Posts

Alfa-Trump Redux: Full Spectrum Circumstance

The Trump Tower – Alfa Bank story is back!

Back in October 2016, Franklin Foer wrote about some metadata analysis showing that a marketing server paid for by Trump Organization was messaging with a server at Russia’s Alfa Bank. The story, as Foer presented it, was quickly challenged. I myself focused on a side angle to the story: that in addition to communications with Alfa Bank, the Trump marketing server was also communicating with Grand Rapids’ Spectrum Health, which (the original public pitch of the story suggested) might show a tie between the DeVos family — or maybe Erik Prince — and Trump. From the vantage of October 2016, that didn’t make sense, as the DeVoses (as distinct from Betsy’s brother Erik) were actually remarkably hesitant to support Trump until after the DNS lookups ended.

Dexter Filkins has now reexamined the story. It concludes — via a proliferating set of academics and cybersecurity experts departing from the norm in both those fields and insisting on hiding their identities — that there must be some kind of communication going on.

(Max and his colleagues did not see any D.N.S. evidence that the Trump Organization was attempting to access the server; they speculated that the organization was using a virtual private network, or V.P.N., a common security measure that obscures users’ digital footprints.)

If this was a communications mechanism, it appeared to have been relatively simple, suggesting that it had been set up spontaneously and refined over time. Because the Trump Organization did not have administrative control of the server, Paul and Leto theorized that any such system would have incorporated software that one of the parties was already using. “The likely scenario is not that the people using the server were incredibly sophisticated networking geniuses doing something obscure and special,” Max said. “The likely scenario is that they adapted a server and vender already available to them, which they felt was away from prying eyes.” Leto told me that he envisioned “something like a bulletin-board system.” Or it could have been an instant-messaging system that was part of software already in use on the server.

Kramer, of Listrak, insisted that his company’s servers were used exclusively for mass marketing. “We only do one thing here,” he told me. But Listrak’s services can be integrated with numerous Cendyn software packages, some of which allow instant messaging. One possibility is Metron, used to manage events at hotels. In fact, the Trump Organization’s October, 2016, statement, blaming the unusual traffic on a “banking customer” of Cendyn, suggested that the communications had gone through Metron, which supports both messaging and e-mail.

The parties might also have been using Webmail—e-mail that leaves few digital traces, other than D.N.S. lookups. Or, Paul and Leto said, they could have been communicating through software used to compose marketing e-mails. They might have used a method called foldering, in which messages are written but not sent; instead, they are saved in a drafts folder, where an accomplice who also has access to the account can read them. “This is a very common way for people to communicate with each other who don’t want to be detected,” Leto told me.

I hope to return to some of the moves Filkins makes in his story generally after I come home from this trip. But for now, I just want to look at how Filkins deals with the Spectrum Health tie, which Filkins focuses on even more than Foer. Here’s how he introduces the connection:

Only one other entity seemed to be reaching out to the Trump Organization’s domain with any frequency: Spectrum Health, of Grand Rapids, Michigan. Spectrum Health is closely linked to the DeVos family; Richard DeVos, Jr., is the chairman of the board, and one of its hospitals is named after his mother. His wife, Betsy DeVos, was appointed Secretary of Education by Donald Trump. Her brother, Erik Prince, is a Trump associate who has attracted the scrutiny of Robert Mueller, the special counsel investigating Trump’s ties to Russia. Mueller has been looking into Prince’s meeting, following the election, with a Russian official in the Seychelles, at which he reportedly discussed setting up a back channel between Trump and the Russian President, Vladimir Putin. (Prince maintains that the meeting was “incidental.”) In the summer of 2016, Max and the others weren’t aware of any of this. “We didn’t know who DeVos was,” Max said.

This is a remarkable paragraph, repeating a lot of the shitty link analysis that people always do when they try to explain the Spectrum tie. In it, a children’s hospital named after Dick DeVos’ mother is the smoking gun in an international spy plot. Then, having utterly ignored the status of the relationship between the DeVoses and Trump at the time of the DNS lookups, Filkins looks at what has happened since: the appointment of close Mike Pence ally and leading GOP education ideologue Betsy to be Education Secretary, and Erik Prince’s covert meeting with an entirely different — and far more suspect — bank, using means that are precisely the kinds of means you’d expect Erik Prince to use (and not using the network of a hospital that his brother-in-law chairs but doesn’t run, because why the fuck would a Navy Seal use more covert methods that Navy Seals know well instead of using a server with an easily subpoenaed footprint in the US??).

The paragraph misses some other details of note. For example, after Dick got on a commercial puddle jumper to fly to interview with Trump, he was appointed to the FAA Advisory Board, another position for which he is an obvious and arguably well-qualified pick. It also doesn’t note that Prince — who is a separate political entity from his sister and brother-in-law — was threatening anti-Trump Republicans both before and after the election, something that might support this theory except for all the other more obvious ways Prince accomplished such efforts.

Which is to say that, while the piece acknowledges that to conclude the Trump – Alfa Bank records are suspect, you also have to explain why the Spectrum ones would be, it does no reporting to discern why that would be the case.

Later in the piece, after trying to explain DNC lookups involving a third entity that had previously only been alluded to (and only alluded to because without explanation, it would have and did problematize past claims), Filkins strains further to suggest the ties between Spectrum and Trump have been proven by events that have taken place since.

In one tranche of data that he gave them, they noticed that a third entity, in addition to Alfa Bank and Spectrum Health, had been looking up the Trump domain: Heartland Payment Systems, a payments processor based in Princeton. Of the thirty-five hundred D.N.S. queries seen for the Trump domain, Heartland made only seventy-six—but no other visible entity made more than two. Heartland had a link to Alfa Bank, but a tenuous one. It had recently been acquired by Global Payments, which, in 2009, had paid seventy-five million dollars for United Card Services, Russia’s leading credit-card-processing company; two years later, United Card Services bought Alfa Bank’s credit-card-processing unit. (A spokesperson for Global Payments said that her company had never had any relationship with the Trump Organization or with Alfa Bank, and that its U.S. and Russia operations functioned entirely independently.)

Spectrum Health has a similarly indirect business tie to Alfa Bank. Richard DeVos’ father co-founded Amway, and his brother, Doug, has served as the company’s president since 2002. In 2014, Amway joined with Alfa Bank to create an “Alfa-Amway” loyalty-card program in Russia. But such connections are circumstantial at best; the DeVos family seems far more clearly linked to Trump than to Russia.

It’s this sentence — “the DeVos family seems far more clearly linked to Trump than to Russia” — that exemplifies this story, and its epistemology, for me. It treats the DeVos family — Dick, his wife Betsy Prince DeVos, his brother Doug, his charitable mother Helen, and his brother-in-law Erik Prince, to say nothing of the hospital administrators that actually run Spectrum — as a monolith they’re simply not, reads their current varied relationships with Trump back into a history where only Erik’s relationship resembled his current one, and then concludes that a link with Dick through Helen-Betsy-Erik is all you need to explain why these presumed conspirators would use a hospital rather than any of the many entities the DeVoses privately hold (and therefore more directly manage) or the Prince entities that already have built-in covert channels with a proven past ability to reach out to oligarchs discretely.

I mean, I absolutely think there’s a place for more journalism on what Erik was doing during the election, his role as a cut-out to Trump, and how he has helped to discipline the Republican party since. Or, if you want to pursue some theory of nefarious plot explaining how the originally reluctant DeVoses came to become close Trump associates, you’d explore far more about Mike Pence’s obvious role in it all (to say nothing of Pence’s frequent meetings with the DeVoses since), something Jean Camp is well situated to do from Indiana.

But one thing any such journalism would show is that Prince has the ability to conduct convert communications via much more effective channels, and Betsy and Dick DeVos have the network to achieve their political goals via means that don’t require hijacking a hospital server they don’t directly control.

Meanwhile, the story doesn’t explore the tangential role of Alfa Bank, via Alex van der Zwaan, in the Skadden Arps part of the Paul Manafort story, and doesn’t explain that any focus on Alfa Bank prior to Trump’s inauguration might have distracted from the sanctioned Russian banks that, at least as far as is currently known, are the actual key players in the Trump Russia story. It also doesn’t explain that key events in any conspiracy between Trump and Russia were communicated via insecure Trump Organization hosted email, often (in Manafort’s case, for long after he had been indicted) backed up to the iCloud.

This Trump Tower – Alfa Bank story continues to spin journalists, not to mention academics and infosec experts, into uncharacteristic habits that don’t appear to be leading to any real clarity about the topic at hand.

With the Upcoming Concord Consulting Not Guilty Plea, Russians Continue to Win the Lawfare Hockey Title

Last year, I observed how effective the mostly-Russian (with some assistance from Republicans) lawfare surrounding the Steele dossier had been. Between the Webzilla and Alfa Bank suits against Steele dossier actors (the latter advised by top Republican lawyers at Kirkland & Ellis), they forced out information that would embarrass Democrats and assist Republican efforts to undermine the Russian investigation. Further, the many suits were far more costly than the initial oppo research had been.

