Posts

Is Bill Barr Already Feeding Sidney Powell So-Called Evidence Trump Coerces?

/61 Comments/in , , /by

The WaPo confirms what was becoming obvious: The Attorney General of the United States is spending his days flying around the world collecting claims that Trump has coerced from foreign governments. It reports that Barr has already had conversations similar to those Trump seeded with Ukraine with the UK, Italy, and Australia.

Barr has already made overtures to British intelligence officials, and last week the attorney general traveled to Italy, where he and Durham met senior Italian government officials and Barr asked the Italians to assist Durham, according to one person familiar with the matter, who spoke on the condition of anonymity to discuss a sensitive issue. It was not Barr’s first trip to Italy to meet intelligence officials, the person said. The Trump administration has made similar requests of Australia, said people who discussed the interactions on the condition of anonymity because they involve an ongoing investigation and sensitive talks between governments.

In a recent phone call, Trump urged Australian Prime Minister Scott Morrison to provide assistance to the ongoing Justice Department inquiry, the people said. Trump made the request at Barr’s urging, they said.

I raise all this because of something Sidney Powell said on September 10. At the status hearing for her client, Mike Flynn, she said that they had a letter from the British Embassy that “undoes the whole Steele dossier debacle.”

It was an interesting claim for several reasons. Most notably, the only references to Powell’s client in the Steele dossier simply repeat public claims about Flynn’s paid trip to an RT gala in 2015. That is, it’s totally irrelevant to the question of Flynn’s guilt on the charges he pled to or even the counterintelligence investigation into her client. Even if DOJ had such a record, it’d not be discoverable under Brady.

But Powell seemed to be saying she had the letter.

That raises the possibility that Bill Barr is not — as he claims — collecting “evidence” for a John Durham investigation into the start of the Russian investigation, but is instead (or also) collecting evidence he can share with those prosecuted by Mueller to help them undermine their guilty pleas and or convictions (which would raise interesting questions about Roger Stone’s focus on Crowdstrike, given that’s included in Trump’s list of propaganda he wants to extort from foreign countries).

Mind you, Powell could be lying or unclear about this document–she has been caught in both multiple times so far before Emmet Sullivan. But this claim — which was surprising to me at the time — raises real questions about whether Barr is using coerced evidence to undermine his own DOJ.

Update: I think I have the timing of this letter wrong. I think it was sent under Obama, not recently. 

[Some of] Where Trump Wants to Go with the Server in Ukraine Story

/127 Comments/in , , , /by

As I emphasized in this post, before Trump pushed Volodymyr Zelensky to frame Hunter Biden, he first pressed Ukraine’s president to “get to the bottom” of the “what happened with this whole situation with Ukraine.”

The President: I would like you to do us a favor though because our country has been through a lot and Ukraine knows a lot about it. I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike … I guess you have one of your wealthy people… The server, they say Ukraine has it. There are a lot of things that went on, the whole situation. I think you are surrounding yourself with some of the same people. I would like to have the Attorney General call you or your people and I would like you to get to the bottom of it. As you saw yesterday, that whole nonsense ended with a very poor performance by a man named Robert Mueller, an incompetent performance, but they say a lot of it started with Ukraine. Whatever you can do, it’s very important that you do it if that’s possible.

Contrary to virtually all the coverage on this, there is reason to believe that Bill Barr can get information from Ukraine that will feed the disinformation about the Russian operation. Trump has obviously been told — and not just by Rudy Giuliani (as Tom Bossert believes) — to ask for this, but some of this is probably part of the disinformation that Russia built in to the operation.

Rudy Giuliani wants to frame Alexandra Chalupa

This morning, Rudy Giuliani explained that he wants to know who in Ukraine provided information damning to Trump during the 2016 campaign.

GIULIANI: I have never peddled it. Have you ever hear me talk about Crowdstrike? I’ve never peddled it. Tom Bossert doesn’t know what he’s talking about. I have never engaged in any theory that the Ukrainians did the hacking. In fact, when this was first presented to me, I pretty clearly understood the Ukrainians didn’t do the hacking, but that doesn’t mean Ukraine didn’t do anything, and this is where Bossert…

STEPHANOPOULOS: So, why does the president keep repeating it?

GIULIANI: Let’s get on to the point…

STEPHANOPOULOS: Well, this was in the phone call.

GIULIANI: I agree with Bossert on one thing, it’s clear: there’s no evidence the Ukrainians did it. I never pursued any evidence and he’s created a red herring. What the president is talking about is, however, there is a load of evidence that the Ukrainians created false information, that they were asked by the Obama White House to do it in January of 2016, information he’s never bothered to go read. There are affidavits that have been out there for five months that none of you have listened to about how there’s a Ukrainian court finding that a particular individual illegally gave the Clinton campaign information. No one wants to investigate that. Nobody cared about it. It’s a court opinion in the Ukraine. The Ukrainians came to me. I didn’t go to them. The Ukrainians came to me and said…

STEPHANOPOULOS: When did they first come to you?

GIULIANI: November of 2016, they first came to me. And they said, we have shocking evidence that the collusion that they claim happened in Russia, which didn’t happen, happened in the Ukraine, and it happened with Hillary Clinton. George Soros was behind it. George Soros’ company was funding it.

This is an effort to frame Alexandra Chalupa, who while working as a DNC consultant in 2016 raised alarms about Paul Manafort. This is an effort that Trump has pursued since 2017 in part with a story first floated to (!!) Ken Vogel, an effort that key propagandist John Solomon was pursuing in May. Remember, too, that Chalupa was hacked separately in 2016, and believed she was being followed.

Peter Smith’s operation may have asked for help from a hacker in Ukraine

But per the transcript, this is not about Rudy, it’s about Barr. And even leaving Rudy’s antics aside, there is more that Trump may be after.

First, a fairly minor point, but possibly important. According to Charles Johnson, he advised Peter Smith to reach out to Weev for help finding Hillary’s deleted emails.

Johnson said he also suggested that Smith get in touch with Andrew Auernheimer, a hacker who goes by the alias “Weev” and has collaborated with Johnson in the past. Auernheimer—who was released from federal prison in 2014 after having a conviction for fraud and hacking offenses vacated and subsequently moved to Ukraine—declined to say whether Smith contacted him, citing conditions of his employment that bar him from speaking to the press.

At the time (and still, as far as I know), Weev was living in Ukraine. The Mueller Report says that his investigators never found evidence that Smith or Barbara Ledeen (or Erik Prince or Mike Flynn, who were also key players in this effort) ever contacted Russian hackers.

Smith drafted multiple emails stating or intimating that he was in contact with Russian hackers. For example, in one such email, Smith claimed that, in August 2016, KLS Research had organized meetings with parties who had access to the deleted Clinton emails, including parties with “ties and affiliations to Russia.”286 The investigation did not identify evidence that any such meetings occurred. Associates and security experts who worked with Smith on the initiative did not believe that Smith was in contact with Russian hackers and were aware of no such connection.287 The investigation did not establish that Smith was in contact with Russian hackers or that Smith, Ledeen, or other individuals in touch with the Trump Campaign ultimately obtained the deleted Clinton emails.

Weev is a hacker, but not Russian. So if Smith had reached out to Weev — and if Weev had given him any reason for optimism in finding the emails or even the alleged emails that Ledeen obtained — it might explain why Trump would believe there was information in Ukraine that would help him.

CrowdStrike once claimed its certainty on Russian attribution related to a problematic report on Ukraine

But that’s not the CrowdStrike tie.

At least part of the CrowdStrike tie — and what Zelensky actually could feed to Trump — pertains to a report they did in December 2016. They concluded that one of the same tools that was used in the DNC hack had been covertly distributed to Ukrainian artillery units, which (CrowdStrike claimed) led to catastrophic losses in the Ukranian armed forces. When the report came out — amid the December 2016 frenzy as President Obama tried to figure out what to do with Russia given the Trump win — CrowdStrike co-founder Dmitri Alperovitch pitched it as further proof that GRU had hacked the DNC. In other words, according to CrowdStrike, their high confidence on the DNC attribution was tied to their analysis of the Ukrainian malware.

In a now deleted post, infosec researcher Jeffrey Carr raised several problems with the CrowdStrike report. He correctly noted that CrowdStrike vastly overstated the losses to the Ukranian troops, which both an outside analyst and then the Ukranian Defense Ministry corrected. CrowdStrike has since updated its report, correcting the claim about Ukrainian losses, but standing by its analysis that GRU planted this malware as a way to target Ukrainian troops.

Carr also claimed to know of two instances — one, another security company, and the other, a Ukrainian hacker — where the tool was found in the wild.

Crowdstrike, along with FireEye and other cybersecurity companies, have long propagated the claim that Fancy Bear and all of its affiliated monikers (APT28, Sednit, Sofacy, Strontium, Tsar Team, Pawn Storm, etc.) were the exclusive developers and users of X-Agent. We now know that is false.

