The Conspiracy Beliefs Leading People to Leak

/14 Comments/in , /by

Just weeks before he provided someone he believed to be a Russian official medical records from five people who had received medical care at Fort Bragg, Jamie Lee Henry told the undercover FBI employee he was speaking to that the Biden Administration hates Russia, in part, because Obama is an effeminate man intimidated by Vladimir Putin. (Henry came out as trans in 2015, but court filings, including from his own lawyer, refer to him with male pronouns, as did his spouse, Anna Gabrielian, in recorded conversations.)

Dr. Henry: We have an ideology too that is very rigid, black and white – a lot of Islamists are, and Christians as well – it creates a lot of violence, and potential violence. And um, you know the way that I am viewing what is going on right now in Ukraine is that the United States is using Ukrainians as a proxy for their own hatred towards Russia. I think the current administration has hatred toward Russia because Hillary Clinton lost in 2016 and I think Obama was offended by Putin because Obama is an effeminate man and he is intimidated by the values that Putin has just as many Americans are offended by Trump when he presents himself um and I think it is personality driven partly and a lot of people are dying as a result of people’s arrogance and personality.

Dr. Gabrielian: A lot more people died than needed to. Because of what we…. Um, America has done is prolong the bloodbath.

Dr. Henry: Not only that, you look at what we have done in Libya for instance. Hillary Clinton is very proud of what she has accomplished in Libya which is basically creating anarchy, there is slave trades going on in Libya now. Talk about oil being wasted. Oil being used to support terrorism. It is insane. And she is proud of it. And it is uh . . .

Dr. Gabrielian: I do think we are on the same page

Dr. Henry: At least George W Bush in his recent speech in Texas he had this Freudian slip – “oh and that too”– you know UC: yeah, I heard that too Dr. Henry: It’s like he actually feels guilt. I don’t think Dick Cheney feels any guilt for what he has done. It is very clear from his daughter when given a chance.

Lawyers for Henry and his spouse, Gabrielian, want to prevent the government from introducing these statements at trial.

To be sure, Henry’s statements to the FBI employee recording his alleged motivations for sharing non-public information with Russia included more than stupid hoaxes sustained by right wingers. He’s right about Hillary’s stupid glee about Libya, and he’s right about Iraq. His views on the damage US hegemony can do on the states itself is reasonable (though it lacks the consequent consideration of how much America’s hegemonic position makes American life cheap and easy).

I think the United States… My experience, having been in the military for 22 years, is we instigate a lot. And we are very arrogant and what we think we know and what we can do with the tools that we have. You know, and it has hurt many, many people across the globe. And I don’t see how constitutionally, you know, reading the American constitution and what I’ve sworn to defend, how this hegemony can persist, you know, without dire consequences to our own United States, you know, being suffering.

But as many self-imagined anti-imperialists have — and likely with the help of his spouse, who (Henry told the undercover FBI agent) had had him read Victor Suvorov’s Inside the Aquarium: The Making of a Top Soviet Spy — Henry adopted facially ridiculous claims to justify siding with Russia on its unjustified invasion of Ukraine.

A separate motion from the government, seeking to prevent an entrapment defense, provides far more details on the extent to which Gabrielian, especially, sought out the contact with the person she believed to be a representative of Russia who told her, “My job is to collect information and to pass it on.” If the portrayal of those recordings is accurate, the government likely won’t need the reference to Obama’s imagined effeminacy.

While we don’t yet have Jack Teixeira’s description of his motivation for throwing his life away so he could share classified documents with a bunch of Discord kids, we’re seeing an increasing number of people, possibly including Jareh Dalke (who was arrested the same day as Gabrielian and Henry) decide to leak based on conspiracy theories sown by Trump and others.

That’s not surprising. After all, 1,000 people and counting similarly threw their lives away in response to other conspiracy theories Trump told, conspiracy theories that are, at least, adjacent to the ones claiming that the anger at Russia for 2016 was entirely about Hillary losing the election and not about an effort to protect democracy.

But as the government grapples with the case of Teixeira, it needs to similarly grapple with the salience that conspiracy theories fed by Russia have had on at least a handful of alleged leakers.

Share this entry

Prosecutorial Discretion in the Age of Shitlords and “Psychological loldongs Terrorism”

/12 Comments/in , /by

I’m working on one more post integrating materials from the Douglass Mackey trial.

But first I want to comment about some investigative and prosecutorial details about the case.

I’ve made a timeline showing what got introduced in the troll chatrooms as evidence, other known activities of Mackey and the cooperating witness Microchip, and investigative details here. The timeline includes the following DM threads that were treated as part of the conspiracy for which Mackey was convicted:

In addition, this exhibit, which was introduced under a different evidentiary rule (largely, but not entirely, Mackey’s comments, rather than those of the conspiracy), consists in part of conversations elsewhere sourced to FedFreeHateChat from earlier in 2015-2016, along with a number of two-person DMs involving Mackey or unindicted co-conspirators 1080p or Microchip.

As you read the threads, remember a few things about them. First, they’ve been extensively sanitized of the racist and misogynist language used in the threads. Anything that wasn’t directly relevant to proving either the means and goals of Mackey’s trolling, a conspiracy between the thread participants, or their intent in sending out false tweets to depress the turnout of Black and Latino Hillary supporters was excluded as prejudicial.

You can read some of what was excluded — and the very important debate about where Mackey’s free speech ended and where an attempt to impair the votes of Black and Latino Hillary supporters began — in these court filings:

  • January 30, 2023: Mackey’s effort to exclude pre-September 2016 language and commentary from when he was banned by Twitter and inflammatory speech
  • January 30, 2023: The government’s effort to get the contents of the four chatrooms, above, admitted
  • February 24, 2023: Mackey’s response to the government’s motion
  • February 24, 2023: The government’s response to Mackey
  • February 28, 2023: The government’s reply to Mackey
  • February 28, 2023: Mackey’s reply
  • March 7, 2023: Mackey letter after meet-and-confer that details objections, revealing content of some excluded files
  • March 7, 2023: Government memo after meet-and-confer
  • March 10, 2023: Judge Nicholas Garaufis order laying out admissible exhibits
  • March 11, 2023: Mackey letter seeking to exclude bigoted speech and FBI agent testimony
  • March 13, 2023: Mackey letter seeking to exclude comment about women voting
  • March 13, 2023: Government letter responding regarding bigoted speech
  • March 19, 2023: Mackey letter objecting to specific inflammatory language and memes showing Trump in violent conquest

The outlines of this dispute will be critical to the inevitable appeal of Mackey’s guilty verdict.

These Twitter DM groups weren’t the only places these trolls organized, as portrayed by trial evidence. After one of Mackey’s bannings, he authenticated his new Twitter ID on Facebook and continued to work with others on Discord. The government did not introduce any of the related threads from TheDonald or 4chan with which — as a tweet from Microchip made clear — their efforts on Twitter were sometimes coordinated.

The exclusion of related 4chan activity is significant. At trial, Mackey took the stand and claimed he had gotten the text-to-vote meme for which he was charged from widely available 4chan threads, not from these DM groups, one of which he did not rejoin after being banned by Twitter on October 5. Mackey similarly claimed not to know the key players in workshopping this meme in the War Room twitter group beyond their user name.

The claim was pretty unconvincing; it may have been an attempt to deny forming a conspiracy with the others, or an effort to protect his online friends.

I’m interested in the picture of the conspiracy provided by these threads for several related reasons.

For starters, I’m interested in the troll — prosecutors referred to the account using a female pronoun — who first created a text-to-vote meme like the one that Mackey was convicted of. On October 27, 2016 on the War Room thread (which Mackey had rejoined after being banned), HalleyBorderCol (HBC) suggested, “let’s depress illegal voter turnout with a nice hoax ;).” Someone using the moniker P0TUSTrump argued they should hold off so the hoax would not get debunked before actually suppressing the vote. HBC responded by addressing him as “Donald” and explaining — using a British spelling for rumor — how rumors work, especially on social media:

people aren’t rational. a significant proportion of people who hear the rumour will NOT hear that the rumour has been debunked.

Then, two days later, HBC posted the first of the vote-by-text (as opposed to vote-by-hashtag) memes using the text number that allowed DOJ to track the reach of those that Mackey would send on November 2.

As far as is public, prosecutors never charged HBC, in spite of her key role in planning a “hoax” to suppress turnout, but perhaps that’s because she lives in a place where they spell “rumor” with a “u.”

In fact, DOJ didn’t even identify HBC as an unindicted co-conspirator in the complaint against Mackey, though it does describe her actions. The complaint names Anthime “Baked Alaska” Gionet as CC#1 (compare ¶17 of the complaint with this DM), Microchip as CC#2 (compare ¶25 of the complaint with this DM), a troll named NIA4_Trump who got temporarily suspended along with Mackey in November 2016 as CC#3, and a thus far unidentified troll named 1080p who was instrumental in tweaking the memes to more closely mimic Hillary’s graphics as CC#4 (compare ¶22a in the complaint with this DM).

By the time DOJ described the co-conspirators in a footnote to their February 24 filing, however, HBC was first on their list.

As was noted in the government’s initial motion in limine, the government alleges that individuals who posted, shared, or strategized over how to optimize the deceptive images or the messages therein are co-conspirators, and that the statements of those individuals are admissible as co-conspirator statements. These co-conspirators include the Twitter users identified in the Government’s Motion in Limine: @Halleybordercol, @WDFx2EU7, @UnityActivist, @Nia4_Trump, @1080p, @bakedalaska, @jakekass, @jeffytee, @curveme, 794213340545433604 and @Urpochan, the latter of which was described but not specifically identified as a co-conspirator in that submission. The materials provided to defense counsel on September 23, 2023 [sic] include statements from the following additional users which are of a similar character and admissible as co-conspirator statements: @WDFx2EU8, @MrCharlieCoker, @Donnyjbismarck, @unspectateur and 2506288844.

Note this footnote treats a second Microchip account as separate rather than identifying that it knew Microchip was behind both accounts using the same naming convention, “@WDFx2EU#.” This was the period after DOJ had informed Mackey, on February 13, which Twitter handles its cooperating witness had used but before DOJ had publicly revealed that it had a cooperating witness.

When it came to cross-examining Mackey on his claims to know nothing about these people, however, AUSA Erik Paulson prioritized HBC.

Q I’d like to ask you about some of people in that room.

A Okay.

Q Who is HalleyBorderCol?

A That’s someone I just know as HalleyBorderCol. I don’t know anything more about that person.

Q Nothing more?

A Yes.

[snip]

Mr. Mackey, do you remember this page?

A Yes.

Q HalleyBorderCol says: Let’s did depress illegal voter turnout with a nice hoax.

A Yes.

Q POTUSTrump says: I like that idea Haley, but I think we should wait for the day before or the day of, that way they don’t have time to debunk the rumor. Needs to be earlier than that.

The government’s identification of HBC in the complaint, or not, doesn’t matter legally. What mattered legally for the purpose of the trial was that Judge Ann Donnelly ruled the government had presented sufficient evidence of a conspiracy to treat HBC as one for the purposes of hearsay exception rules; Donnelly ruled that all the accounts listed above were.

But DOJ’s decision to charge Mackey alone, and to make Microchip plead guilty after a series of proffers as part of a cooperation agreement, suggests DOJ exercized discretion to treat HBC and a few other key players differently, even while both at trial and in the development of the offending meme she had a larger role.

She certainly had a larger role in the text-to-vote meme itself than Baked Alaska, for example.

Baked Alaska is all over the trolling effort. He congratulates Mackey for being named the 107th most influential political tweeter of 2016, as everyone else did too, in March 2016. He warns against “roast[ing]” Bernie supporters, “cuz the more hatred they have for hillary the more likely they will join us in national or not vote at all,” in the same April 20, 2016 chat where he discusses the “new smart team” Trump has hired. On April 23, 2016, Baked Alaska asked Mackey via DM if he wanted to join the “Trump HQ Slack for more coordinated efforts?”

