Pandora’s Box Opened: Netanyahu’s Double-Tap Fuck-You

[NB: Note the byline. Portions of this post may be speculative. / ~Rayne]

I wrote a while back about Israel, discussing Israel’s repeated intelligence “failures” as not mere fuck-ups but fuck-yous.

This week’s attacks by exploding electronic devices intended for Hezbollah — attributed to Israel without any denial so far — are yet more fuck-yous delivered using an indiscriminate approach and a double tap.

These fuck-yous blew open Pandora’s box — and then some.

~ ~ ~

On Tuesday nearly 3000 pagers blew up in Lebanon. These one-way pagers are believed to have been distributed to Hezbollah members as a means to bypass Israel’s surveillance of cell phone communications. More than 30 people were killed including children.

On Wednesday during funeral services for persons who died the previous day, walkie-talkies or handheld radios were detonated in Lebanon. 12 more people died and approximately 3000 were injured.

The exploding walkie-talkie attack was the double tap: when persons who escaped a targeted attack gather during a response afterward, a second attack is launched retargeting those same persons. We’ve seen this technique employed by Russia in Ukraine, using secondary attacks to take out first responders aiding the injured and dying in a first attack, or at funeral services for the dead.

It’s a questionable practice; former President Obama had been criticized for its use with drone attacks as double taps may violate the Geneva Conventions and U.S. War Crimes Act of 1996.

But both Tuesday and Wednesday’s attacks may have violated the U.N. Convention on Certain Conventional Weapons regardless of the double tap on Wednesday, as the armed devices constituted booby traps which are prohibited.

These attacks are yet more proof that Israel under Benjamin Netanyahu’s leadership has gone rogue having repeatedly refused to comply with multiple treaties including the Geneva Conventions.

~ ~ ~

This time, though, Israel doesn’t have the excuse that IDF may have made a mistake.

These attacks were premeditated, planned out and executed over months if not years. Front companies were used to obtain components and distribute assembled devices; in the case of the pagers, it’s believed a Hungarian registered firm BAC Consulting may have been a key intermediary between a Taiwanese manufacturer and the ultimate distribution of the devices.

Nonprofit OSINT investigator Bellingcat followed evidence between the pagers and Taiwan electronics firm Gold Apollo, noting that BAC Consulting listed as an employee a “ghost”; this person can’t be traced to any real  human, suggesting strongly BAC is an intelligence front.

The operation’s timeline needs to be fleshed out more fully; it’s not clear whether some actions believed to be related to the operation behind this week’s attacks are intended solely for plausible deniability.

02-MAY-2020 — BAC Consulting appears in Hungarian business records but appears now to have been shuttered the same year.

21-MAY-2022 — BAC Consulting registered as a new company in Hungary, according to Hungarian Justice Ministry records. It was listed as a retailer of telecommunications products, management consulting, jewelry making, and fruit cultivator — a rather odd assortment of goods and services.

The business was not engaged in manufacturing according to a spokesperson for Hungary’s prime minister; they also said “the referenced devices have never been in Hungary,” suggesting BAC acted as a broker or trade intermediary.

XXX-2022 to AUG 2024 — Taiwanese electronics manufacturer Gold Apollo exported exported approximately 260,000 pagers over a two-year timeframe. The majority shipped to the EU and US with no records of pagers shipped to Lebanon during that same timeframe. The company received no reports of Gold Apollo pagers exploding.

SUMMER 2022 — Modified pagers containing PETN-adulterated batteries for which BAC was an intermediary began shipping into Lebanon.

APR-MAY 2024 — A Lebanese security source said the pagers had been imported to Lebanon five months ago.

The pagers may have been imported into Lebanon months ago, but they must have been planned out well before that given the prevailing description of the handheld improvised exploding devices (IEDs).

Acceptance of the pagers must have been worked out far earlier — which brand would the users be willing to use, how would they be distributed without raising questions, what could go wrong tipping off the plot between the time the first pagers were fitted up with explosive PETN and detonators, where could the IEDs be assembled without intelligence leaks, so on.

Which brings us to leaks by a pro-Palestinian hacktivist group Handala whose attacks on websites were first noted by computer security expert Kevin Beaumont back in May this year.

After the pager IED explosions on Tuesday, Handala published information about the pagers’ production claiming they had exfiltrated data from Israeli sources Vidisco and Israeli Industrial Batteries Ltd. (IIB).

Vidisco is an Israeli-based developer and manufacturer of X-ray inspection systems; IIB is a manufacturer of batteries which is 51% owned by Sunlight Group as of February 2023. Both appear to be contractors to Israel’s military. Breachsense indicates both firms were hacked and credentials of employees at both firms were leaked though no customer credentials have been.

Handala’s brief about the data it hacked published Wednesday explained the operation:

The operation of the last two days was a series of joint actions of the Mossad and Unit 8200 and a number of shell companies of the Zionist regime! Handala’s hackers, during extensive hacking in recent hours, were able to obtain very secret and confidential information from the operations of the past days, and all the documents will be published in the coming hours!

The summary of the operation is as follows:

* This supply chain attack has taken place by contaminating the batteries of Pagers devices with a special type of heat-sensitive explosive material in the country of origin of the producer!

* Batteries have been contaminated with these explosives by IIB (Israeli Industrial Batteries) company in Nahariya!

* Mossad was responsible for transporting contaminated batteries to the country of origin of the producer!

* Due to the sensitivity of explosives detection devices to these batteries and the need to move them in several countries, Mossad, in cooperation with vidisco shell company, has moved the mentioned shipments!

*Vidisco company is an affiliated company of 8200 unit and today more than 84% of airports and seaports in the world use X-rays produced by this company in their security unit, which actually has a dedicated backdoor of 8200 unit and the Zionist regime it can exclude any shipment it considers in the countries using these devices and prevent the detection of sabotage! ( The complete source code of this project will be published in the next few hours! )

* Contaminated shipments have reached Lebanon through the use of Vidisco backdoor and after traveling through several countries!

* All the factors involved in this operation have been identified by Handala and soon all the data will be published!

* Handala has succeeded in hacking Vidisco and IIB and their 14TB data will be leaked!

More details will be published in the coming hours

(Unit 8200: Israeli Intelligence Corps group)

Beaumont published a short write-up about Handala’s information dump to date, noting the likelihood that Handala is connected to Iran through IP addresses, their talking points, and the targets of their efforts.

Beaumont also asks:

Are the claims credible?

Handala has not yet provided proof of data exfiltration of these organisations. On reaching out, one company above said they are suffering from “IT issues”.

In prior claims by Handala, they have been credible around victim names.

If the battery claims are credible; it is not possible to assess as no evidence has been provided to date.

I’ll note that Handala’s English is very good, though in the age of ChatGPT it may be generated for clarity to English-speaking audiences.

There was no mention of specifics related to handheld radios by Handala in these early releases and if they were likewise products produced by the same after-market suppliers, specialized modifiers, and distribution network.

Reports indicate some of the radios were made by Japanese manufacturer ICOM though ICOM said the model IC-V82 identified was discontinued a decade ago. As damage to recovered radios displayed blast damage in the battery area, it’s possible the radios were retrofitted with explosives or replacement batteries were manufactured with explosives. Because radios and their batteries are larger than pagers, this would explain the larger blasts associated with the radios.

~ ~ ~

Do read the essay by American researcher and hacker Andrew “bunnie” Huang at the link embedded at the phrase “Pandora’s box” above. Huang is deeply concerned about these attacks relying on handheld electronics:

Not all things that could exist should exist, and some ideas are better left unimplemented. Technology alone has no ethics: the difference between a patch and an exploit is the method in which a technology is disclosed. Exploding batteries have probably been conceived of and tested by spy agencies around the world, but never deployed en masse because while it may achieve a tactical win, it is too easy for weaker adversaries to copy the idea and justify its re-deployment in an asymmetric and devastating retaliation.

I fear that if we do not universally and swiftly condemn the practice of turning everyday gadgets into bombs, we risk legitimizing a military technology that can literally bring the front line of every conflict into your pocket, purse or home.

I share this concern,  one I’ve had for over a decade beginning with reports in 2009-2010 of Chinese-made counterfeit electronics ending up in the U.S. military’s supply chain, compounded by reports in 2018 of unauthorized chips added to server motherboards.

Oversight and investigation into these problems were thwarted by geopolitical, intelligence, and corporate interests.

Huang included a nifty visual representation of an electronics supply chain with his essay:

Every point along the supply chain can be breached, whether the items are new or used or refurbished. Huang’s 2019 presentation at BlueHat in Israel on supply chain security looks in detail at the likely points in chip and board production for unauthorized modifications; he doesn’t look far outside manufacturing, though.

What terrifies me is that Israel’s operation revealed far more than supply chains are now threatened. They’ve shown every hostile entity in the world how to wreak massive chaos in ways we haven’t fully imagined.

~ ~ ~

The IEDs have and will continue to attract attention. This week’s double tap attacks made it clear that the proliferation of small electronic devices on which we rely so heavily are the means to destroy both individuals and groups of people.

