to publish sets of files already sent, as he had tried to do with DCCC files earlier in August.

[Chuck] Johnson said he and [Peter] Smith stayed in touch, discussing “tactics and research” regularly throughout the presidential campaign, and that Smith sought his help tracking down Clinton’s emails. “He wanted me to introduce to him to Bannon, to a few others, and I sort of demurred on some of that,” Johnson said. “I didn’t think his operation was as sophisticated as it needed to be, and I thought it was good to keep the campaign as insulated as possible.”

Instead, Johnson said, he put the word out to a “hidden oppo network” of right-leaning opposition researchers to notify them of the effort. Johnson declined to provide the names of any of the members of this “network,” but he praised Smith’s ambition.

“The magnitude of what he was trying to do was kind of impressive,” Johnson said. “He had people running around Europe, had people talking to Guccifer.” (U.S. intelligence agencies have linked the materials provided by “Guccifer 2.0”—an alias that has taken credit for hacking the Democratic National Committee and communicated with Republican operatives, including Trump confidant Roger Stone—to Russian government hackers.)

Johnson said he also suggested that Smith get in touch with Andrew Auernheimer, a hacker who goes by the alias “Weev” and has collaborated with Johnson in the past. Auernheimer—who was released from federal prison in 2014 after having a conviction for fraud and hacking offenses vacated and subsequently moved to Ukraine—declined to say whether Smith contacted him, citing conditions of his employment that bar him from speaking to the press.

Two interesting issues of timing arise out of that, then.

First, to the extent that Stone’s tweets during the week of October 7 (the ones that exhibited foreknowledge of timing, if not content) predicted the timing of the next leak, they would seem to reflect an expectation that deleted emails were coming, not necessarily that Podesta ones were.

[O]n Saturday October 1 (or early morning on October 2 in GMT; the Twitter times in this post have been calculated off the unix time in the source code), Stone said that on Wednesday (October 5), Hillary Clinton is done.

Fewer of these timelines note that Wikileaks didn’t release anything that Wednesday. It did, however, call out Guccifer 2.0’s purported release of Clinton Foundation documents (though the documents were real, they were almost certainly mislabeled Democratic Party documents) on October 5. The fact that Guccifer 2.0 chose to mislabel those documents is worth further consideration, especially given public focus on the Foundation documents rather than other Democratic ones. I’ll come back to that.

Throughout the week — both before and after the Guccifer 2.0 release — Stone kept tweeting that he trusted the Wikileaks dump was still coming.

Monday, October 3:

Wednesday, October 5 (though this would have been middle of the night ET):

Thursday, October 6 (again, this would have been nighttime ET, after it was clear Wikileaks had not released on Wednesday):

But it also makes the October 11 email — which was shared with still unidentified recipients via foldering, not sent — reported by WSJ the other day all the more interesting. The email seems to suggest that on October 11, the “students” who were really pleased with email releases they had seen so far were talking about the Podesta emails.

“[A]n email in the ‘Robert Tyler’ [foldering] account [showing] Mr. Smith obtained $100,000 from at least four financiers as well as a $50,000 contribution from Mr. Smith himself.” The email was dated October 11, 2016 and has the subject line, “Wire Instructions—Clinton Email Reconnaissance Initiative.” It came from someone calling himself “ROB,” describing the funding as supporting “the Washington Scholarship Fund for the Russian students.” The email also notes, “The students are very pleased with the email releases they have seen, and are thrilled with their educational advancement opportunities.”

In a follow-up, WSJ confirmed the identities of three of the four alleged donors (they’re still trying to track down the real ID of the fourth).

He reached out to businessmen as financial backers, including Maine real-estate developer Michael Liberty, Florida-based investor John “Jack” Purcell and Chicago financier Patrick Haynes. They were named in an email reviewed by the Journal as among a group of people who pledged to contribute $100,000 to the effort, along with $50,000 of Mr. Smith’s own money.

If the Smith conspirators were referring to the Podesta emails stolen by GRU in the same breath as a funding solicitation for Clinton Foundation ones, it suggests that whoever Smith’s co-conspirators were, as late as October 11, they were referring to the Podesta emails in the same breath as the Clinton server ones they were still hunting for.

As I said in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.

A Tale of Two GRU Indictments

October 5, 2018/32 Comments/in 2016 Presidential Election, emptywheel, Mueller Probe, WikiLeaks /by emptywheel

Yesterday, DOJ indicted a bunch of GRU hackers again, in part for hacks in retaliation for anti-doping associations’ reports finding a state-run Russian effort to help its athletes cheat (though also including hacks of Westinghouse and the Organization for the Prohibition of Chemical Weapons (OPCW)).

