The Alfa Bank Dark Net at Noon

/23 Comments/in , /by

Before its John Doe nuisance lawsuits got shut down by Vladimir Putin’s invasion of Ukraine, Alfa Bank made several claims that led me to chase down a minor – but potentially important – part of the Alfa Bank story.
Someone totally uninvolved in the Michael Sussman/Fusion/April Lorenzen effort played a role in making their efforts public in 2016: “Phil,” the guy about whom I went to the FBI in 2017. As I told the FBI, I suspected he had played a role in the Guccifer 2.0 and Shadow Brokers operations.

This post will focus on what Alfa Bank got wrong. A follow-up post will look at why, if John Durham made the same error, it may matter for the Michael Sussmann case.

Someone exposes Tea Leaves’ research via Krypt3ia

At issue is this post on the eponymously-named InfoSec blog Krypt3ia. As the post describes, someone tipped Krypt3ia off to a WordPress site and a purported i2p site (also called an “eepsite”) that laid out a version of the claims that Michael Sussmann had shared with the FBI and the NYT in September 2016.

Those claims are at the heart of the false statement charge against Sussmann.

Along with the basic allegations about weird DNS look-ups between servers from Alfa Bank and Spectrum Health and a Trump marketing server, those sites also revealed that after the NYT called Alfa Bank for comment about the DNS anomaly in September 2016, the Trump DNS address changed. This is the digital equivalent of someone changing their phone number after discovering they were being surveilled. The seeming response by Trump to the NYT call to Alfa for comment has always been regarded as the smoking gun showing human acknowledgement of the communications (a report from Alfa Bank attempted, unpersuasively, to contest that).

By connecting to a Russian-hosted proxy service, the Krypt3ia post about all this added an element of Russian mystery to the story. But that’s it. The post offered no other new content.

The Krypt3ia post is more important for the function it played than its content. Krypt3ia’s post served to make the contents of a publicly available but difficult to find i2p site – believed to be created by data scientist April Lorenzen, but written under the pseudonym Tea Leaves – accessible.

In response to tips from source(s) of his, Krypt3ia focused attention on a series of communications, none tied in his post to a then-identified person. First, someone alerted him to the WordPress site. That site spoke of Tea Leaves as a third person; there was never a pretense that it was Tea Leaves or Lorenzen. Krypt3ia learned of that WordPress site because someone approached Krypt3ia, purportedly asking for help finding an incomplete i2p address listed in the post.

I caught wind of the site when someone asked me to look at an i2p address that they couldn’t figure out and once I began to read the sites [sic] claims I thought this would be an interesting post.

That tip led Krypt3ia to find what was actually a proxy allowing access to a real i2p site – the one that injected an air of Russian mystery to the story.

First off, the i2p address in the WordPress site is wrong from the start. Once I dug around I found that the real address was gdd.i2p.xyz which is actually a site hosted on a server in Moscow on Marosnet.

That led Krypt3ia to ask whether anyone at NYT wanted to verify the claim that Trump Organization seemingly took action after NYT called Alfa.

I also have to wonder about this whole allegation that a NYT reporter asked about this.

Say, any of you NYT’s people out there care to respond?

Ask and you shall receive! Someone–as I lay out below, I have confirmed that this was “Phil”–put Krypt3ia in touch with a NYT reporter.

First off, someone in my feed put me in touch with the NYT and a reporter has confirmed to me that what the site says about NYT reaching out and asking about the connections, then the connections going bye bye is in fact true.

[snip]

The biggest takeaway is that the NYT confirmed that they asked the question and shit happened. They are still looking into it.

In an update, someone purporting to be Tea Leaves responded to Krypt3ia via an untraceable Tutanota email account, and in response, Krypt3ia posed a bunch of questions, only to get no answer. That non-answer was a key reason why Krypt3ia later treated the allegations as a fraud – an opinion that Alfa Bank, at least, used to bolster their own claims of fraud.

As Krypt3ia mused in real time, it seemed that the entire point of the tips he was receiving was focusing attention on the allegations themselves. Except, if your goal was to release a story that might swing an election, it was a really weird way of doing so.

One does wonder though just who might be trying this tac to attempt to cause Donny trouble. It seems a half assed attempt at best or perhaps they were not finished with it yet.. But then why the tip off email to someone who then got in touch with me? Someone I spoke to about this alluded to maybe that was the plan, for me to blog about this from the start..

[snip]

I have to say it though, these guys are trying to get the word out but in a strange way. I mean this eepsite is now hosted in Czechoslovakia, staying with the Baltic flavor but why not broadcast this more openly? Why does the WordPress site have the wrong address to start and then the other eepsite disappears after a little poking and prodding?

There are at least four unattributed or unattributable communications that appeared in this post: an email to someone who, in turn, got in touch with Krypt3ia; a tip about the WordPress site (presumably from the person who got the email) and through it to the i2p gateway; the contact with the unnamed NYT reporter; and the email from someone claiming to be Tea Leaves via a service that made it impossible to prove it was the person who originally adopted that pseudonym.

Notably, this all happened between October 5, 2016 – before the Podesta drop and the DHS attribution of the DNC hack to Russia – and the days after it. Krypt3ia was checking out the i2p proxy on October 7, at 3:08PM ET – less than half an hour before DHS would release an unprecedented attribution statement, followed shortly by the Access Hollywood video, followed shortly by the first Podesta email drop. Krypt3ia wrote his post the following day.

i2p sites aren’t supposed to get noticed

To understand why using Krypt3ia to get noticed is so weird, you need to understand a little about i2p.

i2p is a network like Tor that provides obscurity and security. Even today, it’s far less accessible than Tor (and was even more so in 2016). Krypt3ia could credibly access it, but I couldn’t have. Reporter Eric Lichtblau or Fusion GPS’ Laura Seago probably couldn’t have either. Normally you need either a special browser or a gateway to to access an eepsite. Importantly, the public DNS routing information that was at the heart of the project that discovered the Alfa Bank anomalies doesn’t exist for i2p. You can’t just Google for a site.

If data scientist April Lorenzen put her research on an i2p site, as alleged, she may have done so to limit who noticed it and her role in it.

It didn’t work out that way.

(Note, because the Durham investigation remains ongoing, I am not contacting her or her lawyers for comment or others who are obviously still the focus of Durham’s investigation.)

Krypt3ia didn’t link directly to her i2p site at first. He started by linking a gateway, which would be accessible to mere mortals who don’t have an i2p browser or technical prowess. His second link may have been a different gateway – again, a link readily accessible to people without using special software. It was one of these links that got sent around by journalists and researchers.

That’s what I mean about content versus function: Krypt3ia added no new content to this story. He did, however, make parts of it accessible to people – like reporters – who would otherwise never have found it.

A comment purportedly from Lorenzen sent to Krypt3ia’s site, playing on Tea Leaves’ name, expressed (or feigned) surprise at finding what the email called a mirror (but which was a proxy).

Thank you to https://krypt3ia .wordpress.com for pointing out a possible mirror of this (the original, what you are reading, http://gdd.i2p). We did not know about gdd.i2p.xyz until hearing about it from Krypt3ia. So we did a little research and see that i2p.xyz has been around for years and appears to mirror a lot of *.i2p sites. *i2p.xyz probably functions as an alternative for everybody that doesn’t have the skills to reach an i2p site :)

Next question, why would somebody first mirror – and then drop their mirror – of our http://gdd.i2p website. The following is just speculation: maybe normally i2p.xyz just mirrors everything but oops! Something hot – drop the mirror. I don’t know. I didn’t try to visit it. Mirrors of course could choose to alter content and measure who visits. We have no such opportunity to see who is visiting our real i2p site.

Whoever wrote the email, it emphasized how the proxy was different from the “real i2p site:” The proxy “functions as an alternative for everybody who that doesn’t have the skills to reach an i2p site,” but it also can “measure who visits” whereas a “real i2p site” cannot.

Whatever the story behind the Krypt3ia post, it had the effect of making it clear that researchers who believed they could find hackers by looking at public DNS data couldn’t hide what they were doing, even on networks designed to be untrackable. It had the effect of making it clear their efforts to look for Russian hackers in DNS data had been seen.

Alfa Bank alleges the Krypt3ia notice is part of an imagined conspiracy targeting the bank

It also appears to have convinced Alfa Bank that Krypt3ia was a key cog in the publication of this story. Their lawsuit claimed that,

The scientists and researchers who obtained the nonpublic DNS data deliberately leaked portions of that data to other scientists and researchers and, ultimately, to the media.

Depositions in the Alfa Bank lawsuit make it clear that Alfa believed (presumably because of those characteristics about i2p) that Fusion GPS must have been behind the effort to alert Krypt3ia to the research site and, via his post, to alert the public.