ESET was able to obtain the complete source code for X-Agent (aka Xagent) for the Linux OS with a compilation date of July 2015. [5]

A hacker known as RUH8 aka Sean Townsend with the Ukrainian Cyber Alliance has informed me that he has also obtained the source code for X-Agent Linux. [11]

Carr argued that since CrowdStrike’s attribution of the DNC hack assumed that only GRU had access to that tool, their attribution claim could no longer be trusted. At the time I deemed Carr’s objections to be worthwhile, but not fatal for the CrowdStrike claim. It was, however, damning for CrowdStrike’s public crowing about attribution of the DNC hack.

Since that time, the denialist crowd has elaborated on theories about CrowdStrike, which BuzzFeed gets just parts of here. Something that will be very critical moving forward but which BuzzFeed did not include, is that the president of CrowdStrike, Shawn Henry, is the guy who (while he was still at FBI) ran the FBI informant who infiltrated Anonymous, Sabu. Because the FBI reportedly permitted Sabu to direct Antisec to hack other countries as a false flag, the denialist theory goes, Henry and CrowdStrike must be willing to launch false flags for their existing clients. [See update below, which makes it clear FBI did not direct this.] The reason I say this will be important going forward is that these events are likely being reexamined as we speak in the grand jury that has subpoenaed both Chelsea Manning and Jeremy Hammond.

So Trump has an incentive to damage not just CrowdStrike’s 2016 reports on GRU, but also CrowdStrike generally. In 2017, Ukraine wanted to rebut the CrowdStrike claim because it made it look bad to Ukranian citizens. But if Trump gives Zelensky reason to revisit the issue, they might up the ante, and claim that CrowdStrike’s claims did damage to Ukraine.

I also suspect Trump may have been cued to push the theory that the GRU tool in question may, indeed, have been readily available and could have been used against the DNC by someone else, perhaps trying to frame Russia.

As I’ve noted, the GRU indictment and Mueller Report list 30 other named sources of evidence implicating the GRU in the hack. That list doesn’t include Dutch hackers at AIVD, which provided information (presumably to the Intelligence Community generally, including the FBI). And it doesn’t include NSA, which Bossert suggested today attributed the hack without anything from CrowdStrike. In other words, undermining the CrowdStrike claims would do nothing to undermine the overall attribution to Russia (though it could be useful for Stone if it came out before his November 5 trial, as the four warrants tied to his false statements relied on CrowdStrike). But it would certainly feed the disinformation effort that has already focused on CrowdStrike.

That’s just part of what Trump is after.

Update: Dell Cameron, who’s one of the experts on this topic, says that public accounts significantly overstate how closely Sabu was being handled at this time. Nevertheless, the perception that FBI (and Henry) encouraged Sabu’s attacks is out there and forms a basis for the claim that CrowdStrike would engage in a false flag attack. Here’s the chatlog showing some of this activity. Hammond got to the Brazilian target by himself.

Why Roger Stone Threatened to Sue emptywheel!

/25 Comments/in /by

Remember when Roger Stone threatened to sue me? It was in response to this post, in which I noted that Don McGahn had been helping Stone rat-fuck for Trump for years.

Well, it turns out that that’s the topic of something the government would like to introduce as evidence about why he lied to HPSCI.

As I noted, a debate over whether the government can introduce 404(b) evidence at trial — often used to show motive — has been going on under seal. But a snippet of the topic got aired in yesterday’s hearing on such issues. And one of the things the government wants to introduce under 404(b) is that, in addition to all the lies Stone told HPSCI laid out in his indictment, he also told further lies about his coordination with the Trump campaign.

Separately, Jackson also held off in ruling on Stone’s bid to block DOJ from talking about other alleged false statements he made before the House committee during the September 2017 testimony that led Mueller to press charges.

During Wednesday’s hearing she fretted that raising Stone’s statements could prolong the trial and confuse jurors over allegations that the government didn’t choose to prosecute.

DOJ attorney Michael Marando argued that the government’s allegations needs to be heard in the context of Stone’s overall motivations.

“He went in with a calculated plan to lie, to separate himself from the campaign in order to shield the lie about his connections to WikiLeaks. He had to create that space,” Marando said.

One of those lies pertains to Stone’s communication with the campaign about the activities of his PAC.

Assistant U.S. Attorney Michael J. Marando argued that Stone falsely denied communicating with Trump’s campaign about his political-action-committee-related activities, and that the lie revealed his calculated plan to cover up his ties to the campaign and obstruct the committee’s work.

Rogow disagreed, calling the allegation more prejudicial than revealing and saying that it would divert jurors into a matter that Stone was not charged with.

Note, this is likely why he wants to call Steve Bannon, which other news outlets are inexplicably quite surprised about; Stone asked Bannon for funding from Rebekah Mercer for this stuff. And, as I noted in the post in question, Don McGahn helped Stone avoid charges for voter intimidation for his PAC activities. So I guess Stone wanted to sue me because I laid out proof that he lied to HPSCI about something that served the larger purpose of distancing his rat-fucking from the campaign.

Amy Berman Jackson ruled on most of the motions in limine as follows:

Government motion to introduce two categories of 404(b) evidence: Under advisement

Government motion to introduce two newspaper articles related to such evidence: Denied, with the opportunity to submit redacted versions if the evidence is submitted

Government motion to exclude claims of prosecutorial misconduct: Granted, but Stone can introduce impeachment information

Government motion to exclude evidence of Russian interference: Granted

Stone motion to introduce evidence challenging claims that WikiLeaks obtained stolen documents from Russia: Denied

Stone motion to subpoena Crowdstrike for its reports to the DNC: Denied

Stone motion for a recording of his HPSCI testimony: Moot

Government motion to introduce upload dates for videos: Granted

Government motion to introduce an excerpt of Godfather II: Deferred

Government motion to partially redacted a grand jury transcript: Granted, along with permission to file a motion in limine to limit the same witnesses’ court testimony

ABJ ordered the two sides to figure out what portion of the HPSCI report they need to submit at trial, as well as what communications between Randy Credico and Stone should be excluded

How Roger Stone’s Trial Relates to the Ukraine Scandal

/80 Comments/in , /by

The White House released the readout from one (but not all) of the calls involved in the whistleblower complaint. It shows that before Trump asked Volodymyr Zelensky for help framing Joe Biden, he first asked Zelensky for help attacking Crowdstrike.

The President: I would like you to do us a favor though because our country has been through a lot and Ukraine knows a lot about it. I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike … I guess you have one of your wealthy people… The server, they say Ukraine has.it. There are a lot. of things that went on, the whole situation. I think you are surrounding yourself with some of the same people. I . would like to have the Attorney General call you or your people and I would like you to get to the bottom of it. As you saw yesterday, that whole nonsense ended with a very poor performance by a man named Robert Mueller, an incompetent performance, but they say a lot of it started with Ukraine. Whatever you can do, it’s very important that you do it if that’s possible.

As with the sections involving the request on Biden, this one includes ellipses, hiding part of Trump’s ask. Also like those sections, this one suggests Bill Barr is involved in his improper request.

A request about Crowdstrike more directly addresses matters of intelligence — the attribution of the 2016 operation to Russia — than an effort to frame Joe Biden.

And this Crowdstrike request is what ties the call obviously to the timing — the day after the Mueller testimony gave Trump the belief he had weathered the Russian investigation.

Only, Trump is not clear of the impact of the Mueller investigation. On the contrary, if all goes on schedule, prosecutors will present abundant evidence of what even Mark Meadows calls “collusion,” the campaign’s effort to optimize the WikiLeaks releases, in Roger Stone’s November trial. As I have noted, in addition to Steve Bannon and Erik Prince, the trial will talk about Stone’s texts and calls to four different Donald Trump phone numbers, as well as his aides and bodyguard, Keith Schiller. (This screen cap comes from a list of stipulated phone numbers and emails that has since been sealed.)

The Stone trial (if it goes forward–I still have my doubts) will show that Trump was personally involved in these efforts and got repeated updates directly from Stone.

And a key strand of Stone’s defense is to question the Crowdstrike findings on the hack. Stone has been pursuing this effort for months — it’s what almost got him jailed under his gag. And while Amy Berman Jackson ruled twice this week against Stone getting any further Crowdstrike reports (once in an opinion denying Stone’s efforts to get unredacted Crowdstrike reports as moot since the government doesn’t have them, and once today in his pre-trial hearing when she deemed the remaining unredacted passages to pertain to ongoing Democratic cybersecurity protections and so unrelated to what Stone wants them for), Stone still has several redacted Crowdstrike reports from discovery.