As the DNC GRU indictment did, this indictment provides a snapshot of the division of labor in GRU, made easier by the capture of four of these guys, with all their hacking toys in the trunk of their rented car, in the Netherlands. I find a comparison of the two indictments — of some of the same people for similar activity spanning the same period of time — instructive for a number of reasons.

The team

Consider the team.

There are Aleksei Morenets and Evgenii Serebriakov, whom the indictment calls “on-site GRU hackers who traveled to foreign countries with other conspirators, in some instances using Russian government issued diplomatic passports to conduct on-site operations.” Serebriakov even has a title, “Deputy Head of Directorate,” which sounds like a pretty senior person to travel around sniffing WiFi networks.

There are the three men we met in the DNC indictment, Ivan Yermakov, Artem Malyshev, and Dmitriy Badin, all of whom work out of Moscow running hacks. Yermakov and Malyshev were closely involved in both hacks in 2016 (as demonstrated by the timeline below).

Finally, there are Oleg Sotnikov and Alexey Minin, who joined Morenets and Serebriakov as they tried to hack the Organization for the Prohibition of Chemical Weapons (OPCW) and tried to hack the Spiez Chemical laboratory that was analyzing the Novichok used to poison Sergei Skripal.

There are slightly different tactics than in the DNC hack. For example, GRU used a bunch of bit.ly links in this operation (though some of those are an earlier campaign against Westinghouse). And they sent out hackers to tap into targets’ WiFi networks directly, whereas none of the DNC hackers are alleged to have left Russia.

But there’s a ton of common activity, notably the spearphishing of targeted individuals and the use of their X-Agent hacking tool to exploit targeted machines.

Overlapping hack schedule

I’m also interested in the way the WADA hack, in particular, overlaps with the DNC one. I’ve got a timeline, below, of the two indictments look like (I’ve excluded both the Westinghouse and OPCW hacks from this timeline to focus on the overlapping 2016 operations).

Yermakov and Malyshev are described by name doing specific tasks in the DNC hack though May 2016. By August, they have turned to hacking anti-doping targets. Yermakov, in particular, seems to play the same research role in both hacks.

Given the impact of these operations, it’s fairly remarkable that such a small team conducted both.

Common bitcoin habits and possibly even infrastructure

There are also paragraphs in the WADA indictment, particularly those pertaining to the use of bitcoin to fund the operation used to substantiate the money laundering charge, that appear to be lifted in their entirety from the DNC one (or perhaps both come from DOJ or Western PA US Attorney boilerplate — remember that the DNC hack was originally investigated in Western PA, so this language likely originates there).

These include:

58/106: Describing how conspirators primarily used bitcoin to pay for infrastructure
59/107: Describing how bitcoin works, with examples specific to each operation provided
60/108: Describing how conspirators used dedicated email accounts to track bitcoin transactions
61/109: Describing how conspirators used the same computers to conduct hacking operations and facilitate bitcoin payments
62/110: Describing how conspirators also mined bitcoin and then used it to pay for servers, with examples specific to each operation
64/111: Describing how conspirators used the same funding structure and sometimes the same pool of funds to pay for hacking infrastructure, with examples specific to each operation provided

The similarity of these two passages suggests two things. First, it suggests that the August 8, 2016 transaction in the WADA indictment may have been orchestrated from the gfade147 email noted in the DNC indictment. With both, the indictment notes that “One of these dedicated accounts … received hundreds of bitcoin payment requests from approximately 100 different email accounts,” with the DNC indictment including the gfade147 address. (Compare paragraphs 60 in the DNC indictment with 108 in the WADA one.) That would suggest these two operations overlap even more than suspect.

That said, there’s one paragraph in the DNC indictment that doesn’t have an analogue in the WADA one, 63. It describes conspirators,

purchasing bitcoin through peer-to-peer exchanges, moving funds through other digital currencies, and using pre-paid cards. They also enlisted the assistance of one or more third-party exchangers who facilitated layered transactions through digital currency exchange platforms providing heightened anonymity.

Given how loud much of these operations were, it raises questions about why some of the DNC hack (but not, at least by description) the WADA one would require “heightened anonymity.”

Different treatment of InfoOps

I’m perhaps most interested in the different treatment of the InfoOps side of the operation. As I noted here, in general there seems to be a division of labor at GRU between the actual hackers, in Unit 26165, which is located at 20 Komsomolskiy Prospekt, and the information operations officers, in Unit 74455, which is located in the “Tower” at 22 Kirova Street, Khimki. Both units were involved in both operations.

