Hunter Biden Gets a Step Closer to Vindicating Twitter’s Takedown Decision

/87 Comments/in , , /by

Yesterday, as things moved closer to an expulsion vote for George Santos, activist “Anarchy Princess” taunted Santos staffer, Vish Burra, about whether he hacked Hunter Biden’s phone.

AP: Like the same way that you got into Hunter Biden’s stuff?

VB: [laughter]

AP: Yeah, didn’t you hack Hunter Biden’s shit, his phone or something?

VB: [turns to camera] Yeah, and I’d do it again.

Burra, who in 2020 was the producer of Steve Bannon’s podcast, has previously described “extracting” the contents of the “laptop” and took credit for hooking Bannon up with Emma-Jo Morris, who published the initial NY Post story.

Hunter Biden described Burra’s past claims in his lawsuit against Rudy Giuliani and Robert Costello for unlawfully accessing and manipulating his data.

As further evidence of Defendants’ illegal hacking of Plaintiff’s data, it recently has come to light that Defendant Giuliani apparently worked directly with Steve Bannon and Vish Burra to access, manipulate, and copy Plaintiff’s “laptop,” which Burra has dubbed the “Manhattan Project” because he and others “were essentially creating a nuclear political weapon,” referring to Burra’s work with Defendant Giuliani and others (Steve Bannon and Bernie Kerik) to manipulate the “laptop.”

But Burra has not, as far as I know, confessed to “hack[ing] Hunter Biden’s shit.”

Yesterday — whether in jest or not — he did.

Later that same day, Matt Taibbi and Michael Shellenberger had their semi-annual appearance before Jim Jordan’s Weaponizing Government committee.

At the hearing, Dan Goldman had this exchange with Shellenberger about the “Hunter Biden” “laptop:”

DG: You’ve talked about the Hunter Biden laptop, and how the FBI knew it existed. You are aware, of course, that the laptop, so to speak, was actually — that was published in the New York Post was actually a hard drive that the NY Post admitted — here! — was not authenticated as real. It was not the laptop the FBI had. You’re aware of that, right?

MS: It was the same contents.

DG: How do you know?

MS: Because it’s the same —

DG: You would have to authenticate it to know it was the same contents. You have no idea.

MS: [inaudible] conspiracy. Are you suggesting the NY Post participated in a conspiracy to construct the contents of the Hunter Biden laptop?

DG: No, sir, the problem is that hard drives can be manipulated by Rudy Giuliani or Russia.

MS: What’s the evidence that that happened?

DG: Well, there is actual evidence of it, but the point —

MS: There’s no evidence of it. You’re engaged in a conspiracy theory.

Miranda Devine (who keeps dog-whistling about Hunter Biden’s “expensive” lawyers) and the House GOP all seem to think this was a very clever exchange, as that’s the clip they all sent out to froth up the rubes.

Goldman is right: You’d need to authenticate the contents of the “laptop.” As I have shown, even the FBI had not checked whether anything was altered on the laptop they received while in John Paul Mac Isaac’s custody, ten months after receiving it. Their computer guy was still suggesting ways to do that on October 22, 2020, over a week after the NY Post story was published. At the time, Lesley Wolf — the villain of the Republican story — was in no rush to do so.

Understand, though: the critical question here is not whether the hard drive was authenticated. The question is whether it was hacked. Here’s how Vijaya Gadde described the decision to take down the original NY Post link in October 2020.

For example, on October 14th, 2020, the New York Post tweeted articles about Hunter Biden’s laptop with embedded images that look like they may have been obtained through hacking. In 2018, we had developed a policy intended to, to prevent Twitter from becoming a dumping ground for hacked materials. We applied this policy to the New York Post tweets and blocked links to the articles embedding those source materials. At no point did Twitter otherwise prevent tweeting, reporting, discussing or describing the contents of Mr. Biden’s laptop.

If the data in NY Post’s hands was hacked, then according to Twitter’s terms of service, links to it should have been taken down.

If the data in NY Post’s hands was hacked, then the takedown that Republicans claim was a violation of their speech was, in fact, adherence to Twitter’s terms of service as they existed at the time.

And Hunter Biden’s lawsuit alleges that Rudy Giuliani and Robert Costello unlawfully accessed — hacked — his data.

And yesterday, Burra — the guy who set up the tie between Bannon and the NY Post in the first place — laughingly agreed that he did hack Hunter Biden’s shit.

Now, Michael Shellenberger says there’s no evidence the data on the hard drive was altered by Burra and others. Miranda Devine says you have to take the word of the Bidens to believe that happened.

They said that the same day Burra laughingly said he would hack Hunter Biden again.

More importantly, you don’t have to go to the Bidens for evidence that the hard drive was altered. You can go to Garrett Ziegler, whom Hunter Biden has also accused of hacking his shit.

In the set of emails publicly released by Ziegler at BidenLaptopEmails dot com, there is an email from Hunter Biden’s Rosemont Seneca email account (hosted by Gmail), that was sent on September 1, 2020 ET (September 2 GMT).

It’s a resent version of an email sent in 2016 (DDOS says that a footer was also altered).

If everything John Paul Mac Isaac says is true, if everything Rudy Giuliani says is true, this “laptop” was in the custody of Rudy Giuliani (or Robert Costello, on Rudy’s behalf) on the date it was sent. Whoever resent this email — and it was sent over a year after Hunter left Burisma — it was added to the “laptop” while it was in Rudy’s custody.

I’ll leave it to the lawyers and the tech people to explain how an email set from an account hosted by Gmail was added to the hard drive from which Garrett Ziegler obtained his copy. I’ll leave it to the lawyers to argue about whether it would necessarily require unauthorized access to Hunter Biden’s Gmail or iCloud account for that email to be on the hard drive.

But it’s something that could not have been on the laptop when someone — allegedly Hunter Biden — dropped off a laptop at John Paul Mac Isaac’s shop on April 12, 2019. By all understandings of the dissemination of various hard drives — which Thomas Fine has illustrated this way — it would have been on what NY Post worked from on its October 14, 2020 story.

There’s no evidence, Michael Shellenberger said. You’re supposed to take the words of the Bidens, Miranda Devine said.

And on the same day they made those claims, Vish Burra said, of hacking Hunter Biden’s stuff, “Yeah, and I’d do it again.”

Share this entry

Hunter Biden[‘s “Laptop”] Goes to SCOTUS: How Judge Doughty Helped China and Iran Attack the US

/17 Comments/in , , , /by

Hunter Biden is going to SCOTUS!!!

Or rather, the “Hunter Biden” “laptop” is.

Last Friday, SCOTUS granted a stay and certiori for DOJ’s appeal of the Missouri v. Biden case, a right wing lawsuit claiming that the government has forced social media companies to “censor” right wingers (Terry Doughty opinion; 5th Circuit Opinion). While much of the lawsuit focuses on efforts, including those starting under a guy named Trump, to help social media companies limit COVID-related disinformation (Surgeon General Vivek Murthy is the lead appellant), a key part of the claim that the government has coerced social media companies pertains to the FBI.

The Fifth Circuit opinion upholding parts of Judge Doughty’s opinion admitted that, “we cannot say that the FBI’s messages were plainly threatening in tone or manner” but suggested nevertheless that they “’might be inherently coercive if sent by . . . [a] law enforcement officer’” anyway.

Because the people pushing this suit, including now-Missouri Senator Eric Schmitt and now-Louisiana Governor-elect Jeff Landry, are nuts, the “Hunter Biden” “laptop” has come to embody that coercion. The Fifth Circuit adopted that focus (and several inaccurate claims about it) as well. And, in turn, Sam Alito included that focus, citing the Fifth Circuit, in his snotty dissent.

This case began when two States, Missouri and Louisiana, and various private parties filed suit alleging that popular social media companies had either blocked their use of the companies’ platforms or had downgraded their posts on a host of controversial subjects, including “the COVID–19 lab leak theory, pandemic lockdowns, vaccine side effects, election fraud, and the Hunter Biden laptop story.” Id., at *1. According to the plaintiffs, Federal Government officials “were the ones pulling the strings,” that is, these officials “‘coerced, threatened, and pressured [the] social-media platforms to censor [them].’”

This argument, as currently framed, is about whether Judge Doughty properly enjoined the FBI from certain kinds of contacts with social media companies because of the “Hunter Biden” “laptop.”

The Injunction

The injunction on the FBI, imposed largely because of right wing beliefs about the “Hunter Biden” “laptop,” may also explain why three Republican justices granted cert. The prohibition on certain kind of FBI contacts with social media companies may be among the most urgent injury the US government faces under the injunction. That’s partly because Judge Doughty specifically enjoined Elvis Chan, the Assistant Special Agent in Charge of cybersecurity investigations out of San Francisco, and so a key person involved in preventing and responding to cyberattacks targeting or using the infrastructure of social media companies located in Silicon Valley.

Alito’s dissent claims that DOJ only cared about Joe Biden’s bully pulpit, which is not included in the injunction. But in its appeal, DOJ noted that, as written, the injunction might lead the FBI to hesitate before alerting social media companies to potentially harmful content.

And given the court’s suggestion that any request from a law-enforcement agency is inherently coercive, see id. at 232a233a, the FBI would likewise need to tread carefully in its interactions with social-media companies, potentially eschewing communications that protect national security, public safety, or the security of federal elections. For example, particularly in the early stages of an investigation, law-enforcement officials may be uncertain whether a social-media post involves unprotected criminal activity (such as a true threat). But the injunction leaves them guessing what quantum of certainty they must possess before they can inform social-media companies about the post, potentially leading to disastrous delays.

To be sure, Judge Doughty’s injunction included a bunch of carve outs that, right wingers like Alito claim, ensures their efforts to force Twitter to publish Hunter Biden’s dick pics don’t make the country less safe. The carve outs are:

(1) informing social-media companies of postings involving criminal activity or criminal conspiracies;

(2) contacting and/or notifying social-media companies of national security threats, extortion, or other threats posted on its platform;

(3) contacting and/or notifying social-media companies about criminal efforts to suppress voting, to provide illegal campaign contributions, of cyber-attacks against election infrastructure, or foreign attempts to influence elections;

(4) informing social-media companies of threats that threaten the public safety or security of the United States;

(5) exercising permissible public government speech promoting government policies or views on matters of public concern;

(6) informing social-media companies of postings intending to mislead voters about voting requirements and procedures;

(7) informing or communicating with social-media companies in an effort to detect, prevent, or mitigate malicious cyber activity;

(8) communicating with social-media companies about deleting, removing, suppressing, or reducing posts on social-media platforms that are not protected free speech by the Free Speech Clause in the First Amendment to the United States Constitution. [my emphasis]

The carve outs — to the extent that they apply to the FBI, as most by definition do — actually demonstrate the problem with this ruling (and may explain the stakes of the focus on the “Hunter Biden” “laptop”).

Five kinds of interaction with social media

To see why, it’s useful to understand what the plaintiffs actually complained about (which largely tracks Matt Taibbi’s misrepresentations in his Twitter Files propaganda), which are shown in the unshaded rows in the table below.

CISA

First, there’s the Cybersecurity & Infrastructure Security Agency. It was set up within DHS specifically to provide an alternative to the FBI, a non-law enforcement agency that could help protect critical infrastructure, including elections, from cyber as well as brick-and-mortar threats. In addition to its efforts to combat disinformation about elections, for example, CISA has also helped some states harden their election systems against hacking attempts, run active shooter drills with election officials, and helped state election officials recover after natural disasters.

As part of its election role, though, CISA aspired to provide authoritative information to election partners (including social media companies) about both intentional and unintentional incorrect information about elections. The example former CISA Director Chris Krebs provided to the January 6 Committee was an Iranian campaign, active in the days after the Hunter Biden story, to pose as members of the Proud Boys and intimidate people of color not to vote. But in the same way that CISA would help protect pipelines against international or domestic attackers, CISA would track and provide official debunking to incorrect information from both international and domestic sources. Republicans especially hate CISA because Krebs affirmed that the 2020 election had been conducted securely (after which Trump summarily fired him by Tweet). But they also object to the “switchboarding” role that CISA has served, getting reports on incorrect information (which of course could include domestic actors) from election officials, along with corrections, and sharing them with social media companies.

At first, the Fifth Circuit reversed Doughty’s injunction on CISA, but then arbitrarily added them back in, a flaky move that may have contributed to SCOTUS’ decision to review the Fifth Circuit’s actions.

Election Command Post

Then there’s the intervention that might be the most controversial, but which in this litigation got replaced by the right wing obsession with the “Hunter Biden” “laptop.” In the days immediately preceding the 2020 election, FBI agents passed on social media identifiers that misstated the time, place, or means of voting. Per the testimony of Agent Chan, these had been vetted by Public Integrity lawyers at Bill Barr’s DOJ and deemed to be “criminal in nature.” This is the primary instance where the FBI shared information about US persons that might be taken down. It’s also a use case that Matt Taibbi wildly misrepresented, both as to the genesis of the data and the potential existence of ongoing criminal investigations into the activity. And it’s one instance where, under Doughty’s carve out #6, you could see the FBI hesitating before sharing: because while the identifiers in question did mislead about “voting requirements and procedures,” the FBI would’t be able to establish intent without more work (including more intrusive legal process on the accounts). So there’d be no way for the FBI to flag these accounts until it had done more work to determine intent, after which the damage would have been done. This should be where discussions at SCOTUS focus. But they’re not. Instead, Alito is talking about the “Hunter Biden” “laptop.”

FITF: Strategic and Tactical

Finally, there is the FBI’s Foreign Influence Task Force, now led by Laura Dehmlow (the other FBI official specifically enjoined; in 2020 she was the Unit Chief of the Chinese group at FITF). FITF aims to combat malign foreign influence operations, defined as efforts by foreign actors, hiding their foreign identity, to target those inside the US. While such efforts can target elections, they can also be part of traditional espionage and hacking efforts or attempts by authoritarian governments to crack down on US-based dissidents.

FITF interacts (or did, before the injunction) with social media companies in two ways. They hold general meetings — often attended by Chan and Dehmlow — to discuss general tips and techniques about foreign actors, what they called “strategic” information sharing. And they hold one-on-one meetings with social media platforms to discuss specific activity on their platforms — what the FBI calls “tactical.” The leading source of such tactical information, per Dehmlow’s testimony to the House Judiciary Committee, is “another government agency,” often classified information downgraded to share with partners, though Chan described that FBI agents involved in specific counterintelligence or criminal investigations might also share information.

We know that the plaintiffs in this lawsuit misrepresented this sharing. In addition to general descriptions of this information sharing from depositions, we have rather specific evidence about the subject of these FITF briefings in 2020. LinkedIn emails that Doughty claims to rely on, for example, show that the August 2020 agenda for the FITF meeting covered the Internet Research Agency — the Internet trolls that Republicans like to claim were the only way Russia has interfered in elections — but also described a Russian software and influence campaign targeting Ukraine. It shows a specific briefing on APT31, which Mandiant describes as, “a China-nexus cyber espionage actor focused on obtaining information that can provide the Chinese government and state-owned enterprises with political, economic, and military advantages.” That briefing also covered Iran, Venezuela, and North Korea.

While the September 2020 briefing reviewed a fake right wing news site run by IRA (the FBI had just targeted a similar left wing fake news site as well), it discussed three things pertaining to Iran: some influence campaign (as noted, in October CISA would share details of a very sophisticated campaign in 2020 hijacking Proud Boy identities to discourage voters of color), a recent indictment of hackers with ties to IRGC who had targeted (among other things) an American satellite company, and a toolset of some Iranian hackers.

The agenda for the October meeting was not as detailed as the August and. September ones, but a follow-up shows that one item pertained to a Global (meaning something other than Chinese or Russian) campaign targeting Trump, Republicans, and Biden.

