May 17, 2021 / by 

 

News from the Election Front: Russia Attacked Joe Biden Through “Prominent US Individuals, Some of Whom Were Close to Former President Trump”

Back in 2018, President Trump signed an Executive Order 13848, designed to stave off a law mandating sanctions in the event of election interference. The order nevertheless required reporting on election interference and provided the White House discretion to impose sanctions in the event of interference. Yesterday, the Director of Homeland Security and Director of National Intelligence released the reports mandated by an Executive Order, describing the known efforts to interfere in last year’s election.

Trump’s Intelligence Community Debunks Trump

Though Trump failed to comply publicly in 2019, his own EO mandates deadlines for — first — the DNI report assessing a broader range of possible election interference and then, 45 days later, the DHS/DOJ report describing interference with election infrastructure or influence operations.

(a) Not later than 45 days after the conclusion of a United States election, the Director of National Intelligence, in consultation with the heads of any other appropriate executive departments and agencies (agencies), shall conduct an assessment of any information indicating that a foreign government, or any person acting as an agent of or on behalf of a foreign government, has acted with the intent or purpose of interfering in that election. The assessment shall identify, to the maximum extent ascertainable, the nature of any foreign interference and any methods employed to execute it, the persons involved, and the foreign government or governments that authorized, directed, sponsored, or supported it. The Director of National Intelligence shall deliver this assessment and appropriate supporting information to the President, the Secretary of State, the Secretary of the Treasury, the Secretary of Defense, the Attorney General, and the Secretary of Homeland Security.

(b) Within 45 days of receiving the assessment and information described in section 1(a) of this order, the Attorney General and the Secretary of Homeland Security, in consultation with the heads of any other appropriate agencies and, as appropriate, State and local officials, shall deliver to the President, the Secretary of State, the Secretary of the Treasury, and the Secretary of Defense a report evaluating, with respect to the United States election that is the subject of the assessment described in section 1(a):

(i) the extent to which any foreign interference that targeted election infrastructure materially affected the security or integrity of that infrastructure, the tabulation of votes, or the timely transmission of election results; and

(ii) if any foreign interference involved activities targeting the infrastructure of, or pertaining to, a political organization, campaign, or candidate, the extent to which such activities materially affected the security or integrity of that infrastructure, including by unauthorized access to, disclosure or threatened disclosure of, or alteration or falsification of, information or data.

These deadlines should have been, for the DNI Report, December 18, and for the DHS/DOJ report, February 1.

The declassified DNI report released yesterday was finished and distributed, in classified form, on January 7.

The document is a declassified version of a classified report that the IC provided to the President, senior Executive Branch officials, and Congressional leadership and intelligence oversight committees on January 7, 2021.

It was based off intelligence available as of December 31.

The DHS report was completed in February.

Which is to say that these reports were done substantially under the Trump Administration.

DHS Debunks the Kraken

The DHS report, based off the classified report completed in February, finds that while Russian and Iran breached some election infrastructure, they did not manage to change any votes. It also finds that those two countries plus China managed to compromise party or campaign infrastructure, with unknown goals, but that none of the countries that accessed information that could have been used in influence operations used the information.

The most important result, however, was that after checking via multiple different measures, the government found no evidence that dead Hugo Chavez or anyone else that Sidney Powell invoked in service of the Big Lie succeeded in changing any votes.

We are aware of multiple public claims that one or more foreign governments—including Venezuela, Cuba, or China—owned, directed, or controlled election infrastructure used in the 2020 federal elections; implemented a scheme to manipulate election infrastructure; or tallied, changed, or otherwise manipulated vote counts. Following the election, the Department of Justice, including the FBI, and the Department of Homeland Security, including CISA, investigated the public claims and determined that they are not credible.

We have no evidence—not through intelligence collection on the foreign actors themselves, not through physical security and cybersecurity monitoring of voting systems across the country, not through post-election audits, and not through any other means—that a foreign government or other actors compromised election infrastructure to manipulate election results.

DNI (Mostly) Debunks the DNI

Last summer, the Director of National Intelligence John Ratcliffe responded to Democratic concerns about Russia interfering in the election again by stating that China was too. This report largely debunks that claim.

We assess that China did not deploy interference efforts and considered but did not deploy influence efforts intended to change the outcome of the US presidential election. We have high confidence in this judgment. China sought stability in its relationship with the United States and did not view either election outcome as being advantageous enough for China to risk blowback if caught. Beijing probably believed that its traditional influence tools, primarily targeted economic measures and lobbying key individuals and interest groups, would be sufficient to achieve its goal of shaping US policy regardless of who won the election. We did not identify China attempting to interfere with election infrastructure or provide funding to any candidates or parties.

  • The IC assesses that Chinese state media criticism of the Trump administration’s policies related to China and its response to the COVID-19 pandemic remained consistent in the lead-up to the election and was aimed at shaping perceptions of US policies and bolstering China’s global position rather than to affect the 2020 US election. The coverage of the US election, in particular, was limited compared to other topics measured in total volume of content.
  • China has long sought to influence US politics by shaping political and social environments to press US officials to support China’s positions and perspectives. We did not, however, see these capabilities deployed for the purpose of shaping the electoral outcome. [Bold original]

The report describes that the National Intelligence Officer for Cyber had moderate confidence that China was trying to help Joe Biden win.

Minority View The National Intelligence Officer for Cyber assesses that China took at least some steps to undermine former President Trump’s reelection chances, primarily through social media and official public statements and media. The NIO agrees with the IC’s view that Beijing was primarily focused on countering anti-China policies, but assesses that some of Beijing’s influence efforts were intended to at least indirectly affect US candidates, political processes, and voter preferences, meeting the definition for election influence used in this report. The NIO agrees that we have no information suggesting China tried to interfere with election processes. The NIO has moderate confidence in these judgments.

This view differs from the IC assessment because it gives more weight to indications that Beijing preferred former President Trump’s defeat and the election of a more predictable member of the establishment instead, and that Beijing implemented some-and later increased-its election influence efforts, especially over the summer of 2020. The NIO assesses these indications are more persuasive than other information indicating that China decided not to intervene. The NIO further assesses that Beijing calibrated its influence efforts to avoid blowback.

That said, the day after this report was initially disseminated in classified form on January 7, Ratcliffe made clear that the Ombud believed this was a politicized view, and that more than just the Cyber NIO agreed (though didn’t mention that the Ombud believed Russian intelligence had been politicized even worse).

President Trump’s political appointees clashed with career intelligence analysts over the extent to which Russia and China interfered or sought to interfere in the 2020 election, with each side accusing the other of politicization, according to a report by an intelligence community ombudsman.

The findings by Barry A. Zulauf, the “analytic ombudsman” for the Office of the Director of National Intelligence (ODNI), describe an intelligence community afflicted by a “widespread perception in the workforce about politicization” of analysis on the topic of foreign election influence — one that he says threatens the legitimacy of the agencies’ work.

[snip]

Citing Zulauf’s report, Director of National Intelligence John Ratcliffe, chosen for the position by Trump last year, charged Thursday that career analysts in a recently completed classified assessment failed to capture the full scope of Chinese government influence on the election — a charge that some current and former officials say illustrates the issue of politicization, because it downplays the much larger role of Russia.

