Posts

The Year Long Trump Flunky Effort to Free Julian Assange

The NYT has an unbelievable story about how Paul Manafort went to Ecuador to try to get Julian Assange turned over. I say it’s unbelievable because it is 28 paragraphs long, yet it never once explains whether Assange would be turned over to the US for prosecution or for a golf retirement. Instead, the story stops short multiple times of what it implies: that Manafort was there as part of paying off Trump’s part of a deal, but the effort stopped as soon as Mueller was appointed.

Within a couple of days of Mr. Manafort’s final meeting in Quito, Robert S. Mueller III was appointed as the special counsel to investigate Russian interference in the 2016 election and related matters, and it quickly became clear that Mr. Manafort was a primary target. His talks with Ecuador ended without any deals.

The story itself — which given that it stopped once Mueller was appointed must be a limited hangout revealing that Manafort tried to free Assange, complete with participation from the spox that Manafort unbelievably continues to employ from his bankrupt jail cell — doesn’t surprise me at all.

After all, the people involved in the election conspiracy made multiple efforts to free Assange.

WikiLeaks kicked off the effort at least by December, when they sent a DM to Don Jr suggesting Trump should make him Australian Ambassador to the US.

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

Weeks later, Hannity would go to the Embassy to interview Assange. Assange fed him the alternate view of how he obtained the DNC emails, a story that would be critical to Trump’s success at putting the election year heist behind him, if it were successful. Trump and Hannity pushed the line that the hackers were not GRU, but some 400 pound guy in someone’s basement.

Then the effort actually shifted to Democrats and DOJ. Starting in February through May 2017, Oleg Deripaska and Julian Assange broker Adam Waldman tried to convince Bruce Ohr or Mark Warner to bring Assange to the US, using the threat of the Vault 7 files as leverage. In February, Jim Comey told DOJ to halt that effort. But Waldman continued negotiations, offering to throw testimony from Deripaska in as well. He even used testimony from Christopher Steele as leverage.

This effort has been consistently spun by the Mark Meadows/Devin Nunes/Jim Jordan crowd — feeding right wing propagandists like John Solomon — as an attempt to obstruct a beneficial counterintelligence discussion. It’s a testament to the extent to which GOP “investigations” have been an effort to spin an attempt to coerce freedom for Assange.

Shortly after this effort failed, Manafort picked it up, as laid out by the NYT. That continued until Mueller got hired.

There may have been a break (or maybe I’m missing the next step). But by the summer, Dana Rohrabacher and Chuck Johnson got in the act, with Rohrabacher going to the Embassy to learn the alternate story, which he offered to share with Trump.

Next up was Bill Binney, whom Trump started pushing Mike Pompeo to meet with, to hear Binney’s alternative story.

At around the same time, WikiLeaks released the single Vault 8 file they would release, followed shortly by Assange publicly re-upping his offer to set up a whistleblower hotel in DC.

Those events contributed to a crackdown on Assange and may have led to the jailing of accused Vault 7 source Joshua Schulte.

In December, Ecuador and Russia started working on a plan to sneak Assange out of the Embassy.

A few weeks later, Roger Stone got into the act, telling Randy Credico he was close to winning Assange a pardon.

These efforts have all fizzled, and I suspect as Mueller put together more information on Trump’s conspiracy with Russia, not only did the hopes of telling an alternative theory fade, but so did the possibility that a Trump pardon for Assange would look like anything other than a payoff for help getting elected. In June, the government finally got around to charging Schulte for Vault 7. But during the entire time he was in jail, he was apparently still attempting to leak information, which the government therefore obtained on video.

Ecuador’s increasing crackdown on Assange has paralleled the Schulte prosecution, with new restrictions, perhaps designed to provide the excuse to boot Assange from the Embassy, going into effect on December 1.

Don’t get me wrong: if I were Assange I’d use any means I could to obtain safe passage.

Indeed, this series of negotiations — and the players involved — may be far, far more damning for those close to Trump. Sean Hannity, Oleg Deripaska, Paul Manafort, Chuck Johnson, Dana Rohrabacher, Roger Stone, and Don Jr, may all worked to find a way to free Assange, all in the wake of Assange playing a key role in getting Trump elected. And they were conducting these negotiations even as WikiLeaks was burning the CIA’s hacking tools.

Mueller Had Learned by February 22 that Roger Stone Was Pushing an Assange Pardon in January

Mother Jones has a story describing Roger Stone claiming to Randy Credico in January that President Trump was about to pardon Julian Assange.

In early January, Roger Stone, the longtime Republican operative and adviser to Donald Trump, sent a text message to an associate stating that he was actively seeking a presidential pardon for WikiLeaks founder Julian Assange—and felt optimistic about his chances. “I am working with others to get JA a blanket pardon,” Stone wrote, in a January 6 exchange of text messages obtained by Mother Jones. “It’s very real and very possible. Don’t fuck it up.” Thirty-five minutes later Stone added: “Something very big about to go down.”

As the story notes, this is the third known effort by Assange supporters (the other two being an early 2017 effort by lobbyist Adam Waldman and an August 2017 effort by Dana Rohrabacher) to get him a pardon, and would have come in the immediate wake of a Christmas Eve 2017 plan to sneak him out of the Ecuadorian Embassy to get him to Ecuador or Russia.

As interesting as I find the story that Stone was working for an Assange pardon is how quickly Mueller found out about it. Sam Nunberg says he was asked if he knew anything about it.

Sam Nunberg, a former Trump campaign aide who once worked closely with Stone, told Mother Jones that prosecutors asked him during a February interview if Stone “ever discussed pardons and Assange.” Nunberg said he had not heard Stone discuss such an effort, and prosecutors did not raise the subject during his subsequent testimony before a grand jury.

His interview was on February 22.

That would say that Mueller’s team had learned about the effort less than two months later (and before the March 9 warrant for multiple cell phones I’ve long speculated might have included one of Stone’s).

Obviously, US intelligence and law enforcement agencies have to be tracking all of Assange’s accessible communications closely. So Mueller’s knowledge of the pardon effort may have come from Assange himself. If it came from Stone’s side, though, it would suggest he learned about it pretty quickly.

In any case, in the interim, Mueller would presumably have obtained a lot more information on this effort, including whatever durable communications Stone had with people close to Trump on the effort. Which means a question about pre-emptively pardoning Assange likely got added to the Mueller questions to Trump about his efforts to pre-emptively pardon Mike Flynn and Paul Manafort.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The DNC-Centric Focus of the HPSCI Investigation

Through the duration of the various Russia investigations, skeptics always harp on two questions pertaining to the Russian election year hacks — why the Democrats never turned over the DNC “server,” singular, to the FBI, allegedly leaving the FBI to rely on Crowdstrike’s work, and whether several sets of files released via Guccifer 2.0 showed signs of non-Russian origin. That is, skeptics look exclusively at the DNC, not the totality of the known Russian targeting.

Looking at the list of witnesses the House Intelligence Committee called (which the committee will release in the coming weeks) shows one reason why: that the most public and propagandist of all the Russia investigations focused on the DNC to the detriment of other known Democratic targets.

Here’s what the list of the HPSCI interviews looks like arranged by date (HPSCI will not be releasing the bolded interviews).