Stone’s defense has focused entirely on discrediting the evidence that Trump partnered with a hostile country to get elected (which presumably is part of his effort to get a pardon). If he can support that effort by releasing currently private Crowdstrike reports he will do so.

Today’s pre-trial hearing — where ABJ also ruled that Stone won’t be able to question the underlying Russian investigation — may have mooted the effort to tie Ukrainian disinformation to Stone’s own disinformation effort. But the two efforts are linked efforts by Trump to deny his own role in “colluding” with Russia.

The Parts of the Mueller Report withheld from Roger Stone Show the Centrality of His WikiLeaks Activities to Trump’s Obstruction

/116 Comments/in , , /by

Along with denying most of Roger Stone’s frivolous challenges to his prosecution, Amy Berman Jackson also partly granted his motion to get some of the redacted Mueller Report. As she laid out, she permitted the government to withhold grand jury information, sources and methods, stuff that would harm the reputation of others, and prosecutorial deliberations.

But the Court was of the view that the Report of the Special Counsel should receive separate consideration since a great deal of deliberative material within the Report had already been released to the public.

[snip]

Having considered the defendant’s motion, the government’s response and supplemental submissions, and the Report itself, the Court has determined that the defense should have the limited access he requested to some, but not all, of the redacted material.32 Insofar as defendant’s motion to compel seeks any material that was redacted from the public report on the basis that its release would infringe upon the personal privacy of third parties or cause them reputational harm; pursuant to Federal Rule of Criminal Procedure 6(e); or on the basis of national security or law enforcement concerns, including information that if revealed, could potentially compromise sensitive information gathering sources, methods, or techniques or harm ongoing intelligence or law enforcement activities, the Court will deny the motion.33 With respect to material that was withheld solely on the basis that its release could affect the ongoing prosecution of this case, the Court has concluded that the material to be specified in the order issued with this opinion should be provided to counsel for the defendant subject to the terms and conditions of the Protective Order in this case.

As she described, the government “submit[ed] unredacted portions of the Report that relate to defendant ‘and/or “the dissemination of hacked materials.”‘” Then she and the government conducted a sealed discussion about what could be released to Stone. In addition to her opinion, she submitted an order describing which specific pages must now be released to Stone.

We can compare what the government identified as fitting her order — this includes anything that fits the order, whether redacted or not — with what she has ordered released to Stone (note, the government either did not include Appendix D, showing referrals, or ABJ didn’t mention it, because in addition to an unredacted reference to Stone, there are referrals that the FOIA copies show to be related to Stone; nor did it include questions to Trump).

ABJ has not ordered the government to turn over anything pertaining to how GRU got stolen documents to WikiLeaks. This is precisely the kind of thing Stone is trying to get with his demands for Crowdstrike reports; after ABJ pointed out if they really wanted the reports, they would have tried subpoenaing Crowdstrike and they are now launching an attempt to do that. That ABJ has not ordered the government to turn this material over does not bode well for Stone’s plans to make this trial about the hack-and-leak rather than his lies. I would not be surprised if Stone made a second effort to get this information.

She has permitted the government to withhold all the prosecutorial decisions covered by her order except the one pertaining to Stone’s own lies. In addition, she let the government withhold one line about how they hadn’t determined whether or not Stone and Corsi had managed to optimize the release of the Podesta emails in October (though she did give Stone the more detailed discussion of that).

But ABJ has not included any of the references in the main part of Volume II in her order (presumably to protect Trump’s reputation!). That Volume includes three references to Trump and the campaign’s enthusiasm for or attempts to optimize the WikiLeaks releases through Stone, the reference to Richard Burr leaking news of the targets of the investigation (including Stone) to the White House before Jim Comey got fired, and three instances describing Trump floating pardons to Stone or otherwise encouraging him to remain silent.

It also includes the page on which this passage appears:

After Flynn was forced to resign, the press raised questions about why the President waited more than two weeks after the DOJ notification to remove Flynn and whether the President had known about Flynn’s contacts with Kislyak before the DOJ notification.244 The press also continued to raise questions about connections between Russia and the President’s campaign.245 On February 15, 2017, the President told reporters, “General Flynn is a wonderful man. I think he’s been treated very, very unfairly by the media.”246 On February 16, 2017, the President held a press conference and said that he removed Flynn because Flynn “didn’t tell the Vice President of the United States the facts, and then he didn’t remember. And that just wasn’t acceptable to me.” 247 The President said he did not direct Flynn to discuss sanctions with Kislyak, but “it certainly would have been okay with me if he did. I would have directed him to do it if I thought he wasn’t doing it. I didn’t direct him, but I would have directed him because that’s his job.”248 In listing the reasons for terminating Flynn, the President did not say that Flynn had lied to him.249 The President also denied having any connection to Russia, stating, “I have nothing to do with Russia. I told you, I have no deals there. I have no anything.”250 The President also said he “had nothing to do with” WikiLeaks’s publication of information hacked from the Clinton campaign.251 [my emphasis]

Clearly, it was included for Trump’s public denials — at the moment he fired Flynn in an attempt to stop the Russian investigation — of having anything to do with WikiLeaks’ publication of materials stolen from Hillary’s campaign. It is, on its face, a reference to the publication of the stolen emails, and as such qualifies under ABJ’s order. At that level, it is unremarkable.

But the government is treating it not as Trump making empty denials, but instead to make a claim specifically disavowing any involvement in WikiLeaks’ publication of stolen emails. Mueller’s team put the claim right next to a claim we know to be false, a claim designed to hide his Trump Tower deals. And he put all that amid a discussion of why he first did not, and then did, fire Mike Flynn.

Now consider something else: While it doesn’t appear in the Mueller Report at all, one thing Flynn told prosecutors was that after WikiLeaks started dumping John Podesta’s emails, he took part in conversations during which the campaign discussed reaching out to WikiLeaks.

The defendant also provided useful information concerning discussions within the campaign about WikiLeaks’ release of emails. WikiLeaks is an important subject of the SCO’s investigation because a Russian intelligence service used WikiLeaks to release emails the intelligence service stole during the 2016 presidential campaign. On July 22, 2016, WikiLeaks released emails stolen from the Democratic National Committee. Beginning on October 7, 2016, WikiLeaks released emails stolen from John Podesta, the chairman of Hillary Clinton’s 2016 presidential campaign. The defendant relayed to the government statements made in 2016 by senior campaign officials about WikiLeaks to which only a select few people were privy. For example, the defendant recalled conversations with senior campaign officials after the release of the Podesta emails, during which the prospect of reaching out to WikiLeaks was discussed.

There’s nothing in the public record that suggests Flynn knew of Trump’s efforts, during the campaign, to build a Trump Tower. But he did know about Trump’s efforts to optimize WikiLeaks’ releases of stolen emails. And Trump would have known that when he considered the impact of Flynn’s ties to Russia being investigated by the FBI.

And the treatment of that references as a real denial — as Trump evincing guilt even as he fired Flynn — sure makes the Flynn firing more interesting.

Roger Stone Lawyer Bruce Rogow Concedes His CrowdStrike Ploy Was Just That

/40 Comments/in , /by

Most of the reporting on Roger Stone’s status hearing yesterday has focused on whether Judge Amy Berman Jackson would hold Stone in contempt for violating her gag. She did find he had violated her gag, but responded only by prohibiting him from using Twitter, Facebook, or Instagram — an outcome consistent with what I laid out here. Shortly after the hearing ended, Stone’s spouse, Nydia, posted a picture of the two of them on Instagram, though on terms that are within the terms permitted by ABJ’s gag.

I’m more interested, however, in the exchanges covering Stone’s Fourth Amendment challenge to all the warrants against him and his demand to obtain full copies of the CrowdStrike reports (including descriptions of what new defenses CrowdStrike implemented) provided to the Democrats and shared with the FBI, a pair of motions that Stone successfully used to inflame conspiracies among frothy right and denialist left.

It was always clear this was about disinformation. After all, the very same lawyers had argued for the very same client that Russia did do the hack in the DNC lawsuit.

Predictably, ABJ was clearly having none of the Fourth Amendment challenge. She repeatedly challenged Stone’s motion by undermining his false claim, noting that the FBI relied on the US Intelligence Committee’s attribution of the DNC hack to Russia and not — as Stone had claimed and the useful idiots responding to his motion had repeated unquestioningly — the CrowdStrike reports. Aaron Zelinsky sounded like a DFH blogger when he described the effort as an attempt, “to backdoor a debunked conspiracy theory.”

A more telling moment came when ABJ got Bruce Rogow to concede that Stone’s team had not acted as if they really needed the CrowdStrike reports, as they had claimed to inflame their useful idiots.

The government had represented they didn’t have the full reports (as noted, in the reports the Democrats shared with the FBI, they redacted the information describing what they did to harden their networks).

