emptywheel https://www.emptywheel.net Sun, 25 Oct 2020 13:21:16 +0000 en-US hourly 1 The Government Agent Who Altered Andrew McCabe’s Notes Remains Unnamed https://www.emptywheel.net/2020/10/25/the-government-agent-who-altered-andrew-mccabes-notes-remains-unnamed/ https://www.emptywheel.net/2020/10/25/the-government-agent-who-altered-andrew-mccabes-notes-remains-unnamed/#comments Sun, 25 Oct 2020 12:06:37 +0000 https://www.emptywheel.net/?p=86789 When DOJ submitted new versions of the Peter Strzok and Andrew McCabe notes they altered, they did not, in fact, submit unaltered versions. Instead, they submitted realtered versions, editing out the previous note rather than showing what the unscanned notes look like. I suspect that's an effort, in part, to hide what unnamed "government agent" altered the McCabe notes.

The post The Government Agent Who Altered Andrew McCabe’s Notes Remains Unnamed appeared first on emptywheel.

]]>
The frothers have convinced themselves that the sticky notes via which misleading dates were added to Peter Strzok and Andrew McCabe’s handwritten notes do not amount to “altering” those notes. That’s nonsense. Not only did the date added to Strzok’s notes suggest they could have been written on January 4, 2017 when several documents that had already been submitted in the docket (as well as other public documents) made it clear the notes had to have been written on January 5, 2017. But the added date — indicating that whoever wrote it thought the notes could be January 4 or 5 — don’t match the notice DOJ originally gave Sidney Powell about the notes, which suggested the could have been written on January 3.

There are further problems with the alterations, not least that DOJ claims that these documents were “scanned.” A comparison of the original set of notes with the altered one, along with the blue sticky visible on Bill Priestap’s notes with how the same kind of blue sticky appeared on McCabe’s altered notes make it clear these were copied, along with being scanned, a step that made the alterations far less visible.

Worse still, rather than providing unaltered versions of the notes, DOJ instead provided altered versions of the altered notes. That’s easiest to see by comparing the original, altered McCabe notes, where you can see the lined page underneath the added date.

With the altered altered notes.

It’s clear that rather than simply taking the sticky off, DOJ instead simply whited out the date, along with the lines of the page beneath it.

But you can see this by comparing the three versions of the Strzok notes. Unaltered:

First alteration:

Second alteration:

The sticky is still visible in the second alteration, which suggests they’ve done the same thing they did with McCabe’s altered notes, just edit out the alteration, rather than scan the original document. I suspect the reason they doubled down on altering documents is because doing otherwise would make it clear that the McCabe notes, in particular, could not have been “scanned,” because it would have made the blue sticky visible.

So tomorrow they’re going to have to certify that their re-altered notes are “authentic.”

There may be a far more interesting reason why DOJ chose to re-alter the altered documents rather than providing the originals.

In both Jocelyn Ballantine’s notice of discovery correspondence about the Strzok notes:

During the review, agents for EDMO placed a single yellow sticky note on each page of the notes with estimated dates (the notes themselves are undated). Those two sticky notes were inadvertently not removed when the notes were scanned.

I am providing replacement versions of these documents, and ask that you destroy the prior versions provided to you. We have determined, and confirmed with counsel for Peter Strzok, that the content of the notes was not otherwise altered.

And her notice of compliance, falsely claiming to comply with Judge Emmet Sullivan’s order to authenticate all the documents submitted in this case, she blamed WDMO FBI Agents for the alteration to Strzok’s notes.

In response to the Court and counsel’s questions, the government has learned that, during the review of the Strzok notes, FBI agents assigned to the EDMO review placed a single yellow sticky note on each page of the Strzok notes with estimated dates (the notes themselves are undated). Those two sticky notes were inadvertently not removed when the notes were scanned by FBI Headquarters, before they were forwarded to our office for production.

But her notice of discovery correspondence accompanying the newly altered McCabe notes:

At some point during the course of the review of this page of notes, government agents placed a clear sticky notes (with a colored tab) on this page of notes. On the clear portion of this tab was written the date of 5/10/2017. This sticky note was inadvertently not removed when the notes were scanned.

I am providing a replacement version of this document, and ask that you destroy the prior version provided to you. The content of the notes was not otherwise altered.

And her notice of compliance, she didn’t reveal who had altered McCabe’s notes.

Similarly, the government has learned that, at some point during the review of the McCabe notes, someone placed a blue “flag” with clear adhesive to the McCabe notes with an estimated date (the notes themselves are also undated). Again, the flag was inadvertently not removed when the notes were scanned by FBI Headquarters, before they were forwarded to our office for production.

In one case, she blames, “government agents,” in the other case, she blames “someone.” Blaming “someone” is not a very good way to convince a judge you’re not pulling a fast one.

Realtering the altered notes is not either.

Note, too, that while Ballantine says she has reviewed the contents of Strzok’s notes with his lawyer, she only claims that the content of the McCabe notes has not been altered. If the redactions change the meaning of the notes, falsely tying a SSCI briefing to the notes about Flynn, I can see why she might do that.

By realtering the notes, DOJ is hiding that the altered notes were not, in fact, scans (because if they had been scanned the alteration would have been obvious because the stickies in both cases were colored, and FBI’s scans pick up color).

But I suspect they’re also hiding who that “government agent” is who altered McCabe’s notes.

The post The Government Agent Who Altered Andrew McCabe’s Notes Remains Unnamed appeared first on emptywheel.

]]>
https://www.emptywheel.net/2020/10/25/the-government-agent-who-altered-andrew-mccabes-notes-remains-unnamed/feed/ 32
Chuck Grassley and Ron Johnson Produce a 285-Page Confession They’re Unfamiliar with the Public Record https://www.emptywheel.net/2020/10/25/chuck-grassley-and-ron-johnson-produce-a-285-page-confession-theyre-unfamiliar-with-the-public-record/ https://www.emptywheel.net/2020/10/25/chuck-grassley-and-ron-johnson-produce-a-285-page-confession-theyre-unfamiliar-with-the-public-record/#comments Sun, 25 Oct 2020 08:35:43 +0000 https://www.emptywheel.net/?p=86781 Chuck Grassley and Ron Johnson just released a 285-page report confessing that they're no familiar with the public record on the Russian investigation. Perhaps they should ask for help from the Democrats on their committee?

The post Chuck Grassley and Ron Johnson Produce a 285-Page Confession They’re Unfamiliar with the Public Record appeared first on emptywheel.

]]>
Chuck Grassley and Ron Johnson recently released a 285-page report relitigating a story made public in 2017 about how Mueller’s team obtained records from General Services Administration. The report adopts an entirely opposite stance as the SSCI Russia Report did. The latter discussed how unheard of it was for an Administration to claim an expansive Transition privilege. Chuck and Ron are outraged that a criminal investigation have access to such files, and similarly outraged that the subjects of an investigation did not get notice that their files had been obtained.

The report also makes clear that, at first, Mueller relied on SSCI’s request for its records request, and only later in the summer made their own. In other words, Chuck and Ron have a complaint, in part, with SSCI (though they don’t say that).

The report is most useful for revealing which Transition officials Mueller’s team was interested in. On August 23, Mueller’s team sent a records request for these nine officials closely interacting with Flynn while he was secretly undermining sanctions and other Obama policies in “collusion” with Russia.

The nine Trump for America officials identified by the FBI were Daniel Gelbinovich, Sarah Flaherty, Michael G. Flynn, Michael T. Flynn, Keith Kellogg, Jared Kushner, K.T. McFarland, Jason Miller, and Michael Pompeo.114

Then Mueller’s team asked for the records of four more people — which appears to be the people who were at Mar-a-Lago when Flynn was secretly undermining sanctions with Russia.

The four Trump for America officials identified by the FBI were Sean Spicer, Reince Priebus, Stephen Bannon, and Marshall Billingslea.125 In the cover email, the FBI explained:

We have an additional four individuals we are currently interested it [sic]. … If possible, can you at least have their emails downloaded by tomorrow when I pick up the other information? . . . [W]e want to have it available when they swear out a warrant before then.126

Note, there’s a reference to the DC US Attorney’s office, too, so it’s possible they also needed these records as part of their investigation into the suspected bribe from Egypt that kept Trump afloat in August 2016.

But the craziest thing is how the report confesses that they are unaware of any legal process for these files.

Although the FBI’s August 30, 2017 cover email referenced applying for a search warrant, the Committees are aware of only one court-ordered disclosure of records, specifically, information related to the transition records of Lt. Gen. Flynn, K.T. McFarland, Michael Flynn’s son, and Daniel Gelbinovich.128

128 Order, In re Application of the U.S. for an Order Pursuant to 18 U.S.C. § 2703(d) Directed at Google Related to [the transition email accounts for those four individuals], 1:17-mc-2005 (D.D.C. Aug. 18, 2017) [GSA004400- 4404] (ordering the disclosure of customer/subscriber information but not content).

At one level, they’re being coy in that they claim to be interested in court-ordered disclosure. A document recently released via the Jeffrey Jensen review reveals that in February 2017, star witness and pro-Trump FBI Agent was obtaining some of this information using NSLs. Another document explains why, too: because one of the first things FBI had to do to understand why Flynn had lied to them was to determine if he was coordinating his story with those at Mar-a-Lago.

The lie that he didn’t even know Obama had imposed sanctions was not one of Flynn’s charged lies, but it was his most damning. He lied to hide that he had consulted with Mar-a-Lago before picking up a phone and secretly undermining sanctions in “collusion” with Russia.

Crazier still, Chuck and Ron didn’t go to the first place one should go to understand how legal process worked, the publicly released Mueller warrants. The warrant to access the devices and email of at least the original nine (plus one other person) is right there in the docket.

GSA transferred the requested records to the FBI, but FBI didn’t access them until it had a warrant.

In other words, this 285-page report is effectively a confession from Chuck and Ron that two Committee Chairs and a whole slew of staffers can’t figure out how to read the public record.

Maybe that’s a hazard of conducting investigations with no Democrats? It makes it harder to read accurately?

The post Chuck Grassley and Ron Johnson Produce a 285-Page Confession They’re Unfamiliar with the Public Record appeared first on emptywheel.

]]>
https://www.emptywheel.net/2020/10/25/chuck-grassley-and-ron-johnson-produce-a-285-page-confession-theyre-unfamiliar-with-the-public-record/feed/ 8
Ten Days To Go Trash Talk https://www.emptywheel.net/2020/10/24/ten-days-to-go-trash-talk/ https://www.emptywheel.net/2020/10/24/ten-days-to-go-trash-talk/#comments Sat, 24 Oct 2020 11:29:48 +0000 https://www.emptywheel.net/?p=86746 There are ten days left to insure the Trump Train leaves the station forever. Let Mr. Springsteen tell you to drive that train on out of town.

The post Ten Days To Go Trash Talk appeared first on emptywheel.

]]>
Yesterday was the Scaramucci point; i.e. eleven days to go. Now it is ten, and it all is getting to be overwhelming. A perfect time for some Trash, as Trash was always about giving a release from the daily drudgery. Off we go!

Am still of the opinion that trying to play college football during the pandemic was a bad idea. But playing they are. In that regard, let’s talk about Wisconsin, who put on a show last night. Once we discussed the new whiz kid on the Badgers’ block, and it was Russell Wilson. He turned out to be all that, at Wisconsin and then in the NFL. But last night was ridiculous. First time redshirt freshman starter Graham Mertz merely completed 20 of 21 passes for 248 yards and five touchdowns in the Badgers’ 45-7 win. That is pretty good.

In the pros, after a Covid announcement by the Raiders, the NFL and NBC suddenly flexed the SNF game to Seahawks at Cardinal, purporting it to be to address Covid concerns. That is a joke. If Covid were the meter, you would give the Raiders more time, even if hours to comply and play. Just hazarding a guess here, but maybe the NFL and NBC figured Russell Wilson versus Kyler Murray was a better game and draw, and did not have potential to be cancelled at the last minute. If so, that was pretty much a smart play.

The Bucs at Vegas is still a must watch if available to you. Steelers at Titans is still the real game of the day. I’d normally take the Steelers with Big Ben back to normal. Would not bet a cent on it though, the Titans, Vrabel and Tannehill, are on a fair roll, and then there is Derrick Henry. This will be a fun game. Look too to Bears at Rams. Seems kind of ho hum, but is an important game.

This weekend is also the Portuguese Grand Prix. Now it has been a while since there was a Portugese, but there is a real history. Of course the Mercs of Hamilton and Bootas have to be favored. It is kind of a crazy looking circuit for the new iteration of F1 though. Could be interesting!

Today’s music is by Bruce. When he says no surrender, he means it. Listen to him, think about the time old message, and GO VOTE to make sure the Trump Train leaves the station. Enjoy Bruce at his rocking best.

The post Ten Days To Go Trash Talk appeared first on emptywheel.