As late as October, then, another Intelligence Officer had some confidence that what this report deems China’s regular influence-peddling had an electoral component, but (as Ratcliffe complained in January) it did not show up in this report, which was entirely produced after the Ombud weighed in.

The IC Now Associates Konstantin Kilimnik with FSB, not GRU

The long section on Russia’s efforts to influence the election get pretty damned close to saying that the events surrounding Trump’s first impeachment and even the Hunter Biden laptop were Russian backed (which is consistent with intelligence warnings that were broadly shared). It might as well have named Rudy Giuliani (among others).

We assess that President Putin and the Russian state authorized and conducted influence operations against the 2020 US presidential election aimed at denigrating President Biden and the Democratic Party, supporting former President Trump, undermining public confidence in the electoral process, and exacerbating sociopolitical divisions in the US. Unlike in 2016, we did not see persistent Russian cyber efforts to gain access to election infrastructure. We have high confidence in these judgments because a range of Russian state and proxy actors who all serve the Kremlin’s interests worked to affect US public perceptions. We also have high confidence because of the consistency of themes in Russia’s influence efforts across the various influence actors and throughout the campaign, as well as in Russian leaders’ assessments of the candidates. A key element of Moscow’s strategy this election cycle was its use of people linked to Russian intelligence to launder influence narratives–including misleading or unsubstantiated allegations against President Biden–through US media organizations, US officials, and prominent US individuals, some of whom were close to former President Trump and his administration.

[snip]

Derkach, Kilimnik, and their associates sought to use prominent US persons and media conduits to launder their narratives to US officials and audiences. These Russian proxies met with and provided materials to Trump administration-linked US persons to advocate for formal investigations; hired a US firm to petition US officials; and attempted to make contact with several senior US officials. They also made contact with established US media figures and helped produce a documentary that aired on a US television network in late January 2020. [Bold original, italics added]

The report likens what Russian entities were doing post-election with what Russia had planned in 2016.

Even after the election, Russian online influence actors continued to promote narratives questioning the election results and disparaging President Biden and the Democratic Party. These efforts parallel plans Moscow had in place in 2016 to discredit a potential incoming Clinton administration, but which it scrapped after former President Trump’s victory.

Perhaps the most interesting detail — on top of revealing that Paul Manafort’s former employee remained involved in all this — is that this report suggests Kilimnik has ties to FSB, not GRU (though the report describes GRU’s efforts as well).

A network of Ukraine-linked individuals–including Russian influence agent Konstantin Kilimnik–who were also connected to the Russian Federal Security Service (FSB) took steps throughout the election cycle to damage US ties to Ukraine, denigrate President Biden and his candidacy, and benefit former President Trump’s prospects for reelection.

The most recent public reporting on Kilimnik was the SSCI Report. And that suggested that Kilimnik (along with at least one other Oleg Deripaska deputy) was linked to GRU. Indeed, Kilimnik has been described as a former GRU officer. This suggests he may have ties, as well or more recently, to FSB, which would have interesting implications for the 2016 operation.

 


The FBI Was Still Collecting Evidence Yesterday that Might Explain Brian Sicknick’s Death

I want to make some observations about timing that may help to explain why the government wasn’t prepared to charge Julian Khater and George Tanios in Brian Sicknick’s death, if indeed they ever will be able to, when they arrested the men yesterday.

The investigation really seems to have come together in recent weeks and the FBI seems to have spent much of the last ten days investigating Tanios, who brought the substance Khater allegedly sprayed at Sicknick to the Capitol.

The arrest affidavit suggests it would have been difficult to have IDed Khater (much less establish probable cause) without the footage from MPD Officer Chapman’s body camera.

On the video, KHATER continues to talk animatedly with TANIOS. At approximately 2:20 p.m., KHATER walks through the crowd to within a few steps of the bike rack barrier. KHATER is standing directly across from a line of law enforcement officers to include U.S. Capitol Police (“USCP”) Officers B. Sicknick and C. Edwards, and Metropolitan Police Department (“MPD”) Officer D. Chapman, who was equipped with a functioning body worn camera (“BWC”) device.

Officer Chapman’s BWC shows that at 2:23 p.m., the rioters begin pulling on a bike rack to Chapman’s left, using ropes and their hands to pull the rack away. Seconds later, KHATER is observed with his right arm up high in the air, appearing to be holding a canister in his right hand and aiming it in the officers’ direction while moving his right arm from side to side. Officer Chapman’s BWC confirms that KHATER was standing only five to eight feet away from the officers.

That’s some of the video that has taken longest to exploit (or longest for the FBI to be willing to share publicly), not least because there wasn’t a publicly curated set like the Parler videos released by ProPublica that allowed open source investigation.

Chapman’s BWC video would permit the FBI to ID Khater (the guy who actually used the spray). Still, he’s got a fairly late FBI Be On the Lookout number: 190, meaning it took some time for the FBI to isolate a still to release.

Once the FBI IDed Khater, though, they would have seen that he was clearly working in tandem with Tanios (which is effectively what the arrest affidavit says). Not only was Khater working with him, but Tanios was the guy carrying the bear spray, and so is more likely to be the guy who’d have another can of the substance in his backpack at home or receipts to identify precisely what was used.

The FBI tweeted out Tanios’ BOLO on March 4 (they released it with the pictures of two other guys; I’m not sure what to make of that).

The arrest warrant for the two men was approved on March 6, which would be quick work if they really were working off a BOLO released March 4 (though they likely got a warrant as soon as they obtained probable cause in case they had to arrest the men quickly).

That said, the arrest warrant wasn’t executed until March 14. That’s not that surprising–the FBI would have wanted to get this arrest right, coordinating teams so that both men would be arrested at the same time. This warrant for Tanios’ house, business, car, and devices, shows that the FBI was physically surveilling Tanios from March 5 through March 8 to identify his movements, his home, his business, and his car.

As late as March 14, the day FBI obtained the warrant, they were still waiting to receive returns from a warrant served on AT&T for Tanios’ phone records. Interestingly, Tanios called Khater at 2:42PM on January 6, less than twenty minutes after Khater allegedly sprayed Sicknick and others (another cop sprayed Khater, so he may have been recovering from pepper spray himself, but Tanios didn’t stick around to help Khater — they were separated by then).

Still, the FBI has been working all of these January 6 cases on an arrest first, further investigate later basis, partly because of the timing of the attack, and partly because FBI had done so little investigation into almost all the subjects of investigation. As Chris Wray said in testimony recently, the arrest of these subjects (sometimes just for trespass crimes) is often just the beginning of the investigation into them. With virtually all the defendants, the FBI is getting enough to arrest them, then doing the kind of investigation that normally precedes in an arrest, such as subpoenaing social media, to say nothing of searching the smart phones where subjects store much of the evidence about intent.

All of which is to say that the FBI likely only obtained evidence that would be needed to charge Khater and Tanios in Sicknick’s death yesterday — including, possibly, identifying what substance Khater allegedly sprayed at Sicknick — and that will take some weeks to fully exploit.