In a February 10 bid to overcome privilege claims that Fusion GPS’ Laura Seago had previously made, Alfa Bank lawyer Margaret Krawiec argued that Seago must have breached any privilege by sharing information from the publicly posted Tea Leaves information. Krawiec’s logic was that someone internal to the privilege claims asserted by Perkins Coie must have told Seago where the i2p site was, because otherwise there would be no way she could find it.

Krawiec: So, your honor, let me jump in there because one of the things that happened is that we were trying to understand how it was that Ms. Seago knew that this data had been published on the internet because it was published in an obscure place in the internet by this Tea Leaves that I told you about.

And then what Fusion did was – so we asked about that. We said, “How did you know where to look for that data? Who told you?” Cut off, instruction not to answer, privileged. But guess what they did with those links of that data? They took that data that someone told them because no one would have known to find it where it was unless someone told them.

And they wouldn’t tell us who told them or how they found it, but then they took all those links – the supposed public source research – and disseminated it to seven or eight media outlets saying you have to check this out. This is big stuff.

Fusion’s lawyer Joshua Levy countered that the link and the site itself were public.

Levy: If you – if you take the example that Alfa-Bank’s lawyer just presented to the Court, the link that someone at Fusion had circulated to a reporter, that link is a link to the internet. It’s a publicly available link, right?

The link – it’s, it’s like sending a New York Times article to a reporter at the Washington Post. Have you – have you seen this article? You should look at it. It’s interesting. Here’s a link. It happens to do with the subject matter which (indiscernible) is fascinated, [sic] but it’s a publicly available link.

Ms. Seago may have had communications internally at Fusion about that link. Those are privileged communications, but the link itself is available online for the Court, for me, for Ms. Krawiec. It’s public. There’s, there’s nothing confidential about that link.

Alfa’s lawyer responded by arguing that because an i2p site was so difficult to find, Seago’s knowledge of its location must have come from privileged information, and because she subsequently shared a link to a gateway with journalists, she had waived privilege.

Krawiec: Your Honor, I can tell you that where this link was when it was on the internet, you, myself, Mr. Levy, no one could have found that by doing a basic Google search. They were instructed where to find it in this obscure location.

And all we were trying to understand is who instructed them because the person who posted it was Tea Leaves, the anonymous computer scientist who had this computer data.

Alfa’s lawyer argued, not unreasonably, that because Tea Leaves’ site could not have been discovered by a Google search, someone connected to Tea Leaves must have told Fusion where it was, and because Fusion, in turn, shared a link to it, any privilege around Fusion’s discussions about Tea Leaves had therefore been breached.

Alfa’s focus on how Tea Leaves’ i2p site became public continued during a February 14 deposition of Peter Fritsch. In it, Alfa raised an email from Seago to Fritsch describing that Krypt3ia had become aware of Tea Leaves’ work, in response to which questions Fritsch pled the Fifth. By the time Krypt3ia posted, it seems likely, Fusion already knew April Lorenzen was involved.

But in the Seago hearing, Fusion lawyer Joshua Levy stated clearly that, “Our client didn’t move that specific communication –” pushing Tea Leaves’ information (from the context, it’s unclear to me whether this was a link directly to a gateway to Tea Leaves i2p site or one that involved Krypt3ia). Elsewhere Levy explained that Mark Hosenball had sent the link to Fusion which, in turn, sent it out to other journalists.

Fusion’s claims are consistent with them knowing of Lorenzen’s work before the Krypt3ia post, but having nothing to do with the Krypt3ia post and/or public links directly to Lorenzen’s site.

“Phil” hooked Krypt3ia up with the NYT

Alfa Bank seems to doubt Fusion’s denials that they were behind all those levels of notice to Krypt3ia.

I have no idea who first alerted Krypt3ia to the WordPress site or the i2p site, and he says he doesn’t remember who did. I do know who hooked him up with the NYT.

As I noted when I criticized this story in 2016, I was pitched the Alfa Bank story, like the NYT. But unlike the NYT, I was not pitched it by the people Durham is trying to put in jail like Sussmann, the researchers, or Fusion GPS. I was pitched it by the guy whom I’ve referred to by the pseudonym “Phil,” the person I went to the FBI about in 2017. (This is a pseudonym and he has not been charged by DOJ.)

Not only did he pitch me on it, but he told me he was the one to have hooked Krypt3ia up with the NYT reporter.

The rest of our exchange is below…

The claim that Phil had introduced Krypt3ia to a NYT reporter was credible. At the time I knew of several NYT reporters he claimed to have ties to (at Phil’s request, I had introduced him to one of them, and I’ve confirmed his contacts with others since). He also publicly interacted with Krypt3ia on Twitter.

But I had never checked whether Phil had really introduced the NYT to Krypt3ia until the Alfa Bank filing that blamed that tie on Fusion.

Nicole Perloth has confirmed it was Phil. As she described, Phil basically pushed Krypt3ia on her. “Nicole: Krypt is a person who can be an invaluable resource on this,” specifically addressing Krypt3ia‘s expertise on the dark web, even while asking her to keep him (Phil) updated on when the story would be published.

When I asked Krypt3ia if it was possible that the same person alerted him to the i2p site as had connected him to a NYT journalist, he said he did not remember.

Do you know if the person who connected you with the NYT reporter was the same was the one who pointed out the mirror? As per your post? Or don’t you remember?

Honestly don’t remember. Did not take notes or anything, thought it all bullshit and some kind of game of disinformation.

Whether or not Phil had a role in first tipping Krypt3ia off to the i2p proxy, he had a role in making the NYT aware of a series of moving versions of that site, starting with the one in Russia.

Importantly, this is not the only attempt to broker these allegations that remains publicly unexplained. There’s another unexplained package of these allegations – a “mediafire” package first posted on Reddit – raised in the Alfa suit that Fusion disclaimed credit for.

At least one person pushing this story was (as far as I know) completely unrelated to the efforts Durham and Alfa have focused on. Given that April Lorenzen used a pseudonym for her efforts, it would have been easy to hijack those efforts. So until April Lorenzen certifies that all the communications posted under the name “Tea Leaves” out there are hers (including the comment attached to a Tutanota email in Krypt3ia’s post), neither should anyone assume she’s responsible for all of them.

Alfa Bank believed that the public notice of the Tea Leaves i2p site was proof that Fusion, and only Fusion, was dealing these allegations. The opposite is the case.

To be sure: that might have mattered if Vladimir Putin’s invasion hadn’t killed the Alfa Bank lawsuit. But Phil’s role in the Krypt3ia post doesn’t much matter to the Sussmann indictment. Sussmann’s alleged lie was on September 19, 2016, 16 days before the communications leading to the Krypt3ia post started. Nothing Phil did on October 8 and thereafter, it seems, could affect that alleged lie.

That said, Durham’s sprawling single-count indictment does include allegations about Sussmann’s outreach to the press that post-dates Phil’s involvement and may rely on it. Most notably, a paragraph describing that Sussmann emailed Lichtblau on October 10 encouraging him to send an opinion piece criticizing the NYT for its Trump coverage mentions that, “At or around that time, and according to public sources, [Lichtblau] was working on an article concerning the [Alfa Bank] allegations, but [Lichtblau’s] editors at [NYT] had not yet authorized publication of the article.” [my emphasis] Krypt3ia’s comment, “the NYT confirmed that they asked the question and shit happened. They are still looking into it” – a comment that indirectly involved Phil – is one of those public sources.

At the time, Phil was pushing a NYT article more aggressively than what Durham describes Sussmann doing, and he played at least some role in the public sources that reported NYT was working on an article.

So Phil’s involvement adds an important detail about how these claims were made public in the weeks leading up to the election, but none of that changes whether or not Sussmann lied to cover up Hillary and/or Rodney Joffe’s role in all this.

Update: I’ve corrected the post to reflect that the original site, hosted in Russia, was a proxy, not a mirror. Thanks to @i2p at geti2p.net for the corrections starting in this exchange.

Texts

The following includes all the Signal texts included in the exchange regarding the Alfa Bank DNS anomalies.

Two comments on these texts: I’m not sure what I meant in the text sent on October 9 at 10:51AM. I suspect I mistyped. I suspect I was trying to explain Betsy and Dick DeVos’ traditional role in the Republican party – money – was less urgent to Trump in October 2016 than some kind of credible Republican policy platform. 

I stand by everything else I said in these texts, though admit my observation about the adversity between UAE and Russia turned out to be hilariously and epically wrong, particularly as it pertained to Prince.

Whinger Verbs: To Investigate … To Prosecute … To Indict

/139 Comments/in , , , /by

Because Alvin Bragg chose not to prosecute Donald Trump, the whingers are out again complaining about Merrick Garland, who last I checked was an entirely different person.

