In Discussion of Unmasking Admiral Rogers Gets Closer to Admitting Types of Section 702 Cybersecurity Use

Last Friday, Director of National Intelligence Dan Coats, Director of NSA Mike Rogers, and FBI Director Christopher Wray did an event at Heritage Foundation explaining why we need Section 702 and pretending that we need it without reasonable reforms. I attended Wray’s talk — and even got my question on cybersecurity asked, which he largely dodged (I’ll have more about two troubling things Wray said later). But I missed Rogers’ talk and am just now catching up on it.

In it, he describes a use of Section 702 that goes further than NSA usually does to describe how the authority is used in cybersecurity.

So what are some examples where we’ll unmask? Companies. Cybersecurity. So we’ll report that US company 1 was hacked by the following country, here’s how they got in, here’s where they are, here’s what they’re doing. Part of our responsibility on the US government side is the duty to warn. So how do you warn US company 1 if you don’t even know who US company 1 is? So one of the reasons we do unmasking is, so for example we can take protective to ensure this information is provided to the appropriate individuals.

What Rogers describes is an active hack, by a nation-state (which suggests that rule may not have changed since the 2015 report based off 2012 Snowden documents that said NSA could only use 702 against nation-state hackers). The description is not necessarily limited to emails, the type of data NSA likes to pretend it collects in upstream (though it could involve phishing). And the description even includes what is going on at the victim company.

Rogers explains that the NSA would unmask that information so as to be able to warn the victim — something that (via the FBI) happened with the DNC, but something which didn’t happen with a number of other election related hacks.

Of course, Reality Winner is facing prison for having made this clear. The FISA-derived report she is accused of leaking shows how the masking works in practice.

In the case of VR Systems, the targeted company described, it’s not entirely clear whether NSA (though FBI) warned them directly or simply warned the states that used it. But warnings, complete with their name, were issued. And then leaked to the press, presumably by people who aren’t facing prison time.

In any case, this is a thin description of NSA’s use of 702 on cybersecurity investigations. But more detail in unclassified public than has previously been released.

 

The Latest CNN Scoop Doesn’t Prove What Everyone Says It Does

CNN has a story that reports something the evidence it presents doesn’t support, which others are taking to say things that it supports even less.

It claims that a short email thread it shares and five pages of talking points it doesn’t proves that the June 9, 2016 meeting at Trump Tower between Natalia Veselnitskaya and Don Jr (and others) “not about dirt on Clinton.”

An email exchange and talking points provided to CNN are the latest indication of how some of the meeting participants plan to make their case about why the meeting with Donald Trump Jr. did not amount to collusion between Russian officials and the Trump campaign.

The new information stands in contrast with the initial email pitching the meeting to Trump Jr., which promised damaging information on Clinton.

The “proof” is an email chain — or perhaps, just five emails from a longer chain, out of context with other emails they relate to — that includes one where Veselnitskaya asks Rod Goldstone, who set up the meeting, permission to include Rinat Akhmetshin in the meeting because he “is working to advance these issues with several congressmen.” From that, CNN suggests, we should understand the meeting was primarily about the Magnitsky sanctions.

But even there, Goldstone’s references to the purpose of the meeting are oblique, wishing only that Veselnitskaya “bring[s] whoever you need in order to make the meeting successful.” Moreover, the talking point document that CNN doesn’t share does include “a passing reference to a possible financer of Clinton’s campaign.” The further discussion of the talking points suggest it was more than a passing reference.

As part of her explanation, Veselnitskaya’s talking points accuse the “Ziff brothers” — three billionaire brothers who had run a hedge fund company together — of violating Russian law, as well as their connections to Democratic politics.

“Ziff brothers participated in financing both Obama presidential campaign, American press dubs them as ‘main sponsors of Democrats,’ ” the memo states, according to a translated version. “It’s entirely possible they also take part in financing Hillary Clinton’s campaign.”

Now consider the provenance of the document, which to me is a big part of the story.

It was obtained, CNN explains, by an attorney CNN says represents Aras and Emin Agalarov, and who seems intent on refuting the story publicly told by Rod Goldstone.

The documents were provided by Scott Balber, who represents Aras and Emin Agalarov, the billionaire real estate developer and his pop star son who requested the June 2016 meeting.

Balber, who went to Moscow to obtain the documents from Veselnitskaya, said in an interview with CNN that the emails and talking points show she was focused on repealing the Magnitsky Act, not providing damaging information on Clinton.

The message was muddled, Balber said, when it was passed like a game of telephone from Veselnitskaya through the Agalarovs to Goldstone.