At the direction of the DNC and DCCC’s legal counsel, CrowdStrike prepared three draft reports.1 Copies of these reports were subsequently produced voluntarily to the government by counsel for the DNC and DCCC. 2 At the time of the voluntary production, counsel for the DNC told the government that the redacted material concerned steps taken to remediate the attack and to harden the DNC and DCCC systems against future attack. According to counsel, no redacted information concerned the attribution of the attack to Russian actors. The government has also provided defense counsel the opportunity to review additional reports obtained from CrowdStrike related to the hack.

[snip]

As the government has advised the defendant in a letter following the defendant’s filing, the government does not possess the material the defendant seeks; the material was provided to the government by counsel for the DNC with the remediation information redacted. However, the government has provided defense counsel the opportunity to review additional unredacted CrowdStrike reports it possesses, and defense counsel has done so. 3

1 Although the reports produced to the defendant are marked “draft,” counsel for the DNC and DCCC informed the government that they are the last version of the report produced.

2 The defendant describes the reports as “ heavily redacted documents,” Doc. 103, at 1. One report is thirty-one pages; only five lines in the executive summary are redacted. Another runs sixty-two pages, and redactions appear on twelve pages. The last report is fifty-four pages, and redactions appear on ten pages.

3 These materials are likewise not covered by Brady, but the government produced them for defense counsel review in an abundance of caution.

As ABJ noted, given the representation that the government doesn’t have full unredacted reports, asking for them from the government is pointless, something Rogow conceded. The way to get the full reports, ABJ noted, would be to subpoena them from the Democrats or CrowdStrike itself.

And Stone’s lawyer admitted they hadn’t done that.

This is tantamount to a confession that Stone never really needed the documents in the first place, but instead only wanted to use them to stake a false claim about them in the press.

And given the large number of people who repeated the claim credulously, that effort succeeded.

Update: After issuing a minute order yesterday, ABJ issued a written one today, making it clear that Stone can’t just move to Gab or have Nydia post for him to get around the gag.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

A New Form of Victim Blaming: Demanding that Rat-Fucker Roger Stone Get to Learn the Defensive Measures DNC Implemented in 2016

/116 Comments/in , /by

Roger Stone’s ongoing effort to float hoaxes rather than mount a credible defense has gotten the left and right denialists into a tizzy about CrowdStrike again. But this time it’s not just an effort to raise doubts about whether Russia hacked the DNC, but an effort to suggest that Democrats can only obtain law enforcement help in response to being hacked if they’re willing to share their own network defenses with the FBI, and do so while their candidate is under active investigation by the FBI.

As I noted back in May, Stone demanded unredacted CrowdStrike reports in the guise of challenging warrants based off a claim that Russia didn’t actually hack the DNC. In the latter motion, Stone claimed to have received three redacted CrowdStrike reports (though as is typical of the sloppy work his lawyers do, they can’t even get that citation correct).

CrowdStrike’s three draft reports are dated [sic] August 8 and August 24, 2016. The Mueller Report states Unit 26165 officers also hacked into a DNC account hosted on a cloud-computing service on September 20, 2016, thereby illustrating the government’s reliance on CrowdStrike even though the DNC suffered another attack under CrowdStrike’s watch. (See Mueller Report at 49-50). [my emphasis]

The government’s response to the Fourth Amendment challenge notes that the fourteen warrant affidavits for hacking (Computer Fraud and Abuse Act) violations don’t rely on Russian attribution to establish probable cause, but instead point to Stone’s, WikiLeaks’, Guccifer 2.0’s, and Jerome Corsi’s communications to establish that a hack was committed and Stone’s facilities likely had evidence about it.

In brief, each of these affidavits (at a minimum) states that Stone communicated with the Twitter account Guccifer 2.0 about hacked materials Guccifer had posted. Each affidavit states that on June 15, 2016, Guccifer 2.0 publicly claimed responsibility for the hack of the computer systems of the Democratic National Committee (“DNC”). Each affidavit states that Organization 1 published materials stolen from the DNC in the hack. Each affidavit describes Stone’s communications (including his own public statements about them) with Guccifer 2.0, Organization 1, and the head of Organization 1. Each affidavit submits that, based on those communications, there was probable cause to believe that evidence related to the DNC hack would be found in the specified location.

[snip]

On the contrary, the 1030 warrant affidavits contain detailed descriptions of Stone’s communications with Guccifer 2.0, Organization 1, and the head of Organization 1, and, in some cases, detailed descriptions of witness tampering and false statements. See, e.g., Doc 109, Ex. 10 at ¶¶ 35-40 (discussing Stone’s communications with Organization 1 and the head of organization 1), Ex. 11 at ¶ 24 (discussing private Twitter message between Stone and Guccifer 2.0); Ex. 18 at ¶¶ 64-77 (relating to Stone’s conversations with Person 2).

[snip]

The various showings of probable cause in the 1030 warrant affidavits did not depend on the identity of the hacker, but rather were based on evidence showing that Stone communicated with a Twitter account that publicly claimed responsibility for the DNC hack, and that Stone communicated with the very organization that was disseminating materials from the DNC computers in the months after the hack. This evidence established probable cause that searches of the target locations would yield evidence of a violation of 18 U.S.C. § 1030, regardless of whether the Russian state was involved.

If Judge Amy Berman Jackson agrees that those warrant affidavits establish probable cause independent of any attribution, then then entire question of CrowdStrike reports is moot.

Yet the government still had to explain why the CrowdStrike demand was frivolous. In the response to the CrowdStrike demand, then, the government noted that these reports are unrelated to the false statements charges Stone is facing.

The defendant is not charged with conspiring to hack the DNC or DCCC. Cf. Netyksho, Doc. 1. The defendant is charged with making false statements to Congress regarding his interactions with Organization 1 and the Trump Campaign and intimidating a witness to cover up his criminal acts. Any information regarding what remediation steps CrowdStrike took to remove the Russian threat from the system and strengthen the DNC and DCCC computer systems against subsequent attacks is not relevant to these charges. And, in any case, the government does not need to prove at the defendant’s trial that the Russians hacked the DNC in order to prove the defendant made false statements, tampered with a witness, and obstructed justice into a congressional investigation regarding election interference.

But along with that, the government also provides some details about how it came into possession of the CrowdStrike reports — which basically amounts to the Democrats sharing them with the FBI when they informed the FBI of a crime. The government describes that the redacted materials don’t actually pertain to evidence about the hack, but instead pertain to what CrowdStrike did — while their client was trying to win a presidential election, remember, and while the party’s presidential candidate was being investigated by the FBI — to protect the Democrats against further hacking. The government also demonstrates that Stone exaggerates when he claims these are “heavily” redacted.

At the direction of the DNC and DCCC’s legal counsel, CrowdStrike prepared three draft reports.1 Copies of these reports were subsequently produced voluntarily to the government by counsel for the DNC and DCCC. 2 At the time of the voluntary production, counsel for the DNC told the government that the redacted material concerned steps taken to remediate the attack and to harden the DNC and DCCC systems against future attack. According to counsel, no redacted information concerned the attribution of the attack to Russian actors. The government has also provided defense counsel the opportunity to review additional reports obtained from CrowdStrike related to the hack.

[snip]

As the government has advised the defendant in a letter following the defendant’s filing, the government does not possess the material the defendant seeks; the material was provided to the government by counsel for the DNC with the remediation information redacted. However, the government has provided defense counsel the opportunity to review additional unredacted CrowdStrike reports it possesses, and defense counsel has done so. 3

1 Although the reports produced to the defendant are marked “draft,” counsel for the DNC and DCCC informed the government that they are the last version of the report produced.

2 The defendant describes the reports as “ heavily redacted documents,” Doc. 103, at 1. One report is thirty-one pages; only five lines in the executive summary are redacted. Another runs sixty-two pages, and redactions appear on twelve pages. The last report is fifty-four pages, and redactions appear on ten pages.

3 These materials are likewise not covered by Brady, but the government produced them for defense counsel review in an abundance of caution.

This makes it clear that, on top of being totally irrelevant to the probable cause consideration of the warrants for Stone’s communications, Stone is basically arguing that as part of asking the FBI to investigate a crime targeting them — at a time when the FBI was actively investigating Hillary!!! —  the Democrats should have had to share the new network security measures installed in response to the crime. This amounts to demanding that a crime victim who might also be under FBI investigation provide the FBI with investigative benefit — the equivalent of handing over their passwords — just to report the crime.

But what Stone has done is worse. He has demanded that he — modern America’s greatest rat-fucker, and someone against whom the FBI was able to show probable cause for hacking crimes — be informed of the opposing party’s defenses against being hacked for no good reason at all.

And a bunch of chumps are magnifying Stone’s demand, as if it has credibility, because they’re still clinging to some kind of hope that Russia didn’t hack the DNC.

