Posts

On Emmet Sullivan’s Order for Mike Flynn’s 302s: Be Careful What You Ask For

In his sentencing memorandum, Mike Flynn waved the following in front of Judge Emmet Sullivan, like a red cape before a bull.

There are, at the same time, some additional facts regarding the circumstances of the FBI interview of General Flynn on January 24, 2017, that are relevant to the Court’s consideration of a just punishment.

At 12:35 p.m. on January 24, 2017, the first Tuesday after the presidential inauguration, General Flynn received a phone call from then-Deputy Director of the FBI, Andrew McCabe, on a secure phone in his office in the West Wing.20 General Flynn had for many years been accustomed to working in cooperation with the FBI on matters of national security. He and Mr. McCabe briefly discussed a security training session the FBI had recently conducted at the White House before Mr. McCabe, by his own account, stated that he “felt that we needed to have two of our agents sit down” with General Flynn to talk about his communications with Russian representatives.21

Mr. McCabe’s account states: “I explained that I thought the quickest way to get this done was to have a conversation between [General Flynn] and the agents only. I further stated that if LTG Flynn wished to include anyone else in the meeting, like the White House Counsel for instance, that I would need to involve the Department of Justice. [General Flynn] stated that this would not be necessary and agreed to meet with the agents without any additional participants.”22

Less than two hours later, at 2:15 p.m., FBI Deputy Assistant Director Peter Strzok and a second FBI agent arrived at the White House to interview General Flynn.23 By the agents’ account, General Flynn was “relaxed and jocular” and offered to give the agents “a little tour” of the area around his West Wing office. 24 The agents did not provide General Flynn with a warning of the penalties for making a false statement under 18 U.S.C. § 1001 before, during, or after the interview. Prior to the FBI’s interview of General Flynn, Mr. McCabe and other FBI officials “decided the agents would not warn Flynn that it was a crime to lie during an FBI interview because they wanted Flynn to be relaxed, and they were concerned that giving the warnings might adversely affect the rapport,” one of the agents reported.25 Before the interview, FBI officials had also decided that, if “Flynn said he did not remember something they knew he said, they would use the exact words Flynn used, . . . to try to refresh his recollection. If Flynn still would not confirm what he said, . . . they would not confront him or talk him through it.”26 One of the agents reported that General Flynn was “unguarded” during the interview and “clearly saw the FBI agents as allies.”27

He cited a memo that fired FBI Deputy Director Andrew McCabe wrote the day of Flynn’s interview and the interview report (called a “302”) that fired FBI Special Agent Peter Strzok had a hand in writing up in August 2017, some seven months after the interview.

In response, the judge in his case, Emmet Sullivan, issued an order asking not just for those two documents, but any documents related to the matters Flynn writes up, to be filed by tomorrow, along with the government’s reply to his memorandum.

And so it is that on the one year anniversary of the order Sullivan issued to ensure that Flynn got any exculpatory information relating to his plea, that the hopes among the frothy right that Flynn’s prosecution (including for lying about his sleazy influence peddling with Turkey) will be delegitimized and with it everything that happened subsequent to Flynn’s plea might be answered.

Or maybe not.

For those unfamiliar with his background, back in the waning years of the Bush Administration, Sullivan presided over the Ted Stevens’ prosecution. After Stevens was convicted, DOJ started ‘fessing up to a bunch of improprieties, which led Sullivan (on newly confirmed Eric Holder’s recommendation) to throw out the conviction. Sullivan demanded a report on the improprieties, which ended up being a scathing indictment of DOJ’s actions (that nevertheless didn’t lead to real consequences for those involved). Since that time, Sullivan has been wary of DOJ’s claims, which has led him to do things like routinely issue the order he did with Flynn’s case, making sure that defendants get any exculpatory evidence they should get.

Regardless of how this request works out, you should applaud Sullivan’s diligence. He’s one of just a few judges who approaches the government with the skepticism they deserve. And to the extent that problems with our criminal justice system only get noticed when famous people go through it, it’s important that this one be treated with such diligence.

Still, those problems include both abuse, like we saw in the Stevens case, and special treatment, like David Petraeus got, and it’s actually unclear whether Sullivan’s request will uncover one or the other (or neither). I say that for several reasons.

First, because the public evidence suggests that — if anything — Obama’s appointees demanded FBI proceed cautiously in their investigation of Trump’s people, delaying what in any other case would have been routine early collection. When FBI discovered Flynn making suspicious comments to Sergei Kislyak, concerns about how to proceed went all the way up to Obama.

Moreover, contrary to most reporting on this interview, the FBI’s suspicions about Flynn did not arise exclusively from his calls to Kislyak. The interview happened after a counterintelligence investigation into Flynn had been open for months, as laid out by the House Intelligence Committee Russia report.

Director Comey testified that he authorized the closure of the CI investigation into general Flynn by late December 2016; however, the investigation was kept open due to the public discrepancy surrounding General Flynn’s communications with Ambassador Kislyak. [redacted] Deputy Director McCabe stated that, “we really had not substantiated anything particularly significant against General Flynn,” but did not recall that a closure of the CI investigation was imminent.

If McCabe believed the CI investigation into Flynn had produced mostly fluff, it might explain why he would approach setting up an interview with him with less than the rigor that he might have (as arguably happened with Hillary in the analogous situation). He didn’t expect there to be a there there, but then there was (remember, Jim Comey has repeatedly said that the one thing that might have led the Hillary investigation to continue past her interview as if they caught her lying; the difference is that Flynn told obvious lies whereas Hillary did not).

Finally, there’s one other, major reason to think this ploy may not work out the way Flynn might like. That’s because the frothy right, its enablers in Congress, and the White House itself has pursued this line for most of a year. Particularly in the wake of Flynn’s cooperation agreement, claiming that Flynn was just confused or forgetful when he spoke to the FBI has been central to Trump’s serial cover stories for why he fired Flynn.

So Republicans hoping to find the smoking gun have looked and looked and looked and looked and looked at the circumstances of Mike Flynn’s interview. Already by March of last year, they had resorted only to misstating Comey’s testimony about what happened in the HPSCI report.

Director Comey testified to the Committee that “the agents … discerned no physical indications of deception. They didn’t see any change in posture, in tone, in inflection, in eye contact. They saw nothing that indicated to them that he knew he was lying to them.”

Nothing in the report — which now includes a section substantially declassified to reveal more purportedly incriminating details about Flynn — suggests real impropriety with his interview.

Even in that very same paragraph, they quote McCabe (the guy who wrote up a memo that same day, which is probably what Sally Yates relied on when she suggested to the White House they needed to fire Flynn) stating very clearly that the FBI agents recognized that Flynn had lied.

McCabe confirmed the interviewing agent’s initial impression and stated that the “conundrum that we faced on their return from the interview is that although [the agents] didn’t detect deception in the statements that he made in the interview … the statements were inconsistent with our understanding of the conversation that he had actually had with the ambassador.”

The degree to which, after looking and looking and looking and looking for some smoking gun relating to the Flynn interview but finding very little is perhaps best indicated by where that search has gotten after looking and looking and looking and looking — as most recently exhibited in Jim Comey’s questioning from a week ago, by the Republicans’ best prosecutor, Trey Gowdy. After (apparently) hoping to catch Comey lying about what investigators thought when the lifetime intelligence officer managed to lie without any tells but instead leading him through a very cogent explanation of it, Gowdy then resorts to sophistry about what day of the week it is.

Mr. Gowdy. Who is Christopher Steele? Well, before I go to that, let me ask you this.

At any — who interviewed General Flynn, which FBI agents?

Mr. Comey. My recollection is two agents, one of whom was Pete Strzok and the other of whom is a career line agent, not a supervisor.

Mr. Gowdy. Did either of those agents, or both, ever tell you that they did not adduce an intent to deceive from their interview with General Flynn?

Mr. Comey. No.

Mr. Gowdy. Have you ever testified differently?

Mr. Comey. No.

Mr. Gowdy. Do you recall being asked that question in a HPSCI hearing?

