Posts

Yesterday, Roger Stone Answered, then Backtracked, on a Question Mueller Has Already Posed to Trump

As I laid out last week, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Contrary to Trump’s squeals about the hack indictment yesterday, it’s utterly damning for him. It shows:

  • Russian hackers responded to his plea for more Hillary emails by targeting her office that same day
  • Trump’s lifelong political advisor, Roger Stone, was described directly communicating with a GRU-run persona
  • Stone’s own advisor on these matters, then Breitbart and current Sputnik journalist Lee Stranahan, asked for and obtained files from the same GRU-run persona
  • GRU stole Hillary’s analytics in September, the heart of the general election, and did … the indictment doesn’t say what GRU did with the data
  • The same GRU persona made available information helping some of Trump’s most vocal defenders in Congress, ones he has discussed pushback strategies with on Air Force One

Like my own testimony, because this investigation started in Pittsburgh, and only later got moved under Mueller sometime last fall (I know one key witness who was about to speak to prosecutors when I saw him in October), it minimally overlaps with Peter Strzok’s involvement in the case, if at all.

In this post, I want to look at the second bullet: Roger Stone.

Since Stone got described in an indictment of those who helped Trump win the election, he has  (as is his habit) provided conflicting explanations, first suggesting it wasn’t him, then suggesting it couldn’t be him because he wasn’t “a person who was in regular contact with senior members of the presidential campaign of Donald J. Trump,” as the indictment described.

My contact with the campaign in 2016 was Donald Trump. I was not in regular contact with campaign officials.

Only, this morning (as Ryan Goodman noted), Stone has changed his tune, admitting that he did talk to Trump campaign officials and probably is the person described in the indictment who said all the things he said in his DMs to Guccifer 2.0.

I certainly acknowledge that I was in touch with Trump campaign officials.

Here’s why Stone’s changing story about whether he only spoke with Trump or in fact spoke with other campaign officials. Among the questions (as interpreted by Jay Sekulow) that Mueller has already posed to Trump is this one:

What did you know about communication between Roger Stone, his associates, Julian Assange or Wikileaks?

Mueller wants to know how much of Stone’s discussions with election operation participants Trump knew about. And Stone’s first instinct when seeing himself mentioned in an indictment of those participants was to say he only spoke to Trump.

I guess it’s clear why he’s backtracking from that.

The Russian Hack

As I laid out last week, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Mueller’s team just announced (and announced the transfer, as I predicted) of the Russian hack indictment, naming 12 GRU officers for the hack of the Hillary campaign, the DNC, and the DCCC. This will be a working thread.

Rod Rosenstein, as he did with the Internet Research Agency, made clear there are no Americans named in this indictment (and that those who interacted with Guccifer 2.0 and DC Leaks did not know they were interacting with Russians). That said, here are some of the interesting nods in it.

Other known conspirators

The indictment names 12 officers — and (as conspiracy cases often do) — persons known and unknown to the Grand Jury.

Hillary’s campaign targeted more aggressively than previously reported

This is a detail I’ve known for quite some time: Hillary’s campaign actually faced far more persistent hacking threats than previously known. Of absolutely critical importance, the indictment makes it clear that GRU hackers spear-phished Hillary’s personal office on July 27, after Donald Trump asked Russia to find her emails.

For example, on or about July 27, 2016, the Conspirators attempted after hours to spearphish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton’s personal office. At or around the same time, they also targeted seventy-six email addresses at the domain for the Clinton Campaign.

I know a key witness in that part of the hack has been waiting to share his story (he’s quite happy this is finally out), so expect far more details on the targeting of the Hillary campaign itself, rather than just the DNC and DCCC, in coming days.

Wikileaks

The indictment doesn’t name Wikileaks, but alleges that Guccifer 2.0 released additional stolen documents through a website maintained by “Organization 1.” There’s an entire section on communications between Guccifer 2.0 and Wikileaks (starting on page 17). Among other things it quotes Wikileaks as saying on July 6,

if you have anything hillary related we want it in the next tweo [sic] days prefabl [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after.

This makes it clear that WikiLeaks was not only working directly with Guccifer 2.0, but doing so in ways that would antagonize Bernie-supporting progressives.

Cryptocurrency

The computer infrastructure (including computers in the US) here was paid for by cryptocurrency, not via payments laundered through the embassy (one of several claims about funding made in the Steele dossier).

May through June 2016

The indictment names Ivan Sergeyovich Yermakov as the person who hacked into the DNC email server and stole the emails released via WikiLeaks. This hack date is critical to the timing of the narrative. The emails exfiltrated and provided to Wikileaks were stolen from May 25 through June 1.

Note, too, the indictment says hackers remained in the DNC computers through June.

Servers

The hackers used a server in AZ but then ran that through a server “overseas.” The hackers leased a DCCC computer in Illinois. The use of infrastructure within the US suggests much of the hot air around transfer times — one of the key attempts to debunk the hack — is just that, hot air.

Targeted information

The indictment gives the search terms for some of the targeted information. For example, on April 15, 2016, the conspirators searched for Hillary, Cruz, and Trump, as well as “Benghazi investigations.”

It describes a search on a server in Moscow for some of the terms used in the original Guccifer 2.0 post, including “some hundred sheets,” “illuminati,” “think twice about” “company’s competence” (referring to CrowdStrike).

Crowdstrike

The indictment describes Crowdstrike’s efforts to oust the hackers, but notes that a Linux based version of X-Agent remained on DNC’s network until October 2016.

Analytics

I have been saying forever that the easiest way to steal the election would be to steal Hillary’s analytics. The indictment revals that,

In or around September 2016, the Conspirators also successfully gained access to DNC computers hosted on a third-party cloud-computing service. These computers contained test applications related to the DNC’s analytics. After conducting reconnaissance, the Conspirators gathered data by creating backups, or “snapshots,” of the DNC’s cloud-based systems using the cloud provider’s own technology.

The indictment is silent about what happened to this stolen analytics data.

Republicans

The indictment notes that DCLeaks also released emails of Republicans that were hacked in 2015 (though I think it actually included some that were more recent than that).

Alice Donovan

Alice Donovan pitched news articles to various outlets. It was also the name used for DC Leaks’ Facebook account. This name (and a few others in the indictment) connects the hack and leak with the wider disinformation campaign.

Requested Stolen Information

The indictment describes how a candidate for Congress asked for information. I think I know who this is, but need to check.

It describes Guccifer 2.0 providing documents to Aaron Nevins, which I have covered repeatedly.

And it describes a journalist who obtained Black Lives Matters documents. As his DMs make clear, this was then Breitbart and current Sputnik journalist Lee Stranahan.

Stranahan is the journalist who helped Roger Stone write the column claiming that Guccifer 2.0 was an American.

It describes Guccifer 2.0’s interactions with Roger Stone (see paragraph 44).

State and vendor servers

The language describing the efforts to hack state sites, starting on page 25, is very specific, down to the named GRU officer. It describes Kovalev stealing the information of 500,000 voters (this is probably from Illinois).

Note, the indictment describes Kovalev deleting information in response to an FBI alert on the hacks of the state server. It doesn’t say whether he did so in response to public reporting on it.

Timeline

February 1, 2016: gfade147 0.026043 bitcoin transaction

March 2016: Conspirators hack email accounts of volunteers and employees of Hillary campaign, including John Podesta

March 2016: Yermakov spearphishes two accounts that would be leaked to DC Leaks

March 14, 2016 through April 28, 2016: Conspirators use same pool of bitcoin to purchase VPN and lease server in Malaysia

March 15, 2016: Yermakov runs technical query for DNC IP configurations and searches for open source info on DNC network, Dem Party, and Hillary

March 19, 2016: Lukashev spearphish Podesta personal email using john356gh

March 21, 2016: Lukashev steals contents of Podesta’s email account, over 50,000 emails (he is named Victim 3 later in indictment)

March 25, 2016: Lukashev spearphishes Victims 1 (personal email) and 2 using john356gh; their emails later released on DCLeaks

March 28, 2016: Yermakov researched Victims 1 and 2 on social media

April 2016: Kozachek customizes X-Agent

April 2016: Conspirators hack into DCCC and DNC networks, plant X-Agent malware

April 2016: Conspirators plan release of materials stolen from Clinton Campaign, DCCC, and DNC

April 6, 2016: Conspirators create email for fake Clinton Campaign team member to spearphish Clinton campaign; DCCC Employee 1 clicks spearphish link

April 7, 2016: Yermakov runs technical query for DCCC’s internet protocol configurations

April 12, 2016: Conspirators use stolen credentials of DCCC employee to access network; Victim 4 DCCC email victimized

April 14, 2016: Conspirators use X-Agent keylog and screenshot functions to surveil DCCC Employee 1

April 15, 2016: Conspirators search hacked DCCC computer for “hillary,” “cruz,” “trump” and copied “Benghazi investigations” folder

April 15, 2016: Victim 5 DCCC email victimized

April 18, 2016: Conspirators hack into DNC through DCCC using credentials of DCCC employee with access to DNC server; Victim 6 DCCC email victimized

April 19, 2016: Kozachek, Yershov, and co-conspirators remotely configure middle server