Yet the WADA indictment does not name or charge any Unit 74455 officers, in spite of describing (in paragraphs 1 and 11) how the unit acquired and maintained online social media accounts and associated infrastructure (paragraph 76 describes that infrastructure to be “procured and managed, at least in part, by conspirators in GRU Unit 74455”). Five of the seven named defendants in the WADA indictment are in Unit 26165, with Oleg Sotnikov and Alexey Minin not identified by unit.

By comparison, three of the 11 officers charged in the DNC indictment belong to Unit 744555.

And the WADA campaign did have a significant media component, as explained in paragraphs 76-87. The indictment even complains (as did DOJ officials as the press conference announcing this indictment) about,

reporters press[ing] for and receiv[ing] promises of exclusivity in such reporting, with one such reporter attempting to make arrangements for a right of first refusal for articles on all future leaks and actively suggesting methods with whicch the conspiracy could search the stolen materials for documents of interest to that reporter (e.g., keywords of interest).

That said, the language in much of this discussion (see paragraphs 77 through 81) uses the passive voice — “were registered,” “were named,” “was posted,” “were released,” “were released,” “were released,” “were released” — showing less certainty about who was running that infrastructure.

That’s particularly interesting given that the government clearly had emails between the Fancy Bear personas and journalists.

One difference may be, in part, that in the DNC indictment, there are specific hacking (not InfoOps) actions attributed to two of the Unit 74455 officers: Aleksandr Osadchuk and Anatoliy Kovalev. Indeed, Kovalev seems to have been added on just for that charge, as he doesn’t appear in the introduction section at the beginning of the indictment.

Whereas Unit 74455’s role in the WADA indictment seems to be limited to running the InfoOps infrastructure.

Importance of WikiLeaks and sharing with Republicans

It’s not clear how much we can conclude form all that. But the different structure in the DNC indictment does allow it to foreground the role of a number of others, such as WikiLeaks and Roger Stone and — as I suggested drop in some or all of those others in a future conspiracy indictment — that were a key part of the election operation.

Timeline

February 1, 2016: gfade147 0.026043 bitcoin transaction

March 2016: Conspirators hack email accounts of volunteers and employees of Hillary campaign, including John Podesta

March 2016: Yermakov spearphishes two accounts that would be leaked to DC Leaks

March 14, 2016 through April 28, 2016: Conspirators use same pool of bitcoin to purchase VPN and lease server in Malaysia

March 15, 2016: Yermakov runs technical query for DNC IP configurations and searches for open source info on DNC network, Dem Party, and Hillary

March 19, 2016: Lukashev spearphish Podesta personal email using john356gh

March 21, 2016: Lukashev steals contents of Podesta’s email account, over 50,000 emails (he is named Victim 3 later in indictment)

March 25, 2016: Lukashev spearphishes Victims 1 (personal email) and 2 using john356gh; their emails later released on DCLeaks

March 28, 2016: Yermakov researched Victims 1 and 2 on social media

April 2016: Kozachek customizes X-Agent

April 2016: Conspirators hack into DCCC and DNC networks, plant X-Agent malware

April 2016: Conspirators plan release of materials stolen from Clinton Campaign, DCCC, and DNC

April 6, 2016: Conspirators create email for fake Clinton Campaign team member to spearphish Clinton campaign; DCCC Employee 1 clicks spearphish link

April 7, 2016: Yermakov runs technical query for DCCC’s internet protocol configurations

April 12, 2016: Conspirators use stolen credentials of DCCC employee to access network; Victim 4 DCCC email victimized

April 14, 2016: Conspirators use X-Agent keylog and screenshot functions to surveil DCCC Employee 1

April 15, 2016: Conspirators search hacked DCCC computer for “hillary,” “cruz,” “trump” and copied “Benghazi investigations” folder

April 15, 2016: Victim 5 DCCC email victimized

April 18, 2016: Conspirators hack into DNC through DCCC using credentials of DCCC employee with access to DNC server; Victim 6 DCCC email victimized

April 19, 2016: Kozachek, Yershov, and co-conspirators remotely configure middle server

April 19, 2016: Conspirators register dcleaks using operational email [email protected]

April 20, 2016: Conspirators direct X-Agent malware on DCCC computers to connect to middle server

April 22, 2016: Conspirators use X-Agent keylog and screenshot function to surveil DCCC Employee 2

April 22, 2016: Conspirators compress oppo research for exfil to server in Illinois

April 26, 2016: George Papadopolous learns Russians are offering election assistance in the form of leaked emails

April 28, 2016: Conspirators use bitcoin associated with Guccifer 2.0 VPN to lease Malaysian server hosting dcleaks.com

