Posts

John Durham’s Top Prosecutor, Andrew DeFilippis, Allegedly Miffed that DARPA Investigated Guccifer 2.0

/59 Comments/in , , /by

Vladimir Putin’s invasion of Ukraine and the sanctions imposed as a result has led lawyers in the US to drop the now-sanctioned Alfa Bank and its owners, leading to the dismissal of the John Doe, BuzzFeed, and Fusion GPS lawsuits filed by Alfa Bank or its owners. That has, for now, brought an end to a sustained Russian effort to use lawfare to discover “U.S. cybersecurity methods and means” (as some of Alfa’s targets described the effort).

But the dismissal of the Alfa Bank suits hasn’t halted the effort to expose US cybersecurity efforts in the guise of pursuing right wing conspiracy theories. Both Federalist Faceplant Margot Cleveland and “online sleuths” goaded, in part, by Sergei Millian have picked up where Alfa Bank left off. In recent days, for example, documents obtained via a Federalist FOIA to Georgia Tech exposed the members of a cybersecurity sharing group, including a bunch at Three-Letter Agencies, which has little news value but plenty of intelligence value to America’s adversaries (these names were released even while someone — either Georgia Tech or the Federalist — chose to redact the contact information for Durham’s investigators, some of which is otherwise public).

Even while doing her part to make America less safe (raising the perennial question of who funds the Federalist), Cleveland has continued to do astounding work misrepresenting Durham’s investigation. From the same FOIA release, she published a document in which research scientist Manos Antonakakis described that chief Durham AUSA Andrew DeFilippis insinuated to him that it was abusive for DARPA to try to discover the network behind the Guccifer 2.0 persona.

Finally, I will leave you with an anecdote and a thought. During one of my interviews with the Special Counsel prosecutor, I was asked point blank by Mr. DeFilippis, “Do you believe that DARPA should be instructing you to investigate the origins of a hacker (Guccifer_2.0) that hacked a political entity (DNC)?” Let that sync for a moment, folks. Someone hacked a political party (DNC, in this case), in the middle of an election year (2016), and the lead investigator of DoJ’s special council would question whether US researchers working for DARPA should conduct investigations in this matter is “acceptable”! While I was tempted to say back to him “What if this hacker hacked GOP? Would you want me to investigate him then?”, I kept my cool and I told him that this is a question for DARPA’s director, and not for me to answer.

Assuming this is an accurate description, this is a shocking anecdote, a betrayal of US national security.

It suggests that Durham’s lead prosecutor doesn’t believe the government should throw its most innovative research at a hostile nation-state attack while that nation-state is attempting to influence an election. Sadly, though, it’s not surprising.

It is consistent with things we’ve seen from Durham’s team throughout. It’s consistent with Durham’s treatment of a loose tie between an indirect and unwitting Steele dossier source and the Hillary campaign as a bigger threat than multiple ties to Russian intelligence (or Dmitry Peskov’s office, which knew that Michael Cohen and Donald Trump were lying about the former’s secret communications with Peskov’s office). It is consistent with Durham’s more recent suggestion that the victim of such a nation-state attack must wait until after an election to report a tip that might implicate her opponent.

I almost feel like DeFilippis will eventually say Hillary should have just laid back and enjoyed being hacked in 2016.

DeFilippis, and Durham generally, have consistently treated Hillary as a far graver threat than Russia, even now, even as Russia conducts a barbaric invasion of a peaceful democracy.

But Antonakakis’ anecdote is all the more troubling because it suggests that DeFilippis seems to misunderstand what happened with the DARPA contract in question in 2016. The Enhanced Attribution RFP’s description of the hacking campaigns it was targeting — “multiple concurrent independent malicious cyber campaigns, each involving several operators” — pretty obviously aims to tackle Advanced Persistent Threats, of which APT 28 and 29 (both of which targeted the DNC) were among the most pressing in 2016. DARPA presumably didn’t ask Antonakakis to focus on Guccifer 2.0 — a persona which didn’t exist when the contract was put up for bid in April 2016, much less in the months earlier when it was originally conceived. Rather, by description, they were asking bidders to look at APTs, and looking at APT 28 would have happened to include looking at Guccifer 2.0, the DNC hack, and a number of hacks elsewhere in the US and the world.  The reason DARPA would ask Georgia Tech to look at APT 28 is because APT 28 was hacking a lot of targets in the time period, all of which provided learning sets for a researcher like Antonakakis. DeFilippis, then, seems miffed that the APT that DARPA wanted to combat happened to be one of two that targeted Hillary.

That’s a choice Russia made, not DARPA.

While I think Cleveland did serious damage with some of her releases, I’m glad she released this document because it provides a way for Michael Sussmann to make DeFilippis’ troubling views on national security a central issue at trial, something that normally is difficult to do.

It also provided Cleveland another opportunity to faceplant in spectacular trademark Federalist fashion. Cleveland used this document to rile up the frothers by suggesting this is proof that Durham is investigating the DNC attribution.

Exclusive: Special Counsel’s Office Is Investigating The 2016 DNC Server Hack

The U.S. Department of Defense tasked the same Georgia Tech researcher embroiled in the Alfa Bank hoax with investigating the “origins” of the Democratic National Committee hacker, according to an email first obtained by The Federalist on Wednesday. That email also indicates the special counsel’s office is investigating the investigation into the DNC hack and that prosecutors harbor concerns about the DOD’s decision to involve the Georgia Tech researcher in its probe.

[snip]

The public storyline until now had been that CrowdStrike, the cybersecurity firm Sussmann hired in April 2016, had concluded Russians had hacked the DNC server, and that the FBI, which never examined the server, concurred in that conclusion. Intelligence agencies and former Special Counsel Robert Mueller likewise concluded that Russian agents were behind the DNC hack, but with little public details provided.

It now appears that DARPA had some role in that assessment, or rather Antonakakis did on behalf of DARPA, which leads to a whole host of other questions, including whether DARPA had access to the DNC server and data and, if so, from whom did the DOD’s research arm get that access? Was it Sussmann?

There’s no reason to believe this and every reason to believe that — as I said — DeFilippis is pissed that DARPA prioritized their research on a target that was badly affecting national security (and not just in US, but also in allied countries) in 2016, one that happened to attempt to help Trump get elected.

But look how many errors Faceplant’s Cleveland made in the process:

Cleveland repeats the Single Server Fallacy, imagining that the DNC, DCCC, and Hillary had just one server between them to be hacked and all the servers that got hacked were in the possession of one of those victims. That’s, of course, ridiculous. The server that GRU hacked to get John Podesta’s emails belonged to Google. The server that GRU hacked to get Hillary’s analytics belonged to AWS. There was a staging server in AZ; I have been told that the FBI seized at least one US-based server that did not belong to the DNC (that server is why the frothy right’s focus on what Shawn Henry testified to HPSCI is so painfully ignorant — because it ignores that the FBI had access to servers that Henry did not that did show exfiltration).

Cleveland apparently doesn’t know that FBI knew who was hacking the DNC when they warned them starting in September 2015 they were being hacked. The FBI’s awareness of that not only explains why APT 29 and 28 would have been included in DARPA’s targets for EA, but proves that the government was tracking these hacking groups above and beyond the attack on Hillary. This was never just a reaction to the election year hack.

Cleveland claims Mueller’s attribution of the DNC hack to the GRU provided “little public details,” when in fact the Mueller Report showed 29 sources other than CrowdStrike, including:

  • Gmail
  • Linked-In
  • Microsoft
  • Facebook
  • Twitter
  • WordPress
  • ActBlue
  • AWS
  • AOL
  • Smartech Corporation
  • URL shortening service
  • Bitcoin exchanges
  • VPN services

According to Mueller’s report, all these sources also corroborated the GRU attribution. And Mueller’s list doesn’t include a number of other known entities that corroborated the attribution, including NSA and Dutch intelligence, which couldn’t be named in a public DOJ document. Mueller’s list doesn’t include Georgia Tech either, but it wouldn’t need to, because there was so much other evidence.

The Mueller Report described obtaining almost 500 warrants, but the released list — from which FBI’s Cyber Division successfully withheld those pertaining to the GRU investigation — only includes around 370-400 warrants (based on an 156 pages of warrants with roughly three per page), suggesting there may be 100 warrants tied to the GRU attribution alone.

By the time Antonakakis started looking at the DNC hack as part of EA, multiple entities, including several Infosec contractors, non-US intelligence services, and non-governmental entities like tech giants (including at least three of the ones on Mueller’s list), had plenty of evidence that the Guccifer 2.0 campaign was run by the APT 28. Including Guccifer 2.0 as part of the research set would simply be part of the existing targeting of a dangerous APT.

But apparently neither DeFilippis nor Cleveland understand that 2016 was part of an ongoing identified threat to US national security.

