Is Matt DeHart Being Prosecuted Because FBI Investigated CIA for the Anthrax Leak?

Buzzfeed today revealed a key detail behind in the Matthew DeHart case: the content of the file which DeHart believes explains the government’s pursuit of him.  In addition to details of CIA’s role in drone-targeting and some ag company’s role in killing 13,000 people, DeHart claims a document dropped onto his Tor server included details of FBI’s investigation into CIA’s possible role in the anthrax attack.

According to Matt, he was sitting at his computer at home in September 2009 when he received an urgent message from a friend. A suspicious unencrypted folder of files had just been uploaded anonymously to the Shell. When Matt opened the folder, he was startled to find documents detailing the CIA’s role in assigning strike targets for drones at the 181st.

Matt says he thought of his fellow airmen, some of whom knew about the Shell. “I’m not going to say who I think it was, but there was a lot of dissatisfaction in my unit about cooperating with the CIA,” he says. Intelligence analysts with the proper clearance (such as Manning and others) had access to a deep trove of sensitive data on the Secret Internet Protocol Router Network, or SIPRNet, the classified computer network used by both the Defense and State departments.

As Matt read through the file, he says, he discovered even more incendiary material among the 300-odd pages of slides, documents, and handwritten notes. One folder contained what appeared to be internal documents from an agrochemical company expressing culpability for more than 13,000 deaths related to genetically modified organisms. There was also what appeared to be internal documents from the FBI, field notes on the bureau’s investigation into the worst biological attack in U.S. history: the anthrax-laced letters that killed five Americans and sickened 17 others shortly after Sept. 11.

Though the attacks were officially blamed on a government scientist who committed suicide after he was identified as a suspect, Matt says the documents on the Shell tell a far different story. It had already been revealed that the U.S. Army produced the Ames strain of anthrax — the same strain used in the Amerithrax attacks — at the Dugway Proving Ground in Utah. But the report built the case that the CIA was behind the attacks as part of an operation to fuel public terror and build support for the Iraq War.

Despite his intelligence training, Matt was no expert in government files, but this one, he insists, featured all the hallmarks of a legitimate document: the ponderous length, the bureaucratic nomenclature, the monotonous accumulation of detail. If it wasn’t the real thing, Matt thought, it was a remarkably sophisticated hoax. (The FBI declined requests for comment.)

Afraid of the repercussions of having seen the folder of files, Matt panicked, he claims, and deleted it from the server. But he says he kept screenshots of the dozen or so pages of the document that specifically related to the FBI investigation and the agrochemical matter, along with chat logs and passwords for the Shell, on two IronKey thumb drives, which he hid inside his gun case for safekeeping.

Is it possible DOJ would really go after DeHart for having seen and retaining part of that FBI file?

For what it’s worth, I think Bruce Ivins could not have been the sole culprit and it’s unlikely he was the culprit at all. I believe the possibility that a CIA-related entity, especially a contractor or an alumni, had a role in the anthrax attack to be possible. In my opinion, Batelle Labs in Ohio are the most likely source of the anthrax, not least because they’re close enough to New Jersey to have launched the attacks, but because — in addition to dismissing potential matches to the actual anthrax through a bunch of smoke (only looking for lone wolves) and mirrors (ignoring four of the potentially responsive samples) — Batelle did have a responsive sample of the anthrax. Though as a recently GAO report made clear, FBI didn’t even sample all the labs that had potentially responsive samples, so perhaps one of those labs should be considered a more likely source. Batelle does work for the CIA and just about everyone else, so if Batelle were involved, CIA involvement couldn’t be ruled out.

So I think it quite possible that FBI was investigating CIA or someone related to CIA in the attack. It’s quite possible, too, that someone might want to leak that information, as it has been clear for years that at least some in FBI were not really all that interested in solving the crime. Even the timing would make sense, coming as it would have in the wake of the FBI’s use of the Ivins suicide to stop looking for a culprit and even as the Obama Administration was beginning to hint it wasn’t all that interested in reviewing FBI’s investigation.

But there’s something odd about how this was allegedly leaked.

According to Buzzfeed, the anthrax investigation came in one unencrypted folder with the ag document and a document on drone targeting the source of which he thinks he knows (it would like have been a former colleague from the ANG).

How would it ever be possible that the same person would have access to all three of those things? While it’s possible the ag admission ended up in the government, even a DOJ investigation into such an admission would be in a different place than the FBI anthrax investigation, and both should be inaccessible to the ANG people working on SIPRNet.