Mr. Comey. No. I recall — I don’t remember what question I was asked. I recall saying the agents observed no indicia of deception, physical manifestations, shiftiness, that sort of thing.

Mr. Gowdy. Who would you have gotten that from if you were not present for the interview?

Mr. Comey. From someone at the FBI, who either spoke to — I don’t think I spoke to the interviewing agents but got the report from the interviewing agents.

Mr. Gowdy. All right. So you would have, what, read the 302 or had a conversation with someone who read the 302?

Mr. Comey. I don’t remember for sure. I think I may have done both, that is, read the 302 and then spoke to people who had spoken to the investigators themselves. It’s possible I spoke to the investigators directly. I just don’t remember that.

Mr. Gowdy. And, again, what was communicated on the issue of an intent to deceive? What’s your recollection on what those agents relayed back?

Mr. Comey. My recollection was he was — the conclusion of the investigators was he was obviously lying, but they saw none of the normal common indicia of deception: that is, hesitancy to answer, shifting in seat, sweating, all the things that you might associate with someone who is conscious and manifesting that they are being — they’re telling falsehoods. There’s no doubt he was lying, but that those indicators weren’t there.

Mr. Gowdy. When you say “lying,” I generally think of an intent to deceive as opposed to someone just uttering a false statement.

Mr. Comey. Sure.

Mr. Gowdy. Is it possible to utter a false statement without it being lying?

Mr. Comey. I can’t answer — that’s a philosophical question I can’t answer.

Mr. Gowdy. No, I mean, if I said, “Hey, look, I hope you had a great day yesterday on Tuesday,” that’s demonstrably false.

Mr. Comey. That’s an expression of opinion.

Mr. Gowdy. No, it’s a fact that yesterday was —

Mr. Comey. You hope I have a great day —

Mr. Gowdy. No, no, no, yesterday was not Tuesday.

Then Gowdy tries a new tack: suggesting that Flynn should have gotten the agents’ finding that he lied without any physical tells provided as some kind of Brady evidence.

Mr. Gowdy. And, again — because I’m afraid I may have interrupted you, which I didn’t mean to do — your agents, it was relayed to you that your agents’ perspective on that interview with General Flynn was what? Because where I stopped you was, you said: He was lying. They knew he was lying, but he didn’t have the indicia of lying.

Mr. Comey. Correct. All I was doing was answering your question, which I understood to be your question, about whether I had previously testified that he — the agents did not believe he was lying. I was trying to clarify. I think that reporting that you’ve seen is the product of a garble. What I recall telling the House Intelligence Committee is that the agents observed none of the common indicia of lying — physical manifestations, changes in tone, changes in pace — that would indicate the person I’m interviewing knows they’re telling me stuff that ain’t true. They didn’t see that here. It was a natural conversation, answered fully their questions, didn’t avoid. That notwithstanding, they concluded he was lying.

Mr. Gowdy. Would that be considered Brady material and hypothetically a subsequent prosecution for false statement?

Mr. Comey. That’s too hypothetical for me. I mean, interesting law school question: Is the absence of incriminating evidence exculpatory evidence? But I can’t answer that question.

I mean, maybe there are some irregularities explaining why it took seven months to write up Flynn’s 302 and how information about the interview was shared within DOJ in the interim; if there is I’d like to know what those are. But what everyone seems to agree is that there was no dispute, from the very beginning, that Flynn lied.

And Flynn’s statement actually makes things worse for himself (and, importantly, for one of the White House cover stories that his firing was immediately precipitated by Don McGahn confronting him with the transcript of his conversation with Kislyak). Flynn’s own sentencing memo makes it clear the FBI Agents were quoting directly from the transcript about what he said.

FBI officials had also decided that, if “Flynn said he did not remember something they knew he said, they would use the exact words Flynn used, . . . to try to refresh his recollection. If Flynn still would not confirm what he said, . . . they would not confront him or talk him through it.”

So Flynn would have known, way back when the White House was trying to find excuses to keep him on, precisely what he had been caught saying.

Finally, remember two more details. While we can’t read it, Sullivan (and Flynn’s team) know what’s behind this redaction:

That means Sullivan knows, even if we don’t, why Mueller thinks it so important that Flynn lied, and so may have a very different understanding about the import of those lies.

Finally, note that along with requiring the government to turn over all the filings relating to his interview (not just the two Flynn selectively quoted from), Sullivan also instructed the government to file their reply to Flynn’s sentencing memo by the same time.

DOJ has never had the opportunity to write its own explanation for what happened with Flynn’s interview. By inviting a reply specifically in the context of this Flynn claim, Sullivan has given DOJ the opportunity to do just that, finally.

DOJ may have a very interesting explanation for why they approached a counterintelligence interview with a guy they might have considered one of them with jocularity.

Sure, there may yet be damning details. As I’ve said, I really look forward to learning why it took seven months to formally memorialize this interview.

But the GOP has been looking for a smoking gun for a year and have not apparently found one. It’s quite possible we’ll learn something else tomorrow, that Mike Flynn actually got special treatment that none of us would get if we were suspected of being recruited by Russian intelligence.

At the very least, Sullivan’s order may result in documentation that reveals just how shoddy all the claims irregularity surrounding Flynn’s interview have been all this time.

Update: Elevating this from pinc’s comment. If DOJ chooses to tell a story that at all resembles Greg Miller’s account of the meeting (including that Flynn specifically said he didn’t want to have a lawyer of any type present), then this could spectacularly backfire.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Peter Smith Had a Penchant for Secrecy, But Whence Might Be More Interesting Than How

After a long period of press disinterest in the Peter Smith operation during election year, the WSJ has an important story that describes that “investigators” are (predictably) showing intense interesting in the Republican rat-fucker’s efforts, which extended to working with presumed Russian hackers, to find Hillary’s deleted emails.

Before I address the headline claim of the story — about Smith’s secrecy — I’d like to lay out what the story actually describes.

Way at the end of the story, it provides evidence that casts doubt on the claim Smith killed himself last year — an on the record quote from retired Wall Street financier Charles Ortel, who had been involved in the anti-Clinton effort, describing correspondence with Smith in the days before he died laying out optimistic future plans.

As regards the Clinton email effort itself, the story says that the Smith effort “remain[s] of intense interest to federal investigators working for special counsel Robert Mueller’s office and on Capitol Hill,” suggesting it relies on both Hill sources and people who know what Mueller is up to (the latter of which up to this point, has always been mediated through witnesses). In key places in the story, it conflates those two investigations, which doesn’t necessarily mean witnesses making claims about Mueller’s intensifying focus are wrong, but does show real sloppiness on the part of the reporting, which invites some skepticism about the significance of the conclusions offered (including the article’s focus on Mike Flynn role in Smith’s rat-fuck; click through to read that).

People familiar with the investigations described Mr. Smith’s activities as an area of expanding interest.

The article also relies on documents, which it describes to include emails and court records, including:

  • Court records involving Smith associate John Szobocsan’s efforts to get Smith’s estate to repay him for legal fees associated with three interviews with the Mueller team and an August grand jury appearance (which is pretty good evidence of Mueller’s focus, though not why).
  • Correspondence showing Smith asking associates to “folder,” writing drafts in a Gmail account under the fake name of Robert Tyler, that both the associates and Smith had access to.
  • “[A]n email in the ‘Robert Tyler’ [foldering] account [showing] Mr. Smith obtained $100,000 from at least four financiers as well as a $50,000 contribution from Mr. Smith himself.” The email was dated October 11, 2016 and has the subject line, “Wire Instructions—Clinton Email Reconnaissance Initiative.” It came from someone calling himself “ROB,” describing the funding as supporting “the Washington Scholarship Fund for the Russian students.” The email also notes, “The students are very pleased with the email releases they have seen, and are thrilled with their educational advancement opportunities.” The WSJ states that Ortel is not among the funders named in the email, which means they know who the other four funders are (if one or more were a source for the story, it might explain why WSJ is not revealing that really critical piece of news).