Below, I’ve put a list of all the obvious investigative sources cited in the GRU indictment (cited by paragraph number) and the Mueller Report (cited as MR and page number) aside from CrowdStrike reports on the server activity and the witness reports of Democratic employees (hoaxsters often assume that no one in the Democratic Party conducted their own investigation, which is false). This is a fairly conservative list, and primarily consists of stuff the FBI would obtain from subpoenas for third party records. There are twenty-nine sources of information totally independent of CrowdStrike, and those sources include Google, Facebook,  Microsoft, and AWS — all of which have global visibility and conduct their own tracking of GRU’s hacking for their own security purposes, plus Twitter and WordPress (the latter of which also has superb security resources). The list also includes a server in AZ that I assume the FBI seized; it does not include a server in TX that I’ve also been told got seized in the FBI’s investigation.

And that’s just the unclassified stuff.

The notion that the attribution of the DNC hack to the GRU relies on CrowdStrike reports or FBI possession of the alleged single DNC server has always been nonsense. But that nonsense is now being wielded to demand that victims of a crime turn over to their political adversaries — and not just any adversary but an epic rat-fucker — details of what they did to make sure they would not be victimized in the next election. As Rayne explained in May, this is not just an attempt to obfuscate what happened in 2016; it’s an attempt to continue to damage the Democrats going forward.

And left and right wing denialists are playing along like chumps.

Update: I should have noted something that is obvious to anyone who follows cybersecurity but which hoaxsters pretend not to know: CrowdStrike gave the FBI forensic images of the servers and other affected hardware and software. That is the norm for computer investigations.

  1. URL-shortening service (WADA hack used bit.ly) [Indictment ¶21a]
  2. Gmail, including accounts of victims [Indictment ¶21b, MR 37]; accounts used by GRU [MR 47]; and their own security
  3. Linked In [Indictment 21c]
  4. Probe of DNC’s IP address
  5. Search on open source info on DNC [MR 37]
  6. AZ server — FBI with direct access, possible seizure [Indictment ¶24c, ¶58, MR 39]
  7. Malaysian server [Indictment ¶25, MR 39]
  8. Other redacted servers [MR 39]
  9. Microsoft  [MR 41]
  10. Romanian domain registration site [Indictment ¶¶33b, 35, 58]
  11. ActBlue [Indictment ¶33b]
  12. AWS [personal reporting, ¶34, MR 49]
  13. Smartech Corporation [¶37, MR 42]
  14. Facebook [¶38, MR 42]
  15. Twitter [¶¶39, 44, MR 44]
  16. WordPress [¶¶42-43, 46]
  17. BTC exchanges [¶63]
  18. VPN purchase [¶45a]
  19. gfade147 email account [¶60]
  20. US payment processor [¶62]
  21. Forensic images of DNC servers and traffic logs [MR 40]
  22. Stolen document forensics [MR 47]
  23. Aaron Nevins [MR 43]
  24. AOL [MR 43]
  25. Online archives [MR 46]
  26. Ecuadorian Embassy network [MR 46]
  27. [email protected] email [MR 46]
  28. WikiLeaks email [MR 47]
  29. Clinton personal office domain [MR 49]

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

In a Shoddy Attempt to Inflate the Single Server Fallacy, Roger Stone Suggests Communicating with Guccifer 2.0 Would Be Criminal

/21 Comments/in , /by

In a frivolous pair of motions, Roger Stone is going after CrowdStrike’s analysis of the Russian hack. In the first, he demands full unredacted copies of CrowdStrike’s reports on the hacks. He bases that demand on a claim the CrowdStrike reports are material to a motion to suppress the warrants against him because — he claims, falsely — the government relied exclusively on the CrowdStrike reports to decide Russia had hacked Democratic targets, so if the reports are faulty, then so are the warrants.

The entire stunt is based off what appears to be an inaccurate claim — that this government response to some other frivolous motions claimed they didn’t have to prove that Russia hacked Democratic targets.

The Government stated in its Opposition to Stone’s Motion to Dismiss (Dkt # 99) that it will not be required to prove that the Russians hacked either the Democratic National Committee (“DNC”) or Democratic Congressional Campaign Committee (“DCCC”) from outside their physical premises or that the Russians were responsible for delivering the data to WikiLeaks.

Maybe he’s thinking of another government response to his motions that notes they don’t have to prove an underlying crime to prove obstruction, but the one he cites (without paragraph citation) doesn’t make that claim. I mean, it is true that the government doesn’t have to prove the underlying crime, but that’s still another issue than having to prove what physical premises the Russians hacked the DNC from.

In his demand for the CrowdStrike servers, Stone at least claims he’s making the demand to distinguish his case from all the other Trump flunkies prosecuted for lying to Congress and mount a materiality challenge to his false statements prosecution.

As to selective prosecution, if the Russian state did not hack the DNC, DCCC, or Podesta’s servers, then Roger Stone was prosecuted for obstructing a congressional investigation into an unproven Russian state hacking conspiracy, while others similarly situated were not. Lastly, if the Russian state did not hack the servers or did not transfer the data to WikiLeaks, the exculpatory evidence regarding materiality, a factual issue for the jury, is amplified.

But in his Fourth Amendment challenge, Stone suggested that if Russia didn’t hack the Democrats and hand the documents to WikiLeaks, then speaking to WikiLeaks and Guccifer 2.0 would not be a crime.

If these premises are not the foundation for probable cause, Roger Stone communicating with a Twitter user named “Guccifer 2.0” or speaking with WikiLeaks, would not constitute criminal activity.

Hmm.

Speaking to WikiLeaks and Guccifer 2.0 would only be a crime if Stone engaged in a conspiracy with them, and a good bit of the redacted language on prosecutorial decisions in the Mueller Report probably says the First Amendment otherwise protects such speech. That said, the claim that talking to them would be a crime is interesting given some of the crimes for which the government showed probable cause in his warrant affidavits.

The search warrant applications however, allege that the FBI was investigating various crimes at different times, such as Stone for accessory after the fact, misprision of a felony, conspiracy, false statements, unauthorized access of a protected computer, obstruction of justice, witness tampering, wire fraud, attempt and conspiracy to commit wire fraud, and foreign contributions ban. The uncharged conduct particularly relied upon the assumptions the Russian state is responsible for hacking the DNC, DCCC,1 and even (although not as clear) Hillary Clinton campaign manager, John Podesta.

Stone is not, here, claiming that the government didn’t show a lot of evidence he engaged in these crimes (and remember, the government has told Andrew Miller that they’re likely to supersede Stone’s current indictment after they get Miller’s grand jury testimony, the content of which they know from an FBI interview last year). Rather, he’s claiming that these hacking-related crimes would only be illegal if the Russians did the hacking. (I really look forward to the government response to this, because some of these crimes would be crimes based on Julian Assange’s foreign status, not GRU’s, and wire fraud is a crime all by itself.)

Perhaps most interesting is the way Stone’s lawyers dismiss the Mueller Report (and the GRU indictment’s) focus on DCCC and Podesta documents. A footnote even suggests falsely that the Mueller Report said the DCCC documents did not get released.

WikiLeaks never released the DCCC documents. The Mueller report suggests the hack of the DCCC only provided additional keys to access the DNC servers.

At one point — perhaps a critical one — Stone uses the fact that the GRU hacked the DNC’s AWS server after Stone dismissed the value of the DCCC oppo research Guccifer 2.0 discussed with Stone in early September 2016 to suggest CrowdStrike was not competent.

CrowdStrike’s three draft reports are dated [sic] August 8 and August 24, 2016. The Mueller Report states Unit 26165 officers also hacked into a DNC account hosted on a cloud-computing service on September 20, 2016, thereby illustrating the government’s reliance on CrowdStrike even though the DNC suffered another attack under CrowdStrike’s watch.

Of course, CrowdStrike had little ability to protect AWS’ servers.

Ultimately, this is an attempt to misrepresent the Mueller Report and GRU indictment to shift the focus away from the Podesta and DCCC documents — where Stone’s greater criminal exposure might lie — and onto the Single Server Fallacy about the DNC server, which is irrelevant to those other documents.

And along the way, Stone lays out a good number of impressive crimes he was and may still be at risk for, and admits the government believed his actions are closely enough tied to the hacks to get redacted copies of the CrowdStrike reports in discovery. He also concedes (incorrectly) that simply speaking to WikiLeaks and Guccifer 2.0 may be a crime.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Fun with Dr. Corsi’s “Forensics”!

/39 Comments/in , /by

By far the most ridiculous part of Jerome Corsi’s book is where he spends an entire chapter pretending that he figured out on his own that WikiLeaks had John Podesta’s emails rather than being told that by someone whose identity he’s trying to avoid sharing with Mueller’s team.