I’ve copied the “Key January 6 posts” from my post showing what reporting on the January 6 investigation — rather than simply fear-mongering to rile up CNN viewers or your Patreon readers — really looks like below.

But for now I’d like to talk about the language the whingers — those complaining that Merrick Garland hasn’t shown people who aren’t looking what DOJ is doing. It’s telling.

Take this post from David Atkins that opines, accurately, that “Refusing to Prosecute Trump Is a Political Act,” but which stumbles in its sub-head — “The evidence is clear. It’s time to prosecute the former president, and Merrick Garland shouldn’t wait.” — and then completely collapses when it asserts that there are just two possible reasons why Merrick Garland has not “prosecuted” Trump.

But there is a deeper question as to why Attorney General Merrick Garland and the DOJ have not prosecuted Trump. No one at the department is talking on the record, but there are only two possible answers—neither of which is satisfactory.

It is possible that prosecutors do not believe there is enough evidence against Trump to convince a jury of his guilt. I’m not a lawyer, but this seems somewhat difficult to believe.

[snip]

The second possibility is that the Department of Justice hasn’t prosecuted Trump because of political pressure. Again, this is speculation. But if Garland is succumbing to either internal or external pressure to avoid charging Trump out of fears of civil conflict, or the appearance of political motivation, that would be a grave error—not prosecutorial discretion but prosecutorial dereliction. Allowing fears of violent reprisals to derail a prosecution would be a grave injustice.

Atkins is wrong about the reasons. I wrote here about why the ten acts of obstruction Mueller identified are almost universally misrepresented by whingers, in part because Billy Barr did real damage to those charges (as he did to other ongoing investigations), and in part because the ten acts that existed in March 2019 are not the acts of obstruction that exist today.

We know part of why Trump hasn’t been charged for political crimes: because Trump ensured the FEC remained dysfunctional and Republicans have voted not to pursue them (something that whingers might more productively spend their time pursuing).

It seems nutty to suggest that Trump should be “prosecuted” already for taking classified documents to Mar-a-Lago when that was referred just weeks ago. It’s also worth considering whether it would be easier to prosecute Trump for obstruction for these actions, tied to one of his other malfeasance, and then consider where investigations related to that malfeasance already exist.

Bizarrely, Atkins doesn’t consider it a possibility that it would take Merrick Garland’s DOJ more than 380 days to prosecute the former President. It took months to just wade through Stewart Rhodes’ Signal texts. It has taken 11 months, so far, to conduct a privilege review of Rudy’s phones (for which DOJ obtained a warrant on Lisa Monaco’s first day on the job). DOJ has six known cooperators in the Oath Keeper case (at least four with direct ties to Roger Stone) and one known cooperator in the Proud Boys case (and likely a bunch more we don’t know about). Particularly in the Oath Keeper investigation, DOJ has been rolling people up serially. But that process has taken longer because of COVID, discovery challenges, and the novelty of the crime.

But that goes to Atkins’ curious choice of the word “prosecute” here. I generally use the verb to refer to what happens after an indictment — the years long process of rebuffing frivolous legal challenges, but for an organized crime network, “prosecute” might also mean working your way up from people like militia members guarding your rat-fucker to the militia leaders planning with your rat-fucker to the rat-fucker to the crime boss.

I think what Atkins actually means, though, is “indict,” or “charge.” But his entire post betrays a fantasy where one can simply arrest a white collar criminal in the act after he has committed the act.

What whingers often say, though, is they want Garland to “investigate” Trump. Then they list a bunch of things — like cooperating witnesses or grand jury leaks or raids or indictments — that we’ve already seen, and insist we would see those things if there were an investigation but take from that that there’s not an investigation even though we see the things that they say we would see if there were an investigation.

Whinger brain confuses me sometimes.

The point, though, is that the language whingers use to describe what they imagine is Garland’s inaction or cowardice (none of these people have done the work to figure out whether that’s really the case), is designed to be impossible. That makes it necessarily an expression of helplessness, because their demand is actually that Trump be disappeared from the political scene tomorrow, and that’s hasn’t happened with multiple investigations implicating him, it sure as hell won’t happen if and when he is indicted, and it wouldn’t happen during a hypothetical extended period during which Trump is prosecuted.

Indeed, I’ve lost count of the number of people who tell me Bannon hasn’t been indicted, even though Bannon has been indicted. It’s just that he’s entitled to due process and in many ways being indicted provides him a way to play the victim.

There are multiple investigations implicating close Trump associates and the January 6 investigation is absolutely designed to incorporate Trump, if DOJ manages to continue building from the crime scene backwards. But that’s not actually what people want. None of these verbs — to investigate, to indict, to prosecute — are the ones that whingers are really hoping to see.

And the verbs they’re hoping to see — perhaps “neutralize” or “disappear” — are not ones that happen as part of due process.

And none of the due process verbs — “investigate,” “indict,” “prosecute” — are likely to work unless people at the same time think of things like “discredit.”

Key January 6 posts

The Structure of the January 6 Assault: “I will settle with seeing [normies] smash some pigs to dust”

DOJ Is Treating January 6 as an Act of Terrorism, But Not All January 6 Defendants Are Terrorists

While TV Lawyers Wailed Impotently, DOJ Was Acquiring the Communications of Sidney Powell, Rudy Giuliani, and (Probably) Mark Meadows

Why to Delay a Mark Meadows Indictment: Bannon Is Using His Contempt Prosecution to Monitor the Ongoing January 6 Investigation

The Eight Trump Associates Whom DOJ Is Investigating

January 6 Is Unknowable

“I’m Just There to Open the Envelopes:” The Select Committee and DOJ Investigations Converge at Mike Pence

Why It Would Be Counterproductive To Appoint a Special Counsel to Investigate January 6

DOJ’s Approximate January 6 Conspiracies

Easy Cases: Why Austin Sarat’s Argument That Trump Should Not Be Prosecuted Is Wrong

How a Trump Prosecution for January 6 Would Work

Judge Mehta’s Ruling that Donald Trump May Have Aided and Abetted Assaults on Cops Is More Important Than His Conspiracy Decision

“Fill the Silence:” On Obstruction, Listen to DOJ and Merrick Garland

John Durham Keeps Chasing Possible Russian Disinformation

/59 Comments/in , /by

Yesterday, the two sides in the Michael Sussmann case submitted the proposed jury questions they agree on and some they disagree on.

Durham objects to questions about security clearances and educational background (presumably Durham wants to make it harder for Sussmann to get people who understand computers and classification on the jury).

Sussmann objects to questions about April Lorenzen’s company and Georgia Tech.

He also objects to a question that assumes, as fact, that the Hillary campaign and the DNC “promoted” a “collusion narrative.”

I suspect Sussmann’s objections to these questions are about direct contact. For all of Durham’s heaving and hollering, while Sussmann definitely met with Fusion GPS, of the researchers, the indictment against Sussmann only shows direct contact with David Dagon. Everything else goes through Rodney Joffe. Plus, a document FOIAed by the frothy right shows that Manos Antonakakis believes what is portrayed in the indictment is at times misleading and other times false, which I assume he’ll have an opportunity to explain at trial.

As regards the campaign, as I already noted, when Sussmann asked Durham what proof the Special Counsel had that he was coordinating with the campaign, Durham pointed to Marc Elias’ contacts with the campaign and, for the first time (over a month after the indictment), decided to interview a Clinton staffer.

Sussmann will probably just argue that Durham’s plan to invoke these things simply reflects Durham’s obstinate and improper treatment of a single false statement charge as a conspiracy the Special Counsel didn’t have the evidence to charge.

But Durham’s inclusion of it makes me suspect that Durham wants to use an intelligence report that even at the time analysts noted, “The IC does not know the accuracy of this allegation or the extent to which the Russian intelligence analysis may reflect exaggeration or fabrication.” Nevertheless, John Ratcliffe, who has a history of exaggeration for career advancement, declassified, unmasked Hillary’s name, and then shared with Durham.

If Durham does intend to use this, though, it would likely mean Durham would have to share parts of the Roger Stone investigation file with Sussmann. That’s because the report in question ties the purported Clinton plan to Guccifer 2.0.

And as the FBI later discovered, there was significant evidence that Roger Stone had been informed of the Guccifer 2.0 persona before it went public.

That information, along with a bunch of other things revealed about Stone’s activities before this Russian report, suggest the Russian report may actually be an attempt to protect Stone, one that anticipated Stone’s claims in the days after the report that Guccifer 2.0 was not Russian.

Unless Durham finds a way to charge conspiracy in the next two months, Judge Christopher Cooper would do well to prevent Durham from continuing his wild conspiracy theorizing. Because it’s not clear Durham knows where the strings he is pulling actually lead.