April 28, 2016: Conspirators test IL server

May 2016: Yermakov hacks DNC server

May 10, 2016: Victim 7 DNC email victimized

May 13, 2016: Conspirators delete logs from DNC computer

May 25 through June 1, 2016: Conspirators hack DNC Microsoft Exchange Server; Yermakov researches PowerShell commands related to accessing it

May 30, 2016: Malyshev upgrades the AMS (AZ) server, which receives updates from 13 DCCC and DNC computers

May 31, 2016: Yermakov researches Crowdstrike and X-Agent and X-Tunnel malware

June 2016: Conspirators staged and released tens of thousands of stolen emails and documents

June 1, 2016: Conspirators attempt to delete presence on DCCC using CCleaner

June 2, 2016: Victim 2 personal victimized

June 8, 2016: Conspirators launch dcleaks.com, dcleaks Facebook account using Alive Donovan, Jason Scott, and Richard Gingrey IDs, and @dcleaks_ Twitter account, using same computer used for other

June 9, 2016: Don Jr, Paul Manafort, Jared Kushner have meeting expecting dirt from Russians, including Aras Agalarov employee Ike Kaveladze

June 10, 2016: Ike Kaveladze has calls with Russia and NY while still in NYC

June 14, 2016: Conspirators register actblues and redirect DCCC website to actblues

June 14, 2016: WaPo (before noon ET) and Crowdstrike announces DNC hack

June 15, 2016, between 4:19PM and 4:56 PM Moscow Standard Time (9:19 and 9:56 AM ET): Conspirators log into Moscow-based sever and search for words that would end up in first Guccifer 2.0 post, including “some hundred sheets,” “illuminati,” “think twice about company’s competence,” “worldwide known”

June 15, 2016, 7:02PM MST (12:02PM ET): Guccifer 2.0 posts first post

June 15 and 16, 2016: Ike Kaveladze places roaming calls from Russia, the only ones he places during the extended trip

June 20, 2016: Conspirators delete logs from AMS panel, including login history, attempt to reaccess DCCC using stolen credentials

June 22, 2016: Wikileaks sends a private message to Guccifer 2.0 to “send any new material here for us to review and it will have a much higher impact than what you are doing.”

June 27, 2016: Conspirators contact US reporter, send report password to access nonpublic portion of dcleaks

Late June, 2016: Failed attempts to transfer data to Wikileaks

July, 2016: Kovalev hacks into IL State Board of Elections and steals information on 500,000 voters

July 6, 2016: Conspirators use VPN to log into Guccifer 2.0 account

July 6, 2016: Wikileaks writes Guccifer 2.0 adding, “if you have anything hillary related we want it in the next tweo [sic] days prefabl [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after”

July 6, 2016: Victim 8 personal email victimized

July 10-19: Morenets travels to Rio de Janeiro

July 14, 2016: Conspirators send WikiLeaks an email with attachment titled wk dnc link1.txt.gpg providing instructions on how to access online archive of stolen DNC documents

July 18, 2016: WikiLeaks confirms it has “the 1Gb or so archive” and would make a release of stolen documents “this week”

July 22, 2016: WikiLeaks releases first dump of 20,000 emails

July 27, 2016: Trump asks Russia for Hillary emails

July 27, 2016: After hours, conspirators attempt to spearphish email accounts at a domain hosted by third party provider and used by Hillary’s personal office, as well as 76 email addresses at Clinton Campaign

August 2016: Kovalev hacks into VR systems

August 2-9, 2016: Conspirators use multiple IP addresses to connect to or scan WADA’s network

August 2-4, 2016: Yermakov researches WADA and its ADAM database (which includes the drug test results of the world’s athletes) and USADA

August 3, 2016: Conspirators register wada.awa.org

August 5, 9, 2016: Yermakov researches Cisco firewalls, he and Malyshev send specific WADA employees spearfish

August 8, 2016: Conspirators register wada-arna.org and tas-cass.org

August 8, 2016: .012684 bitcoin transaction directed by dedicated email account

August 13-19, 2016: Morenets and Serebriakov travel to Rio, while Yermakov supports with research in Moscow

August 14-18, 2016: SQL attacks against USADA

August 15, 2016: Conspirators receive request for stolen documents from candidate for US congress

August 15, 2016: First Guccifer 2.0 exchange with Roger Stone noted

August 19, 2016: Serebriakov compromises a specific anti-doping official and obtains credentials to access ADAM database

August 22, 2016: Conspirators transfer 2.5 GB of stolen DCCC data to registered FL state lobbyist Aaron Nevins

