Posts

John Durham Keeps Chasing Possible Russian Disinformation

Yesterday, the two sides in the Michael Sussmann case submitted the proposed jury questions they agree on and some they disagree on.

Durham objects to questions about security clearances and educational background (presumably Durham wants to make it harder for Sussmann to get people who understand computers and classification on the jury).

Sussmann objects to questions about April Lorenzen’s company and Georgia Tech.

He also objects to a question that assumes, as fact, that the Hillary campaign and the DNC “promoted” a “collusion narrative.”

I suspect Sussmann’s objections to these questions are about direct contact. For all of Durham’s heaving and hollering, while Sussmann definitely met with Fusion GPS, of the researchers, the indictment against Sussmann only shows direct contact with David Dagon. Everything else goes through Rodney Joffe. Plus, a document FOIAed by the frothy right shows that Manos Antonakakis believes what is portrayed in the indictment is at times misleading and other times false, which I assume he’ll have an opportunity to explain at trial.

As regards the campaign, as I already noted, when Sussmann asked Durham what proof the Special Counsel had that he was coordinating with the campaign, Durham pointed to Marc Elias’ contacts with the campaign and, for the first time (over a month after the indictment), decided to interview a Clinton staffer.

Sussmann will probably just argue that Durham’s plan to invoke these things simply reflects Durham’s obstinate and improper treatment of a single false statement charge as a conspiracy the Special Counsel didn’t have the evidence to charge.

But Durham’s inclusion of it makes me suspect that Durham wants to use an intelligence report that even at the time analysts noted, “The IC does not know the accuracy of this allegation or the extent to which the Russian intelligence analysis may reflect exaggeration or fabrication.” Nevertheless, John Ratcliffe, who has a history of exaggeration for career advancement, declassified, unmasked Hillary’s name, and then shared with Durham.

If Durham does intend to use this, though, it would likely mean Durham would have to share parts of the Roger Stone investigation file with Sussmann. That’s because the report in question ties the purported Clinton plan to Guccifer 2.0.

And as the FBI later discovered, there was significant evidence that Roger Stone had been informed of the Guccifer 2.0 persona before it went public.

That information, along with a bunch of other things revealed about Stone’s activities before this Russian report, suggest the Russian report may actually be an attempt to protect Stone, one that anticipated Stone’s claims in the days after the report that Guccifer 2.0 was not Russian.

Unless Durham finds a way to charge conspiracy in the next two months, Judge Christopher Cooper would do well to prevent Durham from continuing his wild conspiracy theorizing. Because it’s not clear Durham knows where the strings he is pulling actually lead.

After Almost Six Years, FEC Reveals Identity of the Guy Who Asked for Guccifer 2.0’s Help to Beat David Cicilline

Before he defrauded a married couple out of more than $1.2 million dollars, Russell Taub got three reports from Guccifer 2.0 in an attempt to win a Congressional seat.

In a sentencing memo for two counts of violating the Federal Election Act by running fraudulent PACs, Taub claimed that his campaign against Rhode Island Democrat David Cicilline in 2016 was legal and ethical.

Russell has been a sincere part of the legitimate political process for the past several years. Indeed, he was the Republican Party candidate to represent Rhode Island in the United States Congress in 2016, and there has been no suggestion of any improper diversion of funds or similar financial impropriety during his campaign. He was defeated but he ran a clearly legal and ethical issues-oriented campaign.

(h/t UPBB for alerting me to this report on the disclosure.)

But an SEC judgement from last year unsealed in recent days reveals that Taub was the political candidate who solicited and obtained a dossier of information to use against Cicilline from Guccifer 2.0.

2. On August 15, 2016, Taub sent a Twitter direct message to Guccifer 2.0, asking: “Can you get a list of Republican donors for me. I am running for office myself.” Taub said, “I could use your help to defeat cicilline.” He further explained that a donor list would help to “raise some money to put against [Cicilline] . . . if I had the resources I can win.” Guccifer 2.0 replied, “it seems i have a dossier on cicilline . . . I can send u a dossier via email.” Taub then provided the email address, [email protected] for receipt of the dossier.

3. On August 17, 2016, “Guccifer2 <[email protected]>” sent an email to [email protected] with 10 attachments, all related to Cicilline, apparently stolen from the GRU’s various election-related hacking targets. Among the attached documents were three professionally-produced opposition research reports, polling data, news articles, and one of Cicilline’s U.S. House of Representatives Financial Disclosure Statements.

Because Taub had, as part of his 2019 plea on the fraud crimes, agreed to pay restitution to the donors he defrauded, the FEC deemed him unable to pay a penalty for soliciting a foreign donation, and closed the case.

What appears to have happened at the Commission is that, the FEC, which hadn’t had a quorum in Trump’s last years, took up a number of complaints pertaining to the Mueller investigation in 2021. At that point, in April 2021, the FEC still didn’t know who the candidate was. FEC then obtained more information (possibly from DOJ), which the General Counsel put together in a report.

It provided more details of the exchange, including a transcript of the DMs they exchanged.

About 15 minutes later, “Guccifer2 <[email protected]>” sent an email to [email protected] with a zipped file named “Cicilline_David.7z,” but Taub apparently could not open the documents in their compressed format,

Two days later, on August 17, 2016, [email protected] sent the files again but not in the compressed fo1mat.

The August 17, 2016 email from Guccifer 2.0 to Taub included 10 attachments, all of which were documents related to Cicilline, apparently stolen from the GRU’s election-related hacking targets. 28 Among the attached documents were three professionally produced opposition research reports on Cicilline. The first was a 206-page self-opposition “Research Repo1i” prepared by Walsworth Landset Research for “Team Cicilline,” which highlighted “vulnerabilities that Cicilline may encounter dming his re-election campaign in 2012.”29 It  provided an overview of Cicilline’s political career, described his voting patterns, and analyzed 2 Cicilline’s background and position on nearly three dozen major issues. The second was a 45- 3 page self-opposition research “Vulnerability Report” prepared for Cicilline for Congress by 3rd Coast Research in May 2010. 30 4 It analyzed “Top Attacks” against Cicilline on numerous issues 5 and provided in-depth background information about Cicilline. The report states that it is “an internal document and is not intended for public review or circulation.”31 6 The third is a 68-page 7 “Polling Memo,” dated April 26, 2010, apparently prepared for the campaign of Cicilline’s 2010 Democratic primary challenger, Bill Lynch. 32 8 The report summarizes Cicilline’s background 9 and provides commentary on where Cicilline might be vulnerable to attacks. 10

The remaining documents consist of three documents with polling data from the 2010 11 election cycle, including the results of a “Master Questionnaire” apparently conducted by The Feldman Group, Inc. on behalf of the Cicilline Committee in September 2010.33 12 There are also  news articles related to Cicilline and one of Cicilline’s U.S. House of Representatives Financial 2 Disclosure Statements. Russell Taub for Congress terminated in 2018.34 3 Following his bid for Congress, Taub 4 solicited donations to organizations he called Keeping America in Republican Control (“KAIRC”) and Keeping Ohio in Republican Control (“KOIRC”).35 5 On March 21, 2019, Taub 6 pled guilty to using these organizations to commit wire fraud in violation of 18 U.S.C. § 1343 and failing to file reports with the Commission in violation of 52 U.S.C. §§ 30104 and 30106.36 7 8 As part of his sentence, Taub was ordered to serve three years in prison and pay over $1.1 million in restitution to his victims.37 9 These activities were also the subject of MUR 7479 in 10 which Taub was a respondent; on March 9, 2021, the Commission dismissed the allegations as an exercise of prosecutorial discretion under Heckler v. Chaney, 470 U.S. 821 (1985).38

The FEC voted to revisit that decision in September, but stuck to the original decision.

What’s unclear is what DOJ ever did with this investigation.

Taub is almost certainly not among the referrals in the Mueller Report (the referrals are alphabetical, and the last one pertains to Roger Stone), though the the Report was completed after he had pled on the more serious fraud charges. While both the GRU indictment and the Mueller Report mention this exchange, neither includes a formal prosecutorial declination.

That said, it may be that a discussion of his solicitation of Guccifer 2.0 appeared in his sentencing memos.

There are several redacted paragraphs in the government sentencing memo describing the political harm his crime did, where his history (including criminal history) would normally be. His own memo describes that this is “his first serious offense,” though doesn’t describe what hte non-serious offenses were.

Curiously, while Taub’s memo describes trying to get a cooperation deal, the government memo describes that, “none of the information provided by the defendant ultimately proved useful or actionable.”

Mueller obviously had all the information implicating Taub in taking an illegal contribution from Guccifer 2.0 by July 2018, when he indicted the GRU. It was that same month that a former Secretary of the Navy whose name Taub was using in his fundraising sent him a cease and desist letter. The complaints to the FEC about Taub’s graft came in the next month, on August 16, 2018 (but may have been evident from the work Mueller did to understand Taub’s interactions with Guccifer 2.0). So it may well be that Taub’s prosecution for much more serious fraud supplanted any punishment for accepting help from Russia.

Guccifer 20uble Entendre

As people continue to unravel the various parties involved in the January 6 insurrection, including Roger Stone and his repurposed group, Stop the Steal, I want to finish unpacking the Mueller-related files liberated by BuzzFeed last month.

Before I do that though, I want to lay out one potential implication of some things I said as part of my Rat-Fucker Rashomon series on Roger Stone’s prosecution.

In the post from that series on Jerome Corsi’s prescience that WikiLeaks would dump John Podesta’s emails, I showed that Ted Malloch, Rick Gates, and Paul Manafort all testified that Stone had advance knowledge of the Podesta drop in August — and according to Gates, he had that knowledge before August 14.

According to the SSCI Report, in part of Rick Gates’ October 25, 2018 interview that remains redacted,

Gates recalled Stone advising him, prior to the release of an August 14 article in The New York Times about Paul Manafort’s “secret ledger,” that damaging information was going to be released about Podesta. 1579 Gates understood that Stone was referring to nonpublic information. Gates further recalled later conversations with Stone about how to save Manafort’s role on the Campaign, and that Stone was focused on getting information about John Podesta, but said that Stone did not reveal the “inner workings” of that plan to Gates. 1580

An unredacted part of that 302 — which is likely the continuation of the discussion cited in SSCI — explains,

Gates said there was a strategy to defend Manafort by attacking Podesta. The idea was that Podesta had baggage as well. Gates said it was unfortunate the information did not come out in time to defend Manafort from his ultimate departure from the campaign.

In a September 27, 2018 interview, Manafort provided details of two conversations that he placed in August 2016, one of which provided specific details (which remain redacted, purportedly to protect Podesta’s privacy!) about John Podesta’s alleged ties with Russia.

Manafort was sure he had at least two conversations with Stone prior to the October 7, 2016 leak of John Podesta’s emails.

In the one conversation between Stone and Manafort, Stone told Manafort “you got fucked.” Stone’s comment related to the fact that Manafort had been fired. The conversation was either the day Manafort left the campaign or the day after.