In May, Mackey asks for his help making #InTrumpsAmerica go viral. Baked Alaska boasts on July 24 that “we are controlling the narrative this is amazing.” In October, Gionet reminds other trolls to “make [minorities] hate hillary.”

At least as exhibited in the trial evidence, Baked Alaska’s sole overt act in the deceptive tweet involves instructing 1080p to “make a text message version of” the Tweet calling to vote remotely (it’s unclear whether Gionet calls 1080p or jeffytee “Gabe”). The tweets for which Mackey was convicted may have been his idea, but others executed the idea.

But it was enough for others to credit him with some responsibility for Trump’s win on November 9, 2016. “Tonight we meme’d reality,” Baked Alaska said after the win.

One more person’s role is of interest. Andrew Auernheimer — better known as Weev — was all over the earlier FedFreeHateChat, which came in for Mackey’s direct comments rather than as statements of co-conspirators. Weev seems to have spent the end of 2015 helping Mackey fine-tune his trolling skills. “Thanks to weev I am i[m]proving my rhetoric,” Mackey said in FFHC on November 19, 2015. “I just hope all this shitlording goes real life.”

Weev’s involvement is of particular interest because he was helping to run the Daily Stormer in pro-Russian territories. He was always one of the most obvious potential ties between Trump’s trolls and Russia. That’s one reason this paragraph, from the government’s motion in limine, reads very differently if you know “the Twitter user” in question is Weev.

On or about December 22, 2015, the defendant communicated with others in a Twitter direct-message group about sharing memes that would suggest certain voters were hiding their desire to vote for the defendant’s preferred Presidential candidate. The defendant stated, “it’s actually a great meme to spread, make all these shitlibs think they’re [sic] friends are secretly voting for Trump.” Several weeks later, on or about January 9, 2016, the defendant and another Twitter user discussed their Twitter methodologies. After the defendant stated that “Images work better than words,” the user stated “we should collaboratively work on a guide / like, step by step, each major aspect of the ideological disruption toolkit . . . ricky you could outline your methods of commentary / we could churn out a book like this, divide profits / and hand people a fucking manual for psychological loldongs terrorism.” The defendant responded “Yes… I think that would be good / I could do another chapter on methodologies from the ads industry– shit like my twitter ads stuff was very much the result of careful targeting, nobody’s managed to replicate it properly since.” Shortly thereafter, the Twitter user stated, “honestly at this point i’ve hand [sic] converted so many shitlibs that like, i am absolutely sure we can get anyone to do or believe anything as long as we come up with the right rhetorical formula and have people actually try to apply it consistently.” The defendant responded, “I think you’re right.”2 These statements, and those like them, are admissible and relevant to show, among other things, that the defendant’s intent in spreading memes was to influence people.

But Weev doesn’t appear, at least under the handle Rabite, after he celebrated the efficacy of the trolling on the day Trump sealed the nomination.

it’s fucking astonishing how much reach our little group here has between us, and it’ll solidify and grow after the general

“This is where it all started,” Mackey responded. But for Weev, that’s where his appearance in the trial evidence, under the moniker Rabite, at least, ended.

Weev’s absence — under his Rabite moniker, anyway — is all the more striking given that per a bench conference at trial, the search warrant specified that the specific meme Mackey ultimately sent out came from The Daily Stormer.

The search warrant also noted that the one that the defendant sent out was available on the Daily Stormer website, the American Nazi newspaper, as early as October 29, which is a couple days before the defendant did.

That is, Weev may have played a direct role in creating the meme in question. But unless he was posting under the moniker 1080p (who may have been referred to as “Gabe” by others), he was not credited with doing so in evidence presented at trial.

That differential treatment — and the changed focus on HBC in the trial as compared to the complaint — is one reason, but in no way the only reason, I’m interested in some other investigative details:

  • Details about Microchip’s discussions with the government
  • The timing of interviews with Hillary Clinton staffers and its disclosure to Mackey
  • The decision not to call an investigative agent to the stand

According to a motion in limine dispute, an FBI agent named Jamie Dvorsky attempted to interview Mackey in Florida after his identity was disclosed in April 2018, which is when the FBI opened the case. Mackey first raised this issue on March 11 after he received materials on potential witnesses.

According to reports of FBI Special Agent Jamie Dvorsky, marked by the government as 3500-JAD-2 and 3500-JAD-17 (submitted under seal herewith), she and another agent traveled to Florida in 2018 and met Mr. Mackey at a Panera Bread in Boynton Beach. Mr. Mackey told her that he would be happy to speak to the agents if they would first contact his attorney, Richard Lubin. Mr. Lubin thereafter contacted Agent Dvorsky and said that Mr. Mackey would “100% cooperate and talk to the FBI.” Thereafter, Mr. Lubin did not contact the FBI nor return multiple calls.

When the government responded two days later, they described planning to call Dvorsky to explain how and when the FBI first opened the investigation.

As discussed with defense counsel, the government is calling Special Agent Dvorsky to testify as to when the government learned that the defendant was the user of the accounts that distributed the deceptive images and the initial investigative steps that were taken in the wake of that revelation. The chronology matters. As noted above, to the extent the defendant claims or suggests that the prosecution was somehow politically motivated, the fact that the government first identified the defendant in 2018 and began its investigation at that point is relevant in that regard. The government does not intend to elicit from Special Agent Dvorsky testimony that the defendant offered to cooperate with the FBI, but never followed through on the offer. Rather, to the extent that Agent Dvorsky will communicate the defendant’s statements at all, her testimony will be limited to the defendant’s telling her that he worked with Paul Nehlen.4 Accordingly, the limited testimony the government does intend to elicit is simply not prejudicial and does not warrant preclusion

They never did call her, though.

The FBI contacted Microchip, now their cooperating witness, around December 17, 2018 about a perceived threat he had made online in July 2018, but that may have been about a different case. Microchip then contacted Baked Alaska to inform him about the FBI visit, suggesting he has or had resilient ties to Baked Alaska.

Megan Rees, the FBI agent who ultimately obtained the arrest affidavit, was one of two FBI agents who visited Microchip’s home in December 2020, this time in conjunction with the Mackey case. When she wrote up that affidavit, she named Microchip, like Baked Alaska and 1080p, only as an unindicted co-conspirator.

But after Microchip saw that complaint, he reached out to the FBI via his lawyer.

Q Sir, my question to you is this: On February 4, 2021, did you reach out to Agent Rees and tell her that you had become aware that the person you knew as Ricky Vaughn had been arrested, and you believed you had information that would be useful to the FBI. Did you say that to Agent Rees?

[snip]

Q My first question is: When you reached out to Agent Rees on February 4, 2021, did you tell her that you had learned the person you knew as Ricky Vaughn had been arrested recently? Did you say that?

A Yes.

Q And in addition, did you tell her that you believed you had information that would be useful to the FBI?

A Correct.

Per his testimony on cross-examination, Microchip made a formal proffer around April 22, 2021.

At it, he claimed that the intent wasn’t so much to dissuade people from voting but just to push out as many messages as possible. He also claimed the chatrooms weren’t all that organized.

Q Sir, I’m going to ask you a question. Forgive the profanity in advance, but have you ever heard the term “shit posting”?

A Yes.

Q Do you recall telling the Government at this meeting that the focus was not on one message, it was on pushing out as many — as much content as possible?

[snip]

Q Do you recall telling the Government at that meeting that the participants in the chats were not as organized as many people believed?

A Yes, I remember saying that.

Q Do you recall telling the Government that there was no grand plan around stopping people from voting?

After several continuances and a revised memory of how organized things were, Microchip pled guilty on April 14, 2022. He had a meeting in advance of the disclosure of a cooperating witness on February 23, 2023. This post describes how Microchip testified to wanting to “infect” everything.

The timing of Microchip’s proffer is important, though, because it might explain any change in focus between the complaint and the evidence as presented at trial. That is, it might explain why prosecutors focused much more closely on HBC than Baked Alaska at trial.

But it also might explain any new investigative direction that DOJ took after first speaking with Microchip.

Mackey’s lawyer, Andrew Frisch (who has also represented VDARE), several times expressed curiosity about why the government used a summary FBI agent largely uninvolved in the case to introduce all the Twitter evidence, rather than putting the FBI agent who led the investigation, Megan Rees, on the stand.

MR. FRISCH: Can I put something on the record, unrelated to our prior conference. I intended at the close of the Government’s place to put a placeholder. But because of the way it worked, the jury was here, I couldn’t do it. I have been concerned as the trial has gone on that no case agent has testified. Maegan Rees didn’t testify, my friend Agent Granberg didn’t testify, and ultimately Agent Dvorsky did not testify. At one time or another. The key agent I’m concerned with is Agent Rees.

[snip]

MR. FRISCH: I’m mostly concerned about why no case agent testified and specifically whether there’s a reason, a bad reason, why Agent Rees’s 3500 has not been provided, obviously apart from when she attended Microchip interviews and things like that. I just wanted to put a placeholder, I’ll discuss it with the Government, I don’t want to hold things up. I wanted to register an objection at my earliest opportunity so if I can come back to it, if necessary.

[snip]

MR. FRISCH: I don’t know what she has, I don’t know what she said, I don’t know what’s in the reports. It’s just in my experience, it’s highly unusual that a trial happens without the case agent testifying, without any case agent testifying.

He’s not wrong, really, to question why the government didn’t use a case agent. Often, the government does so to keep someone who knows information inconvenient to the prosecution off the stand. For example, Durham may have used a paralegal in the Michael Sussmann case because the case agents had discovered some of Durham’s claims about the Alfa Bank anomaly were bullshit by the time of trial. Mueller used an agent focused on the obstruction part of the investigation in the Stone trial, who thereby could honestly say she didn’t know some of what DOJ subsequently discovered about Roger Stone’s actual ties to Russia when asked.

But it’s often (as it was in the Mueller investigation), done to hide parts of an ongoing investigation — something that a movement lawyer would surely have some interest in.

In this case, there are two obvious reasons to keep case agents off the stand.

The first is — as was revealed to Frisch after his opening argument — EDNY had a series of 18 interviews with Hillary’s campaign, between March 2021 and January 2023.

As Frisch laid out in a letter to the judge, after he opened, the government revealed those interviews, which, he claimed, he should have obtained.

The government’s second witness was Jess Morales Rocketto. On March 10, 2023, the Friday before the start of jury selection, the government first identified Ms. Rocketto as a witness. Thereafter, during jury selection, the government disclosed a report of the government’s then-recent interview of Ms. Rocketto, without disclosing any of eighteen reports of the government’s interviews of seventeen other representatives of the Clinton Campaign, conducted between March 2021 and January 2023. Ms. Rocketto testified that she was the Clinton Campaign’s digital organizing director; learned of vote-by-text memes using fake graphics during the final days of the campaign; found the memes’ misappropriation of the Clinton Campaign’s graphics and hashtag “#imwithher” to be such a “big deal” and so “jarring” that “you have to make a decision about what to do about something like this.” T 76, 78, 84-85, 90-92. See T 86 (The Court: “If you can avoid asking like terribly open-ended questions to this witness . . . . she has a lot to say, which is fine, but we’re never going to finish.”). On defense counsel’s subsequent cross-examination of Lloyd Cotler (a representative of the Clinton Campaign called principally to testify to steps to remediate the memes’ reference to a short code), defense counsel confirmed an unelaborated statement in the government’s report of Mr. Cotler’s interview that a Clinton Campaign worker named Amy Karr monitored social media, including 4chan [T 103], on which Mr. Mackey had seen the memes that he then shared.