The chapter is one of three in the book that he presents as having been written in real time, effectively as diary entries. Corsi presents it as the fevered narrative he writes on November 18, 2018, at a time when Mueller’s team was cracking down on him for his continued lies but before he refused the plea deal, after a night of nightmares.

Last night, I was plagued by nightmares that caused me to sleep very poorly.

His change in voice is followed with an even more direct address to readers, which he returns to as an interjection in the middle of his crazed explanation.

I am going to write this chapter to explain to you, the reader, how I used my basic intuitive skills as a reporter to figure out in August 2016 that Assange had Podesta’s emails, that Assange planned to start making the Podesta file public in October 2016, and that Assange would release the emails in a serial, day-by-day fashion, right up to election day.

[snip]

Now, I know this is tedious and will tax many readers, so I’ve decided here to take a break. You have to understand what I am going through is a roller-coaster. Sometimes I feel like everything is normal and that the federal government will understand that I am a reporter and should be protected by the First Amendment. Then, I realize that the next ring of the doorbell could be the FBI seeking to handcuff me and arrest me in full view of my family.

Resuming after a much-needed break, we need only a few more dates to complete the analysis.

The chapter consists of three things, none of which even remotely presents a case for how he could have concluded WikiLeaks was sitting on John Podesta’s emails:

  • An argument that claims he simply reasoned it all out, without proof
  • A chronology that makes no sense given the July and August 2016 emails he’s trying to explain away
  • Other crap theories designed to undermine Mueller’s argument about Russian involvement, most of which post-date the date when Corsi claims to have figured out the Podesta emails were coming

Corsi’s “argument”

Corsi’s main argument is this:

Clearly, I reasoned there had to have been Podesta emails on that server that would have discussed the Clinton/DNC plot to deny Bernie Sanders the Democratic Party presidential nomination in 2016. Where were these Podesta emails, I wondered?

[snip]

I felt certain that if Assange had Podesta’s emails he would wait to drop them in October 2016, capturing the chance to stage the 2016 “October Surprise,” a term that had been in vogue in U.S. presidential politics since 1980 when Jimmy Carter lost re-election to Ronald Reagan, largely because the Reagan camp finessed Ayatollah Khomeini to postpone the release of the hostages from the American embassy in Tehran until after that year’s November election. I also figured that Assange would release the Podesta emails in drip-drip fashion, serially, over a number of days, stretching right up to the Election Day. In presidential politics, the news cycle speeds up, such that what might take a month or a week to play out in a normal news cycle might take only a day or two in the heightened intensity of a presidential news cycle—especially a presidential news cycle in October, right at Election Day is nearing.

In spite of his claims, elsewhere, to have done forensic analysis that told him John Podesta’s emails were coming, ultimately his argument boils down to this: he figured out that Podesta’s emails (which he purportedly hadn’t read) would be the most damning possible thing and therefore WikiLeaks must have and intend to release them in a serial release because it made sense.

Corsi’s chronology

From there, Corsi proceeds to spin out the following bullshit about how he came to that conclusion:

  • Starting in February 2016, a woman named LH whose ex-husband was a former top NSA figure told him [why?] incorrect things about how the Democrats organize their servers. This information seems to be inflected by the flap over VAN space the previous December, but Corsi doesn’t mention that. This information is wrong in many of the ways later skeptics of the Russian hack would be wrong, but Corsi claims he had that wrong understanding well in advance of the crowd.
  • When Assange announced on June 12 that he had upcoming Hillary leaks, Corsi was “alerted to the possibility Assange had obtained emails from the DNC email server,” which he took to mean VAN.
  • When the WaPo reported on the DNC hack on June 14, 2016, Corsi took Democrats’ (false) reassurances about financial data to be true, matched it to his incorrect claimed understanding of how the Democrats organized their data, and assumed VAN had been hacked (this is the day before Guccifer 2.0 would claim he got in through VAN, remember). Corsi also claims to have noted from the WaPo story that Perkins Coie and Crowdstrike were involved, the latter of which he tied to Google’s Eric Schmidt (who was helping Dems on tech), which together he used to suggest that in real time he believed the Democrats had “manufactured” evidence to pin the hack on the Russians. Again, Corsi is suggesting he got to the conspiracy theories it took the rest of Republicans a year to get to, but in real time.
  • Corsi incorrectly read the Crowdstrike white paper (on which the WaPo story was obviously based and which Ellen Nakashima had had for about a week, and which includes an update written in response to the appearance of Guccifer 2.0) as a response to Guccifer 2.0’s post on June 15 and — in spite of the WaPo report that Cozy Bear had been “monitoring DNC’s email and chat communications” — concluded that the hackers had not taken email.
  • After the DNC emails were released, Corsi had what he claims was his big insight: that these emails largely came from DNC’s Comms Director and their finance staffers, which meant Podesta’s (and DWS’, which he logically should but did not, pursue) had to be what was left. Mind you, the former point is something WikiLeaks made clear on its website:

On July 22, 2016, Wikileaks began releasing over two days a total of 44,053 emails and17,761 email attachments from key figures in the DNC. What I noticed immediately was that the largest number of emails by far came from DNC Communications Director Luis Miranda (10,520 emails), who had approximately three-times the emails released for the next highest on the list, National Finance Director Jordon Kaplan (3,799 emails) and Finance Chief of Staff Scott Corner (3,095 emails). What I noticed immediately was that emails from Debbie Wasserman Schultz and John Podesta were missing. Yet, by analyzing the addresses in the emails, it was clear the “From,” “To,” and or “CC” listings indicate the email was sent by or to an addressee using the DNC email server, identified as @dnc.org.

  • In his narrative of how he “figured out” there must be Podesta emails, he relies not on the July 25 NBC story he cites earlier in his book, quoting Assange saying there was “no proof” the emails came from Russia (and suggesting his set were a different one than the ones analyzed by cybersecurity experts), but a CNN story he dates to July 26 but which got updated early morning July 27, citing Assange saying, “Perhaps one day the source or sources will step forward and that might be an interesting moment some people may have egg on their faces. But to exclude certain actors is to make it easier to find out who our sources are;” Corsi also cites a July 27 NYMag story citing the CNN one. Corsi claims that as he was listening to this interview, he realized that Assange had Podesta emails “lifted from the DNC server,” which would be incorrect even if it were true, given that Podesta’s emails were from his Gmail account.

Listening to this interview on CNN, all the pieces fit in place for me. Assange had Podesta emails that were also lifted from the DNC server and these were the emails he was holding to drop later in the campaign.

  • Corsi describes “the last piece of the puzzle” to be Seth Rich’s death on July 10, 2016, but which occurred before Assange’s post DNC release interviews, in one of which Assange suggested his sources were still alive to “step forward,” then points to Assange’s offer of a reward for information leading to a conviction on August 9. This happened after he had already suggested to Stone that Podesta’s emails were coming.

None of this explains how Corsi would not have decided that Clinton Foundation emails were what was missing, which is what Stone believed when he instructed Corsi to reach out to Ted Malloch on July 25, the day before the Assange interviews Corsi says led him to conclude WikiLeaks instead had Podesta’s emails. And much of it assumes that a unified hack occurred (otherwise it would be impossible to decide what was coming from what had already been released), an assumption he claims not to believe in much of the rest of his crap.

Corsi’s crap

In addition to that chronology, though, Corsi throws in a bunch of crap meant to discredit the evidence laid out in the Mueller GRU indictment. Much of this evidence post-dates the moment he claims he figured out that WikiLeaks had Podesta’s emails, which makes it irrelevant to his theory, nevertheless Corsi throws it out there.