The information leaked by Handala makes it easy for hostile entities to attempt the same for their own aims.

The attacks have already spurred renewed discussion about onshoring more of our supply chain.

But what concerns me the most is what we’ve learned about the application of X-ray devices in our supply chain and elsewhere.

If Handala could obtain information about this operation — assuming everything revealed so far is truthful and in no way distorted — what other entities may have preceded Handala in breaching Vidisco’s data? How much lead time do they already have toward something similar to this week’s double tap attacks?

If the public and leaked information about Vidisco is accurate, just how badly are U.S. scanning systems compromised? Have we already been allowing Israel  (or other opportunists using Israel’s methods and means) to distribute IEDs inside the U.S.? Have our U.S. tax dollars doled out as aid to Israel paid for both the violation of Geneva Conventions, the War Crimes Act, the Convention on Certain Conventional Weapons, and now the wholesale compromise of our own national security?

If hostile entities have obtained this same information about Vidisco’s X-ray systems, how badly have our import scanning capabilities been compromised?

If the public and leaked information about Vidisco is accurate and 84% of the world’s airports use its scanning equipment, how badly are our screening systems at U.S. airports compromised?

Imagine for a moment phones and radios on planes containing PETN-adulterated batteries triggered with a single call.

Imagine laptops and tablets triggered with a single remote prompt over onboard WiFi or wireless networks.

~ ~ ~

In June 2017 amid the WannaCry and modified Petya attacks, the Department of Homeland Security and the Travel Safety Administration rolled out heightened security measures including increased scanning of electronic devices.

By the end of July 2017, handling of smaller electronics changed:

… The TSA will now require “all electronics larger than a cell phone” to be removed from carry-on bags and placed in their own separate bin for X-ray screening with nothing on top or below, similar to how laptops have been screened for years. …

At the time the measures appeared to be related to potential threats related to cyber attacks.

Now one might wonder if the changes were intended to increase the use of X-ray screening related specifically to explosives and not just cyber attacks.

We aren’t likely to receive any answers to inquiries about the triggers for these changes.

What we should understand now, though, is that much of this could be performative. The X-ray scanning systems, if tampered with the way they were to admit pagers and radio IEDs into Lebanon, could be absolutely useless for detecting rigged devices.

~ ~ ~

It’s clear we are going to have to rethink our entire screening system at all ports after Netanyahu’s latest fuck-you.

He surely must have known he was opening Pandora’s box when he authorized the detonation of pagers and handheld radios.

I must admit the first thought I had after the initial shock upon hearing about the attacks was this: if Netanyahu had this capability to take out a group of targets this neatly, why didn’t he try this approach with Hamas?

If Netanyahu felt he could expend political capital on violations of international law, why instead is he systematically overseeing the destruction of Gaza’s hospitals, schools, humanitarian aid systems, women and children instead of having neatly excised Hamas in Gaza using these handheld IEDs?

Why? Because fuck you is a likely answer.

Lauren Chen’s Curious Legal Status

I’m planning (and have already started) a post on how last week’s Russian actions may serve to disrupt Russia’s attempts to tamper in the election more broadly, after which I plan to do a post on the efficacy of this all.

But before that, I want to address two details about last week’s legal actions — the indictment of two RT personnel for acting as unregistered foreign agents and the takedown of a bunch of Doppelganger sites — that people are likely getting wrong.

The first has to do with the legal status of Lauren Chen, the founder of Tenet Media, and how that would impact the investigative techniques used in this investigation.

The other right wing operations with which Chen had affiliations, including Glenn Beck and Turning Point USA, have now turned her into an unperson, removing her from their sites (though her affiliation to them remains on her Xitter account).

But that hasn’t stopped a general right wing panic about the communications the government must have. Many — including Michael Caputo — are insisting that the FBI must have used the FISA to target her.

What Caputo is referring to as “one-hop” may be a misstatement of what DOJ used to do with Section 215 of FISA, obtaining metadata of people two degrees from terrorist suspects overseas. If so, it’s a dumb comment, because the FBI can do all that with subpoenas using criminal process far easier than they can do it with FISA.

Yet that’s common. What people of all political stripes (including many if not most in the privacy community) often ignore is that the FBI can do most of the things they would do with FISA using criminal process, and do it with a whole lot less paperwork and in a way that makes the information far more useful for prosecutions like this one. As I noted here, some of what DOJ showed in this indictment, like content from Chen’s Discord servers and the Google accounts of Konstantyn Kalashnikov and Elena Afanasyeva, would undoubtedly be criminal process, even if they were first obtained via 702 targeting of Kalashnikov and Afanasyeva.

The investigative techniques they would use with Chen would stem from her really curious legal status.

The indictment introduces Chen and her spouse, Liam Donovan, as foreign nationals — Chen, at least, is Canadian — who reside in the US.

Founder-1 and Founder-2 are foreign nationals who reside in the United States. Founder-1 and Founder-2 jointly control and operate U.S. Company-1, and they are the only authorized signatories for U.S. Company-1’s business checking account (the “U.S. Company-1 Bank Account”), which is held at a bank in the United States.

The indictment never describes the visa status of either one. But Tenet — US Company-1 — is a US Company and would be a US person for FISA purposes. Regardless of their visa status, Chen and Donovan’s US residency would prohibit targeting of them using FISA 702, at least so long as they are in the US. If the FBI wanted to use FISA against them, they’d need an individualized warrant.

Things get more interesting, though, when you consider RT’s status in all this.

Let’s work backwards, Matryoshka doll like.

As the indictment describes, Chen and Donovan set up Tenet Media to be a subsidiary of Chen’s Canadian company.

11. U.S. Company-1 is a United States corporation established under the laws of Tennessee. Founder-1 has described U.S. Company-1 as the U.S. subsidiary of Founder-1’s Canadian company, Canadian Company-1;

[snip]

Founder-1 incorporated U.S. Company-1 on or about January 19, 2022, and applied with the Tennessee Department of State to transact business under its current operating name, which Company-1 uses on its website and social media channels, on or about May 22, 2023.

The contracts Chen set up directly pertaining to Tenet had this dual status. She got paid via her Canadian company; the talent got paid via the American one.

25. On or about May 12, 2023, Founder-1 sent an email to Persona-1 in which FounderI proposed that “we … keep the contract between us with my Canadian company ([Canadian Company-1]), but for [Commentator-2]’s contract, it will be through our American subsidiary, [U.S. Company-1].” In a subsequent email on or about May 19, 2023, Founder-1 explained that Founder-1 wished for “my personal payment [to] be under [Canadian Company-1] but the payments for the influencers go directly to [U.S. Company-1].”

26. On or about June 13, 2023, consistent with Founder-1 ‘s proposal, Persona-1 emailed Founder-1 a final “service agreement” that named Founder-1, Canadian Company-1, and U.S. Company-1 as the service providers. The contract provided for a monthly fee of $8,000 for the “first stage,” a monthly fee of $25,000 per month for the “second stage” after signing Commentator-1 and Commentator-2, and additional performance incentives and commissions for “engagements closed with talents.”

As a result, much (though not all) of the funding for Chen, personally, would go through Canada; the funding for the talent went through the US, using a corresponding bank in New York.

a. Starting in approximately August 2023, Founder-1 and Founder-2 typically submitted two invoices each month to Persona-1 on the Investor Discord Channel: one invoice for U.S. Company-1 ‘s expenses, such as its payments to its commentators, and another invoice for Founder-1 and Founder-2’s own fees and commissions. Between in or about August 2023 and in or about June 2024, Founder-1 and Founder-2 invoiced U.K. Shell Entity-I more than $9.3 million for U.S. Company-1 ‘s expenses, which they asked to be paid to the U.S. Company-I Bank Account. Founder-1 and Founder-2 also invoiced U.K. Shell Entity-1 more than $760,000 for their own fees and commissions, some of which they asked to be paid to Canadian Company-1 ‘s bank account in Canada, and some of which they asked to be paid to the U.S. Company-1 Bank Account in the United States.

b. After Founder-1 and Founder-2 transmitted their monthly invoices to Persona-1 on the Investor Discord Channel, Persona-1 typically acknowledged receipt and confirmed payment. Between in or about October 2023 and in or about August 2024, the U.S. Company-1 Bank Account received approximately 30 wire transfers from foreign entities totaling approximately $9.7 million. U.S. Company-1 disbursed most of these funds to its contracted commentators, including approximately $8.7 million to the production companies of Commentator-1, Commentator-2, and Commentator-3 alone. Consistent with Founder-1 ‘s February 8, 2023 warning to Persona-1 that “it would be very hard … to recoup the costs for the likes of [Commentator-1] and [Commentator-2] based on ad revenue from web traffic or sponsors alone,” U.S. Company-1 ‘s foreign wire transfers far exceeded its receipts of advertising revenue. Indeed, the approximately $9.7 million that U.S. Company-1 received from foreign wire transfers represented nearly 90% of all the deposits into the U.S. Company-1 Bank Account from in or about October 2023 to in or about August 2024.