The following morning, the government provided defense counsel with two reports of its interviews of Ms. Karr. At the lunch break, defense counsel requested that the government provide reports of all the government’s interviews of representatives of the Clinton Campaign. Highlights of the reports, summarized in the draft stipulation, contradicted the testimony and inferences elicited by the government from Ms. Rocketto and Mr. McNees. For example, Alexandria Witt, Senior Social Media Strategist, told the government that she referred vote-by-text memes to executive staff, but the general response was lackluster as though – – directly contradicting the very words used by Ms. Rocketto – – “this was no big deal.” Diana Al Ayoubi-Monett, another Senior Social Medical Strategist, said that she was mocked for taking “text-to-vote” memes seriously. Timothy Lu Hu Ball, a senior security expert, said that senior officials of the Clinton Campaign did not take the vote-by-texts seriously. Ms. Witt and Ms. Karr both were aware of and monitored “shit-posters” on social media supporting Clinton’s opponent. Memes containing misinformation about voting began to appear about three months before Election Day; there was no single influencer behind them; and senor staff, including campaign chair John Podesta, did not take concerns about the memes seriously. According to Matthew Compton, Deputy Digital Director (possibly Ms. Rocketto’s principal underling), the “#imwithher” hashtag had been somewhat commandeered with “unbelievable” amounts of irrelevant information, rendering it not “particularly useful.” Multiple witnesses told the government about records created by the campaign to track misinformation on social media (about which Mr. Mackey had been unaware and never attempted to subpoena or investigate). [my emphasis]

There’s no reason to believe these interviews were primarily pre-trial preparation. As the government explained in a bench conference, the government only handed them over after hearing what Mackey’s defense was in Frisch’s opening.

MR. PAULSEN: Your Honor, part of the reason we provided the 302s we did, is that we heard his opening argument, at the same time everyone did, and he made something like that argument. We turned them over at that point because it seemed like he was interested in that.

But even assuming Frisch’s description is accurate, what the Clinton campaign thought about Mackey’s trolling doesn’t change Mackey’s intent.

Which is what Judge Ann Donnelly ruled in the bench conference: this wasn’t Brady material, and besides, Frisch at that point still had several remedies available to him, such as calling the Hillary intern who identified some of the disinformation targeting Hillary on the dark web much earlier than anyone else.

THE COURT: Let me stop you there. I think I understand what you’re saying.

With respect to the issue — the e-mail telling people they could text to vote was not a big deal to the Clinton campaign. Why is that Brady material what their opinion of it is?

MR. FRISCH: Because they called Ms. Rocketto to essentially testify how horrible this was. How something had to be done right away. How she recognized this as a problem. That it specifically, in her view, was either targeted to or designed to affect or had the affect of effecting Latin American and African American voters. She was a terrific — she’s very charismatic and had a lot to say, that’s fine —

THE COURT: Why is someone —

MR. FRISCH: But I couldn’t cross-examine her with this information.

THE COURT: But you opened on it.

MR. FRISCH: But I didn’t know that the Clinton campaign agreed with my defense.

THE COURT: But who cares what their opinion is. The Clinton campaign can’t testify in court about what they think about something, any more than they can come — you didn’t object to it, she did say something was sneaky, I think I stopped her at some point. A particular person’s opinion of what the case is, I don’t understand how that is Brady material.

[snip]

[I]t’s the Court’s view that it’s not Brady material because it amounts to really, the essence is what the Clinton campaign thought about it, and that’s just not relevant. In fact, their opinion of it is no more valid than their opinion would be about whether Mr. Mackey is guilty or not. That’s not relevant, to the extent that’s the claim.

In his letter demanding an acquittal because of all this, Frisch explained that rather than calling any of these people as witnesses, he drafted a stipulation that the government rejected, which he then just emailed to Chambers.

Defense counsel emailed it to the Court (rather than electronically file it with a letter) when an issue unexpectedly arose early on the morning of the last day of trial about the government’s timely receipt of the draft stipulation; exigencies of the imminent trial day made preparation and filing of a letter impractical. But it would otherwise have been electronically filed to show that Mr. Mackey’s attempt at a mid-trial remedy for the government’s violation of Rule 5(f) and Brady had been rejected (though the government agreed to stipulate to a narrow portion thereof), thereby filling in the record and helping to show the consequent irreparable prejudice.

The letter mostly seems like a bid by a movement lawyer to turn the Mackey prosecution into the second coming of the Durham trial, an opportunity to investigate the victim of a bunch of malicious crimes in the 2016 election, in part to distract from the heinous things that Trump and his allies were doing.

All these interviews took place after the indictment and most presumably took place after Microchip first met with the government in April 2021.

Frisch seems uninterested in the obvious question presented by the revelation of 18 interviews with the Clinton campaign about disinformation targeting her 2016 campaign that went viral after being drafted on the dark web: Why EDNY was conducting these interviews, continuing well after any 5 year statute of limitations would have expired.

I don’t know the answer to that, but I bet the case agents do, which might be a good reason to keep them off the stand.

The other obvious reason to keep case agents off the stand has to do with knowledge of Microchip’s ongoing cooperation, which as the original motion revealing his cooperation describes, is something “beyond the scope” of this case.

In addition, since entering into the cooperation agreement, the CW has provided assistance to the FBI in other criminal investigations beyond the scope of this case. The CW is presently involved in multiple, ongoing investigations and other activities in which he or she is using assumed internet names and “handles” that do not reveal his or her true identity. The CW has not interacted with any witness, subject, or target in these investigations and activities on a face-to-face basis, and the government has no reason to think that the CW’s true identity has been compromised as a result of this work.

There’s no evidence that the ongoing interviews with the Clinton campaign about disinformation the dark web has to do with Microchip’s ongoing cooperation. There’s not even any evidence that the case agents in Mackey’s case are the ones he worked with subsequently; on the stand, he suggested he had not met with Agent Rees since his guilty plea.

Frisch’s job is to claim all this is about Douglass Mackey and it also likely serves his interests to drum up a false scandal about Hillary by publicly releasing these 302s.

But there’s a whole bunch of tangentially related issues that didn’t show up in this trial. There’s a bunch of this that isn’t about Douglass Mackey.

Share this entry

Daylight Come, and He Got to Go Home

/46 Comments/in , , /by

I woke up this morning, and as is my habit, I turned on the news. Today, I was shook by the news that Harry Belafonte had died. Throughout the day, obituaries and reminiscences have appeared, each lifting up various parts of his 96 years – his singing, his acting, his activism, his pride in his heritage, his compassion for the oppressed, and his disdain for those who oppress. So I thought I’d add my own thoughts, bringing in one piece that I haven’t seen mentioned in the coverage today.

Thirty three years ago, on May 21, 1990, a grand memorial service was held for Jim Henson, the creator of the Muppets. It took place at New York City’s mammoth Cathedral of St. John the Divine. Harry was one of the speakers that day, asked to speak because of his collaboration with Henson and the Muppets on several occasions. His remarks that day included this:

. . . But greater than [Henson’s] artistry was his humanity.

Unless you have moved among the wretched of the earth;
unless you have spent countless hours on the reservations of this country that house the Native Americans and the Indians who live out hopeless lives on their reservations;
unless you have moved among those who live in ghettos, contained by segregation and deprivation;
unless you have moved among vast peoples who sit on continents that are still struggling for their human rights and their dignity;
unless you have sat among tribes who care for children that face an existence of hopelessness;
you will never really understand Jim Henson until you have understood how he has touched the lives of those people.

Many have no hope.

Many mothers sit in many places, holding their children, desperately understanding that they will never be educated, they will never have a chance at life as it should be. And when they get a chance to see the smile of the faces of their children, as they develop the appetite to learn because they are watching Sesame Street, when they have developed the appetite to love in a loveless place because they have seen how friendly the Muppets and the creatures are to one another, when they find their own humanity in the humanity of these creations, then you have understood the real gift of Jim Henson and his colleagues.

I say this, because I have moved among those people, and I have seen in these wretched places smiles break out on faces that have never been familiar with the cause of a smile, and have come to life and have been touched in a profound way because Jim Henson said “There is hope, there is joy, there is the ability to love and to care and to find greatness in difference.”

This says a lot about Jim Henson, and a lot more about Harry Belafonte. The two of them collaborated on a number of projects, including his appearance on The Muppet Show, in which they used song and skits and “children’s stuff” to push the subversive idea that Harry spoke of at Jim’s memorial: there is hope, there is joy, there is the ability to love and to care and to find greatness in difference.

And that’s what made Harry Belafonte tick.

He knew that these things were true, because he had seen them, embraced them, and spent his life trying to spread them to the world, often at significant cost to himself. The story of a Chrysler representative trying to pull the plug on a Petula Clark special featuring Belafonte is but one example. Chrysler rep: “Could you reshoot that song with Petula Clark? She touched his arm, and we think our customers might take offense to a white woman touching a black man’s arm.” Harry’s producer: “No.” The song stayed, as recorded, but it again put Belafonte against yet another of the Powers That Be and made things harder for him down the line.

But back the Harry and the Muppets . . .

Who could not laugh at Harry having an epic drum-off with Animal? (Think of Dueling Banjos, except with percussion. And Muppets.)

Who could not smile at Harry swallowing his frustration with Fozzy Bear continually coming in late as Harry directed the cast of the Muppet Show in singing The Banana Boat Song?

Who could not be entranced with Harry and several African-styled Muppets singing the Belafonte/Henson song “Turn the World Around” and not want to dance and sing along? [This is the song that Harry sang at Henson’s memorial service after he finished his remarks quoted above.]

Harry Belafonte understood the power of song and story, especially to give voice and agency to those at the margins. In 2014, Belafonte spoke movingly at the New York Film Critics Circle Awards, when they honored the best director, Steve McQueen, whose film 12 Years a Slave had been received to great acclaim.

The power of cinema is an uncontainable thing and it’s truly remarkable, in its capacity for emotional evolution. When I was first watching the world of cinema, there was a film that stunned the world, with all its aspects and art form. They did a lot, at that time. The film was done by D.W. Griffith, and it was called The Birth of a Nation, and it talked about America’s story, its identity, and its place in the universe of nations. And that film depicted the struggles of this country with passion and power and great human abuse. Its depiction of black people was carried with great cruelty. And the power of cinema styled this nation, after the release of the film, to riot and to pillage and to burn and to murder black citizens. The power of film.

At the age of five, in 1932, I had the great thrill of going to the cinema. It was a great relief for those of us who were born into poverty, a way we tried to get away from the misery. One of the films they made for us, the first film I saw, was Tarzan of the Apes. [Ed note: The movie is called Tarzan the Ape Man.] In that film, [we] looked to see the human beauty of Johnny Weissmuller swinging through the trees, jump off, and there spring to life, while the rest were depicted as grossly subhuman, who were ignorant, who did not know their way around the elements, living in forests with wild animals. Not until Johnny Weissmuller stepped into a scene did we know who we were, according to cinema. . . .

A lot’s gone on with Hollywood. A lot could be said about it. But at this moment, I think what is redeeming, what is transformative, is the fact that a genius, an artist, is of African descent, although he’s not from America, he is of America, and he is of that America which is part of his own heritage; [he] made a film called 12 Years a Slave, which is stunning in the most emperial way. So it’s a stage that enters a charge made by The Birth of a Nation, that we were not a people, we were evil, rapists, abusers, absent of intelligence, absent of soul, heart, inside. In this film, 12 Years a Slave, Steve steps in and shows us, in an overt way, that the depth and power of cinema is there for now the world to see us in another way. I was five when I saw Tarzan of the Apes, and the one thing I never wanted to be, after seeing that film, was an African. I didn’t want to be associated with anybody that could have been depicted as so useless and meaningless. And yet, life in New York led me to other horizons, other experiences. And now I can say, in my 87th year of life, that I am joyed, I am overjoyed, that I should have lived long enough to see Steve McQueen step into this space and for the first time in the history of cinema, give us a work, a film, that touches the depths of who we are as a people, touches the depths of what America is as a country, and gives us a sense of understanding more deeply what our past has been, how glorious our future will be, and could be.

Whether he was honoring greats like Steve McQueen and Jim Henson, or singing songs with Petula Clark and Fozzy Bear, Harry Belafonte was finding hope, joy, love, and greatness in diversity as he embraced the differences in the world. He worked not only as a leader in the US civil rights movement, but also against apartheid in South Africa and returned there years after apartheid fell to encourage South Africa’s anti-AIDS efforts. He was a UNICEF ambassador and the Grand Marshall for the 2013 NYC Pride Parade. Read the various obituaries, and watch the various memorials, and you will see a man who moved among the powerless, and lived his life to give them the dignity that they deserve, the voice they lacked, and the rights that are their right.