  • Corsi takes the Guccifer 2.0 leak of DCCC files to Aaron Nevins — which didn’t happen until over a month after he told Stone that WikiLeaks had Podesta emails — to be “proof” not just that Guccifer 2.0 only hacked DNC files, which he again asserts incorrectly came from VAN, but also that Guccifer 2.0 had not hacked emails.
  • Corsi claims that Guccifer 2.0 “never bragged that he hacked the DNC email server that contained the Podesta emails,” even though Guccifer 2.0 did brag that WikiLeaks had published documents he gave them after the DNC leak.
  • Corsi claims that Guccifer 2.0 published donor lists and voter analysis at DCLeaks, which is generally inaccurate (indeed, some Podesta files came out via DCLeaks!), but also admits a tie between Guccifer 2.0 and DCLeaks that would either rely on contemporary reporting that asserted a tie, the GRU indictment, or some personal knowledge not otherwise explained.
  • Corsi claims that, unlike Marcel Lazar, “Guccifer 2.0 has never been positively identified let alone arrested,” without explaining how he’s sure that the 12 GRU officers Mueller indicted don’t amount to positively identifying the people running Guccifer 2.0. Indeed, rather than addressing that indictment, Corsi instead tries to rebut the Intelligence Community Assessment’s “high confidence” attribution of Guccifer 2.0 to GRU, which he claims relies on ‘tradecraft’ that relies on circumstantial evidence at best, presuming a hacker leaves a signature.” In the ICA, that discussion appears in a section that also notes that “Some analytic judgments are based directly on collected information,” as the Mueller indictment makes clear the GRU one was.
  • Corsi claims the Vault 7 release suggesting the CIA has a tool to falsely attribute its own hacks “undermined” the IC’s attribution of Cozy Bear and Fancy Bear, without realizing that’s a different issue from whether the CIA, NSA, and FBI can correctly attribute the hack (though if the Russians obtained those files in the weeks after Joshua Schulte allegedly stole them in 2016, it would have made it harder for CIA to chase down the Russians).
  • Corsi initially argues, providing no evidence except that he’s sure the DNC emails come from the DNC email server and not NGP-VAN or Hillary’s private server, that, “While the DNC email server could have been hacked by an outside agent, what is equally plausible is that the emails could have been stolen by someone on the inside of the DNC, perhaps an employee with their own @dnc.org email address.” He then feeds the Seth Rich conspiracy.
  • Corsi uses what he claims to have learned about serialization in a college course covering Dickens (but details of which, regarding the history of Dickens’ serialization, he gets entirely wrong) to explain how he knew the Podesta emails would come out in a serialized release.
  • Corsi dismisses the possibility the Russians used a cut-out with this garble:

The attempt to distinguish is disingenuous, suggesting the Russians may have been responsible for the hack, turning the information to a third party, not the Russians or a state actor, who handed WikiLeaks the emails and thus became “the source.”

  • Corsi cites the Nation’s August 9, 2017 version of the Bill Binney theory purportedly proving that a set of files purporting to be from the DNC — which were never released by WikiLeaks — were copied inside the US and also noting that the Russian metadata in the first Guccifer 2.0 documents was placed there intentionally. As I noted at the time, the two theories actually don’t — at all — disprove the claim that Russia hacked the DNC. But they’re even worse for Corsi’s claims, because (even though the set of files were called NGP/VAN) they undermine his false claim about the Democrats’ servers and they acknowledge that the files he said disproved that Guccifer 2.0 had Podesta files actually were Podesta files.

These things are utterly irrelevant to the soundness of Corsi’s own claim to have been able to guess that the Podesta emails were coming and — as I note — a number of them sharply contradict what he claims to believe.

Corsi’s mistaken notion of his role in proving “collusion”

But the crap does serve Corsi’s larger point, which is to undermine what he imagines Mueller’s theory of “collusion” to be.

Mueller & Company had decided the Trump campaign somehow encouraged Russia to steal the DNC emails and give them to Assange, so WikiLeaks could publish them. Then to establish “Russian collusion” with the Trump campaign, Mueller was out to connect his own dots. The Mueller prosecutors had been charged with the mission to grill me until

I would “give up” my source to Assange. I was their critical “missing link.” If Rhee, Zelinsky, and Goldstein only got me to confess, Mueller figured he could connect the dots from Roger Stone to me to Assange, and from Assange back again to me, and from me to Roger Stone, who would feed the information to Steve Bannon, then chairing the Trump campaign.

The final dots, the Mueller prosecutors assumed, would connect Bannon to Trump and the “Russian collusion” chain of communication would be complete. The only problem was that I did not have a source connecting me to Assange, so Mueller’s chain-link narrative does not connect.

While I actually think it possible that Corsi’s shenanigans may have harmed the neatness of Mueller’s case against Stone, perhaps even leading Mueller to charge Stone only with the obstruction charges rather than in a larger conspiracy, it doesn’t affect the understanding with which Mueller seems to be approaching the Don Jr side of any conspiracy, in which Trump’s son accepted a meeting offering dirt, thinking the family might make $300 million off it, and promised policy considerations that — even before he was sworn into office — his father took steps to pay off.

That conspiracy remains, even if Mueller can’t show that at the same time, Trump was maximizing the advantage of the WikiLeaks releases via his old political advisor Roger Stone.

But who knows? Perhaps Mueller may one day prove that, too?

One other thing that’s worth noting, however: As I laid out above, Corsi doesn’t just attempt to explain how he came to guess that WikiLeaks would release John Podesta’s emails. In the guise of doing that, he lays out what amounts to the Greatest Hits of the Denialist Conspiracies, throwing every possible claim mobilized to undermine the conclusion that Russia hacked the Democrats out there, even the ones that undermine Corsi’s own claimed beliefs.

And, as Corsi himself notes, Mueller has Corsi’s Google searches.

Truthfully, I was astounded because it seemed as if the FBI had studied me down to knowing the key strokes that I had used on my computer to do Google searches for articles. I realized my Google file would have much information about my locations and my Internet searches, but the way Zelinsky drilled down on how I wrote this article was shocking.

Repeatedly Zelinsky had warned me that I had no idea how truly extensive the Special Counselor’s investigation had been. Now, I imagined an army of FBI computer specialists at Quantico mapping out my every electronic communication in 2016, including my emails, my cellphone calls, and my use of the laptop and the Internet to conduct my research and write my various articles and memos.

They actually know whether he read this stuff (notably, the NBC, CNN, and NYMag articles he cites from late July 2016) in real time or only after the fact. They know when Corsi downloaded a bunch of other things (including the Guccifer 2.0 releases), and they know whether he read the GRU indictment. The FBI has also likely obtained what he was doing in November, 2018, as he was writing this stuff.

So it may be that when Corsi’s book comes out in hard cover on March 12, Mueller’s team will  already have put together the forensic evidence to prove that Corsi’s claims about how he came by his own forensic analysis — and the rest of these conspiracies — are absolute bullshit. It is, admittedly, frightening how much the government can obtain about our contemporaneous thinking.

But it would be an ironic and just outcome for Corsi if Mueller’s best demonstration about the power of FBI’s forensic analysis comes not in the GRU indictment Corsi so studiously avoided mentioning in the entire book attempting to discredit it, but in proving Corsi’s own claims about forensics to be utterly false.

Corsi’s Timeline

March 16, 2016: WikiLeaks indexes FOIAed Hillary emails

June 12, 2016: Assange announces he has more information on Hillary

In that interview, Assange disclosed that WikiLeaks has “upcoming leaks in relation to Hillary Clinton,” though Assange distinguished the Hillary Clinton emails WikiLeaks possessed pending publication came from a different source than the emails from Hillary’s private email server. This alerted me to the possibility Assange had obtained emails from the DNC email server.

June 14, 2016: WaPo announces the DNC hack

June 15, 2016: Crowdstrike publicly releases white paper on DNC hack and Guccifer 2.0 first posts

July 10, 2016: Seth Rich’s murder

July 22, 2016: WikiLeaks releases the DNC emails

July 25, 2016: Stone emails Corsi asking him to Get to Assange to “get the pending WikiLeaks emails;” Corsi forwards the email to Ted Malloch

July 26, 2016: Assange tells CNN a lot more material is coming and refuses to exclude Russia as a source because “to exclude certain actors is to make it easier to find out who our sources are”

July 28, 2016: Corsi and his wife leave for Italy

July 31, 2016: Stone emails Corsi to “call me MON” instructing him to get Malloch to see Assange

August 2, 2016: Corsi emails Stone,

Word is friend in embassy plans 2 more dumps. One shortly after I’m back. 2nd in Oct. Impact planned to be very damaging.… Time to let more than Podesta to be exposed as in bed w enemy if they are not ready to drop HRC. That appears to be the game hackers are now about. Would not hurt to start suggesting HRC old, memory bad, has stroke — neither he nor she well. I expect that much of next dump focus, setting stage for Foundation debacle.

August 9, 2016: WikiLeaks offers $20,000 reward for information leading to conviction for murder of Seth Rich

August 12, 2016: Corsi returns from Italy

March 7, 2017: WikiLeaks starts to release Vault 7 documents, including an Umbrage file showing that CIA uses disinformation to hide which attacks it launches

May 25, 2017: WSJ reports on Aaron Nevins files that Guccifer 2.0 noted in real time; Corsi deems this (in a Murdoch paper) to be part of the anti-Stone narrative

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The DNC-Centric Focus of the HPSCI Investigation

/22 Comments/in , , /by

Through the duration of the various Russia investigations, skeptics always harp on two questions pertaining to the Russian election year hacks — why the Democrats never turned over the DNC “server,” singular, to the FBI, allegedly leaving the FBI to rely on Crowdstrike’s work, and whether several sets of files released via Guccifer 2.0 showed signs of non-Russian origin. That is, skeptics look exclusively at the DNC, not the totality of the known Russian targeting.

Looking at the list of witnesses the House Intelligence Committee called (which the committee will release in the coming weeks) shows one reason why: that the most public and propagandist of all the Russia investigations focused on the DNC to the detriment of other known Democratic targets.

