Posts

The Trump-Biden-Pence Documents Story Is Not (Yet) about Overclassification

It is my belief that had Eric Holder appointed a Special Counsel to investigate David Petraeus’ hoarding of classified information, the retired General might have been charged with 18 USC 793(e) and maybe even 793(d).

That’s true, first of all, because the facts he admitted to as part of his wrist-slap plea largely cover the elements of the offense. That’s true, too, because everyone but Holder seemed to support charging Obama’s CIA Director. Ultimately, the decision would have remained Holder’s. Holder might have overruled a Special Counsel even still, as he is reported to have overruled prosecutors. Holder may have calculated that Petraeus’ years-long cultivation of Congress would mitigate any blowback for overriding the recommendation to prosecute.

Certainly Holder paid no price for making the decision he did make: Congress believed that Petraeus could do no wrong.

Instead, Petraeus is (with Sandy Berger) one of the two poster children for the premise that the powerful will never be held accountable for mishandling classified information the way lower ranking personnel will be. That could change with at least two Special Counsels involved.

Yet even as powerful as he was during the period he was leaking to his biographer, David Petraeus is still differently situated than Trump, Biden, and Pence, starting with the fact that even in his case, DOJ relied on his clearance and nondisclosure agreements to prosecute him.

By comparison, all three of the men currently under investigation were Original Classification Authorities under EO 13526, the Executive Order governing classification during the period in question. None of those men would ever have been required to get any security clearance beyond the courtesy clearance given to formers after their tenure (of which Trump was stripped). And so all of these men went from a status of near immunity while in office, instantly — at 12:00PM on January 20 — to having to sort through files in boxes to decide what he was permitted to take home and what he was obligated to turn over to the Archives.

That process was at least part of what went wrong in all three cases, even Biden’s possession of documents from when he was a powerful Senate Chair. One minute, they were virtually immune from rules pertaining to classification, and literally the next minute — before they had finished that sorting process! — they were subject to the rule of law again.

Indeed, because all three are explicitly subject to the Presidential Records Act, the basis by which they lack authorization to possess the documents in question stems, in significant part, from an entirely different basis than it does for other people, which arises from the clearances they were never required to get.

And that’s one reason why all the punditry (here, here, here, here) — almost all from people who haven’t followed the details even of the Trump case, where we’ve got the most facts available — claiming that this is a problem with overclassification is, at best, wildly premature.

Indeed, with Trump, we can say with some certainty that this is not about overclassification. The classification markings from the subpoena DOJ served on him, understood to be based in part on what they had already found in the boxes he turned over, are not trivial. Nor are the likely contents of the documents we see in the FBI picture of his stolen documents. Even some of the documents from the Russian investigation that Trump wanted to declassify and disseminate rely on either human source and/or intelligence collection targeting Russia’s spy service, and the reporting was just five years old at the time (a brand new must read from the NYT also reveals the intelligence came from the Dutch, so it wasn’t our intelligence to declassify).

These men were the President and Vice President. They had access to highly sensitive information, and Trump, at least, had a well-established history of releasing it with abandon.

Until we have evidence that the documents in question were simply materials that some agency was bigfooting (as was the case in most of the classification pertaining to Hillary’s emails), we should not assume this is about overclassification. There’s no evidence of that.

Chuck Rosenberg argues that it also should not matter.

One place we might see overclassification is in classification reviews of the hand-written notes that both Trump and Biden took, though even there, Trump was reportedly waving around his private love letters with a nuclear-armed dictator as a party trick, and that probably did have the ability to make it harder to manage a very difficult threat. But with Trump, at least, the possibility that some of his hand-written notes won’t turn out to be as sensitive as the spooks will declare them doesn’t mitigate that he had documents that are almost certainly unbelievably sensitive sitting in a beach resort known to be targeted by intelligence services.

Thus far, we have no evidence that this is about overclassification. We do have abundant evidence that these three specific compromises have to do with the wacky way Presidents and Vice Presidents (and to a lesser degree, Members of Congress) operate outside the system of clearances that leads virtually everyone else with access to classified information to exercise a great deal of caution when handling it. One day they’re immune, the next day they’re sorting documents to try to sort out what needs to go to the Archives.

That’s a different problem than overclassification.

Crazier still, most of the people who are out there claiming this about overclassification are using (at least partly) as their examples people who sought out documents that were not part of their work and then leaked those documents. Those cases are also not about overclassification.

And amid all the talk of overclassification, none of the pundits have mentioned a case that is a far more apt example of overclassification and the way the Executive uses classification to punish people: Jeremy Brown, the Oath Keeper recently found guilty of unlawfully retaining — right next to some grenades for which he was also convicted — one document that Brown wrote himself in 2011, classified Secret, believed to be about the Bowe Bergdahl case.

Brown was acquitted on 793 charges for four other documents, also classified Secret, that were even older.

Brown’s case in many ways parallels Trump’s. Like Trump, the Feds showed up and asked him to return the document and he lied to hide it. Like Trump, the FBI found the documents with a warrant.

But it’s far more likely these documents, all of which were at least ten years old, are overclassified.

Don’t get me wrong: I think Brown is a dangerous shithole. I’m not unhappy he’s going to prison.

I also think DOJ believed, correctly, they could use these classified documents (along with the grenades) as a way to neutralize a dangerous loose canon.

Want to make a case about overclassification? Jeremy Brown is the dangerous shithole you should be defending. Want to prevent the grave disparities in how powerful people are treated, as compared to dangerous shitholes like Jeremy Brown?

You need to address that magic process by which Presidents are treated with immunity and then — in an instant!! — purportedly subjected to the same rules as everyone else.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

18 USC 793e in the Time of Shadow Brokers and Donald Trump

Late last year, a Foreign Affairs article by former Principal Deputy Director of National Intelligence Sue Gordon and former DOD Chief of Staff Eric Rosenbach asserted that the files leaked in 2016 and 2017 by Shadow Brokers came from two NSA officers who brought the files home from work.

In two separate incidents, employees of an NSA unit that was then known as the Office of Tailored Access Operations—an outfit that conducts the agency’s most sensitive cybersurveillance operations—removed extremely powerful tools from top-secret NSA networks and, incredibly, took them home. Eventually, the Shadow Brokers—a mysterious hacking group with ties to Russian intelligence services—got their hands on some of the NSA tools and released them on the Internet. As one former TAO employee told The Washington Post, these were “the keys to the kingdom”—digital tools that would “undermine the security of a lot of major government and corporate networks both here and abroad.”

One such tool, known as “EternalBlue,” got into the wrong hands and has been used to unleash a scourge of ransomware attacks—in which hackers paralyze computer systems until their demands are met—that will plague the world for years to come. Two of the most destructive cyberattacks in history made use of tools that were based on EternalBlue: the so-called WannaCry attack, launched by North Korea in 2017, which caused major disruptions at the British National Health Service for at least a week, and the NotPetya attack, carried out that same year by Russian-backed operatives, which resulted in more than $10 billion in damage to the global economy and caused weeks of delays at the world’s largest shipping company, Maersk. [my emphasis]

That statement certainly doesn’t amount to official confirmation that that’s where the files came from (and I’ve been told that the scope of the files released by Shadow Brokers would have required at least one more source). But the piece is as close as anyone with direct knowledge of the matter — as Gordon would have had from the aftermath — has come to confirming on the record what several strands of reporting had laid out in 2016 and 2017: that the NSA files that were leaked and then redeployed in two devastating global cyberattacks came from two guys who brought highly classified files home from the NSA.

The two men in question, Nghia Pho and Hal Martin, were prosecuted under 18 USC 793e, likely the same part of the Espionage Act under which the former President is being investigated. Pho (who was prosecuted by Thomas Windom, one of the prosecutors currently leading the fake elector investigation) pled guilty in 2017 and was sentenced to 66 months in prison; he is processing through re-entry for release next month. Martin pled guilty in 2019 and was sentenced to 108 months in prison.

The government never formally claimed that either man caused hostile powers to obtain these files, much less voluntarily gave them to foreign actors. Yet it used 793e to hold them accountable for the damage their negligence caused.

There has never been any explanation of how the files from Martin would have gotten to the still unidentified entity that released them.

But there is part of an explanation how files from Pho got stolen. WSJ reported in 2017 that the Kaspersky Anti-Virus software Pho was running on his home computer led the Russian security firm to discover that Pho had the NSA’s hacking tools on the machine. Somehow (the implication is that Kaspersky alerted the Russian government) that discovery led Russian hackers to subsequently target Pho’s computer and steal the files. In response to the WSJ report, Kaspersky issued their own report (here’s a summary from Kim Zetter). It acknowledged that Kaspersky AV had pulled in NSA tools after triggering on a known indicator of NSA compromise (the report claimed, and you can choose to believe that or not, that Kaspersky had deleted the most interesting parts of the files obtained). But it also revealed that in that same period, Pho had briefly disabled his Kaspersky AV and downloaded a pirated copy of Microsoft Office, which led to at least one backdoor being loaded onto his computer via which hostile actors would have been able to steal the NSA’s crown jewels.

Whichever version of the story you believe, both confirm that Kaspersky AV provided a way to identify a computer storing known NSA hacking tools, which then led Pho — someone of sufficient seniority to be profiled by foreign intelligence services — to be targeted for compromise. Pho didn’t have to give the files he brought home from work to Russia and other malicious foreign entities. Merely by loading them onto his inadequately protected computer and doing a couple of other irresponsible things, he made the files available to be stolen and then used in one of the most devastating information operations in history. Pho’s own inconsistent motives didn’t matter; what mattered was that actions he took made it easy for malicious actors to pull off the kind of spying coup that normally takes recruiting a high-placed spy like Robert Hanssen or Aldrich Ames.