April 19, 2016: Conspirators register dcleaks using operational email [email protected]

April 20, 2016: Conspirators direct X-Agent malware on DCCC computers to connect to middle server

April 22, 2016: Conspirators use X-Agent keylog and screenshot function to surveil DCCC Employee 2

April 22, 2016: Conspirators compress oppo research for exfil to server in Illinois

April 26, 2016: George Papadopolous learns Russians are offering election assistance in the form of leaked emails

April 28, 2016: Conspirators use bitcoin associated with Guccifer 2.0 VPN to lease Malaysian server hosting dcleaks.com

April 28, 2016: Conspirators test IL server

May 2016: Yermakov hacks DNC server

May 10, 2016: Victim 7 DNC email victimized

May 13, 2016: Conspirators delete logs from DNC computer

May 25 through June 1, 2016: Conspirators hack DNC Microsoft Exchange Server; Yermakov researches PowerShell commands related to accessing it

May 30, 2016: Malyshev upgrades the AMS (AZ) server, which receives updates from 13 DCCC and DNC computers

May 31, 2016: Yermakov researches Crowdstrike and X-Agent and X-Tunnel malware

June 2016: Conspirators staged and released tens of thousands of stolen emails and documents

June 1, 2016: Conspirators attempt to delete presence on DCCC using CCleaner

June 2, 2016: Victim 2 personal victimized

June 8, 2016: Conspirators launch dcleaks.com, dcleaks Facebook account using Alive Donovan, Jason Scott, and Richard Gingrey IDs, and @dcleaks_ Twitter account, using same computer used for other

June 9, 2016: Don Jr, Paul Manafort, Jared Kushner have meeting expecting dirt from Russians, including Aras Agalarov employee Ike Kaveladze

June 10, 2016: Ike Kaveladze has calls with Russia and NY while still in NYC

June 14, 2016: Conspirators register actblues and redirect DCCC website to actblues

June 14, 2016: WaPo (before noon ET) and Crowdstrike announces DNC hack

June 15, 2016, between 4:19PM and 4:56 PM Moscow Standard Time (9:19 and 9:56 AM ET): Conspirators log into Moscow-based sever and search for words that would end up in first Guccifer 2.0 post, including “some hundred sheets,” “illuminati,” “think twice about company’s competence,” “worldwide known”

June 15, 2016, 7:02PM MST (2:02PM ET): Guccifer 2.0 posts first post

June 15 adn 16, 2016: Ike Kaveladze places roaming calls from Russia, the only ones he places during the extended trip

June 20, 2016: Conspirators delete logs from AMS panel, including login history, attempt to reaccess DCCC using stolen credentials

June 22, 2016: Wikileaks sends a private message to Guccifer 2.0 to “send any new material here for us to review and it will have a much higher impact than what you are doing.”

June 27, 2016: Conspirators contact US reporter, send report password to access nonpublic portion of dcleaks

Late June, 2016: Failed attempts to transfer data to Wikileaks

July, 2016: Kovalev hacks into IL State Board of Elections and steals information on 500,000 voters

July 6, 2016: Conspirators use VPN to log into Guccifer 2.0 account

July 6, 2016: Wikileaks writes Guccifer 2.0 adding, “if you have anything hillary related we want it in the next tweo [sic] days prefabl [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after”

July 6, 2016: Victim 8 personal email victimized

July 14, 2016: Conspirators send WikiLeaks an email with attachment titled wk dnc link1.txt.gpg providing instructions on how to access online archive of stolen DNC documents

July 18, 2016: WikiLeaks confirms it has “the 1Gb or so archive” and would make a release of stolen documents “this week”

July 22, 2016: WikiLeaks releases first dump of 20,000 emails

July 27, 2016: Trump asks Russia for Hillary emails

July 27, 2016: After hours, conspirators attempt to spearphish email accounts at a domain hosted by third party provider and used by Hillary’s personal office, as well as 76 email addresses at Clinton Campaign

August 2016: Kovalev hacks into VR systems

August 15, 2016: Conspirators receive request for stolen documents from candidate for US congress

August 15, 2016: First Guccifer 2.0 exchange with Roger Stone noted

August 22, 2016: Conspirators transfer 2.5 GB of stolen DCCC data to registered FL state lobbyist Aaron Nevins

August 22, 2016: Conspirators send Lee Stranahan Black Lives Matter document

September 2016: Conspirators access DNC computers hosted on cloud service, creating backups of analytics applications

October 2016: Linux version of X-Agent remains on DNC network

October 7, 2016: WikiLeaks releases first set of Podesta emails

October 28, 2016: Kovalev visits counties in GA, IA, and FL to identify vulnerabilities

November 2016: Kovalev uses VR Systems email address to phish FL officials

January 12, 2017: Conspirators falsely claim the intrusions and release of stolen documents have “totally no relation to the Russian government”

Roger Stone and ConFraudUs

CNN’s David Gelles has an instructive tweet this morning showing how the rate at which Trump tweets about the Mueller “witch hunt” is accelerating.

Assuming this includes this morning’s two “witch hunt” tweets, Trump is on pace to use the phrase 28 times by the end of the month, though I bet he’ll continue to accelerate the use of it in the week remaining in the month.

The Mueller investigation is, I suspect, coming to a head.

I don’t claim I know how it will turn out. The president has an enormous amount of power and his flunkies in Congress promise they’re about to end Rod Rosenstein’s bend-don’t-break defense by impeaching him (though Rosenstein and Chris Wray have just thrown more documents out to slow the Republicans). It’s certainly possible that Trump will make a last ditch effort to undercut the Mueller investigation and that effort will be competently executed and none of the secondary fall-back defenses Mueller has put into place will work. For now, though, the Trump team seems intent on a delay and discredit strategy, which won’t stave off any imminent steps.

So we shall see whether Trump succeeds in undercutting the investigation. I keep thinking, “that’s why they play the game,” but this is no game.

There are a number of reasons I think Mueller’s investigation is coming to a head. But consider one detail. I’ve long explained that Mueller seems to be building a series of Conspiracy to Defraud the United States indictments that will ultimately incorporate the entire Russian operation (and may integrate the Trumpsters’ international self-dealing as well). As Mueller’s team has itself pointed out, for heavily regulated areas like elections, ConFraudUs indictments don’t need to prove intent for the underlying crimes. They just need to prove,

(1) two or more persons formed an agreement to defraud the United States;

(2) [each] defendant knowingly participated in the conspiracy with the intent to defraud the United States; and

(3) at least one overt act was committed in furtherance of the common scheme.

Let’s see how evidence Mueller has recently shown might apply in the case of Roger Stone, Trump’s lifelong political advisor. We already knew that Stone had communications that he did not immediately disclose with Guccifer 2.0 and Wikileaks. With both, Stone has contributed to and reinforced claims the entities were not Russian operations, though his conversion about the source of the Hillary emails was pretty sudden and curiously timed.

Now we know that in May, Stone had lunch with someone calling himself Henry Greenberg offering dirt on Hillary. His explanation — based only on the texts that Michael Caputo was asked about in a Mueller interview — is not that he didn’t entertain the offer, but that he didn’t take Greenberg up on the offer as made in late May because Greenberg was asking for big money.

Both clearly recognized Greenberg as a Russian, therefore a foreigner offering something of value during an election.

Bizarrely, in trying to rebut the import of this exchange publicly, Caputo and Stone are doing nothing more than working the public refs, claiming to assume this was an FBI sting. Mueller knows whether it was an FBI sting, and there’s virtually no way he’d be asking questions about it if it were (particularly if Stone really didn’t take the bait). In short, Stone has no justification for this he’s willing to offer publicly; instead, he’s just adopting the SpyGate narrative in an attempt to discredit the investigation. And that’s assuming there were no follow-ups or other damning texts that didn’t involve someone willing to leak them to the press.

And all that happened before Peter Smith came on the scene, someone who, unlike Donald Trump, was willing to spend money for such things, an operation Stone is suspected of being involved in but which he studiously avoids mentioning when trying to explain himself. Smith did obtain emails from people Matt Tait advised him might be part of a Russian operation, and when he couldn’t validate them, sent them on to Wikileaks.

Which is to say Stone repeatedly entertained offers from foreigners illegally offering dirt that would benefit the Trump campaign — Greenberg, Guccifer 2.0, possibly Peter Smith’s Dark Web hackers. He may even have exhibited a belief that Australian Julian Assange had and could release the latter dirt, possibly with the knowledge they came from Russians.

So we’ve got Stone meeting with other people, repeatedly agreeing to bypass US election law to obtain a benefit for Trump, evidence (notwithstanding Stone’s post-hoc attempts to deny a Russian connection with Guccifer 2.0 and Wikileaks) that Stone had the intent of obtaining that benefit, and tons of overt acts committed in furtherance of the scheme.

And all that’s without leaning on the the other stuff Mueller found on Stone’s phone, which Stone is also trying to explain away by public conspiracies (in this case that the phone content was obtained with a FISA order rather than with a probable cause warrant obtained on March 9).