As a number of outlets have observed, one of the firms named in the Internet Research Agency indictment, Concord Management and Consulting, is waging similar lawfare in response to that indictment.

Concord is the firm of Yevgeniy Prigozhin, often called Putin’s chef because he’s gotten rich of catering contracts. The indictment claims Concord provided the bulk of the funding for the IRA. It further alleges Concord funds disinformation campaigns not just targeting America, but targeting other countries and domestic Russian audiences.

Beginning as early as 2014, Defendant ORGANIZATION began operations to interfere with the U.S. political system, including the 2016 U.S. presidential election. Defendant ORGANIZATION received funding for its operations from Defendant YEVGENIY VIKTOROVICH PRIGOZHIN and companies he controlled, including Defendants CONCORD MANAGEMENT AND CONSULTING LLC and CONCORD CATERING (collectively “CONCORD”). Defendants CONCORD and PRIGOZHIN spent significant funds to further the ORGANIZATION’s operations and to pay the remaining Defendants, along with other uncharged ORGANIZATION employees, salaries and bonuses for their work at the ORGANIZATION.

[snip]

Defendants CONCORD MANAGEMENT AND CONSULTING LLC (Конкорд Менеджмент и Консалтинг) and CONCORD CATERING are related Russian entities with various Russian government contracts. CONCORD was the ORGANIZATION’s primary source of funding for its interference operations. CONCORD controlled funding, recommended personnel, and oversaw ORGANIZATION activities through reporting and interaction with ORGANIZATION management.

CONCORD funded the ORGANIZATION as part of a larger CONCORD-funded interference operation that it referred to as “Project Lakhta.” Project Lakhta had multiple components, some involving domestic audiences within the Russian Federation and others targeting foreign audiences in various countries, including the United States.

Among the details in the indictment that would require the most SIGINT (as distinct from cooperation from Facebook and domestic forensics analysis) is a paragraph describing the funding behind the operation.

To conceal its involvement, CONCORD labeled the monies paid to the ORGANIZATION for Project Lakhta as payments related to software support and development. To further conceal the source of funds, CONCORD distributed monies to the ORGANIZATION through approximately fourteen bank accounts held in the names of CONCORD affiliates, including Glavnaya Liniya LLC, Merkuriy LLC, Obshchepit LLC, Potentsial LLC, RSP LLC, ASP LLC, MTTs LLC, Kompleksservis LLC, SPb Kulinariya LLC, Almira LLC, Pishchevik LLC, Galant LLC, Rayteks LLC, and Standart LLC.

Presumably, the Mueller team named Concord and Prigozhin because doing so would support sanctions against him and his companies (indeed, Prigozhin was added to sanctions back in March). But it was also a way to put the operation within the immediate vicinity of Putin and tie it to the patronage that he uses to stay in power.

But then the corporate person of Concord Consulting unexpectedly started to contest the charges. On April 11, two lawyers from Reed Smith filed an attorney appearance for the firm. That same day, the lawyers sent Mueller’s team two letters, one asking for a Bill of Particulars and the other an expansive discovery request. Mueller’s team (having previously tried to serve Concord via the Russian government) then sent a letter to the lawyers, asking for confirmation they can receive summons for their client, which the lawyers returned it 10 days later, saying it violated Federal Rules of Criminal Procedure. The government, based on the returned summons, asked for a continuance to make sure that summons had been accepted.

Acceptance of service is ordinarily an indispensable precondition providing assurance that a defendant will submit to the jurisdiction of the court, obey its orders, and comply with any judgment. Here, proper service is disputed. It would not be an efficient use of resources to conduct proceedings against Concord clouded by the question whether Concord has been properly served. And as mentioned above, that is particularly true given the sensitive intelligence gathering, national security, and foreign affairs issues presented by defense counsel’s initial requests.

Concord’s lawyers responded by arguing the Special Counsel was ignoring local rules requiring two weeks advance notice to make a scheduling change, and further noting the government had not cited any case law supporting the argument that there might be uncertainty about whether Concord had been served.

The Special Counsel is not entitled to special rules, and is required like the Attorney General to follow the rules of the Court. See United States v. Libby, 498 F.Supp.2d 1, 10-11 (D.C.C. 2007).

The Special Counsel’s motion, filed late on a Friday afternoon, essentially seeks to usurp the scheduling authority of the Court by requesting a continuance of a proceeding scheduled in five days knowing that Defendant is ordinarily entitled to fourteen days to respond.

The Special Counsel’s motion is in violation of Local Criminal Rule 47(b) in that its contains no citation to points of law and authority and instead proclaims without citation to any authority that “A criminal case against an organizational defendant ordinarily requires that the defendant has been properly served with a summons in order for the court to be assured that the defendant has submitted to the jurisdiction of this court and has obligated itself to proceed in accordance with the Federal Rules of Criminal Procedure and other applicable laws that govern this criminal proceeding,”

Judge Dabney Friedrich denied the government motion, meaning there’ll be an initial appearance Wednesday.

Before looking at what Concord is trying to do with its discovery request, let’s take a step back.

The US has been charging Russian hackers and other criminals (like Viktor Bout) for years. Russia hates it. Even ignoring the number of Russian criminals we’ve imprisoned for long sentences, in cases where we don’t nab defendants while on vacation, the indictments still provide the US a forum to expose Russian intelligence activities with little cost to the US.

Charging a corporate person — one close to Putin — for a crime (information operations) that the US also engages in, the government provided Putin and his ally Prigozhin with an opening to either inflict some damage or force the government to withdraw the indictment (and think twice before indicting any other Russian corporations in other Russian investigation indictments).

Here’s some of what Concord is asking for:

Unnamed co-conspirators. When Rod Rosenstein announced this indictment, he emphasized that no Americans were named as co-conspirators in the indictment. That’s different than saying no Americans did conspire (indeed, I’ve noted that three Trump Campaign Officials described in the indictment may be under ongoing investigation). The motion for a Bill of Particulars asks for the identities of those three Trump Campaign Officials, as well as the identities of at least ten other Americans described specifically, and 100 recruited by IRA (described in ¶81). It also asks for the name of co-conspirators for an act, ¶7 of the indictment, who were required to register even though no co-conspirators are alleged to have to do so. Intriguingly, it asks not just for the identity of the real US person who held a sign in front of the White House (¶12b), but also all details surrounding the communications behind that appearance.

Related crimes the government will introduce at trial. The discovery request makes a very normal Rule 404(b) request for any “other crimes, wrongs, or acts” the government might introduce at trial. If Mueller’s team believes anyone in this indictment was involved in other parts of the operation, they might have to disclose that.

SIGINT. The request for a Bill of Particulars asks the government to identify all VPNs, PayPal accounts, Twitter accounts, and web-based emails used in the operation. It asks for the IDs of the people behind the operation and a definition of what significant funds means which would convey how much money Mueller has tracked. It asks for the specific bank accounts the indictment alleges Concord used to launder its money. It asks for specific evidence showing Prigozhin’s knowledge of the operation. It asks for all the communications behind the named events in the indictment. Showing this would provide Concord, and so Prigozhin, and so Putin, a very detailed picture of how much intelligence the US collected to draw up this indictment, which would also hint a lot about how we got it.

Details they will use to show US double standards. This includes a request for all the times since 1945 an agent of the US “engaged in operations to interfere with elections and political processes in any foreign country,” which is probably a reference to this study that shows CIA has done it more than Russia, along with a parallel request about any times Americans have been charged under the same crime, 18 USC 371, charged in the indictment. It also asks for a definition of a bunch of terms — such as “improper foreign influence,” “computer infrastructure,” “collecting intelligence,” and “began to monitor” that Russia will then use to point out where US spooks do the same. The request asks for a list of all criminal statutes that prohibit interference operations, the specific statutes behind the FECA, FARA, and visa violations alleged, as well as statutes that prohibit “impairing, obstructing and defeating the lawful governmental functions of the US … [by] interfer[ing] with US political and electoral processes. Together, those requests are designed to show that much of this stuff is either legal or spying.

The names of informants. Concord asks for this both as a general Brady request and asks for the specific name of the uncharged co-conspirator who traveled to Atlanta in 2014 in the request for a Bill of Particulars. While Prigozhin probably knows which Russians cooperated, Russia will nevertheless love to use that to punish whoever did.

While neither will happen immediately — Mueller’s team will push for a protection order and CIPA process before turning over the requested discovery and defendants almost never get a Bill of Particulars — effectively, Concord signaled its intention to impose real costs on the US government’s use of our criminal justice system to embarrass Russia. They made it clear that one of Putin’s closes allies will be demanding the intelligence behind an indictment naming him and two of his companies. Which is going to pose real discomfort for Mueller’s team (which might explain a bit of their delay here).

Let me clear: Concord is entirely within its right to begin demanding such evidence. That’s the risk of using our criminal justice system, affording due process, in charging a Russian corporate person who can challenge any charges without risking their freedom. I imagine Mueller’s team didn’t sufficiently account for this possibility when charging it this way. And if there are any other known Russian corporations involved in this operation (or fronts, such as the one Joseph Mifsud worked behind), I would imagine Mueller’s team is rethinking their approach to including those fronts. This could be problematic to the extent that proving any “collusion” between Trump’s people and Russians would most easily be demonstrated via conspiracy charges involving Russian entities.