In the aftermath of the Shadow Brokers investigation, the government’s counterintelligence investigators may have begun to place more weight on the gravity of merely bringing home sensitive files, independent of any decision to share them with journalists or spies.

Consider the case of Terry Albury, the FBI Agent who shared a number of files on the FBI’s targeting of Muslims with The Intercept. As part of a plea agreement, the government charged Albury with two counts of 793e, one for a document about FBI informants that was ultimately published by The Intercept, and another (about an online terrorist recruiting platform) that Albury merely brought home. The government’s sentencing memo described the import of files he brought home but did not share with The Intercept this way:

The charged retention document relates to the online recruitment efforts of a terrorist organization. The defense asserts that Albury photographed materials “to the extent they impacted domestic counter-terrorism policy.” (Defense Pos. at 37). This, however, ignores the fact that he also took documents relating to global counterintelligence threats and force protection, as well as many documents that implicated particularly sensitive Foreign Intelligence Surveillance Act collection. The retention of these materials is particularly egregious because Albury’s pattern of behavior indicates that had the FBI not disrupted Albury and the threat he posed to our country’s safety and national security, his actions would have placed those materials in the public domain for consumption by anyone, foreign or domestic.

And in a declaration accompanying Albury’s sentencing, Bill Priestap raised the concern that by loading some of the files onto an Internet-accessible computer, Albury could have made them available to entities he had no intention of sharing them with.

The defendant had placed certain of these materials on a personal computing device that connects to the Internet, which creates additional concerns that the information has been or will be transmitted or acquired by individuals or groups not entitled to receive it.

This is the scenario that, one year earlier, was publicly offered as an explanation for the theft of the files behind The Shadow Brokers; someone brought sensitive files home and, without intending to, made them potentially available to foreign hackers or spies.

Albury was sentenced to four years in prison for bringing home 58 documents, of which 35 were classified Secret, and sending 25 documents, of which 16 were classified Secret, to the Intercept.

Then there’s the case of Daniel Hale, another Intercept source. Two years after the Shadow Brokers leaks (and five years after his leaks), he was charged with five counts of taking and sharing classified documents, including two counts of 793e tied to 11 documents he took and shared with the Intercept. Three of the documents published by The Intercept were classified Top Secret.

Hale pled guilty last year, just short of trial. As part of his sentencing process, the government argued that the baseline for his punishment should start from the punishments meted to those convicted solely of retaining National Defense Information. It tied Hale’s case to those of Martin and Pho explicitly.

Missing from Hale’s analysis are § 793 cases in which defendants received a Guidelines sentence for merely retaining national defense information. See, e.g., United States v. Ford, 288 F. App’x 54, 61 (4th Cir. 2008) (affirming 72-month sentence for retention of materials classified as Top Secret); United States v. Martin, 1:17-cr-69-RDB) (D. Md. 2019) (nine-year sentence for unlawful retention of Top Secret information); United States v. Pho, 1:17-cr-00631 (D. Md. 2018) (66-month sentence for unlawful retention of materials classified as Top Secret). See also United States v. Marshall, 3:17-cr-1 (S.D. TX 2018) (41-month sentence for unlawful retention of materials classified at the Secret level); United States v. Mehalba, 03-cr-10343-DPW (D. Ma. 2005) (20-month sentence in connection with plea for unlawful retention – not transmission – in violation of 793(e) and two counts of violating 18 U.S.C. 1001; court departed downward due to mental health of defendant).

Hale is more culpable than these defendants because he did not simply retain the classified documents, but he provided them to the Reporter knowing and intending that the documents would be published and made available to the world. The potential harm associated with Hale’s conduct is far more serious than mere retention, and therefore calls for a more significant sentence. [my emphasis]

Even in spite of a moving explanation for his actions, Hale was sentenced to 44 months in prison. Hale still has almost two years left on his sentence in Marion prison.

That focus on other retention cases from the Hale filing was among the most prominent national references to yet another case of someone prosecuted during the Trump Administration for taking classified files home from work, that of Weldon Marshall. Over the course of years of service in the Navy and then as a contractor in Afghanistan, Marshall shipped hard drives of classified materials home.

From the early 2000s, Marshall unlawfully retained classified items he obtained while serving in the U.S. Navy and while working for a military contractor. Marshall served in the U.S. Navy from approximately January 1999 to January 2004, during which time he had access to highly sensitive classified material, including documents describing U.S. nuclear command, control and communications. Those classified documents, including other highly sensitive documents classified at the Secret level, were downloaded onto a compact disc labeled “My Secret TACAMO Stuff.” He later unlawfully stored the compact disc in a house he owned in Liverpool, Texas. After he left the Navy, until his arrest in January 2017, Marshall worked for various companies that had contracts with the U.S. Department of Defense. While employed with these companies, Marshall provided information technology services on military bases in Afghanistan where he also had access to classified material. During his employment overseas, and particularly while he was located in Afghanistan, Marshall shipped hard drives to his Liverpool home. The hard drives contained documents and writings classified at the Secret level about flight and ground operations in Afghanistan. Marshall has held a Top Secret security clearance since approximately 2003 and a Secret security clearance since approximately 2002.

He appears to have been discovered when he took five Cisco switches home. After entering into a cooperation agreement and pleading guilty to one count of 793e, Marshall was (as noted above) sentenced to 41 months in prison. Marshall was released last year.

Outside DOJ, pundits have suggested that Trump’s actions are comparable to those of Sandy Berger, who like Trump stole files that belong to the National Archives and after some years pled guilty to a crime that Trump since made into a felony, or David Petraeus, who like Trump took home and stored highly classified materials in unsecured locations in his home. Such comparisons reflect the kind of elitist bias that fosters a system in which high profile people believe they are above the laws that get enforced for less powerful people.

But the cases I’ve laid out above — particularly the lesson Pho and Martin offer about how catastrophic it can be when someone brings classified files home and stores them insecurely, no matter their motives — are the background against which career espionage prosecutors at DOJ will be looking at Trump’s actions.

And while Trump allegedly brought home paper documents, rather than the digital files that Russian hackers could steal while sitting in Moscow, that doesn’t make his actions any less negligent. Since he was elected President, Mar-a-Lago became a ripe spying target, resulting in at least one prosecution. And two of the people he is most likely to have granted access to those files, John Solomon and Kash Patel, each pose known security concerns. Trump has done the analog equivalent of what Pho did: bring the crown jewels to a location already targeted by foreign intelligence services and store them in a way that can be easily back-doored. Like Pho, it doesn’t matter what Trump’s motivation for doing so was. Having done it, he made it ridiculously easy for malicious actors to simply come and take the files.

Under Attorneys General Jeff Sessions and Bill Barr, DOJ put renewed focus on prosecuting people who simply bring home large caches of sensitive documents. They did so in the wake of a costly lesson showing that the compromise of insecurely stored files can do as much damage as a high level recruited spy.

It’s a matter of equal justice that Trump be treated with the same gravity with which Martin and Pho and Albury and Hale and Marshall were treated under the Trump Administration, for doing precisely what Donald Trump is alleged to have done (albeit with far fewer and far less sensitive documents). But as the example of Shadow Brokers offers, it’s also a matter of urgent national security.

Mike Flynn Seizes the Rope to Hang Himself With: Probation for Petraeus

The government and Mike Flynn submitted several motions today:

Eventually, I’ll hit them all in this post. But for now, I’m going to address just the government reply to Flynn’s sentencing memo, because I read it very very differently than virtually everyone who has read it.

A number of people are shocked by what seems to be the government’s deference to Mike Flynn in the memo, particularly their recommendation for a guidelines sentence — which might include probation. It’s true, the memo mentions probation over and over.

As set forth below, the government maintains that a sentence within the Guidelines range – to include a sentence of probation – would be appropriate and warranted in this case.

[snip]

Here, the applicable Guidelines range already encompasses a potential penalty of probation and there is no lower possible penalty for the offense of conviction.

[snip]

Based on all of the relevant facts and for the foregoing reasons, the government submits that a sentence within the Guidelines range of 0 to 6 months of incarceration is appropriate and warranted in this case, agrees with the defendant that a sentence of probation is a reasonable sentence and does not oppose the imposition of a sentence of probation.

The memo then goes on to nod to the issues Flynn raised. It acknowledges, then rebuts, Flynn’s complaints about what he claims is the government asking him to lie about FARA. But, the government notes, regardless of who is right, it wouldn’t change the guidelines sentence.

Importantly, regardless of whether or not the Court considers the defendant’s FARA false statements in fashioning its sentence, the applicable Guidelines range is still 0 to 6 months of incarceration.

It notes Flynn’s apparent backtracking on acknowledgement of responsibility. But, the government notes, regardless of who is right, it wouldn’t change the guidelines sentence.

But again, this makes no difference to the applicable Guidelines range – a two-level reduction in his base offense level would still result in a range of 0 to 6 months of incarceration.

Thus far, the government is doing precisely what it did in its own sentencing memo, emphasize that the government position has not changed. It asked for a guidelines sentence in December 2018, it asked for a guidelines sentence earlier this month, and it is recommending a guidelines sentence here. Anything outside those guidelines is Judge Emmet Sullivan’s decision.

Where the memo is absolutely fucking genius, though, is where it addresses Flynn’s emphasis that because he was a General forever, he should get probation. Every memo Flynn has submitted of late has basically argued that because he gave his life to the country, he should get special treatment.

As the government notes, in the very last words of their memo, that has happened in the past.