The WSJ really bolloxes describing the significance of the timing of this email as coming,

just days after WikiLeaks and the website DCLeaks began releasing emails damaging to Mrs. Clinton’s campaign and four days after the U.S. government publicly warned that Russia was attempting to interfere in the U.S. election

What it means is that it came just four days after the Podesta emails first started coming out, suggesting that the reference to Russian students is actually code for happiness about the emails already being released by the Russians.

For reasons I’ll return to, the suggestion Smith and his fellow rat-fuckers appear to have been using code to discuss already released emails that were neither Clinton Foundation nor deleted emails are really interesting.

With all that in mind, here are Smith’s adopted methods of secrecy (beyond whatever funding methods are described in the email; Buzzfeed talked about different suspicious transactions here):

  • The apparent code used by an unidentified person, which appears to show conspirators speaking about stolen emails in the guise of a student fund in DC
  • Foldering — a method for which law enforcement has had effective countermeasures that have been widely publicized since the David Petraeus case, the use of which Smith committed to correspondence that got shared outside of the immediate conspirators
  • A burner phone or phone number: “one phone number that he used for sensitive matters”
  • Proton Mail or similar: “a commercially available encrypted email account”
  • Encryption not described to be anything beyond typical full disk encryption (but which could be PGP)

The code is interesting and perhaps intentionally damning. But fat lot of good either the code or the foldering does if the emails in question bear the smoking gun subject line, “Wire Instructions—Clinton Email Reconnaissance Initiative,” to say nothing of the correspondence that commits to writing that they’re using foldering. Indeed, using code in an email with an uncoded subject line is the opposite of good operational security; it serves instead as a blinking red light telling investigators where to look and that the code is code. “Bobby Three Sticks Read Me!!!”

As for the other things — basically the use of encryption and a burner that, given that it was discovered, wasn’t narrowly enough executed — they show an effort to use secrecy. But not a successful effort to do so.

Further, with regards to encryption, this Politico article from last year reveals Royal O’Brien (who, except for the context, might be a candidate to be the October 11 email described by WSJ) advising Smith about PGP, which suggests any non-commercial encryption may have been adopted after key parts of the conspiracy took place.

In an email chain from October obtained by Politico, Smith sought the advice of a tech-savvy business associate about concerns that WikiLeaks had been attacked by hackers. In the email, the associate, Royal O’Brien, a Jacksonville-based programmer Smith described as a dark web expert, advised Smith about the use of PGP keys for encryption and opined that anyone who launched an attack on WikiLeaks would likely face stiff blowback from the group’s web-savvy supporters.

All of this leads me to be more interested in where the methods adopted imperfectly by this 80 year old came from than that he did. An obvious candidate is Chuck Johnson, whose cooperation with the Smith rat-fuck is detailed in the Politico article, and whose businesses have all been shutting down in recent months, and whose defense attorney did not respond to a question from me last week about whether he still represents Johnson. Though Johnson, and his Nazi friend living in Ukraine, Weev, are better at operational security than what the WSJ describes here.

Someone got this old rat-fucker to use just enough secrecy to serve as signposts for the interesting bits.

I’m as interested in who provided that advice (and when) as I am in the identity of the four donors whom WSJ must know but isn’t sharing.

As I said in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Two Legitimacy Problems with the Nghia Pho Sentence

Nghia Pho was sentenced to 5 years and 6 months yesterday. He is presumed to have been one of the sources for the files released by Shadow Brokers (though I have been told he couldn’t be the sole source).

The government had asked for 8 years, just a month short of the top of the guidelines for the crime to which he pled guilty (though the government could have charged him much more aggressively and gotten far more time). In sentencing Pho, however, Judge George Russell seemed persuaded by Pho attorney Robert Bonsib’s point that David Petraeus did no jail time for what actually would have been a worse offense had he also been charged with sharing with his mistress the code word intelligence he mishandled and then lying about both to the FBI, as well as if the government admitted that the information Petraeus shared actually did show up in Paula Broadwell’s hagiography of the general.

Russell seemed particularly perturbed that former CIA Director David Petraeus managed to get probation after admitting he kept highly classified information in his home without permission, shared it with his girlfriend and lied to investigators.

“Did he do one day in prison?” the clearly frustrated judge asked. “Not one day. … What happened there? I don’t know. The powerful win over the powerless? … The people at the top can, like, do whatever they want to do and walk away.”

Admittedly, the unstated presumption that Pho’s mishandling of NSA’s hacking tools led to first their leak then the downstream malware attacks tied to them seems to justify the government’s call for a harsh sentence and is reflected in statements from both Russell and prosecutor.

Russell called Pho’s actions “extraordinarily serious.” He also rejected claims that it was an isolated mistake, noting that Pho took the top-secret material to his home for years.

[snip]

Little was said at Tuesday’s hearing about what information may have escaped Pho’s control or where it wound up, although Windom used very strong language about the impact of Pho’s actions, calling it “devastating.”

And it also explains the language of Pho’s remorse — denying the things that might have been suspected of the release.

“I admit it but I do not betray the U.S.A.,” the white-haired, glasses-wearing engineer said in broken English. “I do not betray this country. … I do not send anything to anybody or on the internet. I do not make profit on this information. … I cannot damage this country.”

It also might explain the terms of the plea agreement, one part of which remains sealed.

There’s something that remains unexplained, however — at least not credibly. Pho continues to claim that he brought the NSA’s hacking tools home because he needed them to write his Employee Performance Assessments. (h/t Josh Gerstein for obtaining the documents)

I need extra times and information about what I worked on, cut and paste, to create a good EPA at home and hope that I will have a chance to be promoted this time hence I received a good high-three average salaries before I go to the retirement in next four years (2019) when my clearance will be expired.

I was devoted to EPA promotion, encircle by EPA/promotion and the last high-three salaries that made me blind to violate the security policy of the Agency.

But as the government noted in their sentencing memo, this was not a one-off in advance of writing a yearly EPA. Rather, Pho continued doing this over the course of five years, and did so with materials unrelated to his work.

For a period of at least five years, the defendant removed Top Secret and Sensitive Compartmented Information (“SCI”) from secure space at the National Security Agency (“NSA”) and retained it in his home–an unsecure residence.

[snip]

This assertion [that he did this solely for EPAs] is belied by the facts. The defendant did not take home and retain classified information consistently for five years to work on an annual performance review. This argument especially does not apply to the classified material found in his home that was unrelated to his work or any personnel evaluation. [citations removed]

The government also notes that Pho knew better than to load these materials onto his computer (as a guy who coded malware, that should be all the more true).

The defendant claims that he stored massive troves of classified information at his home without the intention of placing national security at risk. The defendant goes so far as to say, directly, that he “did handle the information with care.” His actions speak to his intentions, and the facts do not support his contentions. For years, the defendant received training on how and where to store classified information and on why such precautions were critical to protecting national security. The defendant well knew that the mere removal of classified information from secure spaces, in itself, could endanger national security, and that retaining classified information in an unsecure location compounded this danger. Indeed, in his plea agreement, the defendant admitted that his extensive training informed him that “unauthorized removal of classified materials and transportation and storage of those materials in unauthorized locations risked disclosure and transmission of those materials, and therefore could endanger the national security of the United States and the safety of its citizens.

This is a point that Admiral Rogers repeated in his (March 5) letter on the sentencing.

Mind you, even a year after Pho was discovered, it was still possible for even a translator to stick thumb drives into Top Secret computers at Fort Meade, as evidenced by Reality Winner’s actions (actions that were not charged). In the same way that Pho knew well that putting hacking tools on a computer attached to the Internet would be colossally stupid, the government itself has known the risks of leaving computers accessible to removable media since before Chelsea Manning’s leaks. They’re not exactly in a position to lecture.

That said, there’s something that still doesn’t add up about this and Pho’s claimed motive for it, which may be why when this story first broke, three different theories for why he brought the files home got leaked to the press. Maybe it was just ego fed by resentment that he (as reported in his letter) wasn’t getting promotions at the same rate as his colleagues, which doesn’t make for a very good excuse to having exposed the NSA’s crown jewels.