As I said, for years, it has pissed off Russia generally and Putin in particular that the US used its criminal justice system to embarrass Russia, particularly for actions (like nation-state spying or information warfare like that alleged in this indictment) that we also engage in, including against Russia. It seems clear Putin and his buddy Prigozhin are using the incidence of the latter having had his company be named in this indictment as an opportunity to retaliate and make DOJ think twice as it continues to expand such efforts in the future.

And to a large degree, it’s quite likely to work.

On Disinformation and the Dossier

By all accounts, the House will vote to release the Nunes memo tonight, even while Adam Schiff pushes to release his countering memo at the same time. Perhaps in advance of that, Andrew McCabe either chose to or was told to take leave today until such time as his pension kicks in in mid-March, ending his FBI career.

Since we’re going to be obsessing about the dossier for the next while again, I want to return to a question I’ve repeatedly raised: the possibility that some or even much of the Christopher Steele dossier could be the product of Russian disinformation. Certainly, at least by the time Fusion and Steele were pitching the dossier to the press in September 2016, the Russians might have gotten wind of the project and started to feed Steele’s sources disinformation. But there’s at least some reason to believe it could have happened much sooner.

Former CIA officer Daniel Hoffman argues the near misses are a mark of Russian disinformation

A number of spooks had advanced this idea in brief comments in the past. Today, former CIA officer Daniel Hoffman makes the arguement at more length at WSJ.

There is a third possibility, namely that the dossier was part of a Russian espionage disinformation plot targeting both parties and America’s political process. This is what seems most likely to me, having spent much of my 30-year government career, including with the CIA, observing Soviet and then Russian intelligence operations. If there is one thing I have learned, it’s that Vladimir Putin continues in the Soviet tradition of using disinformation and espionage as foreign-policy tools.

Hoffman points to what I consider the dossier’s abundance of near-misses (such as events involving the correct person in the wrong place or time) on correct information to back his case.

The pattern of such Russian operations is to sprinkle false information, designed to degrade the enemy’s social and political infrastructure, among true statements that enhance the veracity of the overall report. In 2009 the FSB wanted to soil the reputation of a U.S. diplomat responsible for reporting on human rights. So it fabricated a video, in part using real surveillance footage of the diplomat, that purported to show him with a prostitute in Moscow.

Similarly, some of the information in the Steele dossier is true. Carter Page, a Trump campaign adviser, did travel to Moscow in the summer of 2016. But he insists that the secret meetings the dossier alleges never happened. This is exactly what you’d expect if the Kremlin followed its usual playbook: accurate basic facts provided as bait to convince Americans that the fake info is real.

John Sipher, in our joint interview with Jeremy Scahill admitted such a thing was possible, though that the dossier still tied the hack to “collusion.”

The Russians are the best in the world at this disinformation and deception. I don’t think, based on what we saw in the June, the first of his reports, that the Russians would have controlled all of those sources and controlled that whole narrative. It just doesn’t seem to make sense to me. And if in fact they did control the information that was given to Mr. Steele at that time, you have to wonder what was the point. If they were trying to send a message that they had compromising information on Mr. Trump, that might be that they wanted Mr. Trump to know what they had so he would act accordingly. In terms of using kompromat you don’t have to go to the person and make the quid pro quo, you just have to let them know that you have the information and they’ll do the right thing. So, I do agree, as time went by, and as she mentioned, for example, that what GPS Fusion information had in the connections they had there’s, it’s certainly possible that the Russians could have come across some of these sources and provided disinformation especially as time went by. I don’t think that that’s out of the realm of possibility.

Nevertheless Sipher argued in response to Hoffman that the content of the dossier would rule against it being disinformation.

[Hoffman] did not address the content. If was disinformation, it was designed to hurt Trump.

The content of the dossier would have led Democrats to be complacent about the hacking

But I can think of several ways the information in the dossier, if it was disinformation, would help Trump. I have already noted how, if Democrats had used the intelligence provided by Steele in the very earliest reports in the dossier to gauge the risk posed by the hack, they would have been lulled into complacency, because Steele’s first reports clearly said any kompromat the Russians wanted to dump was old intercepts from Hillary’s trips to Russia, and even Steele’s first report after the WikiLeaks dump would not only not confirm Russia was behind the release, but would also contradict a year of public reporting on APT29 to claim that Russia had not had success breaching targets like the State Department and Hillary.

On June 20, Perkins Coie would have learned from a Steele report that the dirt Russia had on Hillary consisted of “bugged conversations she had on various visits to Russia and intercepted phone calls rather than any embarrassing conduct.” It would also have learned that “the dossier however had not yet been made available abroad, including to TRUMP or his campaign team.”

On July 19, Perkins Coie would have learned from a Steele report that at a meeting with a Kremlin official named Diyevkin which Carter Page insists didn’t take place, Diyevkin “rais[ed] a dossier of ‘kompromat’ the Kremlin possessed on TRUMP’s Democratic presidential rival, Hillary CLINTON, and its possible release to the Republican’s campaign team.” At that point in time, the reference to kompromat would still be to intercepted messages, not email.

On July 22, Wikileaks released the first trove of DNC emails.

On July 26 — days after Russian-supplied emails were being released to the press — Perkins Coie would receive a Steele report (based on June reporting) that claimed FSB had the lead on hacking in Russia. And the report would claim — counter to a great deal of publicly known evidence — that “there had been only limited success in penetrating the ‘first tier’ foreign targets.” That is, even after the Russian hacked emails got released to the public, Steele would still be providing information to the Democrats suggesting there was no risk of emails getting released because Russians just weren’t that good at hacking.

In fact, in his testimony to the House Intelligence Committee, in one of the few instances in either congressional appearance where he admitted that Steele was hired at almost precisely the same moment the Democrats were trying to get the FBI to make a public statement attributing the hack to Russia, Glenn Simpson explained that the Democrats did use Steele’s intelligence to “manage” the aftermath of the hack.

MR. SIMPSON: Well, this was a very unusual situation, because right around the time that the work started, it became public that the FBI suspected the Russians of hacking the DNC. And so there was sort of an extraordinary coincidence. It wasn’t really a coincidence but, you know, our own interest in Russia coincided with a lot of public disclosures that there was something going on with Russia.

And so what was originally envisioned as an original — as just a sort of a survey, a first cut of what might be — whether there might be something interesting about Donald Trump and Russia quickly became more of an effort to help my client manage a, you know, exceptional situation and understand what the heck was going on.

I also think it’s creepy that Guccifer 2.0 promised what he called a dossier on Hillary on the same day Steele delivered his first report, June 20, and delivered documents he claimed to be that dossier the next day.

There are multiple ways the Russians may have learned of the Steele dossier

Hoffman lays out a number of the reasons I believe Steele’s production process might have been uniquely susceptible to discovery.

There are three reasons the Kremlin would have detected Mr. Steele’s information gathering and seen an opportunity to intervene. First, Mr. Steele did not travel to Russia to acquire his information and instead relied on intermediaries. That is a weak link, since Russia’s internal police service, the FSB, devotes significant technical and human resources to blanket surveillance of Western private citizens and government officials, with a particular focus on uncovering their Russian contacts.

Second, Mr. Steele was an especially likely target for such surveillance given that he had retired from MI-6, the British spy agency, after serving in Moscow. Russians are fond of saying that there is no such thing as a “former” intelligence officer. The FSB would have had its eye on him.

Third, the Kremlin successfully hacked into the Democratic National Committee. Emails there could have tipped it off that the Clinton campaign was collecting information on Mr. Trump’s dealings in Russia.

I’d flesh out another, one the Republicans have been dancing close to for the last year. Because Fusion GPS did business with both the Democrats and, via Baker Hostetler, anti-Magnitsky lobbyists Natalia Veselnitskaya and Rinat Akhmetshin at the same time, it created a second source via which the Russians might learn that Hillary had a dossier. In addition to Simpson himself,  Fusion researcher Edward Baumgartner also worked with both Baker Hostetler and the Democrats at the same time. Simpson tried to minimize the overlap and the possibility for revealing the dossier, especially in his Senate testimony.

Q. We had talked about work for multiple clients. What steps were taken, if any, to make sure that the work that Mr. Baumgartner was doing for Prevezon was not shared across to the clients you were working for with regard to the presidential election?

A. He didn’t deal with them. He didn’t deal with the clients.

But the publicly released financial data shows a clear overlap in those projects and Baumgartner’s comments to BI show he worked quite closely with Veselnitskaya.

Baumgartner, a fluent Russian speaker, said he was hired by Fusion to serve as “an interface” with Veselnitskaya, who does not speak much English. They worked “very closely” together in Washington and Moscow, Baumgartner said, reviewing documents and finding witnesses who could bolster Prevezon’s case.