So it’s too soon to know whether the FBI will be able to tie that bear spray to Sicknick’s death.


Two Arrested in Officer Sicknick Assault

On Sunday, the government arrested two men, Julian Elie Khater and George Pierre Tanios, on charges of conspiring to attack three police officers, including Brian Sicknick.

According to the affidavit in support of the criminal complaint, Khater and Tanios were at the U.S. Capitol on Jan. 6, 2021, and were observed in video footage working together to assault law enforcement officers with an unknown chemical substance by spraying officers directly in the face and eyes.  During the investigation, it is alleged that law enforcement discovered video that depicted Khater asking Tanios to “give me that bear s*it.” Tanios replied, “Hold on, hold on, not yet, not yet… it’s still early.”  Khater then retrieved a canister from Tanios’ backpack and walked through the crowd to within a few steps of the police perimeter.  The video shows Khater with his right arm up high in the air, appearing to be holding a canister in his right hand and aiming it at the officers’ direction while moving his right arm from side to side.  The complaint affidavit states that Officers Sicknick, Edwards, and Chapman, who were all standing within a few feet of Khater, each reacted to being sprayed in the face.  The officers retreated, bringing their hands to their faces and rushing to find water to wash out their eyes.

The substance Khater allegedly sprayed caused scabs on the face of one of the officers hit, Officer Edwards, for weeks. All struck with it said the substance was as strong as anything they’ve encountered in their experience as police officers. In addition to assault charges, both were charged with conspiracy to assault police reflecting a degree of planning and intentionality.


“I Started the Fire:” DOJ Reveals Another Missed Advance Warning about January 6

In a motion laying out why accused insurrectionist Guy Reffitt is so dangerous he must be detained pre-trial, the government revealed that, in December, one of his family members (likely his son) contacted the FBI and warned them about Reffitt’s dangerous plans for legislators.

In late December 2020, one of Reffitt’s family members informed the FBI that Reffitt was “going to do some serious damage” related to federal legislators in Washington, D.C.

At around the same time, Reffitt was bragging on a Telegram chat with fellow militia members that he was going to go to DC in “full battle rattle.”

After FBI had received that warning, Reffitt put his AR-15 and a pistol into his car, and drove to DC from Texas promising to “drag[] those people out of the Capitol by their ankles” and install a new government. He sent messages on Telegram about coming to the riot armed and arranged for a “rendezvous point.” He donned body armor and a helmet and brought zip ties. According to comments he made to his kid, he brought the pistol to the Capitol. According to his own description of events, he resisted two officers trying to keep him from climbing the stairs they were trying to protect. He claimed he “started the fire” that allowed others to breach the Capitol. And, in days after the attack, Reffitt promised his kid that he was not done, that the attack on the Capitol was just the beginning. He attempted to recruit two other rioters to join the Three Percenter militia. He threatened both his children that he would kill them if they reported him to the FBI. His adult son has since moved out of his house.

The government has since discovered that Reffitt had an unregistered silencer in his home and had set up a company as a front to use to obtain law enforcement grade weapons to stockpile for his revolution.

The government now argues, persuasively and using his own claims, some of them made prior to the insurrection, that Reffitt, “presents a serious danger to the community—not only to his family and Congress, but to the entire system of justice.”

And yet — unlike the case of QAnoner Kevin Strong after an associate reported him as a danger in advance of his participation in the insurrection, into whom the FBI at least opened an investigation — there’s no sign that the FBI took any action in response to a specific warning about plans to target Members of Congress.

The FBI has claimed that the only warning it got of the insurrection planned for January 6 came via a pseudonymous threat made on TheDonald chat list, one they didn’t have a chance to verify before the attack itself. They have claimed they had no advance warning to share with the Capitol Police and DC Police.

Except someone in Texas shared a specific warning about a threat to Congress at least a week before the attack, a warning that might have corroborated a different tip FBI had received about plans for World War III, and — by all appearances — FBI did nothing with that warning.


Thomas Caldwell’s “Storming the Castle” Ploy Succeeds

Judge Amit Mehta just released Thomas Caldwell to home confinement in the Oath Keeper conspiracy case.

Caldwell’s attorney, David Fischer, made some easily rebuttable arguments about Caldwell’s honesty, which I’ll return to. Fischer also tried to convince Judge Mehta that Caldwell was operating out of a sincere belief that he was defending against Antifa, not arming against the US government; I’ll return to that too (Judge Mehta had no patience for that ploy). While Mehta did come away believing Caldwell had been more cooperative than prosecutors had suggested, that’s not why he released Caldwell.

It’s important background, that in Fischer’s motion to reconsider Caldwell’s detention dismissed several references Caldwell made to “storming” the Capitol as an allusion to the fictional narrative of The Princess Bride.

Some of the lines that the Government cites in its papers are straight from Hollywood. The best example is “storming the castle” and “I’m such an instigator.” These are classic lines from the 1980s classic movie The Princess Bride.

Fischer suggested Caldwell’s own use of the same word everyone else used to describe assaulting the Capitol was just fiction.

The claim is important because the key reason that Caldwell got bailed is because of a feint that Fischer made in his motion for reconsideration. He argued that there is no evidence that Caldwell planned in advance to storm the Capitol.

On January 6th, at the urging of former President Donald J. Trump, hundreds of thousands of disgruntled, patriotic Americans came to Washington to protest what they viewed as an unfair election. Caldwell joined this protest to exercise his First Amendment right, a right he defended for 20 years in military service. Caldwell absolutely denies that he ever planned with members of the Oath Keepers, or any other person or group, to storm the Capitol. Caldwell absolutely denies that he obstructed justice. 3 The word of a 20-year military veteran with no prior criminal record is evidence, and it is strong evidence, of his innocence.

[snip]

In short, despite having an army of federal agents working around the clock intensively investigating for almost three months, the Government has not provided the Court with a confession, witness statement, or physical evidence backing up their claim that any person or group had a premeditated plan to storm the Capitol. Caldwell asks rhetorically: Doesn’t the Court find it odd that the Government hasn’t outlined the specifics of the premeditated plan? What time was the “invasion” scheduled to begin? Who would lead the attack? What was the goal once the planners entered the Capitol?

[snip]

The Government’s fanciful suggestion that right-wing tactical commandos were waiting in the wings to storm the Capitol is one for the ages.

In response to Judge Mehta’s questions about this claim, AUSA Kathryn Rakoczy conceded that the alleged co-conspirators didn’t have hard and fast plans as to what would happen before the event. This was a plan made of “possibilities,” which included the possibility (the facetious excuse offered by Caldwell) that other groups would resort to violence if Vice President Pence threw out the vote and the Oath Keepers would have to respond with force, or that President Trump would invoke the Insurrection Act and the Oath Keepers would come in to institute martial law. As Rakoczy described, they were “watching and waiting to see what leadership did” to achieve the goal of preventing the vote count, which goal the “government submits was unlawful and corrupt.”

They were waiting to see what leadership did. When leadership did what they referred to as “nothing,” they did take matters into their own hands. They were waiting and watching to see what was happening.