Balber also suggested that Goldstone “probably exaggerated and maybe willfully contorted the facts for the purpose of making the meeting interesting to the Trump people.”

A couple of points about this.

First, in addition to apparently representing the Agalarovs in this matter, and on top of being an early source for details about who attended this meeting, Balber also once represented Trump.

This story comes at a time when we know Akhmetshin has already testified before the grand jury, presumably saying what he said to the FT about Veselnitskaya sharing information developed with the help of corporate intelligence (which is quite likely to be Fusion! which might explain the NDA) on how bad money supported Hillary.

Akhmetshin said he did not read the papers about Hillary Clinton’s campaign funding that Veselnitskaya took to the meeting, but he had seen the Russian version of it before. He says the lawyer developed it with the help of private corporate intelligence and that it was about “how bad money ended up in Manhattan and that money was put into supporting political campaigns”.

Furthermore Richard Burr, last week, suggested that Veselnitskaya may have already met with SSCI investigators.

Sir, is the Russian lawyer who met Donald Trump, is she coming before you?

[snip]

Is the Russian attorney going to come through, the Russian attorney that met with Donald Trump Jr, she’s offered to come in open committee. Have you reached out to her, is she one of the 25 on your list?

Burr: How do you know we haven’t already heard from her?

So if this is an attempt to change the spin of the story, it may extend no further than changing the spin of the story publicly, not with Robert Mueller or anyone who matters.

But here’s the bigger question. Why would an American lawyer who has previously represented Trump need to fly to Russia to meet with Veselnitskaya personally? This email chain and the talking points could very easily be sent — but weren’t. So why did Balber need to solidify stories with Veselnitskaya in person? And what is the provenance of the emails as presented, stripped of any forensic information?

So while it’s clear Trump’s former lawyer wants to change the spin around this story, it seems to me the takeaway should be,

Breaking: Lawyer with past ties to Trump flew to Russia to coordinate stories with Natalia Veselnitskaya

Furthermore, given all the focus on Fusion and the emphasis in this story on NDAs, I’d suggest it possible they’re trying to hide the fact that Fusion was working both sides, or even providing dirt on Hillary to the initial funder of the Steele dossier to the Republican that originally paid for it.

Update: Compare this effort to rewrite the story with the flip-flop Don Jr made for his congressional testimony. Not only did Don Jr need to incorporate both adoptions and dirt on Hillary to accord with both his published emails but also with what Pops said, but he could not recall things about what Agalarov said in advance of the meeting.

I’m more interesting in the things the forgetful 39 year old could not recall. While his phone records show he spoke to Emin Agalarov, the rock star son of Aras Agalarov, who has been dangling real estate deals in Russia for the Trumps for some time, for example, he doesn’t recall what was discussed.

Three days later, on June 6th, Rob contacted me again about scheduling a time for a call with Emin. My phone records show three very short phone calls between Emin and me between June 6th and 7th. I do not recall speaking to Emin. It is possible that we left each other voice mail messages. I simply do not remember.

This is important, because those conversations probably explained precisely what was going to happen at that meeting (and how it might benefit real estate developer Aras Agalarov), but Jr simply can’t recall even having a conversation (or how long those conversations were).

Don Jr also claimed not to recall that Ahkmetshin attended the meeting. The focus in the CNN spin on the NDAs served to obscure his presence in a way.

Senator Feinstein Confirms the Public Steele Dossier Is Not the Whole Thing

For something else, I’m rewatching the confirmation hearing for Brian Benczkowski to be Assistant Attorney General of the Criminal Division. (at 1:55)

Feinstein: Before you go on, do you have the whole dossier?

Benczkowski: I read the dossier online as it was published on BuzzFeed [raises two fingers]

Feinstein: The whole dossier is not online.

Benczkowski: The only thing that I have done, Senator, in that regard, was read the two pages as to Alfa Bank.

Feinstein: You have not seen the whole dossier?

Benczkowski: I have not.

The Senate Judiciary Committee had, by this point, been investigating the Steele Dossier for months (though this question preceded the Glenn Simpson testimony by a month). This is the classic Feinstein hearing disclosure, and past history suggests it would be accurate.

Which is to say what we’re seeing is just a fraction of the dossier — which is a point I’ve been making from the start (it also means the balance of the dossier may be more sensitive). It also means that someone made cherry picked the reports to first brief and then ultimately to leak to the press, which itself should be an issue for inquiry.

