And/Or: An Ominous Sign for WikiLeaks in the Joshua Schulte Indictment

/101 Comments/in , /by

There’s been a lot of attention paid to the language in the GRU indictment from Friday showing WikiLeaks asking to receive stolen Hillary emails in time to cause maximal outrage among Bernie supporters.

On or about June 22, 2016, Organization I sent a private message to Guccifer 2.0 to “[s]end any new material [stolen from the DNC] here for us to review and it will have a much higher impact than what you are doing.” On or about July 6, 2016, Organization 1 added, “if you have anything hillary related we want it in the next tweo [sic] days prefable [sic] because the DNC [DemocraticNationalConvention] is approaching and she Will solidify bernie supporters behind her after.” The Conspirators responded,“0k . . . i see.” Organization I explained,“we think trump has only a 25% chance of winning against hillary . . . so conflict between bernie and hillary is interesting.”

But I want to look at a minor–but potentially significant–detail in the Joshua Schulte indictment describing how he provided CIA’s hacking tools to WikiLeaks. The description of Count Two, Illegal Transmission of Lawfully Possessed National Defense Information, reads like this:

In or about 2016, in the Eastern District of Virginia and elsewhere, JOSHUA ADAM SCHULTE, the defendant, lawfully having possession of, access to, control over, and being entrusted with information relating to the national defense, to wit, certain portions of the Classified Information, which information the defendant had reason to believe could be used to the injury of the United States and to the advantage of a foreign nation, did knowingly and willfully communicate, deliver and transmit, and cause to be communicated, delivered, and transmitted, that aforesaid information to a person not entitled to receive it, to wit, Schulte caused the Classified information to be transmitted to Organization-1.

(Title 18, United States Code, Sections 793(d) and 2.)

The “and” there was pointed out to me by GDingers on Twitter.

As GDingers noted, the suggestion that Schulte knew a foreign nation (unnamed, but surely Russia if DOJ had any specific one, backed by evidence, in mind) would benefit, along with the US being damaged, is a fairly strong statement, one implicating WikiLeaks as well.

Moreover, that language didn’t have to be in the indictment. Here’s what the statutory language looks like:

Whoever, lawfully having possession of, access to, control over, or being entrusted with any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note relating to the national defense, or information relating to the national defense which information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted or attempts to communicate, deliver, transmit or cause to be communicated, delivered or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it on demand to the officer or employee of the United States entitled to receive it; [my emphasis]

The statutory language uses “or.” DOJ chose, in this indictment, to use “and.” As Secrecy News’ Steven Aftergood suggested via email, asserting both in the indictment sets a higher mens rea bar for proving Schulte’s guilt. DOJ didn’t have to do so, but they did.

So along with exposing Schulte to 130 years of potential prison time — a life sentence even accounting for how it will work in sentencing — DOJ wants to prove that Schulte leaked CIA’s hacking tools not just to hurt the United States but to help another nation, possibly Russia by name.

That bodes poorly for Schulte. But it also suggests a different kind of role for WikiLeaks than prior discussions have made out.

Update: Nerdyatty suggested that this is a DOJ practice. Except that Count One, charging a different part of 18 USC 793, maintains the “or” of the statute:

… with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation … [my emphasis]

Which tracks this language from the statute:

Whoever, for the purpose of obtaining information respecting the national defense with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation,

[snip]

Whoever, for the purpose aforesaid, and with like intent or reason to believe, [my emphasis]

Yesterday, Roger Stone Answered, then Backtracked, on a Question Mueller Has Already Posed to Trump

/43 Comments/in , , /by

As I laid out last week, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Contrary to Trump’s squeals about the hack indictment yesterday, it’s utterly damning for him. It shows:

  • Russian hackers responded to his plea for more Hillary emails by targeting her office that same day
  • Trump’s lifelong political advisor, Roger Stone, was described directly communicating with a GRU-run persona
  • Stone’s own advisor on these matters, then Breitbart and current Sputnik journalist Lee Stranahan, asked for and obtained files from the same GRU-run persona
  • GRU stole Hillary’s analytics in September, the heart of the general election, and did … the indictment doesn’t say what GRU did with the data
  • The same GRU persona made available information helping some of Trump’s most vocal defenders in Congress, ones he has discussed pushback strategies with on Air Force One

Like my own testimony, because this investigation started in Pittsburgh, and only later got moved under Mueller sometime last fall (I know one key witness who was about to speak to prosecutors when I saw him in October), it minimally overlaps with Peter Strzok’s involvement in the case, if at all.

In this post, I want to look at the second bullet: Roger Stone.

Since Stone got described in an indictment of those who helped Trump win the election, he has  (as is his habit) provided conflicting explanations, first suggesting it wasn’t him, then suggesting it couldn’t be him because he wasn’t “a person who was in regular contact with senior members of the presidential campaign of Donald J. Trump,” as the indictment described.

My contact with the campaign in 2016 was Donald Trump. I was not in regular contact with campaign officials.

Only, this morning (as Ryan Goodman noted), Stone has changed his tune, admitting that he did talk to Trump campaign officials and probably is the person described in the indictment who said all the things he said in his DMs to Guccifer 2.0.

I certainly acknowledge that I was in touch with Trump campaign officials.

Here’s why Stone’s changing story about whether he only spoke with Trump or in fact spoke with other campaign officials. Among the questions (as interpreted by Jay Sekulow) that Mueller has already posed to Trump is this one:

What did you know about communication between Roger Stone, his associates, Julian Assange or Wikileaks?

Mueller wants to know how much of Stone’s discussions with election operation participants Trump knew about. And Stone’s first instinct when seeing himself mentioned in an indictment of those participants was to say he only spoke to Trump.

I guess it’s clear why he’s backtracking from that.

John Solomon’s Baby Assange

/29 Comments/in , /by

There are two telling details that John Solomon left out of this story, suggesting Jim Comey blew an opportunity to prevent the damage done by WikiLeaks’ Vault 7 leak (and, purportedly, to learn the “real” source of the DNC emails), based on a “trove” of documents but posting only fragments of 5. First, Solomon doesn’t include this text, showing Adam Waldman issuing an extortion threat stating Assange “is going to do something catastrophic for the dems, Obama, CIA and national security.”

Solomon is also silent about the recent indictment of anti-Obama former CIA hacker Joshua Schulte for stealing all these CIA files. Notably, Solomon doesn’t note that as this was going on, the FBI had obtained probable cause search warrants against Schulte. Having left out those key details (and surely, a bunch of other once included in his “trove” that don’t help the latest right wing narrative), Solomon produces the convenient narrative that Jim Comey personally hurt the government.

“He told me he had just talked with Comey and that, while the government was appreciative of my efforts, my instructions were to stand down, to end the discussions with Assange,” Waldman told me. Waldman offered contemporaneous documents to show he memorialized Warner’s exact words.

Waldman couldn’t believe a U.S. senator and the FBI chief were sending a different signal, so he went back to Laufman, who assured him the negotiations were still on. “What Laufman said to me after he heard I was told to ‘stand down’ by Warner and Comey was, ‘That’s bullshit. You are not standing down and neither am I,’” Waldman recalled.

Solomon pays no consideration to the ongoing investigation, no consideration to the fact that if Comey stood down, he did so in the face of threats to the Democrats (though it’s not clear why they’d be at fault), which as always is contrary to the hoaxes against Comey. More importantly, Solomon doesn’t answer the question posed, but not answered, here: whether Assange was seeking to meet at a cafe in London, or whether he wanted to come to the US and get a pardon once he got here.

The real punchline — the one we may see come back — is the claim that Jim Comey, on top of refusing an extortion attempt directed at the Democrats, also prevented — or maybe this isn’t about the FBI at all — from learning the real story behind the DNC hack.