One thing Putin did in 2016 was to use disinformation to train the frothy right to favor Russia more than fellow Americans from the opposing party. Even as Russia attacks Ukraine, that still seems to be true.

Share this entry

John Durham and Newly-Sanctioned Alfa Bank’s Filings: “Almost like they were written by the same people”

/71 Comments/in , , /by

In a DC hearing on February 9 regarding Alfa Bank’s attempt to obtain documents from Michael Sussmann before his trial, DC Superior Judge Shana Frost Matini observed that the Alfa Bank allegations and the John Durham indictment seemed like they could be written by the same people.

[R]ight now, given the — if the closeness of Alpha’s allegations, I mean, quite frankly, it’s — reading Alpha’s submissions and what the — and that compared to the indictment, there’s — it’s almost like they were written by the same people in some way. [Alpha misspelling original]

Judge Matini, a Trump appointee, scolded Alfa — which over this past weekend was included in sanctions against Russian banks in retaliation for the invasion — for claiming that their lawsuit and Durham’s indictment of Sussmann were not closely related after having raised the indictment in the first place.

As to the claims that the criminal and civil proceedings are not closely related, this is a surprising representation for Alpha to make, given that Alpha was the one to bring the criminal charges to the Court’s attention by filing what was styled as a notice of supplemental authority in support of its Motion to Compel.

Of course, there is no Supplemental Authority here. A criminal indictment is not an opinion of the Court. It’s just a charge that the prosecuting authority is bringing against an individual with facts that are alleged to support the charge.

In dual lawsuits in FL and PA, Alfa Bank purports to be trying to figure out who allegedly faked DNS records to make it look like Alfa was in contact with Trump back in 2016 so it can sue those people. Rather than finding anyone to sue, however, it has instead spent its time subpoenaing experts to learn as much as it can about how the US tracks DNS records to prevent cyberattacks by — among other hostile countries — Russia.

Matini ruled that Alfa’s effort to get more information from Sussmann will have to wait until June, after his trial. (It’s unclear whether the sanctioned bank will still have legal means to pay Skadden lawyers to pursue this lawsuit at that point.)

But since then, the timelines of the Alfa Bank and Durham investigations have closely paralleled.

Of particular interest, on the morning of February 11, Rodney Joffe — referred to as Tech Executive-1 in the Durham filings — sat for an almost 5-hour deposition with Alfa Bank’s lawyers. He revealed that Durham had first approached him for an interview at least a year earlier. He revealed he had been asked to testify before the grand jury, but he “declined to interview,” presumably meaning he told Durham he’d invoke the Fifth (just as Don Jr and probably his daddy are understood to have done with Mueller).

Joffe’s refusal to voluntarily feed this witch hunt continued in his Alfa deposition. Citing the ongoing Durham investigation, he invoked the Fifth Amendment a slew of times (though not as many times as your average Trump man in a financial fraud deposition or even Alex Jones in an interview about an insurrection). Those questions to which he invoked his Fifth Amendment rights and those he answered mapped out an interesting territory, marking who he does know and those Alfa thought he did but that he does not.

For example, he said he had never heard of Alfa Bank before investigating the anomaly related to it. He said he had never met Jean Camp or several of the other researchers that frothers are certain he conspired with. Joffe twice said he had never met Christopher Steele and also said he “had no idea” that Sussmann met with Steele about the server allegations. He denied knowing what the contract between Georgia Tech and DARPA looked like.

Alfa made a number of mistakes — confusing a domain name with a business. Claiming he authored a paper that David Dagon had. Asking him about several emails he hadn’t been sent.

There were several claims Alfa made that Joffe’s lawyer, Steven Tyrrell, established a record were unproven assumptions on Alfa’s part, such as that Joffe got one of the white papers described in the indictment. Importantly, that includes a question about the EOP server.

Q: I was just going to ask Mr. Joffe whether or not he knows who the executive branch office of the U.S. government is?

A: I have to invoke my Fifth Amendment rights.

Mr. Tyrrell: And Margaret, if I may, just — I apologize. Just for the record, I want to be clear that — that in invoking his rights and my allowing my client to invoke his rights, that should not be interpreted as an admission that the — I mean, you’ll argue whatever it is, if you do, that the allegations, which are just allegations in the indictment, are accurate.

In addition to those curious objections, there were several things alleged in the indictment that Joffe outright denied. In several questions, Joffe challenged the meaning of an email Durham has used to suggest he anticipated, and wanted, a top cybersecurity job within a hypothetical Hillary Administration. After objecting to the form of the way the Alfa Bank’s Skadden lawyer tried to corner Joffe into answering the question, Tyrrell answered,

You know, again, our position on this is Mr. Joffe is happy to answer the question that was posed about whether he was ever offered the top cybersecurity job by the Democrats when it looked like they’d win. I think he’s answered that question.

He’s not going to answer questions about communications that he may or may not have had with other people about the topic. And as to those, he would invoke his rights under the Fifth Amendment.

Joffe answered no to three questions about whether the Clinton campaign paid him for his work on the server allegations, a false claim that Kash Patel spread.  Joffe also distinguished his concern about Donald Trump from a political desire to see him lose.

I’ve never been interested in politics. I’ve never been involved in politics. I haven’t voted for many, many years. I haven’t donated to any parties or any — or given any kind of benefit to any parties, but I certainly over the last few years have had an interest in the politics of the country that I live in.

That explanation premised two invocations of his Fifth Amendment in response to questions about Trump specifically.

In other words, Joffe’s Alfa Bank deposition on February 11 undermined several of the premises of the Durham investigation, while it identified several areas where his lawyer suggested Alfa’s assumptions were wrong (in the hearing on Laura Seago’s deposition, there was a central Alfa Bank assumption I know to be badly wrong).

Joffe’s deposition ended at 2:07PM ET on February 11.

Nine hours later, at 11:32PM, Durham submitted the belated conflicts motion — which would have been filed in September if Durham really had concerns about any conflict — and floated a number of claims about Joffe, claims that went beyond those in the indictment. Joffe is mentioned twenty times, including the following:

The defendant’s billing records reflect that the defendant repeatedly billed the Clinton Campaign for his work on the Russian Bank-1 allegations. In compiling and disseminating these allegations, the defendant and Tech Executive-1 also had met and communicated with another law partner at Law Firm-1 who was then serving as General Counsel to the Clinton Campaign (“Campaign Lawyer-1”).

The Indictment also alleges that, beginning in approximately July 2016, Tech Executive-1 had worked with the defendant, a U.S. investigative firm retained by Law Firm-1 on behalf of the Clinton Campaign, numerous cyber researchers, and employees at multiple Internet companies to assemble the purported data and white papers. In connection with these efforts, Tech Executive-1 exploited his access to non-public and/or proprietary Internet data. Tech Executive-1 also enlisted the assistance of researchers at a U.S.-based university who were receiving and analyzing large amounts of Internet data in connection with a pending federal government cybersecurity research contract. Tech Executive-1 tasked these researchers to mine Internet data to establish “an inference” and “narrative” tying then-candidate Trump to Russia. In doing so, Tech Executive-1 indicated that he was seeking to please certain “VIPs,” referring to individuals at Law Firm-1 and the Clinton Campaign.

The Government’s evidence at trial will also establish that among the Internet data Tech Executive-1 and his associates exploited was domain name system (“DNS”) Internet traffic pertaining to (i) a particular healthcare provider, (ii) Trump Tower, (iii) Donald Trump’s Central Park West apartment building, and (iv) the Executive Office of the President of the United States (“EOP”). (Tech Executive-1’s employer, Internet Company-1, had come to access and maintain dedicated servers for the EOP as part of a sensitive arrangement whereby it provided DNS resolution services to the EOP. Tech Executive-1 and his associates exploited this arrangement by mining the EOP’s DNS traffic and other data for the purpose of gathering derogatory information about Donald Trump.)

The Indictment further details that on February 9, 2017, the defendant provided an updated set of allegations – including the Russian Bank-1 data and additional allegations relating to Trump – to a second agency of the U.S. government (“Agency-2”). The Government’s evidence at trial will establish that these additional allegations relied, in part, on the purported DNS traffic that Tech Executive-1 and others had assembled pertaining to Trump Tower, Donald Trump’s New York City apartment building, the EOP, and the aforementioned healthcare provider. In his meeting with Agency-2, the defendant provided data which he claimed reflected purportedly suspicious DNS lookups by these entities of internet protocol (“IP”) addresses affiliated with a Russian mobile phone provider (“Russian Phone Provider-1”). The defendant further claimed that these lookups demonstrated that Trump and/or his associates were using supposedly rare, Russian-made wireless phones in the vicinity of the White House and other locations. The Special Counsel’s Office has identified no support for these allegations. Indeed, more complete DNS data that the Special Counsel’s Office obtained from a company that assisted Tech Executive-1 in assembling these allegations reflects that such DNS lookups were far from rare in the United States. For example, the more complete data that Tech Executive-1 and his associates gathered – but did not provide to Agency-2 – reflected that between approximately 2014 and 2017, there were a total of more than 3 million lookups of Russian Phone-Provider-1 IP addresses that originated with U.S.-based IP addresses. Fewer than 1,000 of these lookups originated with IP addresses affiliated with Trump Tower. In addition, the more complete data assembled by Tech Executive-1 and his associates reflected that DNS lookups involving the EOP and Russian Phone Provider-1 began at least as early 2014 (i.e., during the Obama administration and years before Trump took office) – another fact which the allegations omitted.