Here’s what the list of the HPSCI interviews looks like arranged by date (HPSCI will not be releasing the bolded interviews).

  1. [Comey, Jim (May 2 and 4, 2017): Intel]
  2. [Rogers, Mike (May 4, 2017): Intel]
  3. [Brennan, John (May 23, 2017): Intel]
  4. Coats, Dan (June 22, 2017): Intel
  5. Farkas, Evelyn (June 26, 2017): Ukraine/RU DOD
  6. Podesta, John (June 27, 2017): Clinton Chair
  7. Caputo, Michael (July 14, 2017): RU tied Trump
  8. Clapper, James (July 17, 2017): Intel
  9. Kushner, Jared (July 25, 2017): June 9 etc
  10. Carlin, John (July 27, 2017): Early investigation
  11. Gordon, JD (July 26, 2017): Trump NatSec
  12. Brown, Andrew (August 30, 2017): DNC CTO
  13. Tamene, Yared (August 30, 2017): DNC tech contractor
  14. Rice, Susan (September 6, 2017): Obama response to hack/unmasking
  15. Stone, Roger (September 26, 2017): Trump associate
  16. Epshteyn, Boris (September 28, 2017): RU-tied Trump
  17. Tait, Matthew (October 6, 2017): Solicit hack
  18. Safron, Jonathan (October 12, 2017): Peter Smith
  19. Power, Samantha (October 13, 2017): Obama response to hack/unmasking
  20. Catan, Thomas (October 18, 2017): Fusion
  21. Fritsch, Peter (October 18, 2017): Fusion
  22. Lynch, Loretta (October 20, 2017): Investigation
  23. Parscale, Brad (October 24, 2017): Trump’s data
  24. Cohen, Michael (October 24, 2017): Trump lawyer
  25. Rhodes, Benjamin (October 25, 2017): Obama response to hack/unmasking
  26. McCord, Mary (November 1, 2017): Early investigation
  27. Kaveladze, Ike (November 2, 2017): June 9 meeting
  28. Yates, Sally (November 3, 2017): Early investigation
  29. Schiller, Keith (November 7, 2017): Trump bodyguard
  30. Akhmetshin, Rinat (November 13, 2017): June 9
  31. Samachornov, Anatoli (November 28, 2017): June 9
  32. Sessions, Jeff (November 30, 2017): Trump transition
  33. Podesta, John (December 4, 2017): Dossier
  34. Denman, Diana (December 5, 2017): RNC platform
  35. Henry, Shawn (December 5, 2017): Crowdstrike
  36. Trump, Jr. Donald (December 6, 2017): June 9
  37. Phares, Walid (December 8, 2017): Trump NatSec
  38. Clovis, Sam (December 12, 2017): Trump NatSec
  39. Goldfarb, Michael (December 12, 2017): Dossier
  40. Elias, Marc (December 13, 2017): Dossier
  41. Nix, Alexander (December 14, 2017): Cambridge Analytica
  42. Goldstone, Rob (December 18, 2017): June 9
  43. Sussmann, Michael (December 18, 2017): Hack and dossier
  44. McCabe, Andrew (December 19, 2017): Early investigation
  45. Kramer, David (December 19, 2017): Dossier
  46. Sater, Felix (December 20, 2017): RU connected Trump
  47. Gaeta, Mike (December 20, 2017): Dossier go-between
  48. Sullivan, Jake (December 21, 2017): Dossier
  49. [Rohrabacher, Dana (December 21, 2017): Russian compromise]
  50. [Wasserman Schultz, Debbie (December 21, 2017): dossier]
  51. Graff, Rhona (December 22, 2017): June 9
  52. Kramer, David (January 10, 2018): Dossier
  53. Bannon, Stephen (January 16, 2018): Trump official
  54. Lewandowski, Corey (January 17, 2018): Trump official
  55. Dearborn, Rick (January 17, 2018): Trump official
  56. Bannon, Stephen (February 15, 2018): Trump official
  57. Hicks, Hope (February 27, 2018): Trump official
  58. Lewandowski, Corey (March 8, 2018): Trump official

While John Podesta, one of the earliest spearphishing victims, was one of  the earliest witnesses (and, as HPSCI shifted focus to the dossier, one of the last as well), the other hack witnesses, DNC CTO Andrew Brown and DNC IT contractor Yared Tamene, represent the DNC. Perhaps that’s because of the NYT’s big story on the hack, which was obviously misleading in real time and eight months old by the time of those interviews. While Perkins Coie lawyer and former DOJ cyber prosecutor Michael Sussmann would surely have real insight into the scope of all the Democratic targets, he was interviewed during HPSCI’s dossier obsession, not alongside Brown and Tamene.

All of which is to say that the HPSCI investigation of the hack was an investigation of the hack of the DNC, not of the full election year attack.

To get a sense of some of what that missed, consider the victims described in the GRU indictment (which leaves out some of the earlier Republican targets, such as Colin Powell). I’ve included relevant paragraph numbers to ID these victims.

  1. Spearphish victim 3, March 21, 2016 (Podesta)
  2. Spearphish victim 1 Clinton aide, March 25, 2016 (released via dcleaks)
  3. Spearphish victim 4 (DCCC Employee 1), April 12, 2016 ¶24
  4. Spearphish victim 5 (DCCC Employee), April 15, 2016
  5. Spearphish victim 6 (possibly DCCC Employee 2), April 18, 2016 ¶26
  6. Spearphish victim 7 (DNC target), May 10, 2016
  7. Spearphish victim 2 Clinton aide, June 2, 2016 (released via dcleaks)
  8. Spearphish victim 8 (not described), July 6, 2016
  9. Ten DCCC computers ¶24
  10. 33 DNC computers ¶26
  11. DNC Microsoft Exchange Server ¶29
  12. Act Blue ¶33
  13. Third party email provider used by Clinton’s office ¶22 (in response to July 27 Trump request)
  14. 76 email addresses at Clinton campaign ¶22 (in response to July 27 Trump request)
  15. DNC’s Amazon server ¶34
  16. Republican party websites ¶71
  17. Illinois State Board of Elections ¶72
  18. VR Systems ¶73
  19. County websites in GA, IA, and FL ¶75
  20. VR Systems clients in FL ¶76

Effectively, HPSCI (and most hack skeptics) focused exclusively on item 11, the DNC Microsoft Exchange server from which the emails sent to WikiLeaks were stolen.

Yet, at least as laid out by Mueller’s team, the election year hack started elsewhere — with Podesta, then the DCCC, and only after that the DNC. It continued to target Hillary through the year (though with less success than they had with the DNC). And some key things happened after that — such as the seeming response to Trump’s call for Russia to find more Hillary emails, the Info-Ops led targeting of election infrastructure in the summer and fall, and voter registration software. Not to mention some really intriguing research on Republican party websites. And this barely scratches on the social media campaign, largely though not entirely carried out by a Putin-linked corporation.

HPSCI would get no insight on the overwhelming majority of the election year operation, then, by interviewing the witnesses they did. Of particular note, HPSCI would not review how the targeting and release of DCCC opposition research gave Republican congressmen a leg up over their Democratic opponents.

And while HPSCI did interview the available June 9 meeting witnesses, they refused to subpoena the information needed to really understand it. Nor did they interview all the witnesses or subpoena available information to understand the Stone operation and the Peter Smith outreach.

Without examining the other multiple threads via which Russia recruited Republicans, most notably via the NRA, HPSCI wouldn’t even get a sense of all the ways Russia was trying to make Republicans and their party infrastructure into the tools of a hostile foreign country. And there are other parts of the 2016 attack that not only don’t appear in these interviews, but which at least one key member on the committee was utterly clueless about well past the time the investigation finished.

The exception to the rule that HPSCI didn’t seek out information that might damn Republicans, of course, is the interview of Dana Rohrabacher, who (along with President Trump) proved reliably willing to entertain Russian outreach via all known channnels. But that’s one of the interviews Republicans intend to keep buried because — according to an anonymous Daily Beast source — they don’t want Rohrabacher’s constituents to know how badly Russia has pwned him before November 6.

“The Republicans are trying to conceal from the voters their colleague Dana Rohrabacher’s Russia investigation testimony,” said a committee source familiar with the issue. “There were highly concerning contacts between Rohrabacher and Russians during the campaign that the public should hear about.”

By burying the Comey, Rogers, and Brennan transcripts, Republicans suppress further evidence of the degree to which Russia specifically targeted Hillary, and did so to help not just Trump, but the Republican party.

I’m sure there will be some fascinating material in these transcripts when they’re released. But even before the selective release, designed to hide any evidence gathered of how lopsided the targeting was, the scope of these interviews makes clear that the HPSCI investigation was designed to minimize, as much as possible, evidence showing how aggressively Russia worked to help Republicans.

As I laid out in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.