In terms of comparative sentences in cases involving arguably similarly-situated defendants, we note that there are several cases involving high-ranking government officials where probationary sentences were imposed. Former National Security Advisor Sandy Berger stole classified information from the National Archives, destroyed that information, and then lied to the government about his conduct. At the government’s recommendation, based in part on Berger’s cooperation with the government, he received a probationary sentence. See Gov’t Sent’g Mem. at 9, United States v. Berger, No. 05-mj-00175 (D.D.C. Sept 6. 2005) (Doc. 13); see also Factual Basis for Plea (D.D.C. Apr. 1, 2005) (Doc. 6). Likewise, after General David Petraeus pleaded guilty to the unauthorized retention and removal of classified documents, in violation of 18 U.S.C. § 1924, he received a probationary sentence. United States v. Petraeus, No. 15-cr-47 (W.D.N.C.). Here, the Court should consider these and other arguably analogous cases, along with all of the other relevant facts in this case, in fashioning a sentence that is “sufficient but not greater than necessary” to satisfy the statutory sentencing requirements under Title 18, United States Code, Section 3553(a).

Boy oh boy do these prosecutors look reasonable, huh, noting that powerful people sometimes get probation for things the little people go to prison for.

Except we know how Emmet Sullivan feels about Generals who think they should get special treatment because they’re high-ranking Generals, because he said so explicitly when Rob Kelner raised David Petraeus back in December 2018.

MR. KELNER: In addition, I would note there have been other high profile cases, one involving a four-star general, General Petraeus.

THE COURT: I don’t agree with that plea agreement, but don’t —

[snip]

THE COURT: All right. Let me just say this. I probably shouldn’t. Having said that, I probably shouldn’t. I don’t agree with the Petraeus sentence. I’m sorry. I don’t see how a four-star general gives classified information to someone not authorized to receive it and then is allowed to plead to a misdemeanor, but I don’t know anything about it. Maybe there were extenuating circumstances. I don’t know. It’s none of my business, but it’s just my opinion.

And that has no impact — I would not take that into consideration in whatever sentence I impose here. Just based upon what I know about that case, I just disagreed with it. That’s all.

Yes, the prosecutors look totally docile in this memo. They’re disputing Flynn’s point, but ultimately they’re recommending the same thing they’ve always recommended, a guidelines sentence. They’re doing that because it inoculates them against any claim that their decision not to have Flynn testify affected his sentence, and they’re doing so to make clear that what Flynn is doing, in requesting to blow everything up, he’s doing even though the same guidelines sentence remains on the table. What comes next will be entirely his own fault.

And, yes, they mention probation, just like Flynn did. But in doing so, they almost certainly did so in a way that only exacerbates Sullivan’s innate disgust with powerful people who ask for special treatment.

Afghanistan: A Trillion Dollars’ Worth Of Lies

Jim here.

This morning, the Washington Post published The Afghanistan Papers, so-named as a tribute to Daniel Ellsberg’s Pentagon Papers. It’s hardly surprising that what we learn from the collection of documents is that the US has been lying about Afghanistan since the very earliest days of the war:

A confidential trove of government documents obtained by The Washington Post reveals that senior U.S. officials failed to tell the truth about the war in Afghanistan throughout the 18-year campaign, making rosy pronouncements they knew to be false and hiding unmistakable evidence the war had become unwinnable.

Sadly, the war has come at an unfathomable cost:

Since 2001, more than 775,000 U.S. troops have deployed to Afghanistan, many repeatedly. Of those, 2,300 died there and 20,589 were wounded in action, according to Defense Department figures.

/snip/

Since 2001, the Defense Department, State Department and U.S. Agency for International Development have spent or appropriated between $934 billion and $978 billion, according to an inflation-adjusted estimate calculated by Neta Crawford, a political science professor and co-director of the Costs of War Project at Brown University.

Those figures do not include money spent by other agencies such as the CIA and the Department of Veterans Affairs, which is responsible for medical care for wounded veterans.

Left out of these numbers are the lives lost by Afghan civilians and the lives disrupted by those families displaced by 18 years of hostilities.

John Sopko

These documents were obtained by the Post through a three year FOIA effort aimed at getting the raw materials generated by Inspector General John Sopko’s office, the Special Investigator General for Afghanistan Reconstruction. Sopko came into this oversight job in 2012 and he has done incredible work in trying to hold the military and the politicians directing military policy to account for what has been going on in Afghanistan.

Much of my early blogging was centered on Afghanistan, and this false narrative from the military that we were “making progress” despite being in a situation that was clearly unwinnable (and that any check of a history book would have confirmed as an impossible task) was a frequent target. The persistence with which Sopko’s team documented and evaluated material coming from the military was impressive, especially as the military continually developed “new” tools for assessing progress on security and on training of Afghan troops, primarily so that they could make comparisons to previous data irrelevant. Eventually, the military essentially gave up on this approach and decided simply to classify the bulk of this sort of data so that their lack of progress would not be noted every six months as SIGAR came out with their Congressionally-mandated reports.

Around the time of this development, Sopko and his team embarked on a new strategy, interviewing various key figures in the military and in related efforts in Afghanistan to develop a series of “Lessons Learned” reports. The documents being released today are the raw materials from many of these interviews.

Finally, as a result of these materials, we now have extensive documentation that much of what we have been told by officials about Afghanistan is a lie:

Several of those interviewed described explicit and sustained efforts by the U.S. government to deliberately mislead the public. They said it was common at military headquarters in Kabul — and at the White House — to distort statistics to make it appear the United States was winning the war when that was not the case.

But then, some of us have known that for a long time. Back in 2010, I came across this interesting graphic on how the military engages in military deception. It turns out there’s a well-described process for it:

In the Post article, we learn that, of course, there was no lesson learned from Vietnam:

The specter of Vietnam has hovered over Afghanistan from the start.

On Oct. 11, 2001, a few days after the United States started bombing the Taliban, a reporter asked Bush: “Can you avoid being drawn into a Vietnam-like quagmire in Afghanistan?”

“We learned some very important lessons in Vietnam,” Bush replied confidently. “People often ask me, ‘How long will this last?’ This particular battlefront will last as long as it takes to bring al-Qaeda to justice. It may happen tomorrow, it may happen a month from now, it may take a year or two. But we will prevail.”

In those early days, other U.S. leaders mocked the notion that the nightmare of Vietnam might repeat itself in Afghanistan.

“All together now — quagmire!” Rumsfeld joked at a news conference on Nov. 27, 2001.

But throughout the Afghan war, documents show that U.S. military officials have resorted to an old tactic from Vietnam — manipulating public opinion.

In news conferences and other public appearances, those in charge of the war have followed the same talking points for 18 years. No matter how the war is going — and especially when it is going badly — they emphasize how they are making progress.

And yes, I was seeing that this “We’re making progress” claim was bullshit long ago. Here are posts from 2010, 2013 and 2016 on the futility of our efforts there. But there’s one more side of this that we need to bring front and center to get a feel for one of the primary driving forces for why we would flush a trillion dollars and so many lives down the toilet. Back in 2008, the New York Times documented how the military carried out an “information operation” (which would rely on military deception) on the status of the war in Iraq. A bevy of “military analysts” was rolled out to make pronouncements in the media about how well things were going (despite the reality that they weren’t) and they were described primarily as “retired military”. What wasn’t disclosed in most cases was that these same “analysts” were also lucratively employed by defense contractors.

This report from the Washington Post on lies from the military closes the loop with the report from the Times on lies from analysts in the media. Senior military figures lie about how wars are going. They eventually retire and then get lucrative jobs with defense contractors. From these positions, they sometimes pose as “analysts” to spout similar falsehoods in the media, prolonging futile wars but enriching the contractors. I wonder if the magnitude of the lies told while in the military determines the size of the salary once they are hired by the contractors. The net result, though, is futile wars that can’t be won, but with endless spending on them anyway.

Alexander Vindman Proves That Working Within System Works Even While Derek Harvey Works To Destroy It

Jim here.

Last night, two very remarkable stories were published that, taken together, illustrate an extreme chasm in our defense community that receives far too little attention. To set the stage, it is necessary to go back to the early 2000’s for a development that has mostly been erased from our collective memory but has had an indelible and particularly harmful and lingering effect. As the George W. Bush Administration executed its pivot from the war in Afghanistan to the invasion of Iraq, it became necessary for the Bush folks to craft a set of intelligence “facts” supporting and then sustaining the action in Iraq. A primary tool used in this effort was create a separate intelligence apparatus, since the existing intelligence agencies did not produce analyses supporting the invasion.

A huge impact of this illegal war was that it devastated morale within the military at all ranks. Sadly, many of our highest ranking–and most ethical–officers chose retirement rather than to serve while an illegal war was being waged. With the Defense Secretary, Vice President and President clearly leading the charge for the war, it seems obvious that these officers realized that their analyses showing that the invasion was not justified were falling on deaf ears and that they would never be able to inject a dose of reality into the artificial reality on which the whole war effort rested. The result, as they had to be able to foresee, was that the Iraqi people and our enlisted forces suffered unnecessary and devastating losses, with impact continuing into the present even after “end” of US action in Iraq.

By 2006, some of these retired officers even began to speak out, calling for the resignation of Donald Rumsfeld. In a normal world, where the system of checks and balances within the military and with legislative and executive oversight functions operating properly, these officers would not have needed to retire, but instead would have been key factors in rejecting the invasion as unnecessary and based only on a set of political objectives rather than an actual need for military action to stave off harm to the region. As a trained geneticist, my feeling was that this event served as a sort of genetic selection within the military, where the population of those remaining and advancing through the ranks was enriched for those who bought into distorted politics of the invasion and a willingness to shape “facts” around a desired outcome. Our only hope, I felt, was that at least some would desire to stay within the system anyway and continue to work for the ideals of their oath to the Constitution administered when they joined the military.