[snip]

43. To deliver funds into the U.S. Company-1 Bank Account, each of U.S. Company-1 ‘s 30 inbound international wire transfers -which totaled nearly $10 million, as set forth above – utilized a correspondent bank in Manhattan, New York.

The stuff that came into the US had cover descriptions that Chen had to have known were false.

42. Contrary to U.S. Company-1 ‘s invoices, which reflect fees for staff and commentators (as well as Founder-I and Founder-2’s commissions), the wire notes of many of U.S. Company-1 ‘s inbound wire transfers ascribe the payments to the purchase of electronics. For example, the wire note for Turkish Shell Entity-1 ‘s $318,800 wire payment to U.S. Company-I on March 1, 2024 read: “BUYING GOODS-INV.013-IPHONE 15 PRO MAX 512GB.”

But that all describes what happened in 2023 and since. What happened before that is really important: As the indictment describes, before the invasion of Ukraine, Chen got paid directly from RT.

Before operating U.S. Company-I for RT, as set forth below, Founder-I and Founder-2 worked directly for RT and its affiliates, including as follows:

a. From in or about March 2021 to in or about February 2022, Founder-I created videos, posted social media content, and wrote articles pursuant to a written contract between Founder-1 ‘s Canadian company (“Canadian Company-I “), and RT’s parent organization, ANO TV-Novosti. This content generally consisted of English-language social commentary. RT directly published some of Founder-1 ‘s paid work, while Founder-1 posted other of Founder-1 ‘s paid work on Founder-1 ‘s personal accounts (without attribution to RT). For example, Founder1 ‘s invoices reflect that Founder-I billed ANO TV-Novosti for approximately 217 videos, of which approximately 209 were published on Founder-1 ‘s personal YouTube channels. Founder 1 also wrote approximately 25 opinion articles that were published on RT’s website, at least 19 of which Founder-1 billed to ANO TV-Novosti. None of Founder-1 ‘s articles disclosed that Founder-1 was paid by RT to write them.

And Donovan got paid by RT and Ruptly until later than that: May 2022.

From in or about October 2021 to in or about May 2022, separate and apart from Founder-1 ‘s contract with RT’s parent organization, ANO-TV Novosti, Founder-2 also worked directly for RT and with Ruptly GmbH, RT’s German subsidiary. Founder-2’s paid work for RT included, among other things, preparing English-language text messages describing news events. During this time, Founder-2 and KALASHNIKOV appear to have had overlapping business contacts: On or about May 18, 2022, a Ruptly GmbH employee sent a Russian-language email to six recipients, including Founder-2 and KALASHNIKOV, requesting that they send their work email addresses to gain account access to Ruptly’s website.

The indictment doesn’t directly allege that Chen and Donovan knew they were (still) working with RT in the Tenet venture. It stops just short of doing so, possibly to protect the full details of what it knows. But it does include proof they knew they were working with Russians pretending to be French.

On or about April 17, 2023, Founder-1 replied, in part, that Founder-1 was “happy to work with the Russian firm.” As set forth below, this “Russian firm” consisted of KALASHNIKOV and AFANASYEVA, who later monitored and directed U.S. Company-1’s activities under the guise of an outside editing firm.

[snip]

27. Despite describing U.S. Company-1 ‘s investor to Commentator-1 and Commentator-2 as “Eduard Grigoriann,” a purported finance professional in Western Europe, Founder-1 and Founder-2 admitted to each other in their private communications that their “investors” were, in truth and in fact, the “Russians” – the same term that Founder-1 and Founder-2 previously used to refer to RT while working directly under contract with RT, as described above.

[snip]

30. Founder-2 also used the Investor Discord Channel to, among other things, submit U.S. Company-1 ‘s invoices to Persona-1, and to press for payment of those invoices. For example, on or about September 11 , 2023, at approximately 8:07 p.m. Central Time, Founder-2 wrote in the Investor Discord Channel: “Today marks two weeks since I submitted the invoice for August. Any idea for the delay? We are signing the large contracts and need to be certain we will get the funding to pay these people.” Persona-1 did not immediately respond. While awaiting a reply from Persona-1, Founder-1 searched for the then-current time in Moscow. Specifically, at approximately 8:50 p.m. Central Time on or about September 11, 2023, Founder-1 searched on Google: “time in Moscow.”

So Chen and Donovan used to work directly for RT, and then just about the time of the Ukrainian invasion, set up shop in the US, allegedly participating in a ruse by which they hid the Russian source of their funding. But the funding went both through a bank in New York to their US subsidiary of the Canadian company, and also to the Canadian company that used to get paid directly by RT.

Here’s where things get interesting. First, after the invasion, Canada banned RT broadcasts.

In or about March 2022, following Russia’s invasion of Ukraine in February 2022, the European Union, the United Kingdom, and Canada banned broadcasting by RT. That same month, RT also ceased its operations in the United States after major television distributors dropped the network.

Until last week, the US had not yet sanctioned RT, but in their sanctioning documents, they reminded that RT registered as a foreign agent back in 2017.

RT, formerly Russia Today, is a Russian state-funded news outlet that began broadcasting internationally in 2005. In 2017, RT registered as an agent of a foreign government in the United States.

The indictment makes clear that RT itself acknowledges the outlet is funded by the Russian government.

RT is a Russian state-funded and state-directed media outlet. As RT’s editor-in-chief has publicly acknowledged, “since RT receives budget from the state, it must complete tasks given by the state.”

That makes it an agent of the Russian government the agents of which are subject to 18 USC 951, not just a foreign entity covered by FARA.

And the indictment likewise makes clear that RT publicly acknowledged working covertly after the invasion of Ukraine.

For example, on or about February 25, 2024, RT’s editor-in-chief declared, during a Russian television appearance, that “public opinion in the West is changing, very rapidly and very cheerfully,” due in part to RT. RT’s editor-in-chief further explained that, despite being “banished everywhere on February 25” – referring to the start of Russia’s invasion of Ukraine in February 2022 – RT had built “an enormous network, an entire empire of covert projects that is working with the public opinion, bringing truth to Western audiences.”

Lauren Chen is a Canadian citizen, resident in the US; her US residency should prevent FBI from targeting her in the US using 702 and would require a traditional FISA warrant to target her directly. There are ways she set up her Discord server that may make it susceptible to 702 targeting from the time she added the RT personnel to it.

But that’s not the big issue, in my opinion.

Chen set up this business such that she’d be subject to the laws of and some tax burdens in both Canada and the US. She did that at precisely the moment where the impending invasion of Ukraine made such issues more sensitive. And since then, she has done things that provide some evidence that she’s in on the ruse: that she knows she’s evading some laws or regimes by using corporate and financial cut-outs.

Those things likely provide enough to make her US accounts subject to probable cause warrants.

So Michael Caputo doesn’t need to worry about whether he or his buddies got picked up via FISA. Because the FBI — working in partnership with Canada and other countries through which RT laundered this operation — likely had plenty to conduct an investigation implicating both counterintelligence and criminal matters.

What Caputo and others need to worry about is how much of the content collected as a result FBI has demonstrated probable cause to access.

Biden Administration Negotiates Release of Evan Gershkovich and Others

As many outlets have been reporting since dawn my time, there has been a massive prisoner exchange between the US, Russia, and five European allies.

President Biden issued this release, emphasizing the import of allies.

Today, three American citizens and one American green-card holder who were unjustly imprisoned in Russia are finally coming home: Paul Whelan, Evan Gershkovich, Alsu Kurmasheva, and Vladimir Kara-Murza.

The deal that secured their freedom was a feat of diplomacy. All told, we’ve negotiated the release of 16 people from Russia—including five Germans and seven Russian citizens who were political prisoners in their own country. Some of these women and men have been unjustly held for years. All have endured unimaginable suffering and uncertainty. Today, their agony is over.

I am grateful to our Allies who stood with us throughout tough, complex negotiations to achieve this outcome— including Germany, Poland, Slovenia, Norway, and Turkey. This is a powerful example of why it’s vital to have friends in this world whom you can trust and depend upon. Our alliances make Americans safer.

And let me be clear: I will not stop working until every American wrongfully detained or held hostage around the world is reunited with their family. My Administration has now brought home over 70 such Americans, many of whom were in captivity since before I took office. Still, too many families are suffering and separated from their loved ones, and I have no higher priority as President than bringing those Americans home.

Today, we celebrate the return of Paul, Evan, Alsu, and Vladimir and rejoice with their families. We remember all those still wrongfully detained or held hostage around the world. And reaffirm our pledge to their families: We see you. We are with you. And we will never stop working to bring your loved ones home where they belong.

WSJ has a very long story about the lead-up to this release, focused on Gershkovich’s mother’s activism.

The Insider has a list of all the people exchanged, which include an assassin, two spies caught in Slovenia, and three people prosecuted in the US.

Readers of this blow will remember Putin associate, Vladislav Klyushin, who conspired with the former GRU hacker who targeted John Podesta in an insider trading scheme.

On September 7, 2023, a court in Boston, Massachusetts, found the Russian businessman Vladislav Klyushin guilty of insider trading and sentenced him to nine years in prison.