In the other conversation, Stone told Manafort that there would be a WikiLeaks drop of emails with Podesta, and that Podesta would be “in the barrel” and Manafort would be vindicated. Manafort had a clear memory of the moment because of the language Stone used. Stone also said Manafort would be pleased with what came out. It was Manafort’s understanding that WikiLeaks had Podesta’s emails and they were going to show that [redacted] Manafort would be vindicated because he had to leave the campaign for being too pro-Russian, and this would show that Podesta also had links to Russia and would have to leave.

Manafort’s best recollection was the “barrel” conversation was before he got on the boat the week of August 28, 2016.

Roger Stone’s longtime friend Paul Manafort, at a time when he lying to protect key details about what happened in 2016, nevertheless confirmed that Stone had detailed knowledge not just that the Podesta files would drop, but what Russian-based attacks they would make of them.

In the piece arguing that Guccifer 2.0, not Julian Assange, was Roger Stone’s go-between with the Russian operation, I noted that SSCI believes Roger Stone had obtained his advance knowledge that WikiLeaks would later release John Podesta files by mid-day August 15, 2016.

Indeed, the Mueller Report describes that Corsi told Ted Malloch later in August that, “Stone had made a connection to Assange and that the hacked emails of John Podesta would be released prior to Election Day,” not that he himself had.

[snip]

At 8:16AM on August 15, Corsi texted and then at 8:17 AM Corsi emailed Stone the same message, telling him there was “more to come than anyone realizes”:

Appearing in the midst of a story about Stone’s lies about his go-between with WikiLeaks, the texts and emails are fairly innocuous. Though the SSCI Report does seem to believe Corsi’s story that this moment — and the 24 minute call between Corsi and Stone at 12:14PM on August 15 — is when Corsi told Stone about what the Podesta files would include.

(U) The Committee is uncertain how Corsi determined that Assange had John Podesta’s emails. Corsi initially explained in an interview with the SCO that during his trip to Italy, someone told him Assange had the Podesta emails. Corsi also recalled learning that Assange was going to “release the emails seriatim and not all at once.”1572 However, Corsi claimed not to remember who provided him with this information, saying he could only recall that “it feels like a man” who told him.1573

(U) Corsi further recalled that on August 15, after he returned from Italy, he conveyed this information to Stone by phone.1574 According to Corsi, the information was new to Stone. Stone seemed “happy to hear it,” and the two of them “discussed how the emails would be very damaging” to Clinton. 1575 Corsi also reiterated by both text and email to Stone on August 15 that there was “[m]ore to come than anyone realizes. Won’t really get started until after Labor Day.”1576

So three witnesses sympathetic to Stone say he had advance knowledge of the Podesta dump, and the neutral observers at SSCI believe that happened by mid-day on August 15, 2016.

If that’s the case, I pointed out in the Guccifer 2.0 post, then it means when the persona asked the rat-fucker whether Stone had found anything interesting in the documents he posted, it would appear to be a reference to the DCCC documents released days earlier, but would actually be reference to the Podesta files.

August 15, 2016 (unknown time): Guccifer 2.0 DMs Stone: “thank u for writing back . . . do u find anyt[h]ing interesting in the docs i posted?”

So long as the WikiLeaks story is kept separate from the Guccifer 2.0 one, that August 15 DM from Guccifer 2.0 to Stone appears to be a question about the DCCC emails posted on August 12, and so, as Stone claimed, totally innocuous. But given the evidence that Corsi and Stone acquired advance knowledge of the content of select Podesta emails by August 15 — particularly given Stone’s claim, reportedly made before July 22, to have been in touch with Guccifer 2.0 and his apparent foreknowledge of the GRU personas — that August 15 DM appears to be a comment on the Podesta files.

That is, that August 15 was not innocuous at all. It appears to have been, rather, the GRU’s persona asking Stone whether he liked what he had received in advance.

That is, it would be a kind of double entendre, a comment that seemed to have an innocuous public meaning, but in fact was a public marker of direct coordination between the Russian operation and the Trump campaign.

Consider the implications if that were true of the other comments from Guccifer 2.0 to Roger Stone. There were two such comments that have been made public. On August 16, Roger Stone linked a piece of his, talking about “How the election can be rigged against Donald Trump,” part of Stone’s Stop the Steal campaign that would eventually morph into the January 6 insurrection. Via DM, Stone asked G2 to RT it, which the persona did, saying he was “paying u back.”

Then on August 17, G2 buttered Stone up a bit, then offered to help him.

Starting at 1AM on August 18, Roger Stone himself buttered up the new replacement campaign manager for Donald Trump, offering him some way to win the election. “I do know how to win this but it ain’t pretty,” a similar pitch as Stone made to Paul Manfort just weeks earlier.

Affidavits show that Stone and Bannon continued to talk.

On August 19, 2016, Bannon sent Stone a text message asking if he could talk that morning. On August 20, 2016, Stone replied, “when can u talk???”

Bannon testified under oath at Stone’s trial that this conversation might have pertained to “the tougher side of politics” that the Trump campaign might use to “make up some ground,” possibly relating to Stone’s role as envoy to WikiLeaks.

Q. When Mr. Stone wrote to you, “I do know how to win this but it ain’t pretty,” what in your mind did you understand that to mean?

A. Well, Roger is an agent provocateur, he’s an expert in opposition research. He’s an expert in the tougher side of politics. And when you’re this far behind, you have to use every tool in the toolbox.

Q. What do you mean by that?

A. Well, opposition research, dirty tricks, the types of things that campaigns use when they have got to make up some ground.

Q. Did you view that as sort of value added that Mr. Stone could add to the campaign?

A. Potentially value added, yes.

Q. Was one of the ways that Mr. Stone could add value to the campaign his relationship with WikiLeaks or Julian Assange?

A. I don’t know if I thought it at the time, but he could — you know, I was led to believe that he had a relationship with WikiLeaks and Julian Assange.

This is the testimony Stone is threatening to sue Bannon over.

The next day, Stone tweeted his famous “Podesta time in the barrel” tweet.

The communication between Stone and Bannon continued; I’ll return to it in a follow-up post. But first, there was one more DM exchange between G2 and Stone: When, on September 9, G2 wrote Stone seemingly out of the blue and asked, “what do u think of the info on the turnout model for the democrats entire presidential campaign”?

Stone did’t respond at first. G2 probed again: “?” Then G2 sent HelloFL’s post on the Florida turnout model that G2 had sent Aaron Nevins. And G2 lectured the rat-fucker about a topic on which Stone is an expert: the import of voter turnout.

“Pretty standard,” Stone correctly said of the base level oppo research that G2 had sent Nevins.

And for years, that exchange made perfect sense. The Nevins data was the only publicly known turnout data that G2 might have had (indeed, it’s still the only data that most people know about). And so it made sense: G2 was just trying to fluff up his value with the candidate’s rat-fucker by pointing to data the quality of which the rat-fucker already had easy access.

Except, that data was not — as G2 referenced — “the turnout model for the democrats entire presidential campaign.” It pertained only to Florida.

But GRU had obtained data that may have provided a way to reconstruct the turnout model for the Democrats’ entire Presidential campaign: starting on September 5, they started hacking Hillary’s analytics, hosted on AWS. As the DNC described it in their lawsuit targeting (among others) Stone, this data was among the most valuable for the campaign. The hackers made several snapshots of the testing clusters the DNC used to test their analytics program.

On September 20, 2016, CrowdStrike’s monitoring service discovered that unauthorized users—later discovered to be GRU officers—had accessed the DNC’s cloud-computing service. The cloud-computing service housed test applications related to the DNC’s analytics. The DNC’s analytics are its most important, valuable, and highly confidential tools. While the DNC did not detect unauthorized access to its voter file, access to these test applications could have provided the GRU with the ability to see how the DNC was evaluating and processing data critical to its principal goal of winning elections. Forensic analysis showed that the unauthorized users had stolen the contents of these virtual servers by making exact duplicates (“snapshots”) of them and moving those snapshots to other accounts they owned on the same service. The GRU stole multiple snapshots of these virtual servers between September 5, 2016 and September 22, 2016. The U.S. government later concluded that this cyberattack had been executed by the GRU as part of its broader campaign to damage to the Democratic party.

In 2016, the DNC used Amazon Web Services (“AWS”), an Amazon-owned company that provides cloud computing space for businesses, as its “data warehouse” for storing and analyzing almost all of its data.

To store and analyze the data, the DNC used a software program called Vertica, which was run on the AWS servers. Vertica is a Hewlett Packard program, which the DNC licensed. The data stored on Vertica included voter contact information, such as the names, addresses, phone numbers, and email addresses of voters, and notes from the DNC’s prior contacts with these voters. The DNC also stored “digital information” on AWS servers. “Digital information” included data about the DNC’s online engagement, such as DNC email lists, the number of times internet users click on DNC advertisements (or “click rates”), and the number of times internet users click on links embedded in DNC emails (or “engagement rates”). The DNC also used AWS to store volunteer information—such as the list of people who have signed up for DNC-sponsored events and the number of people who attended those events.

[snip]

The DNC’s Vertica queries and Tableau Queries that allow DNC staff to analyze their data and measure their progress toward their strategic goals—collectively, the DNC’s “analytics,”—are its most important, valuable, and highly confidential tools. Because these tools were so essential, the DNC would often test them before they were used broadly.

The tests were conducted using “testing clusters”—designated portions of the AWS servers where the DNC tests new pieces of software, including new Tableau and Vertica Queries. To test a new query, a DNC engineer could use the query on a “synthetic” data set—mock-up data generated for the purpose of testing new software—or a small set of real data. For example, the DNC might test a Tableau query by applying the software to a set of information from a specific state or in a specific age range. Thus, the testing clusters housed sensitive, proprietary pieces of software under development. As described above, the DNC derives significant value from its proprietary software by virtue of its secrecy: if made public, it would reveal critical insights into the DNC’s political, financial, and voter engagement strategies and services, many of which are used or intended for use in interstate commerce.

[snip]

On September 20, 2016, CrowdStrike’s monitoring service discovered that unauthorized users had breached DNC AWS servers that contained testing clusters. Further forensic analysis showed that the unauthorized users had stolen the contents of these DNC AWS servers by taking snapshots of the virtual servers, and had moved those replicas to other AWS accounts they controlled. The GRU stole multiple snapshots of these servers between September 5, 2016 and September 22, 2016. The U.S. later concluded that this cyberattack had been executed by the GRU as part of its broader campaign to damage to the Democratic party. The GRU could have derived significant economic value from the theft of the DNC’s data by, among other possibilities, selling the data to the highest bidder.

The software would also be usable as executable code by DNC opponents, who could attempt to re-create DNC data visualizations or derive DNC strategy decisions by analyzing the tools the DNC uses to analyze its data.