This is the kind of information sharing that Judge Doughty’s injunction threatens to end: efforts (among other things) to prevent Iranian and Chinese hacking of US technology companies.

While the subjects of FITF briefing might include Americans — such as the freelancers paid by the IRA’s fake news site or the Trump associates, like Roger Stone and Hannity, who engaged with fake IRA Twitter accounts — they are targeted at selectors that the FBI has “high confidence” are foreigners pretending to be American.

Criminal Process

Thanks to Matt Taibbi’s propaganda, right wingers have completely ignored the role of criminal process in all this, even though Agent Chan repeatedly described in his deposition that, “The majority of my role is dealing with cyber investigations.” There is clear overlap between the things right wingers complain about and known criminal investigations. As I have noted, for example, right in the middle of the 2020 pre-election period, DOJ rolled out a GRU indictment which included the 2017 hack-and-leak operation targeting Emmanuel Macron, in which key members of the far right, including Jack Posobiec, were involved.

Chan described several times that his team not only investigated part of the 2016 hack, but still had an active investigation into those actors. That’s important not only because he would have firsthand knowledge of the kinds of attribution social media companies (and Google and Microsoft) had in 2016, but for another reason: On October 19, 2020, DOJ indicted a bunch of GRU hackers, including one charged in the 2016 hack-and-leak campaign, for a variety of additional hacks, including the hack-and-leak targeting Emmanuel Macron. The Macron campaign, specifically, included both Google and Twitter components. So in the very same weeks when — right wingers complain — Elvis Chan was in close contact with Twitter about the ongoing election, he or his subordinates were likely working with prosecutors in Pittsburgh on an indictment implicating both Google and Twitter.

Emmanuel Macron is not mentioned in the Chan deposition.

The investigation into Douglass Mackey, for intentional disinformation targeting Blacks and Latinos regarding the means of voting, would have been active in this period as well. Those disinformation efforts were substantially orchestrated in Twitter DM threads.

While Agent Chan likely had no involvement in the Mackey case, he has investigated GRU for years, so likely would have been aware of the investigative steps leading up to the 2020 indictment. The press release for that indictment specifically commended the cooperation of Google, Facebook, and Twitter in the investigation.

In other words, not only did FBI provide notice of disinformation from US persons pertaining to content vetted by DOJ attorneys as potential crimes, but some of the contacts FBI had with Twitter in the period would involve far right wing involvement with actual crimes.

Rudy Giuliani and Steve Bannon and FITF

The right wing has focused on FITF rather than other aspects of their complaint because, at an FITF briefing with Twitter shortly after the NYPost story on the “Hunter Biden” “laptop,” someone at Twitter asked about it and an FBI person present said, “the laptop is real,” and then, in a briefing with Facebook, someone asked about it and Dehmlow responded “no comment.” Based on that exchange (and three erroneous details), Judge Doughty finds great fault with the FBI.

The FBI’s failure to alert social-media companies that the Hunter Biden laptop story was real, and not mere Russian disinformation, is particularly troubling. The FBI had the laptop in their possession since December 2019 and had warned social-media companies to look out for a “hack and dump” operation by the Russians prior to the 2020 election. Even after Facebook specifically asked whether the Hunter Biden laptop story was Russian disinformation, Dehmlow of the FBI refused to comment, resulting in the social-media companies’suppression of the story. As a result, millions of U.S. citizens did not hear the story prior to the November 3, 2020 election. Additionally, the FBI was included in Industry meetings and bilateral meetings, received and forwarded alleged misinformation to social-media companies, and actually mislead [sic] social-media companies in regard to the Hunter Biden laptop story. The Court finds this evidence demonstrative of significant encouragement by the FBI Defendants.

On top of the three errors Doughty makes (which I’ll get to), there are several problems here. First, confirming that the FBI knew the laptop was real, as the FBI did, was a privacy violation! Hunter Biden is the one who has complaint for the disclosure of an ongoing criminal investigation (which is, according to Agent Chan, why Dehmlow responded no comment to the Facebook question), not the right wing.

More importantly, based on what is publicly known, Hunter Biden would normally not be included FITF briefing. He’s a US citizen. While several of his international relationships (with Burisma, with Romania, and with CEFC) were being investigated as potential FARA violations in 2020 and after, with the important exception of a slight delay in Burisma’s announcement of his appointment in 2014, Hunter’s ties to such entities were not covert. Nor is there any allegation he disseminated false information about those entities online, especially on Facebook and Twitter. CEFC might have been the subject of FITF focus, but more for its covert role in recruiting James Woolsey.

One person who might be included in FITF briefings in summer 2020, though, is Guo Wengui. Unlike Hunter Biden, he’s not a US citizen; he is (or was, before his indictment in March) present in the US as an asylum seeker. And as public reports from July 2020 described, the source of funding for his propaganda efforts was under FBI investigation, precisely the kind of covert relationship of interest to FITF. That reporting suggested that Guo might secretly be funded by the Chinese state to track Chinese dissidents, something Dehmlow has explicitly included within FITF’s mandate. In a filing in the current investigation against Guo, SDNY has pointed to evidence obtained in a more recent search of Guo’s property pertaining to a 2018 meeting between the UAE and China. In other words, in 2020, the FBI was actively investigating whether China and/or the Emirates funded propaganda put out by Guo, with Steve Bannon’s involvement, precisely the kind of secret foreign backing of influence campaigns that FITF focuses on. So while Hunter Biden shouldn’t have come up as a subject of FITF briefing, Bannon’s partnership with Guo might have.

We don’t know whether that happened. But one person whose propaganda campaign definitely was a subject of FITF briefing is Andrii Derkach. Between the August and September face-to-face meetings, on September 10, 2020, a Unit Chief (presumably the Russian Unit Chief) at FITF  sent a link to LinkedIn noting Treasury’s sanctioning of Derkach, explaining, “just want to let you know about someone we have discussed in previous briefings.” Obviously, the link was public, as was a WaPo story that same day tying Derkach to Rudy’s efforts to push criminal investigations related to Joe Biden. But the FBI sent the link, referencing back to prior discussions, to flag it for LinkedIn.

In other words, the far right is complaining that the FBI didn’t offer up details about an ongoing criminal investigation into Hunter Biden, but they’ve never complained that the FBI didn’t offer up details about a national security investigation into Steve Bannon’s propaganda partner (one who, subsequent reporting has confirmed, played a key role in altering and disseminating Hunter Biden dick pics). Nor have they complained that FBI didn’t offer up details about the counterintelligence investigation into the alleged Russian agent conducting an influence operation targeting Rudy at this meeting. Rudy and Bannon were named in the NYPost story in question, yet the right wing isn’t wailing that the FBI didn’t describe ongoing FBI investigations, investigations directly relevant to the mission of FITF, in the briefing after its release.

Doughty’s Three Errors

Which brings us, finally, to three errors that Doughty makes — at least one of which is already before SCOTUS — in sustaining his complaint that the FBI must be enjoined because they didn’t offer up more information about a criminal investigation into Hunter Biden.

First, in his opinion written in July, Doughty points to Yoel Roth’s 2020 FEC testimony, which is where Roth first explained that Twitter took down the initial NYPost link under its hack-and-leak policy.

(10) Yoel Roth (“Roth”), the then-Head of Site Integrity at Twitter, provided a formal declaration on December 17, 2020, to the Federal Election Commission containing a contemporaneous account of the “hack-leak-operations” at the meetings between the FBI, other natural-security agencies, and social-media platforms.405 Roth’s declaration stated:

Since 2018, I have had regular meetings with the Office of the Director of National Intelligence, the Department of Homeland Security, the FBI, and industry peers regarding election security. During these weekly meetings, the federal law enforcement agencies communicated that they expected “hack-and-leak” operations by state actors might occur during the period shortly before the 2020 presidential election, likely in October. I was told in these meetings that the intelligence community expected that individuals associated with political campaigns would be subject to hacking attacks and that material obtained through those hacking attacks would likely be disseminated over social-media platforms, including Twitter. These expectations of hack-and-leak operations were discussed through 2020. I also learned in these meetings that there were rumors that a hack-and-leak operation would involve Hunter Biden. 406 [emphasis original]

In his testimony, Agent Chan disputed the notion that that the FBI suggested a hack-and-leak would involve Hunter Biden, because Joe Biden’s son had not come up in meetings before the NYPost story he attended.

[I]n my estimation, we never discussed Hunter Biden specifically with Twitter. And so the way I read that is that there are hack-and-leak operations, and then at the time — at the time I believe he flagged one of the potential current events that were happening ahead of the elections.

That’s consistent with what Roth has said since, in House Oversight Testimony, clarifying that he heard the rumors about a hack-and-leak involving Hunter Biden from other social media companies, not the FBI.

I think it actually should have been two separate sentences. It is true that in meetings between industry and law enforcement, law enforcement discussed the possibility of a hack and leak campaign in the lead up to the election. And in one of those meetings, it was discussed, I believe, by another company that there was a possibility that that hack and leak could relate to Hunter Biden and Burisma. I don’t believe that perspective was shared by law enforcement. They didn’t endorse it. They didn’t provide that information in that.

But Doughty nevertheless relies on the outdated misinterpretation to blame the FBI for Twitter’s conclusions.

As noted, there’s no mention of one reason why this conclusion would be sound — the public reporting on Andrii Derkach, which was part of FITF briefing. Nor is there mention of the GRU hack of Burisma reported by a Silicon Valley InfoSec company earlier that year.

This lawsuit has thrived even after Agent Chan debunked one conspiracy theory about the social media’s throttling of the NYPost story, the false assumption that the FBI affirmatively told Twitter and Facebook that a hack-and-leak would involve Hunter Biden.

It has done so, in part, because of a truly bizarre — and erroneous — complaint from Doughty: That Chan and others at the FBI and CISA warned social media companies of hack-and-leak campaigns, like the GRU one of Macron indicted just days after the NYPost Hunter Biden story October 2020. Social media companies took the “Hunter Biden” “laptop” story down, the logic goes, because the FBI coerced them to change their moderation policies to prohibit publication of hacked materials.

In Doughty’s version, the social media companies responded to this pressure in 2020, just in time to use it to justify taking down the NYPost story.

Social-media platforms updated their policies in 2020 to provide that posting “hacked materials” would violate their policies. According to Chan, the impetus for these changes was the repeated concern about a 2016-style “hack-and-leak” operation.402 Although Chan denies that the FBI urged the social-media platforms to change their policies on hacked material, Chan did admit that the FBI repeatedly asked the social-media companies whether they had changed their policies with regard to hacked materials403 because the FBI wanted to know what the companies would do if they received such materials.404 [my emphasis]

In the Fifth Circuit’s telling, that change seems to date to 2022, two years after the “Hunter Biden” “laptop” story.

For example, right before the 2022 congressional election, the FBI tipped the platforms off to “hack and dump” operations from “statesponsored actors” that would spread misinformation through their sites. In another instance, they alerted the platforms to the activities and locations of “Russian troll farms.” The FBI apparently acquired this information from ongoing investigations.

Per their operations, the FBI monitored the platforms’ moderation policies, and asked for detailed assessments during their regular meetings. The platforms apparently changed their moderation policies in response to the FBI’s debriefs. For example, some platforms changed their “terms of service” to be able to tackle content that was tied to hacking operations. [my emphasis]

In fact, the Fifth Circuit builds most of its claim of FBI coercion on this change in terms of service (again, seemingly in 2022), which it ties to content take downs, the sole potential hack-and-leak example of which is that first article on the “Hunter Biden” “laptop.”

Fourth, the platforms clearly perceived the FBI’s messages as threats. For example, right before the 2022 congressional election, the FBI warned the platforms of “hack and dump” operations from “state-sponsored actors” that would spread misinformation through their sites. In doing so, the FBI officials leaned into their inherent authority. So, the platforms reacted as expected—by taking down content, including posts and accounts that originated from the United States, in direct compliance with the request. Considering the above, we conclude that the FBI coerced the platforms into moderating content. But, the FBI’s endeavors did not stop there.

We also find that the FBI likely significantly encouraged the platforms to moderate content by entangling itself in the platforms’ decision-making processes. Blum, 457 U.S. at 1008. For example, several platforms “adjusted” their moderation policies to capture “hack-and-leak” content after the FBI asked them to do so (and followed up on that request). Consequently, when the platforms subsequently moderated content that violated their newly modified terms of service (e.g., the results of hack-and-leaks), they did not do so via independent standards.

It’s a crazy enough argument on its face (especially the Fifth Circuit’s suggestion that a change in 2022 led to the throttling of a 2020 story). But it also gets the timing — and therefore the cause-and-effect — wrong. The actual change to Twitter’s policy, for example, was in March 2019, based off discussions before that. Either FBI planned their malicious coercion long before they got the laptop from JPMI, or the claim is utterly nonsensical.

DOJ called out this error in its SCOTUS response.

Similarly, respondents’ claim that the platforms “updated their policies in 2020” with respect to “‘hacked materials,’” such as “‘the laptop story,’” “after the FBI’s ‘impetus,’” Opp. 17, 19 (brackets and citations omitted), cannot be squared with the platforms’ own testimony that their actions with respect to the “laptop story” were based on policies adopted in 2018, C.A. ROA 18,498-18,499, 18,505.

In other words, the main claim that the Fifth Circuit made about coercion — which, again, was ultimately a claim about coercing social media companies to do something that prevented one story from going viral — got the timing and therefore any possible causality wrong.

Finally, there’s the source of Doughty’s claim of animus on the part of the FBI, his claim that they deliberately withheld information that (he imagines) would have led Facebook and Twitter to act differently.

The mention of “hack-and-leak” operations involving Hunter Biden is significant because the FBI previously received Hunter Biden’s laptop on December 9, 2019, and knew that the later-released story about Hunter Biden’s laptop was not Russian disinformation. 408

Doughty bases this claim on a November 2, 2022 Miranda Devine (!!!) column. The column is, predictably, riddled with debunked propaganda, including the shoddy Intercept piece that kicked off this campaign, the lawsuit itself (making it a self-licking ice cream cone), and a preview of John Paul Mac Isaac’s then unpublished book (though not the line where an FBI agent told JPMI’s father, “You may be in possession of something you don’t own”).

The paragraph from which Doughty bases his claim that FBI “knew that the later-released story about Hunter Biden’s laptop was not Russian disinformation” appears to be this one:

We know the FBI at the time was spying on Rudy Giuliani’s online cloud with a covert surveillance warrant. Therefore, it had access to his emails in August 2020 from computer store whistleblower John Paul Mac Isaac and to my text messages discussing when The Post would publish the story. It sure looks as if the FBI deliberately pre-censored a legitimate story for a political aim.

Of course, the paragraph doesn’t mention Russian disinformation, nor does JPMI’s role in the process rule out Russian disinformation (a point I laid out here).

Plus, the paragraph is factually wrong. Per failed redactions in a Lev Parnas filing and other filings in that Special Master docket, FBI obtained a warrant Rudy’s iCloud account and emails on November 4, 2019, before John Paul Mac Isaac was subpoenaed by the FBI, and nine months before JPMI reached out to Rudy. Rudy’s phones were seized with an April 21, 2021 warrant, long after the controversy in question (though at least several of those phones were corrupted). While it’s certainly likely that DOJ obtained a second warrant for Rudy’s emails after that, it would not have happened in 2020. In other words, there is no known legal process that obtained Rudy’s emails that would have included JPMI’s emails to him before the NYPost story came out.

Plus, JPMI’s emails to Rudy would only be in the scope of the known warrant against Rudy … if the laptop were part of a Ukranian effort to deal dirt to cause legal problems for Joe Biden and his family.

Devine may base her claim, at least in part, elsewhere. Her column also alludes to the disgruntled FBI agents who attacked Tim Thibault.