This is just one of the people Mueller has publicly focused on in recent days. We could lay out similar arguments for Michael Cohen, Paul Manafort, and Brad Parscale, at a minimum. Mueller had — and acted on — probable cause warrants covering five AT&T phones in March, all of which probably had close ties to Rick Gates. Assuming those targets are distributed proportionately with the US population, he’s likely to have obtained warrants for as many as 15 phones just in that go-around.

So if Roger Stone is any indication, the Mueller investigation may soon be moving into a new phase.

The Quid Pro Quo: a Putin Meeting and Election Assistance, in Exchange for Sanctions Relief (Part Two in a Series)

As I explained in Part One of this series, I think the Mueller questions leaked by the Trump people actually give a far better understanding of a damning structure to the Mueller investigation — one mapping out cultivation, a quid pro quo, and a cover-up — than the coverage has laid out. This post will lay out how, over the course of the election, the Russians and Trump appear to have danced towards a quid pro quo, involving a Putin meeting and election assistance in exchange for sanctions relief if Trump won (as noted, the Russians dangled real estate deals to entice Trump based on the assumption he wouldn’t win).

April 27, 2016: During the campaign, what did you know about Russian hacking, use of social media, or other acts aimed at the campaign?

Given the structure of George Papadopoulos’ plea, it’s highly likely Mueller knows that Papadopoulos passed on news that the Russians had thousands of Hillary emails they planned to release to help Trump to people in the campaign. Papadopoulos could have passed on that news to Stephen Miller and Corey Lewandowski as early as April 27. On the same day, Papadopoulos helped draft Trump’s first foreign policy speech, which Papadopoulos reportedly told Ivan Timofeev signaled a willingness to meet.

Between the time the GRU first exfiltrated DNC emails in April and the election, Trump invoked “emails” 21 times on Twitter (usually to refer to emails from Hillary’s server). The first of those times came on June 9, less than an hour after the Trump Tower meeting. The most famous of those came on July 27, when Trump addressed Russia directly.

Earlier in the day, Trump had called on Russia to release the emails not to the FBI, but to the press.

Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press.

The timing may reflect awareness among some in the campaign that the call to Russia was a step too far legally. (h/t TC for the addition)

That Trump’s email comments pertain mostly to Hillary’s home-based server doesn’t actually exonerate him. Right after the DNC release (and therefore the July 27 Trump tweet), GOP rat-fucker Peter Smith started reaching out to Russian hackers in hopes of finding hacked versions of those emails. His support documents named Steve Bannon, Kellyanne Conway, Sam Clovis, and Mike Flynn. If those people actually learned of the effort (there’s reason to believe Smith was just overselling the ties to the campaign), it’s possible that Trump learned about it as well.

As to social media, while it has gotten virtually no attention, the reference to three Florida-based Trump campaign officials in the Internet Research Agency indictment suggests further investigative interest in them.

[T]here are three (presumed) Americans who, both the indictment and subsequent reporting make clear, are treated differently in the indictment than all the other Americans cited as innocent people duped by Russians: Campaign Official 1, Campaign Official 2, and Campaign Official 3. We know, from CNN’s coverage of Harry Miller’s role in building a cage to be used in a fake “jailed Hillary” stunt, that at least some other people described in the indictment were interviewed — in his case, for six hours! — by the FBI. But no one else is named using the convention to indicate those not indicted but perhaps more involved in the operation. Furthermore, the indictment doesn’t actually describe what action (if any) these three Trump campaign officials took after being contacted by trolls emailing under false names.

So Mueller may be pursuing whether there was state-level coordination going on, and if so, how far up the campaign chain of command knowledge of that coordination extended.

May 31, 2016: What discussions did you have during the campaign regarding any meeting with Mr. Putin? Did you discuss it with others?

On June 16, 2015, the day Trump announced his campaign, the Agalarovs offered to serve as an intermediary between him and Putin.

Then, starting at least as early as March 31, 2016 (with Trump’s first foreign policy meeting), his aides started floating pitches for meetings with increasingly senior campaign officials that would hypothetically lead up to one between Trump and Putin.

Those include at least:

  • The George Papadopoulos thread, spanning from March 21 through August 15
  • The Carter Page thread, including his Moscow trip in July, and possibly continuing through his December Moscow trip
  • The NRA thread, focusing on the NRA meeting in Kentucky in May; NRA’s longer outreach includes Trump associates John Bolton and David Clarke

We know Trump was present and did not object when Papadopoulos pitched this in the May 31 meeting. Several of the other entrees went through Don Jr. Many of the offers got briefed at least as far as Jared Kushner and Paul Manafort. We don’t know how many of the other offers he learned about. We just know that years earlier he had joked about becoming Putin’s best friend, and over the course of the campaign, Russian intermediaries made repeated, persistent efforts to work towards a meeting between Trump and Putin, with a meeting between Agalarov representatives (who, again, had offered to serve as intermediaries with Putin when Trump kicked off the campaign) and the most senior people on the campaign happening just as Trump sealed up the nomination.

May 31, 2016: What discussions did you have during the campaign regarding Russian sanctions?

This is an open-ended question that might pose particular problems for Trump given the misleading statement claiming the June 9 meeting was about adoptions and not the Magnitsky sanctions. More interesting still are hints that Mueller sees a signaling going back and forth involving Papadopoulos; some of this may have involved signaling a willingness to provide sanctions relief.

Both Aras Agalarov and Natalia Veselnitskaya followed up after the election pushing for sanctions relief.

June 9, 2016: When did you become aware of the Trump Tower meeting?

Sam Nunberg has suggested Trump probably learned of the Trump Tower meeting before it happened. While he is unreliable on that point, the original June 3, 2016 email Rob Goldstone sent to Don Jr suggests reaching out to Trump’s assistant Rhona Graff.

I can also send this info to your father via Rhona, but it is ultra sensitive so wanted to send to you first.

Democrats suspect that between two calls Don Jr had with Emin Agalarov about the meeting on June 6, 2016, he called his dad.

Trump Jr.’s phone records show two calls to and from the same Russian number on June 6, 2016.62 The first call occurred at 4:04 pm on June 6, 2916 – just 21 minutes after Goldstone emailed Trump Jr. to say that Emin Agalarov was “on stage in Moscow but should be off within 20 minutes so I am sure can call. [emphasis added]” 63 At 4:38 pm, Trump Jr emailed Goldstone, “Rob, thanks for the help.”64

This documentary evidence indicates that a call likely took place between Trump Jr. and Emin Agalarov. During his interview, Trump Jr. confirmed that the Russian phone number belonged to Agalarov, though he claimed to not recall whether he actually spoke with him. Rather, despite one of the two calls reflecting a two-minute connection, Trump Jr. suggested that Agalarov may have left voice messages.65

The phone records also show a “blocked” number at 4:27 pm, between the two calls to and from Emin Agalarov. Trump Jr. claimed he did not know who was associated with the blocked number.66 While the Committee has not pursued leads to determine who called Trump Jr. at this crucial time from a blocked number, Corey Lewandowski told the Committee that Mr. Trump’s “primary residence has a blocked [phone] line.” 67

Mueller, of course, almost certainly has the phone records the Democrats weren’t able to obtain.

Finally, Steve Bannon has stated that he’s certain Don Jr “walk[ed] these jumos up to his father’s office on the twenty-sixth floor” on the day of the meeting. There’s reason to believe Ike Kaveladze and Goldstone could have done so, including the new piece of evidence that “Kaveladze left [a meeting with Rinat Akhmetshin and Natalia Veselnitskaya] after a few minutes to take a call from Agalarov to discuss the meeting.”

The day after the meeting — and four days before Trump’s birthday — Agalarov sent Trump an expensive painting as a present.

The June 9 meeting is, as far as is public, the most important cornerstone in a presumed quid pro quo. Russians offered unnamed dirt that Don Jr seemed to know what it entailed even before speaking to Emin Agalarov personally. Having offered dirt, four Russians — including two representatives of Trump’s long-time handler Aras Agalarov — laid out a pitch to end the Magnitsky sanctions. And less than a week later, a presumed Russian agent released the first dirt stolen from Hillary Clinton.

July 7, 2016: What knowledge did you have of any outreach by your campaign, including by Paul Manafort, to Russia about potential assistance to the campaign?

We don’t have many details on what Mueller knows about Manafort’s requests for help on the campaign. We do know he remained in close touch with Russians via someone the FBI believed was a Russian intelligence agent, Konstantin Kilimnik, through whom he remained in communications with Russian oligarch Oleg Deripaska. Deripaska is named in some court documents in a way that suggests his relationship with Manafort may be the still hidden third prong of investigation into Manafort approved by August 2, 2017.

Starting in April, Manafort and Kilimnik (whom Rick Gates and therefore presumably Manafort knew was a former GRU officer), exchanged a series of cryptic emails, suggesting that Manafort might be able to pay off the $20 million he owed Deripaska with certain actions on the campaign. In an email sent on July 7, Manafort offered to provide briefings on the campaign to Deripaska. On or around August 2, Manafort and Kilimnik met in person at the Grand Havana Club, in Kushner’s building at 666 5th Avenue. Both deny that anything about the campaign came up. Shortly after this meeting, one of Deripaska’s jets came to Newark, and Russian opposition figure Viktor Navalny has claimed to have proof the jet went from there to a meeting between Deripaska and Russian deputy prime minister Sergei Prikhodko.