The jam session in heaven tonight is going to be one for the ages, because daylight came and Harry got to go home.

________

Note to Newcomers: Welcome to emptywheel! Please choose and use a unique username with a minimum of 8 letters. We are moving to a new minimum standard to support community security. Thanks.

Share this entry

Employer Rupert Murdoch Turned Out to Be a More Important Tucker Carlson “Spy” Than the NSA

/115 Comments/in , , /by

In a piece that I otherwise find unpersuasive, Josh Marshall argued that the reports that Fox News President Suzanne Scott didn’t tell Tucker why he was being fired explain why we’re getting such a conflicting range of explanations for his summary shit-canning.

It’s been reported that Suzanne Scott, CEO of Fox News, didn’t tell Carlson why he was being fired when she gave him the news. If that’s true, that pushes me more to consider this possibility. It also might explain why you have all this miscellany of often contradictory theories and explanations about what “contributed” to the decision. Maybe no one at Fox has any idea and all the sources are basically speculating about possible vulnerabilities they believe must be the answer.

Axios reported that Scott made the decision with Lachlan Murdoch to fire Tucker Carlson Friday night, though other outlets more credibly report that Rupert was also personally involved.

Fox surely anticipated that Tucker would sue, which may be why Scott didn’t give Tucker an explanation for his firing, yet. But that has created a void of uncertainty about the firing.

It is true that Abby Grossberg, the former Tucker producer who has sued Fox in SDNY for the hostile work environment at Fox generally and specifically on Tucker’s show, and sued Fox in Delaware for how they dealt with her testimony in the Dominion case, has an incentive to emphasize her role in the firing (as she has). I agree with Opening Arguments that the DE suit is far more likely to be related (a paragraph from her SDNY suit that has attracted attention, in which Tucker seemingly speaks favorably about statutory rape, is not tied to her own complaints and was already public). But I also think that the DE suit also includes a bunch of stuff designed to leverage Fox’s legal exposure that has nothing to do with the actual complaint. Plus, Tucker has little to do with the main thrust of the complaint; Scott and other corporate people do, so firing Tucker won’t help. Also note, as far as I understand it, the recordings Grossberg referred to in her suit seem to be transcribed interviews not otherwise aired on TV, not private recordings of Tucker.

Of note, the claim that Tucker asked but Grossberg was unable to get a Proud Boy lawyer to claim the insurrection was caused by FBI informants, for example, makes no sense.

Upon information and belief, in early-March 2023, Mr. Carlson attempted to spin and manufacture another false narrative to defray blame from Fox News about the January 6th insurrection, this time, characterizing the Capitol attack as an FBI coup, and not the logical result of Fox News’s reckless 2020 election fraud coverage. Specifically, Mr. Carlson requested that his team investigate the ongoing Proud Boys trial, which he asserted was “taking forever” because the “Biden Administration [wa]s trying to hide the huge number of FBI spies it had placed in the group.” As Head of Booking, Ms. Grossberg was twice directed to reach out to Dan Hull, one of the defense attorneys representing the Proud Boys, who indicated to her that he was available to come on to the TCT show as a guest but emphatically denied Mr. Carlson’s theory. Instead, Mr. Hull insisted that “no one made my client go up the hill. The Proud Boys wanted to,” and the FBI angle Mr. Carlson sought to peddle was “on the conspiracy side.” When Ms. Grossberg relayed Mr. Hull’s message to Tom Fox, a Senior Producer for TCT and her superior, he blithely replied “That doesn’t fit with what Tucker is looking for. You’ll have to find someone else who will say that.” Ms. Grossberg was told to ask Mr. Hull yet again if he would reconsider, to which Mr. Hull replied, “Please just tell [Tucker], if I get on the show, I will walk out if he asks about the FBI setting it up. […] Blaming the FBI for Jan 6th doesn’t cut it.” Mr. Carlson then requested that Ms. Grossberg investigate whether any other defense attorneys, including Steven Metcalf, would tout the conspiracy on air.

Dominic Pezzola lawyer Roger Roots seems to have, as a primary purpose, floating the kinds of conspiracy theories that will attract attention on Tucker’s show or Jim Jordan’s committee. And in his closing arguments, Nick Smith made wild leaps to push the informant angle. So the lawyers willing to make these claims were certainly available (if unwilling to risk a gag order by going on TV). Plus, Tucker’s propaganda about January 6 long predated the Dominion exposure

But Grossberg’s claim might be where this claim, from the LAT, came from (which has, in turn, led to the improbable claim that Epps’ complaints about Tucker’s coverage played a key role).

Murdoch also was said to be concerned about Carlson’s coverage of the Jan. 6, 2021, insurrection at the U.S. Capitol. The host has promoted the conspiracy theory that it was provoked by government agents, and Carlson has called Ray Epps — an Arizona man who participated in the storming of the Capitol but did not enter the building — an FBI plant, without presenting any evidence.

Tucker’s conspiracy theories about January 6 have been far more unhinged than anything Fox has been sued for by a voting machine company, and that’s saying something. But, again, they’re not a recent development — back in June 2021, Tucker defamed Thomas Caldwell’s spouse Sharon based off an unsubstantiated conspiracy theory.

All of which leads me to suspect that this, also from Axios, may best explain what brought Fox to firing Tucker.

A slew of material was uncovered during pre-trial discovery that implicated Carlson. More information could be out there that could be legally damaging for Fox as it stares down more defamation cases.

None of the rest of Axios’ explanations make sense (as Grossberg’s DE suit does, Axios lists stuff that would not implicate Tucker personally). Many of the other public explanations make no sense.

But what does seem plausible is that between Dominion, Smartmatic, and Grossberg’s twin suits, Fox lawyers have spent a lot of time reading through digital records of Tucker’s statements. And — again, it seems plausible — one or many of the things they’ve seen there made it clear Fox could no longer sustain the legal exposure Tucker (and his Executive Producer Justin Wells, who was also shit-canned) represented, possibly even for reasons unrelated to any of the lawsuits.

There’s an irony here.

Back when Tucker first revealed that he had been picked up in NSA intercepts of texts and emails he exchanged with Russian go-betweens, he claimed the NSA was trying to take him off the air. That was in 2021, and his FOIA to the NSA suggested the contacts had gone back to January 2019. In his more recent March complaint that his efforts to cozy up to Putin got “spied on” by the NSA, he revealed the NSA had read his Signal texts, as well as the emails he sent purportedly setting up an interview with Putin.

For all his wailing that the NSA’s access to such comms was an attempt to get him fired, it didn’t happen.

But once Rupert’s lawyers reviewed Tucker’s communications, it did.

I’m not arguing that Tucker’s coziness with Putin got him fired (though Glenn Greenwald keeps complaining, in two languages, that Tucker was fired for falsely claiming that members of the African People’s Socialist Party were arrested because of their opposition to the Ukraine war, rather than because they were on the FSB payroll).

I’m stating a truism. In virtually all cases, “surveillance” of your communications by your employer can have a far more immediate and lasting impact than surveillance of your communications by the NSA.

Update: Daily Beast says the final straw was the number of times he called Sidney Powell the c-word.

Update: In comments, wasD4v1d referenced this Aaron Blake piece making a similar point.

Update: Murdoch property WSJ reports that one of the big factors was the disparaging comments Tucker made about others.

On Monday, Mr. Carlson’s famously combative stance toward members of Fox News management and other colleagues caught up with him, as the network abruptly announced it was parting ways with him, just minutes after informing Mr. Carlson of the change.

The private messages in which Mr. Carlson showed disregard for management and colleagues were a major factor in that decision, according to other people familiar with the matter. Although many portions of the Dominion court documents are redacted, there is concern among Fox Corp. executives that if the redacted material were to become public, it would lead to further embarrassment for the network and parent company.

[snip]

The Dominion court filings are filled with examples of him disparaging colleagues, from calling for the firing of Fox News reporter Jacqui Heinrich for fact-checking Mr. Trump’s false claims about the 2020 election to complaining about the network’s news coverage, including the decision to call Arizona for Mr. Biden on election night.

Share this entry

El Mo Drax’s Supersonic Rocket Ship Blowed Up

/159 Comments/in /by

Not exactly breaking news at this point, but the SpaceX Starship blew up after a successful launch this morning. Not entirely clear if it was inherent in the vehicle, or if it was intentionally taken out by SpaceX as it was malfunctioning. Either way, a disaster. From the New York Times:

“SpaceX’s Starship rocket exploded on Thursday, minutes after lifting off from a launchpad in South Texas. The spacecraft, the most powerful ever to launch, failed to reach orbit, but it was not a total failure for the private spaceflight company.

Before the launch, Elon Musk, the company’s founder, had tamped down expectations, saying it might take several tries before Starship succeeds at this test flight, which was to reach speeds fast enough to enter orbit before splashing down in the Pacific Ocean near Hawaii.”

As much as I dislike Musk, and trust me I have likely been doing so longer than most anybody, the SpaceX program is part and parcel of NASA now, and getting into, and out of, space is progress for the US and humanity. It really is “rocket science”, and it is not easy. There have always been things like this in the human approach to space. But no lives were lost this morning, and much was probably learned.

You could tell there was something wrong though. There was film of the bottom of the giant rocket, and there were several of the 33 engine pods that were clearly not firing. Was that the catastrophic failure, or was there really a failure to separate stages? The news people do not seem to know, and neither do I.

The SpaceX term has been “rapid unscheduled disassembly”. Orwellian almost, but I guess. In short, it blowed up, by whatever mechanism.

Forget El Mo on this one, SpaceX is effectively part of the government now, and their effort should be supported.

All thanks to Moonraker by Ian Fleming and Supersonic Rocket Ship by Ray Davies and the Kinks.

Share this entry

How the Government Proved Their Case against John Podesta’s Hacker

/4 Comments/in , , , , /by

We’re almost seven years past the hack of the DNC, and self-imagined contrarians are still clinging to conspiracy theories about the attribution of that and related hacks. In recent weeks, both Matt Taibbi and Jeff Gerth dodged questions about the attribution showing Russia’s role in the hack-and-leak by saying that the Mueller indictment of twelve GRU officers would never be tested in court (even while, especially in Gerth’s case, relying on unsubstantiated claims in John Durham indictments from his two failed prosecutions).

And while’s it’s likely true that DOJ will never extradite any of those twelve men to stand trial, DOJ did successfully convict one of their co-conspirators on a different hack: the hack-and-trade conspiracy involving Vladimir Klyushin and accused John Podesta hacker, Ivan [Y]Ermakov.

(The Mueller indictment and Ermakov’s second US indictment, for hacking anti-doping agencies, transliterated his name with a Y, the Boston one does not.)

That trial provides a way to show how DOJ would prove the 2018 indictment if one of the twelve men charged ever wandered into a jurisdiction with an extradition treaty with the US.

As laid out at trial, between 2018 and 2020, the co-conspirators hacked two securities filing agencies, Toppan Merrill and Donnelly Financial, to obtain earnings statements in advance of their filing, then traded based off advance knowledge of earnings. Klyushin was one of seven people (two charged in a separate indictment, three who were clients of Klyushin’s company M-13) who did the trading. Ermakov didn’t trade under his own name. He may have been compensated for Klyushin’s side of the trades with a Moscow home and a Porsche. But at least as early as May 9, 2018, forensic evidence introduced at trial shows, an IP address at which Ermakov’s iTunes account had just gotten updates was used to steal some of the filings.

Ermakov did not show up in a courtroom in Boston to stand trial and Klyushin has launched a challenge to his conviction that rests entirely on a challenge to venue there. But the jury did convict Klyushin on the hacking charge along with the trading charges, meaning a jury has now found DOJ proved Ermakov’s hacking beyond a reasonable doubt.

And they did it using the same kind of evidence cited in the Mueller indictment.

The crime scene

Start with the crime scene: the servers of the two filing agencies victimized in the hack-and-trade, Toppan Merrill and Donnelly Financial.