This year, whistleblowers have come forward to finger various FBI employees engaged in the cover-up. Timothy Thibault, the recently retired assistant special agent in charge of the FBI’s Washington, DC, field office, was the agency point man to manage Tony Bobulinski, Hunter’s business partner who went to the FBI with evidence of the Biden influence-peddling operation. Thibault allegedly ordered the investigation closed and has refused to cooperate with GOP members of the House Judiciary Committee.

This, too, is false. Thibault’s House Judiciary Committee interview reveals that his only involvement with the Tony Bobulinski interview was to address Bobulinski’s request to turn over just some of the material on some of his devices.

But Devine’s reliance on such disgruntled agents is interesting for another reason: because they are likely disgruntled at least partly because of warnings against the involvement of Steve Bannon associate Peter Schweizer in the Hunter Biden investigation. The disgruntled agents falsely claimed, elsewhere, that Thibault, on his own, shut down Schweizer as a source. Yet according to Thibault’s testimony, he did so only after two warnings. First, the lead FBI agent on the Hunter investigative team told Thibault that getting contents of the laptop from Schweizer, which they had already gotten, “could cause problems when you get to prosecution … and [] open doors for defense attorneys.” And shortly thereafter — so temporally in the same time period as the first NYPost story — FITF raised concerns about the Bannon associate. A week after the NYPost story, around October 21, FITF provided Thibault a classified briefing (from which they excluded the line FBI agents, in part because the daughter of one was posting related content on Daily Caller). That briefing described more context about FITF’s concerns.

In spite of all the obvious problems with Devine’s propaganda, it formed a key part of Doughty’s claim that FBI coercion, rather than an independent series of decisions about hosting potentially stolen content, resulted in the throttling of the first NYPost story.

And based on that shoddy case — based on the feverish conspiracy theories about the “Hunter Biden” “laptop” sustained by Eric Schmitt and Jeff Landry and Miranda Devine — Judge Doughty made it significantly riskier for Agent Chan and others to work with social media companies to do things like prevent Iranian hacks of US satellite companies.

Share this entry

Bret Baier’s False Claim, the Escort Service, and Former Fox News Pundit Keith Ablow

/86 Comments/in , , , /by

Deep into one version of what is referred to as the “Hunter Biden” “laptop,” (according to reports done for Washington Examiner by Gus Dimitrelos*) there’s a picture of a check, dated November 14, 2018, for $3,400, paid to a woman with a Slavic name. The check bears a signature that matches others, attributed to Hunter Biden, from the “laptop” also attributed to him. Along with a line crossing out Hunter’s ex-spouse’s name on the check, the check was marked on the memo line: “Blue Water Wellness” along with a word that is illegible–possibly “Rehab.”

The check appears in a chat thread, dated November 26, 2018, apparently initiated to set up tryst with an escort in New York  City. Just over 12 hours after setting up that tryst, the Russian or Ukrainian woman who manages the escort service, Eva, wrote back, asking Hunter if he was in New York, because she had a problem with his check, that $3,400 check dated twelve days earlier. Hunter was effusively apologetic, and offered to pay the presumed sex worker via wire, because it’s the only way he could be 100% certain it would get to her. Shortly thereafter, he sent two transfers from his Wells Fargo account, $3,200 plus $30 fees, directly to the woman’s bank account, and $800 via Zelle drawn on Wells Fargo.

Those transfers from Hunter Biden’s Wells Fargo account to a presumed sex worker with a Slavic name took place between the day, October 31, 2018, when IRS Agent Joseph Ziegler, newly arrived on IRS’ international tax squad, launched an investigation into an international online sex business and the day, December 10, 2018, when Ziegler would piggyback off that sex business investigation to launch an investigation into Hunter Biden. The Hunter Biden investigation was initially based off a Suspicious Activity Report from Wells Fargo sent on September 21, 2018 and from there, quickly focused on Hunter’s ties to Burisma, precisely the investigation the then President was demanding.

Understand: The entire five year long investigation of Hunter Biden was based off payments involving Wells Fargo quite similar to this one, the check for $3,400 to a sex worker associated (in this case, at least) with what Dimitrelos describes as an escort service.

Research on the company yielded bank reports indicating that [Hunter Biden] made payments to a U.S. contractor, who also had received payments from that U.K. company.

Only, this particular payment — the need to wire the presumed sex worker money to cover the check — ties the escort service to one of the businesses of former Fox News pundit Keith Ablow: Blue Water Wellness, a float spa just a few blocks down the road from where Ablow’s psychiatric practice was before it got shut down amid allegations of sex abuse of patients and a DEA investigation. Emails obtained from a different version of the “laptop” show that on November 13, Blue Water Wellness sent Hunter an appointment reminder, albeit for an appointment on November 17, not November 14. That appointment reminder is the first of around nine appointment reminders at the spa during the period.

The tryst with the presumed sex worker with the Slavic name does appear to have happened overnight between November 13 and 14.  Between 1:58 and 6:33AM, there were two attempts to sign into Hunter’s Venmo account from a new device, five verification codes sent to his email, and two password resets, along with the addition of the presumed sex worker to his Zelle account at Wells Fargo, which he would use to send her money over a week later. All that makes it appear like they were together, but Hunter didn’t have his phone, the phone he could use to pay her and so tried to do so from a different device. Maybe, he gave up, and simply wrote her a check, from the same account on which that Zelle account drew.

None of which explains why he appears to have written “Blue Water Wellness” on a check to pay a presumed sex worker. Maybe he was trying to cover up what he was paying for. Maybe he understood there to be a tie. Or maybe it was the advertising Blue Water did at the time.

Deep in a different part of the laptop analyzed by Dimitrelos, though, a deleted invoice shows that Hunter met with former Fox News pundit Keith Ablow on the same day as Hunter apparently wrote that check to the presumed sex worker. The deleted invoice reflects two 60-minute sessions billed by Baystate Psychiatry, the office just blocks away from the float spa.

Emails obtained from a different version of the “Hunter Biden” “laptop” show that at some point on November 26, 2018, as Hunter first arranged a tryst in New York City and then, no longer in New York, sent a wire directly from Wells Fargo to the presumed sex worker, someone accessed Hunter’s Venmo account from a new device — successfully this time — one located in Newburyport, MA, where former Fox News pundit Keith Ablow’s businesses were.

There are a number of things you’d need to do to rule out the possibility of Russian involvement in the process by which a laptop purportedly belonging to Hunter Biden showed up at the Wilmington repair shop of John Paul Mac Isaac, from there to be shared with Rudy Giuliani, who then shared it with three different Murdoch outlets and a ton of other right wing propagandists, many of them members of Congress.

One of those would be to rule out that any of the sex workers tied to this escort service had a role in compromising Hunter Biden’s digital identity, thereby obtaining credential information that would make it easy to package up a laptop that would be especially useful to those trying to destroy the life of the son of Donald Trump’s opponent. There’s no evidence that any of the sex workers were involved, but throughout 2018, there are a number of device accesses involving Hunter’s Venmo account, the iCloud account packaged up on “the laptop,” and different Google accounts — including between the day on November 13 when Hunter appears to have met the woman with the Slavic name and the date on November 26 when he wired her money — that should at least raise concerns that his digital identity had been compromised. I’ve laid out just a fraction of them in this post and this post, both of which focus on the later period when Hunter was in the care of the former Fox News pundit.

If you wanted to compromise Hunter Biden, as certain Russian-backed agents in Ukraine explicitly did, doing so via the sex workers, drug dealers, and fellow junkies he consorted with in this period would be painfully easy. Indeed, in Hunter’s book, he even described other addicts walking off with his, “watch or jacket or iPad—happened all the time.” Every single one of those iPads that walked away might include the keys to Hunter’s digital life, and as such, would be worth a tremendous amount of money to those looking to score their next fix. To rule out Russian involvement, you’d have to ID every single one of them and rule out that they were used for ongoing compromise of Hunter or, barring that, you’d have to come up with explanations, such as the likelihood that Hunter was trying to pay a sex worker but didn’t have his phone with him and so used hers, for the huge number of accesses to his accounts, especially the iCloud account ultimately packaged up.

Of course, explaining how a laptop purportedly belonging to Hunter Biden showed up at Mac Isaac’s shop would also require explaining how a laptop definitely belonging to Hunter Biden came to be left in former Fox News pundit Keith Ablow’s possession during precisely the same period when (it appears) Hunter Biden’s digital life was getting packaged up, a laptop Ablow did nothing to return to its owner and so still had when the DEA seized it.

Bret Baier lied about the Hunter Biden laptop

Given the unanswered questions about the role of a former Fox News pundit in all this, you’d think that Fox personalities would scrupulously adhere to the truth about the matter, if for no other reason than to avoid being legally implicated in any conspiracies their former colleague might have been involved with, or to avoid kicking off another expensive defamation lawsuit.

Sadly, Bret Baier couldn’t manage to stick to the truth in his attempt to sandbag former CIA Director Leon Panetta on Friday. Baier debauched the gravity of an appearance purportedly focused on the Hamas attack and aftermath,  with what he must have thought was a clever gotcha question about a letter Leon Panetta signed in October 2020 stating the opinion that the emails being pitched by Murdoch outlet New York Post, “has all the classic earmarks of a Russian information operation.” The letter not only expressed an opinion, but it cited four specific data points and two observations about known Russian methods, all of which were and remain true to to this day.

And in the process, Bret Baier made a false claim.

Bret Baier made a false claim and all of Fox News’ watchers and all the other propagandists made the clip of Bret Baier making a false claim go viral, because they apparently either don’t know or don’t care that Baier couldn’t even get basic facts right. They are positively giddy that Baier used the tragedy of a terrorist attack to demonstrate his own ignorance or willful deceit about Fox’s favorite story, Hunter Biden’s dick pics.

From the get-go, Baier adopted a rhetorical move commonly used by Murdoch employees and frothy right wingers sustaining their blind faith in “the laptop:” He conflated “the laptop” with individual emails.

Baier: I’d be remiss if I didn’t ask you about that letter you signed onto from former intelligence officials saying that the laptop and the emails had all the classic earmarks of a Russian information operation. Obviously the New York Post and others saying the Hunter Biden letter was the real disinformation all along. Um, that letter was used in the debate, I haven’t asked you this. But do you have regrets about that, now looking back, knowing what you know now? [my emphasis]

The spooks’ letter Panetta signed addressed emails, not “the laptop.” The only use of the word “laptop” in the letter was in labeling this a potential “laptop op,” a way to package up emails meant to discredit Joe Biden. The letter even includes “the dumping of accurate information” among the methods used in Russian information operations.

Having conflated emails and “the laptop,” Baier then asked whether Panetta thinks “it,” now referring just to “the laptop,” not even the hard drives of copies from the laptop in question, was real.

Panetta: Well, you know, Bret, I was extremely concerned about Russian interference and misinformation. And we all know it. Intelligence agencies discovered that Russia had continued to push disinformation across the board. And my concern was to kind of alert the public to be aware that these disinformation efforts went on. And frankly, I haven’t seen any evidence from any intelligence that that was not the case.

Baier: You don’t think that it was real?

Having first conflated emails and the laptop, then substituted the laptop for the emails addressed in the letter, Baier then falsely claimed that, “Hunter Biden said it was his laptop.”

Panetta: I think that, I think that disinformation is involved here. I think Russian disinformation is part of what we’re seeing everywhere. I don’t trust the Russians. And that’s exactly why I was concerned that the public not trust the Russians either.

Baier: I don’t want to dwell on this because we have bigger things to talk about. Bigger urgency. But obviously, Hunter Biden said it was his laptop, and this investigation continues. [my emphasis]

I understand how frothy right wingers misunderstand what Hunter Biden has said about the data associated with “the laptop,” but Baier presents as a journalist, and you’d think he’d take the time to read the primary documents.

Hunter Biden admits some data is his, but denies knowledge of the “laptop”

The claim that Hunter Biden has said “the laptop” was his arises from three lawsuits: first, from Hunter Biden’s response and counterclaim to John Paul Mac Isaac’s lawsuit, then of Hunter’s lawsuit against Garrett Ziegler, and finally, the lawsuit against Rudy Giuliani.

Regarding the first of those filings, Hunter Biden based his countersuit against JPMI on an admission that JPMI came into possession of electronically stored data, at least some of which belonged to him. But he specifically did not admit that JPMI “possessed any particular laptop … belonging to Mr. Biden.”

5. In or before April 2019, Counterclaim Defendant Mac Isaac, by whatever means, came into possession of certain electronically stored data, at least some of which belonged to Counterclaim Plaintiff Biden.1

1 This is not an admission by Mr. Biden that Mac Isaac (or others) in fact possessed any particular laptop containing electronically stored data belonging to Mr. Biden. Rather, Mr. Biden simply acknowledges that at some point, Mac Isaac obtained electronically stored data, some of which belonged to Mr. Biden.

Regarding JPMI’s claims that Hunter dropped off the laptop,

169. HUNTER knowingly left his laptop with Plaintiff on April 12, 2019.

170. Soon thereafter HUNTER returned to Plaintiff’s shop to leave an external hard drive to which Plaintiff could transfer the data from HUNTER’s laptop.

171. HUNTER never returned to Plaintiff’s shop pick up his laptop

Hunter denied sufficient knowledge to answer all of them.

169. Mr. Biden is without knowledge sufficient to admit or deny the allegations in paragraph 169.

170. Mr. Biden is without knowledge sufficient to admit or deny the allegations in paragraph 170.

171. Mr. Biden admits that, if he ever had visited before, he did not return to Plaintiff’s shop.

In response to JPMI’s claim that Hunter knew of the phone call his lawyer, George Mesires, made to JPMI in October 2020 and the email follow-up that in any case doesn’t substantiate what JPMI claimed about the phone call,

31. On October 13, 2020, Plaintiff received a call from Mr. George Mesires,1 identifying himself as HUNTER’s attorney, asking if Plaintiff still had possession of his client’s laptop and following up thereafter with an email to the Plaintiff. Copy of email attached as EXHIBIT C.

[snip]

174. HUNTER’s attorney, George Mesires contacted Plaintiff on October 13, 2020 about the laptop.

Hunter admitted that Mesires was his attorney but denied knowing anything more.

31. Mr. Biden admits that Mr. George Mesires was his attorney. Mr. Biden is without knowledge sufficient to admit or deny the remaining allegations in paragraph 31.

[snip]

174. Mr. Biden admits that Mr. Mesires was his attorney. Mr. Biden is without knowledge sufficient to admit or deny the remaining allegations in paragraph 174.

In response to JPMI’s claim that Hunter Biden said something about the laptop without mentioning JPMI,

172. When asked about the laptop in a television interview broadcast around the world, HUNTER stated, “There could be a laptop out there that was stolen from me. It could be that I was hacked. It could be that it was the – that it was Russian intelligence. It could be that it was stolen from me. Or that there was a laptop stolen from me.” See https://edition.cnn.com/2021/04/02/politics/hunterbiden-laptop/index.html.

173. HUNTER knew it was his laptop.

Hunter Biden admitted he made the comment that didn’t mention JPMI — a comment on which JPMI based a $1.5M defamation claim!! — but again denied knowing whether or not the laptop was his.

172. Admitted and Mr. Biden further answers that the statement makes no mention of or even a reference to Plaintiff.

173. Mr. Biden is without knowledge sufficient to admit or deny the allegations in paragraph 173.

Of some interest, in response to JPMI’s claim that the information that appeared in the NYPost came from Hunter, who voluntarily left his laptop with JPMI,

67. The information contained in the NY POST exposé came from HUNTER who voluntarily left his laptop with the Plaintiff and failed to return to retrieve it.

Hunter outright denied the claim.