August 22, 2016: Conspirators send Lee Stranahan Black Lives Matter document

September 1, 2016: Domains fancybear.org and fancybear.net registered

September 6, 2016: Conspirators compromise credentials of USADA Board member while in Rio

September 7-14, 2016: Conspirators try, but fail, to use credentials stolen from USADA board member to access USADA systems

September 12, 2016: Data stolen from WADA and ADAMS first posted, initially focusing on US athletes

September 12, 2016 to January 17, 2018: Conspirators attempt to draw media attention to leaks via social media

September 18, 2016: Morenets and Serebriakov travel to Lausanne, staying in anti-doping hotels, to compromise hotel WiFi

September 19, 2016 to July 20, 2018: Conspirators attempt to draw media attention to leaks via email

September 2016: Conspirators access DNC computers hosted on cloud service, creating backups of analytics applications

October 2016: Linux version of X-Agent remains on DNC network

October 6, 2016: Emails stolen from USADA first released

October 7, 2016: WikiLeaks releases first set of Podesta emails

October 28, 2016: Kovalev visits counties in GA, IA, and FL to identify vulnerabilities

November 2016: Kovalev uses VR Systems email address to phish FL officials

December 6, 2016 – January 2, 2017: Using IP frequently used by Malyshev, conspirators compromise FIFA’s anti-doping files

December 13, 2016: Data stolen from CCES released

January 19-24, 2017: Conspirators compromise computers of four IAAF officials

June 22, 2017: Data stolen from IAAF’s network released

July 5, 2017: Data stolen from IAAF’s network released

August 28, 2017: Data stolen from FIFA released

Donald Trump’s Bubble May Be Robert Mueller’s Greatest Weapon

September 19, 2018/124 Comments/in 2016 Presidential Election, Mueller Probe /by emptywheel

Robert Mueller has a slew of really good lawyers working for him. But I think his biggest asset is Donald Trump’s bubble.

Consider this NYT story, in which a bunch of lawyers anonymously blame each other for getting 16 months into the Special Counsel investigation without ever figuring out what the President did.

The lawyers have only a limited sense of what many witnesses — including senior administration officials and the president’s business associates — have told investigators and what the Justice Department plans to do with any incriminating information it has about Mr. Trump, according to interviews with more than a dozen people close to the president.

What is more, it is not clear if Mr. Trump has given his lawyers a full account of some key events in which he has been involved as president or during his decades running the Trump Organization.

[snip]

Mr. Dowd took Mr. Trump at his word that he had done nothing wrong and never conducted a full internal investigation to determine the president’s true legal exposure.

[snip]

And once Mr. Dowd was gone, the new legal team had to spend at least 20 hours interviewing the president about the episodes under investigation, another necessary step Mr. Dowd and his associates had apparently not completed.

In spite of the effort to blame all this on Dowd, the NYT article provides abundant evidence (which they, in typical Maggie and Mike fashion, don’t seem aware of) that Trump’s lawyers continue to be clueless.

There’s the notion that just 20 hours of Trump interviews would be sufficient for nailing down the actual story. Don McGahn, after all, has had 30 hours of interviews with Mueller’s team, and while he has played several central roles, he’s not the principal. And, unlike Trump, he can and presumably did tell a mostly consistent story.

There’s the admission that Trump’s lawyers actually don’t know how ten senior officials testified.

During Mr. Dowd’s tenure, prosecutors interviewed at least 10 senior administration officials without Mr. Trump’s lawyers first learning what the witnesses planned to say, or debriefing their lawyers afterward — a basic step that could have given the president’s lawyers a view into what Mr. Mueller had learned.

Complain all you want that Dowd didn’t obstruct competently. But the Joint Defense Agreement (the one that gave Rudy no advance warning that Paul Manafort had flipped on the President) is what Rudy has always pointed to to justify his confidence that Trump is not at any risk. So Rudy is, by the standards of the anonymous people leaking to Maggie and Mike, just as incompetent.

Perhaps best of all is the claim of an anonymous Maggie and Mike source that poor Jay Sekulow was left to clean up after Dowd’s, and only Dowd’s, mistakes.

In March, Mr. Dowd resigned, telling associates that he disagreed with the president’s desire to sit for an interview with Mr. Mueller — one form of cooperation he opposed — and leaving Mr. Sekulow with the task of rebuilding the legal team from scratch, and without knowing many of the details of the case. Mr. Dowd left few notes or files about the case, which had to be recreated months after the fact.