Simpson attended a dinner in DC on June 10, attended by both Veselnitskaya and Akhmetshin, in the aftermath of the Trump Tower meeting at which (per Simpson) “we had drinks before;” Baumgartner’s vague memory suggests he did too. When asked if Baumgartner knew Akhmetshin, which is virtually certain, Simpson said, “I don’t know.” So there were at least opportunities where people working on both campaigns might have disclosed details about the project for the Democrats (though both Simpson and Baumgartner said Baumgartner didn’t know about the Steele part of the project).

One other detail makes it more likely that Russians succeeded in planting at least some disinformation: both Luke Harding (who worked closely with Steele on his book) and Simpson describe Steele’s sources drying up as the focus on Trump’s ties to Russia grew. Simpson’s statement on this grossly understates (as he often does) how much focus there already publicly was on the Russian hack by the time he hired Steele.

So, you know, when Chris started asking around in Moscow about this the information was sitting there. It wasn’t a giant secret. People were talking about it freely. It was only, you know, later that it became a subject of great controversy and people clammed up, and at that time the whole issue of the hacking was also, you know, not really focused on Russia. So these things eventually converged into, you know, a major issue, but at the time it wasn’t one.

So if Steele’s regular sources were drying up, it makes it far more likely any new ones would be easy to compromised.

Russians seem to have planned to use the dossier to discredit the investigation — just as they are using it

Finally, I want to turn to another reason why I think parts of this may be disinformation. At least two of the reports — the Alfa Bank report (which was pretty clearly a feedback loop on another dodgy story) and the depiction of what should have been the Internet Research Association but was instead targeted at Webzilla, seem custom made to prepare the kind of lawfare that has discredited the dossier. Indeed, Alfa Bank and Webzilla’s owners both sued, suggesting they feel like they can survive discovery.

Look, now, at this detail from the letters Chuck Grassley sent out to the DNC, its top officials, and the Hillary campaign, and its top officials, trying to find out how much they knew about and used the dossier. Grassley also asks for any communications to, from, or relating to the following (I’ve rearranged and classified them).

Fusion and its formal employees: Fusion GPS; Bean LLC; Glenn Simpson; Mary Jacoby; Peter Fritsch; Tom Catan; Jason Felch; Neil King; David Michaels; Taylor Sears; Patrick Corcoran; Laura Sego; Jay Bagwell; Erica Castro; Nellie Ohr;

Fusion researcher who worked on both the Prevezon and Democratic projects: Edward Baumgartner;

Anti-Magnitsky lobbyists: Rinat Akhmetshin; Ed Lieberman;

Christopher Steele’s business and colleagues: Orbis Business Intelligence Limited; Orbis Business International Limited.; Walsingham Training Limited; Walsingham Partners Limited; Christopher Steele; Christopher Burrows; Sir Andrew Wood,

Hillary-related intelligence and policy types: Cody Shearer; Sidney Blumenthal; Jon Winer; Kathleen Kavalec; Victoria Nuland; Daniel Jones;

DOJ and FBI: Bruce Ohr; Peter Strzok; Andrew McCabe; James Baker; Sally Yates; Loretta Lynch;

Grassley, like me, doesn’t believe Brennan was out of the loop either: John Brennan

Oleg Deripaska and his lawyer: Oleg Deripaska; Paul Hauser;

It’s the last reference I’m particularly interested in.

When Simpson talked about how the dossier got leaked to BuzzFeed, he complains that, “I was very upset. I thought it was a very dangerous thing and that someone had violated my confidences, in any event.” The presumed story is that John McCain and his aide David Kramer were briefed by Andrew Wood at an event that Rinat Akhmetshin also attended, later obtained the memo (I’m still not convinced this was the full memo yet), McCain shared it, again, with the FBI, and Kramer leaked it to Buzzfeed.

But Grassley seems to think Russian oligarch Oleg Deripaska was in on the loop of this. Deripaska is important to this story not just for because he owns Paul Manafort (he figures heavily in this worthwhile profile of Manafort). But also because he’s got ties, through Rick Davis, to John McCain. This was just rehashed last year by Circa, which has been running interference on this story.

There is a report that Manafort laid out precisely the strategy focusing on the dossier that is still the main focus of GOP pushback on the charges against Trump and his campaign (and Manafort).

It was about a week before Trump’s inauguration, and Manafort wanted to brief Trump’s team on alleged inaccuracies in a recently released dossier of memos written by a former British spy for Trump’s opponents that alleged compromising ties among Russia, Trump and Trump’s associates, including Manafort.

“On the day that the dossier came out in the press, Paul called Reince, as a responsible ally of the president would do, and said this story about me is garbage, and a bunch of the other stuff in there seems implausible,” said a personclose to Manafort.

[snip]

According to a GOP operative familiar with Manafort’s conversation with Priebus, Manafort suggested the errors in the dossier discredited it, as well as the FBI investigation, since the bureau had reached a tentative (but later aborted) agreement to pay the former British spy to continue his research and had briefed both Trump and then-President Barack Obama on the dossier.

Manafort told Priebus that the dossier was tainted by inaccuracies and by the motivations of the people who initiated it, whom he alleged were Democratic activists and donors working in cahoots with Ukrainian government officials, according to the operative.

If Deripaska learned of the dossier — and obtained a copy from McCain or someone close to him — it would make it very easy to lay out the strategy we’re currently seeing.

Update: Welp, here’s why Grassley wants to know who among the Democrats spoke with Cody Shearer.

The FBI inquiry into alleged Russian collusion in the 2016 US presidential election has been given a second memo that independently set out many of the same allegations made in a dossier by Christopher Steele, the British former spy.

The second memo was written by Cody Shearer, a controversial political activist and former journalist who was close to the Clinton White House in the 1990s.

[snip]

The Shearer memo was provided to the FBI in October 2016.

It was handed to them by Steele – who had been given it by an American contact – after the FBI requested the former MI6 agent provide any documents or evidence that could be useful in its investigation, according to multiple sources.

The Guardian was told Steele warned the FBI he could not vouch for the veracity of the Shearer memo, but that he was providing a copy because it corresponded with what he had separately heard from his own independent sources.

Among other things, both documents allege Donald Trump was compromised during a 2013 trip to Moscow that involved lewd acts in a five-star hotel.

The Cost of the Lawfare Surrounding the Steele Dossier Will Vastly Outstrip Its Original Cost

In response to Monday’s server hiccups and in anticipation that Mueller is nowhere near done, we expanded our server capacity overnight. If you think you’ll rely on emptywheel reporting on the Mueller probe, please consider a donation to support the site

Yesterday, Reuters reported that Fusion GPS has told Congress (presumably as part of the settlement on a bank subpoena reached last week) how much it got paid for the dossier on Donald Trump, and how much of that it paid Christopher Steele for his part in the dossier. Fusion got $1.02 million from Perkins Coie, of which Steele got $168K.

Fusion GPS’ statement said it had told Congress about how $168,000 was paid last year to Orbis Business Intelligence, Steele’s company.

The money paid to Orbis was taken from $1.02 million it received in fees and expenses from the Perkins Coie law firm, the statement said.

There’s some confusion about this number, however, with some claiming that Fusion had a huge markup on Steele’s labor. But that’s not right. We’ve now confirmed what we’ve seen is just part of the total dossier Fusion did on Trump. If the numbering in the dossier is any indication, there were at least 166 reports done, with 79 done between the time  started on the dossier in April and when Steele got involved in June. Of the total, we’ve seen just 17 released reports from Steele, or about 10% of the total (assuming none of his Russian-related reports were withheld). That would put his payment — over 16% of what Fusion got paid — to be a reasonable fraction (of course much of the rest of the dossier is likely domestic and less reliant on paid sources built up over decades).

In any case, as Reuters points out, it’s far less than the $12 million Trump has alleged.

But it’s also far less than what the dossier will cost in the long run. As I’ve been tracking, there are a number of strands of “lawfare” surrounding the dossier — Russian and Republican attempts to use lawsuits to make the dossier toxic. They include:

  • Alexej Gubarev’s lawsuit against Steele and his company in the UK
  • Alexej Gubarev’s lawsuit against BuzzFeed in FL (with related subpoena challenges being litigated in DC)
  • The lawsuit by Alfa Bank executives against BuzzFeed in DC (filed after consulting with top GOP lawyers Viet Dinh and Brian Benczkowski and their firm)
  • Fusion’s efforts to fight testimony and bank subpoenas in DC
  • Carter Page’s lawsuit against HuffPo and Yahoo

In addition, I would be shocked if Marc Elias doesn’t get slapped with a lawsuit or two, now that his role in funding the dossier has become known. With the exception of Page’s suit, each of those involves at least two sets of well paid lawyers to fight things out.

Which is to say that the lawfare surrounding the dossier may well end up costing $12 million, even assuming no one ever has to pay any penalties. Which seems to offer a lesson for sleazy politicos: If you’re going to pay to develop dirt on your opponent, make sure that the blowback from it doesn’t cost more in terms of dollars and damage than the actual dossier itself.

Reasons Why Dems Have Been Fucking Stupid on the Steele Dossier: a Long Essay

Let me start this post by reposting in full my explanation of why Trump opponents are idiots for clinging to the Steele dossier, so I can add to that with an explanation of why the disclosure that Marc Elias paid for the dossier on behalf of Hillary and the DNC makes it far, far worse.

