The Unmasking Panic and the Flynn Plea

Yesterday, Eli Lake was the first person to confirm the identity of the “very senior” official who “directed FLYNN to contact officials from foreign governments, including Russia, to learn where each government stood on the resolution” condemning Israel’s illegal settlements.

At the time, the U.N. Security Council resolution on Israeli settlements was a big deal. Even though the Obama administration had less than a month left in office, the president instructed his ambassador to the United Nations to abstain from a resolution, breaking a precedent that went back to 1980 when it came to one-sided anti-Israel resolutions at the U.N.

This was the context of Kushner’s instruction to Flynn last December. One transition official at the time said Kushner called Flynn to tell him he needed to get every foreign minister or ambassador from a country on the U.N. Security Council to delay or vote against the resolution. Much of this appeared to be coordinated also with Israeli prime minister Benjamin Netanyahu, whose envoys shared their own intelligence about the Obama administration’s lobbying efforts to get member states to support the resolution with the Trump transition team.

Lake was also the reporter who got the earliest “scoops” on the unmasking panic earlier this year.

There’s a reason for that. They’re the same story.

In April, I laid out how Devin Nunes was at the center of both the January unmasking panic and the panic on behalf of a bunch of Republicans, during the Iran deal negotiations, who got their collusion with Bibi Netanyahu to kill the deal sucked up.

Throughout his ongoing information operation to claim the Obama White House spied on the Trump transition team, Devin Nunes has pointed to what he claimed was a precedent: when, in December 2015, members of Congress suddenly copped on that their conversations with Bibi Netanyahu would get picked up incidentally. In his March 22 press conference, he explained,

We went through this about a year and a half ago as it related to members of Congress, if you may remember there was a report I think it was in the Wall Street Journal and but then we had to have we had a whole series of hearings and then we had to have changes made to how Congress is informed if members of Congress are picked up in surveillance and this looks it’s like very similar to that.

Eli Lake dutifully repeated it in the second of his three-post series pitching Nunes’ information operation.

A precedent to what may have happened with the Trump transition involved the monitoring of Israel’s prime minister and other senior Israeli officials. The Wall Street Journal reported at the end of 2015 that members of Congress and American Jewish groups were caught up in this surveillance and that the reports were sent to the White House. This occurred during a bitter political fight over the Iran nuclear deal. In essence the Obama White House was learning about the strategy of its domestic political opposition through legal wiretaps of a foreign head of state and his aides.

But Lake didn’t apparently think through what the implications of Nunes’ analogy — or the differences between the two cases.

Here’s the WSJ report and CBS and WaPo versions that aren’t paywalled. All make it very clear that Devin Nunes took the lead in worrying about his conversations with Bibi Netanyahu being sucked up (I don’t remember Republicans being as sympathetic when Jane Harman got sucked up in a conversation with AIPAC).

It’s clear now that it’s all one panic.

The most public confirmed unmasking involved Susan Rice discovering that Sheikh Mohammed bin Zayed al-Nahyan had a secret meeting with Flynn, Kushner, and Bannon in NY.

Former national security adviser Susan Rice privately told House investigators that she unmasked the identities of senior Trump officials to understand why the crown prince of the United Arab Emirates was in New York late last year, multiple sources told CNN.

The New York meeting preceded a separate effort by the UAE to facilitate a back-channel communication between Russia and the incoming Trump White House.
The crown prince, Sheikh Mohammed bin Zayed al-Nahyan, arrived in New York last December in the transition period before Trump was sworn into office for a meeting with several top Trump officials, including Michael Flynn, the president’s son-in-law, Jared Kushner, and his top strategist Steve Bannon, sources said.

But we now know that there would be intercepts between Netanyahu and Kushner leading up to it.

I wouldn’t even be surprised if the Republicans are so certain they’ve been unmasked because Israel has their own way of discovering such things.

I’ve laid out how Jared Kushner’s “peace” “plan” really is just an attempt to remap the Middle East to the interests of Israel and Saudi Arabia, interests which require significantly more belligerence against Iran than Obama showed. The unmasked discussions would include the ones that preceded Kushner’s order to Flynn to try to undercut the resolution, as well as whatever else Kushner discussed with Netanyahu at the time.

Next Stop: Jared

This morning at 8, I was on Democracy Now talking about how then reported and now completed Flynn plea agreement would focus attention directly on Jared.

Since then, Mike Flynn indeed pled guilty to one charge of false statements to the FBI about various conversations with Sergei Kislyak, promising he’d fully cooperate with Mueller’s inquiry. Reports describe that Flynn spoke with an unnamed senior advisor who was at Mar A Lago at the time about his December 29 conversations with Kislyak, which pertained to Russian sanctions. They also say Flynn will testify against Trump and members, plural, of his family, particularly regarding the orders he had to reach out to Russia.

The other lie charged about conversations with Kislyak involves a request that Russia try to delay or shut down a vote on condemning Israel’s illegal settlements.

That’s a key lie, because we know who was pushing that: Jared Kushner (though the court filing suggests it might be someone even more senior).

Robert Mueller’s investigators are asking questions about Jared Kushner’s interactions with foreign leaders during the presidential transition, including his involvement in a dispute at the United Nations in December, in a sign of the expansive nature of the special counsel’s probe of Russia’s alleged meddling in the election, according to people familiar with the matter.

The investigators have asked witnesses questions about the involvement of Mr. Kushner, President Donald Trump’s son-in-law and a senior White House adviser, in a controversy over a U.N. resolution passed Dec. 23, before Mr. Trump took office, that condemned Israel’s construction of settlements in disputed territories, these people said.

Israeli officials had asked the incoming Trump administration to intervene to help block it. Mr. Trump posted a Facebook message the day before the U.N. vote—after he had been elected but before he had assumed office—saying the resolution put the Israelis in a difficult position and should be vetoed.

[snip]

Israeli officials said at the time that they began reaching out to senior leaders in Mr. Trump’s transition team. Among those involved were Mr. Kushner and political strategist Stephen Bannon, according to people briefed on the exchanges.