An August 2017 report describes intercepts picking up “Russian operatives discussing their efforts to work with Manafort, … relay[ing] what they claimed were conversations with Manafort, encouraging help from the Russians.”

There’s one more area of potential assistance I find of interest. Since January, we’ve been getting hints that Oleg Deripaska has some tie to the Steele dossier, possibly through a lawyer he and Steele share. I’ve raised repeated concerns that the Russians learned about the dossier and found ways to feed Steele disinformation. If they did, the disinformation would have led Democrats to be complacent about the hacks that targeted them. And whether or not the dossier is disinformation (and whether or not Deripaska had a role in that, if true), Paul Manafort coached Reince Priebus on how to attack the dossier as a way to discredit the investigation into the campaign’s ties with Russia.

With regards to this Manafort question: remember that Rick Gates flipped on February 23, and the questions date to early March. So Gates may have proffered confirmation about these details. In any case, Mueller likely has learned far more about them two months after Gates flipped.

July 10-12, 2016: What involvement did you have concerning platform changes regarding arming Ukraine?

The Majority HPSCI Russia Report explains that the RNC platform was changed by staffers at the convention based off Trump’s public statements on sanctions.

[Rick] Dearborn generated a memorandum, dated August 1, 2016, outlining a detailed sequence of events that occurred between July 10 and 12, 2016. As part of that memo, J.D. Gordon created a timeline that noted candidate Trump’s policy statements–including at a March 31, 2016, national security meeting–served as the basis for the modification of [Diana] Denman’s amendments. Gordon’s timeline made it clear that the change was initiated by campaign staffers at the convention–not by Manafort or senior officials.

J.D. Gordon has not confirmed that he was asked about this, but he surely was. I would expect Mueller to have tested the timeline Gordon laid out in summer 2016 (when the platform change was a big political issue) against the testimony and communications records of everyone else involved.

Of course, by asking the question in this fashion, Mueller doesn’t reveal what he has already confirmed about the platform changes.

August 5, 2016: What did you know about communication between Roger Stone, his associates, Julian Assange or WikiLeaks?

After multiple public statements that the Russians were behind the hack-and-leak, on August 5, 2016 (after traveling from NY to LA to his home in FL), Roger Stone wrote a column claiming to believe that Guccifer 2.0 was a hacktivist with no ties to Russia. Stone’s purportedly changed beliefs about Guccifer 2.0 coincide with an August 4 claim he made in an email to Sam Nunberg that he had met with Julian Assange the night before. Stone’s claimed belief that Guccifer 2.0 is not Russian is key to his denials of any involvement or pre-knowledge of hack-and-leak events. It also kicked off an alternative story that others, up to and including Trump, have adopted to excuse their own embrace of the stolen emails. In other words, a key prong in the plausible deniability the Russians built into the hack-and-leak campaign came from long-time Trump associate Roger Stone, after a dramatic and unexplained change in beliefs (Lee Stranahan, who used to work for Breitbart and now works for Sputnik, has claimed some credit for the change, and given how lucid the August 5 column is, someone had to have helped Stone write it).

Ten days later, after Stone had called on Twitter to let him out of Twitter jail, Guccifer 2.0 and Stone started exchanging (fairly innocuous) DMs.

There are events both before and after that which suggest Stone — probably through more interesting go-betweens than Randy Credico — sought information on what dirt Assange and Wikileaks had, and what and when planned to do with it.

Much has been made, especially in the DNC lawsuit, about Stone’s seeming prediction that “it would soon be Podesta’s time in the barrel.” Perhaps that’s true (and Stone’s explanation for the tweet is garbage), but any explanation of Stone’s supposed prediction needs to acknowledge that he more often predicted Wikileaks would release Clinton Foundation emails, not Podesta ones, that he got the timing somewhat wrong, and that he didn’t dwell on the Podesta emails at all once Wikileaks started releasing them (preferring, instead, to talk about Bill Clinton’s lady problems). Still, that may reflect Stone involvement in the Peter Smith operation, and efforts to get WikiLeaks to release purported Clinton Foundation emails passed on via hackers.

That Mueller is even asking this suggests (if the several grand jury witnesses in recent months dedicated to it don’t already) that Mueller has a pretty good idea that Stone’s communications were more extensive than his denials let on. That he thinks Stone may have shared that information with Trump is all the more interesting.

All of which is to say that the known answers to Mueller’s questions map out a quid pro quo set up during the election, in which Russians offered a Putin meeting and dirt on Hillary, with the expectation that Trump would lift the Magnitsky sanctions if he won (and would get a Trump Tower in Moscow if he lost). I suspect there are other pieces to the quid pro quo, dealing with Ukraine and Syria. But certainly the June 9 meeting set up an understanding: dirt in exchange for Magnitsky relief. The release of the Guccifer 2.0 emails may indicate the Trump camp provided some signal they had formally accepted the offer.

Update: Fixed syntax in last paragraph, h/t LT.

RESOURCES

These are some of the most useful resources in mapping these events.

Mueller questions as imagined by Jay Sekulow

CNN’s timeline of investigative events

Majority HPSCI Report

Minority HPSCI Report

Trump Twitter Archive

Jim Comey March 20, 2017 HPSCI testimony

Comey May 3, 2017 SJC testimony

Jim Comey June 8, 2017 SSCI testimony

Jim Comey written statement, June 8, 2017

Jim Comey memos

Sally Yates and James Clapper Senate Judiciary Committee testimony, May 8, 2017

NPR Timeline on Trump’s ties to Aras Agalarov

George Papadopoulos complaint

George Papadopoulos statement of the offense

Mike Flynn statement of the offense

Internet Research Agency indictment

Text of the Don Jr Trump Tower Meeting emails

Jared Kushner’s statement to Congress

Erik Prince HPSCI transcript

THE SERIES

Part One: The Mueller Questions Map Out Cultivation, a Quid Pro Quo, and a Cover-Up

Part Two: The Quid Pro Quo: a Putin Meeting and Election Assistance, in Exchange for Sanctions Relief

Part Three: The Quo: Policy and Real Estate Payoffs to Russia

Part Four: The Quest: Trump Learns of the Investigation

Part Five: Attempting a Cover-Up by Firing Comey

Part Six: Trump Exacerbates His Woes

Was Trump’s Birthday Present a Painting? Or Stolen Emails?

Donald Trump was born on June 14, 1946.

According to the Minority HPSCI Russian Report, the day after Trump’s spawn, spawn’s husband, and campaign manager met with a bunch of Russian envoys (including Aras Agalarov’s representative Ike Kaveladze), Agalarov sent the presidential candidate an expensive painting.

[O]n June 10, 2016, Aras Agalarov delivered to candidate Trump an expensive painting for the candidate’s birthday.

An email from Rob Goldstone identified it as a birthday gift.

Email from Rob Goldstone to Rhona Graff, Subject: Birthday gift for Mr. Trump, June 10, 2016

On June 14, 2016 — Donald Trump’s birthday — the Washington Post revealed that Hillary had been hacked by Russia.

According to Nakashima, she was first contacted about this story, “About a week before the story published online.”

On June 15, in what has always been presumed to be a rushed response to the WaPo story, Russian cut-out Guccifer 2.0 published a bunch of stolen documents, including Hillary’s (dated) oppo research on Trump.

On June 17, a Trump staffer sent an Agalarov staffer a Trump thank you note, one that did not (at least in the bit quoted in the Minority HPSCI report) describe what the gift in question was.

“There are few things better than receiving a sensational gift from someone you admire – and that’s what I’ve received from you. You made my birthday a truly special event by your thoughtfulness – not to mention your remarkable talent. I’m rarely at a loss for words, but right now I can only say how much I appreciate your friendship and to thank you for this fantastic gift. This is one birthday that I will always remember.”

Was the gift a painting? Or stolen emails?

Counterintelligence versus Criminal: George Papadopoulos

While I was playing in an undisclosed location in Europe, Chuck Ross wrote two stories based off access to people in the immediate vicinity of George Papadopoulos.

The first purports to answer whether Papadopoulos [thinks he] colluded with Russia. The second reports that someone with close ties to CIA and MI6 reached out to Papadopoulos after the US government learned of Papadopoulos’ comments to Alexander Downer about Hillary emails.

There’s a funny movement between the two. In the first, Ross feigns concern about how long it took the FBI to reach out to Papadopoulos after learning of his email conversation.

Papadopoulos was not interviewed by FBI agents until Jan. 27, 2017, nearly six months after the start of the investigation. That six month delay is puzzling to both congressional investigators and to Papadopoulos. He has wondered to associates why, if he was actually suspected of conspiring with the Russian government, the bureau would have waited so long to contact him.

He doesn’t mention, of course, that the FBI reached out to Papadopoulos just one week after the presidential transition period — which Papadopoulos played a role in — ended. That is, there was virtually no delay between the time Papadopoulos separated from Trump’s retinue and the FBI investigated. That doesn’t feed the poutrage about FBI’s investigation of politics, however, and so goes unmentioned.

Meanwhile, the second piece expresses shock that someone tied into Anglo-American intelligence reached out to Papadopoulos, Page, and one other Trump aide during the election.