I have zero doubt that the Russians attempted to influence the election. I think it likely Robert Mueller will eventually show evidence that senior people in Trump’s camp attempted to and may have coordinated with people working for Russia, and people more tangential to the campaign sought out Russians for help. I think if the full story of the Russian involvement in the election comes out, it will be worse than what people currently imagine.

I also think Trump opponents have made a really grave error in investing so much in the Steele dossier. That’s true because, from the start, there were some real provenance questions about it, as leaked. Those questions have only grown, as I’ll explain below. The dossier was always way behind ongoing reporting on the hack-and-leak, meaning it is utterly useless for one of the most important parts of last year’s tampering. The dossier provides Trump officials a really easy way to rebut claims of involvement, even when (such as with Michael Cohen) there is ample other evidence to suggest inappropriate ties with Russia. Most importantly, the dossier is not needed for the most common reason people cling to it, to provide a framework to understand Trump’s compromise by Russia. By late January, WaPo’s reporting did a far better job of that, with the advantage that it generally proceeded from events with more public demonstrable proof. And (again, given the abundance of other evidence) there’s no reason to believe the Mueller investigation depends on it.

But because Trump opponents have clung to the damn dossier for months, like a baby’s blanket, hoping for a pee tape, it allows Trump, Republicans, and Russians to engage in lawfare and other means to discredit the dossier as if discrediting the dossier will make the pile of other incriminating evidence disappear.

So let’s see how the Marc Elias disclosure makes this far, far worse.

The WaPo reports that Elias’ firm, Perkins Coie, acting on behalf of both Hillary and the DNC, paid Fusion GPS. And they did so much earlier than previously reported, starting in April.

Marc E. Elias, a lawyer representing the Clinton campaign and the DNC, retained Fusion GPS, a Washington firm, to conduct the research.

After that, Fusion GPS hired dossier author Christopher Steele, a former British intelligence officer with ties to the FBI and the U.S. intelligence community, according to those people, who spoke on the condition of anonymity.

Elias and his law firm, Perkins Coie, retained the company in April 2016 on behalf of the Clinton campaign and the DNC. Before that agreement, Fusion GPS’s research into Trump was funded by an unknown Republican client during the GOP primary.

Given the numbering of the dossier, the April date makes far better sense than the June date. In fact, on January 13, I said, “It must have started sometime in April.” Yay me — that’s the one piece of prescience I’ll write about here I’m happy about.

The news comes as Fusion has been digging itself deeper and deeper into a perjury hole in an effort to protect Elias and the Democrats, just as they would have had to release financial documents showing Perkins Coie’s involvement in any case (I’ll do a follow-up to show that Fusion seems to have been using a cute definition of “client” in its sworn legal declarations about the dossier).

Some of the details are included in a Tuesday letter sent by Perkins Coie to a lawyer representing Fusion GPS, telling the research firm that it was released from a ­client-confidentiality obligation. The letter was prompted by a legal fight over a subpoena for Fusion GPS’s bank records.

As the WaPo and an army of Dem flacks have noted since this story broke, it is totally normal to pay oppo research firms for dirt on opponents.

It is!!

Which ought to raise really big questions why Elias didn’t come forward before now to simply admit that Hillary and the Dems — rather than some unnamed big donor as has always been intimated — were doing what every campaign normally does.

And there are several likely reasons for that.

First, consider what position this puts the FBI in. Steele started sharing his information with the FBI during the summer, possibly before the FBI opened an investigation into Trump’s Russian ties (though the CIA claims to have had a report in June about such ties, so the investigation doesn’t derive exclusively from the dossier). It’s still unclear — not even given Steele’s legal statements on this fact — whether Steele shared the information on his own, or whether Fusion permitted him to share. It’s also not clear whether Steele disclosed to FBI who was paying for his work (or even if he actually knew). But it is qualitatively different for the FBI to accept and respond to information from a political party than it is to respond to information paid for by — say — a rich private person like George Soros. That is, admittedly, how the Whitewater investigation got started (so I can appreciate the irony), but it was wrong then and it’s wrong now.

Note, this detail also provides a much better explanation for why the FBI backed out of its planned relationship with Steele in October, one that matches my supposition. As soon as it became clear Elias was leaking the dossier all over as oppo research, the FBI realized how inappropriate it was to use the information themselves, no matter how credible Steele is. This also likely explains why FBI seeded a story with NYT, one Democrats have complained about incessantly since, reporting “none of the investigations so far have found any conclusive or direct link between Mr. Trump and the Russian government.” Ham-handed? Sure. But in the wake of Harry Reid and David Corn’s attempts to force FBI to reveal what Democratic oppo research had handed to FBI, the FBI needed to distance themselves from the oppo research, and make sure they didn’t become part of it. Particularly if Steele was not fully forthcoming about who was paying him, the FBI was fucked.

And consider what Hillary and the DNC did. Back when the June 9 Trump Tower meeting first broke, I warned Democrats who were screaming that this was proof of collusion to be very careful of how they defined it.

[T]hus far, it is not evidence of collusion, contrary to what a lot of people are saying.

That’s true, most obviously, because we only have the implicit offer of a quid pro quo: dirt on Hillary — the source of which is unknown — in exchange for sanctions relief. We don’t (yet) have evidence that Don Jr and his co-conspirators acted on that quid pro quo.

But it’s also true because if that’s the standard for collusion, then Hillary’s campaign is in trouble for doing the same.

Remember: A supporter of Hillary Clinton paid an opposition research firm, Fusion GPS, to hire a British spy who in turn paid money to Russians — including people even closer to the Kremlin than Veselnitskaya — for Russia-related dirt on Don Jr’s dad.

Yes, the Clinton campaign was full of adults, and so kept their Russian-paying oppo research far better removed from the key players on the campaign than Trump’s campaign, which was run by incompetents. But if obtaining dirt from Russians — even paying Russians to obtain dirt — is collusion, then a whole bunch of people colluded with Russians (and a bunch of other foreign entities, I’m sure), including whatever Republican originally paid Fusion for dirt on Trump.

Breaking: Our political process is sleazy as fuck (but then, so are most of our politicians).

I assumed at the time that Democrats were adults and provided Hillary some plausible deniability and distance from the payments to ex-spooks who in turn paid Russian spies.

Serves me right for underestimating, yet again, Hillary’s ability to score own goals, because Nope! They’re not that adult! And so while it pains me greatly to have to say this, the Dems who screamed “COLLUSION!!!!!!!!” after evidence of a meeting but not payment have earned this attack from Ari Fleischer, accusing them of colluding, because that’s the standard they adopted at the time.

Finally, there’s the most interesting thing implicated by the disclosure that Perkins Coie partner Marc Elias paid for the dossier.

As noted, the WaPo explains Elias started to do so in April, which makes far more sense given the numbering of the dossier. But Steele, we know, was brought in in June; his first report, about whether Russia had kompromat on Hillary, was June 20. That means Steele’s involvement, paid for by Perkins Coie, postdates the involvement of Perkins Coie partner (and former DOJ prosecutor who should have known better than to do this) Michael Sussman in the DNC’s response to learning they were hacked by Russia, starting around April 29.

“Not sure it is related to what the F.B.I. has been noticing,” said one internal D.N.C. email sent on April 29. “The D.N.C. may have been hacked in a serious way this week, with password theft, etc.”

No one knew just how bad the breach was — but it was clear that a lot more than a single filing cabinet worth of materials might have been taken. A secret committee was immediately created, including Ms. Dacey, Ms. Wasserman Schultz, Mr. Brown and Michael Sussmann, a former cybercrimes prosecutor at the Department of Justice who now works at Perkins Coie, the Washington law firm that handles D.N.C. political matters.

“Three most important questions,” Mr. Sussmann wrote to his clients the night the break-in was confirmed. “1) What data was accessed? 2) How was it done? 3) How do we stop it?”

It also means that Steele’s involvement — paid for by Perkins Coie — roughly coincides with the time Democrats and Perkins Coie partner Michael Sussman first sat down with the FBI and pushed the FBI to “tell the American public that” Russia had attacked the Democrats.

The D.N.C. executives and their lawyer had their first formal meeting with senior F.B.I. officials in mid-June, nine months after the bureau’s first call to the tech-support contractor. Among the early requests at that meeting, according to participants: that the federal government make a quick “attribution” formally blaming actors with ties to Russian government for the attack to make clear that it was not routine hacking but foreign espionage.

“You have a presidential election underway here and you know that the Russians have hacked into the D.N.C.,” Mr. Sussmann said, recalling the message to the F.B.I. “We need to tell the American public that. And soon.”

Shortly thereafter, Steele, paid for by Perkins Coie, started sharing reports with the FBI, with as yet unknown disclosure to them about who was paying his bills. Do you see why this is a problem yet?

Note, too, the irony. The DNC was unwilling to share their server directly with the FBI. But they were willing to launder their intelligence to it.

Not cool, Democrats. Also, not smart.

