“Something Like This Has 0 Repercussions if You Mess Up:” John Durham Debunked the Alfa Bank Debunkery

As you know, John Durham failed spectacularly in trying to use a false statement charge against Michael Sussmann to cement a wild conspiracy theory against the Democrats.

But Durham did succeed in one thing (though you wouldn’t know it from some of the reporting from the trial): He utterly discredited the FBI investigation into the Alfa Bank allegations. Lead prosecutor Andrew DeFilippis even conceded as much in his closing argument.

Now, ladies and gentlemen, you have heard testimony about how the FBI handled this investigation. And, ladies and gentlemen, you’ve seen that the FBI didn’t necessarily do everything right here. They missed opportunities. They made mistakes. They even kept information from themselves.

That’s a fairly stunning concession from DeFilippis. After all, DeFilippis asked the guy who was responsible for some of the worst failures in the investigation, Scott Hellman, to be his expert witness, even though Hellman, by his own admission, only “kn[e]w the basics” of the DNS look-ups at the heart of the investigation. Along with Nate Batty, Hellman wrote an analysis of the Alfa Bank white paper in less than a day that:

  • Misstated the methodology behind the white paper
  • Blew off a reference to “global nonpublic DNS activity” that should have been a tip-off about the kinds of people behind the white paper
  • Falsely claimed that the anomaly had only started three weeks before the white paper when in fact it went back months
  • Asserted that there was no evidence of a hack even though a hack is one of the hypotheses presented in the white paper for the anomaly at Spectrum Health (Spectrum itself said the look-ups were the result of a misconfigured application)

Later testimony showed that, after speaking to Hellman and before even checking whois records, the Chicago-based agent who had a lead role in the investigation told a supervisor that “we’re leaning towards this being a false server.”

Within hours, Miami-based agents had confirmed with Cendyn that was false.

In spite of being so egregiously misled from the start by the guys in Cyber, agent Curtis Heide testified in cross-examination by Sussman’s attorney, Sean Berkowitz, that Hellman’s analysis was one of the four things that he believed supported a finding that the anomaly was not substantiated.

Q. Okay. I think near the end of your examination by Mr. Algor he questioned you about your basis for concluding that there was — that the allegations were unsubstantiated. And I think you gave four reasons. I’m going to run through them. If there’s more, that’s okay. Number one, you said the assessment done by Agents Hellman and Batty. Correct?

A. Yes.

Q. Two, the review of the logs. Correct?

A. Yes.

Q. Three, the Mandiant conclusion. Correct?

A. Yes.

Q. And four, the discussions with Spectrum Health about the TOR node. Correct?

A. Yes.

Q. Anything else that you can recall, sir, as to why it was that your investigation, or rather the investigation that you oversaw, suggested that the allegations were unsubstantiated?

A. The only other thing I can think of would be my training and experience with — relating to Russia and cyber investigations.

Q. And is there anything in particular about that that you recall today?

A. With respect to the white paper, it didn’t — when I read through it initially, I had several questions, and it didn’t appear to be consistent with Russian TTPs.

Another thing Heide relied on was the analysis from Mandiant, which Alfa Bank hired to investigate after NYT reached out. According to Franklin Foer’s story, Lichtblau reached out to Alfa on September 21, after Sussmann had given the FBI a heads up but before the FBI asked Lichtblau to hold the story on September 26, so in the window when the FBI had a chance — but failed — to protect the investigation.

One of the truly insane parts of this investigation, by the way — which was conducted entirely during the pre-election window when overt actions were prohibited — was that FBI big-footed to Cendyn and Listrak before sending NSLs to them. And by that point, Alfa Bank was calling the FBI.

A report that was not explained amid the primary resources from the investigation, but which was concluded by October 3, reveals that Chicago’s conclusion was almost entirely based on what Alfa told the FBI and Mandiant.

There was nothing in the case documentation until a 302 for a March 27, 2017 interview done in association with Alfa’s 2017 claims of spoofed DNS traffic (the interview may have been done with Kirkland and Ellis) that documented that, when Mandiant arrived the previous year to investigate, there were no logs to investigate.

Indeed, Heide testified on cross-examination that he had never learned of that fact. At all.