So by the time G2 asked Stone what he thought of “the info on the turnout model for the democrats entire presidential campaign” on September 9, three weeks after having offered to help Stone, the GRU had started stealing snapshots relating to Hillary’s analytics four days earlier. If, as seems may have been the case with G2’s August 15 question, this question was meant to be a double entendre with a  hidden meaning, it might suggest that GRU had shared this, a way to reconstruct Hillary’s crown jewels, with Trump’s rat-fucker (and in any case would have provided incredibly valuable information for whomever received the campaign strategy information that Konstantin Kilimnik was passing on).

Which is even more interesting given the conversations about data that Stone and Bannon were having at the time.

Footnote: The Day Before Roger Stone Received a Pre-Written Pardon, He Lied about the Ongoing Investigation into His Conspiracy with Russia

As I noted here, Roger Stone’s pardon appears to have been all packaged up, covering only the crimes for which he has already been found guilty, before Billy Barr left DOJ and the pardons were rolled out.

Which is why I’m intrigued that Roger Stone went on The Gateway Pundit to lie about the investigation into him just yesterday. In what appears to be an interview of himself, Stone makes several assertions. First, he includes me among those who — he claims — were “obsessed with the idea that I was working with WikiLeaks and WikiLeaks was working with the Russians.”

It wasn’t just the nut jobs like Mother Jones ,the Daily Beast , Salon and nutty bloggers like Marcy Wheeler but allegedly responsible media outlets like the New York Times, the Washington Post, the Wall Street Journal and CNN and MSNBC became obsessed with the idea that I was working with WikiLeaks and WikiLeaks was working with the Russians.

I’m flattered Stone felt the need to include me in this esteemed list without, this time, threatening to sue me for reporting things that would later be confirmed in court documents. It’s a testament to how closely Stone has always read me.

Stone wrote this self-interview for a more specific purpose, however: To claim that the Mueller Report passages unsealed the day before the election concluded he had no ties to WikiLeaks.

At midnight on election day November 3rd, 2020- the busiest news day of the year and timed to get as little press coverage as possible, the United States Department of Justice released the remaining unredacted sections of the Mueller Report regarding me specifically, in which they had admitted that despite two years of intense investigation, spending millions to pour through every aspect of my life, dragging 36 witnesses to the grand jury and after obtaining all my electronic communications for four years ( literally millions of e-mails and pages of documents, tax returns, banking and financial records –they found no factual evidence of any collaboration or coordination between me and WikiLeaks regarding the release of emails regarding John Podesta, the Democratic National committee or Hillary Clinton or that I had any advance knowledge of the timing, content or source of their disclosures).

He says that this passage proves that:

“The Office determined that it could not pursue a Section 1030 conspiracy charge against Stone for some of the same legal reasons. The most fundamental hurdles, though, are factual ones.1279 As explained in Volume I, Section III.D.1, supra, Corsi’s accounts of his interactions with Stone on October 7, 2016 are not fully consistent or corroborated. Even if they were, neither Corsi’s testimony nor other evidence currently available to the Office is sufficient to prove beyond a reasonable doubt that Stone knew or believed that the computer intrusions were ongoing at the time he ostensibly encouraged or coordinated the publication of the Podesta emails. Stone’s actions would thus be consistent with (among other things) a belief that he was aiding in the dissemination of the fruits of an already completed hacking operation perpetrated by a third party, which would be a level of knowledge insufficient to establish conspiracy liability. See State v. Phillips, 82 S.E.2d 762, 766 (N.C. 1954) (“In the very nature of things, persons cannot retroactively conspire to commit a previously consummated crime.”) (quoted in Model Penal Code and Commentaries § 5.03, at 442 (1985).

[additional content that Stone doesn’t include]

“Regardless, success would also depend upon evidence of WikiLeaks’s and Stone’s knowledge of ongoing or contemplated future computer intrusions-the proof that is currently lacking.”

Unsurprisingly, Stone does not include the footnote modifying this passage which, as I noted at the time, made it clear there were still ongoing investigations, plural, into this question at the time Mueller closed up shop on March 22, 2019.

1279 Some of the factual uncertainties are the subject of ongoing investigations that have been referred by this Office to the D.C. U.S. Attorney’s Office.

That is, the passage said the exact opposite of what Stone said it did. It said that, presumably in part because Roger Stone’s aide Andrew Miller had stalled on his grand jury testimony for a year, the investigation into whether Stone could be charged in the CFAA conspiracy with Russia was not yet complete, not after two years of investigation.

And having lied about what the unsealed passage says, Stone then complains that Judge Amy Berman Jackson withheld it from his lawyers.

Judge Amy Berman withheld this from my lawyers at trial. The Mueller’s dirty cops concluded in their report that even if they had found evidence that I had received documents from Assange of WikiLeaks and passed them to anyone, which I did not and for which they found no evidence whatsoever, it would not have been illegal. The whole thing was a hoax.

ABJ withheld it, of course, because DOJ was still investigating, even as recently as April 2020 when DOJ unsealed warrants that made that clear. DOJ withheld that passage so Stone wouldn’t know that the witness tampering case into him was just one step in an ongoing investigation, one that remained focussed on whether Roger Stone conspired with Russia or — indeed — had even served as an Agent of Russia.

Stone goes on to complain that only BuzzFeed, along with right wing propaganda sites Washington Examiner (who launched the investigation into Stone in the first place) and Zero Hedge, misreported the significance of this detail.

The only three news outlets who reported on this shocking election day admission that there was no evidence found that would support this narrative were BuzzFeed, who successfully brought the lawsuit for the release of this material, the Washington Examiner and ZeroHedge. Where were the New York Times, the Washington Post, the Wall Street Journal, the Huffington Post, The Atlantic, The Hill, Politico, Salon, Vox, Vice, CNN, MSNBC, NBC and the Business Insider – all of who were quick to smear me as a “go-between for WikiLeaks and the Trump Campaign” but none of whom reported on the stunning conclusions of Mueller’s thugs.

He didn’t mention me in this case, because I correctly reported that the Mueller language actually said the exact opposite of what Stone claims.

Hours before he received a pardon for lying to cover up his real go-between with WikiLeaks — which a good deal of evidence suggests was Guccifer 2.0 — Roger Stone did an interview of himself where he falsely claimed the Mueller Report had finished its investigation only to fall short of proving that he was conspiring with Russia.

That’s a crime, it should be noted, for which Stone was not pardoned.

Snowden

Like Glenn Greenwald, Roger Stone Links a Pardon for Edward Snowden to a Corrupt Pardon for Julian Assange

After being pardoned for his crime of lying to Congress last night, Roger Stone called for a pardon for Julian Assange and Edward Snowden.

Stone welcomed the pardon and complained he’d been subjected to a “Soviet-style show trial on politically-motivated charges.”

The longtime political provocateur also urged the president to extend clemency to a key figure in the release of hacked emails during the 2016 campaign, Julian Assange, and to National Security Agency leaker Edward Snowden.

“Other good Americans have been victims of a corrupt system made to serve venal power-seekers,rewarding deceit and manipulation, rather than reason and justice. President Trump can be the purveyor of justice over the vile machinations of wicked pretenders to the mantle of public service,” Stone wrote.

Unless Bill Barr shut it down in preparation for the pardons to come (a very good possibility), DOJ has an ongoing investigation into the circumstances under which Roger Stone started pursuing a pardon for Assange, one that ties a pardon for Assange to Stone’s successful optimization of the release of the John Podesta files in October 2016. That might even make Stone’s call a new overt act in a conspiracy that started in 2016.

What it also does, though, is tie a hypothetical Snowden pardon — one that otherwise would have nothing to do with Trump’s crimes — to this quid pro quo.

Stone is not the first to do so in a corrupt way, of course. So did Glenn Greenwald, when he pitched such a dual pardon as a way for Trump to get back at The [American] Deep State on Tucker Carlson’s show, back in September.

Glenn: Let’s remember, Tucker, that the criminal investigation into Julian Assange began by the Obama Administration because in 2010 WikiLeaks published a slew of documents — none of which harmed anybody, not even the government claims that. That was very embarrassing to the Obama Administration. It revealed all kinds of abuses and lies that they were telling about these endless wars that the Pentagon and the CIA are determined to fight. They were embarrassing to Hillary Clinton, and so they conducted, they initiated a grand jury investigation to try and prosecute him for reporting to the public. He worked with the New York Times, the Guardian, to publish very embarrassing information about the endless war machine, about the Neocons who were working in the Obama Administration. To understand what’s happening here, we can look at a very similar case which is one that President Trump recently raised is the prosecution by the Obama Administration, as well, of Edward Snowden for the same reason — that he exposed the lies that James Clapper told, he exposed how there’s this massive spying system that the NSA and the CIA control, that they can use against American citizens. Obviously this isn’t coming from President Trump! He praised WikiLeaks in 2016 for informing the public. He knows, firsthand, how these spying systems that Edward Snowden exposed can be abused and were abused in 2016. This is coming from people who work in the CIA, who work in the Pentagon, who insist on endless war, and who believe that they’re a government unto themselves, more powerful than the President. I posted this weekend that there’s a speech from Dwight Eisenhower warning that this military industrial complex — what we now call the Deep State — is becoming more powerful than the President. Chuck Schumer warned right before President Obama — President Trump — took office that President Trump challenging the CIA was foolish because they have many ways to get back at anybody who impedes them. That’s what these cases are about Tucker, they’re punishing Julian Assange and trying to punish Edward Snowden for informing the public about things that they have the right to know about the Obama Administration. They’re basically saying to President Trump, “You don’t run the country even though you were elected. We do!” And they’re daring him to use his pardon power to put an end to these very abusive prosecutions. One which resulted in eight years of punishment for Julian Assange for telling the truth, the other which resulted in seven years of exile for Edward Snowden of being in Russia simply for informing the public and embarrassing political officials who are very powerful.

While there’s abundant evidence (which press organizations and journalists who’ve been personally involved are dutifully ignoring) that Julian Assange has been something other than he has been claiming for years, I have always believed a Snowden pardon is an entirely different thing, something far more justified. But if these people who were running interference for Guccifer 2.0 back in 2016 and have continued to do so to this day keep linking a corruptly negotiated Assange with a Snowden one, it does raise questions about whether there’s some closer tie.

Hours before Trump Pardoned Flynn, “Phil” Weighed in a Pardon

Update: This was not Phil. It was someone testing Phil’s identity. I’m removing the post (though I’m sure it’s archived).

Roger Stone’s 2016 “Stop the Steal” Effort May Have Been Coordinated with Russia

CNN has traced out in detail what I’ve been noting for some time: the “Stop the Steal” effort ginning up disinformation and threats of violence in the wake of Donald Trump’s loss is a repackaged version of an effort that Roger Stone rolled out in 2016.

[W]hile Stop the Steal may sound like a new 2020 political slogan to many, it did not emerge organically over widespread concerns about voting fraud in President Donald Trump’s race against Joe Biden. It has been in the works for years.

Its origin traces to Roger Stone, a veteran Republican operative and self-described “dirty trickster” whose 40-month prison sentence for seven felonies was cut short by Trump’s commutation in July.

Stone’s political action committee launched a “Stop the Steal” website in 2016 to fundraise ahead of that election, asking for $10,000 donations by saying, “If this election is close, THEY WILL STEAL IT.”