As I noted, less than a day after Durham filed that motion, the former President suggested that Joffe had been spying and should be killed. In response to the furor, Joffe’s spox later issued a statement clarifying what went on — precisely the information he had tried to plead the Fifth over.

In a statement, a spokesperson for Mr. Joffe said that “contrary to the allegations in this recent filing,” he was apolitical, did not work for any political party, and had lawful access under a contract to work with others to analyze DNS data — including from the White House — for the purpose of hunting for security breaches or threats.

After Russians hacked networks for the White House and Democrats in 2015 and 2016, it went on, the cybersecurity researchers were “deeply concerned” to find data suggesting Russian-made YotaPhones were in proximity to the Trump campaign and the White House, so “prepared a report of their findings, which was subsequently shared with the C.I.A.”

And some of the other researchers had to provide more details to push back on the frenzy (including that the data from EOP preceded Trump’s inauguration). Few outlets, though, have presented the basic innumeracy in Durham’s filing about the rarity of YotaPhones as anything but a contested issue.

And after Durham incited claims that Joffe should be killed, one week later Alfa Bank then affirmed the tie between Joffe and Tech Executive 1 by posting his deposition in their motion to get another four months to conduct their fishing expedition. That has had the effect of further inflaming the frothy right, and providing Durham sworn testimony from Joffe that he was otherwise not entitled to (including several warnings about how his case against Sussmann may be vulnerable).

In the wake of the release of the Florida filing, Joffe’s lawyers intervened in the Sussmann case and then filed a separate sealed motion to strike the (misleading) references to Joffe in the filing.

A Trump appointed judge in DC believes these efforts look like they’re being written by the same people. Whether Durham’s sources and a sanctioned Russian Bank’s sources are “colluding,” these parallel developments had the effect of depriving Joffe of his ability to fully invoke the Fifth Amendment. And with the help of a sanctioned Russian bank, it gave Durham a substantial benefit in a criminal investigation.

Timeline

January 25: Durham asks to extend discovery deadline

January 28: Durham admits that Durham was informed about the James Baker phone he claimed to forget knowing about

February 9: Michael Sussmann succeeds in staying Alfa Bank’s effort to get documents from him

February 10: Fusion GPS’ Laura Seago attempts to quash a subpoena

February 11, 9:30AM: Rodney Joffe deposition

February 11, 11:32PM: Durham files a motion purporting to be a conflicts motion that misrepresents the evidence

February 14: Sussmann asks to strike unsupported allegations in conflicts motion

February 14: Peter Fritsch deposition

February 17: Sussmann moves to dismiss the case, arguing his alleged lie would not be material

February 17: Durham claims that the close associates of the investigation that lied about what the conflicts motion said have nothing to do with the Durham team

February 18: Alfa Bank requests another extension to keep looking for John Does in FL

February 24: Rodney Joffe’s lawyers file notices of appearance in the Sussmann docket

February 25: Judge Christopher Cooper schedules a hearing on the conflicts motion for March 7

February 28: Joffe files a sealed motion to expunge the references to Tech Executive-1

March 1: Judge Cooper sets a Friday deadline for the government to respond to Joffe’s motion

March 7: Hearing scheduled to address conflicts memo

Share this entry

John Durham Accuses One of His Key Fact Witnesses — Sergei Millian’s Twitter Account — of “Misinterpret[ing] Facts”

/68 Comments/in , , /by

As I documented the other day, John Durham responded to the uproar over his conflicts filing stunt by claiming to have had nothing at all to do with the “third parties” who “overstated, understated, or otherwise misinterpreted facts contained in the Government’s Motion.”

If third parties or members of the media have overstated, understated, or otherwise misinterpreted facts contained in the Government’s Motion, that does not in any way undermine the valid reasons for the Government’s inclusion of this information.

The claim that the uproar was created by “third parties” is so obviously false it raises conflict problems for Durham himself.

Durham falsely claims those pushing lies are “third parties” to his investigation

As I laid out, one of the key perpetrators of the false claims — including the false claims (1) that Hillary paid Rodney Joffe, (2) that Joffe had “infiltrated” the White House, and (3) Joffe had done so when Trump was President — was Kash Patel, the originator of this entire line of inquiry in December 2017, and someone who for years had means to learn that those claims were false.

John Ratcliffe, whom Durham was meeting rather than interviewing Hillary staffers who could substantiate or debunk his accusations that Michael Sussmann was coordinating with the campaign, made these unsubstantiated claims in a TV appearance earlier this week:

  • There was a “Hillary Clinton campaign plan to falsely accuse Donald Trump of collusion with Russia”
  • Rodney Joffe used DNS data “for an unlawful purpose”
  • Sussmann “pitched” information “to the FBI as evidence of Trump-Russia connections that simply weren’t true and that the lawyer, Michael Sussmann, and the tech executive knew not to be true”

Donald Trump, who personally nominated John Durham as US Attorney and whose demands for criminal investigations led to Durham’s appointment as Special Counsel, asserted that his “presidency [was] spied on by operatives paid by the Hillary Clinton campaign in an effort to develop a completely fabricated connection to Russia.”

These are not “third parties.” These are:

  • The originator of the allegations against Sussmann
  • A self-described repeat Durham witness
  • The man who nominated Durham to be US Attorney and, ultimately, was his boss for almost 3 years

But there’s actually another key player in the effort to magnify Durham’s conflicts filing stunt who is even more central to Durham’s work: One of his most important “witnesses,” Sergei Millian’s twitter account.

The pipeline from online conspiracy theorists through former investigators to the former President

Yesterday, Glenn Kessler attempted to trace how the filing became a propaganda tool. The timeline he laid out looks like this (these times are ET):

11:33PM: Filing hits PACER.

12:43AM: Whispers of Dementia screencaps the filing, noting Durham claimed “Sussmann is likely to be in an “adversarial posture” against Perkins Coie.”

9:24AM: emptywheel notes that Durham is criminalizing lying to the FBI about traffic involving Trump Tower, which Trump himself did at the time.

9:25AM: Hans Mahncke links and screencaps the filing and claims,

Rodney Joffe and his buddies at Georgia Tech monitored Trump’s internet traffic *while* he was President of the United States.

9:39AM: Kessler’s gap

9:45AM: emptywheel RTs Mahncke and notes that this is about cybersecurity.

10:25AM: Techno Foggy tweets that,

DNC/Perkins Coie allies – Rodney Joffe, et al. – Joffe et al, “exploited a sensitive US govt arrangement” to gather intel on the “Executive Office of the President of the U.S.” They spied on Trump.

11:11AM: House Judiciary GOP [so a Jim Jordan staffer] RTs Foggy’s tweet, claiming:

We knew they spied. But it was worse than we thought.

11:44AM: Techno Foggy tweets out his Substack with the claim,

Clinton allies used sensitive data from the Office of the President to push false Trump/Russia claims to the CIA

Why did they risked jail to link Trump to Russia?

Maybe because the origin of their fraud was the “Russian hack” of the DNC.

2:27PM: John Ratcliffe responds to House Judiciary tweet with claim, “And now you’re finding out why…,” thereby seemingly endorsing the “spying” claim, and linking the Durham release with his own cooperation with Durham’s inquiry.

3:24PM: Mark Meadows RT’s Foggy’s tweet, claiming,

They didn’t just spy on Donald Trump’s campaign.

They spied on Donald Trump as sitting President of the United States.

It was all even worse than we thought.

5:51PM: Center for Renewing America tweets out Kash Patel statement making numerous false claims.

6:47PM: Trump’s spox tweets out his claims of spying.

This timeline is damning enough: It shows how these false claims went from “sleuths” who spend much of their time spinning Durham’s conspiracy theories, through Techno Foggy (a self-described lawyer who has for years interacted openly with lawyers like Sidney Powell and Billy Barr’s spox Kerri Kupec), to Jim Jordan’s staffer to Ratcliffe to Mark Meadows to Kash Patel to Trump. Every single one of these current and former officials have played a central role in these investigations; none is a “third party.”

