On CNN’s WikiLeaks Exclusive: Remember the Other Document Dumps

CNN has a report on leaked security records describing some of the visitors and improved computer equipment Julian Assange got in 2016, as Russia was staging the election hack-and-leak. The story is a better expose of how increased pressure from the US and a change of president in Ecuador dramatically changed Assange’s freedom to operate in the Ecuadorian Embassy in London, with many details of the internal Ecuadorian politics, as it is proof of anything pertaining to the hack-and-leak.

As for the latter, the story itself insinuates ties between WikiLeaks and Russia’s hack-and-leak operation by matching the profile of Assange’s known (and dramatically increased number of) visitors in 2016 with the timing of those visits. Those people are:

  • A Russian national named Yana Maximova, about whom CNN states almost nothing is known, who visited at key moments in June 2016 (though CNN doesn’t provide the specific dates)
  • Five meetings in June 2016 with senior staffers from RT, including two visits from their London bureau chief, Nikolay Bogachikhin
  • German hacker Andrew Müller-Maguhn
  • German hacker Bernd Fix (who visited with Müller-Maguhn a few times)

These visitors have, in generally, been identified before, and with the exception of Müller-Maguhn, CNN doesn’t give the precise dates when people visited Assange, instead providing only screen shots of entry logs (which, CNN notes, key visitors wouldn’t be on). The exception is Müller-Maguhn, whose pre-election visits the TV version lists as:

  • February 19 and 20, 2016
  • March 14, 2016
  • May 8, 2016
  • May 23, 2016
  • July 7, 2016
  • July 14, 2016
  • July 28, 2016
  • August 3, 2016
  • August 24, 2016
  • September 1, 2016
  • September 19, 2016
  • October 21, 2016
  • October 31, 2016

And, yes, some of those visits match the known Russian hack-and-leak timeline in enticing ways, such as that Müller-Maguhn, who told WaPo that, “he was never in possession of the material before it was put online and that he did not transport it,” showed up the same day Mueller documents describe WikiLeaks obtaining an archive that had been uploaded (“put”) online and by that means transferred to WikiLeaks.

But that would be entirely consistent with Müller-Maguhn helping to process the emails — something the Mueller team determined did not violate US law — not serving as a mule. Not that Müller-Maguhn would be best used as a mule in any case.

The descriptions of the changes in computer and other gear are more interesting: with Assange bumping up his resources on June 19, a masked visitor dropping off a package outside the embassy on July 18, and exempt WikiLeaks personnel removing a ton of equipment on October 18, as Ecuador finally threatened to shut WikiLeaks down.

Shortly after WikiLeaks established contact with the Russian online personas, Assange asked his hosts to beef up his internet connection. The embassy granted his request on June 19, providing him with technical support “for data transmission” and helping install new equipment, the documents said.


Days later, on July 18, while the Republican National Convention kicked off in Cleveland, an embassy security guard broke protocol by abandoning his post to receive a package outside the embassy from a man in disguise. The man covered his face with a mask and sunglasses and was wearing a backpack, according to surveillance images obtained by CNN.


The security documents lay out a critical sequence of events on the night of October 18. Around 10 p.m., Assange got into a heated argument with then-Ecuadorian Ambassador Carlos Abad Ortiz. Just before midnight, Abad banned any non-diplomatic visitors to the embassy and left the building. Behind the scenes, Assange communicated with the foreign minister in Quito.

Within an hour of Abad’s departure, he called the embassy and reversed the ban.

By 1 a.m., two WikiLeaks personnel arrived at the embassy and started removing computer equipment as well as a large box containing “about 100 hard drives,” according to the documents.

Security officials on site wanted to examine the hard drives, but their hands were tied. The Assange associates who removed the boxes were on the special list of people who couldn’t be searched. The security team sent a memo back to Quito raising red flags about this late-night maneuver and said it heightened their suspicions about Assange’s intentions.

Again, none of that proves a knowing tie with Russian intelligence. But it does show an interesting rhythm during that year.

But this schedule doesn’t consider the other things going on with WikiLeaks in 2016. At almost the same time that WikiLeaks released the DNC emails, after all, they also released the AKP email archive.

More interesting still, according to the government’s current allegations about Joshua Schulte’s actions in leaking the CIA’s hacking tools to WikiLeaks, he made a copy of the CIA’s backup server on April 20, then transmitted the files from it to … someone (I suspect these may not have gone directly to WikiLeaks) … in late April to early May.