 

Richard Burr Accuses the Obama Administration of Running Out the Clock on Election Interference

At the end of yesterday’s press conference, Richard Burr made a startling accusation. In response to a question about whether the Trump Administration hasn’t done enough to respond to Russia’s interference, Burr instead addressed DHS’ delayed notice to states about election intrusions, as if that constituted an adequate response from the Trump Administration.

In doing so, Burr accused the Obama Administration of “running out the clock” (apparently, on notifying states).

Listen, I think the Vice Chairman alluded to the fact that though it was slow, getting DHS to recognize [that states needed notice of attempted hacks on their election infrastructure], it didn’t take as long as it did for the last Administration to run the clock on it. So we’re not trying to look back and point to things that were done wrong. Everybody’s done things wrong.

The accusation is particularly galling, given Lisa Monaco’s description of her efforts to get the Gang of Eight to write a letter warning states of the thread.

In the briefings, the C.I.A. said there was intelligence indicating not only that the Russians were trying to get Mr. Trump elected but that they had gained computer access to multiple state and local election boards in the United States since 2014, officials said.

Although the breached systems were not involved in actual vote-tallying operations, Obama administration officials proposed that the eight senior lawmakers write a letter to state election officials warning them of the possible threat posed by Russian hacking, officials said.

But Senator Mitch McConnell of Kentucky, the Republican majority leader, resisted, questioning the underpinnings of the intelligence, according to officials with knowledge of the discussions. Mr. McConnell ultimately agreed to a softer version of the letter, which did not mention the Russians but warned of unnamed “malefactors” who might seek to disrupt the elections through online intrusion. The letter, dated Sept. 28, was signed by Mr. McConnell, Mr. Reid, Speaker Paul D. Ryan and Representative Nancy Pelosi, the ranking Democrat.

On Sept. 22, two other members of the Gang of Eight — Senator Dianne Feinstein and Representative Adam B. Schiff, both of California and the ranking Democrats on the Senate and House intelligence committees — released their own statement about the Russian interference that did not mention Mr. Trump or his campaign by name.

Do the math here: McConnell, Reid, Ryan, and Pelosi signed a letter saying that malefactors might try to disrupt the elections. Then Feinstein (then Burr’s counterpart on SSCI) and Schiff (Nunes’ counterpart on HPSCI) released a stronger letter blaming Russia.

Based on briefings we have received, we have concluded that the Russian intelligence agencies are making a serious and concerted effort to influence the U.S. election.

At the least, this effort is intended to sow doubt about the security of our election and may well be intended to influence the outcomes of the election—we can see no other rationale for the behavior of the Russians.

We believe that orders for the Russian intelligence agencies to conduct such actions could come only from very senior levels of the Russian government.

We call on President Putin to immediately order a halt to this activity. Americans will not stand for any foreign government trying to influence our election. We hope all Americans will stand together and reject the Russian effort.

None of these are the precise letter that Monaco has said she was after — a letter emphasizing the risk to the polls.

Still, just two people signed no letter: Nunes (who would go on to serve in Trump’s transition team) and Burr (who not only was serving on Trump’s national security advisory committee, but was in a close race in one of the states most likely to have had the outcome affected by known Russian hacking).

And he has the gall to call out the Obama Administration?

Richard Burr’s Tacit Warning to Christopher Steele

I’m just now catching up to Richard Burr and Mark Warner’s press conference on the Russia investigation yesterday. I saw some folks questioning why they did the presser, which surprises me. The answer seems obvious. They did the presser to release and apply pressure from specific areas of the investigation. For example, Burr exonerated those involved in the Mayflower Hotel meetings on April 2016 and further argued that the GOP platform was not changed to let Russia off the hook for Ukraine (I think the latter conclusion, in any case, is correct; I’m less persuaded about the first). Warner used the presser to push for Facebook to release the ads sold to Russia.

A particularly instance of this — one that I believe has been misunderstood by those who’ve reported it thus far — pertains to the Steele dossier. Here’s what Burr said about it, working off of prepared remarks (meaning issuing this tacit warning was one purpose of the presser; after 16:00):

As it relates to the Steele dossier: unfortunately the committee has hit a wall. We have on several occasions made attempts to contact Mr. Steele, to meet with Mr. Steele, to include, personally, the Vice Chairman and myself as two individuals, of making that connection. Those offers have gone unaccepted. The committee cannot really decide the credibility of the dossier without understanding things like who paid for it? who are your sources and sub-sources? We’re investigating a very expansive Russian network of interference in US elections. And though we have been incredibly enlightened at our ability to rebuild backwards, the Steele dossier up to a certain date, getting past that point has been somewhat impossible. And I say this because I don’t think we’re going to find any intelligence products that unlock that key to pre-June of ’16. My hope is that Mr. Steele will make a decision to meet with either Mark and I or the committee or both, so that we can hear his side of it, versus for us to depict in our findings what his intent or what his actions were. And I say that to you but I also say that to Chris Steele.