67. Denied.

Hunter Biden claimed that Rudy hacked Hunter’s data

That last claim — the outright denial that the data in the NYPost story came from Hunter — is of particular interest given something Denver Riggleman recently said. He described that the Hunter Biden team now has the data that JPMI shared with others — apparently thanks to this countersuit — and they’ve used it to compare with the data distributed forward from there.

Also, we know now, since the Hunter Biden team has the John Paul Mac Isaac data that was given to Rudy Giuliani and given to CBS, we also know that that data had no forensic chain of custody and it was not a forensic copy of any type of laptop, or even multiple devices that we can see. It was just a copy-paste of files, more or less.

[snip]

We know that there’s different data sets in different portions of the Internet attributed to Hunter’s data — or, to Hunter’s laptop.

[nip]

Now that we do have forensic data — Hunter Biden team has more foensic data than anybody else out there — we can actually start to compare and contrast. And that’s why you see the aggressiveness from the Hunter Biden legal team.

The lawsuit against Rudy and Costello claims that at some point, Rudy and Costello did things that amount to accessing Hunter’s data unlawfully. Hacking.

23. Following these communications, Mac Isaac apparently sent via FedEx a copy of the data he claimed to have obtained from Plaintiff to Defendant Costello’s personal residence in New York on an “external drive.” Once the data was received by Defendants, Defendants repeatedly “booted up” the drive; they repeatedly accessed Plaintiff’s account to gain access to the drive; and they proceeded to tamper with, manipulate, alter, damage and create “bootable copies” of Plaintiff’s data over a period of many months, if not years. 2

24. Plaintiff has discovered (and is continuing to discover) facts concerning Defendants’ hacking activities and the damages being caused by those activities through Defendants’ public statements in 2022 and 2023. During one interview, which was published on or about September 12, 2022, Defendant Costello demonstrated for a reporter precisely how Defendants had gone about illegally accessing, tampering with, manipulating and altering Plaintiff’s data:

“Sitting at a desk in the living room of his home in Manhasset, [Defendant Costello], who was dressed for golf, booted up his computer. ‘How do I do this again?’ he asked himself, as a login window popped up with [Plaintiff’s] username . . .”3

By booting up and logging into an “external drive” containing Plaintiff’s data and using Plaintiff’s username to gain access Plaintiff’s data, Defendant Costello unlawfully accessed, tampered with and manipulated Plaintiff’s data in violation of federal and state law. Plaintiff is informed and believes and thereon alleges that Defendants used similar means to unlawfully access Plaintiff’s data many times over many months and that their illegal hacking activities are continuing to this day.

[snip]

26. For example, Defendant Costello has stated publicly that, after initially accessing the data, he “scrolled through the laptop’s [i.e., hard drive’s] email inbox” containing Plaintiff’s data reflecting thousands of emails, bank statements and other financial documents. Defendant Costello also has admitted publicly that he accessed and reviewed Plaintiff’s data reflecting what he claimed to be “the laptop’s photo roll,” including personal photos that, according to Defendant Costello himself, “made [him] feel like a voyeur” when he accessed and reviewed them.

27. By way of further example, Defendant Costello has stated publicly that he intentionally tampered with, manipulated, and altered Plaintiff’s data by causing the data to be “cleaned up” from its original form (whatever this means) and by creating “a number of new [digital] folders, with titles like ‘Salacious Pics’ and ‘The Big Guy.’” Neither Mac Issac nor Defendants have ever claimed to use forensically sound methods for their hacking activities. Not surprisingly, forensic experts who have examined for themselves copies of data purportedly obtained from Plaintiff’s “laptop” (which data also appears to have been obtained at some point from Mac Isaac) have found that sloppy or intentional mishandling of the data damaged digital records, altered cryptographic featuresin the data, and reduced the forensic quality of data to “garbage.”

2 Plaintiff’s investigation indicates that the data Defendant Costello initially received from Mac Isaac was incomplete, was not forensically preserved, and that it had been altered and tampered with before Mac Issac delivered it to Defendant Costello; Defendant Costello then engaged in forensically unsound hacking activities of his own that caused further alterations and additional damage to the data he had received. Discovery is needed to determine exactly what data of Plaintiff Defendants received, when they received it, and the extent to which it was altered, manipulated and damaged both before and after receipt.

3 Andrew Rice & Olivia Nuzzi, The Sordid Saga of Hunter Biden’s Laptop, N.Y. MAG. (Sept. 12, 2022), https://nymag.com/intelligencer/article/hunter-biden-laptop- investigation.html.

I don’t think Hunter’s team would have compared the data Rudy shared with the NYPost before Hunter denied, outright, that “The information contained in the NY POST exposé came from HUNTER.” But based on what Riggleman claimed, they have since, and did compare it, before accusing Rudy and a prominent NY lawyer of hacking Hunter Biden’s data.

Hunter Biden’s team admits they don’t know the precise timing of this: “the precise timing and manner by which Defendants obtained Plaintiff’s data remains unknown to Plaintiff.” DDOSecrets points to several emails that suggest Rudy and Costello did more than simply review available data, however. For example, it points to this email created on September 2, 2020, just after the former President’s lawyer got the hard drive.

September 2, 2020: A variation of a Burisma email from 2016 is created and added to the cache. The email and file metadata both indicate it was created on September 2, 2020.

But the lawsuit, if proven, suggests the possibility that between the time JPMI shared the data with Rudy and the time Rudy shared it with NYPost, Rudy may have committed federal violations of the Computer Federal Fraud and Abuse Act — that is, Hunter alleges that between the time JPMI shared the data and the time NYPost published derivative data, Rudy may have hacked Hunter Biden’s data.

If he could prove that, it means the basis Twitter gave for throttling the NYPost story in October 2020 — they suspected the story included materials that violated Twitter’s then prohibition on publishing hacked data — would be entirely vindicated.

For example, on October 14th, 2020, the New York Post tweeted articles about Hunter Biden’s laptop with embedded images that look like they may have been obtained through hacking. In 2018, we had developed a policy intended to, to prevent Twitter from becoming a dumping ground for hacked materials. We applied this policy to the New York Post tweets and blocked links to the articles embedding those source materials. At no point did Twitter otherwise prevent tweeting, reporting, discussing or describing the contents of Mr. Biden’s laptop.

[snip]

My team and I exposed hundreds of thousands of these accounts from Russia, but also from Iran, China and beyond. It’s a concern with these foreign interference campaigns that informed Twitter’s approach to the Hunter Biden laptop story. In 2020, Twitter noticed activity related to the laptop that at first glance bore a lot of similarities to the 2016 Russian hack and leak operation targeting the dnc, and we had to decide what to do, and in that moment with limited information, Twitter made a mistake under the distribution of hacked material policy.

If Hunter can prove that — no matter what happened in the process of packaging up this data before it got to JPMI, whether it involved the compromise of Hunter’s digital identity before JPMI got the data, which itself would have been a hack that would also vindicate Twitter’s throttling of the story  — it would mean all the data that has been publicly released is downstream from hacking.

For Twitter, it wouldn’t matter whether the data was hacked by Russia or by Donald Trump’s personal lawyer, it would still violate the policy as it existed at the time.

Importantly, this remains a claim about data, not about a laptop. The lawsuit against Rudy and Costello repeats the claim made in the JPMI counterclaim: while JPMI had data, some of which belongs to Hunter, Hunter is not — contrary to Bret Baier’s false claim — admitting that, “Hunter Biden said it was his laptop.”

2. Defendants themselves admit that their purported possession of a “laptop” is in fact not a “laptop” at all. It is, according to their own public statements, an “external drive” that Defendants were told contained hundreds of gigabytes of Plaintiff’s personal data. At least some of the data that Defendants obtained, copied, and proceeded to hack into and tamper with belongs to Plaintiff.1

1 This is not an admission by Plaintiff that John Paul Mac Isaac (or others) in fact possessed any particular laptop containing electronically stored data belonging to Plaintiff. Rather, Plaintiff simply acknowledges that at some point, Mac Isaac obtained electronically stored data, some of which belonged to Plaintiff.

In two lawsuits, Hunter Biden explicitly said that he was not admitting what Baier falsely claimed he had.

I know this is Fox News, but Baier just blithely interrupted a sober discussion about a terrorist attack to make a false claim about “the laptop.”

Hunter Biden claims that Garrett Ziegler hacked Hunter’s iPhone

Hunter Biden’s approach is different in the Garrett Ziegler lawsuit, in which he notes over and over that Ziegler bragged about accessing something he claimed to be Hunter Biden’s laptop, but which was really, “a hard drive that Defendants claim to be of Plaintiff’s ‘laptop’ computer.” By the time things got so far downstream to Ziegler, there was no pretense this was actually a laptop, no matter what Baier interrupted a discussion about terrorism to falsely claim.

But that paragraph explicitly denying admission about this being a laptop is not in the Ziegler suit.

There’s a likely reason for that. The core part of the claim against Ziegler is that Ziegler unlawfully accessed a real back-up of Hunter Biden’s iPhone, which was stored in encrypted form in iTunes — just as I laid out had to have happened months before that lawsuit.

28. Plaintiff further is informed and believes and thereon alleges that at least some of the data that Defendants have accessed, tampered with, manipulated, damaged and copied without Plaintiff’s authorization or consent originally was stored on Plaintiff’s iPhone and backed-up to Plaintiff’s iCloud storage. On information and belief, Defendants gained their unlawful access to Plaintiff’s iPhone data by circumventing technical or code-based barriers that were specifically designed and intended to prevent such access.

29. In an interview that occurred in or around December 2022, Defendant Ziegler bragged that Defendants had hacked their way into data purportedly stored on or originating from Plaintiff’s iPhone: “And we actually got into [Plaintiff’s] iPhone backup, we were the first group to do it in June of 2022, we cracked the encrypted code that was stored on his laptop.” After “cracking the encrypted code that was stored on [Plaintiff’s] laptop,” Defendants illegally accessed the data from the iPhone backup, and then uploaded Plaintiff’s encrypted iPhone data to their website, where it remains accessible to this day. It appears that data that Defendants have uploaded to their website from Plaintiff’s encrypted “iPhone backup,” like data that Defendants have uploaded from their copy of the hard drive of the “Biden laptop,” has been manipulated, tampered with, altered and/or damaged by Defendants. The precise nature and extent of Defendants’ manipulation, tampering, alteration, damage and copying of Plaintiff’s data, either from their copy of the hard drive of the claimed “Biden laptop” or from Plaintiff’s encrypted “iPhone backup” (or from some other source), is unknown to Plaintiff due to Defendants’ continuing refusal to return the data to Plaintiff so that it can be analyzed or inspected. [my emphasis]

Hunter Biden’s team has backup for this assertion, thanks to the notes Gary Shapley took in an October 22, 2022 meeting about what was an actual laptop JPMI handed over to the FBI. On that laptop — which the FBI had confirmed was associated with Hunter Biden’s iCloud account and which it tied to data that could all be falsifiable to someone in possession of the laptop, which had means to intercept and redirect emails and calls to Hunter’s real devices, but which the FBI still had not validated 10 months after obtaining it — the iPhone content was encrypted.

Laptop — iphone messages were on the hard drive but encrypted they didn’t get those messages until they looked at laptop and found a business card with the password on it so they were able to get into the iphone messages [my emphasis]

Even the FBI needed to find a password to access the iPhone content that Ziegler has bragged about accessing. (Note: there have been four known accesses to this data, and every single one of them claims to have used a different means to break the encryption, which in my mind raises real questions about the nature of the business card). But the FBI had a warrant. Ziegler did not.

There are still a great deal of questions one would have to answer before entirely ruling out that Russians were involved in the process of packaging up Hunter Biden’s digital identity; the possible role of a Russian escort service is only one of at least three possible ways Russia might be involved. Yet Bret Baier is unwilling to pursue those questions — starting with the unanswered questions about the role that Baier’s former Fox News colleague played.

But with all those unanswered questions, Baier was nevertheless willing to interrupt a discussion about terrorism to make false claims about what is known.

Update: I’ve taken out that this was specifically a Russian escort service. Some outlets claim Eva is Ukrainian. Dimitrelos does claim that Hunter searched for “Russian escort service,” though.

Update: Added the Bluewater Wellness Intramuscular Injection ad from October 2018.

Update: Added the observation about a newly created email from DDOSecrets.

Update: I was reminded of Bret Baier’s opinion in the same days when Leon Panetta was expressing his doubts about this story.

During a panel on his Thursday evening show, Baier addressed the Post‘s story and the decision by both Twitter and Facebook to limit sharing of the story on their respective platforms because of concerns about spreading misinformation. The move elicited fierce pushback from conservatives and sparked a vote on a Congressional subpoena of Twitter CEO Jack Dorsey.

“The Biden campaign says the meeting never happened, it wasn’t on the schedules, they say,” Baier noted. “And the email itself says ‘set up’ for a meeting” instead of discussing an actual meeting.

Baier then played an audio clip from a SiriusXM radio interview of Giuliani, where he appeared to alter the original details of who dropped off the laptop from which the emails in question were purportedly obtained. The computer store owner who gave a copy of the laptop’s hard drive to Giuliani was also heard explaining how he is legally blind and couldn’t for certain identify just who delivered the computer to him.

” Let’s say, just not sugarcoat it. The whole thing is sketchy,” Baier acknowledged. “You couldn’t write this script in 19 days from an election, but we are digging into where this computer is and the emails and the authenticity of it.”

Featured image courtesy of Thomas Fine.

*As I have noted in the past, Dimitrelos prohibited me from republishing his reports unless I indemnify him for the privacy violations involved. I have chosen instead — and am still attempting — to get permission from Hunter Biden’s representatives to reproduce redacted parts of this report that strongly back Hunter’s claim of being hacked.

Share this entry

“They Were Trying to Boot the Machine:” John Paul Mac Isaac Claims the FBI Really WERE That Incompetent

/164 Comments/in , , , /by

If you can believe John Paul Mac Isaac, the FBI did some incredibly bone-headed things after they obtained Hunter Biden’s laptop in December 2019. As he describes it in his book (which I read recently while stuck in a hospital awaiting foot surgery), on the very same day the FBI collected the laptop purported to belong to Hunter Biden, on December 9, 2019, someone named “Matt” told Mac Isaac they had tried to boot it up.

“Hi, my name is Matt,” said a voice I didn’t recognize. “I work with Agent DeMeo and Agent Wilson. Do you have a second? I have some questions about accessing the laptop.”

Confused, I responded, “Sure, what’s going on?”

“Did the laptop come with any cables or a charger? How can I connect the drive to a PC? When I plug it in, it wants to format the drive,” Matt said.

“PCs can’t natively read Mac-formatted disks. You will only be able to access the drive from another Mac.”

This is fairly common knowledge among most computer users, and I was surprised that any kind of tech person wouldn’t know it.

“Sadly, Hunter never left the charger or any other cables,” I went on. “I have a charger and everything you need back at the shop. You guys are welcome to it.”

I was feeling really uncomfortable. This Matt guy definitely didn’t seem to have the training or resources to be performing a forensic evaluation of the laptop. Hadn’t the whole reason for taking the laptop been to get it to a lab for proper evaluation and dissemination?

“Tell him we’re OK and we won’t need to go back to his shop,” Agent DeMeo said in the background. “We’ll call you back if we need to,” Matt said before hanging up.

[snip]

“Hi, it’s Matt again. So, we have a power supply and a USB-C cable, but when we boot up, I can’t get the mouse or keyboard to work.”

I couldn’t believe it—they were trying to boot the machine!

“The keyboard and trackpad were disconnected due to liquid damage. If you have a USB-C–to–USB-A adaptor, you should be able to use any USB keyboard or mouse,” I said. He related this to Agent DeMeo and quickly hung up.

Matt called yet again about an hour later.