Not included in the written proffer was an additional offer from Assange: He was willing to discuss technical evidence ruling out certain parties in the controversial leak of Democratic Party emails to WikiLeaks during the 2016 election. The U.S. government believes those emails were hacked by Russia; Assange insists they did not come from Moscow.

[snip]

Soon, the rare opportunity to engage Assange in a dialogue over redactions, a more responsible way to release information, and how the infamous DNC hacks occurred was lost — likely forever.

In honesty, this looks like an effort to set up the next campaign to suggest that Comey prevented the “truth” about the DNC hack from coming out because it would undermine the alleged Witch Hunt into Trump. It also looks like the first of three efforts to tee up the alternate explanation for the DNC hack in exchange for a Trump pardon, which resumed by August (and therefore which wasn’t a forever thing).

It also makes it clear that Vault 7 was entirely about extortion.

Timeline

January 12: Bruce Ohr considers Waldman’s offer

February 3: Laufman reaches out to Waldman

February 4: Wikileaks first pitches Vault 7

February 15: Waldman reaches out to Warner

February 16: Waldman issues extortion threat against Democrats

February 17: Warner says he’s got important call (with Comey), relays stand down order

March 7: Wikileaks releases first Vault 7 documents

March 13, 2017: Google search warrant on Schulte

Mid-March: Waldman contacts Laufman, suggests Assange is interested

March 20, 2017: Search on Schulte (including of cell phone, from which passwords to his desktop obtained)

March 23: Second Vault 7 release

March 28: Safe passage offer not including details about hack

March 31: Third Vault 7 release

April 5: Laufman asks whether Assange wants safe passage into London or to the US

April 7: Wikileaks posts third dump, which Solomon suggests was the precipitating leak for Mike Pompeo’s declaration of Wikileaks as non-state intelligence service (these are weekly dumps by this point)

Two Days after Julian Assange Threatened Don Jr, Accused Vault 7 Leaker Joshua Schulte Took to Tor

/43 Comments/in , , , , /by

Monday, the government rolled out a superseding indictment for former NSA and CIA hacker Joshua Schulte, accusing him (obliquely) of leaking the CIA’s hacking tools that became the Vault 7 release from Wikileaks. The filings in his docket (as would the search warrants his series of defense attorneys would have seen) make it clear that the investigation into him, launched just days after the first CIA release, was always about the CIA leak. But when the government took his computer last spring, they found thousands of child porn pictures dating back to 2009. It took the government over three months and a sexual assault indictment in VA to convince a judge to revoke his bail last December, and then another six months to solidify the leaking charges they had been investigating him from the start.

But the case appears to have taken a key turn on November 16, 2017, when he did something — it’s not clear what — on the Tor network. While there are several things that might explain why he chose to put his release at risk by accessing Tor that day, it’s notable that it occurred two days after Julian Assange tweeted publicly to Donald Trump Jr that he’d still be happy to be Australian Ambassador to the US, implicitly threatening to release more CIA hacking tools.

Schulte was, from days after the initial Vault 7 release, apparently the prime suspect to be the leaker. As such, the government was always interested in what Schulte was doing on Tor. In response to a warrant to Google served in March 2017, the government found him searching, on May 8, 2016, for how to set up a Tor bridge (Schulte has been justifiably mocked for truly abysmal OpSec, and Googling how to set up a bridge is one example). That was right in the middle of the time he was deleting logs from his CIA computer to hide what he was doing on it.

When he was granted bail, he was prohibited from accessing computers. But because the government had arrested him on child porn charges and remained coy (in spite of serial hold-ups with his attorneys regarding clearance to see the small number of classified files the government found on his computer) about the Vault 7 interest, the discussions of how skilled he was with a computer remained fairly oblique. But in their finally successful motion to revoke Schulte’s bail, the government revealed that Schulte had not only accessed his email (via his roommate, Schulte’s lawyer would later claim), but had accessed Tor five times in the previous month, on November 16, 17, 26, and 30, and on December 5, 2017, which appears to be when the government nudged Virginia to get NYPD to arrest him on a sexual assault charge tied to raping a passed out acquaintance at his home in VA in 2015.

Perhaps the most obvious explanation for why Schulte accessed Tor starting on November 16, 2017, is that he was trying to learn about the assault charges filed in VA the day before.

But there is a more interesting explanation.

As you recall, back in November 2017, some outlets began to publish a bunch of previously undisclosed DMs between Don Jr and Wikileaks. Most attention focused on Wikileaks providing Don Jr access to an anti-Trump site during the election. But I was most interested in Julian Assange’s December 16, 2016 “offer” to be Australian Ambassador to the US — basically a request for payback for his help getting Trump elected.

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

In the wake of the releases, on November 14, 2017, Assange tweeted out a follow-up.

As I noted at the time, the offer included an implicit threat: by referencing “Vault 8,” the name Wikileaks had given to its sole release, on November 9, 2017 of an actual CIA exploit (as opposed to the documentation that Wikileaks had previously released), Assange was threatening to dump more hacking tools, as Shadow Brokers had done before it. Not long after, Ecuador gave Assange its first warning to stop meddling in other countries politics, explicitly pointing to his involvement in the Catalan referendum but also pointing to his tampering with other countries. That warning became an initial ban on visitors and Internet access in March of this year followed by a more formal one on May 10, 2018 that remains in place.

There’s a reason I think those Tor accesses may actually be tied to Assange’s implicit threat. In January of this year, when his then lawyer Jacob Kaplan made a bid to renew bail, he offered an excuse for those Tor accesses. He claimed Schulte was using Tor to research the diaries on his experience in the criminal justice system.

In this case, the reason why TOR was accessed was because Mr. Schulte is writing articles, conducting research and writing articles about the criminal justice system and what he has been through, and he does not want the government looking over his shoulder and seeing what exactly he is searching.

Someone posted those diaries to a Facebook account titled “John Galt’s Defense Fund” on April 20, 2018 (in addition to being an accused rapist and child porn fan, Schulte’s public postings show him to be an anti-Obama racist and an Ayn Rand worshiping libertarian).

Yesterday, Wikileaks linked those diaries, which strikes me as an attempt to corroborate the alibi Schulte has offered for his access to Tor last November.

The government seems to have let Schulte remain free for much of 2017, perhaps in search of evidence to implicate him in the Vault 7 release. Whether it was a response to a second indictment or to Assange’s implicit threats to Don Jr, Schulte’s use of Tor last year (and, surely, the testimony of the roommate he was using as a go-between) may have been one of the keys to getting the proof the government had been searching for since March 2017.

Whatever it is, both Wikileaks and Schulte would like you to believe he did nothing more nefarious than research due process websites when he put his bail at risk by accessing Tor last year. I find that a dubious claim.

2009: IRC discussions of child porn

2011 and 2012: Google searches for child porn

April 2015: Rapes a woman (possibly partner) who is passed out and takes pictures of it

March to June 2016: Schulte deleting logs of access to CIA computer

May 8, 2016: Schulte Googles how to set up a Tor bridge

November 2016: Leaves CIA, moves to NY, works for Bloomberg

December 16, 2016: Assange DM to Don Jr about becoming Ambassador

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

February 4, 2017: Wikileaks starts prepping Vault 7

March 7, 2017: Wikileaks starts releasing Vault 7

March 13, 2017: Google search warrant

March 20, 2017: Search (including of cell phone, from which passwords to his desktop obtained)

June 2017: Interview

August 17, 2017: Dana Rohrabacher tries to broker deal for Assange with Trump

August 23, 2017: Arrest affidavit

August 24, 2017: Arraignment

THE COURT: Well, it sounds like, based on the interview, that he knew what the government was looking at.