People seem to interpret this to mean SSCI hasn’t been able to corroborate the dossier — a point on which Burr is ambiguous. He references intelligence products that might unlock secrets of the dossier, which might suggest the committee has found intelligence products from later in the process that either confirms or doesn’t the events as the dossier as produced.

More important, however, is his reference to June 2016. While it seems like Burr might be suggesting the committee has found no evidence on collusion dating to before that date, that would seem to be inconsistent with the committee having received information on Michael Cohen’s discussions of financial dealings from before June (though given Burr’s exoneration of the Mayflower attendees, he may deem the earlier activities to be inconclusive).

So it seems more likely Burr raised the June 2016, along with his question about how paid for the report, to suggest he has real questions about whether its findings served as a partisan effort to taint Trump, paid for by a still undisclosed Hillary backer.

If Christopher Steele won’t talk about what intelligence he had on Trump before the time when, in June 2016, he reported on Russia providing kompromat (though not, at that point, hacked emails) on Hillary to Trump’s team, Burr seems to be saying, then it will be far easier to question his motivations and the conclusions of the report. And frankly, given some of the details on the Steele dossier — especially Steele’s briefings to journalists and his claim that the customers for the brief never read it — Burr is right to question that.

In other words, one point of the presser, it seems to me, was for Burr to warn Steele that his dossier will not be treated as a credible piece of work unless and until the committee gets more details about the background to it.

Update: Apparently, Steele responded to Burr’s comments by informing the committee he is willing to meet with Burr and Warner.

Mark Warner’s Inconsistent Social Media Law-Mongering

Remember when, three weeks ago, people were shooting off their baby cannons because two reports kind of sort of claimed that Robert Mueller used a criminal search warrant to obtain details on Facebook’s ad sales to the Internet Research Association? I noted at the time that the logic behind those stories — that Facebook would have needed a warrant (as opposed to a 2703(d) order or a 702 directive) to obtain that information — was faulty. I’ve since become more certain that a D order was used in this case.

But since the stories were so dodgy, I assumed then they weren’t actually reporting about the investigation, but rather pressure on the part of Mark Warner to force Facebook to share the same data with Congress, including leaving (rather than just showing) ads.

And it worked! Last week and this week, Facebook did share those ads, with all the more leaks about them.

Unsurprisingly, Mark Warner is back, now insisting that Facebook should release all those ads that he or someone close to him just weeks ago was suggesting could only be released with a criminal search warrant, but now wants released with neither legal process nor a congressional oversight claim to force it.

I get why he wants that to happen. Even on top of informing the public about what happened in last year’s election, Warner would like to embarrass Facebook into accepting more sweeping regulation of political ads, which is a totally respectable goal.

But I find it amusing that the same people who, weeks ago, were certain that such materials were so private they could only be released with a search warrant are now arguing they should be released with no process whatsoever.

And whatever the beneficial goal here, there’s also the precedent of protection for private data. Do we really want it to be possible for (say) Russia to force Facebook to release all the information on the NGOs that target Russian users? Do we want Jeff Sessions’ DOJ to be able to force Facebook to release the details of those who oppose Trump without legal process?

I don’t expect Warner to be bound by those considerations — he’s trying to win a political battle (and doing a remarkably effective job). But I’d expect those reporting on this story to show some awareness of the claims they made about the sensitivity of this data just weeks ago.

In Reality Winner Case, Government Warns of Recruitment by Media Outlets that “Procure the Unauthorized Disclosure of Classified Info”

As I’ve reported recently Reality Winner has claimed both that her interview with the FBI was not consensual and that she should be released on bail like people who’ve leaked more sensitive documents, including David Petraeus. Significantly, Winner made claims about her interview and DOJ’s lack of related accusations to suggest the leak of the single document to the Intercept is all they’ve got on her.

The government responded to Winner’s claims — in their response to her request for bail — with a whole new set of claims not included in other documents (on top of making fairly ridiculous claims to suggest Winner should be detained when those who had access — and in the case of David Petraeus, leaked — far more classified information were not).

In the response itself, they raise issues that are fair and significant. But they all seem designed to suggest that Winner must be treated more harshly than Petraeus because she’s more likely to be “recruited” by “non-governmental organizations and media outlets that advocate and procure the unauthorized disclosure of classified information.”