]]>
https://www.emptywheel.net/2020/10/24/ten-days-to-go-trash-talk/feed/ 60
From Failed Whistleblower to Journalistic Source: Natalie Sours Edwards Mounts a Credible Public Interest Defense https://www.emptywheel.net/2020/10/24/from-failed-whistleblower-to-journalistic-source-natalie-sours-edwards-mounts-a-credible-public-interest-defense/ https://www.emptywheel.net/2020/10/24/from-failed-whistleblower-to-journalistic-source-natalie-sours-edwards-mounts-a-credible-public-interest-defense/#comments Sat, 24 Oct 2020 10:46:13 +0000 https://www.emptywheel.net/?p=86747 Natalie Sours Edwards -- Jason Leopold's source for his reporting on Suspicious Activity Reports -- has done what every other leaker I've covered has tried to do with far less success: mount a public interest defense.

The post From Failed Whistleblower to Journalistic Source: Natalie Sours Edwards Mounts a Credible Public Interest Defense appeared first on emptywheel.

]]>
Natalie Sours Edwards, one of the sources for a series of BuzzFeed stories on Treasury and a larger, global series on Suspicious Activity Reports, submitted her sentencing memorandum last night. It is probably the most convincing example of a whistleblower-turned-leaker telling her story to explain why she did what she did. And while she was charged under a different statute than the Espionage Act — there’s a specific law prohibiting the leaking of SARs — it is a laudable effort to make a public interest defense.

She spends much of her submission (as most do) describing her background — her Native American upbringing, the series of jobs she had after obtaining a PhD in national security decision-making, first at ATF, then at CIA, and then at Treasury’s FinCEN. Not long after she moved to Treasury, she grew concerned about a number of things she was seeing: She believed Treasury was making some organizational changes without first getting congressional approval.

By April of 2016, TFI was considering a proposal to move several employees from FinCEN to OIA. May Sours Edwards and other members of FinCEN’s upper management questioned the legality of the proposed realignment. In an email to John Farley, Acting Director of Executive Office for Asset Forfeiture (TEOAF), Dr. Edwards raised concerns about whether the transfers would be consistent with Congressional appropriations and whether OIA was moving forward in spite of a direction from the Senate Select Committee on Intelligence not to proceed until the Committee had reviewed the plans for the reallocation of funds.

She was concerned — as was the Privacy and Civil Liberties Oversight Board — that Treasury had never instituted guidelines protecting Americans’ privacy when accessing records under 12333. (I had written about this problem before this period.)

Did OIA, as a member of the intelligence community, have the authority to collect and retain data domestically. Under Executive Order 12333 (“E.O. 12333”) IC entities, which OIA is, are permitted to collect information on “United States persons” only if the organization has promulgated guidelines for doing so and had them reviewed and approved by the Attorney General.11 Dr. Edwards questioned whether OIA had signed guidelines. Counsel for OIA hostilely, in Dr. Edwards’ estimation, disagreed with her interpretation of EO 12333. She believed he deliberately denigrated her during the meeting in front of the other participants in an attempt to bully her into agreeing with his position. She did not acquiesce.

11Executive Order 12333 provides in pertinent part as follows. “2:3 Collection of Information. Agencies within the Intelligence Community are authorized to collect, retain or disseminate information concerning United States persons only in accordance with procedures established by the head of the agency concerned and approved by the Attorney General, consistent with the authorities provided in Part 1 of this Order.”

After she had shared these concerns with Congress, she believed that Jacob Lew had knowingly lied to Congress about whether there were whistleblowers at Treasury.

On September 22, 2016, Treasury Secretary Jacob Lew testified before the House Financial Services Committee. https://www.c-span.org/video/?415661- 1/secretary-jack-lew-testifies-financial-stability-report&start=9046. Representative Fitzpatrick specifically asked him whether the proposed realignment was consistent with the existing budget, the issue Dr. Edwards had been raising. He also the Secretary whether there were any whistleblowers at Treasury. Representatives Jeb Hensarling and Sean Duffy later sent a follow-up congressional letter to Secretary Lew, expressing concern that the proposed “changes may violate appropriations requirements, civil service rules, and constraints on gathering and use of financial intelligence data.” They also noted that it was “troubling that Treasury is moving forward with the proposed reallocation with the intention to complete the process before a new Administration takes over in January 2017 and despite bipartisan requests to process at a more deliberate pace.” Id.

Something else of significance happened during the hearing. In response to a question from Representative Fitzpatrick, Secretary Lew stated that he was unaware of any whistleblowers in the Treasury Department. Dr. Edwards was taken aback and concerned. She was a whistleblower, a fact well known to Treasury OIG.

In the wake of that hearing, she believed that her clearance was pulled, briefly, as retaliation.

On September 27, 2016, a week after the contentious OIA-FinCEN meeting, someone at OIA ordered that Dr. Edward’s SCI (Sensitive Compartmentalized Information) clearance and her access to the SCIF (Sensitive Compartmentalized Information Facility) be revoked. Dr. Edwards questioned the basis for the action. Her clearance was reinstated the following day. Email of September 28, 2016, from May Edwards to Elizabeth Ortiz, attached hereto as Exhibit XX

She submitted two whistleblower complaints — to Treasury IG and to OSC. The latter found that she had engaged in protected activity (meaning that she had been a whistleblower), but ruled against her claims of retaliation on narrow grounds.

By letter dated May 21, 2018, OSC informed Dr. Edwards that they were closing her file. OSC concluded that Dr. Edwards’ reports to her “leadership, OIG, Congress and OSC all likely constitute ‘protected activity’ or whistleblowing under the law.” May 21, 2018, letter from OSC to Dr. Edwards, attached hereto as Exhibit HHH at 4. Further, Dr. Edwards could establish that her “management knew about [her] whistleblowing regarding, at a minimum, the issues [she] raised directly to them.” However, OSC made several findings that it concluded were fatal to Dr. Edwards’ claim that she had been retaliated against as a whistleblower. OSC could not find that there was a substantial likelihood that Treasury Secretary Lew knew of Dr. Edwards’ allegations when he testified before Congress that there were no whistleblowers in Treasury. Id. at 3. The email that outlined OMB’s direction to Treasury on communicating with Congress about the FinCEN/TSI realignment was not improper because it appeared to be directing Treasury officials not to discuss the issue in their official capacities as opposed to directing them in their individual capacities on their rights to report suspected wrongdoing to Congress

A Treasury IG Report ruled against her based on an alternative explanation provided for why the PKI of FinCEN employees had been pulled.

While finding that the problem with the IC PKI certificates was solely the result of inadvertence, the author of the audit did note that “the present working relationship between OIA and FinCEN related to the IC PKI process is strained.” Id. at 3. The two Treasury components had a “fundamental disagreement” about FinCEN’s need for access to the IC PKIs and more broadly about FinCEN’s autonomy.

She even explains how — after she started working with Jason Leopold — Ron Wyden complained that FinCEN was withholding information on Russian interference and its ties with Donald Trump.

In addition to her concern about OIA’s handling of realignment and the PKIs issue, Dr. Edwards grew to question whether FinCEN was providing complete information in response to Congressional requests for information. She was not alone in that belief. On May 10, 2017, Senator Ron Wyden made a floor statement placing a hold on the nomination of Sigal Mandelker for the position of Under Secretary of TFI. His office issued a statement explaining the Senator’s reasoning:

Senator Ron Wyden, D-Ore., today placed a hold on the nomination of Sigal Mandelker to be Under Secretary of the Treasury for Terrorism and Financial Intelligence. Wyden said he will maintain that hold until the Treasury Department provides the Senate Intelligence Committee and Senate Finance Committee information and documents related to Russia and its financial dealings with President Trump and his associates.

On Tuesday, May 9, Senate Intelligence Committee Vice Chairman Mark Warner announced that the Committee had made a request to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN). https://www.wyden.senate.gov/news/press-releases/wyden-announces-hold-ontreasury-nominee-until-administration-produces-documents-on-russian-dealingswith-trump-associates. On September 22, 2017, Senator Wyden put a hold on another Treasury Assistant Secretary nominee, Isabelle Patelunas, again because of Treasury’s “refusal to provide documents related to Russia.” https:// www.wyden.senate.gov/news/press-releases/wyden-announces-hold-ontreasury-nominee-over-agencys-refusal-to-provide-documents-related-to-russia.

It’s in that context that — she described — she started working with Leopold to get Congress to return its attention to misconduct at Treasury.

When Congress’ attention to the issues May believed vitally affected the security of this country flagged, she began communicating with Jason Leopold, a reporter with the online publication BuzzFeed News. He told her that he shared her concern for national security. He assured her that the only way to revive Congressional interest was through media attention. He promised to – and did – introduce her to additional Congressional staffers. At his encouragement, she provided him with Suspicious Activity Reports (“SARs”) and other internal Treasury Department documents. He wrote articles that disclosed that information. She was arrested. He was not.

[snip]

Although Congress by then had done little to curb Treasury’s behavior, Dr. Edwards continued to believe that the only way to ensure that those responsible for the improper behavior were held accountable was through Congress. Leopold encouraged this belief: By writing articles, he could get the proper attention for the issues she believed were of vital importance to national security. This was a theme he returned to more than once when he sought information from Dr. Edwards: He could use what she gave him to write stories that would force Congress to investigate her allegations. (September 27, 2017: “We do need to keep momentum going so this story is crucial.” October 16, 2017: “We are going for the next story – keep momentum going with 12333.” January 11, 2018: “Listen, I am going to make a case that we need to leak something and report it. I am going to reach out to some of your colleagues. But this is getting ridiculous and I need to get their attention…By their attention I mean Congress).

Importantly, given the way she was charged (with a conspiracy to leak these SARs, with Leopold identified as a co-conspirator would be) she describes how hard Leopold worked to champion her efforts in Congress.

Throughout 2017 and 2018, Leopold told Dr. Edwards in their WhatsApp conversations that he was committed to her cause of uncovering and remedying corruption in the Treasury Department. He told her at times that he was acting on behalf of Congressional staff members in seeking information from her. He sought to arrange meetings for Dr. Edwards with members of Congress or their staff. Such meetings did take place. Leopold attended meetings with Dr. Edwards. Staffers encouraged Dr. Edwards to provide information they sought about the inner workings of the Treasury Department, including whether the requirements of the Bank Secrecy Act were being enforced by financial institutions as required to assist U.S. government agencies.

Remember: Before the global SARs reporting effort came out, Treasury issued a statement that can only be viewed as an attempt at prior restraint, a threat against Leopold.

Edwards’ sentencing memorandum says that the Probation office recommended two years of probation.

Dr. Sours Edwards faces no mandatory minimum term of incarceration. As discussed above, the relevant range under the United States Sentencing Guidelines, both as stipulated in the plea agreement and as determined by United States Probation, is zero to six months. PSR at ¶4, p. 28. Probation has recommended that the Court sentence Dr. Sours Edwards to a two-year term of Probation.

It is unclear whether this will work — whether Edwards will get probation. It is equally unclear whether Leopold’s laudable efforts to double down on his reporting, to raise global attention to the issue, will bring about reform at banks or in the US.

But this is what every other leaker I’ve covered has tried to do, far less persuasively: an attempt to make a public interest defense for leaking to a journalist.

The post From Failed Whistleblower to Journalistic Source: Natalie Sours Edwards Mounts a Credible Public Interest Defense appeared first on emptywheel.

]]>
https://www.emptywheel.net/2020/10/24/from-failed-whistleblower-to-journalistic-source-natalie-sours-edwards-mounts-a-credible-public-interest-defense/feed/ 5
Judge Emmet Sullivan Just Created Four Big Problems for DOJ in the Mike Flynn Case https://www.emptywheel.net/2020/10/23/judge-emmet-sullivan-just-created-four-big-problems-for-doj-in-the-mike-flynn-case/ https://www.emptywheel.net/2020/10/23/judge-emmet-sullivan-just-created-four-big-problems-for-doj-in-the-mike-flynn-case/#comments Fri, 23 Oct 2020 13:54:21 +0000 https://www.emptywheel.net/?p=86730 Judge Emmet Sullivan just ordered DOJ to comply with the order he already issued, that it certify all the exhibits submitted in this proceeding. He added a nearly impossible deadline and a requirement that DOJ transcribe hand-written notes and provide the author and date. This order will create a whole heap of problems for DOJ.

The post Judge Emmet Sullivan Just Created Four Big Problems for DOJ in the Mike Flynn Case appeared first on emptywheel.

]]>
Judge Emmet Sullivan just issued an order that may well destroy DOJ’s presumption of regularity (the legal principle that unless the government really fucks up, you have to assume they didn’t fuck up) in the Mike Flynn case.

He noted that on September 29, he had ordered DOJ to certify all documents submitted as exhibits in the motion to dismiss proceeding, but that DOJ had not done so. Instead, it admitted that it had “inadvertently” altered two Peter Strzok and one Andrew McCabe documents, and asked for a mulligan.