So, fast forward to last night. The New York Times article on Alexander Vindman illustrates that Vindman is indeed just that sort of person I hoped would continue to stay and work within the system. His work as the senior Ukraine analyst on the National Security Council put him into position to see the illegal plan that the Trump Administration was carrying out force Ukrainian President Volodymyr Zelensky to investigate Hunter Biden in return for the release of essential Ukraine aid that Trump had frozen. Vindman’s response was by the book: document the crime and then report it up the chain of command:

“I did not think it was proper to demand that a foreign government investigate a U.S. citizen, and I was worried about the implications for the U.S. government’s support of Ukraine,” Colonel Vindman said in his statement. “I realized that if Ukraine pursued an investigation into the Bidens and Burisma it would likely be interpreted as a partisan play which would undoubtedly result in Ukraine losing the bipartisan support it has thus far maintained.”

/snip/

“This would all undermine U.S. national security,” Colonel Vindman added, referring to Mr. Trump’s comments in the call.

 

Vindman then went on to report his concerns:

“I did convey certain concerns internally to national security officials in accordance with my decades of experience and training, sense of duty, and obligation to operate within the chain of command,” he plans to say.

He will testify that he watched with alarm as “outside influencers” began pushing a “false narrative” about Ukraine that was counter to the consensus view of American national security officials, and harmful to United States interests. According to documents reviewed by The Times on the eve of his congressional testimony, Colonel Vindman was concerned as he discovered that Rudolph W. Giuliani, the president’s personal lawyer, was leading an effort to prod Kiev to investigate Mr. Biden’s son, and to discredit efforts to investigate Mr. Trump’s former campaign chairman, Paul Manafort, and his business dealings in Ukraine.

Vindman made not one, but two reports to the top lawyer in the NSC, John Eisenberg. Were it not for the whistleblower report and the impeachment inquiry stemming from it, the sad reality is that Vindman’s heroic actions might have ended with his reports to Eisenberg, as Eisenberg has been shown to have been working to quash the efforts to expose Trump’s illegal actions. But now that the House of Representatives has finally rediscovered the real duty of oversight (we already miss you, Elijah Cummings!), Vindman today has the opportunity provide a deposition to the three committees carrying out the impeachment investigation.  Vindman’s testimony seems likely to seal Trump’s fate, as it is nearly impossible to see how at least one article of impeachment won’t arise from the facts Vindman lays out. Whether Senate Republicans will also find their duty to truth rather than manufactured reality, of course, seems less likely, but at the very least it will be valuable to watch them squirm when the decision is laid squarely in their laps.

At almost the same time the Vindman article came out in the Times, Daily Beast detailed how a retired military officer, Derek Harvey, is working outside proper channels to disclose the identity of the whistleblower, endangering this individual and making future whistleblowers less likely to expose corruption. Harvey seems to be a poster child for exactly the type of officer who flourished after the mass exodus of those with a conscience. Here is how Daily Beast described his background:

Derek Harvey’s career has been extraordinary. As a Defense Intelligence Agency analyst, he played an important role in the 2007-8 troop surge in Iraq. David Petraeus kept Harvey aboard for an intelligence billet at U.S. Central Command. Harvey aligned with another member of the counterinsurgency coterie, DIA Director Mike Flynn, and followed Flynn onto Trump’s White NSC. From there, Harvey became a crucial aide to Nunes, a pivotal Flynn and Trump ally. There is no reasonable definition of Deep State that excludes Derek Harvey from elite membership.

So Harvey accelerated his military career, and career after retiring but staying within military intelligence, by joining forces with the Petraeus effort to craft “facts” around the Iraq surge–a cataclysmic failure that Petraeus always claimed as a stunning success–and then eventually joined Mike Flynn both in DIA and the NSC. One stop in Harvey’s career not on that list is detailed in Bob Woodward’s “Obama’s Wars” [quoted here]:

Based on what Harvey reported to General Petraeus, according to Woodward’s book, Petraeus “decided to create his own intelligence agency inside CentCom” (pg. 78, “Obama’s War”) to offset the shortcomings of the DNI, CIA, NSA, DIA and other US intelligence gathering agencies in gathering information about the Afghanistan-Pakistan region. He asked Harvey to draft plans for an agency modeled on Harvey’s approach. Reports Woodward, “Soon, Harvey was appointed director of the new Afghanistan-Pakistan Center of Excellence based at CentCom headquarters in Tampa, Florida.”

According to Woodward, Petraeus moved over $100 million into this project with Congress unaware of that move for several months. Harvey’s analysis that he gave to Petraeus: “the war could be won, but the U.S. government would have to make monumental long-term commitments for years that might be unpalatable with voters” (p. 79).

So Harvey clearly is essentially a ratfucker for hire, being willing to craft an intelligence set of “facts” to serve whatever master is paying him to do so. Although Woodward paints a rather admiring picture of Harvey’s diligence in approaching his intelligence gathering, comparing it to that of a homicide detective, historical context tells us that Petraeus simply didn’t like what he was getting from the existing agencies and needed his own “intelligence” to continue on his chosen path.

But, as you see above, Harvey is now working for Devin Nunes (R-Cow) and that is an especially devious team. From Daily Beast:

Derek Harvey, who works for Nunes, the ranking Republican on the House intelligence committee, has provided notes for House Republicans identifying the whistleblower’s name ahead of the high-profile depositions of Trump administration appointees and civil servants in the impeachment inquiry. The purpose of the notes, one source said, is to get the whistleblower’s name into the record of the proceedings, which committee chairman Adam Schiff has pledged to eventually release. In other words: it’s an attempt to out the anonymous official who helped trigger the impeachment inquiry.

Mark Zaid explained to Daily Beast the horrible implications of what Harvey is doing:

“Exposing the identity of the whistleblower and attacking our client would do nothing to undercut the validity of the complaint’s allegations,” said Mark Zaid, one of the whistleblower’s attorneys. “What it would do, however, is put that individual and their family at risk of harm. Perhaps more important, it would deter future whistleblowers from coming forward in subsequent administrations, Democratic or Republican.”

It’s hard to imagine two more polar opposites than Alexander Vindman and Derek Harvey. Vindman is a patriot committed to the security of the US and working within the system while Harvey is willing to sell out US security to whatever wingnut is willing to pay him and to bypass every safeguard built into the system.

The Significance of the James Wolfe Sentence for Mike Flynn, Leak Investigations, and the Signal Application

Yesterday, Judge Ketanji Brown Jackson sentenced former SSCI head of security James Wolfe to two months in prison for lying to the FBI. In her comments announcing the sentence, Jackson explained why she was giving Wolfe a stiffer sentence than what George Papadopoulos and Alex van der Zwaan received: because Wolfe had abused a position of authority.

“This court routinely sentences people who come from nothing, who have nothing, and whose life circumstances are such that they really don’t have a realistic shot of doing anything other than committing crimes,” Jackson said. “The unfortunate life circumstances of those defendants don’t result in a lower penalty, so why should someone who had every chance of doing the right thing, a person who society rightly expects to live up to high moral and ethical standards and who has no excuse for breaking the law, be treated any better in this regard.”

[snip]

Wolfe’s case was not part of special counsel Robert Mueller’s investigation, but the judge compared his situation to two defendants in the Mueller probe who also pleaded guilty to making false statements — former Trump campaign adviser George Papadopoulos, who spent 12 days in prison, and Dutch lawyer Alex van der Zwaan, who was sentenced to 30 days. Jackson concluded that Wolfe’s position as head of security for the Intelligence Committee was an “aggravating” factor.

The public shame he had endured, and the loss of his job and reputation, were not punishment enough, the judge said, but were rather the “natural consequence of having chosen to break the law.”

“You made blatant false statements directly to FBI agents who questioned you about matters of significance in the context of an ongoing investigation. And if anything, the fact that you were a government official tasked with responsibility for protecting government secrets yourself seems to make you more culpable than van der Zwaan and Papadopoulos, who held no such positions,” Jackson said.

While the resolution of this case is itself notable, it has likely significance in three other areas: for Mike Flynn, for DOJ’s leak investigations, and for encrypted messaging apps.

Emmet Sullivan will cite this sentence as precedent

It’s still far from clear that Emmet Sullivan will be sentencing Mike Flynn three months from now. Given Trump’s increasingly unstable mood, Flynn might get pardoned. Or, Flynn might try to judge shop, citing Sullivan’s invocation of treason Tuesday.

But if Sullivan does eventually sentence Flynn and if he still feels inclined to impose some prison time to punish Flynn for selling out his country, he can cite both this sentence and the language Jackson used in imposing it. Like Wolfe, Flynn occupied a (arguably, the) position of great responsibility for protecting our national security. Sullivan seems to agree with Jackson that, like Wolfe, Flynn should face more consequences for abusing the public trust. So Wolfe’s sentence might start a countertrend to the David Petraeus treatment, whereby the powerful dodge all responsibility.

(Note, this is a view that Zoe Tillman also expressed yesterday.)

DOJ may rethink its approach to using false statements to avoid the difficulties of leak cases

I have zero doubt that DOJ prosecuted Wolfe because they believe he is Ellen Nakashima’s source for the story revealing that Carter Page had been targeted with a FISA order, which is how they came to focus on him in the first place. But instead of charging him with that, they charged him for lying about his contacts with Nakashima, Ali Watkins, and two other journalists (and, in their reply to his sentencing memo, made it clear he had leaked information to two other young female national security reporters). In the sentencing phase, however, the government asked for a significant upward departure, a two year sentence that would be equivalent to what he’d face if they actually had proven him to be Nakashima’s source.