  1. [Comey, Jim (May 2 and 4, 2017): Intel]
  2. [Rogers, Mike (May 4, 2017): Intel]
  3. [Brennan, John (May 23, 2017): Intel]
  4. Coats, Dan (June 22, 2017): Intel
  5. Farkas, Evelyn (June 26, 2017): Ukraine/RU DOD
  6. Podesta, John (June 27, 2017): Clinton Chair
  7. Caputo, Michael (July 14, 2017): RU tied Trump
  8. Clapper, James (July 17, 2017): Intel
  9. Kushner, Jared (July 25, 2017): June 9 etc
  10. Carlin, John (July 27, 2017): Early investigation
  11. Gordon, JD (July 26, 2017): Trump NatSec
  12. Brown, Andrew (August 30, 2017): DNC CTO
  13. Tamene, Yared (August 30, 2017): DNC tech contractor
  14. Rice, Susan (September 6, 2017): Obama response to hack/unmasking
  15. Stone, Roger (September 26, 2017): Trump associate
  16. Epshteyn, Boris (September 28, 2017): RU-tied Trump
  17. Tait, Matthew (October 6, 2017): Solicit hack
  18. Safron, Jonathan (October 12, 2017): Peter Smith
  19. Power, Samantha (October 13, 2017): Obama response to hack/unmasking
  20. Catan, Thomas (October 18, 2017): Fusion
  21. Fritsch, Peter (October 18, 2017): Fusion
  22. Lynch, Loretta (October 20, 2017): Investigation
  23. Parscale, Brad (October 24, 2017): Trump’s data
  24. Cohen, Michael (October 24, 2017): Trump lawyer
  25. Rhodes, Benjamin (October 25, 2017): Obama response to hack/unmasking
  26. McCord, Mary (November 1, 2017): Early investigation
  27. Kaveladze, Ike (November 2, 2017): June 9 meeting
  28. Yates, Sally (November 3, 2017): Early investigation
  29. Schiller, Keith (November 7, 2017): Trump bodyguard
  30. Akhmetshin, Rinat (November 13, 2017): June 9
  31. Samachornov, Anatoli (November 28, 2017): June 9
  32. Sessions, Jeff (November 30, 2017): Trump transition
  33. Podesta, John (December 4, 2017): Dossier
  34. Denman, Diana (December 5, 2017): RNC platform
  35. Henry, Shawn (December 5, 2017): Crowdstrike
  36. Trump, Jr. Donald (December 6, 2017): June 9
  37. Phares, Walid (December 8, 2017): Trump NatSec
  38. Clovis, Sam (December 12, 2017): Trump NatSec
  39. Goldfarb, Michael (December 12, 2017): Dossier
  40. Elias, Marc (December 13, 2017): Dossier
  41. Nix, Alexander (December 14, 2017): Cambridge Analytica
  42. Goldstone, Rob (December 18, 2017): June 9
  43. Sussmann, Michael (December 18, 2017): Hack and dossier
  44. McCabe, Andrew (December 19, 2017): Early investigation
  45. Kramer, David (December 19, 2017): Dossier
  46. Sater, Felix (December 20, 2017): RU connected Trump
  47. Gaeta, Mike (December 20, 2017): Dossier go-between
  48. Sullivan, Jake (December 21, 2017): Dossier
  49. [Rohrabacher, Dana (December 21, 2017): Russian compromise]
  50. [Wasserman Schultz, Debbie (December 21, 2017): dossier]
  51. Graff, Rhona (December 22, 2017): June 9
  52. Kramer, David (January 10, 2018): Dossier
  53. Bannon, Stephen (January 16, 2018): Trump official
  54. Lewandowski, Corey (January 17, 2018): Trump official
  55. Dearborn, Rick (January 17, 2018): Trump official
  56. Bannon, Stephen (February 15, 2018): Trump official
  57. Hicks, Hope (February 27, 2018): Trump official
  58. Lewandowski, Corey (March 8, 2018): Trump official

While John Podesta, one of the earliest spearphishing victims, was one of  the earliest witnesses (and, as HPSCI shifted focus to the dossier, one of the last as well), the other hack witnesses, DNC CTO Andrew Brown and DNC IT contractor Yared Tamene, represent the DNC. Perhaps that’s because of the NYT’s big story on the hack, which was obviously misleading in real time and eight months old by the time of those interviews. While Perkins Coie lawyer and former DOJ cyber prosecutor Michael Sussmann would surely have real insight into the scope of all the Democratic targets, he was interviewed during HPSCI’s dossier obsession, not alongside Brown and Tamene.

All of which is to say that the HPSCI investigation of the hack was an investigation of the hack of the DNC, not of the full election year attack.

To get a sense of some of what that missed, consider the victims described in the GRU indictment (which leaves out some of the earlier Republican targets, such as Colin Powell). I’ve included relevant paragraph numbers to ID these victims.

  1. Spearphish victim 3, March 21, 2016 (Podesta)
  2. Spearphish victim 1 Clinton aide, March 25, 2016 (released via dcleaks)
  3. Spearphish victim 4 (DCCC Employee 1), April 12, 2016 ¶24
  4. Spearphish victim 5 (DCCC Employee), April 15, 2016
  5. Spearphish victim 6 (possibly DCCC Employee 2), April 18, 2016 ¶26
  6. Spearphish victim 7 (DNC target), May 10, 2016
  7. Spearphish victim 2 Clinton aide, June 2, 2016 (released via dcleaks)
  8. Spearphish victim 8 (not described), July 6, 2016
  9. Ten DCCC computers ¶24
  10. 33 DNC computers ¶26
  11. DNC Microsoft Exchange Server ¶29
  12. Act Blue ¶33
  13. Third party email provider used by Clinton’s office ¶22 (in response to July 27 Trump request)
  14. 76 email addresses at Clinton campaign ¶22 (in response to July 27 Trump request)
  15. DNC’s Amazon server ¶34
  16. Republican party websites ¶71
  17. Illinois State Board of Elections ¶72
  18. VR Systems ¶73
  19. County websites in GA, IA, and FL ¶75
  20. VR Systems clients in FL ¶76

Effectively, HPSCI (and most hack skeptics) focused exclusively on item 11, the DNC Microsoft Exchange server from which the emails sent to WikiLeaks were stolen.

Yet, at least as laid out by Mueller’s team, the election year hack started elsewhere — with Podesta, then the DCCC, and only after that the DNC. It continued to target Hillary through the year (though with less success than they had with the DNC). And some key things happened after that — such as the seeming response to Trump’s call for Russia to find more Hillary emails, the Info-Ops led targeting of election infrastructure in the summer and fall, and voter registration software. Not to mention some really intriguing research on Republican party websites. And this barely scratches on the social media campaign, largely though not entirely carried out by a Putin-linked corporation.

HPSCI would get no insight on the overwhelming majority of the election year operation, then, by interviewing the witnesses they did. Of particular note, HPSCI would not review how the targeting and release of DCCC opposition research gave Republican congressmen a leg up over their Democratic opponents.

And while HPSCI did interview the available June 9 meeting witnesses, they refused to subpoena the information needed to really understand it. Nor did they interview all the witnesses or subpoena available information to understand the Stone operation and the Peter Smith outreach.

Without examining the other multiple threads via which Russia recruited Republicans, most notably via the NRA, HPSCI wouldn’t even get a sense of all the ways Russia was trying to make Republicans and their party infrastructure into the tools of a hostile foreign country. And there are other parts of the 2016 attack that not only don’t appear in these interviews, but which at least one key member on the committee was utterly clueless about well past the time the investigation finished.

The exception to the rule that HPSCI didn’t seek out information that might damn Republicans, of course, is the interview of Dana Rohrabacher, who (along with President Trump) proved reliably willing to entertain Russian outreach via all known channnels. But that’s one of the interviews Republicans intend to keep buried because — according to an anonymous Daily Beast source — they don’t want Rohrabacher’s constituents to know how badly Russia has pwned him before November 6.

“The Republicans are trying to conceal from the voters their colleague Dana Rohrabacher’s Russia investigation testimony,” said a committee source familiar with the issue. “There were highly concerning contacts between Rohrabacher and Russians during the campaign that the public should hear about.”

By burying the Comey, Rogers, and Brennan transcripts, Republicans suppress further evidence of the degree to which Russia specifically targeted Hillary, and did so to help not just Trump, but the Republican party.

I’m sure there will be some fascinating material in these transcripts when they’re released. But even before the selective release, designed to hide any evidence gathered of how lopsided the targeting was, the scope of these interviews makes clear that the HPSCI investigation was designed to minimize, as much as possible, evidence showing how aggressively Russia worked to help Republicans.

As I laid out in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Would Rod Rosenstein Object to a Mueller Action before Brett Kavanaugh Is Confirmed?

There’s a lot of discussion about whether or not DOJ’s traditional prohibition on major prosecutorial actions limits Robert Mueller. As I have explained, I personally think the terms of it don’t apply, with the possible exception of Dana Rohrabacher, because no other conceivable subject of Mueller’s investigation is conceivably on the ballot. Quinta Jurecic has a good piece explaining that it is a general practice, not a rule.

Justice Department Inspector General Michael Horowitz spelled out exactly why it’s wrong in three short pages of his recent report on the FBI’s conduct in the Clinton email investigation.

Two years ago, Jane Chong dove deep into the supposed 60-day rule in a Lawfare post on FBI Director James Comey’s October 2016 letter on new developments in the Clinton investigation. As she wrote then, there is no formal rule barring Justice Department action in the days immediately before an election. Rather, the “rule” is more of a soft norm based on what former Attorney General Eric Holder himself described as “long-standing Justice Department policies and tradition.” In a guidanceHolder issued in 2012, the attorney general wrote that, “Law enforcement officers and prosecutors may never select the timing of investigative steps or criminal charges for the purpose of affecting any election, or for the purpose of giving an advantage or disadvantage to any candidate or political party”—which, Chong noted, leaves a wide loophole for actions taken near an election without the purpose of affecting that election. In 2016, Attorney General Loretta Lynch issued a similar memorandum with the same language, as the inspector general report lays out.