Paul Manafort Prevented from Flying to Dubai

/72 Comments/in , , /by

As Knewz first reported and AP has now matched, Paul Manafort was pulled from a flight to Dubai on Sunday because his passport was revoked.

Former Trump adviser Paul Manafort was removed from a plane at Miami International Airport before it took off for Dubai because he carried a revoked passport, officials said Wednesday.

Miami-Dade Police Detective Alvaro Zabaleta confirmed that Manafort was removed from the Emirates Airline flight without incident Sunday night but directed further questions to U.S. Border and Customs Protection. That agency did not immediately respond to an email Wednesday seeking comment.

A lawyer who has represented Manafort did not immediately return a call and email seeking comment Wednesday.

As a reminder, Manafort’s pardon did not include his actions in an August 2, 2016 meeting with alleged Russian spy Konstanin Kilimnik, at which he seemingly traded his strategy to win the election for $19 million in financial benefit and a commitment to help carve up Ukraine.

Nor was Manafort pardoned for his efforts, which continued at least until he was arrested, to help Kilimnik carve up Ukraine to Russia’s liking.

Nor was Manafort pardoned for his role in all the influence-peddling that Rudy Giuliani was involved with in Ukraine through 2020.

This was three days ago. The fact that Sean Hannity has not been wailing about the poor treatment of Manafort since suggests either that there’s not a good way to spin it, or that Manafort has some reason to want to keep this quiet.

Update: NBC’s Tom Winter says that, contrary to other reports, he was simply not permitted to board and that he can apply for a new passport. It’s not clear why he speaks of a “new investigation.”

John Durham’s Top Prosecutor, Andrew DeFilippis, Allegedly Miffed that DARPA Investigated Guccifer 2.0

/59 Comments/in , , /by

Vladimir Putin’s invasion of Ukraine and the sanctions imposed as a result has led lawyers in the US to drop the now-sanctioned Alfa Bank and its owners, leading to the dismissal of the John Doe, BuzzFeed, and Fusion GPS lawsuits filed by Alfa Bank or its owners. That has, for now, brought an end to a sustained Russian effort to use lawfare to discover “U.S. cybersecurity methods and means” (as some of Alfa’s targets described the effort).

But the dismissal of the Alfa Bank suits hasn’t halted the effort to expose US cybersecurity efforts in the guise of pursuing right wing conspiracy theories. Both Federalist Faceplant Margot Cleveland and “online sleuths” goaded, in part, by Sergei Millian have picked up where Alfa Bank left off. In recent days, for example, documents obtained via a Federalist FOIA to Georgia Tech exposed the members of a cybersecurity sharing group, including a bunch at Three-Letter Agencies, which has little news value but plenty of intelligence value to America’s adversaries (these names were released even while someone — either Georgia Tech or the Federalist — chose to redact the contact information for Durham’s investigators, some of which is otherwise public).

Even while doing her part to make America less safe (raising the perennial question of who funds the Federalist), Cleveland has continued to do astounding work misrepresenting Durham’s investigation. From the same FOIA release, she published a document in which research scientist Manos Antonakakis described that chief Durham AUSA Andrew DeFilippis insinuated to him that it was abusive for DARPA to try to discover the network behind the Guccifer 2.0 persona.

Finally, I will leave you with an anecdote and a thought. During one of my interviews with the Special Counsel prosecutor, I was asked point blank by Mr. DeFilippis, “Do you believe that DARPA should be instructing you to investigate the origins of a hacker (Guccifer_2.0) that hacked a political entity (DNC)?” Let that sync for a moment, folks. Someone hacked a political party (DNC, in this case), in the middle of an election year (2016), and the lead investigator of DoJ’s special council would question whether US researchers working for DARPA should conduct investigations in this matter is “acceptable”! While I was tempted to say back to him “What if this hacker hacked GOP? Would you want me to investigate him then?”, I kept my cool and I told him that this is a question for DARPA’s director, and not for me to answer.

Assuming this is an accurate description, this is a shocking anecdote, a betrayal of US national security.

It suggests that Durham’s lead prosecutor doesn’t believe the government should throw its most innovative research at a hostile nation-state attack while that nation-state is attempting to influence an election. Sadly, though, it’s not surprising.

It is consistent with things we’ve seen from Durham’s team throughout. It’s consistent with Durham’s treatment of a loose tie between an indirect and unwitting Steele dossier source and the Hillary campaign as a bigger threat than multiple ties to Russian intelligence (or Dmitry Peskov’s office, which knew that Michael Cohen and Donald Trump were lying about the former’s secret communications with Peskov’s office). It is consistent with Durham’s more recent suggestion that the victim of such a nation-state attack must wait until after an election to report a tip that might implicate her opponent.

I almost feel like DeFilippis will eventually say Hillary should have just laid back and enjoyed being hacked in 2016.

DeFilippis, and Durham generally, have consistently treated Hillary as a far graver threat than Russia, even now, even as Russia conducts a barbaric invasion of a peaceful democracy.

But Antonakakis’ anecdote is all the more troubling because it suggests that DeFilippis seems to misunderstand what happened with the DARPA contract in question in 2016. The Enhanced Attribution RFP’s description of the hacking campaigns it was targeting — “multiple concurrent independent malicious cyber campaigns, each involving several operators” — pretty obviously aims to tackle Advanced Persistent Threats, of which APT 28 and 29 (both of which targeted the DNC) were among the most pressing in 2016. DARPA presumably didn’t ask Antonakakis to focus on Guccifer 2.0 — a persona which didn’t exist when the contract was put up for bid in April 2016, much less in the months earlier when it was originally conceived. Rather, by description, they were asking bidders to look at APTs, and looking at APT 28 would have happened to include looking at Guccifer 2.0, the DNC hack, and a number of hacks elsewhere in the US and the world.  The reason DARPA would ask Georgia Tech to look at APT 28 is because APT 28 was hacking a lot of targets in the time period, all of which provided learning sets for a researcher like Antonakakis. DeFilippis, then, seems miffed that the APT that DARPA wanted to combat happened to be one of two that targeted Hillary.

That’s a choice Russia made, not DARPA.

While I think Cleveland did serious damage with some of her releases, I’m glad she released this document because it provides a way for Michael Sussmann to make DeFilippis’ troubling views on national security a central issue at trial, something that normally is difficult to do.

It also provided Cleveland another opportunity to faceplant in spectacular trademark Federalist fashion. Cleveland used this document to rile up the frothers by suggesting this is proof that Durham is investigating the DNC attribution.

Exclusive: Special Counsel’s Office Is Investigating The 2016 DNC Server Hack

The U.S. Department of Defense tasked the same Georgia Tech researcher embroiled in the Alfa Bank hoax with investigating the “origins” of the Democratic National Committee hacker, according to an email first obtained by The Federalist on Wednesday. That email also indicates the special counsel’s office is investigating the investigation into the DNC hack and that prosecutors harbor concerns about the DOD’s decision to involve the Georgia Tech researcher in its probe.

[snip]

The public storyline until now had been that CrowdStrike, the cybersecurity firm Sussmann hired in April 2016, had concluded Russians had hacked the DNC server, and that the FBI, which never examined the server, concurred in that conclusion. Intelligence agencies and former Special Counsel Robert Mueller likewise concluded that Russian agents were behind the DNC hack, but with little public details provided.

It now appears that DARPA had some role in that assessment, or rather Antonakakis did on behalf of DARPA, which leads to a whole host of other questions, including whether DARPA had access to the DNC server and data and, if so, from whom did the DOD’s research arm get that access? Was it Sussmann?

There’s no reason to believe this and every reason to believe that — as I said — DeFilippis is pissed that DARPA prioritized their research on a target that was badly affecting national security (and not just in US, but also in allied countries) in 2016, one that happened to attempt to help Trump get elected.

But look how many errors Faceplant’s Cleveland made in the process:

Cleveland repeats the Single Server Fallacy, imagining that the DNC, DCCC, and Hillary had just one server between them to be hacked and all the servers that got hacked were in the possession of one of those victims. That’s, of course, ridiculous. The server that GRU hacked to get John Podesta’s emails belonged to Google. The server that GRU hacked to get Hillary’s analytics belonged to AWS. There was a staging server in AZ; I have been told that the FBI seized at least one US-based server that did not belong to the DNC (that server is why the frothy right’s focus on what Shawn Henry testified to HPSCI is so painfully ignorant — because it ignores that the FBI had access to servers that Henry did not that did show exfiltration).

Cleveland apparently doesn’t know that FBI knew who was hacking the DNC when they warned them starting in September 2015 they were being hacked. The FBI’s awareness of that not only explains why APT 29 and 28 would have been included in DARPA’s targets for EA, but proves that the government was tracking these hacking groups above and beyond the attack on Hillary. This was never just a reaction to the election year hack.