But then for some reason, on August 4, Schulte for the first time ever started conducting Google searches on WikiLeaks, without visiting the WikiLeaks site until the first release of the Vault 7 leaks.

Meanwhile, WikiLeaks claimed in August 2016  — and ShadowBrokers invoked that claim, in January 2017 — that WikiLeaks had obtained a copy of the original ShadowBrokers files released on August 13, 2016. A Twitter account claiming to be ShadowBrokers reiterated this claim late last year.

Consider the continued presence of highly skilled hackers at the Embassy and the removal of tons of computer equipment as Ecuador cracked down from the viewpoint of what happened to all of NSA and CIA’s hacking tools, rather than what happened with John Podesta’s risotto recipe. Add in the fact that the government seems to think Schulte altered the air gap tool he allegedly wrote for CIA outside of CIA.

To the extent they provide these dates (again, they do so with specificity only for Müller-Maguhn, and only before the election; not to mention, his emails appear to fit a fairly regular twice-monthly pattern), a few of them are quite intriguing. But there was a whole lot else going on with WikiLeaks that year that might be even more important for describing the true nature of WikiLeaks.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

51 replies
  1. P J Evans says:

    And, as always, there’s the question of “what is this trying to distract our attention from?”

  2. Anvil Leucippus says:

    So this Assange thing: is that why Trump went full out hate shit in front of everyone, and then denied he had done the turd in the first place? He just doesn’t want people to be talking about the fact there is a clear conspiracy chain from Trump to the Russian government?

  3. Americana says:

    Those visitors break down into two categories: hackers who could facilitate the anonymous dissemination of material WikiLeaks had in its possession or hoped to soon access, and social media/MSM media content producers like the RT editor. The fact Assange’s visitors included both categories — information procurement and media production — is another link establishing a Russian role in routing WikiLeaks information via RT by Assange. Surely, Assange couldn’t believe RT is free of editorial control by the Russian intelligence service and government? Surely, Assange couldn’t have ignored the existence of the Russian Internet Research Agency and its army of Russian trolls and bots when making decisions about which countries to favor in his document dumps?

  4. Eureka says:

    Egads. This is all so n-dimensional chessy, and I was wondering your take.

    As to why this info was shared at this time, none of that allays my concern that it is not part of the rwnj element’s desire to refocus some things off WL-Trump-Russia (which the general public is aware of), and by aiming at Assange’s broader criminality, fuel even more conspiracies.

    While an informed reader here could see these details as all part of the broader geopolitical plot against us- US– apparently by some of our own citizens, and with degrees of wittingness– the conspiracy wing could spin Trump campaign, Flynn, etc., right out of it.

    Separate topic related to the post, here’s one thing I still don’t get. Why was Assange having to cajole the GRU into releasing Dem emails via WL versus other channels (e.g. MR V.1 pp. in the 40s ~ send them here/it will be more effective than what you are doing; the Turkish emails post you linked quoting article re Assange talking Emma Best out of accepting GRU offer to release thru Best)? Is it just that GRU were being dumb about it (from his pov) or were they dancing and withholding because RU felt Assange was withholding something else they wanted? Also could be RU didn’t like Assange growing his power with Trump via Stone/ others and wanted to take back some leverage/ hoard their own power.

    Also, I suspect (per CNN coverage at the time) that that failed coup was staged, so would put WL release of those Turkish mails in the same staged basket.

    • Eureka says:

      Adding: While CNN* mentioned the “big archive” Guccifer 2.0 message on July 14th, and the courier visit and Assange’s confirmation of archive receipt on July 18th, they omitted: (1) that the July 14th message was “a new attempt;” and (2) that GRU (via Guccifer 2.0 email account) sent a “large encrypted file” to a WL email account on June 29th that “appears to have been undelivered.” (MR V. I footnote 163).

      The message “a *new* attempt,” at the very least, refers to a prior attempt, but also suggests that the receiver, Assange, knew about some prior attempt or failure (which is not documented in the MR as far as I can tell).

      This and other June stuff (e.g. page 45 MR items) came to mind when reading about the later-June computer upgrades (and the June date-gaposis for the hacker guy’s visits, i.e. so with whom/how did the Dem communications go down as opposed to other possible reasons you note for his visits/supports your point).

