John Bolton Will Get to Start His Iran War Because Nine Iranians Stole Academic Dissertations

Earlier today, Rod Rosenstein rolled out a dangerously vague indictment of nine Iranians, allegedly tied to the Revolutionary Guard, for hacking hundreds of universities and some private companies and NGOs.

I say it’s dangerously vague because, while it’s clear the Iranians compromised thousands of university professors, it’s not clear precisely what they stole. But it appears that most of data stolen from universities (some privacy companies, government agencies, and NGOs were targeted too) consists of scholarship.

[M]embers of the conspiracy used stolen account credentials and obtained unauthorized access to victim professor accounts, though which they then exfiltrated, or transferred to themselves, academic data and documents from the systems of compromised universities, including, among other things, academic journalist, these, dissertations, and electronic books.

The indictment describes the stolen data benefitting (along with the IRGC) “Iran-based universities.” And it specifies that the hackers sold the information so that Iranians could access US academic online libraries.

Magapaper sold stolen academic resources to customers within Iran, including Iran-based public universities and institutions, and Gigapaper sold a service to customers within Iran whereby purchasing customers could use compromised university professor accounts to directly access the online library systems of particular United States-based and foreign universities.

The indictment claims the Iranians stole “academic data and intellectual property” which cost the affected 144 US universities “$3.4 billion to procure and access.” But that’s reminiscent of the Aaron Swartz case (to which several people have likened this), where the prosecutor justified pursuing Swartz because he had downloaded “intellectual property that cost millions to create,” something like 4.75 million articles and 87 Gigabytes of data (See the extensive discussion about cost and damages in this MIT report.) DOJ accuses the Iranians of stealing 31 terabytes of data.

As I said, this is a dangerously vague indictment. And, from the metadata, it appears that the indictment may be more than a month old. ( h/t z3dster)

There are also not dates on any of the signature lines, so it may be this indictment has just been sitting in a drawer in southern Manhattan, waiting to serve as a casus belli.

Perhaps there was more sensitive data stolen here. Perhaps the professors who got hacked were more selectively targeted than the sheer number of academics targeted — 100,000 got phished, with almost 8,000 responding — suggests.

But absent far more details, this indictment seems to make an international incident out of people in a very closed society trying to access academic information that is readily available here.

I’ve long written about the potential downsides of indicting nation-state hackers, which is effectively what these guys are — particularly the possibility that doing so will invite retaliation against our own official hackers. But in some cases — with the OPM hack, with hacks of national security information, with the Russians who targeted the election — that might make sense.

But indicting nation-state hackers for stealing dissertations?

Update: This confirms what z3dster noted: this thing has been sealed since February 7. Why? And why did it get unsealed the day after Bolton was hired?

The Daily Beast Guccifer Scoop and Those GRU Officers Sanctioned Last Week

The Daily Beast has a story reporting (in addition to the already reported news that the DNC hack got moved under Robert Mueller) that the person behind the Guccifer 2.0 persona “slipped up” once and failed to use the VPN hiding his location in the GRU headquarters in Moscow.

[O]n one occasion, The Daily Beast has learned, Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation.

The US identified which particular officer was behind the Guccifer persona.

Working off the IP address, U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow.

And then, according to TDB, the Guccifer persona was handed off to a more experienced GRU officer, with better English skills.

Sometime after its hasty launch, the Guccifer persona was handed off to a more experienced GRU officer, according to a source familiar with the matter. The timing of that handoff is unclear, but Guccifer 2.0’s last blog post, from Jan. 12, 2017, evinced a far greater command of English that the persona’s earlier efforts.

TDB’s sources did not reveal the name of the officer identified from the VPN “slip up.”

The Daily Beast’s sources did not disclose which particular officer worked as Guccifer.

But we may already know the name or names of the GRU officers involved. As I noted last week, Treasury added two names to the list of GRU officers sanctioned in conjunction with the DNC hack: Sergei Afanasyev and Grigoriy Viktorovich Molchanov. Both would actually be (very) experienced officers — they are 55 and 62. And both include very interesting “as of” dates identifying the last point when our intelligence officials identified their positions: February 2017 and April 2016, respectively.

The latter is of particular interest, as it came during the period when Guccifer 2.0 was setting up his infrastructure. But the government doesn’t know a ton about this guy — they know his birth year, but not his birth date, and possibly not even his passport information.

In any case, last week, the government revealed two new people it blames (and therefore sanctioned) for the DNC hack.

As TDB notes, the revelation that the government has tied Guccifer 2.0 to a known GRU officer is utterly damning for Roger Stone, who has admitted talking to him. But they don’t lay out how squirrelly Stone was in early March when trying to deny he was in trouble for his dalliances with Guccifer 2.0 and Wikileaks, which I laid out here.

In his response he does the following:

  • Raises doubts that he was actually talking to Guccifer 2.0 (even though Guccifer 2.0’s only identity was virtual, so Stone’s online interactions with any entity running the Guccifer Twitter account would by definition be communication with Guccifer 2.0)
  • Repeats his earlier doubts that Guccifer 2.0 is a Russian operative
  • Emphasizes that he couldn’t have couldn’t have been involved in any hack of the DNC Guccifer 2.0 had done because he first spoke to him six weeks after the email release (in reality, he was speaking to him three weeks after the Wikileaks release)
  • Admits he once believed Guccifer 2.0 did the hack but (pointing to the Bill Binney analysis, and giving it a slightly different focus than he had in September) claims he no longer believes that
  • Invents something about a WaPo report that’s not true, thereby shifting the focus to receiving documents (as opposed to, say, information)
  • Denies he received documents from anyone but not that he saw documents (other than the Wikileaks ones) before they were released

This denial stops well short of explaining why he reached out to Guccifer. And it does nothing to change the record — one backed by his own writing — that Stone reached out because he believed Guccifer, whoever he might be, had hacked the DNC.

At the time Stone reached out to Guccifer (as I pointed out, he misrepresented the timing of this somewhat in his testimony), he believed Guccifer had violated the law by hacking the DNC.

He never does explain to Todd why he did reach out.

Guccifer 2.0 never comes back in the remainder of the interview.

Just weeks ago, when his buddy Sam Nunberg was giving (potentially immunized) testimony to the grand jury, Stone was really really squirrelly about whether his conversations with Guccifer 2.0 put him at legal jeopardy. The confirmation of the GRU tie may provide one reason why he’s so squirrelly.