“So this thing won’t stay on when it’s unplugged. Does the battery work?”

I explained that he needed to plug in the laptop and that once it turned on, the battery would start charging. I could sense his stress and his embarrassment at having to call repeatedly for help. [my emphasis]

To be sure, you can’t believe Mac Isaac.

His own story is riddled with questionable details and important discrepancies.

The most important discrepancy is his description of the laptop he turned over to the FBI, which he describes as a 2016 Mac, not the 2018 Mac identified by serial number.

I moved on to the last Mac, a thirteen-inch 2016 MacBook Pro. The drive was soldered onto the logic board. This one powered on but then would shut down. I suspected that there was a short in the keyboard or trackpad, and if I took it apart, I could at least get it to boot and possibly recover the data.

As I understand it, Mac Isaac’s claims that the hard drive was soldered onto the logic board is also inconsistent with the known details of the laptop shared with the FBI.

But there are important other discrepancies between the story Mac Isaac tells and the one the government tells. In his timeline of his interactions with the FBI, Mac Isaac gets the date for the actual handoff, December 9, correct, but other dates he uses differ from those that show up in Gary Shapley’s timeline. For example:

  • Mac Isaac says that Agent Josh Wilson (who is mentioned in Shapley’s notes) reached out to his father on November 1; Shapley’s notes say that happened on November 3
  • Mac Isaac says that Wilson called him on November 4; Shapley’s notes say that happened on November 6
  • Mac Isaac says that Wilson came to his home on November 19; Shapley’s notes say that happened on November 7

These discrepancies aren’t all that important, legally. But Mac Isaac’s dates seem tailored to the impeachment proceedings going on in the same period, and so to laying a foundation for sharing the laptop with Rudy Giuliani.

A far more important set of discrepancies pertain to Mac Isaac’s description of what happened on December 9, 2019.

The blind computer repairman first describes that the second agent, Agent Mike DeMeo, called him to ask for the device identifiers that morning, before coming to the shop to pick up the device.

Agent DeMeo called around 9:30 a.m. It caught me a little off guard. The only other time we had communicated was shortly after our meeting almost three weeks earlier. He had asked me then to text him the timeline of my interaction with Hunter. I figured that he wanted something in writing showing the chain of custody—or it was an effort to trap me into writing something that could be twisted into a charge of lying to the FBI.

This time, he asked me to text him the model and serial number of the external drive and laptop. I explained that I hadn’t made it to the shop yet. “I need this information before we head over,” he insisted. “It’s important.”

“Give me thirty-five minutes,” I responded, then hung up. I finished getting ready and headed to the shop. After texting the numbers to Agent DeMeo, I waited in the shop with the blinds closed and the lights out, so as not to announce that the store was open. [my emphasis]

Shapley described that the FBI obtained and confirmed the device identifier before they ever met Mac Isaac, on November 6 (though perhaps Mac Isaac only referred to other identifiers needed for the subpoena).

Nevertheless, this discrepancy is important for a number of reasons, not least that if the FBI looked at all closely at the returns on a subscriber subpoena to Apple, it should have raised significant alarm that someone was trying to hack Hunter Biden. But if they didn’t obtain this information until the day they obtained the laptop, then they couldn’t have reviewed the subscriber data very closely in advance. That negligence might, in turn, amount to negligence in missing clear signs that the then former VP’s son was being hacked.

As Mac Isaac describes it, it was not until Agents arrived at his shop that they told him they were going to seize the laptop with a subpoena rather than imaging the laptop there at the shop.

Both agents arrived at my door about a half hour late. “Where’s the tech?” I asked, holding the door open.

“We have a change of plans,” Agent Wilson responded. “Can we go in the back?”

I led the agents to the back, and Agent Wilson placed his bag on the workbench. “

I have a subpoena here to collect the laptop, the drive, and all paperwork associated with the equipment,” he said, pulling out a collection of very formal and important-looking paperwork. “I’ll need you to sign it.”

When Mac Issac asked why they had changed their plan, he claims, lead Agent Josh Wilson deferred to Agent Mike DeMeo, who told him that they were taking the laptop back to a lab to image.

“You guys scared the shit out of me!” I exclaimed. “So why the change of plans? Don’t get me wrong; I’m grateful that you’re taking this stuff out of my shop.”

Agent Wilson looked over at Agent DeMeo, who was buried in his clipboard. “Ah, Mike?” he said. Agent DeMeo paused his writing and said, “We have a lab that takes these things and is better equipped than our field tech.”

Mac Isaac also claims that at that same meeting, DeMeo told him only to contact him, not Wilson.

“Tell them you keep abandoned equipment offsite, like a warehouse location,” Agent DeMeo answered, taking over. “Tell them it will take a day for you to check and they should call back the next day. Then immediately text me at my cell number. From now on, only communicate through my cell number. Not Agent Wilson, just me. We need to avoid communicating through, ah, normal channels. I’m sure you can understand. Text me and we will get the equipment back to you and deal with the situation.”

This communication works the opposite of the way you’d expect. Often, second agents are asked to take the stand, so you’d want them to have a clean digital trail. Here, the lead agent, Agent Wilson, was protecting his communications, whereas the second agent was not.

And then, as Mac Isaac tells it, that very same day, someone else, “Matt,” called using DeMeo’s phone, asking really embarrassing questions about how to access the laptop.

The claim that someone at the FBI was trying to boot up the laptop is alarming enough — though as I noted in July, there is some corroboration for the claim in Gary Shapley’s notes.

FBI determined in order to do a full forensic review a replacement laptop had to be purchased so the hard drive could be installed, booted and imaged.

[snip]

Josh Wilson stated that (while laughing) so whoever [people wanting to review the laptop] are they are going to have to buy a laptop to put the hard drive so they can read it.

Where Mac Isaac’s claims are totally inconsistent with the FBI claims, in a way that would cause grave legal problems for the FBI, is the date: Mac Isaac claims that the FBI was trying to boot up the laptop that same day, on December 9.

According to Gary Shapley’s notes, the FBI didn’t have approval to even get a warrant on December 9, much less have a signed warrant itself.

The FBI didn’t have a warrant to access the “Hunter Biden” “laptop” until December 13.

And yet, if you can believe Mac Isaac, the FBI was already trying to boot it up, perhaps irreparably altering its contents, three days before they got a warrant.

Featured image showing known dissemination of the “Hunter Biden” “laptop” by Thomas Fine.

Share this entry

Hunter Biden Threatens to Make Robert Costello’s Dalliance with Rudy Giuliani Even More Costly

/72 Comments/in , , /by

Last week, Robert Costello’s law firm sued Rudy Giuliani — as they earlier successfully sued Steve Bannon for a far smaller amount earlier this year — for stiffing them on payments amounting to almost $1.4 million.

In a statement provided by a spokesman, Mr. Giuliani lashed out at Mr. Costello and the lawsuit, portraying it as an overly aggressive attempt to collect.

“I can’t express how personally hurt I am by what Bob Costello has done,” Mr. Giuliani said. “It’s a real shame when lawyers do things like this, and all I will say is that their bill is way in excess to anything approaching legitimate fees.”

Reached by phone, Mr. Costello initially declined to comment but fired back after hearing Mr. Giuliani’s statement, asking, “How can he take a personal affront when he owes my firm nearly $1.4 million?”

Mr. Costello also disputed the claim that the bills were excessive, saying that he billed his regular hourly rate and that Mr. Giuliani never complained about the cost until Davidoff Hutcher & Citron warned that it had planned to sue.

“He’s a little late to that party,” Mr. Costello said, adding, “it’s too late for that frivolous claim as he will find out in court.”

Mr. Giuliani, he said, “took the low road here because he is feeling desperate.”

In all, Mr. Costello’s firm has billed Mr. Giuliani $1,574,196, according to the lawsuit. Of that, Mr. Giuliani has paid only $214,000, the lawsuit said, most recently handing over $10,000 last week.

Rudy doesn’t have the money to pay Costello. This lawsuit can only serve to pressure Rudy to get Trump to pay up, something he has thus far refused to do.

In any case, Costello’s costs for enabling Rudy’s shenanigans may well grow, now that Hunter Biden has sued both of them for hacking his personal data.

The lawsuit largely parallels the lawsuit filed earlier against Garrett Ziegler — though the evidence that first Costello and then Rudy hacked the data is based on a different access claim. Hunter alleges (with merit) that Ziegler unlawfully accessed encrypted data that had been saved to Hunter’s iTunes account.

In this suit, the hacking claim appears to be two-fold: first, Costello’s demonstration to Olivia Nuzzi of how he accessed Hunter’s email account using Hunter’s own credentials.

24. Plaintiff has discovered (and is continuing to discover) facts concerning Defendants’ hacking activities and the damages being caused by those activities through Defendants’ public statements in 2022 and 2023. During one interview, which was published on or about September 12, 2022, Defendant Costello demonstrated for a reporter precisely how Defendants had gone about illegally accessing, tampering with, manipulating and altering Plaintiff’s data:

“Sitting at a desk in the living room of his home in Manhasset, [Defendant Costello], who was dressed for golf, booted up his computer. ‘How do I do this again?’ he asked himself, as a login window popped up with [Plaintiff’s] username . . .”3

By booting up and logging into an “external drive” containing Plaintiff’s data and using Plaintiff’s username to gain access Plaintiff’s data, Defendant Costello unlawfully accessed, tampered with and manipulated Plaintiff’s data in violation of federal and state law. Plaintiff is informed and believes and thereon alleges that Defendants used similar means to unlawfully access Plaintiff’s data many times over many months and that their illegal hacking activities are continuing to this day.

3 Andrew Rice & Olivia Nuzzi, The Sordid Saga of Hunter Biden’s Laptop, N.Y. MAG. (Sept. 12, 2022), https://nymag.com/intelligencer/article/hunter-biden-laptop- investigation.html.

I’ve been told that because of the way the data was stored, booting the hard drive up would update emails onto the hard drive, including any emails altered during the November 2019 Burisma hack. But using Hunter’s credentials — if that’s what Costello did — would be a CFAA violation unto itself.

Additionally, the complaint notes that both Costello and Rudy boasted about accessing Hunter’s camera roll.

26. For example, Defendant Costello has stated publicly that, after initially accessing the data, he “scrolled through the laptop’s [i.e., hard drive’s] email inbox” containing Plaintiff’s data reflecting thousands of emails, bank statements and other financial documents. Defendant Costello also has admitted publicly that he accessed and reviewed Plaintiff’s data reflecting what he claimed to be “the laptop’s photo roll,” including personal photos that, according to Defendant Costello himself, “made [him] feel like a voyeur” when he accessed and reviewed them.

[snip]

31. By way of further example, in an episode of the podcast “Louder with Crowder” in late 2022, Defendant Giuliani held up a laptop computer on air and announced: “This is the hard drive they’re on,” referring to data (e.g., photographs) he apparently carries around with him on a daily basis, presumably so that he can continuously access, tamper with and manipulate the data whenever and wherever he desires.

Hunter’s team may know that these photos would not have been available without a password.

Note, the complaint makes some interesting allegations about John Paul Mac Isaac’s own actions; I would be unsurprised if Hunter sues him next.

23. Following these communications, Mac Isaac apparently sent via FedEx a copy of the data he claimed to have obtained from Plaintiff to Defendant Costello’s personal residence in New York on an “external drive.” Once the data was received by Defendants, Defendants repeatedly “booted up” the drive; they repeatedly accessed Plaintiff’s account to gain access to the drive; and they proceeded to tamper with, manipulate, alter, damage and create “bootable copies” of Plaintiff’s data over a period of many months, if not years.

2. Plaintiff’s investigation indicates that the data Defendant Costello initially received from Mac Isaac was incomplete, was not forensically preserved, and that it had been altered and tampered with before Mac Issac delivered it to Defendant Costello; Defendant Costello then engaged in forensically unsound hacking activities of his own that caused further alterations and additional damage to the data he had received. Discovery is needed to determine exactly what data of Plaintiff Defendants received, when they received it, and the extent to which it was altered, manipulated and damaged both before and after receipt.

Mac Isaac admits in his book that the copy he made of the laptop he received was not a forensic copy.

As with Costello’s suit, the lawsuit against Rudy is drilling a dry hole. Rudy is broke, and even if Hunter prevailed, he’d be at the back of a long line of creditors at some time Rudy declares bankruptcy.

But the discovery is something else.

So, too, is Costello’s role in all that, which he may or may not be claiming is part of attorney-client privileged activities, a claim that would he impossible to sustain in light of the Nuzzi profile.

And, in the shorter term, these lawsuits provide basis to claim that DE USAO is pursuing Hunter for misdemeanor tax charges, while ignoring the way the President’s son was and continues to be serially hacked by his father’s opponents.

Update: Politico includes this quote in their report on the lawsuit.

Giuliani and his allies have long argued that the purported laptop was fair game because it was allegedly abandoned. But at the heart of the lawsuit is the argument that regardless of where any piece of computer hardware was located, Hunter Biden’s data still belongs to him alone. A member of his legal team, granted anonymity to discuss his newly aggressive legal strategy, put it this way: “If you take your coat to the dry cleaner and leave your wallet in it, and you forget to pick it up, it doesn’t mean the dry cleaner gets the wallet and all your money. It’s just common sense.”

The member of his legal team hinted that more litigation could follow.

“Everyone involved in stealing and manipulating Hunter’s data should be hearing footsteps right about now,” that person said.

I don’t think people yet have considered the full scope of people this might include.

Share this entry

The Laptop Everyone Knows as Hunter Biden’s Appears to Have Been Deleted Starting February 15, 2019

/111 Comments/in , , , /by

I’ve been wading through Hunter Biden data all weekend. There’s some evidence that the descriptions of the “Hunter Biden” “laptop” based on the drive Rudy Giuliani has peddled do not match the description of what should be on such devices given what the FBI and IRS saw.

Before I explain that, though, I want to talk about how the life of Hunter Biden’s iCloud account differs from what is portrayed in this analysis paid for by Washington Examiner.

As that report describes, Hunter Biden activated a MacBook Pro on October 21, 2018, then set it up with Hunter’s iCloud on October 22. Hunter then used the MacBook as his primary device until March 17, 2019, a month before it waltzed into John Paul Mac Isaac’s computer repair shop to start a second act as the biggest political hit job ever.

There are problems with that story. A longer table of the devices that logged into Hunter Biden’s iCloud includes devices that appear to have been accessing core Hunter Biden content.

That same table doesn’t show any access after November 15, 2018, with the last access being the device Roberts MacBook Pro that would end up in a Delaware repair shop, but showing up six days earlier than it should. There’s a phone that should but does not show up in those devices, too.

The report doesn’t discuss the import of the shifts between these emails.

RHB used several emails for business and personal use including:
[email protected] [sic]
[email protected] ([email protected])
[email protected]
[email protected]
[email protected]

One email missing from this list is a Gmail account under which a bunch of passwords were stored. That’ll become important later.

The most important email is the Gmail account (misspelled above), [email protected], which Hunter Biden used to contact sex workers, probably including the Russian escort service that the IRS used to predicate the IRS investigation. That email account got added to his iCloud account at the same time as his iCloud contents were requested, and then again before the MacBook stopped being used. Those changes often happened in conjunction with changes to the phone number.

For now, though, I just want to map out the major events with Hunter’s iCloud accounts from September 1, 2018 (perhaps the months before the IRS would open an investigation into him because he was frequenting a Russian escort service) until the final email as found on the laptop itself. There’s a bunch more — one after another credit card gets rejected, and he keeps moving his Wells Fargo card over to pay for his Apple account; the iCloud account shows Hunter reauthorizing use of biometrics to get into his Wells Fargo account in this period.