      *I didn’t see their TV coverage, just the article and found a clip: [https://twitter.com/AC360/status/1150934789635149831]

  5. A. Non says:

    Wikileaks provided a search engine to access the DNC files, which can be compute-intensive (to index the files) and memory-intensive (to run the search engine). Given that the public interest would be much greater in the Podesta emails than any other data they had, wikileaks would have a greater need to upgrade their servers and network to support the Podesta release than any other release that summer.

    Another point to consider… Wikileaks is high on the hit list of every intelligence service in the world. By 2016 their site was full of competing malware which they were unable to get rid of. The primary purpose of the malware was to track people who visited the site and infect their computers. (That’s likely why Schulte didn’t access wikileaks directly himself.) You don’t need a hacker to set up a search engine or manage a database, but you do need a hacker to cleanup a server packed with zero day exploits hiding in the firmware of every motherboard, network card, and disk drive, or to install a new server that wouldn’t be infected by the old ones.

    • Rayne says:

      If part of the mission was to harass the DNC and obstruct their ability to operate, how would a hacker aid the mission after the actual hacking and theft of files? How would WL’s infrastructure aid this part of the mission? Food for thought.

      • Americana says:

        Why on earth would you think that “part of their mission would be to harass the DNC and obstruct their ability to operate”? If that were the case, we would have heard about that harassment/operational obstruction by now. As far as I’ve heard, there was no malware left inside the DNC servers or on Podesta’s computer to facilitate further maleficent, mischievous crap. This was obviously a strike that was meant to secure enough data of significance that it could be delivered to WikiLeaks for sizable data dumps throughout the remainder of the campaign. It really only needed to be done once considering the point during the campaign when it was conducted.

        No, what WikiLeaks or actually their procurement agent meant to do was: get in, identify worthwhile material to steal OR just steal massive amounts of data in hopes of nailing something worthwhile and get out clean. Once WL (and the Russians) had the material, they could then start reading through it, strategize a campaign and a narrative of dumping based on the sorts of material they found and then start prepping a schedule for dumps. The biggest question is whether the Russians looked at the material first OR turned over everything to Assange without knowing what the contents were. Surely the Russians would have made themselves a copy if only for espionage reasons. What makes more sense to me viz deployment strategy for these materials is whether: the Russians coordinated w/Assange on evaluating what the most injurious information was OR if the Russians assisted in coming up w/a narrative that would undermine the DNC and the individual candidates OR if the Russians thought it more exploitative if they slimed DNC material via the Internet Research Agency trolls and chose to leave Assange free to do his own thing w/the DNC/Podesta materials. However the Russians chose to handle Assange, they couldn’t go wrong. The moment the Russians had that material in hand, they held the dead man’s hand.

        We need access to Assange’s personal files to assess the reality of the choices the Russians made and Assange made.

          • Americana says:

            After nearly 30 years in journalism, I expect when I argue points, people understand what I’m arguing for or against and they don’t take it personally. You could have just as easily defended your reasoning such that I whacked myself upside the head and agreed w/you on a second explanation, “Gotcha, whoa, I was way off base in my thinking.”

            If you feel my post infers something negative because it challenged what I thought was your thinking, take it down. Otherwise we’ll all have a more interesting time if you expand on your beliefs about what the potential was for continuing obstruction inside DNC operations by these hackers.

            • bmaz says:

              After 30 years in journalism, you don’t seem to be getting the drift here. And if you do not like it, I really don’t care. We have been here forever, you are an interloper, quit acting like an entitled stooge. You came within a micron of being bounced at the onset, that can still be arranged it you continue to be condescending to the hosts here.

              This site is constantly under attack from trolls you see, and from an insane amount of sources you never do. We have to deal with all of that. We do this out of love, and have from day one. But we have day jobs and lives, and donate our time and love because we believe in the purpose of this site. You want to get condescending and screw with us, well, we do not have time nor patience for that. Proceed at your own peril.

            • Rayne says:

              One, I already laid out my case in a post written for neophytes which I noted you didn’t read and still haven’t read.

              Two, I don’t have to do dick to satisfy you. You, however, can ditch the attitude toward contributors/moderators/editors or find the back button.

              • Americana says:

                True, Rayne, you **don’t have to do dick to satisfy me** but you could most certainly kick me to the curb far more effectively by doing that than this.
                I’ll look for the post you say explains your reasoning that led to your shorthand post.

                Being critical is far different than being condescending. Anything I write to any of you is meant to spur thought, no condescension implied. I see comments sections as an opportunity for collective reasoning and argumentation whether you’re a dog’s body or a mod. I understand how different blogging is from traditional journalism in terms of scale and overall support crew and how much stress that puts on all of you. Apologies for any misunderstanding.