At the same time, the Defendant is an attractive candidate for recruitment by well-funded foreign intelligence services and non-governmental organizations and media outlets that advocate and procure the unauthorized disclosure of classified information.

Consider how the government treats different media outlets.

The Washington Post

First, the government’s description of Winner’s phone searches suggest Winner sent the document to a “print news outlet” in addition to the Intercept, and kept looking at both to see if they published the document.

  • On May 9, the Defendant searched for the secure mailing address of a Print News Outlet, viewed a document called “How to Share Documents and News Tips with [Print News Outlet] Journalists” on the Print News Outlet’s website, searched for an Online News Outlet and “secure drop,” and viewed the Online News Outlet’s page containing instructions for the anonymous transmission of leaked information.
  • On May 12, a few days after she mailed the leaked document, the Defendant searched online for the Print News Outlet referenced on May 9, as well as the Online News Outlet to which she transmitted the leaked document, and viewed the homepages of both publications.
  • On May 13, the Defendant searched for the Print News Outlet, viewed its homepage, and then searched “[IC component] leak” and “[IC component] leak [Foreign Country]” on multiple occasions.
  • On May 14, the Defendant searched for and viewed the Print News Outlet’s homepage, and then searched within the Print News Outlet’s website for the name of the relevant IC component. She also searched for and viewed the Online News Outlet’s homepage.
  • On May 22, the Defendant viewed both the Print News and Online News Outlets’ websites, and she searched for the name of the relevant IC component within both websites.

The Washington Post’s “confidential tips” page comes up on a search for “How to Share Documents and News Tips” (though the page does not now have that name). That suggests Winner shared a copy of this document with the WaPo as well as the Intercept. But the focus in these materials on a completed crime is exclusively focused on the Intercept (which also is not named).

The interview transcript released with this filing does not, apparently, discuss Winner’s leak to what appears to be the WaPo, aside from asking if she sent the leaked document anywhere else, to which she said “no.” The agents interviewing her tipped her that the document had been sent to an online news source that she “subscribes” to. So FBI may not have mentioned WaPo because WaPo did nothing with the story — or at least nothing with a source who then informed the government, which is how the Intercept got exposed — meaning the FBI did not yet know about it. Or perhaps the FBI was just far more interested in the fact that Winner leaked to the Intercept.

Wikileaks and Anonymous

The filing does its most significant damage in repeating Winner’s support for WikiLeaks, Edward Snowden, and Anonymous. According to the filing, at the same time she was looking for clearance jobs in November 2016 (at the end of her deployment), she was researching anonymous and Wikileaks.

The Defendant’s duplicity is starkly illustrated by the fact that she researched opportunities to access classified information (multiple searches for jobs requiring a security clearance on ClearanceJobs.com) at the same time in November 2016 that she searched for information about anti-secrecy organizations (Anonymous and Wikileaks).

And in March, she told her sister she was “on Assange’s [and Snowden’s] side.”

On March 7, 2017, the Defendant searched for online information about Vault 7, Wikileaks’s alleged compromise of classified government information. Later on March 7, 2017, the Defendant engaged in the following Facebook chat with her sister in which she expressed her delight at the impact of the alleged compromise reported by Wikileaks:

SISTER: OMG that Vault 7 stuff is scary too

WINNER: It’s so awesome though. They just crippled the program.

SISTER: So you’re on Assange’s side

WINNER: Yes. And Snowden

It’s not just that Winner is reading Wikileaks and Snowden-leaked documents (which the government would be happy to use to villainize a leaker in any case). She’s cheering the destruction of CIA (and by association, NSA) capabilities. Which is not something the more prolific leaker David Petraeus did.

The curious declassification of an FBI interview about leaking

Before I get into how these materials treat the Intercept, let me take a detour to talk about the declassification of Winner’s interview which, because it discusses her work at NSA, includes a lot of information that must be classified.

As a number of outlets noted (I believe Politico reported it first), when the transcript of her FBI interview was first released, it included Winner’s social security number and date of birth — a no-no for PACER documents. It included her home computer password. It also revealed Winner worked on collection targeting Iranian Aerospace Forces Group, a remarkable disclosure given that the government says Winner can’t be released because she’ll be targeted by foreign governments (in addition to “non-governmental organizations and media outlets that advocate and procure the unauthorized disclosure of classified information”); they’ve just put a bullseye on her back for Iran. It also reveals she used to work for a drone mission. It includes the code name and the street name of her NSA location.