Q. And were you aware, while you were doing the investigation, that Mandiant, when it went to talk to AlfaBank to look into these allegations, did not have any historical data, that Alfa-Bank did not provide any historical data to Mandiant? Did you know that?

A. No

We now know that at a time when “Executives at the highest level of ALFA BANK leadership” had been hoping to “exonerate them[selves]” in 2017, Petr Aven had already started acting on specific directives from Vladimir Putin, including trying to open a back channel to Trump.

Plus, at least as far as Listrak could determine, while the marketing server had sent materials to Spectrum, it had never sent anything to Alfa Bank. The stated explanation that this was spam, then, conflicts with what FBI was seeing in the logs.

As for Spectrum — another of the reasons Heide pointed to — there’s no evidence of anyone reaching out to them (as compared to interactions with agents in Philadelphia and Miami who reached out to Listrak and Cendyn, respectively).

It’s true that the anomaly at Spectrum was not a Tor node (something that researchers came to understand themselves around the time Sussmann shared the allegations with the FBI). But it’s also true that, per Cendyn (which only looked back a month), the identified IP address at Spectrum was reaching out to the Trump server.

The IP address in question showed up in traffic that may be associated with Chinese hacking.

This then might have corroborated the hypothesis, from the white paper, of a hack of Spectrum, but by this point, Hellman had long before decided there was no evidence of a hack and this was, “just garbage.”

That leaves the logs, Heide’s fourth reason for believing FBI had debunked the Alfa Bank allegations. As far as the logs in question, former agent Allison Sands (who was assigned the investigation as a brand new case agent) told one of the tech people on September 26 that, “the end user [possibly Cendyn] is willing to provide logs but they dont have what we need.” Cendyn did share details of their own spam filter, which wouldn’t address the DNS look-ups themselves.

Then, on October 12, Sands told Heide that,

the ‘logs’ we got from Listrak were not network logs

they basically just confirm that trump org is one of their email clients, but they dont show destination email addresses or IPs or anything that we can use to[ ]determine any communications


it was two excel spreadsheets

that was all we got

The FBI did get something. Sands testified that the FBI obtained upwards of 600,000 records (she described obtaining records from Cendyn, Listrak, and GoDaddy, but not Spectrum or Alfa Bank). But it’s not clear how useful those records really were. There’s a reference to the “take” elsewhere (see below), and redacted entries that look like intelligence targeting, plus a reference to an OGA partner reporting “no attempts.” (Here’s a reference to the OGA analysis that is redacted in other versions of the same email chain.) So it seems any useful logs came from another agency. But if that’s right, it would be targeted overseas.

In trial testimony, Sands described that her task was to prove that the allegation wasn’t true, not to explain what the anomaly was.

I knew still I had to rebuild from scratch and prove that this allegation wasn’t true.

In real time, too, she saw her task as disproving that emails had been shared, not even disproving that covert communication had occurred.

I have a few more logs to definitely prove there are no emails, and then Im putting it to bed

That’s a particularly problematic description given that the FBI had been told via other channels that there was some activity reflecting more than DNS look-ups.

That leaves, according to Heide’s judgement, just the observation that the DNS traffic was not consistent with known Russian techniques. Newbie agent Sands said something similar to Chris Trifiletti, Joffe’s handler and apparently sensitive for some other reasons. In response, he mused about whether Russia was “trying other things now that look more non traditional.”

We don’t know the answer to that, because the FBI didn’t try to figure it out.

Scott Hellman, the cyber agent who insisted at every opportunity he got that this was garbage was wrong about how long the anomaly had lasted, but he was right about one thing. On October 4, he advised newbie agent Sands that,

any chance you get to work something like this that truly has 0 repercussions if you mess it up ….take those opportunities

He did mess it up. It wasn’t just his own analysis; his repeated insistence that this was “garbage” appears to have made all the other investigators less careful, too. Six years later, we’re still no closer to understanding what happened.

Hellman was right about facing “zero repercussions if you mess it up.” By all appearances, he’s one of the few people who escaped any consequences for trying to investigate Russia in 2016. We know that several people — including Jim Comey, Andrew McCabe, Peter Strzok, and Bruce Ohr — were fired for their efforts to investigate Russia. We learned at the trial that Ryan Gaynor was threatened with criminal investigation for not answering questions the way Andrew DeFilippis wanted. Curtis Heide remains under FBI Inspection Division investigation for things he did in 2016. Rodney Joffe was discontinued as an FBI informant, according to him, at least, because he refused to cooperate with Durham’s investigation. Everyone who actually tried to investigate Russia in 2016 has faced adverse consequences.