Two months before the 2016 election, George Papadopoulos received a strange request for a meeting in London, one of several the young Trump adviser would be offered — and he would accept — during the presidential campaign.

The meeting request, which has not been reported until now, came from Stefan Halper, a foreign policy expert and Cambridge professor with connections to the CIA and its British counterpart, MI6.

Halper’s September 2016 outreach to Papadopoulos wasn’t his only contact with Trump campaign members. The 73-year-old professor, a veteran of three Republican administrations, met with two other campaign advisers, The Daily Caller News Foundation learned.

Papadopoulos questioned Halper’s motivation for contacting him, according to a source familiar with Papadopoulos’ thinking. That’s not just because of the randomness of the initial inquiry but because of questions Halper is said to have asked during their face-to-face meetings in London.

According to a source with knowledge of the meeting, Halper asked Papadopoulos: “George, you know about hacking the emails from Russia, right?”

While Ross focuses on the FBI investigation, which started as a counterintelligence investigation, he doesn’t mention the separate Task Force run out of CIA (or, for that matter, the Steele dossier, though given how shitty the dossier is on the hack-and-leak, I question whether that’s what this was).

In any case, there were several investigations, even within the US, and while law enforcement has certain squeamishness about engaging in politics, our foreign allies do not.

All that said, Ross provides details about Papadopoulos’ reported timeline and beliefs which are useful to understanding the events of 2016. Chief among those, he dates the meeting between Papadopoulos and Downer to May 10.

On around May 10, 2016, two weeks after the Mifsud meeting, Papadopoulos met with Downer at Kensington Gardens in London.

Ross also relays Papadopoulos’ reported belief that the emails floated by Joseph Mifsud were the deleted Clinton Foundation emails.

Papadopoulos has also said he believes that the emails in question were the 30,000-plus emails that Clinton deleted in Dec. 2014 before turning her State Department emails over to the agency. Clinton’s deleted records were a hot topic of debate during the 2016 presidential campaign, well before WikiLeaks began releasing emails that were stolen from the DNC and Clinton campaign.

This is entirely unsurprising (and useful for Papadopoulos to have out there). It means Papadopoulos doesn’t claim to have had more advance details about the stolen Hillary emails, and instead just assumed Mifsud (and his sources) were responding to the burning issue of the day, the Hillary investigation.

The confirmation that the Republicans had early likely been fed an expectation they might have gotten those emails provides important insight on the later Peter Smith effort to get those emails, the reported outreach by people associated with the campaign to Guccifer 2.0 to get those emails, and Guccifer 2.0’s false claims to be leaking them. Papadopoulos likely confirmed to Mifsud that that’s what the Republicans thought of as valuable oppo research, and multiple later efforts focused on making Trump aides believe they would get them.

To understand just how much Ross’ sources were feeding an exonerating narrative, however, consider that he or they refused to say whether Papadopoulos passed on news of the emails to other campaign people.

Miller did not respond to the email, but it is unclear whether Papadopoulos told Miller, who currently works in the White House, or anyone else on the campaign about Mifsud’s comments about emails. TheDCNF’s sources did not say whether Papadopoulos told the campaign of Mifsud’s remarks.

Instead of the answer to the critical issue (to which we have good reason to suspect the answer, even if it hasn’t been confirmed), Ross instead passes on a non-denial denial of something Papadopoulos has never been accused of.

[S]ources familiar with Papadopoulos’ thinking say he has told associates he did not see, handle or disseminate Clinton emails.

Further, Ross claims there’s no evidence that meetings between Russia and the Trump campaign took place, in spite of the fact that Don Jr, Jared, and Trump’s campaign manager took a meeting 6 weeks after the emails-as-dirt got floated based on a promise they’d get dirt on Hillary.

There is no evidence that those meetings took place.

To back this no collusion claim, you’d have to prove both that none of the participants in the Trump Tower meeting had heard about Papadopoulos promise of emails (in spite of Don Jr’s reference to “if it’s what I think it is”), and you’d have to prove that the Russians didn’t consider a meeting with the campaign manager a high level meeting.

George Papadopoulos does not, by himself, prove “collusion.” But neither does this transparent attempt to deny collusion by issuing a non-denial denial disprove it. Moreover, it was never going to be the case that one person — not even Paul Manafort, not even Michael Cohen, possibly not even Trump himself — would offer the Rosetta stone on what happened in 2016.

The Access Hollywood Search Doesn’t Mean Trump Coordinated with Assange

As I noted, yesterday several outlets reported that among the things included in the FBI warrant for Michael Cohen’s premises was communications between Trump, Cohen, and others (whom I suspect to include Steve Bannon and Marc Kasowitz) “regarding the infamous ‘Access Hollywood'” video.

FBI agents who raided the home, office and hotel of Donald Trump’s personal lawyer sought communications that Trump had with attorney Michael Cohen and others regarding the infamous “Access Hollywood” tape that captured Trump making lewd remarks about women a month before the election, according to sources familiar with the matter.

[snip]

The search warrant also sought communications between then-candidate Trump and his associates regarding efforts to prevent disclosure of the tape, according to one of the sources. In addition, investigators wanted records and communications concerning other potential negative information about the candidate that the campaign would have wanted to contain ahead of the election. The source said the warrant was not specific about what this additional information would be.

From that, people on both the right and the left have assumed, without presenting hard evidence, that this means there must be a tie to Russia. Most often, people assume this must mean Trump somehow managed the events of October 7, when the Intelligence Committee report blaming Russia for the DNC hack, the Access Hollywood video, and the first Podesta emails all came out in quick succession.

That’s certainly possible, but thus far there’s no reason to believe that’s the case.

Mueller and Rosenstein referred this

That’s true, first of all, because after consulting with Rod Rosenstein, Robert Mueller referred this to the Southern District of New York for execution and prosecution, rather than dealing with it himself. He did that surely knowing what a sieve for leaks SDNY is, and therefore knowing that doing so would undercut his remarkably silent teamwork thus far.

In spite of a lot of reporting on this raid this week, we don’t yet have a clear understanding of why the two chose to refer it (or, tangentially, why interim SDNY US Attorney Geoffrey Berman recused himself from this matter).

There are two options. The first is that Rosenstein believed hush payments and taxi medallion money laundering sufficiently attenuated to the Russian investigation that it should properly be referred. In which case, the fact that it was referred is itself reason to believe that Mueller — even while he had abundant evidence supporting the search warrant — has no reason to believe those releases were orchestrated with Wikileaks, and therefore have no direct interest to his investigation (though they may cough up one to three witnesses who will be more willing to cooperate when faced with their own fraud indictments). In which case, the Access Hollywood video would be just another example, like the Stormy Daniels and the Karen McDougal payoffs, of Trump’s efforts to bury embarrassing news, using whatever means necessary.

The other option is that Mueller does have evidence that Trump in some way managed the October 7 events, which would be one of the most inflammatory pieces of evidence we would have heard of so far, but that there was some other reason to refer the matter.

Michael Cohen wasn’t serving as an attorney for much of the reported documents

The really good reason to refer the warrant would be so that SDNY would serve as a natural clean team, sorting through seized items for privileged communications, only to hand them back to Mueller’s team in DC once they’ve sorted through them. It’s an idea Preet Bharara and Matt Miller, among others, have floated.

Before we conclude that SDNY is only serving as a clean team for Mueller’s team here, consider that coverage has vastly overstated the degree to which the items being searched will fall under attorney-client privilege.

The search also sought information on Cohen’s taxi medallions, a business in which he has had really corrupt partners, some Russian, with their own legal problems, and one that has reportedly left Cohen with some debt problems that make his purported personal payment to Stormy Daniels all the more sketchy.

In addition, as soon as Trump claimed to know nothing of the hush payment to Daniels last Friday, the government could credibly claim that either Cohen was not representing Trump when paying off Daniels, or involved in fraud.

The NYT has reported that the raid also sought all communications between Cohen and National Enquirer’s top brass, communications that would in no way be privileged.

Even the reported communications about the Access Hollywood video may not be privileged. If they involved four people, then the only way they’d be covered by privilege is if they counted as campaign emails and Marc Kasowitz, not Cohen, was the attorney providing privileged advice in question. In that case, Cohen would have been playing the press contact role he often did during the campaign.

Still, just because Cohen was not playing the role of an attorney during most of the activities the FBI is interested in doesn’t mean the FBI won’t be really careful to make sure they don’t violate privilege, and I’m sure they’ll still use a taint team.

Mueller has already dealt with (at least) two sensitive attorney-client relationships in his investigation

Even on top of the eight members of the White House Counsel’s office who have spoken with the Special Counsel, Mueller’s team has dealt with (at least) two other sensitive attorney-client relationships.

The first was Melissa Laurenza, a lawyer for Paul Manafort whom he had write false declarations for FARA registry. Judge Amy Berman Jackson permitted Mueller’s team to ask her seven of eight proposed question after proving Manafort had used her services to engage in fraud.