Chong’s post was, in fact, cited by the inspector general report in the office’s own analysis of whether Comey had violated the supposed 60-day rule. “The 60-Day Rule is not written or described in any Department policy or regulation,” the report says. Investigators canvassed a range of “high-ranking [Justice] Department and FBI officials” on their own understandings of the guideline, which the report describes as “a general practice that informs Department decisions.”

This short section of the 500-plus-page report shows broad agreement among the current and former Justice Department officials interviewed that there is some kind of principle against taking action in such a way as to potentially influence an election, though the interviewees do not precisely agree on the contours of that principle. Former U.S. Attorney for the Southern District of New York Preet Bharara stated, investigators write, that “there is generalized, unwritten guidance that prosecutors do not indict political candidates or use overt investigative methods in the weeks before an election.” Former Deputy Attorney General Sally Yates located the cutoff more precisely at the 90-day instead of the 60-day mark.

The inspector general’s office also interviewed Ray Hulser, the former deputy assistant attorney general for the Public Integrity Section of the Justice Department, who was involved in the drafting of Lynch’s 2016 election integrity. Interestingly, Hulser told investigators that the Public Integrity Section had actually considered codifying the 60-day rule in the Lynch memo, but had decided not to because such a policy would be “unworkable.”

Yet, even though I don’t believe the 60-day “rule” does apply, my expectation is that Rod Rosenstein — who after is the one who will make any decisions about major Mueller actions — would nevertheless abide by it.

Still, that leaves three more days of this week, before the actual 60-day cut-off.

Which leaves me with another question: Would Rosenstein balk at a major action this week, before Brett Kavanaugh is confirmed to the Supreme Court?

After all, Rosenstein is close to Kavanaugh from when both served on a real witch hunt, the Ken Starr investigation into Bill Clinton’s blowjob (indeed, Kavanaugh seemed to have gotten off on the most scandalous details about that blowjob). Rosenstein has gone to great lengths to make DOJ resources available in support of his confirmation. Rosenstein showed up for the start of today’s hearing.

For Rosenstein, Kavanaugh’s confirmation is personal.

Would he do anything this week to stave off new Mueller revelations, to ensure the Kavanaugh bullet train races forward?

The Mueller Investigation: What Happens on September 7?

I hesitate to write this post, partly because I think it’s a good idea to dismiss every single thing that Rudy Giuliani says, and partly because we’ve all learned that it is sheer folly to pretend anyone can anticipate what Mueller will do, much less when.

Nevertheless, I wanted to address questions about what might happen in the next two weeks, as we approach the 60-day mark before midterm elections.

Rudy G is wrong about everything

The aforementioned Rudy G, who has been saying that Mueller has to shut down his entire investigation (or even finish up and go home) on September 1 on account of DOJ’s policy against overt investigative action close to an election.

As I said, the policy only prohibits overt acts, and only 60 days before the election. Mueller might argue that it’s entirely irrelevant, given that none of his known targets (save, perhaps, Dana Rohrabacher) are on the ballot. But enough credible journalists have suggested that DOJ is taking this deadline seriously with respect to Trump’s associates (including Michael Cohen in SDNY, where DOJ actually leaks), that it’s probably correct he’ll avoid overt acts in the 60 days before the November 6 election.

But that timeline starts on September 7, not September 1.

Paul Manafort’s stall

One thing we know will dominate the press in that pre-election period is Manafort’s DC trial, scheduled to start on September 17.

Unless he flips.

While I still don’t think he will flip, he is stalling in both his trials. In EDVA, he asked for and got a 30-day deadline to move for an acquittal or mistrial. He may have done so to provide extra time to consider the complaints raised by one juror that others were deliberating before they should have, which Manafort had asked for a mistrial over. If that’s right, juror Paula Duncan’s comments, describing the one holdout and explaining that even she, a Trump supporter, found the case a slam dunk, may persuade Manafort that challenging this trial won’t bring about any other result and may mean he gets convicted on the remaining 10 counts.

In any case, however, by getting 30 days to decide, Manafort moved the deadline from (by my math) September 3 to September 21, when he’s scheduled to be deep into the DC case (and therefore too busy to submit such a motion). It did, however, move the decision date past that September 7 date.

Speaking of the DC case, after getting an extension on the pre-trial statement in that case, Manafort basically punted on many of the substantive issues, effectively saying he’ll provide the required input later.

He may not be flipping, but he’s not prepared to start this trial.

Is it Roger Stone’s time in the barrel?

The big question, for me, is whether Mueller has finished his six month effort to put together a Roger Stone indictment.

Tantalizingly, back on August 10, Mueller scheduled Randy Credico to explain to the grand jury how Stone threatened him about his testimony. That appearance is for September 7. Given how far out Mueller scheduled this, I wondered at the time whether Credico was being slated to put the finishing touches on a Stone indictment.

What might prevent Mueller from finalizing Stone’s indictment, however, is Stone associate Andrew Miller, from whom Mueller has been trying to get testimony since May 9. Miller is challenging his grand jury subpoena; he’s due to submit his opening brief in his appeal on September 7. That might mean that Mueller has to wait. But two filings (District, Circuit), the docket in his subpoena challenge, and this CNN report may suggest they can move forward without first getting Miller’s testimony.

Both the Circuit document and CNN provide more details about a May 9 interview with two FBI Agents, with no attorney present (no offense to Miller, but what the fuck kind of self-described libertarian, much less one in Roger Stone’s immediate orbit, agrees to an FBI interview without a lawyer present)?

Mr. Miller was first interviewed by two agents of the Federal Bureau of Investigation who visited him unannounced on or about May 9, 2018, in Saint Louis, MO, where he resides. He was cooperative, answering all their questions for approximately two hours, and at the conclusion of the interview, was handed a subpoena to produce documents and testify as a witness before the grand jury.

CNN describes that’s what poses a perjury concern for Miller with regards to his testimony before the grand jury because of that original interview.

Miller’s case is complicated by the fact that he initially cooperated with the special counsel’s investigation. When FBI agents first approached him in May, he spoke with them at his home in St. Louis for two hours without an attorney.

[snip]

Dearn said in an interview that she was just being “carefully paranoid” and protecting her client from accidentally committing perjury if he testifies and contradicts something he told investigators back in May without a lawyer present.

As the District filing seems to suggest, Miller got not one but two subpoenas (???), just one of which called for document production:

Mr. Miller was served with two subpoenas dated June 5, 2018, both requiring his appearance before the Grand Jury on June 8, but only one of which required that he search and bring with him the documents described in the Attachment to one of the subpoenas. See Exhibits 1 and 2. After a filing a motion to quash on grounds not raised herein, this Court issued a Minute Order on June 18 requiring Mr. Miller’s appearance before the Grand Jury on June 29 and to produce the documents requested as limited by agreement of the parties by June 25.

Miller turned over 100MB of documents on June 25, but shortly thereafter, Mueller prosecutor Aaron Zelinsky asked for more.

Mr. Miller has since complied with that part of the order producing voluminous documents in a file that is 100MB in size to government counsel on Monday, June 25. In her cover email to government counsel, Aaron Zelinsky, Miller’s counsel stated in pertinent part: “Mr. Miller does not waive and hereby preserves all rights he has to object to the subpoena requiring his appearance before the Grand Jury this Friday…and from any continuing duty or obligation to supply additional documents subject to the subpoena.” See Exhibit 6. Nevertheless, Mr. Zelinsky recently informed counsel that he is not satisfied with this production and is unreasonably requesting additional documents from Mr. Miller.

CNN reported that those documents pertained to WikiLeaks and Guccifer 2.0.

After a protracted back and forth between Dearn and Mueller’s team, Miller handed over a tranche of documents. In turn, the government had agreed to limit its search to certain terms such as Stone, WikiLeaks, Julian Assange, Guccifer 2.0, DCLeaks and the Democratic National Committee, according to court filings and interview with attorneys.

So at the very least, Mueller has 100MB of documents that relate to Wikileaks and Guccifer 2.0 (which raises real questions about how Miller can say he knows nothing about the topic), and 2 hours of testimony that Miller may not want to tell the grand jury now that he has lawyers who might help him avoid doing so.