In January 2019, the Gmail account Hunter Biden used to contact sex workers (probably including the Russian escort service he had been using) effectively took over his iCloud account and asked for a complete copy of his iCloud account. Then, the next month, all the data on the Hunter Biden laptop was deleted.

Update: I’ve taken the reference to the HB RediPhone out altogether–it’s clear that’s a branded iPhone–and replaced it with a better explanation of the other devices.

Update: I see that he does have D[r]oidhunter88, but doesn’t discuss the import of it.

Update: I’ve added a few things that happened while Hunter’s account was pwned. Importantly, as part of this process an app called “Hunter” was given full access to his droidhunter88 gmail account. There are also a few emails that seem to be a test process.

Update: Added the missing Gmail account.

Hunter Biden’s iCloud

9/1/18: An account recovery request for your Apple ID ([email protected]) was made from the web near Los Angeles, CA on August 31, 2018 at 9:36:07 PM PDT. The contact phone number provided was [Hunter Biden’s].

9/1/18: The following changes to your Apple ID, [email protected] were made on September 1, 2018 at 10:29:36 AM PDT: Password

9/1/18: Your Apple ID ([email protected]) was used to sign in to iCloud on a MacBook Pro 13″.
Date and Time: September 1, 2018, 10:34 AM PDT

9/1/18: Your Apple ID ([email protected]) was used to sign in to iCloud via a web browser.
Date and Time: September 1, 2018, 10:42 AM PDT

9/2/18: Your Apple ID, [email protected], was just used to download Hide2Vault from the Mac App Store on a computer or device that has not previously been used.

9/2/18: Welcome to your new MacBook Pro with Touch Bar.

9/11/18: Your Apple ID ([email protected]) was used to sign in to iCloud via a web browser.

9/11/18: The password for your Apple ID ([email protected]) has been successfully reset.

9/11/18: Robert’s iPad is being erased. The erase of Robert’s iPad started at 2:56 PM PDT on August 5, 2018.

This is one of several times in several weeks that Hunter loses his iPhone, but while it’s lost, someone also pings his MacBook.

9/16/18: A sound was played on iPhone. A sound was played on iPhone at 8:25 PM PDT on September 15, 2018. (Repeats 25 times in 5 minutes)

9/16/18: A sound was played on Robert’s MacBook Pro at 8:30 PM PDT on September 15, 2018. (Repeats 2 times)

9/16/18: A sound was played on iPhone at 8:31 PM PDT on September 15, 2018. (Repeats 7 times)

9/16/18: iPhone was found near Santa Monica Mountains National Recreation Area 23287 Palm Canyon Ln Malibu, CA 90265 United States at 11:32 PM PDT.

9/16/18: Your Apple ID ([email protected]) was used to sign in to iCloud via a web browser.

9/19/18: Your Apple ID ([email protected]) was used to sign in to iCloud via a web browser.

9/20/18: Your Apple ID ([email protected]) was used to sign in to iCloud on an iPhone 8 Plus.

This is the second time he loses his phone. What follows is basically a chase of Hunter Biden’s iPhone across LA. It’s not clear it is ever recovered — but it is over two weeks before a new iPhone logs into his account.

9/27/18: Lost Mode enabled on Robert Hunter’s iPhone. This device was put into Lost Mode at 7:20 PM PDT on September 27, 2018.

9/27/18: Robert Hunter’s iPhone was found near [address redacted] Lynwood, CA 90262 United States at 7:20 PM PDT.

9/27/18: Your Apple ID ([email protected]) was used to sign in to iCloud on an iPhone 8 Plus.

9/27/18: A sound was played on Robert Hunter’s iPhone at 7:20 PM PDT on September 27, 2018.

9/27/18: A sound was played on Robert Hunter’s iPhone at 7:20 PM PDT on September 27, 2018.

9/27/18: Robert Hunter’s iPhone was found near [address redacted] Lynwood, CA 90262 United States at 7:20 PM PDT.

9/28/18: Robert Hunter’s iPhone was found near [different address redacted] Lynwood, CA 90262 United States at 4:24 PM PDT.

9/28/18: Robert Hunter’s iPhone was found near [third address redacted] Lynwood, CA 90262 United States at 5:27 PM PDT.

9/28/18: Robert Hunter’s iPhone was found near [fourth address redacted] Los Angeles, CA 90036 United States at 6:22 PM PDT.

9/28/18: Robert Hunter’s iPhone was found near [fifth address redacted] Los Angeles, CA 90069 United States at 6:38 PM PDT.

10/13/18: Bobby Hernandez to [email protected]: You left your phone. How do I get it to you?

10/14/18: The password for your Apple ID ([email protected]) has been successfully reset.

By date, this login is the HB rediPhone, but Apple recognized it as an iPhone X.

10/14/18: Your Apple ID ([email protected]) was used to sign in to iCloud on an iPhone X. Date and Time: October 14, 2018, 11:24 AM PDT

10/17/18: The password for your Apple ID ([email protected]) has been successfully reset.

10/17/18: The following information for your Apple ID (r•••••@rspdc.com) was updated on October 17, 2018. Trusted Phone Number Added – Phone number ending in 73

10/17/18: New sign-in to your linked account [email protected] Your Google Account was just signed in to from a new Apple iPhone device.

Per the Gus Dimitrelos report, the following activity reflects the creation of a new MacBook account called Robert’s MacBook Pro — the laptop that would end up in Mac Isaac’s shop. But there doesn’t appear to be an alert for a new device like there is the for the iPhone 8 Plus the following day.

10/21/18: Your Apple ID ([email protected]) was used to sign in to iCloud on a MacBook Pro 13″. Date and Time: October 21, 2018, 5:50 AM PDT

10/21/18: Your Apple ID ([email protected]) was used to sign in to iCloud via a web browser. Date and Time: October 21, 2018, 9:06 AM PDT

10/22/18: The following changes to your Apple ID, [email protected] were made on October 22, 2018 at 7:47:30 PM EDT: Phone number(s)

10/23/18: Your Apple ID, [email protected], was just used to download Quora from the App Store on a computer or device that has not previously been used.

10/23/18: Your Apple ID ([email protected]) was used to sign in to iCloud on an iPhone 8 Plus. Date and Time: October 23, 2018, 4:10 PM PDT

10/23/18: New sign-in to your linked account [email protected] Your Google Account was just signed in to from a new Apple iPhone device.

Several spyware apps get purchased in this period.

10/29/18: Your mSpy credentials to your control panel: Username/Login: [email protected]

11/2/18: Your Apple ID ([email protected]) was used to sign in to iCloud on an iPhone XS.

11/16/18: You recently added [email protected] as a new alternate email address for your Apple ID.

11/21/18: You’ve purchased the following subscription with a 1‑month free trial: Subscription Tile Premium

11/22/18: Your Apple ID, [email protected], was just used to download KAYAK Flights, Hotels & Cars from the iTunes Store on a computer or device that has not previously been used.

12/28/18: Your Apple ID ([email protected]) was used to sign in to iCloud via a web browser. Date and Time: December 28, 2018, 7:06 AM PST

1/3/19: Keith Ablow (then Hunter’s therapist) says Hunter’s email is screwed up

1/6/19: Your Apple ID ([email protected]) was used to sign in to iCloud via a web browser. Date and Time: January 6, 2019, 1:51 AM PST

1/12/19: Your Recent Mac Cleanup Pro Order [ADV181229-7742-90963]

1/14/19: The following changes to your Apple ID, [email protected] were made on January 13, 2019 at 10:28:31 PM EST: Phone number(s)

1/14/19: The following changes to your Apple ID, [email protected] were made on January 13, 2019 at 10:31:15 PM EST: Password

1/14/19 The following changes to your Apple ID, [email protected] were made on January 13, 2019 at 10:52:13 PM EST: Billing and/or Shipping Information

1/14/19: The following changes to your Apple ID, [email protected] were made on January 13, 2019 at 10:53:40 PM EST: Phone number(s)

1/14/19: The following changes to your Apple ID, [email protected] were made on January 13, 2019 at 11:12:45 PM EST: Billing Information

1/16/19: Your Apple ID ([email protected]) was used to sign in to iCloud via a web browser. Date and Time: January 16, 2019, 1:59 PM PST

While Hunter is in Ketamine treatment at Keith Ablow’s, a service called “Hunter” gets access to the droidhunter88 gmail account

1/16/19: Here’s my first tip for you!

1/16/19: Hi Robinson, Hunter now has access to your Google Account [email protected].

Hunter can:
View your email messages and settings
Manage drafts and send emails
Send email on your behalf

A bunch of things happen in this four day period: first, someone accessed droidhunter88 from a new iPhone. Someone changed the phone number for the Hunter Biden iCloud. Then, droidhunter88 was given access to the iCloud account. Then the iCloud account ordered all of Hunter’s iCloud contents. Then the password for the account was reset.

1/17/19: New device signed in to [email protected] Your Google Account was just signed in to from a new Apple iPhone device.

1/17/19: I am here to help you find the emails you need!

Giovanni here from Hunter.

I wanted to quickly check if I can help you getting started with Hunter.

There are plenty of functionalities included with your free plan that will allow you to find, verify and enrich a set of data in bulk: these are all explained in our video guides.

However, if you already have a precise task to perform, reply to this email so I can better assist you!

1/17/19: n (from [email protected])

1/18/19: Long email to tabloid journalist sent under rosemontseneca email (this is sent first to Keith Ablow and then George Mesires, the latter of whom responds); this would have shown how the email account worked

1/19/19: The following information for your Apple ID (r•••••@rspdc.com) was updated on January 19, 2019. Trusted Phone Number Removed – Phone number ending in 13

1/20/19: The following changes to your Apple ID, [email protected] were made on January 20, 2019 at 5:24:54 PM EST: Phone number(s)

1/20/19: The following changes to your Apple ID, [email protected] were made on January 20, 2019 at 5:31:21 PM EST: Apple ID
Email address(es)

1/20/19: The following changes to your Apple ID, [email protected] were made on January 20, 2019 at 5:31:21 PM EST: Apple ID Email address(es)

1/20/19: A request for a copy of the data associated with the Apple ID [email protected] was made on January 20, 2019 at 5:40:26 PM EST

1/21/19: The password for your Apple ID ([email protected]) has been successfully reset.

1/21/19: The following changes to your Apple ID, [email protected] were made on January 21, 2019 at 8:28:05 AM EST: Name — changed from Robert Hunter to Robert Biden

1/21/19: You recently added [email protected] as the notification email address for your Apple ID

1/21/19: The following changes to your Apple ID, [email protected] were made on January 21, 2019 at 8:31:02 AM EST:
Rescue email address

1/22/19: The following information for your Apple ID (r•••••@icloud.com) was updated on January 22, 2019. Trusted Phone Number Removed – Phone number ending in 96

1/22/19: Your Apple ID ([email protected]) was used to sign in to iCloud via a web browser. Date and Time: January 22, 2019, 4:21 AM PST

1/22/19: The following changes to your Apple ID, [email protected] were made on January 22, 2019 at 10:05:20 AM EST:
Email address(es)

1/22/19: The following changes to your Apple ID, [email protected] were made on January 22, 2019 at 10:05:29 AM EST:
Email address(es)

1/22/19: The following changes to your Apple ID, [email protected] were made on January 22, 2019 at 10:05:34 AM EST:
Email address(es)

1/24/19: You recently added [email protected] as a new alternate email address for your Apple ID.

I think that after ordering all Hunter’s data, the account is reset to what it had been from the start. But Droidhunter88, not [email protected], gets the iCloud backup.

1/24/19: Your contacts have been restored successfully on January 24, 2019, 1:17 PM PST.

1/25/19: The data you requested on January 20, 2019 at 5:40:26 PM EST is ready to download. [Sent to both Droidhunter88 and [email protected]]

1/27/19: Your Apple ID ([email protected]) was used to sign in to iCloud via a web browser. Date and Time: January 27, 2019, 7:41 AM PST

Several photo editing apps are purchased in this period (and one CAD app).

1/27/19: You’ve purchased the following subscription with a 1‑month free trial: Subscription Polarr Photo Editor Yearly

2/6/19: The following changes to your Apple ID, [email protected] were made on February 5, 2019 at 11:39:09 PM EST: Phone number(s)

2/9/19: Your Apple ID ([email protected]) was used to sign in to iCloud via a web browser. Date and Time: February 9, 2019, 9:52 AM PST

2/9/19: Your Apple ID ([email protected]) was used to sign in to iCloud via a web browser. Date and Time: February 9, 2019, 5:08 PM PST

Hunter connected to your Google Account
Hi Robinson,

2/9/19: Hunter now has access to your Google Account [email protected].

2/9/19: test To:[email protected]

2/9/19: jkFrom:”Robinson Hunter” [email protected]:[email protected]

2/9/19: The following information for your Apple ID (r•••••@icloud.com) was updated on February 10, 2019. Trusted Phone Number Added – Phone number ending in 96

2/9/19: You recently added [email protected] as the notification email address for your Apple ID.

2/9/19: You recently added [email protected] as the notification email address for your Apple ID

2/9/19: The following changes to your Apple ID, [email protected] were made on February 9, 2019 at 8:33:57 PM EST: Rescue email address

2/9/19: Your Apple ID ([email protected]) was used to sign in to iCloud on an iPhone 6s. Date and Time: February 9, 2019, 6:11 PM PST

2/10/19: Your Apple ID, [email protected], was just used to download Call recorder for iphone from the iTunes Store on a computer or device that has not previously been used.

2/15/19: Hi Robinson, Did you know? Hunter doesn’t have only one Chrome extension! We recently built a simple email tracker for Gmail.

This is where the data on the MacBook that would end up in Mac Isaac’s shop started getting deleted.

2/15/19: Robert’s MacBook is being erased. The erase of Robert’s MacBook started at 4:18 PM PST on February 15, 2019.

2/15/19: Robert’s MacBook Pro has been locked. This Mac was locked at 8:36 PM PST on February 15, 2019.

2/19/19: Noiseless MacPhun LLC

2/20/19: where the fuck are youi? from DroidHunter88 to dpagano:

this is hunter
i dont have your #

call me please

The droidhunter88 account bought a new iPhone — but, after telling Apple they would recycle the old one, instead kept it. That would effectively be another device associated with Hunter Biden. Given some of the other apps involved, this may have served as a way to get Hunter Biden’s calls (eg, from Mac Isaac). Unlike the new devices that show up in 2018, this one was paid for. 

2/21/19: New device signed in to [email protected] Your Google Account was just signed in to from a new Apple iPhone device.

2/21/19: Hi Robinson, Welcome to Google on your new Apple iPhone (tied to droidhunter88)

2/28/19: Your items are ready for pickup.Order Number: W776795632Ordered on: February 28, 2019

2/28/19: Your trade-in has been initiated. Thanks for using Apple GiveBack.

3/1/19: Your Apple ID ([email protected]) was used to sign in to iCloud on an iPhone XR. Date and Time: March 1, 2019, 8:52 AM PST

3/5/19: Recently you reported an issue with Polarr Photo Editor, Polarr Photo Editor Yearly using iTunes Report a Problem

3/7/19: Your Apple ID, [email protected], was just used to download Lovense [sic] Remote from the App Store on a computer or device that has not previously been used.

3/9/19: New sign-in to your linked account [email protected] Your Google Account was just signed in to from a new Apple iPhone device.

3/9/19: Promise Me, Dad: A Year of Hope, Hardship, and Purpose (Unabridged)

3/13/19: Your Apple ID ([email protected]) was used to sign in to iCloud via a web browser. Date and Time: March 13, 2019, 5:43 PM PDT

3/16/19: The following changes to your Apple ID, [email protected] were made on March 16, 2019 at 11:59:16 PM EDT:Email address(es)

Droidhunter88 is added back to Hunter’s iCloud contact again.