But CNN — with four journalists bylined — misses several important parts of that earlier story, parts that are critical to understanding the stakes for Steve Bannon and Stone now.

Stone may have mixed his political fundraising

First, there’s good reason to believe that Stone was not segregating the different kinds of campaign finance organizations he was using for his 2016 rat-fucking. Even from what remained of his public infrastructure when I wrote this post, it showed that fundraising for one kind of dark money group went to links associated with a PAC.

[I]t’s clear he wasn’t segregating the fundraising for them, and I wonder whether some of his email fundraising involved other possible campaign finance violations. For example, here’s the Stop the Steal site as it existed on March 10, 2016. It was clearly trying to track fundraising, carefully instructing people to respond to emails if they received one. But it claimed to be TCTRAG (what I call CRAG), even though the incoming URL was for Stop the Steal.

That remained true even after Stop the Steal was formally created, on April 10. Even after the website changed language to disavow Stop the Steal being a PAC by April 23, the fundraising form still went to TCTRAG (what I call CRAG), a PAC.

In other words, people would click a link thinking it would fund one effort (and one kind of legal entity) and any money donated would instead go to another effort (and another kind of legal entity). Since then, we’ve learned more about how everyone associated with Trump — Corey Lewandowski, Paul Manafort, and Brad Parscale, in addition to Stone — set up these entities to get rich off of Trump. It’s one reason the rivalry between Lewandowski and Manafort was so heated: because one’s relative prominence in Trump’s campaign effort was directly related to the amount of money that one could grift from it.

But as Bannon’s indictment for fraud makes clear, telling people they’re donating money for one purpose (to build a wall) but using the money for other purposes (to support Bannon’s pricey lifestyle) can be prosecuted as fraud.

When Andrew Miller was negotiating testimony about Stone, he specifically asked for immunity relating to Stone’s PACs and his texts with Stone that the government subpoenaed after his grand jury appearance overlapped with that campaign slush.

In 2016, Stone was (illegally) coordinating with the campaign

As appears to have been the case for all these efforts to grift off the campaign, Stone was coordinating his PAC and dark money efforts with the campaign.

We learned that, in Stone’s case, starting with a legal debate in the lead-up to Stone’s trial about 404(b) information, which is information about other bad actions (including crimes) that prosecutors are permitted to introduce during a trial to prove something like motive or consistent behavior.

In advance of Stone’s trial prosecutors got permission to introduce evidence that Stone lied about something in his HPSCI testimony, on top of all the lies about who his go-between with WikiLeaks was, only that other lie wasn’t charged.

At the pretrial conference held on September 25, 2019, the Court deferred ruling on that portion of the Government’s Notice of Intention to Introduce Rule 404(b) evidence [Dkt. # 140] that sought the introduction of evidence related to another alleged false statement to the HPSCI, which, like the statement charged in Count Six, relates to the defendant’s communications with the Trump campaign. After further review of the arguments made by the parties and the relevant authorities, and considering both the fact that the defendant has stated publicly that his alleged false statements were merely accidental, and that he is charged not only with making individual false statements, but also with corruptly endeavoring to obstruct the proceedings in general, the evidence will be admitted, with an appropriate limiting instruction. See Lavelle v. United States, 751 F.2d 1266, 1276 (D.C. Cir. 1985), citing United States v. DeLoach, 654 F.2d 763 (D.C. Cir. 1980) (given the defendant’s claim that she was simply confused and did not intend to deceive Congress, evidence of false testimony in other instances was relevant to her intent and passed the threshold under Rule 404(b)). The Court further finds that the probative value of the evidence is not substantially outweighed by the danger of unfair prejudice.

Judge Amy Berman Jackson permitted prosecutors to include it because it showed that Stone was trying to cover up all of his coordination with the campaign.

A September hearing about this topic made clear that it pertained to what Stone’s PACs were doing.

Assistant U.S. Attorney Michael J. Marando argued that Stone falsely denied communicating with Trump’s campaign about his political-action-committee-related activities, and that the lie revealed his calculated plan to cover up his ties to the campaign and obstruct the committee’s work.

This debate suggested prosecutors could present the information via just one witness, but unless I’m misunderstanding, it actually came in via two witnesses: There were a number of texts between Rick Gates and Stone where Stone kept demanding lists from the campaign (indeed, this is something that Stone’s lawyers actually emphasized!). And during the period when Bannon was campaign manager, Stone asked him to get Rebekah Mercer to support some of his other activities, designed to suppress the black vote.

Both of these communications show that Stone was at least attempting to coordinate his efforts with the campaign (it’s not clear to what degree Gates responded to Stone’s demands), and the second detail shows that he was coordinating with Bannon, the guy who took over the Stop the Steal effort this year.

This kind of coordination is illegal (albeit common), though Billy Barr’s DOJ refused to prosecute Trump for any of it (and he even appears to have shut down an investigation into what appeared to be a kickback system Manafort used to get paid).

Stone’s Stop the Steal efforts paralleled the voter suppression efforts of the Russian operation

Even back when I examined Stone’s Stop the Steal efforts in 2018 (when I was skeptical about his legal liability with respect to WikiLeaks), it was clear that the steps Stone took happened to coincide with Russia’s efforts.

Stone’s voter suppression effort is not surprising. It’s the kind of thing the rat-fucker has been doing his entire life.

Except it’s of particular interest in 2016 because of the specific form it took. That’s because two aspects of Stone’s voter suppression efforts paralleled Russian efforts. For example, even as Stone was recruiting thousands of “exit pollers” to intimidate people of color, Guccifer 2.0 was promising to register as an election observer, in part because of the “holes and vulnerabilities” in the software of the machines.

INFO FROM INSIDE THE FEC: THE DEMOCRATS MAY RIG THE ELECTIONS

I’d like to warn you that the Democrats may rig the elections on November 8. This may be possible because of the software installed in the FEC networks by the large IT companies.

As I’ve already said, their software is of poor quality, with many holes and vulnerabilities.

I have registered in the FEC electronic system as an independent election observer; so I will monitor that the elections are held honestly.

I also call on other hackers to join me, monitor the elections from inside and inform the U.S. society about the facts of electoral fraud.

More interesting still, the GRU indictment makes it clear that GRU’s information operation hackers were probing county electoral websites in swing states as late as October 28.

In or around October 2016, KOVALEV and his co-conspirators further targeted state and county offices responsible for administering the 2016 U.S. elections. For example, on or about October 28, 2016, KOVALEV and his co-conspirators visited the websites of certain counties in Georgia, Iowa, and Florida to identify vulnerabilities.

Whether or not GRU ever intended to alter the vote, Russia’s propagandists were providing the digital “proof” that Republicans might point to to sustain their claims that Democrats had rigged the election.

This is a line that Wikileaks also parroted, DMing Don Jr that if Hillary won his pop should not concede.

Hi Don if your father ‘loses’ we think it is much more interesting if he DOES NOT conceed [sic] and spends time CHALLENGING the media and other types of rigging that occurred—as he has implied that he might do.

Since that time, we’ve learned that Maria Butina and Sergey Kislyak were also aiming to focus on observing polls in 2016. We’ve learned that the GRU hackers were actually targeting conservative Florida counties in 2016 (including Matt Gaetz’s district), meaning that had Trump lost he might have turned to the hacking of GOP strongholds to claim that that hacking had undermined his vote totals in Florida.

There are also indications that Mueller was pursuing evidence that not only Stone, but also Paul Manafort, had advance notice of all this. For example, Manafort got asked about Russians hacking voting machines in regards to a November 5, 2016 note he sent to the campaign regarding “Securing the Victory” (which admittedly is a slightly different topic but one that might have elicited an answer about hacking the Boards of Election if Manafort were at all inclined to tell the truth, which he was not).

All of which is to say that, had Hillary won narrowly (as Biden won by close margins in enough states to amount to a resounding victory), we probably would have seen Stone’s Stop the Steal effort to be doing precisely what Bannon’s Stop the Steal has been doing this year, both delegitimizing the outcome and sowing violence. But in that case, the effort may have been accompanied by possible foreknowledge that a close investigation of certain GOP strongholds would disclose proof of tampering in the election.

Stone pitched Bannon on a way to win ugly the day he became Campaign Manager

At this point, I’ve come to believe that prosecutors used their live witnesses at Stone’s trial (aside from former FBI Agent Michelle Taylor, who introduced most of the evidence) to make certain testimony public regarding other investigative prongs. For example, prosecutors got Gates to testify publicly that Stone claimed involvement in the release of stolen emails at a time when only Guccifer 2.0 was releasing them, not WikiLeaks. Prosecutors got Randy Credico to confirm publicly that shortly after the election, he helped Stone try to pay off his election debt by pardoning Julian Assange.

And prosecutors got Steve Bannon to — very reluctantly — repeat grand jury testimony that he regarded a pitch that Stone made to him the day after he became campaign manager to be related to dirty tricks and WikiLeaks.

Prosecutors introduced a similar exchange with Steve Bannon, the guy who took over from Manafort weeks later: an August 18, 2016 email exchange  where Stone claimed Trump could “still win” … “but it ain’t pretty,” and Bannon responded by asking to talk ASAP.

Manafort didn’t testify at Stone’s trial. But Bannon did. Prosecutors had Bannon sitting there on the stand, forcing him to repeat what he had said to a grand jury earlier in the year, yet they only asked him to say this much about what all this means, in which he begrudgingly admitted he believed this discussion about using social media to win was about WikiLeaks:

Q. At the bottom of this email Mr. Stone states, “Trump can still win, but time is running out. Early voting begins in six weeks. I do know how to win this, but it ain’t pretty. Campaign has never been good at playing the new media. Lots to do, let me know when you can talk, R.” Did I read that correctly?

A. That’s correct.

Q. Then you respond, “Let’s talk ASAP”; am I correct?

A. That’s correct.

Q. When Mr. Stone wrote to you, “I do know how to win this but it ain’t pretty,” what in your mind did you understand that to mean?

A. Well, Roger is an agent provocateur, he’s an expert in opposition research. He’s an expert in the tougher side of politics. And when you’re this far behind, you have to use every tool in the toolbox.

Q. What do you mean by that?

A. Well, opposition research, dirty tricks, the types of things that campaigns use when they have got to make up some ground.

Q. Did you view that as sort of value added that Mr. Stone could add to the campaign?

A. Potentially value added, yes.

Q. Was one of the ways that Mr. Stone could add value to the campaign his relationship with WikiLeaks or Julian Assange?

A. I don’t know if I thought it at the time, but he could — you know, I was led to believe that he had a relationship with WikiLeaks and Julian Assange.

Even though prosecutors didn’t lay out precisely what happened next — something that other evidence suggests may have implicated Jared Kushner — Stone’s team never challenged the prosecution claim that this email and the subsequent exchanges did pertain to WikiLeaks. Perhaps, because they had reviewed Bannon’s grand jury and more recent testimony, they knew how he would respond and thought better off leaving it unchallenged.