Klyushin was arrested in Switzerland in March 2021 and later extradited to the U.S. He was accused of participating in a scheme that involved the illegal use of confidential information for financial gain in the securities market. According to the indictment, the insider trading scheme, orchestrated outside the U.S., generated $93 million in profits for its participants.

Here’s a post I did on how they found Klyushin.

Glenn Greenwald Keeps Bitching about a Law Requiring Notice If You’re Funded by Russian Spies

The other day, DOJ announced charges in two cases related to FSB efforts to recruit in the US and overseas. Neither set of allegations was entirely new. But what got added to the allegations is of some interest.

Certainly, the fact that American citizens got charged in a Florida case for not disclosing that their political activism was funded, in part, by the FSB, seems to be of interest to Glenn Greenwald. The charges, along with a few overt acts, and the names of two FSB colleagues are what got added to an earlier indictment against the FSB handler, Aleksandr Ionov, filed last July.

Glenn won’t shut up about those charges, making appearances on Glenn Beck and Tucker Carlson’s show so all of them could lie about why members of the African People’s Socialist Party were charged.

The members of the APSP weren’t charged because they disagree with Joe Biden. They weren’t charged because they oppose the war in Ukraine.

They were charged because after one, Omali Yeshiteli, went on an all-expenses paid trip to Russia in 2015, the group started getting funding and completing requests for their FSB handler, Aleksandr Ionov, who ran a front called the Anti-Globalization Movement of Russia. For example, shortly after the trip, Ionov wrote the group and asked them to start a petition against the genocide of the African people in the US so that AGMR could start using it as propaganda. And when Russia needed someone to legitimize the “Donetsk People’s Republic,” in 2020, Ionov contacted the Floridians to publicly do so. And when Russia wanted to protest Twitter’s restrictions on Russian disinformation after the Ukraine invasion, Ionov flew one of the Americans to San Francisco to make it happen.

Russia wanted to be able to point to a certain kind of dissidence in the US, so they paid money to help sustain it. And the Americans didn’t disclose that they knew they were working with agents of Russia.

Glenn thinks only rich people like Tony Podesta should be held to foreign agent laws (Podesta wasn’t charged under a different law, FARA, for hiding his ties to a Ukrainian front group that Paul Manafort set up because he was paid by Manafort, and in any case, Glenn didn’t think much of Manafort’s charges for hiding the ties in real time). Glenn doesn’t think other people should have to disclose if they’re taking money — after they go on trips to Russia and start spouting Russian talking points non-stop from that point forward — from Russian spies.

It’s an interesting cause for Glenn and Tucker — who has his own curious tale about Russian ties — to champion.

Which brings us to the other case.

It charges Natalia Burlinova with attempting to do what Ionov succeeded in doing: getting Americans and others to unwittingly act as agents of Russia by recruiting them through her Russian government backed NGO, Creative Diplomacy, or PICREADI.

Burlinova was sanctioned — along with Ionov — last year, which suggests they may have a tie, perhaps the FSB officer they both report to.

Since she was already sanctioned, which would likely prevent her from traveling in any case, this complaint serves largely as a speaking document, which allows everyone she has had prior association with to understand her ties to the FSB.

For example, the complaint provides a detailed description of a trip she made to the US in 2018 and the emails the American participants sent to Burlinova after meeting with her. It doesn’t provide the content of the emails — but it makes those who sent them aware that the FBI knows what got sent.

Of even more interest is an article a former participant of Burlinova’s event wrote in 2020. Without explaining how he received it, Burlinova’s FSB handler sent it to her and said it’d be a really huge deal if it were published.

On October 30, 2020, the FSB Officer forwarded to Burlinova an article written by a participant in the 2019 Meeting Russia program, which argued that Russian malign influence efforts were actually legitimate uses of state soft power. The FSB Officer commented to Burlinova that the article was a huge result for them and would be revolutionary if printed by a named English-language newspaper in the United States and a named English-language newspaper in Europe.

The complaint doesn’t tell us whether it was published (update: it was this one, which was also posted on Burlinova’s site; h/t Alex Finley). But the description would be plenty for its author to understand that it had been the focus of internal discussion at the FSB.

Both these indictments necessarily focus on the US, but both conspiracies are international. Laying out the charges in the US and arresting anyone that would one day be arrested might something the FBI would want to do before sharing the underlying intelligence with allies.

And some of the details describe the greater international success of this effort. One of Burlinova’s biggest successes, for example, came in seeing two former participants in her yearly event elected to parliament.

On October 5, 2018, Burlinova informed the FSB Officer about two prior participants in another Russian public diplomacy program in which Burlinova had been involved. Burlinova reported that the two prior participants, both of whom resided in a European country, were running for public office. Burlinova stated that these were the results that take years to come into fruition. The FSB Officer responded that this was truly the result for which they were striving and requested that Burlinova provide more information about these prior participants and the election for public office so that the FSB Officer could prepare a report. The two candidates ran for parliamentary positions; one won in that election, and the other was elected subsequently to parliament.

Again, we don’t know which members of parliament these are and in which country, but others in their country likely recognize it.

A report in the WaPo — the timing of which may be coincidental or may explain why DOJ rolled out the charges earlier this week — describes the stakes. It describes the Kremlin’s involvement in the red-brown coalition opposing the Ukraine war in Germany.

The coming together of political opposites in Berlin under the banner of peace had been percolating for months, though the union remains ad hoc and unofficial. But marrying Germany’s extremes is an explicit Kremlin goal and was first proposed by senior officials in Moscow in early September, according to a trove of sensitive Russian documents largely dated from July to November that were obtained by a European intelligence service and reviewed by The Washington Post.

The documents record meetings between Kremlin officials and Russian political strategists, and the Kremlin’s orders for the strategists to focus on Germany to build antiwar sentiment in Europe and dampen support for Ukraine. The files also chronicle the strategists’ efforts to implement these plans and their reports back to the Kremlin. The documents do not contain any material that records communications between the Russian strategists and any allies in Germany. But interviews show at least one person close to Wagenknecht and several AfD members were in contact with Russian officials at the time the plans were being drawn up.

Like the Florida effort, the German one features manifestos written by the Kremlin.

The aim of a new political formation, according to a document dated Sept. 9, would be to win “a majority in elections at any level” in Germany and reset the AfD to boost its standing beyond the 13 percent the party was polling at then. The reset, laid out among the documents in a proposed manifesto for the AfD that was written by Kremlin political strategists, includes forging the AfD into the party of “German unity” and declaring sanctions on Russia as counter to German interests.

[snip]

It is not clear from the documents how the political strategists working with the Kremlin attempted to communicate with members of the AfD or other potential German allies about Moscow’s plans. But soon after the Kremlin gave the order for a union to be forged between Wagenknecht and the far right, AfD deputies began speaking in support of her in parliament and party members chanted her name at rallies. Björn Höcke, chairman of the AfD in Thüringen in eastern Germany, publicly invited her to join the party.

This is the same kind of effort — but much more impactful — as the Ionov one was fostering in the US (though the right wing secessionist described in it as an unindicted co-conspirator, understood to be Louis Marinelli, was not arrested).

And it’s the kind of horseshoe leftist that Greenwald once posed as before he joined up with Tucker full time … most recently to claim these socialists were arrested for their dissidence and not because they were hiding ties with Russian spies.

Update: RFERL did a bunch of interviews with people who attended Burlinova’s program, some who were shocked about the FSB tie, some who were quite blasé about it.

The Michael Flynn Complaint For Damages Against The US

As commenter David F. Snyder noted yesterday, yes Michael Flynn has filed a complaint for $50,000,000 damages against the US Government for all the perceived wrongs and grievances that he, his unhinged lawyers like Sidney Powell, and rabid MAGA Republicans have been carping about forever. A thread on this started out in Marcy’s “JUDGE UNSEALS DETAILS ON COOPERATING WITNESS IN DOUGLASS MACKEY CASE”, but I am going to bring it here so as to not pollute that post and give people a place to discuss Flynn.

I took a look at the docket for the fledgling case. It is filed in the Middle District of Florida, where Flynn resides. That is the only discernible nexus to MDFL as pretty much all facts, actors and witnesses would be in or about the DC District. Here is the docket entry for the complaint, which was actually filed on March 3, 2023:

NEW CASE ASSIGNED to Judge Mary S. Scriven and Magistrate Judge Christopher P. Tuite. New case number: 8:23-cv-0485-MSS-CPT. (SJB)

The complaint itself is attached to this Rolling Stone article by a detestable SCRIBD (seriously, nobody should ever convey documents by SCRIBD). It is 50 pages long, and I am not wasting my PACER account on it.

Marcy, in the earlier thread, said:

Not only does it not have legs, but if it survives the summary judgment stage (which is unlikely) it may catastrophically backfire on him.

I think that is right, but the case may not ever get that far. It may not even make it to a summary judgment motion, as it may well not make it past a 12b6 motion, which would be the initial attack by the government.