Meanwhile, there are some filings from the end of his District Court docket.

The Circuit document mostly explains what filings 33, 34, 35, and 37 are (though doesn’t explain why Mueller refused to stipulate that Miller be held in contempt): they’re the process by which he was held in contempt and therefore legally positioned to appeal.

6. Because Mr. Miller desired to appeal the order denying his motion, ensuing discussions with Special Counsel to stipulate that Mr. Miller be held in contempt for not appearing on the upcoming appearance before the grand jury on August 10, 2018, and to stay the contempt pending appeal did not succeed.

7. Consequently, two days before his appearance, on the evening of August 8, 2018, counsel emailed government counsel and Judge Howell’s clerk (and on the following morning of August 9, hand-filed with the clerk’s office), a Motion By Witness Andrew Miller To Be Held In Civil Contempt For Refusing To Testify Before The Grand Jury And To Stay Such Order To Permit Him To Appeal It To The U.S. Court Of Appeals For The District Of Columbia Circuit and citing authorities for granting a stay of contempt. ECF No. 33. The government served and a response on the evening of August 9 ( ECF. No. 35) and Mr. Miller served a reply early morning on August 10. ECF No. 37.

8. On August 10, undersigned counsel for Mr. Miller met government counsel at 9:00 a.m. as previously agreed to at the entrance to the grand jury offices, and was advised by government counsel that a motion to show cause was filed shortly before 9:00 a.m. ECF No. 34.

9. Approximately two hours later, the court held the show cause hearing, with the Mr. Miller and local counsel appearing telephonically from Saint Louis, MO.

10. The court granted Mr. Miller’s and the government’s request that he be held in contempt and stayed the order if the notice of appeal were filed by 9:00 a.m. August 14, 2018. ECF No. 36.

That doesn’t explain what Document 38 is, to which Miller didn’t respond, and in response to which Beryl Howell issued an order.

CNN’s description of Miller’s attorney’s concern seems to split his testimony into two topics: Guccifer and Wikileaks, and Stone’s PACs. Miller’s only worried about legal jeopardy in the latter of those two. (For some details on what the legal exposure might pertain to, see this post.)

[Alicia] Dearn was adamant that Miller not be forced to testify to the grand jury about one topic in specific: Stone. She asked that her client be granted immunity, “otherwise he’s going to have to take the Fifth Amendment,” she said in a court hearing in June.

Aaron Zelinsky, one of Mueller’s prosecutors, noted Miller’s lawyer was making two seemingly contradictory arguments: “On the one hand, that the witness knows nothing, has nothing to hide, and has participated in no illegal activity. On the other hand, that there is a Fifth Amendment concern there.”

In the hearing, Dearn said she was concerned Miller would be asked about his finances and transactions related to political action committees he worked on with Stone.

Miller “had absolutely no communication with anybody from Russia or with Guccifer or WikiLeaks,” Dearn said in an interview.

By process of elimination, the only thing she believes her client could get caught up on are questions about his financial entanglements with Stone and his super PAC.

The Circuit document concedes that Miller may be the subject — but not target — of this grand jury investigation.

12. Lest there be any misunderstanding, Mr. Miller was not a “target of grand jury subpoenas” (Concord Mot. at 1), but rather a fact witness or at most a subject of the grand jury; nor was he a “recalcitrant witness.” Id. at 13. As the foregoing background demonstrates, Mr. Miller has been a cooperative witness in this proceeding.

It would be really weird if Miller really did get two subpoenas, and that’s not consistent with the Circuit document. So it may be there were two topics or crimes described in the subpoena: conspiring with Russia, and running a corrupt PAC. And if Miller’s only personally legally exposed in the latter of those, then it’s possible Mueller would treat these differently.

So it’s possible Mueller got what they need to move forward on the main conspiracy case against Stone, while it has to wait on Miller’s own involvement in Stone’s corrupt PACs until after the DC Circuit reviews things.

Other September deadlines

The September 7 timing is interesting for two other reasons. First, that’s also the day that George Papadopoulos — whose plea deal covers his lies and obstuction but not any conspiracy case — is due to be sentenced.

Just 10 days later Mike Flynn (whose plea deal was also limited to his lies) has a status report due, just a 24-day extension off his previous one. That timing suggests he’s about done with his cooperation. Perhaps that shortened time frame is only due to his team’s push to get him back earning money to pay for his lawyers again. Perhaps there’s some other explanation.

Timeline

August 24: Revised deadline for Manafort pre-trial statement — Manafort punted on many issues.

August 28: Hearing in DC Manafort case.

September 3: Current deadline for motions in EDVA Manafort trial

September 4: Brett Kavanaugh confirmation hearings scheduled to begin (projected to last 3-4 days)

September 7: Randy Credico scheduled to testify before grand jury; George Papadopoulos scheduled for sentencing; Andrew Miller brief due before DC Circuit; 60 days before November 6 mid-terms

September 17: DC Manafort trial starts, status report due in Mike Flynn case

September 21: Requested deadline for motions in EDVA Manafort trial

September 28: Government brief due in DC Circuit appeal of Andrew Miller subpoena

October 9: Miller reply due in DC Circuit

November 6: Mid-term election

November 10: Status report due in Rick Gates case

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Silent Cast of Characters in the Very Noisy Recent Mueller Moves

A fuck-ton has happened in the Mueller investigation already this month. Amid the noisy pleas and indictments, we’ve seen indications of hidden cooperation from a range of people, cooperation that may point to where Mueller’s next steps are.

Here, arranged by the date of the development, are hints at who either was or soon is likely to be talking to Mueller’s team.

February 1: In a proffer to Mueller’s team, Rick Gates lied about a March 19, 2013 meeting with Paul Manafort, Vin Weber, and Dana Rohrabacher.

Rohrabacher’s statement in response to the guilty plea is inconsistent with the version laid out in the plea, suggesting he’s not the means by which Mueller’s team learned it was a lie.

After the guilty plea on Friday, a spokesman for Rohrabacher, who has sought better relations with Russia, said: “As the congressman has acknowledged before, the meeting was a dinner with two longtime acquaintances –- Manafort and Weber –- from back in his White House and early congressional days.”

“The three reminisced and talked mostly about politics,” the spokesman said. “The subject of Ukraine came up in passing. It is no secret that Manafort represented Viktor Yanukovych’s interests, but as chairman of the relevant European subcommittee, the congressman has listened to all points of view on Ukraine.”

This suggests someone else provided the version of the meeting the government included in the plea. While it’s possible the other version came from Gates’ former lawyers, it’s more likely the version came from someone else. Vin Weber is the most likely source of that information.

Back in August 2016, as news of the secret ledger was breaking,Weber suggested he may have been misled by Manafort, both as to the purpose of his lobbying and regarding the need to register as a foreign agent for Ukraine. If he felt that way in August 2016, I imagine he came to feel that even more strongly as Manafort’s legal woes intensified.

February 9: Returning a call from John Kelly but speaking to Don McGahn, Rod Rosenstein spoke of “important new information” about Jared Kushner that will delay his clearance.

Given all the evidence that suggests Jared faces very significant exposure in this investigation, this new information could be any number of things. But two possibilities are likely. First, it might reflect Jared’s January 3 disclosure of additional business interests in yet another update to his SF-86, or his family’s increasing debt over the last year.

More likely, it reflects things the government has learned from Mike Flynn (who has an incentive to burn Jared, given that the President’s son-in-law was asked for and didn’t provide exonerating information tied to Flynn’s own lies to the FBI). Indeed, that seems to be one theory of those who reported on this phone call.

Kushner’s actions during the transition have been referenced in the guilty plea of former Trump national security adviser Michael Flynn, who admitted he lied to the FBI about contacts with then-Russian Ambassador Sergey Kislyak. Prosecutors said Flynn was acting in consultation with a senior Trump transition official, whom people familiar with the matter have identified as Kushner.

All that said, there are two more possibilities. Given that she appears to have lied to the Senate Foreign Relations Committee in her confirmation process, KT McFarland would be an obvious follow-up interview after the Mike Flynn plea; she asked Trump to withdraw her nomination to be Ambassador to Singapore on February 3. And February 9 might be (though probably isn’t, quite) late enough to catch the first sessions of Steve Bannon’s 20 hours of interviews with Mueller, and Bannon has long had it in for Jared.