Cleveland claims Mueller’s attribution of the DNC hack to the GRU provided “little public details,” when in fact the Mueller Report showed 29 sources other than CrowdStrike, including:

  • Gmail
  • Linked-In
  • Microsoft
  • Facebook
  • Twitter
  • WordPress
  • ActBlue
  • AWS
  • AOL
  • Smartech Corporation
  • URL shortening service
  • Bitcoin exchanges
  • VPN services

According to Mueller’s report, all these sources also corroborated the GRU attribution. And Mueller’s list doesn’t include a number of other known entities that corroborated the attribution, including NSA and Dutch intelligence, which couldn’t be named in a public DOJ document. Mueller’s list doesn’t include Georgia Tech either, but it wouldn’t need to, because there was so much other evidence.

The Mueller Report described obtaining almost 500 warrants, but the released list — from which FBI’s Cyber Division successfully withheld those pertaining to the GRU investigation — only includes around 370-400 warrants (based on an 156 pages of warrants with roughly three per page), suggesting there may be 100 warrants tied to the GRU attribution alone.

By the time Antonakakis started looking at the DNC hack as part of EA, multiple entities, including several Infosec contractors, non-US intelligence services, and non-governmental entities like tech giants (including at least three of the ones on Mueller’s list), had plenty of evidence that the Guccifer 2.0 campaign was run by the APT 28. Including Guccifer 2.0 as part of the research set would simply be part of the existing targeting of a dangerous APT.

But apparently neither DeFilippis nor Cleveland understand that 2016 was part of an ongoing identified threat to US national security.

One thing Putin did in 2016 was to use disinformation to train the frothy right to favor Russia more than fellow Americans from the opposing party. Even as Russia attacks Ukraine, that still seems to be true.

“The Laptop” Is the Functional Equivalent of The Steele Dossier, 1: Rudy Is the Real Scandal

/51 Comments/in , , /by

I’m going to explain how The Laptop that Rudy Giuliani floated just before the election is the functional equivalent of the Steele dossier.

Before I do, let me make a fairly obvious (if counterintuitive) point: Of the three people that powerful Ukrainians attempted to cultivate for their ties to the Vice President or President — Paul Manafort, Hunter Biden, and Rudy Giuliani — just one provably affected US policy through the Vice President or President: Rudy.

Contrary to what you may have read, for example, Manafort actually wasn’t the one who prevented the GOP platform from being strengthened to support Ukraine, JD Gordon was (though Trump’s do-not-recall answer about his own involvement can’t rule that out). Mueller’s decision not to prosecute Gordon as an agent of Russia was only recently made public (thanks to the relentless work of Jason Leopold and his lawyer).

And while there’s a lot of circumstantial evidence that Manafort entered into a quid pro quo on August 2, 2016, trading campaign strategy for a commitment to help carve up Ukraine to Russia’s liking along with $19 million a financial benefit for Manafort personally, because the investigation into Manafort became public in 2016, his ongoing efforts to push that Russian plan to dismember Ukraine never (as far as has been made public) had the involvement of Trump. It’s possible Trump was involved or Manafort got certain commitments in 2016, but Manafort’s own cover-up prevented DOJ from determining whether or not that was true.

According to the NYT story that has renewed the frenzy around the laptop Rudy Giuliani released just before the election, Federal prosecutors still haven’t determined whether Hunter Biden’s treatment of Chinese, Kazakh, and Ukrainian influence efforts amounted to a crime. But they do have evidence that Hunter Biden tried to be explicit that he could not influence his father to help Burisma.

In one email to Mr. Archer in April 2014, Mr. Biden outlined his vision for working with Burisma. In the email, Hunter Biden indicated that the forthcoming announcement of a trip to Ukraine by Vice President Biden — who is referred to in the email as “my guy,” but not by name — should “be characterized as part of our advice and thinking — but what he will say and do is out of our hands.”

The announcement “could be a really good thing or it could end up creating too great an expectation. We need to temper expectations regarding that visit,” Hunter Biden wrote.

Vice President Biden traveled to Kyiv, the Ukrainian capital, about a week after the email.

In the same April 2014 email, Hunter Biden indicated that Burisma’s officials “need to know in no uncertain terms that we will not and cannot intervene directly with domestic policymakers, and that we need to abide by FARA and any other U.S. laws in the strictest sense across the board.”

He suggested enlisting the law firm where he worked at the time, Boies Schiller Flexner, to help Burisma through “direct discussions at state, energy and NSC,” referring to two cabinet departments and the National Security Council at the White House.

The firm “can devise a media plan and arrange for legal protections and mitigate U.S. domestic negative press regarding the current leadership if need be,” Mr. Biden wrote in the email.

And sworn testimony from experts in both parties say Hunter did not dissuade his father from taking steps to crack down on corruption.

Of these three well-connected Americans being cultivated by powerful and corrupt Ukrainians — some but not all of them known Russian agents — only Rudy Giuliani is known to have had a direct effect on policy. Among other things, Rudy got Marie Yovanovitch fired. In only Rudy’s case, then, do we have clearcut proof that a Ukrainian influence operation had the desired effect of  changing American policy. Though even there, it’s not yet clear whether Rudy’s unregistered influence peddling was criminal.

(Obviously, Manafort pled guilty to being an unregistered Ukrainian agent during the earlier period, and he got paid orders of magnitude more than Hunter Biden did, too.)

So as we fight about The Laptop again, based on a reference to verified emails in a NYT article bylined by serial Rudy mouthpiece Ken Vogel, the first thing we should keep in mind is that there’s far more evidence that Rudy Giuliani successfully influenced the President or Vice President as a secret agent of Ukraine than Hunter Biden.

Five Years after WikiLeaks Exposed CIA Identities in Vault 7, UK Moves Closer to Assange Extradition

/9 Comments/in , , , /by

Last November, in response to an order from Judge Jesse Furman, DOJ said that they were fine with accused Vault 7 leaker Joshua Schulte’s request for a delay before his retrial. In fact, they didn’t think a Schulte retrial could start before March 21.

Although the Government is available for trial at any time in the first or second quarters of 2022, the Government does not believe it would be practical to schedule the trial prior to March 2022. In particular, although the Government believes that the Court’s prior rulings pursuant to Section 6 of CIPA address the vast majority of questions concerning the use of classified information at trial in this matter, it appears likely that the defendant will seek to use additional classified information beyond that previously authorized by the Court. The process for pretrial consideration of that application pursuant to Section 6 is necessarily complex, entailing both briefing and hearings in a classified setting. To the extent the Court authorizes the defendant to use additional classified information, implementation of the Court’s rulings can also take time, such as through either declassification of information or supplemental briefing regarding the application of Section 8 of CIPA (authorizing the admission of classified evidence without change in classification status). The proposed trial date also takes into consideration matters discussed in the Government’s ex parte letter submitted on August 4, 2021. Accordingly, in order to afford sufficient time both for the likely upcoming CIPA litigation and for the parties to prepare for trial with the benefit of any supplemental CIPA rulings, the Government believes that the earliest practical trial date for this matter would be March 21, 2022.

Part of this delay was to revisit the Classified Information Procedures Act decisions from the first trial because, now that he’s defending himself, Schulte likely wanted to use more classified information than Sabrina Shroff had used in the first trial. It turns out March 21 was overly optimistic for CIPA to be done. Because of an extended debate over how to alter the protective order, the government will only file its CIPA motion tomorrow (it just asked to submit a much longer filing than originally permitted, and got permission to file a somewhat longer one).

It’s the other part of the government’s interest in delay — its references to “matters discussed” in a sealed letter from August 4 — that I’ve been tracking with interest, particularly as the Assange extradition proceeded. As I noted earlier, that August 4 letter would have been sent five years to the day after Schulte started searching on WikiLeaks, Edward Snowden, and Shadow Brokers (according to the government theory of the case, Schulte stole and leaked the CIA’s hacking tools earlier, in late April and early May 2016).

Since those mentions of a sealed letter last year, the government has asked for and gotten two meetings to discuss classified information with Judge Fruman under section 2 of CIPA, first for February 8 (after which a sealed document was lodged in Chambers), and the second one for March 9.

Section 2 provides that “[a]t any time after the filing of the indictment or information, any party may move for a pretrial conference to consider matters relating to classified information that may arise in connection with the prosecution.” Following such a motion, the district court “shall promptly hold a pretrial conference to establish the timing of requests for discovery, the provision of notice required by Section 5 of this Act, and the initiation of the procedure established by Section 6 (to determine the use, relevance, or admissibility of classified information) of this Act.”