Couple of notes, the complaint alleges compliance with the FTCA (Federal Tort Claims Act), but claims the government never responded. Scriven is a Bush Jr. appointee and Tuite a Trump appointee to the magistrate bench. Sid Powell is noticeably absent from noticed attorneys, but Shawn Flynn, son of Michael’s brother, Gen. Charles Flynn, is listed. That could be interesting if Charles is to be a fact/damages witness, which would kind of be expected.

Very hard to see this matter gaining any real traction given all the facts and rulings against Flynn in the underlying criminal case in front of (now senior status) Judge Emmet Sullivan of DC District.

Three Questions at the Start of an Intelligence Review

Why? Why? Why not?

There’s been a lot of focus on the narrow legal battles over the documents seized at Mar-a-Lago, but sometimes stepping back to look at the big picture helps bring the conflict into focus. As a legal matter and a political matter, Trump, his lawyers, and his apologists are trying to make the claim that this is just a dispute about documents, like overdue library books. The passion with which the DOJ went after them since receiving the referral from NARA last February, especially the ferocity of the legal arguments and filings over the last two weeks, demonstrates how wrong the DOJ believes that framing to be.

I agree with the DOJ.

The documents are not really what is being fought over — the battle is over the damage  (hypothetical or actual) done to our intelligence services, our national defense, and our broader foreign policy by Trump’s possession of these documents at Mar-a-Lago. The documents are the first puzzle pieces the intelligence community [IC] has to put together, to fill in the whole picture and plan a way forward.

To understand why, let’s parse out what an intelligence review might look like. What follows is not based on any insider sources at the DOJ, ODNI, or any other federal agencies, but on my own experience (long ago) with classified materials and the general experiences of others I know with deeper and more recent work in classified matters, as well as analyzing other cases where classified materials were stolen from the government and passed along to foreign governments.

An intelligence review is designed to look at three things: what got exposed, to whom, and what dangers does that pose to intelligence sources, methods, and broader foreign policy objectives? These are all backwards-looking questions, to understand how this could have happened in the first place. They also serve as the starting point for forward-looking actions, as we and our allies pivot our overt and covert foreign policy approaches in a new context. Think of Klaus Fuchs, a German-born British scientist who passed US and British nuclear secrets to the USSR in the 1940s. A backwards looking intelligence review ultimately identified him as the spy and spotted the flaws in our security procedures, and a forward looking review pivoted the US and British policy toward a world with nuclear powers who opposed each other.

In the current case, the IC review begins with three interrelated questions:

  1. Why did Trump take government documents to Mar-a-Lago in the first place?
  2. Why these documents?
  3. Why not those other documents?

The second and third questions begin to move toward an answer to the first question, so let’s start there. Broadly speaking, I see five possible answers, each of which poses different dangers.

1: Vanity

If this is the answer to that first question, we would expect to find that Trump took documents that made him look good, that pointed to actions that he believed he could claim credit for, or that simply let him feel powerful because he knows stuff very few others know. Think of these as Extreme Presidential Souvenirs. These would be documents that shout to the world, “Look at how great Trump is . . .”

Danger: Simply having documents like this in his possession would likely not be enough for Trump’s ego. Trump’s ego would demand that he show them to others, so that they would know how great Trump is. The level and kind of danger depends on who the “others” are, and who they might have spoken to about what Trump showed them.

2: Fear

In this scenario, the IC review would see that Trump took documents that would help cover up his failures and/or possible crimes, such as a full transcript of the “Perfect Phone Call” with Zelenskyy. These would be documents that whisper in Trump’s ear, “This could get you into trouble. You better hide this . . .”

Danger: These are the documents least likely to be shared by Trump, so in that respect they are safe. On the other hand, they become prime material for blackmail if unfriendly parties realize he has them. Trump’s nightmare is getting a phone call about these documents, threatening to expose the documents to the “wrong” people. “I’d like you to do me a favor, though . . .”

3: Greed

Given Trump’s proclivity to monetize anything he can for his own personal gain, it is hard to imagine that Trump would not be looking at anything that crossed his desk to see how he might make money on it. (“Hmmm . . . I’m doing some traveling? OK, which of my properties are closest, and how much can I charge the Secret Service for staying there?”) Documents that showed him something that would let him make money would be particularly tempting to Trump. Think of this as corporate espionage, or a twisted form of insider trading. Perhaps he received knowledge of foreign government’s as yet unannounced plans to develop certain properties overseas, and figured he could jump in, buy the property first, and then get bought out for a profit. Or maybe he would buy the property next to the future development and cash in when the government project became public and went forward, driving up the value of what he purchased. Perhaps these were not projects led by foreign governments, but by US corporations acting abroad whose plans were picked up as part of a signals intelligence surveillance program aimed at less-than-friendly nations. Documents like this would be calling out to his wallet, telling him “Hey, you can really use this . . .”

Danger: Suppose Trump acts on this information in some way, and the foreign government in question starts wondering “Did Trump merely get lucky in choosing to invest right where our project was going in, or did US spies give him the information?” Questions like that might lead to the exposure of human assets (sources) and signals intelligence capabilities (methods), which in turn could lead to those sources being shut down/arrested/killed, those signals intelligence methods being countered, or either the sources or methods being turned and used to feed false information to the US.

4: Corruption

As bad as #3 is, this scenario is the IC nightmare: Trump took documents that he knows other foreign governments, perhaps some of our greatest enemies, would love to have, and then deliberately passed them along to those governments. It might be to get revenge on Biden and the Dems for beating him in 2020. It might be to sabotage the work of the current administration and cause great public political problems for the Dems, to enable his return to the White House in 2024. It might be that some foreign adversary has compromising information about Trump or holds a private loan to Trump, his family, or his Trump Organization, and that country demanded classified information from Trump in exchange for not revealing the compromising information they hold or for not calling in the loan he could not immediately repay.

Danger: Beyond the damage done to sources, methods, and US foreign policy objectives created by disclosing the classified information in these documents, this scenario is worse. It weakens our relationships with our allies and harms our position in the world, simply by indicating we can’t keep secrets and by making us weaker through whatever is revealed. Should Trump have provided classified intelligence deliberately, it only gives those folks more leverage over Trump, which they would use to push for more information and more favors. Once you’ve turned over classified information to a hostile power, those folks own you forever. “Nice resort you’ve got here. It’d be a shame if anything were to happen to it.”

And it is not beyond the realm of possibility that foreign governments might lean on Trump to use his family to further their goals. “You need to have Jared talk to his friends in the Middle East, and convince them to . . . “

5: Some/all of the above

Trump might have taken some documents to feed his ego, others to hide them, and still others to try to monetize their contents. He might have taken some for his own reasons, and others because he was pressured to do so by hostile powers. The permutations are . . . troubling.

Danger: some/all of the above.

HOW BAD IS ALL THIS? DON’T ANSWER YET . . .

On top of these five possible explanations of Trump’s motives, one other thing is absolutely certain. Documents like those that were seized by the DOJ would have been catnip for the intelligence agencies of other nations. Once word got out that Trump had taken highly classified documents out of the WH (or once folks even suspected he had done so), all manner of foreign spies no doubt became very interested in Mar-a-Lago – much more than they had been during the Trump administration itself. It’s hard as hell to get into the WH and take classified materials, or to plant electronic surveillance devices inside the WH. Mar-a-Lago, on the other hand, is a relative sieve, especially after Trump left office and the security around Trump was much more directed to protecting his person rather than protecting all the stuff around a sitting president. At Mar-a-Lago these days, you pay your membership fee, and walk right in for a grand tour. Whatever the reason Trump chose to take these documents, even if he simply wanted to hold onto them as presidential souvenirs and he does nothing with them otherwise, should foreign agents copy them or steal them from Mar-a-Lago, that’s almost as bad it as it gets for the US.

Danger: Exposing whatever classified information to the prying eyes of our adversaries not only exposes sources and methods of our intelligence services, but provides our adversaries with insight into our strengths and weaknesses, depending on what the intelligence said. It also opens Trump to blackmail, as noted above in scenarios #2 and 4. “Well look what we found at your home. It sure would be terrible if the FBI were to discover that you were so sloppy with security that we were able to waltz right in and take them.”

To sort out the likelihood of each of these scenarios and the specific dangers posed, those conducting the IC review will do a couple of things. First, the leaders of the intelligence agencies are likely going back to the original creators of these documents, to tell them they were found in unsecured locations at Mar-a-Lago, and therefore (a) the creators need to assess what the specific danger would be if this particular document were to be exposed, and (b) the creators should look around to see if they have any signs that these documents had been shared already. The former is to measure the hypothetical damage, while the latter is to assess the likelihood that this is not hypothetical. Did spies suddenly go quiet, or did the quality of their information suddenly become different? Did satellites that used to provide good, regular photos of intelligence targets begin to provide much less good intelligence? All the while, the IC reviewers know that this is likely even worse.

EVEN WORSE? HOW CAN THIS BE EVEN WORSE?