Sergei Millian’s twitter account calls it spying

But there’s a very key step in Kessler’s timeline that is missing. At 9:39AM (the time shown here is Irish time) — which I’ve marked above in red — Sergei Millian’s twitter account tweeted, “They were spying on the White House, folks!!.”

This claim was before Techno Foggy made the spying claim. The first person to have made the “spying” claim in this timeline, then, was Sergei Millian’s twitter account.

In fact, the next day, Millian’s twitter account insinuated to have started all this in the first place — that the twitter account “had a direct line into the White House” via which it “told them who was working against them.”

Thanks for identifying this phone call, Sergei, because Igor Danchenko will now have cause to demand details of it in discovery, which will mean, on top of the other unprecedented discovery challenges Durham has taken on in prosecuting Danchenko, he’s now going to have to get Trump records from the Archives. Michael Sussmann, too, likely now has cause to demand those records.

The Millian twitter account RT of Mahncke to belatedly explain the spying claim makes it clear it is an active participant in the “Sleuths Corner” that drives many of the false claims about Durham. In fact the Millian twitter account even advertises it on the twitter account.

Durham says his key witness “misrepresented the facts”

This all amounts to Durham himself discrediting one of his witnesses, perhaps fatally.

As I have noted, when John Durham charged Igor Danchenko with four counts of lying about believing that he had spoken to Sergei Millian back in July 2016, Durham didn’t actually claim to have obtained testimony from the human being named Sergei Millian. Durham did not appear to have required that Millian show up and make statements for which he could be legally held accountable.

Instead, Durham presented an unverified twitter account to the grand jury and based on that, claimed “Chamber President-1 has claimed in public statements and on social media that he never responded to DANCHEKNO’s [sic] emails, and that he and DANCHENKO never met or communicated.”

I refer to this entity as “Sergei Millian’s twitter account” to emphasize that there is not a scrap of evidence in the public record showing that Durham did anything to confirm that Millian, the person, even operates it exclusively. While I have no reason to doubt that he does, from a legal standpoint, Durham is at least publicly relying on nothing but an unverified account, something journalists have been loathe to do for years with Millian.

And this claim attributed to an unverified twitter account is a very important piece of evidence. There’s nothing else in the public record that shows Durham affirmatively ruled out that Danchenko and Millian really did have a phone call.

When I first realized how reckless that was, I though it impossible for Durham to have been that negligent. But we’ve since learned that he accused Sussmann of coordinating with Hillary’s staffers without ever first interviewing a single full-time staffer. So perhaps it is, in fact, true that Durham charged a man based off the unsubstantiated claims of a twitter account.

Danchenko appears to have obtained a pre-trial subpoena on February 8; I have wondered whether it was for the Millian twitter account. If so, the subpoena might well obtain the traffic of what has happened in recent days.

As it stands, though, Durham makes no claim to have anything else.

Just that twitter account.

And that twitter account is part of a pipeline that took Durham’s filing and made egregiously false claims about it. Durham is now on the record claiming that that twitter account “misinterpreted the facts.” But Danchenko will have good reason — and abundant proof, given the details of last week’s little propaganda explosion — to argue that Sergei Millian’s twitter account is willing to make false claims to create a scandal around the Durham investigation.

That shreds the credibility of the only claimed “witness” that the call never happened.

Share this entry

Durham Says It’s Not His Fault His Former Boss Called for the Death of His Defendant

/83 Comments/in , /by

John Durham didn’t have much to say after being called out for making baseless accusations that their source Kash Patel lied about, leading the former President to suggest Michael Sussmann should be killed.

They’re not responsible for the death threats, the attorney who filed a notice of appearance in the wake of Friday’s stunt, Brittain Shaw, insists.

If third parties or members of the media have overstated, understated, or otherwise misinterpreted facts contained in the Government’s Motion, that does not in any way undermine the valid reasons for the Government’s inclusion of this information.

She said this even while acknowledging it might be prudent to take measures against death threats in the future.

That said, to the extent the Government’s future filings contain information that legitimately gives rise to privacy issues or other concerns that might overcome the presumption of public access to judicial documents – such as the disclosure of witness identities, the safety of individuals, or ongoing law enforcement or national security concerns – the Government will make such filings under seal. United States v. Hubbard, 650 F. 2d 293, 317-323 (D.C. Cir. 1980) (setting forth factors for considering whether the presumption of public access is overridden, including (1) the need for public access to the documents at issue; (2) the extent of previous public access to the documents; (3) the fact that someone has objected to disclosure, and the identity of that person; (4) the strength of any property and privacy interests asserted; (5) the possibility of prejudice to those opposing disclosure; and (6) the purposes for which the documents were introduced during the judicial proceedings.) The Government respectfully submits that no such issues or concerns are implicated here. [my emphasis]

The former President implied the defendant and a witness should be killed. But it’s not Durham’s fault and so he doesn’t have to deal with the fact that it happened!!

This is factually specious. Kash Patel, who was among the first to make egregiously false claims, is not a “third party.” He is the originator of this inquiry, and he knew well his statements to be false. Donald Trump, who suggested Sussmann and others should be killed, is not a “third party.” He was Durham’s boss and his demands for prosecutions are what led to Durham being appointed Special Counsel in the first place.

Plus, Durham’s team have already made the identities of some grand jury witnesses public in discovery filings.

The claim that the architects of this mob are neutral “third parties” is all the more pathetic given the excuse Shaw provides for including the false insinuation that Rodney Joffe spied on Trump’s White House rather than tried to keep the White House safe from hackers at the time it happened to be occupied by Barack Obama.

The reason they mentioned the White House, you see (Shaw claims), is because of one of the conflicts they raised.

The Government included two paragraphs of limited additional factual detail in its Motion for valid and straightforward reasons. First, those paragraphs reflect conduct that is intertwined with, and part of, events that are central to proving the defendant’s alleged criminal conduct. Second, the Government included these paragraphs to apprise the Court of the factual basis for one of the potential conflicts described in the Government’s Motion, namely, that a member of the defense team was working for the Executive Office of the President of the United States (“EOP”) during relevant events that involved the EOP. [my emphasis]

Shaw here argues that events in February 2017 are “intertwined” with an alleged crime that took place five months earlier.

She also suggests that the reason they raised the White House is because one of Sussmann’s team members worked there (Charlie Savage has now IDed the lawyer as Michael Bosworth).

I mean, so did Kash Patel, a central player in the false claims that led to the former President calling for death.

Here’s what the actual conflict memo said about that purported conflict.

Based on its review of documents in its investigation and other information, the Special Counsel’s Office also has learned that one of the members of the defendant’s current defense team (“Defense Team Member-1”) previously worked as Special Counsel to the then-FBI Director from 2013 to 2014. In connection with that work, Defense Team Member-1 developed professional and/or personal relationships with several individuals who later were involved with and/or knowledgeable of the FBI’s investigation of the Russian Bank-1 allegations. For example, Defense Team Member-1 appears to have developed a professional relationship with the former FBI General Counsel to whom the defendant made his alleged false statement and who will likely be a central witness at trial.4 While it is unlikely that these past interactions and activities will give rise to an actual conflict of interest, the Government respectfully requests in an abundance of caution that the Court inquire with the defense concerning whether Defense Team Member-1’s relationships with persons and entities who might be witnesses in this case could give rise to a potential conflict or appearance issue and, if so, whether the defendant waives any such conflict.

4 Following his employment at the FBI, Defense Team Member-1 worked from 2014 to early 2017 as an attorney in the EOP which, as noted above, was involved in certain factual issues that the Government expects will be relevant at trial and any sentencing proceedings. Latham has represented to the Government that while employed at the EOP, Defense Team Member-1 had no role in the aforementioned events or arrangements involving Tech Executive-1, Internet Company1, and/or allegations involving the purported use of Russian-made phones. The Government similarly has not seen evidence to suggest that Defense Team Member-1 had any role in, or direct knowledge of, the Russian Bank-1 allegations or the FBI’s ensuing investigation. [my emphasis]

It’s the tie to Jim Comey and through him to James Baker, not the subsequent job at the White House, that Durham’s team presented as a potential conflict — and even then, Durham’s team admits this is not likely a conflict. By this standard, several members of the prosecutorial team, not to mention the guy from whom this allegation came from, Kash Patel, have a conflict. John Durham was hired by Donald Trump; that’s a more serious conflict than anything his team spins up as one.

The White House will not be called to the stand at Sussmann’s trial. None of this is actually about the White House. As Andrew DeFilippis noted in his filing making wild claims of conflict, the White House job was not one of those conflicts. Indeed, this is yet another marker of Durham’s dishonesty. This team member, as described, was a victim of Rodney Joffe’s purportedly vicious efforts to make sure the Obama White House was not hacked. The team member only has an adversarial relationship if one believes that protecting against hacks is an adversarial stance. But that’s not how they describe the purported conflict which even they admit is not one.