Somehow, Ty Cobb, the guy brought in after Marc Kasowitz left amid concerns that Trump was obstructing justice, who oversaw responding to discovery requests and who was initially celebrated as being very aggressive, gets no blame. Cobb was the guy who put McGahn in a defensive crouch — leading directly to 20 of his 30 hours of testimony — after blabbing in public about him hiding documents.

Crazier still, Jay Sekulow gets no blame in this narrative, even though Sekulow was around during all of Dowd’s purportedly mistaken decisions. As recently as March, Sekulow was quite confident that his undeniable expertise in litigating the right wing’s ressentiment prepared him to deal with the challenges of a Special Counsel investigation.

When Jay Sekulow joined President Donald Trump’s legal team for the Russia investigation last summer, he was largely expected to serve as the public face of the group. But after former lead attorney John Dowd resigned last week, and with other top lawyers reportedly reluctant to join the team, Sekulow is now the key player in one of the most high-stakes investigations in the world.

“I have maintained since the beginning of the representation that my interest is representing the client,” Sekulow tells TIME. “And it may take different forms at different times, and we’re just right now in a different phase.”

[snip]

Peter Flaherty, who worked for Romney on both campaigns and has known Sekulow for more than a decade, offers effusive praise for Sekulow that draws on the world of Boston sports.

“Jay is a combination of Bill Belichick and Tom Brady, wrapped into one super-lawyer,” Flaherty says, citing the New England Patriots’ coach and quarterback. “He is capable of both devising successful strategy in a conference room, as well as being able to execute it in a courtroom.”

Critics say that legal expertise in high-minded constitutional issues won’t translate well to the guts of a criminal case. But Sekulow says he feels his “broad background” in the law has prepared him for the current challenge, citing a recent case he worked on in which the IRS admitted to unfairly scrutinizing tax forms of conservative groups.

In the wake of Manafort’s plea deal, Sekulow seems less certain he’s got control of the situation.

Here’s the thing though. This is a 2,100-word story presented as truth, disclosing evidence (albeit unacknowledged) that the lawyers who have serially managed press outreach (Sekulow, then Rudy) are clueless. It repeats, as Maggie and Mike always do, two key threads of the spin from these men: that Trump’s only exposure is obstruction and that the end result will be a report.

[Manafort’s] plea brings to four the number of former close associates of Mr. Trump who have agreed to cooperate with Robert S. Mueller III, the special counsel investigating Russian interference in the election and obstruction of justice by the president.

And while Mr. Trump’s lawyers insist Mr. Mueller has nothing on their client about colluding with Russia, they are bracing for him to write a damaging report to Congress about whether the president obstructed justice.

[snip]

The sense of unease among the president’s lawyers can be traced, in part, to their client. Mr. Trump has repeatedly undermined his position by posting on Twitter or taking other actions that could add to the obstruction case against him.

[snip]

Even after Mr. Mueller’s appointment, Mr. Trump did things like ask witnesses about what they told Mr. Mueller’s investigators and put out misleading statements about contacts between his campaign and Russia, which appear to have deepened the special counsel’s examination of possible obstruction.

A mere review of Jay Sekulow’s own list, drafted in March, of questions Mueller might ask Trump, should make it clear to anyone exercising a tiny degree of skepticism that the claim Mueller is exclusively focused on obstruction is utter nonsense. And after the speaking criminal information released with Manafort’s plea, the expectation of a report should be treated far more critically.

But it’s not.

In an article about how Trump’s lawyers, generally, are clueless, and demonstrating though not reporting that the lawyers providing information to the press are part of that general cluelessness, Maggie and Mike don’t pause to reflect on whether that leaves them, too, clueless.

So when Trump tries to understand his plight by reading Maggie and Mike, he would believe a fiction largely created by the lies he has already told his lawyers and his preference for PR rather than solid legal advice.

Of course, it gets worse from there. Trump has benefitted from nine months of Devin Nunes-led intelligence, fed both via staffers and through a stable of incompetent right wing stenographers, about the investigation. I know for a fact that the most competent Republicans who have read the most investigative documents do not have a grasp about either the scope of the investigation or how it evolved (though someone at least understands that after August 1, 2017, the investigation got far more risky for the President).

But when you take that misunderstanding about the investigation and launder it through incompetent hacks like John Solomon, then the picture it provides is even more misleading.

Which led us to Trump’s decision on Monday to declassify a bunch of stuff.

That led Mark Warner, who has a better though still incomplete understanding of the potential risk to Trump, to quip, “Be careful what you wish for,” suggesting that the documents might be very incriminating to Trump.