MR. LAROCHE: That wasn’t the basis of the interview, your Honor.

 

MR. KOSS: I think it was either two or three [interviews]. I think it was three occasions. I was there on all three, including one of which where we handed over the telephone and unblocked the password to the phone, which they did not have, and gave that to them. And as I said, I have been in constant contact with the three assistant U.S. attorneys working on this matter literally on a weekly basis for the last 4, 5, 6 months. And any time Mr. Schulte even thought about traveling, I provided them an itinerary. I cleared it with them first and made sure it was okay. On any occasion that they said they might want him close so that he could speak to them, I cancelled the travel and rescheduled it so that we would be available if they needed him at any given time.

September 13, 2017: Bail hearing

MR. LAROCHE: Well, I believe there still is a danger because it’s not just computers, your Honor, but electronic devices are all over society and easy to procure and this type of defendant having the type of knowledge he has does in terms of accessing things — so he has expertise and not only just generally computers but using things such as wiping tools that would allow him to access certain website and leave no trace of it. Those can be done from not just a computer but from other electronic devices.

But the child pornography itself is located on the defendant’s desktop computer. They can be accessed irrespective of those servers. So if all the government had was this desktop computer, we could recover the child pornography. So I think this idea that numerous people had access to the serves and potentially could have put it there, is simply a red herring. This was on the defendant’s desktop computer. And the location where it was found, this sub-folder within several layers of encryption, there were other personal information of the defendant in that area. There was his bank accounts. I think there was even a resume for the defendant where he was storing this information. And the passwords that were used to get into that location, those passwords were the same passwords the defendant used to access his bank account, to access various other accounts that are related to him. So this idea that he shared them with other people, the government just strongly disagrees.

October 11, 2017: Schulte lawyer Spiro withdraws

October 24, 2017: At Trump’s request Bill Binney meets with Mike Pompeo to offer alternate theory of the DNC hack

November 8, 2017: Status hearing

SMITH: I believe the government has told us that there’s more data in this case than in any other like case that they have prosecuted.

MR. STANSBURY: Let me just clarify that part first. We proposed this just in an abundance of caution given the defendant’s former employer and the fact that — and I meant to flag this before. I apologize now for not. There’s a small body of documents that were found in the defendant’s residence that were taken from his former employer that might implicate some classified issues. We have been in the process of having those reviewed and I think we’re going to be in a position to produce those in the next probably few days. But we wanted to just make sure that we were acting out of an abundance of caution in case any SEPA [sic] issues come about in the case. I don’t expect them too at this point but we wanted to do that out of an abundance of caution.

November 9, 2017: Wikileaks publishes Vault 8 exploit

November 14, 2017: Assange posts Vault 8 Ambassador follow-up

November 14, 2017: Arrest warrant in VA

November 15, 2017: Charged in Loudon County for sexual assault

November 16, 2017: Use of Tor

November 17, 2017: Use of Tor

November 26, 2017: Use of Tor

November 29, 2017: Abundance of caution, attorney should obtain clearance

November 30, 2017: Use of Tor

December 5, 2017: Use of Tor, Smith withdraws

December 7, 2017: NYPD arrests on VA warrant for sexual assault

December 12, 2017: Move for detention, including description of email and Tor access

Separately, since the defendant was released on bail, the Government has obtained evidence that he has been using the Internet. First, the Government has obtained data from the service provider for the defendant’s email account (the “Schulte Email Account”), which shows that the account has regularly been logged into and out of since the defendant was released on bail, most recently on the evening of December 6, 2017. Notably, the IP address used to access the Schulte Email Account is almost always the same IP address associated with the broadband internet account for the defendant’s apartment (the “Broadband Account”)—i.e., the account used by Schulte in the apartment to access the Internet via a Wi-Fi network. Moreover, data from the Broadband Account shows that on November 16, 2017, the Broadband Account was used to access the “TOR” network, that is, a network that allows for anonymous communications on the Internet via a worldwide network of linked computer servers, and multiple layers of data encryption. The Broadband Account shows that additional TOR connections were made again on November 17, 26, 30, and December 5.

[snip]

First, there is clear and convincing evidence that the defendant has violated a release condition—namely, the condition that he shall not use the Internet without express authorization from Pretrial Services to do so. As explained above, data obtained from the Schulte Email Account and the Broadband Account strongly suggests that the defendant has been using the Internet since shortly after his release on bail. Especially troubling is the defendant’s apparent use on five occasions of the TOR network. TOR networks enable anonymous communications over the Internet and could be used to download or view child pornography without detection. Indeed, the defendant has a history of using TOR networks. The defendant’s Google searches obtained in this investigation show that on May 8, 2016, the defendant conducted multiple searches related to the use of TOR to anonymously transfer encrypted data on the Internet. In particular, the defendant had searched for “setup for relay,” “test bridge relay,” and “tor relay vs bridge.” Each of these searches returned information regarding the use of interconnected computers on TOR to convey information, or the use of a computer to serve as the gateway (or bridge) into the TOR network.

December 14, 2017: US custody in NY

MR. KAPLAN: Well, your Honor, we’ve obtained the discovery given to prior counsel, and I’ve started to go through that. In addition, there was one other issue which I believe was raised at our prior conference, which was a security clearance for counsel to go through some of the national security evidence that might be present in the case.

While most of the national security stuff does not involve the charges, the actual charges against Mr. Schulte, the basis for the search warrants in this case involve national security.

So I’m starting the process with their office to hopefully get clearance to go through some of the information on that with an eye towards possibly a Franks motion going forward. So I would ask for more time just to get that rolling.

January 8, 2018: Bail appeal hearing

MR. KAPLAN: Judge, on the last court date, when we left, the idea was that we had consented to detention with the understanding that Mr. Schulte would be sent down to Virginia to face charges based on a Virginia warrant. None of that happened. Virginia never came to get him. Virginia just didn’t do anything in this case. But before I address the bail issues, I think it’s important that this Court hear the full story of how we actually get here. At one of the previous court appearances, I believe it was the November 8th date, this Court asked why the defense attorney in this case would need security clearance. And the answer that was given by one of the prosecutors, I believe, was that there was some top secret government information that was found in Mr. Schulte’s apartment, and that out of an abundance of caution it would be prudent that the defense attorney get clearance. But I don’t think that’s entirely accurate.

While the current indictment charges Mr. Schulte with child pornography, this case comes out of a much broader perspective. In March of 2017, there was the WikiLeaks leak, where 8,000 CIA documents were leaked on the Internet. The FBI believed that Mr. Schulte was involved in that leak. As part of their investigation, they obtained numerous search warrants for Mr. Schulte’s phone, for his computers, and other items, in order to establish the connection between Mr. Schulte and the WikiLeaks leak.

As we will discuss later in motion practice, we believe that many of the facts relied on to get the search warrants were just flat inaccurate and not true, and part of our belief is because later on, in the third or fourth search warrant applications, they said some of the facts that we mentioned earlier were not accurate. So we will address this in a Franks motion going forward, but what I think is important for the Court is, in April or May of 2017, the government had full access to his computers and his phone, and they found the child pornography in this case, but what they didn’t find was any connection to the WikiLeaks investigation. Since that point, from May going forward, although they later argued he was a danger to the community, they let him out; they let him travel. There was no concern at all. That changed when they arrested him in August on the child pornography case.

[snip]

The second basis that the government had in its letter for detaining Mr. Schulte was the usage of computers. In the government’s letter, they note how, if you search the IP address for Mr. Schulte’s apartment, they found numerous log-ons to his Gmail account, in clear violation of this court’s order. But what the government’s letter doesn’t mention is that Mr. Schulte had a roommate, his cousin, Shane Presnall, and this roommate, who the government and pretrial services knew about, was allowed to have a computer.