According to the trial record, neither figured out they had been hacked on their own. As the FBI had tried to do for months beforehand in the case of the DNC, a government agency, the SEC, had to tell them about it. The SEC had seen a number of Russians making big, improbable stock trades from clients of the two filing agencies, all in the same direction, and wanted to know why. So it sent subpoenas to both companies.

As the DNC did with CrowdStrike in 2016, both filing agencies hired an outside incident response contractor — Kroll Cyber in the case of Toppan Merrill, Ankura in the case of Donnelly Financial — to conduct an investigation.

The lead investigators from those two contractors were the first witnesses at trial. Each explained how they had been brought in in 2019 and described what they found as they began investigating the available logs, which went back six months, a year, and two years, depending on the type and company. The witness from Kroll described finding signs of hacking in Toppan Merrill’s logs:

The Ankura witness described how they first found the account of employee Julie Soma had been compromised, then used the IP addresses associated with that compromise to find other employees whose accounts were used to download reports or other unauthorized activity.

In sum, the two incident response witnesses described providing the FBI with the forensic details of their investigation — precisely the same thing that CrowdStrike provided to FBI from the DNC hack. There’s not even evidence that they shared a full image of the filing agencies’ servers (though an FBI agent described going back to Donnelly to search for the domain names behind the intrusions that Kroll had found at Toppan Merrill), which was one of the first conspiracy theories about the DNC hack Republicans championed: that the FBI failed to adequately investigate the DNC hack because it didn’t insist on seizing the actual victim servers during the middle of an election.

The forensic evidence wasn’t the only evidence submitted at trial from the crime scene. One after another of the employees whose credentials had been misused testified. Each described why they normally accessed customer records, if at all, how and when they would normally access such records, and from what locations they might access corporate servers remotely, including their use of the corporate VPN. Julie Soma — the Donnelly employee whose credentials were used most often to download customer filings — described that she would never have done what was done in this case, download one after another filing from Donnelly customers in alphabetical order.

Q. Would you ever go from client to client and alphabetically access those types of documents?

A. No.

Both interview records from the Mueller investigation (one, two, three) and documents from the Michael Sussmann case show that the FBI did similar interviews in the DNC hack. The Douglass Mackey trial, too, featured witnesses describing how the Hillary campaign identified that attack on the campaign as well.

In proving their case against John Podesta’s hacker, DOJ presented witness testimony that eliminated insiders as the culprit.

Fingerprinting

Having established the forensic data tied to intruders through the incident response contractors, prosecutors then called FBI agents as witnesses to describe how — largely through the use of IP addresses obtained using subpoenas or pen registers and the materials found in the suspects’ iCloud accounts — they tied Klyushin’s company, M-13, to both the hacking and the trading.

The trading was fairly easy: the co-conspirators accessed the two online brokers used to execute the trades under their own names and from IP addresses tied to M-13. An SEC witness described in detail how trades always shortly followed hacks but preceded the public filing of earnings statements.

Tying M-13 to the hacking took a few more steps.

For the hacking conducted via the domains Kroll identified, the FBI first found the account that registered the domains. Each was registered under a different name, but each of the names were based on a Latvian-based email service and used similar naming conventions. Each had been accessed from the same set of 3 IP addresses.

For IPs that Kroll identified, the FBI found BitLaunch servers created by an account in the name of Andrea Neumann, which was controlled from one of the same IP addresses that had registered the domain names. The FBI got search warrants to obtain images of those BitLaunch servers.

Another IP address used to steal filings, several FBI agents explained, was from an Italian-run VPN, AirVPN. The FBI used a pen register to show that someone accessed AirVPN from the M-13 IP address during the same period when the AirVPN IP was stealing records from the filing companies. The FBI also showed that Klyushin had accessed his bank at the same time from that same IP address. The FBI also showed that eight common IP addresses had accessed Ermakov’s iTunes account and the AirVPN IP address (in this case, the access was not at the same time because the FBI only had a pen register on the VPN for two months in 2020). While FBI witnesses couldn’t show that the specific activity tied to an AirVPN IP at the victim companies tied back to M-13, they did show that both Klyushin and Ermakov routinely used AirVPN.

Plus there were the filing thefts — noted above — that were done on May 9, 2018 using the same IP address that, four minutes earlier, had downloaded an Apple update from Ermakov’s iTunes account. As I’ve noted repeatedly, before Ermakov was first indicted by Mueller, he had already left a smoking gun in the servers at Donnelly in the form of IP activity that the FBI obtained over a year later inside the US.

In fact, much of the evidence used to prove this case (particularly establishing the close relationship between the conspirators) came from Apple, including WhatsApp chats saved in Klyushin and other co-conspirators’ iCloud accounts. We know Mueller used the same source of evidence. In March of this year, emails stolen by hacktivists revealed, Apple informed another of the GRU officers charged in the DNC hack that the FBI had obtained material from his Apple account in April 2018, in advance of the Mueller indictment.

The indictment likely also relied on warrants served on Google, especially on Ermakov’s account. The Mueller indictment (as well as the later anti-doping one) attributes much of the reconnaissance conducted in advance of the hacks to Ermakov: the names of some victims; information on the DNC, the Democratic Party, and Hillary; how to use PowerShell (which would be used against Toppan Merrill); and CrowdStrike’s reporting on GRU tools. If he did this research via Google, it would all be accessible with a warrant served on the US tech company.

The getaway car

One pervasive conspiracy theory about the Mueller indictment stems from testimony that Shawn Henry gave to the House Intelligence Committee in December 2017, describing that Crowdstrike did not see the data exfiltrated from the DNC servers. Denialists claim that is proof that the information was never exfiltrated by the GRU hackers. The conspiracy theory is ridiculous in any case, since there were so many other Russian hacks involving so many other servers, including servers run by Google and Amazon that had a different kind of visibility on the hack (something that Henry alluded to in his testimony), and since the indictment describes that the DNC hackers destroyed logs to cover their tracks.

But the Klyushin trial featured testimony about a tool used in the hack-and-trade conspiracy that has a parallel in the DNC hack: the AMS panel, hidden behind an overseas middle server, which the Mueller indictment described this way:

X-Agent malware implanted on the DCCC network transmitted information from the victims’ computers to a GRU-leased server located in Arizona. The Conspirators referred to this server as their “AMS” panel. KOZACHEK, MALYSHEV, and their co-conspirators logged into the AMS panel to use X-Agent’s keylog and screenshot functions in the course of monitoring and surveilling activity on the DCCC computers. The keylog function allowed the Conspirators to capture keystrokes entered by DCCC employees. The screenshot function allowed the Conspirators to take pictures of the DCCC employees’ computer screens.

[snip]

On or about April 19, 2016, KOZACHEK, YERSHOV, and their co-conspirators remotely configured an overseas computer to relay communications between X-Agent malware and the AMS panel and then tested X-Agent’s ability to connect to this computer. The Conspirators referred to this computer as a “middle server.” The middle server acted as a proxy to obscure the connection between malware at the DCCC and the Conspirators’ AMS panel. On or about April 20, 2016, the Conspirators directed X-Agent malware on the DCCC computers to connect to this middle server and receive directions from the Conspirators.

[snip]

For example, on or about April 22, 2016, the Conspirators compressed gigabytes of data from DNC computers, including opposition research. The Conspirators later moved the compressed DNC data using X-Tunnel to a GRU-leased computer located in Illinois.

In the hack-and-trade conspiracy, the hackers set up a similar structure, using the servers given names like “developingcloud” and “finshopland” as reverse proxies, with a final server behind them all executing orders on the hacked servers at Toppan Merrill (and the implication is, Donnelly, though the forensics came from Toppan Merrill via Kroll). The “computers numbered 1 through 7” in what follows are the servers identified by Kroll stealing earnings filings from Toppan Merrill.

A. So this is a digital depiction of the servers that I examined on the right there, so they each have a number on them, 1 through 9.

Q. Let me focus you first on the computers numbered 1 through 7. Do you see them there?

A. Yes.

Q. Are they kind of in a sideways V configuration?

A. Yes.

Q. Okay. And what do computers 1 through 7 show on this Exhibit DDD?

A. They functioned as gatekeepers for the furthest machine to the right, server number 8.

Q. And when you say “gatekeeper,” is there a technical term for that?

A. Yes. So the technical term is a “reverse proxy.”

Q. Can you explain to the jury, in a easy for me to understand way, what a reverse proxy or gatekeeper is in this chart, 1 through 7.

A. Yes. So in this chart, it would function — so the seven that are in that V formation, they would pass traffic to server number 8, if it was coming from an infected machine; and if it was something else, it would send the traffic to some other website.

This structure would have made it impossible for Toppan Merrill to understand the source or function of the anomalous traffic on its servers because any attempt to do so would be redirected away from the control server.

But not the FBI, because they obtained images of the servers with a warrant.

The forensic witness describing this structure showed, command by command, that the forensic clues identified by Kroll on the Toppan Merrill servers were controlled via that final server running PowerShell (the same tool that Mueller alleged Ermakov researched during the DNC hacks in 2016).

Q. And is there something on this log that you found that tells you the name of the program that was running on the victim’s computer at Toppan Merrill?

A. Yes, the process name line, and that reads rdtevc.

Q. And is process another name for computer program?

A. Yes.

Q. So this is a log that shows that a program named RDTEVC was running on a Toppan Merrill computer, right?

A. Yes.

Q. But it’s stored in the hacker computer?

[snip]

Q. And what does PowerShell do? You can call it anything, right? You can call it RDTEVC?

A. That’s probably a randomly chosen name.

Q. But no matter what it’s called, what does it do?

A. So it allows it to be remotely controlled and accessed.

Q. Allows what to be remotely controlled and accessed?

A. The infected machine.

The same forensic expert explained that he didn’t find any downloads of stolen files.

But he also explained why.

He had also found secure tunnels, readily available but similar in function to a proprietary GRU tool Crowdstrike found in the DNC server. As he described, these would be used to transfer data in encrypted form, making it impossible to identify the content of the data while it was in transit.

Q. Mr. Uitto, are you familiar with the concept of exfiltration?

A. Yes.

Q. Big word, but what does it mean?

A. It means to steal data, take data.

Q. And in your review, did you find evidence — you told Mr. Nemtsev you didn’t find evidence of the taking of data from the victim computers to these particular hacker servers; is that right?

A. That’s right, but I did see secure tunnels that were created.

Q. So when you say there were secure tunnels, were you able to tell what was going through those secure tunnels?

A. No.

Q. Those were encrypted, right?

A. Yes.

Q. So you actually don’t know whether or not there was financial information in those tunnels?

A. That’s correct.

Q. Or sports scores or anything?

A. That’s correct.

Q. It’s encrypted.

A. Yes.

[snip]

Q. What role does encryption serve in this hacker architecture?

[snip]

A. Yes, so it can be used to hide data or information.

Q. So if it’s encrypted, we can’t know what’s being passed?

To prove the hack, you would have to — and FBI did, in both cases — prove that the stolen data made it to the end point.

This testimony is important for more than explaining where you’d need to look to find proof of a hack (at the end points). It shows the import of understanding not just the crime scene and those end points, but the infrastructure used to control the hack and exfiltrate the data. With both the hack-and-trade conspiracy and the hack of the DNC, the FBI got forensics about the victim from the incident response contractors, but they obtained the data from these external servers directly, with warrants.

The denialists looking for proof in the DNC server were focused on just the crime scene, but not what I’ve likened to a getaway car, one to which the FBI had direct access but Crowdstrike did not.

Follow the money

Another specialized kind of fingerprint prosecutors used to prove the case against Klyushin parallels the one in the Mueller indictment (and, really, virtually all hacking cases these days): the cryptocurrency trail. As the Mueller indictment explained, the hackers who targeted the DNC used the same cryptocurrency account to pay for different parts of their infrastructure, thereby showing they were all related.

The funds used to pay for the dcleaks.com domain originated from an account at an online cryptocurrency service that the Conspirators also used to fund the lease of a virtual private server registered with the operational email account [email protected]. The dirbinsaabol email account was also used to register the john356gh URL-shortening account used by LUKASHEV to spearphish the Clinton Campaign chairman and other campaign-related individuals.