That second CIPA Section 2 meeting, on March 9, would have taken place days after the five year anniversary for the first Vault 7 publication, and with it the publication of the names or pseudonyms and a picture of several colleagues Schulte had vendettas against.

Schulte acknowledged that publication in a recently-released self-justification he wrote to an associate after the Vault 7 release (it’s unclear when in 2017 or 2018 he wrote it), one he’s making a renewed attempt to suppress.

The names that were allegedly un-redacted were pseudonyms — fake names used internally in case a leak happened. Those of us who were overt never used last names anyway; This was an unwritten rule at the agency — NEVER use/write true last names for anyone. So I was convinced that there was little personal information revealed besides a picture of an old boss of mine that was mistakenly released with the memes.

Not long after he acknowledged the rule against using people’s names in that self-justification, Schulte used the names of the three colleagues he was most angry at: His boss Karen, his colleague “Jeremy Weber,” and another colleague, Amol, names that were also central to his efforts to leak from jail. If the FBI could ever develop evidence that Weber’s name was deliberately left in WikiLeaks’ Vault 7 publication, both Schulte and anyone else involved would be exposed to legal liability for violating the Intelligence Identities Protection Act, among other crimes.

On Monday, one week short of the day DOJ thought might be a realistic start day for the retrial, the British Supreme Court refused Assange’s bid to appeal a High Court decision accepting (flimsy) US assurances that Assange would not be held under Special Administrative Measures, finding that the appeal “does not raise an arguable point of law.”

Given the timing of the sealed filings in the Schulte case and the way the 2020 superseding indictment accuses Assange of “exhort[ing a Chaos Computer Club] audience to join the CIA in order to steal and provide information to WikiLeaks,” effectively teeing up Schulte’s alleged theft, I would be unsurprised if one of the things DOJ was delaying for weren’t this moment, some resolution to the Assange extradition.

To be sure: the Assange extradition is not over, not by a long shot. As a letter from his attorneys explains, this decision will go back to Vanessa Baraitser, who will then refer the extradition to Home Secretary Priti Patel. Assange will have four weeks to try to persuade Patel not to extradite him.

And, as the same letter notes in classically British use of the passive voice, Assange could still appeal Baraitser’s original ruling.

It will be recollected that Mr Assange succeeded in Westminster Magistrates’ Court on the issue subsequently appealed by the US to the High Court. No appeal to the High Court has yet been filed by him in respect of the other important issues he raised previously in Westminster Magistrates’ Court. That separate process of appeal has, of course, has yet to be initiated.

But an appeal on these issues would be decidedly more difficult now than they would have been two years ago.

That’s true, in part, because the Biden Administration’s continuation of Assange’s prosecution has debunked all the bullshit claims Assange made about being politically targeted by Donald Trump.

I also expect at least one of the purportedly exculpatory stories WikiLeaks has been spamming in recent months to be exposed as a complete set-up by WikiLeaks — basically an enormous hoax on WikiLeaks’ boosters and far too many journalist organizations. WikiLeaks has become little more than a propaganda shop, and I expect that to become clearer in the months ahead.

Finally, if the US supersedes[d] the existing indictment against Assange or obtains[ed] a second one in the last seven months, it will badly undermine any remaining claim Assange has to doing journalism. That’s true for a slew of reasons.

As I laid out here, the part of the Baraitser ruling that distinguished Assange’s actions from journalism based on his solicitation of hacks relied heavily on the language that directly teed up the hack-and-leak Schulte is accused of.

Mr. Assange, it is alleged, had been engaged in recruiting others to obtain information for him for some time. For example, in August 2009 he spoke to an audience of hackers at a “Hacking at Random” conference and told them that unless they were a serving member of the US military they would have no legal liability for stealing classified information and giving it to Wikileaks. At the same conference he told the audience that there was a small vulnerability within the US Congress document distribution system stating, “this is what any one of you would find if you were actually looking”. In October 2009 also to an audience of hackers at the “Hack in the Box Security Conference” he told the audience, “I was a famous teenage hacker in Australia, and I’ve been reading generals’ emails since I was 17” and referred to the Wikileaks list of “flags” that it wanted captured. After Ms. Manning made her disclosures to him he continued to encourage people to take information. For example, in December 2013 he attended a Chaos computer club conference and told the audience to join the CIA in order to steal information stating “I’m not saying don’t join the CIA; no, go and join the CIA. Go in there, go into the ballpark and get the ball and bring it out”. [emphasis Baraitser’s]

If the government proves what is publicly alleged, Schulte’s actions have nothing to do with whistleblowing and everything to do with vindictive hacking to damage the CIA, precisely what Assange was eliciting. Plus, even if such a hypothetical superseding indictment added just Vault 7/Vault 8 charges against Assange, it could put extortion and IIPA on the table (the latter of which would be a direct analogue to the UK’s Official Secrets Act), to say nothing of the still unexplained fate of the CIA source code which — as Schulte himself acknowledged — would have provided an unbelievable benefit had Russia had received it.

And that assumes that Vault 7/Vault 8 would be the only thing the US wanted to supersede with. When Jeremy Hammond asked prosecutors why they hadn’t charged Assange for helping Russia tamper in US elections, they appeared to respond by describing the long time it would take to extradite Assange, implying that they still had time to charge Assange. To be sure, Mueller concluded that he “did not have admissible evidence that was probably sufficient to obtain and sustain a Section 1030 conspiracy conviction of WikiLeaks [or] Assange.” But the implication was that Mueller had evidence, just not stuff that could be submitted at trial. The extradition of Vladislav Klyushin — whose lawyer believed the US was particularly interested in his knowledge of the 2016 operation — might change that. (Like Assange, Klyushin’s extradition was also pending when DOJ submitted that first sealed filing; Klyushin’s case has been continued to share more discovery.)

There are several other operations WikiLeaks was involved in in 2015 and afterwards that would undermine any claim of being a journalistic outlet — and would add to the evidence that Assange had, at least by those years, been working closely to advance the interests of the Russian government.

It would be very hard to argue that Assange was being prosecuted for doing journalism if the US unveiled more credible allegations about the multiple ways Assange did Russia’s bidding in 2016 and 2017, even in normal times. All the more so as Russia is continuing its attack on democracy with its invasion of Ukraine.

And that’s what Assange faces as he attempts to stay out of the US.

The Lesson Marina Ovsyannikova Offers to Chuck Todd and Lester Holt

/73 Comments/in , , , , /by

Yesterday, an editor at Russia’s official Channel One news, Marina Ovsyannikova, came onto a live broadcast and held up a sign condemning Russia’s war on Ukraine.

Predictably, she was quickly detained; thus far, her attorneys have been unable to locate her (though one outlet has said she’ll be charged under Russia’s new crackdown law).

Shortly after her detention, a pre-recorded video was released, in which she explained her actions. She spoke of the shame she feels about her past involvement in Putin’s lies.

What is happening right now in Ukraine is a crime and Russia is the aggressor. And the responsibility for this aggression lies on the conscience of only one person. This man is Vladimir Putin. My father is Ukrainian. My mother is Russian. And they were never enemies. And this necklace on my neck is a symbol of the fact that Russia must immediately stop the fratricidal war and then our brotherly peoples will still be able to reconcile.

Unfortunately, in recent years I have been working on Channel One, working for Kremlin’s propaganda. And I am very ashamed of it. I am ashamed that I was letting them tell those lies from the screen. I’m ashamed that I allowed to “zombify” the Russian people.

We kept silent in 2014, when all this was just in the beginning. We didn’t go to rallies when the Kremlin poisoned Navalny. We just silently watched this inhumane regime.

And now the whole world has turned away from us, and even 10 generations of our descendants will not be enough to wash away the shame of this fratricidal war. We are Russian people — thoughtful and smart. It’s up to us to stop this madness. Come out to rallies. Don’t be afraid of anything. They can’t imprison all of us.

It was an incredibly brave — and because she planned her actions in advance — well-executed protest.

But make no mistake. Ovsyannikova is not, like another brave journalist who spoke up this week, Yevgenia Albats, someone who has criticized the regime in the past, someone whose witness now is a continuation of years of brave reporting.

Rather, Ovsyannikova is someone who, a profile describes, “was a cog in a big machine of Channel One’s news production.” She was part of the the production of official truth. And as she describes, hers is the lesson of regret for that complicity, someone who will forever own a part of Putin’s crimes because she took the comfortable route of contributing to and participating in Putin’s exercise of power. She will almost certainly pay a stiff price for her speech, but she is also someone who did nothing, up till now, as Putin kept raising the price of speaking freely.