And more than that, based on numerous conversations, at least two conversations between pretrial services, John Moscato, Josh Schulte and Shane Presnall, it was Shane’s understanding that pretrial services allowed him to check Mr. Schulte’s e-mail and to do searches for him on the Internet, with the idea that Josh Schulte himself would not have access to the computer.

And the government gave 14 pages of log-on information to establish this point. And, Judge, we have gone through all 14 pages, and every single access and log-in corresponds to a time that Shane Presnall is in the apartment. His computer has facial recognition, it has an alphanumeric code, and there is no point when Josh Schulte is left himself with the computer without Shane being there, and that was their understanding.

LAROCHE: And part of that investigation is analyzing whether and to what extent TOR was used in transmitting classified information. So the fact that the defendant is now, while on pretrial release, using TOR from his apartment, when he was explicitly told not to use the Internet, is extremely troubling and suggests that he did willfully violate his bail conditions.

 

KAPLAN: In this case, the reason why TOR was accessed was because Mr. Schulte is writing articles, conducting research and writing articles about the criminal justice system and what he has been through, and he does not want the government looking over his shoulder and seeing what exactly he is searching.

 

LAROCHE: Because there is a classified document that is located on the defendant’s computer, it is extremely difficult, and we have determined not possible, to remove that document forensically and still provide an accurate copy of the desktop computer to the defendant.

So in those circumstances, defense counsel is going to require a top secret clearance in order to view these materials. It’s my understanding that that process is ongoing, and we have asked them to expedite it. As soon as the defendant’s application is in, we believe he will get an interim classification to review this material within approximately two to three weeks. Unfortunately, that hasn’t occurred yet. So the defendant still does not have access to that particular aspect of discovery. So we are working through that as quickly as we can.

January 17, 2018: Bail appeal denied

March 15, 2018: Sabrina Shroff appointed

March 28, 2018: Initial ban of Internet access and visitors for Assange

April 20, 2018: Schulte’s diaries (ostensibly the purpose of using Tor) posted

May 10, 2018: Ecuador bans visitors for Assange

May 16, 18, 2018: Documents placed in vault

May 16, 2018: Schulte Facebook site starts legal defense fund

June 18, 2018: Schulte superseding indictment

June 19, 2018: Wikileaks posts links to diary

It’s Not Hannity’s Pee Tape that Matters

/114 Comments/in , , /by

Late afternoon on Sunday, Margaret Sullivan wrote a column arguing that Donald Trump might survive his own Saturday Night Massacre of firing Rod Rosenstein or Robert Mueller. The reason Trump might survive where Nixon didn’t, she argues, is Sean Hannity.

Nixon didn’t have Fox News in his corner.

President Trump does — and that might make all the difference if he were to fire Deputy Attorney General Rod J. Rosenstein or even special counsel Robert S. Mueller III.

The pro-Trump media, led by Fox, would give cover, and huge swaths of Americans would be encouraged to believe that the action was not only justified but absolutely necessary.

You can see it coming.

Night after night — for many months — Trump’s sycophant-in-chief, Sean Hannity, has been softening the ground. And his message is sinking in.

In a recent Reuters/Ipsos poll, three of four Republicans said they believed the Justice Department and the FBI are actively working to undermine Trump.

“Hannity has been poisoning the well for Mueller’s ‘deeply corrupt’ investigation and laying the groundwork to support the president if he seeks an authoritarian recourse,” wrote Matthew Gertz, of the progressive watchdog group Media Matters for America. That was back in October.

Six months, five convictions and more than a dozen indictments later, that poison has done its job.

Less than 24 hours later, Michael Cohen’s lawyer revealed the name of the third client to whom Cohen claimed to have provided legal advice he wanted to protect under attorney-client privilege, a person who — Cohen had claimed in a brief Sunday, hadn’t wanted his name disclosed. “The client’s name that is involved is Sean Hannity.

In response to the ensuing uproar over learning he was the hidden Client 3, Hannity offered a series of contradictory statements, presumably designed to tamp down any speculation that Cohen had negotiated a hush payment for the star, but which only served to make Cohen’s legal claims more specious.

Michael Cohen has never represented me in any matter. I never retained him, received an invoice, or paid legal fees. I have occasionally had brief discussions with him about legal questions about which I wanted his input and perspective.

I assumed those conversations were confidential, but to be absolutely clear they never involved any matter between me and a third-party.

In response to some wild speculation, let me make clear that I did not ask Michael Cohen to bring this proceeding on my behalf, I have no personal interest in this proceeding, and, in fact, asked that my de minimis discussions with Michael Cohen, which dealt almost exclusively about real estate, not be made a part of this proceeding.

As I joked, Hannity said he had eight lawyers. I wonder which three different lawyers wrote these statements, and whether one of them was the other lawyer he shares with Donald Trump, Jay Sekulow.

So Cohen advised Hannity “almost exclusively about real estate,” which in this crowd sometimes means money laundering, and not about buying off Playboy bunnies.

But what are the other conversations about?

Hannity has played even more of a role in protecting Trump than Sullivan makes out. It’s not just that he fed the uproar over Trump’s lawyer being raided. But he did an interview with Julian Assange in January 2017 that helped seed the narrative that Russia didn’t hand the DNC files to Wikileaks. More grotesquely, Hannity fed the conspiracy theories about Seth Rich (I hope the multiple entities that are suing Hannity over that will demand discovery on any claimed privileged conversations about the topic with Trump’s lawyer).

Sure, the matters on which Cohen purportedly gave legal advice to Hannity might be about buying a condo.

But given the effort Cohen made to protect those conversations from the eyes of the FBI, they also might involve coordination on some of the more insidious pushback on the Russian story.

Roger Stone’s Rat-Eating Swiss Cheese Denials

/44 Comments/in , , , /by

Back when Roger Stone leaked his September testimony to HPSCI, I noted that it misrepresented the key allegations against him, meaning he never denied the important parts.

I’m even more interested in how he depicts what he claims are the three allegations made against him.

Members of this Committee have made three basic assertions against me which bust be rebutted her today. The charge that I knew in advance about, and predicted, the hacking of the Clinton campaign chairman John Podesta’s email, that I had advanced knowledge of the source or actual content of the WikiLeaks disclosures regarding Hillary Clinton or that, my now public exchange with a persona that our intelligence agencies claim, but cannot prove, is a Russian asset, is anything but innocuous and are entirely false.

In point of fact, this tripartite accusation is actually a misstatement of the allegations against him (though in his rebuttal of them, he is helped immensely by the sloppiness of public statements made by Democrats, especially those on the panel, which I’ve criticized myself). Generally, the accusation is more direct: that in conversing with both Julian Assange (though a cut-out) and Guccifer 2.0, Stone was facilitating or in some way helping the Trump campaign maximally exploit the Russian releases that were coming.

The same is true of his interview with Chuck Todd yesterday.

I’m most interested in the way Stone addresses his direct exchange with Guccifer 2.0, then restricts the rest of his denials to Wikileaks. When Todd asks Stone why he reached out to both Guccifer and Wikileaks, Stone focuses his attention on the former.

Todd: Why did you reach out to Guccifer? Why did you reach out to Wikileaks?