While the government provided circumstantial evidence he was Nakashima’s source — in part, her communications to him in the aftermath of the story — he convincingly rebutted one aspect of that claim (a suggestion that she changed her email footer to make her PGP key available to him). More importantly, he rightly called out what they were doing, trying to insinuate he had leaked the FISA information without presenting evidence.

The government itself admitted no fewer than four times in its opening submission that it found no evidence that Mr. Wolfe disclosed Classified Information to anyone. See infra Part I.A. Nonetheless, the government deploys the word “Classified” 58 times in a sentencing memorandum about a case in which there is no evidence of disclosure of Classified Information—let alone a charge.

[snip]

The government grudgingly admits that it lacks evidence that Mr. Wolfe disclosed Classified Information to anyone. See, e.g., Gov. Mem. at 1 (“although the defendant is not alleged to have disclosed classified information”); id. at 6 (“notwithstanding the fact that the FBI did not uncover evidence that the defendant himself disclosed classified national security information”); id. at 22 (“[w]hile the investigation has not uncovered evidence that Wolfe disclosed classified information”); id. at 25 n.14 (“while Wolfe denied that he ever disclosed classified information to REPORTER #2, and the government has no evidence that he did”).

The Court should see through the government’s repetition of the word “Classified” in the hope that the Court will be confused about the nature of the actual evidence and charges in this case and sentence Mr. Wolfe as if he had compromised such information.1

1 Similarly, the government devotes multiple pages of its memorandum describing the classified document that Mr. Wolfe is not accused of having disclosed. And although the government has walked back its initial assertion that Mr. Wolfe “received, maintained, and managed the Classified Document” (Indictment ¶ 18) to acknowledge that he was merely “involved in coordinating logistics for the FISA materials to be transported to the SSCI” (Gov. Mem. at 10), what the government still resists conceding is the fact that Mr. Wolfe had no access to read that document, let alone disclose any part of it. Beyond providing an explanation of how the FBI’s investigation arose, that document has absolutely no relevance to Mr. Wolfe’s sentencing, but it and its subject, an individual under investigation for dealings with Russia potentially related to the Trump campaign, likely have everything to do with the vigor of the government’s position.

It’s unclear, at this point, whether the government had evidence against Wolfe but chose not to use it because it would have required imposing on Nakashima’s equities (notably, they appear to be treating Nakashima with more respect than Ali Watkins, though it may be that they only chose to parallel construct Ali Watkins’ comms) and introduce classified evidence at trial. It may be that Wolfe genuinely isn’t the culprit.

Or it may be that Wolfe’s operational security was just good enough to avoid leaving evidence.

Whatever it is, particularly in a culture of increasing aggressiveness on leaks, the failure to get Wolfe here may lead DOJ to intensify its other efforts to pursue leakers using the Espionage Act.

DOJ might blame Signal and other encrypted messaging apps for their failure to find the Carter Page FISA culprit

And if DOJ believes they couldn’t prove a real case against Wolfe because of his operational security, they may use it to go after Signal and other encrypted messaging apps.

That’s because Wolfe managed to hide a great deal of his communications with journalists until they had sufficient evidence for a Rule 41 warrant to search his phone (which may well mean they hacked his phone). Here’s what it took to get Wolfe’s Signal texts.

Once the government discovered that Wolfe was dating Watkins, they needed to find a way to investigate him without letting him know he was a target, which made keeping classified information particularly difficult. An initial step involved meeting with him to talk about the leak investigation — purportedly of others — which they used as an opportunity to image his phone.

The FBI obtained court authority to conduct a delayed-notice search warrant pursuant to 18 U.S.C. § 3103a(b), which allowed the FBI to image Wolfe’s smartphone in October 2017. This was conducted while Wolfe was in a meeting with the FBI in his role as SSCI Director of Security, ostensibly to discuss the FBI’s leak investigation of the classified FISA material that had been shared with the SSCI. That search uncovered additional evidence of Wolfe’s communications with REPORTER #2, but it did not yet reveal his encrypted communications with other reporters.

Imaging the phone was not sufficient to discover his Signal texts.

Last December and this January, the FBI had two more interviews with Wolfe where they explicitly asked him questions about the investigation. At the first one, even after he admitted his relationship with Watkins, Wolfe lied about the conversations he continued to have on Signal.

The government was able to recover and view a limited number of these encrypted conversations only by executing a Rule 41 search warrant on the defendant’s personal smartphone after his January 11, 2018 interview with the FBI. It is noteworthy that Signal advertises on its website that its private messaging application allows users to send messages that “are always end-to-end encrypted and painstakingly engineered to keep your communication safe. We [Signal] can’t read your messages or see your calls, and no one else can either.” See Signal Website, located at https://signal.org. The government did not recover or otherwise obtain from any reporters’ communications devices or related records the content of any of these communications.

Then, in a follow-up meeting, he continued to lie, after which they seized his phone and found “fragments” of his Signal conversations.

It is noteworthy that Wolfe continued to lie to the FBI about his contacts with reporters, even after he was stripped of his security clearances and removed from his SSCI job – when he no longer had the motive he claimed for having lied about those contacts on December 15. During a follow-up voluntary interview at his home on January 11, 2018, Wolfe signed a written statement falsely answering “no” to the question whether he provided REPORTER #2 “or any unauthorized person, in whole or in part, by way of summary, or verbal [or] non-verbal confirmation, the contents of any information controlled or possessed by SSCI.” On that same day, the FBI executed a second search warrant pursuant to which it physically seized Wolfe’s personal telephone. It was during this search, and after Wolfe had spoken with the FBI on three separate occasions about the investigation into the leak of classified information concerning the FISA application, that the FBI recovered fragments of his encrypted Signal communications with REPORTERS #3 and #4.

They specify that this second warrant was a Rule 41 warrant, which would mean it’s possible — though by no means definite — that they hacked the phone.

The government was able to recover and view a limited number of these encrypted conversations only by executing a Rule 41 search warrant on the defendant’s personal smartphone after his January 11, 2018 interview with the FBI. It is noteworthy that Signal advertises on its website that its private messaging application allows users to send messages that “are always end-to-end encrypted and painstakingly engineered to keep your communication safe. We [Signal] can’t read your messages or see your calls, and no one else can either.” See Signal Website, located at https://signal.org.

Mind you, this still doesn’t tell us much (surely by design). In another mention, they note Signal’s auto-delete functionality.

Given the nature of Signal communications, which can be set to delete automatically, and which are difficult to recover once deleted, it is impossible to tell the extent of Wolfe’s communications with these two reporters. The FBI recovered 626 Signal communications between Wolfe and REPORTER #3, and 106 Signal communications between Wolfe and REPORTER #4.

Yet it remains unclear (though probably likely) that the “recovered” texts were Signal (indeed, given that he was lying and the only executed the Rule 41 warrant after he had been interviewed a second time, he presumably would have deleted them then if not before). DOJ’s reply memo also reveals that Wolfe deleted a ton of his texts to Watkins, as well.

The defendant and REPORTER #2 had an extraordinary volume of contacts: in the ten months between December 1, 2016, and October 10, 2017, alone, they exchanged more than 25,750 text messages and had 556 phone calls, an average of more than 83 contacts per day. The FBI was unable to recover a significant portion of these text messages because they had been deleted by the defendant.

All of this is to say two things: first, the government would not pick up Signal texts — at least not deleted ones — from simply imaging a phone. Then, using what they specify was a Rule 41 warrant that could indicate hacking, they were able to obtain Signal. At least some of the Signal texts the government has revealed pre-date when his phone was imaged.

That’s still inconclusive as to whether Wolfe had deleted Signal texts and FBI was able to recover some of them, or whether they were unable to find Signal texts that remained on his phone when they imaged it in October.

Whichever it is, it seems clear that they required additional methods (and custody of the phone) to find the Signal texts revealing four relationships with journalists he had successfully hidden until that point.

Which is why I worry that the government will claim it was unable to solve the investigation into who leaked Carter Page’s FISA order because of Signal, and use that claim as an excuse to crack down on the app.

On Emmet Sullivan’s Order for Mike Flynn’s 302s: Be Careful What You Ask For

In his sentencing memorandum, Mike Flynn waved the following in front of Judge Emmet Sullivan, like a red cape before a bull.

There are, at the same time, some additional facts regarding the circumstances of the FBI interview of General Flynn on January 24, 2017, that are relevant to the Court’s consideration of a just punishment.