Now, add to this massive own goal the Democrats have scored on themselves. The second report in the released dossier, is dated July 26, released four days after WikiLeaks started releasing the DNC emails, making it clear the Democrats had a far bigger hack-and-leak problem on their hands than they had let on in a June 14 story to the WaPo. It is an incredibly back-assward report on Russian hacking that proved unaware of the most basic publicly known details about Russia’s hacking (the Democrats would have been better served reading this report that had been released ten months before, which is almost certainly what FBI was trying to point them to when they first warned of the hack in September). That is, in the wake of the DNC hack, the Democrats’ lawyer paid for private intelligence about Russian involvement with Trump, and they ended up paying someone whose sources (because Steele is a follow-the-money guy, not a follow-the-packets guy) consistently were months and months behind the public knowledge on the hack.

Yikes.

Finally, one more point. It has been clear for some time that Steele’s reports had some kind of feedback loop, responding to information the Democrats got. That was most obvious with respect to the September 14 Alfa Bank report, which was obviously written after first news of the Alfa Bank/Trump Tower story, which was pushed by Democratic partisans. Particularly given that we know the released report is a selective release of just some reports from the dossier, the inclusion of Alfa Bank in that release makes no sense. Even if reports about old corrupt ties between Alfa and Putin are true (as if Democratic politicians and corrupt American banks never have old ties), the inclusion of the Alfa report in the dossier on Trump made zero sense.

Which is why Alfa Bank decided — after consulting with big Republican lawyers like Viet Dinh and soon-to-be DOJ Criminal Division Chief Brian Benczkowski — to sue for defamation. Now I understand why (particularly given that Republicans seem to have known who paid for the dossier for some time). I’m not sure Alfa Bank executives pass the bar for defamation here (though the publication of a report that misspelled Alfa’s name is pretty damning), but the fact that Elias paid for this dossier on behalf of the Democrats is going to make that defamation case far more explosive (and I’ll be surprised if Elias doesn’t get added into the mix).

As I said when I began this: I have no doubt Russia tampered with the election, and if the full truth comes out I think it will be more damning than people now imagine.

But the Democrats have really really really fucked things up with their failures to maintain better ethical distance between the candidate and the dossier, and between the party and the FBI sharing. They’ve made things worse by waiting so long to reveal this, rather that pitching it as normal sleazy political oppo research a year ago.

The case of Russian preference for Trump is solid. The evidence his top aides were happy to serve as Russian agents is strong.

But rather than let FBI make the case for that, Democrats instead tried to make their own case, and they did in such a way as to make the very solid case against Trump dependent on their defense of the dosser, rather than on better backed claims released since then.

Boy it seems sadly familiar, Democrats committing own goals like this. And all that’s before where the lawfare on this dossier is going to go.

Update, 12/6/17: This, from April, is a really interesting claim by claim debunking of the dossier.

On the Lawfare over the Steele Dossier

October 25: For those looking for “Reasons Why Dems Have Been Fucking Stupid on the Steele Dossier, a Long Essay,” it’s here; I screwed up the link.

Say, did you know that Christopher Steele and his company, Orbis Business Intelligence, claim that Fusion GPS, the US-based intelligence firm that hired him to collect dirt on Donald Trump, did not share that dirt with its clients?

Steele’s curious claims made from the comfort of the UK

That’s the rather improbable claim made in a May 18 filing in the British lawsuit Webzilla CEO Alexej Gubarev filed against Steele and his company in the UK. In response to questions about who was contractually prohibited from disclosing Steele’s reports, Steele claimed that while Fusion was permitted to share the information he gave them with their clients, they did not.

In relation to the pre-election memoranda the duty not to disclose intelligence to third parties without the prior agreement of [Steele and his company, Orbis] did not extend to disclosure by Fusion to its client(s), although the Defendants understand that copies of the memoranda were not disclosed by Fusion to its client(s).

In response to a follow-up question on whether Fusion’s clients were allowed to disclose any reports they got, Steele claimed that Fusion’s clients weren’t supposed to release the information.

[Steele and his company] understood that the arrangement between Fusion and its client(s) was that intelligence would not be disclosed.

Yet, in spite of the claim that Fusion never shared Steele’s intelligence reports with its clients, Steele admits that he gave off the record briefings, in one form or another, to reporters from six different American outlets.

The journalists initially briefed at the end of September 2016 by [Steele] and Fusion at Fusion’s instruction were from the New York Times, the Washington Post, Yahoo News, the New Yorker and CNN. [Steele] subsequently participated in further meetings at Fusion’s instruction with Fusion and the New York Times, the Washington Post and Yahoo News, which took place in mid-October 2016. In each of those cases the briefing was conducted verbally in person. In addition, and again at Fusion’s instruction, in late October 2016 [Steele] briefed a journalist from Mother Jones by Skype. No copies of the pre-election memoranda were ever shown or provided to any journalists by, or with the authorization of, the Defendants. The briefings involved the disclosure of limited intelligence regarding indications of Russian interference in the US election process and the possible co-ordination of members of Trump’s campaign team and Russian government officials.

So the folks footing the bill for all this never saw the reports they paid for, and if you believe Steele no reporters ever actually looked at the dossier. Steele makes no mention (in a lawsuit in the UK targeting just him, not Fusion GPS) of the evolving claims of BBC’s Paul Wood.

Steele’s claim that he wasn’t sharing the dossier itself is dubious for several reasons. For example, the defense makes no mention of Steele sharing the dossier with the FBI, in spite of multiple reports of him doing so.

More damning, one of the reporters with whom the dossier was shared before the election, BBC’s Paul Wood, has changed a published story about receiving the dossier on two occasions. The original story appeared like this.

Sometime between the original publication and 14:06 GMT, the paragraph claiming the American oppo research company, Fusion, disseminated the document was removed from the story.

Then, by 15:32 GMT — roughly 20 minutes after I did a post noting the first change — that passage was again changed, this time to suggest the pages were shown, but not given, to journalists.

I’ve been told second-hand that actual pages were given, not shown, to at least one journalist, suggesting the middle story may be the accurate one. Moreover, the actual dossier would have had to have been shared for James Clapper’s claim that the dossier “was widely circulated … among the media, members of Congress and Congressional staff ” to be true.

Note, too, that in an April declaration, Steele claimed that the briefings took place in “late summer/autumn 2016;” while those briefings took place before September 23, that’s only late summer if you’re fairly strict about when the equinox falls.

Suffice it to say, I don’t find Steele’s claims that persuasive. Which may be why he tried to challenge Gubarev’s efforts — in his US lawsuit against Buzzfeed — to obtain a deposition. The judge in that suit denied Steele’s request, though Steele can still challenge the request in the UK, where he’ll likely get a far friendlier reception.

Let me interrupt and suggest the Russians — and probably the most partisan Republicans — know who’s behind Steele’s dossier. By all appearances Russian interests are fighting a multi-front legal effort to force those details out in public, on top of any damage it does to Buzzfeed.

In the suit against Steele in the UK, Steele has basically explained he disseminated the December 13 memo — which is the one that mentions Webzilla and so is the only one that matters in that suit — to just two people: a hard copy to a senior UK government official (believed to be someone at MI6), and an encrypted copy to Fusion to pass on to John McCain via a Senior Director of McCain’s Institute for International Leadership, David Kramer. Steele admits his instructions that the last report remain classified were given over a secure phone call, not in writing. Steele admits giving off-the-record briefings (though not to BuzzFeed), but not the materials themselves, on the earlier reports, but not the December 13 one. In any case, given that BuzzFeed was not one of those outlets, Steele argues he can’t be held responsible for any defamation of Webzilla in the UK. Steele also emphasizes that the December 13 memo “did not represent (and did not purport to represent) verified facts, but were raw intelligence which had identified a range of allegations that further investigation.” And since the December 13 memo was produced for free, from intelligence “not actively sought, … merely received,” Steele doesn’t have to reveal who paid for the other reports, which don’t mention Webzilla.

Barring greymail, the Florida suit permits Webzilla to compare Steele’s answers with Fusion’s

That’s all well and good, but in its Florida suit, Webzilla is pursuing a deposition from Fusion GPS as well as Steele (curiously, the joint status report says nothing about deposing McCain or Kramer).

For its part, Buzzfeed appears to be pursuing a graymail defense. Around July 7, Buzzfeed sent subpoenas to a bunch of national security witnesses who are not going to want to testify.

Six weeks ago, Defendants  served subpoenas for depositions and the production of documents on several third party witnesses, including several government agencies and their former officials. These include the FBI, DOJ, ODNI, CIA, and James Comey, James Clapper, and John Brennan.

Particularly Comey and the FBI are likely to invoke ongoing investigations to refuse to give a deposition.

Still, comparing the stories of Steele and Fusion may produce some discomfort, all the more so if Webzilla succeeds in making Steele attest to the things he said in the UK in the US.