Update: As Kaspersky’s Aleks Gostev notes, Treasury should know far more on Sergei Afanasyev. RT publicly described him as Deputy Chief of GRU in April 2016. And Molchanov is, at least now, head of GRU’s academy.

How the DNC Hack Skeptics’ Dominant Theory Sinks Stone

I’ve been thinking about something since I wrote this piece on Roger Stone’s Swiss cheese denials of conspiring with Guccifer 2.0 or Wikileaks on the hack-and-leak. As I laid out, Stone’s denial consists of two tactics: he admits he spoke with Guccifer 2.0 at a time he believed him to have done the hack but notes that that happened after (he claims six weeks, but it was really three) the documents already started coming out. And he denies knowing anything in advance about Wikileaks, which wouldn’t be a problem anyway, he says, because there’s no evidence Wikileaks is a Russian asset.

Effectively, that puts Stone’s involvement after the undeniably criminal act — the hack of the DNC and puts the rest into simple general foreknowledge of Wikileaks’ plan.

As I noted in my first post on Stone’s non-denials, that doesn’t address the possibility he was involved in the Peter Smith led rat-fuck negotiations with Russian hackers to find Hillary’s deleted emails.

But there’s one other problem with it.

According to the public record, Guccifer 2.0 first spoke with Stone on August 12 (though in his statement to Congress, he fudged that date interestingly and claimed the first contact — perhaps meaning DM — was August 14). While that post-dates all known hacking, it pre-dates at least one and possibly several key dates on the leak part of the operation. As Raffi Khatchadourian lays out, Wikileaks may have obtained the John Podesta emails around this time.

A pattern that was set in June appeared to recur: just before DCLeaks became active with election publications, WikiLeaks began to prepare another tranche of e-mails, this time culled from John Podesta’s Gmail account. “We are working around the clock,” Assange told Fox News in late August. “We have received quite a lot of material.” It is unclear how long Assange had been in possession of the e-mails, but a staffer assigned to the project suggested that he had received them in the late summer: “As soon as we got them, we started working on them, and then we started publishing them. From when we received them to when we published them, it was a real crunch. My only wish is that we had the equivalent from the Republicans.”

All of the raw e-mail files that WikiLeaks published from Podesta’s account are dated September 19th, which appears to indicate the day that they were copied or modified for some purpose.

Indeed, Stone’s “Podesta time in the barrel” comment, which Chuck Todd noted addressed Tony but not John Podesta, may even have preceded Wikileaks’ receipt of the emails.

But Stone’s discussions with Guccifer 2.0 undeniably precede an event that, at least according to the skeptics’ theory, necessarily precedes the publication of Podesta’s emails. That’s Craig Murray obtaining … something from someone while he was in the US for the Sam Adams Award on September 25. He has said he didn’t obtain the documents, but it might be a key or something.

That still doesn’t, by itself, make Stone’s conduct criminal. But it does mean his timeline is not exonerating.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Reality Winner: The Cost of Mounting a Defense Arguing the Government Overclassifies

In this Democracy Now appearance, Reality Winner’s mom, Billie Winner-Davis, suggested that, whereas her case had originally been due to go to trial next month, it now looks like it will stretch into 2019.

We do not have a trial date at this point. The trial was originally scheduled for October, and then it was pushed to March. But as of right now, we do not have a new trial date. So we don’t know when she will be—face the jury. What I’m being told is that it will be late 2018, if not early February 2019.

Earlier this week the two sides submitted a proposed schedule that shows even that may be optimistic. Because Winner’s defense wants to use classified information to argue the document she is accused of releasing is not national defense information, it has to go through the onerous Classified Information Procedures Act process (see this for a description of the CIPA process) to get that information approved for use in a trial. If I’m doing the math correctly, most optimistically the proposed schedule looks like this:

  • March 30, 2018: Defense submits all proposed subpoenas
  • April 30: Deadline for discovery, including remainder of government’s CIPA Section 4
  • June 14: Government’s Rule 16 expert disclosures
  • July 14: Defendant’s Rule 16 expert disclosures, if they already have clearance (former ISOO head, Bill Leonard, who is already serving as expert witness already has clearance)
  • July 29: Defendant’s amended CIPA 5 notice
  • August 13: Government’s supplemental Rule 16 expert disclosures due, government’s objections to adequacy of defendant’s CIPA 5 notice
  • September 10: Government’ CIPA 6(a) motion
  • October 1: Defendant’s response to government’s CIPA 6(a) motion
  • October 15: Government’s reply to CIPA 6(a) motion
  • October 21: CIPA hearing (this is where the two sides argue about what classified information the defense needs to make her case)

At this point, there would either be 42 days to argue about CIPA 6(c) motion (where the government proposes unclassified substitutes). If that happens, it will be 90 days until trial, meaning it would start March 1. If it doesn’t, then the trial would skip that 42 day process and presumably drop into very early 2019).

  • Early January 2019 or March 1: Trial start

Again, this is a joint proposal, meaning the defense is on board with the long delay. Either they think they can win a graymail attempt (meaning the judge agrees they should get the classified information but the government refuses to provide adequate substitutes and so is forced to dismiss the case) or they believe they can make a case (with the help of Leonard) on the NDI claims generally. They may also anticipate that other events — the Mueller investigation, the congressional investigations into the Russian hack, state investigations, or more journalism — may make it clear how absurd it is to try Winner for information that has become publicly available as we have a public discussion about what the Russians did in 2016.

But if not, because (unlike most other people save Hal Martin recently charged under the Espionage Act) she will have been in jail for 19 months assuming an early January 2019 trial, or 21 months assuming a March 2019 trial. Winner is charged with one count of willful retention and dissemination of National Defense Information.

By comparison, Jeffrey Sterling, who was found guilty on nine counts, including five unauthorized disclosure counts, was sentenced to 42 months (the government had been asking for nine years, but Leonie Brinkema seemed to have reservations about the evidence behind a number of the guilty verdicts, and the sentencing came in the wake of the David Petraeus sweetheart two years of probation plea deal). Admittedly, the government piled on the charges in that case, whereas here they charged as one count things they might have charged as several (by charging both the leaks to The Intercept and WaPo, for example, or by charging her for not telling the full truth to the FBI). Nevertheless, Sterling was accused of exposing a critically sensitive program and an intelligence asset, whereas Winner is charged with leaking one document in an environment where very similar information is being leaked or released by multiple government sources.

Stephen Jin-Woo Kim, who pled guilty to one count of disseminating NDI pertaining to CIA resources in North Korea, was sentenced to 13 months.