So that second lie — and almost certainly the first — involves Kushner directing Flynn.

I noted yesterday CNN’s report that in the last few weeks — so during the window when Mueller was in close discussions about Flynn flipping — Mueller’s team interviewed Kushner asking if he had any exonerating information on Flynn.

Mueller’s team specifically asked Kushner about former national security advisor Michael Flynn, who is under investigation by the special counsel, two sources said. Flynn was the dominant topic of the conversation, one of the sources said.

[snip]

The conversation lasted less than 90 minutes, one person familiar with the meeting said, adding that Mueller’s team asked Kushner to clear up some questions he was asked by lawmakers and details that emerged through media reports. One source said the nature of this conversation was principally to make sure Kushner doesn’t have information that exonerates Flynn.

The meeting took place around the same time the special counsel asked witnesses about Kushner’s role in the firing of former FBI Director James Comey and his relationship with Flynn, these people said.

Mueller was, effectively, locking in Kushner’s testimony before Flynn flipped. As I said this morning, speaking of that meeting,

The Kushner meeting was reported as kind of one of the last things that Mueller had to put into place before this plea agreement that people have been talking about with Mike Flynn. And that suggests that there is more news about to drop regarding Mike Flynn that I think is going to really dramatically change how Republicans take the Russian investigation.

Flynn had been avoiding discussing plea agreements for months and months and months, and then really in the last two weeks, all of a sudden it seems like it’s about to happen. Mueller has more leverage over Flynn in the last couple of weeks. It may be Turkey, because a key witness in New York has turned state’s evidence and apparently has information on Flynn. I think there’s some other information.

And so, Flynn, we expect, is moving towards a plea agreement. We expect, or I expect, that’s going to add a lot more pressure on Trump. And I have been saying for months that the way to get to Kushner is through Flynn. Because a lot of the events in which Flynn was involved, such as meeting with Sergei Kislyak in December, they connect very closely with activities that Kushner is known to be involved with.

Kushner may now be hoping he’ll be in a he-said he-said with Flynn, except it’s unlikely Mueller would give Flynn this easy plea without a whole lot more to know that Flynn would be telling the truth. Remember, Kushner is one of the few people aside from Flynn himself who has a very appropriate lawyer for this kind of issue.

Throwing H2O on the Pompeo to State Move

I could be totally wrong, but I don’t think the reported plan for Rex Tillerson to step down, to be replaced by Mike Pompeo, who in turn will be replaced by Tom Cotton (or maybe Admiral Robert Harward because Republicans can’t afford to defend an Arkansas Senate seat), will really happen.

The White House has developed a plan to force out Secretary of State Rex W. Tillerson, whose relationship with President Trump has been strained, and replace him with Mike Pompeo, the C.I.A. director, perhaps within the next several weeks, senior administration officials said on Thursday.

Mr. Pompeo would be replaced at the C.I.A. by Senator Tom Cotton, a Republican from Arkansas who has been a key ally of the president on national security matters, according to the White House plan. Mr. Cotton has signaled that he would accept the job if offered, said the officials, who insisted on anonymity to discuss sensitive deliberations before decisions are announced.

I say that for two reasons.

First, because of all the evidence that Mike Flynn is working on a plea deal. Particularly given that Mueller has decided he doesn’t need any more evidence of Flynn’s corrupt dealings with Turkey, I suspect his leverage over Flynn has gone well beyond just those crimes (which, in turn, is why I suspect Flynn has decided to flip).

I think that when the plea deal against Flynn is rolled out, it will be associated with some fairly alarming allegations against him and others, allegations that will dramatically change how willing Republicans are to run interference for Trump in Congress.

If I’m right about that, it will make it almost impossible for Pompeo to be confirmed as Secretary of State. Already, Senate Foreign Relations Committee Chair Bob Corker, who’d oversee the confirmation, is sending signals he’s not interested in seeing Pompeo replace Tillerson.

“I could barely pick Pompeo out of a lineup” Sen. Bob Corker (R-Tenn.), chairman of the Senate Foreign Relations Committee, said Thursday morning.

Already, Pompeo’s cheerleading of Wikileaks during the election should have been disqualifying for the position of CIA Director. That’s even more true now that Pompeo himself has deemed them a non-state hostile intelligence service.

Add in the fact that Pompeo met with Bill Binney to hear the skeptics’ version of the DNC hack, and the fact that Pompeo falsely suggested that the Intelligence Community had determined Russia hadn’t affected the election. Finally, add in the evidence that Pompeo has helped Trump obstruct the investigation and his role spying on CIA’s own investigation into it, and there’s just far too much smoke tying Pompeo to the Russian operation.

All that will become toxic once Mike Flynn’s plea deal is rolled out, I believe.

So between Corker and Marco Rubio, who both treat Russia’s hack of the election with real seriousness (remember, too, that Rubio himself was targeted), I don’t see how Pompeo could get out of the committee.

But there’s another reason I don’t think this will happen. I suspect it — like earlier threats to replace Jeff Sessions — is just an attempt to get Tillerson to hew the Administration line on policy. The NYT cites Tillerson’s difference of opinion on both North Korea and Iran.

Mr. Trump and Mr. Tillerson have been at odds over a host of major issues, including the Iran nuclear deal, the confrontation with North Korea and a clash between Arab allies. The secretary was reported to have privately called Mr. Trump a “moron” and the president publicly criticized Mr. Tillerson for “wasting his time” with a diplomatic outreach to North Korea

It’s Iran that’s the big issue, particularly as Jared frantically tries to finish his “peace” “plan” before he gets arrested himself. The fact that Trump has floated Cotton as Pompeo’s replacement is strong support for the notion that this is about forcing Tillerson to accept the Administration lies about Iran and the nuclear deal: because Cotton, more than anyone else, has been willing to lie to oppose the deal.

Trump is basically saying that unless Tillerson will adopt the lies the Administration needs to start a war with Iran, then he will be ousted.