Fusion was far less cooperative with the Senate Judiciary Committee than made out

Which brings us to efforts in Congress. As I’ve said before, I think Chuck Grassley’s efforts to understand Fusion’s role in the dossier are good faith efforts. While a key focus of that is on Steele’s relationship with the FBI, Grassley fought for five months to get Fusion to cooperate with the Committee, which Fusion head Glenn Simspon finally did in a 10 hour August 22 interview with the Senate Judiciary Committee (See release 1, release 2, release 3, hearing statement 1, release 4, release 5, hearing statement 2, release 6 for Grassley’s efforts). Democrats — apparently led by Rachel Maddow — made much about the appearance. But the main outcome was nothing more than a carefully crafted statement for the benefit of Fusion’s clients assuring them Simpson hadn’t revealed their names.

While Simpson’s attorney said his client provided significant details about his firm’s findings, he did not reveal the identities of those who paid for his research.

Simpson “kept the identities of Fusion GPS’ clients confidential,” Levy said in his statement. “Fusion GPS represents businesses, individuals and, occasionally, political clients on both the right and the left. When those clients want Fusion GPS to keep their identities confidential, Fusion GPS honors that commitment without exception – just as law firms and businesses do all over the country.”

A Grassley staffer offered a very different take than the celebratory one Democrats claimed to Fox News’ Catherine Herridge.

“Fusion’s initial production of documents consisted of solely of headlines from publicly available news reports and more than 7,500 pages of blank paper,” Grassley spokesman Taylor Foy said. “Fusion eventually provided a copy of the same unverified dossier that’s been publicly available since January, and a privilege log that raises more questions than it answers.”

Fox reported this week that Fusion GPS gave the committee 40,000 documents.

The records were finally provided by Simpson and his legal team after Grassley sent several letters raising questions about the dossier, moved a Judiciary Committee hearing to accommodate Simpson’s schedule, and withdrew a subpoena in return for a pledge of cooperation.

“I’d note that only after the subpoena did Simpson indicated any willingness to cooperate voluntarily, yet the documents produced by his legal team have not been responsive to the committee’s questions,” Foy said.

Effectively, Fusion is still refusing to cooperate, over five months after Grassley’s first request.

The other notable development from Congress is Devin Nunes’ efforts — even as people who haven’t recused from the Russian investigation are trying to negotiate an interview with Steele — to search out the spy directly. He sent two staffers to London to try to contact Steele, without informing the people on the House Intelligence Committee who are actually supposed to be conducting an investigation.

After getting Steele to commit to one Webzilla suit, Alfa sued

As noted, on May 18 effectively Steele made a set of claims in the UK that — while sketchy — nevertheless would bracket off questions about the circumstances of the larger dossier’s production by claiming that the last report, the one pertinent to Webzilla, basically had a virgin birth.

Which is why I find the timing of this suit — a  May 26 lawsuit by Alfa Bank against BuzzFeed — so interesting. As I noted here, the September 14 Steele dossier report on Alfa Bank isn’t all that damning. It alleges Alfa did some corrupt stuff for Putin back when he was Deputy Mayor of St. Petersburg. Particularly given that report has nothing to do with Trump directly, I suspect the report appears in the dossier because of the allegations of weird communications between a Trump marketing server and the bank; the allegations had already been shared with the FBI and were beginning to be shared with journalists at about precisely that moment.

The suit nods to such a theory without mentioning it directly.

More than one defamatory meaning can be drawn from this passage. It suggests that Alfa and Messrs. Fridman and Aven use their knowledge of past bribery of President Putin as a means of criminally extorting continuing favorable treatment for their business interests from his government. Within the context ofthe entire Dossier, it also implies that Alfa and its three officials willingly maintain the close relationship with
President Putin based on the “kompromat” they hold on him by cooperating in some unspecified way in the Kremlin’s campaign to interfere in the U.S. election.

At the same time, in context, the whole of CIR 112 can also be understood to suggest that because oftheir past (and possibly current) relationship involving mutually beneficial corrupt practices, Alfa and its three officials are required to do President Putin’s bidding, which includes cooperating in the Kremlin efforts to influence the outcome of the recent U.$. election. The statements quoted from the Dossier are false

But one of the real points of the lawsuit is not just that Buzzfeed published the dossier, but called out Alfa bank, correcting its spelling, even while acknowledging that the spelling indicated an error.

The Article specifically refers to Alfa as having been named in the Dossier, while acknowledging that the Dossier “is not just unconfirmed: It includes some clear errors. The [Dossier] misspells the name of one company, ‘Alpha Group,’ throughout. It is Alfa Group.”

The Article, by explicitly referring to Alfa, increases the likelihood that persons interested in Alfa (including but not limited to government intelligence officials, regulatory authorities, financial institutions, print and online news media and journalists) would search the Dossier to find out what it says about Alfa.

In any case, because this report was part of the dossier before it got shared with journalists, and because it was among the reports paid for by yet-unknown sources, Alfa will have cause to ask all about those details — details which Steele worked so hard to hide with the sketchy story he told in the UK. And Alfa filed the suit just a week after Steele committed to those facts in the UK.

Even aside from the timing, however, the background to the suit is worth mention.

It came out as part of the confirmation process for Trump transition official and former Jeff Sessions staffer Brian Benczkowski to be Assistant Attorney General of DOJ’s Criminal Division. Days before his confirmation, he sent Chuck Grassley letters revealing that not only had his firm, Kirkland & Ellis, confidentially represented Alfa bank, but he personally had overseen one of the investigations into the weird communications data. It came out later that he also consulted on Alfa’s plan to sue Buzzfeed.

Dianne Feinstein described at length why she considered this problematic, particularly given Benczkowski’s refusal to recuse himself from the Mueller investigation and any cases involving Alfa Bank.

I very much appreciate that Mr. Benczkowski has agreed to speak publicly about his work for Alfa Bank and I think it’s an important topic to understand given the position he’s been nominated for.

As I understand it, Mr. Benczkowski participated in President Trump’s transition team from September of last year to January of this year. He led the transition team’s work at the Justice Department, which is now led by his former boss, Attorney General Jeff Sessions.

Mr. Benczkowski told the committee that the retention of former FBI Director James Comey was discussed by those on the transition team, including himself.

In March, within two months of leaving the transition team, Mr. Benczkowski agreed to represent Alfa Bank.

Specifically, his work for Alfa Bank went to the heart of the reported investigations. He worked with a computer forensics firm to determine any ties between servers of Alfa Bank and the Trump Organization, and also whether and how private server information had gotten out of the ban.

Additionally, he reviewed the “Steele dossier,” a private investigator’s file on alleged links between Russia and the Trump campaign. He did this for Alfa Bank to consider suing Buzz Feed for defamation over their online publication of the dossier. Alfa Bank, in fact, did sue Buzz Feed on May 26 of this year.

In April, while Mr. Benczkowski was working for Alfa Bank, Attorney General Sessions’s chief of staff asked him about his interest in leading the Criminal Division.

Mr. Benczkowski’s law firm then notified Alfa Bank of his potential nomination for the Trump administration. But the fact that Mr. Benczkowski continued representing Alfa Bank, until the day of his nomination, which was June 6, raises questions. After he found out about his potential nomination, why did he continue his representation of Alfa Bank?

It is clear to me that Mr. Benczkowski is knowledgeable about issues related to an ongoing investigation. So I asked before this hearing if he would commit himself to recusing—not only from cases involving Alfa Bank as his former client, but also matters within Special Counsel Mueller’s investigation.

He would not commit to recusing himself. I’m concerned with his refusal, especially given the position for which he has been nominated.

In other words, days before he got the offer to oversee all criminal investigations in the country, Alfa had sued Buzzfeed (though a different firm is representing Alfa in the suit. Benczkowski’s nomination hasn’t been considered in any of the confirmation votes the committee has considered since.

The lawsuit, even more than Nunes’ free-lance efforts in London, seems like an attempt to expose highly inconvenient information about the dossier.

It’s all perfectly legal. But taken altogether, it’s clear that some really well-connected businesses run by Russians are using British and US courts to try to expose information they all seem to know exists.

Remember: the Russians learned about this dossier by October 31, if not before. There are real questions about the provenance of the document as leaked to Buzzfeed. There are real questions about whether some of the material in it wasn’t offered to Steele’s sources as deliberate disinformation — something recently floated by British spy historian Ben Macintyre.

S.L.Do you think the Russians really have something on Trump?

B.M. I can tell you what the veterans of the S.I.S. [the British Secret Intelligence Service, or MI6] think, which is yes, kompromat was done on him. Of course, kompromat is done on everyone. So they end up, the theory goes, with this compromising bit of material and then they begin to release parts of it. They set up an ex-MI6 guy, Chris Steele, who is a patsy, effectively, and they feed him some stuff that’s true, and some stuff that isn’t true, and some stuff that is demonstrably wrong. Which means that Trump can then stand up and deny it, while knowing that the essence of it is true. And then he has a stone in his shoe for the rest of his administration.

It’s important to remember that Putin is a K.G.B.-trained officer, and he thinks in the traditional K.G.B. way.

Particularly given that the last report in the dossier came out after its existence became known, it would have been especially easy to include disinformation that can now be exploited for this campaign of lawfare.

And while Buzzfeed’s graymail is likely to be effective and Steele’s deposition in the US is in no way assured, thus far the lawfare has revealed a lot of data that doesn’t really make sense.