 

In media res: the FBI’s WannaCry Attribution

I’ve been working through the complaint charging Park Jin Hyok with a slew of hacking attributed to the Lazarus group associated with North Korea. Reading it closely has led me to be even less convinced about the government’s attribution of the May 2017 WannaCry outbreak to North Korea. It’s going to take me a series of posts (and some chats with actual experts on this topic) to explain why. But for now, I want to point to a really suspect move the complaint makes.

The FBI’s proof that Park and Lazarus and North Korea did WannaCry consists, speaking very broadly, of proof that the first generation of the WannaCry malware shared some key elements with other attacks attributed to Lazarus, and then an argument that the subsequent two generations of WannaCry were done by the same people as the first one. While the argument consists of a range of evidence and this post vastly oversimplifies what the FBI presents, three key moves in it are:

  • The earlier generations of WannaCry are not known to be publicly available
  • Subjects using a known Lazarus IP address were researching how to exploit the Microsoft vulnerability in the weeks before the attack
  • Both WannaCry versions 1 and 2 cashed out Bitcoin in a similar way (which the complaint doesn’t describe)

For now, I’m just interested in that middle point, which the complaint describes this way:

221. On March 14, 2017, Microsoft released a patch for a Server Message Block (SMB) vulnerability that was identified as CVE-2017-0144 on its website, https://technet.microsoft.com/en-us/library/security/ms17-010.aspx. Microsoft attempted to remedy the vulnerability by releasing patches to versions of Microsoft Windows operating systems that Microsoft supported at the time. Patches were not initially released for older versions of Windows that were no longer supported, such as Windows XP and Windows 8.

222. The next month, on April 15, 2017, an exploit that targeted the CVE-2017-0144 vulnerability (herein the “CVE-2017-0144 exploit”) was publicly released by a group calling itself the “Shadow Brokers.”

223. On April 18, 2017 and April 21, 2017, a senior security analyst at private cyber security company RiskSense, Inc. (“RiskSense”) posted research on that exploit on his website: https://zerosum0x0.blogspot.com.

224. On May 9, 2017, RiskSense released code on the website github.com with the stated purpose of allowing legal “white hat” penetration testers to test the CVE-2017-0144 exploit on unpatched systems. Essentially, RiskSense posted source code that its employees had reverse-engineered for the CVE-2017-0144 exploit, which cyber security researchers could then use to test vulnerabilities in client computer systems. I know based on my training and experience that penetration testers regularly seek to exploit vulnerabilities with their customers’ consent as a proof-of-concept to demonstrate how hackers could illegally access their customers’ systems.

225. On May 12, 2017, a ransomware attack called “WannaCry” (later identified as “WannaCry Version 2,” as discussed below) began affecting computers around the globe.

[snip]

242. Records that I have obtained show that the subjects of this investigation were monitoring the release of the CVE-2017-0144 exploit and the efforts by cyber researchers to develop the source code that was later packaged into WannaCry Version 2:

a. On numerous days between March 23 and May 12, 2017, a subject using North Korean IP Address #6 visited technet.microsoft.com, the general domain where Microsoft hosted specific webpages that provide information about Microsoft products, including information on Windows vulnerabilities (including CVE-2017-0144), although the exact URL or whether the information on this particular CVE was being accessed is not known.

b. On April 23, April 26, May 10, May 11, and May 12, 2017, a subject using North Korean IP Address #6 visited the blog website zerosum0x0.blogspot.com, where, on April 18, 2017 and 21, 2017, a RiskSense researcher had posted information about research into the CVE-2017-0144 exploit and progress on reverse-engineering the exploit; RiskSense subsequently released the exploit code on GitHub.com.

According to the in media res story told by the FBI, the following is the chronology:

March 14: Microsoft drops a vulnerability seemingly out of the blue without publicly calling attention to it

Starting on March 23: Someone using known Lazarus IP address #6 tracks Microsoft’s vulnerabilities reports (note, the FBI doesn’t mention whether this was typical behavior or unique for this period)

April 15: Shadow Brokers releases the Eternal Blue exploit

April 18 and 23: RiskSense releases a reverse engineered version of Eternal Blue

Starting on April 23 and leading up to May 12: Someone using that same known Lazarus IP #6 makes a series of visits to the RiskSense site that released an exploit reverse engineered off the Shadow Brokers release

May 12: A version of WannaCry spreads across the world using the RiskSense exploit

Of course, that’s not how things really happened. FBI neglects to mention that on January 8, Shadow Brokers offered to auction off files that NSA knew included the SMB exploit that Microsoft issued a patch for on March 14.

Along with that important gap in the narrative, the FBI Agent who wrote the affidavit behind this complaint, Nathan Shields, is awfully coy in describing Shadow Brokers simply as “a group calling itself the ‘Shadow Brokers.'” While the complaint remained sealed for three months, by June 8, 2018, when the affidavit was written, the FBI assuredly knew far more about Shadow Brokers than that it was a group with a spooky name.

As public proof, DOJ signed a plea agreement with Nghia Pho on November 29 of last year. Pho was reportedly the guy from whose home computer some of these same files were stolen. While the publicly released plea has no cooperation agreement, the plea included a sealed supplement, which given the repeated delays in sentencing, likely did include a cooperation agreement.

Pho is due to be sentenced next Tuesday. The sentencing memos in the case remain sealed, but it’s clear from the docket entry for Pho’s that he’s making a bid to be treated in the same way that David Petraeus and John Deutsch were — that is, to get a misdemeanor treatment and probation for bringing code word documents home to store in an unlocked desk drawer — which would be truly remarkable treatment for a guy who allegedly made NSA’s hacking tools available for theft.

And while it’s possible that FBI Agent Shields doesn’t know anything more about what the government knows about Shadow Brokers than that it has a spooky name, some of the folks who quoted in the dog-and-pony reveal of this complaint on September 6, not least Assistant Attorney General John Demers, do know whatever else the government knows about Shadow Brokers.

Including that the announcement of the sale of Eternal Blue on January 8 makes the searches on Microsoft’s site before the exploit was actually released on April 15 one of the most interesting details in this chronology. There are lots of possible explanations for the fact that someone was (as the FBI’s timeline suggests) searching Microsoft’s website for a vulnerability before the import of it became publicly known.

But when you add the January 8 Shadow Brokers post to the timeline, it makes culprits other than North Korea far more likely than the FBI affidavit makes out.

10 Years of emptywheel: Jim’s Dimestore

As you saw in Marcy’s posts yesterday, emptywheel is celebrating the ten year anniversary of the move from The Next Hurrah to Firedoglake.   You will notice that the current version of the blog comes to you without ads. If you want this wonderful state of affairs to continue, contributions are a must. A new subscription option helps to make sure the hamsters keep turning the wheels on the magic blog-hosting machines and the ever more sophisticated mole-whacking machinery stays up to date.

Marcy’s outstanding work over the years has received great acclaim. A huge part of the success of the blog, though, has been its ongoing tradition of the best commenting community on the internet. Over the years, the conversations that have taken place on each seminal post have helped to decipher the meaning of cryptic government documents, bring in alternate views and point out new information as it breaks. In the end,  emptywheel isn’t just a blog, it’s a community. For all of your support and participation during these trying times, we thank you.

In keeping with the “10” theme, Marcy has a post highlighting her favorite surveillance posts over each of the last ten years. She has graciously allowed a few of us hangers-on to participate with posts of our own.  I haven’t been an official emptywheeler for all of those ten years.  I did spend a year as an evening editor at Firedoglake around the time of the migration from TNH, so I got to start my friendship with this group of writers and commenters around that time.  I’m going to list my favorite ten posts from the time I started posting here, shortly after the blog moved from Firedoglake to the independent site. Several of these posts link back to earlier work at MyFDL. Sadly, the archives of that work were imperfectly migrated to the Shadowproof successor to Firedoglake, and so searching for those is imperfect and many of the graphics are lost.