Perhaps, too, they didn’t want to have to explain how long this exchange persisted. For example, the Stone affidavits — starting with one obtained after Bannon’s first testimony — showed this particular email exchange lasted two more days, through August 19 and 20 (the day before the Podesta “time in the barrel” tweet).

On August 19, 2016, Bannon sent Stone a text message asking if he could talk that morning. On August 20, 2016, Stone replied, “when can u talk???”

And those discussions may have continued into face-to-face meetings in September.

On September 4, 2016, Stone texted Bannon that he was in New York City for a few more days, and asked if Bannon was able to talk.

[snip]

On September 7, 2016, Stone and Bannon texted to arrange a meeting on September 8, 2016 at the Warner Center in New York.

On September 7, 2016, Bannon texted Stone asking him if he could “come by trump tower now???”

On September 8, 2016, Stone and Bannon texted about arranging a meeting in New York.

This is a lot of back-and-forth to discuss the “the tougher side of politics.”

Even though they had Bannon there on the stand, prosecutors did not get him to explain what this plan to win ugly entailed. So we don’t know whether it pertained to Stone’s efforts to suppress the black vote, his Stop the Steal effort to discredit a potential Hillary win, or something more (I’ll eventually get around to what that something more might be). But we do know that when Bannon enthusiastically responded to those pitches, he expected Stone’s plan to win ugly would involve dirty tricks and WikiLeaks.

Stone’s real go-between with WikiLeaks was likely Guccifer 2.0

No one involved with the Trump campaign — at least as far as is public — claims to have known who Stone’s claimed tie to WikiLeaks was.

But Rick Gates apparently did testify that Stone claimed to have a tie to Guccifer 2.0 well before the time he was DMing with the persona on Twitter. The FBI had evidence (though how good it is remains inconclusive) that he was searching on both Guccifer 2.0 and dcleaks before those sites went live. When prosecutors wrote the Mueller Report in March 2019, they still had not determined whether any proof they had of Stone’s awareness of Russia’s ongoing hacking — which extended until November 2016 — was sufficient proof beyond reasonable doubt to charge him as part of the hack-and-leak conspiracy.

As I have argued, there is evidence, albeit not conclusive, that Stone’s go-between with WikiLeaks was Guccifer 2.0.

If that’s right, it suggests that Stone’s parallel efforts with Guccifer 2.0’s, efforts that seemingly anticipated hacks that might have served to discredit the vote in 2016, may not have been coincidence or even just a result of the seeming dance via which Trump’s team and Russia followed the same path without any coordination. It may have reflected coordination.

Let me very clear: I’m not making any claims that happened this year. There’s no evidence of it, and those who tracked election tampering efforts have said they found none.

But until Billy Barr intervened in Stone’s sentencing, all this was (at least per FOIA redactions) an ongoing investigation, the investigation that Stone’s prosecution served, in part, as an investigative step in. If you put that together with Bannon’s own legal exposure in the Build the Wall fraud indictment, it changes the stakes on these men’s efforts to curry Trump’s favor (and to ensure he remains in power, via whatever means).

If Trump remains in charge of DOJ, these men will stay out of prison. If he doesn’t, they may not. And for Stone, especially, a Joe Biden DOJ (or a Democratic Congress, with DOJ’s help) may reveal what he has been denying for years, that Stone willingly coordinated during the 2016 election with someone whose ties to Russia were only thinly hidden.

Some Details of Mueller’s GRU Indictment You Probably Missed

When the Mueller team wrote the GRU indictment, they were hiding that Roger Stone might one day be included in it.

Last week,  DOJ unsealed language making it clear that, when Mueller closed up shop in March 2019, they were still investigating whether Roger Stone was part of a conspiracy with Russia’s GRU to hack-and-leak documents stolen from the Democrats in 2016.

The Office determined that it could not pursue a Section 1030 conspiracy charge against Stone for some of the same legal reasons. The most fundamental hurdles, though, are factual ones.1279 As explained in Volume I, Section III.D.1, supra, Corsi’s accounts of his interactions with Stone on October 7, 2016 are not fully consistent or corroborated. Even if they were, neither Corsi’s testimony nor other evidence currently available to the Office is sufficient to prove beyond a reasonable doubt that Stone knew or believed that the computer intrusions were ongoing at the time he ostensibly encouraged or coordinated the publication of the Podesta emails. Stone’s actions would thus be consistent with (among other things) a belief that he was aiding in the dissemination of the fruits of an already completed hacking operation perpetrated by a third party, which would be a level of knowledge insufficient to establish conspiracy liability. See State v. Phillips, 82 S.E.2d 762, 766 (N.C. 1954) (“In the very nature of things, persons cannot retroactively conspire to commit a previously consummated crime.”) (quoted in Model Penal Code and Commentaries § 5.03, at 442 (1985)).

1279 Some of the factual uncertainties are the subject of ongoing investigations that have been referred by this Office to the D.C. U.S. Attorney’s Office.

That means, eight months after they charged a bunch of GRU officers for the hack-and-leak, DOJ still hadn’t decided whether Stone had criminally participated in that very same conspiracy.

That raises questions about why they obtained the indictment before deciding whether to include Stone in it.

In his book, Andrew Weissmann provides an explanation for the timing of it.

A problem arose, however, when it came to the timing of this indictment. Having secured the Intelligence Community’s and Justice Department’s go-ahead, Jeannie aimed to have the indictment completed by July 2018. However, Team M’s first case against Manafort was scheduled to go to trial in Virginia in mid-July and, with Manafort showing little sign of wanting to plead, much less cooperate, with our office, we had few doubts that the trial would go forward. If we brought Team R’s indictment just before the trial, the judge in the Manafort case would go bonkers, justifiably concerned that such an indictment from the Special Counsel’s Office could generate adverse pretrial publicity, even if it didn’t relate directly to the Manafort charges.

But we couldn’t afford to wait to bring the hacking indictment until after both of Manafort’s trials concluded—the trial in Virginia was slated to start in July and the trial in Washington in early September. By then, we would be running up on the midterms, and we would not announce any new charges that close to the election (consistent with Department policy). But waiting until mid-November would be intolerable to Mueller. I told Jeannie I thought we could safely defend ourselves from any objections from the Virginia judge if she brought her case at least two weeks before the start of our July trial—that, I hoped, would give us a reasonable buffer.

Jeannie said she could manage that, then quickly noted that the new timetable created yet another problem: Two weeks before our trial, the president was scheduled to be in Helsinki, where he would be meeting privately with Vladimir Putin. Our indictment would require alerting the State Department, given their diplomatic concerns in preparing for and running a summit, as the indictment would accuse the Russians explicitly of election interference. That was standard operating procedure, but there was also the real perception issue that the indictment could look like a commentary on Trump’s decision to meet alone with Putin, which we did not intend.

We brought the dilemma to Mueller. He suggested we determine whether the White House would take issue with our proceeding just before the president’s trip—would it pose any diplomatic issues? The answer we got back was no: The administration would not object to the timing. I suspect the White House Counsel’s Office did not want to be perceived as dictating to us how or when to bring our indictment, or as hiding evidence of Russian election interference. In retrospect, a less generous interpretation of their blessing to move forward was that they knew dropping the indictment just before the trip would provide Trump and Putin an opportunity to jointly deny the attack on a global stage—that they were playing us, as Barr would later on. [my emphasis]

The indictment was ready in July. If it wasn’t announced then and if both Manafort trials went forward, then prohibitions on pre-election indictments would kick in, meaning the indictment wouldn’t be released in mid-November. That would have been “intolerable” for Mueller’s purposes. Weissmann doesn’t note that mid-November would also be after the election, meaning that the indictment might not get released before a hypothetical post-election Mueller firing and so might not get released at all. That may be what intolerable means.

Other possible factors on the GRU indictment timing

One thing that almost certainly played a factor in DOJ obtaining the indictment before they decided whether to include Stone in it, however, was Andrew Miller’s appeal.

Stone’s former aide Andrew Miller was interviewed for two hours at his home on May 9, 2018; this is almost certainly the 302 from the interview. Assuming that is his 302, Miller was asked about his relationship with Stone, Stone’s relationship with Trump, a bunch of Stone’s right wing nut-job friends, and someone whom Miller knew under a different name. Nothing in the unredacted passages of the interview reflects Miller’s role coordinating Stone’s schedule at the RNC, even though that was the focus of a follow-up subpoena after Miller testified to the grand jury. At the end of the interview, Miller agreed to appear voluntarily for a follow-up and grand jury testimony.

But then Stone learned about the interview.

We know that from the description of a pen register Mueller obtained on Stone a week later, described in affidavits. The PRTT showed that Miller had called Stone twice in the days after his interview with the FBI. On May 11, 2018, Miller lawyered up and his new lawyer, Alicia Dearn, told Mueller that Miller would no longer appear voluntarily (remember that Stone had offered to get a lawyer who would help Randy Credico refuse to testify).

This timeline lays out the early part of Miller’s subpoena challenge.

Miller emailed Stone over a hundred times over the month after his FBI interview. Miller did schedule a grand jury appearance, but then blew it off. Mueller started moving to hold Miller in contempt on June 11. In the days between then and a hearing on the subpoena, Miller and Stone exchanged five more emails. Then, in late June, Miller added another lawyer, Paul Kamenar (whom Stone would add to his team after his sentencing, presumably to allow Kamenar to access the evidence against him under the protective order). Kamenar made it clear he would appeal Miller’s subpoena.

In other words, in late June, the Mueller team learned that they would have to wait a while to get Miller before the grand jury (it ultimately took until the moment Mueller closed up shop on May 29, 2019). All the back and forth also would have made it clear how damaging Stone believed Miller’s testimony against him to be. When Mueller obtained a second warrant for Stone’s emails in early August 2018, the team would have gotten the content of those emails to learn precisely what Stone had to say to Miller about his testimony.

So Miller’s challenge to his subpoena meant that Mueller’s team would not obtain testimony that — it seems clear — they knew went to the heart of whether Stone was conspiring with Russia until well after the midterm election.

If my concerns that “Phil” had a role in the Guccifer 2.0 operation were correct, there’s a chance my big mouth had a role in the timing, too. Starting on June 28, I started considering revealing that I had gone to the FBI in what would eventually become this post. Contrary to the invented rants of people like Glenn Greenwald and Eli Lake, even a year into an investigation into what I had shared with the FBI, long after the time they would have been able to dismiss my concerns if they had no merit, prosecutors did not blow me off.

My interaction with Mueller’s press person in advance of going forward extended over five days. I emailed the press person on June 28 and said I wanted to run something by him. He blew it off for a day (there was a Manafort hearing), then on Friday I wrote again saying I run my decision by my lawyer, and was still planning on going forward. He still blew it off. The next day, I suggested he go check with a particular prosecutor; while the prosecutor hadn’t been in my interview, he was involved in setting it up. The press guy called back within an hour, far more interested in the discussion, and chatty about the fact that I live(d) in Michigan. He asked me to explain the threats I believed I had gotten after I went to the FBI. He asked me generally what I wanted to say. I noted that I believed if people guessed why I had gone to the FBI, they would guess the Shadow Brokers side of it, since TSB had dedicated its last words to a tribute to me, but probably not the Guccifer 2.0 side.