Update: WashEx reports the House Intelligence Committee subpoenaed FBI and DOJ for information on the dossier and, having not gotten a response, has now also subpoeaned Christopher Wray and Jeff Sessions (who of course should be recused).

The committee issued the subpoenas — one to the FBI, an identical one to the Justice Department — on August 24, giving both until last Friday, September 1, to turn over the information.

Neither FBI nor Justice turned over the documents, and now the committee has given them an extension until September 14 to comply.

Illustrating the seriousness with which investigators view the situation, late Tuesday the committee issued two more subpoenas, specifically to FBI Director Christopher Wray and Attorney General Jeff Sessions, directing them to appear before the committee to explain why they have not provided the subpoenaed information.

The subpoenas are the result of a months-long process of committee investigators requesting information from the FBI and Justice Department. Beginning in May, the committee sent multiple letters to the FBI and Justice requesting information concerning the Trump-Russia affair.

I actually have no problems with the questions Congress is asking about the dossier (though I do think Mueller’s investigation should be given deference, if he asks for it). What’s funny, though, is that none of the committees are asking CIA and ODNI for more information on when they learned about the dossier. As I’ve noted their answers about it have been laughable, to put it charitably. But that might risk committing oversight.

Timeline

February 3: Webzilla and Alexej Gubarev sue Buzzfeed

March 27: Grassley first submits questions to Fusion

April, unknown date: Sessions Chief of Staff inquires about Benczkowski’s interest in serving as Assistant Attorney General

April 3: Steele Defence in UK Webzilla suit

May 18: Steele’s response to claimants request for further information

May 22: Ursula Ungaro denies BuzzFeed request to move suit to NYC in US Webzilla suit

May 26: Alfa Bank sues Buzzfeed in NY

June 6: Brian Benczkowski offered Assistant Attorney General position

July 19-21: Kirkland & Ellis disclose Benczkowski’s ties to Alfa bank

July 25: Benczkowski confirmation hearing

August 10: Ungaro requests UK require Steele provide a deposition in this case

August 10: Steele fights deposition request in US Webzilla suit

August 15: Ungaro denies Steele request

August 22: Glenn Simpson submits to 10 hour transcribed interview with Senate Judiciary Committee

August 24: HPSCI subpoenas FBI and DOJ for information on dossier

September 14: Extended deadline for FBI and DOJ to comply with HPSCI subpoena

After Three Suggestions of Doctored Data, Alfa Bank Claims They’re Being Framed

Remember this article from CNN that renewed the Alfa Bank funny server story? It totally pissed me off for the way it cited about seven people telling it there was no there there, and then reporting that there was based off one identified source (a US official, who could be a member of Congress) and other non-identified ones.

In addition, it claimed that Dick DeVos leads Spectrum Health — my local hospital. DeVos is currently Chairman of the Board, but the company is “led” by CEO and President Rick Breon. DeVos “leads” a company called Windquest Group, which invests in boutique things like an excellent wine bar and the fancy gym I belonged to before I joined the Y. The DeVos family “owns” a lot more, notably RDV Corporation, through which they own and mismanage the Orlando Magic. There are probably a jillion servers associated with RDV corporation that could (and probably do!) conduct secret communications. Which is another way of saying that if Dick DeVos wanted to conduct secret conversations with Donald Trump at a time when he was attracting attention because he was not yet even donating money to the candidate, he might have done it via a server more directly operated by his family. Hell, since DeVos spooked up brother-in-law Erik Prince was supporting Trump at that time of the weird server activity, why wouldn’t we expect spooky conversations to happen from one of Prince’s far-flung spook properties?

But perhaps the funniest part of the CNN story is that it pointed to evidence the story had been packaged — but it didn’t seem to understand that.

Other computer experts said there could be additional lookups that weren’t captured by the original leak. That could mean that Alfa’s presence isn’t as dominant as it seems. But Dyn, which has a major presence on the internet’s domain name system, spotted only two such lookups — from the Netherlands on August 15.

If there were lookups not recorded in the publicly released data — even if there were just two of them — then it shows that the publicly released data is incomplete.

Other outlets say was even more data sometimes excluded from the public story. The Intercept cataloged how different sets of material purportedly backing this story include different sets of IP addresses.

On Tea Leaves’ WordPress site, he claimed that “only two networks resolved the mail1.trump-email.com host.” This is contradicted by the very works of analysis furnished by Tea Leaves’ collaborators: The author of the white paper found that at least 19 IP addresses, all belonging to different networks except for the two that belong to Alfa Bank, had looked up Trump’s server. And these are only the 19 the author was able to observe in a short time period — it can’t be ruled out that there were many more, which quickly deflates the portrait of a shady Russian backchannel.

The white paper included DNS look-up data, but not nearly enough to reproduce the results. Rather than the 19 IP addresses we expected to see, the data only included three, and the DNS look-ups were not for the same time period that the paper described. Tea Leaves published a different set of data on the dark web, which we also looked at, but this set of data only included a total of four IP addresses. When we pressed Tea Leaves for the complete set of data so we could attempt to reproduce the analysis, he gave us a new, more comprehensive set of data, but still that included a total of only eight IP addresses, and it was missing an IP address belonging to a VPN service in Utah that accounted for a significant portion of the DNS look-ups described in the paper.

And Robert Graham states that a source of his says the data for June — one of the key months in question — was altered.

Tea Leaves and Jean Camp are showing logs of private communications. Where did these logs come from? This information isn’t public. It means somebody has done something like hack into Alfa Bank. Or it means researchers who monitor DNS (for maintaing DNS, and for doing malware research) have broken their NDAs and possibly the law.

The data is incomplete and inconsistent. Those who work for other companies, like Dyn, claim it doesn’t match their own data. We have good reason to doubt these logs. There’s a good chance that the source doesn’t have as comprehensive a view as “Tea Leaves” claim. There’s also a good chance the data has been manipulated.

Specifically, I have as source who claims records for trump-email.com were changed in June, meaning either my source or Tea Leaves is lying.

Until we know more about the source of the data, it’s impossible to believe the conclusions that only Alfa Bank was doing DNS lookups.

Here’s his latest post on this issue.

All the different sets of data (and the way the data was culled without evidence about how that was done), plus the fact that the entity behind this story goes by the name “Tea Leaves” and now refuses to talk to anyone about it, really ought to raise questions about a hoax. But not CNN. For CNN it was all proof of something there.

Now CNN reports that once in February and increasingly since CNN’s story about a non-story, someone has been spoofing lookups from Trump to Alfa.

[O]n Friday, Alfa Bank claimed hackers are now trying to perpetuate that suspicion by tricking the Trump Organization into sending communication toward the bank.

[snip]

One attack happened on February 18, the bank said. (The bank did not mention that to CNN before its story published on March 10.)

After CNN published its story about the puzzling Trump-Alfa situation, hackers stepped up their attack on the Trump Organization with “spoofed” signals for five hours, which were then directed back towards the bank, Alfa Bank said.

Hackers continued this attack on March 13, the bank said.

The bank contacted the FBI and offered “complete co-operation in finding the people behind attempted cyberattacks.” A US law enforcement official confirmed that the FBI was contacted.

[snip]

According to Alfa Bank’s description of recent events, hackers have recently tricked a Trump Organization computer server into sending internet traffic to Alfa Bank.

Hackers have “manufactured this deceit by ‘spoofing’ or falsifying DNS lookups to create the impression of communication between Alfa Bank and the Trump Organization,” the bank said in a statement.

Alfa Bank offered this analogy: “A simple analogy would be someone in the U.S. sending an empty envelope… to a Trump office… addressed to Trump, but on the back of the envelope the return address is Russia… instead of its own real address.”

“So, on cursory examination, Alfa Bank appears to have been receiving responses to queries it never actually sent.”

Alex McGeorge, head of threat intelligence at cybersecurity firm Immunity, said this is a prank “that is simple to do from pretty much any internet connected computer. We could probably manufacture this from a Starbucks.”

That someone is trying to manufacture something out of nothing here should not be surprising. There’s abundant reason to believe that’s what was always happening. And now that the FBI has been called back in by Alfa, I do hope they find an explanation about whether this is a Hillary person trying to taint Trump or Russia trying to do a limited hangout on other more damaging Alfa stuff. Maybe both have been faking this story at different times?

In any case, at this point, the story should be about why this story got packaged in the way it did, as much as any questions about how Trump sends spam around the world.

Update: Here’s the press release from Alfa. They’re also calling the larger story a hoax.

Alfa Bank’s working hypothesis is that an individual — possibly well known in internet research circles — may have fed selected DNS data to an anonymous cyber group to ensure they reached a specific (and erroneous) conclusion. Alternatively, the cyber group may have been complicit in the deceit. In the most recent cases, unknown individuals demonstrably attempted to insert falsified records onto Alfa Bank’s computer systems designed to create the same impression.

An Alfa Bank spokesperson said: «The anonymous cyber group, which is led according to news accounts by ‘Tea Leaves,’ cannot produce evidence of a link because there never has been one. Alfa Bank believes that it is under attack and has pledged its complete cooperation to U.S. authorities to find out who is behind these malicious attacks and false stories.»