February 14: Alex Van der Zwaan got caught and pled guilty to lying about communications he had with Rick Gates, Konstantin Kilimnik, and Greg Craig in September 2016. On top of whatever he had to say to prosecutors between his second interview on December 1 and his plea on February 14, both Craig and Skadden Arps have surely provided a great deal of cooperation before and since September 2016. (As I was finishing this, NYT posted this story that details some, but not all, of that cooperation.)

February 16: As I noted in my post on the Internet Research Agency indictment, Rod Rosenstein was quite clear: “There is no allegation in the indictment that any American was a knowing participant in the alleged unlawful activity.” That said, there are three (presumed) Americans who, both the indictment and subsequent reporting make clear, are treated differently in the indictment than all the other Americans cited as innocent people duped by Russians: Campaign Official 1, Campaign Official 2, and Campaign Official 3. We know, from CNN’s coverage of Harry Miller’s role in building a cage to be used in a fake “jailed Hillary” stunt, that at least some other people described in the indictment were interviewed — in his case, for six hours! — by the FBI. But no one else is named using the convention to indicate those not indicted but perhaps more involved in the operation. Furthermore, the indictment doesn’t actually describe what action (if any) these three Trump campaign officials took after being contacted by trolls emailing under false names.

On approximately the same day, Defendants and their co-conspirators used the email address of a false U.S. persona, [email protected], to send an email to Campaign Official 1 at that donaldtrump.com email account, which read in part:

Hello [Campaign Official 1], [w]e are organizing a state-wide event in Florida on August, 20 to support Mr. Trump. Let us introduce ourselves first. “Being Patriotic” is a grassroots conservative online movement trying to unite people offline. . . . [W]e gained a huge lot of followers and decided to somehow help Mr. Trump get elected. You know, simple yelling on the Internet is not enough. There should be real action. We organized rallies in New York before. Now we’re focusing on purple states such as Florida.

The email also identified thirteen “confirmed locations” in Florida for the rallies and requested the campaign provide “assistance in each location.”

[snip]

Defendants and their co-conspirators used the false U.S. persona [email protected] account to send an email to Campaign Official 2 at that donaldtrump.com email account.

[snip]

On or about August 20, 2016, Defendants and their co-conspirators used the “Matt Skiber” Facebook account to contact Campaign Official 3.

Again, the DOJ convention of naming makes it clear these people have not been charged with anything. But we know from other Mueller indictments that those specifically named (which include the slew of Trump campaign officials named in the George Papadopoulos plea, KT McFarland and Jared Kushner in the Flynn plea, Kilimnik in the Van der Zwaan plea, and the various companies and foreign leaders that did Manafort’s bidding, including the Podesta Group and Mercury Public Affairs in his indictment) may be the next step in the investigation. As a reminder: Florida Republicans are those who most tangibly can be shown to have benefitted from Russia’s hack-and-leak, given that Guccifer 2.0 leaked a slew of Democratic targeting data for the state. (In perhaps related news, this week Tom Rooney became the third Florida Republican member of Congress to announce his retirement this cycle, which is all the more interesting given that he’s been involved in the HPSCI investigation into Russian tampering.)

February 23: Manafort’s superseding indictment (a version of which was originally filed February 16) added the description of the Hapsburg Group for former European officials who lobbied at the direction (to some degree via cut-outs) of Manafort.

MANAFORT explained in an “EYES ONLY” memorandum created in or about June 2012 that the purpose of the “SUPER VIP” effort would be to “assemble a small group of high-level European highly influencial [sic] champions and politically credible friends who can act informally and without any visible relationship with the Government of Ukraine.” The group was managed by a former European Chancellor, Foreign Politician A, in coordination with MANAFORT.

It may be that the government only recently obtained this document (meaning it was not among the 590,000 pages of documents obtained and turned over to Manafort in discovery thus far). But it’s likely this also reflects further testimony. Former Austrian Chancellor Alfred Gusenbauer denied he is Foreign Politician A to BBC, though that may be a non-denial denial tied to his claim he wasn’t directed by Manafort and only met him a few times (this Austrian story suggests only he doesn’t remember what American or English firm paid him). NYT reported that Gusenbauer’s lobbying during the relevant time period was registered under Mercury Public Affairs. This is another piece of evidence suggesting the group — and Vin Weber personally — has been cooperating since the original indictment.

Note, I assume that Mercury/Weber’s cooperation has been mirrored by Tony Podesta’s.

Chuck Johnson’s Narrowed Scope of What a Russian Is Excludes Known Conspirators in Operation

Michael Tracey has a story that purports to show that the Senate Intelligence Committee, in negotiating voluntary cooperation with Chuck Johnson, is criminalizing being Russian.

The Senate committee probing alleged Russian interference in the U.S. political system has deemed anyone “of Russian nationality or Russian descent” relevant to its investigation, according to a document obtained by TYT.

[snip]

On July 27, 2017, Charles C. Johnson, a controversial right-wing media figure, received a letter from Sens. Burr and Warner requesting that he voluntarily provide materials in his possession that are “relevant” to the committee’s investigation. Relevant materials, the letter went on, would include any records of interactions Johnson had with “Russian persons” who were involved in some capacity in the 2016 U.S. elections.

The committee further requested materials related to “Russian persons” who were involved in some capacity in “activities that related in any way to the political election process in the U.S.” Materials may include “documents, emails, text messages, direct messages, calendar appointments, memoranda, [and] notes,” the letter outlined.

Doss’s statement was in response to a request made by Robert Barnes, an attorney for Johnson, for clarification as to the SSCI’s definition of a “Russian person.”

How the committee expects subjects to go about ascertaining whether a person is of “Russian descent” is unclear. “It does indicate that the committee is throwing a rather broad net,” Jonathan Turley, a professor of law at George Washington University, said. “It is exceptionally broad.” In terms of constitutionality, Turley speculated that “most courts would view that as potentially too broad, but not unlawful.”

Johnson played a key role in several known parts of the election operation. In addition to brokering Dana Rohrabacher’s meeting with Julian Assange, all designed to provide some alternative explanation for the DNC hack, Johnson worked with Peter Smith and Weev to try to find the deleted emails from Hillary’s server.

Johnson said he and Smith stayed in touch, discussing “tactics and research” regularly throughout the presidential campaign, and that Smith sought his help tracking down Clinton’s emails. “He wanted me to introduce to him to Bannon, to a few others, and I sort of demurred on some of that,” Johnson said. “I didn’t think his operation was as sophisticated as it needed to be, and I thought it was good to keep the campaign as insulated as possible.”

Instead, Johnson said, he put the word out to a “hidden oppo network” of right-leaning opposition researchers to notify them of the effort. Johnson declined to provide the names of any of the members of this “network,” but he praised Smith’s ambition.

“The magnitude of what he was trying to do was kind of impressive,” Johnson said. “He had people running around Europe, had people talking to Guccifer.” (U.S. intelligence agencies have linked the materials provided by “Guccifer 2.0”—an alias that has taken credit for hacking the Democratic National Committee and communicated with Republican operatives, including Trump confidant Roger Stone—to Russian government hackers.)

Johnson said he also suggested that Smith get in touch with Andrew Auernheimer, a hacker who goes by the alias “Weev” and has collaborated with Johnson in the past. Auernheimer—who was released from federal prison in 2014 after having a conviction for fraud and hacking offenses vacated and subsequently moved to Ukraine—declined to say whether Smith contacted him, citing conditions of his employment that bar him from speaking to the press.

Tracey’s claims are based on this email (and, clearly, cooperation with Johnson).

Except Tracey (and so presumably Johnson) appear to be misrepresenting what is going on.

When SSCI originally asked for Johnson’s cooperation in July, they asked him to provide communications “with Russian persons, or representatives of Russian government, business, or media interest” relating to the 2016 election and any hack related to it.

And while Tracey calls the December follow-up a “clarification,” Doss clearly considers it a “narrowing” of that July description. So the description Tracey finds so outrageous — people of Russian nationality or descent — appears to be a subset of what might be included in the original request.

Moreover, the narrowing might be really detrimental to SSCI’s ability to learn what Johnson was up to when he was seeking out Russian hackers who might have Hillary’s server. Consider just the examples of Karim Baratov or Ike Kaveladze. Both are likely suspects for involvement in the events of 2016. Baratov — the hacker who recently pled guilty to compromising selected Google and Yandex accounts for FSB — is a Canadian citizen born in Kazakhstan. Kaveladze — who works for Aras Agalarov, has past ties to money laundering, and attended the June 9, 2016 meeting — is an American citizen born in Georgia. Neither is ethnically Russian. So if Johnson had any hypothetical interactions with them, he could cabin off those interactions based on this narrowed definition of what counts as a Russian.