So when asked to respond to Caldwell’s misrepresentation that he was charged with conspiring to storm the Capitol, Rakoczy responded that it wasn’t certain they would storm the Capitol; the group was prepared to act, they just weren’t sure how — given the uncertainties of the day — they would act.

Based on that response and his conclusion that Caldwell actually had never entered the Capitol, Judge Mehta ruled that Caldwell was differently situated than the other defendants insofar as the evidence that he participated in the conspiracy (to storm the Capitol, Fischer said) was weaker given that he never did enter the Capitol.

Only later, after Judge Mehta had announced his decision, did Rakoczy point out the problem with this argument: Caldwell is not charged with conspiring to storm the Capitol. As she noted, the language Fischer kept quoting about storming the Capitol came from a background paragraph of the superseding indictment:

23. As described more fully herein, CALDWELL, CROWL, WATKINS, SANDRA PARKER, BENNIE PARKER, YOUNG, STEELE, KELLY MEGGS, and CONNIE MEGGS, planned with each other, and with others known and unknown, to forcibly enter the Capitol on January 6, 2021, and to stop, delay, and hinder the Congressional proceeding occurring that day.

The actual conspiracy as charged was to impede the certification of the Electoral College vote.

24. [… the defendants] did knowingly combine, conspire, confederate, and agree with each other and others known and unknown, to commit an offense against the United States, namely, to corruptly obstruct, influence, and impede an official proceeding, that is, Congress’s certification of the Electoral College vote, and to attempt to do so, in violation of Title 18, United States Code, Section 1512(c)(2).

Purpose of the Conspiracy

25. The purpose of the conspiracy was to stop, delay, and hinder Congress’s certification of the Electoral College vote.

This is a problem I saw going in (though I doubted that Fischer would be able to confuse Mehta as well as he did).

But the results of this hearing, particularly given Rakoczy’s answers, reveal something about the way this conspiracy is charged (and the ones most of the Proud Boy are charged).

They assume the any action conspirators took would be effectuated on Congress, that that was the only eventuality conspirators were planning for.

The conspiracy is all built off an obstruction charge which itself, while valid, is fairly inapt. It likens the counting of the vote to a trial, which legally holds, but doesn’t get at the scope of what co-conspirators (and Trump) were trying to accomplish. The focus — Caldwell’s, as well as those who actually did storm the Capitol — was all on Congress, because that was the next event in question (just as the previous December mob had been focused on the electoral certifications in the states). But the goal was not (just) to stop the certification of the vote count on Congress. The ultimate goal was to ensure that Trump would remain President, via whatever means. And as Rakoczy acknowledged, one possibility that co-conspirators Kelly Meggs and Jessica Watkins believed might happen was that Trump would declare martial law, and the Oath Keepers would become the glorious army to save their fantastic dreams. That would have had the effect of preventing the certification of the electoral vote, but it would have (if successful) been a more direct route to the actual goal of the conspiracy: to keep Trump in power and prevent the lawfully elected President from taking over.

That’s why Fischer’s ploy worked: because all the planning wasn’t primarily about the Capitol. It was primarily about Trump.

This charge is built like it is, I’ve always been convinced, because no one has yet made the commitment to charge seditious conspiracy (ideally in parallel with this conspiracy). The real goal, after all, was to overthrow the democratic system, and impeding the vote count was just one means to achieve that conspiracy. The conspiring that started even before the election was about overthrowing democracy, not just January 6.

This may not be a fatal weakness for these conspiracy charges. Now that prosecutors have seen Fischer work this feint so well, they’ll be better prepared for it from others.

But one reason it worked is because the real goal of the conspiracy — the one that Caldwell’s lawyer all but conceded to today — was to do whatever it took to prevent the lawfully elected President from taking power.


GoToInsurrection and Other Astounding Oath Keeper Social Media Habits

DOJ has now charged the following Oath Keeper associates:

Between all the charges, prosecutors have laid out a breathtaking scope of social media use by the militia:

  • A leadership list on Signal they appear to have obtained from either Watkins and/or Kelly Meggs
  • Open channels on Zello, possibly separate ones for each large event
  • Telephony chats and texts, including during January 6
  • MeWe accounts
  • Way too much blabbing on Facebook, followed by a foolish belief they could delete such content
  • Parler for further blabbing
  • Stripe for payment processing (possibly for dues)
  • GoToMeeting for operational planning

Plus, most of the people arrested thus far had their cell phones on, pinging cell towers, while they were in the Capitol (thus far, two of the accused did not enter the Capitol).

It’s the GoToMeeting revelation, in Harrelson’s affidavit, that gets me:

Pursuant to legal process, the government obtained records from Go To Meeting showing that a user named “gator 6” was the organizer for a meeting titled “dc planning call” on January 3, 2021. The user “gator 6” accessed the meeting from a mobile device using the same IP address ending in 158 [as Harrelson used to access Apple servers], and the user listed themselves as living in Titusville, Florida. Between September 30, 2020, and January 3, 2021, the user with the same IP address ending in 158 attended or organized approximately 30 meetings on Go To Meeting affiliated with the Oath Keepers, using the names “gator 6,” “hotel 26,” or kenneth harrelson.”

GoToMeeting is basically spyware for your computer, because it has to access so many features of your computer to work. As a default it collects a great deal of data on participants, and can be set to collect more. It is end-to-end encrypted, but with legal process FBI might be able to get a great deal of information from GTM, if the Oath Keepers kept it.

Between these twelve people, then, DOJ has served legal process on enough databases to create a veritable dossier on the Oath Keepers. While some of these comms (such as the Zello comms) are ephemeral, Facebook and GoToMeeting and Stripe are data vacuums.

With a database like this, the government can be choosy about which Oath Keepers they arrest. Reportedly, DOJ says they may add 6 more people to their collection of Oath Keeper defendants.

Indeed, it’s not really clear why they’ve charged the last three — Minuta, James, and Harrelson — before charging the last several members of the Stack that entered the Capitol together.

Harrelson was not part of the Stack, but the affidavit justifying his arrest shows him — and another guy — in communication as the Stack came up the Capitol steps, with Harrelson interacting with Graydon Young inside the Capitol. But his organizing efforts in Florida would put him in close touch with the Meggses (Kelly leads the Florida chapter) and James (who lives in Alabama but seems to be tied to the Florida chapter), along with Young (who lives in Titusville).

These Florida Oath Keepers were providing “security” for Roger Stone well before the January insurrection, including an event in Florida. (MoJo had a summary of who provided security when yesterday.)

As for Minuta, in addition to serving as Stone’s security on January 5 and 6, he also was abusive to cops before entering the Capitol and on his way out, when he promised the Second Amendment option came next. Like Young, Minuta is also accused of deleting Facebook, probably just as unsuccessfully.

In James’ case, DOJ seems particularly interested in the communications he had with Minuta, called Person Five in the affidavit even though he was already arrested by the time it was approved.

While James stood with the other Oath Keepers, at least one of them (who will be referred to below as “Person Five”)2 aggressively berated and taunted U.S. Capitol police officers responsible for protecting the Capitol and the representatives inside.