This is the no-win situation Winner is in, trying to challenge her conviction after having been denied bail. Because of the way we deal with classified information, she’ll have served a likely full sentence by the time she gets to trial.

It still may be worth it. After all, if she wins at trial, she’ll avoid a record as a felon.

But the larger battle seems to be one about the ridiculousness of our classification system. As Leonard said (see PDF 99-100) in his declaration to explain why he was providing his services pro bono in this case, he believes the kind of overclassification of information that may be at issue here amounts to degrading the entire classification system.

My motivation for becoming involved in this case. was my concern for the integrity of the classification system. I strongly believe that classification is a critical national security tool and that the responsibilities of cleared individuals to properly protect classified information are profound. At the same time, government agencies have equally profound responsibilities and in this regard, I have long witnessed the over•classification of rnfonnation within the Executive Branch due to the failure of agencies to fulfill these responsibilities. In this way, the actions of agencies can actually undermine the integrity of the classification system in that to be effective, it must be used with precision. As Justice Potter Stewart said in the Pentagon Papers case, “when everything is classified, then nothing is classified … ”

[snip]

My involvement in [two prior prosecutions, that of Steven Rosen and Thomas Drake] confirmed for me the importance~ especially in criminal prosecutions, of not allowing representatives of the Executive Branch to simply assert that certain information is classified or closely held or potentially damaging if disclosed.

That is, Winner might prove a point: that this kind of information should be more accessible to the public.

But along the way she will have paid a very costly price.

Update, March 15: After two hearings, Magistrate Brian Epps cut two months off this schedule, setting Winner’s trial date for October 15. That will mean she will have been in jail over 16 months by the time of her trial.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Preferred Anti-Obama Russian Hack Story Remains Silent on Shadow Brokers

Michael Isikoff and David Corn are fluffing their upcoming book on the Russian tampering with the 2016 election. This installment covers the same ground, and the same arguments, and has the same weaknesses that this WaPo article did: It describes how urgent but closely held the CIA tips were (without considering whether the close hold on the intelligence led the IC to make incorrect conclusions about the attack). It describes efforts to make a public statement that got drowned out by the Pussy Grabber and Podesta releases. It airs the disappointment of those who thought Obama should have launched a more aggressive response.

Perhaps the biggest addition to the WaPo version is that this one includes more discussion of Obama’s thoughts on cyber proliferation, with the acknowledgement that the US would be more vulnerable than Russia in an escalating cyber confrontation.

Michael Daniel and Celeste Wallander, the National Security Council’s top Russia analyst, were convinced the United States needed to strike back hard against the Russians and make it clear that Moscow had crossed a red line. Words alone wouldn’t do the trick; there had to be consequences. “I wanted to send a signal that we would not tolerate disruptions to our electoral process,” Daniel recalled. His basic argument: “The Russians are going to push as hard as they can until we start pushing back.”

Daniel and Wallander began drafting options for more aggressive responses beyond anything the Obama administration or the US government had ever before contemplated in response to a cyberattack. One proposal was to unleash the NSA to mount a series of far-reaching cyberattacks: to dismantle the Guccifer 2.0 and DCLeaks websites that had been leaking the emails and memos stolen from Democratic targets, to bombard Russian news sites with a wave of automated traffic in a denial-of-service attack that would shut the news sites down, and to launch an attack on the Russian intelligence agencies themselves, seeking to disrupt their command and control modes.

[snip]

One idea Daniel proposed was unusual: The United States and NATO should publicly announce a giant “cyber exercise” against a mythical Eurasian country, demonstrating that Western nations had it within their power to shut down Russia’s entire civil infrastructure and cripple its economy.

[snip]

The principals did discuss cyber responses. The prospect of hitting back with cyber caused trepidation within the deputies and principals meetings. The United States was telling Russia this sort of meddling was unacceptable. If Washington engaged in the same type of covert combat, some of the principals believed, Washington’s demand would mean nothing, and there could be an escalation in cyber warfare. There were concerns that the United States would have more to lose in all-out cyberwar.

“If we got into a tit-for-tat on cyber with the Russians, it would not be to our advantage,” a participant later remarked. “They could do more to damage us in a cyber war or have a greater impact.” In one of the meetings, Clapper said he was worried that Russia might respond with cyberattacks against America’s critical infrastructure—and possibly shut down the electrical grid.

[snip]

Asked at a post-summit news conference about Russia’s hacking of the election, the president spoke in generalities—and insisted the United States did not want a blowup over the issue. “We’ve had problems with cyber intrusions from Russia in the past, from other counties in the past,” he said. “Our goal is not to suddenly in the cyber arena duplicate a cycle escalation that we saw when it comes to other arms races in the past, but rather to start instituting some norms so that everybody’s acting responsibly.”

The most dramatic part of the piece quotes an angry Susan Rice telling her top Russian expert to stand down some time after August 21.

One day in late August, national security adviser Susan Rice called Daniel into her office and demanded he cease and desist from working on the cyber options he was developing. “Don’t get ahead of us,” she warned him. The White House was not prepared to endorse any of these ideas. Daniel and his team in the White House cyber response group were given strict orders: “Stand down.” She told Daniel to “knock it off,” he recalled.

Daniel walked back to his office. “That was one pissed-off national security adviser,” he told one of his aides.

But like the WaPo article before it, and in spite of the greater attentiveness to the specific dates involved, the Isikoff/Corn piece makes not one mention of the Shadow Brokers part of the operation, which first launched just as NSC’s Russian experts were dreaming up huge cyber-assaults on Russia.

On August 13, Shadow Brokers released its first post, releasing files that had compromised US firewall providers and including a message that — while appearing to be an attack on American Elites and tacitly invoking Hillary — emphasizes how vulnerable the US would be if its own cybertools were deployed against it.

We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites?

Sure, it’s possible the IC didn’t know right away that this was a Russian op (though Isikoff and Corn claim, dubiously and in contradiction to James Clapper’s November 17, 2016 testimony, that the IC had already IDed all the cut-outs Russia was using on the Guccifer 2.0 and DC Leaks operations). Though certainly the possibility was publicly discussed right away. By December, I was able to map out how it seemed the perpetrators were holding the NSA hostage to any retaliation attempts. Nice little NSA you’ve got here; it’d be a shame if anything happened to it. After the inauguration, Shadow Brokers took a break, until responding to Trump’s Syria strike by complaining that he was abandoning those who had gotten him elected.

