John Durham Had No Idea Michael Sussmann Provided Another Anonymous Tip on Behalf of Rodney Joffe

John Durham’s team has submitted a filing asking for an extension on its discovery deadlines in the Michael Sussmann case.

It’s interesting as a relief map of the conspiracy theory-oops-I-mean-charge that Durham is still pursuing in this case, made visible by the witnesses implicated whom Durham has yet to interview and by his repeated explanation that this is an ongoing investigation.

It’s also interesting because I can see clear gaps, gaps he may be trying to cover up by boasting of everything he has turned over. I’ll probably return to the gaps after his deadlines have passed.

Perhaps the most interesting disclosure is that Durham had no fucking clue that Sussmann provided a different anonymous tip to DOJ on behalf of Rodney Joffe, one of similar substance to this one. Sussmann alerted DOJ’s Inspector General that one of its employees was connecting to a foreign VPN, the same kind of meticulous forensic detail that Sussmann reported to the FBI regarding Alfa Bank.

On December 17, 2021, the OIG also provided to the prosecution team a written forensic report concerning a particular cyber-related matter that the defendant brought to the OIG’s attention in early 2017 on behalf of an anonymous client. In particular, the report reflects that in early 2017, the defendant reported to an OIG Special Agent in Charge that one of the defendant’s clients had observed that a specific OIG employee’s computer was “seen publicly” in “Internet traffic” and was connecting to a Virtual Private Network in a foreign country. At the time the OIG provided this forensic report to the Special Counsel in December 2021, the OIG represented to the prosecution team that it had “no other file[] or other documentation” relating to this cyber matter. The Government provided the report to the defense on December 23, 2021. Subsequent to this disclosure to the defense, the Special Counsel team has become aware of additional potentially discoverable materials in the OIG’s possession:

i. First, in a discovery call with the prosecution team on January 20, 2021 [sic], defense counsel informed the Government that the defendant met personally with the DOJ Inspector General in March 2017 when conveying the aforementioned cyber issue to the OIG. The defense further stated that the defendant’s client in that matter was Tech Executive-1, the same individual on whose behalf the Indictment alleges the defendant also met with the FBI in September 2016. Upon learning this information, the prosecution team promptly made further inquiries of the OIG. On the next day, January 21, 2021 [sic], the OIG informed the Special Counsel for the first time that the defendant in fact met in March 2017 with the Inspector General and his then-General Counsel concerning the above-described cyber matter. The OIG had not previously informed the Special Counsel’s Office of this meeting with the defendant. Over the past few days, including over this last weekend, the OIG has been gathering and providing further documentation and information relating to that meeting to the Special Counsel’s Office. Given the meeting’s potential relevance to the charges at hand, the Special Counsel’s Office will work expeditiously with the OIG to conduct interviews and to collect and disclose any further discoverable materials to the defense.

This is just one of three things that Durham’s team admits they’ve learned “for the first time” from Michael Horowitz’s office. But that — and other details in this filing — make it clear they’ve been blithely going along with their investigation without checking on the work that Horowitz did, to which this prosecution was supposed to be derivative. If the same is true of the Igor Danchenko case, Durham will have even bigger problems to deal with.

But this disclosure is far more damning than Durham lets on. That’s because he had already searched for everything he thought was discoverable. He had looked everywhere for discussions of Michael Sussmann within DOJ and FBI.

And he still had no idea, until four months after he indicted Sussmann for sharing a tip from Rodney Joffe about weird forensic data, that Sussmann had shared another tip about weird forensic data from Rodney Joffe during the same period under investigation.

Oh, by the way, Sussmann is also squeezing Durham for all the evidence that when FBI obtains anonymous tips it doesn’t track things like which Democratic lawyer reports them. <<wink>>

Durham has been so far down his little conspiracy rabbit hole he hasn’t looked around to understand what the norm is for Sussmann and Joffe.

Particularly given how the clock is ticking on his efforts to charge a larger conspiracy, without which this case is far weaker, it doesn’t bode well for Durham’s chances.

Update: I should add two things. First, Durham’s request to extend discovery until March would put that after Sussmann’s deadline for motions to dismiss, which is currently February 18. I have a sense that Sussmann wants this stuff before he writes that.

In addition, something else that Durham only discovered months after he indicted this case is that DOJ IG was sitting on two phones from James Baker, the sole witness to Sussmann’s alleged lie.

Second, in early January 2022, the Special Counsel’s Office learned for the first time that the OIG currently possesses two FBI cellphones of the former FBI General Counsel to whom the defendant made his alleged false statement, along with forensic reports analyzing those cellphones. Since learning of the OIG’s possession of these cellphones, the Government has been working diligently to review their contents for discoverable materials. The Government expects to make those materials available to the defense later this week.