More recently, we’ve gotten hints — but only hints — of what must be extensive cooperation from Skadden Arps and its partner Greg Craig, describing how Manafort and Gates laundered money to pay the firm loads of money to write a report they hoped would exonerate Ukraine’s persecution of Yulia Tymoshenko. While the cooperation of Skadden itself was probably effusive in its voluntary nature (the firm seems determined to avoid the taint that Tony Podesta’s firm has acquired in this process), Mueller did subpoena Alex Van der Zwaan and it’s unclear what methods the FBI used to obtain some of the materials he tried to hide from prosecutors.

Neither of those exchanges involves a search warrant. But they do show that Mueller is willing to take on the tricky issue of attorney testimony first-hand. Using SDNY as a clean team still may be the easiest option in the Cohen case, but Mueller clearly isn’t shying away from managing all such issues in-house in other cases.

The other possible explanations for the Access Hollywood search and the October 7 timing

Which brings us finally to the other possibilities behind the Access Hollywood search.

It’s certainly possible that the coincidental release of all these things was coordination, entirely orchestrated by the Trump campaign. But there are a number of reasons — on top of the fact that Mueller isn’t keeping this search far tighter under his own control — I think that’s not the most likely explanation.

Consider this story, arguing that the real story of Access Hollywood isn’t that it leaked on October 7 — the piece notes that David Farenthold had only received it that day — but that it didn’t leak earlier in the process, when it might have led Trump to lose the primary.

t is just impossible to believe that the tape not coming out at the start of Trump’s campaign, when logic dictates that it would have blown Trump instantly out of the water (before he was in a position where Republicans had no choice other than to keep backing him against the evil Hillary Clinton), was anything but a highly unethical political decision by someone at NBC. The fact that no one has ever even gotten an answer from NBC about how this could have happened is equally unfathomable and yet, given the news media’s overall incompetence, kind of expected.

[snip]

It has always struck me as EXTREMELY odd that it was the Washington Post, not NBC, who first released the tape on Friday Oct. 7, 2016, barely beating NBC which, it should be noted, was clearly ready to go with it immediately after the Post did. I presumed that perhaps NBC wanted this to be the case because it might take some of the focus off why they had not released it during the primaries (and thus chose not to prematurely kill off the media’s Golden Goose which was Trump’s ratings-friendly campaign).

However, there is another aspect of the Post being the outlet which got the big scoop that has always struck me as potentially very significant. The Post’s reporter, David Fahrenthold, has said that he was only made aware of the tape, via an unnamed source, THAT day — which is a clear indication that whomever was trying to get the Post to release it had decided to do so in tremendous haste. After all, if the source had planned it sooner they would have made contact with Fahrenthold well before then because he might have been out of pocket that day.

[snip]

For instance, what if it was actually someone from the TRUMP team who leaked the tape. At first glance, this seems ludicrous because no one thought that Trump would be anything but greatly harmed by the tape (though he clearly was not). But what if someone in Trump World got wind that the tape was about to be released and decided that stepping all over the Russia news (which would normally have dominated the narrative for the remainder of the campaign) would at least create the least bad outcome for them?

I don’t agree that the release was released when it was to distract from the Russia announcement that day. As I’ve long noted, in reality, the Access Hollywood distracted from the Podesta emails, effectively burying the most damning release in the bunch, the excerpts of Hillary’s speeches that even Democrats had been demanding she release since the primary. And while the Trump team might claim they didn’t control the release of the Podesta emails directly — and Roger Stone’s predictions that Wikileaks would release Clinton Foundation rather than Podesta emails were dead wrong — the Trump team at least knew something was coming (indeed, Wikileaks had made that clear themselves). So there’s little reason they would stomp on what they had long welcomed with the Access Hollywood tape. As this post alludes, I also think the Trump team and Russians or Wikileaks may have been squabbling over whether Wikileaks would release possibly faked Clinton Foundation emails that week, only to scramble when Wikileaks refused to release whatever the Peter Smith effort had gotten dealt to them.

Like the Mediate piece, I’m interested in the way that Steve Bannon had Clinton accusers all lined up to go that weekend (indeed, I noted how quickly Stone moved to that after having raised expectations for a Clinton Foundation release). But I also think there are some reasons to believe that attack was in the works for other reasons (though I agree it might reflect advance knowledge that the video might come out, or even that Stormy Daniels might come forward).  Finally, I don’t think the release came from Trump because of all the reports of Republicans trying to convince Trump to step down (though it’s possible the GOP dropped the video in one last bid to get him to do so).

One alternative narrative, then, is that the real story about the Access Hollywood suppression goes back months or years earlier, as one of the things Trump managed to suppress throughout the campaign, but something happened internally to breach that agreement. And, separately, that either Assange by himself, with Russian help, or with Trump assistance, timed the Podesta emails to come out as the Russian attribution was coming out. That is, it could be that the real story remains that whoever orchestrated the Wikileaks release did so in an attempt to bury the Russian attribution, but that the coincidental release of the Access Hollywood video in turn buried the Podesta emails.

Finally, it’s possible that Democrats got ahold of the Access Hollywood video and they released it to (successfully) drown out the Podesta emails, which they (and the intelligence community) also would have known were coming, but by doing so, they also drowned out the all-important Russian attribution in the process.

The point is, we don’t know. And nothing we know thus far about the process leading to this warrant or about the suppression and release of either the video or the women’s stories suggest it all took place that week of October. Trump’s usual m.o. is about suppression, not timing.

That said, I’m curious if this raid will reveal details about one other item Trump probably tried to suppress: the nude Melania photos that NYPost released on July 31, 2016, just as campaign season got going in earnest.

What Did Wikileaks Do with the DCCC Emails It Monopolized?

Yesterday Buzzfeed did a story that adds important details to this report from the New Yorker last year.

In mid-August, Guccifer 2.0 expressed interest in offering a trove of Democratic e-mails to Emma Best, a journalist and a specialist in archival research, who is known for acquiring and publishing millions of declassified government documents. Assange, I was told, urged Best to decline, intimating that he was in contact with the persona’s handlers, and that the material would have greater impact if he released it first.

First, Buzzfeed describes the emails clearly as the DCCC documents (though elsewhere this article remains unreliable on some facts about what documents were what).

As Best describes, she had reached out to Guccifer 2.0 when he had asked for assistance from journalists, and ultimately then reached out to Wikileaks.

Best told BuzzFeed News she first reached out to Guccifer 2.0 in August 2016 after it posted on its WordPress account a call for journalists who wanted its files. “I sent them a Direct Message and referred to that, asking what they had in mind,” Best told BuzzFeed News over Signal. Best has experience posting large data sets, and wondered if she could host the files on archive.org, a nonprofit digital library.

But Guccifer 2.0 had another idea. “[I] gonna send a large trove to wikileaks,” it said. Best, who had DMed with WikiLeaks before, relayed that message to WikiLeaks in a direct message on Twitter. Neither party conveyed to her whether they had interacted together before.

“I told them that Guccifer 2.0 was considering giving me at least part of the cache, which is when they asked me to be their ‘agent,’ which they said I would get ‘credit’ for,” Best said. She didn’t agree to act as Assange’s agent, she said, but stopped messaging with Guccifer 2.0.

Note, this exchange shortly follows the release by Best and Wikileaks of some Turkish emails under some interesting circumstances.

Best’s outreach led to the conversation with Wikileaks, the Wikileaks side of which Buzzfeed includes.

The following is the entirety of WikiLeaks’s messages to Best that night, according to the emails she provided. All times are ET. (Twitter does not send a user copies of their own messages, so the contents Best provided are one-sided.)

8:43 p.m.: please “leave” their conversation with them and us

8:43 p.m.: we would appreciate it if you did not dump the docs and obviously archive.org will delete them anyway

9:12 p.m.: Impact is very substantially reduced if the “news” of a release doesn’t co-incide with the ability to respond to the news by searching

9:13 p.m.: non-searchable dumps are just channeled into a few orgs with technical resources. then others won’t touch them because they perceive that the cherries have all been picked by techdirt or whatever.

9:14 p.m.: and these other media groups are very likely to take a stupid initial angle

9:15 p.m.: “We don’t know if its true. Possibly russians who knows blah blah blah” because they don’t properly verify prior to publication and are scared because they’re not us, contaminating the entire release

9:18 p.m.: in that regretable event, from our perspective, please just act as our agent we can ensure you get the right credit, cross promotion etc.

As Buzzfeed notes, at 10:16 PM ET that day, Guccifer 2.0 tweeted that he would give the documents to Wikileaks (though Buzzfeed incorrectly says Guccifer 2.0 said “it had handed those documents over” to Wikileaks; the tweet in fact describes doing so prospectively).

Buzzfeed emphasizes that this proves Wikileaks knew that it obtained documents from Guccifer 2.0, and not Seth Rich (though this is one reason why Buzzfeed’s conflation of the email sets is problematic, as the Rich conspiracy pertains necessarily to the DNC documents, not the DCCC ones). Showing Wikileaks in direct coordination with Guccifer 2.0 is important.

Equally important, however, is that Wikileaks never released the DCCC documents. Having laid out reasons why it, rather than Best, should release them (because they could make them searchable, because other media outlets would take a stupid initial angle, because other outlets would emphasize the Russian source), Wikileaks then sat on them, if indeed they ever obtained them.