But Hellman appears to have suffered none of those adverse consequences for fucking up an investigation into a still unexplained anomaly. On the contrary, he’s been promoted; he’s now a Supervisory Special Agent, leading a team of people who will, presumably, similarly blow off anomalies that might be politically inconvenient to investigate.

That’s the lesson of the Sussmann trial then: The only people who face zero consequences are the ones who fuck up.

Update: Corrected spelling of Hellman’s last name. Added Comey and McCabe to the list of those fired for investigating Russia. Removed Lisa Page–she quit before she was fired. In this podcast, Peter Strzok said that all FBI agents named in the DOJ IG Report are still under investigation.

Update: All the links to exhibits should be live now.

Update: Added detail that Listrak says Trump never sent marketing mail to Alfa Bank.


I’ve put (what I believe are) all the exhibits about the FBI investigation below.

These times are surely not all correct. Durham consistently shared evidence without marking what time zone the evidence reflected. Importantly, some, but probably not all of the FBI Lync messages reflect UTC time; where I was fairly certain, I tried to reflect the time in ET, but in others, the timeline below doesn’t make sense (I’ll keep tweaking it). Some of the emails reflect the Chicago time zone.

September 19, 2:00PM: Sussmann Meeting

September 19: Priestap notes

September 19: Anderson notes

September 19, 3:00PM: Strzok accepts materials

September 19, 4:31PM: Gessford to Pientka: Moffa with info dropped off to Baker

September 19, 5:00PM: Sporre accepts materials

September 20, 9:30AM: Nate Batty to Jordan Smith: A/AD has two thumb drives.

September 20, 12:29PM: Batty accepts materials

September 20, 4:54PM: Batty and Hellman re analysis

September 21, 8:48AM: Batty to Hellman: at least look at the thumb drives [Batty Lync]

September 21, 4:25PM: Pientka Lync to Heide: People on 7th floor fired up about this server

September 21, 4:46PM: Batty to Heide and others: initial assessment

September 21, 1:10PM [time uncertain] Sands to Pape: Director level interest

September 21, 4:57PM: Norwat to Todd: Not a cyber matter

September 21, 5:06PM: Todd to Heide, cc Pientka

September 21, 5:52PM: Pientka to Heide: Nat [sic] Batty ha the thumb drives

September 22, 4:58AM: Hubiak to Heide: Let me know if you need anything from PH

September 22, 8:09AM: Todd to Marasco [noting thumb drives came from DNC, suggesting tie to debate]

September 22, 8:33AM: Pientka to Heide: Less than 24 hours to investigate, determine nexus, before losing traffic, watched by Comey

September 22, 9:30AM: Pientka to Moffa: Cyber, ugh. Read first email.

September 22, 9:59PM: Hellman to Heide: can you talk on link

September 22, 10:23AM: Marasco to Pientka: FYI

September 22, 11:13AM: Sands to Hubiak: Suspect email domain hosted on Listrak server — if you can help out with a knock and talk it would be great.

September 22, 11:14AM: Baker to Comey and others: Reporter is Lichtblau

September22, 11:34AM: Hubiak to Sands: Will start working on this now

September 22, 12:02PM: Batty to Wierzbicki: We think it’s a setup

September 22, 12:10PM: Heide to Pientka: We’re leaning to this being a false server.

September 22, 2:00PM: Pientka to Hubiak: Thanks for all your efforts. The CROSSFIRE HURRICANE Team greatly appreciates you running this to ground.

September 22, 4:22PM: Sands to all: open full investigation, summary of Hellman’s conclusions [OGA partner targeting Alfa?]

September 22, 5:33PM: Heide to Pientka: it’s a legit domain

September 22, 4:53PM: Sands to all: Cendyn agrees to cooperate, legit mail server

September 23, 8:26AM: Sands to Hubiak: Cendyn willing to cooperate and provide logs

September 23, 1:09PM: Heide to Sands: once we get that case opened, let’s cut a lead to the MM division requesting assisting with the interview, etc.