If any of this information came to the US IC through our partnerships with other friendly nations (like Five Eyes or NATO), that means going to the intelligence folks in those countries who trusted us with their secrets and telling them that their trust was misplaced, at least while Trump was in office. They are the folks who need to assess the danger that exposure of this information would create, and who would have to see if there were signs that this information had already been shared. Of course we would promise to do whatever we could to assist them in that analysis, but that’s like telling a shopkeeper that you will help sweep up the shards of all the broken crystal after your kid threw a bowling ball into the display case.

Danger: It’s bad enough if our secrets get exposed, but if we let their secrets get exposed, that’s going to make them less likely to trust us in the future. As I said before, this is why having career diplomat William Burns as head of the CIA was a stroke of genius by Biden, and why Burns and the rest of the IC is no doubt bending over backwards to help Garland get this right, and bending farther over backwards to help our allies get this fixed.

SO HOW MIGHT THIS REVIEW WORK?

This is why the analysis of what was taken and trying to determine Trump’s motive(s) is the starting place. It leads to other critical questions like these:

  • What does Trump’s selection of documents — classified and unclassified — tell us about what is going on?
  • Were the documents tucked away by Trump over a long period of time, or did they all get tucked away in a specific, relatively short time period?
  • And what else was tucked in the drawers, file folders, and boxes next to these classified documents? Are there notes or letters that appear to have been written based on the content of the classified materials?

Depending on what this initial analysis reveals, the reviewers will begin to talk to the counterintelligence people in their agencies, especially if there is some concentration of subject matters or particular time frames involved.

  • Have you noticed any unusual behavior in known foreign agents around those time frames?
  • Was there any unusual signals traffic between foreign agents here and their bosses back home?
  • Were there any new agents who arrived here, who have a particular focus to their work that meshes with the subject matters of the documents Trump took? What actions have they taken?

To dig into all this, the analysts will be looking at other information and also be in contact with the folks in the field who are managing the human sources or electronic surveillance methods, to see what insights they might have. They know that decisions will need to be made about protecting or extracting sources who might be in danger, shutting down electronic surveillance already in place (pull out/relocate bugs and cameras if possible, re-direct satellite orbits, change communications frequencies, reprogramming software, etc.), and otherwise working to replace these sources and methods in some way to avoid further exposure. They hope to restore secrecy to the people and programs, and restore quality to the intelligence that might have been harmed through exposure.

While all this covert review work is going on, the FBI will no doubt be doing an ordinary shoe-leather investigation into the folks who have been going in and out of Mar-a-Lago over the last 18 months after the security of the resort was scaled back to simply protect the former president. They will be looking at guests and staff alike, trying to see what can be learned from videos, logs of visits, work schedules, and in some cases interviews. They will be looking at the White House document handling, especially after December 18, 2020 when the head of the White House Office of the Staff Secretary resigned and no one was named to take his place — even in an acting capacity — until January 20, 2021. They will be doing deeper domestic investigations of any new foreign agents that were identifies by the IC analysts.

And then there’s the investigation that NARA is probably already trying to complete: what other documents from the Trump White House were not turned over?

This is all very time consuming and expensive. You don’t want to do this if it isn’t necessary, but you absolutely have to do it if these sources and methods are likely to have been (or actually were) blown. Only when the Why?, Why?, and Why not? questions have been answered can the forward looking work really begin in earnest.

There’s a lot more that can be inferred about what an intelligence review would contain, but one thing is certain. The panel of judges from the 11th Circuit Court of Appeals and Special Master Raymond Dearie are focused on what Judge Cannon does not want to recognize: this is not a case about misfiled documents, but a national security case in which documents hold the key to assessing the dangers posed and actual damage done to our nation, so that the current government can begin to address it.

That Bratt-I-Am, That Bratt-I-Am, I Do Not Like That Bratt-I-Am

Red Docs, Blue Docs . . .

In the far-away land of Mar-A-Lago
sits a once-vaunted leader, now brought very low.
His voice, once ubiquitous, lordly, and loud
has become but a whimper, no longer so proud.
The cameras have vanished, the crowds have all shrunk,
as he scrambles for donors, this fallen-down punk.

And then come his lawyers, with news of a guest,
A visit un-looked for, unwelcome, unblessed.

“That Bratt-I-Am, that Bratt-I-Am,
I do not like that Bratt-I-Am.”

“You must return those stolen docs.
You must return them, yes, every box.”

“I do not have a box of docs,
and they are mine, you lying fox.”

But then they came and then they found
docs aplenty, all around . . .

One doc, two docs
red docs, blue docs
Docs TOPSECRET/SCI
Docs with pictures from on high
Docs with covers, docs with stamps,
Docs in files marked “terror camps”
Docs from spies and docs from techs
Docs ’bout planes on navy decks
Docs on armies, docs on friends
Docs on missiles, docs on end!

“I do not like you, Bratt-I-Am!
I do not like your little scam.
You only fight ’cause I am so strong!
You only fight ’cause Biden is wrong!
Besides, I don’t have the docs that you seek
or, if I do, they’re mine, free to keep!”

A pause, then that voice so quietly speaks
pricking his bubble; his vanity leaks.

“There’s only one president, you see,
and you are not it, quite obviously.
You’ve filed lots of lawsuits and lost every one
and Biden, not you, is the one who has won.

“The law is quite clear: these docs are ours.
You have no magic pixie dust powers.
You cannot claim them, nor take them home;
they belong to us, not you alone.
You must return those stolen docs.
You must return them, yes, every box.

“These classified docs are not like cheap porn
They’re CONFIDENTIAL and SECRET, ORCON, and NOFORN.
They’re stuff you can’t look at outside of a SCIF.
There are but a few even granted a sniff.
They should be under watch, behind guarded doors,
not left in a closet or stashed into drawers.
They must be sent back, each one of these docs
They must be returned, yes, every last box.

“We’ll come to you, or you to us.
You can return them on a bus.
You can return them on a train.
You can return them on a plane.
You can return them at your house.
You can return them with a mouse.
You must return those stolen docs.
You must return them, yes, every box.”

“But I *want* them, because they are mine!
and you cannot have them – don’t cross that line!”

“Have you read this warrant, here?
Do you not see? Is it not clear?
The judge agrees – you have no choice.
You must comply, so please, no more noise.
You must return those stolen docs
You must return them, yes, every box.”

“That Bratt-I-Am, that Bratt-I-Am,
I do not like that Bratt-I-Am!”

“Boxes of documents, boxes of pics,
Boxes of letters – be sure there’re no tricks!
We’ll carefully pack them and give you a list
(It *will* be redacted, but we’ll give you the gist)
We’ll guard them as well as the law says we must.
We’ll guard them much better than you have, we trust.

“For crimes have been crimed, as we have deducted:
espionage, theft, and justice obstructed.
The proof, we believe, will emerge box by box
from rooms where you’ve kept them without any locks.
The charges will follow, and names will be named
and soon the guilty in court will be blamed.

“Justice is coming,” says Bratt-I-Am,
and that once-vaunted leader can only say . . .
“Damn.”

Merrick Garland Preaches to an Overseas Audience

Alexander Vindman thanks Attorney General Garland

When Merrick Garland gave his brief press statement yesterday about the search of Mar-a-Lago, he had various audiences in mind. One was Donald Trump and his defenders, calling their bluff by announcing that the DOJ was moving to unseal the search warrant and list of items seized. Another was his own DOJ employees, to let them know that he had their backs and would support them when the rightwing attacked them. But as I listened to him, I thought that perhaps the most critical audience were the leaders of nations all around the globe — and especially the heads of their intelligence services. When hours later the story broke that some of the documents the DOJ were seeking were nuclear related, I dropped the mental “perhaps”. To build on one of Marcy’s previous posts, let me add that this is a huge foreign policy story, which is largely missing from the current discussion in the media.

Think back to the beginning of the Trump administration. On May 15, 2017, a disturbing story hit the news:

President Donald Trump disclosed highly classified information to Russia’s foreign minister about a planned Islamic State operation, two U.S. officials said on Monday, plunging the White House into another controversy just months into Trump’s short tenure in office.

The intelligence . . . was supplied by a U.S. ally in the fight against the militant group, both officials with knowledge of the situation said.

H.R. McMaster categorically denied it, and as the story unfolded over time, McMaster was lying through his teeth. The unnamed ally was later revealed to be Israel, who had a mole inside an ISIS cell. And Trump blithely blew the cover of that Israeli asset by bragging to Lavrov.

Shortly after this meeting (at which Trump also bragged about just having fired James Comey), US intelligence officials made a bold move. From CNN:

In a previously undisclosed secret mission in 2017, the United States successfully extracted from Russia one of its highest-level covert sources inside the Russian government, multiple Trump administration officials with direct knowledge told CNN.

A person directly involved in the discussions said that the removal of the Russian was driven, in part, by concerns that President Donald Trump and his administration repeatedly mishandled classified intelligence and could contribute to exposing the covert source as a spy.

The decision to carry out the extraction occurred soon after a May 2017 meeting in the Oval Office in which Trump discussed highly classified intelligence with Russian Foreign Minister Sergey Lavrov and then-Russian Ambassador to the US Sergey Kislyak. The intelligence, concerning ISIS in Syria, had been provided by Israel.