But Tillerson’s claim that he doesn’t need to replace all the people who’ve left state because he thinks a lot of domestic issues will be solved soon seems to reflect that he’s parroting the Administration line now.

Obviously, there’s no telling what will happen, because Trump is completely unpredictable.

But he also likes to use threats to get people to comply.

Update: CNN now reporting I’m correct.

On the Jared and Flynn Stories

Amid reports that Mike Flynn is flipping like a pancake, CNN reported (in addition to a report that Mueller’s team canceled a grand jury appearance for former Flynn business associates) that Jared Kushner was asked a bunch of questions about Flynn in an interview earlier this month.

Before reading the details CNN provides, however, consider this line in the story:

It’s not clear that this is the only time that Kushner will meet with the special counsel’s team.

That is, the subtext here is that, even as Mueller’s team preps a plea deal with Flynn, he’s well aware that he remains a key target in conjunction with Flynn events, and may get hauled back before Mueller’s team for all the other stuff. Effectively, they were locking in Kushner’s testimony — including, presumably, about what kind of permission/instructions Flynn had to engage in the corrupt foreign deals he was pushing — from Kushner and his pop-in-law before flipping Flynn.

So here’s how CNN describes the Flynn questions:

Mueller’s team specifically asked Kushner about former national security advisor Michael Flynn, who is under investigation by the special counsel, two sources said. Flynn was the dominant topic of the conversation, one of the sources said.

[snip]

The conversation lasted less than 90 minutes, one person familiar with the meeting said, adding that Mueller’s team asked Kushner to clear up some questions he was asked by lawmakers and details that emerged through media reports. One source said the nature of this conversation was principally to make sure Kushner doesn’t have information that exonerates Flynn.

The meeting took place around the same time the special counsel asked witnesses about Kushner’s role in the firing of former FBI Director James Comey and his relationship with Flynn, these people said.

That means, as we speak, Flynn is providing his side of this story, and explaining why Jared was so intent on firing Mueller because Mueller was actively investigating Flynn.

As I’ve long said, you get to Jared through Flynn. It seems like Jared’s team is now hoping he gets a second chance at testimony before he gets busted himself.

The Russian Metadata in the Shadow Brokers Dump

When I first noted, back in April, that there was metadata in one of the Shadow Brokers dumps, I suggested two possible motives for the doxing of several NSA hackers. First (assuming Russia had a role in the operation), to retaliate against US indictments of Russian hackers, including several believed to be tied to the DNC hack.

A number of the few people who’ve noted this doxing publicly have suggested that it clearly supports the notion that a nation-state — most likely Russia — is behind the Shadow Brokers leak. As such, the release of previously unannounced documents to carry out this doxing would be seen as retaliation for the US’ naming of Russia’s hackers, both in December’s election hacking related sanctions and more recently in the Yahoo indictment, to say nothing of America’s renewed effort to arrest Russian hackers worldwide while they vacation outside of Russia.

But leaving the metadata in the documents might also make the investigation more difficult.

[F]our days before Shadow Brokers started doxing NSA hackers, Shadow Brokers made threats against those who’ve commented on the released Shadow Brokers files specifically within the context of counterintelligence investigations, even while bragging about having gone unexposed thus far even while remaining in the United States.

Whatever else this doxing may do, it will also make the investigation into how internal NSA files have come to be plastered all over the Internet more difficult, because Shadow Brokers is now threatening to expose members of TAO.

With that in mind, I want to look at a Brian Krebs piece that makes several uncharacteristic errors to get around to suggesting a Russian-American might have been the guy who leaked the files in question.

He sets out to read the metadata I noted (but did not analyze in detail, because why make the dox worse?) in April to identify who the engineer was that had NSA files discovered because he was running Kaspersky on his home machine.

In August 2016, a mysterious entity calling itself “The Shadow Brokers” began releasing the first of several troves of classified documents and hacking tools purportedly stolen from “The Equation Group,” a highly advanced threat actor that is suspected of having ties to the U.S. National Security Agency. According to media reports, at least some of the information was stolen from the computer of an unidentified software developer and NSA contractor who was arrested in 2015 after taking the hacking tools home. In this post, we’ll examine clues left behind in the leaked Equation Group documents that may point to the identity of the mysterious software developer.

He links to the WSJ and cites, but doesn’t link, this NYT story on the Kaspersky related breach.

Although Kaspersky was the first to report on the existence of the Equation Group, it also has been implicated in the group’s compromise. Earlier this year, both The New York Times and The Wall Street Journal cited unnamed U.S. intelligence officials saying Russian hackers were able to obtain the advanced Equation Group hacking tools after identifying the files through a contractor’s use of Kaspersky Antivirus on his personal computer. For its part, Kaspersky has denied any involvement in the theft.

Then he turns to NYT’s magnum opus on Shadow Brokers to substantiate the claim the government has investigations into three NSA personnel, two of whom were related to TAO.

The Times reports that the NSA has active investigations into at least three former employees or contractors, including two who had worked for a specialized hacking division of NSA known as Tailored Access Operations, or TAO.

[snip]

The third person under investigation, The Times writes, is “a still publicly unidentified software developer secretly arrested after taking hacking tools home in 2015, only to have Russian hackers lift them from his home computer.”

He then turns to the Shadow Brokers’ released metadata to — he claims — identify the two “unnamed” NSA employees and the contractor referenced in The Times’ reporter.”

So who are those two unnamed NSA employees and the contractor referenced in The Times’ reporting?

From there, he points to a guy that few reports that analyzed the people identified in the metadata had discussed, A Russian! Krebs decides that because this guy is Russian he’s likely to run Kaspersky and so he must be the guy who lost these files.

The two NSA employees are something of a known commodity, but the third individual — Mr. Sidelnikov — is more mysterious. Sidelnikov did not respond to repeated requests for comment. Independent Software also did not return calls and emails seeking comment.

Sidelnikov’s LinkedIn page (PDF) says he began working for Independent Software in 2015, and that he speaks both English and Russian. In 1982, Sidelnikov earned his masters in information security from Kishinev University, a school located in Moldova — an Eastern European country that at the time was part of the Soviet Union.