So here is Jim’s Dimestore listing my 10 favorite posts on Emptywheel.net, in chronological order:

DETAILS OF SILICON-TIN CHEMISTRY OF ANTHRAX ATTACK SPORES PUBLISHED; WILLMAN TUT-TUTS

Sandia National Laboratories image of attack spore. In the upper frame, silicon, in green, is found exclusively on the spore coat and not on the exosporium (outer pink border).

Perhaps my favorite topic over the years has been a technical analysis of the evidence presented by the FBI in its Amerithrax investigation. It is absolutely clear from this analysis of the anthrax attacks of 2001 that the FBI failed to demonstrate how Bruce Ivins could have carried out the attacks on his own. This post goes deep into the technical weeds of how the spores in the attack material were treated so that they would disperse easily and seem to float on air. The bottom line is that high amounts of silicon are found inside these spores. The silicon could not have gotten there naturally, and it took very sophisticated chemistry to get it there and treat it to make sure it stayed. Ivins had neither the expertise nor the equipment to achieve this highly advanced bioweaponization. Earlier work I did in this series showed that Ivins also could not have grown the anthrax used in the attacks.  My favorite candidate for where it was produced is an isolated lab built by the Defense Threat Reduction Agency on what is now called the Nevada National Security Site (formerly the Nevada Test Site) that Judy Miller described on September 4, 2001.  That article by Miller has always stood out to me as the ultimate limited hangout presented by DoD before the fact, where we see a facility of the perfect size for producing the amount of material used in the anthrax attacks. Those attacks occurred just a short time after the article was published. Miller’s assurance in the article that the site only was used for production of harmless bacteria sharing some characteristics with anthrax just never smelled right to me.

INTELLIGENCE AIDE FLYNN RE MCCHRYSTAL: “EVERYONE HAS A DARK SIDE”

When Michael Hastings’ article in Rolling Stone led to Stanley McChrystal’s firing, little did we know that this would be the beginning of the fall from grace for David Petraeus and his all-star band of torture enablers. These “operators”, as Hastings termed the team, relied on night raids and illegal detentions as the core of their counterterrorism initiatives in Iraq and Afghanistan. These foolishly evil practices fueled massive growth in the insurgencies in response. In this post, Flynn reveals to us that he felt McChrystal, and everyone else, has a “dark side”. As we now await fallout from Flynn’s guilty plea for his lies to the FBI about conversations with Russian Ambassador Kislyak (mainly, his testimony against the rest of Trump’s team), it appears that Flynn himself found the dark side to be quite compelling.

DESPITE METAPHYSICAL IMPOSSIBILITY, US GOVERNMENT REPEATEDLY ATTEMPTS RETROACTIVE CLASSIFICATION

Another favorite topic of mine over the years has been the utter futility of the military’s efforts to “train” troops in both Iraq and Afghanistan. It has been an endless sequence of the military getting countless “do-overs”, with Congress rolling over and believing every single utterance of “This time it will work for sure!”. Part of the military’s strategy in hiding their training failures was to keep changing how Afghan troops were counted and evaluated for combat readiness. A corollary to the futility of the training effort is the horrific death toll of “green on blue” attacks, where the Afghan or Iraqi trainees attacked and often killed those who were training them. When this problem got especially bad in Afghanistan in 2011, DoD commissioned a sociological analysis that returned a result the military did not like. The report indicated that the military was utterly failing to address vast cultural differences between Afghan and coalition troops.  The military, in its infinite wisdom, decided to classify the report, but did so after it already had been released in unclassified form.  Oops.

PERSIANS PUNK PHOTO PRETENDERS: PARCHIN PRETTY IN PINK

Detail from the photo carried in CNN’s story showing the pink tarp over the building said to contain the blast chamber.

Neocons have long lusted after violent regime change in Iran. Cooked up allegations on Iran’s nuclear capabilities have played a central role over the years in how they wished to achieve that war. Despite the neocons’ best efforts to sabotage negotiations, Iran agreed to a comprehensive set of severe restrictions on its nuclear capabilities in return for “dropping” (quotes because the US has claimed other grounds for maintaining other sanctions) the worst of the US sanctions that crippled Iran’s economy. Along the way, I had a ton of fun picking at two of the worst offenders in spreading anti-Iran propaganda: David Albright of the Institute for Science and International Security and George Jahn of AP. Reports that Iran had constructed a high explosives blast chamber at the Parchin military site became quite a point of argument. Albright spent countless hours scouring satellite images of the site and claimed the photographs showed that Iran was attempting to clean radioactivity from the site. Iran seemed to have a lot of fun with this process. I’m sure the pink tarps in the post here were added just to punk Albright. I maintained that the real evidence of what had taken place at the site couldn’t be scrubbed, because the accused activity would have resulted in the steel chamber itself being made radioactive throughout its entire thickness. Perhaps Iran made the same assessment, because once the IAEA gained access to the site, there was no steel chamber to be found. Was there ever a blast chamber there? Who knows? In the end, whether Iran carried out that work is immaterial, as the Joint Comprehensive Plan of Action has the most aggressive inspection regime ever agreed to by a country that hasn’t just lost a war.  We can rest assured that Iran has no capability at the current time of assembling a nuclear weapon, and the neocons are left to pout about diplomacy working better than their war ever could have. If you want to know why Donald Trump put Rex Tillerson in charge of dismantling the Department of State, look no further than the success diplomacy played in achieving the JCPOA.

JOHN GALT KILLS TEXANS IN MASSIVE FERTILIZER PLANT EXPLOSION

When a massive explosion in West, Texas killed 15 people, injured over 250 and destroyed 500 homes, it was clear to me who had killed these Texans: Ayn Rand’s mythical libertarian hero John Galt. How else do  you explain a site being allowed to store hundreds of thousands of pounds of ammonium nitrate with inadequate fire protection and fatally close to inhabited structures than the misguided libertarian belief that free enterprise should rule?  In the post, I pointed to the dangers inherent in the lack of zoning laws that allowed this fatal mixture of structures. As we later learned from the Washington Post,  John Galt’s influence on the destruction was decades in the making:

The plant was a mom-and-pop operation, a distribution center where farmers picked up custom mixes of fertilizer to boost crop yields. It was built in 1962 a half-mile outside West. As the harvests grew, so did the town. In 1967, the rest home opened 629 feet from the plant. In the early ’70s, a two-story apartment complex was built even closer. Then a playground and basketball court, a mere 249 feet away.

We learned last year that ATF has determined that the fire that preceded the blast was intentional.  So while we don’t know who started the fire itself, we know for a fact that, ultimately, it was John Galt who killed these 15 Texans.

US DRONE STRIKE IN PAKISTAN REEKS OF POLITICAL RETALIATION YET AGAIN

The current concern that Donald Trump will lash out in fury with a nuclear strike, somewhere, anywhere, just to vent his anger over Mueller’s noose tightening over his entire administration is not the first time that it was appropriate to be concerned about an  enraged high-ranking government official killing innocent people. In the case of John Brennan, poorly targeted rage attacks carried out as retaliation for a perceived wrong happened repeatedly. In the post linked here, a drone strike in Pakistan’s tribal area seemed timed as retaliation for Pakistan refusing to reopen supply routes that had been closed six months earlier when the US killed 24 Pakistani troops in an erroneous attack. The post goes on to detail other rage drone strikes that Brennan ordered, with the worst probably being the killing of over 40 people who were simply gathered to discuss mineral rights. That strike was carried out the day after the CIA’s Raymond Davis was finally released and was clearly carried out without proper evaluation of targeting criteria, as it seems few if any actual terrorists were killed.

NO, WE AREN’T ALL GOING TO DIE BECAUSE EBOLA PATIENTS ARE COMING TO US FOR TREATMENT

image.ppat.v04.i11.g001

Scary, color-enhanced electron micrograph of Ebola virus particles. Creative Commons license courtesy of Thomas W. Geisbert, Boston University School of Medicine.