September 23, 1:53PM: Sands to others: Cendyn, as of this morning no longer resolves, picture of Barracuda spam filter

September 23, 4:04PM: Heide to Gaynor: Cyber’s review

September 23: EC Opening Memo [without backup]

September 26: Gaynor notes

September 26: Intelligence Memo

September 26, 8:02AM: Lichtblau to Kortan: You know what time we’re meeting?

September 26, 9:29AM: Kortan to Lichtblau: Baker’s tied up until later this afternoon.

September 26, 10:02AM: Lichtblau to Kortan: planning to bring Steve Myers

September 26, 10:15: Heide to Pientka: We want to interview the source of the whitepaper?

September 26, 12:09: Kortan to Baker and Priestap: some kind of recap later today?

September 26, 12:29: Sands to Hubiak: I’m writing a justification for an NSL to GoDaddy

September 26, 4:19PM: Heide to Shaw: apparently it’s going to hit the times?

September 26, 4:55PM: Heide to Hellman: We think it’s a bunk report still…

September 26, 5:02PM: Soo to Sands: searching current and historical lists of Tor exit nodes

September 26, 6:20PM: Sands to all, cc Heide: Spectrum hit at Cendyn, NSLs for Listrak, GoDaddy, redacted, Tor results

October 2, 12:02PM: Grasso to Wierzbicki: Two IP addresses

October 2, 7:02PM: Heide to Hellman: Check this out….

October 3: Tactical Product

October 3: Communications Exploitation

October 3, 1:48PM: Gaynor to Heide: Did white paper start with person of interest?

October 3, 2:49PM: Heide to Gaynor and Sands: Interview source

October 3, 3:00PM: Wierzbicki to Gaynor, cc Moffa: I agree with Heide, interview source

October 4: Kyle Steere to Wierzbicki and Sands: Documenting contents of thumb drive

October 4, 8:26AM: Sands to Hellman: 2 random IP addresses we got from tom grasso

October 4, 8:28AM: Sands to Hellman: we got a report on the Alfa Bank side that they also think this is nothing

October 4, 8:43AM: Hellman to Sands: any chance you get to work something like this that truly has 0 repercussions if you mess it up ….take those opportunities [alt version]

October 4, 10:00AM: Gaynor to Wierzbicki et al, cc Moffa: We need to know what we can learn from the logs [CT version]

October 4, 9:50PM: Grasso to Sands: SME who can help give context to the data we discussed

October 4, 11:08PM: Sands to Grasso: Sounds great.

October 5, 1:20PM: Trifiletti to Sands: i reminded him once more that he has never proceeded with anything when he wasnt absolutely sure

October 5, 1:33PM: Hosenball request for comment

October 5, 3:02PM: Strzok to Gaynor, forwarding Hosenball with Mediafire package

October 5, 4:08PM: Sands to Trifiletti: We need to speak to Dave dagon now too

October 5, 5:07PM: Sands to all: Update on CHS conversation — redacted explanation for why Alfa changed

October 5, 6:58PM: Grasso to Sands: I told Dagon that you would be able to protect his identity so that his name is not made public

October 6: Gaynor notes and drawing [alt version, more redacted]

October 6, 4:20PM: Materials to storage

October 6, 4:28PM: Christopher Trifiletti: CHS report (Spectrum: misconfigured server)

October 6, 4:54PM: Trifiletti to Sands: Actual text of 1023 submitted

October 6, 6:21PM: Wierzbicki to Gaynor: CHS debrief

October 7, 8:59AM: Sands to Trifiletti

October 12, 8:01AM: Sands to Heide: the “logs” we got from listrak were not network logs

October 13, 5:45PM: Gaynor to Wierzbicki: Mediafire (includes link)

October 19, 8:05AM: Sands to Heide: we spoke to mandiant and that we are talkingt o [sic] the tech people at the ISP today

October 19, 10:15AM: Gaynor to Wierzbicki: 2 IP addresses, Mediafire, Dagon author?