Sildelnikov says he also earned a Bachelor of Science degree in “mathematical cybernetics” from the same university in 1981. Under “interests,” Mr. Sidelnikov lists on his LinkedIn profile Independent Software, Microsoft, and The National Security Agency.

Both The Times and The Journal have reported that the contractor suspected of leaking the classified documents was running Kaspersky Antivirus on his computer. It stands to reason that as a Russian native, Mr. Sildelnikov might be predisposed to using a Russian antivirus product.

Krebs further suggests Sidelnikov must be the culprit for losing his files in the Kaspersky incident because the guy who first pointed him to this metadata, a pentester named Mike Poor, said a database expert like Sidelnikov shouldn’t have access to operational files.

“He’s the only one in there that is not Agency/TAO, and I think that poses important questions,” Poor said. “Such as why did a DB programmer for a software company have access to operational classified documents? If he is or isn’t a source or a tie to Shadow Brokers, it at least begets the question of why he accessed classified operational documents.”

There are numerous problems with Krebs’ analysis — which I pointed out this morning but which he blew off with a really snotty tweet.

First, the NYT story he cites but doesn’t link to notes specifically that the Kaspersky related breach is unrelated to the Shadow Brokers leak, something that I also  pointed out was logically obvious given how long the NSA claimed Hal Martin was behind the Shadow Brokers leak after the government was known to be investigating the Kaspersky related guy.

It does not appear to be related to a devastating leak of N.S.A. hacking tools last year to a group, still unidentified, calling itself the Shadow Brokers, which has placed many of them online.

Krebs also misreads the magnum opus NYT story. The very paragraph he quotes from reads like this:

The agency has active investigations into at least three former N.S.A. employees or contractors. Two had worked for T.A.O.: a still publicly unidentified software developer secretly arrested after taking hacking tools home in 2015, only to have Russian hackers lift them from his home computer; and Harold T. Martin III, a contractor arrested last year when F.B.I. agents found his home, garden shed and car stuffed with sensitive agency documents and storage devices he had taken over many years when a work-at-home habit got out of control, his lawyers say. The third is Reality Winner, a young N.S.A. linguist arrested in June, who is charged with leaking to the news site The Intercept a single classified report on a Russian breach of an American election systems vendor.

That is, there aren’t “two unnamed NSA employees and [a] contractor referenced in The Times’ reporting.” The paragraph he refers to names two of the targets: Hal Martin (the other TAO employee) and Reality Winner. Which leaves just the Kaspersky related guy.

Krebs seemed unaware of the WaPo versions of the story, which include this one where Ellen Nakashima (who was the first to identify this guy last year) described the engineer as a Vietnamese born US citizen. Not a Russian-American, a Vietnamese-American.

Mystery solved Scoob! All without even looking at the Shadow Brokers’ metadata. There’s one more part of the Krebs story which is weird — that he takes the same non-response he got from the known NSA guys doxed by Shadow Brokers from Sidelnikov as somehow indicative of anything, even while if he had been “arrested” as Krebs’ headline mistakenly suggests, then you’d think his phone might not be working at all.

There’s more I won’t say publicly about Krebs’ project, what he really seems to be up to.

But the reason I went through the trouble of pointing out the errors is precisely because Krebs went so far out of his way to find a Russian to blame for … something.

We’ve been seeing Russian metadata in documents for 17 months. Every time such Russian metadata is found, everyone says, Aha! Russians! That, in spite of the fact that the Iron Felix metadata was obviously placed there intentionally, and further analysis showed that some of the other Russian metadata was put there intentionally, too.

At some point, we might begin to wonder why we’re finding so much metadata screaming “Russia”?

Update: After the Vietnamese-American’s guilty plea got announced, Krebs unpublished his doxing post.

A note to readers: This author published a story earlier in the week that examined information in the metadata of Microsoft Office documents stolen from the NSA by The Shadow Brokers and leaked online. That story identified several individuals whose names were in the metadata from those documents. After the guilty plea entered this week and described above, KrebsOnSecurity has unpublished that earlier story.

The Seychelles Meeting Inches Kushner Closer to Quid Pro Quo with Sanctioned Russian Money

The Intercept has an article that has gotten surprisingly little attention, particularly given the reports that Mike Flynn is prepping to flip on Trump and that the House Intelligence Committee will have Erik Prince testify in its investigation.

It reveals that the previously unknown identity of a Russian that Erik Prince met in the Seychelles in January is the CEO of the Russian Direct Investment Fund.

The identity of the Russian individual was not disclosed, but on January 11, a Turkish-owned Bombardier Global 5000 charter plane flew Kirill Dmitriev, CEO of the Russian Direct Investment Fund, to the Seychelles, flight records obtained by The Intercept show. Dmitriev’s plane was an unscheduled charter flight and flew to the island with two other Russian individuals, both women. The RDIF is a $10 billion sovereign wealth fund created by the Russian government in 2011.

[snip]

Although Prince repeatedly stated he couldn’t remember the Russian’s name — “We didn’t exchange cards” — a spokesperson for Frontier Services Group confirmed to The Intercept in September that Prince “crossed paths” with Dmitriev in the Seychelles.

The article goes on to note that the RDIF separated from its parent company Vnesheconombank in 2016 to evade sanctions.

While it is legal to do business with RDIF in certain circumstances, there are several nuanced restrictions that if ignored or overlooked can easily lead to a violation. The resulting uncertainty has created opportunities for companies and individuals to find loopholes to bypass sanctions.

Analysts say RDIF attempted to do this in 2016 when the fund distanced itself from its parent company, the Russian bank Vnesheconombank, or VEB, which is also subject to U.S. sanctions. Legislation signed by Putin in June 2016 enabled RDIF to transfer its management company, known as the RDIF Management Company LLC, to the Russian Federal Agency for State Property Management.