[snip]

Records indicate that phone number XXX-XXX-4304 (associated with James) exchanged a number of phone calls throughout November and December 2020 with a person who will be referred to herein as Person Five.

On November 13 and 14, 2020, for example, phone number XXX-XXX-4304 (associated with James) exchanged approximately eight calls with the number associated with Person Five. Your affiant is aware that certain Oath Keepers attended rallies in Washington, D.C., held on November 14, 2020, at which some Oath Keepers, to include Person Five, operated as a personal security detail for one or more speakers at the events.

Later, on or around November 20 and December 11, 2020, records indicate that phone number XXX-XXX-4304 (associated with James) exchanged two phone calls with Person Five. Your affiant is aware that certain Oath Keepers attended rallies in Washington, D.C., held on December 12, 2020, to protest the results of the 2020 election—at which some Oath Keepers, to include Person Five, operated as a personal security detail for speakers at the events.

Finally, records indicate that, on or around January 5, 2021, phone number XXXXXX-4304 (associated with James) exchanged six calls with the number associated with Person Five. That day, James, Person Five, and other individuals wearing apparel with the Oath Keepers name and/or insignia provided security to a speaker at the “Stop the Steal” events planned for that day.

Note that Minuta was hanging out with Proud Boy Dominic Pezzola in that December MAGA event.

James’ affidavit ends with this group photo, identifying Connie Meggs, two still uncharged Stack participants, four uncharged people who tracked with James and Minuta during the insurrection, Kelly Meggs, and another Stack member.

Both the Minuta and James affidavits focus on Oath Keeper head Stewart Rhodes, described as Person One, as does this detailed filing opposing bail for Caldwell.

James stayed in touch with others during the time of active investigation:

Since January 6, 2021, phone number XXX-XXX-4304 (known to be associated with James) has exchanged multiple phone calls and text messages with the number associated with Person Five. The number associated with James has also placed at least one call as recently as February 2021, to a phone number known to be associated with Kelly Meggs, the now-arrested self-described Florida Oath Keeper leader.

Thus far, DOJ isn’t explaining why Minuta, James, and Harrelson were arrested in the weeks after FBI started exploiting the Signal chats that organized Oath Keeper efforts on January 6 and, particular, Kelly Meggs’ communications.

But because the Oath Keepers were such promiscuous users of all kinds of social media tools, the FBI has a remarkable collection of data about the group’s activities since last fall. And they’ve picked these guys to arrest.

Update: In his detention hearing today, the FBI focused on James’ providing security for Stone.

The FBI agent who testified at Thursday’s hearing said several firearms were found during a search warrant executed at James’ home. All of the firearms were legal, and none were confiscated. They included a shotgun, a hunting rifle, a few “AR-15 style rifles,” and two pistols, the agent said.

James was paid $1,500 for security at two events, including a “Stop the Steal” rally on January 6, according from testimony from his wife, Audrey James. Stone and other pro-Trump figures held several events in Washington in addition to the official rally that Trump spoke at shortly before the attack.

Audrey James said she was sent “around $1,500 total” directly from the Oath Keepers over a mobile app. She stated the funds were paid out over a couple of months to assist her and her children during Joshua James’ absence to Texas and Washington, DC, while he was providing security. She said she didn’t know where the money originated from.

This story, by itself, presents real problems with the story Stone told. He raised funds for “security” in advance of the insurrection, but then said he couldn’t find paid security so relied on volunteers.


On Merrick Garland’s Confirmation

As you may, or may not, have heard, Merrick Garland was confirmed, by a vote of 70-30, as the next Attorney General for the United States a few minutes ago. That is a good thing. Garland is a competent, and stabilizing, presence that will be very good for the Department of Justice. And, man can the DOJ use that about now.

But, before people do too many backflips, remember that Merrick Garland is no avenging liberal hero. He has a horrible record on criminal justice issues, and very long has. He is a built in stabilizer, but certainly not as the once and future cure for the ills of the justice system, which at his new job will be front and center.

Is Garland the cure? No. He is an admirable and good man that will restore some bit of normalcy and, hopefully, consistent competence to the DOJ. That alone means everything right now in the wake of the disastrous Jeff Sessions, Matt Whitaker and William Barr eras under Donald Trump. The resetting and stabilization is critical right now.

There are a bunch of just below the AG nominees Biden has made that are great. As Marcy noted previously, Vanita Gupta and Kristen Clarke are excellent people. And, yes, even Lisa Monaco (as DAG) will likely be a competent and worthy person in leadership. Didn’t see me saying that ten years ago. There are also outstanding former DOJ people like Sam Bagenstos and Sasha Samberg-Champion returning to government, even if not at the DOJ, and they are taking pay hits to do so. Be thankful for those, and similar, people because that is also truly good stuff.

In short, all are tectonic shifts in the right direction from the disastrous Trump years. But, as to Garland, let’s wait and see. He was a good and stable choice. Before you place your hopes and dreams on him too much, however, let him show his work. On criminal justice, his history of work has been, shall we say, rather uneven. There were several warts when Obama nominated Garland for the Supreme Court, and there still are. For now though, great.


Arrest First, Learn about Right Wing Terrorism Later

In his Senate testimony the other day, FBI Director Chris Wray was not particularly cognizant of the granular details of the investigation into January 6. But he said something else, repeatedly, that bears consideration.

In response to a Dick Durbin question about whether he agrees that the Capitol attack involved white supremacists and other violent extremists, Wray responded by explaining that as the FBI arrests more and more people, it is developing a better understanding of the motivations behind those involved in the attack.

We’re seeing quite a number, as we’re building out the cases on the individuals we’ve arrested for the violence, quite a number of what we would call militia violent extremists, so we have a number who self-identify with, you know, the Proud Boys or the Oath Keepers, things like that. We also have a couple of instances where we’ve already identified individuals involved in the criminal behavior who we would put in the racially motivated extremists who advocate for what you would call sort of white supremacy. Some of those individuals, as well — one of the things that is happening is part of this is that as we build out the cases on the individuals when we arrest them for the violence we’re getting a richer and richer understanding of different people’s motivations.

Then, in response to a Chuck Grassley question about how the FBI will learn more about alleged left wing extremists (which Wray answered for anarchists), Wray said that by arresting these people, the FBI is learning about their tactics and tradecraft.

I think as with any domestic terrorism threat or, frankly, any counterterrorism threat more broadly, we’re also looking to develop more and better sources so we get more visibility and insight into the plans and intentions, tactic, tactics, procedures of any group of violent extremists. Another is to get better at how to navigate around some of the operational trade craft that they use. So, the more times, the more arrests we see and this is relevant both for the anarchist violent extremists and the racially motivated violent extremists, for example, the more arrests you see, that’s obviously good news that we’re arresting people that need to be arrested. There’s a whole ‘nother part of that is really important. The more arrests we make, the more from those cases we learn about who else their contacts are, what their tactics are, what their strategies are, et cetera. And that makes us smarter, better able to get in front of the threat going forward.

Finally, when Amy Klobuchar asked if the attack was planned and coordinated, Wray first responded that there were aspects that had been planned. Then, in response to a specific question about the Proud Boys’ coordination, Wray explained that the FBI is escalating charges after initial arrests based on what they learn subsequent to the initial arrest.