Respectfully, what the fuck are you doing? TheShadowBrokers voted for you. TheShadowBrokers supports you. TheShadowBrokers is losing faith in you. Mr. Trump helping theshadowbrokers, helping you. Is appearing you are abandoning “your base”, “the movement”, and the peoples who getting you elected.

That was followed by a release of tools that would soon lead to billion dollar attacks using repurposed NSA tools.

As recently as February, the NSA and CIA were still trying to figure out what Russia (and the stories do appear to confirm the IC believed this was Russia) had obtained.

I mean, it’s all well and good to complain that Obama asked the NSC to stand down from its plans to launch massive cyberattacks as a warning to Putin. But you might, first, consider whether that decision happened at a time when the US was facing far greater uncertainty about our own vulnerabilities on that front.

Three Things: This Matin, Think Latin

I have three things cluttering up my notes — just big enough to give pause but not big enough for a full post. I’ll toss them out here for an open thread.

~ 3 ~
Aluminum -> Aeronautics -> Stock Market and Spies
I’ve spent quite a while researching the aeronautics industry over the couple of years, trying to make sense out of a snippet in the Buryakov spy case indictment. The three spies were at one point digging into an aeronautics company, but the limited amount of information in the indictment suggested they were looking at a non-U.S. company.

You can imagine my surprise on December 6, 2016, when then-president-elect tweeted about Boeing’s contract for the next Air Force One, complaining it was too expensive. Was it Boeing the spies were discussing? But the company didn’t fit what I could see in the indictment, though Boeing’s business is exposed to Russia, in terms of competition and in terms of components (titanium, in particular).

It didn’t help that Trump tweeted before the stock market opened and Boeing’s stock plummeted after the opening bell. There was plenty of time for dark pool operators to go in and take positions between Trump’s tweet and the market’s open. What an incredible bonanza for those who might be on their toes — or who knew in advance this was going to happen.

And, of course, the media explained this all away as Trump’s “Art of the Deal” tactics, ignoring the fact he wasn’t yet president and he was renegotiating the terms of a signed government contract before he took office. (Ignoring also this is not much different than renegotiating sanctions before taking office…)

I was surprised again only a couple weeks later about Boeing and Lockheed; this time I wasn’t the only person who saw the opportunity, though the timing of the tweet and market opening were different.

Again, the media took note of the change in stock prices before rolling over and playing dead before the holidays.

There have been a few other opportunities like this to “take advantage of the market,” though they are a bit more obscure. Look back at the NYSE and S&P trends whenever Trump has tweeted about North Korea; if one knew it was coming, they could make a fortune.

A human would only need the gap as long as that between a Fox and Friends’ mention of bad, bad North Korea and a corresponding Trump tweet to make the play (although one might have to watch that vomit-inducing program to do this). An algorithm monitoring FaF program and Trump tweets would need even less time.

Yesterday was somebody’s platinum opportunity even if Trump was dicking around with U.S. manufacturers (including aeronautics companies) and global aluminum and steel producers. His flip-flop on tariffs surely made somebody beaucoup bucks — maybe even an oligarch with a lot of money and a stake in one of the metals, assuming he knew in advance where Trump was going to end up by the close of the market day. The market this morning is still trying to make sense of his ridiculous premise that trade wars are good and winnable; too bad the market still believes this incredibly crappy businessman is fighting a war for U.S. trade.

Just for the heck of it, go to Google News, search for [trump tariffs -solar], look for Full Coverage, sort by date and not relevance. Note how many times you see Russia mentioned in the chronologically ordered feed — mine shows exactly zero while China, Korea, Germany are all over the feed. I sure hope somebody at the SEC is paying as much attention to this as cryptocurrency.

I suppose I have to spell this out: airplanes are made of aluminum and steel, capisce?

~ 2 ~
Italian Son
One niggling bit from Glenn Simpson’s testimony for Fusion GPS before the Senate Intelligence Committee has stuck with me. I wish I could time travel and leave Simpson a note before testimony and tell him, “TELL US WHAT YOU SEE, GLENN!” when he is presented with Paul Manafort’s handwritten notes. The recorder only types what was actually said and Glenn says only the sketchiest bit about what he sees. Reading this transcript, we have only the thinnest amount of context to piece together what he sees.

Q. Do any of the other entries in here mean anything to you in light of the research you’ve conducted or what you otherwise know about Mr. Browder?

A. I’m going to — I can only speculate about some of these things. I mean, sometimes —

MR. LEVY: Don’t speculate.

A. Just would be guesses.

Q. Okay.

A. I can skip down a couple. So “Value in Cyprus as inter,” I don’t know what that means.”Illici,” I don’t know what that means. “Active sponsors of RNC,” I don’t know what that means. “Browder hired Joanna Glover” is a mistaken reference to Juliana Glover, who was Dick Cheney’s press secretary during the Iraq war and associated with another foreign policy controversy. “Russian adoptions by American families” I assume is a reference to the adoption issue.

Q. And by “adoption issue” do you mean Russia prohibiting U.S. families from adopting Russian babies as a measure in response to the Magnitsky act?

A. I assume so.

Bold mine, to emphasis the bit which has been chewing away at me. “Illici” could be an interrupted “illicit”; the committee and Simpson use the word or a modifier, illicitly, eight times during the course of their closed door session. It’s not a word we use every day; the average American Joe/Josie is more likely to use “illegitimate” or the even more popular “illegal” to describe an unlawful or undesirable action or outcome.

(I’m skeptical Manafort was stupid enough to begin scratching out “illicit” and catch himself in time, but then I can’t believe how stupid much of this criminality has been.)

But the average American Joe/Josie doesn’t travel abroad, speak with Europeans often, or speak second languages. The average white Joe/Josie may be three or more generations from their immigrant antecedents.

Not so Mr. Manafort, who is second generation Italian on both sides of his family. He may speak some Italian since his grandfather was an immigrant — and quite likely Catholic, too. Hello, Latin masses in Italian American communities.

Did Manafort mean “illici,” a derivative of Latin “illicio,” which means to entice or seduce? Or was it a corrupted variant of Latin “illico,” which means immediately?

Or is Manafort a bad speller who really meant either “elici”, “elicio,” or “elicit,” meaning to draw out or entice?

Like Simpson, these are just guesses. Only Manafort really knows and I seriously doubt he’ll ever tell what he meant.

~ 1 ~
If you haven’t checked your personal online privacy and cybersecurity recently, give Privacy Haus’s checklist a look. Nearly all of the items I’ve already addressed but I tried one of the items suggested as a fix to an ongoing challenge. Good stuff!