To say nothing of Johnson’s interactions with Assange, who is Australian, yet whose ties to Russia are unclear. Effectively, even if Johnson knew that Assange had coordinated with Russia last year, he wouldn’t have to turn over his communications with him, because he’s not himself Russian.

According to Tracey’s piece, Johnson says he won’t cooperate regardless, in spite of his lawyer’s efforts to narrow the scope of any cooperation.

But I find it interesting that his lawyer attempted to narrow any testimony in a fashion that might hide important parts of Johnson’s actions.

The Implicit Threat in Julian Assange’s Ambassador Tweet

The other day, I suggested the Twitter Direct Messages between Wikileaks and Don Jr were underwhelming, in that some of the more damning things we might have expected did not show up in those DMs. Since then, several things have become clear. First, there were some time zone inaccuracies behind the timestamps on one of the most inflammatory claims (that Trump immediately tweeted in response to an October 12 DM from Assange; it probably was 75 minutes). And the password Wikileaks shared with Don Jr had been made available to journalists and may have been passed on by Chuck Johnson, who was currying favor with Assange at the time; that minimizes the possibility that such sharing could be deemed a CFAA or other kind of technical violation though puts Johnson more centrally in this picture.

I didn’t say explicitly enough in that post and I should have, though, that I was speaking about Don Jr, not about Wikileaks.

Wikileaks’ contributions do show the organization (and Assange in particular, in those DMs we know involved him) to be self-interested and rabidly anti-Clinton If you haven’t known the latter fact to be true since Hillary did some pretty crazy things in 2010, then you’re new to this rodeo. That said, the tweets did elicit some righteous betrayal from Barrett Brown, which I totally respect given the price he has paid for the claimed idealism of Wikileaks (see also this story).

It’s worth remembering, as Emma Best notes, because they’ve been under unrelenting surveillance since 2010, “WikiLeaks *knew* the DMs were being monitored in real time. It was inevitable that this would leak. Simply calling this dumb misses the point and ignores the tradecraft at play.” Assange, from the refusal of inside information to the demand for an Ambassadorship, was staging a show, and we should remember that.

That said, I’m far more interested in Assange’s subsequent response to the disclosure of the emails, specifically this tweet. In the full DMs released by Don Jr (I think Wikileaks can fairly claim Atlantic took out some context — Atlantic came close to and I think should have just replicated the content of all the DMs, though Brown disagrees), this was the comment Assange made on December 16 asking to be Ambassador.

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

On Tuesday, Assange posted an ostensible follow-up to that one, renewing his offer to serve as Ambassador.

Note, Assange had originally misspelled Don Jr’s twitter handle, so deleted and reposted it.

This has been taking as trolling, with Assange’s notion that he’d open a hotel in DC, as the Trumps have, with “luxury immunity suites” for whistleblowers.

But even that’s not trolling. It’s a public renewal, more explicit this time, of Assange’s request for a pardon from Trump Sr, though here he drops the “offer” of the claims laundered through Dana Rohrabacher that the emails Assange published to help Trump get elected came from an insider and not Russia. Assange wants the fuck out of his embassy closet, and he’s willing to say that explicitly, now, in a public tweet (as Best noted, making this request visible for all).

Remember, Rohrabacher was always clear that someone (or someones, but Chuck Johnson is clearly one of those people) had made clear that Trump wanted this information. Was Don Jr in on that loop?

It’s the rest of the tweet that got less attention. First, Assange’s promise of “a turbo-charged flow of intel about the latest CIA plots to undermine democracy,” a remarkable reference coming as it does in the wake of Mike Pompeo’s consideration of an alternative narrative for how Wikileaks got emails (as I noted, scheduled even as John Kelly thwarted Rohrabacher’s attempts to meet with Trump directly), not to mention Trump’s screed at John Brennan and others over the weekend.

Assange is agreeing with Trump, even if no one else is, even as the two of them both seek to push an alternative narrative that doesn’t have the Russians orchestrating Assange’s actions for Trump’s benefit, that the CIA is undermining Trump’s presidency.

It’s the hashtag, though, that most observers missed: Vault 8.

Vault 8 is the name Wikileaks has given for its release — started just Friday — of actual source code for CIA’s hacking tools, after long releasing “just” the development notes and manuals for the same tools. I noted then both the way Wikileaks was picking up Shadow Brokers’ narrative about Kaspersky, but also the multiple references to Wikileaks having the same set of NSA files as Shadow Brokers had.

I noted last December that with the December 14 Shadow Brokers release of new NSA tools (just days before Assange joked about being ambassador), the persona seemed to be engaging in extortion: “Nice little NSA here, it’d be shame if anything would happen to it.” Since that time, Shadow Brokers made good on the threat, leading to global cyberattacks. What Assange seems to be doing is similar: no longer a quid pro quo for safety in DC, but now a threat, using CIA, and tools released in CIA’s name, as hostage.

Assange is not offering to release secrets about CIA, but instead weapons leaked or stolen from them. Sure, to the extent the Vault 7 releases haven’t already, that’ll allow others to attribute CIA attacks. But it’ll also devastate the agency and badly undermine US power.

That appears to be where Assange’s request for immunity has gotten.

About the Timing of the Binney Meeting

The Intercept is reporting that, on Trump’s orders, Mike Pompeo met with Bill Binney on October 24 to understand his theory arguing that the DNC hack was in fact a leak.

In an interview with The Intercept, Binney said Pompeo told him that President Donald Trump had urged the CIA director to meet with Binney to discuss his assessment that the DNC data theft was an inside job. During their hour-long meeting at CIA headquarters, Pompeo said Trump told him that if Pompeo “want[ed] to know the facts, he should talk to me,” Binney said.

[snip]

Binney said that Pompeo asked whether he would be willing to meet with NSA and FBI officials to further discuss his analysis of the DNC data theft. Binney agreed and said Pompeo said he would contact him when he had arranged the meetings.

I’ve got a few comments about this.

First, I’m particularly intrigued in the timing. on Twitter, Jim Sciutto said Trump had been pushing for Pompeo to meet with Binney for several weeks.

Pompeo took the meeting at the urging of President Trump over weeks. Pompeo told Binney: “The president told me I should talk to you”

I’ve been told the meeting was set up by October 14, which means Trump has been pushing for this meeting for over a month. That dates it to around the same time as reports that Chief of Staff John Kelly was preventing Dana Rohrabacher from meeting Trump to pass on Julian Assange’s claims explaining how the emails he received didn’t come from Russia, though that scheme went back further, to mid-August.

Effectively, though, that means Trump has been trying to find some way to magnify theories that argue culprits besides Russia did the hack. The guy who begged Russia to hack Hillary’s emails in the middle of last summer is looking for some alternative narrative to push, and it’s not clear whether he cares what that narrative is.

Though, as I noted in my post on these theories, now that we know the files Guccifer 2.0 leaked were from Podesta and as-yet unidentified sources, it makes all the arguments focusing on Guccifer beside the point (and disrupts Craig Murray’s claims).

On top of a lot of other implications of this, it shifts the entire debate about whether Guccifer 2.0 was WikiLeaks’ source, which has always focused on whether the documents leaked on July 22 came from Guccifer 2.0. Regardless of what you might conclude about that, it shifts the question to whether the Podesta emails WikiLeaks posted came from Guccifer 2.0, because those are the ones where there’s clear overlap. Russia’s role in hacking Podesta has always been easier to show than its role in hacking the DNC.

It also shifts the focus away from whether FBI obtained enough details from the DNC server via the forensic image it received from Crowdstrike to adequately assess the culprit. Both the DNC and Hillary (as well as the DCCC) servers are important. Though those that squawk about this always seem to miss that FBI, via FireEyedisagreed with Crowdstrike on a key point: the degree to which the two separate sets of hackers coordinated in targeted servers; I’ve been told by someone with independent knowledge that the FBI read is the correct one, so FBI certainly did their own assessment of the forensics and may have obtained more accurate results than Crowdstrike (I’ve noted elsewhere that public IC statements make it clear that not all public reports on the Russian hacks are correct).

In other words, given that the files that Guccifer 2.0 first leaked actually preempted WikiLeaks’ release of those files by four months, what you’d need to show about the DNC file leaks is something entirely different than what has been shown.

Binney and the other skeptics aren’t even arguing the right issue anymore.