Stone: First of all, my direct messages with Guccifer 2.0, if that’s who it really is, come six weeks, almost six weeks after the DNC emails had been published by Wikileaks. So in order to collude in their hacking, which I had nothing whatsoever to do with, one would have needed a time machine. Secondarily, I wrote a very long piece, you can find it still at the Stone Cold Truth. I doubt that Guccifer is, indeed, a Russian operative. I also once believed that he had hacked the DNC. I don’t believe that anymore either. I believe it was an inside job and the preponderance of evidence points to a load to a thumb drive or some other portable device and the device is coming out the back door. But, Chuck, ten days ago, the Washington Post that based on the Democratic minority that the Russians had sent documents to me for review. I never received any documents from the Russians or anybody representing them. I never had any contact with any

Todd: Did you receive any documents and you didn’t know it was a Russian?

Stone: I never received any documents from anyone purporting to be a Russian or otherwise, and I never saw the Wikileaks documents in advance.

In his response he does the following:

  • Raises doubts that he was actually talking to Guccifer 2.0 (even though Guccifer 2.0’s only identity was virtual, so Stone’s online interactions with any entity running the Guccifer Twitter account would by definition be communication with Guccifer 2.0)
  • Repeats his earlier doubts that Guccifer 2.0 is a Russian operative
  • Emphasizes that he couldn’t have couldn’t have been involved in any hack of the DNC Guccifer 2.0 had done because he first spoke to him six weeks after the email release (in reality, he was speaking to him three weeks after the Wikileaks release)
  • Admits he once believed Guccifer 2.0 did the hack but (pointing to the Bill Binney analysis, and giving it a slightly different focus than he had in September) claims he no longer believes that
  • Invents something about a WaPo report that’s not true, thereby shifting the focus to receiving documents (as opposed to, say, information)
  • Denies he received documents from anyone but not that he saw documents (other than the Wikileaks ones) before they were released

This denial stops well short of explaining why he reached out to Guccifer. And it does nothing to change the record — one backed by his own writing — that Stone reached out because he believed Guccifer, whoever he might be, had hacked the DNC.

At the time Stone reached out to Guccifer (as I pointed out, he misrepresented the timing of this somewhat in his testimony), he believed Guccifer had violated the law by hacking the DNC.

He never does explain to Todd why he did reach out.

Guccifer 2.0 never comes back in the remainder of the interview. The first time Todd asks Stone if there had been “collusion” with the Russians, Stone answers it generally, insisting Trump needed no help to beat Hillary.

Todd: You have made the case here that there was no collusion here that you’re aware of. Would it have been wrong to collude with a foreign adversary to undermine Hillary Clinton’s campaign?

Stone: Well, there’s no evidence that this happened, you’re asking me to answer a hypothetical question. It seems to me that Mr. Steele was colluding with the Russians.

Todd: Let me ask you this. Do you think it’s fair game to get incriminating evidence from a foreign government about your political opponent?

Stone: But that didn’t happen, Chuck, so I’m not going to answer a hypothetical question. It was unnecessary. The idea that Donald Trump needed help from the Russians to beat Hillary Clinton it’s an excuse, a canard, a fairy tale. I don’t believe it ever happened.

The next time — when Stone first labels then backs way the fuck off labeling conspiring with the Russians as treason — Stone then focuses on how such conspiring would only be treason if you believed that Assange was a Russian agent.

Stone: Chuck I’ve been accused of being a dirty trickster. There’s one trick that’s not in my bag. That’s treason. I have no knowledge or involvement with Russians–

Todd: And you believe

Stone: And I have no knowledge of anybody else who does.

Todd: Let me establish something. You believe, if unbeknownst to you, there is somebody on the Trump campaign who worked with the Russians on these email releases, that’s a treasonous act?

Stone: No, actually, I don’t think so because for it to be a treasonous act, Assange would have to be provably a Russian asset, and Wikileaks would have to be a Russian front and I do not believe that’s the case.

Todd: Let me back you up there. You think it’s possible Wikileaks and the Trump campaign coordinated the release?

Stone: I didn’t say that at all. I have no knowledge of that and I make no such claim.

Todd: No, I understand that. You just issued that hypothetical. So what you’re saying is had that occurred you don’t believe that’s, you don’t believe, you don’t believe that that’s against the law?

Stone: This is all based on a premise that Wikileaks is a Russian front and Assange is a Russian agent. As I said I reject that. On the other hand I have no knowledge that that happened. It’s certainly did not happen in my case. That isn’t something I was involved in.

When asked whether it would be illegal to work with Wikileaks (Stone’s contacts with Guccifer at a time he believed Guccifer to have hacked the DNC go unmentioned) Stone again focuses on whether Wikileaks was Russian, not on the conspiracy to hack and leak documents.

This focus on Wikileaks instead of Guccifer 2.0 carries over to the statement Stone issued to ABC:

I never received anything whatsoever from WikiLeaks regarding the source, content or timing of their disclosures regarding Hillary Clinton, the DNC or Podesta. I never received any material from them at all. I never received any material from any source that constituted the material ultimately published by WikiLeaks. I never discussed the WikiLeaks disclosures regarding Hillary Clinton or the DNC with candidate or President Donald Trump before during or after the election. I don’t know what Donald Trump knew about the WikiLeaks disclosures regarding Hillary or the DNC if anything and who he learned it from if anyone.

No one, including Sam Nunberg is in possession If any evidence to the contrary because such evidence does not exist … This will be an impossible case to bring because the allegation that I knew about the WikiLeaks disclosures beyond what Assange himself had said in interviews and tweets or that I had and shared this material with anyone in the Trump campaign or anyone else is categorically false. Assange himself has said and written that I never predicted anything that he had not already stated in public.

There’s very good reason Stone would want to focus on Wikileaks rather than Guccifer.

Even by his own dodgy explanation, at the time he reached out to Guccifer, he believed that Guccifer had hacked the DNC. While it’s true that the public record shows Stone stopping short of accepting documents from Guccifer (all this ignores Stone’s reported involvement in a Guccifer-suggested Peter Smith effort to obtain Hillary’s Clinton Foundation emails), Stone’s interest in coordinating with the hack-and-leak is clear.

And it seems Sam Nunberg may fear that his past testimony and communications with Stone would document that interest. If he knows Stone did have non-public communications with Guccifer, but didn’t believe Guccifer to be Russian, it would also explain why Nunberg said he thought Putin was too smart to collude with Trump, but that his testimony might hurt Stone.

Adding one more point to this: early in the interview, Stone goes to some lengths to say that he proved he had actually separated from the Trump campaign by contemporaneously showing two reporters his resignation letter. This is akin to something Carter Page did in his HPSCI testimony. But given how many of those conspiring with Russia on the Trump campaign (Carter Page — especially after his departure, George Papadopoulos, and Paul Manafort) didn’t have formal roles, it’s not clear that letter would be definitive. Indeed, it might be the opposite, one of a group of people who arranged plausible deniability by getting or staying off the campaign payroll.

Update: Fixed my misrepresentation of Stone’s claim about the six week delay, and fact-checked it to note it was only three weeks.

Speech and Email Release: The Three Public Statement Signals Tied to Russia’s Dirt-as-Emails

/36 Comments/in , , /by

In this post I did a timeline of all the known George Papadopoulos communications. The timeline made something clear: on two occasions, Papadopoulos alerted Ivan Timofeev to something in a Trump speech. On each occasion, something happened with emails. And there may actually be a third instance of Papadopoulos signaling to his handler.

April 26 notice of emails precedes Trump’s April 27 speech including a “signal to meet”

First, on April 26, 2016, over breakfast London time, he learned the Russians had thousands of email as dirt on Hillary Clinton.

On or about April 26, 2016, defendant PAPADOPOULOS met the Professor for breakfast at a London hotel. During this meeting, the Professor told defendant PAPADOPOULOS that hehadjust returned from a trip to Moscow where he had met with high level Russian government officials. The Professor told defendant PAPADOPOULOS that on that trip he(the Professor) learned that the Russians had obtained “dirt” on then-candidate Clinton. The Professor told defendant PAPADOPOULOS, as defendant PAPADOPOULOS later described to the FBI, that “They [the Russians] have dirt on her”; “the Russians had emails of Clinton”; “they have thousands of emails.”