~ 0 ~
That’s it, have at it in this open thread! One last thing: if you didn’t read Marcy’s op-ed, Has Jared Kushner Conspired to Defraud America? in Wednesday’s NYT, you should. You’re going to need it as part of a primer going forward.

NBC’s Broken Story about Mueller Charging the DNC Hackers

NBC has a BROKEN story reporting that Robert Mueller is contemplating charges against the people who carried out the hack of the DNC (and other targets) in 2016.

Special Counsel Robert Mueller is assembling a case for criminal charges against Russians who carried out the hacking and leaking of private information designed to hurt Democrats in the 2016 election, multiple current and former government officials familiar with the matter tell NBC News.

Much like the indictment Mueller filed last month charging a different group of Russians in a social media trolling and illegal-ad-buying scheme, the possible new charges are expected to rely heavily on secret intelligence gathered by the CIA, the FBI, the National Security Agency (NSA) and the Department of Homeland Security (DHS), several of the officials say.

Mueller’s consideration of charges accusing Russians in the hacking case has not been reported previously. Sources say he has long had sufficient evidence to make a case, but strategic issues could dictate the timing. Potential charges include violations of statutes on conspiracy, election law as well as the Computer Fraud and Abuse Act. One U.S. official briefed on the matter said the charges are not imminent, but other knowledgeable sources said they are expected in the next few weeks or months. It’s also possible Mueller opts not to move forward because of concerns about exposing intelligence or other reasons — or that he files the indictment under seal, so the public doesn’t see it initially.

As they have frequently of late, they misunderstand the story they’re telling. They misunderstand this sentence, entirely.

Mueller’s consideration of charges accusing Russians in the hacking case has not been reported previously.

It’s not news, at all, that DOJ was considering charges against those who carried out the hack. Nor is it news that DOJ had enough evidence to charge people in it.

Here’s what WSJ reported on those two topics in November, almost exactly four months ago.

The Justice Department has identified more than six members of the Russian government involved in hacking the Democratic National Committee’s computers and swiping sensitive information that became public during the 2016 presidential election, according to people familiar with the investigation.

Prosecutors and agents have assembled evidence to charge the Russian officials and could bring a case next year, these people said. Discussions about the case are in the early stages, they said.

[snip]

The pinpointing of particular Russian military and intelligence hackers highlights the exhaustive nature of the government’s probe. It also suggests the eagerness of some federal prosecutors and Federal Bureau of Investigation agents to file charges against those responsible, even if the result is naming the alleged perpetrators publicly and making it difficult for them to travel, rather than incarcerating them. Arresting Russian operatives is highly unlikely, people familiar with the probe said.

So: not news that DOJ had pinpointed Russians responsible, not news they were planning on charges “next year” last year, which would mean, “this year” this year.

What is news is that this reporting from the WSJ report is no longer operative.

Federal prosecutors and federal agents working in Washington, Pittsburgh, San Francisco and Philadelphia have been collaborating on the DNC investigation. The inquiry is being conducted separately from Special Counsel Robert Mueller’s investigation of alleged Russian meddling in the 2016 election and any possible collusion by President Donald Trump’s associates.

[snip]

The Justice Department and FBI investigation into the DNC hack had been under way for nearly a year, by prosecutors and agents with cyber expertise, before Mr. Mueller was appointed in May. Rather than take over the relatively technical cyber investigation, Mr. Mueller and the Justice Department agreed that it would be better for the original prosecutors and agents to retain that aspect of the case, the people familiar with the Justice Department-FBI probe said. [my emphasis]

Mind you, we’ve since learned that Ryan Dickey got added to Mueller’s team … oh, in November. And contrary to what NBC says about the heavy reliance, in the Internet Research Agency indictment, “on secret intelligence gathered by the CIA, the FBI, the National Security Agency (NSA) and the Department of Homeland Security (DHS),” it really wasn’t all that sophisticated from a cybersecurity standpoint. Especially not once you consider the interesting forensics on it (aside from IDing the IRA’s VPNs) would have come from Facebook and Twitter.

You don’t need Dickey’s talents for the IRA indictment. You need him for something that is technical.

I’ll leave it for you to consider what it means that Mueller subsumed this part of the investigation even as WSJ was reporting he wasn’t going to do that. I’ll leave you to consider, too, what it means that they brought in a prosecutor with the ability to try these things.

But understand that the news here is not that DOJ is contemplating indicting the people behind the DNC hack. WSJ already scooped that story. It’s that Mueller, not prosecutors in Pittsburgh, San Francisco and Philadelphia, are going to charge it.

What Lies Beneath the Gates

[NB: Note the byline; this post is speculative. /~Rayne]

It’s amazing what a simple internet search can reveal. Take, for instance, a search using the rather innocuous parameters, [“rick gates” iii “press release”].

A little scrolling and presto — some interesting things surface.

Did you know that Rick Gates had served on the board of ID Watchdog, a “consumer-facing identity theft protection and resolution services” firm for use in safeguarding personal credit? But that’s not the entire story; take a look at this timeline:

2010 — Gates, along with his business partner Paul Manafort, worked as an unregistered agent for Victor Yanukovych (who would take office as Ukraine’s president in 2010) and Yanukovych’s political parties. Gates and Manafort represented Yanukovych from at least 2006 through 2015, laundering Yanukovych’s payments through scores of U.S. and foreign entities and bank accounts, using foreign nominee companies and bank accounts created/opened by them and their accomplices in nominee names and in various foreign countries (see DOJ’s indictment dated 27-OCT-2017).

19-APR-2011 — Gates joined the board of publicly-listed credit monitoring firm ID Watchdog. Gates bio from the press release:

Mr. Gates has over 15 years of international political, finance and business development experience working for multinational firms. Currently, he is the managing partner of Pericles LP, a private equity fund, that focuses on technology, infrastructure, and real estate targets. Much of his work focuses on investment, business development and deal structures in Europe.

Mr. Gates has worked on several US presidential campaigns and has participated in many international political campaigns in Europe and Africa. Mr. Gates graduated with a M.A. in Public Policy from George Washington University and a B.A. in Government from The College of William & Mary. He also completed the Executive Management Programme in Brussels and London.

26-JUL-2011 — 2010 tax filing (assume Gates filed his taxes on/about this time in the absence of confirmation by image of tax return); a fraudulent tax return was filed.