While Ovsyannikova’s protest will likely resonate for some time, I would hope that complicit journalists in countries where it’s not too late to defend democracy reflect seriously on Ovsyannikova’s shame. Even as Russia rains bombs down on Ukraine, journalists like Chuck Todd and Lester Holt invited Bill Barr onto their TV to tell lies about Russia’s attack on democracy in the United States, to tell lies about Trump’s extortion of Ukraine, to tell lies about his role in an attack on democracy. Like Ovsyannikova, Todd and Holt sit, comfortable, polished, and complicit, as Barr told lies that were a direct attack on democracy and rule of law.

And like Ovsyannikova, they are doing nothing to rebut the lies of authoritarianism before it’s too late.

Update: Ovsyannikova has surfaced and is thus far facing only administrative crimes, so days, not years, in jail.

Update: Ovsyannikova was fined 30,000 rubles and released, but that apparently only covers the social media video, not the protest on TV.

“Problem:” SDNY Charges Elena Branson as Unregistered Agent of Russia

/76 Comments/in , /by

Back in 2013, the Senior Vice President of the Russian American Chamber of Commerce (Sergei Millian’s organization) sent Elena Branson language from FARA with the subject line, “Problem.”

a. On or about January 30, 2013, BRANSON received an email from an individual using an email address ending in “mail.ru.” Based on my review of publicly available information, I have learned that this individual was a Senior Vice President of the Russian American Chamber of Commerce in the USA. This email had the subject line “Problem.” and the text of the email included, among other things, a portion of the FARA Unit’s website with background on FARA. In response, BRANSON wrote, in part, “I am interested in the number of the law, its text in English[.]” The sender then responded with “Lena, read …” and copied into the email background on FARA and portions of the statute.

Branson, who the prior year had founded the Russian Center of New York and subsequently became the Chair of Russian Community Council of the USA (KSORS), apparently didn’t think it was an urgent problem. It wasn’t until 2019 that she appears to have considered — but then, after asking Russian Ambassador Anatoly Antonov for guidance, decided not to — register under FARA.

b. On or about December 10, 2019, BRANSON received an email indicating that BRANSON had requested a new FARA “eFile” account.21 That day, a member of the FARA Unit emailed the Branson RCNY Account with an eFile account number and temporary password to log in to the FARA eFile system. Later that day, a user logged in to the FARA eFile system using that account number and temporary password, and entered the registration name “Russian Center, Inc.” and the RCNY Office as the address. The user did not submit a FARA registration for the account. A user then accessed the account again on or about December 11, 2019, but, again, the individual did not submit a FARA registration. The internet protocol addresses connected to both log-ins of this account resolve to the same zip code as the RCNY Office.

c. On or about December 26, 2019, BRANSON emailed the Embassy Email Account. In the cover email, BRANSON wrote, in part, “[A] letter is in the attachment. Respectfully, Elena.” In the attached letter, BRANSON wrote, in part, that she had been asked questions from “compatriots” about “whether it is necessary to register their public organizations as a foreign agent.” BRANSON further wrote “[t]hese questions began to arise after the arrest of Maria Butina in Washington in July 2018 on charges of working as a foreign agent in the United States without registration.” BRANSON concluded the letter by asking the Embassy to advise such Russian compatriot groups, writing, “I am asking you to provide legal advice regarding registration as a foreign agent . . . for public organizations of Russian compatriots in the United States.” The letter was addressed to Ambassador-1.

Branson’s failure to register lies at the core of a 6-count complaint unveiled by SDNY yesterday, charging Branson in several conspiracies, under both FARA and 18 USC 951, as well as for visa fraud.

Branson won’t be arrested off this complaint. She’s long gone.

A month after the FBI interviewed her and searched her office in September 2020, she fled the country. Not long after Biden was inaugurated, Branson sold her NYC apartment.

During this investigation, the FBI has, among other things, executed judicially authorized search warrants for (i) approximately eight of BRANSON’s electronic accounts (the “Branson Accounts”3); (ii) the RCNY office (which was also BRANSON’s residence) in Manhattan, New York (the “RCNY Office”); and (iii) BRANSON’s person, for all electronics and other materials in her possession at the time of the search. From the RCNY Office and the search of BRANSON’s person, the FBI recovered a total of approximately 34 electronic devices (the “Branson Electronics”), including approximately 11 cellular phones. The FBI also conducted a voluntary interview of BRANSON on the same day as the search of the RCNY Office (the “Branson Interview”) and has interviewed other individuals living in the United States in connection with the investigation.

The searches of the RCNY Office (the “RCNY Search”) and BRANSON’s person, as well as the Branson Interview, took place on or about September 29, 2020. BRANSON flew to Moscow, Russia, on or about October 20, 2020, and BRANSON does not appear to have returned to the United States since that date. In or about March 2021, BRANSON sold the RCNY Office, which had been her residence in New York City. During in or about October and November 2020, BRANSON’s then boyfriend 9 (“Boyfriend-1”) wired approximately $197,000 to two of BRANSON’s bank accounts at Russian banks.4 On or about October 15, 2021, RT, formerly known as Russia Today, a Russian state-controlled television station, published an interview conducted by Maria Butina5 of BRANSON. During this interview, BRANSON told Butina, in substance and in part, that BRANSON left the United States for Moscow approximately one month after the Branson Interview because BRANSON was “scared” and thought the “probability was very high” that she would be arrested if she stayed in the United States.6

3 The Branson Accounts include four email accounts and four social media accounts, including BRANSON’s Facebook account (the “Branson Facebook Account”).

So Branson will only be arrested if she decides to flee Putin’s increasingly totalitarian regime.

Unlike the prosecution of Jack Hanick, then, whose indictment may have been timed to tolling statutes of limitation last November and in which the US is working on getting him extradited from the UK, this complaint seems to be more about messaging in the wake of the Russian invasion of Ukraine.

As a messaging vehicle, it shows how Russia has committed to the “consolidation” of Russian diaspora, cultivating a Russian identity that can be used to mobilize political pressure (and, in Ukraine and the Baltics, justifications for imperialism).

In or about November 2015, Lavrov published an article titled “Russian World: Steering Towards Consolidation.” In this article, Lavrov wrote, in part, “The provision of support to the Russian world is an unconditional foreign-policy priority for Russia, as formalized by Russia’s Foreign Policy Concept. . . . Over the years, we have managed to elevate our work in this area to an entirely new level and to create effective cooperation mechanisms in close contact with representatives of foreign communities.”

Some of Branson’s activities are mundane cultural exchanges paid for by Russian government entities. Some sprinkle the names of likely spies or handlers in the description.

Perhaps most interesting, the complaint provides an interesting addition to this passage from the Mueller Report.

Later [on November 9, 2016, the day after Trump’s victory, Kirill] Dmitriev flew to New York, where Peskov was separately traveling to attend the chess tournament. 1020 Dmitriev invited Nader to the opening of the tournament and noted that, if there was “a chance to see anyone key from Trump camp,” he “would love to start building for the future.” 1021 Dmitriev also asked Nader to invite Kushner to the event so that he (Dmitriev) could meet him. 1022 Nader did not pass along Dmitriev’s invitation to anyone connected with the incoming Administration. 1023 Although one World Chess Federation official recalled hearing from an attendee that President-Elect Trump had stopped by the tournament, the investigation did not establish that Trump or any Campaign or Transition Team official attended the event. 1024 And the President’s written answers denied that he had. 1025

The complaint describes how Branson had been instructed to arrange a meeting with Trump or Ivanka in March 2016, around the same time Russia was hacking John Podesta, though the complaint is remarkably coy about whether Branson ever sent her draft letter to Trump Organization (and if so, whether it was among the documents showing direct ties to Russia that Trump Organization withheld from Mueller’s inquiry and SSCI).

In or about March 2016, BRANSON exchanged a series of emails with Minister-2. During these messages, in part, Minister-2 asked BRANSON to organize a meeting with CC-2 and the now-former President of the United States, who was then a candidate for the Republican presidential nomination, or his daughter, in New York. On or about March 23, 2016, BRANSON received an email from Minister-2 with the subject line “additional meetings of [CC-2].” The email stated, in part, that the author was requesting BRANSON’s assistance in organizing meetings for CC-2 with “the management” of certain specified U.S. companies. On or about March 16, 2016, BRANSON sent an individual, who was then-chair of KSORS, a draft letter addressed to the now-former President, inviting him to the Russia Forum New York in April 2016 and suggesting that if his “busy schedule will not permit your attending our forum, perhaps you can suggest one of your children . . . who have followed in your footsteps.” The draft invitation included BRANSON’s name and contact information in the signature block. There is no indication that the now-former President or his children attended the referenced meeting.

Branson’s complaint describes what would be a second attempt to get Trump to attend the Chess Championship, in addition to Kirill’s attempt to extend an invite through George Nader. Branson sent her invite to an unnamed Trump Advisor.