The Ebola outbreak in 2014 led to widespread fear in the US, especially when it was announced that medical personnel who had been treating Ebola patients in Africa and became infected would be transported to Atlanta for treatment. There was no appreciation for how the disease actually is spread, what the conditions were where the medical workers became infected in Africa and how such spread would be much less likely in a properly run US hospital. A poorly run hospital in Texas, however, did manage to have personnel treating Ebola acquire infections. Of course, the treatment at CDC in Atlanta was carried out without incident, and the virus did not spread in the US, even after the Texas hospital had its initial failure. In fact, as the virus wound down, those who study and understand the virus were shown to have been completely correct in their analysis when they modeled how large the outbreak would get before receding once proper intervention was carried out. But the fears of Ebola wiping out the US weren’t the only bit of bad science that had to be knocked down during the outbreak. Conspiracy theories started spreading that the Ebola virus in the 2014 outbreak had been genetically engineered in a bioweapons lab and was accidentally released from a lab in Africa. DNA sequence analysis quickly debunked that one.

WASHINGTON POST FAILS TO DISCLOSE HEINONEN’S UANI CONNECTION IN ANTI-IRAN OP/ED

Yes, the Iran nuclear agreement is so important that it is the only topic repeated in my ten favorite posts. In this post, we are in the time just a few months before the agreement is finalized, and the neocon opponents of the deal are reaching a fever pitch. The post outlines a horrible failure of full disclosure by the Washington Post. This occurred after Bezos purchased the paper, but clearly was a failure of beating back the darkness in which democracy dies. In this case, the Post carried an op-ed opposing the Iran deal. Besides allowing an incendiary headline (The Iran Time Bomb) and giving voice to Michael Hayden and neocon nightmare Ray Takeyh, the Post made its biggest failure regarding the middle author, Olli Heinonen. The Post allowed Heinonen to identify himself only by his current Harvard affiliation and his former role in IAEA. What is left out of that description is that Heinonen was also playing a prominent role on the Advisory Board of United Against Nuclear Iran, shadowy group with even more shadowy funding sources. Somehow, in the course of its “advocacy” work against Iran, UANI had come into possession of US state secrets that suddenly allowed it to avoid a civil case for defamation of a businessman they accused of breaking sanctions against Iran. Why, yes, of course the New York Times also allowed Heinonen to deceptively carry out his work on their pages, too. This time it was in a “news” story that came out shortly after the UANI civil court case was dismissed when the judge stated the case could not proceed because of the state secrets involved. Of course, even after more than two and a half years, neither the Washington Post nor New York Times have admitted their omissions in describing Heinonen’s affiliations in the cited articles. It is really remarkable that diplomacy defeated this full court press by the neocons who were working with the full cooperation of the media.

WAVING THE CONSTITUTION AT THOSE WHO IGNORE IT

I waved my pocket copy of the Constitution at Nancy Pelosi on July 19,2008. Khizr Khan waved his at Donald Trump on July 28,2016.

I waved my pocket copy of the Constitution at Nancy Pelosi on July 19,2008. Khizr Khan waved his at Donald Trump on July 28,2016.

I haven’t written much in the last couple of years, but I just couldn’t avoid writing this one only ten days after surgery to replace my aorta. When I saw Khizr Khan’s appearance at the Democratic National Convention, I was really moved when he waved his pocket copy of the Constiution at Donald Trump. I had done the same thing in July of 2008 when Nancy Pelosi appeared at Netroots Nation in Austin. I was waving my Constitution at Pelosi to remind her of her failure to impeach George W. Bush and Dick Cheney for their roles in torture and illegal wars. Khan was calling out Trump for his campaign promises that so clearly violate the Constiution. Sadly, Trump has followed through in enforcing many of those policies Khan warned us about and we are left without much more recourse than continuing to wave our Constitutions at those who violate it on a daily basis.

ON JULY 2016 PANEL, GEORGE PAPADOPOULOS USED SAME COVER ORGANIZATION AS JOSEPH MIFSUD 

My one minor contribution so far to the unfolding saga of Russian influence on the 2016 election was prompted by noticing a photo in my Twitter stream shortly after the George Papadopoulos plea agreement was made public. What initially caught my eye was that my Congressman, Ted Yoho, was in the photo with Papadopoulos while both appeared in a panel discussion in Cleveland in July of 2016. However, once I started digging into the circumstances of the photo, I discovered that when he appeared for the panel, Papadopoulos claimed an affiliation with an entity that was also an affiliation for the shadowy Joseph Mifsud. We still don’t have a satisfactory explanation of how these two came to have a shared cover organization where it seems both Papadopoulos and Mifsud had positions that were grossly inflated with respect to their previous career accomplishments. I still think that if we ever discover who was behind these two getting such inflated positions, we will learn much about who might have been orchestrating later events in which these two played roles.

Government Decides Reality Winner Leaked Just One Document After All

Back in June, I noted that one of the reasons the government convinced a judge to deny Reality Winner bail was that she had leaked documents, plural.

There’s no written record for this yet, but it appears from one of the less-shitty reports on the hearing that the claim is based on three things: First, Winner stuck a thumb drive in a Top Secret computer last year.

Winner inserted a portable hard drive in a top-secret Air Force computer before she left the military last year. She said authorities don’t know what happened to the drive or what was on it.

Second, because Solari portrayed the 25-year old translator’s knowledge as a danger unto itself (more ridiculously, she painted Winner’s knowledge of Tor — which Winner didn’t use to look up sensitive information — as a means by which she might flee).

“We don’t know how much more she knows and how much more she remembers,” Solari said. “But we do know she’s very intelligent. So she’s got a lot of valuable information in her head.”

And finally, because Winner told her mother, in a conversation from jail that was recorded, that she was sorry about the documents, plural.

Solari said Winner also confessed to her mother during a recorded jailhouse phone call, saying: “Mom, those documents. I screwed up.”

Solari apparently emphasized the latter point as a way to suggest Winter might still have documents to leak.

Solari stressed that Winner referred to “documents” in the plural, and that federal agents were looking to see whether she may have stolen other classified information.

The idea is that because Winner used the plural and she only leaked one document, there must be more she’s planning on leaking.

Except that doesn’t appear right.

It appears Winner actually already leaked two documents. [my emphasis]

I showed that Winner actually leaked two documents to the Intercept.

Curiously, it appears the prosecutor in this case, Jennifer Solari, has changed her mind. Attached to a motion to reconsider bail, Winner’s lawyers have noted that weeks after claiming Winner had to be jailed because she told her mom she had stolen multiple documents, Solari listened to the transcript and decided Winner only referred to a document, singular.

The following is new evidence that was not available at the time of the initial detention hearing (and could not have reasonably been available given the mere three days between the initial appearance and detention hearing), all of which have a material bearing on the issue of release. • While repeatedly alleging that Ms. Winner disclosed numerous “documents” at the initial detention hearing—a fact that the Court specifically noted in its findings to support detention the Government has, via email to this Court, retracted those assertions. The Government now alleges there was only one document, rather than numerous documents, at issue. [See Exhibit A (email correspondence from Assistant United States Attorney Jennifer Solari to defense counsel and the Court dated June 29, 2017); Doc. 29 p. 105; see also Doc. 72].

In her email informing the defense of this, Solari explained,

Before the hearing, I had only heard a portion of the call in which the defendant asked her mother to “play that angle” regarding the alleged circumstances of her FBI interview. I proffered information about the other jail calls based upon verbal summaries I was provided by the FBI just before the hearing. Now that I’ve heard the recordings myself, I’d like to clarify some of the information for the court and counsel.

Solari goes on to suggest that another correction — regarding why Winner had her mom transfer money — came from an inference the FBI agent made.

I’m glad Solari corrected these issues — prosecutors often double down in such instances. I’d certainly scrutinize the other claims made by the FBI agents in the case after this.

Apparently, the government also left other details out of its story when painting Winter as an opsec genius to deny her bail. For example, in addition to pointing out how many people use Tor, her lawyers revealed that she had used it to access Wikileaks once.

The Government failed to explain, however, that Ms. Winner told the Government during her interrogation on June 3, 2017, that she used Tor once for looking at WikiLeaks.