Which is a pretty big hint their understanding of conflicts here is whacked beyond all reason.

Even in a terse four page motion (which I guess is one way she’s an improvement over DeFilippis), Shaw still had room for bullshit.

Having given a transparently bogus excuse for raising the White House, she then says that raising it in a conflict memo is cool because Durham plans to later raise these issues in a motion in limine (pre-trial motions about what can and cannot be presented during the trial).

In light of the above, there is no basis to strike any portion of the Government’s Motion. Indeed, the Government intends to file motions in limine in which it will further discuss these and other pertinent facts to explain why they constitute relevant and admissible evidence at trial. Pursuant to caselaw and common practice in this and other districts, the filing of documents containing reference to such evidence on the public docket is appropriate and proper, even in highprofile cases where the potential exists that such facts could garner media attention. See, e.g., United States v. Stone, 19 Cr. 18 (D.D.C. October 21, 2019) (ABJ), Minute Order (addressing the Government’s publicly-filed motion in limine seeking to admit video clip from the movie “Godfather II” that defendant sent to an associate and permitting admission of a transcript of the video); United States v. Craig, 19 Cr. 125 (D.D.C. July 10, 2019) (ABJ), Minute Order (addressing Government’s publicly-filed Rule 404(b) motion to offer evidence of defendant’s efforts to assist Paul Manafort’s relative in obtaining employment); United States v. Martoma, S1 12 Cr. 973, 2014 WL 164181 (S.D.N.Y. January 9, 2014) (denying defendant’s motion for sealing and courtroom closure relating to motions in limine concerning evidence of defendant’s expulsion from law school and forgery of law school transcript);1 see also Johnson v. Greater SE Cmty. Hosp. Corp., 951 F. 2d 1268, 1277 (D.C. Cir. 1991) (holding that there is a “strong presumption in favor of public access to judicial proceedings”). Moreover, any potential prejudice or jury taint arising from such media attention can effectively and appropriately be addressed through the voir dire process during jury selection.

1 The publicly-filed evidentiary motions and judicial rulings in each of the above-cited cases received significant media attention. See, e.g., Prosecutors Can’t Show Godfather II Clip at Roger Stone Trial, Judge Rules, CNN, October 21, 2019 (https://www.cnn.com/2019/10/21/politics/godfather-ii-roger-stone/index.html; Greg Craig Pushed to Hire Manfort’s Relative at Skadden, Prosecutors Say, POLITICO, May 10, 2019 (https://www.politico.com/story/2019/05/10/greg-craig-hire-manaforts-relative-1317600); SAC’s Martoma Tried to Cover Up Fraud at Harvard, Documents Show, REUTERS, January 9, 2014 (https://www.reuters.com/article/us-sac-martoma-harvard/sacs-martoma-tried-to-cover-up-fraudat-harvard-documents-show-idUSBREA081C720140109).

Roger Stone Roger Stone Roger Stone and Mueller, she throws in for good measure.

This is a fairly bald admission that the time to raise these issues, pretending they were relevant, would be the later 404(b) fight (over whether evidence of related conduct can be admitted at trial to help prove the case), not now, on a totally separate issue. That this might be a relevant issue later (which is itself admission that these topics are not direct evidence about Sussmann’s alleged lie and must first demonstrate relevance to even be admitted at trial) is not an excuse to use them in untimely and off-purpose fashion.

And yet that’s Durham’s excuse for saying a bunch of things that predictably led to calls for death.

According to John Durham’s logic of conflicts, he is the one with an unwaivable conflict. The guy who hired him to this job is the same guy suggesting, based off Durham’s filing, that the guy he is prosecuting should be executed.

Updated for clarity.

Update: Corrected Bosworth’s last name.

Share this entry

Donald Trump Suggested Michael Sussmann Should Be Killed because Rodney Joffe “Spied” on Barack Obama

/44 Comments/in , /by

Michael Sussmann has filed his response to John Durham’s transparent attempt to inflame the frothers. In it, he notes what I did: Durham used an unrelated filing (one that, Sussmann’s filing noted, had already been addressed between the parties) to make claims that were not charged.

Importantly, he notes that Durham misrepresented the dates of the anomalous data found at the Executive Office of the Presidency that Sussmann presented at a February 9, 2017 meeting with the CIA. The data predates the Donald Trump inauguration.

In his Motion, the Special Counsel included approximately three pages of purported “Factual Background.” See Dkt. No. 35 at 2–5. Approximately half of this Factual Background provocatively—and misleadingly1 —describes for the first time Domain Name System (“DNS”) traffic potentially associated with former President Donald Trump, including data at the Executive Office of the President (“EOP”), that was allegedly presented to Agency-2 in February 2017. See id. at 3–4. These allegations were not included in the Indictment; these allegations post-date the single false statement that was charged in the Indictment; and these allegations were not necessary to identify any of the potential conflicts of interest with which the Motion is putatively concerned. Why then include them? The question answers itself.

1 For example, although the Special Counsel implies that in Mr. Sussmann’s February 9, 2017 meeting, he provided Agency-2 with EOP data from after Mr. Trump took office, the Special Counsel is well aware that the data provided to Agency-2 pertained only to the period of time before Mr. Trump took office, when Barack Obama was President. Further—and contrary to the Special Counsel’s alleged theory that Mr. Sussmann was acting in concert with the Clinton Campaign—the Motion conveniently overlooks the fact that Mr. Sussmann’s meeting with Agency-2 happened well after the 2016 presidential election, at a time when the Clinton Campaign had effectively ceased to exist. Unsurprisingly, the Motion also omits any mention of the fact that Mr. Sussmann never billed the Clinton Campaign for the work associated with the February 9, 2017 meeting, nor could he have (because there was no Clinton Campaign). [my emphasis]

Not only must Durham know the true dates of the data involved but so — as I’ve noted — must Kash Patel, who has known about this issue for four years. That means Patel insinuated that Hillary’s associates hacked Trump, knowing full well the claim was false.

And it led the former President to claim that those involved should be killed.

Sussmann has asked Judge Christopher Cooper to strike the improper language from the motion.

He has also provided yet more evidence that Durham didn’t take basic investigative steps necessary to vet the allegations he made in the indictment before actually indicting Sussmann. Durham didn’t interview any Clinton Campaign staffer to find out whether Sussmann coordinated with the campaign until after the indictment.

[T]he Special Counsel has been investigating for years, and some of the Special Counsel’s “ongoing” investigation seems to be work that should have been completed before indicting Mr. Sussmann. For example, the Special Counsel has alleged that Mr. Sussmann met with the FBI on behalf of the Clinton Campaign, but it was not until November 2021—two months after Mr. Sussmann was indicted—that the Special Counsel bothered to interview any individual who worked full-time for that Campaign to determine if that allegation was true. It is not.

As I noted earlier, Durham had to admit that he had no basis to substantiate claims of coordination with the Hillary Campaign in a filing last year. But that was October. It was not until after he had to confess he had overblown that claim in the indictment that Durham first interviewed a Hillary staffer.

In his filing, Sussmann makes it clear he intends to move to dismiss the indictment.

In addition, Mr. Sussmann reserves all rights to submit appropriate motions and seek appropriate relief concerning this conduct should the Indictment not be dismissed and should the case proceed to trial, including by seeking extensive voir dire about potential jurors’ exposure to prejudicial media resulting from the Special Counsel’s irresponsible actions.

If he keeps to the original filing deadline, that motion will be submitted this Friday. While not normally a basis to dismiss an indictment, Sussmann will be able to present entire swaths of proof that Durham didn’t take basic investigative steps before accusing Sussmann of things that turned out not to be true.

And now he’ll be able to point back to this filing to show that Durham misrepresented basic facts that might get someone killed.

Update: I managed a whole appearance on MSNBC without potty mouth.

Share this entry

John Durham, Ask Not for Whom the Statute of Limitation Tolls …

/109 Comments/in , /by

As he did with Igor Danchenko, John Durham has raised a potential conflict as a way to air his conspiracy theories so he can jack up the frothy right. In this case, he describes an uncharged meeting at which Michael Sussmann, who no longer had anything to do with the DNC, shared an updated version of the Alfa Bank allegations with the CIA on February 9, 2017.