[snip]

For example, between on or about March 14, 2016 and April 28, 2016, the Conspirators used the same pool of bitcoin funds to purchase a virtual private network (“VPN”) account and to lease a server in Malaysia. In or around June 2016, the Conspirators used the Malaysian server to host the dcleaks.com website. On or about July 6, 2016, the Conspirators used the VPN to log into the @Guccifer_2 Twitter account. The Conspirators opened that VPN account from the same server that was also used to register malicious domains for the hacking of the DCCC and DNC networks.

By following the money, prosecutors were able to show the jury how these pieces of infrastructure fit together.

In the case of the hack-and-trade, the conspirators did nothing fancy to launder the cryptocurrency used in the operation. The servers obtained in the name of Andrea Neumann were paid using three successive cryptocurrency accounts, each with different names but accessed from the same IP address. The third name was Wan Connie. An interlocked Wan Connie email account had been accessed from M-13’s IP address. So while the cryptocurrency itself couldn’t tie the conspirators to the hack, the interlocked infrastructure did.

The conspiracy

To prove the hack, prosecutors at trial showed how the FBI had used evidence from the crime scene, the “getaway” car, the money trail, and evidence obtained at the end point from iCloud accounts to tie the hack back to Ermakov personally and M-13 more generally. The biggest smoking gun came from matching the IP addresses to which Ermakov got his iTunes updates to the infrastructure used in the hack (or, in the case of the May 9, 2018 thefts, directly to someone exploiting Julie Soma’s stolen credentials.

All that was left in the Klyushin case was proving the conspiracy, showing that Klyushin and others had used this stolen information to make millions by trading in advance of earnings announcements. This would be the functional equivalent of tying the records stolen from Democrats (and some Republicans) to their release via Guccifer 2.0, dcleaks, and WikiLeaks.

At Klyushin’s trial, the government proved the conspiracy via two means: an SEC analyst presented a bunch of coma-inducing analysis showing how the trades attributed to online brokerage accounts that Klyushin and others had in their own names lined up with the thefts. The analyst explained that odds of seeing those trading patterns would be virtually impossible.

More spectacularly, prosecutors introduced Klyushin’s role with a bunch of pictures establishing that he was “besties” with Ermakov (and, eventually, that there were unencrypted and encrypted communications, along with a picture of Klyushin’s yacht, sent via Ermkaov to two guys in St. Petersburg who didn’t work for M-13 but who were making the same pattern of trades); I looked at some of that evidence here. One picture found in Klyushin’s account showed Ermakov, crashed on a chair, wearing an M-13 sticker, taken in the same period as some of the logs provided by Kroll showed hacking activity. About the only thing the FBI found in Ermakov’s iCloud account was the online brokerage account used to execute the insider trading, in Klyushin’s name, but that tied him to the trading side of the conspiracy.

As their trades began to attract attention, Ermakov and another M-13 employee attempted to craft cover stories, evidence of which prosecutors found via Apple. Prosecutors even introduced Threema chats in which Ermakov told Klyushin, his boss, not to share details about their trading clients or he might end up a defendant in a trial.

He did.

And at that trial, prosecutors were able to prove a hacking conspiracy against Klyushin using evidence and victim testimony from the crime scene, but also from other data readily available with a subpoena or warrant inside the US.

Update: Tweaked language describing secure tunnels.

Share this entry

Rudy Giuliani Claims He’s Shooting Blank Documents

/70 Comments/in , , /by

Ruby Freeman and her daughter Shaye Moss have, as Beryl Howell invited them to do, moved to compel Rudy Giuliani to comply with discovery in their defamation lawsuit. The two 2020 Georgia election workers sued for the damage caused by the lynch mob Rudy summoned by falsely claiming they were attempting to steal votes after he saw a video showing Moss passing her mother a ginger mint.

The motion and all its exhibits are here.

What seems to be happening is that Rudy, having had his phones seized in 2021 and successfully avoided — thus far — charges for his Ukraine influence-peddling, is deliberately slow-walking discovery here to avoid identifying any devices or records that prosecutors can use in that investigation, the Georgia investigation, or Jack Smith’s January 6 one, all while sustaining a story that is already starting to fall apart.

As described in the motion to compel, Rudy’s non-compliance has included:

  • Refusing to turn over any phone or financial records
  • Refusing to explain what accounts and devices he has included in his searches
  • Failing to search for texts and messaging apps from the phones seized in 2021
  • Providing discovery based on much earlier requests from the January 6 Committee and Dominion’s lawsuit against him, rather than the requests from Freeman’s lawyers
  • Providing documents on Hunter Biden along with one Pentagon City Costco receipt
  • Others — like Bernie Kerik and Christina Bobb — similarly refusing to comply
  • Claiming, then disclaiming, reliance on “unknown GOP operatives” for the false claims made about Freeman
  • Refusing to describe how he became aware of the surveillance footage on which he based his false claims about Freeman and Moss

As a reminder, back on April 21, 2021, DOJ obtained a warrant for around 18 of Rudy’s phones in conjunction with the investigation into Rudy’s Ukrainian influence peddling that Bill Barr had successfully obstructed. By September of that year, DOJ had convinced Judge Paul Oetken to have Special Master Barbara Jones to review all the contents on his phones, not just that pertaining to the Ukraine warrants. Since then, I’ve been arguing that DOJ could — and at this point, almost certainly has — obtained that content for use in the January 6 investigation.

Dominion sued Rudy back in 2021. The January 6 Committee subpoenaed Rudy in January 2022 and interviewed him in May 2022. Those are the discovery requests on which Rudy is attempting to rely in this suit, rather than doing searches specific to the requests made by Freeman’s lawyers.

But after May 2022, Rudy’s exposure in Georgia went up. In addition to Freeman’s lawyers filing their amended complaint on May 10, 2022, Fani Willis convened her grand jury on May 2, 2022, subpoenaed Rudy to testify in June 2022, and he testified in August. It is virtually certain that Rudy gave answers to Willis — at the very least, about what he knew of Trump’s call to Brad Raffensperger on January 2 — that subsequent testimony has since disputed and on which topic he has since amended his interrogatory response.

The materials in this motion reveal that Rudy’s lawyer in this matter (Joe Sibley — who represented Christina Bobb in a J6C deposition that conflicts with Rudy’s answers here, though Robert Costello was present for Rudy’s March deposition) at first promised thousands of documents to Freeman’s lawyers, while claiming that most documents would be unavailable because of the Special Master process tied to the Ukraine investigation. Last July 12, Rudy provided 1,269 documents he had also turned over to Dominion’s much earlier request, which Freeman’s lawyers describe as, “his first and only substantial document production to date.”

Then, on August 3, Robert Costello made a showy announcement that SDNY had ended the Special Master process, which is not the same thing as getting a letter that he’s not a subject of that investigation anymore. Shortly thereafter, Freeman’s attorneys pointed out that the excuse Rudy had been using to limit his discovery in this case was no longer operative. He had the phones that — he claimed — included all his communications from the period during which he had started the conspiracy theories about Freeman.

After that showy announcement from Costello on August 3, things changed dramatically. In September, Sibley told Freeman’s lawyers there were 18,000 documents relevant to discovery in the materials seized from his phone. A month later, he said there were 400. In October, Rudy turned over 177 of those documents, 51 of which were blank. Since then, Sibley seems to have provided answer after answer that amounted to throwing up his hands when describing the state of Rudy’s discovery.

Rudy is quite literally attempting to claim he can only shoot blank documents in hopes of getting through this discovery process.

In his March 2023 deposition, Rudy claimed that the physical phones returned by SDNY — which he says only happened in August — were “wiped out.” What actually seems to have happened is that he hasn’t figured out how to access the content saved to the cloud by discovery vendor TrustPoint, and may not have tried to access the phones themselves, which I believe Costello had publicly claimed to have been returned earlier last year.

But far and away the best way to understand his answers are that, first of all, he and Bobb gave materially inconsistent answers while being represented by Sibley, most notably on the topic of whether they participated in the Brad Raffensperger call, which Bobb said they did and Rudy originally claimed — and presumably claimed to Fani Willis’ grand jury — that they had not.

Just as importantly, Rudy may be aware of both messaging apps and phone accounts that he’s not certain prosecutors in SDNY, Georgia, or DC have identified, so he’s refusing to be forthcoming about all the devices and phone accounts he used. There are probably communications from his phones that Costello successfully claimed were privileged during the SDNY Special Master process, which would be obviously crime-fraud excepted in any proceeding before someone who knows the January 6 investigation well. Prosecutors in both SDNY and DC will be able to tell after a quick review of exhibits included with this motion to compel whether Rudy’s claims about the status of the phone content from TrustPoint are accurate.

And therein lies the risk of the game that Rudy is playing.

This would be an obviously bullshit response before any judge, including Carl Nichols (who is presiding over the much more leisurely Dominion suit against Rudy).

But by luck of the draw, he’s attempting this stunt before Beryl Howell, who even on good days does not suffer fools at all, much less gladly, and who until just a month ago was the Chief Judge presiding over all the grand jury proceedings in DC, including the January 6 investigation. She’s one of just two or three judges who knows whether DOJ asked for and obtained a warrant to get the stuff from Rudy’s phones in SDNY. If they did (and I’d bet a very good deal of money they did), she would have seen an affidavit explaining in what form DC USAO understood that phone content to be, and if they did, she has likely overseen discussions about any further attorney-client protections DOJ had to adhere to. If DC USAO obtained warrants for other cloud content, she might also know about any accounts that Rudy is not disclosing to Freeman, including those whose email and phone accounts Rudy consistently used as a proxy. She likely has a sense of how many phone accounts DOJ has identified for Rudy, none of the call records of which would be subject to attorney-client protection. She may know of other aliases that Rudy used in his assault on the election.

Rudy is pulling this contemptuous stunt in front of the one judge who may know the extent to which he’s bullshitting.

Which may be why, at a few points in Freeman’s Motion to Compel, her attorneys note that they’re only asking for modest relief, basically just leverage to get Rudy to actually answer the questions, as well as attorney fees for their time he has wasted.

But Judge Howell? Well, if she wants to use her discretion to provide expanded relief, Freeman’s lawyers say, they’d be open to that too.

The relief Plaintiffs seek in this Motion is narrow, while recognizing that the Court in its discretion may enter additional forms of relief, including sanctions. Plaintiffs reserve all rights relating to seeking expanded forms of relief in the future.

At this point, there are at least two criminal investigations into Rudy and two civil suits — January 6, Georgia, Dominion, and this suit. Even before reviewing his J6C transcript, it’s easy to identify plenty of ways his evolving answers here, amended in part because of inconsistent testimony given before the J6C, conflict with what he must have answered before the Georgia grand jury, which could start issuing indictments any day.

Juggling all that legal exposure would be difficult for a sober, organized man with little real legal exposure.

For Rudy, though, this insane approach may be, at best, a futile attempt to limit the damage this civil case can do to his criminal exposure.

Share this entry

Jack Teixeira: Leak Dumps Don’t Care about (the Story You Tell about) Motive

/49 Comments/in , /by

Dan Froomkin says reporters should call Jack Teixeira’s release of highly classified documents “theft,” not a leak, distinguishing “public-spirited” leakers from “self-serving … thieves.” Spencer Ackerman muses that Teixeira, “leaked for that most ineffable thing, something nonmaterial but nevertheless hyper-real in the logic of the poster, and particularly the right-wing-chud poster: clout.” Charlie Savage suggests something distinguishes this case, legally, from those of everyone else (among a limited subset) who took classified information. Glenn Greenwald has been all over the map, in one breath calling this, “a bullshit leak, despite some relevant docs, the impact of which has been severely overblown from the start,” but then applauding Tucker Carlson’s focus on the altered casualty numbers in Ukraine and Tucker’s claims that even Fox has factchecked as an example of, “the significant revelations these leaks provide.”