Meanwhile, five minutes after saying he’d dump the DCCC documents to Wikileaks, at 10:23 PM, Guccifer 2.0 sent the first tweet in what would become an exchange via DMs with Roger Stone.

Among the things Guccifer 2.0 did in that exchange was twice try to get Stone interested in the DCCC documents he was posting (though Stone did not respond).

Similarly, also on August 12, Guccifer 2.0 started discussing sharing the emails with a Republican operative named James Bambanek who says, in a recently published report that probably misunderstands one goal of Guccifer 2.0’s actions, he was conducting infosec research.

Elsewhere, Bambanek says he turned over every message immediately to the FBI, but as he notes, they would have been monitoring all this in any case.

Every [direct message] I sent, every [one] I received was turned over to the FBI immediately. I assumed they would have been monitoring the account to begin with,” Bambenek said.

Publicly, we know that Guccifer was also sharing the DCCC documents with other Republican operatives around the country. While some of these documents were unexciting, others provided the Democrats’ oppo research for congressional races. Florida was one of the states where the documents might be said to have helped Republicans (which is not coincidentally where Mueller’s focus on the Internet Research Agency seems to be).

What seems to have happened, then, is that by getting Best to agree not to publish the emails, Guccifer 2.0 then offered them up to a series of Republicans who would (whatever value the actual documents did or didn’t have) then be implicated in obtaining campaign documents from a presumed Russian source.

Contrary to what Wikileaks said, there’d be no way Republican operatives would let actually useful documents go unused, regardless of how much work they had to do to search for them. But by convincing Best not to publish them in bulk (and by not publishing them themselves!), Wikileaks created the opportunity for Guccifer 2.0 to implicate at least a handful of Republican operatives around the country.

Yes, in Bambanek’s case that happened with the knowledge of the FBI. But how many other Republicans didn’t think to admit to the FBI what they were doing?

Update: When the New Yorker story came out last August, Best said she did not know what she was being offered. I’m assuming they were the DCCC docs from the context, timing, and related actions with state based Republicans, but that may not be the case.

There Are Almost Certainly Other DAG Rosenstein Memos

As I noted in this post, Robert Mueller’s team of “Attorneys for the United States of America” responded to Paul Manafort’s claim that Rod Rosenstein’s grant of authority to the Special Counsel did not extend to the money laundering he is currently being prosecuted for by revealing an August 2, 2017 memo from Rosenstein authorizing Mueller to investigate, along with a bunch of redacted stuff,

Allegations that Paul Manafort:

  • Committed a crime or crimes by colluding with Russian government officials with respect to the Russian government’s efforts to interfere with the 2016 election for President of the United States, in violation of United States law;
  • Committed a crime or crimes arising out of payments he received from the Ukrainian government before and during the tenure of President Viktor Yanukovych.

As the filing notes, this memo has not been revealed before, neither to us nor to Manafort.

That’s all very interesting (and has the DC press corps running around claiming this is a big scoop, when it is instead predictable). More interesting, however, is the date, which strongly suggests that there are more of these memos out there.

Mueller is unlikely to have waited two and a half months to memorialize his scope

I say that, first of all, because Rosenstein wrote the August 2 memo two and a half months after he appointed Mueller. Given Trump’s raging attacks on the investigation, it’d be imprudent not to get memorialization of the scope of the investigation at each step. Indeed, as I’ve noted, in the filing Mueller points to the Libby precedent, arguing that this memo “has the same legal significance” as the two memos Jim Comey used to (publicly) memorialize the scope of Patrick Fitzgerald’s investigation.

The August 2 Scope Memorandum is precisely the type of material that has previously been considered in evaluating a Special Counsel’s jurisdiction. United States v. Libby, 429 F. Supp. 2d 27 (D.D.C. 2006), involved a statutory and constitutional challenge to the authority of a Special Counsel who was appointed outside the framework of 28 C.F.R. Part 600. In rejecting that challenge, Judge Walton considered similar materials that defined the scope of the Special Counsel’s authority. See id. at 28-29, 31-32, 39 (considering the Acting Attorney General’s letter of appointment and clarification of jurisdiction as “concrete evidence * * * that delineates the Special Counsel’s authority,” and “conclud[ing] that the Special Counsel’s delegated authority is described within the four corners of the December 30, 2003 and February 6, 2004 letters”). The August 2 Scope Memorandum has the same legal significance as the original Appointment Order on the question of scope.

The first of those Comey letters, dated December 30, 2003, authorized Fitz to investigate the leak of Valerie Plame’s identity. The second of those, dated February 6, 2004, memorialized that Fitz could also investigate,

federal crimes committed in the course of, and with intent to interfere with, your investigation, such as perjury, obstruction of justice, destruction of evidence, and intimidation of witnesses; to conduct appeals arising out of the matter being investigated and/or prosecuted; and to pursue administrative remedies and civil sanctions (such as civil contempt) that are within the Attorney General’s authority to impose or pursue.

It’s the second memo that memorialized Fitz’ authority to prosecute Scooter Libby for protecting Dick Cheney’s role in outing Valerie Plame.

Mueller, then the acting FBI Director, would presumably have been in the loop of the Fitz investigation (as Christopher Wray is in Mueller’s) and would have known how these two letters proceeded. So it would stand to reason he’d ask for a memo from the start, particularly given that the investigation already included multiple known targets and that Trump is even more hostile to this investigation than George Bush and Dick Cheney were to Fitz’s.

Admittedly, unlike the Comey memo, which was designed for public release, there’s no obvious, unredacted reference to a prior memo. Though something that might imply a prior memo is redacted at the top of the released memo (though this is probably a classification marking).

And, given that this memo was designed to be secret, Rosenstein may have written the memo to obscure whether there are prior ones and if so how many.

The memo closely follows two key dates

That said, the date of the memo, August 2, is mighty curious. It is six days after the July 27 Papadopoulos arrest at Dulles airport. And seven days after the July 26 no knock search of Paul Manafort’s Alexandria home.

That timing might suggest any of several things. It’s certainly possible (though unlikely) the timing is unrelated.

It’s possible that Rosenstein wrote the memo to ensure those two recent steps were covered by his grant. That wouldn’t mean that the search and arrest wouldn’t have been authorized. The memo itself notes that Mueller would be obliged to inform Rosenstein before each major investigative step.

The Special Counsel has an explicit notification obligation to the Attorney General: he “shall notify the Attorney General of events in the course of his or her investigation in conformity with the Departmental guidelines with respect to Urgent Reports.” 28 C.F.R. § 600.8(b). Those reports cover “[m]ajor developments in significant investigations and litigation,” which may include commencing an investigation; filing criminal charges; executing a search warrant; interviewing an important witness; and arresting a defendant.

Both Papadopoulos’ arrest and that dramatic search would fit this criteria. So it’s virtually certain Rosenstein reviewed Urgent Memos on both these events before they happened. Plus, his memo makes it clear that the allegations included in his memo “were within the scope of the Investigation at the time of your appointment and are within the scope of the Order,” meaning that the inclusion of them in the memo would retroactively authorize any activities that had already taken place, such as the collection of evidence at Manafort’s home outside the scope of the election inquiry.

As I noted, the memo also asserts that Special Counsels’ investigative authority, generally, extends to investigating obstruction and crimes the prosecutor might use to flip witnesses.

The filing is perhaps most interesting for the other authorities casually asserted, which are not necessarily directly relevant in this prosecution, but are for others. First, Mueller includes this footnote, making it clear his authority includes obstruction, including witness tampering.

The Special Counsel also has “the authority to investigate and prosecute federal crimes committed in the course of, and with intent to interfere with, the Special Counsel’s investigation, such as perjury, obstruction of justice, destruction of evidence, and intimidation of witnesses” and has the authority “to conduct appeals arising out of the matter being investigated and/or prosecuted.” 28 C.F.R. § 600.4(a). Those authorities are not at issue here.

Those authorities are not at issue here, but they are for the Flynn, Papadopoulos, Gates, and Van der Zwaan prosecutions, and for any obstruction the White House has been engaging in. But because it is relevant for the Gates and Van der Zwaan prosecutions, that mention should preempt any Manafort attempt to discredit their pleas for the way they expose him.

The filing includes a quotation from DOJ’s discussion of special counsels making it clear that it’s normal to investigate crimes that might lead someone to flip.

[I]n deciding when additional jurisdiction is needed, the Special Counsel can draw guidance from the Department’s discussion accompanying the issuance of the Special Counsel regulations. That discussion illustrated the type of “adjustments to jurisdiction” that fall within Section 600.4(b). “For example,” the discussion stated, “a Special Counsel assigned responsibility for an alleged false statement about a government program may request additional jurisdiction to investigate allegations of misconduct with respect to the administration of that program; [or] a Special Counsel may conclude that investigating otherwise unrelated allegations against a central witness in the matter is necessary to obtain cooperation.”

That one is technically relevant here — one thing Mueller is doing with the Manafort prosecution (and successfully did with the Gates one) is to flip witnesses against Trump. But it also makes it clear that Mueller could do so more generally.

Mueller used the false statements charges against Papadopoulos to flip him. He surely hopes to use the money laundering charges against Manafort to flip him, too. Both issues may have been at issue in any memo written to newly cover the events of late July.