It also notes that the superseding indictment still just charges Winner for the one document.

Finally, it compares her treatment with all of the other alleged leakers who got bail (including David Petraeus).

It’s unclear whether this will win her release. But it certainly suggests the government overstated her threat in her bail hearing.

US Indicts Hal Martin — But Offers No Hint He’s the Source for Shadow Brokers, Or Anyone Else

After David Petraeus shared notebooks full of code word intelligence with his girlfriend (and boxes of other classified information), then lied about it to the FBI, the government let Petraeus off with two years of probation.

DOJ just indicted Hal Martin — the Booz Allen contractor who allegedly stole terabytes of NSA information — with 20 charges each carrying up to 10 years of punishment. The indictment includes no hint that Martin did anything but hoard the files he stole. There’s no allegation he shared them with anyone (though, like Petraeus, he definitely kept very sensitive documents in highly insecure fashion).

Significantly, there’s no mention of the Shadow Brokers or even a description of the hacking tools Martin allegedly stole (though that’s likely because DOJ would draw up the indictment to avoid confirming that NSA even has hacking tools, much less the ones released to the public).

The only description of a document specifically targeting an adversary akin to the one described to the WaPo seems to target a terrorist organization, not Russia (meaning that they’re not presenting evidence Martin preferentially collected information on Russia, though again, if he were, they might hide that).

And the indictment alleges that Martin continued to steal documents up until 12 days before he was arrested, and significantly, three days after the first Shadow Brokers post on August 13.

It would be the height of folly for someone who knew he was the source for the Shadow Brokers to keep stealing documents after Shadow Brokers had gone public (though at that point, it wasn’t clear precisely what Shadow Brokers was going to release).

Certainly, the way in which DOJ has charged this — larding on 20 different charges — suggests they’re trying to coerce him into cooperating. The case against Chelsea Manning, which was partly an attempt to coerce Manning to testify against Julian Assange and Wikileaks, was very nearly parallel in the charging of many documents. In Manning’s case, there was no way for her to cooperate to implicate Assange except to lie; there’s nothing Assange did to elicit the files. That may be the case for Martin, too.

The big difference here is there’s absolutely no hint that Martin shared any of this. Given the Petraeus and Hillary precedents, the government will have a difficult time coercing Martin further, given that Petraeus didn’t even do prison time for hoarding and then sharing equally classified documents (albeit not as many of them).

Nevertheless, it appears that that DOJ is trying to coerce Martin to get information it offers no proof he even has.

Update: As it happens, DOJ indicted Hal Martin just over 4 hours before Jeff Sessions, who has refused to recuse himself in investigations of the Russian hack of the DNC, was confirmed as Attorney General. Again, there’s no evidence whatsoever that DOJ has any evidence Martin was a source for Shadow Brokers, who are presumed to have a tie to the DNC hack. But if they suspect it, indicting Martin with such extensive charges before Sessions comes in will make it hard for Sessions to reverse what seems to be an effort to coerce Martin to reveal any tie to the hack.

Does Jim Comey Think Thomas Drake Exhibited Disloyalty to the United States?

As you’ve no doubt heard, earlier today Jim Comey had a press conference where he said Hillary and her aides were “extremely careless in their handling of very sensitive, highly classified information” but went on to say no reasonable prosecutor would prosecute any of them for storing over 100 emails with classified information on a server in Hillary’s basement. Comey actually claimed to have reviewed “investigations into mishandling or removal of classified information” and found no “case that would support bringing criminal charges on these facts.”

Our investigation looked at whether there is evidence classified information was improperly stored or transmitted on that personal system, in violation of a federal statute making it a felony to mishandle classified information either intentionally or in a grossly negligent way, or a second statute making it a misdemeanor to knowingly remove classified information from appropriate systems or storage facilities.

[snip]

Although there is evidence of potential violations of the statutes regarding the handling of classified information, our judgment is that no reasonable prosecutor would bring such a case. Prosecutors necessarily weigh a number of factors before bringing charges. There are obvious considerations, like the strength of the evidence, especially regarding intent. Responsible decisions also consider the context of a person’s actions, and how similar situations have been handled in the past.

In looking back at our investigations into mishandling or removal of classified information, we cannot find a case that would support bringing criminal charges on these facts. All the cases prosecuted involved some combination of: clearly intentional and willful mishandling of classified information; or vast quantities of materials exposed in such a way as to support an inference of intentional misconduct; or indications of disloyalty to the United States; or efforts to obstruct justice. We do not see those things here.

To be clear, this is not to suggest that in similar circumstances, a person who engaged in this activity would face no consequences. To the contrary, those individuals are often subject to security or administrative sanctions. But that is not what we are deciding now.

Before we get into his argument, consider a more basic point: It is not Jim Comey’s job to make prosecutorial decisions. Someone else — whichever US Attorney oversaw the prosecutors on this case, Deputy Attorney General Sally Yates, or Loretta Lynch — makes that decision. By overstepping the proper role of the FBI here, Comey surely gave Lynch cover — now she can back his decision without looking like Bill Clinton convinced her to do so on the tarmac. But he has no business making this decision, and even less business making it public in the way he did (the latter of which points former DOJ public affairs director Matthew Miller was bitching about).

But let’s look at his judgment.

Given that Jeffrey Sterling has been in prison for a year based off a slew of metadata (albeit showing only 4:11 seconds of conversation between James Risen and Sterling) and three, thirty year old documents, classified Secret, describing how to dial a phone, documents which were presented to prove Sterling had the “intent” to retain a document FBI never showed him retaining, I’m particularly interested in Comey’s judgment that no reasonable prosecutor would bring charges based on the facts found against Hillary. Similarly, given the history of the Thomas Drake prosecution, in which he was charged with Espionage because he kept a bunch of documents on NSA’s fraud, at the direction of the Inspector General, which the FBI found in his basement.

I can only imagine Comey came to his improper public prosecutorial opinion via one of two mental tricks. Either he — again, not the prosecutor — decided the only crime at issue was mishandling classified information (elsewhere in his statement he describes having no evidence that thousands of work emails were withheld from DOJ with ill intent, which dismisses another possible crime), and from there he decided either that it’d be a lot harder to prosecute Hillary Clinton (or David Petraeus) than it would be someone DOJ spent years maligning like Sterling or Drake. Or maybe he decided that there are no indications that Hillary is disloyal to the US.

Understand, though: with Sterling and Drake, DOJ decided they were disloyal to the US, and then used their alleged mishandling of classified information as proof that they were disloyal to the US (Drake ultimately plead to Exceeding Authorized Use of a Computer).

Ultimately, it involves arbitrary decisions about who is disloyal to the US, and from that a determination that the crime of mishandling classified information occurred.

For what its worth, I think most of these cases should involve losing security clearances rather than criminal prosecution (though Petraeus also lied to FBI). But we know, even there, the system is totally arbitrary; DOJ has already refused to answer whether any of Hillary’s aides will be disciplined for their careless handling of classified information and Petraeus never did lose his clearance. Nor did the multiple witnesses who testified against Sterling who themselves mishandled classified information lose their security clearance.

Which is another way of saying our classification system is largely a way to arbitrarily label people you dislike disloyal.

Friday Morning: Get Smart

If yesterday was all about the stupid, today is smart — as in Get Smart. I usually explore a jazz genre on Fridays, but this morning’s theme took over and found its own — well, what else! — theme music.

This is the entirety of the piece from which the 1960s television spy comedy Get Smart was taken. The most recognizable parts of the theme occur after the 7:30 mark. Some of the video’s commenters called this variations on Get Smart, but I don’t think they realize bigger pieces are often used in TV themes and cut to fit. Compare to the honed and polished piece used on air.

And now let’s get smart.

Smart technology with a goofy name
Google released as open source its SyntaxNet — a neural network framework for development of natural language systems. With this anyone can develop their own voice-activated natural language systems. Google’s already done the work on an English language parser called Parsey McParseface. Goofy name, but it’s incredibly accurate at picking apart English as we use it.