So now he’s ordering DOJ to do what he first ordered: to certify all the exhibits submitted to this docket (both those submitted directly by DOJ and those submitted by Flynn’s team) and provide a transcription and the author and date of any handwritten notes.

MINUTE ORDER as to MICHAEL T. FLYNN. During the September 29, 2020 motion hearing, the Court informed the government that it would need government counsel to authenticate documents filed with the Court. See Hr’g Tr., ECF No. 266 at 91:19-92-21; see also Min. Order (Sept. 29, 2020) (ordering the parties to file any supplemental materials by no later than October 7, 2020). On October 7, 2020, the government filed [259] Notice of Compliance in which it stated that: (1) Federal Bureau of Investigation (“FBI”) agents assigned to review Mr. Strzok’s notes had placed sticky notes on the document with estimated dates, and the sticky notes had not been removed prior to scanning the documents for production purposes (see ECF Nos. 248-2, 248-3); and (2) a sticky note with an estimated date had been placed on the notes of Andrew McCabe, and the sticky note had not been removed prior to scanning the document for production purposes (see ECF No. 248-4). The government stated that the notes of Mr. Strzok and Mr. McCabe were otherwise unaltered, and it provided the unaltered versions of Mr. Strzok’s and Mr. McCabe’s notes. See Exs. to Notice of Compliance, ECF Nos. 259-1, 259-2, 259-3. However, the government did not address the Court’s authentication request despite the government’s acknowledgement that altered FBI records have been produced to Mr. Flynn and filed on the record in this case. See Notice of Compliance, ECF No. 259. The government has filed a motion to dismiss pursuant to Federal Rule of Criminal Procedure 48(a), has attached 13 Exhibits to that motion, and has cited the Exhibits throughout its motion to support its description of the factual background and its argument in support of dismissal. See generally Mot. Dismiss, ECF No. 198. The government has also filed a supplement to its motion and attached an Exhibit to that supplement. Suppl., ECF No. 249. Although the government relies heavily on these 14 Exhibits, the government has not provided a declaration attesting that the Exhibits are true and correct copies. “The presumption [of regularity] applies to government-produced documents” and “to the extent it is not rebutted–requires a court to treat the government’s record as accurate.” Latif v. Obama, 666 F.3d 746, 748, 750 (D.C. Cir. 2011). Here, however, the government has acknowledged that altered FBI records have been produced by the government and filed on the record in this case. See Notice of Compliance, ECF No. 259. Accordingly, the government is HEREBY ORDERED to file, by no later than October 26, 2020, a declaration pursuant to penalty of perjury under 28 U.S.C. sec. 1746 in support of its motion to dismiss that the Exhibits attached to its motion and supplement are true and correct copies. It is FURTHER ORDERED that the government’s declaration shall identify each exhibit by name, date, and author. It is FURTHER ORDERED that the government shall provide transcriptions of all handwritten notes contained in the Exhibits. The government has also filed on the record in this case numerous notices of filing discovery correspondence and Mr. Flynn has generally filed the discovery produced on the record in this case as Exhibits to his supplementary filings. See ECF Nos. [228], [231], [237], [248], [251], [257], [264]. The government has acknowledged that the discovery provided to Mr. Flynn and thereafter filed on the record contained altered FBI records. See Notice of Compliance, ECF No. 259. Accordingly, the government is HEREBY ORDERED to file, by no later than October 26, 2020, a declaration pursuant to penalty of perjury under 28 U.S.C. sec. 1746 that the discovery documents provided to Mr. Flynn and filed on the record in this case are true and correct copies. It is FURTHER ORDERED that the government’s declaration shall identify each discovery document by name, date, and author. It is FURTHER ORDERED that the government shall provide transcriptions of all handwritten notes contained in the Exhibits.

This is going to create four problems for DOJ.

First, there’s no way they can finish this by Monday. Even if the lawyers on this case were as familiar with these documents as they claimed to be, it would take more than this weekend to transcribe and double check everything. They will likely ask for an extension, one that would extend the order past the election.

Plus, once they do transcribe these documents, it will become crystal clear that parts of the notes — most notably, the Bill Priestap notes they’ve claimed are a smoking gun — in fact confirm that every single witness agreed on the purpose of the January 24, 2017 Mike Flynn interview: to see whether Flynn would lie. By submitting a transcript, then, they will have to admit they’ve misrepresented the substance of the documents.

Then, this order will catch them in their past false claims about the date of (at least) the January 5, 2017 Peter Strzok notes. As I’ve noted, DOJ has submitted several documents in this docket making it clear that Strzok’s notes must have been written on January 5, 2017. Except they falsely claimed not to know. There’s probably no easy way out of this problem.

Finally, there is this exhibit, which also had a date added, but a date added via means that cannot have been accidental.

It’s possible that that redaction doesn’t cover over an existing date (but my annotation, in red, may show the hash marks of a date). But I don’t see how DOJ can authenticate this, and they’re going to have to tell Sullivan who wrote it, making it really easy for journalists to call up the author and get him to confirm or deny the date.

Notably, after Strzok and McCabe’s lawyers gave notice that DOJ had altered their notes, Sidney Powell submitted a demand that Judge Sullivan prevent anyone else from telling him their notes had been altered. So maybe she has exhibits about which she has specific concerns.

The false Strzok claims, by themselves, are going to make a truthful declaration here difficult, if not impossible. But that’s not even the only problem this order will create for DOJ.

Update: There are two sets of documents Sullivan is now asking DOJ to ID the author, provide date, and transcribe: those linked in this post and those in this document cloud project.

The post Judge Emmet Sullivan Just Created Four Big Problems for DOJ in the Mike Flynn Case appeared first on emptywheel.

]]>
https://www.emptywheel.net/2020/10/23/judge-emmet-sullivan-just-created-four-big-problems-for-doj-in-the-mike-flynn-case/feed/ 63
675 Days after Mike Flynn Blew Up His Probation Plea Deal, We Learn There Never Was an “Original 302” https://www.emptywheel.net/2020/10/23/675-days-after-mike-flynn-got-blew-up-his-probation-plea-deal-we-learn-there-never-was-an-original-302/ https://www.emptywheel.net/2020/10/23/675-days-after-mike-flynn-got-blew-up-his-probation-plea-deal-we-learn-there-never-was-an-original-302/#comments Fri, 23 Oct 2020 09:50:49 +0000 https://www.emptywheel.net/?p=86715 It turns out the Holy Grail Mike Flynn has been searching for throughout the 675 days during which he has utterly blown up his plea deal -- an "original 302" -- doesn't exist.

The post 675 Days after Mike Flynn Blew Up His Probation Plea Deal, We Learn There Never Was an “Original 302” appeared first on emptywheel.

]]>
It has been 675 days since Mike Flynn was originally scheduled to be sentenced on December 18, 2018.

In the interim period, he fired his competent attorneys, Covington & Burling, hired firebreathing TV lawyer Sidney Powell, and had her write a letter to Billy Barr and Jeffrey Rosen demanding they appoint an outside lawyer to review the case. Among other things, the letter demanded “the original draft” of the Flynn 302.

The original draft of the Flynn 302 and all subsequent drafts, including the A-1 file that shows everyone who had possession of it. It appears that SCO has never produced the original 302. There were multiple drafts. It stayed in “deliberative/draft” stage for an inordinate time. Who influenced it, how, and why?

Then, in what was crafted to be an effort to insinuate that DOJ had not complied with Judge Emmet Sullivan’s standing Brady order, she asked for the 302 again, on reply even claiming that the claims in the 302 weren’t backed by the notes that Peter Strzok and Joe Pientka wrote during the interview.

Last December, Sullivan wrote an unbelievably meticulous opinion laying out why all the things she was demanding weren’t actually Brady material. In it, Judge Sullivan rejected Flynn’s “speculat[ion]” that an original 302 showing the agents believed Flynn was telling the truth could exist, not least because their notes mapped all versions of the draft and final 302s.

Mr. Flynn speculates that the government is suppressing the “original 302” of the January 24, 2017 interview, Def.’s Reply, ECF No. 133 at 28; he claims that the lead prosecutor “made it sound like there was only one 302,” id. at 29; and he makes a separate request for the FBI to search for the “original 302” in one of the FBI’s databases, id. at 28-30. In Mr. Flynn’s view, the “original 302”—if it exists—may reveal that the interviewing FBI agents wrote in the report “their impressions that [Mr.] Flynn was being truthful.” Id. at 28. Mr. Flynn claims that the FBI destroyed the “original 302” to the extent that it was stored in the FBI’s files. Id. at 30. Comparing draft FD-302s of Mr. Flynn’s January 24, 2017 interview to the final version, Mr. Flynn claims that the FBI manipulated the FD-302 because “substantive changes” were made after reports that Mr. Flynn discussed sanctions with the Russian Ambassador “contrary to what Vice President Pence had said on television previously.” Id. at 14-15. Mr. Flynn points to the Strzok-Page text messages the night of February 10, 2017 and Ms. Page’s edits to certain portions of the draft FD-302 that were “material.” Def.’s SurSurreply, ECF No. 135 at 8-9.

To the extent Mr. Flynn has not already been provided with the requested information and to the extent the information exists, the Court is not persuaded that Mr. Flynn’s arguments demonstrate that he is entitled to the requested information. For starters, the Court agrees with the government that there were no material changes in the interview reports, and that those reports track the interviewing FBI agents’ notes. See, e.g., Gov’t’s Surreply, ECF No. 132 at 4; Def.’s Reply, ECF No. 133 at 20. Mr. Flynn ignores that FBI agents rely on their notes and memory to draft the interview reports after the completion of an interview. See United States v. DeLeon, 323 F. Supp. 3d 1285, 1290 n.4 (D.N.M. 2018) (discussing the drafting process for FD-302s). While handwritten notes may contain verbatim statements, the notes of FBI agents are not verbatim transcripts of the interview. United States v. Forbes, No. CRIM.302CR264AHN, 2007 WL 141952, at *3 (D. Conn. Jan. 17, 2007). And persuasive authority holds that the government’s production of summaries of notes and other documents does not constitute a Brady violation. See, e.g., United States v. Grunewald, 987 F.2d 531, 535 (8th Cir. 1993) (finding no Jencks Act or Brady violations where the government produced summaries of handwritten notes instead of the actual notes); United States v. Van Brandy, 726 F.2d 548, 551 (9th Cir. 1984) (holding that the government fulfilled its Brady obligations by producing summaries of the FBI’s file because Brady “does not extend to an unfettered access to the files”).

As an initial matter, the Court notes that the government has provided Mr. Flynn with the relevant FD-302s and notes rather than summaries of them. See, e.g., Gov’t’s Surreply, ECF No. 132 at 6-7; Gov’t’s Opp’n, ECF No. 122 at 10, 15; Gov’t’s App. A, ECF No. 122-1 at 2; Gov’t’s Notice of Disc. Correspondence, ECF No. 123 at 1-3. And the government states that it will provide Mr. Flynn with the FD-302s of his post-January 24, 2017 interviews. Gov’t’s Opp’n, ECF No. 122 at 4 n.1. Having carefully reviewed the interviewing FBI agents’ notes, the draft interview reports, the final version of the FD302, and the statements contained therein, the Court agrees with the government that those documents are “consistent and clear that [Mr. Flynn] made multiple false statements to the [FBI] agents about his communications with the Russian Ambassador on January 24, 2017.” Gov’t’s Surreply, ECF No. 132 at 4-5. The Court rejects Mr. Flynn’s request for additional information regarding the drafting process for the FD-302s and a search for the “original 302,” see Def.’s Sur-Surreply, ECF No. 135 at 8- 10, because the interviewing FBI agents’ notes, the draft interview reports, the final version of the FD-302, and Mr. Flynn’s own admissions of his false statements make clear that Mr. Flynn made those false statements.

Then, as matters moved towards sentencing and DOJ responded to Flynn’s refusal to cooperate and his conflicting sworn statements, by asking for prison time, Powell got desperate. She filed a bunch of motions to try to get Flynn out of his guilty pleas. And, magically, Billy Barr appointed St. Louis US Attorney Jeffrey Jensen to do what Powell had demanded seven months earlier, to review the case. That “review” used documents already reviewed by Mueller’s team, DOJ IG, John Durham, and — many of them — even Judge Sullivan — to claim DOJ had discovered “new” documents that justified blowing up Flynn’s prosecution.

Before long, Jensen started submitting documents and claims that made it clear his team was either lying or had zero understanding of the documents they used to claim DOJ should withdraw from Flynn’s prosecution. Nevertheless, Jensen kept churning out documents, even — ultimately — releasing an insta-302 showing that a key pro-Trump FBI agent on the case claimed not to understand this was a counterintelligence investigation, professed ignorance of key pieces of evidence, but nevertheless held sway in the Mueller team’s conclusion that they did not have proof that Trump ordered Flynn to blow up sanctions on Russia. They altered evidence in such a way that would support their prior false claims about key dates, and that altered evidence made its way, almost instantaneously and probably via Jenna Ellis, the Trump campaign lawyer with whom Sidney Powell remained in regular touch, into a Trump campaign attack. Ultimately, they admitted to some — but not all — of the evidence that had been altered and asked for a mulligan (but didn’t explain who had altered one of those exhibits).