Sadly, the Intercept article doesn’t lay out the timeline this creates:

Early December: Flynn and Kushner meet with Sergei Kislyak

Later December: At the behest of Kislyak, Kushner meets with Vnesheconombank’s Sergey Gorkov

December: Mohammed bin Zayed holds undisclosed meeting in NY with Kushner and Steve Bannon

December 29: Flynn tells Kislyak Trump will ease sanctions

January 11: At behest of Mohammed bin Zayed, Erik Prince meets with Dmitriev

January 17: Anthony Scaramucci meets with RDIF in Davos

How Did Christopher Steele Collect Information after Sources (Allegedly) Dried Up?

Sorry to those who think I’m overly focused on the Christopher Steele dossier, but I’m reading Luke Harding’s book on the Russian investigation, which uses the dossier as a centerpiece. I may do a longer post about what his overall narrative does, but for now there’s a weird paragraph that conveniently is in this long excerpt I want to focus on.

After introducing the first report of the dossier (the one that features the pee tape and dated, non-email kompromat), Harding writes,

The memo was sensational. There would be others, 16 in all, sent to Fusion between June and early November 2016. At first, obtaining intelligence from Moscow went well. For around six months – during the first half of the year – Steele was able to make inquiries in Russia with relative ease. It got harder from late July, as Trump’s ties to Russia came under scrutiny. Finally, the lights went out. Amid a Kremlin cover-up, the sources went silent and information channels shut down.

There are several details that conflict with known facts and/or claimed (in some cases, sworn) ones.

First, Harding suggests there were 16 reports in all. I’m not sure whether he’s suggesting the final total of reports written between June and early November was 16 or whether he’s suggesting there were 16 additional reports in all, for a total of 17. Either way the number works out (there were 17 total reports, one of which was written after November). But that makes the November reference weird. There was no report written in early November. The last known report before the election was dated October 20, and then there wasn’t another one until that December 13 one.

  • 080: June 20, 2016
  • 086: July 26, 2015 (citing events in 2016)
  • 095: not dated
  • 94: July 19, 2016
  • 097: July 30, 2016
  • 100: August 5, 2016
  • 101: August 10, 2016
  • 102: August 10, 2016
  • 136: October 20, 2016
  • 105: August 22, 2016
  • 111: September 14, 2016
  • 112: September 14, 2016
  • 113: September 14, 2016
  • 130: October 12, 2016
  • 134: October 18, 2016
  • 135: October 19, 2016
  • 166: December 13, 2016

In any case, Harding gets the December date sort of correct later in the passage. Except he describes Glenn Simpson giving John McCain the report, dated December 13, before McCain called Jim Comey about it on December 8.

Less than 24 hours later, Kramer returned to Washington. Glenn Simpson then shared a copy of the dossier confidentially with McCain, along with a final Steele memo on the Russian hacking operation, written in December.

McCain believed it was impossible to verify Steele’s claims without a proper investigation. He made a call and arranged a meeting with Comey. Their encounter on 8 December 2016 lasted five minutes. Not much was said. McCain gave Comey the dossier.

I explain the significance of these December dates in this post.

Things are even weirder with the third sentence in this passage.

For around six months – during the first half of the year – Steele was able to make inquiries in Russia with relative ease.

According to the public narrative, Steele wasn’t working for Fusion until the Democrats asked for a Russian focus in June. And the first of his released reports relies on reporting from June. But Harding here suggests Steele was working on it for the six months before that! I pointed to circumstantial evidence that Fusion paid Steele on March 22, April 6, and May 25, in payments they don’t associate with Perkins Coie, in addition to the payments that were probably to him on July 13, August 2, September 1, October 5, and November 1.

Now check out the following sentences. Starting in “late July … the lights went out and … the sources went silent and information channels shut down.”

As the timeline above makes clear, the numbering in the dossier gets funky almost immediately, but the most likely reading suggests after that first, June 20 report, there are 4 reports from late July, and the remaining 12 reports all postdate late July. Report 100, the first post-July one, is sourced to “early August 2016” (and dated August 5).

Now, maybe the paragraph is just totally screwy. But if there’s any basis in fact to it, it suggests the public timeline is wrong (something which may be backed by the payments). More importantly, it suggests Steele’s extensive (albeit very indirect) network of sources stopped providing intelligence not long after he allegedly started his inquiry.

Did the Steele Dossier Lead the Democrats To Be Complacent after They Got Hacked?

I get asked, a lot, why I obsess over the Steele dossier. A lot of people believe that even if the dossier doesn’t pan out, it doesn’t matter because Mueller’s investigation doesn’t depend on it. I’d be more sympathetic to that view if people like Adam Schiff and John Podesta didn’t keep invoking the dossier in ways that makes their legitimate concerns easy to discredit.

But I now believe the dossier may have done affirmative damage.

Consider the timeline.

Perkins Coie lawyer Marc Elias reportedly engaged Fusion for opposition research in April (their first payment was May 24).

April 26, Joseph Mifsud told George Papadopoulos that Russians said they had “dirt” on Hillary Clinton, in the form of emails.

April 29, the DNC discovered they had been hacked. Perkins Coie partner Michael Sussman had a key role in their response.

“Not sure it is related to what the F.B.I. has been noticing,” said one internal D.N.C. email sent on April 29. “The D.N.C. may have been hacked in a serious way this week, with password theft, etc.”

No one knew just how bad the breach was — but it was clear that a lot more than a single filing cabinet worth of materials might have been taken. A secret committee was immediately created, including Ms. Dacey, Ms. Wasserman Schultz, Mr. Brown and Michael Sussmann, a former cybercrimes prosecutor at the Department of Justice who now works at Perkins Coie, the Washington law firm that handles D.N.C. political matters.

“Three most important questions,” Mr. Sussmann wrote to his clients the night the break-in was confirmed. “1) What data was accessed? 2) How was it done? 3) How do we stop it?”

Sometime in May, Robert Johnston (who then worked at Crowdstrike) briefed the DNC on the hack. He told them how much data had been stolen, but he told them intelligence hackers generally don’t do anything with the stolen data.