Batshit crazier still, Trump went on to do an interview with the aforementioned John Solomon. (The Hill, unlike the NYT and virtually all other outlets, has the dignity to label interviews where Trump tells reporters a bunch of bullshit “opinion.”) In it, Trump suggests he had the authority and should have fired Jim Comey they day he won the primaries (an interesting suggestion by itself as Mueller appears to be investigating Roger Stone’s activities from that time period), which would likely have resulted in a Hillary win.

“If I did one mistake with Comey, I should have fired him before I got here. I should have fired him the day I won the primaries,” Trump said. “I should have fired him right after the convention, say I don’t want that guy. Or at least fired him the first day on the job. … I would have been better off firing him or putting out a statement that I don’t want him there when I get there.”

Crazier still, Trump admits that he has no idea what is included in the vast swath of documents he has already ordered to be released.

Trump said he had not read the documents he ordered declassified but said he expected to show they would prove the FBI case started as a political “hoax.”

“I have had many people ask me to release them. Not that I didn’t like the idea but I wanted to wait, I wanted to see where it was all going,” he said.

In the end, he said, his goal was to let the public decide by seeing the documents that have been kept secret for more than two years. “All I want to do is be transparent,” he said.

As I’ve noted here and elsewhere, even careful readers, to say nothing of the frothy right, have little visibility on how this investigation evolved (even the tiny bit more visibility I have makes me aware of how much I don’t know). If the smartest Republican upstream of Trump’s concerns about the genesis of the investigation doesn’t understand it, then far stupider Congressmen like Mark Meadows, who hasn’t reviewed all the documents, is surely misrepresenting it.

And yet Trump, from within the bubble of sycophants, clueless lawyers, and credulous reporters is blindly taking action in the hope of undercutting the pardon-proof plea deal of his campaign manager.

Update: Thanks to those who corrected my error in the bracketed description of the fourth plea.

Paul Manafort’s Modus Operandi: Accuse the Female Politician of Crimes She Didn’t Commit, Then Dodge Sanctions

September 15, 2018/109 Comments/in 2016 Presidential Election, Mueller Probe /by emptywheel

As Paul Manafort’s plea was being unveiled yesterday, a number of legal observers were shocked by how detailed the criminal information was, complete with 38 pages of exhibits. Hopefully, this will stop me from having to bitch incessantly about how many journalists have swallowed Rudy Giuliani’s claims about Mueller writing up a report. As I keep saying (and as Mueller’s boss Rod Rosenstein has said in testimony), there won’t be a report, there will be indictments.

Ostensibly, the exhibits are there to prove the assertion that Paul Manafort lied to DOJ about what kind of work he was doing for Ukraine.

Although MANAFORT had represented to the Department of Justice in November 2016 and February 2017 that he had no relevant documents, in fact MANAFORT had numerous incriminating documents in his possession, as he knew at the time. The Federal Bureau of Investigation conducted a court-authorized search of MANAFORT’S home in Virginia in the summer of 2017. The documents attached hereto as Government Exhibits 503, 504, 517, 532, 594, 604, 606, 616, 691, 692, 697, 706 and 708, among numerous others, were all documents that MANAFORT had in his possession, custody or control (and were found in the search) and all predated the November 2016 letter.

But I don’t think that’s why they’re there.

They’re there to show what Paul Manafort does when he’s running a campaign.

Because they show that for the decade leading up to running Trump’s campaign, Manafort was using the very same sleazy strategy to support Viktor Yanukovych that he used to get Trump elected.

In other words, these exhibits are a preview of coming attractions.

Take out the female opponent by prosecuting her

The criminal information provided far more detail about something we had only seen snippets of in the Alex Van der Zwaan plea: Manafort’s use of Skadden Arps to whitewash Yanukovych’s prosecution of Yulia Tymoshenko.

It describes how Manafort used cut-outs to place stories claiming his client’s female opponent had murdered someone.

MANAFORT took other measures to keep the Ukraine lobbying as secret as possible. For example, MANAFORT, in written communications on or about May 16, 2013, directed his lobbyists (including Persons D1 and D2, who worked for Company D) to write and disseminate within the United States news stories that alleged that Tymoshenko had paid for the murder of a Ukrainian official. MANAFORT stated that it should be “push[ed]” “[w]ith no fingerprints.” “It is very important we have no connection.” MANAFORT stated that “[m]y goal is to plant some stink on Tymo.”

And it shows Manafort seeding lies that his client’s female opponent had criminal intent when he knew there was no proof to back the claim.