The next day he discusses his outreach to Russians with both Stephen Miller and Corey Lewandowski. He emails Miller to say he “Ha[s] some interesting messages coming in from Moscow about a trip when the time is right.” And he emails Lewandowski, apparently asking to speak by phone, “to discuss Russia’s interest in hosting Mr. Trump. Have been receiving a lot of calls over the last month about Putin wanting to host him and the team when the time is right.”

That all happened while Papadopoulos was helping draft Trump’s first speech, in which Trump said,

We desire to live peacefully and in friendship with Russia and China. We have serious differences with these two nations, and must regard them with open eyes, but we are not bound to be adversaries. We should seek common ground based on shared interests.

Russia, for instance, has also seen the horror of Islamic terrorism. I believe an easing of tensions, and improved relations with Russia from a position of strength only is possible, absolutely possible. Common sense says this cycle, this horrible cycle of hostility must end and ideally will end soon. Good for both countries.

Some say the Russians won’t be reasonable. I intend to find out. If we can’t make a deal under my administration, a deal that’s great — not good, great — for America, but also good for Russia, then we will quickly walk from the table. It’s as simple as that. We’re going to find out.

As the NYT revealed the other day, Papadopoulos helped draft that speech, and he told Timofeev that it was the “signal to meet.”

Papadopoulos was trusted enough to edit the outline of Mr. Trump’s first major foreign policy speech on April 27, an address in which the candidate said it was possible to improve relations with Russia. Mr. Papadopoulos flagged the speech to his newfound Russia contacts, telling Mr. Timofeev that it should be taken as “the signal to meet.”

So the Russians mentioned emails, and the next day Papadopoulos delivered a speech that signaled (at least according to Papadopoulos, who at times oversold these things) Trump’s interest in meeting.

July 21 RNC speech precedes the WikiLeaks dump

A second coincidence comes in July. On July 21, a week after Papadopoulos informed Timofeev that a ““meeting for August or September in the UK (London) with me and my national chairman” had been approved, he then messages Timofeev the day of Trump’s RNC speech, saying, “How are things [Timofeev]? Keep an eye on the speech tonight. Should be good.” This message is one of the ones he tried to destroy by nuking his Facebook account after his second interview with the FBI last February.

Trump’s RNC speech included no mention of Russia. But it did include an indictment of Hillary’s actions as Secretary of State, focusing on a number of the issues that lay behind Putin’s loathing of Hillary.

Another humiliation came when president Obama drew a red line in Syria – and the whole world knew it meant nothing.

In Libya, our consulate – the symbol of American prestige around the globe – was brought down in flames. America is far less safe – and the world is far less stable – than when Obama made the decision to put Hillary Clinton in charge of America’s foreign policy.

I am certain it is a decision he truly regrets. Her bad instincts and her bad judgment – something pointed out by Bernie Sanders – are what caused the disasters unfolding today. Let’s review the record. In 2009, pre-Hillary, ISIS was not even on the map.

Libya was cooperating. Egypt was peaceful. Iraq was seeing a reduction in violence. Iran was being choked by sanctions. Syria was under control. After four years of Hillary Clinton, what do we have? ISIS has spread across the region, and the world. Libya is in ruins, and our Ambassador and his staff were left helpless to die at the hands of savage killers. Egypt was turned over to the radical Muslim brotherhood, forcing the military to retake control. Iraq is in chaos.

Iran is on the path to nuclear weapons. Syria is engulfed in a civil war and a refugee crisis that now threatens the West. After fifteen years of wars in the Middle East, after trillions of dollars spent and thousands of lives lost, the situation is worse than it has ever been before.

[snip]

We must abandon the failed policy of nation building and regime change that Hillary Clinton pushed in Iraq, Libya, Egypt and Syria. Instead, we must work with all of our allies who share our goal of destroying ISIS and stamping out Islamic terror.

The focus on Syria is key: remember that Jared Kushner explained his request to Sergei Kislyak for a Russian-run secure back challenge as an effort to cooperate on Syria.

The Ambassador expressed similar sentiments about relations, and then said he especially wanted to address U.S. policy in Syria, and that he wanted to convey information from what he called his “generals.” He said he wanted to provide information that would help inform the new administration. He said the generals could not easily come to the U.S. to convey this information and he asked if there was a secure line in the transition office to conduct a conversation. General Flynn or I explained that there were no such lines. I believed developing a thoughtful approach on Syria was a very high priority given the ongoing humanitarian crisis, and I asked if they had an existing communications channel at his embassy we could use where they would be comfortable transmitting the information they wanted to relay to General Flynn.

So it’s possible the attacks on Hillary’s Syria policy were a signal — as the earlier speech’s call for engagement with Russia apparently was — to Timofeev.

In any case, the next day, WikiLeaks started releasing the DNC emails, just in time to bollox the DNC (though I maintain that forcing the Democrats to finally fire Debbie Wasserman Schultz was a necessary move).

A possible third message?

Which brings us to a possible third signal. Another of the Facebook messages that Papadopoulos attempted to destroy was a link he shared with Timofeev to this interview. Among the other things Papadopoulos says in the interview is that sanctions on Russia have hurt the US.

Q.: Do you agree that the U.S. sanctions against Russia did not help to resolve the crisis in Ukraine?

A.: Sanctions have done little more than to turn Russia towards China as a primary market for Russian goods, services and energy. It is not in the interest of the West to align China and Russia in a geopolitical alliance that can have unpredictable consequences for U.S. interests in the South China Sea, Eastern Mediterranean and Middle East.

[snip]

Q.: Your professional background is related to global energy. Do you agree that European countries should reduce their dependence on Russian energy?

A.: The U.S. and Russia will compete over both the European and Pacific gas markets. This is inevitable. Unfortunately for the U.S., sanctions on Russia have resulted in massive energy deals between Russia and China.

Papadopoulos also poo poos the idea of expanding NATO.

Q.: How do you see the future of NATO? Do you support a further expansion of the alliance? If so, do you think that NATO should take into the account Russia’s concerns regarding this issue?

A.: If NATO is to expand, all new members must spend the required 2% of GDP on defense expenditure. Currently only five members do. Without a common mission that all countries subscribe to, or the pledge that all members spend 2% of GDP on defense, the alliance in its current form is likely not sustainable. The three largest threats NATO will have to combat over the next couple decades will be a rising and belligerent China, radical Islam and a nuclear Iran. Russia can be helpful in mitigating the dangerous consequences of these three forces colliding simultaneously.

Q.: You did not answer the question on whether you would support a possible NATO extension or not. Russia has repeatedly expressed its concerns about NATO’s military infrastructure moving toward Russia’s borders…

A.: We should look at the circumstances. If mutual confidence between our countries exists, then we will better understand the expectations of each other, and we can more accurately define the ‘red lines‘ which cannot be crossed. However, what is happening today between Russia and NATO, and between Russia and the West in general, creates an extremely dangerous and unstable situation in which every incident could become fatal.

An interview with a policy advisor is nowhere near as momentous as a speech from Trump. But by this point — the NYT informs us — Papadopoulos’ interventions were being reviewed closely by the campaign. So it’s likely this was closely vetted.

Papadopoulos shared that link on October 1. Later that week, the John Podesta emails started coming out.

The timing wasn’t dictated by these speeches

Let me make something clear: I’m not saying that the timing of these email releases were dictated by the speeches. Of course they weren’t. They were timed to do maximal damage to the Hillary campaign (not incidentally, in a way that coincided with the “later in the summer” timing Don Jr asked for in his communications with Rob Goldstone).