The Indictment further details that on February 9, 2017, the defendant provided an updated set of allegations – including the Russian Bank-1 data and additional allegations relating to Trump – to a second agency of the U.S. government (“Agency-2”). The Government’s evidence at trial will establish that these additional allegations relied, in part, on the purported DNS traffic that Tech Executive-1 and others had assembled pertaining to Trump Tower, Donald Trump’s New York City apartment building, the EOP, and the aforementioned healthcare provider. In his meeting with Agency-2, the defendant provided data which he claimed reflected purportedly suspicious DNS lookups by these entities of internet protocol (“IP”) addresses affiliated with a Russian mobile phone provider (“Russian Phone Provider-1”). The defendant further claimed that these lookups demonstrated that Trump and/or his associates were using supposedly rare, Russian-made wireless phones in the vicinity of the White House and other locations. The Special Counsel’s Office has identified no support for these allegations. Indeed, more complete DNS data that the Special Counsel’s Office obtained from a company that assisted Tech Executive-1 in assembling these allegations reflects that such DNS lookups were far from rare in the United States. For example, the more complete data that Tech Executive-1 and his associates gathered – but did not provide to Agency-2 – reflected that between approximately 2014 and 2017, there were a total of more than 3 million lookups of Russian Phone-Provider-1 IP addresses that originated with U.S.-based IP addresses. Fewer than 1,000 of these lookups originated with IP addresses affiliated with Trump Tower. In addition, the more complete data assembled by Tech Executive-1 and his associates reflected that DNS lookups involving the EOP and Russian Phone Provider-1 began at least as early 2014 (i.e., during the Obama administration and years before Trump took office) – another fact which the allegations omitted.

The frothy right is very excited that, among the data that someone heavily involved in cybersecurity like Rodney Joffe would have ready access to, was data that included the White House. They seem less interested that, to disprove the allegations Sussmann presented, Durham effectively (in their frothy minds) conducted the same “spying” on EOP networks of President Obama that Durham insinuates Joffe did of Trump.

Remember: This meeting is not charged. It’s not clear such a meeting with the CIA could be charged. Durham presents zero evidence Sussmann knows anything about the comparative value of this data, either.

That’ll become important in a bit.

The conflicts Durham raises to justify this filing are a bit more interesting than the ones he raised with Danchenko. Latham Watkins used to represent Perkins Coie and Marc Elias in this matter, now they represent just Sussmann, and Elias will be asked to testify about instructions Sussmann got about billing records in his representation of the DNC. Latham represented the DNC. Latham represented Sussmann in December 2017 House Intelligence testimony that significantly undermines Durham’s indictment (and shows that the allegations at the core of this indictment originally came from Kash Patel, who by the time of trial may be charged for his participation in helping Trump attempt a coup). Latham also provided Perkins Coie advice regarding a PR statement that, Durham admits, he’s not been able to pierce the privilege of and he knows those who made the statement had no knowledge that could implicate the statement in a conspiracy. Somebody on Sussmann’s team used to work at the FBI and then worked for the White House. Those are the conflicts — more substantive than the ones Durham raised about Danchenko, but probably nothing that problematic.

Which makes the relative timing of this filing all the more interesting.

With Danchenko, Durham raised the potential conflict, first, at a status hearing less than two weeks after Stuart Sears filed a notice of appearance for Danchenko, and then again, in a filing two weeks after Sears filed, for a less pressing imagined conflict involving different lawyers in Sears’ firm.

With Sussmann, Durham waited for almost five months after indicting Sussmann to raise the conflict, even though all but one element of the imagined conflict would have been immediately apparent to Durham, not least that Latham had previously represented Elias.

That doesn’t seem to reflect any real burning concern about this conflict.

But, as noted, it did give Durham an excuse to float previously unreleased information that may not even come in at trial, given that it’ll have to be presented as 404(b) evidence and it, in fact, as presented, undermines the claim that Sussmann was hiding his ties to Hillary from the Federal government.

If the information doesn’t come in at trial, this may be Durham’s only chance to jack up the frothy right with it.

And that’s interesting because of the date of that CIA meeting: February 9, 2017, five years and two days before Durham filed this belated notice of a conflict.

As I keep noting, Durham is obviously trying to pull his fevered conspiracy theories into an actual charged conspiracy, one tying together the DNC, Fusion GPS, Christopher Steele, and Hillary herself. If he succeeds, these flimsy charges (against both Sussmann and Danchenko) become stronger, but if he doesn’t, he’s going to have a harder time proving motive and materiality at trial.

After charging Sussmann on almost the last possible date before the statute of limitations expired for his claimed lie to the FBI, though, Durham would need something on which to hang a continuing conspiracy to be able to charge the others. One of those events could have been the PR statement issued in 2018, which Durham says is inaccurate.

Privilege logs and redacted emails obtained from Law Firm-1 in this investigation reflect that in the days before the issuance of these statements, Latham attorneys sent, received, and/or were copied on correspondence relating to the drafting and dissemination of the statements. (Much of the substance of those emails was redacted and withheld from the Special Counsel’s Office pursuant to Law Firm-1’s assertion of attorney-client privilege and attorney work product protections). Because the defendant was aware of and/or reviewed these media statements, the Government may seek to offer them as evidence pursuant to Rule 404(b) or other provisions of law to establish that the defendant sought to conceal the Clinton Campaign’s ties to the Russian Bank-1 allegations from the FBI and others.3

3 According to counsel for Law Firm-1, the attorneys at Law Firm-1 and Latham who participated in drafting and/or reviewing these statements were unaware at the time that the defendant had billed work on the Russian Bank-1 allegations to the Clinton Campaign.

Except, as laid out here, none of the Perkins Coie people involved in writing the statement knew how Sussmann had billed his time. And Durham hasn’t found a reason to otherwise pierce the privilege claims that went into the drafting of the statement.

So that’s probably not going to work to establish his continuing conspiracy.

The other event on which Durham might have hung a continuing conspiracy was that February 9 meeting. It involved updated work from Joffe, after all. And Durham claims Sussmann again deliberately hid who his client was rather than (as he now knows Sussmann did for tips from Jofffe that had nothing to do with Donald Trump) just shared a tip anonymously.

But instead of rolling out what Sussmann presented in that February 9 meeting five years and two days ago in a conspiracy indictment, Durham instead packaged it up in a filing pertaining to a potential conflict. This February 9 meeting, it appears, won’t be the hook on which Durham gets to charge a conspiracy.

I’m not saying that Durham won’t be able to pull together his grand conspiracy. He might next point to testimony in Congress (possibly Glenn Simpson’s) to claim that there was some grand cover-up of what he imagines was an attempt to smear Donald Trump. Except, as this filing admits, Sussmann’s sworn testimony to the House Intelligence Committee shows that when asked — by future coup investigative subject Kash Patel — Sussmann testified consistently with sharing this information on behalf of Joffe, which is what Sussmann’s currently operative story remains. Durham did suggest he thinks he can show Sussmannn misled members of Congress because he claims it was, “knowingly and intentionally misleading insofar as it failed to disclose that the defendant billed work on the Russian Bank-1 allegations to the Clinton Campaign,” except (as with the alleged lie more generally) that’s not what he was asked about.

By all means, John Durham, make Kash Patel a witness at your trial. Give Sussmann an opportunity to ask how Kash came to learn of this meeting in the first place, to say nothing about whether Kash has recently been involved in efforts to overthrow the US government.

Whatever Durham hopes to use to sustain the claim of a continuing conspiracy, this filing seems to concede that the lies Durham claims Sussmann told in that meeting that took place five years and a few days ago will not be charged.

Ask not for whom the statute of limitations toll, John Durham. They toll for you.

Share this entry

John Durham Had No Idea Michael Sussmann Provided Another Anonymous Tip on Behalf of Rodney Joffe

/42 Comments/in , /by

John Durham’s team has submitted a filing asking for an extension on its discovery deadlines in the Michael Sussmann case.

It’s interesting as a relief map of the conspiracy theory-oops-I-mean-charge that Durham is still pursuing in this case, made visible by the witnesses implicated whom Durham has yet to interview and by his repeated explanation that this is an ongoing investigation.

It’s also interesting because I can see clear gaps, gaps he may be trying to cover up by boasting of everything he has turned over. I’ll probably return to the gaps after his deadlines have passed.

Perhaps the most interesting disclosure is that Durham had no fucking clue that Sussmann provided a different anonymous tip to DOJ on behalf of Rodney Joffe, one of similar substance to this one. Sussmann alerted DOJ’s Inspector General that one of its employees was connecting to a foreign VPN, the same kind of meticulous forensic detail that Sussmann reported to the FBI regarding Alfa Bank.