That is, this feels like the Laptop of Death, which included all the documents you’d want to argue that Iran had an active and advanced nuclear weapons program, but which almost certainly would never all end up on the same laptop at the same time.

And, given DeHart’s belief reported elsewhere this was destined for WikiLeaks, I can’t help but remember the Defense Intelligence Agency report which noted that WikiLeaks might be susceptible to disinformation (not to mention the HB Gary plot to discredit WikiLeaks, but that came later).

This raises the possibility that the Web site could be used to post fabricated information; to post misinformation, disinformation, and propaganda; or to conduct perception management and influence operations designed to convey a negative message to those who view or retrieve information from the Web site

That is, given how unlikely it would be to find these juicy subjects all together in one folder, I do wonder whether they’re all authentic (though DeHart would presumably be able to assess the authenticity of the drone targeting documents).

And DeHart no longer has the documents in question — Canada hasn’t given them back.

Paul told the agents that his family had evidence to back up their account: court documents, medical records, and affidavits — along with the leaked FBI document Matt had found that exposed an explosive secret. It was all on two encrypted thumb drives, which Matt later pulled off a lanyard around his neck and handed to the guards.


If Matt is, in fact, wrongly accused, answers could be on the thumb drives taken by the Canada Border Services Agency, which have yet to be returned to the DeHarts. But without access to the leaked files Matt claims to have seen, there is no way to verify whether he was actually in possession of them, and, if he was, whether they’re authentic.

Though at least one person (a friend in London? Any association with WikiLeaks?) may have a copy.

Inside a hotel room in Monterrey, Mexico, Matt says he copied the Shell files onto a handful of thumb drives. He mailed one to a friend outside London, and several others to locations he refuses to disclose. He also says he sent one to himself in care of his grandmother, which he later retrieved for himself. When the subject of the drives comes up, Matt acts circumspect because, he says, he knows that our communications are being monitored.

There’s definitely something funky about this story. Importantly, it’s not just DeHart and his family that are acting like something’s funky — the government is too.

But that doesn’t necessarily mean the FBI thinks CIA did the anthrax attack.

15 replies
  1. Rich says:

    You wrote, “For what it’s worth, I think Bruce Ivins could not have been the sole culprit and it’s unlikely he was the culprit at all.”
    So, when and how was Ivins proven to be the culprit?
    I believe “the proof” proved Ivins could not physically or possibly have been responsible since the anthrax strains have been identified and can in no way be linked to him.

    • emptywheel says:

      I think we agree.

      The only scenario where I can imagine he might be involved is to give sample out to someone else who aerosolized it. Unlikely, but that might explain his weird behavior cleaning his lab.

    • lefty665 says:

      “I believe “the proof” proved Ivins could not physically or possibly have been responsible since the anthrax strains have been identified and can in no way be linked to him.”
      EW “The only scenario where I can imagine he might be involved is to give sample out to someone else who aerosolized it. Unlikely, but that might explain his weird behavior cleaning his lab.”
      The RMR1029 was Ivins. He won the Exceptional Civilian Service award for developing it. He sent it everywhere to be used to test Anthrax vaccines, including overseas. The log books document many shipments to many places over years. It was the USG gold standard for anthrax research. He was proud of it. So yes, it is linked to him, intimately, and yes there are a lot of somebodies who might have aerosolized anthrax derived from a sample that originated with Ivins. What makes that “unlikely”?
      Seems not unlikely Ivins was a (now dead) straw man set up by the FBI after their case against Hatfill blew up in their faces.
      The Batelle (or an organization like that) connection seems to make a lot of sense, and bizarre that the FBI did not check them all. But “close enough to New Jersey” is a curious qualifier. Columbus has got to be around 500 miles from where the letters were dropped. Not suggesting that makes their involvement improbable, just that it is 20 hours or more on the road round trip. Bet there were a lot more than 2 samples from RMR-1029 in a 500 mile radius of New Jersey (one at Detrick and the other at Batelle).
      But that’s all anthrax arcania. The whole story is weird. Seems like there are a couple of trails in there that could get DeHeart railroaded. But, why would we have not heard about thousands of deaths from GMOs? It does seem curious that those disparate threads would end up in one place. But if it was a sting/disinformation operation, why bust him? You got it right with “funky”.

      • Ima Lumberzhak says:

        First you have to make people care. Then you have to make them feel empowered. Then you have to give them an impetus to act. But since people cannot grasp #2, they use mindtricks to make themselves not do #1, which then makes #3 a moot statement.

        Ivins was responsible for perfecting that strain but why would you believe he used it?