Rather, I’m saying that Papadopoulos seems to have been signaling Timofeev, and those signals closely mapped to email releases.

And those signals are among the things he tried to destroy.

Two (Three) Possibilities on the “WikiLeaks” Archive Story

/89 Comments/in , /by

Don Jr’s testimony to Congress yesterday has brought out several new details on the evidence he was provided. In this post I want to look at the report that someone sent key Trump figures a link to a Wikileaks archive and an encryption key.

Candidate Donald Trump, his son Donald Trump Jr. and others in the Trump Organization received an email in September 2016 offering a decryption key and website address for hacked WikiLeaks documents, according to an email provided to congressional investigators.

The September 14 email was sent during the final stretch of the 2016 presidential race.

CNN originally reported the email was released September 4 — 10 days earlier — based on accounts from two sources who had seen the email. The new details appear to show that the sender was relying on publicly available information. The new information indicates that the communication is less significant than CNN initially reported.

After this story was published, The Washington Post obtained a copy of the email Friday afternoon and reported that the email urged Trump and his campaign to download archives that WikiLeaks had made public a day earlier. The story suggested that the individual may simply have been trying to flag the campaign to already public documents.

CNN has now obtained a copy of the email, which lists September 14 as the date sent and contains a decryption key that matches what WikiLeaks had tweeted out the day before.

First, note there’s no explanation in the story why these are described as Wikileaks emails, aside from the fact that Julian Assange has on occasion posted archives with a key. Indeed, it sounds like this archive is more closely related to the DC Leaks side of the house, given the reference to Colin Powell emails in the larger story. So absent a more fulsome explanation of what makes these WikiLeaks documents, I wouldn’t necessarily bet that these documents are related to Wikileaks.

Second, one possible explanation for this archive is that it’s the same one that is the center of the skeptics’ theory. They focus on an archive called NGP/VAN (but which is not NGP/VAN), which was curated on September 1. In public form, the archive was pointed to by Guccifer 2.0 on September 12, but never posted on his site.

the files were posted during a speech given in London by another hacker as a proxy for G2.0 on that day. The Forensicator relies on a copy posted by NatSecGeek. And while on Twitter G2.0 pointed to the speech the day before it was given, he never actually pointed back to the data on his WordPress site.

It’s true that the “speech” that was read for G2.0 relied on and posted a link to these files at the conference.

This scheme shows how NGP VAN is incorporated in the DNC infrastructure. It’s for detailed examination, if you are interested. And here are a couple of NGP VAN’s documents from their network. If you r interested in their internal documents, you can have them via the link on the screen. The password is usual. It’s also on the screen. You may also ask the conference producers for them later.

But at the very least, it seems any analysis of these forensics needs to account for the hand-off and proxy involved.

The timing of this would suggest that (if this is the same archive) three days after the archive was curated but over a week before it was posted publicly, top campaign officials got a link.

But there is another possibility, a detail I’ve often alluded to but never laid out publicly. There is or was a grand jury investigation into some script kiddies that tried to hijack Guccifer 2.0’s password or ID or something like that. It is or was in Philadelphia, based on the location of an archive involved. As I understand it the thought was that this effort was unrelated to the chief Russian info op, but was a lead the FBI had to chase down. I’ve been waiting to see if that grand jury investigation was ever going to show up publicly, and it’s one possible explanation for this email.

Update: I should make clear, I lay out three possibilities here:

  1. These are actually DC Leaks emails, not WikiLeaks ones; this is consistent with what recipients of those emails say about timing.
  2. This is the NGP/VAN archive released in mid-September, associated with Guccifer 2.0.
  3. This is an effort from the unknown skiddies being investigated in Philly.

Update: By description, WaPo makes it clear that this was an email sending the Trumps to this material, though using a different link and password.

That means it is, in fact, the NGP/VAN materials at the heart of the skeptics’ counterarguments about Guccifer being Russian (number 2, above), being sent under an apparently Anglo name (albeit with a few errors; making number 3 possible), but branded as Guccifer 2.0 materials, not WikiLeaks materials (sort of, 1).

In other words, the emails are much more interesting for all these other related theories than for the fact that the Trump folks received it, apparently unsolicited.

Update: I’ve subbed in the corrected language from CNN confirming that this was a September 14 email.

Throwing H2O on the Pompeo to State Move

/20 Comments/in , , , /by

I could be totally wrong, but I don’t think the reported plan for Rex Tillerson to step down, to be replaced by Mike Pompeo, who in turn will be replaced by Tom Cotton (or maybe Admiral Robert Harward because Republicans can’t afford to defend an Arkansas Senate seat), will really happen.

The White House has developed a plan to force out Secretary of State Rex W. Tillerson, whose relationship with President Trump has been strained, and replace him with Mike Pompeo, the C.I.A. director, perhaps within the next several weeks, senior administration officials said on Thursday.

Mr. Pompeo would be replaced at the C.I.A. by Senator Tom Cotton, a Republican from Arkansas who has been a key ally of the president on national security matters, according to the White House plan. Mr. Cotton has signaled that he would accept the job if offered, said the officials, who insisted on anonymity to discuss sensitive deliberations before decisions are announced.

I say that for two reasons.

First, because of all the evidence that Mike Flynn is working on a plea deal. Particularly given that Mueller has decided he doesn’t need any more evidence of Flynn’s corrupt dealings with Turkey, I suspect his leverage over Flynn has gone well beyond just those crimes (which, in turn, is why I suspect Flynn has decided to flip).

I think that when the plea deal against Flynn is rolled out, it will be associated with some fairly alarming allegations against him and others, allegations that will dramatically change how willing Republicans are to run interference for Trump in Congress.

If I’m right about that, it will make it almost impossible for Pompeo to be confirmed as Secretary of State. Already, Senate Foreign Relations Committee Chair Bob Corker, who’d oversee the confirmation, is sending signals he’s not interested in seeing Pompeo replace Tillerson.

“I could barely pick Pompeo out of a lineup” Sen. Bob Corker (R-Tenn.), chairman of the Senate Foreign Relations Committee, said Thursday morning.

Already, Pompeo’s cheerleading of Wikileaks during the election should have been disqualifying for the position of CIA Director. That’s even more true now that Pompeo himself has deemed them a non-state hostile intelligence service.

Add in the fact that Pompeo met with Bill Binney to hear the skeptics’ version of the DNC hack, and the fact that Pompeo falsely suggested that the Intelligence Community had determined Russia hadn’t affected the election. Finally, add in the evidence that Pompeo has helped Trump obstruct the investigation and his role spying on CIA’s own investigation into it, and there’s just far too much smoke tying Pompeo to the Russian operation.

All that will become toxic once Mike Flynn’s plea deal is rolled out, I believe.

So between Corker and Marco Rubio, who both treat Russia’s hack of the election with real seriousness (remember, too, that Rubio himself was targeted), I don’t see how Pompeo could get out of the committee.

But there’s another reason I don’t think this will happen. I suspect it — like earlier threats to replace Jeff Sessions — is just an attempt to get Tillerson to hew the Administration line on policy. The NYT cites Tillerson’s difference of opinion on both North Korea and Iran.

Mr. Trump and Mr. Tillerson have been at odds over a host of major issues, including the Iran nuclear deal, the confrontation with North Korea and a clash between Arab allies. The secretary was reported to have privately called Mr. Trump a “moron” and the president publicly criticized Mr. Tillerson for “wasting his time” with a diplomatic outreach to North Korea

It’s Iran that’s the big issue, particularly as Jared frantically tries to finish his “peace” “plan” before he gets arrested himself. The fact that Trump has floated Cotton as Pompeo’s replacement is strong support for the notion that this is about forcing Tillerson to accept the Administration lies about Iran and the nuclear deal: because Cotton, more than anyone else, has been willing to lie to oppose the deal.