For either privacy and security reasons, those are remarkable disclosures.

Now consider what they did redact.

There’s a reference to Russian hacking (or the election), and Winner’s description of something akin to that. There’s a few more references, perhaps on the election, again redacted.

Perhaps the most interesting (and understandable) redaction is her explanation for why she thought the collection points on Russian hackers were already compromised.

[sigh] I had figured that, uhm, [half line redacted] that it didn’t matter anyway. Uhm honestly, uh, I just figured that whatever we were using had already been compromised, and this report was just going to be like a – one drop in the bucket.

All of which is to say the classification decisions here are pretty random.

Which is all the more interesting given the fact that the document has no declassification notes, describing who declassified it and for what purpose. If I’m Winner’s lawyers, I’m on the phone with former ISOO head Bill Leonard (who has served as an expert witness in past leak cases), asking him to testify that in a case about mishandling classified information, the government didn’t handle this document in rigorous fashion.

The Intercept: hiding the name, the motive, and a few more details

Which brings me to the decisions about redactions on parts of the transcript that pertain to the Intercept.

It hides the Intercept’s name, but also several references to her motive, including one very long description (on PDF 69)

More interesting, it redacts details about how she mailed it to the Intercept.

And redacts another passage where she describes how she found the address to send it to the Intercept — the actual details of which are included in the passage on her phone searches, above.

It redacts another passage asking whether she included anything in the envelope to the Intercept.

All of which is to say that in submissions that claim Winner is a particular risk because she might be “recruited” by NGOs and “media outlets that advocate and procure the unauthorized disclosure of classified information,” it is still hiding key details about Winner’s descriptions of her actions with respect to the Intercept.

After reading this transcript, I’m actually surprised the government hasn’t (yet) taken a harsher approach, perhaps charging her for a leak to the WaPo or for lying, initially, to the FBI (not charging her for lying to the FBI is one way, I guess, where she is getting the treatment David Petraeus got).

That may suggest they’re entertaining going after the Intercept here, for “recruiting” Reality Winner — a replay of the tactic they tried with Chelsea Manning years ago, only this time with an Attorney General and a Congress rushing to invent new categories of non-state hostile intelligence services to criminalize some kinds of publishing.

Not Mentioned in Roger Stone’s Straw Rat-Fucker Statement: the Peter Smith Rat-Fuck

Earlier today, legendary rat-fucker Roger Stone had a three hour interview before the House Intelligence Committee. Before the interview, he leaked his testimony, as all of the most implicated Trump officials — save Paul Manafort — have.

The testimony is telling for multiple reasons. Given the recent trouble I got in for saying “rat-fucker” on TV, I’m particularly invested in the way he avoided calling himself one.

As to the substance of the report, it is delightfully, tellingly, squirrelly in two different ways. First, his generalized denial is very specific to colluding with the Russian state to affect the outcome of the 2016 election; this is a point Renato Mariotti makes here.

I have no involvement in the alleged activities that are within the publicly stated scope of this Committee’s investigation  — collusion with the Russian state to affect the outcome of the 2016 election.

I’m even more interested in how he depicts what he claims are the three allegations made against him.

Members of this Committee have made three basic assertions against me which bust be rebutted her today. The charge that I knew in advance about, and predicted, the hacking of the Clinton campaign chairman John Podesta’s email, that I had advanced knowledge of the source or actual content of the WikiLeaks disclosures regarding Hillary Clinton or that, my now public exchange with a persona that our intelligence agencies claim, but cannot prove, is a Russian asset, is anything but innocuous and are entirely false.

In point of fact, this tripartite accusation is actually a misstatement of the allegations against him (though in his rebuttal of them, he is helped immensely by the sloppiness of public statements made by Democrats, especially those on the panel, which I’ve criticized myself). Generally, the accusation is more direct: that in conversing with both Julian Assange (though a cut-out) and Guccifer 2.0, Stone was facilitating or in some way helping the Trump campaign maximally exploit the Russian releases that were coming.

Which is why I find one other silence quite interesting: Stone makes no mention of the Peter Smith operation to find the emails, purportedly related to the Clinton Foundation, deleted from Hillary’s server. As I noted here, along with reaching out to multiple suspected Russian hackers and advising those with emails that might be Foundation emails to share them with WikiLeaks, rat-fucker Smith also pushed GOP operatives like rat-fucker Stone to reach out to Guccifer 2.0.

Instead, Johnson said, he put the word out to a “hidden oppo network” of right-leaning opposition researchers to notify them of the effort. Johnson declined to provide the names of any of the members of this “network,” but he praised Smith’s ambition.