He told me “some people” needed to discuss it. Early on Monday July 1, we spoke again first thing in the morning. He asked me to describe more specifically what I would say. I described the select parts of my post that I suspected would be most sensitive, and read the text that I planned to publish. He said some people needed to discuss it and I would hear by the end of the day. At the end of the workday, he apologized for a further delay. After some more back-and-forth, he told me, around 10PM, that my post would not damage the investigation. The Special Counsel’s Office took no view on whether it was a stupid idea or not (it probably was, not least because one can never understand the moving parts in an investigation like this).

I posted the next day, part of a mostly-failed attempt to get Republicans to care about the non-partisan sides of this investigation. That was 11 days before the actual indictment.

I didn’t know then and frankly I still can’t rule out whether, over those two days, when “some people” discussed my plans, they reached a final conclusion that my concerns about an American who might have a role in the Guccifer 2.0 operation were either baseless or could not be proven.

But the aftermath shows they were still investigating Stone’s ties to Guccifer 2.0, whether not I was right about an American involved in it. Later in July, after the GRU indictment was released, prosecutors would obtain a warrant on several of Stone’s Google accounts in an attempt to determine whether he was the person looking up dcleaks and Guccifer 2.0 before the sites went live. A month and a half later, they would get two warrants, two minutes apart, one for Stone’s cell site location, and another for a Guccifer 2.0 email account, possibly an attempt to co-locate Stone and someone using the Guccifer account. That was the beginning of the period when Mueller’s team would start gagging warrant applications to hide the scope of the investigation from Stone.

For several months after releasing an indictment that made it appear as if all the answers about the hack-and-leak were answered, then, Mueller’s team took a number of steps that aimed to understand any tie between Stone and Guccifer 2.0. Even sixteen months after the GRU indictment, the Guccifer 2.0 persona ended up being an unstated focus of Stone’s trial — a trial about his lies to hide his true go-between with WikiLeaks — too.

Whatever the reason for the timing of the GRU indictment, given the confirmation that Mueller’s team was still investigating whether Stone had foreknowledge of ongoing GRU hacks that would merit including him in the hack-and-leak conspiracy when they closed up shop in March 2019, it’s worth revisiting the GRU indictment. At the time Mueller’s team wrote it, they knew at a minimum they were killing time to get Miller’s testimony, and subsequent steps they took show they they continued to pursue a prong of the investigation pertaining to Guccifer 2.0 that they planned to hide from Stone. So it’s worth seeing how they wrote the indictment to allow for the possibility of later including Stone in it, without telegraphing that that was a still open part of the investigation.

The Stone investigation parallels several of the counts charged in Mueller’s GRU indictment

The indictment charges 12 GRU officers for several intersecting conspiracies: Conspiracy against the US by hacking to interfere in the 2016 election (incorporating various CFAA charges and 18 USC §371), conspiracy to commit wire fraud for using false domain names (18 USC §3559(g)(1)), aggravated identity theft for stealing the credentials of victims (18 USC 1028A(a)(1)), conspiracy to launder money for using bitcoin to hide who was funding the hacking infrastructure (18 USC §1956(h)), and conspiracy against the US for tampering with election infrastructure (18 USC §371). In addition there’s an abetting charge (18 USC §2). Those charges are similar to, but do not exactly line up with, the other GRU indictment obtained in 2018, for hacking international doping agencies, which I’ll call the WADA indictment. The WADA indictment includes hacking, wire fraud, money laundering conspiracies, along with identity theft, as well. But it doesn’t include the abetting charge. And as described below, it deals with the leaking part of the operation differently.

DOJ used the abetting charge in Julian Assange’s indictments, a way to try to hold him accountable for the theft of documents by Chelsea Manning. Given the mention of Company 1, WikiLeaks, in the indictment, that may be why the abetting charge is there.

But the charges in the Mueller GRU indictment also parallel those for which the office was investigating Stone: he was investigated for CFAA charges from the start (that first affidavit focused exclusively on Guccifer 2.0), 371 was added in the next affidavit, aiding and abetting a conspiracy was added in the third affidavit, and wire fraud was added in March 2018 (the campaign finance charges that would be declined in the Mueller Report were added in November 2017). While the wire fraud investigation might be tied to Stone’s own disinformation on social media, the rest all stems from the charges eventually filed against the GRU in July 2018. Those same charges remained in Stone’s affidavits through 2018 (though did not appear in the early 2019 warrants used to search his houses and devices).

Mueller charged Unit 74455 officers for “assisting” in the DNC leak, without describing whom they assisted

Given the overlap on charges between those for which Mueller investigated Stone and those that appeared in the indictment, the treatment of the information operation in the GRU indictment — particularly when compared with the WADA indictment — is of particular interest. In both cases, the indictment described the InfoOps side to be conducted by Russian military intelligence GRU Unit 74455, as distinct from Unit 26165, which did most (but not all, in the case of the election operation) of the hacking.

In the WADA indictment, none of the personnel involved in the hack-and-leak at Unit 74455 are named or charged. Instead the indictment explains that, “these [Fancy Bears Hack Team social media accounts] were acquired and maintained by GRU Unit 74455.” Later, the indictment describes these accounts as being “managed, at least in part, by conspirators in GRU 74455,” notably allowing for the possibility that someone else may have been involved as well. The actions associated with that infrastructure are generally described in the passive voice: “were registered,” “were released” (several times). For other actions, the personas were the subject of the action: “”@fancybears and @fancybearHT Twitter accounts sent direct messages…”

The Mueller indictment, however, names three Unit 74455 officers: It charges Aleksandr Osadchuk and Anatoliy Kovalev in the hack of the election infrastructure (Kovalev got charged in the recent GRU indictment covering the Seoul Olympics and NotPetya, as well).

And it charges Osadchuk and the improbably named Aleksey Potemkin in the hack-and-leak conspiracy. The Mueller indictment describes that those two Unit 74455 officers set up the infrastructure for the leaking part of the operation. Significantly, it describes that these officers “assisted” in the release of the stolen documents.

Unit 74455 assisted in the release of stolen documents through the DCLeaks and Guccifer 2.0 personas, the promotion of those releases, and the publication of anti-Clinton content on social media accounts operated by the GRU.

[snip]

Infrastructure and social media accounts administered by POTEMKIN’s department were used, among other things, to assist in the release of stolen documents through the DCLeaks and Guccifer 2.0 personas.

The indictment doesn’t describe whom these officers assisted in releasing the documents.

Unlike the WADA indictment, the Mueller indictment also includes specific details proving that GRU did control the social media infrastructure. It describes how the conspirators used the same cryptocurrency account to register “dcleaks.com” as they used in the spear-phishing operation, and the same email used to register the server was also used in the spear-phishing effort.

The funds used to pay for the dcleaks.com domain originated from an account at an online cryptocurrency service that the Conspirators also used to fund the lease of a virtual private server registered with the operational email account [email protected]. The dirbinsaabol email account was also used to register the john356gh URL-shortening account used by LUKASHEV to spearphish the Clinton Campaign chairman and other campaign-related individuals.

[snip]

For example, between on or about March 14, 2016 and April 28, 2016, the Conspirators used the same pool of bitcoin funds to purchase a virtual private network (“VPN”) account and to lease a server in Malaysia. In or around June 2016, the Conspirators used the Malaysian server to host the dcleaks.com website. On or about July 6, 2016, the Conspirators used the VPN to log into the @Guccifer_2 Twitter account. The Conspirators opened that VPN account from the same server that was also used to register malicious domains for the hacking of the DCCC and DNC networks.

(Note, this is some of the evidence collected via subpoenas to tech companies that the denialists ignore when they claim that CrowdStrike was the only entity to attribute the effort to Russia.)

The Mueller indictment describes how Potemkin controlled the computers used to launch the dcleaks Facebook account.

On or about June 8, 2016, and at approximately the same time that the dcleaks.com website was launched, the Conspirators created a DCLeaks Facebook page using a preexisting social media account under the fictitious name “Alice Donovan.” In addition to the DCLeaks Facebook page, the Conspirators used other social media accounts in the names of fictitious U.S. persons such as “Jason Scott” and “Richard Gingrey” to promote the DCLeaks website. The Conspirators accessed these accounts from computers managed by POTEMKIN and his co-conspirators.

Finally, there’s the most compelling evidence, that some conspirators logged into a Unit 74455-controlled server in Moscow hours before the initial Guccifer 2.0 post went up and searched for the phrases that would be used in the first post.

On or about June 15, 2016, the Conspirators logged into a Moscow-based server used and managed by Unit 74455 and, between 4:19 PM and 4:56 PM Moscow Standard Time, searched for certain words and phrases, including:

Search Term(s)

“some hundred sheets”

“some hundreds of sheets”

dcleaks

illuminati

широко известный перевод [widely known translation]

“worldwide known”

“think twice about”

“company’s competence”

Later that day, at 7:02 PM Moscow Standard Time, the online persona Guccifer 2.0 published its first post on a blog site created through WordPress. Titled “DNC’s servers hacked by a lone hacker,” the post used numerous English words and phrases that the Conspirators had searched for earlier that day (bolded below):

Worldwide known cyber security company [Company 1] announced that the Democratic National Committee (DNC) servers had been hacked by “sophisticated” hacker groups.

I’m very pleased the company appreciated my skills so highly))) [. . .]

Here are just a few docs from many thousands I extracted when hacking into DNC’s network. [. . .]

Some hundred sheets! This’s a serious case, isn’t it? [. . .] I guess [Company 1] customers should think twice about company’s competence.

F[***] the Illuminati and their conspiracies!!!!!!!!! F[***] [Company 1]!!!!!!!!! [emphasis original]

Remember: in the weeks after DOJ released this indictment, Mueller’s team took steps to try to obtain proof of whether Roger Stone was the person in Florida searching on Guccifer’s moniker on June 15, 2016, before the initial post was published. If Stone did learn about this effort in advance, it would suggest he learned about Guccifer 2.0 operation around the same time as someone was searching on these phrases in a GRU server located in Moscow. It would mean Stone learned about the upcoming Guccifer post in the same timeframe as these GRU officers were reviewing it.

It’s not really clear what was going on here. The assumption has always been that GRU officers were looking for translations into English from a post they drafted in Russian, even though the quotation marks suggests the Russian officers were searching on English phrases.

The one exception to that seems to confirm that. Those conducting these searches appear to have searched on a Russian phrase, a phrase they would have easily understood.

широко известный перевод

Moreover, it would take a shitty-ass translation application to come up with the stilted English used in the post. Plus, “illuminati,” at least, is an easily recognized cognate, even for someone (me!) whose Russian is surely worse than the English of any one of these Russian intelligence officers.