When he briefed the DNC in that conference room, Johnston presented a report that basically said, “They’ve balled up data and stolen it.” But the political officials were hardly experienced in the world of intelligence. They were not just horrified but puzzled. “They’re looking at me,” Johnston recalled, “and they’re asking, ‘What are they going to do with the data that was taken?’”

Back then, no one knew. In addition to APT 29, another hacking group had launched malware into the DNC’s system. Called APT 28, it’s also associated Russian intelligence. Andrei Soldatov, a Russian investigative journalist and security expert, said it’s not crystal clear which Russian spy service is behind each hacker group, but like many other cybersecurity investigators, he agreed that Russian intelligence carried out the attack.

So, Johnston said, “I start thinking back to all of these previous hacks by Russia and other adversaries like China. I think back to the Joint Chiefs hack. What did they do with this data? Nothing. They took the information for espionage purposes. They didn’t leak it to WikiLeaks.”

So, Johnston recalled, that’s what he told the DNC in May 2016: Such thefts have become the norm, and the hackers did not plan on doing anything with what they had purloined.

May 25 was likely the date on which the last emails shared with Wikileaks got exfiltrated.

On June 9, Natalia Veselnitskaya met with Don Jr, Jared Kushner, and Paul Manafort at Trump Tower. Both at a Prevezon court hearing that morning and after the Trump Tower meeting, she reportedly met with Fusion’s Glenn Simpson. Though there’s no sign of Baker Hostetler paying for any services anytime near that meeting. Sometime Fusion associate Rinat Akhmetshin accompanied Veselnitskaya to the meeting; it’s possible he was paid for work in June.

Sometime in “mid-June,” the Perkins Coie lawyer Sussman and the DNC first met with the FBI about the hack. They asked the FBI to attribute the hack to Russia.

The D.N.C. executives and their lawyer had their first formal meeting with senior F.B.I. officials in mid-June, nine months after the bureau’s first call to the tech-support contractor. Among the early requests at that meeting, according to participants: that the federal government make a quick “attribution” formally blaming actors with ties to Russian government for the attack to make clear that it was not routine hacking but foreign espionage.

“You have a presidential election underway here and you know that the Russians have hacked into the D.N.C.,” Mr. Sussmann said, recalling the message to the F.B.I. “We need to tell the American public that. And soon.”

The FBI would not attribute the hack formally until the following year.

On June 14, the DNC placed a story with the WaPo, spinning the hack to minimize the damage done.

On June 15, Guccifer 2.0 started posting. In his first post, he proved a number of the statements Crowdstrike or Democrats made to the WaPo were wrong, including that:

  • The hackers took just two documents
  • Only Trump-related documents had been stolen
  • Hillary’s campaign had not been hacked
  • The DNC had responded quickly
  • No donor information had been stolen

Now, you’d think this (plus Julian Assange’s claim to have Hillary emails) would alert the Democrats that Johnston’s advice — that the Russians probably wouldn’t do anything with the data they stole — was wrong. Except that (as far as is publicly known) none of the documents Guccifer 2.0 leaked in that first batch were from the DNC.

Around this same time, Perkins Coie lawyer Marc Elias asked Fusion to focus on Trump’s Russian ties, which led to Christopher Steele’s involvement in the already started oppo effort.

On June 20, Perkins Coie would have learned from a Steele report that the dirt Russia had on Hillary consisted of “bugged conversations she had on various visits to Russia and intercepted phone calls rather than any embarrassing conduct.” It would also have learned that “the dossier however had not yet been made available abroad, including to TRUMP or his campaign team.”

On July 19, Perkins Coie would have learned from a Steele report that at a meeting with a Kremlin official named Diyevkin which Carter Page insists didn’t take place, Diyevkin “rais[ed] a dossier of ‘kompromat’ the Kremlin possessed on TRUMP’s Democratic presidential rival, Hillary CLINTON, and its possible release to the Republican’s campaign team.” At that point in time, the reference to kompromat would still be to intercepted messages, not email.

On July 22, Wikileaks released the first trove of DNC emails.

On July 26 — days after Russian-supplied emails were being released to the press — Perkins Coie would receive a Steele report (based on June reporting) that claimed FSB had the lead on hacking in Russia. And the report would claim — counter to a great deal of publicly known evidence — that “there had been only limited success in penetrating the ‘first tier’ foreign targets.” That is, even after the Russian hacked emails got released to the public, Steele would still be providing information to the Democrats suggesting there was no risk of emails getting released because Russians just weren’t that good at hacking.

It appears likely that the Democrats asked Fusion to focus on Russia because they believed they had been badly hacked by Russia.

Everything they learned (and would have learned, if the June reporting on cybersecurity had been produced in timely fashion) between the time they were hacked and when Wikileaks would start releasing massive amounts of emails would have told the Democrats that the Russians hadn’t really succeeded with their hacking, and any kompromat they had on Hillary was not emails, but instead dated intercepts. The Steele dossier would have led them to be complacent, rather than prepping for the onslaught of the emails.

We don’t know how Steele’s intelligence was used within the party. But if they had paid attention to it, it would have done affirmative damage, because it might have led them to continue to rely on Johnston’s opinion that the stolen emails weren’t coming out.

The Dumb Ass Poker Faces in the White House Just Admitted Their Investigation Coincides with Mike Flynn’s

In a big scoop yesterday, NYT reported that Mike Flynn has withdrawn from a joint cooperation agreement with the White House, leading many people to believe that he is moving towards cooperating with Robert Mueller.

Lawyers for Michael T. Flynn, President Trump’s former national security adviser, notified the president’s legal team in recent days that they could no longer discuss the special counsel’s investigation, according to four people involved in the case — an indication that Mr. Flynn is cooperating with prosecutors or negotiating a deal.

Mr. Flynn’s lawyers had been sharing information with Mr. Trump’s lawyers about the investigation by the special counsel, Robert S. Mueller III, who is examining whether anyone around Mr. Trump was involved in Russian efforts to undermine Hillary Clinton’s presidential campaign.