This was the opening act of the Trump presidency. From the very beginning, intelligence officers worried about how Trump handled classified information. Our intelligence officers worried, and so did the intelligence officers of our allies, as they asked themselves some version of the question “Will Trump say something or do something that will get us killed?” In a completely different way, so did the intelligence officers of our adversaries. If Trump were to rashly reveal something he learned about the capabilities of our adversaries, it could have disastrous consequences for those countries and their leaders, as the reaction to the revelation could easily spiral out of control in unforeseeable ways.

And the damage was done.

A lot of the work of intelligence services is, if not cooperative, then transactional. “I have some information you would like,” says an ally to us, “and we’ll pass it along to you in exchange for something we need.” That favor might be us passing information back to them on another subject, or supporting some foreign policy objective. That favor might be immediate, or something later. Among the Five Eyes nations (US, UK, Australia, New Zealand, and Canada) and the major NATO allies, that relationship was formalized into regular practice.

But now, with Trump’s first foray into intelligence matters, all these countries worried about passing things along that under previous administration they never would have hesitated to share. With good reason.

Fast forward four years, past all the bizarre meetings with Russia where notes were not taken, past the stunning press conference in Helsinki where Trump declared he trusted Putin’s word over the word of his own intelligence services, past all the coddling of authoritarians, past all the threats to withdraw from NATO, past all the insults to our allies around the world . . . Fast forward past all of that, and there came November 2020. On the Sunday after the election, when Biden was declared the president-elect and foreign leaders began to offer their congratulations, the New York Times discussed the deeper reactions of European leaders to Biden’s election:

David O’Sullivan, former European Union ambassador to the United States, said he looked forward to a renewal of American leadership — if not the hegemony of the past, then at least “America’s role as the convening nation” for multilateral initiatives and institutions.

But the world has changed, and so has the United States, where the Biden victory was relatively narrow and not an obvious repudiation of Mr. Trump’s policies. A fundamental trust has been broken, and many European diplomats and experts believe that U.S. foreign policy is no longer bipartisan, so is no longer reliable.

Biden, with his decades of experience with foreign policy, knew this was true, which meant that two of his most critical appointments would be his Secretary of State and his CIA Director. For State, he chose Anthony Blinken, who had served in the State Department under President Clinton and on the White House national security staff in both the Clinton and Obama administrations, and for CIA he chose William Burns.

Burns was not a product of the intelligence community. He was a career State Department diplomat, but not just any diplomat. From 2001 to 2005, as the US reacted to the attacks on 9/11, Burns was the Assistant Secretary of State for Near Eastern Affairs — that is, the Middle East. From 2005 until 2008, as Vladimir Putin tightened his hold of the office of President of Russia following the chaos of the Yeltsin era, Burns was the US Ambassador to Russia. From 2008 to 2011, Burns held the position of Undersecretary of State for Political Affairs – the #4 position at State and the highest office reserved for a career foreign service officer. By the end of his 32 year tenure, he held the rank of Career Ambassador – the State Department’s equivalent to a four-star general.

Beyond running the CIA, the new director had to rebuild all those broken international relationships and restore that “fundamental trust” between the US and the world. That’s what made Burns such a great choice.

When the National Archives discovered classified information had not been turned over when Trump left office, they brought the news to the DOJ. I have this vision of Garland swallowing hard, and then arranging a meeting with Burns, DNI Victoria Nuland Avril Haines [corrected], and the other US intelligence agency heads to let them know what Trump had done. I can see the shock on their faces, followed by the “of course he did” sighs of resignation. Then the wheels start turning as each tries to figure out how this affects their agency.

But I also imagine Burns, either in the meeting or in a private conversation, telling Garland one thing: “I have no doubts about your department and your passion for justice. If there is anything I can do to assist, just let me know. I won’t press you to share things with me that you shouldn’t share — you do your job and I’ll do mine. But there’s one thing you need to know. You may already know it, but let me reinforce it. The. Whole. World. Is. Watching. Our allies are just beginning to trust us again, and how you handle this will determine whether that continues or is blown to bits. From a foreign policy perspective, especially on the intelligence side, we *have* to get this right.” That’s total fantasy on my part, but I’m reasonably confident that something like that was communicated, one way or another.

Two days ago, when the search was first revealed, Garry Kasparov tweeted, “For those who live where the law exists only to serve the powerful and oppress the rest–as I did in the USSR and Putin’s Russia–the dictum that no one is above the law is nearly awe-inspiring.”

The American legal community is watching this all unfold very carefully, with an eye toward all the minutia of the various legal questions at issue. The US political folks on every side are watching this carefully, with an eye toward the midterms and 2024. US media organizations are watching this carefully, trying to figure out how to cover the story. Ordinary Americans are watching this carefully, for all kinds of reasons.

And beyond our borders, the whole world is watching, as that Kasparov tweet indicates. It shows that Garland is reaching that worldwide audience, even before the word “nuclear” became part of the story.

In his long-ago testimony before Congress about that “perfect phone call,” Alexander Vindman captured in three words the essence of US foreign policy, and he repeated them as a hashtag in that tweet above. In the actions of the DOJ this past week, Garland is giving Vindman a big “Amen.”

Russia, if you’re listening, listen to Vindman. #HereRightMatters indeed.

I know we’ve got a fair chunk of readers outside the US, and I’d love to hear in the comments what you all are seeing in the coverage your countries.

 

A ‘Dicks Out’: On the Reported U.S. Intelligence Assist to Ukraine

[NB: check the byline, thanks. /~Rayne]

By now you’ve probably read Marcy’s post, Bragging on U.S. Intelligence. I agree with her take in part, but I suspect the situation isn’t just dick-wagging.

It’s a ‘dicks out‘ situation, an attempt using the media to make a statement.

Not in the sense there’s any competition here between dick-swinging leaders — dick-wagging — but in the sense there’s a display. It looks like a show of power and it is, reminding Putin and Russia’s military leadership within view of the Russian public and the globe that the world’s largest army can aid an eastern European democracy and make it look like it’s a trifling amusement.

Russia media already acknowledges the aid provided by the U.S. and other NATO countries is tough competition.

The report about U.S. intelligence in The New York Times wasn’t a surprise to Russia, though. There had been numerous reports in social media about a U.S. military surveillance aircraft flying over the Black Sea shortly before the Moskva was reported to have taken a hit from Ukraine’s Neptune missiles — or caught fire, if one paid attention only to pro-Russian accounts. The flight was not unexpected as the U.S. had been flying surveillance over the Black Sea for years before the invasion began.


Note there was more than just a lone P-8 flying surveillance the day the Moskva was hit, though these reports shared here are likely well after the attack.

What’s not clear is the timing of the attack on the Moskva — late on April 13, or very early on April 14. Lithuania’s Defense Minister posted early morning ET about the attack:

By evening GMT the vessel had sunk which Russia confirmed.

Russia and the U.S. have had run-ins over the Black Sea even during the Trump administration.

The U.S. military made a point then that its duties continued in spite of the change in leadership. This may even have been an issue during the Helsinki summit in July 2018 but we may not know for certain since Trump squelched interpreter’s notes.

~ ~ ~

The British newspaper The Times reported at 12:01 a.m. BST on April 20 about the same surveillance aircraft which had been sighted over the Black Sea before the Moskva was in distress.

A U.S. aircraft was patrolling the Black Sea in the hours before the Moskva was hit by Ukrainian missiles, The Times can reveal.

A Boeing P8 Poseidon was within 100 miles of the Moskva on the day the Russian cruiser sustained catastrophic damage. …

“The Times can reveal” suggests either The Times were waiting validation from local sources, or the outlet had received authorization to report this news from either British or U.S. military. The just-past-midnight time stamp suggests the latter.

But this wasn’t just a show of power for the benefit of NATO; EU member states who are NATO members are too deeply committed now whether the U.S. gets involved or not providing assistance to Ukraine. The chances of Russia nailing a EU member accidentally or on purpose is real, while the risk to the U.S. is slim to none; we don’t have any real skin in the game. NATO members likely knew already the U.S. was providing intelligence because of the emergency session between NATO and G-7 allies on March 24 in Brussels where commitments of effort from sanctions and aid were discussed.

Who else benefited from the published confirmation the U.S. had provided intelligence to Ukraine? Cui bono?

1. Ukraine — not just because they have access to the intelligence apparatus of the largest military in the world, but their own intelligence sources and methods are no longer in the spotlight drawing the attention of Putin and his remaining intelligence system from FSB to ad hoc hacking teams.

2. U.S. — because one of the audiences who needs to know U.S. intelligence is both capable and effective is the U.S. itself, in Congress, the intelligence community, and the public; the reports assure the general public in the U.S. and abroad that the U.S. has an active role if not as a combatant. We’re providing intelligence as well as materiel but not the personnel who ultimately act on intelligence available.