At 12:35 p.m. on January 24, 2017, the first Tuesday after the presidential inauguration, General Flynn received a phone call from then-Deputy Director of the FBI, Andrew McCabe, on a secure phone in his office in the West Wing.20 General Flynn had for many years been accustomed to working in cooperation with the FBI on matters of national security. He and Mr. McCabe briefly discussed a security training session the FBI had recently conducted at the White House before Mr. McCabe, by his own account, stated that he “felt that we needed to have two of our agents sit down” with General Flynn to talk about his communications with Russian representatives.21

Mr. McCabe’s account states: “I explained that I thought the quickest way to get this done was to have a conversation between [General Flynn] and the agents only. I further stated that if LTG Flynn wished to include anyone else in the meeting, like the White House Counsel for instance, that I would need to involve the Department of Justice. [General Flynn] stated that this would not be necessary and agreed to meet with the agents without any additional participants.”22

Less than two hours later, at 2:15 p.m., FBI Deputy Assistant Director Peter Strzok and a second FBI agent arrived at the White House to interview General Flynn.23 By the agents’ account, General Flynn was “relaxed and jocular” and offered to give the agents “a little tour” of the area around his West Wing office. 24 The agents did not provide General Flynn with a warning of the penalties for making a false statement under 18 U.S.C. § 1001 before, during, or after the interview. Prior to the FBI’s interview of General Flynn, Mr. McCabe and other FBI officials “decided the agents would not warn Flynn that it was a crime to lie during an FBI interview because they wanted Flynn to be relaxed, and they were concerned that giving the warnings might adversely affect the rapport,” one of the agents reported.25 Before the interview, FBI officials had also decided that, if “Flynn said he did not remember something they knew he said, they would use the exact words Flynn used, . . . to try to refresh his recollection. If Flynn still would not confirm what he said, . . . they would not confront him or talk him through it.”26 One of the agents reported that General Flynn was “unguarded” during the interview and “clearly saw the FBI agents as allies.”27

He cited a memo that fired FBI Deputy Director Andrew McCabe wrote the day of Flynn’s interview and the interview report (called a “302”) that fired FBI Special Agent Peter Strzok had a hand in writing up in August 2017, some seven months after the interview.

In response, the judge in his case, Emmet Sullivan, issued an order asking not just for those two documents, but any documents related to the matters Flynn writes up, to be filed by tomorrow, along with the government’s reply to his memorandum.

And so it is that on the one year anniversary of the order Sullivan issued to ensure that Flynn got any exculpatory information relating to his plea, that the hopes among the frothy right that Flynn’s prosecution (including for lying about his sleazy influence peddling with Turkey) will be delegitimized and with it everything that happened subsequent to Flynn’s plea might be answered.

Or maybe not.

For those unfamiliar with his background, back in the waning years of the Bush Administration, Sullivan presided over the Ted Stevens’ prosecution. After Stevens was convicted, DOJ started ‘fessing up to a bunch of improprieties, which led Sullivan (on newly confirmed Eric Holder’s recommendation) to throw out the conviction. Sullivan demanded a report on the improprieties, which ended up being a scathing indictment of DOJ’s actions (that nevertheless didn’t lead to real consequences for those involved). Since that time, Sullivan has been wary of DOJ’s claims, which has led him to do things like routinely issue the order he did with Flynn’s case, making sure that defendants get any exculpatory evidence they should get.

Regardless of how this request works out, you should applaud Sullivan’s diligence. He’s one of just a few judges who approaches the government with the skepticism they deserve. And to the extent that problems with our criminal justice system only get noticed when famous people go through it, it’s important that this one be treated with such diligence.

Still, those problems include both abuse, like we saw in the Stevens case, and special treatment, like David Petraeus got, and it’s actually unclear whether Sullivan’s request will uncover one or the other (or neither). I say that for several reasons.

First, because the public evidence suggests that — if anything — Obama’s appointees demanded FBI proceed cautiously in their investigation of Trump’s people, delaying what in any other case would have been routine early collection. When FBI discovered Flynn making suspicious comments to Sergei Kislyak, concerns about how to proceed went all the way up to Obama.

Moreover, contrary to most reporting on this interview, the FBI’s suspicions about Flynn did not arise exclusively from his calls to Kislyak. The interview happened after a counterintelligence investigation into Flynn had been open for months, as laid out by the House Intelligence Committee Russia report.

Director Comey testified that he authorized the closure of the CI investigation into general Flynn by late December 2016; however, the investigation was kept open due to the public discrepancy surrounding General Flynn’s communications with Ambassador Kislyak. [redacted] Deputy Director McCabe stated that, “we really had not substantiated anything particularly significant against General Flynn,” but did not recall that a closure of the CI investigation was imminent.

If McCabe believed the CI investigation into Flynn had produced mostly fluff, it might explain why he would approach setting up an interview with him with less than the rigor that he might have (as arguably happened with Hillary in the analogous situation). He didn’t expect there to be a there there, but then there was (remember, Jim Comey has repeatedly said that the one thing that might have led the Hillary investigation to continue past her interview as if they caught her lying; the difference is that Flynn told obvious lies whereas Hillary did not).

Finally, there’s one other, major reason to think this ploy may not work out the way Flynn might like. That’s because the frothy right, its enablers in Congress, and the White House itself has pursued this line for most of a year. Particularly in the wake of Flynn’s cooperation agreement, claiming that Flynn was just confused or forgetful when he spoke to the FBI has been central to Trump’s serial cover stories for why he fired Flynn.

So Republicans hoping to find the smoking gun have looked and looked and looked and looked and looked at the circumstances of Mike Flynn’s interview. Already by March of last year, they had resorted only to misstating Comey’s testimony about what happened in the HPSCI report.

Director Comey testified to the Committee that “the agents … discerned no physical indications of deception. They didn’t see any change in posture, in tone, in inflection, in eye contact. They saw nothing that indicated to them that he knew he was lying to them.”

Nothing in the report — which now includes a section substantially declassified to reveal more purportedly incriminating details about Flynn — suggests real impropriety with his interview.

Even in that very same paragraph, they quote McCabe (the guy who wrote up a memo that same day, which is probably what Sally Yates relied on when she suggested to the White House they needed to fire Flynn) stating very clearly that the FBI agents recognized that Flynn had lied.

McCabe confirmed the interviewing agent’s initial impression and stated that the “conundrum that we faced on their return from the interview is that although [the agents] didn’t detect deception in the statements that he made in the interview … the statements were inconsistent with our understanding of the conversation that he had actually had with the ambassador.”

The degree to which, after looking and looking and looking and looking for some smoking gun relating to the Flynn interview but finding very little is perhaps best indicated by where that search has gotten after looking and looking and looking and looking — as most recently exhibited in Jim Comey’s questioning from a week ago, by the Republicans’ best prosecutor, Trey Gowdy. After (apparently) hoping to catch Comey lying about what investigators thought when the lifetime intelligence officer managed to lie without any tells but instead leading him through a very cogent explanation of it, Gowdy then resorts to sophistry about what day of the week it is.

Mr. Gowdy. Who is Christopher Steele? Well, before I go to that, let me ask you this.

At any — who interviewed General Flynn, which FBI agents?

Mr. Comey. My recollection is two agents, one of whom was Pete Strzok and the other of whom is a career line agent, not a supervisor.

Mr. Gowdy. Did either of those agents, or both, ever tell you that they did not adduce an intent to deceive from their interview with General Flynn?

Mr. Comey. No.

Mr. Gowdy. Have you ever testified differently?

Mr. Comey. No.

Mr. Gowdy. Do you recall being asked that question in a HPSCI hearing?

Mr. Comey. No. I recall — I don’t remember what question I was asked. I recall saying the agents observed no indicia of deception, physical manifestations, shiftiness, that sort of thing.

Mr. Gowdy. Who would you have gotten that from if you were not present for the interview?

Mr. Comey. From someone at the FBI, who either spoke to — I don’t think I spoke to the interviewing agents but got the report from the interviewing agents.

Mr. Gowdy. All right. So you would have, what, read the 302 or had a conversation with someone who read the 302?

Mr. Comey. I don’t remember for sure. I think I may have done both, that is, read the 302 and then spoke to people who had spoken to the investigators themselves. It’s possible I spoke to the investigators directly. I just don’t remember that.

Mr. Gowdy. And, again, what was communicated on the issue of an intent to deceive? What’s your recollection on what those agents relayed back?

Mr. Comey. My recollection was he was — the conclusion of the investigators was he was obviously lying, but they saw none of the normal common indicia of deception: that is, hesitancy to answer, shifting in seat, sweating, all the things that you might associate with someone who is conscious and manifesting that they are being — they’re telling falsehoods. There’s no doubt he was lying, but that those indicators weren’t there.

Mr. Gowdy. When you say “lying,” I generally think of an intent to deceive as opposed to someone just uttering a false statement.

Mr. Comey. Sure.

Mr. Gowdy. Is it possible to utter a false statement without it being lying?

Mr. Comey. I can’t answer — that’s a philosophical question I can’t answer.

Mr. Gowdy. No, I mean, if I said, “Hey, look, I hope you had a great day yesterday on Tuesday,” that’s demonstrably false.

Mr. Comey. That’s an expression of opinion.

Mr. Gowdy. No, it’s a fact that yesterday was —

Mr. Comey. You hope I have a great day —

Mr. Gowdy. No, no, no, yesterday was not Tuesday.

Then Gowdy tries a new tack: suggesting that Flynn should have gotten the agents’ finding that he lied without any physical tells provided as some kind of Brady evidence.

Mr. Gowdy. And, again — because I’m afraid I may have interrupted you, which I didn’t mean to do — your agents, it was relayed to you that your agents’ perspective on that interview with General Flynn was what? Because where I stopped you was, you said: He was lying. They knew he was lying, but he didn’t have the indicia of lying.

Mr. Comey. Correct. All I was doing was answering your question, which I understood to be your question, about whether I had previously testified that he — the agents did not believe he was lying. I was trying to clarify. I think that reporting that you’ve seen is the product of a garble. What I recall telling the House Intelligence Committee is that the agents observed none of the common indicia of lying — physical manifestations, changes in tone, changes in pace — that would indicate the person I’m interviewing knows they’re telling me stuff that ain’t true. They didn’t see that here. It was a natural conversation, answered fully their questions, didn’t avoid. That notwithstanding, they concluded he was lying.

Mr. Gowdy. Would that be considered Brady material and hypothetically a subsequent prosecution for false statement?

Mr. Comey. That’s too hypothetical for me. I mean, interesting law school question: Is the absence of incriminating evidence exculpatory evidence? But I can’t answer that question.