                • bmaz says:

                  I don’t think you are quite understanding the message here. As the line in Cool Hand Luke goes, “What we’ve got here is failure to communicate.”

                  The First Rule of Holes is stop digging when you are in one. You are in one. Stop digging.

                • earlofhuntingdon says:

                  Rayne provided a link to the post she’s referring to up thread. That would be “a very good place to start.”

                  If that looks too much like a needle pulling thread, have a drink with jam and bread, and you’ll find yourself back at the very beginning.

          • Eureka says:

            Americana’s “remarks” to you are also full of mis-/disinformation as to Mueller investigation, duration of DNC hack, basic info readily available as to GRU-Assange, etc., such that it seems like all that stuff “went unread” as well. It’s almost like all of the long comments are a distraction.

            Thank you Rayne, and Thank you bmaz.

            • Rayne says:

              They’re indulging in a form of denial-of-service in comments by filibustering. Better spelling and sentence structure than usual but clearly not informed/ill-informed/deliberately ignorant on the topics upon which they are commenting, filled with mis-/dis- chaff as you noted.

              The denial-of-service is a pattern. One leaves and another arrives. Watch for it.

              • Eureka says:

                DoSing is a great way to put it. From a reader’s perspective, their junking up threads with garbage since the day they strode in here was telling, among other methods and tip-offs.

                Like you say, we all need to keep our eyes open.

                I credit you and bmaz with having the patience of saints, all things (of the limited set that readers can see) considered. On top of each of your intellectual and joie de vivre contributions alongside Marcy and Ed and Jim.

      • A. Non says:

        I thought I expalined it? WL needed the servers to allow people to search the Podesta emails on their website. WL needed hackers to stand up servers that weren’t full of state-installed malware and (attempt to) keep the servers clean.

        • Rayne says:

          I understand what you explained. But go a step further and look at what WL, Schulte, GRU may have been trying to do *in addition* to setting up a system for hosting content. Frankly, establishing clean hosting for a searchable database only requires a systems person with both infosec and admin background — not a hacker. Why did they need hackers, plural? And if GRU was intent on disrupting the DNC to prevent them from operating smoothly including their own access to their own databases and competitive analysis tools, how would hackers fit into this scenario, especially non-GRU hackers?

  6. jayedcoins says:

    Surely the next time the Greenwald, Mate, and Tracey gang decide to launch attacks at Marcy for scandal-mongering on “Russiagate,” they’ll reference this excellent post that does the exact opposite!

    Sorry, their continued attitude leaves me baffled and irritated.

  7. Bay State Librul says:

    Just watched the CNN Report.
    What a slam dunk.
    It is so obvious that they interfered, there must be a cover-up being orchestrated, and in full swing at DOJ.
    Will Mueller discuss Wikileaks next week.
    If he doesn’t then he has some serious issues

    • readerOfTeaLeaves says:

      I’ve read your comments off-and-on for over a decade.
      You have consistently pointed to things that I might not have noticed on my own.
      ‘there must be a cover-up being orchestrated’, indeed.
      And haven’t we recently been hearing about DoJ investigations being shut down as of Feb/AG Barr’s approval by the Senate?

      I hope to hell the Congressional hearings ask Mueller in about 10 ways whether he was shut down prematurely.

  8. orionATL says:

    how very helpful to me to see these patterns of behavior laid out in an easy-to-read report in straightforward english.

    as it unfolds this is going to be another fascinating, tangled mess. the Russians have yet to be brought into the picture. story wise, schulte seems to be moving more and more into the Wikileaks orbit. i wonder where the nsa, cia, and the doj prosecutors are in understanding what likely took place here over time.

    and then there may be pressure from the current doj regime to suppress some of this story. wow!

  9. Savage Librarian says:

    About Assange, might he have a connection to Erdogan (through visiting hackers and others) by providing an assist to help prevent the coup attempt? As the excerpts below indicate, there are interesting parallels:

    “Much has already been written about the night of July 15, which left some 300 dead and over 2,000 wounded. Yet key details — such as who actually organized the coup and how — are still missing.”
    “In a more serious nod to the digital age, there is also a hacking saga involved. The MIT reportedly was able to penetrate an obscure messaging app the Gulenists used, and to identify some 600 army officers belonging to the movement. This may have forced the coup plotters to launch their attempt prematurely, resulting in what from the outside looked like a fatally clumsy performance.”