3. U.S. corporations — in particular, Apple and John Deere, because there have been stories of apps built into their products which may have allowed their hardware to be used for intelligence collection directly and indirectly, placing the companies at risk of attack by Russia.

4. Iran and other parties to the JCPOA P5+1 agreement — because elements in Iran are still demanding revenge for the assassination of Lt. General Qasem Soleimani; it’s a reminder the U.S. is watching though Iran’s intelligence apparatus surely knows this; factions desiring a return to the agreement know retribution works against them.

5. Japan — with Russia’s military demonstrating weakness, Japan has seen opportunity to not only recover some of its stature post- Abe but make demands related to the occupation of the Kuril Islands; its public may be reassured its partner is watching Russia closely as it does so.

6. Taiwan — China is watching closely how the U.S. responds to Russia’s invasion of Ukraine as a model for its response should China attempt to realize its One China ideology and take Taiwan; it’s already seen in Hong Kong a lack of U.S. intervention. While China’s leadership surely knows about U.S. intelligence provided to Ukraine, Taiwan’s public needs to know this is on the table for them as well.

7. Aspiring NATO members Finland and Sweden — while these two countries have been prepared for Russian hostilities since WWII, the invasion of Ukraine has heightened their sensitivity to national security. Both are now pursuing membership in NATO as Marcy mentioned; open acknowledgment of the benefits of membership may help their public feel more at ease with joining after holding out for so long.

Marcy’s post noted the value of the publicized intelligence to several of these beneficiaries’ voting constituencies.

Of all of who benefit, two most critical are Ukraine and U.S. corporations. As a ‘dicks out’ effort, the U.S. draws attention to itself and its intelligence capabilities which the media have gladly hyped up.

I have to wonder if this change in NYT hed was really because of an error, or an attempt to ensure the Russians were sitting up, paying attention to, and pissed off at the U.S.


Especially since the NYT’s article pointedly said there was no targeting information.

… The Pentagon press secretary, John F. Kirby, asked about a report in The Times of London that a Navy P-8 spy plane from Sigonella air base in Italy was tracking the Moskva before it was hit by Ukraine, spoke of air policing missions in the Black Sea as part of a carefully worded response: “There was no provision of targeting information by any United States Navy P-8 flying in these air policing missions,” he said. …

By drawing attention away from Ukraine and U.S. corporations, the use of non-traditional sources of intelligence based on non-government private resources becomes less obvious, potentially reducing their risk from retaliatory attack by Russia.

(An aside: Did you know that Apple iPhones were the second or third most popular cell phone in Russia? While Apple has now stopped selling its products in Russia, it’s not clear iPhones and MacBooks are no longer operative on Russian networks.)

~ ~ ~ 

There were two other things worth noting related to the day the Moskva was hit and Russia’s response afterward.

First, the U.S. Navy P-8 (and other surveillance craft) weren’t the only unusual flights on April 14. A “Doomsday” plane took off from Moscow; the plane is equipped for use in the event of nuclear war.


But it wasn’t just a Russian “Doomsday” plane in the air that same day.


Most media didn’t appear to have noticed the Russian plane. The Daily Express-UK published an article on April 14 at 13:16 hours London time, edited at 14:25 hours, about the Russian craft’s kit, and wrote about a flight at 4:16 pm which lasted nearly four hours. It also mentioned the U.S. “Doomsday” plane taking a flight but in little detail. The Daily Express didn’t tweet their article.

Second, Russia told the families of Moskva crew members who died on April 14 that they would not receive survivor compensation:

This seems particularly callous especially since crew members families were told little to nothing immediately following the Moskva’s “fire” and sinking, calling to mind the handling of the Kursk submarine disaster. Were the Moskva’s crew and their surviving families punished financially for failing?

Another particularly odd detail was the immediate reaction of crew on board the Moskva after it was hit by Ukraine’s Neptune missiles — the radar didn’t respond as if it wasn’t watching for another attack, and life boats didn’t appear to be deployed and loaded once the ship appeared to be in extremis. A report by U.S. Naval Institute News said the ship was blind to the attack, its radar not detecting surveillance by drones or planes or the missiles once it was targeted.

One analysis of the attack in this following Twitter thread suggests the weather conditions the night of April 13/morning April 14 may have helped mask the missiles if the radar was working and its 180-degree range aimed in the correct direction.

There are a lot of ifs here even after reading an analysis of the attack (pdf) shared by USNI News.

Perhaps the publication of the news that the U.S. intelligence isn’t merely a ‘dicks out’ statement to garner attention away from others, or make the point the U.S. is assisting with intelligence up to but not including targeting.

Perhaps the message was meant to tell Putin, “The U.S. intelligence community knows exactly what happened to the Moskva,” implying another mishandling of information a la the Kursk could be used strategically against weakened Russian leadership.

The deployment of our own “Doomsday” plane the same day Putin moved his also says something, but that may be even more cryptic and intended for a very small audience compared to the ‘dicks out’ about the Moskva’s sinking.

Open Thread: The Case of Fake Federal Personnel in the Navy Yard [UPDATE-1]

[NB: check the byline, thanks. Update(s) if any will appear at the bottom of this post. /~Rayne]

This thread is for all discussion related to the bizarre case in Washington D.C. which began to unfold yesterday afternoon/evening with a raid on an apartment building:

Mike Balsamo-Associated Press had one of the earliest reports:

In a nutshell, two men have been arrested for impersonating federal employees after the U.S. Postal Inspection Service began an investigation into the alleged assault of a postal carrier in/near the building raided yesterday in the D.C. Navy Yard area.

I don’t even know how to categorize this story yet. On the face of it I’m going with this being an intelligence story.

Can’t even be certain whose intelligence it is at work if this is indeed an intelligence story:

– one person arrested has a Persian (Iranian?) name;
– the other person arrested has an Arabic name;
– a third person mentioned during the course of reporting has a Russian/Belarusian name and their gender hasn’t been clarified;
– the person with a Persian name is linked to a mess of corporations, some located in the Midwest, linked to yet more persons who may/may not be related to this unfolding case;
– there’s a lot money involved though it’s an open question whose money it is;
– there are expensive professional office spaces involved;
– the suborning or bribery of Secret Service personnel is really, REALLY problematic;
– the amount of detail generated to create this operation/program suggests even more money involved.

Bring everything you have about this developing story to this thread along with any other stray cat and dog topics.

If there are updates to this story they will appear at the bottom of this post.

~ ~ ~

UPDATE-1 — 12:30 AM EST 08-APR-2022 —

No big developments, just a preliminary timeline based on news reports and the affidavit filed with D.C.’s district court (affidavit via Google Docs).

2006 — Incorporation of On Point Productions, LLC, in Missouri by Arian Taherzadeh.

June 11, 2018 — first post on United States Special Police Facebook page.

March 1, 2019 — listed by International Association of Police Chiefs as “Taherzadeh, Arian, Special Agent, US Special Police” in Washington, D.C. [Source (pdf)]

September 23, 2019 — On Point Productions, LLC name changed to US Special Police, LLC in Missouri.

October 16, 2019 — archive date of USSP website (archive is empty).

early 2021 — “Metro Police did a search of Taherzadeh’s unit when a person from a surrounding apartment building made a call reporting a sighting of firearms in his 3-bedroom corner unit through an open window.” [Source]

Febuary 2021-January 2022 (TBD) — At some point during this period of time, Taherzadeh introduced himself to Witness 3, a Secret Service member, as an HSI agent working in a gang unit with DHS.

Febuary 2021-January 2022 (TBD) –Taherzadeh told Witness 5, a Secret Service member, he was with HSI.

June 2021 (TBD) — Taherzadeh introduced himself to Witness 4, a DHS-HSI Document Analyst Expert, and told then he knew they were with HSI or US Citizenship Immigration Service. Taherzadeh told Witness 4 he was undercover for HSI which Witness 4 couldn’t validate.

July 2021 — Taherzadeh told Witness 1 later interviewed by FBI that he was a special agent with Homeland Security Investigations (HSI), that Ali was with HSI as well.

July 4, 2021 (TBD) — Witness 2, a Secret Service agent, was introduced to Taherzadeh and Ali as HSI agent and analyst respectively.

January 2022 (TBD) — Witness 5 moved out of apartment Taherzadeh had provided; Witness 5 saw Taherzadeh move “law enforcement and computer equipment” into the vacated apartment.

February 2, 2022 — Taherzadeh sent Witness 2 a photo claiming he was attending HSI training; investigation determined it was a stock photo.

March 14, 2022 — U.S. Postal Inspector (USPIS) began investigation into alleged assault of mail carrier; inspector was told Taherzadeh and Ali, believed to be DHS personnel, may have been witnesses.

TBD, 2022 — USPIS interviewed Taherzadeh and Ali who made claims they were DHS/HSI/”special police”/deputized/working on gangs and January 6 investigation.

April 6, 2022 — “A member of building management, Kelly Cianciola, sent a statement to Crossing DC tenants around 11:30 a.m. Thursday claiming that the 4:00 p.m. raid came after search warrants were presented to front desk staff due to an FBI investigation.” [Source] (Why the heads up?)