Along the way, Jensen submitted evidence that made it clear that — not only didn’t Peter Strzok have it in for Mike Flynn — but he pushed the pro-Trump FBI Agent whose view held sway to join the Mueller team. As Sullivan’s amicus has noted, DOJ’s current argument relies on Strzok’s reliability, even while claiming that Strzok cannot be considered a reliable witness.

Jensen also submitted evidence that showed that meetings immediately after Flynn’s interview map perfectly onto Flynn’s existing 302, showing that there are completely credible witnesses who will attest that Strzok described the interview just as the 302 does immediately after the interview happened, including that Flynn lied.

Jensen also provided evidence that made it clear why Flynn’s lies were material — which was ostensibly the reason DOJ blew up his prosecution in the first place. His lies served to hide that Flynn coordinated with Mar-a-Lago on his efforts to blow up sanctions, something that even Billy Barr’s DOJ conceded might be evidence of coordination with Russia.

And then, on Tuesday, perhaps realizing that now that Strzok and Andrew McCabe have gotten discovery in their lawsuits for wrongful termination, DOJ should stop releasing documents that show Trump’s claims about the two of them were false, but also DOJ’s alterations of Strzok and McCabe documents, Jensen stopped.

According to a notice of discovery correspondence released last night, via letter to Sidney Powell sent on Tuesday DOJ told her there are no documents left and, in fact, there never was an “original 302.”

We write to respond to your recent discovery requests. On October 20, 2020, you requested “immediate production of any additional information that has been uncovered by Durham or the FBI or any federal officer or agent and provided to US Attorney Jensen–and not previously provided to the defense.” As we have previously disclosed, beginning in January 2020, the United States Attorney for the Eastern District of Missouri has been conducting a review of the Michael T. Flynn investigation. Beginning in April 2020, and continuing through October 2020, we have disclosed on a number of occasions documents identified during that review. We are aware of no other documents or information at this time that meet the standard for disclosure in the Court’s Standing Order (Doc. 20).

You also requested “the original 302 and later drafts . . . , or the data evidencing their destruction.” The Federal Bureau of Investigation has a well-documented record management program and retention plan that provides specific instructions for the collection of information, the maintenance of documents, and the retention or disposal of documents. Those guidelines state that “[w]orking files, such as preliminary drafts, notes, and other similar materials, are to be destroyed when the final documents have been approved by the FBI official with authority to do so.” The policy applies to “all drafts created in any medium.” See Records Management Policy Guide, at p. 31, available at https://vault.fbi.gov/records-management-policy-guide-0769pg-part-01-of01/Records%20Management%20Policy%20Guide%200769PG%20Part%2001%20of%2001/vie w#document/p4.

Here, the FD-302 of your client’s January 24, 2017, interview was created in SENTINEL, which is the FBI’s electronic records management system for all criminal and intelligence gathering activities:

SENTINEL provides FBI employees the ability to create case documents and submit them through an electronic workflow process. Supervisors, reviewers, and others involved in the approval process can review, comment, and approve the insertion of documents into the appropriate FBI electronic case files. Upon approval, the SENTINEL system serializes and uploads the documents into the SENTINEL repositories, where the document becomes part of the official FBI case file. SENTINEL maintains an auditable record of all transactions

See Privacy Impact Assessment for the SENTINEL System, May 28, 2014, at p. 1, available at https://www.fbi.gov/services/information-management/foipa/privacy-impactassessments/sentinel.

In this this case, SSA 1 began drafting the FD-302 on the evening of January 24, 2017. The FD-302 was electronically accessed by SSA 1 and former DAD Peter Strzok in SENTINEL on several occasions. The FD-302 was electronically approved by FBI Assistant Director for Counterintelligence E.W. Priestap on February 15, 2017. Our review of SENTINEL’s audit trail establishes that no other FBI personnel accessed the FD-302 electronically prior to its approval and serialization. Consistent with the FBI’s records retention policy, no prior drafts of the FD-302 were maintained within SENTINEL.

You have previously been provided with three draft versions of the FD-302, dated February 10, 11, and 14, 2017, that were circulated in PDF format by email to FBI personnel for review; these are the only draft versions of the FD-302 that we have located during our diligent searches.

Finally, you requested “all the comms retrieved of McCabe with Comey, Page, Strzok, Baker, Priestap or anyone else about Flynn, Crossfire Razor or any other name for General Flynn or Michael G. Flynn, and any comms of Comey or any FBI member with anyone in the Obama White House about Flynn.” As discussed above, we have reviewed those communications and have disclosed all such communications that we have identified that meet the standard for disclosure in the Court’s Standing Order (Doc. 20). [my emphasis]

This doesn’t mean Barr is done with his shenanigans. After all, in spite of past assertions that no one at DOJ engaged in any abuse in its discovery compliance, this letter suggests (falsely, per Sullivan’s December 2019 opinion and all precedent) that the documents they’ve been dribbling out did meet “the standard for disclosure in the Court’s Standing Order.” Couple that with the fact that DOJ seems to be hiring for a Brandon Van Grack adjacent job, and I wouldn’t be surprised if they’re going after him, even while hiding evidence showing that Bill Barnett liked and trusted Van Grack.

Plus, ultimately Trump will pardon Flynn (indeed, Powell already told Sullivan that she had discussed a pardon with Trump).

But it does mean that, 675 days after Flynn could have started serving a probation sentence, we finally learn that one key premise on which he blew up this prosecution was false. There is no original 302.

In the wake of learning that her witch hunt came up short yesterday, Sidney Powell was complaining about the delay that she herself caused.

The post 675 Days after Mike Flynn Blew Up His Probation Plea Deal, We Learn There Never Was an “Original 302” appeared first on emptywheel.

]]>
https://www.emptywheel.net/2020/10/23/675-days-after-mike-flynn-got-blew-up-his-probation-plea-deal-we-learn-there-never-was-an-original-302/feed/ 10
2020 Presidential Debates: The Battle of Nashville [UPDATE-3] https://www.emptywheel.net/2020/10/22/2020-presidential-debates-the-battle-of-nashville/ https://www.emptywheel.net/2020/10/22/2020-presidential-debates-the-battle-of-nashville/#comments Thu, 22 Oct 2020 23:00:05 +0000 https://www.emptywheel.net/?p=86092 FINALLY, the last presidential debate of this election cycle. Here's a post for emptywheel community members' discussion about the debate.

The post 2020 Presidential Debates: The Battle of Nashville [UPDATE-3] appeared first on emptywheel.

]]>
[NB: Updates will appear at the bottom of this post. /~Rayne]

Here’s a post for emptywheel community members’ discussion purposes dedicated to what was supposed to be the third and final presidential debates.

The debate is scheduled to begin at 8:00–9:30 p.m. ET — this is earlier than the second debate was scheduled before it was canceled. Tonight’s debate will be conducted at the Curb Event Center at Belmont University in Nashville, Tennessee.

Tonight’s moderator is Kristen Welker of NBC, the only woman of the three moderators chosen for the presidential debates. I wouldn’t be at all surprised if this is an issue during the course of the debate, especially since it’s been a bone of contention that incumbent Senator Mitch McConnell has been reluctant to have a woman moderator for a debate against opponent Amy McGrath.

Good luck to Welker; I hope she’s got nerves of steel. She’s already had to deal with sideswipes by Trump on Twitter:


Only surprised Trump and his mini-me loser son didn’t make it about Welker’s mixed race heritage (Native American and Black).

Speaking of which, racism may also factor in tonight’s debate considering the location — Nashville was built upon a slave economy and was the first Confederate state capital to fall to the Union during the Battle of Nashville in 1864.

The COVID-19 epidemic may likewise figure largely. Nashville was the site of another pandemic which took the life of a former American president. James Polk died of cholera in 1849 only three months after returning to Nashville upon leaving office.

Could lightning strike twice, one might wonder, given how deep we are into another pandemic, this one encouraged by Trump’s malign governance.

One factor which might make tonight’s debate more challenging for Trump: the decision by the Commission on Presidential Debates to implement a two-minute microphone mute to allow each candidate to answer a question uninterrupted.

The muting will work like this: At the start of each of the six segments of the debate, each candidate will be given two minutes to answer an initial question. During that portion, the opposing candidate’s microphone will be muted.

“Under the agreed upon debate rules, each candidate is to have two minutes of uninterrupted time to make remarks at the beginning of each 15 minute segment of the debate. These remarks are to be followed by a period of open discussion,” the commission said in a statement. “Both campaigns this week again reaffirmed their agreement to the two-minute, uninterrupted rule.”

Team Trump whined this was unfair, of course. Yes, it’s really unfair that we’re allowed to hear each candidate answer a question without Trump sowing chaos with unending yelling-at-clouds throughout the debate like he did during the first debate three weeks ago. Expect it, though — his behavior during his interview with Leslie Stahl was a combination of toddler, bully, and mobster:

Hard to believe Trump thought releasing this interview material ahead of the edited 60 Minutes program this weekend would be a benefit to his campaign. Being an asshole to Stahl isn’t going to help him with women voters who haven’t already voted. He’s just so ugly and tiresome, like an overgrown irritable baby in need of a nap.

My god, has it really been three weeks since the first debate? It feels like it’s been a bloody decade. I’ll be so damned glad when tonight’s over and the Union has once again taken Nashville.

~ ~ ~

Election Day is twelve days away. Are you registered? Have you double checked the status of your registration? Have you requested an absentee or mail-in ballot? Have you mailed or dropped off your ballot? Have you checked the status of your ballot if mailed/dropped off?

And have you talked with all your friends and family members to ensure they have done the same? Make plan — register, vote, and help others, but make a plan. And then execute it to win.

~ ~ ~

UPDATE-1 — 9:15 P.M. ET —

He didn’t let us down. Trump the malignant narcissist, who believes and acts as if everything is about him and him alone, showed up this evening.

Meanwhile, 222,620 Americans have died from COVID as of the beginning of tonight’s debate. Americans are dying at a rate of 45-50 per hour, which means at least one American died while he blathered for two minutes about himself.

Revolting excuse for leadership.

~ ~ ~

UPDATE-2 — 9:55 P.M. ET —

This is why I can’t watch Trump. Not at rallies, not in debates. When he gets a mic he lies and it hurts Americans.

He’s lied again tonight about his health care plan we’ve yet to see in +3.5 years. He’s preparing to take the Affordable Care Act in front of the Supreme Court within days so his stacked jurists can kill it along with more Americans.

Meanwhile, even more Americans have died from COVID over the last 40 minutes — an estimated 30 more families will be told their loved ones didn’t make it. For every one of these deaths there are at least 50 new cases of COVID, a number of whom will end up with long-term disability due to damage ranging from their lungs to their testicles.

And he’ll keep lying about health care for all of them just as he’s lied to Laura Packard.

~ ~ ~

UPDATE-3 — 10:45 P.M. ET —

Accurate.

Blowhard knows blowing hard.

Numerous accounts say Biden stuck the landing with his closing. Tell me in comments who’s got it right before the media proceeds to tell us what happened.

The post 2020 Presidential Debates: The Battle of Nashville [UPDATE-3] appeared first on emptywheel.

]]>
https://www.emptywheel.net/2020/10/22/2020-presidential-debates-the-battle-of-nashville/feed/ 130
Rat-Fucker Rashomon: Guccifer 2.0 the Go-Between https://www.emptywheel.net/2020/10/22/rat-fucker-rashomon-guccifer-2-0-the-go-between/ https://www.emptywheel.net/2020/10/22/rat-fucker-rashomon-guccifer-2-0-the-go-between/#comments Thu, 22 Oct 2020 14:23:22 +0000 https://www.emptywheel.net/?p=78087 When you separate the story of Roger Stone's communications with Guccifer 2.0 from the WikiLeaks one, the August 15, 2016 asking how he liked the documents Guccifer 2.0 posted looks totally innocuous. But when you combine them, it looks like Guccifer 2.0 is Stone's go-between.

The post Rat-Fucker Rashomon: Guccifer 2.0 the Go-Between appeared first on emptywheel.

]]>
Fresh off the weekend of Roger Stone’s trial, prosecutors got Rick Gates to testify, and then called former FBI Agent Michelle Taylor back on the stand. Ostensibly, they needed to call Taylor to introduce a transcript of a scene from Godfather II that Stone kept using to try to convince Randy Credico to lie to the House Intelligence Committee, something that the two sides had been debating throughout the first week of the trial.

But the first thing prosecutors did when they got their FBI witness back on the stand was to bring Guccifer 2.0 into it.

Q. When you first testified last week, do you remember testifying about the release of some emails of the Democratic National Committee by an organization called WikiLeaks on July 22nd, 2016?