3/17/19: You recently added [email protected] as a new alternate email address for your Apple ID.

3/17/19: The following changes to your Apple ID, [email protected] were made on March 17, 2019 at 12:02:06 AM EDT: Email address(es)

3/17/19: We haven’t received your device.

Share this entry

Serving as Julian Assange’s Unwitting Data Mule to Israel Shamir Is Not Journalism

/21 Comments/in , , , /by

It’s a testament to how effective WikiLeaks’ propaganda is that almost none of the people implicated by things Julian Assange did years ago and almost none of the people who brainlessly repeat Julian Assange’s propaganda now know about this May 16, 2022 filing, submitted last year in the Josh Schulte case, which I wrote about here.

The redacted bits of the filing almost certainly describe things obtained in an ongoing investigation of WikiLeaks that pertain to how the data stolen by Schulte was used. The unredacted parts, however, describe that what must be the WikiLeaks investigation is both ongoing and has a scope that, “is neither known to the public nor to all of the targets of the investigation.”

“All of the targets.” That phrase is telling. At least one target — Assange — knows he is a target. The other targets (and DOJ uses the jargon to describe people who almost certainly will be charged, not just people who might be) don’t know.

The WikiLeaks investigation — which is ongoing and not just, as many boosters claim, an attempt to shore up the case against Assange — is not an investigation into Assange, exclusively. There are other targets.

Key WikiLeaks people almost certainly know about this filing, because they treated Schulte’s second trial — where he defended himself and repeatedly tried to publicly share classified information, almost certainly including details of the discovery about the ongoing WikiLeaks investigation he had received — differently than the first.

They’re just not telling you that there are other targets of the WikiLeaks investigation.

They’re not telling you, in part, because it ensures that when the Met or FBI or other investigators approach people to obtain information about those other targets, they’ll refuse, because they don’t want to be part of a prosecution of Julian Assange for what they’re telling themselves is journalism.

James Ball is the latest person describing how that happened.

In a Rolling Stone post describing the two year effort to obtain his cooperation, he claims journalists are being asked to cooperate against Assange.

And he claims he’s being approached — for information that clearly pertains to Israel Shamir — as a journalist.

He asserts that he’s being approached as a journalist by claiming that DOJ wants to talk to him about this 2013 article, rather than about his own conduct described in the article.

As the article described, in 2010, he unwittingly served as Assange’s data mule, handing off 90,000 State Cables to Israel Shamir, who then exploited them — by sharing them with Belarusian dictator Alexandr Lukashenko and/or selling them — before the entire Cable set was released.

Shamir is an anti-Semitic writer, a supporter of the dictator of Belarus, and a man with ties and friends in Russian security services. He and Julian—unknown to us—had been in friendly contact for years. It was a friendship that would have serious consequences.

Introduced to WikiLeaks staff and supporters under a false name, Shamir was given direct access to more than 90,000 of the U.S. Embassy cables, covering Russia, all of Eastern Europe, parts of the Middle East, and Israel. This was, for quite some time, denied by WikiLeaks. But that’s never a denial I’ve found convincing: the reason I know he has them is that I gave them to him, at Assange’s orders, not knowing who he was.

Why did this prove to be a grave mistake? Not just for Shamir’s views, which are easy to Google, but for what he did next. The first hints of trouble came through contacts from various Putin-influenced Russian media outlets. A pro-Putin outlet got in touch to say Shamir had been asking for $10,000 for access to the cables. He was selling the material we were working to give away free, to responsible outlets.

Worse was to come. The NGO Index on Censorship sent a string of questions and some photographic evidence, suggesting Shamir had given the cables to Alexander Lukashenko of Belarus, Europe’s last dictator. Shamir had written a pro-Belarus article, shortly before photos emerged of him leaving the interior ministry. The day after, Belarus’s dictator gave a speech saying he was establishing a WikiLeaks for Belarus, citing some stories and information appearing in the genuine (and then unpublished) cables. [my emphasis]

As he admits, at least by 2013, Ball was aware that Shamir had ties to Russian spooks.

What Ball describes in the piece is that he entered into an agreement with Assange to provide data to someone, Shamir, that Shamir did not publish, but instead shared with a repressive dictator and, probably, with Russian intelligence services.

That’s not journalism. That’s spying.

To be sure: as Ball describes, he realized his error and promptly left WikiLeaks (and, as he described in the 2013 article, refused to sign some of the NDAs Assange was pushing). That’s why he was approached as a witness and not a subject, because he made affirmative efforts to leave the conspiracy that has already been charged against Assange and almost certainly will be charged against Shamir, if it hasn’t already been, under seal.

After having served as an unwitting data mule for Assange in a handoff that would result in Lukashenko (and possibly Russian spies) getting advance access to the content of the Cables, Ball subsequently became a journalist. But that does not retroactively change what happened in 2010. Nor does that mean FBI approached him as a journalist. They approached him as a guy who once unwittingly served as a data mule for the part of the Cable releases that undermines all the claims that Assange is nothing but a publisher.

Here’s what people miss about the publication charges against Julian Assange, including the Cable count. They charge him for, “distributing them and then by publishing them.” Proving that Assange distributed the State Cables via unwitting data mule James Ball to Shamir is all DOJ would have to do to prove that charge against Assange, to prove that Assange shared them with someone not authorized to receive them. At a hypothetical trial of Assange (and whoever else gets charged), they’ll undoubtedly explain that after first giving privileged access to the Cables to Shamir, who handed them onto people who would use them to suppress dissent, Assange published all of them. That’s part of the cover. That’s part of what leads people like Ball to imagine he was involved in journalism when he shared the Cable files with Shamir.

For a number of WikiLeaks releases, there’s some story like this, about how before publication, files were either removed from the publication set or provided exclusively to someone in advance. The publication is, in part, cover for that earlier sharing. Schulte even described how if Russia got the source code he shared with WikiLeaks but which WikiLeaks, with limited exceptions, did not publish, they would never publish it, because it would be more useful to reverse engineer what the CIA had been doing.

These tools are MUCH more valuable undiscovered by the media or the nation that lost them. Now, you can secretly trace and discover every operation that nation is conducting.

Schulte is one of the people that anyone charged in a larger WikiLeaks conspiracy would be charged with conspiring with.

That’s the tough thing about US conspiracy law: Once you enter into a conspiracy, you’re on the hook for the actions of anyone who later enters into that conspiracy — like Shamir or Schulte — whether or not you know about it personally. You’re on the hook unless and until you take affirmative actions to leave the conspiracy. Lots of people with ties to WikiLeaks want no tie to Assange’s relationship with Shamir, but if DOJ adds him as a co-conspirator, then they’re not going to have much choice in the matter.

In any case, because so few of WikiLeaks’ boosters know that there are other targets in this investigation, they seem to be getting unfortunate legal advice, such as regarding the import of the detail that FBI obtained a statement from Shamir — whose statements, if and when he is charged as a co-conspirator, can be entered at trial — stating that Ball provided Cables, which he claimed to be about “the Jews,” to him.

The U.S. government cannot make much use of what I revealed in the article in a court of law unless I testify to it — and it is not hard to see how I could be useful if they were trying to strengthen the political case against Assange. In the article, I admit that I was the one who gave Shamir the material, albeit on Assange’s orders, without knowing who he was. If I testified to all this, it could, at least in theory, open me to criminal charges of my own.

[snip]

When, after months of delaying tactics had run out of road, we said a final “no”, there was a small sting in the tale from a DOJ prosecutor to my lawyers. Sending a statement in which Shamir had falsely claimed I had provided him with cables on “the Jews,” the prosecutor noted:

“Upon seeing those words from Shamir, I cannot help but ask whether Mr. Ball would reconsider his decision about speaking to the investigators, even if only just to respond to Shamir’s allegations.”

Yeah, it was a sleazy tactic, but also one designed to alert his lawyer that Ball does not currently have exposure but at a trial in which Shamir is a co-conspirator, Ball’s own conduct will be introduced at trial as part of proving that Cable charge and can be introduced without the article Ball wrote in 2013. Ball was advised they can’t use his article without his testimony — and because he had already left any agreement with Assange that’s probably right — but FBI can certainly introduce Shamir’s claims that he got the Cables from Ball, along with whatever other evidence they have about what Shamir did with them afterwards.

One more reason the fact that this is an ongoing investigation into targets not publicly identified matters: DOJ may or may not  or may already have gotten the UK to approve superseding the existing indictment against Assange, the one that has led people to believe he is the only target of it. But they certainly have the ability to charge a conspiracy in which Assange is an uncharged co-conspirator, showing a seven year conspiracy involving Russian spooks — starting no later than that handoff of cables to Shamir — charging everyone else that entered into a conspiracy via Assange with Russian spooks. Back in 2020, prosecutors implied to Jeremy Hammond that the long extradition process of Assange would provide the opportunity to charge Assange’s involvement in the 2016 Russian hack-and-leak. And because at least one of the people who would be charged in such a conspiracy, Josh Schulte, appears to have continued his efforts to leak through last year, any statute of limitations might go through 2027. That’s why they’re in no rush to charge Shamir publicly: because the way conspiracy law works in the US, they can charge everyone who didn’t affirmatively leave the WikiLeaks conspiracy so long as the conspiracy remains ongoing.

Ball may well be right that the other people the FBI has approached are being approached for coverage of WikiLeaks they did, as journalists (though there are some edge cases). But of the descriptions I’ve seen, there’s always another as yet uncharged target about whom the FBI is asking. That may not change their calculus about whether they want to cooperate, but it means, whether they know it or not, that their refusals are not limited to a bid to protect Assange’s conduct.

I think the people approached for their coverage of WikiLeaks should definitely tell the FBI to fuck off.

But there’s more going on here, particularly with the request to Ball.

Share this entry

Between the Annual Release of FISA Statistics and the Release of the FISA 702 Opinion, FBI Rolled Up Turla

/3 Comments/in , /by

I’m curious about the timing of the release of the FISC 702 opinion, dated April 21, 2022, approving Section 702 certificates that would last until April 21, 2023. I laid out a Modest Proposal in response to that opinion here.

In the past, the government has often released the prior year’s FISC opinion around the same time as it releases all the FISA transparency reports, which it released this year on April 28, 2023. But ODNI didn’t release the opinion itself until May 19, eight days after the FBI released a FISA-related audit that covers many of the same violative queries laid out in the FISC opinion and three weeks after the other transparency filings. The delayed release resulted in the release of significantly overlapping bad news twice, a week apart, at a time when the spooks already face an uphill climb to get 702 reauthorized before the end of the year.

One possible explanation for the delayed release is that there was a one-month delay in reapproval of new 702 certificates, meaning that ODNI held back the opinion until such time as a new opinion had replaced the old one.

But as I read, especially, a separate opinion released along with the 702 one, I couldn’t help but note that between the date when ODNI would customarily release the prior FISC authorization and the date it did, FBI rolled up the Turla malware.

May 4, 2023: Search warrant affidavit

May 8, 2023: Planned operation

May 9, 2023: DOJ Press releaseNSA press releaseJoint Cybersecurity Advisory

When I wrote my post on the operation, I laid out how, starting in 2016, the FBI had learned how Turla worked via voluntary monitoring of US-based victims from whose servers the malware was launching attacks in other countries.

A key part of the affidavit’s narrative describes that monitoring process. The FBI discovered that Turla compromised computers at US Victim A in San Jose, which let the FBI monitor how the malware worked. Using US Victim A, Turla compromised US Victim B in Syracuse, which in turn let the FBI monitor what happened from there. Using both US Victims A and B, Turla compromised US Victim D in Columbia, SC, which in turn let the FBI monitor traffic. Using Victim B, Turla compromised US Victim C, in Boardman, OR, which in turn let the FBI monitor traffic.

Over seven years, then, the FBI has been monitoring communications traffic from a growing number of US victim companies that Turla used as nodes. The affidavit emphasizes that these sites were used to attack overseas targets — like the presumed German and French targets mentioned in the affidavit. Aside from the journalist working for a US outlet (who could be stationed overseas), the affidavit doesn’t mention any US collection targets. Nor does it explain whence Turla targets US collection targets.

But there were two or three companies that refused to allow the FBI to engage in consensual monitoring of their victimized servers: Victim-E, Victim-F, and Victim-G, all of which were discovered in 2021 or 2022 (Victim-F went defunct and destroyed its computers).

According to the FBI search warrant, then, it launched a global operation to roll up the Turla Snake’s many nodes around the world without the benefit of at least two US-based nodes from which it could discover other victims. That didn’t make sense to me.

The other FISA opinion released with the 702 one sought authorization to conduct physical surveillance of two locations in the US used by an agent of a foreign power; the government uses physical surveillance to obtain data in rest on a server. DOJ first submitted the application in early 2021. FISC appointed former cybersecurity prosecutor and current tech attorney Marc Zwillinger and retired EDNY Magistrate James Orenstein as amici and conducted several rounds of briefing and a hearing. Orenstein would have still been a Magistrate in EDNY when the grand jury behind this operation was seated there in 2018; he retired in 2020.

The heavily redacted opinion itself is pretty short — just 6 pages. It explains that “the Court has little difficulty finding probable cause to believe that the intended targets … are agents of a foreign power.” It had a harder time with two other issues, though: proving that the premises to be searched “is or is about to be owned, used, possessed by … that foreign power.” Suggestions from Zwillinger and Orenstein provided limits to the order such that FISC presiding Judge Rudolph Contreras could meet that standard.

The government also noted that the data in the targeted location “might not be owned or used by” the agents of the foreign power in question. Contreras imposed a 60-day deadline for the government to destroy everything that was not.

With those limitations, Contreras approved the FISC order on September 27, 2021.

Both of these issues are common ones in cybersecurity surveillance. Hackers hijack others’ servers, and from that sanctuary, victimize others. And then hackers transport data that are the fruits of theft, not communications about such a crime, via these nodes. So one way or another, the opinion sounds like it could pertain to cybersecurity surveillance. The timing is what makes me wonder whether the order was withheld until the end of the Turla operation.

Zwillinger and Orenstein were appointed as amici in 2022 as well.

Note, there’s a technique that got authorized in the 702 opinion, first proposed in March 2021, which involved two different amici, Georgetown Professor Laura Donohue, who asked for the assistance of Dr. Wayne Chung, the Chief Technology Officer of BlueVoyant, a cybersecurity company. That discussion is even more heavily redacted. But the issues debated appear to include:

  • Whether the thing obtained using 702 was included in the definition of intelligence permitted for collection
  • Whether the assistance required in the US came from an Electronic Communications Service Provider (Victim A from the Turla operation was located in San Jose, and the Victim G that refused to cooperate was described as a cloud service provider located in Gaithersberg)
  • Whether the assistance from the ECSP is covered by 702
  • Whether the intended use of the information fit the definition of querying
  • Whether NSA should have used another provision of FISA
  • Whether all the targets were overseas
  • What kind of minimization procedures the kind of information that would be obtained required

The 702 application is even more obscure than the physical search one. But if the latter pertains to Turla, it’s not inconceivable that the former does too.

Share this entry

Peter Baker Discovers that Russia Sows Partisan Antagonism and Then Helps Them Do So!

/30 Comments/in , , , /by

I laughed yesterday when Peter Baker tweeted about how “striking” it is that Vladimir Putin is adopting Trump’s perceived enemies as his own.

But then Baker wrote up his laughably naive observation into a NYT story.

Baker, you’ll recall, is one of NYT’s crack journalists who buried Trump’s admission that he had spoken to Putin about adoptions before writing a false explanation about the June 9, 2016 Trump Tower meeting emphasizing adoptions. Baker and Maggie Haberman chose instead to emphasize Trump’s scripted attack on Jeff Sessions. The Mueller Report showed that NYT’s willingness to dumbly repeat Trump’s script proved even more useful to Trump’s efforts to undermine the Rule of Law than his covert effort to get Corey Lewandowski to ferry orders to Jeff Sessions.