“The magnitude of what he was trying to do was kind of impressive,” Johnson said. “He had people running around Europe, had people talking to Guccifer.” (U.S. intelligence agencies have linked the materials provided by “Guccifer 2.0”—an alias that has taken credit for hacking the Democratic National Committee and communicated with Republicanoperatives, including Trump confidant Roger Stone—to Russian government hackers.)

As I noted, there is much about the events from August to October that suggest Republicans may have believed WikiLeaks had obtained, and might be leaking, the Clinton Foundation emails, only to have the John Podesta ones released in their stead.

If I’m right, it would mean that by pitching everything as pertaining to Podesta, and not to other emails, Stone can more successfully deny his involvement.

And Stone’s timeline obscures some of the key details here, notably leaving out his incorrect predictions not just of an October 5 release, but that they’d be the Foundation emails.

Also note: Stone describes his exchange with Guccifer as starting on August 14. That’s actually not right. It started on August 13 (actually, August 12 East Coast time), with this tweet, which puts it in the context of two offers for files.

It’s definitely true (in the DMs that Stone includes) that Stone ultimately doesn’t response to Guccifer 2.0’s offers of data.

But that timeline also extends matters just to where things were heating up on Smith’s hunt for Clinton Foundation documents.

As noted above, Stone has denied colluding with the Russian state to affect the outcome of the election. But that’s not a denial of colluding with Russian hackers or Russian assets (the latter a rather curious term Stone uses twice to refer to Guccifer 2.0 in his statement, but not in the Breitbart piece in which he claims to have refuted claims he was an “asset”) to “prove Hillary’s corruption” or some such excuse for digging up more dirt on Hillary.

And that’s precisely the kind of thing we know a rat-fucker like Stone would do, and precisely the kind of thing we know other rat-fuckers were doing.

Amid Promises to Share Ads with Congress, Some Other Interesting Promises

DC is atwitter with Facebook’s announcement that it can, after all, voluntarily share the same information it shared with Robert Mueller with Congress. As part of that announcement, it released a statement from their General Counsel, a Q&A addressing some of the questions that had been generating bad PR, and some promises of additional things Facebook will do to support democracy from Mark Zuckerberg.

I’m most interested in two details in Zuck’s statement. For example, this paragraph says Facebook will continue to look at what happened closely.

 We will continue our investigation into what happened on Facebook in this election. We may find more, and if we do, we will continue to work with the government. We are looking into foreign actors, including additional Russian groups and other former Soviet states, as well as organizations like the campaigns, to further our understanding of how they used our tools. These investigations will take some time, but we will continue our thorough review. [my emphasis]

While the frenzy responding to this announcement has focused on Russian ads, Zuck just revealed that Facebook is also looking at what the campaigns did.

That would permit Facebook to look for any apparently similar activity from campaigns and Russian actors, as we have reason to believe there was. It also might suggest Facebook is reviewing to see whether Republican dark marketing served to suppress turnout, and if so in coordination with what other actors.

I’d really love to have this information, but note that it is a substantially different thing for Facebook to review Russian actions and for Facebook to review Democratic or Republican actions.

Then there’s the promise to work even more closely with other tech companies.

We will increase sharing of threat information with other tech and security companies. We already share information on bad actors on the internet through programs like ThreatExchange, and now we’re exploring ways we can share more information about anyone attempting to interfere with elections. It is important that tech companies collaborate on this because it’s almost certain that any actor trying to misuse Facebook will also be trying to abuse other internet platforms too.

I think I’m okay with this (and they’re legally permitted to do this in any case). But given my newfound obsession with the fact that with any of these global tech companies, you’re dealing with intelligence resources that might rival nation-state intelligence, I’m interested in Facebook’s efforts to expand the sharing.

Facebook, by itself, may not rival the NSA. But when you put together Facebook, Microsoft, Google, Twitter, and others, then you’re beginning to talk really powerful intelligence capabilities.

It’s good, I suppose, that that much technical power is going to hunt down Russians. But it might be worth pausing to imagine what else they might cooperate to hunt down.

Why Did Guccifer 2.0 Keep Harping on VAN?

One problem with the skeptics’ claims that Guccifer 2.0 is not Russian, but instead a Democrat or Crowdstrike blaming Russia, is they misread how his original post responded to the WaPo article announcing the hack. The assumption at the time was that Guccifer 2.0 was disinformation to disclaim the attack. But it more immediately discredited the claims the Democrats and Crowdstrike made to WaPo.

There’s Shawn Henry’s claim the hackers took just two documents.