Now he’s just making shit up about WaPo and NYT hunting down Teixeira, shit that a quick reading of the arrest affidavit readily debunks, shit that ignores that WaPo’s source(s) for hundreds of still-unpublished documents, at least, are one or more of the Discord chat kids, to whom WaPo has given source protection (that will be utterly meaningless in the face of the subpoenas already served).

A bunch of people who made their careers because a young, narcissistic IT guy stole a shit-ton of records about which he had little personal expertise — some incredibly important, a great many useful only to America’s adversaries — seem to be uncertain what to make of Jack Teixeira, who, early reports at least suggest, is an even younger narcissistic IT guy who stole a smaller shit-ton of records about which he had even less personal expertise, some newsworthy, some useful primarily to America’s adversaries.

We will likely have the rest of Teixeira’s young life to get a better understanding of why he allegedly did what he did, which may well be very different than what he told the kids in the Discord chat rooms about why he did what he did, who in any case are entirely unreliable narrators. But then, they may be no more unreliable, as narrators, than Greenwald is about Edward Snowden, and for a similar reason: because their identity is wrapped up in a certain narrative about this dude.

Since this age of the leak dump started, journalists have been sustaining self-serving stories about what leak dumps really are.

That Ackerman treats Josh Schulte’s hack-and-dump in the same breath as the leak dumps of Chelsea Manning or Edward Snowden, calling Teixeira’s leaks, “something different than the Snowden leaks, Manning leaks or, say, the Vault 7 hack,” is a great example of that. At trial, Schulte didn’t so much claim he was a whistleblower as he was a scapegoat, someone the CIA already hated to blame for an embarrassing compromise. But in his second trial, in the course of representing himself, he performed precisely what the government said he was: a narcissistic coder — KingJosh, he called himself — exacting revenge for the escalating personnel problems he caused after his manager moved his desk. “I think you are playing into the government’s theory of the case,” Judge Jesse Furman warned in a sidebar during Schulte’s cross-examination of a former supervisor, “by making clear to the jury that even today you remain aggrieved by you as being mistreated.”

Vault 7 was not a noble leak. It was an epic act of nihilism. A man-boy retaliating because he couldn’t get his way at work.

And except for security researchers in the business of attributing CIA hacks, the Vault 7 files weren’t all that newsworthy, either — though they did give Julian Assange a way to pressure the Trump Administration. Plus, the fate of both the Vault 7 files during the nine months between leak and publication, during a period when Assange was a key part of a Russian influence operation, as well as the Vault 8 source code included in Schulte’s guilty verdict, remains unknown. In a letter attempting to exonerate himself (even while exposing the protected identities of several colleagues), Schulte himself described the value that the source code would have for Russia, particularly during that nine month window before the CIA learned Schulte had hacked them:

So much still unknown, and with potential (yet unconfirmed) link between wikileaks and Russia–Did the Russians have all the tools? How long? It seems very unlikely that an intelligence service would ever leak a nation’s “cyber weapons” as the media calls them. These tools are MUCH more valuable undiscovered by the media or the nation that lost them. Now, you can secretly trace and discover every operation that nation is conducting.

I don’t imagine that these issues were what Ackerman had in mind, when comparing Schulte to Manning and Snowden, but perhaps he should give some thought to why he believes otherwise.

Meanwhile, Marjorie Taylor Greene is already creating a heroic myth about Teixeira not all that dissimilar from the myths WikiLeaks spun about Schulte that Ackerman appears to still believe.

Maybe, like Chelsea Manning, a struggle with his own demons made Teixeira more apt to leverage classified records to win the adulation of a bunch of teenagers. Or maybe, like Schulte, he really is the racist shithole he sounds like.

Or both.

We may never learn how much damage these leaks did such that we could adequately balance their value against their cost. We will undoubtedly get inflammatory claims from prosecutors if Teixeira is ever sentenced, which may or may not be backed by some damage assessment that will get declassified in a decade or three.

Because it’ll be some time before we really understand this guy, because journalists seem to be struggling to understand how to treat him, I thought it worthwhile to lay out some lessons I have learned from covering leak-dumps for 15 years, lessons that have resulted in a radically different view than the Manichean belief in good dumps or bad dumps others have.

Leak dumps don’t care about all that.

In what follows, I’m not questioning the value of (some) of Snowden’s and Manning’s leaks. I’m saying that some of the people most closely involved haven’t taken a step back, in the decade since, to see what we’ve learned since, including some things these celebrated leakers have in common with what we know, so far, of Teixeira.

It’s worth distinguishing leaks from people knowledgable about what they’re leaking

Those who’ve worked on past leak dumps like to compare the leakers with Daniel Ellsberg, a comparison Ellsberg has welcomed.

But for most, there’s something that clearly distinguishes this later group of leakers: many don’t have expertise on the specific files they’re leaking.

Indeed, several of these leakers obtained new jobs while they were already contemplating leaking (or, in Snowden’s case, long after he had started collecting documents to leak). Several took files entirely unrelated to their jobs.

By comparison, Ellsberg was a PhD who leaked the Rand study he worked on himself.

To the extent that prior leak dumpers leaked files they didn’t have specific reason to want to expose, they often did so out of a generalized malaise, usually stemming from America’s war on terror policies. While I think Manning and Daniel Hale’s reaction to the war on terror was just and righteous, and while Teixeira thus far seems like a badly misguided conspiracy theorist, the type of motivation, a general malaise about American conduct, may not be that dissimilar.

Similarly, Teixeira clearly doesn’t have the knowledge or maturity to make an ethical decision to leak these documents. But it’s not clear some of his predecessors did either.

False claims about authentic documents are still false claims

Over the years, Greenwald and others — most recently #MattyDickPics Taibbi — have completely collapsed the distinction between “true” and “authentic.” There’s a good deal of Snowden reporting, for example, that remains uncorrected. Ackerman even repeated one such error, from the Guardian’s report on PRISM, in his 2021 book — “the NSA could conduct what internal documents described as ‘legally-compelled collection’ from the servers—the exact form of access remains unknown”—of PRISM participants. [my emphasis] This description of getting data directly from tech companies’ servers came from a guy who was overselling the program, effectively a Deep State hypester snookering civil libertarian journalists to buy into his hype.

As Bart Gellman described in his own book, not only was the direct access misleading, but it distracted from the more important policy points of the Section 702 collection.

Companies that had declined to comment in advance, or had said nothing of substance, now issued categorical denials that any U.S. agency had “direct access” to their servers. I scrambled to reconcile those statements with the NSA program manager’s explicit words—repeated twice—in the authoritative PRISM overview. Later that night I found a clue in another document from the Snowden archive. There, in a description of a precursor to PRISM, I found a variation on Rick’s formula. “For Internet content selectors, collection managers sent content tasking instructions directly to equipment installed at company-controlled locations,” it said. That sounded as though the U.S. government black box was on company property but might not touch the servers themselves. I updated my story to disclose the conflicting information and the new evidence.

[snip]

The “direct access” question became a big distraction, rightly essential to the companies but not so much to the core questions of public policy.”

The Snowden reporters were under a real time crunch and unbelievable security pressure to report, so have a good excuse, but others don’t.

#MattyDickPics blithely started reporting on Twitter without first bothering to get the least understanding of what he was looking at and he still has never gotten records showing what requests Trump made of Twitter, the only thing close to real censorship in question. Yet because he has some screen caps to wave around, vast swaths of people believe his false claims.

The same is true of the “laptop.” Virtually the entire Republican Party has refused to distinguish between authentic emails on a hard drive allegedly obtained from a Hunter Biden laptop, and the authenticity of the laptop itself, even after people in Rudy’s orbit started altering that hard drive. To say nothing of whether provably authentic emails say what the GOP breathlessly claims they do, which so far, they have not.

As noted, Tucker has already magnified (with Greenwald applauding) two of the false claims about the documents that Teixeira released: the doctored casualty numbers put out by Russia, and misrepresentations about the role of Special Operations forces in Ukraine, which have been debunked by the same Fox News reporter that Tucker tried to get fired one of the previous times she corrected the network’s false claims.

Notably, I think one thing that is contributing to more accurate reporting based on these files is more hesitation from responsible outlets to publish or magnify the files themselves, while still using them as a basis for stories, though as WaPo races to beat its competitors that may be changing.

Documents can serve to distract

And that’s because authentic documents have, from the start of these leak dumps, often served to distract attention from the actual content.

As I noted the other day, FBI’s cooperating troll witness in the Douglass Mackey trial, Microchip, described unashamedly how the trolls ensuring the John Podesta emails would go viral in the last weeks of the 2016 election knew there was no there, there. But they also knew that so long as they could invent some kind of controversy out of them, they could suck the air out of substantive political coverage.

Q What was it about Podesta’s emails that you were sharing?

A That’s a good question.

So Podesta ‘s emails didn’t, in my opinion, have anything in particularly weird or strange about them, but my talent is to make things weird and strange so that there is a controversy. So I would take those emails and spin off other stories about the emails for the sole purpose of disparaging Hillary Clinton.

T[y]ing John Podesta to those emails, coming up with stories that had nothing to do with the emails but, you know, maybe had something to do with conspiracies of the day, and then his reputation would bleed over to Hillary Clinton, and then, because he was working for a campaign, Hillary Clinton would be disparaged.

Q So you’re essentially creating the appearance of some controversy or conspiracy associated with his emails and sharing that far and wide.

A That’s right.

Q Did you believe that what you were tweeting was true?

A No, and I didn’t care.

Q Did you fact- check any of it?

A No.

Q And so what was the ultimate purpose of that? What was your goal?

A To cause as much chaos as possible so that that would bleed over to Hillary Clinton and diminish her chance of winning.

In this model — the exact model adopted by the Twitter Files (and, frankly, virtually all of Trump’s tweets) — the actual documents themselves are just a hook for viral dissemination of the false claims made about the documents, just like most of the Twitter Files are.

Microchip even admitted that disinformation can increase buzz.

Q As you sit here today, back in that time period, did you like to get a rise out of people?

A Sure, yeah.

Q And that’s one of the reasons you posted things on Twitter; correct?

A Correct.

Q Was it your belief back then that disinformation increases buzz? A Um, disinformation sometimes does increase buzz, yes.

The claims about the documents don’t work like truth claims do; instead, they serve to short-circuit rational thought, making it far easier to believe conspiracy theories or intentional disinformation.

We’re seeing some of that now from the disinformation crowd, starting with Tucker and Greenwald.

You can’t always tell who is in a chat room

The Discord kids told WaPo there were “roughly two dozen” active members of the Discord chat room where Teixeira allegedly first released the documents, about half of whom were overseas, including in Ukraine and elsewhere in post-Soviet countries.

Of the roughly 25 active members who had access to the bear-vs-pig channel, about half were located overseas, the member said. The ones who seemed most interested in the classified material claimed to be from mostly “Eastern Bloc and those post-Soviet countries,” he said. “The Ukrainians had interest as well,” which the member chalked up to interest in the war ravaging their homeland.

But the affidavit to search Teixeira’s house says there were twice that many members, approximately 50. WSJ reports that the group was more pro-Russian than the Discord kids have thus far admitted. So while initial reports suggest this was not espionage, it’s far too early to tell either what Teixeira’s motive was or whether he was cultivated by someone else in his server, encouraged to leak certain kinds of documents just as Chelsea Manning was encouraged to seek out certain things over a decade ago.

That’s why I harped on this earlier: I’ve learned, both stuff that’s public and not, about how easily sophisticated actors can manipulate precisely the kinds of people, usually young men, who inhabit these kinds of chat rooms.

Foreign intelligence services have been searching out these opportunities, eliciting both criminal hacking and leaks, for at least a decade.

For example, the LulzSec hackers knew there were Russians in their chat rooms, but didn’t much care. But it might explain why some documents hacked as part of the Syria Leaks that would be particularly damaging to Russia never got published by WikiLeaks, even though multiple sets of the documents were shared with the outlet.

Even the FBI, with subpoena power, may have troubles identifying everyone who participated in a chat room. And if the FBI can’t do it, the teenagers involved likely can’t either. That’s especially true as operational security increases. Which means they may have no idea who they were really talking to, no matter what they tell the WaPo and FBI.