[snip]

[T]he notification led Mr. Trump’s lawyers to believe that Mr. Flynn — who, along with his son, is seen as having significant criminal exposure — has, at the least, begun discussions with Mr. Mueller about cooperating.

[snip]

Mr. Flynn is regarded as loyal to Mr. Trump, but he has in recent weeks expressed serious concerns to friends that prosecutors will bring charges against his son, Michael Flynn Jr., who served as his father’s chief of staff and was a part of several financial deals involving the elder Mr. Flynn that Mr. Mueller is scrutinizing.

The WaPo confirmed NYT’s scoop, adding the detail that Flynn’s lawyer told Trump’s lawyer on Wednesday evening.

The call from Flynn lawyer Robert Kelner to Trump attorney John Dowd came Wednesday evening and is a potentially ominous sign for Trump and his close associates.

Along with all the reports that Mueller was implicating Flynn, Jr in his dad’s corruption, this timing would also closely follow the hints that Reza Zarrab, whose release Flynn reportedly discussed brokering, is now cooperating with prosecutors. It’s unclear how much Zarrab would have learned in jail about efforts to free him, but it’s certainly possible that the knowledge that he is likely cooperating changed Flynn’s calculus as well. And there may be other reasons, still not public, why Flynn reversed his determination to fight prosecution rather than cooperate.

But there’s something really funny about the White House’s confirmation that Flynn pulled out of the joint defense agreement, along with their pathetic claims this doesn’t mean Trump is in trouble.

Jay Sekulow, an attorney for Trump, said, “This is not entirely unexpected.”

“No one should draw the conclusion that this means anything about General Flynn cooperating against the president,” he said, adding, “It’s important to remember that General Flynn received his security clearance under the previous administration.”

Confirming to the press that Flynn pulled out of the joint defense agreement involves confirming that the White House had a joint defense agreement with his lawyers. And that entails confirming that the President is being targeted in matters closely tied to Flynn’s own actions.

Thus far, the crimes Flynn is most publicly being accused of — largely relating to his unreported influence peddling, for both Turkey and Russia — don’t necessarily impact Trump. Given the details that have thus far been made public, those actions could just reflect his own greed, not any overt work with Trump to implement the policies he promised to the Turks he would deliver. Indeed, there’d be little need for Flynn’s lawyers to work with Trump’s if that were the only criminal charges he was facing.

But now several Trump lawyers are on the record saying they viewed themselves as targeted by the same investigation as Flynn is. Which means (unsurprisingly) Trump was probably in the loop on Flynn’s influence peddling. And which also means Flynn’s discussions with Sergei Kislyak about sanctions relief — and his lies about them to the FBI — directly implicate Trump. That’s the stuff that would justify a joint defense agreement, and that’s the stuff the White House just confirmed by confirming the no longer operative joint defense agreement.

In spite of all the claims that Trump isn’t being investigated, Trump’s lawyers have just admitted that they have been treating Flynn’s criminal exposure as related to the President’s own.

Does the Fusion Ledger Explain Why They’ve Pled the Fifth?

When the first two Fusion employees, Peter Fritsch and Thomas Catán, testified before the House Intelligence Committee on October 18, they pled the Fifth. I’ve been wondering since then what basis they had to do so — as have the House Intelligence Committee lawyers fighting with them to obtain bank records related to their Russian related activities last year and this. Indeed, HPSCI suggests the invocation of the Fifth suggests there may be relevant and important materials still to hand over.

It logically follows either that Plaintiff’s principals may have been perjuring themselves when they testified to a purportedly good-faith belief that their answers would tend to incriminate them, and/or that they are in possession of incriminating information of relevance to the Committee’s investigation that they have not yet disclosed.

In my last post, I noted that the House Intelligence Committee believes Fusion GPS, the intelligence firm behind the dossier, paid three or four journalists (actually, two or three journalists, plus someone who has served as a source for such information), and is trying to get records pertaining to other law firms and two businesses as well.

Looking at the exhibits Fusion submitted, however, at least suggests what they might be trying to hide.

The interesting exhibits are:

Here’s what, taken together, we learn about the 112 transactions HPSCI is trying to access but Fusion is trying to hide. The HPSCI filing describes them this way:

30 + 12 transactions associated with those who worked on the Steele or Prevezon projects

The filings make clear Fusion originally turned over 30 transactions. They are bolded in the ledger, which include:

  1. Transactions 5-11 (7 total) totaling $523,650.62 dated March 7, March 18, August 18, September 6, October 27, October 31, and October 31 (again) 2016 which are Baker Hostetler payments associated with Prevezon
  2. Transactions 46 (dated June 28), 48 (dated September 8), and 51 (dated November 2) paid to someone whose redacted name is of a length that it might be Rinat Ahkmetshin (3 total transactions)
  3. Transactions 77-81 (5 total) dated July 13, August 2, September 1, October 5, November 1 paid to a Russian expert with a short name [see the HPSCI justification page 5]; this may be Steele
  4. Transactions 83-88 (5 total) which are payments to someone else dated August 16, October 5, November 1, November 2, January 5, 2017
  5. Transactions 89-95 (7 total) which are payments from Perkins Coie dated May 24, July 15, July 29, August 31, September 30, October 28, and December 28
  6. Transactions 96-98 (3 total) which are payments to someone with a relatively short name dated August 11, September 2, and October 5

There are also 12 other transactions associated with people involved in those original transactions. They include:

  • A credit (Transaction 40) totaling $20,000 paid to Baker Hostetler on December 13, 2016
  • 7 payments associated with the redacted name person in 2, above, dated March 11, March 22, August 23, October 4, November 1 (which is listed as the same Bates stamp as one disclosed already), December 27, 2016 and January 5, 2017
  • 3 payments paid to the Russian researcher with the short name in 3, above, dated March 22, April 6, and May 25
  • A credit dated May 11, 2016 from the redacted name in 4, above

Comments:

There are four items of particular interest, here (before you get into coincidental dates).