11-OCT-2012 through 14-OCT-2015 — Gates under-reported his income, filing fraudulent tax returns during this period which did not reflect full amount of payments from Yanukovych and parties. Gates also did not file Foreign Bank and Financial Accounts (FBAR) reports disclosing offshore bank accounts from which cash was wired after being laundered through numerous shell businesses.

21-JUN-2016 — When Paul Manafort was elevated by Donald Trump to campaign chair after firing Corey Lewandowski, Gates worked as Manafort’s deputy. He would remain deputy after Manafort resigned on August 19.

09-NOV-2016 — Gates stepped down from his role at ID Watchdog, a day after the 2016 presidential election. He then became deputy chairman of the inaugural committee.

??-DEC-2016 — A security researcher notified credit reporting company Equifax that an employee portal was open to the internet and vulnerable.

07-MAR-2017 — A patch was issued for the Apache Struts (CVE-2017-5638) vulnerability.

??-MAR-2017 — Equifax was hacked for the first known time; it contacted Mandiant for assistance. It did not notify the government or consumers.

…the company said it experienced a security incident involving a payroll-related service during the 2016 tax season earlier this year. Equifax said the incident was reported to customers, affected individuals and regulators.

??-JUN-2017 — Equifax closed the vulnerable employee portal

16-JUN-2017 — ID Watchdog announced it had agreed to be acquired by Equifax.

13-MAY/30-JUL-2017 — From Equifax’s press release dated September 15:

Based on the company’s investigation, Equifax believes the unauthorized accesses to certain files containing personal information occurred from May 13 through July 30, 2017.

29-JUL-2017 — Date which Equifax’s CEO said a breach was first noticed.

01/02-AUG-2017 — Four Equifax executives who sold a combined $2 million in company stock over these two days claimed they did not know about the breach at the time they traded their shares.

02-AUG-2017 — Equifax contacted Mandiant to conduct a forensic investigation into the breaches. The fourth of four Equifax executives sold a portion of his company stock on the same day.

10-AUG-2017 — Equifax announced it had acquired ID Watchdog.

07-SEP-2017 — Equifax notified the public that it has been breached and 145.5 million consumers’ credit data has been exposed.

18-SEP-2017 — Equifax’s earlier breach in March was made public.

27-SEP-2017 — Consumer Financial Protection Bureau’s then-Director Richard Cordray said regulators would be embedded within credit reporting companies to prevent future breaches of consumers’ data.

15-OCT-2017 — About this time, local news reported Gates was still working for Tom Barrack, CEO of Colony Capital and a member of the Presidential Council of Economic Advisers, prior to the indictment.

27-OCT-2017 — Gates was indicted for the first time.

15-NOV-2017 — Cordray stepped down as CFPB’s director.

25-NOV-2017 — Trump named Office of Budget and Management’s director Mick Mulvaney to succeed Cordray, to hold two offices concurrently.

18-JAN-2018 — Mulvaney allotted zero dollars for CFPB in the federal budget.

05-FEB-2018 — Mulvaney “pulled back from a full-scale probe” into Equifax’s breach.

This chain of events raises so many questions.

— Why Gates? Of all the people a public-listed company like ID Watchdog could pick, why this particular person with weak credentials in technology, let alone identity management or credit monitoring? Does Gates have a special relationship to ID Watchdog in some way?

— As a board member, what kind of access did Gates have to ID Watchdog’s systems? Did ID Watchdog have any ties or links to Equifax before the breaches?

— Did ID Watchdog provide any services to Gates — and possibly his partner, Paul Manafort — related to identity validation and monitoring? Did Gates acquire his second passport while serving on ID Watchdog’s board? What of his partner Manafort, who had at least 10 passports and possibly more identities?

— If ID Watchdog provided services to Gates, did any of Gates’ many bank accounts ever trigger alerts?

Gates “frequently changed banks and opened and closed bank accounts,” prosecutors said. In all, Gates opened 55 accounts with 13 financial institutions, the prosecutors’ court filing said. Some of his bank accounts were in England and Cyprus, where he held more than $10 million from 2010 to 2013.

— Doesn’t it seem odd Gates would serve on the board of an identity-monitoring firm located in Denver, CO while he was working frequently on lobbying-related contracts overseas and on the Trump campaign? Was he compensated by ID Watchdog and was this income reported accurately on tax filings?

— Did Equifax begin acquisition negotiations with ID Watchdog before or after Gates’ departure from the board? If before, did Gates play any role in the negotiations? Or does the timing of the acquisition simply look bad because of the breaches?

— Did Mick Mulvaney pull back on the CFPB’s investigation and oversight measures into Equifax as well as the other credit reporting bureaus to prevent any review of Trump campaign or administration members’ relationships with Equifax, or their data reported by Equifax and ID Watchdog? Did Mulvaney suppress the Equifax investigation and starve CFPB because he’s a misogynist ass and just wants to be a dick to Senator Elizabeth Warren? Or did Mulvaney merely toss ethics in his handling of CFPB including the Equifax investigation as payback for campaign contributors when he represented South Carolina as a congressman?

Perhaps it’s simply an interesting coincidence that a former Trump campaign team member who has been charged with multiple counts of bank and tax fraud, just happened to sit on ID Watchdog’s board of directors while he committed aforementioned fraud.

Maybe it’s just a weird quirk of fate that Equifax bought ID Watchdog around the same time it was being hacked a second time, potentially exposing Rick Gates’ credit records (and Paul Manafort’s) along with those of +145.5 million other consumers.

But it seems a massive stretch for us not to look a little further when Trump’s OMB director commits the CFPB to a slow death by budgetary starvation before icing the Equifax investigation and ID Watchdog’s role along with it.

Government Won’t Be Able to Hide Its Informant in MalwareTech Case

While Paul Manafort was busy getting charged with 32 new charges (more on that tomorrow), I was in Milwaukee at a motion hearing in MalwareTech (Marcus Hutchins’) case.

Hutchins was asking for five things from the government:

  1. More information on his surveillance in Vegas, partly to challenge the claim he wasn’t drunk or exhausted when he waived Miranda rights, partly to understand whether he really understood how Miranda works in the US, and partly for probably unstated other reasons
  2. Information on Tran, his co-defendant, who remains at large in some other country, that he would have gotten if Tran were in custody facing the same charges with Hutchins
  3. More information on “Randy,” the informant who provided chat logs and a copy of the Kronos malware while trying to proffer his way out of his own cyber-crimes
  4. The instructions provided to the grand jury, to see if the importance of intentionality to the charges was properly emphasized
  5. Both the MLAT request used to get information on Tran and the search warrant used to search Randy’s home

Here are my pieces on the motion, the government’s response, and Hutchins’ reply.