It’s never a good sign to discover devices from the single witness four months after you’ve indicted the case.

42 replies
  1. Rugger9 says:

    How long before the judge tosses the prosecution for incompetence? Even though we know the true purpose is not prosecution but publicity, there must be some limits that Sussman can enforce.

  2. WilliamOckham says:

    Throwing your department’s IG under the bus is almost never a useful strategy. Even more so, when there is a very real possibility that you might come under his scrutiny in the very same case.

    • Alan Charbonneau says:

      Let it be true.
      I hope that every rotten deed performed by Trump and his supporters comes back to haunt them. Durham? Be humiliated in court or, as you imply, something more serious. The people who forged docs? I hope they get caught with conspiracy charges (I don’t the legal issues, but it’s my hope). The people who paid for transportation? If they had any idea that this was supporting an insurrection, then ditto. Rotting in prison for supporting sedition is what I wish for all involved. They’ll not all be given what they deserve, but some of them will and it will be gratifying to see justice served.

  3. Dopey-o says:

    In particular, the report reflects that in early 2017, the defendant reported to an OIG Special Agent in Charge that one of the defendant’s clients had observed that a specific OIG employee’s computer was “seen publicly” in “Internet traffic” and was connecting to a Virtual Private Network in a foreign country.

    I am confused by this statement. A Virtual Private Network is a method of routing encrypted traffic thru a circuitous series of connections, in order to evade detection by outside observers. Used to keep the CCP from watching dissidents, for example. Also used by malefactors to hide illegal actions.
    How does an American company observe a DOJ computer, and identify it as such? And is it known what (possibly) nefarious activity this OIG employee was trying to hide?
    Was this being done on a government computer, or on the employee’s personal device?

    • Xboxershorts says:

      If Joffe is seeing traffic reports from VPN destinations then I would posit that this would be a known VPN destination, possibly a TOR access point, and we watch these. So, a connecting IP Address would not be encrypted and DOJ IP Address space is known.

      Any subsequent traffic is what gets encrypted.

    • timbo says:

      Uh… what? A VPN may just link two private remote networks together over a public connection layer—a common practice for many business, agencies, and employees all over the world. There may be little to no obscuring of the public connection layer. In that case, it’s easy to see a DOJ IP endpoint is being used to connect to a VPN port somewhere else if you have a snooper, have access to endpoint logs on either end of the link, or have other means of monitoring or accessing packet routing records.

      What is interesting here is that someone at DOJ was using a VPN link to access a foreign endpoint. We have no idea what that endpoint is at this point. But the fact that it was allegedly observed by Sussmann or one of his sources isn’t some sort of huge technical ask.

      • Dopey-o says:

        Thank you for explaining that. Not necessarily bad intentions, but it would be irresponsible not to speculate.

      • Troutwaxer says:

        On one hand, despite it being a DOJ employee in contact with Russia, I’m not impressed with this as indicating any kind of criminal intent. VPNs are routinely used to connect a remote office to the main body of the organization, or to connect two remote offices, and I suspect that we also cooperate with Russia on certain law-enforcement issues, and we have agents in the field, either clandestine or otherwise, which whom a DOJ employee might legitimately be in contact.

        On the other hand, it could be something very nasty – if the DOJ’s employee is the remote office of a Russian organization, that could be ugly, for values of “ugly” which include law-enforcement and intelligence catastrophe. So we’re just going to see how that plays out (and we may never know what the score is – but if Durham drops this prosecution like a hot rock after contacting the OIG we’ll know something’s up.)

        If we can get the IP or MAC Address of the other end of the VPN then learning more is possible, but there’s every sane reason to keep this information secret.

    • Td12212 says:

      Perhaps the key was that this user was connecting to a foreign VPN. US government computers are not supposed to do that due to a spying risk.

    • earlofhuntingdon says:

      I assume we’re talking about a DoJ work computer, where connecting to a foreign-based VPN would be a problem, because US users routinely connect to VPNs, including foreign ones. Protonmail, for example, is a popular service that routinely provides such access. Its free VPN version provides access through Japanese, Swiss, and US-based servers. Another is Tor.

      [Inexplicable to me is why this comment should be routed to moderation. It’s happening frequently.]

    • Tech Support says:

      Worth noting that an utterly mundane reason to use foreign VPNs is to do some lightweight TOS violating by accessing streaming content when you are being blocked for geographical reasons. (ex: Netflix, NBA League Pass).

      Certainly there’s an interesting question here of what that VPN activity actually represents, but there’s nothing to suggest the CONTENT of those packets are relevant to anything EW has reported on.

        • El Ingeniero says:

          There’s no good, general reason for a work computer to connect to any VPN outside the organization that owns it, and lots of reasons it shouldn’t be. There are exceptions, but related specifically to the user’s duties, and someone else would be aware.