    “Turks Ask: Was CIA Involved in Coup? “ – WhoWhatWhy

    • viget says:

      Or was the “attempted coup” really a false flag operation by Russian intelligence to make it LOOK like Western intelligence did it, when in reality it was wholly sanctioned by Putin? You have to ask cui bono here? Would the Obama admin really want an international incident with a NATO ally towards the end of their time and knowing that Trump was already doing a whole lot to stir the pot against NATO? Or was Putin applying a stick here to try to get Turkey to go along with something (probably related to Syria or Iran) that Erdogan was shall we say less than enthusiastic for?

      Another possibility is that Erdogan was a willing participant in the “coup”, thereby using it as an excuse to eliminate political rivals and consolidate his power.

      Hard to tell, but the more I think about that subplot, the more I think it was just a gambit in a far greater game.

      • Savage Librarian says:

        Yes, the article points out the many various possibilities. All of it worrisome. But my point was merely to draw the Assange and hacker connections.

    • readerOfTeaLeaves says:

      I have no idea about coups, coup attempts, etc.

      I simply wanted to leave a reminder, in case you were unaware, that the threads between Germany and what is now Turkey (formerly the Ottoman Empire) go back generations. In the 1970s?, many industrial interests brought Turks to Germany and Holland, to work in factories. That was a generation ago.

      I have not (yet!) been to the Pergamon Museum (Berlin), but it is testament to the industrious activities of German-Near Eastern archeological digs. Many archeological studies of the ancient Near East (including what we still call Anatolia) have been conducted since the 1800s. The threads of Turkey and Germany are long intertwined and complex. The Ottomans and Germany were allies in the cataclysm that we call WWI.

      I hope this was not too OT. I only meant to put a little sfumato to help think about how there may not be sharp edges in these events; there may be more subtle blending than we understand.

      • Savage Librarian says:

        Thanks, that was fun! Now I know a new word, too, “sfumato.” I’ll file it next to chiaroscuro. Pergamon is an interesting word, too. The museum sounds wonderful. I understand Russia still has artifacts that were looted from it during WWII.

        Coincidentally, Robert Maxwell owned the Pergamon Press, until he didn’t. His daughter, Ghislaine, was Jeffrey Epstein’s partner.

        • readerOfTeaLeaves says:

          Had also heard about Russian possession of Near Eastern antiquities. Did not know that Maxwell had owned Pergamon Press (sh!t!!).

          FWIW, friends just back from Russia were raving about the Hermitage Museum. (I now expect new museum and cruise ads to show up in my feeds the next 2 – 3 weeks. It’s spooky what the Intertubes are keeping track of…)

          The language of art is generally useful for thinking about seemingly political-social events. But what someone around here is reporting re: their youtube music feeds incorporating propaganda is absolutely sinister. It’s also the kind of thing that IMVHO conventional law enforcement, to say nothing of Congress, is oblivious about 8(((

          I hope the NSA, etc, etc, are tracking it.

  10. Jenny says:

    Thanks Marcy.

    Why did the Ecuador Embassy allow this to happen? Assange was in control of their embassy for almost 7 years. Who paid them off?

  11. harpie says:


    But this schedule doesn’t consider the other things going on with WikiLeaks in 2016. At almost the same time that WikiLeaks released the DNC emails, after all, they also released the AKP email archive.

    New from Emma Best:
    5:50 AM – 18 Jul 2019

    […THREAD…] While .#WikiLeaks was processing the AKP emails, they were communicating with .#Guccifer2 and processing DNC emails
    Early-mid July: WL receives AKP emails
    July 14: WL receives DNC emails
    July 15: Coup attempt
    July 18: WL confirms DNC receipt & imminent release
    July 19: AKP release
    The releases were unrelated by both subject matter and source, but .#WikiLeaks’ simultaneous processing of them makes their handling of the AKP emails relevant to certain discussions of the DNC email hack and release.

    While the emails themselves were real, they weren’t what #WikiLeaks told people they were – and the organization knew it. How this plays into the organizations often touted “100% accuracy” is up for debate, as the emails are neither forgeries nor what WikiLeaks advertised. […]

    • Savage Librarian says:

      Thanks, harpie, you’re the best!!! Looks like WikiLeaks has more ‘splaining to do. Mainly a huge credibility problem.

Comments are closed.