At Thursday’s hearing, Judge Nancy Johnson made the following decisions:

  1. Based on the government’s representation that it had no more information on surveillance of Hutchins, she denied that motion barring any further evidence that it exists (though she did make the prosecution check again to make sure there weren’t text messages between Agents)
  2. Based on the government’s representation that there was nothing Hutchins would get about Tran were he in custody that he hasn’t already gotten, she denied that without prejudice
  3. Required the government to provide “Randy’s” identity 30 days before trial
  4. Took the request for grand jury instructions under advisement
  5. Denied the request for the search warrant for “Randy’s” house, but asked for more briefing on other cases pertaining to MLAT requests

While the discussion about materials pertaining to Tran were uninteresting, my comments about the other requests follow:

What surveillance happens in Vegas stays in Vegas

Much of this discussion pertained to clarifications that the defense wasn’t looking for the FBI Agents’ lunch place recommendations, though Hutchins’ lawyer Brian Klein said he’d take them if he got them. Klein admitted, however, that they want the surveillance materials, in part, because they think the government intentionally waited to arrest Hutchins until after he had been partying with other hackers for a week. “[W]e have our reasons to believe they arrested him at very end of Vegas trip, there was maybe a very pointed reason to believe they chose to wait until the end.” Note, I’m not sure they’re after (just) the exhaustion of DefCon, or even the government’s desire to hold off on a real rebellion if they had arrested Hutchins just as everyone was arriving to Las Vegas. 

The government claims it only has active surveillance from July 26, and August 2, as he headed for the airport. Prosecutor Michael Chmelar described the July 26 date as Hutchins’ arrival, though I think that’s incorrect as I noted here.

Note, while August 2 is the day Hutchins left Las Vegas, the 26th was not the day he arrived; that was July 21. So they conducted surveillance of him on at least one day while he was in the US hanging out with other hackers at Black Hat, but won’t tell him if they conducted surveillance on the other days.

Chmelar also seemed to describe a discussion about “certain preparations put in place if he did travel to the US,” which is curious given that Hutchins was publicly talking about his trip to Vegas for some time, and given the apparently weird start date of the surveillance. Chmelar also described, for the first time, a 302 on his unrecorded comments on the way to the detention facility. Chmelar made it clear that they want to force Hutchins to take the stand if he’s going to challenge his Miranda warning.

One more comment about this: Black Hat and DefCon are among the most spooked up conventions going. There would have been tons of law enforcement types wandering around unassociated with Hutchins, specifically. Would he get any surveillance from those guys?

FBI finally dug through its AlphaBay loot to find materials supporting a six month old arrest

Hutchins’ co-defendant, Tran, allegedly sold the Kronos malware at issue on AlphaBay. FBI, working with international partners (and probably using the Tor exception), took AlphaBay down on July 20, even before Hutchins’ arrest, and immediately started using those materials to prosecute crimes that, unlike Hutchins’ alleged crime, have actual American victims.

Out of the “several hundred” investigations cited by Phirippidis, other publicly known active US prosecutions arising out of AlphaBay sales involve clear American victims and perpetrators: a person in California suspected of paying an Israeli teenagerto phone and email bomb threats to Jewish Community Centers around the country;a group that fulfilled over 78,000 marijuana orders over the last two yearsmaking them largest vendor on AlphaBay; a transaction that led to the fentanyl overdose death of an 18-year old girl in Oregon; another transaction that led to a fentanyl overdose death, this time of a 24-year old Orlando woman; a fentanyl vendor suspected of making over $120,000 in profits who is tied to a non-lethal overdose; an investigation out of Atlanta into a still unidentified American who worked for AlphaBay. Other, earlier prosecutions, include the sales of heroin,fentanyl, and marijuana laid out in the indictment of AlphaBay’s head, Alexandre Cazes.

In Chmelar’s explanation that the government really doesn’t have any materials on Tran, he revealed what he (incorrectly) thought had been revealed in the government response: an unencrypted copy of AlphaBay material pertaining to the Kronos sale “just became available,” and they have put in a request for the material. “If anything is produced in that request,” Chmelar said he’d turn it over.

Again, the lackadaisical approach to establishing evidence of the sale of Kronos as compared to other AlphaBay prosecutions suggests the sale of Kronos really wasn’t that big of a priority.

As Klein noted, the government had spent three pages of their response arguing that Hutchins couldn’t have any material pertaining to Tran; at the hearing Chmelar represented nothing existed. Based on that representation, Johnson denied any further discovery.

“Randy” is not just a tipster

Michael Chmelar is a well-spoken guy. But he stumbled a lot, umming and uhing, during his discussion of “Randy,” the government informant who reportedly had chats with Hutchins about Kronos.

He received Kronos from Mr. Hutchins, before he was acting as a government , um um source, we’ve produced the malware that was received. As Mr. [Benjamin] Proctor and I noted, if we determine that uh this individual would be called as a witness, we would disclose him as district court requires.

The government really, really wants to hide certain details about “Randy” (and as Chmelar admitted, the 302 in which he proffered up Hutchins and others includes pages and pages of redacted details of “Randy’s” own crimes.

As Johnson pointed out, even if the government uses Hutchins’ own statements to admit “Randy’s” testimony, Hutchins’s team can decide to call “Randy” themselves.

In any case, while she said “Randy” wasn’t fully a transactional witness, he is closer to that than to the tipster the government is claiming. So while the defense won’t get his identity, yet, they will before trial.

The government seems to have dropped its enthusiasm for a superseding indictment

Hutchins wants the instructions given to the grand jury because two of the charges don’t include the necessary language about the required intentionality. Chmelar used one of the charges, where in parallel ones in the indictment the intentionality language is correct, to suggest this was just a scrivener’s error — something he could disappear away with a stipulation — to suggest both were. But Klein argued “These are not just little nits or typos, it goes to mens rea, [Hutchins’] alleged mental state.”

There was also an interesting subtext about whether the grand jury instructions exist. Chmelar claimed that normally he doesn’t instruct the grand jury. Klein noted the government had claimed, ‘We’re not required to instruct them.’ “Well, they did.” And it seems that Chmelar did, indeed, admit that the jury had gotten instructions on this point (I’d have to look at the transcript to make sure).

Ultimately, Johnson said she’d take the request under advisement and do more research on what constituted a compelling need to obtain grand jury instructions, but wouldn’t rule until the defense submitted their challenges to the indictment.  