    • Judy says:

      You may want to read the first post in this series on the Durham cases. Basically researchers were given internet information and they found some anomalies which were reported to the government by Sussman for the research team that included a researcher named Joffe. I am not doing it justice so here is the link.
      You can search using Durham to find all Marcy’s posts on this subject.

      • Dopey-o says:

        I am not aware of any progress on the Alfa Bank communications, even after scouring Crebs and ArsTechnica. Best explanation I have seen is that someone mis-configured the email server not to cache the IP address, and it defaulted to repeated DNS lookups.
        Also, Occam’s Razor says an incompetent IT staffer is the most plausible reason. But I wonder if Durham isn’t trying to kill the messenger (Sussman) to distract us from some yet-unknown crime?

    • bawiggans says:

      The rabbit holes here are very tempting, but is the real significance of discovering a second tip from Sussman/Joffe that – assuming it cannot be plausibly construed as motivated by Democratic political interests – it lends some kind of credence to the notion that calling attention to the anomalies was simply an act of good citizenship? Is there some other legal or strategic significance of the fact of the existence of a second tip?

      Another interesting question to me is why and on what basis did the IG withhold this tip and the existence of Baker’s phones and what is known about them from Durham’s investigation?

      • Dmbeaster says:

        It has a bearing on the case, but the larger point is that it evidences rank incompetence in the Durham investigation. The IG wrote the report concerning the investigation into the FBI’s Crossfire investigation, including the FISA warrant for Page. Durham was appointed to follow up on that.

        You would assume that the first thing he would do is familiarize himself with the investigation conducted by the IG. The IG did not withhold anything. Durham apparently did not bother to figuratively get his file. It’s Durham who had the obligation to provide this to Sussman, not the IG. And Durham had access to it whenever he wanted.

        • Dmbeaster says:

          Agree with that, but the point here is about the evidence already gathered by Horowitz during his investigation. It’s pretty amazing that Durham is unaware of this info.

  4. Commentmonger says:

    Shouldn’t this be worded this way – transposing for and when??

    Among the things John Durham didn’t know for (when) accusing Michael Sussmann of criminal intent when (for) sharing an anonymous tip from Rdoney (Rodney) Joffe

    Just an observation. I could tell what was meant. (I think)

  5. klynn says:


    Let me get my head around the Russian threats in the past 24 hours in addition to Ukraine.

    1. Russia threatens war games to be conducted over the convergence of underwater cables off the coast of Ireland. (God bless the fishermen ready to put up a fight.)
    2. Russia threatens to cut off gas supply to Europe if RU is locked out of SWIFT (Society for Worldwide Interbank Financial Telecommunication. SWIFT carries over five billion financial messages a year.)

    Here’s a thought. If anything happens to the underwater cables, I do not think SWIFT will be able to help any state or corporate members, including Russia.

    So what exactly is Putin threatening? Because by my read, he’s taking his own interests down as he threatens to “burn it all down” for everyone else.

    His game theory is weak.

    • Raven Eye says:

      Russia shuts off the gas supply because Russia is cut off from the most common method of international payment. So Putin is doubling down on not getting paid — or at best, the payments for the gas he is no longer selling get seriously delayed.

      Meanwhile, bulk gas transportation (marine or pipeline) is not like shutting off the nozzle when filling up your car at the station. The Russians will need to figure out what to do when they run out of storage for the unsold gas.

      With regard to the maneuvers over the underwater cables; is that to provide sonic masking for subsurface operations by vessels that are already cruising around under the sea?

    • dadidoc1 says:

      I might be totally off base, but Putin is rightfully afraid that Donald Trump will default on his Deutsche Bank loans. Putin is using the invasion of Ukraine as a way to leverage the United States government to backstop those loans.

      • Rayne says:

        Yeah, you’re off base. Trump’s worth to Putin was access to US policy and the ability to destabilize the government of the largest military in the world. That makes the Deutsche Bank loans chicken feed, especially when Putin himself is likely worth in excess of $200 billion — and that’s a stale number from early Trump administration. Could have paid Putin off with a couple well placed pump-and-dump ops to short key stocks like Trump’s trashing Boeing in December 2016 before he took office, or Harley Davidson afterward.

        • joel fisher says:

          And, why isn’t Putin helping 2024 Trump right now?

          [There’s a post and thread for Ukraine — this one isn’t it. /~Rayne]

    • Chris says:

      Russia has always been the enemy of the Private Central Banking system. It has stalled Russia’s outside growth for trade. As more countries transfer to the Russian system, (which they are)the Private Central bank looses to stranglehold.

  6. Joe says:

    Looking forward to this post!
    “ I’ll probably return to the gaps after his deadlines have passed.”
    That cracked me up – thank you!