November 1, 3:09PM: Sands to Trifiletti: I have a few more logs to definitely prove there are no emails, and then Im putting it to bed

November 14, 2:52PM: Steere to Sands: [report on September 30 receipt of logs from Cendyn]

January 18, 2017: Closing Memo

March 27, 2017: Sands 302 with Alfa reports that Mandiant reported no historic data

July 24, 2017: Moffa to Priestap: Includes several other reports

July 24, 2017, 3:10PM: Sands accepts custody

67 replies
  1. Rugger9 says:

    I’ve noted this in the Danchenko post, but it’s worth noting here too: who else can Durham’s team charge given that the events are well past the statue of limitations for charging and as well addressed by the board here (led by EW) any actual evidence is either suspect, compromised, misinterpreted or (allegedly) ‘manufactured’. Any one of these impediments would make it very hard to convict someone in the Russiagate investigation.

    Is there anyone still liable for this (allowing for the ‘lying to investigators’ rap always on the table), because I don’t see it. As a side question, when someone skips out on the lam, does the SoL timing stop or does it continue to run?

    • CD Wilsher says:

      The Frothers believe that Joffe can be charged with major fraud against the US, which has a seven-year SOL.

  2. Rugger9 says:

    Is Durham able to continue with the investigations if there are no strings left to pull (IIRC) and the SoL has run its course? What would be Durham’s charter in that case?

      • Rugger9 says:

        When does that run out? I’ve also seen no real evidence of a conspiracy in setting off on the Russia 2016 investigation as opposed to J6. If I’m correct, is Durham just about done?

        • Scott Johnson says:

          I’ve seen no evidence of a principal goal, in all this Hillary nonsense, that is actually ILLEGAL. Conspiring to do a legal thing is not against the law, even if it happens that one or more parties breaks some law along the way. People have to cooperate in furtherance of an ILLEGAL goal to charge a conspiracy.

          But that nuance is lost among the frothers, who seem to think that because Hillary was previously an officer in the Obama Administration, and/or of the same political party as the POTUS in 2016, that any action taken against the Trump Campaign, whether public or private, is ispo facto illegal.

      • Hoping4better_times says:

        How would the conspiracy SOL apply to possible charges against Rodney Joffe? IANAL My understanding of conspiracy: It exists when two or more people get together to plot some illegal act(s) and that one or more committed at least one act to further the nefarious plot. Success of the plot is not a requirement. Durham’s “grand conspiracy” is/was that the Dems conspired to smear trump’s 2016 presidential candidacy. He won. End of conspiracy, but the clock continued for 5 years.

  3. Anonymouse says:

    Wait wait wait… Spectrum Health was running a tor exit node?

    Wonder why a healthcare company like that finds it important to contribute to the operation of Tor.

    • Rugger9 says:

      This was covered with some detail in a couple of the Sussmann trial posts, but to summarize to the point of imbecility it was very odd that they did, it was not accidentally done and there was really no good rationale to do so. I’ll let the geeks take it from here.

    • PieIsDamnGood says:

      It’s exceedingly strange, although I wouldn’t discount the “bored IT guy who wanted to waste company resources” explanation

    • emptywheel says:

      They did not do so.

      The researches misunderstood what the IP was doing. As noted in the post, they had figured that out by around the time Sussmann brought the white paper to the FBI, but not in time to get it out of the report.

    • Savage Librarian says:

      Wait, wut? Marcy says here it was *not* a Tor node:

      “It’s true that the anomaly at Spectrum was not a Tor node (something that researchers came to understand themselves around the time Sussmann shared the allegations with the FBI). But it’s also true that, per Cendyn (which only looked back a month), the identified IP address at Spectrum was reaching out to the Trump server. “

      Oops. Sorry, Marcy. I didn’t see your reply when I commented.

  4. Rugger9 says:

    OT although I’m sure a post is imminent: Eastman has to cough up some more emails and other records (159 of them), detailing three December 2020 meetings. What I found interesting is that the December 9 meeting about “Ground Game…” involved a ‘sitting member of Congress’ discussing a plan to challenge electors. My guess is that either Ted Cruz and/or Mike Lee were the perp(s) since both fancy themselves to be Constitutional experts and both have been rather coy about their actual input. Mike Lee might have a slightly better shot since he was called on the floor from the WH allegedly looking for Tuberville. These docs might expose Lee (R-UT) as more of a fraud than he already is. This might be worth a pool.


  5. Tim Tuttle says:

    I’m a bit taken back at Sands lack of enthusiasm for her job. She is assigned the job of investigating potentially damning email connections that could breach national security protocols in a presidential election.