Still, proof of this  activity — obtained via undescribed means — clearly ties the Guccifer operation to the GRU. It’s just not clear what to make of it. And the possibility that there’s an American component to the Guccifer 2.0 operation — whether “Phil” or someone else — one that may have alerted Stone to what was going on, provides explanations other than straight up translation. Indeed, it may be that GRU officers were approving the content that someone else wrote, originally in English. Which might also explain why Stone may have known about it in advance.

Whatever else, the GRU indictment only claims that these GRU officers “assisted” this effort. It doesn’t claim they wrote this post.

The Stone-adjacent Guccifer 2.0 activity

One other detail of Mueller’s GRU indictment of interest pertains to which Stone-adjacent activity it chose to highlight.

Stone had first made his DMs with Guccifer 2.0 public himself, in March 2017. They were covered in his House Intelligence Committee testimony. But when Mueller included them in the GRU indictment, Stone first denied, and then sort of conceded the reference to them might be him.  His initial denial was an attempt to deny he had spoken with people in the campaign other than Trump himself, even though he had released the communications himself over a year earlier.

Remember — Mueller was still weighing whether Stone was criminally involved in this conspiracy when Stone issued the initial denial!

But that’s not the most interesting detail of the part of the indictment that lays out with whom Guccifer 2.0 shared stolen documents (even ignoring one or two tidbits I’m still working on).

Mueller’s GRU indictment included — along with the reference to the Roger Stone DMs they still hadn’t determined whether reflected part of a criminal conspiracy or not — the Lee Stranahan exchange with Guccifer 2.0 that ended in Stranahan, a Breitbart employee who would later move to Sputnik, obtaining early copies of a document purportedly about Black Lives Matter.

On or about August 22, 2016, the Conspirators, posing as Guccifer 2.0, sent a reporter stolen documents pertaining to the Black Lives Matter movement. The reporter responded by discussing when to release the documents and offering to write an article about their release.

These Stranahan exchanges are really worth attention, not just for the way they prove that Stone-adjacent people got early releases on request (which, lots of evidence suggests, also happened with Stone with respect to the Podesta files pertaining to Joule Holdings), but also for the way Guccifer 2.0 ignored Stranahan’s claim in early August 2016 to have convinced Stone that Guccifer 2.0 was not Russian.

Note what this indictment didn’t mention, though: Guccifer 2.0’s outreach to Alex Jones (about whom, unlike Stranahan, the FBI questioned Andrew Miller).

As I’ve pointed out, in the SSCI Report, there’s a long section on Jones that remains almost entirely redacted. Citing to five pages of a report the title of which is also redacted, the four paragraphs appear between the discussions of Guccifer 2.0’s outreach to then-InfoWars affiliate Roger Stone and Guccifer 2.0 and dcleaks’ communication with each other.

According to Thomas Rid’s book, Active Measures, both dcleaks and Guccifer 2.0 tried to reach out to Jones on October 18, 2016.

On October 18, for example, as the election campaign was white hot and during the daily onslaught of Podesta leaks, both GRU fronts attempted to reach out to Alex Jones, a then-prominent conspiracy theorist who ran a far-right media organization called Infowars. The fronts contacted two reporters at Infowars, offered exclusive material, and asked to be put in touch with the boss directly. One of the reporters was Mikael Thalen, who then covered computer security. First it was DCleaks that contacted Thalen. Then, the following day, Guccifer 2.0 contacted him in a similar fashion. Thalen, however, saw through the ruse and was determined not to “become a pawn” of the Russian disinformation operation; after all, he worked at Infowars. So Thalen waited until his boss was live on a show and distracted, then proceeded to impersonate Jones vis-à-vis the Russian intelligence fronts.23

“Hey, Alex here. What can I do for you?” the faux Alex Jones privately messaged to the faux Guccifer 2.0 on Twitter, later on October 18.

“hi,” the Guccifer 2.0 account responded, “how r u?”

“Good. Just in between breaks on the show,” said the Jones account. “did u see my last twit about taxes?”

Thalen, pretending to be Jones, said he didn’t, and kept responses short. The officers manning the Guccifer 2.0 account, meanwhile, displayed how bad they were at media outreach work, and consequently how much value Julian Assange added to their campaign. “do u remember story about manafort?” they asked Jones in butchered English, referring to Paul Manafort, Donald Trump’s former campaign manager. But Thalen no longer responded. “dems prepared to attack him earlier. I found out it from the docs. is it interesting for u?”24

Rid describes just one of two outreaches to Jones (through his IC sources, he may know of the report the SSCI relies on). But a key detail is that this outreach used as entrée some stolen documents from May 2016 showing that the Democrats were doing basic campaign research on Trump’s financials. It then purports to offer “Alex Jones” information on early Democratic attacks on Paul Manafort’s substantial Ukrainian graft, possibly part of the larger GRU effort to claim that Ukraine had planned an election year attack on Trump.

That is, unlike Stranahan’s request for advance documents, this discussion intended for “Alex Jones,” ties directly to Stone’s efforts to optimize the Podesta release. And it’s something that some entity prevented SSCI from publishing.

It’s also something Mueller’s team left out of an indictment aiming to lay out the hack-and-leak case before they might get fired, but in such a way as to hide the then-current state of the investigation from Roger Stone.

There were actually a number of Stone-adjacent associates in contact with GRU’s personas. And as recently as just a few months ago, the government wanted to hide the nature of those ties.

Palace Intrigue: Trump Prepares His Consolation Prize for Vladimir Putin

In the last two days, Trump has prepared a coup of sorts. First, he fired Mike Esper and replaced him with Christopher Miller; several of Esper’s top deputies went with him. Then, Trump installed three different Devin Nunes flunkies at several places in the DOD bureaucracy:

  • Mike Ellis — the guy who hid the Ukraine transcript and one source for the unmasking hoax — to NSA as General Counsel
  • Ezra Cohen-Watnick — a key Mike Flynn loyalist and another source for the unmasking hoax — to DOD Undersecretary of Intelligence
  • Kash Patel — who ensured that no HPSCI Republicans got sound intelligence during their Russian investigation, then pretended to be a Ukraine expert during impeachment, and then served to conduct a purge in the Office of Director of National Intelligence — to DOD Chief of Staff

To be clear, unlike these others, Christopher Miller, the Acting Secretary of Defense, reportedly does care about US security, even if he’s several ranks too junior for the job and got appointed over a Senate confirmed Deputy.

But the Nunes flunkies are there, serving as gate-keepers for the hoaxes favored by Trump and Nunes, as they have done so successfully throughout Trump’s term.

Spook-whisperer David Ignatius reports that these changes come amidst a sustained debate about what to do with a piece of likely Russian disinformation that — Trump and feeble-minded partisans like Lindsey Graham believe — will prove that Russia didn’t prefer Trump over Hillary.

President Trump’s senior military and intelligence officials have been warning him strongly against declassifying information about Russia that his advisers say would compromise sensitive collection methods and anger key allies.

An intense battle over this issue has raged within the administration in the days before and after the Nov. 3 presidential election. Trump and his allies want the information public because they believe it would rebut claims that Russian President Vladimir Putin supported Trump in 2016. That may sound like ancient history, but for Trump it remains ground zero — the moment when his political problems began.

CIA Director Gina Haspel last month argued strongly at a White House meeting against disclosing the information, because she believed that doing so would violate her pledge to protect sources and methods, a senior congressional source said. This official said a bipartisan group of Republican and Democratic senators has been trying to protect Haspel, though some fear that Trump may yet oust her.

Rumors have been flying this week about Haspel’s tenure, but a source familiar with her standing as CIA director said Tuesday that national security adviser Robert C. O’Brien and White House Chief of Staff Mark Meadows had both “assured her that she’s good,” meaning she wouldn’t be removed. Haspel also met personally with Senate Majority Leader Mitch McConnell (R-Ky.) Tuesday. She sees him regularly as a member of the “Gang of Eight” senior congressional leaders. But Tuesday’s visit was another sign of GOP support.

Haspel’s most unlikely defender has been Attorney General William P. Barr, who opposed a pre-election push to declassify the sensitive material, according to three current and former officials. At a showdown meeting at the White House, Barr pushed back against revealing the secret information.

Gen. Paul Nakasone, who heads U.S. Cyber Command and the National Security Agency, has also argued vehemently against disclosure, according to a senior defense official and the senior congressional source. Like Haspel, Nakasone took the unusual step of directly opposing White House efforts to release the intelligence, because he feared the damage that disclosure would cause.

With the new changes, General Nakasone reports through Cohen-Watnick and Patel and will have to rely on the legal “advice” of Ellis. So not only does this move put more senior votes in favor of declassifying this intelligence, but it puts them in places where Nakasone might be forced to accede to these demands.

Reporting suggests that Trump is seeking to make the full intelligence behind the reports described here available. Fundamentally, the intelligence shows that the US government obtained a Russian intelligence report that stated in late July 2016 — John Ratcliffe says it was July 26 but by handwriting it appears to be July 28 — Hillary approved of a plan to vilify Trump for his dalliance with Russian intelligence.

Already, this is a stupid hoax from the Republicans. It is public that, in the wake of the DNC release on July 22 — and particularly after Trump’s “Russia are you listening” comment on July 27 — Hillary started focusing on Trump’s coziness with Russia. In other words, the crack Russian analysts would have to do no more than read the paper to come to this conclusion. Nor would there be anything scandalous about Hillary trying to hold Trump accountable for capitalizing on an attack on her by a hostile foreign country.

I think Republicans are trying to suggest — by altering a date (July 26 instead of July 28) again and breathing heavy — that former government official Hillary Clinton was the reason why the FBI opened an investigation into Trump, rather than the Australians informing the US about Coffee Boy George Papadopoulos bragging about Russia offering help back in May. There’s not a shred of evidence for it, of course, but that has never stopped the frothy right.

The far more interesting part of this intelligence comes in the report that Peter Strzok wrote up, which is dated September 7. It makes it clear that Hillary’s alleged attack pertained to Russian hackers, notably Guccifer 2.0.

So a Russian intelligence report the US stole from Russia in late July 2016 claimed that, on July 26 0r 28, Hillary approved an attack on Trump pertaining to having help from Russian hackers, a report that did not get formally shared with the FBI until September 7. And either the report itself or FBI’s interpretation of it focuses on Guccifer 2.0.

Somehow this is the smoking gun — that over a month after opening up Crossfire Hurricane the FBI started investigating a claim that, starting on July 26 or 28, Hillary thought Trump was cuddling up with Russian hackers, interpreted by someone to be Guccifer 2.0 — the FBI learned that fact.

When I first wrote this up, I hadn’t started my Rashomon Rat-Fucker series, to say nothing of my report to the FBI that an American I knew may have served as an American cut-out for the Guccifer 2.0 operation (I’m jumping ahead of myself, but I’m certain the FBI investigated that claim for at least a year). At the time, I focused on how prescient the frothers were making Hillary look for anticipating that Roger Stone would first start doing propaganda for Guccifer 2.0 on August 5; best case for the frothers in this situation is that Stone somehow learned of the Russian report before the FBI did.