First, the Russian expert with the short name is probably Steele (unless bullet 4 is him). If so, Fusion turned over payment information tied to the DNC work, but not payment information for something else (three payments in March through May) before the DNC came in. That may be stuff associated with Beacon’s funding of the earlier Trump dossier. Or it may be something else.

Second, Perkins Coie’s payments seem to track when the Trump reports come out. Except there is one payment for $58,669.00 (a curiously even number) in late December, after the last and most inflammatory Russian related report comes out on December 13. Admittedly, by report number, there are 31 reports between the October 19 and December 13 report publicly released, but the October 28 Perkins Coie payment of $365,275.33, by far the largest, would seem to pay for that. This suggests it is likely that Perkins Coie continued to pay for the dossier even after Trump won, contrary to what these entities have said in sworn declarations elsewhere. Given reports of John Podesta meeting with Christopher Steele after the election, I think that quite possible that Democrats paid for that last report.

Third, there is no payment even remotely associated with Baker Hostetler around the time of the Trump Tower meeting. There’s a March 18 payment and an August 18 one. This, in spite of the fact that Fox reported that Natalia Veselnitskaya met with Fusion both before and after the June 9, 2016 Trump Tower meeting.

But there is a payment — which Fusion says is not related to Prevezon or DNC — to the person with the name of the length of Rinat Akmetshin, on June 28. I asked in September who paid Akhmetshin to be at that Trump Tower meeting. Is that the June 28 payment? If so, who paid for him to be at that meeting?

19 transactions pertaining to 8 law firms

Then there are the payments pertaining to 8 law firms. The HPSCI justification says those are:

  1. Transactions 1-3 (3 total), dated March 11, March 23, and August 17
  2. Transaction 17, dated February 12
  3. Transaction 65, dated June 6
  4. Transaction 67, dated March 30
  5. Transaction 70-73 (4 total), dated June 10, July 6, September 28, 2016, and February 17, 2017
  6. Transaction 88, dated May 10
  7. Transactions 99-105 (7 total), dated June 10, July 29, August 31, October 13, November 29, December 15, January 11
  8. Transaction 106, dated September 13

We have no idea what these are, and Fusion may well be correct saying this is just investigative work for real cases. Mind you, HPSCI has said it has classified information to justify some of these requests (not necessarily limited to the law firms). So I think it is worth noting.

8 transactions probably associated with Beacon

The HPSCI filing (paragraph 26) makes it clear they’re trying to get the payment information associated with Beacon, which reportedly paid for the Republican side of the dossier. The only otherwise unaccounted for 8 Transactions are 54-61, which suggest those are the Beacon transactions. The HPSCI justification backs this, as it says the committee seeks to investigate a public claim (as they note, Beacon has confirmed its role in paying for the dossier). Except that produces some really weird dates: March 31, June 7, July 12, September 30, October 17, November 30, 2016, and January 4, February 15, 2017.

Those dates don’t make sense at all (because we were led to believe the Republican sponsored research started earlier than February), and they go well beyond the time the Republicans were said to have stopped paying.

12 credits probably associated with a media outlet, possibly  Yahoo

As noted, the HPSCI filing suggests there are payments from (not to) a media company, which might be Yahoo.

As Mr. Steele has acknowledged in other dossier-related litigation, in addition to sharing memos comprising the dossier with Mother Jones, in fall 2016 he met with at least five major media outlets at Fusion GPS’ direction. Those outlets included Yahoo News, which on September 23, 2016, reported purported meetings between Trump campaign advisor Carter Page and specified high-ranking Russian officials, attributed to a single “well-placed Western intelligence service.” Substantively similar allegations were contained in the dossier. Given Fusion GPS’ demonstrated patter of dossier-related engagement with media outlets, the Requested Records include records from [line and a half redacted].

Those appear to be transactions 32-43, dated pretty much monthly: February 17, March 21, April 19, May 18, June 15, July 20, August 17, September 19, October 19, November 16, December 14, 2016 and January 8, 2017, though they clearly track the election and transition time frame.

Business A transactions

Then there are two businesses. Those appear to be Transactions 12-16, which are payments on June 9, June 23, October 16, November 14, 2016 and January 26, 2017, and Transactions 18-31, which are mostly monthly payments from February 2016 to February 2017, though with some odd bunching during summer 2016. Both Business A and B are likely lobbying firms — see the redaction in the filing:

Business A appears to work on Ukrainian issues, as a footnote justifying its inclusion describes Trump’s shift on Ukranian policy.

The hacked documents would be in exchange for a Trump Administration policy that de-emphasizes Russia’s invasion of Ukraine and instead focuses on criticizing NATO countries for not paying their fare share – policies which, even as recently as the President’s meeting last week with Angela Merkel, have now presciently come to pass.”).

But that’s recent representation — “since January 2017.”

Business B transactions

Business B represents a variety of interests, but one of them is the kind of business that got mentioned in the Steele dossier as potentially colluding with Trump.

The “Steele Dossier” directly implicates [redacted] in potential collusion between the Trump campaign and Russia;

Both these businesses appear to have names that can be referred to as a short acronym.

Journalist (and other) transactions

There are three journalist transactions (besides those tied to Yahoo and Beacon):

  • Transactions 62-64, payments dated May 16, June 9, and September 6
  • Transactions 68-69, payments dated June 15 and August 26
  • Transactions 107-112, payments dated September 1, October 25, November 14, December 2, January 9, February 2

Then there is this:

  • Transaction 66, a payment dated December 12

This is not a payment to a journalist, per se, but to “individuals on [sic] have contributed to press stories on Russian issues relevant to its investigation.” This last payment, generally treated in the “journalist” category, appears to be tied to someone being quoted in the press, not writing their own work.

It’s interesting because this payment happens in the time period when the last, allegedly free report was being prepared.

Update, 12/12/17: The researcher with the short name may be Nellie Ohr, the wife of a DOJ official who was in the loop on the dossier.

image_print