Moreover, there’s a newly public detail that may moot two key strands of the argument. Last week the WSJ (here’s the Reuters version) reported that DOJ is thinking of charging 6 Russian officials in the hack of the DNC. I get it. People are skeptical that the FBI has any better data than the NSA (though I know others, outside of the FBI, believe they’ve pinpointed hackers by name). But as part of that story,  they described the four districts where the investigation into the hack (as distinct from Mueller’s investigation into the election tampering) live.

The U.S. Justice Department has gathered enough evidence to charge six members of the Russian government in the hacking of Democratic National Committee computers before the 2016 U.S. presidential election, the Wall Street Journal reported on Thursday, citing people familiar with the investigation.

Federal agents and prosecutors in Washington, Philadelphia, Pittsburgh and San Francisco have been cooperating on the DNC investigation and prosecutors could bring the case to court next year, it said.

[snip]

The hacking investigation, conducted by cybersecurity experts, predates the appointment in May of federal special counsel Robert Mueller to oversee the probe of alleged Russian meddling in the 2016 election and possible collusion with President Donald Trump’s campaign.

Mueller and the Justice Department agreed to allow the technical cyber investigation to continue under the original team of agents and prosecutors, the Journal said.

I’m not sure the report is 100% accurate; for example, I know of a non-political witness in the election-related hack being interviewed by Mueller’s people.

But it includes a little-noticed detail that I know to be accurate — and important to rebut the claim that the copying speed claimed by Forensicator requires a conclusion incompatible with Russia carrying out the hack. Part of the investigation is in Philadelphia.

When Reuters first reported a tripartite structure of the investigation in February, it included San Francisco (the Guccifer 2.0 investigation), Pittsburgh (the Russian side, probably focused on known APTs), and DC (the counterintelligence side — though that would significantly be Mueller’s investigation).

Philadelphia was not included. I only know a bit about the Philadelphia side of the investigation, but I do know that part of the investigation is located there because of a server in the district. So one way or another, we know that the FBI is conducting an investigation in an Eastern city as part of the hacking investigation based on the use of a server in the district. That doesn’t necessarily mean they’re investigating Russians. But it means even if you account for a server in the eastern time zone, you still have FBI preparing to charge Russians for the hack.

Which brings us to the last line of the Intercept article.

Binney said that since their meeting, he has not heard from Pompeo about scheduling follow-up meetings with the NSA and FBI.

Granted, it has only been two weeks. But in that time, not even Pompeo’s prodding has made the FBI (more likely) or the NSA (which still has bad blood with Binney) remotely curious about these theories.

On the New (and Not-So New) Claims about Guccifer 2.0

The initial files released by the persona Guccifer 2.0 on June 15, 2016 included — in addition to graffiti paying tribute to Felix Dzerzhinsky, the founder of Russia’s secret police — metadata deliberately set to Cyrillic (the metadata had previously been interpreted, implausibly even at the time, to be a mistake).

And a file later released on September 13, 2016 purportedly from Guccifer 2.0 but released via a magnet site and never linked on his WordPress site, was probably copied, locally, to a Linux drive somewhere in the Eastern time zone on July 5, 2016; the files were then copied to a Windows file on September 1, 2016.

Those are the fairly uncontroversial findings from two separate research efforts that have recently renewed debate over whether the conclusion of the intelligence community, that Russia hacked the DNC, is valid.

I’m going to do a two part post on this issue.

What to Read

As you might be able to figure out, nothing about those two conclusions at all dictates that the Intelligence Community conclusions that Russia is behind the hack of Democratic targets are wrong. The reason they’re so controversial is because they’ve been used, in tandem, to support claims that the IC conclusion is wrong, first in a (to me) unconvincing letter by the Veteran Intelligence Professionals for Sanity (chiefly Bill Binney, Kirk Wiebe, Ed Loomis, and Ray McGovern), and then in some even sloppier versions, most notably at the Nation. In between the original analysis and these reports are some other pieces making conclusions about the research itself that are in no way dictated by the research.

In other words, it’s all a big game of telephone, some research going in the front end and a significantly distorted message coming out the back end.

So before I get into what the two studies do show, let’s talk about what you should read. The first argument has been made by Adam Carter at his G2-space, which is laudable as a resource for documents on Guccifer 2.0, no matter what you think of his conclusions. There’s a ton in there, not all of which I find as persuasive as the argument pertaining to the Russian metadata. Happily, he made two free-standing posts demonstrating the RSID analysis (one, two). I first discussed this analysis here.

The RSID analysis showing that the cyrillic in Guccifer 2.0’s documents was actually intentional relies, in part, on the work of someone else, posting under the name /u/tvor_22. His post on this is worthwhile not just for the way it maps out how people came to be fooled by the analysis,  but for the five alternative explanations he offers. In in no way think those five possibilities are comprehensive, but I appreciate the effort to remain open about what conclusions might be drawn from the evidence.

Between those three posts, they show that the first five documents released by Guccifer 2.0 were all copied into one with certain settings set, deliberately, to the Russian language. That’s the first conclusion.

The forensics on copying was done by a guy posting under the name The Forensicator, whose main post is here. Note his site engages in good faith with the rebuttals he has gotten, so poke around and see how he responds.  He argues a bunch of things, most notably that the first copy of files released in September was copied locally back in July, perhaps from a computer networked to the host server. That analysis doesn’t rule out that the data was on some server outside of the DNC. I raised one concern about this analysis here.

Finally, for a more measured skeptical take — from someone also associated with VIPS who did not join in their letter — see Scott Ritter’s take. I don’t agree with all of that either, but I think a second skeptical view is worthwhile.

All of which is to say if you want to read the analysis — rather than conclusions that I think go well beyond the analysis — read the analysis. Assuming both are valid (again, I think the RSID case is stronger than the copying one), the sole conclusions I’d draw from them is that the Guccifer 2.0 figure wanted to be perceived as a Russian — something he succeeded in doing through far more than just metadata, though the predispositions of researchers and the press certainly made it easy for him. And, some entity that may associated with Guccifer 2.0 (but may also be a proxy)  is probably in the Eastern Time Zone, possibly (though not definitely) close to the DNC (or some other target server). That’s it. That’s what you need to explain if you believe both pieces of analysis.

Whatever explanation you use to explain the inclusion of Iron Felix in the documents (which is consistent with graffiti left in the hacked servers) would be the same one you use to explain why the metadata was set to Cyrillic; the IC and people close to the hack have explained that the hackers liked to boast. And the only explanation you need for the local copy is that someone associated with the Russians was close to DC, such as at the Maryland compound that got shut down.

Guccifer and the DNC … or DCCC … or Hillary

Since we’re examining these claims, there’s another part of the presentation on the RSID data (and Carter’s site generally), that deserves far more prominent mention than the current debate has given, because it undermines the framing of the debate. We’ve been arguing for a year about Russia’s tie to Guccifer 2.0 based on the persona’s claim to have provided DNC documents to WikiLeaks. But the documents originally released in the initial weeks by Guccifer 2.0 were, by and large, not DNC documents. As far as I know/u/tvor_22 was the first to note this. He describes that the Trump document first leaked only appears via other sources as an attachment to a Podesta email, though there are alterations in the metadata, as are three of the others, with the fifth coming from an unidentified source.

Let’s take the very first document posted by Guccifer2.0, which some security researchers have cited as ‘an altered document not properly sanitised.’ If we diff the raw copy — pasted into text documents — of both the original Trump document found in the Podesta emails and the Guccifer 2.0 version, ignoring white-spaces and tabs (diff -w original.txt altered.txt):

  • the table of contents has been re-factored.
  • many of the links are naked in the Guccifer2.0 version. (Naked as in not properly behind link titles, indicating Guccifer2.0’s version may have been an earlier draft.)
  • the error messages are in Russian.
  • None of the above quirks could be found in comparing 2,3, or 5.doc to their originals (100% textually equivalent). 4.doc could not be found on WikiLeaks for a comparison.

None of the textual content in any of these four ‘poorly sanitised’ documents has been altered, removed, or doctored. In other words all the differences you would expect from a copy and paste from one editor to another. So why bother copy and pasting into a new document at all? I wonder.

[1.doc’s original, 2.doc’s original, 3.doc’s original, 5.doc’original. 4.doc could not be found in Wikileaks. The bare texts of 2,3, and 5 are checksum equivalent.]