What I want to know: is this English language parser based on SyntaxNet the tool Google’s AI team has been feeding romance literature to teach it human speech? Parsey McParseface has already been fed the English version of the Wall Street Journal and Penn Treebank newswire sentences, but human speech is more irregular and colloquial than those written texts.

Get smart about the global technology gap
This is a nifty test and educational graphic pairing by New Internationalist. Amazing how many people have high-speed internet (less than you may think) and how few have access to clean water or toilets (far more than you may think).

Smart move: London’s new mayor enlarges clean air zone
Unlike that sad clown Boris Johnson, Sadiq Khan doesn’t mess around, wasting no time on saving Londoner’s lives with expansion of the Ultra Low Emissions Zone. Roughly 9,500 of them die each year due to air pollution. But why limit the number to be saved to some fraction of that number, discriminating against a portion of London drivers who will now pay a fee for driving polluting vehicles? At some point, the issue of VW’s emissions standards cheating passenger diesel cars must enter the equation, too. Could Khan ban them until they are “fixed”?

Smart statement, rather too late
Perhaps if David Petraeus had worked against anti-Muslim sentiment before he blew up his moral authority he might be taken as seriously as he should be.

Get smart about history: on rhubarb and women’s wear

  • Fascinating look at the “rhubarb triangle” in Yorkshire UK (Guardian-UK) — Wow. Did not know they forced rhubarb, let alone harvested by candlelight. Really old school ag, this. Probably UK-only, but the popularity of rhubarb as an alternative to fruit in WWII surely shaped US’ rhubarb farming.
  • Women’s skirt lengths, men’s facial hair influenced by late Victorian science (Smithsonian) — Didn’t know this either, that the fad for trailing skirts in mid-Victorian era died off because of concerns about tuberculosis’ spread. Also didn’t realize “heroin chic” had a predecessor in consumptive women’s appearance. Men’s facial hair, though? Germ factories, just waiting for the development of the safety razor.
  • 31 years ago, Philadelphia police exterminated a family (Films for Action) — This is still as horrifying today as it was then. The dead included five children, murdered by law enforcement.

And yes, this is not a smart observation or point, but it’s Friday the 13th
The smartness is in Longreads’ three lunch-sized stories about superstition. Coincidentally, that’s one read each for today, Saturday, and Sunday.

I’ll see you Monday morning right here if I don’t get hit by lightning or a beer truck. Have a good weekend!

“It’s Good to Be Back,” Petraeus Says before He Offers a Vague Apology and Oil Market Advice

Screen Shot 2015-09-22 at 1.24.13 PMJohn McCain has officially launched David Petraeus’ rehabilitation tour.

Petraeus testified today before the Senate Armed Services Committee on what to do in the Middle East. But you could tell how much this is about rehabilitation for the heartfelt thanks Petraeus offered McCain for bringing him in to testify. “It’s good to be back,” Petraeus said, before launching into the most hailed part of the hearing, this vague apology.

I think it is appropriate to begin my remarks this morning with an apology, one that I have offered before, but nonetheless one that I want to repeat to you and to the American public. Four years ago I made a serious mistake, one that brought discredit on me and pain closest–to those closest to me. It was a violation of the trust placed in me, and a breach of the values to which I had been committed throughout my life. There’s nothing I can do to undo what I did. I can only say again how sorry I am to thoseI let down and then strive to go forward with a greater sense of humility and purpose, and with gratitude to those who stood with me during a very difficult chapter in my life.

He didn’t actually say what part of the scandal he was apologizing for, though some of the press seemed to be certain that it was about one or another aspect of it. His invocation of the pain he caused those closest to him suggests it was the affair itself. The timing — just over four years ago, August 28, 2011, was the day he gave his black books full of code word intelligence to Paula Broadwell for several days — suggests it was about actually leaking intelligence.

If the acts he apologized for were four years ago, though, it means this apology doesn’t cover the lies he told the FBI on June 12, 2012 about sharing this intelligence. And it doesn’t cover keeping those books with code word intelligence in the top drawer of his unlocked desk until FBI found them on April 5, 2013, the act — mishandling classified information — that he technically pled guilty too.

Though I wouldn’t be surprised if the lawyer he shares with Hillary Clinton, David Kendall, advised him not to apologize for lying to the FBI, given that would involve admitting guilt for something he didn’t plead guilty for.

So having apparently apologized for a range of things that didn’t apparently include lying to the FBI, David Petraeus gave unsworn testimony to Congress.

The testimony was about what you’d expect. David Petraeus’ surge was, according to David Petraeus, a huge success. Petraeus told of some great things Nuri al-Maliki did even while explaining some great things Haider al-Abadi is doing. Petraeus envisioned the break up of Syria while insisting that the same couldn’t happen in Iraq (because the Sunnis in Iraq would have no oil revenues). All casualties in Syria were the fault of Bashar al-Assad, and not the US ally-backed forces Petraeus watched get armed while he was still CIA Director. Petraeus denied, without being asked, that the military had a policy of ignoring Afghan bacha bazi, as reported in NYT this week.

Not a word was mentioned about the chaos CIA-led intervention in Libya has caused, or what to do about it (Petraeus did mention Libya in a passing answer to a question), not even in discussions of why the Russians would never be willing to work under US command in countering ISIS, not even from the party that remains obsessed about Benghazi.

Nothing was mentioned about how all the men we’ve — Petraeus — has trained have been prone to flee.

The closest Petraeus came to discussing the support for Sunni extremism our allies — Qatar, Saudi Arabia, and Turkey — give (and therefore their role in the region’s instability) came when Petraeus discussed Turkey’s increasing targeting of PKK that happened at the same time Turkey agreed to let us use Incirlik Air Base, though Petraeus didn’t note any connection between those two things.

Perhaps the most interesting part of the hearing, though, came towards the end (after 2:11), when Thom Tillis asked a very reasonable question about how other countries (he didn’t say, but he probably had China in mind) reliance on Iran once they start selling oil will become important strategically.

After claiming Tillis’ break-even number for Iran’s budget (which accords with public reporting) was incorrect, Petraeus put on his private equity guy hat.

I’m the chairman of the KKR global institute and a partner in KKR, one of the global investment firms, uh [hand gesture showing breadth] big private equity firms in our country. And, first of all, by the way, the analysis on crude oil export shows that not only would the price of WTI, West Texas Intermediate go up slightly, so the producers would be better off, it would also have an impact on Brent Crude prices, which would come down, the global price, which is a lot of what we refine, and the price at the pump probably would go down. So it’s very interesting — if you look at, I think it’s the CBO that did the analysis of this. One of our analytical organizations here, I think, on Capitol Hill has looked at this. And it’s a very interesting dynamic.

[Tillis tries to interrupt, Petraeus keeps speaking.]

Beyond that, I don’t think we should get involved in markets as a country, unless we want to do something like sanctions. So again, you wouldn’t do it — if you want to use sanctions for economic tools as a weapon, gives thumbs up sign] fine, but otherwise I think you have to be very careful about intervention in the global markets.

Tillis tried again, restating his question about whether we should drill as much oil as we can to hedge against increased Iranian influence.

We ought to produce all the oil that we can, if we’re making a profit. If we can enable countries like Iraq to revive their oil industry as we did, it helps Iraq, it funds their gover–by the way they’re running into fiscal deficit now. But again, this is really about market forces I think, much more than getting involved in this as a country.

Not much of Petraeus’ answer made sense, but I can assure you, the head of KKR’s Global Institute is pretty excited about natural gas.

Sure, the expertise of a private equity guy might be worthwhile to Congress, though that affiliation was not listed on the SASC websiteScreen Shot 2015-09-22 at 12.46.32 PM

But it’s all the more absurd given the rest of Petraeus testimony, most notably his silence about Saudi Arabia’s destabilizing influence, given that we do play in global markets precisely through our unquestioningly loyalty to the Saudis.

I guess the Senate — which turned out in big numbers — finds this kind of analysis useful. But it is, once again, about David Petraeus more than it is about testimony that will help us adopt a sound policy in the Middle East.