I mean, maybe there are some irregularities explaining why it took seven months to write up Flynn’s 302 and how information about the interview was shared within DOJ in the interim; if there is I’d like to know what those are. But what everyone seems to agree is that there was no dispute, from the very beginning, that Flynn lied.

And Flynn’s statement actually makes things worse for himself (and, importantly, for one of the White House cover stories that his firing was immediately precipitated by Don McGahn confronting him with the transcript of his conversation with Kislyak). Flynn’s own sentencing memo makes it clear the FBI Agents were quoting directly from the transcript about what he said.

FBI officials had also decided that, if “Flynn said he did not remember something they knew he said, they would use the exact words Flynn used, . . . to try to refresh his recollection. If Flynn still would not confirm what he said, . . . they would not confront him or talk him through it.”

So Flynn would have known, way back when the White House was trying to find excuses to keep him on, precisely what he had been caught saying.

Finally, remember two more details. While we can’t read it, Sullivan (and Flynn’s team) know what’s behind this redaction:

That means Sullivan knows, even if we don’t, why Mueller thinks it so important that Flynn lied, and so may have a very different understanding about the import of those lies.

Finally, note that along with requiring the government to turn over all the filings relating to his interview (not just the two Flynn selectively quoted from), Sullivan also instructed the government to file their reply to Flynn’s sentencing memo by the same time.

DOJ has never had the opportunity to write its own explanation for what happened with Flynn’s interview. By inviting a reply specifically in the context of this Flynn claim, Sullivan has given DOJ the opportunity to do just that, finally.

DOJ may have a very interesting explanation for why they approached a counterintelligence interview with a guy they might have considered one of them with jocularity.

Sure, there may yet be damning details. As I’ve said, I really look forward to learning why it took seven months to formally memorialize this interview.

But the GOP has been looking for a smoking gun for a year and have not apparently found one. It’s quite possible we’ll learn something else tomorrow, that Mike Flynn actually got special treatment that none of us would get if we were suspected of being recruited by Russian intelligence.

At the very least, Sullivan’s order may result in documentation that reveals just how shoddy all the claims irregularity surrounding Flynn’s interview have been all this time.

Update: Elevating this from pinc’s comment. If DOJ chooses to tell a story that at all resembles Greg Miller’s account of the meeting (including that Flynn specifically said he didn’t want to have a lawyer of any type present), then this could spectacularly backfire.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Peter Smith Had a Penchant for Secrecy, But Whence Might Be More Interesting Than How

After a long period of press disinterest in the Peter Smith operation during election year, the WSJ has an important story that describes that “investigators” are (predictably) showing intense interesting in the Republican rat-fucker’s efforts, which extended to working with presumed Russian hackers, to find Hillary’s deleted emails.

Before I address the headline claim of the story — about Smith’s secrecy — I’d like to lay out what the story actually describes.

Way at the end of the story, it provides evidence that casts doubt on the claim Smith killed himself last year — an on the record quote from retired Wall Street financier Charles Ortel, who had been involved in the anti-Clinton effort, describing correspondence with Smith in the days before he died laying out optimistic future plans.

As regards the Clinton email effort itself, the story says that the Smith effort “remain[s] of intense interest to federal investigators working for special counsel Robert Mueller’s office and on Capitol Hill,” suggesting it relies on both Hill sources and people who know what Mueller is up to (the latter of which up to this point, has always been mediated through witnesses). In key places in the story, it conflates those two investigations, which doesn’t necessarily mean witnesses making claims about Mueller’s intensifying focus are wrong, but does show real sloppiness on the part of the reporting, which invites some skepticism about the significance of the conclusions offered (including the article’s focus on Mike Flynn role in Smith’s rat-fuck; click through to read that).

People familiar with the investigations described Mr. Smith’s activities as an area of expanding interest.

The article also relies on documents, which it describes to include emails and court records, including:

  • Court records involving Smith associate John Szobocsan’s efforts to get Smith’s estate to repay him for legal fees associated with three interviews with the Mueller team and an August grand jury appearance (which is pretty good evidence of Mueller’s focus, though not why).
  • Correspondence showing Smith asking associates to “folder,” writing drafts in a Gmail account under the fake name of Robert Tyler, that both the associates and Smith had access to.
  • “[A]n email in the ‘Robert Tyler’ [foldering] account [showing] Mr. Smith obtained $100,000 from at least four financiers as well as a $50,000 contribution from Mr. Smith himself.” The email was dated October 11, 2016 and has the subject line, “Wire Instructions—Clinton Email Reconnaissance Initiative.” It came from someone calling himself “ROB,” describing the funding as supporting “the Washington Scholarship Fund for the Russian students.” The email also notes, “The students are very pleased with the email releases they have seen, and are thrilled with their educational advancement opportunities.” The WSJ states that Ortel is not among the funders named in the email, which means they know who the other four funders are (if one or more were a source for the story, it might explain why WSJ is not revealing that really critical piece of news).

The WSJ really bolloxes describing the significance of the timing of this email as coming,

just days after WikiLeaks and the website DCLeaks began releasing emails damaging to Mrs. Clinton’s campaign and four days after the U.S. government publicly warned that Russia was attempting to interfere in the U.S. election

What it means is that it came just four days after the Podesta emails first started coming out, suggesting that the reference to Russian students is actually code for happiness about the emails already being released by the Russians.

For reasons I’ll return to, the suggestion Smith and his fellow rat-fuckers appear to have been using code to discuss already released emails that were neither Clinton Foundation nor deleted emails are really interesting.

With all that in mind, here are Smith’s adopted methods of secrecy (beyond whatever funding methods are described in the email; Buzzfeed talked about different suspicious transactions here):

  • The apparent code used by an unidentified person, which appears to show conspirators speaking about stolen emails in the guise of a student fund in DC
  • Foldering — a method for which law enforcement has had effective countermeasures that have been widely publicized since the David Petraeus case, the use of which Smith committed to correspondence that got shared outside of the immediate conspirators
  • A burner phone or phone number: “one phone number that he used for sensitive matters”
  • Proton Mail or similar: “a commercially available encrypted email account”
  • Encryption not described to be anything beyond typical full disk encryption (but which could be PGP)

The code is interesting and perhaps intentionally damning. But fat lot of good either the code or the foldering does if the emails in question bear the smoking gun subject line, “Wire Instructions—Clinton Email Reconnaissance Initiative,” to say nothing of the correspondence that commits to writing that they’re using foldering. Indeed, using code in an email with an uncoded subject line is the opposite of good operational security; it serves instead as a blinking red light telling investigators where to look and that the code is code. “Bobby Three Sticks Read Me!!!”

As for the other things — basically the use of encryption and a burner that, given that it was discovered, wasn’t narrowly enough executed — they show an effort to use secrecy. But not a successful effort to do so.

Further, with regards to encryption, this Politico article from last year reveals Royal O’Brien (who, except for the context, might be a candidate to be the October 11 email described by WSJ) advising Smith about PGP, which suggests any non-commercial encryption may have been adopted after key parts of the conspiracy took place.

In an email chain from October obtained by Politico, Smith sought the advice of a tech-savvy business associate about concerns that WikiLeaks had been attacked by hackers. In the email, the associate, Royal O’Brien, a Jacksonville-based programmer Smith described as a dark web expert, advised Smith about the use of PGP keys for encryption and opined that anyone who launched an attack on WikiLeaks would likely face stiff blowback from the group’s web-savvy supporters.

All of this leads me to be more interested in where the methods adopted imperfectly by this 80 year old came from than that he did. An obvious candidate is Chuck Johnson, whose cooperation with the Smith rat-fuck is detailed in the Politico article, and whose businesses have all been shutting down in recent months, and whose defense attorney did not respond to a question from me last week about whether he still represents Johnson. Though Johnson, and his Nazi friend living in Ukraine, Weev, are better at operational security than what the WSJ describes here.

Someone got this old rat-fucker to use just enough secrecy to serve as signposts for the interesting bits.

I’m as interested in who provided that advice (and when) as I am in the identity of the four donors whom WSJ must know but isn’t sharing.

As I said in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Two Legitimacy Problems with the Nghia Pho Sentence

Nghia Pho was sentenced to 5 years and 6 months yesterday. He is presumed to have been one of the sources for the files released by Shadow Brokers (though I have been told he couldn’t be the sole source).

The government had asked for 8 years, just a month short of the top of the guidelines for the crime to which he pled guilty (though the government could have charged him much more aggressively and gotten far more time). In sentencing Pho, however, Judge George Russell seemed persuaded by Pho attorney Robert Bonsib’s point that David Petraeus did no jail time for what actually would have been a worse offense had he also been charged with sharing with his mistress the code word intelligence he mishandled and then lying about both to the FBI, as well as if the government admitted that the information Petraeus shared actually did show up in Paula Broadwell’s hagiography of the general.

Russell seemed particularly perturbed that former CIA Director David Petraeus managed to get probation after admitting he kept highly classified information in his home without permission, shared it with his girlfriend and lied to investigators.

“Did he do one day in prison?” the clearly frustrated judge asked. “Not one day. … What happened there? I don’t know. The powerful win over the powerless? … The people at the top can, like, do whatever they want to do and walk away.”

Admittedly, the unstated presumption that Pho’s mishandling of NSA’s hacking tools led to first their leak then the downstream malware attacks tied to them seems to justify the government’s call for a harsh sentence and is reflected in statements from both Russell and prosecutor.

Russell called Pho’s actions “extraordinarily serious.” He also rejected claims that it was an isolated mistake, noting that Pho took the top-secret material to his home for years.

[snip]

Little was said at Tuesday’s hearing about what information may have escaped Pho’s control or where it wound up, although Windom used very strong language about the impact of Pho’s actions, calling it “devastating.”