On December 17, 2021, the OIG also provided to the prosecution team a written forensic report concerning a particular cyber-related matter that the defendant brought to the OIG’s attention in early 2017 on behalf of an anonymous client. In particular, the report reflects that in early 2017, the defendant reported to an OIG Special Agent in Charge that one of the defendant’s clients had observed that a specific OIG employee’s computer was “seen publicly” in “Internet traffic” and was connecting to a Virtual Private Network in a foreign country. At the time the OIG provided this forensic report to the Special Counsel in December 2021, the OIG represented to the prosecution team that it had “no other file[] or other documentation” relating to this cyber matter. The Government provided the report to the defense on December 23, 2021. Subsequent to this disclosure to the defense, the Special Counsel team has become aware of additional potentially discoverable materials in the OIG’s possession:

i. First, in a discovery call with the prosecution team on January 20, 2021 [sic], defense counsel informed the Government that the defendant met personally with the DOJ Inspector General in March 2017 when conveying the aforementioned cyber issue to the OIG. The defense further stated that the defendant’s client in that matter was Tech Executive-1, the same individual on whose behalf the Indictment alleges the defendant also met with the FBI in September 2016. Upon learning this information, the prosecution team promptly made further inquiries of the OIG. On the next day, January 21, 2021 [sic], the OIG informed the Special Counsel for the first time that the defendant in fact met in March 2017 with the Inspector General and his then-General Counsel concerning the above-described cyber matter. The OIG had not previously informed the Special Counsel’s Office of this meeting with the defendant. Over the past few days, including over this last weekend, the OIG has been gathering and providing further documentation and information relating to that meeting to the Special Counsel’s Office. Given the meeting’s potential relevance to the charges at hand, the Special Counsel’s Office will work expeditiously with the OIG to conduct interviews and to collect and disclose any further discoverable materials to the defense.

This is just one of three things that Durham’s team admits they’ve learned “for the first time” from Michael Horowitz’s office. But that — and other details in this filing — make it clear they’ve been blithely going along with their investigation without checking on the work that Horowitz did, to which this prosecution was supposed to be derivative. If the same is true of the Igor Danchenko case, Durham will have even bigger problems to deal with.

But this disclosure is far more damning than Durham lets on. That’s because he had already searched for everything he thought was discoverable. He had looked everywhere for discussions of Michael Sussmann within DOJ and FBI.

And he still had no idea, until four months after he indicted Sussmann for sharing a tip from Rodney Joffe about weird forensic data, that Sussmann had shared another tip about weird forensic data from Rodney Joffe during the same period under investigation.

Oh, by the way, Sussmann is also squeezing Durham for all the evidence that when FBI obtains anonymous tips it doesn’t track things like which Democratic lawyer reports them. <<wink>>

Durham has been so far down his little conspiracy rabbit hole he hasn’t looked around to understand what the norm is for Sussmann and Joffe.

Particularly given how the clock is ticking on his efforts to charge a larger conspiracy, without which this case is far weaker, it doesn’t bode well for Durham’s chances.

Update: I should add two things. First, Durham’s request to extend discovery until March would put that after Sussmann’s deadline for motions to dismiss, which is currently February 18. I have a sense that Sussmann wants this stuff before he writes that.

In addition, something else that Durham only discovered months after he indicted this case is that DOJ IG was sitting on two phones from James Baker, the sole witness to Sussmann’s alleged lie.

Second, in early January 2022, the Special Counsel’s Office learned for the first time that the OIG currently possesses two FBI cellphones of the former FBI General Counsel to whom the defendant made his alleged false statement, along with forensic reports analyzing those cellphones. Since learning of the OIG’s possession of these cellphones, the Government has been working diligently to review their contents for discoverable materials. The Government expects to make those materials available to the defense later this week.

It’s never a good sign to discover devices from the single witness four months after you’ve indicted the case.

Share this entry

Hot and Cold Running John Durham Conspiracy Conspiracies

/31 Comments/in , , /by

I’d like to congratulate Assistant [Durham] Special Counsel Michael Keilty. In what is close to a first from Durham’s team, he submitted a filing without obvious glaring errors (like the Criminal Information for Kevin Clinesmith that revealed the Durham team didn’t even know for what crime Carter Page had been investigated or their persistent cut-and-paste errors).

The filing is a motion for miscellaneous relief, asking Judge Anthony Trenga to require Igor Danchenko to waive any conflict he might have because his new defense attorneys, Danny Onorato and Stuart Sears, are at the same firm as (according to Josh Gerstein) Robert Trout, who is representing, “the 2016 “Hillary for America” presidential campaign (the “Clinton Campaign”), as well as multiple former employees of that campaign, in matters before the Special Counsel.”

The filing is entirely reasonable.

It simply asks that Judge Trenga inquire into the conflict presented by partners from the same firm representing multiple investigative Durham subjects and ensure that if Danchenko chooses to continue with Onorato and Sears as his attorneys, he does so waiving any potential conflict down the road.

Notwithstanding the potential conflicts involved, the government believes that this potential conflict is waivable, should the defendant so choose, assuming a knowing, intelligent and voluntary waiver is executed.

Based on the foregoing, the government respectfully requests that Court inquire into the conflict issues set forth herein.

It’s how Keilty gets there — as well as the Durham’s team uneven treatment of the connectivity of their investigation — that I find interesting. Remember: The Clinton campaign is referenced in Michael Sussmann’s indictment, though Durham already had to confess that the indictment overstated Sussmann’s contacts with members of the campaign.

But Durham’s effort to implicate the Hillary campaign in Danchenko’s actions is more of a stretch, going through Charles Dolan and entailing treating Hillary as a more dangerous adversary than Russian intelligence.

Again, the Paul Manafort report may be the most provably correct report in the entire dossier. Claiming (correctly) that Manafort was ousted not just because of his corrupt ties in Ukraine — a claim that Republicans have spent five years claiming was just a propaganda campaign launched by Democrats — but also because others wanted him out actually undercuts the story that has always claimed to be the most useful to Democrats. The report on Embassy staff changes was, Durham suggests, based directly off quotes Dolan got from the staffer in question; indeed, Durham points to the accuracy of those quotations to prove the report came from Dolan. There was a flourish added — that the person in question was untainted by involvement with the Russian election operation — which Danchenko disclaims, but there’s no evidence the flourish comes from Dolan (or even Danchenko — it’s the kind of thing Steele seems to have added). In other words, assuming Dolan was the source for the things Durham claims he was, Dolan seems to have been the most accurate source for the dossier.

There was an unbelievable amount of shit in the dossier and it would be useful if there were an accounting of how that happened (which Durham is not doing here). The Danchenko-to-Steele reporting process (which, contrary to Durham’s claims, Danchenko candidly laid out in his first interviews with the FBI) was one source of the problems with the dossier. But at least as much of the shit seems to come from Danchenko’s sources, several of whom had ties to Russian intelligence and who may have been deliberately injecting disinformation into the process. Instead of focusing on that — on Russians who may have been deliberately feeding lies into the process — Durham instead focuses on Dolan, not because Durham claims he wittingly shared bad information to harm Trump (his one lie served to boost an accurate story that went against the grain of the Democrats’ preferred narrative), but because as a Democrat he — not Russian spies — is being treated by Durham as an adversary.

Plus, at least as alleged in the Danchenko indictment, there’s no firsthand Hillary witness necessary to Danchenko’s conviction. The witnesses to Danchenko’s five alleged lies are all FBI personnel. The evidence against Danchenko regarding the four claimed lies about Sergei Millian involve Danchenko’s own emails and — !!! — the hearsay Twitter account of someone once and possibly still suspected of being a Russian agent. Dolan’s testimony about what he and Danchenko discussed six years ago at the Moscow Ritz will undoubtedly be of interest to the jury and still more interest to the frothy right, but not only is that not necessary to prove the single count claiming Danchenko lied about Dolan’s role in all this, it falls short of proof that Danchenko didn’t go from that lunch to speak to personnel at the Ritz himself.

Even though no one with a paid gig on the Hillary campaign is needed (or even, at least as charged, conceivably useful) as a witness against Danchenko, here’s how Keilty lays out the potential conflict.

As discussed above, the Clinton Campaign, through Law Firm-1 and U.S. Investigative Firm-1, commissioned and financed the Company Reports in an attempt to gather and disseminate derogatory information about Donald Trump. To that end, U.K. Person-1 relied primarily on the defendant to collect the information that ultimately formed the core of the allegations contained in the Company Reports. The Indictment alleges that certain statements that the defendant made to the FBI about information contained in the Company Reports, were knowingly and intentionally false. Thus, the interests of the Clinton Campaign and the defendant could potentially diverge in connection with any plea discussions, pre-trial proceedings, hearings, trial, and sentencing proceedings. Areas of inquiry that may become relevant to defense counsel’s representation of the defendant, and which also may become issues at trial or sentencing, include topics such as (1) the Clinton Campaign’s knowledge or lack of knowledge concerning the veracity of information in the Company Reports sourced by the defendant, (2) the Clinton Campaign’s awareness or lack of awareness of the defendant’s collection methods and sub-sources, (3) meetings or communications between and among the Clinton Campaign, U.S. Investigative Firm-1, and/or U.K. Person-1 regarding or involving the defendant, (4) the defendant’s knowledge or lack of knowledge regarding the Clinton Campaign’s role in and activities surrounding the Company Reports, and (5) the extent to which the Clinton Campaign and/or its representatives directed, solicited, or controlled the defendant’s activities. On each of these issues, the interests of the Clinton Campaign and the defendant might diverge. For example, the Clinton Campaign and the defendant each might have an incentive to shift blame and/or responsibility to the other party for any allegedly false information that was contained within the Company Reports and/or provided to the FBI. Moreover, it is possible that one of these parties might also seek to advance claims that they were harmed or defrauded by the other’s actions, statements, or representations. In addition, in the event that one or more former representatives of the Clinton Campaign (who are represented by defense counsel’s firm) are called to testify at any trial or other court proceeding, the defendant and any such witness would be represented by the same law firm, resulting in a potential conflict. Finally, it is also likely that defense counsel’s firm already has obtained privileged information from the Clinton Campaign regarding matters involving or relating to the defendant, the Company Reports, and the conduct alleged in the Indictment.