G2-space has posted an expansion of this analysis, by JimmysLlama. It provides a list for where the first 40 documents (covering Guccifer 2.0’s first two WordPress posts) can — or cannot — be found. The source for (roughly) half remains unidentified, the other half came from Podesta’s emails. At the very least, that reporting makes it clear that even for documents claimed (falsely) to be DNC documents, Guccifer had a broader range of documents than what WikiLeaks published.

That explains reporting from last summer that indicated the FBI wasn’t sure if WikiLeaks’ documents had come from Russia/Guccifer 2.0.

The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

Now we know why: because they weren’t the same set of files as had been taken from the DNC (though the FBI did already know some Hillary staffers had been hacked.) See this post from last summer, in which I explore that and related questions.

The detail that Guccifer 2.0 was actual posting Hillary, not DNC, documents is somewhat consistent with what John Podesta has said. He revealed that he recognized an early “DNC” document probably came from his email.

And other campaign officials also had their emails divulge earlier than October 7th. But in one of those D.N.C. dumps, there was a document that appeared to me was– that appeared came– might have come from my account.

Podesta he has always been squirrelly about thus stuff and probably has reason to hide that the Democrats’ claims that Guccifer 2.0 was releasing DNC documents were wrong (indeed, that’s something that would be far more supportive of skeptics’ alternative theories than this Guccifer 2.0 data, but it’s also easily explained by Democrats’ understandable choices to minimize their exposure last summer). Importantly, Podesta also suggests that “other campaign officials also had their emails divulged earlier than October 7th,” without any suggestion that that is just via DC Leaks.

On top of a lot of other implications of this, it shifts the entire debate about whether Guccifer 2.0 was WikiLeaks’ source, which has always focused on whether the documents leaked on July 22 came from Guccifer 2.0. Regardless of what you might conclude about that, it shifts the question to whether the Podesta emails WikiLeaks posted came from Guccifer 2.0, because those are the ones where there’s clear overlap. Russia’s role in hacking Podesta has always been easier to show than its role in hacking the DNC.

It also shifts the focus away from whether FBI obtained enough details from the DNC server via the forensic image it received from Crowdstrike to adequately assess the culprit. Both the DNC and Hillary (as well as the DCCC) servers are important. Though those that squawk about this always seem to miss that FBI, via FireEye, disagreed with Crowdstrike on a key point: the degree to which the two separate sets of hackers coordinated in targeted servers; I’ve been told by someone with independent knowledge that the FBI read is the correct one, so FBI certainly did their own assessment of the forensics and may have obtained more accurate results than Crowdstrike (I’ve noted elsewhere that public IC statements make it clear that not all public reports on the Russian hacks are correct).

In other words, given that the files that Guccifer 2.0 first leaked actually preempted WikiLeaks’ release of those files by four months, what you’d need to show about the DNC file leaks is something entirely different than what has been shown.

New Yorker’s analysis on coordination

That’s a task Raffi Khatchadourian took on, using an analysis of what got published when, to argue that Russia is WikiLeaks’ source in his recent profile of Assange (I don’t agree with all his logical steps, particularly his treatment of the relationship between Guccifer 2.0 and DC Leaks, but in general my disagreements don’t affect his analysis about Russia).

Throughout June, as WikiLeaks staff worked on the e-mails, the persona had made frequent efforts to keep the D.N.C. leaks in the news, but also appeared to leave space for Assange by refraining from publishing anything that he had. On June 17th, the editor of the Smoking Gun asked Guccifer 2.0 if Assange would publish the same material it was then doling out. “I gave WikiLeaks the greater part of the files, but saved some for myself,” it replied. “Don’t worry everything you receive is exclusive.” The claim at that time was true. None of the first forty documents posted on WordPress can be found in the WikiLeaks trove; in fact, at least half of them do not even appear to be from the D.N.C., despite the way they were advertised.

But then, on July 6th, just before Guccifer 2.0 complained that WikiLeaks was “playing for time,” this pattern of behavior abruptly reversed itself. “I have a new bunch of docs from the DNC server for you,” the persona wrote on WordPress. The files were utterly lacking in news value, and had no connection to one another—except that every item was an attachment in the D.N.C. e-mails that WikiLeaks had. The shift had the appearance of a threat. If Russian intelligence officers were inclined to indicate impatience, this was a way to do it.

On July 18th, the day Assange originally planned to publish, Guccifer 2.0 released another batch of so-called D.N.C. documents, this time to Joe Uchill, of The Hill. Four days later, after WikiLeaks began to release its D.N.C. archive, Uchill reached out to Guccifer 2.0 for comment. The reply was “At last!”

[snip]

Whatever one thinks of Assange’s election disclosures, accepting his contention that they shared no ties with the two Russian fronts requires willful blindness. Guccifer 2.0’s handlers predicted the WikiLeaks D.N.C. release. They demonstrated inside knowledge that Assange was struggling to get it out on time. And they proved, incontrovertibly, that they had privileged access to D.N.C. documents that appeared nowhere else publicly, other than in WikiLeaks publications. The twenty thousand or so D.N.C. e-mails that WikiLeaks published were extracted from ten compromised e-mail accounts, and all but one of the people who used those accounts worked in just two departments: finance and strategic communications. (The single exception belonged to a researcher who worked extensively with communications.) All the D.N.C. documents that Guccifer 2.0 released appeared to come from those same two departments.

The Podesta e-mails only make the connections between WikiLeaks and Russia appear stronger. Nearly half of the first forty documents that Guccifer 2.0 published can be found as attachments among the Podesta e-mails that WikiLeaks later published. Moreover, all of the hacked election e-mails on DCLeaks appeared to come from Clinton staffers who used Gmail, and of course Podesta was a Clinton staffer who used Gmail. The phishing attacks that targeted all of the staffers in the spring, and that targeted Podesta, are forensically linked; they originated from a single identifiable cybermechanism, like form letters from the same typewriter. SecureWorks, a cybersecurity firm with no ties to the Democratic Party, made this assessment, and it is uncontested.

Now, I’d like to see the analysis behind this publicly. It should be expanded to include all the documents leaked by Guccifer 2.0. It should include more careful analysis of the forensics behind the phishes (security companies have done this, but have not shown all their work). Moreover, it doesn’t rule out a piggyback hack, though given that Guccifer 2.0 was leaking Hillary emails from the start, it’s unclear how that piggyback would work. All that said, it provides a circumstantial case that these were the same two sets of documents.

Khatchadourian doesn’t dwell on something he alluded to here, which is that all the DNC documents were email focused, collected from just 10 mailboxes. That’s the nugget that, I suspect, Assange will point to (and may have shared with Dana Rohrabacher) in an effort to rebut the claims his source was Russia (one thing Khatchadourian gets wrong is what Craig Murray said about two different sources for WikiLeaks, but then he points to a WikiLeaks claim they got the emails in late summer and September 19 date on all of them — not long before Murray picked something up in DC — so that’s another area worth greater focus). For now, I’ll bracket that, but while I suspect it points to really interesting conclusions, I don’t think it necessarily undermines the claim that Russia was Assange’s source. More importantly, none of the things people are pointing to in this new analysis — the metadata in files released by Guccifer 2.0, the metadata in files released on a magnet site but never directly by Guccifer 2.0 — affects the analysis of how completely unrelated emails got to WikiLeaks at all.

All of which is to say that the these two pieces of analysis actually miss the far more interesting analysis that got done with it.

Update: Turns out the Nation issued a correction today, which reads in part,

Subsequently, Nation editors themselves raised questions about the editorial process that preceded the publication of the article. The article was indeed fact-checked to ensure that Patrick Lawrence, a regular Nation contributor, accurately reported the VIPS analysis and conclusions, which he did. As part of the editing process, however, we should have made certain that several of the article’s conclusions were presented as possibilities, not as certainties. And given the technical complexity of the material, we would have benefited from bringing on an independent expert to conduct a rigorous review of the VIPS technical claims.

It added an outside analysis by Nathanial Freitas of the two reports, a rebuttal from VIPS members who did not join the letter, and a response from those who did. Freitas provides a number of other possibilities to get the throughput observed by Forensicator. The VIPS dissenters raise some of the same points I do, including that this server may be somewhere outside of DNC.

It is important to note that it’s equally plausible that the cited July 5, 2016, event was carried out on a server separate from the DNC or elsewhere, and with data previously copied, transferred, or even exfiltrated from the DNC.

However, independent of transfer/copy speeds, if the data was not on the DNC server on July 5, 2016, then none of this VIPS analysis matters (including the categorically stated fact that the local copy was acquired by an insider) and simply undermines the credibility of any and all analysis in the VIPS memo when joined with this flawed predicate.