A. Yes, I do.

Q. What was the name of the online persona or figure who took credit for hacking or obtaining those documents from the Democratic National Committee?

A. Guccifer 2.0.

Q. During Mr. Stone’s testimony before the House Intelligence Committee, was he asked about that persona, Guccifer 2.0, and that alleged hack?

A. Yes, he was.

MR. ZELINSKY: I would like to publish now, please, for the witness and the jury, what’s been admitted as Government’s Exhibit 1. This is page 28 of Government’s Exhibit 1.

BY MR. ZELINSKY: Q. Ms. Taylor, I want to direct your attention to the portion of — oh, and, Ms. Taylor, just to remind the jury, what is Government’s Exhibit 1?

A. This is a transcript of Mr. Stone’s testimony before HPSCI.

Q. I’ve put on the screen in front of you page 28 of the transcript. Can you read for us, please, the question and answer that I have highlighted there?

A. “MR. SWALWELL: In 2016, August of 2016, you and the American public are aware, from press reporting, that Russia is accused of hacking democratic emails, is that — “MR. STONE. Yes.”

Q. I want to direct your attention now to page 29, the next page of the same exhibit. Can you read, please, the question and answer that I’ve highlighted on page 29 of Government’s Exhibit 1, the transcript?

A. “MR. SWALWELL: It took me a while, too. “Were you aware when you wrote that article, the Breitbart one, that Guccifer 2.0 was assessed by the Intelligence Community as a cutout for the Russian intelligence services? “MR. STONE: I was aware of that claim, but I don’t subscribe to it. There’s a substantial amount of information you can find online that questions that. I realize it’s an assertion, but as I said in my statement, our intelligence agencies are often wrong.”

Q. Finally, Ms. Taylor, I would like to direct your attention to page 113, bottom of 113 to the top of 114 of the same exhibit, the transcript. First, can you read for us, please, the question that starts at the bottom of page 113 of the transcript?

A. “MR. SCHIFF: Mr. Stone, you’ve acknowledged that it’s the conclusion of the intelligence community that Guccifer 2 is a cutout of the Russian intelligence agencies.”

Q. And Mr. Stone’s response?

A. “MR. STONE: They have said that, yes.”

Mind you, Guccifer 2.0 had been mentioned earlier in the trial, as when Taylor read off HPSCI communications with Stone or Randy Credico’s texts with Stone mentioning the persona, as well as legal debates outside the presence of the jury. Prosecutors also had Taylor present two Guccifer 2.0 posts that were published on the same days as calls involving Stone, June 15 and June 30, in the latter case, a call to Trump.

Q. Can you please read for us the first two sentences of the Guccifer 2 Word Press post from June 15th, 2016?

A. Sure. “Worldwide known cyber security company CrowdStrike announced that the Democratic National Committee, DNC, servers had been hacked by sophisticated hacker groups. I’m very pleased the company appreciated my skills so highly, but, in fact, it was easy, very easy.”

[snip]

Q. Did this same author, Guccifer 2.0, post another message about the hack a few weeks later?

A. He did.

Q. I’d like to publish now, please, for the witness and the Court — and the jury, excuse me, Government’s Exhibit 150, which appears at tab 4 of your binder. What is Government’s Exhibit 150?

A. This is another Word Press post by Guccifer 2 dated June 30, 2016.

Jonathan Kravis would remind the jury how the latter post coincided with a call between Stone and Trump in his closing arguments.

And Stone’s lawyers raised the persona a few times, in their opening, in cross examination, and their close.

But this was the first time prosecutors directly addressed Stone’s claims and communications about Guccifer 2.0, as opposed to with Trump or — via a never identified go-between — with WikiLeaks.

In the prosecution prior to this point, as in most of these Roger Stone stories, the WikiLeaks story was kept remarkably distinct from the Guccifer 2.0 story.

Of the four stories told about Roger Stone, two adopt a structure that treat Stone’s communication with Guccifer 2.0 and WikiLeaks in parallel: there are a handful of communications between him and Guccifer 2.0 (pages 194 to 196 of the SSCI Report, one paragraph on page 44 of the Mueller Report), and a separate discussion of Stone’s attempts to optimize the WikiLeaks releases (pages 221 to 252 of the SSCI Report, pages 51 to 59 of the Mueller Report).

The affidavits show that initial investigative work focused on Guccifer 2.0, not WikiLeaks. The way in which later affidavits present these issues changed over time. But many of them separate Stone’s “Public interactions with Guccifer 2.0 and WikiLeaks” from the (later) “Private Twitter Direct Messages with WikiLeaks and ASSANGE.” The affidavits generally stopped mentioning Stone’s private DMs with Guccifer 2.0 in March 2018.

That parallel structure applies to the indictments, too. Stone gets his own paragraph, ¶44, in the GRU indictment. But the Stone indictment makes absolutely no mention of Guccifer 2.0. The government declared Stone’s prosecution a “related case” to the GRU one, meaning the same judge — Amy Berman Jackson — would preside. Stone’s team unsuccessfully objected. Prosecutors explained the designation, in part, because, “Certain Netyksho defendants, through a fictitious online persona they created, Guccifer 2.0, also interacted directly with Stone concerning other stolen materials posted separately online.” Ultimately, ABJ denied Stone’s attempt to dissociate the case. Stone made an equally unsuccessful attempt to make the Russian attribution more central to the case, even addressing his communications with Guccifer 2.0. Ultimately, however, the case was totally separate.

And yet, just before it closed their case, the government got their FBI witness to review the part of Stone’s HPSCI testimony where he acknowledged that the intelligence community had assessed that Guccifer 2.0 was a cut-out for Russian intelligence.

In response, Stone’s attorney Bruce Rogow got Taylor to confirm that she didn’t know independently whether Guccifer is Russian and “was not aware” of any other communications between Stone and Guccifer 2.0, something he tried unsuccessfully to emphasize in his close.

Q. Good morning, again, Ms. Taylor.

A. Good morning.

Q. Do you know, independently, whether or not Guccifer is Russian?

A. I don’t.

Q. Did Mr. Stone turn over his communications with Guccifer that he mentioned in the transcript?

A. He did.

Q. Did you find any other communications between Mr. Stone and Guccifer?

A. I’m not aware of any.

Taylor’s response was the same one the Mueller Report gave, in that sole paragraph on Stone’s communications with Guccifer 2.0 referenced above. A sentence that has been unsealed since the original release reads, “The investigation did not identify evidence of other communications between Stone and Guccifer 2.0,” beyond the DMs in August and September, 2016. Earlier in that paragraph, however, a previously redacted passage reveals the significance of it. “After the GRU had published stolen DNC documents through Guccifer 2.0, Stone told members of the Campaign that he was in contact with Guccifer 2.0,” which it cites to this almost entirely redacted passage in a Rick Gates interview, a passage that seems to discuss events that predate the July 22 DNC release.

SSCI has read this unredacted 302, and they assess (as I have in the past, about a different 302) that Gates was just confused between the illusory deleted Clinton emails and actual advance knowledge of emails.

FBI, FD-302, Gates 4/10/2018. The Committee assesses· that, at this time, the references to Clinton’s “emails” reflected a focus on allegedly missing or deleted.emails from Clinton’s personal server during her tenure as Secretary of State.

But in context, the unredacted passage in the Mueller Report suggests that Stone told Gates — and others — that he spoke to Guccifer 2.0 before those known August and September exchanges.

This is a question that prosecutors might have asked Gates to testify about publicly. As noted, his testimony directly preceded Taylor’s second trip to the stand. Rather than ask for clarification on that question, though, Aaron Zelinsky instead had Gates describe how, on June 15, in the wake of the DNC announcement that it had been hacked by Russia (and, though Zelinsky didn’t say it, the launch of the Guccifer 2.0 site), Stone asked for the phone numbers of Jared Kushner and one other staffer “to debrief them on the developments of the DNC announcement.” Indeed, Zelinsky treated this as entirely a discussion about WikiLeaks’ upcoming leaks, not Guccifer 2.0’s existing one.

Q. During the balance of June — we’re still in June of 2016 — did you continue to discuss WikiLeaks with Mr. Stone?

A. Yes, off and on.

Q. Why did you continue, in June, to continue to discuss WikiLeaks with Mr. Stone?

A. Because at that point, both myself and Mr. Manafort didn’t believe the information was coming because it still hadn’t come out. And Mr. Manafort had asked me from time to time to check with Mr. Stone to see if the information was still real and viable.

Q. And when you say the “information,” you mean releases from WikiLeaks; is that correct?

A. That’s correct.

As for Agent Taylor’s response to Bruce Rogow’s question — that she was not aware of any other communications between Guccifer 2.0 and Stone besides the DMs he shared with HPSCI — she might not be aware of any late-discovered communications between Stone and Guccifer 2.0 beyond those he shared with HPSCI even if there were any. She testified that her role on “that piece” of the investigation — meaning the investigation of Roger Stone — was as a case agent.

Q. Ms. Taylor, in the course of your work with the FBI, was there a time in your career when you were assigned to work on the investigation led by then Special Counsel Robert Mueller?

A. Yes.

Q. And in particular in the course of your work on the special counsel’s investigation, did you participate in the piece of the investigation that concerned the defendant in this case, Roger Stone?

A. Yes, I did.

Q. What was your role on that piece of the special counsel’s investigation?

A. I was one of the case agents on the investigation of Mr. Stone.

According to Andrew Weissmann’s book, though, her primary role on Mueller’s team wasn’t on the Stone team, she was the lead agent on the obstruction team (which, given the involvement of Andrew Goldstein in certain interviews in fall 2018, was closely involved in investigating Roger Stone’s witness tampering and cover story as part of the obstruction piece). Taylor wrote none of the affidavits targeting Stone. Additionally, she had left the FBI months before the trial, in August 2019, so she also wouldn’t have been included in an interview conducted over the weekend of the trial (possibly with Andrew Miller, Stone’s aide who had managed his schedule at the RNC, where Stone appears to have gotten advance notice of the DNC leak).

So even with Taylor on the stand, Bruce Rogow may not have been able to discover — much less convey to the jury — the government’s full understanding of what Guccifer 2.0’s relationship with Stone was … not what it was when other FBI agents wrote affidavits hiding part of the investigation from him a year earlier, not what it was when they obtained Andrew Miller’s testimony weeks after the release of the Mueller Report, not what it was after that last interview on November 9, 2019, over seven months after the completion of the Mueller Report and smack dab in the middle of the trial.

Indeed, when he was standing there asking the question of Mueller’s lead agent from the obstruction team about communications between his client and Guccifer 2.0, Rogow would know that the FBI had found searches, starting on May 17, 2016, that seemed to indicate that Stone had foreknowledge of the Russian hack-and-leak; Stone had received those two warrants (one, two) in discovery. But Rogow would not know — because it was among the 15 warrants that the government had withheld, in part, to hide the full scope of the investigation from Stone — that two minutes after the FBI obtained a warrant for Stone’s cell site location from June 14 to November 15, 2016, in part to confirm whether Stone had done the searches indicating foreknowledge of the Guccifer 2.0 operation and in part to figure out whom he met with on August 3, 2016 in LA when he would later claim to have been dining with Julian Assange — a different FBI agent, one likely tied to the GRU investigative team, obtained a search warrant for an email that Guccifer 2.0 set up on July 23, 2016. That email was set up the day after the DNC drop, and perhaps not coincidentally, on the last day on which Stone may have deleted his Google search history, hiding those earlier searches showing foreknowledge of the Russian operation.

Up to that moment when former Agent Taylor discussed Stone’s HPSCI testimony confirming he knew the intelligence community believed Guccifer 2.0 to be a Russian cut-out, Stone’s trial was about his lies about who his go-between with WikiLeaks was, not about truths and lies he may have told about Guccifer 2.0.

Unless Guccifer 2.0 was that go-between.

In any case, the trial was, ultimately, about Guccifer 2.0, because some of the evidence prosecutors used to prove that Stone spoke with the campaign about a go-between to WikiLeaks involved Guccifer 2.0. In addition to the disclosure that Stone spoke to Trump before the June 15 and after the June 30 Guccifer 2.0 posts, the trial made something else public for the first time, something that had been a key detail in the affidavits, and would be in the SSCI Report, but which was not one included in the Mueller Report (or Stone’s indictment).

At 8:16AM on August 15, Corsi texted and then at 8:17 AM Corsi emailed Stone the same message, telling him there was “more to come than anyone realizes”:

Appearing in the midst of a story about Stone’s lies about his go-between with WikiLeaks, the texts and emails are fairly innocuous. Though the SSCI Report does seem to believe Corsi’s story that this moment — and the 24 minute call between Corsi and Stone at 12:14PM on August 15 — is when Corsi told Stone about what the Podesta files would include.