There have been a growing number of charges as we continue to build out the investigation, either individuals who are now starting to get arrested involving charges that involve more things like planning and coordination or in some instances individuals who were charged with more simple offenses, but now we’re superseding as we build out more of an understanding of what people were involved in. And there were clearly some individuals involved, which I would consider the most dangerous, the most serious cases among the group, who did have plans and intentions and some level of coordination.

None of this is surprising. It has been apparent from the court filings in the investigation.

But the significance of it is worth considering. The FBI blew it in advance of the attack for reasons that have yet to be confirmed but at least seem to arise from an unwillingness to see right wing terrorism being planned in plain sight. But, as I’ve repeatedly said, the nature of the attack is such that every single person who entered the Capitol and many of those who remained outside, physically fighting cops, committed a crime. And so, based on those trespass crimes, the FBI is arresting a lot of people. Because that’s the way the investigation has rolled out — and because, for every single trespass defendant, the record of what they said about their actions in advance make the difference between getting charged for obstructing the vote count or not — it means the FBI arrests people before they’ve done a lot of investigation they otherwise might do before an arrest. For better and worse, that means that the FBI is arresting people and then conducting intrusive collection on them, starting with their cell phone, even for people who seem to be just trespass defendants. That further means that the FBI will get access to communications that will support conspiracy charges when they otherwise would have a difficult time making such charges without a domestic terrorism statute.

There are real problems with this approach — Oath Keeper affiliate Jon Ryan Schaffer moved to dismiss the charges against him because DOJ has left him in an Indiana jail for 48 days without obtaining an indictment. For existing networks that aren’t recognizably a militia, I’m fairly certain the FBI is not seeing associations until after initial detention bids have been lost. Prosecutors have had to backtrack on claims with some notable defendants (such as Ethan Nordean, who got sent released to home confinement as a result).

But it means the FBI will obtain a far more detailed understanding of some of these people than they otherwise would have been able to get. And as it does so, it is seeing the networks of conspiracy that they otherwise might not have.


FBI Seems Confident in the Granularity of Their Capitol Cell Tower Dumps

In the grand scheme of schemes leading up to the January 6 insurrection, Larry Stackhouse appears to play a minuscule role. Like over a hundred other people, according to his arrest warrant, he walked inside the Capitol and now, weeks after his colleagues reported him to the FBI, he is getting charged with misdemeanor trespassing as a result.

I’m interested in him, though, because of the evidence against him. First, there are the co-workers who, because of their obvious exhaustion with Stackhouse’s vocal support for Donald Trump, might be easy to discredit:

On approximately February 5 and 11, 2021, a witness (“W 1”) was interviewed by law enforcement. WI reported to law enforcement that it was “common knowledge” among those who worked with Larry Stackhouse (“STACKHOUSE”), that STACKHOUSE had entered the Capitol on January 6, 2021. WI stated that STACKHOUSE had called out of work on January 5 and 6, 2021 and that STACKHOUSE had previously been reprimanded at work for displaying political signs and attires in support of former President Trump, which violated their employer’s policies. WI initially stated that STACKHOUSE had been identified by his employer as being associated with “hate groups” from his social media, but later clarified that the employer had no information that STACKHOUSE supported hate groups. Rather, STACKHOUSE was a strong supporter of President Trump who had expressed that support at work in a manner inconsistent with the employer’s policies.

Unlike most referring friends, families, and disgruntled colleagues that serve as witnesses for these affidavits, W1 doesn’t claim to have seen Stackhouse post anything to social media from his trip.

The affidavit does cite social media from Stackhouse. But it’s a picture posted to Telegram from outside the Capitol, which is not a crime.

The affidavit cites “videos and images” from inside the Capitol showing Stackhouse, but the only one included is not all that clear.

The only other piece of evidence substantiating the affidavit — the one I’m interested in — is the claim that Stackhouse’s phone was picked up on an AT&T cell site consistent with being inside the Capitol.

According to records obtained through a search warrant which was served on AT&T on January 6, 2021, in and around the time of the incident, the device associated with cellular telephone number ***-***-6199 was identified as having utilized a cell site consistent with providing service to a geographic area that includes the interior of the U.S. Capitol building.

Given the date, this must be a cell tower dump — the FBI didn’t have their first tip on Stackhouse until a month later (which would also mean the FBI obtained that dump on the day of the attack). And while the FBI uses careful language that a cell tower dump only shows what the service area includes, using it as the third data point to substantiate an otherwise thin arrest warrant suggests they’re pretty confident that it includes only the Capitol (because, again, standing outside is not a crime).

Likewise, the FBI used cell site data (this time, from Verizon) to substantiate an otherwise thin part of the affidavit against someone who does matter to grander schemes: Roberto Minuta, the Oath Keeper who went from providing “security” for Roger Stone to storming the Capitol.

Minuta is charged with three crimes: Obstruction of the vote count (easily substantiated with parts of the larger Oath Keeper conspiracy) obstruction of the investigation for deleting his Facebook account on January 13, and the trespass crime everyone gets charged with.

There are unsurprisingly, given the focused attention to the Oath Keepers’ movements that day, more pictures of Minuta inside or existing the Capitol than of Stackhouse, tied together by the goggles Minuta wore and, in several frames, his Oath Keeper badge.

At least in what the FBI chose to reveal in this affidavit (other filings suggest they have far more collected on him and a range of his associates), the other piece of evidence included proving that Minuta entered the Capitol — rather than yelled at cops outside — is his use of a Verizon cell site consistent with being inside the Capitol.

Eventually, Minuta unlawfully breached the Capitol building itself. According to records obtained through a search warrant, which was served on Verizon, the cellphone associated with XXX-XXX-4147 was identified as having used a cell site consistent with providing service to a geographic area that includes the interior of the United States Capitol building on January 6, 2021, the day of the attack on the Capitol.

Unlike with Stackhouse, the government needs to ensure Minuta’s prosecution is water-tight, as he is a key link between the raid itself and Trump flunkies like Roger Stone, and he and several of the Oath Keeper defendants have already shown a desire to undermine the entire premise of the investigation.

As I have noted elsewhere, the granularity of the cell tower data is a critical factor in assessing the privacy impact of its use in the investigation (reiterating that reported broader cell tower dumps taken in an effort to identify the elusive pipe bomber do pose more concern). And these claims will undoubtedly be tested.

Still, the FBI seems to have confidence that these cell sites were not just serving traffic “consistent with” being inside the Capitol, but probably even “exclusive to” being inside.

Update: In an arrest affidavit for Jared Adams, arrested for trespass crimes, the FBI conveniently included a map of how the Google GeoFence works, as well as a description of how they moved from Instagram to Adams’ Google account.


First they used his Instagram to get his Gmail account.