MANAFORT directed lobbyists to tout the report as showing that President Yanukovych had not selectively prosecuted Tymoshenko. But in November 2012 MANAFORT had been told privately in writing by the law firm that the evidence of Tymoshenko’s criminal intent “is virtually non-existent” and that it was unclear even among legal experts that Tymoshenko lacked power to engage in the conduct central to the Ukraine criminal case. These facts, known by MANAFORT, were not disclosed to the public.

This propaganda effort against Manafort’s client’s female opponent included placing stories in Breitbart.

Sanctions will backfire

Manafort placed so much effort on inventing stories about Tymoshenko in part to take her out as a political opponent (and to create an opportunity to pitch Yanukovych’s corruption as a tolerable partner to Europe). But he did so, too, to undermine support for sanctions against Yanukovych for human rights abuses, of which Tymoshenko was the poster child. Particularly after John Kerry replaced Hillary, Manafort undermined sanctions by promising raw material exploitation opportunities. (This bullet point, at PDF 25, is dated February 24, 2013).

We’ll learn more about what role Manafort himself played in Trump’s policy on sanctions (even aside from any quid pro quo that may have come out of the June 9 Trump Tower meeting), but we know that Trump’s view on sanctions is among the questions Mueller wants to ask Trump, and we know that in an op-ed encouraged by the Trump campaign (and highlighted to Ivan Timofeev), George Papadopoulos argued that sanctions had hurt the US.

Obama lost Ukraine

Manafort was even using some of the very same lines that Trump still uses, such as blaming Obama for “losing” Ukraine (this quarterly memo for Yanukovych, at PDF 21-, is dated April 22, 2013).

Electoral irregularities are my opponents’ fault

Shortly after Yanukovych won in 2010, Manafort boasted that he had established a baseline to be able to claim that Tymoshenko’s complaints about election irregularities were disinformation. (This memo, at PDF 6, is dated February 20, 2010.)

Manafort also prepared a full court press to influence the electoral observers in advance of Ukraine’s 2012 parliamentary election (this document, at PDF 5, is dated as October 9, 2012 in the trial exhibit list).

One thing we’re going to see in former Manafort partner Roger Stone’s eventual indictment is a focus on the work of his Stop the Steal PAC, both just after Manafort arrived to manage the Convention, and his voter suppression efforts (which paralleled Russian ones) during the general election.

Hillary Clinton is the enemy

Finally, as early as February 2013 (see PDF 14), Paul Manafort was advising his client that replacing Hillary Clinton with someone who would value raw material deals over human rights would be a positive development.

As it happens, in 2016, Paul Manafort could please all his clients by offering a man who valued raw material deals over human rights as a positive development.

Posts

The Universe of Hacked and Leaked Emails from 2016: Podesta Emails

Meuller remains coy about how the Podesta emails were released by WikiLeaks

The August to September timing on receipt of the emails

Stone’s three different explanations for his tweet and the import of Joule emails

Stone’s claims about WikiLeaks — and his outreach to Guccifer 2.0 — took place as Manafort started to panic about his own Russian ties

Corsi’s lawyer claims he avoided criminal liability

One other key player in the Podesta hand-off conflated the Podesta brothers

Timeline

Detour: Roger Stone’s Epically Shitty Explanation for His Podesta Tweet

On the Roger Stone Investigation: Talking to Guccifer 2.0 or WikiLeaks Is Not a Crime

It matters what emails Stone claimed to know would be released

It matters from whom Stone learned (if he did) of WikiLeaks’ plans

It matters whether Stone lied about the whom or the what

Stone’s flip-flop on blaming the Russians at the moment he claimed to have knowledge of WikiLeaks’ plans is of likely interest

Mueller may have had probable cause Roger Stone broke the law by March

Mueller is scrutinizing Stone for more than just knowledge of WikiLeaks

The Universe of Hacked and Leaked Emails from 2016: DNC Emails

DNC Emails

Yevgeniy Prigozhin’s Paid Trolls Prove His Legal Challenge to His Indictment To Be False

Trump’s Open Book Test Still Poses a Big Perjury Risk

Offering John Podesta Emails While Selling Deleted Hillary Emails

A Tale of Two GRU Indictments

The team

Overlapping hack schedule

Common bitcoin habits and possibly even infrastructure

Different treatment of InfoOps

Importance of WikiLeaks and sharing with Republicans

Timeline

Donald Trump’s Bubble May Be Robert Mueller’s Greatest Weapon

Paul Manafort’s Modus Operandi: Accuse the Female Politician of Crimes She Didn’t Commit, Then Dodge Sanctions

Take out the female opponent by prosecuting her

Sanctions will backfire

Obama lost Ukraine

Electoral irregularities are my opponents’ fault

Hillary Clinton is the enemy

Interesting links

Pages