        They really wanted to close that case, you know…

  2. Joanne Leon says:

    That’s one of the strangest stories I’ve ever read (after reading Buzzfeed article). And I don’t trust Buzzfeed at all, or rather don’t trust their agenda, but that story is packed w/ detail that presumably would be refuted by the people defending Matt if it was false.

    I have no idea what’s going on there but it’s hard to ignore that a lot of it happened right after Chelsea Manning, at a time when there was a freak out going on in the govt. It’s also telling that these guys, in the most public cases, get indicted for shameful crimes that will discredit them. How often do you hear about lesser crimes of corruption or stealing or things like that? Maybe those just don’t make the news. But as Jesselyn noted, the child porn charges always seem to be pulled out when they’re after someone for some other reason. Not that child porn doesn’t happen, but this is getting ridiculous.

    • emptywheel says:

      This happened — started at least — before Chelsea Manning. But the government was already freaking out about Anonymous.

  3. Oppenhiem Memorial says:

    Are you suggesting that the government might have engaged in data poisoning, with fabricated but true leaks, to prosecute the recipient for disclosing fake classified that it made up? (Or detain him on fabricated child pornography charges instead?) …that is consistent with the M.O. in the G.W. Bush National Guard letter – planted data, accurate but inauthentic, used to attack a target’s reputation.

    If that were suspected, it suggests that the proper response of future recipients should be to lawyer up for a civil resistance defense. The risk of discovery might inhibit prosecution, especially if the documents can be discredited but not the content.

    The other possibility is that DeHart’s dossier is for real, and more than one person compiled it. Recall that Snowden introduced himself to Greenwald in the first-person plural. And the undeniably-connected old timers Gordon Duff and Robert Steele report pitched factional conflict within the intelligence community. (Duff’s organization is oracular and hard to parse. He protects his sources very well (quite possibly with cutouts and certainly with chaff.) He is individually very credible but he’s orbited by some easy-mock eccentrics so the upshot is, you need a clearance to assess what he’s saying.)

    • emptywheel says:

      I’ve long been waiting BOTH for a major effort to discredit WL (or, hell, The Intercept) and a major effort to accomplish our own intelligence objectives using the secure drop model.

      Keep in mind this wasn’t THAT much earlier than the Stratfor hack, which was orchestrated by Sabu, but which nevertheless was fed to WL. So it’s clear law enforcement was thinking they might have to leak to WL to infiltrate its process.

      I think WL and TI have been very cautious about validating what they get, thus far.

      I also think we may have already seen our IC drop a data dump to accomplish its objectives. Crazy world.

      • Ima Lumberzhak says:

        They had Siggi and his hard drives at just about the same time. Then I bet some other stuff didn’t go according to plan. I’m sure that hurt. But only temporarily. Snowden was only ever a 50/50 proposition… If it didn’t cause proper changes then it’d solidify and codify everything – or at a minimum normalise it. Then you have what I’d dub “leak exhaustion”. Either way we as a species have mostly succumbed to a pesky state of learned helplessness with little recourse but to discuss it on monitored sites, on monitored streets, and on monitored phones… or at meetings with paid informants.

        There’s more than one way to undermine a feline. The trick is always to make every possible outcome work in your favour even when you complain. The challenge is to see through it first and fast. And to find a way to develop numbers that do not get labeled ‘conspiracy’, ‘terrorist’, ‘activist’ or ‘extremist’.

      • Ima Lumberzhak says:

        PS, for TI I would keep an eye on what is going on with the people moreso than the stories themselves.

  4. greengiant says:

    Wild arsed data dumps are probably meant for disinformation or ease in tracking. Otherwise for the real data I suspect every paper and digital “copy” is unique. In the nuts and bolts for example, every printer is adding a unique signature, see wikipedia printer steganography. Thus the agrochemical company “report” may have been simple bait to sniff out naive leakers.

  5. Ima Lumberzhak says:

    Oh. But Matt… probably is/was just a desperate wannabe Anon with an active imagination and a lot of sunk costs. And a bad habit of thinking shit like 8chan is cool… and that kids aren’t kids on the net but if they are, hey, it’s all part of the game. It is a pretty common occurrence nowadays. It would indeed look like paedophilia, and given how kids these days are doing this with one another it does beg for a redefinition of paedophilia… but that does not make what he allegedly did (and there was actually photographic proof of this wasn’t there?) ok or legal or righteous at all. Even if the other stuff he is saying is true, I fail to see how that should be a get out of jail free card. And I am not a ‘think of the children’ kinda guy. People are multifaceted. Also people hate to be labeled a sex offender, true or false.

Comments are closed.