Instagram records confirmed that the Instagram account jokerschild1994 is associated with ADAMS, with an e-mail address of [email protected], and T-Mobile phone number ***-***-5569. Records provided by Facebook (username jared.adams.35325) include the same e-mail address and phone number. Records lawfully provided by Google reveal that the mobile device associated with [email protected] belonged to a Google account registered in the name of Jared Hunter ADAMS. The Google account also lists a recovery SMS phone number that matches ***-***5569, the same number as identified above. Information from law enforcement databases indicates that ADAMS lives in Plain City, Ohio. The FBI reviewed ADAMS’ application for an Ohio driver’s license, which contains the same phone number (***-***-5569)). In addition, three managers of apartment complexes where ADAMS either lived or applied for an apartment between 2017 and July 2019 also confirmed his phone number.

Then they used the Google account to geolocate Adams within the specific space of the Capitol (using, as earlier affidavits relying on Google GeoFence have, GPS, WiFi, and Bluetooth).

According to records lawfully obtained from Google, a mobile device associated with [email protected] was present at the U.S. Capitol on January 6, 2021. Google estimates device location using sources including GPS data and information about nearby Wi-Fi access points and Bluetooth beacons. This location data varies in its accuracy, depending on the source(s) of the data. As a result, Google assigns a “maps display radius” for each location data point. Thus, where Google estimates that its location data is accurate to within 10 meters, Google assigns a “maps display radius” of 10 meters to the location data point. Finally, Google reports that its “maps display radius” reflects the actual location of the covered device approximately 68% of the time. In this case, Google location data shows that a device associated with [email protected] was within the U.S. Capitol from approximately 2:53 p.m. until approximately 4:40 p.m. for a total approximate time inside the U.S. Capitol of one hour and 47 minutes. Google records show that the “maps display radius” for this location data was less than 100 feet, which encompasses an area that is partially within the U.S. Capitol Building.

As illustrated in the map below, the listed locations encompass areas that are partially within the U.S. Capitol Building during 2:53 p.m. until 4:40 p.m. Specifically, Google location data shows that a device associated with [email protected] was within the U.S. Capitol at the times and locations shown in the map below (at the locations reflected by each darker blue circle), with the “maps display radius” reflected in the map below (as reflected in a lighter blue ring around each darker blue circle). In addition, as illustrated in the map below, the listed locations were entirely within areas of the U.S. Capitol Grounds which were restricted on January 6, 2021.

This reflects the same 68% confidence as an earlier use of the Geofence.

The FBI then used the GeoFence information to pull security footage showing him in the place where Google said he was. They then got his former roommate to ID him from a photo.

 


FBI Had an Open Investigation into a QAnon Cultist Predicting World War 3 before January 6

As I noted in this post, partly due to the way Krysten Sinema restated Assistant FBI Director Jill Sanborn’s response, the woman in charge of FBI’s counterterrorism efforts mistakenly claimed that the Bureau cannot monitor public social media communications. The reality — as confirmed by NBC — is that they can’t persistently target a person’s communications, but they can monitor open source postings.

In a statement to NBC News, the FBI acknowledged that it can and does look at public social media information. An FBI official said Sanborn understood Sinema’s question to be referring to “whether the FBI persistently and passively examines internet traffic and social media conversations, to include direct messages between two users.” In fact, her question referred to comments made on public-facing social media services.

“The FBI may observe and collect information from open sources as long as the FBI activities are done for a valid law enforcement or national security purpose and in a manner that does not unduly infringe upon the speaker or author’s ability to deliver his or her message,” an FBI official said. “The authorized purpose must specifically be tied to federal criminal or national security purposes, usually to further an FBI assessment or … investigation.”

Given that the FBI can monitor open source communications, it makes this earlier exchange, between Sanborn and Maggie Hassan, more significant. Senator Hassan asked Sanborn how many of the people already arrested in the January 6 insurrection had been under investigation before it.

Maggie Hassan: Of the individuals charged to day in relation to the attacks of January 6, how many were already under investigation by the Bureau.

Jill Sanborn: Ma’am, I’d have to get you the specific number, but I can only recall, from my memory, one, of the individuals that was under investigation prior.

While Sanborn was speaking from memory and promised to get an exact number, Sanborn could only remember one open investigation among the people arrested so far.

FBI appears to have done an assessment on at least three people arrested so far (assuming that the MPD arrest of Enrique Tarrio for targeting a Black Church in December is not the one Sanborn was thinking of).

For example, in December, an associate of Kevin Strong contacted the FBI to alert them that the FAA employee had started stock-piling goods, warned someone else that World War 3 was going to start on January 6, and was pushing Parler as a legitimate source of information. That led the FBI to open an investigation on Strong on December 30.

On December 30, 2020, the FBI initiated an investigation of STRONG based on reporting from Witness #1 (“W-1”). W-1 is familiar with STRONG and his previous residence. W-1 told the FBI that STRONG had been showing signs of behavioral changes over the last few months including stock-piling items and telling others to get ready for Marshal Law, rioting, and protesting. Specifically, W-1 was aware that STRONG had sent messages to another individual claiming World War 3 is going to occur on January 6, 2021, and that the military was coming in and getting involved. W-1 was aware that STRONG hung a flag with the logo “WW1WGA” on his house. W-1 told the FBI that he/she looked it up on the Internet and found that that “WWG1WGA” was a QAnon slogan standing for “Where We Go One, We Go All.” STRONG was known to declare that he had “Q clearance” and believed he was part of a “movement” that was greater than himself. He had recently purchased a new truck and believed that QAnon would cover the debt. STRONG had also been promoting the “Parler” application as a place to get information.

STRONG is currently employed by the Federal Aviation Administration (FAA) in San Bernardino, California. On January 7, 2021, an employee in the Internal Investigations Branch of the FAA contacted the FBI and reported STRONG was observed at the United States Capitol building during the unlawful entry that took place on January 6, 2021. According to the FAA employee, STRONG was seen on a news broadcast.1 The employee provided a screengrab from the news broadcast to law enforcement.

Strong was charged with the two misdemeanor trespassing crimes virtually everyone who entered the Capitol was charged with but not, as those who posted conspiracies about the election in advance of January 6 generally were, with obstruction of the vote count.

Even though they had an investigation into Strong, it still took a tip from the FAA to alert the FBI that Strong had entered the Capitol on January 6, to which he readily confessed when he was interviewed on January 16.

Then there’s Bryan Betancur. While out on probation after serving time for burglary, Betancur was explicitly talking about following the lead of James Field, the Neo-Nazi who murdered Heather Heyer.

BETANCUR is a self-professed white supremacist who has made statements to law enforcement officers that he is a member of several white supremacy organizations. BETANCUR has voiced homicidal ideations, made comments about conducting a school shooting, and has researched mass shootings. BETANCUR voiced support for James Fields, the individual convicted for killing an individual with his car during protests in Charlottesville, Virginia. BETANCUR has stated he wanted to run people over with a vehicle and kill people in a church. BETANCUR subsequently stated that he had changed his mind about hurting people.

After being released following a conviction for fourth degree burglary, BETANCUR continued to engage racially motivated violent extremist groups on the internet. BETANCUR also made increased verbalizations about his desire to be a “lone wolf killer.” BETANCUR has repeatedly violated the terms of his parole and probation.

Betancur’s arrest affidavit describes a Task Force officer interviewing Betancur repeatedly during what it calls an investigation of him.