So while Teixeira paid for with this server with his own credit card, it has been shut down long enough that FBI may never be able to figure out who else was in the chat room, much less their real identity. So we may never know what happened before someone decided to ruin their lives by leaking documents with what inevitably will be inadequate operational security.

Which, in the case of Teixeira’s leaks, means we may not know all the people who got advance access to documents months before their publication on Twitter and Telegram alerted the IC about them, to say nothing of whether those people were nudging Teixeira for certain kinds of leaks.

No one controls what happens with dump leaks

Back in 2021, former Principal Deputy Director of National Intelligence Sue Gordon and former DOD Chief of Staff Eric Rosenbach seemingly confirmed that the files released by Shadow Brokers in 2016 and 2017 were obtained after two NSA employees, Nghia Pho and Hal Martin, brought them home from work; there’s no evidence that Pho, at least, ever tried to share them and no proof Martin did either.

In two separate incidents, employees of an NSA unit that was then known as the Office of Tailored Access Operations—an outfit that conducts the agency’s most sensitive cybersurveillance operations—removed extremely powerful tools from top-secret NSA networks and, incredibly, took them home. Eventually, the Shadow Brokers—a mysterious hacking group with ties to Russian intelligence services—got their hands on some of the NSA tools and released them on the Internet. As one former TAO employee told The Washington Post, these were “the keys to the kingdom”—digital tools that would “undermine the security of a lot of major government and corporate networks both here and abroad.”

If that’s right, it means the last most damaging leak to DOD wasn’t intentionally leaked at all, which makes it not dissimilar from the way that Teixeira reportedly intended just to share it with the guys in his Discord server. It was exfiltrated from NSA’s secure servers by employees (in Pho’s case, purportedly for work reasons), then stolen, then released.

In the wake of that discovery, DOJ seems to have started pushing to hold leakers accountable for the unintended consequences of their leaks. In a declaration accompanying Terry Albury’s sentencing, for example, Bill Priestap raised the concern that by loading some of the files onto an Internet-accessible computer, Albury could have made them available to entities he had no intention of sharing them with.

The defendant had placed certain of these materials on a personal computing device that connects to the Internet, which creates additional concerns that the information has been or will be transmitted or acquired by individuals or groups not entitled to receive it.

But it’s a lesson journalists don’t take seriously, except (in most cases) their own operational security. What happened to the source code of CIA hacking tools Schulte took? What happened to the damning files on Russia from the Syria leaks? Did Chelsea Manning envision the State cables she leaked would be shared with someone like Israel Shamir, who reportedly shared them, in turn, with Alexander Lukashenko’s regime in advance — the same kind of advance knowledge that Schulte himself reflected on?

Even the laudable, distinguishing aspect of Snowden’s leaks, that he gave them to journalists to determine what was in the public interest (an approach he abandoned when he described CIA infrastructure in his own book), is a double-edged sword. He made multiple copies of his files — most of which weren’t in the public interest — and handed the files to others, including at least one person, Greenwald, that Snowden knew had started out with epically shitty OpSec. We would never know if someone got some the Snowden files as a result unless, like Shadow Brokers or Teixeira’s leaks, someone started sharing them openly on Telegram.

The damage assessment and the reporting goes on

We are nine days into the public part of this leak and, thanks to WaPo reporters’ success at befriending the Discord kids, WaPo has obtained hundreds of otherwise unpublished documents. In addition to about eight background stories on the leaks and charges against Teixeira, WaPo currently has Discord Leak stories on: Taiwan’s military vulnerability, China’s surveillance balloonsSurveillance on Mexican cartels. There’s nothing that makes WaPo’s reporting more or less credible, more or less honorable, because Teixeira released these to show off to his buddies (if that is why he released them).

The Discord Leaks are a leak dump. They may have more in common with past leak dumps than a lot of past leak dump journalists would like to admit. Importantly, no matter what journalists would like to tell themselves, Teixeira’s motive, if he is the source, will have virtually no impact on the damage he does to US national security or the value those documents offer to the public good, both of which will be driven by the content of the documents and the details of any advance notice adversaries may have gotten.

And legally, Teixeira is going to be treated just like Chelsea Manning and Josh Schulte — which is to say, harshly, unless he decides to flip before prosecutors can build charges on another twenty documents and has information of value to prosecutors. That’s not surprising in the least. But — short of proving he knowingly shared these documents with an agent of a foreign power — nor will it be tied to his motive.

Leak dumps don’t care about motive.

Update: PwnAllTheThings’ analysis of the damage caused by the Discord leaks is worth reading. Along with noting that at least one human source has been put in danger by these leaks (as well as a bunch of SIGINT collection), he describes how these releases could have gotten a bunch of Ukrainians killed.

We don’t know yet if Teixeira wanted lots of Ukrainians to die as a result of his leak. But we definitely know he didn’t care if they did, and they certainly had the potential to cause colossal amounts of death—both military and civilian—in Ukraine, even if that huge potential was never fully realized.

Share this entry

Problems With The Standard Story Of The Revolutionary War And The Constitution

/61 Comments/in /by

Index to posts in this series

The standard story of the origin of our nation tells us that the Declaration of INdependence asserts that all men are created equal and naturally endowed with certain rights including the right to life, liberty and the pursuit of happiness; that the Revolutionary War was fought to uphold these principles; and that the principles are instantiated in the Constitution. We didn’t always live up to those principles but we’ve always worked towards them, and we get closer all the time. P. 9 et seq. In the first post in this series, we saw that the Declaration doesn’t fit well with the standard story. What about the Revolutionary War and the Constitution?

The Revolutionary War

Roosevelt doesn’t think there was a single cause for the War.

Different people sought independence for different reasons, and likely they sometimes said what they thought would advance their cause rather than what they truly believed. History requires interpretation, and a claim to possession of the one singular truth is a hallmark of ideology. P. 55.

The Declaration explains the decision of the Colonists to throw off English rule. It claims that governments derive their just powers from the consent of the governed. The Declaration complains that the King cut off trade between the Colonies and the rest of the world. It claims that the King ignores the laws and even the courts of the Colonists. The King attacks the Colonies directly, keeps a standing army in the Colonies, and quarters troops on the population. The King imposes taxes on the Colonies even though they are not represented in Parliament. The King stirs up the “merciless savages” to attack and murder the Colonists. The only reference to slavery is oblique: the King “… has excited domestic insurrections amongst us….”

No doubt one or more of these claims were a factor for some of the Colonists. The principle of consent itself may have motivated some of them. The listed claims may have motivated others. Perhaps some were motivated by a desire to bring about equality or at least to end slavery (Thomas Paine and Benjamin Franklin, for example.) Roosevelt points out that protecting slavery may have brought others into the war:

There isn’t much evidence supporting the idea that slavery was an issue. Of course just as people say things they don’t believe to advance their cause, others may keep quiet about their actual reasons if they would hurt the cause. There was little to be gained by saying we’re rebelling because we want to enslave people. Roosevelt suggests that

… for some of the Patriots, a desire to preserve slavery was one reason—and maybe a strong one—to declare independence[.] On its face, this is pretty plausible. Just as it seems unlikely that northern Patriots had slavery at the front of their minds, it is unlikely the southern ones didn’t have it at least at the back of theirs. P. 53.

In any event it’s hard to argue that the War was fought over the principle of equality for anyone except white men and especially white men with property. A telling detail: the British offered slaves freedom if they fought for the King. After the War the Colonists demanded the return to slavery of those people. The British refused.

Nor was the Revolution fought to advance a broad principle of equality. Roosevelt says that the statement that all men are created equal is a reference to the fictional state of nature assumed to exist in the beginning. The broader concept of equality would have to wait for the French Revolution and the Declaration of the Rights of Man and of the Citizen in 1789. It asserts that “Men are born and remain free and equal in rights.” This is a statement about real people living in real societies, not imaginary savages in the wild.

The Constitution

The Constitution was necessary because the Articles of Confederation failed to create a strong enough central government. The states were fighting among themselves, refusing to adhere to treaties, imposing trade restrictions and refusing to pay the debts incurred in the Revolutionary War. The preamble states the reasons for adoption of the Constitution, starting with “to produce a more perfect union”, and ending with “to secure the blessings of liberty to ourselves and our posterity.” Roosevelt says that the chief goal of the Constitution was unity, with liberty at the bottom of the list.

If the Constitution were actually about individual human rights, it would include provisions that protected the rights of individuals. It doesn’t. The Founders Constitution restricts the Federal Government’s right to intrude on the specific rights in the Bill of Rights, but the states were free to intrude as much as their own constitutions allowed. It took the 14th Amendment to change that, and to make the Federal Government the guarantor of individual rights against itself and against the states.

As to slavery, there are three provisions that directly or indirectly support its continuation: the Three-Fifths Clause, a provision barring the Federal Government from ending the international slave trade until 1808, and the Fugitive Slave Clause. Each of these cemented the power of the slave states.

The Three-Fifths Clause redressed the population imbalance between the slave states and the rest, allowing slaves to be counted at ⅗ of a person for purposes of calculating the number of Representatives allocated to each state. It worked with the provision giving each state two senators to insure a balance in the legislature between slave and free states. In addition it gave the slave states an edge in the Electoral College with respect to population. Thomas Jefferson would have lost the election of 1800 to John Adams without the Three-Fifths Clause. Ten of the first 12 presidents were slavers. P. 76.

The prohibition on ending the slave trade before 1808 enabled slavers to rebuild their holdings by importation after losses in the Revolutionary War. The British offered freedom to any slave who fought for the King, and thousands of slaves accepted this offer. Others escaped their bonds. The Colonists demanded return of these escapees, but the British refused. The outcome is that slave population rose from 697,497 in the first census of 1790 to 1,191,362 in the 1810 census.

The Fugitive Slave Clause says that slaves who escaped to a free state did not gain their freedom, and that the free state was required to return them to their enslavers. This was a big win for the slavers. Under the Articles, each state determined how it would treat slaves in their territory; in fact that rule remained in effect as to slaves brought to free states by their masters. The Constitution stripped the States of their right to decide the question of slavery as to escapees, which today we would call a violation of States Rights.

As South Carolina delegate Charles Cotesworth Pinckney boasted upon his return from the Constitutional Convention, “We have obtained a right to recover our slaves in whatever part of America they may take refuge, which is a right we had not before.” P. 79.

Discussion

1. The standard story has a central place in our understanding of ourselves as Americans, regardless of other political views. Other nations have national stories, but it seems like we put a lot of emphasis on this story and the two documents, more than citizens of other countries do.

2. One consistent element of our self-image as Americans is that we consent to our government. In prior posts I’ve discussed the theoretical idea of the social contract. That’s not what I’m talking about. We believe that government only works if people consent to it.

Apparently that belief is not shared by a substantial of Republicans today. In this they are like the secessionist Confederates, as Heather Cox Richardson shows.

“We do not agree with the authors of the Declaration of Independence, that governments ‘derive their just powers from the consent of the governed,’” enslaver George Fitzhugh of Virginia wrote in 1857. “All governments must originate in force, and be continued by force.” There were 18,000 people in his county and only 1,200 could vote, he said, “But we twelve hundred . . . never asked and never intend to ask the consent of the sixteen thousand eight hundred whom we govern.”

3. Regardless of what Jefferson meant with the phrase all men are created equal, today we flatly mean that we’re all born equal, we’re all entitled to equal rights, and that one function of government is to guarantee that equality.

Apparently that belief is not shared by a substantial number of Republicans.

Share this entry

It Is A Mad Mad World

/133 Comments/in /by

So, while some digital jackass named “Microchip” is dominating so much discussion here, let us talk about other things.

When I was a kid, I read Mad Magazine.

If I had to ride my training wheels bicycle there to the local store, I did. There were Playboys there on the shelf, and I did not even know that yet. I went for Mad. Alfred E. Neuman.

There were a lot of “illustrators” of Mad over the years, too many to go into currently, but (thank you Scribe) Al Jaffee was one of the most important.

“Microchip” is a blip, Al Jaffee spanned, and influenced, in a very good way, generations.

Share this entry