And it also explains the language of Pho’s remorse — denying the things that might have been suspected of the release.

“I admit it but I do not betray the U.S.A.,” the white-haired, glasses-wearing engineer said in broken English. “I do not betray this country. … I do not send anything to anybody or on the internet. I do not make profit on this information. … I cannot damage this country.”

It also might explain the terms of the plea agreement, one part of which remains sealed.

There’s something that remains unexplained, however — at least not credibly. Pho continues to claim that he brought the NSA’s hacking tools home because he needed them to write his Employee Performance Assessments. (h/t Josh Gerstein for obtaining the documents)

I need extra times and information about what I worked on, cut and paste, to create a good EPA at home and hope that I will have a chance to be promoted this time hence I received a good high-three average salaries before I go to the retirement in next four years (2019) when my clearance will be expired.

I was devoted to EPA promotion, encircle by EPA/promotion and the last high-three salaries that made me blind to violate the security policy of the Agency.

But as the government noted in their sentencing memo, this was not a one-off in advance of writing a yearly EPA. Rather, Pho continued doing this over the course of five years, and did so with materials unrelated to his work.

For a period of at least five years, the defendant removed Top Secret and Sensitive Compartmented Information (“SCI”) from secure space at the National Security Agency (“NSA”) and retained it in his home–an unsecure residence.

[snip]

This assertion [that he did this solely for EPAs] is belied by the facts. The defendant did not take home and retain classified information consistently for five years to work on an annual performance review. This argument especially does not apply to the classified material found in his home that was unrelated to his work or any personnel evaluation. [citations removed]

The government also notes that Pho knew better than to load these materials onto his computer (as a guy who coded malware, that should be all the more true).

The defendant claims that he stored massive troves of classified information at his home without the intention of placing national security at risk. The defendant goes so far as to say, directly, that he “did handle the information with care.” His actions speak to his intentions, and the facts do not support his contentions. For years, the defendant received training on how and where to store classified information and on why such precautions were critical to protecting national security. The defendant well knew that the mere removal of classified information from secure spaces, in itself, could endanger national security, and that retaining classified information in an unsecure location compounded this danger. Indeed, in his plea agreement, the defendant admitted that his extensive training informed him that “unauthorized removal of classified materials and transportation and storage of those materials in unauthorized locations risked disclosure and transmission of those materials, and therefore could endanger the national security of the United States and the safety of its citizens.

This is a point that Admiral Rogers repeated in his (March 5) letter on the sentencing.

Mind you, even a year after Pho was discovered, it was still possible for even a translator to stick thumb drives into Top Secret computers at Fort Meade, as evidenced by Reality Winner’s actions (actions that were not charged). In the same way that Pho knew well that putting hacking tools on a computer attached to the Internet would be colossally stupid, the government itself has known the risks of leaving computers accessible to removable media since before Chelsea Manning’s leaks. They’re not exactly in a position to lecture.

That said, there’s something that still doesn’t add up about this and Pho’s claimed motive for it, which may be why when this story first broke, three different theories for why he brought the files home got leaked to the press. Maybe it was just ego fed by resentment that he (as reported in his letter) wasn’t getting promotions at the same rate as his colleagues, which doesn’t make for a very good excuse to having exposed the NSA’s crown jewels.

 

In media res: the FBI’s WannaCry Attribution

I’ve been working through the complaint charging Park Jin Hyok with a slew of hacking attributed to the Lazarus group associated with North Korea. Reading it closely has led me to be even less convinced about the government’s attribution of the May 2017 WannaCry outbreak to North Korea. It’s going to take me a series of posts (and some chats with actual experts on this topic) to explain why. But for now, I want to point to a really suspect move the complaint makes.

The FBI’s proof that Park and Lazarus and North Korea did WannaCry consists, speaking very broadly, of proof that the first generation of the WannaCry malware shared some key elements with other attacks attributed to Lazarus, and then an argument that the subsequent two generations of WannaCry were done by the same people as the first one. While the argument consists of a range of evidence and this post vastly oversimplifies what the FBI presents, three key moves in it are:

  • The earlier generations of WannaCry are not known to be publicly available
  • Subjects using a known Lazarus IP address were researching how to exploit the Microsoft vulnerability in the weeks before the attack
  • Both WannaCry versions 1 and 2 cashed out Bitcoin in a similar way (which the complaint doesn’t describe)

For now, I’m just interested in that middle point, which the complaint describes this way:

221. On March 14, 2017, Microsoft released a patch for a Server Message Block (SMB) vulnerability that was identified as CVE-2017-0144 on its website, https://technet.microsoft.com/en-us/library/security/ms17-010.aspx. Microsoft attempted to remedy the vulnerability by releasing patches to versions of Microsoft Windows operating systems that Microsoft supported at the time. Patches were not initially released for older versions of Windows that were no longer supported, such as Windows XP and Windows 8.

222. The next month, on April 15, 2017, an exploit that targeted the CVE-2017-0144 vulnerability (herein the “CVE-2017-0144 exploit”) was publicly released by a group calling itself the “Shadow Brokers.”

223. On April 18, 2017 and April 21, 2017, a senior security analyst at private cyber security company RiskSense, Inc. (“RiskSense”) posted research on that exploit on his website: https://zerosum0x0.blogspot.com.

224. On May 9, 2017, RiskSense released code on the website github.com with the stated purpose of allowing legal “white hat” penetration testers to test the CVE-2017-0144 exploit on unpatched systems. Essentially, RiskSense posted source code that its employees had reverse-engineered for the CVE-2017-0144 exploit, which cyber security researchers could then use to test vulnerabilities in client computer systems. I know based on my training and experience that penetration testers regularly seek to exploit vulnerabilities with their customers’ consent as a proof-of-concept to demonstrate how hackers could illegally access their customers’ systems.

225. On May 12, 2017, a ransomware attack called “WannaCry” (later identified as “WannaCry Version 2,” as discussed below) began affecting computers around the globe.

[snip]

242. Records that I have obtained show that the subjects of this investigation were monitoring the release of the CVE-2017-0144 exploit and the efforts by cyber researchers to develop the source code that was later packaged into WannaCry Version 2:

a. On numerous days between March 23 and May 12, 2017, a subject using North Korean IP Address #6 visited technet.microsoft.com, the general domain where Microsoft hosted specific webpages that provide information about Microsoft products, including information on Windows vulnerabilities (including CVE-2017-0144), although the exact URL or whether the information on this particular CVE was being accessed is not known.

b. On April 23, April 26, May 10, May 11, and May 12, 2017, a subject using North Korean IP Address #6 visited the blog website zerosum0x0.blogspot.com, where, on April 18, 2017 and 21, 2017, a RiskSense researcher had posted information about research into the CVE-2017-0144 exploit and progress on reverse-engineering the exploit; RiskSense subsequently released the exploit code on GitHub.com.

According to the in media res story told by the FBI, the following is the chronology:

March 14: Microsoft drops a vulnerability seemingly out of the blue without publicly calling attention to it

Starting on March 23: Someone using known Lazarus IP address #6 tracks Microsoft’s vulnerabilities reports (note, the FBI doesn’t mention whether this was typical behavior or unique for this period)

April 15: Shadow Brokers releases the Eternal Blue exploit

April 18 and 23: RiskSense releases a reverse engineered version of Eternal Blue

Starting on April 23 and leading up to May 12: Someone using that same known Lazarus IP #6 makes a series of visits to the RiskSense site that released an exploit reverse engineered off the Shadow Brokers release

May 12: A version of WannaCry spreads across the world using the RiskSense exploit

Of course, that’s not how things really happened. FBI neglects to mention that on January 8, Shadow Brokers offered to auction off files that NSA knew included the SMB exploit that Microsoft issued a patch for on March 14.

Along with that important gap in the narrative, the FBI Agent who wrote the affidavit behind this complaint, Nathan Shields, is awfully coy in describing Shadow Brokers simply as “a group calling itself the ‘Shadow Brokers.'” While the complaint remained sealed for three months, by June 8, 2018, when the affidavit was written, the FBI assuredly knew far more about Shadow Brokers than that it was a group with a spooky name.

As public proof, DOJ signed a plea agreement with Nghia Pho on November 29 of last year. Pho was reportedly the guy from whose home computer some of these same files were stolen. While the publicly released plea has no cooperation agreement, the plea included a sealed supplement, which given the repeated delays in sentencing, likely did include a cooperation agreement.

Pho is due to be sentenced next Tuesday. The sentencing memos in the case remain sealed, but it’s clear from the docket entry for Pho’s that he’s making a bid to be treated in the same way that David Petraeus and John Deutsch were — that is, to get a misdemeanor treatment and probation for bringing code word documents home to store in an unlocked desk drawer — which would be truly remarkable treatment for a guy who allegedly made NSA’s hacking tools available for theft.

And while it’s possible that FBI Agent Shields doesn’t know anything more about what the government knows about Shadow Brokers than that it has a spooky name, some of the folks who quoted in the dog-and-pony reveal of this complaint on September 6, not least Assistant Attorney General John Demers, do know whatever else the government knows about Shadow Brokers.

Including that the announcement of the sale of Eternal Blue on January 8 makes the searches on Microsoft’s site before the exploit was actually released on April 15 one of the most interesting details in this chronology. There are lots of possible explanations for the fact that someone was (as the FBI’s timeline suggests) searching Microsoft’s website for a vulnerability before the import of it became publicly known.

But when you add the January 8 Shadow Brokers post to the timeline, it makes culprits other than North Korea far more likely than the FBI affidavit makes out.