The other, which the firm had named Fancy Bear, broke into the network in late April and targeted the opposition research files. It was this breach that set off the alarm. The hackers stole two files, Henry said. And they had access to the computers of the entire research staff — an average of about several dozen on any given day.

In response Guccifer 2.0 posted eleven documents and taunted Crowdstrike.

Shame on CrowdStrike: Do you think I’ve been in the DNC’s networks for almost a year and saved only 2 documents? Do you really believe it?

[snip]

I guess CrowdStrike customers should think twice about company’s competence.

Fuck the Illuminati and their conspiracies!!!!!!!!! Fuck CrowdStrike!!!!!!!!!

There’s the bizarre pitch suggesting that only documents affecting Trump had been stolen, describing it as typical foreign espionage (which APT 29 might have been doing).

the entire database of opposition research on GOP presidential candidate Donald Trump

[snip]

The DNC said that no financial, donor or personal information appears to have been accessed or taken, suggesting that the breach was traditional espionage, not the work of criminal hackers.

[snip]

“It’s the job of every foreign intelligence service to collect intelligence against their adversaries,” said Shawn Henry, president of CrowdStrike, the cyber firm called in to handle the DNC breach and a former head of the FBI’s cyber division.

Guccifer 2.0 did post a Trump document. But the DNC, Hillary, and Crowdstrike should have known that (even if there had been one stolen) it wasn’t the one they had in mind. That was a document stolen from Podesta, not the DNC.

Which would have been a response — one her aides might understand, but the rest of us would not — to this claim by Hillary.

Clinton called the intrusion “troubling” in an interview with Telemundo. She also said, “So far as we know, my campaign has not been hacked into,” and added that cybersecurity is an issue that she “will be absolutely focused on” if she becomes president.

Because it would have been a sign that, indeed, her campaign had been hacked.

Similarly, by posting documents that dated from months earlier, Guccifer 2.0 would have made it clear to DWS that her lie — that the DNC responded quickly — could be exposed.

“The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with,” said Rep. Debbie Wasserman Schultz (Fla.), the DNC chairwoman. “When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network.”

Finally, there’s Michael Sussman’s claim that no donor or voter information was stolen.

CrowdStrike is continuing the forensic investigation, said Sussmann, the DNC lawyer. “But at this time, it appears that no financial information or sensitive employee, donor or voter information was accessed by the Russian attackers,” he said.

Guccifer 2.0 proved that wrong by posting a number of financial documents.

In other words, the initial post was designed to discredit anything Crowdstrike and Democrats said. More importantly, it included a number of threats that Hillary and her aides should have recognized: Guccifer 2.0 had more, had more of the stuff closer to Hillary.

This was dick-waving, not obfuscation (which is consistent with what we see in the documents, and consistent with what I understand was left in some of the servers). It’s just that most of the public wouldn’t have seen that dick-waving; just the Democrats and Crowdstrike would.

Which is why I want to return to something that commentators have long been hung up on: Guccifer 2.0’s claim to have gotten in through VAN.

The DNC had NGP VAN software installed on their system so I used the 0-day exploit and then deployed my backdoor.

I suspect his reference to zero-days was actually a further taunt to Dmitri Alperovitch, who had fluffed up the Russians in the original WaPo.

The two crews have “superb operational tradecraft,” he said. They often use previously unknown software bugs — known as “zero-day” vulnerabilities — to compromise applications.

But why did dick-wagging Guccifer 2.0 focus on VAN? One obvious reason is that it invoked the events of December, when a Bernie staffer got fired for having saved Hillary files when the wall between the two campaigns in VAN came down, literally at the moment the Sanders campaign finished their best fundraiser to date. That is, it might be that VAN just invoked a really sore subject between the two sides.

Guccifer 2.0 may have raised it because Crowdstrike was brought in and did a cursory review to endorse the official view. Had Crowdstrike done more at the time, it they might have discovered the Russians.

The reason I ask, though, is that Guccifer 2.0 kept harping on VAN. A big file that has been the focus of recent attention — in the last few days credibly shown to come from the same file set as the documents later released falsely labeled as Clinton Foundation documents — was called NGP VAN, even though the file has nothing to do with VAN.

Notably, too, some of the last files stolen and shared with WikiLeaks included a series providing VAN access to the finance team. That is, one of the last things that happened before Russia got dumped from the system is a new set of VAN passwords got set up.

Amid the discussion of how the Russians got targeting data, I think it worth noting that having VAN access would have provided a lot of the information the Russians would have wanted.

image_print