  7. Molly Pitcher says:

    Marcy, I apologize for the off topic, but Rachel Maddow is reporting tonight that Russia is planning war games off the Irish Coast next week.

    This comes on the heels of a Russian spy ship which was off the coast of Donegal in August. They were suspected of identifying the location of undersea communication cables at that time.,carry%20internet%20traffic%20between%20continents

    “The Yantar, which is part of the Russian navy, arrived unexpectedly off the Donegal coastline on Tuesday night. The vessel is equipped with manned and remote operated submersibles used to attach listening devices to undersea cables that carry internet traffic between continents.Aug 18, 2021”

    Denmark has had their underseas cables cut twice in the last few months, and the Russians are suspected of being responsible.

  8. Rapier says:

    How big is Durham’s shop? How many lawyers and were they all plucked from the DOJ or did he bring in outsiders and if the latter, who?

    While Durham is obviously a true flat earther I would think this stinky output would make for an unhappy stinky shop, unless everyone was on board. At any rate a little bit of insight into who is on this team would be interesting.

  9. Scott Johnson says:

    One wonders what supports of this think the end game is:

    That Durham will be able to go from “person associated with Clinton campaign may have passed dubious tips to FBI without disclosing said affiliation” to proving all of QAnon?

    Or that any shenanigans in the creation of the Russia probe, no matter how de minimis, will taint and thereby invalidate any and all other investigations into Trump-related matters as fruit of the poison tree?

    Both appear to be wishful thinking, at least assuming a functioning law enforcement apparatus. (Enough toadies in high places, on the other hand…)

    • William Bennett says:

      It’s kind of a moot question b/c it’s always and only the narrative that matters, not the substance. It’s all just a wall of noise whose function is to provide a background impression that the Deep State is a thing and the Fight Goes On. Basically the lesson they learned from “Whitewater” writ large. “Questions have been raised!!!” and the supine corporate/political media display their pavlovian conditioning. Just say the magic word and Dark Suspicions that can never be dispelled emerge from the shadows. “Some people are saying.” The media manipulation is so easy it’s hardly an effort, and when the “substance” of any of it collapses it makes no difference whatsoever; the topic just shifts and it’s like the previous thing never happened. Even the truly-committed true believers don’t care; they just switch to something else. If you’re capable of actually believing JFK Jr is going to be resurrected on the Grassy Knoll in Dealy Plaza, or that Trump is going to be re-inaugurated on a date certain (last August, if memory serves), you’re already on such a distant nodding acquaintance with reality that the non-appearance and non-reinaguration will sink below your mental surface with barely a ripple.

      I always return to the revealing fact that Movement Conservatism owes much of its existence and influence on the former Republican (now Trumpublican) Party to the direct mail huckster Richard Viguerie, who specialized in creating lists targeted on the most self-identifiedly gullible people on the planet. It’s not remotely a coincidence that the sites of right wing influencers and media are festooned with come-ons for get-rich-quick, buy-gold!, one-simple-cure quack nostrums and all that crap that used to be confined to the back pages of True Crime magazines and the like. Anyone who bought any of that stuff instantly got put on lists aggregated by Viguerie and targeted for more of the same, and he went on to sell those lists to form the basis of GOP outreach. It’s literally the Great Database of the Dumb & Gullible, growing explosively like a virulent bacteria once it was exposed to the nutrient rich agar of the Internet.

      • gmoke says:

        Ah, assembling the gullible masses.

        My father was a Goldwater conservative and, starting in the late 1960s or early 1970s, he would get a free monthly magazine, “The Plain Truth” from the Worldwide Church of God, formerly the Radio Church of God, although he was not religious at all. USAmerican conservatism was crossbreeding with fundamental “Christianity” long before Vigurie started fulminating.

        I asked Rick Pearlstein if he knew anything about this connection once upon a time. He didn’t and invited me to investigate; but I’m not sufficiently interested in that political ancient history. Yet.

        • Ginevra diBenci says:

          I’m interested in it. Viguerie did in fact play a central role in bringing together the forces now united as the hard right. Randall Balmer and Katherine Stewart have written about this extensively, as has Anne Nelson whose book Shadow Network I’ve recommended here before. If you want to know why Trump got elected, why we have a SCOTUS on a path to Armageddon (literally), you need to know this very not-“ancient” history.

  10. Tom R. says:

    Irony is dead.
    1) The foundation-stone underpinning the entire Durham operation is the hypothesis that the Russia investigation was “improperly predicated”.
    2) So far, Durham has succeeded in proving only one thing, namely that the Durham operation was improperly predicated. It was motivated by politics and conducted in bad faith.

    If he had the slightest bit of integrity or self-awareness, he would have figured that out ten seconds after being appointed.

Comments are closed.