    She seems pretty bored by the task. It’s not TV. Some FBI footwork is pretty mundane. It has to be done.

    Enthusiasm: F.

    Overall Project: F.

    Professionalism: F

    • emptywheel says:

      She was enthusiastic, actually. A bit overwhelmed by the attention this was getting. Probably totally fucked by getting assigned this as her first investigation.

  6. Sharyn Smith says:

    So, we still have no answer for the Trump/Alpha/Spectrum servers. And the Sussman trial only raised more questions. And a lot more about the competency of the FBI. The media coverage of this episode has been pretty dreadful. It reads like a huge story lurking below the surface that has gone over most people’s heads.

    The worst part is the people who went to the FBI with potentially significant information, all found themselves on the receiving end of problems. A terrible precedent for the future.

    • Phil A says:

      My question is why didn’t the FBI send this information to the CIA or NSA or Military Cyber guys?

      Since it involved an international server and possible international governments AND those guys would be better prepared to deal with the information they were handed it would only make sense to me.

      Unless, of course, the whole goal was to make it go away as quickly and quietly as possible.

      • emptywheel says:

        Note the reference to OGA, above.

        They did. Someone came back showing that there were no Alfa look-ups.

        I’m genuinely interested in that, bc it would likely have been collection overseas.

        • emptywheel says:

          I should have added: OGA is shorthand for “other government agency.” Usually, it refers to CIA, but in this case NSA is a more likely candidate.

  7. What Constitution? says:

    And thank you for not choosing to run the post mortems about the Sussman debacle under yet another posting of that creepy ass photo of John Durham.

    Too soon?

  8. Mike Stone says:

    The sad part of this whole affair is that it is very hard to follow and understand. As someone who works in technology, I have a hard time following this. I cannot imagine the average person or news reporter to be able to accurately report this story.

    • John Paul Jones says:

      I kind of disagree with Mr Stone’s thesis here, but part of the reason the affair as a whole may be hard to follow is that the original anomaly, so to call it, was never fully investigated or explained. If you go back to the original Franklin Foer article (linked above), you’ll see he did a bang-up job of laying everything out, so that once one has gone through it, then it’s possible to slot additional material into that framework. Works for me anyway. So I disagree with the thesis to the extent that I believe a decent reporter could, like Foer, not only find her/his way through the thickets, but would be able to take the reader along with them.

  9. Ginevra diBenci says:

    I have the answer. I got it from Pete Williams, NBC’s hard news reporter, who dropped in to MSNBC after the Sussmann verdict, deus ex machina fashion, to set us all straight. I can’t remember who, but someone on set asked what, at long last, was the truth about that server.

    Williams said the FBI looked into it, “and found that there was nothing to it.”

    So rest your pretty little heads. America is safe.

    • anaphoristand says:

      Pete’s retiring, and by all account of his colleagues is an incredibly good guy, but good lord did he get absolutely abused by Barr and his DOJ throughout his 2nd tenure as AG.

  10. WilliamOckham says:

    The FBI investigation was waaay sloppier than I ever imagined. I assumed back then the FBI had actually run down this tip. And they …. just didn’t.

    • P J Evans says:

      We’ve been taught that the FBI is good at investigating, and this…was anything but. Did they have instructions from On High that this was unimportant and could be left to itself?

      • Rugger9 says:

        I think the ‘on high’ theory is doubtful, because Obama was still in office then. I would not rule out a local office with burrowed Bushies (like, say SDNY) or MAGA sympathizers slow walking and/or mucking up things if for no other reason than to get HRC. Her name is still being used to fire up the frothers even though she’s kept a mostly demure profile since 2016’s loss. That in 2016 the SDNY types thought Individual-1 was less of a threat to America than HRC is known. That’s why SDNY pressured Comey to admit to the email investigation.

    • Peterr says:

      Aly Reisman, McKayla Moroney, Simone Biles, and 87 of their close US gymnast friends have a few thoughts about the sloppiness of the FBI, their ability to *not* run down tips and testimony, and their uncanny skill at holding no one at the agency accountable for their sloppiness and inability to do the “I” thing in their name.

  11. Troutwaxer says:

    I’m neither brilliant nor well-educated as geeks go, just a simple network technician and amateur programmer, but even to my beta-geek ears this SCREEEEEEEAAAMS “I did everything wrong and I don’t give a fuck!”