Some of this is the kind of fevered conspiracy theorizing that has fueled Durham for 950 days so far and sustains the Durham presumption that Hillary Clinton is a greater adversary to the United States than Russian intelligence operatives. None of it is contained within the existing indictment. It doesn’t envision as a possibility that this was all a clusterfuck better suited to a child’s game of telephone than the conspiracy Durham needs it to be. It also seems to forget that even if Danchenko lied to Christopher Steele, that would not amount to fraud on the Hillary campaign.

But it is a road map to what Durham is planning: an attempt to sic various participants in the 2016 efforts against each other such that they start entering cooperation agreements in which they spin up the grand conspiracy Durham is certain exists. It’s certainly sound prosecutorial strategy for Keilty to alert Judge Trenga that down the road they seek to pit all the subjects of their investigation against each other such that down the road, people who have never been alleged to have interacted with Danchenko personally might one day testify against him, all to support the claim that the Hillary campaign engaged in a conspiracy to defraud the FBI, DOJ, and DARPA funders.

But it raises questions about something that happened in the other active prosecution of the Durham investigation, Michael Sussmann’s. Based on court filings and what was said at a December 8 hearing in the Sussmann case, Durham has the following evidence about what Sussmann did or did not say:

  • A report written by Durham investigators, probably in conjunction with a 2017 leak investigation, in which “Durham or someone on his team questioned James Baker’s credibility.”
  • An October 3, 2018 Baker interview that conflicts with the indictment.
  • An October 18, 2018 Baker interview that conflicts with the indictment.
  • A July 15, 2019 Baker interview that conflicts with the indictment.
  • The first Durham interview with Baker on this subject, in June 2020, that conflicts with the indictment.
  • Three more Durham interviews with Baker on this subject that align with the indictment.
  • Grand jury testimony that must align with the indictment, but which had not been released to Sussmann’s cleared lawyers before the December 8 hearing.
  • Hearsay testimony from Bill Priestap that generally aligns with the indictment.
  • Hearsay testimony from another FBI witness that differs in some respects from Priestap’s and may or may not align with the indictment.
  • Testimony from two CIA witnesses at a different meeting that may or may not align with the indictment.
  • A report based on notes that have been destroyed, the final version of which differs somewhat from the indictment and may or may not align with it.
  • A draft (there seems to be some disagreement whether it is a memorandum to the file or emails) of that CIA report that reflects Sussmann mentioning a client — which therefore dramatically undermines the indictment.
  • At least one 302 reflecting an interview with Baker about another aspect of the Durham investigation.

Had Mueller believed it ethical to charge someone with evidence this contradictory — and I’m really not exaggerating when I say this — he had the goods to charge Trump with agreeing to give Russia sanctions relief in exchange for an impossibly lucrative real estate deal in Moscow. He could have charged Paul Manafort with trading $19 million in debt relief for the campaign strategy and help carving up Ukraine. He could have charged Roger Stone — and through him, Donald Trump — with entering into cooperation with the Russian hacking team before they spent September hacking Hillary’s analytics, for a still unexplained purpose.

This list of conflicting evidence that Durham has is a testament to the recklessness with which he has decided to pursue his own feverish conspiracy theories. It doesn’t mean he won’t get there. He might! It means he’s engaging in extraordinary conduct to get there.

It’s the last bullet I find particularly interesting. In the December 8 hearing, AUSA Andrew DeFilippis explained, “We did a meeting w/Mr. Baker in which we did not touch on charged conduct. We did not produce to defense.” That is, they’re withholding at least one 302 of a Durham interview in this investigation with Baker. Judge Christopher Cooper responded that he, “won’t disturb USG’s view that this is not discoverable.”

So on the one hand, Durham’s prosecutors are arguing that a conspiracy not yet charged creates conflicts for an Igor Danchenko indictment that doesn’t implicate any paid members of the Hillary campaign. But on the other hand, they’re arguing that the same investigation is sufficiently bracketed that they’re not required to provide Sussmann the records of what exposure Baker himself may have that might persuade him to change his story.

Sussmann’s attorney Sean Berkowitz observed that Baker had obviously changed his story. Durham’s team explains that’s because Baker refreshed his memory (though what we’ve seen of the contemporary records suggest there are two possible readings of them). But Sussmann could well argue that, because of criminal exposure himself, Baker changed his story to reflect what Durham wanted it to be.

As I have said, repeatedly, Durham needs Sussmann to have lied to have any hope of building this conspiracy case, and if he fails, each of the parts are far weaker.

And while claiming the conspiracy case he has not yet charged creates already existing conflicts, he’s still going to withhold the evidence of the conspiracy he’s trying to create.

Share this entry

Adventures in Cut-and-Paste: John Durham says, “no specific client” is the same as, “not doing this for any client”

/37 Comments/in , /by

John Durham’s team has responded to Michael Sussmann’s request for a May trial date with a bunch of mostly nonsense.

AUSA Andrew DeFilippis does the following:

  • Blows off Susssmann’s observation that Durham promises to be ready for Igor Danchenko’s EDVA trial, which will involve far more complex classification issues, in April, even while saying classified discovery is what requires a later trial date in this case.
  • Does not deny Durham only belatedly provided Brady, while accusing Sussmann of “cherry-picking excerpts,” when Durham is the one providing excerpts.
  • Complains that Sussmann doesn’t note “law enforcement reports of Mr. Baker’s subsequent three interviews with the Special Counsel’s Office in which he affirmed and then re-affirmed his now-clear recollection of the defendant’s false statement,” which seems to suggest that like the one fragment already provided (which shows at least one sign of irregularity), Durham is claiming interview reports are more accurate than transcripts.
  • Complains that Sussmann didn’t mention a second potentially inadmissible hearsay document, written by someone else in the General Counsel’s office.
  • Accuses Sussmann of neglecting to mention a CIA report about a different meeting that Sussmann already discussed at length (indeed, Durham was the one withholding information on it when last it came up) — and which Durham admitted was based off notes that have been destroyed.
  • Mentions “three grand jury transcripts” but doesn’t describe any of them as Baker’s.
  • Invokes “serious national security equities” in a case that criminalizes reporting a cybersecurity concern.

To look on Durham’s case in the best light: After Baker reviewed notes that others took, he came to remember that Sussmann affirmatively said he was not representing a client at the meeting (though Durham doesn’t claim to have the specific words Sussmann said, nor does he quote any in his discussion of the three other 302s).

And Durham does not deny that he’s slow-walking Brady material.

But I want to look at DeFillippis’ cut-and-paste again. In the response to Sussmann, DeFillippis suggests that this second hearsay document from someone in his office matches the first, Bill Priestap’s notes taken immediately after the meeting.

Those notes, like the notes cited in the Indictment taken by an FBI Assistant Director, reflect that the defendant told Baker he had “no specific client.” [my emphasis]

Except that’s not what the indictment says Priestap’s notes say. Those say:

Michael Sussman[n] — Atty: [Perkins Coie] — said not doing this for any client

  • Represents DNC, Clinton Foundation, etc.

“Not doing this for any client,” and “no specific client,” are undoubtedly close, but they are not the same thing, particularly given the great stake Durham and others have placed on whether Sussmann believed he was doing something important for cyber security, particularly given that neither mentions billing or representing. The differences suggest that even in these near-contemporaneous records taken by professional note-takers of what Baker said, either he himself was not consistent in the language he used to relay what happened, or the meaning his interlocutors took from it was not. Probably that’s because none of them accorded it the great import that Durham has, in part because they were all trying hard to deal with a very real cyberattack by Russia.

Maybe these quotes look more similar in context. Right now, Durham seems to be desperately trying to show that he has quotations of something.

But John Durham accused Michael Sussmann of cherry picking. And right now, his own cherry picking reaffirms that there are differences in the exact quotations that he claims are the same. He may, in fact, have reason to believe Sussmann lied. Sussmann may have lied. But the question is whether his evidence — even assuming he’ll find a way to get hearsay admitted — is strong enough to rebut Baker’s repeated contradictory statements.

Share this entry