(U) The Committee is uncertain how Corsi determined that Assange had John Podesta’s emails. Corsi initially explained in an interview with the SCO that during his trip to Italy, someone told him Assange had the Podesta emails. Corsi also recalled learning that Assange was going to “release the emails seriatim and not all at once.”1572 However, Corsi claimed not to remember who provided him with this information, saying he could only recall that “it feels like a man” who told him.1573

(U) Corsi further recalled that on August 15, after he returned from Italy, he conveyed this information to Stone by phone.1574 According to Corsi, the information was new to Stone. Stone seemed “happy to hear it,” and the two of them “discussed how the emails would be very damaging” to Clinton. 1575 Corsi also reiterated by both text and email to Stone on August 15 that there was “[m]ore to come than anyone realizes. Won’t really get started until after Labor Day.”1576

But that’s only so long as you keep the Guccifer 2.0 story separate from the WikiLeaks story, as the SSCI and Mueller Reports do.

If you combine those stories, though, here’s what a partial timeline looks like:

August 2, 2016: Corsi informs Stone that “the hackers” will release one dump shortly after he returns on August 12 and another in October; he also mentions Podesta.

August 3, 9:12AM: Stone emails Manafort to tell him about, “an idea to save Trump’s ass.”

August 4: Stone tells Sam Nunberg that he dined with Assange the night before (he had been in LA).

August 5: Stone flip-flops on prior public statements backing the Russian attribution, writing a column declaring that Guccifer 2.0, not Russia, did the DNC hack.

August 9: Both Julian Assange and Stone start pushing the Seth Rich conspiracy.

August 12, 5:41PM: Guccifer 2.0 releases DCCC docs, fulfilling the timing (but not the outlet) that Corsi predicted.

August 12, 6:31PM: Guccifer 2.0, Emma Best, and WikiLeaks begin a discussion about exclusivity on the DCCC documents for WikiLeaks.

August 12, 10:16PM: Guccifer 2.0 says he’ll send major trove of DCCC documents to WikiLeaks; WikiLeaks never publishes any DCCC documents.

August 12, 10:23PM: Guccifer 2.0 publicly calls out Stone, “Thanks that u believe in the real #Guccifer2.”

August 13, 10:19AM: Corsi texts Stone: “Call when you can.”

August 13, 10:42AM: WikiLeaks tweets “‘@Guccifer_2’ has account completely censored by Twitter after publishing some files from Democratic campaign #DCCC”

August 13, 11:15AM: Stone tweets, “@wikileaks @GUCCIFER_2 Outrageous! Clintonistas now nned to censor their critics to rig the upcoming election.”

August 13, 7:29PM: Stone tweets, “@DailyCaller Censorship ! Gruccifer is a HERO.”

August 14, 12:58PM: Guccifer 2.0 tweets, “#Guccifer2 Here I am! They’ll have to try much harder to block me! #DNCleak #dccchack”

August 14 (unknown time): Stone DMs Guccifer 2.0: “Delighted you are reinstated.”

August 14 (unknown time, per Corsi article): Corsi starts a file called “Podesta.”

August 15, 1:33AM: Stone tweets about Podesta for the first time ever, seemingly in response to NYT story on black ledger implicating Manafort: “@JohnPodesta makes @PaulManafort look like St. Thomas Aquinas Where is the @NewYorkTimes?”

August 15, 8:16 and 8:17 AM: Corsi texts and emails Stone, “More to come than anyone realizes.”

August 15, 12:14PM: Corsi and Stone speak for 24 minutes.

August 15, 2016 (unknown time): Guccifer 2.0 DMs Stone: “thank u for writing back . . . do u find anyt[h]ing interesting in the docs i posted?”

So long as the WikiLeaks story is kept separate from the Guccifer 2.0 one, that August 15 DM from Guccifer 2.0 to Stone appears to be a question about the DCCC emails posted on August 12, and so, as Stone claimed, totally innocuous. But given the evidence that Corsi and Stone acquired advance knowledge of the content of select Podesta emails by August 15 — particularly given Stone’s claim, reportedly made before July 22, to have been in touch with Guccifer 2.0 and his apparent foreknowledge of the GRU personas — that August 15 DM appears to be a comment on the Podesta files.

That is, that August 15 was not innocuous at all. It appears to have been, rather, the GRU’s persona asking Stone whether he liked what he had received in advance.

 


The movie Rashomon demonstrated that any given narrative tells just one version of events, but that by listening to all available narratives, you might identify gaps and biases that get you closer to the truth.

I’m hoping that principle works even for squalid stories like the investigation into Roger Stone’s cheating in the 2016 election. This series will examine the differences between four stories about Roger Stone’s actions in 2016:

As I noted in the introductory post (which lays out how I generally understand the story each tells), each story has real gaps in one or more of these areas:

My hope is that by identifying these gaps and unpacking what they might say about the choices made in crafting each of these stories, we can get a better understanding of what actually happened — both in 2016 and in the investigations. The gaps will serve as a framework for this series.

The post Rat-Fucker Rashomon: Guccifer 2.0 the Go-Between appeared first on emptywheel.

]]>
https://www.emptywheel.net/2020/10/22/rat-fucker-rashomon-guccifer-2-0-the-go-between/feed/ 8
Rat-Fucker Rashomon: Getting the “Highest Level of Government” to Free Julian Assange https://www.emptywheel.net/2020/10/21/rat-fucker-rashomon-getting-the-highest-level-of-government-to-free-julian-assange/ https://www.emptywheel.net/2020/10/21/rat-fucker-rashomon-getting-the-highest-level-of-government-to-free-julian-assange/#comments Wed, 21 Oct 2020 11:42:36 +0000 https://www.emptywheel.net/?p=85882 On June 10, 2017, Roger Stone told Julian Assange he was "doing everything possible to address" Assange's plight "at the highest level of Government." On June 19, 2017, Trump tried to send a back channel order to Jeff Sessions to shut down any investigation into past Russian meddling in the election, effectively an attempt to shut down any investigation into Assange.

The post Rat-Fucker Rashomon: Getting the “Highest Level of Government” to Free Julian Assange appeared first on emptywheel.

]]>
On June 10, 2017, according to affidavits submitted as part of the Mueller investigation, Roger Stone DMed Julian Assange and told him he was doing everything he could to “address the issues at the highest level of Government.”

57. On or about June 10, 2017, Roger Stone wrote to Target Account 2, “I am doing everything possible to address the issues at the highest level of Government. Fed treatment of you and Wikileaks is an outrage. Must be circumspect in this forum as experience demonstrates it is monitored. Best regards R.” Target Account 2 wrote back, “Appreciated. Of course it is!”

On June 19, 2017, according to the Mueller Report, the President dictated a message for Corey Lewandowski to take to Jeff Sessions, telling the (recused) Attorney General to meet with Robert Mueller and order him to limit his investigation only to future election meddling, not the election meddling that had gotten Trump elected.

During the June 19 meeting, Lewandowski recalled that, after some small talk, the President brought up Sessions and criticized his recusal from the Russia investigation.605 The President told Lewandowski that Sessions was weak and that if the President had known about the likelihood of recusal in advance, he would not have appointed Sessions.606 The President then asked Lewandowski to deliver a message to Sessions and said “write this down.” 607 This was the first time the President had asked Lewandowski to take dictation, and Lewandowski wrote as fast as possible to make sure he captured the content correctly.608 The President directed that Sessions should give a speech publicly announcing:

I know that I recused myself from certain things having to do with specific areas. But our POTUS . .. is being treated very unfairly. He shouldn’t have a Special Prosecutor/Counsel b/c he hasn’t done anything wrong. I was on the campaign w/ him for nine months, there were no Russians involved with him. I know it for a fact b/c I was there. He didn’t do anything wrong except he ran the greatest campaign in American history.609

The dictated message went on to state that Sessions would meet with the Special Counsel to limit his jurisdiction to future election interference:

Now a group of people want to subvert the Constitution of the United States. T am going to meet with the Special Prosecutor to explain this is very unfair and let the Special Prosecutor move forward with investigating election meddling for future elections so that nothing can happen in future elections.610

Days after Roger Stone told Julian Assange that he was trying to resolve matters at the highest level of government, the President of the United States tried to issue a back channel order that would shut down the investigation into Assange — and by association, Stone.

According to Lewandowski, neither he nor Rick Dearborn (on whom he tried to pawn off the task) actually delivered the message. But according to Andrew Weissmann, when he and Jeannie Rhee first got briefed on the investigation into how Russia released the documents it had stolen around that time, they learned no one was investigating it.

This effort didn’t start in June 2017, though. It started at least seven months earlier.

The SSCI Report reveals that the day before the Podesta emails got released, Stone probably had a six minute phone call with the candidate via Keith Schiller’s phone.

On the afternoon of October 6, Stone received a call from Keith Schiller’s number. Stone returned the call about 20 minutes later, and spoke-almost certainly to Trump–for six minutes.1663 The substance of that conversation is not known to the Committee. However, at the time, Stone was focused on the potential for a WikiLeaks release, the Campaign was following WikiLeaks’s announcements, and Trump’s prior call with Stone on September 29, also using Schiller’s phone, related to a WikiLeaks release. Given these facts, it appears quite likely that Stone and Trump spoke about WikiLeaks.

The SSCI Report and the affidavits reveal that Stone postponed a lunch with Jerome Corsi on October 8 to go meet with Trump.

On or about October 8, 2016, STONE messaged CORSI at Target Account 2, “Lunch postponed- have to go see T.” CORSI responded to STONE, “Ok. I understand.”

According to Mike Flynn, in the wake of the Podesta release, senior campaign officials discussed reaching out to WikiLeaks.

Beginning on October 7, 2016, WikiLeaks released emails stolen from John Podesta, the chairman of Hillary Clinton’s 2016 presidential campaign. The defendant relayed to the government statements made in 2016 by senior campaign officials about WikiLeaks to which only a select few people were privy. For example, the defendant recalled conversations with senior campaign officials after the release of the Podesta emails, during which the prospect of reaching out to WikiLeaks was discussed.

And then, days later, Roger Stone tried to reach out to WikiLeaks — seemingly in response to WikiLeaks’ public disavowal of any tie to Stone — only to be rebuffed.

On October 13, 2016, while WikiLeaks was in the midst of releasing the hacked Podesta emails, @RogerJStoneJr sent a private direct message to the Twitter account @wikileaks. This account is the official Twitter account of WikiLeaks and has been described as such by numerous news reports. The message read: “Since I was all over national TV, cable and print defending WikiLeaks and assange against the claim that you are Russian agents and debunking the false charges of sexual assault as trumped up bs you may want to rexamine the strategy of attacking me- cordially R.”

Less than an hour later, @Wikileaks responded by direct message: “We appreciate that. However, the false claims of association are being used by the democrats to undermine the impact of our publications. Don’t go there if you don’t want us to correct you.”

On October 16, 2016, @RogerJStoneJr sent a direct message to @Wikileaks: “Ha! The more you \”correct\” me the more people think you’re lying. Your operation leaks like a sieve. You need to figure out who your friends are.”

But after the election, it was WikiLeaks that reached out to Stone.

On November 9, 2016, one day after the presidential election, @Wikileaks sent a direct message to @RogerJStoneJr containing a single word: “Happy?” @Wikileaks immediately followed up with another message less than a minute later: “We are now more free to communicate.”

At Stone’s trial, Randy Credico testified that in that same period after the election, he put Roger Stone in touch with Margaret Kunstler, Credico’s tie to WikiLeaks and one of the 1,000 lawyers (per a snarky answer from Credico) who represented Assange, to discuss a pardon.

Q. Had you put Mr. Stone directly in touch with Ms. Kunstler after the election?

A. Yes, I did.

Q. And why had you done that?

A. Well, sometime after the election, he wanted me to contact Mrs. Kunstler. He called me up and said that he had spoken to Judge Napolitano about getting Julian Assange a pardon and needed to talk to Mrs. Kunstler about it. So I said, Okay. And I sat on it. And I told her–I told her–she didn’t act on it. And then, eventually, she did, and they had a conversation.

Credico is very evasive about the timing of all this. Texts between him and Stone, introduced as an exhibit at Stone’s trial, show that Credico raised asylum on October 3, three hours before he boasted that he was best friends with Assange’s lawyer, meaning Kunstler.

But when asked about the timing, Credico refused to answer, or even answer a yes or no question about whether discussions began before the election. Note, these texts were ones that neither Credico nor Stone provided at first, on Credico’s part because he no longer had them; the government ultimately subpoenaed them from Stone after Stone shared them with Chuck Ross. The texts Stone produced go through November 14, but the ones released at trial stop on October 3.

Later affidavits make clear, however, that on November 15, seven days after Trump won an election with Julian Assange’s help, Trump’s rat-fucker sent Kunstler a link to download Signal and asked her to call him, which she said she’d do. (This was the first day Stone was using the iPhone 7 on which he sent her these texts.)

Additionally, text messages recovered from Stone’s iCloud account revealed that on or about November 15, 2016, Stone sent an attorney with the ability to contact Julian Assange a link to download the Signal application. 15 Approximately fifteen minutes after sending the link, Stone texted the attorney, “I’m on signal just dial my number.” The attorney responded, “I’ll call you.”