    • Carolyn says:

      …and “I’m not even ashamed to pretend I/we didn’t fuck up bc Durham says we done good.”

      • Troutwaxer says:

        Yeah. I’ll let our more cyber-astute people comment on the details, but what a Charlie-Foxtrot!

  12. Zinsky says:

    I hope there is a tenacious Certified Information Systems Auditor (CISA) somewhere who is really digging in deep to the underlying evidence related to the Alfa Bank/Trump Organization/Spectrum Health data traffic. As a former auditor, including five years at one of the Big 4 firms, something doesn’t smell right about this DNS traffic and Alfa Bank’s reaction to the inquiries. I think there is more here or at least there are digital crumbs that might lead to more clear malfeasance or evidence of misdeeds on the part of Trump or his associates.

    • Rayne says:

      Agree a CISA has been needed. It’s not just the bank’s response but nearly everyone who came in contact with it. It’s become a sticky problem no one can approach without getting stuck. Perhaps that was part of the intent to begin with, a honey pot of sorts, but it’s difficult to tell because so much has been poorly documented, lost, distorted along the way.

  13. wetzel says:

    I think Matt Shuham at Talking Points Memo did a good job yesterday in his write-up of the Tuesday order by Judge Carter for Eastman to turn over more emails to the Jan 6 Committee, so I’m putting it here off topic. It was just a write-up. It’s not behind their paywall.

    I think journalism has a very difficult challenge with the arguments in these two Jan 6 investigations, Congress and Dept of Justice. The basis of a legal decision is often hard to convey in its full logic at the target reading level of the NY Times, so I thought TPM did a good job organizing the information here.


    I do not know, but I can only imagine, and so I am saying that these new Eastman emails sure do look juicy! I do not know how soon they’ll be turned over to the committee. From a non lawyer’s perspective, it is really something to see the power of a judge. How, in allowing evidence into an investigation, they are turning all the rocks over.

    Judge Carter:

    “Because the attorney concluded that a negative court ruling would ‘tank the January 6 strategy,’ he encouraged the legal team to avoid the courts,” the judge wrote of the email in question, adding that it cemented the direction of the Jan. 6 plan.

    While lawyers are free not to bring cases, Carter wrote, “they are not free to evade judicial review to overturn a democratic election. Accordingly, this portion of the email is subject to the crime-fraud exception and must be disclosed.”

    Lol! Is this right? One of their lawyers told everybody they should do everything possible to avoid litigation because they would lose. A lawyer is always towards the court, so in open, willful evasion of judicial review, everybody stopped being lawyers and they became conspirators! Oops. There goes our privilege!

    • harpie says:

      They should have been turned over already:


      [pdf26/26] DISPOSITION
      For the reasons explained above, the Court finds that 440 documents are privileged. The Court ORDERS Dr. Eastman to disclose the other 159 documents to the House Select Committee by 2:00 p.m. Pacific Time on Wednesday, June 8, 2022. 171

      [171 It is Dr. Eastman’s responsibility to redact protected emails when they appear in otherwise-disclosed
      DATED: June 7, 2022

      • wetzel says:

        Okay. I see. Thank you.

        Maybe we are going to find out the contents of these emails soon! Will this lead to the participants in the fraudulent elector scheme, the ones behind the scenes? I am placing odds on Newt Gingrich being involved. This is my vice. To imagine Newt up to his eyeballs behind the scenes in Georgia. I will try to make the inferential case for this likelihood. It is based on this video.

        Here was Newt threatening jail for Jan 6 Committee members back in January.


        I think one of the most fascinating rocks to turn over will be the behind-the-scenes effort in each of those seven states, GA, MI, AZ etc, to get the fraudulent electors 100% to the table and in secret. They only succeeded 5 out of 7, completely.

        How would you organize this effort behind the scenes to make sure all these electors will show up? Each one would have to be cajoled and reassured like a horse from the barn in Animal Farm. Nobody can back out. Nobody can make waves.

        He looks stressed in the video. I think Newt was a reassurer here in Georgia, an obvious candidate with his ‘history professor’ knowledge. He could go down the bullet points about constitutional precedents.