A FBI Task Force Officer who has interviewed BETANCUR multiple times throughout the FBI’s investigation of BETANCUR also believes the individual on the left side of the image to be BETANCUR.

Betancur lied to his probation officer — claiming he was going to hand out Bibles in DC — to get permission to go to DC that day. And he showed up wearing a Proud Boys shirt and flashing white supremacist symbols and (in another picture) waving a Confederate flag.

In spite of the fact that this guy was aspiring to replicate Field’s attack and the apparent fact he was under investigation, the FBI affidavit suggests they needed a cooperating witness to ID Betancourt’s social media accounts.

Your affiant has also reviewed screenshots of accounts believed to belong to BETANCUR, provided by a cooperating witness (hereafter “CW1”). CW1 submitted an image to the tip-line established in the aftermath of the events of January 6, 2021. CW1 provided comments with this image stating that the individual in the screenshot had participated in the events at the U.S. Capitol on January 6, 2021 and posted numerous images using social media accounts with the names Bryan Clooney and Maximo Clooney. In the image CW1 submitted to the tip-line, a social media user with the user name “bryan_patriot_1776” appears to stand on scaffolding erected on the western side of the U.S. Capitol Building holding the corner of a confederate battle flag.

Like Strong, Betancur was charged with just misdemeanor trespassing charges, though he’s back in trouble in Maryland for violating probation.

A third defendant the FBI investigated before the insurrection is perhaps the most damning for what it says about the social media activity the FBI will notice.

The FBI is coy about two details in the arrest affidavit for Rasha Abual-Ragheb: One is when the Newark Office obtained Abual-Ragheb’s Facebook data, before or after January 6.

In addition, FBI Newark Division (FBI Newark) recently obtained, through legal process, records associated with the Facebook account with the display name Rasha Abu. The Facebook records link the Rasha Abu account to the same phone number that Rasha Abual-Ragheb provided the interviewing agents in November of 2020. FBI Newark also recently obtained, through legal process, records associated with the phone number provided by Rasha Abual-Ragheb, which confirmed Rasha Abual-Ragheb was in fact the subscriber.

And given that so many people have written affidavits in this investigation, it’s unclear whether the two people identified as “Confidential Human Sources” reporting back to the Philadelphia FBI Office in Abual-Ragheb’s arrest warrant are, as the name would normally suggest, FBI informants, or whether they’re just concerned citizens calling in tips as happened with the vast majority of tips on January 6 defendants.

On January 7, 2021, CHS 1 reported to the FBI Philadelphia Division (FBI Philadelphia) that he/she observed Rasha Abual-Ragheb’s Facebook page (display name Rasha Abu) showing Rasha Abual-Ragheb at the protest in Washington, DC on January 6, 2021 (attachment 1). A post made by Rasha Abual-Ragheb on the Facebook page revealed she checked into the Kimpton George Hotel (attachment 2). In another Facebook post (attachment 3), Rasha Abual-Ragheb posted the following: “Just left Dc… I got tear gas, paper spray!!! But I was part of the history. We the people won’t take it anymore. Antifa were between us, i and other MAGA people told Dc police, get that Antifa they didn’t do anything. He had black metal chair… The police would order to use full force on us from the beginning when we start marching to the capital, the use teargas and pepper spray and rubber bullet, they shot the woman that was standing peacefully without a a weapon, they hit women’s kids. They hit people with the pat metal one.”

On January 6, 2021, Confidential Human Source #2 (CHS 2) advised the FBI Philadelphia that on the night of January 6, 2021, CHS 2 encountered a woman on the sidewalk of the Kimpton George Hotel in Washington D.C. dressed in distinct clothing and making a scene (attachment 4, which was photo taken by CHS). The woman on the sidewalk identified herself as “Rasha,” admitted to being in the U.S. Capitol, and showed CHS 2 a picture of herself in the building (attachment 5). CHS 2 further reported Rasha Abual-Ragheb said she was in the U.S. Capitol and saw a woman get shot.

Still, what is clear is that, back in November, the FBI responded to Abual-Ragheb making inflammatory comments and repeating Donald Trump’s “Stand By” comment on social media by conducting — at a minimum — an Assessment against her, including an FBI interview.

In November 2020, a Facebook account with display name Rasha Abu participated in Facebook and Telegram group chats involving the New Jersey chapter of the American Patriot 3%. In the Facebook chat, user Rasha Abu advised the revolution will start not by standing by but by standing up. In addition, she advised civil war is coming and they need to show support, and rise up and fight for our Constitution. Open Source research identified an individual named Rasha Abual-Ragheb, residing at a specific address in New Jersey, as the possible user of the Facebook account. As part of the FBI’s assessment of Rasha Abual-Ragheb, she was interviewed. During the interview, she advised she was a Trump supporter, attended Trump rallies, and was blocked from making posts on Facebook and Twitter for pro-Trump postings. Additionally, Rasha AbualRagheb advised she was born in Lebanon and fled to Jordan when she was a child due to the civil war there. She further advised that she has lived in the United States for 21 years and she provided the interviewing agents with her telephone number.

Like Strong and Betancur, Abual-Ragheb was charged with just the two misdemeanor charges.

While her attorney, Elia Amato, could provide no clarity on whether the investigation into Abual-Ragheb continued from November through January 6 — possibly up to and including arranging for informants to track her movements on the day of the attack — Amato did emphasize that, “What ever prior investigative concerns law enforcement may have had appear to have been quashed.”

Still, it’s clear that, almost alone among 300 people charged so far, the FBI had noticed Abual-Ragheb’s public comments on social media and taken further investigative steps.

Jill Sanborn excused FBI’s failure to see the insurrection in advance based off obfuscation about the Bureau’s ability to observe and react to comments in public. But the Bureau did identify a potential threat and conduct an assessment in Abual-Ragheb’s case.

That also means they did that — almost uniquely — with an immigrant who has a Middle Eastern name, while ignoring others, many with criminal records, who made far more substantive or inflammatory comments.

The FBI didn’t respond to Proud Boy Enrique Tarrio’s plans for January 6 in plain sight, even though he had committed a racially motivated attack the last time he had been in DC.

They didn’t see and respond to Facebook posts from Three Percenter Michael Lopatic, the former Marine who spent the months after the election naming his hunting kill after Joe Biden, Kamala Harris, Chuck Schumer, Nancy Pelosi, Jerry Nadler, and Adam Schiff, posted a “Call to Arms,” in advance of January 6, and is accused of assaulting at least two cops at the insurrection.

They did see the woman on Three Percenter sites with an Arab name.

Meanwhile, by dint of opening an investigation into Kevin Strong, the FBI had evidence that delusional QAnon followers believed there would be Martial law and World War 3 on January 6, a description of January 6 as “war” in the FBI’s hands a week before the January 5 Norfolk report.

But that didn’t raise a wider alarm, either.

Now that the FBI has conceded that it had the authority to look at any of the social media discussions that led others to anticipate that January 6 would be something different, it has more some explaining to do — not least why one of the only January 6 participants it discovered in advance was virtually the only one with an Arab name.

Copyright © 2021 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2020-presidential-election/page/2/