Mueller may not have revealed the scope of the Manafort investigation at that time

Now consider this detail: the second bullet describing the extent of the investigation into Manafort has a semi-colon, not a period.

It’s possible Mueller used semi-colons after all these bullets (of which Manafort’s is the second or third entry). But that, plus the resumption of the redaction without a double space suggests there may be another bulleted allegation in the Manafort allegation.

There are two other (known) things that might merit a special bullet. First, while it would seem to fall under the general election collusion bullet, Rosenstein may have included a bullet describing collusion with Aras Agalarov and friends in the wake of learning about the June 9 Trump Tower meeting with his employees. More likely, Rosenstein may have included a bullet specifically authorizing an investigation of Manafort’s ties with Oleg Deripaska and Konstantin Kilimnik.

The Mueller memo actually includes a specific reference to that, which as I’ve noted I will return to.

Open-source reporting also has described business arrangements between Manafort and “a Russian oligarch, Oleg Deripaska, a close ally of President Vladimir V. Putin.”

The latter might be of particular import, given that we know a bunch of fall 2017 interviews focused on Manafort’s ties to Deripaska and the ongoing cover-up with Kilimnik regarding the Skadden Arps report on the Yulia Tymoshenko prosecution.

All of which is to say that this memo may reflect a new expansion of the Manafort investigation, perhaps pursuant to whatever the FBI discovered in that raid on Manafort’s home. If so, that should be apparent to him, as he and his lawyers know what was seized.

Still, I wouldn’t be surprised if he inquired about what authorized that July 26 raid, if for no other reason than to sustain his effort to make more information on Mueller’s investigation public.

The redactions almost certainly hide two expansions to the investigation as it existed in October 2016

Now let’s turn to what else (besides another possible Manafort bullet) the redactions might show, and what may have been added since.

The unredacted description of the Manafort investigation takes up very roughly about one fifth of the section describing allegations Mueller was pursuing.

The Schiff Memo revealed that DOJ had sub-investigations into four individuals in October 2016.

Endnote 7 made it clear that, in addition to Page, this included Flynn and Papadopoulos, probably not Rick Gates, and one other person, possibly Roger Stone.

In August 2017, all four of those would have been included in a Rosenstein memo, possibly with a bullet dedicated to Gates alone added. That said, not all of these would require two or more bullets (and therefore as much space as the Manafort description). Papadopoulos’ description might include two, one dedicated to the collusion and one to the lying about collusion, or just one encompassing both the collusion and the lying. Flynn’s might include three, one dedicated to the collusion, one to the lying about it, and one to the unregistered foreign agent work, including with Turkey, that we know Mueller to have been investigating; or, as with Papadopoulos, the lying about the collusion might be incorporated into that bullet. Stone’s bullet would likely have only reflected the collusion, an investigation that is currently very active. Carter Page’s suspected role as a foreign agent might be one bullet or two.

That suggests, though doesn’t confirm, that there are a few other things included in those redacted bullets, things not included in the investigation in October 2016 as reflected in the Schiff memo.

Indeed, we should expect two more things to be included in the bullet points: First, the name of any suspect, including the President, associated with the obstruction of justice. Rosenstein himself had already been interviewed with respect to that aspect of the investigation by August 2, so surely Rosenstein had already authorized that aspect of the investigation.

The redactions most likely also include the names of Don Jr and Jared Kushner (and Paul Manafort), for their suspected collusion with Russia as reflected in the June 9 meeting. At least according to public reporting, Mueller may have first learned of this in June when Manafort and Kushner confirmed it in turning over evidence to Congress and Mueller. The first revelations that Mueller was obtaining subpoenas from a dedicated grand jury were on August 3, just one day after this memo. That same day, reports described Mueller issuing subpoenas related to the June 9 meeting.

Indeed, it’s quite possible Rosenstein issued this memo to memorialize the inclusion of the President’s spawn among the suspects of the investigation.

Rosenstein has almost certainly updated this memo since August 2

All that said, there’s not enough redacted space to include the known expanded current scope of the investigation, and given that the newly expanded scope gets closer to the President, Rosenstein has surely issued an update to this memo since then. These things are all definitively included in the current scope of the investigation and might warrant special mention in any update to Rosenstein’s authorizing memo:

Many of these — particularly the ones that affect only Russians — might be included under a generic “collusion with Russia” bullet. The closer scrutiny on Jared, however, surely would get an update, as would any special focus on the Attorney General.

More importantly, to the extent Mueller really is investigating Trump’s business interests (whether that investigation is limited just to Russian business, or more broadly) — the red line the NYT helpfully set for the President — that would necessarily be included in the most up-to-date memo authorizing Mueller’s activities. There is no way Mueller would take actions involving the President personally without having the authorization to do so in writing.

Which is why we can be virtually certain the August 2 memo is not the last memo Rosenstein has written to authorize Mueller’s actions.

Mind you, Mueller probably wouldn’t want to release a memo with several pages of redacted allegations. Which may be why we’re looking at the redacted version of an almost certainly superseded memo.

Updated: Later today Mueller’s team asked to file a copy of an exhibit–which given Judge Berman Jackson’s description of it as released in redacted form, has to be the Rosenstein memo–under seal. Which suggests they’re going to show Manafort what else they’re investigating (which I bet is the Deripaska stuff).

The Daily Beast Guccifer Scoop and Those GRU Officers Sanctioned Last Week

The Daily Beast has a story reporting (in addition to the already reported news that the DNC hack got moved under Robert Mueller) that the person behind the Guccifer 2.0 persona “slipped up” once and failed to use the VPN hiding his location in the GRU headquarters in Moscow.

[O]n one occasion, The Daily Beast has learned, Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation.

The US identified which particular officer was behind the Guccifer persona.

Working off the IP address, U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow.

And then, according to TDB, the Guccifer persona was handed off to a more experienced GRU officer, with better English skills.

Sometime after its hasty launch, the Guccifer persona was handed off to a more experienced GRU officer, according to a source familiar with the matter. The timing of that handoff is unclear, but Guccifer 2.0’s last blog post, from Jan. 12, 2017, evinced a far greater command of English that the persona’s earlier efforts.

TDB’s sources did not reveal the name of the officer identified from the VPN “slip up.”

The Daily Beast’s sources did not disclose which particular officer worked as Guccifer.

But we may already know the name or names of the GRU officers involved. As I noted last week, Treasury added two names to the list of GRU officers sanctioned in conjunction with the DNC hack: Sergei Afanasyev and Grigoriy Viktorovich Molchanov. Both would actually be (very) experienced officers — they are 55 and 62. And both include very interesting “as of” dates identifying the last point when our intelligence officials identified their positions: February 2017 and April 2016, respectively.

The latter is of particular interest, as it came during the period when Guccifer 2.0 was setting up his infrastructure. But the government doesn’t know a ton about this guy — they know his birth year, but not his birth date, and possibly not even his passport information.

In any case, last week, the government revealed two new people it blames (and therefore sanctioned) for the DNC hack.

As TDB notes, the revelation that the government has tied Guccifer 2.0 to a known GRU officer is utterly damning for Roger Stone, who has admitted talking to him. But they don’t lay out how squirrelly Stone was in early March when trying to deny he was in trouble for his dalliances with Guccifer 2.0 and Wikileaks, which I laid out here.

In his response he does the following:

  • Raises doubts that he was actually talking to Guccifer 2.0 (even though Guccifer 2.0’s only identity was virtual, so Stone’s online interactions with any entity running the Guccifer Twitter account would by definition be communication with Guccifer 2.0)
  • Repeats his earlier doubts that Guccifer 2.0 is a Russian operative
  • Emphasizes that he couldn’t have couldn’t have been involved in any hack of the DNC Guccifer 2.0 had done because he first spoke to him six weeks after the email release (in reality, he was speaking to him three weeks after the Wikileaks release)
  • Admits he once believed Guccifer 2.0 did the hack but (pointing to the Bill Binney analysis, and giving it a slightly different focus than he had in September) claims he no longer believes that
  • Invents something about a WaPo report that’s not true, thereby shifting the focus to receiving documents (as opposed to, say, information)
  • Denies he received documents from anyone but not that he saw documents (other than the Wikileaks ones) before they were released

This denial stops well short of explaining why he reached out to Guccifer. And it does nothing to change the record — one backed by his own writing — that Stone reached out because he believed Guccifer, whoever he might be, had hacked the DNC.

At the time Stone reached out to Guccifer (as I pointed out, he misrepresented the timing of this somewhat in his testimony), he believed Guccifer had violated the law by hacking the DNC.

He never does explain to Todd why he did reach out.

Guccifer 2.0 never comes back in the remainder of the interview.

Just weeks ago, when his buddy Sam Nunberg was giving (potentially immunized) testimony to the grand jury, Stone was really really squirrelly about whether his conversations with Guccifer 2.0 put him at legal jeopardy. The confirmation of the GRU tie may provide one reason why he’s so squirrelly.

Update: As Kaspersky’s Aleks Gostev notes, Treasury should know far more on Sergei Afanasyev. RT publicly described him as Deputy Chief of GRU in April 2016. And Molchanov is, at least now, head of GRU’s academy.