And here we are, almost five years later, and Baker still naively plays into obvious Russian efforts to sow division in the US, in significant part by playing to Trump’s narcissism and the feral loyalty of Trump’s supporters, to say nothing of playing up racial division. Baker picks out three names from among 500 newly added to Russian sanctions: Tish James, Brad Raffensperger, and Michael Byrd, the Black cop who prevented Ashli Babbitt from breaching the hallway through which Members of Congress were fleeing by shooting her.

Among the 500 people singled out for travel and financial restrictions on Friday were Americans seen as adversaries by Mr. Trump, including Letitia James, the state attorney general of New York who has investigated and sued him. Brad Raffensperger, the secretary of state of Georgia who rebuffed Mr. Trump’s pressure to reverse the outcome of the 2020 election, also made the list. And Lt. Michael Byrd, the Capitol Police officer who shot the pro-Trump rioter Ashli Babbitt on Jan. 6, 2021, was another notable name.

Reviewed more broadly, however, the sanctions were an attack on US Rule of Law generally, or certainly the notion that Trump’s people should be subject to it. They include the current or former Attorneys General of California, Colorado, Connecticut, Delaware, Illinois, Maryland, Minnesota, Nevada, New Hampshire, New Mexico, New York, Oklahoma, Oregon, Rhode Island, Vermont, Virginia, Washington, Washington, DC, Wisconsin. Aside from former Oklahoma AG John O’Connor, which may be a mistake, it almost seems like they worked from an outdated membership list from the Democratic Attorneys General Association. Though for some reason, Putin missed Michigan’s Attorney General Dana Nessel, maybe because she’s a badass lesbian who makes Putin afraid.

The sanctions list does include every US Attorney who has presided over the January 6 investigation.

  • Michael Sherwin (who as Acting US Attorney in DC oversaw the beginning of the January 6 investigation)
  • Channing Phillips (who, as Acting US Attorney for DC in 2021 oversaw the early parts of the January 6 investigation)
  • Michael Graves (currently US Attorney for DC overseeing the January 6 investigation)
  • Jack Smith (Special Counsel)

But it also includes other senior legal officials, some of whom have gotten more attention for investigating Russia than Trump.

The inclusion of Kohler, who played a key role in the Trump stolen documents case but who also presided over the Charles McGonigal and other Oleg Deripaska cases that came through SDNY, is particularly notable. This is, in significant part, an attempt to suggest that if either Russia or Trump is held accountable legally, it will harm Russia. It is a transparent effort — no different than dozens of similar efforts going back to 2016, and to the extent that this plays to racism, goes back a half century — to lead Trump supporters to believe their interests are more aligned with Putin’s than those of the United States, or at least the United States when led by Joe Biden.

In addition to Brad Raffensperger, Putin also included Mark Esper, who got fired as Defense Secretary because he undercut Trump’s authority to attack the US government by invoking the insurrection act.

A broad swathe of the list includes members of NGOs, particularly those NGOs that fascists are attempting to discredit with claims that attempts to combat disinformation equate to censorship. Nina Jankewicz got sanctioned in her own right.

Of two members of the Open Society Fund, Leonard Benardo is included; his name may become prominent if John Durham’s abusive attempt to investigate Benardo, which may be detailed in the classified section of the Durham Report, begins to leak.

Along with all those defenders of truth and justice, Putin included Stephen Colbert and Heather Cox Richardson.

Again, this is a transparent effort, one that continues past efforts that extend to sheltering members of the far right and stoking US racism, to supplant the allegiance of Trump’s supporters to the United States with an affiliation, through Trump, to Russia. Trump’s narcissism might lead him to magnify these sanctions. His campaign advisors likely will try to prevent that.

But Putin won’t need to rely on Trump to magnify this statement of a shared allegiance.

He has Peter Baker for that.

Baker somehow could not distinguish language as transparent truth from language as an attempt to manipulate, and so stated as fact that “Trump’s perceived enemies” are Putin’s own. Aside from the law enforcement officials who’ve targeted both Russian hackers and Trump, they’re not. Rather, this is an attempt — an utterly transparent one!! — to make Trump’s followers believe that, and so regard Russia more favorably.

Because Baker thought his banal observation about these sanctions was worth a story in the NYT, he called up the Russian Foreign Ministry for comment. That’s how the claim that the people who attacked democracy on January 6 are simply dissidents got inserted into the NYT.

None of those three has anything to do with Russia policy and the only reason they would have come to Moscow’s attention is because Mr. Trump has publicly assailed them. The Russian Foreign Ministry offered no specific explanation for why they would be included on the list but did say that among its targets were “those in government and law enforcement agencies who are directly involved in the persecution of dissidents in the wake of the so-called storming of the Capitol.”

You got played, Peter Baker, into serving as a mouthpiece for Russian propaganda.

You got played into contributing to Russia’s efforts to undermine US democracy.

Share this entry

Russia’s Snakes Got DePlaned

/28 Comments/in , /by

The US Attorney’s Office in Brooklyn, EDNY, had a busy day on Tuesday. In addition to indicting George Santos for various kinds of fraud, EDNY’s US Attorney, Breon Peace, got to take credit for the “remediation” of a peer-to-peer network of compromised computers exploited by Russian hacking group “Turla” to hack collection targets around the world.

For geeks, the claimed effect of the operation was pretty cool. The FBI developed code (or had a contractor do it for them) that would exploit the very thing that makes the Snake malware so tricky — the proprietary communications sessions it uses to run a global network of relay nodes through which it launches collection attacks.

The majority of compromised systems serve as relay nodes (referred to as “hop points”) in the Snake network, that route traffic from the FSB’s ultimate target systems (referred to as “endpoints”) through the network back to Turla operators in Russia.

The FBI code was designed to command Snake to overwrite its operational components.

[A]n FBI-created tool named PERSEUS [] issued commands that caused the Snake malware to overwrite its own vital components.

[snip]

[T]hrough analysis of the Snake malware and the Snake network, the FBI developed the capability to decrypt and decode Snake communications. With information gleaned from monitoring the Snake network and analyzing Snake malware, the FBI developed a tool named PERSEUS which establishes communication sessions with the Snake malware implant on a particular computer, and issues commands that causes the Snake implant to disable itself without affecting the host computer or legitimate applications on the computer.

[snip]

Specifically, the FBI has developed a technique that exploits some of Snake’s built-in commands, discussed above, which, when transmitted by PERSEUS from an FBI-controlled computer to the Snake malware on the Subject Computers, will terminate the Snake application and, in addition, permanently disable the Snake malware by overwriting vital components of the Snake implant without affecting any legitimate applications or files on the Subject Computers..

We’ll see whether the operation was as successful as DOJ and NSA claimed. But the government at least claims to have significantly neutralized a hacking platform that has been a complex challenge for two decades.

A quote from a specialist on this hacking group made me want to look closer to understand what DOJ did, both technically and legally. Juan Andres Guerrero-Saade complained to CNN that the FBI had taken down the peer-to-peer network, rather than just sat on it to continue to observe what Russia’s FSB was doing.

Turla operatives are “genuine professionals,” Juan Andres Guerrero-Saade, a researcher who has tracked Turla for years, told CNN.

“They’re not traipsing around breaking things or calling attention to themselves in stupid ways,” said Guerrero-Saade, who is senior director of SentinelLabs, the research arm of security firm SentinelOne. He said that’s what you’d “expect from the GRU,” referring to Russia’s military intelligence agency, whose hackers are generally more conspicuous. “You don’t see that out of Turla.”

[snip]

While the FBI touted the action as another example of the bureau’s strategy to protect hacking victims, Guerrero-Saade wondered what visibility the FBI might have lost into Turla’s operations by exposing the network of hacked computers.

“The FBI has a hammer and they’ve decided this is just another nail,” Guerrero-Saade said. “And I don’t think espionage operations should be handled the same way that criminal operations are.”

But the search warrant affidavit suggests that’s what the FBI has been doing since 2016.

The materials released by the government provide a very selective narrative both of the hacking group and the intervention:

May 4, 2023: Search warrant affidavit

May 8, 2023: Planned operation

May 9, 2023: DOJ Press release; NSA press release; Joint Cybersecurity Advisory

The narrative starts in 2004, when investigators first started tracking Turla, ignores a 2008 Turla compromise of DOD computers, only names one collection target (a journalist) that might be in the US, and only describes likely German and French collection targets in passing.

As the affidavit describes, the FBI’s understanding of Turla derived from both “sensitive sources” and the monitoring of victims.

[T]hrough existing legal authorities, the cooperation of several U.S. victims[,] and sensitive sources, the FBI and U.S. Intelligence Community have obtained significant insight into the FSB’s cyberespionage activities against the United States and its allies using Snake.

A key part of the affidavit’s narrative describes that monitoring process. The FBI discovered that Turla compromised computers at US Victim A in San Jose, which let the FBI monitor how the malware worked. Using US Victim A, Turla compromised US Victim B in Syracuse, which in turn let the FBI monitor what happened from there. Using both US Victims A and B, Turla compromised US Victim D in Columbia, SC, which in turn let the FBI monitor traffic. Using Victim B, Turla compromised US Victim C, in Boardman, OR, which in turn let the FBI monitor traffic.

Over seven years, then, the FBI has been monitoring communications traffic from a growing number of US victim companies that Turla used as nodes. The affidavit emphasizes that these sites were used to attack overseas targets — like the presumed German and French targets mentioned in the affidavit. Aside from the journalist working for a US outlet (who could be stationed overseas), the affidavit doesn’t mention any US collection targets. Nor does it explain whence Turla targets US collection targets.

2004: Investigation begins

2008: Turla compromises US military computer via thumb drive (not mentioned in affidavit)

2015 to 2017: FBI monitored communication between US-compromised computer and Minister of Foreign Affairs in NATO member-state, collected and decrypted

Turla operators used Snake in an attempt to exfiltrate a large volume of what they believed to be internal United Nations and NATO documents sent from the NATO Victim-1

By description — particularly the reference to what hackers thought they were getting — this is likely Germany, as described in this report on the group.

It was Tuesday, Dec. 19, 2017, when German security officials received the tipoff. A foreign intelligence service informed the Bundesnachrichtendienst (BND), Germany’s foreign intelligence service, that somebody had hacked into the IT system belonging to Germany’s Foreign Ministry.

[snip]

And the hackers hadn’t actually stolen all that much by the beginning of 2018 – a total of six documents, only one of which was classified. Nevertheless, the BSI decided to throw the hackers out of the network. A short time later, public prosecutors launched an official investigation into the cyberintrusion.

2016: After finding IP address in Queue File on computers belonging to US Victim A in San Jose, CA, victim permitted FBI to do custom scan and monitor communication traffic to ID other hop points and victims

2017: FBI provides victim notification of earlier version of Snake on US Victim E computers in Van Nuys, CA

2017 to 2020: FBI monitored communications between US-compromised computer and NATO Victim-2 (possibly France)

2018: EDNY grand jury seated

2018: FBI observed communications between US Victim A and computers in Syracuse, NY, owned by US Victim B and performed custom scan and monitored traffic

2018 to 2022: FBI identified traffic between US Victims A and B and computers in Columbia, SC owned by US Victim D; FBI performed a scan and monitored traffic

January 2020: FBI identified communication between US Victim B and cloud provider US Victim C in Boardman, OR; FBI performed custom scan and monitored ongoing traffic

2020 to 2021: FBI identified traffic between US Victim A and computer located in Hicksville, NY owned by US Victim F

2021 to 2022: FBI observes traffic between US Victims D and US Victim E; FBI provided custom scan but Victim E did not permit ongoing monitoring

2022: By the time FBI alerts US Victim E, it had ceased operation and discarded the computers

February to March 2022: FBI identified communication between US Victim A and computers in Gaithersburg, MD owned by US Victim G, which refused to cooperate with the FBI

nd: Turla used Snake to target journalist for US news media company (country location not stated)

As this timeline lays out, in the last two years, Turla exploited three US victim companies — US Victim E and G, both of which refused full cooperation, as well as the defunct one, US Victim F, in Hicksville, NY, that might be how EDNY would claim to establish venue if you ignore that that hack happened after the grand jury that conducted this investigation was seated in 2018 — from which the FBI was unable to get the kind of voluntary cooperation that US Victims A, B, C, and D offered. At first I mistakenly thought that FBI might have acted now because they were finding less success with the monitoring approach they’ve used since 2016.

But those computers are a different set (though possibly overlapping) than the set of computers targeted by this warrant. While Subject Computers 2 and 3 listed in the affidavit, both located in Columbia, SC, could be owned by US Victim D, US Victims E and G are not targeted. The additional targeted computers are located in Portland (Subject Computers 1 and 2), Atlanta (Subject Computer 4), Windsor, CT (Subject Computer 5), and Rancho Cordova, CA (Subject Computers 6, 7, and 8). If Subject Computers 2 and 3 do belong to US Victim D, including them might serve primarily to qualify this for remote search under 41(b)(6)(B) (which requires 5 districts).

For US purposes, the more important part of the operation may be parallel efforts done overseas. The affidavit suggests that the FBI will only execute the search within the US and foreign governments will only execute the search within their jurisdictions.

On or about May 8, 2023, the FBI, in coordination with certain foreign governments acting outside of the United States, intends to execute a technical operation, codenamed MEDUSA, to disable Snake malware on numerous computers worldwide. Specifically, at a chosen time, FBI personnel will use PERSEUS to authenticate and establish sessions with the Snake malware on the Subject Computers, and send to the Snake implants on the Subject Computers built-in commands that will terminate the Snake application and, in addition, permanently disable the Snake malware by overwriting vital components of the Snake implant without affecting any legitimate applications or files on the Subject Computers. At the same time that the FBI executes the remote search technique described in this Affidavit to disable the Snake malware on computers located in the United States, certain foreign government authorities will take action to remediate Snake-compromised computers within their territories.

The press release is a bit more vague about that (and there are probably nodes in countries that the US IC would not trust enough to coordinate such an operation).

For victims outside the United States, the FBI is engaging with local authorities to provide both notice of Snake infections within those authorities’ countries and remediation guidance.

[snip]

The FBI and U.S. Department of State are also providing additional information to local authorities in countries where computers that have been targeted by the Snake malware have been located.

As the affidavit described it, the FBI used a Rule 41(b)(6)(B) warrant permitting the government to search remotely in more than one District at a time so as to allow for the simultaneous worldwide operation.

The FBI believes that use of the remote search technique described in this Affidavit is necessary to ensure the success of the coordinated technical operation to disrupt the Snake malware network worldwide. As detailed above, the Subject Computers are located in geographically disparate locations throughout the United States. There are not sufficient FBI personnel available who possess the specialized training and experience with the sophisticated Snake malware to physically travel to each location to disable the Snake malware on each of the Subject Computers simultaneously. Thus, without authorization to use the remote search technique requested in this Affidavit, the FBI would not be able to timely disable the Snake malware on the Subject Computers as part of a coordinated operation against the worldwide Snake network.

Whatever the case, the press release speaks in fairly expansive terms about neutralizing the entire network, not just some nodes in it.

To cycle back to Guerrero-Saade’s complaint, then, it seems that FBI has been monitoring this network for years. Indeed, one wonders how much of the roll-up of Russian spying in recent years has benefitted from doing so.

But it seems that the US and its partners decided they had the capability and the will to attempt to shut down this network now (at a time, it should be said, when Russia is ratcheting up attacks on Ukraine and in advance of Ukraine’s planned counterattack). Perhaps it is just part of the larger response rolled out in the wake of Russia’s attack on Ukraine.

Share this entry