BRANSON also attempted to arrange meetings for Russian officials at the 2016 World Chess Championship, which was held in Manhattan, New York:

1. On or about November 9, 2016, CC-6 emailed BRANSON with the subject line “Chess business.” CC-6 wrote to BRANSON, in part, “as discussed we will try to get Kirsan online after tomorrow’s official press-conference is over around noon at Fulton Street Market Building, South Street Seaport NY[.]”20 On or about that same day, BRANSON responded to CC-6 and wrote “[CC-6], good evening! I can bring the ipad for a Skype session. I will contact the media. Need them at noon?”

2. On or about November 10, 2016, BRANSON emailed an advisor to the now-former President of the United States (“Advisor-1”), expressing congratulations for their victory in the presidential election and attaching an invitation to the World Chess Championship addressed to the then-President- elect. The invitation was signed by “President of the International Chess Federation (FIDE-FIDE).” There is no indication that the now-former President attended the referenced event.

3. On or about November 11, 2016, BRANSON was photographed at the World Chess Championship with CC-6 and a second individual who I recognize, based on my review of publicly available photographs, to be the current Press Secretary for Russian President Vladimir Putin.

20 Based on my training and experience, including my review of publicly available material, I have learned that Kirsan Ilyumzhinov is the former President of the Republic of Kalmykia in the Russian Federation and the former president of FIDE, the International Chess Federation. I have further learned that, on or about November 25, 2015, the United States Department of the Treasury designated Ilyumzhinov as a Specially Designated National for his involvement with the Government of Syria and related entities.

Here, the complaint reiterates the Mueller conclusion: there’s no evidence Trump attended the event. But it does raise questions about the completeness of the response Trump offered to Mueller’s questions, pertaining to whether Trump was asked to attend.

Were you asked to attend the World Chess Championship gala on November 10, 2016? If yes, who asked you to attend, when were you asked, and what were you told about about [sic] why your presence was requested? 1. Did you attend any part of the event? If yes, describe any interactions you had with any Russians or representatives of the Russian government at the event.

Were you asked to attend the World Chess Championship gala on November 10, 2016? If yes, who asked you to attend, when were you asked, and what were you told about about [sic] why your presence was requested? 1. Did you attend any part of the event? If yes, describe any interactions you had with any Russians or representatives of the Russian government at the event.

Response to Question V, Part (a)

I do not remember having been asked to attend the World Chess Championship gala, and I did not attend the event. During the course of preparing to respond to these questions, I have become aware of documents indicating that in March of 2016, the president of the World Chess Federation invited the Trump Organization to host, at Trump Tower, the 2016 World Chess Championship Match to be held in New York in November 2016. I have also become aware that in November 2016, there were press inquiries to my staff regarding whether I had plans to attend the tournament, which was not being held at Trump Tower. I understand these documents have already been provided to you.

Trump describes a March 2016 discussion about hosting the event and November press inquiries about whether he would attend it. But there’s no mention of a November 2016 invitation asking him to attend.

Yet the Branson complaint suggests there would have been an invitation to Trump, signed by the sanctioned Kirsan Ilyumzhinov, sent through an unnamed advisor. His response reflects only earlier (in March) communications about the chess championship, not anything sent on November 10 bearing Ilyumzhinov’s signature.

This is a signaling complaint, one that likely won’t lead to anyone’s arrest. But it should raise more questions about Donald Trump’s candor with Mueller back in 2018.

And we should expect more of the same. On Twitter, Brandon Van Grack, who would have been involved in Branson’s investigation when he ran the National Security Division’s FARA office and likely knows what else might be in the pipeline, suggested there’s probably more of the same to come.

It Is Not News that Bill Barr Lied to Protect Kleptocracy

/62 Comments/in , , /by

Let’s talk about what Bill Barr did in his second tenure as Attorney General.

Even before Jeff Sessions was fired, Barr decided — based on the false claims he saw on Fox News — that the allegations against Donald Trump were bullshit. He wrote up a memo suggesting that it was okay for the President to fire the FBI director to cover up his own crimes. And based on that audition, he was nominated and confirmed as Attorney General.

When the investigation into the aftermath of that firing shut down weeks after he was confirmed, Barr lied to downplay the degree to which the President had enthusiastically welcomed the help of a hostile country to get elected. Among the things his lies did was to hide that the investigation into whether Roger Stone conspired with Russia — with Trump’s full knowledge — remained ongoing, a detail that remains unreported everywhere but here. Barr also issued a prosecution declination for crimes still in progress, Trump’s ultimately successful effort to buy the silence of witnesses against him with pardons.

Barr poured whiskey to celebrate his old friend Robert Mueller’s frailty before Congress.

Then Barr turned to protecting Trump, Rudy Giuliani, and Sean Hannity when a whistleblower objected that Trump was extorting Volodymyr Zelenskyy for help on his reelection campaign. He did so in a number of ways, including interfering in legally mandated congressional and election oversight. He also stripped the whistleblower complaint to ensure that investigative steps put into place to protect national security in the wake of 9/11 wouldn’t tie Trump’s extortion attempt to an ongoing investigation into Ukrainian efforts to exploit Rudy Giuliani’s corruption to protect (Russian-backed) Ukrainian corruption. Barr’s efforts to hide the national security impact of Russian-backed Ukrainian efforts to corrupt American democracy gave Republicans cover — cover that every single Republican save Justin Amash and Mitt Romey availed themselves of — to leave Trump in place even after he put his own personal welfare above national security.

Then Barr turned to undoing the work of the Russian investigation. After Judge Emmet Sullivan ruled that the case against Mike Flynn was sound and Michael Horowitz concluded that the Russian investigation was not a partisan witch hunt, Barr assigned multiple investigators — John Durham and Jeffrey Jensen — to create a new set of facts claiming it was. He intervened to minimize the punishment against Stone, in the process claiming that threats against a witness and a judge — involving the same militias that would go on to lead an attack on the Capitol on January 6 — were mere technicalities. In his attempt to shield Stone from punishment, Barr ensured that the then-ongoing investigation into Stone’s suspected conspiracy with Russia would go nowhere. Barr’s efforts to attack Emmet Sullivan for refusing to rubber stamp Barr’s corruption resulted in a death threat against the judge. Barr’s effort to invent excuses to dismiss the prosecution against Flynn included altering documents and permitting an FBI agent who had sent pro-Trump texts on his FBI device to make claims in an interview that conflicted with the agent’s own past actions.

Barr used COVID as an excuse to let Paul Manafort serve his sentence in his Alexandria condo until such time as Trump pardoned his former campaign manager for lying about the help from Russia he used to get elected.

Barr took several measures to protect Rudy Giuliani from any consequences for his repeated efforts to get help for Donald Trump from Russian-backed Ukrainians, including outright Agents like Andrii Derkach. He ensured that the existing SDNY investigation into Rudy could not incorporate Rudy’s later efforts to solicit Russian-backed Ukrainian help. He attempted to fire Geoffrey Berman. He set up a parallel process so that DOJ could review the fruits of Rudy’s influence peddling for potential use against Trump’s campaign opponent.

This is just a partial list of the false claims that Bill Barr mobilized as Attorney General to ensure that the United States remained saddled with a President who repeatedly welcomed — at times extorted — Russian-backed help to remain as President.

It is not news that Bill Barr corrupted DOJ and lied to protect kleptocracy — in its American form of Donald Trump, but also, by association, in Putin’s efforts to exploit American venality to corrupt democracy.

Nevertheless, multiple outlets have decided that now — during Russia’s unprovoked attack on Ukraine — is a good time to invite Bill Barr onto TV or radio to tell further lies to spin his own role in protecting kleptocracy, Russian and American. They appear to think they’re clever enough to catch a shameless liar in a lie — or perhaps believe the news value of having Barr explain that he’d prefer a competent fascist to Trump but if Trump is all he gets, he prefers that to actual democracy.

You cannot win an interview with Bill Barr. Gaslighters like Barr are too skilled at exploiting our attention economy. The mere act of inviting him on accords a man who did grave damage to the Department of Justice and the Constitution in service of kleptocracy as a respectable member of society. Even assuming you’re prepared enough to challenge his lies (thus far none of the journalists who interviewed Barr has been), he’ll claim your truth, the truth, is just partisanship designed to smear those who believe kleptocracy is moral. More likely, you’ll end up like Savanah Guthrie did, letting Barr claim, unchallenged, that the allegation that Russia conducted a concerted effort to compromise Trump is a lie.

Before Russia invaded a peaceful country, it attempted to achieve the same ends by cultivating Trump, by trading him electoral advantage for Ukrainian sovereignty. Bill Barr was a central part in letting that effort continue unchecked until January 20, 2021.

If you invite him on to do anything other than apologize to Ukraine and the United States, you are part of the problem.