15 This attorney was a close friend of Credico’s and was the same friend Credico emailed on or about September 20, 2016 to pass along Stone’s request to Assange for emails connected to the allegations against then-candidate Clinton related to her service as Secretary of State.

So the pardon discussions Credico testified about under oath began no later then a week after Assange helped Trump get elected and Credico refused to rule out that they started on November 9 or even earlier. The SSCI Report notes Credico had a 12 minute call with Stone on October 5 and five more calls on October 6.

After Trump was inaugurated in early 2017, via an attorney he shared with Oleg Deripaska, Assange tried to leverage CIA’s hacking tools believed to have been stolen the previous April to obtain an immunity deal. Even while those discussions were ongoing, on March 7, 2017, WikiLeaks released the first installment of CIA’s hacking tools, a release they called Vault 7. According to witnesses at the trial of the accused source, Joshua Schulte, the Vault 7 release brought CIA’s hacking-based spying virtually to a halt while the agency tried to figure out who would be compromised by the release.

But that didn’t stop the pardon discussions between WikiLeaks, including Assange personally, and Stone. After another spat about whether Stone had had a back channel to WikiLeaks which they aired on CNN, Stone returned to a discussion of a pardon on April 7.

On or about March 27, 2017, Target Account 1 wrote to Roger Stone, “FYI, while we continue to be unhappy about false \”back channel\” claims, today CNN deliberately broke our off the record comments.”

On March 27, 2017, CNN reported that a representative of WikiLeaks, writing from an email address associated with WikiLeaks, denied that there was any backchannel communication during the Campaign between Stone and WikiLeaks. The same article quoted Stone as stating: “Since I never communicated with WikiLeaks, I guess I must be innocent of charges I knew about the hacking of Podesta’s email (speculation and conjecture) and the timing or scope of their subsequent disclosures. So I am clairvoyant or just a good guesser because the limited things I did predict (Oct disclosures) all came true. ”

On or about April 7, 2017, Roger Stone wrote to Target Account 1, ” I am JA’s only hope for a pardon the chances of which are actually (weirdly) enhanced by the bombing in Syria (which I opposed) . You have no idea how much your operation leaks. Discrediting me only hurts you. Why not consider saying nothing? PS- Why would anyone listen to that asshole Daniel Ellsberg.”

On April 13, in the wake of the Vault 7 hack, Mike Pompeo declared WikiLeaks a non-state hostile intelligence service often abetted by Russia.

It is time to call out WikiLeaks for what it really is – a non-state hostile intelligence service often abetted by state actors like Russia. In January of this year, our Intelligence Community determined that Russian military intelligence—the GRU—had used WikiLeaks to release data of US victims that the GRU had obtained through cyber operations against the Democratic National Committee. And the report also found that Russia’s primary propaganda outlet, RT, has actively collaborated with WikiLeaks.

In response, Stone took to InfoWars on April 18, calling on Pompeo to either provide proof of those Russian ties or resign, defending the release of the Vault 7 tools along the way.

The Intelligence agencies continue to insist that Julian Assange is an active Russian Agent and that Wikileaks is a Russian controlled asset. The agencies have no hard proof of this claim whatsoever. Assange has said repeatedly that he is affiliated with no nation state but the Intelligence Agencies continue to insist that he is under Russian control because it fits the narrative in which they must produce some evidence of Russian interference in our election because they used this charge to legally justify and rationalize the surveillance of Trump aides, myself included.

[snip]

President Donald Trump said on Oct, 10, 2016 “I love Wikileaks” and Pompeo who previously had praised the whistleblowing operation now called Wikileaks “a non-state hostile Intelligence service often abetted by state actors like Russia”. Mr. Pompeo must be pressed to immediately release any evidence he has that proves these statements. If he cannot do so ,the President should discharge him.

[snip]

Julian Assange does not work for the Russians. Given the import of the information that he ultimately disclosed about the Clinton campaign, the Obama administration and the deep secrets in the CIA’s Vault 7, he has educated the American people about the tactics and technology the CIA has used to spy on ordinary Americans.

Assange personally DMed Stone to thank him for the article, while claiming that Pompeo had stopped short of claiming that WikiLeaks had gotten the stolen DNC emails directly, thereby making WikiLeaks like any other media outlet.

On or about April 19, 2017, Assange, using Target Account 2, wrote to Stone, “Ace article in infowars. Appreciated. But note that U.S. intel is engages in slight of hand maoevers [sic]. Listen closely and you see they only claim that we received U.S. election leaks \”not directly\” or via a \”third party\” and do not know \”when\” etc. This line is Pompeo appears to be getting at with his \”abbeted\”. This correspnds to the same as all media and they do not make any allegation that WL or I am a Russia asset.”

It’s in that context — in the wake of Trump’s trusted CIA Director (and a former WikiLeaks booster himself) asserting serial cooperation between Russia and WikiLeaks — that Stone and Assange had the exchange that directly preceded Trump’s attempt to shut down any investigation into the leaks to WikiLeaks.

On June 4, Stone threatened to “bring down the entire house of cards” if the government moved on Assange (Stone kept a notebook during the campaign detailing all the calls he had had with Trump), then raised a pardon again, suggesting Assange had done nothing he needed to be pardoned for.

56. On or about June 4, 2017, Roger Stone wrote back to Target Account 2, “Still nonsense. As a journalist it doesn’t matter where you get information only that it is accurate and authentic. The New York Times printed the Pentagon Papers which were indisputably stolen from the government and the courts ruled it was legal to do so and refused to issue an order restraining the paper from publishing additional articles. If the US government moves on you I will bring down the entire house of cards. With the trumped-up sexual assault charges dropped I don’t know of any crime you need to be pardoned for – best regards. R.” Target Account 2 responded, “Between CIA and DoJ they’re doing quite a lot. On the DoJ side that’s coming most strongly from those obsessed with taking down Trump trying to squeeze us into a deal.”

57. On or about June 10, 2017, Roger Stone wrote to Target Account 2, “I am doing everything possible to address the issues at the highest level of Government. Fed treatment of you and Wikileaks is an outrage. Must be circumspect in this forum as experience demonstrates it is monitored. Best regards R.” Target Account 2 wrote back, “Appreciated. Of course it is!”

According to texts between Stone and Credico, Stone at least claimed to be pursuing a pardon in early 2018 (though he may have been doing that to buy Credico’s silence).

And it wasn’t just Stone involved in the discussions to free Assange.

Manafort’s Ecuador trip

While it’s not clear to what end, Paul Manafort took steps relating to Assange as well.

There’s the weird story by Ken Vogel, explaining that between those two Stone-Assange exchanges in April and June, 2017, long-time Roger Stone friend Paul Manafort went to Ecuador to negotiate Assange’s expulsion.

In mid-May 2017, Paul Manafort, facing intensifying pressure to settle debts and pay mounting legal bills, flew to Ecuador to offer his services to a potentially lucrative new client — the country’s incoming president, Lenín Moreno.

Mr. Manafort made the trip mainly to see if he could broker a deal under which China would invest in Ecuador’s power system, possibly yielding a fat commission for Mr. Manafort.

But the talks turned to a diplomatic sticking point between the United States and Ecuador: the fate of the WikiLeaks founder Julian Assange.

In at least two meetings with Mr. Manafort, Mr. Moreno and his aides discussed their desire to rid themselves of Mr. Assange, who has been holed up in the Ecuadorean Embassy in London since 2012, in exchange for concessions like debt relief from the United States, according to three people familiar with the talks, the details of which have not been previously reported.

They said Mr. Manafort suggested he could help negotiate a deal for the handover of Mr. Assange to the United States, which has long investigated Mr. Assange for the disclosure of secret documents and which later filed charges against him that have not yet been made public.

The story never explained whether Manafort wanted Assange handed over for trial, for a golf vacation, or for Russian exfiltration (as was reportedly planned for Assange later in 2017).

That Manafort went to Ecuador and negotiated for an Assange release accords, however, with the 302 of a witness who called in to Mueller’s team. The witness described that Manafort had told him or her, in real time, that he had gone to Ecuador, “to try to convince the incoming President to expel Assange from the Embassy in order to gain favor with the U.S.”

Neither of these stories should be considered reliable, as written. 302s that Bill Barr’s DOJ is willing to release in unredacted form, as this one is, tend to be false claims that make Trump look less suspect than he really is. And Manafort-adjacent sources were using Ken Vogel to plant less-damning cover stories during this period. Further, as we’ll see, the dates of them, November 28 and December 3, 2018, respectively, puts them in a period after Trump knew that Mueller was investigating efforts to pardon Assange.

Manafort went to Ecuador in May of 2017. At the time, his lifelong buddy Roger Stone was still pursuing some means to get Assange released. It’s unclear precisely what Manafort asked Lenín Moreno to do.

WikiLeaks cultivates Trump’s oldest son

A more interesting parallel timeline (one that becomes more interesting if you track the communications in tandem, as I do below) is the dalliance between Don Jr and WikiLeaks. The failson’s communications with WikiLeaks are one area where all of the Roger Stone stories withhold key details. The Mueller Report, for example, covers only three of the Don Jr-WikiLeaks exchanges, which it caveats by explaining that it addresses the ones “during the campaign period” (again, only the one where Don Jr accesses a non-public website using the private password WikiLeaks shared involved a prosecutorial decision and so needed to be included).

Like the Mueller Report, the SSCI Report describes in the body of the report Don Jr’s exchange with WikiLeaks in a period around the time that Trump and his closest advisors had discussed reaching out to WikILeaks.

(U) WikiLeaks also sought to coordinate its distribution of stolen documents with the Campaign. After Trump proclaimed at an October 10 rally, “I love WikiLeaks” and then posted about it on Twitter,1730 WikiLeaks resumed messaging with Trump Jr. On October 12, it said: “Strongly suggest your dad tweets this link if he mentions us … there’s many great stories the press are missing and we’re sure some of your follows [sic] will find it. btw we just released Podesta Emails Part 4.”1731 Shortly afterward, Trump tweeted: “Very little pick-up by the dishonest media of incredible information provided by WikiLeaks. So dishonest! Rigged System!”1732 Two days later, Donald Trump Jr. tweeted the link himself: “For those who have the time to read about all the corruption and hypocrisy all the @wikileaks emails are right here: wlsearch.tk.”1733 Trump Jr. admitted that this may have been in response to the request from WikiLeaks, but also suggested that it could have been part of a general practice of retweeting the. WikiLeaks releases when they came out. 1734

But it only presents one part of the exchange that Jr and WikiLeaks had on November 8 and 9, and it relegates that to a footnote.

1738 (U) Ibid., pp. 164-166. WikiLeaks continued to interact with Trump Jr. after the general election on November 8, 2016. On November 9, 2016, WikiLeaks wrote to Trump Jr.: “Wow. Obama people will surely try to delete records on the way out. Just a heads up.”

As to the affidavits, the warrant application for Julian Assange’s Twitter account described having earlier obtained Don Jr’s Twitter account, but didn’t refer to him by name. Instead, it referred to him as “a high level individual associated with the Campaign,” and described just the September exchange between the two of them.

After the Atlantic provided more of those DMs, Don Jr, as he had earlier with his June 9 emails, released them himself. The Election Day exchange of which SSCI made no mention pushes Don Jr to adopt a strategy Russia was also pushing — to refuse to concede (a strategy that Trump will undoubtedly adopt on November 4 if he loses).

Hi Don; if your father ‘loses’ we think it is much more interesting if he DOES NOT conceed [sic] and spends time CHALLENGING the media and other types of rigging that occurred–as he has implied that he might do. He is also much more likely to keep his base alive and energised this way and if he is going to start a new network, showing how corrupt the old ones are is helpful. The discussion about the rigging can be transformative as it exposes media corruption, primary corruption, PAC corruption etc. We don’t like corruption ither [sic] and our publications are effective at proving that this and other forms of corruption exists.

That doesn’t pertain to pardons (though it does demonstrate that WikiLeaks was not involved in a journalistic enterprise).

But a DM from December 16, 2016 the SSCI similarly excerpted in a footnote does discuss what amounts to a pardon:

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. Background: justice4assange.com

When these DMs were released on November 14, 2017, Assange tweeted out a follow-up to the December 2016 one, adding a threat by hashtagging, Vault8, the source code to the CIA files, a single example of which WikiLeaks had just released on November 9, 2017.

Meanwhile, the one other example where WikiLeaks provided the President’s son advice — a pitch for him to release his own June 9 emails via WikiLeaks in July 2017 — WikiLeaks explicitly suggested that Don Jr contact Margaret Kunstler, the same lawyer who had been discussing pardons with Assange nine months earlier.