But now that I’ve written those posts, it’s clear that not only did the FBI have strong circumstantial evidence that Stone knew of the Guccifer 2.0 operation even before the first Guccifer 2.0 post, because he was searching for it on June 15 before the WordPress site went public, but that Stone probably had a face-to-face meeting with someone at the RNC from whom he got advance notice of the DNC drop.

In July 2016, this report is only mildly interesting, amounting to showing that the Russians read the newspaper like everyone else.

In 2020, after details from the Mueller investigation have become public, the Russian report makes far more sense as deliberate disinformation, an attempt to turn a direct contact with Stone into a hoax about Hillary.

Which makes Trump’s apparent determination to liberate this document all the more telling. It suggests that he wants to make public something, anything, he can use to counter what will be very damning allegations when this all becomes clear.

And, given how shoddy the actual intelligence itself is (at best showing that Russian intelligence officers read public sources and more credibly showing that Russia was building plausible deniability for contacts with Roger Stone in real time), Trump’s insistence on it, whether intentional or not, would serve to blow highly sensitive collection for a third-rate hoax.

I can see why Trump would prioritize this intelligence on his way out that the door. It comes at a time when he can be easily manipulated to burn the IC in ways that can only serve Russian interests.

In other words, one of Trump’s top priorities for the Lame Duck period is to give Vladimir Putin a consolation prize.

“Show Me the Metadata:” A Forensic Tie Between Shadow Brokers and Guccifer 2.0

On October 16, 2017, some of the last words the persona Shadow Brokers (TSB) ever wrote hailed my journalism.

TSB special shouts outs to Marcy “EmptyWheel” Wheeler, is being what true journalist and journalism is looking like thepeoples!

TheShadowBrokers, brokers of shadows.

As I noted at the time, I really didn’t need or appreciate the shout-out. I wrote a serious post analyzing that TSB post, but mostly I was trying to tell TSB to fuck off and leave me alone.

That was months after I told the FBI that I thought that someone I knew, whom I will refer by the pseudonym “Phil,” might be the voice of TSB, and less than a week after I got a Psycho-themed threat I deemed worthy of calling the cops.

As I laid out here, I told the FBI that months before Phil had left a comment on my site on July 28, 2016, signed [email protected], he had done some paranoid things starting on June 14, 2016, including making multiple references to ties he claimed to have with Russia. He then attended a Trump rally on August 13, 2016, taking pictures he would later suggest were really sensitive.

In addition to my suspicions about Guccifer 2.0, I also told the FBI that I suspected Phil was part of the operation that had been dumping NSA exploits and other records on the Internet starting in August 2016.

Unlike with Guccifer 2.0, Phil never signed a comment at the site under the name TSB — though on September 21, 2017, someone left a comment asking for my opinion about the ways the government was pursuing TSB.

‘Merican

September 21, 2017 at 1:58 am

Is what you say easier get FISA than Criminal warrant or FISA keep secret from rest of government, but Criminal warrant maybe not? FBI is not intelligence agency is law enforcement agency why have access FISA? You write many articles about the shadow brokers, what you think FISA or Criminal for the shadow brokers? You thinking anyone in US government is looking for the shadow brokers? US government not even say name “name that shall never be spoken”. What is best way discover national security letter sent to your service provider? …asking for a friend!

I thought Phil might be TSB, in part, because Phil had said almost identical things to me in private that TSB said publicly months later. There were other things in TSB’s writing that resonated with stuff I knew about Phil. And while Phil and I never (as far as I recall) talked about TSB, at least once he did say some other things that went a long way to convincing me he could be TSB; I thought he was seeking my approval for what TSB was doing, approval I was unwilling to give.

There are, however, public exchanges between the persona TSB and me, in addition to that shout out in what turned out to be TSB’s swan song.

For example, after I wrote a post on January 5, 2017 wondering why the government hadn’t included TSB in any of its discussions of election year hacking, TSB tweeted to me, complaining that I had described TSB as “bitching” about the coverage, rather than calling it “trolling.” (Note, the language in these screen caps reflects the language used by the people who first archived these tweets, so don’t go nuts about the Russian.)

TSB then RTed my article, suggesting other outlets were complicit for not asking the same questions.

The first tweet, at least, didn’t adopt the fake Borat voice that TSB used to mask a very fluent English, though I think there were some other tweets TSB sent that day where that may be true as well. In neither of these tweets did TSB mock me for misspelling “Whither” (the post’s title originally spelled it “Wither”); that’s a bit odd, because TSB rarely passed up any opportunity to be an asshole on Twitter.

Then, on July 18, 2018, after I had revealed I had shared information with the FBI, someone started a Twitter account under the name LexingtonAl that ultimately claimed to be — and was largely viewed as, by those who followed it — TSB (the persona deleted most tweets in February 2019, but many are saved here). Starting in December 2018, Lex and I had several exchanges about what TSB had actually done. 

Here’s my side of one from that month where I pointed out a problem with Lex’s claim that TSB consisted of just three contractors who leaked the files to reveal US complicity with tech companies to other Americans. The claim didn’t accord with having sent the files to WikiLeaks (as both WikiLeaks and TSB claimed in real time).

At the time, Lex went on an anti-Semitic rant about things he hated. Assuming that Lex is TSB (as he claimed), I got demoted from being TSB’s favorite journalist to third on the list of things Lex hated.

Note: when I interacted with Phil, he was never anti-Semitic (though he was a raging asshole when angry), but Lex was clearly even more disturbed than Phil was in the period when I interacted with him.

Then, in January, Lex bitched (again, in anti-Semitic terms) about a post I had done noting that, given Twitter’s poor security at the time, the Twitter DMs that Hal Martin allegedly sent Kaspersky might have served to frame him.

The post had noted that the early TSB posts — including a number sent after Martin was arrested — had relied on similar cultural allusions as the DMs sent from Martin’s Twitter account. Shortly thereafter the FBI arrested Martin in a guns-wagging raid on his home in Maryland. Per this Kim Zetter story, the Tweets had mentioned the 2016 version of Jason Bourne and Inception. I reiterated that on Twitter.

It was a factual observation supported by the content of the earlier TSB posts, not a comment about any spookiness behind the release of the files.

I asked why TSB was so defensive about having those cultural allusions called out.

Lex responded with another anti-Semitic rant.

I responded,

Finally, in February 2019, Lex invoked me — including that I had “had a breakdown and outed her source” — sort of out of the blue in the middle of what might be called his claimed doctrine behind the leaks.

I noted that if his claimed doctrinal explanation were true, then TSB would have done a victory lap (and stopped dropping files) when Microsoft President Brad Smith started advocating for a Digital Geneva Convention in February 2017, which would have brought about an end to the practice that, Lex claimed, was his reason for dumping the files.

Not only didn’t TSB mention that in real time (instead choosing to exacerbate the tensions between the US and Microsoft), but TSB kept dropping files for six months after that.

Lex responded with another attack.

I have far less evidence that I could share to prove that TSB or Lex are Phil. But little noticed in the midst of TSB’s widely-discussed obsession with Jake Williams, a former NSA hacker whom TSB probably tried to frame as the source of the files, TSB also had an obsession with me — and certainly took notice when I revealed that I had gone to the FBI.

All that said, virtually all of these communications post-dated the time when I went to the FBI.

I went to the FBI in the wake of the WannaCry attack. The attack, reportedly a North Korean effort to make use of the tools dropped by TSB that went haywire, ended up causing a global worm attack that shut down hospitals and caused hundreds of billions of dollars in damage. When I have alluded to the ongoing damage I was trying to prevent, that’s what I mean: the indiscriminate release of NSA exploits to the public which, in that case, literally shut down hospitals on the other side of the world. 

There’s no defense for that.

While I had been trying to find some way to share my concerns long before that, I may never have met directly with the FBI about any of my suspicions except for another detail: I learned that there was a forensic tie between the Guccifer 2.0 and TSB personas. While, at the time, I had moderate confidence about both my belief that Phil had a role in the Guccifer operation and moderate confidence that he was TSB, when I learned there was a forensic tie between the two of them, it increased my confidence in both. 

A strong caveat is in order: the forensic tie isn’t decisive; it could be insignificant, or untrue.

The forensic tie is that someone logged into one of the Guccifer 2.0 accounts — I think the WordPress account — using the same IP address as someone who logged into the early staging sites — either Pastebin or GitHub — for the TSB operation.

If someone using the same IP address accessed both sites — probably using a VPN — it could mean either that the same person was involved, or whoever staged these things was doing little to cover their tracks and outsiders were accessing their infrastructure. One of the people who told me about this forensic tie interpreted it as a deliberate attempt to tie the two operations together, sort of yanking the government’s chain.

I learned of this forensic tie from multiple people, all of whom are credible. That said, I can’t rule out that they learned it from the same person. No one has reported on this in the years since these operations, even though I’ve tried to get better sourced journalists to go chase it down. Indeed, I recently learned that a top outside expert on issues related to TSB did not know this forensic detail.

The FBI had to chase down a lot of weird forensic shit pertaining to these influence operations, because that’s how this kind of operation works. I have noted in the past, for example, that some script kiddies tried to hijack an early Guccifer 2.0 email account; that was investigated by a Philadelphia grand jury in spring of 2017. So this forensic tidbit could be similarly unrelated to the people behind the operation.

So I don’t want to oversell this forensic tie. I do want to encourage others to try to chase it down. 

But it was something that significantly influenced my understanding of all this in 2017, when files released by TSB had just caused the worst damage of any cyber attack in history, to date.

When I mentioned the forensic tie during my FBI interview, the lead agent responded that they couldn’t confirm or deny anything during the interview. I wasn’t there to get confirmation.

Still, if it’s true — given what we’ve learned since about the Guccifer 2.0 operation — it is hugely significant.

TSB started staging its release — per this really helpful SwitHak timeline — on July 25, the same day Trump directed people to get Roger Stone to chase down the next WikiLeaks releases. The first files were encrypted on August 1, after Stone had already pitched Paul Manafort on a way to “save Trump’s ass.” TSB loaded the NSA files on GitHub just after Stone published a piece suggesting that Guccifer 2.0, and not Russia, had hacked the DNC. TSB went live overnight on August 12-13, not long after Guccifer 2.0 publicly tweeted to Stone, “Thanks that u believe in the real #Guccifer2.” WikiLeaks publicized the effort on August 15, after some private back and forth between Guccifer 2.0 and Stone, including Guccifer 2.0’s question, “thank u for writing back . . . do u find anyt[h]ing interesting in the docs i posted?” And, per the SSCI analysis and my own, WikiLeaks helped to boost TSB the same day Jerome Corsi may have started giving Roger Stone advance information about the content of the John Podesta emails that wouldn’t be dropped for another two months (SSCI appears not to have considered, much less concluded, that Guccifer 2.0 might be Stone’s source).

If the forensic tie between Guccifer 2.0 and TSB is real, it means that during precisely the same period when Roger Stone was desperately trying to optimize the release of the John Podesta files to save his buddies Paul Manafort and Donald Trump, related actor TSB was beginning a year-long effort to burn the NSA to the ground.