But what was just as interesting about this discussion is that, whereas previously there had been discussion about the government obtaining a superseding indictment (perhaps to lard on charges that might be easier to defend), Chmelar seemed unenthused about doing so here.

The government continues to insist documents sent to other countries are internal documents

Because privacy rights are not transitive in the United States (meaning, the Fourth Amendment only protects the privacy of the person whose premise is being searched, not those who might be implicated by the search), Hutchins is not going to get the search warrant for “Randy’s” house that led to chat logs involving Kronos to be discovered.

But the question of whether he’ll get the MLAT request to whatever foreign country had information on his co-defendant, Tran (but may not be arresting him), is still a matter Johnson is weighing. The government at first argued that they didn’t have to turn over the request because it was written by lawyers, not law enforcement officers. In the hearing, Chmelar defended withholding the request because the request, which was sent to a foreign country, was an internal document.

Both sides will submit more caselaw on when and whether such requests get turned over (and the open file discovery here may make turning it over more likely).

2018 Senate Intelligence Global Threat Hearing Takeaways

Today was the annual Senate Intelligence Committee Global Threat Hearing, traditionally the hearing where Ron Wyden gets an Agency head to lie on the record.

That didn’t happen this time.

Instead, Wyden gave FBI Director Christopher Wray the opportunity to lay out the warnings the FBI had given the White House about Rob Porter’s spousal abuse problems, which should have led to Porter’s termination or at least loss of access to classified information.

The FBI submitted a partial report on the investigation in question in March. And then a completed background investigation in late July. That, soon thereafter, we received request for follow-up inquiry. And we did that follow-up and provided that information in November. Then we administratively closed the file in January. And then earlier this month we received some additional information and we passed that on as well.

That, of course, is the big takeaway the press got from the hearing.

A follow-up from Martin Heinrich shortly after Wyden’s question suggested he had reason to know of similar “areas of concern” involving Jared Kushner (which, considering the President’s son-in-law is under investigation in the Russian investigation, is not that surprising). Wray deferred that answer to closed session, so the committee will presumably learn some details of Kushner’s clearance woes by the end of the day.

Wray twice described the increasing reliance on “non-traditional collectors” in spying against the US, the second time in response to a Marco Rubio question about the role of Chinese graduate students in universities. Rubio thought the risk was from the Confucius centers that China uses to spin Chinese culture in universities. But not only did Wray say universities are showing less enthusiasm for Confucius centers of late, but made it clear he was talking about “professors, scientists, and students.” This is one of the reasons I keep pointing to the disproportionate impact of Section 702 on Chinese-Americans, because of this focus on academics from the FBI.

Susan Collins asked Mike Pompeo about the reports in The Intercept and NYT on CIA’s attempts to buy back Shadow Brokers tools. Pompeo claimed that James Risen and Matt Rosenberg were “swindled” when they got proffered the story, but along the way confirmed that the CIA was trying to buy stuff that “might have been stolen from the US government,” but that “it was unrelated to this idea of kompromat that appears in each of those two articles.” That’s actually a confirmation of the stories, not a refutation of them.

There was a fascinating exchange between Pompeo and Angus King, after the latter complained that, “until we have some deterrent capacity we are going to continue to be attacked” and then said right now there are now repercussions for Russia’s attack on the US.

Pompeo: I can’t say much in this setting I would argue that your statement that we have done nothing does not reflect the responses that, frankly, some of us at this table have engaged in or that this government has been engaged in both before and after, excuse me, both during and before this Administration.

King: But deterrence doesn’t work unless the other side knows it. The Doomsday Machine in Dr. Strangelove didn’t work because the Russians hadn’t told us about it.

Pompeo: It’s true. It’s important that the adversary know. It is not a requirement that the whole world know it.

King: And the adversary does know it, in your view?

Pompeo: I’d prefer to save that for another forum.

Pompeo later interjected himself into a Kamala Harris discussion about the Trump Administration’s refusal to impose sanctions by suggesting that the issue is Russia’s response to cumulative responses. He definitely went to some effort to spin the Administration’s response to Russia as more credible than it looks.

Tom Cotton made two comments about the dossier that Director Wray deferred answering to closed session.

First, he asked about Christopher Steele’s ties to Oleg Deripaska, something I first raised here and laid out in more detail in this Chuck Grassley letter to Deripaska’s British lawyer Paul Hauser. When Cotton asked if Steele worked for Deripaska, Wray said, “that’s not something I can answer.” When asked if they could discuss it in a classified setting, Wray said, “there might be more we could say there.”

Cotton then asked if the FBI position on the Steele dossier remains that it is “salacious and unverified” as he (misleadingly) quoted Comey as saying last year. Wray responded, “I think there’s maybe more we can talk about this afternoon on that.” It’s an interesting answer given that, in Chuck Grassley’s January 4 referral, he describes a “lack of corroboration for [Steele’s dossier] claims, at least at the time they were included in the FISA applications,” suggesting that Grassley might know of corroboration since. Yet in an interview by the even better informed Mark Warner published 25 days later, Warner mused that “so little of that dossier has either been fully proven or conversely, disproven.” Yesterday, FP reported that BuzzFeed had hired a former FBI cybersecurity official Anthony Ferrante to try to chase down the dossier in support of the Webzilla and Alfa bank suits against the outlet, so it’s possible that focused attention (and subpoena power tied to the lawsuit) may have netted some confirmation.

Finally, Richard Burr ended the hearing by describing what the committee was doing with regards to the Russian investigation. He (and Warner) described an effort to bring out an overview on ways to make elections more secure. But Burr also explained that SSCI will release a review of the ICA report on the 2016 hacks.

In addition to that, our review of the ICA, the Intel Committee Assessment, which was done in the F–December of 06, 16–we have reviewed in great detail, and we hope to report on what we found to support the findings where it’s appropriate, to be critical if in fact we found areas where we found came up short. We intend to make that public. Overview to begin with, none of this would be without a declassification process but we will have a public version as quickly as we can.

Finally, in the last dregs of the hearing, Burr suggested they would report on who colluded during the election.

We will continue to work towards conclusions  on any cooperation or collusion by any individual, campaign, or company with efforts to influence elections or create societal chaos in the United States.

My impression during the hearing was that this might refer to Cambridge Analytica, which tried to help Wikileaks organize hacked emails — and it might well refer to that. But I wonder if there’s not another company he has in mind.

image_print