There appears to be more — far more — to Margaret Kunstler’s role. Two 302s identifiable as hers have been released in response to the BuzzFeed FOIA, an interview on October 29, 2018 involving Stone prosecutor Aaron Zelinsky and Obstruction prosecutor Andrew Goldstein, and a second interview, this one by phone, on November 20, 2018, this one adding Russian prosecutor Rush Atkinson along with Zelinsky and Goldstein. Both 302s were released on October 1, 2020, the most recent release. In the first interview, only Kunstler’s response stating that she did not pass on Stone’s September request for information about Libya to Julian Assange was partly unsealed; there are at least five more paragraphs that remain redacted as part of an ongoing investigation. The second is eight pages long and appears to have at least four sub-topics with separate headings. Aside from the introductory paragraph, it remains entirely redacted, with over half covered by a b7A ongoing investigation exemption.

The investigation into much of Stone’s activities appears to have been shut down. But the investigation into the pardon discussions appears to have been ongoing just three weeks ago.

The Mueller question

The discussion of efforts to free Julian Assange appears, primarily, in two versions of the Roger Stone story. Prosecutors at Stone’s trial used the discussions to explain which of Stone’s threats — those naming Kunstler directly — worked most effectively to delay Credico’s cooperation. It also appears in affidavits, though with Don Jr’s identity obscured.

The SSCI report relegates both the Don Jr and Stone pardon discussions with WikiLeaks to footnotes and doesn’t quote Stone using the word “pardon” in the excerpts it includes. It does so even though the SSCI Report describes Dana Rohrabacher’s attempt to broker an Assange pardon in August 2017 in the body of the text.

The Mueller Report doesn’t discuss pardon efforts for Assange where you might expect it, along with discussions of pardons for Manafort, Flynn, Stone himself, and Michael Cohen. Mention of the effort to free Assange appears in just one place: amid the questions asked of Trump in an appendix.

Did you have any discussions prior to January 20, 2017, regarding a potential pardon or other action to benefit Julian Assange? If yes, describe who you had the discussion(s) with, when, and the content of the discussion(s).

I do not recall having had any discussion during the campaign regarding a pardon or action to benefit Julian Assange.

That appendix explains that Mueller’s team submitted these questions on September 17, 2018 (before both of Kunstler’s interviews) and Trump returned them on November 20, 2018.

In the interim period, on October 30, 2018, Don Jr’s close buddy, Arthur Schwartz, for the first time in years of having listened to former Sputnik employee Cassandra Fairbanks’ lobbying for Julian Assange in the right wing chat room they both (along with Ric Grenell) participated in responded by telling her that he would be charged and expelled from the embassy, that a pardon was not going to fucking happen and — at some point, if Fairbanks can be believed — suggesting someone with whom Schwartz was lifelong friends might be affected.

Arthur Schwartz warned me that people would be able to overlook my previous support for WikiLeaks because I did not know some things which he claimed to know about, but that wouldn’t be so forgiving now that I was informed. He brought up my nine year old child during these comments, which I perceived as an intimidation tactic.

He repeatedly insisted that I stop advocating for WikiLeaks and Assange, telling me that “a pardon isn’t going to fucking happen.” He knew very specific details about a future prosecution against Assange that were later made public and that only those very close to the situation would have been aware of. He told me that it would be the “Manning” case that he would be charged with and that it would not involve Vault 7 publication or anything to do with the DNC. He also told me that they would be going after Chelsea Manning. I also recollect being told, I believe, that it would not be before Christmas.

[snip]

The other persons who Schwartz said might also be affected included individuals who he described as “lifelong friends.”

Shortly after Trump submitted his answers, two stories — one public, one via witness testimony to Mueller — claimed that Manafort’s visit to Moreno, at a time when his buddy Stone was seeking a pardon, was actually an attempt to expel him from the embassy.

In spite of what Schwartz told Cassandra, however, the pardon discussions aren’t over. Just before Julian Assange’s extradition hearing started, Roger Stone’s buddy Tucker Carlson invited Glenn Greenwald on to make a three minute pitch — one in which Glenn explained what a good way this would be for Trump to stick it to the Deep State — for both Assange and Ed Snowden.

Timeline

September 20, 2016: WikiLeaks DMs Don Jr a link to putintrump site, including a password.

October 3, 2016: Credico raises asylum for Assange and tells Stone he’s best friends with Assange’s lawyer. WikiLeaks DMs Don Jr asking him to push a story about Hillary drone-striking Assange; Don Jr notes he has already done so and asks what is coming on Wednesday.

October 5, 2016: Credico and Stone speak for 12 minutes.

October 6, 2016: Stone probably has a six minute call with Trump. Stone has five calls with Credico.

October 7, 2016: The release of the Podesta email swamps the DHS/ODNI release attributing the DNC hack and tying WikiLeaks to Russia

October 8, 2016: Stone and Trump probably meet.

Shortly after Podesta release: Senior campaign officials discuss reaching out to WikiLeaks.

October 10, 2016: Trump tweets “I love WikiLeaks.”

October 12, 2016: WikiLeaks disavows any back channel with Stone. WikiLeaks also DMs Don Jr suggesting he get his father to tweet a link. Don Jr tweets it that day.

October 13, 2016: Stone and WikiLeaks exchange DMs.

October 14, 2016: Trump tweets the link WikiLeaks sent to Don Jr.

October 16, 2016: Stone tells WikiLeaks “You need to figure out who your friends are.”

October 21, 2016: WikiLeaks suggests that Don Jr release Trump’s tax returns to WikiLeaks.

November 8, 2016: WikiLeaks DMs Don Jr to suggest Trump not concede if he loses.

November 9, 2016: WikiLeaks DMs Don Jr to claim Obama’s people will delete records on the way out. WikiLeaks DMs Stone to say, “We are now more free to communicate.”

November 14, 2016: Stone gets a new phone.

November 15, 2016: Stone texts Margaret Kunstler a link to Signal and tells her to call him on it, which she said she would do.

December 16, 2016: WikiLeaks suggests that he ask his dad to suggest Australia appoint Assange as Ambassador to the US.

January 6, 2017: WikiLeaks DMs Don Jr a John Harwood tweet asking, Who do you believe, America?

March 7, 2017: WikiLeaks starts releasing the Vault 7 files, effectively halting CIA’s hacking capability for a period.

March 27, 2017: Stone and WikiLeaks exchange more complaints about whether Stone had a back channel.

April 7, 2017: Stone writes WikiLeaks that he is “JA’s only hope for a pardon.”

April 13, 2017: Mike Pompeo calls WikiLeaks a non-state hostile intelligence service often abetted by Russia.

April 18, 2017: Stone calls on Pompeo to release proof of WikiLeaks’ Russian ties or resign.

April 19, 2017: Assange thanks Stone for the attack on Pompeo, but claims that Pompeo has stopped short of calling WikiLeaks a Russian asset.

April 26, 2017: Assange DMs Don Jr some video on “Fake News.”

May 2017: Manafort meets in Ecuador with Lenín Moreno to discuss Assange.

June 4, 2017: Stone DMs Assange, threatening to “bring down the entire house of cards” if the US government moves on Assange.

June 10, 2017: Roger Stone tells Assange he is “doing everything possible … at the highest level of Government” to help Assange.

June 19, 2017: Trump tries to give a back channel order to Jeff Sessions to limit the Mueller investigation to future election meddling, not the meddling that helped him get elected.

July 11, 2017: WikiLeaks DMs Don Jr to suggest he release his June 9 emails via WikiLeaks, providing him Margaret Kunstler’s contact information as if she would take the submission.

October 12, 2017: Mueller’s team obtains Don Jr’s Twitter content.

November 6, 2017: Mueller’s team obtains WikiLeaks and Assange’s Twitter content.

November 14, 2017: Don Jr releases his Twitter DMs with WikiLeaks. Julian Assange publicly references the December 16 DM, suggests he can open “luxury immunity suites for whistleblowers,” and includes a Vault8 hashtag (referencing CIA’s source code).

December 21, 2017: Reported attempt to exfiltrate Assange from the embassy; DOJ charges Assange with CFAA conspiracy.

January 6, 2018: Stone claims “I am working with others to get JA a blanket pardon.”

September 17, 2018: Mueller submits questions to Trump, including one about a pardon for Assange.

October 29, 2018: Mueller’s team interviews Kunstler.

October 30, 2018: Arthur Schwartz tells Cassandra Fairbanks there’s not going to be a fucking Assange pardon.

November 20, 2018: Trump returns his questions to Mueller. Mueller’s team interviews Kunstler.


The movie Rashomon demonstrated that any given narrative tells just one version of events, but that by listening to all available narratives, you might identify gaps and biases that get you closer to the truth.

I’m hoping that principle works even for squalid stories like the investigation into Roger Stone’s cheating in the 2016 election. This series will examine the differences between four stories about Roger Stone’s actions in 2016:

As I noted in the introductory post (which lays out how I generally understand the story each tells), each story has real gaps in one or more of these areas:

My hope is that by identifying these gaps and unpacking what they might say about the choices made in crafting each of these stories, we can get a better understanding of what actually happened — both in 2016 and in the investigations. The gaps will serve as a framework for this series.

The post Rat-Fucker Rashomon: Getting the “Highest Level of Government” to Free Julian Assange appeared first on emptywheel.

]]>
https://www.emptywheel.net/2020/10/21/rat-fucker-rashomon-getting-the-highest-level-of-government-to-free-julian-assange/feed/ 22
GRU Adopted the Identity of Two UK Journalists to Phish the OPCW https://www.emptywheel.net/2020/10/20/gru-adopted-the-identity-of-two-uk-journalists-to-phish-the-opcw/ https://www.emptywheel.net/2020/10/20/gru-adopted-the-identity-of-two-uk-journalists-to-phish-the-opcw/#comments Tue, 20 Oct 2020 09:54:15 +0000 https://www.emptywheel.net/?p=86648 The only detail about the GRU hack of the OPCW and Porton Downs included in a new GRU indictment is that the phishes laying the groundwork for the attack were done using spoofed identities of real journalists.

The post GRU Adopted the Identity of Two UK Journalists to Phish the OPCW appeared first on emptywheel.

]]>
Yesterday, the government rolled out another indictment against GRU. DOJ earlier indicted those involved in the 2016 election operation and those behind the WADA hack; one person, Antoliy Kovalev, was named in both yesterday’s indictment and the election one, and a second unit of the GRU was named in the earlier indictments along with Unit 74455, on which this focuses.

Down the road I’ll circle back to some of the similarities and differences between these three indictments (I compared the earlier two here). For now, I want to look at how the hackers targeted for spearphishing people at the Organisation for the Prohibition of Chemical Weapons (OPCW) and Defence Science and Technology Laboratory, which runs Porton Downs, after the two organizations attributed the Sergey Skripal attack on GRU.

The spoofed actual journalists:

66. On or about April 5, 2018, KOVALEV created an email account with a username that mimicked the name of a German national weekly newspaper. Shortly after creating the account, KOVALEV sent spearphishing emails regarding the “Incident in Salisbury,” purporting to be from a German journalist, to approximately 60 official DSTL email addresses. The next day, KOVALEV used the above-described Email Service to send emails, with malware attached, that appeared to be from a legitimate DSTL email address.

67. Also on or about April 6, 2018, the Conspirators conducted three related spearphishing campaigns that targeted the OPCW and U.K. agencies involved in the investigation of the poisoning.

a. On or about April 6, 2018, the Conspirators used an operational account which was created on or about April 5, 2018, and had a username mimicking the name of a U.K. journalist working for a U.K. media entity-to send approximately 20 spearphishing emails with the email subject line “Salisbury Spy Poisoning Investigation” to official OPCW email addresses. In the emails, the Conspirators purported to have information to share regarding the poisoning.

b. After the Conspirators received an email from OPCW directing them to instead share their information with certain U.K. authorities at three particular email addresses, the Conspirators used the same operational account to send spearphishing emails to those three email addresses.

c. Also on or about April 6, 2018, the Conspirators created another operational account, with a username mimicking the name of another U.K. journalist at the same U.K. media entity, and shortly thereafter sent approximately 19 spearphishing emails with the subject line “Salisbury Spy Poisoning Investigation” to official OPCW email addresses. In the emails, the Conspirators again purported to have information to share regarding the poisoning.

They provide no hints about who the journalists were (though I have some guesses), but obviously they would have pretended to be people with close ties and significant trust in the national security community. Effectively, then, they were banking on the trust NatSec officials would have in familiar journalists.

The tactic is particularly interesting given the way GRU has targeted journalists in phishing attempts in recent years, preferring the kind of NatSec friendly ones that might be useful for such a phish.

The indictment provides no other information about whether the GRU succeeded in this hack, and if so, what they did with it, leaving out any details obtained when the Netherlands caught the field hackers in the act later that year.

It’s as if this passage in the indictment exists solely to make public this tactic and signal that Kovalev (the one person also involved in the 2016 operation) was part of it.

The post GRU Adopted the Identity of Two UK Journalists to Phish the OPCW appeared first on emptywheel.

]]>
https://www.emptywheel.net/2020/10/20/gru-adopted-the-identity-of-two-uk-journalists-to-phish-the-opcw/feed/ 13