Trump is basically saying that unless Tillerson will adopt the lies the Administration needs to start a war with Iran, then he will be ousted.

But Tillerson’s claim that he doesn’t need to replace all the people who’ve left state because he thinks a lot of domestic issues will be solved soon seems to reflect that he’s parroting the Administration line now.

Obviously, there’s no telling what will happen, because Trump is completely unpredictable.

But he also likes to use threats to get people to comply.

Update: CNN now reporting I’m correct.

Did the Steele Dossier Lead the Democrats To Be Complacent after They Got Hacked?

/46 Comments/in , , /by

I get asked, a lot, why I obsess over the Steele dossier. A lot of people believe that even if the dossier doesn’t pan out, it doesn’t matter because Mueller’s investigation doesn’t depend on it. I’d be more sympathetic to that view if people like Adam Schiff and John Podesta didn’t keep invoking the dossier in ways that makes their legitimate concerns easy to discredit.

But I now believe the dossier may have done affirmative damage.

Consider the timeline.

Perkins Coie lawyer Marc Elias reportedly engaged Fusion for opposition research in April (their first payment was May 24).

April 26, Joseph Mifsud told George Papadopoulos that Russians said they had “dirt” on Hillary Clinton, in the form of emails.

April 29, the DNC discovered they had been hacked. Perkins Coie partner Michael Sussman had a key role in their response.

“Not sure it is related to what the F.B.I. has been noticing,” said one internal D.N.C. email sent on April 29. “The D.N.C. may have been hacked in a serious way this week, with password theft, etc.”

No one knew just how bad the breach was — but it was clear that a lot more than a single filing cabinet worth of materials might have been taken. A secret committee was immediately created, including Ms. Dacey, Ms. Wasserman Schultz, Mr. Brown and Michael Sussmann, a former cybercrimes prosecutor at the Department of Justice who now works at Perkins Coie, the Washington law firm that handles D.N.C. political matters.

“Three most important questions,” Mr. Sussmann wrote to his clients the night the break-in was confirmed. “1) What data was accessed? 2) How was it done? 3) How do we stop it?”

Sometime in May, Robert Johnston (who then worked at Crowdstrike) briefed the DNC on the hack. He told them how much data had been stolen, but he told them intelligence hackers generally don’t do anything with the stolen data.

When he briefed the DNC in that conference room, Johnston presented a report that basically said, “They’ve balled up data and stolen it.” But the political officials were hardly experienced in the world of intelligence. They were not just horrified but puzzled. “They’re looking at me,” Johnston recalled, “and they’re asking, ‘What are they going to do with the data that was taken?’”

Back then, no one knew. In addition to APT 29, another hacking group had launched malware into the DNC’s system. Called APT 28, it’s also associated Russian intelligence. Andrei Soldatov, a Russian investigative journalist and security expert, said it’s not crystal clear which Russian spy service is behind each hacker group, but like many other cybersecurity investigators, he agreed that Russian intelligence carried out the attack.

So, Johnston said, “I start thinking back to all of these previous hacks by Russia and other adversaries like China. I think back to the Joint Chiefs hack. What did they do with this data? Nothing. They took the information for espionage purposes. They didn’t leak it to WikiLeaks.”

So, Johnston recalled, that’s what he told the DNC in May 2016: Such thefts have become the norm, and the hackers did not plan on doing anything with what they had purloined.

May 25 was likely the date on which the last emails shared with Wikileaks got exfiltrated.

On June 9, Natalia Veselnitskaya met with Don Jr, Jared Kushner, and Paul Manafort at Trump Tower. Both at a Prevezon court hearing that morning and after the Trump Tower meeting, she reportedly met with Fusion’s Glenn Simpson. Though there’s no sign of Baker Hostetler paying for any services anytime near that meeting. Sometime Fusion associate Rinat Akhmetshin accompanied Veselnitskaya to the meeting; it’s possible he was paid for work in June.

Sometime in “mid-June,” the Perkins Coie lawyer Sussman and the DNC first met with the FBI about the hack. They asked the FBI to attribute the hack to Russia.

The D.N.C. executives and their lawyer had their first formal meeting with senior F.B.I. officials in mid-June, nine months after the bureau’s first call to the tech-support contractor. Among the early requests at that meeting, according to participants: that the federal government make a quick “attribution” formally blaming actors with ties to Russian government for the attack to make clear that it was not routine hacking but foreign espionage.

“You have a presidential election underway here and you know that the Russians have hacked into the D.N.C.,” Mr. Sussmann said, recalling the message to the F.B.I. “We need to tell the American public that. And soon.”

The FBI would not attribute the hack formally until the following year.

On June 14, the DNC placed a story with the WaPo, spinning the hack to minimize the damage done.

On June 15, Guccifer 2.0 started posting. In his first post, he proved a number of the statements Crowdstrike or Democrats made to the WaPo were wrong, including that:

  • The hackers took just two documents
  • Only Trump-related documents had been stolen
  • Hillary’s campaign had not been hacked
  • The DNC had responded quickly
  • No donor information had been stolen

Now, you’d think this (plus Julian Assange’s claim to have Hillary emails) would alert the Democrats that Johnston’s advice — that the Russians probably wouldn’t do anything with the data they stole — was wrong. Except that (as far as is publicly known) none of the documents Guccifer 2.0 leaked in that first batch were from the DNC.

Around this same time, Perkins Coie lawyer Marc Elias asked Fusion to focus on Trump’s Russian ties, which led to Christopher Steele’s involvement in the already started oppo effort.

On June 20, Perkins Coie would have learned from a Steele report that the dirt Russia had on Hillary consisted of “bugged conversations she had on various visits to Russia and intercepted phone calls rather than any embarrassing conduct.” It would also have learned that “the dossier however had not yet been made available abroad, including to TRUMP or his campaign team.”

On July 19, Perkins Coie would have learned from a Steele report that at a meeting with a Kremlin official named Diyevkin which Carter Page insists didn’t take place, Diyevkin “rais[ed] a dossier of ‘kompromat’ the Kremlin possessed on TRUMP’s Democratic presidential rival, Hillary CLINTON, and its possible release to the Republican’s campaign team.” At that point in time, the reference to kompromat would still be to intercepted messages, not email.

On July 22, Wikileaks released the first trove of DNC emails.

On July 26 — days after Russian-supplied emails were being released to the press — Perkins Coie would receive a Steele report (based on June reporting) that claimed FSB had the lead on hacking in Russia. And the report would claim — counter to a great deal of publicly known evidence — that “there had been only limited success in penetrating the ‘first tier’ foreign targets.” That is, even after the Russian hacked emails got released to the public, Steele would still be providing information to the Democrats suggesting there was no risk of emails getting released because Russians just weren’t that good at hacking.

It appears likely that the Democrats asked Fusion to focus on Russia because they believed they had been badly hacked by Russia.

Everything they learned (and would have learned, if the June reporting on cybersecurity had been produced in timely fashion) between the time they were hacked and when Wikileaks would start releasing massive amounts of emails would have told the Democrats that the Russians hadn’t really succeeded with their hacking, and any kompromat they had on Hillary was not emails, but instead dated intercepts. The Steele dossier would have led them to be complacent, rather than prepping for the onslaught of the emails.

We don’t know how Steele’s intelligence was used within the party. But if they had paid attention to it, it would have done affirmative damage, because it might have led them to continue to rely on Johnston’s opinion that the stolen emails weren’t coming out.