        Relatedly, we found out recently Trump campaign worker Sinners told the fake electors in Georgia to “misdirect security guards when they arrived” at the statehouse. They were to tell the guards they were attending a meeting with two state senators. The enforcement of secrecy shows criminal intent.

        So back in January, when I saw Newt Gingrich threaten the Jan 6 committee with jail time, I had a true crime Nancy Grace moment. Watch the video. He made the threat just after Asst. Attorney General Monaco confirmed they were investigating the phony elector scheme and Rona McDaniel started strangely malfunctioning.

        Newt originated the propagandistic style of politics which became the GOP’s answer in the 1980’s. It was a kind of right wing Leninism. He trained half their Congress in a specific style of politics. It was the Gingrich revolution. I can’t imagine Newt sitting out. It would be like the culmination of his life’s work, honestly.

        • bmaz says:

          Come on man, your comments are all as long or longer than a lot of our front page posts and, frankly, not particularly informed or useful. Tighten it up. A lot.

        • Rayne says:

          wetzel, seriously, you’re going to have to be more concise. This is 368 words of blather.

          If you have a question, ask it — and you’d best have made an effort to do your own homework first.

          If you have a comment, 100 words or less is optimum for the internet. Use more self-editing.

          We don’t have time to moderate this and space on small mobile displays makes concision essential.

          • wetzel says:

            I appreciate the straightforward feedback. The next time I feel I’ve got something to say, I’ll try to play it out in my head better how it may be received and keep things shorter. Sometimes it comes out clear, so I’m not giving up!

    • Rayne says:

      Dude. The subjects aren’t difficult. “The attorney” avoided the court because they were committing a crime; discussing avoidance of judicial review was part of the criminal conspiracy. They would lose in court because they were committing a crime.

      When you say “I do not know,” believe me it’s obvious.

  14. Thomas says:

    Your work on this story is amazing.

    In my opinion, Durham did uncover a politically motivated conspiracy. Some FBI agents will conspire to throw out evidence that might prove crimes by Republicans.

    And then the same FBI agents will be rewarded for not doing their jobs, and then the same FBI agents will participate in a corrupt politically motivated false prosecution against the people who uncovered evidence of crimes committed by Republicans.

    We really need to kick every Republican out of any office or job that has any kind of legal authority.

  15. John P says:

    “ Listrak says Trump never sent marketing mail to Alfa Bank.”

    If that’s accurate, it completely disproves Mandiant’s one hypothesis on an innocent explanation for DNS lookups (reprocessing of old marketing email). No?

  16. Tom R. says:

    I’m not assuming steps (3) and (4) did happen, but here’s what should have happened:

    1) Joffe gives the DNS info to Sussmann.

    2) Sussmann passes it to FBI.

    3) FBI calls up NSA and says: There may be some suspicious traffic between (in the US) and (in Moscow). We’ve been told about a great many weird DNS lookups over the past few weeks; could you please look to see if there are any sturdier connections (TCP or the like) to go along with the lookups?

    4) NSA works on it for about 10 minutes and reports back: “Yes there is heavy traffic” or “No, there’s nothing but orphan DNS lookups.”

    Scenario A: No such investigation took place. Chalk it up to laziness and incompetence. It’s pretty bad, but I’ve seen worse.

    Scenario B: It did take place.

    They would have tried to keep it secret, at least for a while. NSA likes being secretive even when there’s no reason for it. They capture practically all international traffic, and store it for a good long time. They have tools for querying the database with reasonable efficiency, despite its size.

    This investigation is relevant to the Sussmann case because Joffe must have thought along the same lines. That means he would have considered it cartoonishly counterproductive to feed doctored data to the government. Specifically: Whether or not this happened, Joffe would have considered it likely to happen, and he would have played his cards accordingly. So all the frothy theories about a conspiracy to deceive the FBI are dead on arrival.

    Tangential remark: Mandiant would need server logs in order to figure out what’s going on, but NSA would not. When Durham blithers about the logs, it could be a parallel-construction cover story. Or it could be old-fashioned nonsense.

    • emptywheel says:

      NSA is the most likely candidate to be OGA, above. So it may have happened. But it would most likely have been collected overseas.

      But the researchers involved ALSO capture virtually all DNS. So they should not have come to different conclusions.

Comments are closed.